From ae788f37fe53d5d1ca1e12a184a662192caad3c5 Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Thu, 12 Nov 2009 12:07:44 -0800 Subject: [PATCH] BIND - Update BIND to 9.5.2 * Enable man page for nslookup. * nsupdate does not provide man 8 anmyore, but man 1. * Fixes for x86_64. * Added all the _LIBC conditionals that where present in 9.3 Submitted-by: Jan Lentfer Testing-by: dillon --- contrib/bind-9.3/FAQ | 675 --- contrib/bind-9.3/FAQ.xml | 1276 ----- contrib/bind-9.3/README.DELETED | 53 - contrib/bind-9.3/README.DRAGONFLY | 56 - contrib/bind-9.3/acconfig.h | 147 - contrib/bind-9.3/bin/check/check-tool.c | 162 - contrib/bind-9.3/bin/check/named-checkconf.c | 297 - .../bind-9.3/bin/check/named-checkconf.html | 92 - contrib/bind-9.3/bin/check/named-checkzone.8 | 116 - contrib/bind-9.3/bin/check/named-checkzone.c | 214 - .../bind-9.3/bin/check/named-checkzone.html | 135 - contrib/bind-9.3/bin/dig/dig.html | 514 -- contrib/bind-9.3/bin/dig/host.html | 171 - contrib/bind-9.3/bin/dig/nslookup.html | 264 - .../bind-9.3/bin/dnssec/dnssec-keygen.html | 228 - .../bind-9.3/bin/dnssec/dnssec-signzone.html | 220 - contrib/bind-9.3/bin/named/aclconf.c | 252 - contrib/bind-9.3/bin/named/lwresd.html | 189 - contrib/bind-9.3/bin/named/named.html | 241 - contrib/bind-9.3/bin/nsupdate/nsupdate.html | 468 -- contrib/bind-9.3/bin/rndc/rndc-confgen.html | 185 - contrib/bind-9.3/bin/rndc/rndc.conf.html | 179 - contrib/bind-9.3/bin/rndc/rndc.html | 156 - contrib/bind-9.3/lib/bind/api | 3 - contrib/bind-9.3/lib/bind/include/resolv.h | 506 -- contrib/bind-9.3/lib/bind9/api | 3 - contrib/bind-9.3/lib/dns/acl.c | 446 -- contrib/bind-9.3/lib/dns/api | 3 - contrib/bind-9.3/lib/dns/gssapi_link.c | 220 - contrib/bind-9.3/lib/dns/gssapictx.c | 262 - contrib/bind-9.3/lib/dns/hmac_link.c | 282 - contrib/bind-9.3/lib/dns/include/dns/rbt.h | 838 --- contrib/bind-9.3/lib/dns/include/dns/stats.h | 57 - contrib/bind-9.3/lib/dns/include/dns/tkey.h | 196 - contrib/bind-9.3/lib/dns/include/dst/gssapi.h | 56 - .../lib/dns/rdata/generic/dlv_65323.c | 281 - contrib/bind-9.3/lib/dns/result.c | 272 - contrib/bind-9.3/lib/dns/rootns.c | 247 - contrib/bind-9.3/lib/dns/stats.c | 53 - contrib/bind-9.3/lib/isc/include/isc/msgs.h | 183 - contrib/bind-9.3/lib/isc/include/isc/result.h | 106 - contrib/bind-9.3/lib/isc/include/isc/socket.h | 704 --- contrib/bind-9.3/lib/isc/include/isc/string.h | 76 - contrib/bind-9.3/lib/isc/include/isc/types.h | 103 - contrib/bind-9.3/lib/isc/rwlock.c | 427 -- contrib/bind-9.3/lib/isccc/api | 3 - contrib/bind-9.3/lib/lwres/api | 3 - contrib/bind-9.3/lib/lwres/gethost.c | 219 - .../lib/lwres/include/lwres/lwpacket.h | 124 - contrib/bind-9.3/lib/lwres/lwbuffer.c | 287 - contrib/bind-9.3/lib/lwres/man/lwres.html | 216 - .../bind-9.3/lib/lwres/man/lwres_buffer.html | 542 -- .../bind-9.3/lib/lwres/man/lwres_config.html | 200 - .../bind-9.3/lib/lwres/man/lwres_context.html | 376 -- .../bind-9.3/lib/lwres/man/lwres_gabn.html | 357 -- .../lib/lwres/man/lwres_gai_strerror.html | 124 - .../lib/lwres/man/lwres_getaddrinfo.html | 346 -- .../lib/lwres/man/lwres_gethostent.html | 463 -- .../lib/lwres/man/lwres_getipnode.html | 316 -- .../lib/lwres/man/lwres_getnameinfo.html | 159 - .../lib/lwres/man/lwres_getrrsetbyname.html | 230 - .../bind-9.3/lib/lwres/man/lwres_gnba.html | 355 -- .../lib/lwres/man/lwres_hstrerror.html | 100 - .../lib/lwres/man/lwres_inetntop.html | 103 - .../bind-9.3/lib/lwres/man/lwres_noop.html | 325 -- .../bind-9.3/lib/lwres/man/lwres_packet.html | 226 - .../bind-9.3/lib/lwres/man/lwres_resutil.html | 275 - contrib/bind-9.3/version | 10 - contrib/{bind-9.3 => bind-9.5.2}/CHANGES | 4882 ++++++++++++----- contrib/{bind-9.3 => bind-9.5.2}/COPYRIGHT | 6 +- contrib/bind-9.5.2/FAQ | 877 +++ contrib/{bind-9.3 => bind-9.5.2}/README | 275 +- contrib/bind-9.5.2/README.idnkit | 112 + contrib/bind-9.5.2/bin/check/check-tool.c | 660 +++ .../bin/check/check-tool.h | 23 +- .../bin/check/named-checkconf.8 | 45 +- .../bind-9.5.2/bin/check/named-checkconf.c | 498 ++ .../bind-9.5.2/bin/check/named-checkconf.html | 96 + .../bind-9.5.2/bin/check/named-checkzone.8 | 278 + .../bind-9.5.2/bin/check/named-checkzone.c | 455 ++ .../bind-9.5.2/bin/check/named-checkzone.html | 262 + .../{bind-9.3 => bind-9.5.2}/bin/dig/dig.1 | 268 +- .../{bind-9.3 => bind-9.5.2}/bin/dig/dig.c | 449 +- contrib/bind-9.5.2/bin/dig/dig.html | 639 +++ .../bin/dig/dighost.c | 833 ++- .../{bind-9.3 => bind-9.5.2}/bin/dig/host.1 | 49 +- .../{bind-9.3 => bind-9.5.2}/bin/dig/host.c | 146 +- contrib/bind-9.5.2/bin/dig/host.html | 212 + .../bin/dig/include/dig/dig.h | 86 +- .../bin/dig/nslookup.1 | 160 +- .../bin/dig/nslookup.c | 71 +- contrib/bind-9.5.2/bin/dig/nslookup.html | 307 ++ .../bin/dnssec/dnssec-keygen.8 | 93 +- .../bin/dnssec/dnssec-keygen.c | 154 +- .../bind-9.5.2/bin/dnssec/dnssec-keygen.html | 232 + .../bin/dnssec/dnssec-signzone.8 | 188 +- .../bin/dnssec/dnssec-signzone.c | 473 +- .../bin/dnssec/dnssec-signzone.html | 285 + .../bin/dnssec/dnssectool.c | 12 +- .../bin/dnssec/dnssectool.h | 6 +- contrib/bind-9.5.2/bin/named/bind9.xsl | 492 ++ contrib/bind-9.5.2/bin/named/bind9.xsl.h | 497 ++ .../bin/named/builtin.c | 109 +- .../bin/named/client.c | 506 +- .../bin/named/config.c | 145 +- .../bin/named/control.c | 46 +- .../bin/named/controlconf.c | 270 +- contrib/bind-9.5.2/bin/named/convertxsl.pl | 57 + .../bin/named/include/named/builtin.h | 8 +- .../bin/named/include/named/client.h | 131 +- .../bin/named/include/named/config.h | 11 +- .../bin/named/include/named/control.h | 27 +- .../bin/named/include/named/globals.h | 11 +- .../bin/named/include/named/interfacemgr.h | 61 +- .../bin/named/include/named/listenlist.h | 21 +- .../bin/named/include/named/log.h | 19 +- .../bin/named/include/named/logconf.h | 10 +- .../bin/named/include/named/lwaddr.h | 8 +- .../bin/named/include/named/lwdclient.h | 46 +- .../bin/named/include/named/lwresd.h | 19 +- .../bin/named/include/named/lwsearch.h | 28 +- .../bin/named/include/named/main.h | 8 +- .../bin/named/include/named/notify.h | 17 +- .../bin/named/include/named/ns_smf_globals.h | 6 +- .../bin/named/include/named/query.h | 10 +- .../bin/named/include/named/server.h | 167 +- .../bin/named/include/named/sortlist.h | 20 +- .../bin/named/include/named/statschannel.h | 61 + .../bin/named/include/named/tkeyconf.h | 24 +- .../bin/named/include/named/tsigconf.h | 20 +- .../bin/named/include/named/types.h | 13 +- .../bin/named/include/named/update.h | 9 +- .../bin/named/include/named/xfrout.h | 9 +- .../bin/named/include/named/zoneconf.h | 27 +- .../bin/named/interfacemgr.c | 157 +- .../bin/named/listenlist.c | 8 +- .../{bind-9.3 => bind-9.5.2}/bin/named/log.c | 23 +- .../bin/named/logconf.c | 12 +- .../bin/named/lwaddr.c | 14 +- .../bin/named/lwdclient.c | 9 +- .../bin/named/lwderror.c | 10 +- .../bin/named/lwdgabn.c | 12 +- .../bin/named/lwdgnba.c | 10 +- .../bin/named/lwdgrbn.c | 10 +- .../bin/named/lwdnoop.c | 25 +- .../bin/named/lwresd.8 | 128 +- .../bin/named/lwresd.c | 30 +- contrib/bind-9.5.2/bin/named/lwresd.html | 225 + .../bin/named/lwsearch.c | 15 +- .../{bind-9.3 => bind-9.5.2}/bin/named/main.c | 118 +- .../bin/named/named.8 | 123 +- .../bin/named/named.conf.5 | 132 +- .../bin/named/named.conf.html | 171 +- contrib/bind-9.5.2/bin/named/named.html | 280 + .../bin/named/notify.c | 32 +- .../bin/named/query.c | 1628 +++++- .../bin/named/server.c | 1970 +++++-- .../bin/named/sortlist.c | 26 +- contrib/bind-9.5.2/bin/named/statschannel.c | 1355 +++++ .../bin/named/tkeyconf.c | 16 +- .../bin/named/tsigconf.c | 25 +- .../bin/named/unix/include/named/os.h | 12 +- .../bin/named/unix/os.c | 199 +- .../bin/named/update.c | 896 ++- .../bin/named/xfrout.c | 211 +- .../bin/named/zoneconf.c | 284 +- .../bin/nsupdate/nsupdate.1} | 157 +- .../bin/nsupdate/nsupdate.c | 994 +++- contrib/bind-9.5.2/bin/nsupdate/nsupdate.html | 511 ++ .../bin/rndc/include/rndc/os.h | 14 +- .../bin/rndc/rndc-confgen.8 | 53 +- .../bin/rndc/rndc-confgen.c | 42 +- contrib/bind-9.5.2/bin/rndc/rndc-confgen.html | 188 + .../{bind-9.3 => bind-9.5.2}/bin/rndc/rndc.8 | 64 +- .../{bind-9.3 => bind-9.5.2}/bin/rndc/rndc.c | 229 +- .../bin/rndc/rndc.conf | 17 +- .../bin/rndc/rndc.conf.5 | 83 +- contrib/bind-9.5.2/bin/rndc/rndc.conf.html | 217 + contrib/bind-9.5.2/bin/rndc/rndc.html | 165 + .../bin/rndc/unix/os.c | 8 +- .../{bind-9.3 => bind-9.5.2}/bin/rndc/util.c | 8 +- .../{bind-9.3 => bind-9.5.2}/bin/rndc/util.h | 8 +- contrib/bind-9.5.2/bind.keys | 6 + contrib/bind-9.5.2/isc-config.sh.1 | 87 + contrib/bind-9.5.2/isc-config.sh.docbook | 160 + contrib/bind-9.5.2/isc-config.sh.html | 102 + .../{bind-9.3 => bind-9.5.2}/lib/bind/README | 0 contrib/bind-9.5.2/lib/bind/api | 3 + .../lib/bind/bsd/daemon.c | 4 +- .../lib/bind/bsd/ftruncate.c | 5 +- .../lib/bind/bsd/gettimeofday.c | 6 +- .../lib/bind/bsd/mktemp.c | 6 +- .../lib/bind/bsd/putenv.c | 6 +- .../lib/bind/bsd/readv.c | 3 +- .../lib/bind/bsd/setenv.c | 32 +- .../lib/bind/bsd/setitimer.c | 6 +- .../lib/bind/bsd/strcasecmp.c | 6 +- .../lib/bind/bsd/strdup.c | 2 + .../lib/bind/bsd/strerror.c | 14 +- .../lib/bind/bsd/strpbrk.c | 6 +- .../lib/bind/bsd/strsep.c | 6 +- .../lib/bind/bsd/strtoul.c | 14 +- .../lib/bind/bsd/utimes.c | 1 + .../lib/bind/bsd/writev.c | 4 +- .../lib/bind/config.h.in | 10 + .../lib/bind/dst/dst_api.c | 156 +- .../lib/bind/dst/dst_internal.h | 23 +- .../lib/bind/dst/hmac_link.c | 41 +- .../lib/bind/dst/md5.h | 2 + .../lib/bind/dst/md5_dgst.c | 12 +- .../lib/bind/dst/md5_locl.h | 5 +- .../lib/bind/dst/support.c | 50 +- .../lib/bind/include/arpa/inet.h | 6 +- .../lib/bind/include/arpa/inet.h_notneeded} | 6 +- .../lib/bind/include/arpa/nameser.h | 343 +- .../lib/bind/include/arpa/nameser_compat.h | 67 +- .../lib/bind/include/fd_setsize.h | 3 +- .../lib/bind/include/hesiod.h | 5 +- .../lib/bind/include/irp.h | 14 +- .../lib/bind/include/irs.h | 45 +- .../lib/bind/include/isc/assertions.h | 9 +- .../lib/bind/include/isc/ctl.h | 13 +- .../lib/bind/include/isc/dst.h | 110 +- .../lib/bind/include/isc/eventlib.h | 6 +- .../lib/bind/include/isc/heap.h | 2 + .../lib/bind/include/isc/irpmarshall.h | 13 +- .../lib/bind/include/isc/list.h | 4 +- .../lib/bind/include/isc/logging.h | 1 + .../lib/bind/include/isc/memcluster.h | 1 + .../lib/bind/include/isc/misc.h | 7 +- .../lib/bind/include/isc/platform.h.in} | 34 +- .../lib/bind/include/isc/tree.h | 7 +- .../lib/bind/include/netdb.h | 119 +- .../lib/bind/include/netgroup.h | 2 + .../lib/bind/include/res_update.h | 30 +- .../lib/bind/include/resolv_mt.h | 0 .../lib/bind/inet/inet_addr.c | 15 +- .../lib/bind/inet/inet_cidr_ntop.c | 8 +- .../lib/bind/inet/inet_cidr_pton.c | 18 +- .../lib/bind/inet/inet_data.c | 4 +- .../lib/bind/inet/inet_lnaof.c | 3 +- .../lib/bind/inet/inet_makeaddr.c | 3 +- .../lib/bind/inet/inet_net_ntop.c | 9 +- .../lib/bind/inet/inet_net_pton.c | 43 +- .../lib/bind/inet/inet_neta.c | 7 +- .../lib/bind/inet/inet_netof.c | 5 +- .../lib/bind/inet/inet_network.c | 8 +- .../lib/bind/inet/inet_ntoa.c | 7 +- .../lib/bind/inet/inet_ntop.c | 37 +- .../lib/bind/inet/inet_pton.c | 11 +- .../lib/bind/inet/nsap_addr.c | 3 +- .../lib/bind/irs/dns.c | 5 +- .../lib/bind/irs/dns_gr.c | 7 +- .../lib/bind/irs/dns_ho.c | 84 +- .../lib/bind/irs/dns_nw.c | 28 +- .../lib/bind/irs/dns_p.h | 6 +- .../lib/bind/irs/dns_pr.c | 4 +- .../lib/bind/irs/dns_pw.c | 3 +- .../lib/bind/irs/dns_sv.c | 8 +- .../lib/bind/irs/gai_strerror.c | 35 +- .../lib/bind/irs/gen.c | 5 +- .../lib/bind/irs/gen_gr.c | 5 +- .../lib/bind/irs/gen_ho.c | 6 +- .../lib/bind/irs/gen_ng.c | 4 +- .../lib/bind/irs/gen_nw.c | 4 +- .../lib/bind/irs/gen_p.h | 40 +- .../lib/bind/irs/gen_pr.c | 4 +- .../lib/bind/irs/gen_pw.c | 3 +- .../lib/bind/irs/gen_sv.c | 4 +- .../lib/bind/irs/getaddrinfo.c | 95 +- .../lib/bind/irs/getgrent.c | 3 +- .../lib/bind/irs/getgrent_r.c | 7 +- .../lib/bind/irs/gethostent.c | 27 +- .../lib/bind/irs/gethostent_r.c | 7 +- .../lib/bind/irs/getnameinfo.c | 10 +- .../lib/bind/irs/getnetent.c | 6 +- .../lib/bind/irs/getnetent_r.c | 7 +- .../lib/bind/irs/getnetgrent.c | 8 +- .../lib/bind/irs/getnetgrent_r.c | 84 +- .../lib/bind/irs/getprotoent.c | 4 +- .../lib/bind/irs/getprotoent_r.c | 7 +- .../lib/bind/irs/getpwent.c | 3 +- .../lib/bind/irs/getpwent_r.c | 5 +- .../lib/bind/irs/getservent.c | 4 +- .../lib/bind/irs/getservent_r.c | 7 +- .../lib/bind/irs/hesiod.c | 32 +- .../lib/bind/irs/hesiod_p.h | 30 +- .../lib/bind/irs/irp.c | 42 +- .../lib/bind/irs/irp_gr.c | 79 +- .../lib/bind/irs/irp_ho.c | 42 +- .../lib/bind/irs/irp_ng.c | 31 +- .../lib/bind/irs/irp_nw.c | 53 +- .../lib/bind/irs/irp_p.h | 9 +- .../lib/bind/irs/irp_pr.c | 48 +- .../lib/bind/irs/irp_pw.c | 40 +- .../lib/bind/irs/irp_sv.c | 43 +- .../lib/bind/irs/irpmarshall.c | 279 +- .../lib/bind/irs/irs_data.c | 11 +- .../lib/bind/irs/irs_data.h | 9 +- .../lib/bind/irs/irs_p.h | 4 +- .../lib/bind/irs/lcl.c | 4 +- .../lib/bind/irs/lcl_gr.c | 12 +- .../lib/bind/irs/lcl_ho.c | 10 +- .../lib/bind/irs/lcl_ng.c | 44 +- .../lib/bind/irs/lcl_nw.c | 4 +- .../lib/bind/irs/lcl_p.h | 7 +- .../lib/bind/irs/lcl_pr.c | 4 +- .../lib/bind/irs/lcl_pw.c | 11 +- .../lib/bind/irs/lcl_sv.c | 7 +- .../lib/bind/irs/nis.c | 4 +- .../lib/bind/irs/nis_gr.c | 7 +- .../lib/bind/irs/nis_ho.c | 12 +- .../lib/bind/irs/nis_ng.c | 4 +- .../lib/bind/irs/nis_nw.c | 4 +- .../lib/bind/irs/nis_p.h | 7 +- .../lib/bind/irs/nis_pr.c | 4 +- .../lib/bind/irs/nis_pw.c | 5 +- .../lib/bind/irs/nis_sv.c | 4 +- .../lib/bind/irs/nul_ng.c | 5 +- .../lib/bind/irs/pathnames.h | 4 +- .../lib/bind/irs/util.c | 4 +- .../lib/bind/isc/assertions.c | 5 +- .../lib/bind/isc/assertions.mdoc | 2 +- .../lib/bind/isc/base64.c | 26 +- .../lib/bind/isc/bitncmp.c | 8 +- .../lib/bind/isc/bitncmp.mdoc | 2 +- .../lib/bind/isc/ctl_clnt.c | 26 +- .../lib/bind/isc/ctl_p.c | 6 +- .../lib/bind/isc/ctl_p.h | 4 +- .../lib/bind/isc/ctl_srvr.c | 17 +- .../lib/bind/isc/ev_connects.c | 8 +- .../lib/bind/isc/ev_files.c | 7 +- .../lib/bind/isc/ev_streams.c | 4 +- .../lib/bind/isc/ev_timers.c | 10 +- .../lib/bind/isc/ev_waits.c | 10 +- .../lib/bind/isc/eventlib.c | 45 +- .../lib/bind/isc/eventlib.mdoc | 2 +- .../lib/bind/isc/eventlib_p.h | 15 +- .../lib/bind/isc/heap.c | 8 +- .../lib/bind/isc/heap.mdoc | 2 +- .../lib/bind/isc/hex.c | 4 +- .../lib/bind/isc/logging.c | 20 +- .../lib/bind/isc/logging.mdoc | 2 +- .../lib/bind/isc/logging_p.h | 3 +- .../lib/bind/isc/memcluster.c | 16 +- .../lib/bind/isc/memcluster.mdoc | 2 +- .../lib/bind/isc/movefile.c | 2 + .../lib/bind/isc/tree.c | 18 +- .../lib/bind/isc/tree.mdoc | 2 +- .../lib/bind/make/includes.in | 6 +- .../lib/bind/make/mkdep.in | 0 .../lib/bind/make/rules.in | 8 +- .../lib/bind/mkinstalldirs | 0 .../lib/bind/nameser/ns_date.c | 35 +- .../lib/bind/nameser/ns_name.c | 184 +- .../lib/bind/nameser/ns_netint.c | 4 +- .../lib/bind/nameser/ns_parse.c | 38 +- .../lib/bind/nameser/ns_print.c | 33 +- .../lib/bind/nameser/ns_samedomain.c | 47 +- .../lib/bind/nameser/ns_sign.c | 58 +- .../lib/bind/nameser/ns_ttl.c | 4 +- .../lib/bind/nameser/ns_verify.c | 43 +- .../bind/port/freebsd/include/sys/bitypes.h | 0 .../lib/bind/port_after.h.in | 183 +- .../lib/bind/port_before.h.in | 54 +- .../lib/bind/resolv/herror.c | 16 +- .../lib/bind/resolv/mtctxres.c | 1 + .../lib/bind/resolv/res_comp.c | 39 +- .../lib/bind/resolv/res_data.c | 83 +- .../lib/bind/resolv/res_debug.c | 168 +- .../lib/bind/resolv/res_debug.h | 1 + .../lib/bind/resolv/res_findzonecut.c | 46 +- .../lib/bind/resolv/res_init.c | 132 +- .../lib/bind/resolv/res_mkquery.c | 99 +- .../lib/bind/resolv/res_mkupdate.c | 78 +- .../lib/bind/resolv/res_mkupdate.h | 1 + .../lib/bind/resolv/res_private.h | 2 + .../lib/bind/resolv/res_query.c | 103 +- .../lib/bind/resolv/res_send.c | 114 +- .../lib/bind/resolv/res_sendsigned.c | 4 +- .../lib/bind/resolv/res_update.c | 9 +- .../lib/isccfg => bind-9.5.2/lib/bind9}/api | 2 +- .../lib/bind9/check.c | 1124 +++- .../lib/bind9/getaddresses.c | 8 +- .../lib/bind9/include/bind9/check.h | 22 +- .../lib/bind9/include/bind9/getaddresses.h | 28 +- .../lib/bind9/include/bind9/version.h | 8 +- .../lib/bind9/version.c | 8 +- contrib/bind-9.5.2/lib/dns/acache.c | 1782 ++++++ contrib/bind-9.5.2/lib/dns/acl.c | 623 +++ .../{bind-9.3 => bind-9.5.2}/lib/dns/adb.c | 957 ++-- .../lib/isc => bind-9.5.2/lib/dns}/api | 2 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/byaddr.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/cache.c | 128 +- .../lib/dns/callbacks.c | 8 +- .../lib/dns/compress.c | 39 +- contrib/{bind-9.3 => bind-9.5.2}/lib/dns/db.c | 90 +- .../lib/dns/dbiterator.c | 8 +- .../lib/dns/dbtable.c | 10 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/diff.c | 31 +- .../lib/dns/dispatch.c | 1471 ++++- contrib/bind-9.5.2/lib/dns/dlz.c | 510 ++ .../{bind-9.3 => bind-9.5.2}/lib/dns/dnssec.c | 82 +- contrib/{bind-9.3 => bind-9.5.2}/lib/dns/ds.c | 51 +- .../lib/dns/dst_api.c | 178 +- .../lib/dns/dst_internal.h | 107 +- .../lib/dns/dst_lib.c | 8 +- .../lib/dns/dst_openssl.h | 7 +- .../lib/dns/dst_parse.c | 122 +- .../lib/dns/dst_parse.h | 44 +- .../lib/dns/dst_result.c | 52 +- .../lib/dns/forward.c | 15 +- .../lib/dns/gen-unix.h | 11 +- .../lib/dns/gen-win32.h | 16 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/gen.c | 19 +- contrib/bind-9.5.2/lib/dns/gssapi_link.c | 309 ++ contrib/bind-9.5.2/lib/dns/gssapictx.c | 738 +++ contrib/bind-9.5.2/lib/dns/hmac_link.c | 1681 ++++++ .../bind-9.5.2/lib/dns/include/dns/acache.h | 445 ++ .../lib/dns/include/dns/acl.h | 141 +- .../lib/dns/include/dns/adb.h | 294 +- .../lib/dns/include/dns/bit.h | 8 +- .../lib/dns/include/dns/byaddr.h | 76 +- .../lib/dns/include/dns/cache.h | 106 +- .../lib/dns/include/dns/callbacks.h | 28 +- .../lib/dns/include/dns/cert.h | 32 +- .../lib/dns/include/dns/compress.h | 147 +- .../lib/dns/include/dns/db.h | 677 ++- .../lib/dns/include/dns/dbiterator.h | 135 +- .../lib/dns/include/dns/dbtable.h | 79 +- .../lib/dns/include/dns/diff.h | 113 +- .../lib/dns/include/dns/dispatch.h | 261 +- contrib/bind-9.5.2/lib/dns/include/dns/dlz.h | 290 + .../lib/dns/include/dns/dnssec.h | 124 +- .../lib/dns/include/dns/ds.h | 29 +- .../lib/dns/include/dns/events.h | 14 +- .../lib/dns/include/dns/fixedname.h | 21 +- .../lib/dns/include/dns/forward.h | 63 +- .../bind-9.5.2/lib/dns/include/dns/iptable.h | 70 + .../lib/dns/include/dns/journal.h | 87 +- .../lib/dns/include/dns/keyflags.h | 20 +- .../lib/dns/include/dns/keytable.h | 128 +- .../lib/dns/include/dns/keyvalues.h | 62 +- .../lib/dns/include/dns/lib.h | 14 +- .../lib/dns/include/dns/log.h | 24 +- .../lib/dns/include/dns/lookup.h | 61 +- .../lib/dns/include/dns/master.h | 153 +- .../lib/dns/include/dns/masterdump.h | 143 +- .../lib/dns/include/dns/message.h | 615 ++- .../lib/dns/include/dns/name.h | 684 +-- .../lib/dns/include/dns/ncache.h | 75 +- .../lib/dns/include/dns/nsec.h | 22 +- .../lib/dns/include/dns/opcode.h | 20 +- .../lib/dns/include/dns/order.h | 48 +- .../lib/dns/include/dns/peer.h | 49 +- .../lib/dns/include/dns/portlist.h | 54 +- contrib/bind-9.5.2/lib/dns/include/dns/rbt.h | 925 ++++ .../lib/dns/include/dns/rcode.h | 52 +- .../lib/dns/include/dns/rdata.h | 374 +- .../lib/dns/include/dns/rdataclass.h | 38 +- .../lib/dns/include/dns/rdatalist.h | 64 +- .../lib/dns/include/dns/rdataset.h | 348 +- .../lib/dns/include/dns/rdatasetiter.h | 69 +- .../lib/dns/include/dns/rdataslab.h | 68 +- .../lib/dns/include/dns/rdatatype.h | 38 +- .../lib/dns/include/dns/request.h | 175 +- .../lib/dns/include/dns/resolver.h | 270 +- .../lib/dns/include/dns/result.h | 14 +- .../lib/dns/include/dns/rootns.h | 16 +- .../lib/dns/include/dns/sdb.h | 31 +- contrib/bind-9.5.2/lib/dns/include/dns/sdlz.h | 266 + .../lib/dns/include/dns/secalg.h | 36 +- .../lib/dns/include/dns/secproto.h | 36 +- .../lib/dns/include/dns/soa.h | 9 +- .../lib/dns/include/dns/ssu.h | 101 +- .../bind-9.5.2/lib/dns/include/dns/stats.h | 364 ++ .../lib/dns/include/dns/tcpmsg.h | 52 +- .../lib/dns/include/dns/time.h | 16 +- .../lib/dns/include/dns/timer.h | 12 +- contrib/bind-9.5.2/lib/dns/include/dns/tkey.h | 250 + .../lib/dns/include/dns/tsig.h | 165 +- .../lib/dns/include/dns/ttl.h | 26 +- .../lib/dns/include/dns/types.h | 83 +- .../lib/dns/include/dns/validator.h | 25 +- .../lib/dns/include/dns/version.h | 8 +- .../lib/dns/include/dns/view.h | 460 +- .../lib/dns/include/dns/xfrin.h | 26 +- .../lib/dns/include/dns/zone.h | 1022 ++-- .../lib/dns/include/dns/zonekey.h | 10 +- .../lib/dns/include/dns/zt.h | 100 +- .../lib/dns/include/dst/dst.h | 392 +- .../bind-9.5.2/lib/dns/include/dst/gssapi.h | 207 + .../lib/dns/include/dst/lib.h | 8 +- .../lib/dns/include/dst/result.h | 8 +- contrib/bind-9.5.2/lib/dns/iptable.c | 188 + .../lib/dns/journal.c | 374 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/key.c | 26 +- .../lib/dns/keytable.c | 22 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/lib.c | 9 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/log.c | 19 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/lookup.c | 34 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/master.c | 613 ++- .../lib/dns/masterdump.c | 374 +- .../lib/dns/message.c | 177 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/name.c | 258 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/ncache.c | 15 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/nsec.c | 12 +- .../lib/dns/openssl_link.c | 89 +- .../lib/dns/openssldh_link.c | 168 +- .../lib/dns/openssldsa_link.c | 167 +- .../lib/dns/opensslrsa_link.c | 78 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/order.c | 18 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/peer.c | 204 +- .../lib/dns/portlist.c | 20 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/rbt.c | 163 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/rbtdb.c | 3330 ++++++++--- .../{bind-9.3 => bind-9.5.2}/lib/dns/rbtdb.h | 9 +- .../lib/dns/rbtdb64.c | 8 +- .../lib/dns/rbtdb64.h | 9 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/rcode.c | 7 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/rdata.c | 58 +- .../lib/dns/rdata/any_255/tsig_250.c | 6 +- .../lib/dns/rdata/any_255/tsig_250.h | 9 +- contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.c | 316 ++ .../lib/dns/rdata/ch_3/a_1.h} | 29 +- .../lib/dns/rdata/generic/afsdb_18.c | 8 +- .../lib/dns/rdata/generic/afsdb_18.h | 9 +- .../lib/dns/rdata/generic/cert_37.c | 8 +- .../lib/dns/rdata/generic/cert_37.h | 8 +- .../lib/dns/rdata/generic/cname_5.c | 6 +- .../lib/dns/rdata/generic/cname_5.h | 6 +- .../lib/dns/rdata/generic/dlv_32769.c | 50 +- .../lib/dns/rdata/generic/dlv_32769.h | 6 +- .../lib/dns/rdata/generic/dname_39.c | 6 +- .../lib/dns/rdata/generic/dname_39.h | 9 +- .../lib/dns/rdata/generic/dnskey_48.c | 8 +- .../lib/dns/rdata/generic/dnskey_48.h | 9 +- .../lib/dns/rdata/generic/ds_43.c | 50 +- .../lib/dns/rdata/generic/ds_43.h | 9 +- .../lib/dns/rdata/generic/gpos_27.c | 8 +- .../lib/dns/rdata/generic/gpos_27.h | 9 +- .../lib/dns/rdata/generic/hinfo_13.c | 6 +- .../lib/dns/rdata/generic/hinfo_13.h | 6 +- .../lib/dns/rdata/generic/ipseckey_45.c | 463 ++ .../lib/dns/rdata/generic/ipseckey_45.h} | 28 +- .../lib/dns/rdata/generic/isdn_20.c | 8 +- .../lib/dns/rdata/generic/isdn_20.h | 9 +- .../lib/dns/rdata/generic/key_25.c | 8 +- .../lib/dns/rdata/generic/key_25.h | 9 +- .../lib/dns/rdata/generic/loc_29.c | 15 +- .../lib/dns/rdata/generic/loc_29.h | 9 +- .../lib/dns/rdata/generic/mb_7.c | 6 +- .../lib/dns/rdata/generic/mb_7.h | 7 +- .../lib/dns/rdata/generic/md_3.c | 6 +- .../lib/dns/rdata/generic/md_3.h | 7 +- .../lib/dns/rdata/generic/mf_4.c | 6 +- .../lib/dns/rdata/generic/mf_4.h | 7 +- .../lib/dns/rdata/generic/mg_8.c | 6 +- .../lib/dns/rdata/generic/mg_8.h | 7 +- .../lib/dns/rdata/generic/minfo_14.c | 6 +- .../lib/dns/rdata/generic/minfo_14.h | 7 +- .../lib/dns/rdata/generic/mr_9.c | 6 +- .../lib/dns/rdata/generic/mr_9.h | 7 +- .../lib/dns/rdata/generic/mx_15.c | 37 +- .../lib/dns/rdata/generic/mx_15.h | 7 +- .../lib/dns/rdata/generic/ns_2.c | 6 +- .../lib/dns/rdata/generic/ns_2.h | 7 +- .../lib/dns/rdata/generic/nsec_47.c | 10 +- .../lib/dns/rdata/generic/nsec_47.h | 9 +- .../lib/dns/rdata/generic/null_10.c | 6 +- .../lib/dns/rdata/generic/null_10.h | 7 +- .../lib/dns/rdata/generic/nxt_30.c | 8 +- .../lib/dns/rdata/generic/nxt_30.h | 9 +- .../lib/dns/rdata/generic/opt_41.c | 8 +- .../lib/dns/rdata/generic/opt_41.h | 9 +- .../lib/dns/rdata/generic/proforma.c | 6 +- .../lib/dns/rdata/generic/proforma.h | 7 +- .../lib/dns/rdata/generic/ptr_12.c | 6 +- .../lib/dns/rdata/generic/ptr_12.h | 7 +- .../lib/dns/rdata/generic/rp_17.c | 8 +- .../lib/dns/rdata/generic/rp_17.h | 9 +- .../lib/dns/rdata/generic/rrsig_46.c | 8 +- .../lib/dns/rdata/generic/rrsig_46.h | 9 +- .../lib/dns/rdata/generic/rt_21.c | 8 +- .../lib/dns/rdata/generic/rt_21.h | 9 +- .../lib/dns/rdata/generic/sig_24.c | 8 +- .../lib/dns/rdata/generic/sig_24.h | 9 +- .../lib/dns/rdata/generic/soa_6.c | 35 +- .../lib/dns/rdata/generic/soa_6.h | 17 +- .../lib/dns/rdata/generic/spf_99.c} | 68 +- .../lib/dns/rdata/generic/spf_99.h} | 26 +- .../lib/dns/rdata/generic/sshfp_44.c | 8 +- .../lib/dns/rdata/generic/sshfp_44.h | 9 +- .../lib/dns/rdata/generic/tkey_249.c | 6 +- .../lib/dns/rdata/generic/tkey_249.h | 9 +- .../lib/dns/rdata/generic/txt_16.c | 8 +- .../lib/dns/rdata/generic/txt_16.h | 7 +- .../lib/dns/rdata/generic/unspec_103.c | 6 +- .../lib/dns/rdata/generic/unspec_103.h | 7 +- .../lib/dns/rdata/generic/x25_19.c | 8 +- .../lib/dns/rdata/generic/x25_19.h | 9 +- .../lib/dns/rdata/hs_4/a_1.c | 6 +- .../lib/dns/rdata/hs_4/a_1.h | 7 +- .../lib/dns/rdata/in_1/a6_38.c | 6 +- .../lib/dns/rdata/in_1/a6_38.h | 9 +- .../lib/dns/rdata/in_1/a_1.c | 6 +- .../lib/dns/rdata/in_1/a_1.h | 7 +- .../lib/dns/rdata/in_1/aaaa_28.c | 8 +- .../lib/dns/rdata/in_1/aaaa_28.h | 9 +- .../lib/dns/rdata/in_1/apl_42.c | 69 +- .../lib/dns/rdata/in_1/apl_42.h | 7 +- .../bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.c | 229 + .../lib/dns/rdata/in_1/dhcid_49.h} | 21 +- .../lib/dns/rdata/in_1/kx_36.c | 8 +- .../lib/dns/rdata/in_1/kx_36.h | 9 +- .../lib/dns/rdata/in_1/naptr_35.c | 16 +- .../lib/dns/rdata/in_1/naptr_35.h | 9 +- .../lib/dns/rdata/in_1/nsap-ptr_23.c | 8 +- .../lib/dns/rdata/in_1/nsap-ptr_23.h | 9 +- .../lib/dns/rdata/in_1/nsap_22.c | 8 +- .../lib/dns/rdata/in_1/nsap_22.h | 9 +- .../lib/dns/rdata/in_1/px_26.c | 8 +- .../lib/dns/rdata/in_1/px_26.h | 9 +- .../lib/dns/rdata/in_1/srv_33.c | 8 +- .../lib/dns/rdata/in_1/srv_33.h | 9 +- .../lib/dns/rdata/in_1/wks_11.c | 10 +- .../lib/dns/rdata/in_1/wks_11.h | 6 +- .../lib/dns/rdata/rdatastructpre.h | 6 +- .../lib/dns/rdata/rdatastructsuf.h | 6 +- .../lib/dns/rdatalist.c | 23 +- .../lib/dns/rdatalist_p.h | 8 +- .../lib/dns/rdataset.c | 99 +- .../lib/dns/rdatasetiter.c | 8 +- .../lib/dns/rdataslab.c | 402 +- .../lib/dns/request.c | 112 +- .../lib/dns/resolver.c | 2062 +++++-- contrib/bind-9.5.2/lib/dns/result.c | 276 + contrib/bind-9.5.2/lib/dns/rootns.c | 518 ++ .../{bind-9.3 => bind-9.5.2}/lib/dns/sdb.c | 85 +- contrib/bind-9.5.2/lib/dns/sdlz.c | 1793 ++++++ .../{bind-9.3 => bind-9.5.2}/lib/dns/soa.c | 8 +- contrib/bind-9.5.2/lib/dns/spnego.asn1 | 52 + contrib/bind-9.5.2/lib/dns/spnego.c | 1788 ++++++ contrib/bind-9.5.2/lib/dns/spnego.h | 71 + contrib/bind-9.5.2/lib/dns/spnego_asn1.c | 885 +++ contrib/bind-9.5.2/lib/dns/spnego_asn1.pl | 200 + .../{bind-9.3 => bind-9.5.2}/lib/dns/ssu.c | 118 +- contrib/bind-9.5.2/lib/dns/stats.c | 404 ++ .../{bind-9.3 => bind-9.5.2}/lib/dns/tcpmsg.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/time.c | 10 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/timer.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/tkey.c | 343 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/tsig.c | 474 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/ttl.c | 8 +- .../lib/dns/validator.c | 456 +- .../lib/dns/version.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/view.c | 188 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/xfrin.c | 181 +- .../{bind-9.3 => bind-9.5.2}/lib/dns/zone.c | 2030 ++++++- .../lib/dns/zonekey.c | 8 +- contrib/{bind-9.3 => bind-9.5.2}/lib/dns/zt.c | 115 +- .../lib/isc/alpha/include/isc/atomic.h | 184 + contrib/{bind-9.3 => bind-9.5.2}/lib/isc/api | 2 +- .../lib/isc/assertions.c | 16 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/base64.c | 22 +- .../lib/isc/bitstring.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/buffer.c | 76 +- .../lib/isc/bufferlist.c | 8 +- .../lib/isc/commandline.c | 26 +- .../lib/isc/entropy.c | 136 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/error.c | 11 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/event.c | 11 +- .../lib/isc/fsaccess.c | 11 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/hash.c | 50 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/heap.c | 18 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/hex.c | 16 +- .../lib/isc/hmacmd5.c | 26 +- contrib/bind-9.5.2/lib/isc/hmacsha.c | 438 ++ contrib/bind-9.5.2/lib/isc/httpd.c | 987 ++++ .../lib/isc/ia64/include/isc/atomic.h | 100 + .../lib/isc/include/isc/app.h | 100 +- .../lib/isc/include/isc/assertions.h | 14 +- .../lib/isc/include/isc/base64.h | 52 +- .../lib/isc/include/isc/bitstring.h | 47 +- .../lib/isc/include/isc/boolean.h | 8 +- .../lib/isc/include/isc/buffer.h | 368 +- .../lib/isc/include/isc/bufferlist.h | 34 +- .../lib/isc/include/isc/commandline.h | 21 +- .../lib/isc/include/isc/entropy.h | 158 +- .../lib/isc/include/isc/error.h | 13 +- .../lib/isc/include/isc/event.h | 28 +- .../lib/isc/include/isc/eventclass.h | 20 +- .../lib/isc/include/isc/file.h | 130 +- .../lib/isc/include/isc/formatcheck.h | 20 +- .../lib/isc/include/isc/fsaccess.h | 95 +- .../lib/isc/include/isc/hash.h | 62 +- .../lib/isc/include/isc/heap.h | 10 +- .../lib/isc/include/isc/hex.h | 46 +- .../lib/isc/include/isc/hmacmd5.h | 15 +- .../bind-9.5.2/lib/isc/include/isc/hmacsha.h | 156 + .../bind-9.5.2/lib/isc/include/isc/httpd.h | 64 + .../lib/isc/include/isc/interfaceiter.h | 73 +- .../lib/isc/include/isc/ipv6.h | 36 +- .../lib/isc/include/isc/lang.h | 8 +- .../lib/isc/include/isc/lex.h | 243 +- .../lib/isc/include/isc/lfsr.h | 61 +- .../lib/isc/include/isc/lib.h | 12 +- .../lib/isc/include/isc/list.h | 6 +- .../lib/isc/include/isc/log.h | 517 +- .../lib/isc/include/isc/magic.h | 11 +- .../lib/isc/include/isc/md5.h | 13 +- .../lib/isc/include/isc/mem.h | 352 +- .../lib/isc/include/isc/msgcat.h | 53 +- contrib/bind-9.5.2/lib/isc/include/isc/msgs.h | 194 + .../lib/isc/include/isc/mutexblock.h | 26 +- .../lib/isc/include/isc/netaddr.h | 83 +- .../lib/isc/include/isc/netscope.h | 17 +- .../lib/isc/include/isc/ondestroy.h | 24 +- .../lib/isc/include/isc/os.h | 10 +- .../lib/isc/include/isc/parseint.h | 25 +- .../lib/isc/include/isc/platform.h.in | 198 +- .../bind-9.5.2/lib/isc/include/isc/portset.h | 141 + .../lib/isc/include/isc/print.h | 10 +- .../lib/isc/include/isc/quota.h | 39 +- .../bind-9.5.2/lib/isc/include/isc/radix.h | 240 + .../lib/isc/include/isc/random.h | 20 +- .../lib/isc/include/isc/ratelimiter.h | 50 +- .../lib/isc/include/isc/refcount.h | 111 +- .../lib/isc/include/isc/region.h | 24 +- .../lib/isc/include/isc/resource.h | 50 +- .../bind-9.5.2/lib/isc/include/isc/result.h | 106 + .../lib/isc/include/isc/resultclass.h | 22 +- .../lib/isc/include/isc/rwlock.h | 50 +- .../lib/isc/include/isc/serial.h | 23 +- .../lib/isc/include/isc/sha1.h | 19 +- contrib/bind-9.5.2/lib/isc/include/isc/sha2.h | 132 + .../lib/isc/include/isc/sockaddr.h | 101 +- .../bind-9.5.2/lib/isc/include/isc/socket.h | 1007 ++++ .../bind-9.5.2/lib/isc/include/isc/stats.h | 121 + .../lib/isc/include/isc/stdio.h | 32 +- .../lib/isc/include/isc/stdlib.h | 8 +- .../bind-9.5.2/lib/isc/include/isc/string.h | 231 + .../lib/isc/include/isc/symtab.h | 49 +- .../lib/isc/include/isc/task.h | 343 +- .../lib/isc/include/isc/taskpool.h | 34 +- .../lib/isc/include/isc/timer.h | 151 +- .../bind-9.5.2/lib/isc/include/isc/types.h | 124 + .../lib/isc/include/isc/util.h | 30 +- .../lib/isc/include/isc/version.h | 8 +- contrib/bind-9.5.2/lib/isc/include/isc/xml.h | 41 + .../lib/isc/inet_aton.c | 17 +- .../lib/isc/inet_ntop.c | 32 +- .../lib/isc/inet_pton.c | 40 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/lex.c | 54 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/lfsr.c | 10 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/lib.c | 10 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/log.c | 68 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/md5.c | 22 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/mem.c | 870 ++- .../lib/isc/mips/include/isc/atomic.h | 98 + .../lib/isc/mutexblock.c | 8 +- .../lib/isc/netaddr.c | 87 +- .../lib/isc/netscope.c | 8 +- .../lib/isc/nls/msgcat.c | 11 +- .../lib/isc/noatomic/include/isc/atomic.h} | 15 +- .../lib/isc/nothreads/condition.c | 6 +- .../lib/isc/nothreads/include/isc/condition.h | 6 +- .../lib/isc/nothreads/include/isc/mutex.h | 6 +- .../lib/isc/nothreads/include/isc/once.h | 6 +- .../lib/isc/nothreads/include/isc/thread.h | 6 +- .../lib/isc/nothreads/mutex.c | 6 +- .../lib/isc/nothreads/thread.c | 6 +- .../lib/isc/ondestroy.c | 8 +- .../lib/isc/parseint.c | 8 +- contrib/bind-9.5.2/lib/isc/portset.c | 143 + .../lib/isc/powerpc/include/isc/atomic.h | 160 + .../{bind-9.3 => bind-9.5.2}/lib/isc/print.c | 95 +- .../lib/isc/pthreads/condition.c | 10 +- .../lib/isc/pthreads/include/isc/condition.h | 8 +- .../lib/isc/pthreads/include/isc/mutex.h | 24 +- .../lib/isc/pthreads/include/isc/once.h | 12 +- .../lib/isc/pthreads/include/isc/thread.h | 14 +- .../lib/isc/pthreads/mutex.c | 133 +- .../lib/isc/pthreads/thread.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/quota.c | 8 +- contrib/bind-9.5.2/lib/isc/radix.c | 705 +++ .../{bind-9.3 => bind-9.5.2}/lib/isc/random.c | 31 +- .../lib/isc/ratelimiter.c | 8 +- .../lib/isc/refcount.c} | 30 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/region.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/result.c | 128 +- contrib/bind-9.5.2/lib/isc/rwlock.c | 808 +++ .../{bind-9.3 => bind-9.5.2}/lib/isc/serial.c | 9 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/sha1.c | 30 +- contrib/bind-9.5.2/lib/isc/sha2.c | 1234 +++++ .../lib/isc/sockaddr.c | 122 +- .../lib/isc/sparc64/include/isc/atomic.h | 127 + contrib/bind-9.5.2/lib/isc/stats.c | 326 ++ .../{bind-9.3 => bind-9.5.2}/lib/isc/string.c | 111 +- .../lib/isc/strtoul.c | 9 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/symtab.c | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/task.c | 150 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/task_p.h | 8 +- .../lib/isc/taskpool.c | 9 +- .../{bind-9.3 => bind-9.5.2}/lib/isc/timer.c | 104 +- .../lib/isc/timer_p.h | 8 +- .../lib/isc/unix/app.c | 55 +- .../lib/isc/unix/dir.c | 60 +- .../lib/isc/unix/entropy.c | 41 +- .../lib/isc/unix/errno2result.c | 10 +- .../lib/isc/unix/errno2result.h | 8 +- .../lib/isc/unix/file.c | 25 +- .../lib/isc/unix/fsaccess.c | 9 +- .../lib/isc/unix/ifiter_getifaddrs.c | 31 +- .../lib/isc/unix/ifiter_ioctl.c | 44 +- .../lib/isc/unix/ifiter_sysctl.c | 9 +- .../lib/isc/unix/include/isc/dir.h | 16 +- .../lib/isc/unix/include/isc/int.h | 10 +- .../lib/isc/unix/include/isc/keyboard.h | 8 +- .../lib/isc/unix/include/isc/net.h | 145 +- .../lib/isc/unix/include/isc/netdb.h | 19 +- .../lib/isc/unix/include/isc/offset.h | 12 +- .../lib/isc/unix/include/isc/stat.h | 7 +- .../lib/isc/unix/include/isc/stdtime.h | 27 +- .../lib/isc/unix/include/isc/strerror.h | 13 +- .../lib/isc/unix/include/isc/syslog.h | 18 +- .../lib/isc/unix/include/isc/time.h | 157 +- .../lib/isc/unix/interfaceiter.c | 12 +- .../lib/isc/unix/ipv6.c | 8 +- .../lib/isc/unix/keyboard.c | 6 +- .../lib/isc/unix/net.c | 196 +- .../lib/isc/unix/os.c | 6 +- .../lib/isc/unix/resource.c | 135 +- .../lib/isc/unix/socket.c | 2695 +++++++-- .../lib/isc/unix/socket_p.h | 17 +- .../lib/isc/unix/stdio.c | 6 +- .../lib/isc/unix/stdtime.c | 8 +- .../lib/isc/unix/strerror.c | 14 +- .../lib/isc/unix/syslog.c | 10 +- .../lib/isc/unix/time.c | 44 +- .../lib/isc/version.c | 8 +- .../lib/isc/x86_32/include/isc/atomic.h | 176 + .../lib/isc/x86_64/include/isc/atomic.h | 123 + .../lib/isccc/alist.c | 21 +- contrib/bind-9.5.2/lib/isccc/api | 3 + .../lib/isccc/base64.c | 21 +- .../{bind-9.3 => bind-9.5.2}/lib/isccc/cc.c | 50 +- .../lib/isccc/ccmsg.c | 21 +- .../lib/isccc/include/isccc/alist.h | 21 +- .../lib/isccc/include/isccc/base64.h | 43 +- .../lib/isccc/include/isccc/cc.h | 40 +- .../lib/isccc/include/isccc/ccmsg.h | 60 +- .../lib/isccc/include/isccc/events.h | 23 +- .../lib/isccc/include/isccc/lib.h | 23 +- .../lib/isccc/include/isccc/result.h | 31 +- .../lib/isccc/include/isccc/sexpr.h | 25 +- .../lib/isccc/include/isccc/symtab.h | 30 +- .../lib/isccc/include/isccc/symtype.h | 21 +- .../lib/isccc/include/isccc/types.h | 27 +- .../lib/isccc/include/isccc/util.h | 26 +- .../lib/isccc/include/isccc/version.h | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/isccc/lib.c | 21 +- .../lib/isccc/result.c | 21 +- .../lib/isccc/sexpr.c | 21 +- .../lib/isccc/symtab.c | 23 +- .../lib/isccc/version.c | 8 +- contrib/bind-9.5.2/lib/isccfg/aclconf.c | 437 ++ .../{bind-9.3 => bind-9.5.2}/lib/isccfg/api | 2 +- .../lib/isccfg/include/isccfg}/aclconf.h | 35 +- .../lib/isccfg/include/isccfg/cfg.h | 167 +- .../lib/isccfg/include/isccfg/grammar.h | 113 +- .../lib/isccfg/include/isccfg/log.h | 16 +- .../lib/isccfg/include/isccfg/namedconf.h | 19 +- .../lib/isccfg/include/isccfg/version.h | 8 +- .../{bind-9.3 => bind-9.5.2}/lib/isccfg/log.c | 16 +- .../lib/isccfg/namedconf.c | 643 ++- .../lib/isccfg/parser.c | 132 +- .../lib/isccfg/version.c | 8 +- contrib/bind-9.5.2/lib/lwres/api | 3 + .../lib/lwres/assert_p.h | 8 +- .../lib/lwres/context.c | 139 +- .../lib/lwres/context_p.h | 28 +- .../lib/lwres/gai_strerror.c | 35 +- .../lib/lwres/getaddrinfo.c | 143 +- contrib/bind-9.5.2/lib/lwres/gethost.c | 362 ++ .../lib/lwres/getipnode.c | 159 +- .../lib/lwres/getnameinfo.c | 70 +- .../lib/lwres/getrrset.c | 85 +- .../lib/lwres/herror.c | 43 +- .../lib/lwres/include/lwres/context.h | 37 +- .../lib/lwres/include/lwres/int.h | 8 +- .../lib/lwres/include/lwres/ipv6.h | 22 +- .../lib/lwres/include/lwres/lang.h | 8 +- .../lib/lwres/include/lwres/list.h | 8 +- .../lib/lwres/include/lwres/lwbuffer.h | 76 +- .../lib/lwres/include/lwres/lwpacket.h | 159 + .../lib/lwres/include/lwres/lwres.h | 174 +- .../lib/lwres/include/lwres/netdb.h.in | 10 +- .../lib/lwres/include/lwres/platform.h.in | 15 +- .../lib/lwres/include/lwres/result.h | 8 +- .../lib/lwres/include/lwres/stdlib.h | 8 +- .../lib/lwres/include/lwres/version.h | 8 +- contrib/bind-9.5.2/lib/lwres/lwbuffer.c | 361 ++ .../lib/lwres/lwconfig.c | 77 +- .../lib/lwres/lwinetaton.c | 10 +- .../lib/lwres/lwinetntop.c | 16 +- .../lib/lwres/lwinetpton.c | 16 +- .../lib/lwres/lwpacket.c | 50 +- .../lib/lwres/lwres_gabn.c | 100 +- .../lib/lwres/lwres_gnba.c | 95 +- .../lib/lwres/lwres_grbn.c | 16 +- .../lib/lwres/lwres_noop.c | 93 +- .../lib/lwres/lwresutil.c | 95 +- .../lib/lwres/man/lwres.3 | 13 +- contrib/bind-9.5.2/lib/lwres/man/lwres.html | 218 + .../lib/lwres/man/lwres_buffer.3 | 63 +- .../lib/lwres/man/lwres_buffer.html | 455 ++ .../lib/lwres/man/lwres_config.3 | 23 +- .../lib/lwres/man/lwres_config.html | 156 + .../lib/lwres/man/lwres_context.3 | 32 +- .../lib/lwres/man/lwres_context.html | 295 + .../lib/lwres/man/lwres_gabn.3 | 49 +- .../bind-9.5.2/lib/lwres/man/lwres_gabn.html | 324 ++ .../lib/lwres/man/lwres_gai_strerror.3 | 61 +- .../lib/lwres/man/lwres_gai_strerror.html | 124 + .../lib/lwres/man/lwres_getaddrinfo.3 | 43 +- .../lib/lwres/man/lwres_getaddrinfo.html | 322 ++ .../lib/lwres/man/lwres_gethostent.3 | 78 +- .../lib/lwres/man/lwres_gethostent.html | 466 ++ .../lib/lwres/man/lwres_getipnode.3 | 77 +- .../lib/lwres/man/lwres_getipnode.html | 279 + .../lib/lwres/man/lwres_getnameinfo.3 | 35 +- .../lib/lwres/man/lwres_getnameinfo.html | 176 + .../lib/lwres/man/lwres_getrrsetbyname.3 | 51 +- .../lib/lwres/man/lwres_getrrsetbyname.html | 192 + .../lib/lwres/man/lwres_gnba.3 | 39 +- .../bind-9.5.2/lib/lwres/man/lwres_gnba.html | 316 ++ .../lib/lwres/man/lwres_hstrerror.3 | 37 +- .../lib/lwres/man/lwres_hstrerror.html | 104 + .../lib/lwres/man/lwres_inetntop.3 | 15 +- .../lib/lwres/man/lwres_inetntop.html | 103 + .../lib/lwres/man/lwres_noop.3 | 44 +- .../bind-9.5.2/lib/lwres/man/lwres_noop.html | 317 ++ .../lib/lwres/man/lwres_packet.3 | 75 +- .../lib/lwres/man/lwres_packet.html | 235 + .../lib/lwres/man/lwres_resutil.3 | 29 +- .../lib/lwres/man/lwres_resutil.html | 258 + .../lib/lwres/print.c | 6 +- .../lib/lwres/print_p.h | 6 +- .../lib/lwres/strtoul.c | 6 +- .../lib/lwres/unix/include/lwres/net.h | 31 +- .../lib/lwres/version.c | 8 +- contrib/bind-9.5.2/version | 10 + include/osreldate.h | 16 + include/rpc/rpcb_prot.h | 577 ++ include/rpcsvc/bootparam_prot.h | 99 + include/rpcsvc/crypt.h | 69 + include/rpcsvc/key_prot.h | 199 + include/rpcsvc/klm_prot.h | 105 + include/rpcsvc/mount.h | 159 + include/rpcsvc/nfs_prot.h | 1456 +++++ include/rpcsvc/nis.h | 693 +++ include/rpcsvc/nis_cache.h | 93 + include/rpcsvc/nis_callback.h | 83 + include/rpcsvc/nlm_prot.h | 451 ++ include/rpcsvc/rex.h | 193 + include/rpcsvc/rnusers.h | 107 + include/rpcsvc/rquota.h | 74 + include/rpcsvc/rstat.h | 129 + include/rpcsvc/rwall.h | 71 + include/rpcsvc/sm_inter.h | 111 + include/rpcsvc/spray.h | 58 + include/rpcsvc/yp.h | 380 ++ include/rpcsvc/yppasswd.h | 53 + include/rpcsvc/ypupdate_prot.h | 112 + include/rpcsvc/ypxfrd.h | 108 + include/vers.c | 11 + include/version | 1 + lib/libbind/Makefile | 10 +- lib/libbind/port_after.h | 191 +- lib/libbind/port_before.h | 132 +- lib/libbind9/Makefile | 15 +- lib/libc/resolv/Makefile.inc | 2 +- lib/libc_rtld/Makefile | 1 + lib/libisc/Makefile | 36 +- usr.bin/dig/Makefile | 13 +- usr.bin/host/Makefile | 13 +- usr.sbin/named/Makefile | 24 +- usr.sbin/named/Makefile.inc | 4 +- usr.sbin/named/include/isc/os.h | 25 +- usr.sbin/named/include/named/os.h | 13 +- usr.sbin/nslookup/Makefile | 16 +- usr.sbin/nsupdate/Makefile | 15 +- 993 files changed, 90658 insertions(+), 36556 deletions(-) delete mode 100644 contrib/bind-9.3/FAQ delete mode 100644 contrib/bind-9.3/FAQ.xml delete mode 100644 contrib/bind-9.3/README.DELETED delete mode 100644 contrib/bind-9.3/README.DRAGONFLY delete mode 100644 contrib/bind-9.3/acconfig.h delete mode 100644 contrib/bind-9.3/bin/check/check-tool.c delete mode 100644 contrib/bind-9.3/bin/check/named-checkconf.c delete mode 100644 contrib/bind-9.3/bin/check/named-checkconf.html delete mode 100644 contrib/bind-9.3/bin/check/named-checkzone.8 delete mode 100644 contrib/bind-9.3/bin/check/named-checkzone.c delete mode 100644 contrib/bind-9.3/bin/check/named-checkzone.html delete mode 100644 contrib/bind-9.3/bin/dig/dig.html delete mode 100644 contrib/bind-9.3/bin/dig/host.html delete mode 100644 contrib/bind-9.3/bin/dig/nslookup.html delete mode 100644 contrib/bind-9.3/bin/dnssec/dnssec-keygen.html delete mode 100644 contrib/bind-9.3/bin/dnssec/dnssec-signzone.html delete mode 100644 contrib/bind-9.3/bin/named/aclconf.c delete mode 100644 contrib/bind-9.3/bin/named/lwresd.html delete mode 100644 contrib/bind-9.3/bin/named/named.html delete mode 100644 contrib/bind-9.3/bin/nsupdate/nsupdate.html delete mode 100644 contrib/bind-9.3/bin/rndc/rndc-confgen.html delete mode 100644 contrib/bind-9.3/bin/rndc/rndc.conf.html delete mode 100644 contrib/bind-9.3/bin/rndc/rndc.html delete mode 100644 contrib/bind-9.3/lib/bind/api delete mode 100644 contrib/bind-9.3/lib/bind/include/resolv.h delete mode 100644 contrib/bind-9.3/lib/bind9/api delete mode 100644 contrib/bind-9.3/lib/dns/acl.c delete mode 100644 contrib/bind-9.3/lib/dns/api delete mode 100644 contrib/bind-9.3/lib/dns/gssapi_link.c delete mode 100644 contrib/bind-9.3/lib/dns/gssapictx.c delete mode 100644 contrib/bind-9.3/lib/dns/hmac_link.c delete mode 100644 contrib/bind-9.3/lib/dns/include/dns/rbt.h delete mode 100644 contrib/bind-9.3/lib/dns/include/dns/stats.h delete mode 100644 contrib/bind-9.3/lib/dns/include/dns/tkey.h delete mode 100644 contrib/bind-9.3/lib/dns/include/dst/gssapi.h delete mode 100644 contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.c delete mode 100644 contrib/bind-9.3/lib/dns/result.c delete mode 100644 contrib/bind-9.3/lib/dns/rootns.c delete mode 100644 contrib/bind-9.3/lib/dns/stats.c delete mode 100644 contrib/bind-9.3/lib/isc/include/isc/msgs.h delete mode 100644 contrib/bind-9.3/lib/isc/include/isc/result.h delete mode 100644 contrib/bind-9.3/lib/isc/include/isc/socket.h delete mode 100644 contrib/bind-9.3/lib/isc/include/isc/string.h delete mode 100644 contrib/bind-9.3/lib/isc/include/isc/types.h delete mode 100644 contrib/bind-9.3/lib/isc/rwlock.c delete mode 100644 contrib/bind-9.3/lib/isccc/api delete mode 100644 contrib/bind-9.3/lib/lwres/api delete mode 100644 contrib/bind-9.3/lib/lwres/gethost.c delete mode 100644 contrib/bind-9.3/lib/lwres/include/lwres/lwpacket.h delete mode 100644 contrib/bind-9.3/lib/lwres/lwbuffer.c delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_buffer.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_config.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_context.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_gabn.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_gethostent.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_getipnode.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_gnba.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_inetntop.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_noop.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_packet.html delete mode 100644 contrib/bind-9.3/lib/lwres/man/lwres_resutil.html delete mode 100644 contrib/bind-9.3/version rename contrib/{bind-9.3 => bind-9.5.2}/CHANGES (75%) rename contrib/{bind-9.3 => bind-9.5.2}/COPYRIGHT (87%) create mode 100644 contrib/bind-9.5.2/FAQ rename contrib/{bind-9.3 => bind-9.5.2}/README (58%) create mode 100644 contrib/bind-9.5.2/README.idnkit create mode 100644 contrib/bind-9.5.2/bin/check/check-tool.c rename contrib/{bind-9.3 => bind-9.5.2}/bin/check/check-tool.h (65%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/check/named-checkconf.8 (72%) create mode 100644 contrib/bind-9.5.2/bin/check/named-checkconf.c create mode 100644 contrib/bind-9.5.2/bin/check/named-checkconf.html create mode 100644 contrib/bind-9.5.2/bin/check/named-checkzone.8 create mode 100644 contrib/bind-9.5.2/bin/check/named-checkzone.c create mode 100644 contrib/bind-9.5.2/bin/check/named-checkzone.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/dig.1 (77%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/dig.c (81%) create mode 100644 contrib/bind-9.5.2/bin/dig/dig.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/dighost.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/host.1 (74%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/host.c (86%) create mode 100644 contrib/bind-9.5.2/bin/dig/host.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/include/dig/dig.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/nslookup.1 (77%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dig/nslookup.c (93%) create mode 100644 contrib/bind-9.5.2/bin/dig/nslookup.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/dnssec/dnssec-keygen.8 (82%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dnssec/dnssec-keygen.c (67%) create mode 100644 contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/dnssec/dnssec-signzone.8 (58%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dnssec/dnssec-signzone.c (85%) create mode 100644 contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/dnssec/dnssectool.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/dnssec/dnssectool.h (90%) create mode 100644 contrib/bind-9.5.2/bin/named/bind9.xsl create mode 100644 contrib/bind-9.5.2/bin/named/bind9.xsl.h rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/builtin.c (65%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/client.c (83%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/config.c (83%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/control.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/controlconf.c (84%) create mode 100755 contrib/bind-9.5.2/bin/named/convertxsl.pl rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/builtin.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/client.h (78%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/config.h (87%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/control.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/globals.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/interfacemgr.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/listenlist.h (89%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/log.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/logconf.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/lwaddr.h (83%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/lwdclient.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/lwresd.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/lwsearch.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/main.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/notify.h (77%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/ns_smf_globals.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/query.h (88%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/server.h (58%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/sortlist.h (91%) create mode 100644 contrib/bind-9.5.2/bin/named/include/named/statschannel.h rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/tkeyconf.h (73%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/tsigconf.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/types.h (78%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/update.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/xfrout.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/include/named/zoneconf.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/interfacemgr.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/listenlist.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/log.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/logconf.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwaddr.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwdclient.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwderror.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwdgabn.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwdgnba.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwdgrbn.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwdnoop.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwresd.8 (68%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwresd.c (97%) create mode 100644 contrib/bind-9.5.2/bin/named/lwresd.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/lwsearch.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/main.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/named.8 (72%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/named.conf.5 (78%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/named.conf.html (78%) create mode 100644 contrib/bind-9.5.2/bin/named/named.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/notify.c (84%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/query.c (69%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/server.c (69%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/sortlist.c (88%) create mode 100644 contrib/bind-9.5.2/bin/named/statschannel.c rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/tkeyconf.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/tsigconf.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/unix/include/named/os.h (83%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/unix/os.c (79%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/update.c (78%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/xfrout.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/named/zoneconf.c (73%) rename contrib/{bind-9.3/bin/nsupdate/nsupdate.8 => bind-9.5.2/bin/nsupdate/nsupdate.1} (77%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/nsupdate/nsupdate.c (65%) create mode 100644 contrib/bind-9.5.2/bin/nsupdate/nsupdate.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/include/rndc/os.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/rndc-confgen.8 (89%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/rndc-confgen.c (89%) create mode 100644 contrib/bind-9.5.2/bin/rndc/rndc-confgen.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/rndc.8 (70%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/rndc.c (76%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/rndc.conf (70%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/rndc.conf.5 (73%) create mode 100644 contrib/bind-9.5.2/bin/rndc/rndc.conf.html create mode 100644 contrib/bind-9.5.2/bin/rndc/rndc.html rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/unix/os.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/util.c (85%) rename contrib/{bind-9.3 => bind-9.5.2}/bin/rndc/util.h (84%) create mode 100644 contrib/bind-9.5.2/bind.keys create mode 100644 contrib/bind-9.5.2/isc-config.sh.1 create mode 100644 contrib/bind-9.5.2/isc-config.sh.docbook create mode 100644 contrib/bind-9.5.2/isc-config.sh.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/README (100%) create mode 100644 contrib/bind-9.5.2/lib/bind/api rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/daemon.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/ftruncate.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/gettimeofday.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/mktemp.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/putenv.c (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/readv.c (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/setenv.c (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/setitimer.c (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/strcasecmp.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/strdup.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/strerror.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/strpbrk.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/strsep.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/strtoul.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/utimes.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/bsd/writev.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/config.h.in (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/dst_api.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/dst_internal.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/hmac_link.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/md5.h (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/md5_dgst.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/md5_locl.h (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/dst/support.c (93%) copy contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/arpa/inet.h (98%) rename contrib/{bind-9.3/lib/bind/include/arpa/inet.h => bind-9.5.2/lib/bind/include/arpa/inet.h_notneeded} (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/arpa/nameser.h (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/arpa/nameser_compat.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/fd_setsize.h (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/hesiod.h (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/irp.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/irs.h (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/assertions.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/ctl.h (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/dst.h (58%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/eventlib.h (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/heap.h (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/irpmarshall.h (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/list.h (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/logging.h (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/memcluster.h (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/misc.h (92%) copy contrib/{bind-9.3/lib/lwres/include/lwres/stdlib.h => bind-9.5.2/lib/bind/include/isc/platform.h.in} (55%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/isc/tree.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/netdb.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/netgroup.h (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/res_update.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/include/resolv_mt.h (100%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_addr.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_cidr_ntop.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_cidr_pton.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_data.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_lnaof.c (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_makeaddr.c (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_net_ntop.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_net_pton.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_neta.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_netof.c (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_network.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_ntoa.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_ntop.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/inet_pton.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/inet/nsap_addr.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_gr.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_ho.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_nw.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_p.h (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_pr.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_pw.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/dns_sv.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gai_strerror.c (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen.c (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_gr.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_ho.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_ng.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_nw.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_p.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_pr.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_pw.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gen_sv.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getaddrinfo.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getgrent.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getgrent_r.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gethostent.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/gethostent_r.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getnameinfo.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getnetent.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getnetent_r.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getnetgrent.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getnetgrent_r.c (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getprotoent.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getprotoent_r.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getpwent.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getpwent_r.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getservent.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/getservent_r.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/hesiod.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/hesiod_p.h (69%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_gr.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_ho.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_ng.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_nw.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_p.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_pr.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_pw.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irp_sv.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irpmarshall.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irs_data.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irs_data.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/irs_p.h (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_gr.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_ho.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_ng.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_nw.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_p.h (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_pr.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_pw.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/lcl_sv.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_gr.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_ho.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_ng.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_nw.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_p.h (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_pr.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_pw.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nis_sv.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/nul_ng.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/pathnames.h (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/irs/util.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/assertions.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/assertions.mdoc (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/base64.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/bitncmp.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/bitncmp.mdoc (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ctl_clnt.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ctl_p.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ctl_p.h (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ctl_srvr.c (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ev_connects.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ev_files.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ev_streams.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ev_timers.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/ev_waits.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/eventlib.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/eventlib.mdoc (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/eventlib_p.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/heap.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/heap.mdoc (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/hex.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/logging.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/logging.mdoc (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/logging_p.h (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/memcluster.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/memcluster.mdoc (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/movefile.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/tree.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/isc/tree.mdoc (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/make/includes.in (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/make/mkdep.in (100%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/make/rules.in (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/mkinstalldirs (100%) mode change 100644 => 100755 rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_date.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_name.c (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_netint.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_parse.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_print.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_samedomain.c (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_sign.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_ttl.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/nameser/ns_verify.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/port/freebsd/include/sys/bitypes.h (100%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/port_after.h.in (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/port_before.h.in (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/herror.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/mtctxres.c (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_comp.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_data.c (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_debug.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_debug.h (99%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_findzonecut.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_init.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_mkquery.c (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_mkupdate.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_mkupdate.h (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_private.h (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_query.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_send.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_sendsigned.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind/resolv/res_update.c (97%) copy contrib/{bind-9.3/lib/isccfg => bind-9.5.2/lib/bind9}/api (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind9/check.c (56%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind9/getaddresses.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind9/include/bind9/check.h (73%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind9/include/bind9/getaddresses.h (73%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind9/include/bind9/version.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/bind9/version.c (80%) create mode 100644 contrib/bind-9.5.2/lib/dns/acache.c create mode 100644 contrib/bind-9.5.2/lib/dns/acl.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/adb.c (80%) copy contrib/{bind-9.3/lib/isc => bind-9.5.2/lib/dns}/api (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/byaddr.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/cache.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/callbacks.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/compress.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/db.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dbiterator.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dbtable.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/diff.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dispatch.c (58%) create mode 100644 contrib/bind-9.5.2/lib/dns/dlz.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dnssec.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/ds.c (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_api.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_internal.h (51%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_lib.c (86%) copy contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_openssl.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_parse.c (72%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_parse.h (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/dst_result.c (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/forward.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/gen-unix.h (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/gen-win32.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/gen.c (98%) create mode 100644 contrib/bind-9.5.2/lib/dns/gssapi_link.c create mode 100644 contrib/bind-9.5.2/lib/dns/gssapictx.c create mode 100644 contrib/bind-9.5.2/lib/dns/hmac_link.c create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/acache.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/acl.h (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/adb.h (65%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/bit.h (83%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/byaddr.h (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/cache.h (71%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/callbacks.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/cert.h (68%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/compress.h (58%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/db.h (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/dbiterator.h (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/dbtable.h (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/diff.h (73%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/dispatch.h (59%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/dlz.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/dnssec.h (62%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/ds.h (62%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/events.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/fixedname.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/forward.h (62%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/iptable.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/journal.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/keyflags.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/keytable.h (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/keyvalues.h (51%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/lib.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/log.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/lookup.h (68%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/master.h (52%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/masterdump.h (70%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/message.h (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/name.h (58%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/ncache.h (62%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/nsec.h (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/opcode.h (72%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/order.h (69%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/peer.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/portlist.h (66%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/rbt.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rcode.h (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdata.h (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdataclass.h (71%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdatalist.h (57%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdataset.h (50%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdatasetiter.h (70%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdataslab.h (73%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rdatatype.h (72%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/request.h (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/resolver.h (53%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/result.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/rootns.h (70%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/sdb.h (93%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/sdlz.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/secalg.h (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/secproto.h (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/soa.h (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/ssu.h (59%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/stats.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/tcpmsg.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/time.h (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/timer.h (84%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dns/tkey.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/tsig.h (54%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/ttl.h (83%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/types.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/validator.h (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/version.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/view.h (57%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/xfrin.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/zone.h (55%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/zonekey.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dns/zt.h (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dst/dst.h (56%) create mode 100644 contrib/bind-9.5.2/lib/dns/include/dst/gssapi.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dst/lib.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/include/dst/result.h (90%) create mode 100644 contrib/bind-9.5.2/lib/dns/iptable.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/journal.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/key.c (83%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/keytable.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/lib.c (83%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/log.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/lookup.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/master.c (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/masterdump.c (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/message.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/name.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/ncache.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/nsec.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/openssl_link.c (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/openssldh_link.c (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/openssldsa_link.c (70%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/opensslrsa_link.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/order.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/peer.c (70%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/portlist.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rbt.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rbtdb.c (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rbtdb.h (83%) copy contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rbtdb64.c (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rbtdb64.h (83%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rcode.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/any_255/tsig_250.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/any_255/tsig_250.h (83%) create mode 100644 contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.c copy contrib/{bind-9.3/lib/dns/rdata/generic/dlv_32769.h => bind-9.5.2/lib/dns/rdata/ch_3/a_1.h} (56%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/afsdb_18.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/afsdb_18.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/cert_37.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/cert_37.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/cname_5.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/cname_5.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/dlv_32769.c (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/dlv_32769.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/dname_39.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/dname_39.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/dnskey_48.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/dnskey_48.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/ds_43.c (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/ds_43.h (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/gpos_27.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/gpos_27.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/hinfo_13.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/hinfo_13.h (82%) create mode 100644 contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.c rename contrib/{bind-9.3/lib/dns/rdata/generic/dlv_65323.h => bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.h} (54%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/isdn_20.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/isdn_20.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/key_25.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/key_25.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/loc_29.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/loc_29.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mb_7.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mb_7.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/md_3.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/md_3.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mf_4.c (96%) copy contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mf_4.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mg_8.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mg_8.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/minfo_14.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/minfo_14.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mr_9.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mr_9.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mx_15.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/mx_15.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/ns_2.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/ns_2.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/nsec_47.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/nsec_47.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/null_10.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/null_10.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/nxt_30.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/nxt_30.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/opt_41.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/opt_41.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/proforma.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/proforma.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/ptr_12.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/ptr_12.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/rp_17.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/rp_17.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/rrsig_46.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/rrsig_46.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/rt_21.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/rt_21.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/sig_24.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/sig_24.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/soa_6.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/soa_6.h (68%) copy contrib/{bind-9.3/lib/dns/rdata/generic/txt_16.c => bind-9.5.2/lib/dns/rdata/generic/spf_99.c} (78%) copy contrib/{bind-9.3/lib/dns/rdata/generic/txt_16.h => bind-9.5.2/lib/dns/rdata/generic/spf_99.h} (68%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/sshfp_44.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/sshfp_44.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/tkey_249.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/tkey_249.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/txt_16.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/txt_16.h (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/unspec_103.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/unspec_103.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/x25_19.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/generic/x25_19.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/hs_4/a_1.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/hs_4/a_1.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/a6_38.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/a6_38.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/a_1.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/a_1.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/aaaa_28.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/aaaa_28.h (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/apl_42.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/apl_42.h (87%) create mode 100644 contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.c rename contrib/{bind-9.3/lib/dns/rdata/generic/mf_4.h => bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.h} (63%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/kx_36.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/kx_36.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/naptr_35.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/naptr_35.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/nsap-ptr_23.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/nsap-ptr_23.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/nsap_22.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/nsap_22.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/px_26.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/px_26.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/srv_33.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/srv_33.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/wks_11.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/in_1/wks_11.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/rdatastructpre.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdata/rdatastructsuf.h (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdatalist.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdatalist_p.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdataset.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdatasetiter.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/rdataslab.c (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/request.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/resolver.c (77%) create mode 100644 contrib/bind-9.5.2/lib/dns/result.c create mode 100644 contrib/bind-9.5.2/lib/dns/rootns.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/sdb.c (96%) create mode 100644 contrib/bind-9.5.2/lib/dns/sdlz.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/soa.c (93%) create mode 100644 contrib/bind-9.5.2/lib/dns/spnego.asn1 create mode 100644 contrib/bind-9.5.2/lib/dns/spnego.c create mode 100644 contrib/bind-9.5.2/lib/dns/spnego.h create mode 100644 contrib/bind-9.5.2/lib/dns/spnego_asn1.c create mode 100644 contrib/bind-9.5.2/lib/dns/spnego_asn1.pl rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/ssu.c (75%) create mode 100644 contrib/bind-9.5.2/lib/dns/stats.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/tcpmsg.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/time.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/timer.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/tkey.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/tsig.c (71%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/ttl.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/validator.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/version.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/view.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/xfrin.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/zone.c (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/zonekey.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/dns/zt.c (69%) create mode 100644 contrib/bind-9.5.2/lib/isc/alpha/include/isc/atomic.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/api (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/assertions.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/base64.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/bitstring.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/buffer.c (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/bufferlist.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/commandline.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/entropy.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/error.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/event.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/fsaccess.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/hash.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/heap.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/hex.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/hmacmd5.c (84%) create mode 100644 contrib/bind-9.5.2/lib/isc/hmacsha.c create mode 100644 contrib/bind-9.5.2/lib/isc/httpd.c create mode 100644 contrib/bind-9.5.2/lib/isc/ia64/include/isc/atomic.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/app.h (65%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/assertions.h (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/base64.h (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/bitstring.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/boolean.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/buffer.h (69%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/bufferlist.h (65%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/commandline.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/entropy.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/error.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/event.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/eventclass.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/file.h (68%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/formatcheck.h (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/fsaccess.h (63%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/hash.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/heap.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/hex.h (63%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/hmacmd5.h (77%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/hmacsha.h create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/httpd.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/interfaceiter.h (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/ipv6.h (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/lang.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/lex.h (58%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/lfsr.h (70%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/lib.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/list.h (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/log.h (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/magic.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/md5.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/mem.h (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/msgcat.h (68%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/msgs.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/mutexblock.h (72%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/netaddr.h (68%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/netscope.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/ondestroy.h (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/os.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/parseint.h (69%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/platform.h.in (71%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/portset.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/print.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/quota.h (79%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/radix.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/random.h (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/ratelimiter.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/refcount.h (54%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/region.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/resource.h (57%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/result.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/resultclass.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/rwlock.h (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/serial.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/sha1.h (74%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/sha2.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/sockaddr.h (71%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/socket.h create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/stats.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/stdio.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/stdlib.h (81%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/string.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/symtab.h (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/task.h (62%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/taskpool.h (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/timer.h (66%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/types.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/util.h (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/include/isc/version.h (80%) create mode 100644 contrib/bind-9.5.2/lib/isc/include/isc/xml.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/inet_aton.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/inet_ntop.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/inet_pton.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/lex.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/lfsr.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/lib.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/log.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/md5.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/mem.c (63%) create mode 100644 contrib/bind-9.5.2/lib/isc/mips/include/isc/atomic.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/mutexblock.c (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/netaddr.c (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/netscope.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nls/msgcat.c (91%) rename contrib/{bind-9.3/lib/dns/rbtdb64.c => bind-9.5.2/lib/isc/noatomic/include/isc/atomic.h} (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/condition.c (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/include/isc/condition.h (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/include/isc/mutex.h (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/include/isc/once.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/include/isc/thread.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/mutex.c (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/nothreads/thread.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/ondestroy.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/parseint.c (89%) create mode 100644 contrib/bind-9.5.2/lib/isc/portset.c create mode 100644 contrib/bind-9.5.2/lib/isc/powerpc/include/isc/atomic.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/print.c (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/condition.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/include/isc/condition.h (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/include/isc/mutex.h (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/include/isc/once.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/include/isc/thread.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/mutex.c (62%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/pthreads/thread.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/quota.c (90%) create mode 100644 contrib/bind-9.5.2/lib/isc/radix.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/random.c (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/ratelimiter.c (97%) rename contrib/{bind-9.3/lib/dns/dst_openssl.h => bind-9.5.2/lib/isc/refcount.c} (56%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/region.c (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/result.c (62%) create mode 100644 contrib/bind-9.5.2/lib/isc/rwlock.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/serial.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/sha1.c (96%) create mode 100644 contrib/bind-9.5.2/lib/isc/sha2.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/sockaddr.c (81%) create mode 100644 contrib/bind-9.5.2/lib/isc/sparc64/include/isc/atomic.h create mode 100644 contrib/bind-9.5.2/lib/isc/stats.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/string.c (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/strtoul.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/symtab.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/task.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/task_p.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/taskpool.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/timer.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/timer_p.h (79%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/app.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/dir.c (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/entropy.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/errno2result.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/errno2result.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/file.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/fsaccess.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/ifiter_getifaddrs.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/ifiter_ioctl.c (96%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/ifiter_sysctl.c (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/dir.h (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/int.h (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/keyboard.h (85%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/net.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/netdb.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/offset.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/stat.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/stdtime.h (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/strerror.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/syslog.h (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/include/isc/time.h (68%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/interfaceiter.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/ipv6.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/keyboard.c (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/net.c (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/os.c (90%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/resource.c (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/socket.c (55%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/socket_p.h (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/stdio.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/stdtime.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/strerror.c (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/syslog.c (88%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/unix/time.c (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isc/version.c (80%) create mode 100644 contrib/bind-9.5.2/lib/isc/x86_32/include/isc/atomic.h create mode 100644 contrib/bind-9.5.2/lib/isc/x86_64/include/isc/atomic.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/alist.c (87%) create mode 100644 contrib/bind-9.5.2/lib/isccc/api rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/base64.c (65%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/cc.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/ccmsg.c (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/alist.h (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/base64.h (50%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/cc.h (63%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/ccmsg.h (60%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/events.h (52%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/lib.h (53%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/result.h (56%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/sexpr.h (69%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/symtab.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/symtype.h (51%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/types.h (51%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/util.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/include/isccc/version.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/lib.c (59%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/result.c (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/sexpr.c (87%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/symtab.c (86%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccc/version.c (80%) create mode 100644 contrib/bind-9.5.2/lib/isccfg/aclconf.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/api (60%) rename contrib/{bind-9.3/bin/named/include/named => bind-9.5.2/lib/isccfg/include/isccfg}/aclconf.h (66%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/include/isccfg/cfg.h (74%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/include/isccfg/grammar.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/include/isccfg/log.h (77%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/include/isccfg/namedconf.h (72%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/include/isccfg/version.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/log.c (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/namedconf.c (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/parser.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/isccfg/version.c (80%) create mode 100644 contrib/bind-9.5.2/lib/lwres/api rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/assert_p.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/context.c (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/context_p.h (71%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/gai_strerror.c (51%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/getaddrinfo.c (72%) create mode 100644 contrib/bind-9.5.2/lib/lwres/gethost.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/getipnode.c (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/getnameinfo.c (75%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/getrrset.c (61%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/herror.c (76%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/context.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/int.h (82%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/ipv6.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/lang.h (80%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/list.h (93%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/lwbuffer.h (94%) create mode 100644 contrib/bind-9.5.2/lib/lwres/include/lwres/lwpacket.h rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/lwres.h (78%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/netdb.h.in (97%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/platform.h.in (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/result.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/stdlib.h (81%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/include/lwres/version.h (81%) create mode 100644 contrib/bind-9.5.2/lib/lwres/lwbuffer.c rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwconfig.c (89%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwinetaton.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwinetntop.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwinetpton.c (94%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwpacket.c (53%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwres_gabn.c (67%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwres_gnba.c (64%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwres_grbn.c (92%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwres_noop.c (57%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/lwresutil.c (73%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres.3 (93%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_buffer.3 (76%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_config.3 (74%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_config.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_context.3 (78%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_context.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_gabn.3 (79%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_gai_strerror.3 (76%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_getaddrinfo.3 (89%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_gethostent.3 (83%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_getipnode.3 (82%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_getnameinfo.3 (81%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_getrrsetbyname.3 (83%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_gnba.3 (81%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_hstrerror.3 (76%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_inetntop.3 (79%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_noop.3 (78%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_noop.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_packet.3 (88%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_packet.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/man/lwres_resutil.3 (81%) create mode 100644 contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.html rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/print.c (98%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/print_p.h (91%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/strtoul.c (95%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/unix/include/lwres/net.h (84%) rename contrib/{bind-9.3 => bind-9.5.2}/lib/lwres/version.c (80%) create mode 100644 contrib/bind-9.5.2/version create mode 100644 include/osreldate.h create mode 100644 include/rpc/rpcb_prot.h create mode 100644 include/rpcsvc/bootparam_prot.h create mode 100644 include/rpcsvc/crypt.h create mode 100644 include/rpcsvc/key_prot.h create mode 100644 include/rpcsvc/klm_prot.h create mode 100644 include/rpcsvc/mount.h create mode 100644 include/rpcsvc/nfs_prot.h create mode 100644 include/rpcsvc/nis.h create mode 100644 include/rpcsvc/nis_cache.h create mode 100644 include/rpcsvc/nis_callback.h create mode 100644 include/rpcsvc/nlm_prot.h create mode 100644 include/rpcsvc/rex.h create mode 100644 include/rpcsvc/rnusers.h create mode 100644 include/rpcsvc/rquota.h create mode 100644 include/rpcsvc/rstat.h create mode 100644 include/rpcsvc/rwall.h create mode 100644 include/rpcsvc/sm_inter.h create mode 100644 include/rpcsvc/spray.h create mode 100644 include/rpcsvc/yp.h create mode 100644 include/rpcsvc/yppasswd.h create mode 100644 include/rpcsvc/ypupdate_prot.h create mode 100644 include/rpcsvc/ypxfrd.h create mode 100644 include/vers.c create mode 100644 include/version diff --git a/contrib/bind-9.3/FAQ b/contrib/bind-9.3/FAQ deleted file mode 100644 index ba87de2165..0000000000 --- a/contrib/bind-9.3/FAQ +++ /dev/null @@ -1,675 +0,0 @@ -Frequently Asked Questions about BIND 9 - -Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC") - -Copyright © 2000-2003 Internet Software Consortium. - -------------------------------------------------------------------------------- - -Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads? - -A: Linux threads do not fully implement the Posix threads (pthreads) standard. In - particular, setuid() operates only on the current thread, not the full process. - Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on - all other supported platforms. setuid() cannot be called before creating - threads, since the server does not start listening on reserved ports until - after threads have started. - - In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve - capabilities across a setuid() call is present. This allows BIND 9 to call - setuid() early, while retaining the ability to bind reserved ports. This is a - Linux-specific hack. - - On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of - a security risk than a root process that has not dropped privileges. - - If Linux threads ever work correctly, this restriction will go away. - - Configuring BIND9 with the --disable-threads option (the default) causes a - non-threaded version to be built, which will allow -u to be used. - -Q: Why do I get the following errors: - - general: errno2result.c:109: unexpected error: - general: unable to convert errno to isc_result: 14: Bad address - client: UDP client handler shutting down due to fatal receive error: unexpected error - -A: This is the result of a Linux kernel bug. - - See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2 - -Q: Why does named log the warning message "no TTL specified - using SOA MINTTL - instead"? - -A: Your zone file is illegal according to RFC1035. It must either have a line - like: - - $TTL 86400 - - at the beginning, or the first record in it must have a TTL field, like the - "84600" in this example: - - example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 ) - -Q: Why do I see 5 (or more) copies of named on Linux? - -A: Linux threads each show up as a process under ps. The approximate number of - threads running is n+4, where n is the number of CPUs. Note that the amount of - memory used is not cumulative; if each process is using 10M of memory, only a - total of 10M is used. - - Newer versions of Linux's ps command hide the individual threads and require -L - to display them. - -Q: Why does BIND 9 log "permission denied" errors accessing its configuration - files or zones on my Linux system even though it is running as root? - -A: On Linux, BIND 9 drops most of its root privileges on startup. This including - the privilege to open files owned by other users. Therefore, if the server is - running as root, the configuration files and zone files should also be owned by - root. - -Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar: - ran out of space"? - -A: This is often caused by TXT records with missing close quotes. Check that all - TXT records containing quoted strings have both open and close quotes. - -Q: How do I produce a usable core file from a multithreaded named on Linux? - -A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable - (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel, - apply the kernel patch found in contrib/linux/coredump-patch and rebuild the - kernel. This patch will cause multithreaded programs to dump the correct - thread. - -Q: How do I restrict people from looking up the server version? - -A: Put a "version" option containing something other than the real version in the - "options" section of named.conf. Note doing this will not prevent attacks and - may impede people trying to diagnose problems with your server. Also it is - possible to "fingerprint" nameservers to determine their version. - -Q: How do I restrict only remote users from looking up the server version? - -A: The following view statement will intercept lookups as the internal view that - holds the version information will be matched last. The caveats of the previous - answer still apply, of course. - - view "chaos" chaos { - match-clients { ; }; - allow-query { none; }; - zone "." { - type hint; - file "/dev/null"; // or any empty file - }; - }; - -Q: What do "no source of entropy found" or "could not open entropy source foo" - mean? - -A: The server requires a source of entropy to perform certain operations, mostly - DNSSEC related. These messages indicate that you have no source of entropy. On - systems with /dev/random or an equivalent, it is used by default. A source of - entropy can also be defined using the random-device option in named.conf. - -Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why? - -A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed - under /usr. Check that the correct named is running. - -Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm - sure I have the keys set up correctly, but the server is rejecting the TSIG. - Why? - -A: This may be a clock skew problem. Check that the the clocks on the client and - server are properly synchronised (e.g., using ntp). - -Q: I'm trying to compile BIND 9, and "make" is failing due to files not being - found. Why? - -A: Using a parallel or distributed "make" to build BIND 9 is not supported, and - doesn't work. If you are using one of these, use normal make or gmake instead. - -Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error - messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's - wrong? - -A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND - 8.2.4. It can be safely ignored - the notify has been acted on by the slave - despite the error message. - -Q: I keep getting log messages like the following. Why? - - Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update - failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET) - -A: DNS updates allow the update request to test to see if certain conditions are - met prior to proceeding with the update. The message above is saying that - conditions were not met and the update is not proceeding. See doc/rfc/ - rfc2136.txt for more details on prerequisites. - -Q: I keep getting log messages like the following. Why? - - Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied - -A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update - protocol. Windows 2000 machines have a habit of sending dynamic update requests - to DNS servers without being specifically configured to do so. If the update - requests are coming from a Windows 2000 machine, see http:// - support.microsoft.com/support/kb/articles/q246/8/04.asp for information about - how to turn them off. - -Q: I see a log message like the following. Why? - - couldn't open pid file '/var/run/named.pid': Permission denied - -A: You are most likely running named as a non-root user, and that user does not - have permission to write in /var/run. The common ways of fixing this are to - create a /var/run/named directory owned by the named user and set pid-file to " - /var/run/named/named.pid", or set pid-file to "named.pid", which will put the - file in the directory specified by the directory option (which, in this case, - must be writable by the named user). - -Q: When I do a "dig . ns", many of the A records for the root servers are missing. - Why? - -A: This is normal and harmless. It is a somewhat confusing side effect of the way - BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid - promoting glue into answers. - - When BIND 9 first starts up and primes its cache, it receives the root server - addresses as additional data in an authoritative response from a root server, - and these records are eligible for inclusion as additional data in responses. - Subsequently it receives a subset of the root server addresses as additional - data in a non-authoritative (referral) response from a root server. This causes - the addresses to now be considered non-authoritative (glue) data, which is not - eligible for inclusion in responses. - - The server does have a complete set of root server addresses cached at all - times, it just may not include all of them as additional data, depending on - whether they were last received as answers or as glue. You can always look up - the addresses with explicit queries like "dig a.root-servers.net A". - -Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why? - -A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages - larger than 16K are not handled properly. This can be worked around by setting - the option "transfer-format one-answer;". Also check whether your zone contains - domain names with embedded spaces or other special characters, like "John\ - 032Doe\213s\032Computer", since such names have been known to cause Windows - 2000 slaves to incorrectly reject the zone. - -Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP? - -A: A zone can be updated either by editing zone files and reloading the server or - by dynamic update, but not both. If you have enabled dynamic update for a zone - using the "allow-update" option, you are not supposed to edit the zone file by - hand, and the server will not attempt to reload it. - -Q: I can query the nameserver from the nameserver but not from other machines. - Why? - -A: This is usually the result of the firewall configuration stopping the queries - and / or the replies. - -Q: How can I make a server a slave for both an internal and an external view at - the same time? When I tried, both views on the slave were transferred from the - same view on the master. - -A: You will need to give the master and slave multiple IP addresses and use those - to make sure you reach the correct view on the other machine. - - Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias) - internal: - match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; }; - notify-source 10.0.1.1; - transfer-source 10.0.1.1; - query-source address 10.0.1.1; - external: - match-clients { any; }; - recursion no; // don't offer recursion to the world - notify-source 10.0.1.2; - transfer-source 10.0.1.2; - query-source address 10.0.1.2; - - Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias) - internal: - match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; }; - notify-source 10.0.1.3; - transfer-source 10.0.1.3; - query-source address 10.0.1.3; - external: - match-clients { any; }; - recursion no; // don't offer recursion to the world - notify-source 10.0.1.4; - transfer-source 10.0.1.4; - query-source address 10.0.1.4; - - You put the external address on the alias so that all the other dns clients on - these boxes see the internal view by default. - -A: BIND 9.3 and later: Use TSIG to select the appropriate view. - - Master 10.0.1.1: - key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; - }; - view "internal" { - match-clients { !key external; 10.0.1/24; }; - ... - }; - view "external" { - match-clients { key external; any; }; - server 10.0.1.2 { keys external; }; - recursion no; - ... - }; - - Slave 10.0.1.2: - key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; - }; - view "internal" { - match-clients { !key external; 10.0.1/24; }; - ... - }; - view "external" { - match-clients { key external; any; }; - server 10.0.1.1 { keys external; }; - recursion no; - ... - }; - -Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there. - -A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use - certain interrupts as a source of random events. You can make this permanent by - setting rand_irqs in /etc/rc.conf. - - /etc/rc.conf - rand_irqs="3 14 15" - - See also http://people.freebsd.org/~dougb/randomness.html - -Q: Why is named listening on UDP port other than 53? - -A: Named uses a system selected port to make queries of other nameservers. This - behaviour can be overridden by using query-source to lock down the port and/or - address. See also notify-source and transfer-source. - -Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other - data" when transferring a zone. What does this mean? - -A: These indicate a malformed master zone. You can identify the exact records - involved by transferring the zone using dig then running named-checkzone on it. - - dig axfr example.com @master-server > tmp - named-checkzone example.com tmp - - A CNAME record cannot exist with the same name as another record except for the - DNSSEC records which prove its existance (NSEC). - - RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data - should be present; this ensures that the data for a canonical name and its - aliases cannot be different. This rule also insures that a cached CNAME can be - used without checking with an authoritative server for other RR types." - -Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is - the last line of named.conf. - -A: Some text editors (notepad and wordpad) fail to put a line title indication - (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a - blank line to the end of the file. Named expects to see EOF immediately after - EOL and treats text files where this is not met as truncated. - -Q: I get warning messages like "zone example.com/IN: refresh: failure trying - master 1.2.3.4#53: timed out". - -A: Check that you can make UDP queries from the slave to the master - - dig +norec example.com soa @1.2.3.4 - - You could be generating queries faster than the slave can cope with. Lower the - serial query rate. - - serial-query-rate 5; // default 20 - -Q: How do I share a dynamic zone between multiple views? - -A: You choose one view to be master and the second a slave and transfer the zone - between views. - - Master 10.0.1.1: - key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; - }; - - key "mykey" { - algorithm hmac-md5; - secret "yyyyyyyy"; - }; - - view "internal" { - match-clients { !external; 10.0.1/24; }; - server 10.0.1.1 { - /* Deliver notify messages to external view. */ - keys { external; }; - }; - zone "example.com" { - type master; - file "internal/example.db"; - allow-update { key mykey; }; - notify-also { 10.0.1.1; }; - }; - }; - - view "external" { - match-clients { external; any; }; - zone "example.com" { - type slave; - file "external/example.db"; - masters { 10.0.1.1; }; - transfer-source { 10.0.1.1; }; - // allow-update-forwarding { any; }; - // allow-notify { ... }; - }; - }; - -Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master - file primaries/wireless.ietf56.ietf.org: no owner". - -A: This error is produced when a line in the master file contains leading white - space (tab/space) but the is no current record owner name to inherit the name - from. Usually this is the result of putting white space before a comment. - Forgeting the "@" for the SOA record or indenting the master file. - -Q: Why are my logs in GMT (UTC). - -A: You are running chrooted (-t) and have not supplied local timzone information - in the chroot area. - - FreeBSD: /etc/localtime - Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo - OSF: /etc/zoneinfo/localtime - - See also tzset(3) and zic(8). - -Q: I get the error message "named: capset failed: Operation not permitted" when - starting named. - -A: The capability module, part of "Linux Security Modules/LSM", has not been - loaded into the kernel. See insmod(8). - -Q: I get "rndc: connect failed: connection refused" when I try to run rndc. - -A: This is usually a configuration error. - - First ensure that named is running and no errors are being reported at startup - (/var/log/messages or equivalent). Running "named -g " from a - title can help at this point. - - Secondly ensure that named is configured to use rndc either by "rndc-confgen - -a", rndc-confgen or manually. The Administrators Reference manual has details - on how to do this. - - Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/ - rndc.conf for the default server. Update /etc/rndc.conf if necessary so that - the default server listed in /etc/rndc.conf matches the addresses used in - named.conf. "localhost" has two address (127.0.0.1 and ::1). - - If you use "rndc-confgen -a" and named is running with -t or -u ensure that / - etc/rndc.conf has the correct ownership and that a copy is in the chroot area. - You can do this by re-running "rndc-confgen -a" with appropriate -t and -u - arguments. - -Q: I don't get RRSIG's returned when I use "dig +dnssec". - -A: You need to ensure DNSSEC is enabled (dnssec-enable yes;). - -Q: I get "Error 1067" when starting named under Windows. - -A: This is the service manager saying that named exited. You need to examine the - Application log in the EventViewer to find out why. - - Common causes are that you failed to create "named.conf" (usually "C:\windows\ - dns\etc\named.conf") or failed to specify the directory in named.conf. - - options { - Directory "C:\windows\dns\etc"; - }; - -Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while - receiving responses: permission denied" error messages. - -A: These indicate a filesystem permission error preventing named creating / - renaming the temporary file. These will usually also have other associated - error messages like - - "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied" - - Named needs write permission on the directory containing the file. Named writes - the new cache file to a temporary file then renames it to the name specified in - named.conf to ensure that the contents are always complete. This is to prevent - named loading a partial zone in the event of power failure or similar - interrupting the write of the master file. - - Note file names are relative to the directory specified in options and any - chroot directory ([/][]). - - If named is invoked as "named -t /chroot/DNS" with the following named.conf - then "/chroot/DNS/var/named/sl" needs to be writable by the user named is - running as. - - options { - directory "/var/named"; - }; - - zone "example.net" { - type slave; - file "sl/example.net"; - masters { 192.168.4.12; }; - }; - -Q: How do I intergrate BIND 9 and Solaris SMF - -A: Sun has a blog entry describing how to do this. - - http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris - -Q: Can a NS record refer to a CNAME. - -A: No. The rules for glue (copies of the *address* records in the parent zones) - and additional section processing do not allow it to work. - - You would have to add both the CNAME and address records (A/AAAA) as glue to - the parent zone and have CNAMEs be followed when doing additional section - processing to make it work. No namesever implementation supports either of - these requirements. - -Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean? - -A: If the IN-ADDR.ARPA name covered refers to a internal address space you are - using then you have failed to follow RFC 1918 usage rules and are leaking - queries to the Internet. You should establish your own zones for these - addresses to prevent you quering the Internet's name servers for these - addresses. Please see http://as112.net/ for details of the problems you are - causing and the counter measures that have had to be deployed. - - If you are not using these private addresses then a client has queried for - them. You can just ignore the messages, get the offending client to stop - sending you these messages as they are most probably leaking them or setup your - own zones empty zones to serve answers to these queries. - - zone "10.IN-ADDR.ARPA" { - type master; - file "empty"; - }; - - zone "16.172.IN-ADDR.ARPA" { - type master; - file "empty"; - }; - - ... - - zone "31.172.IN-ADDR.ARPA" { - type master; - file "empty"; - }; - - zone "168.192.IN-ADDR.ARPA" { - type master; - file "empty"; - }; - - empty: - @ 10800 IN SOA . . ( - 1 3600 1200 604800 10800 ) - @ 10800 IN NS . - - Note - - Future versions of named are likely to do this automatically. - -Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core - - - Why can't named update slave zone database files? - - Why can't named create DDNS journal files or update the master zones from - journals? - - Why can't named create custom log files? - -A: Red Hat Security Enhanced Linux (SELinux) policy security protections : - - Red Hat have adopted the National Security Agency's SELinux security policy ( - see http://www.nsa.gov/selinux ) and recommendations for BIND security , which - are more secure than running named in a chroot and make use of the bind-chroot - environment unecessary . - - By default, named is not allowed by the SELinux policy to write, create or - delete any files EXCEPT in these directories: - - $ROOTDIR/var/named/slaves - $ROOTDIR/var/named/data - $ROOTDIR/var/tmp - - - where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed. - - The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var - /named directory, the default location for master zone database files. - - SELinux policy overrules file access permissions - so even if all the files - under /var/named have ownership named:named and mode rw-rw-r--, named will - still not be able to write or create files except in the directories above, - with SELinux in Enforcing mode. - - So, to allow named to update slave or DDNS zone files, it is best to locate - them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as: - - zone "slave.zone." IN { - type slave; - file "slaves/slave.zone.db"; - ... - }; - zone "ddns.zone." IN { - type master; - allow-updates {...}; - file "slaves/ddns.zone.db"; - }; - - - To allow named to create its cache dump and statistics files, for example, you - could use named.conf options statements such as: - - options { - ... - dump-file "/var/named/data/cache_dump.db"; - statistics-file "/var/named/data/named_stats.txt"; - ... - }; - - - You can also tell SELinux to allow named to update any zone database files, by - setting the SELinux tunable boolean parameter 'named_write_master_zones=1', - using the system-config-securitylevel GUI, using the 'setsebool' command, or in - /etc/selinux/targeted/booleans. - - You can disable SELinux protection for named entirely by setting the - 'named_disable_trans=1' SELinux tunable boolean parameter. - - The SELinux named policy defines these SELinux contexts for named: - - named_zone_t : for zone database files - $ROOTDIR/var/named/* - named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* - named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} - - - If you want to retain use of the SELinux policy for named, and put named files - in different locations, you can do so by changing the context of the custom - file locations . - - To create a custom configuration file location, eg. '/root/named.conf', to use - with the 'named -c' option, do: - - # chcon system_u:object_r:named_conf_t /root/named.conf - - - To create a custom modifiable named data location, eg. '/var/log/named' for a - log file, do: - - # chcon system_u:object_r:named_cache_t /var/log/named - - - To create a custom zone file location, eg. /root/zones/, do: - - # chcon system_u:object_r:named_zone_t /root/zones/{.,*} - - - See these man-pages for more information : selinux(8), named_selinux(8), chcon - (1), setsebool(8) - -Q: I want to forward all DNS queries from my caching nameserver to another server. - But there are some domains which have to be served locally, via rbldnsd. - - How do I achieve this ? - -A: options { - forward only; - forwarders { ; }; - }; - - zone "sbl-xbl.spamhaus.org" { - type forward; forward only; - forwarders { port 530; }; - }; - - zone "list.dsbl.org" { - type forward; forward only; - forwarders { port 530; }; - }; - - -Q: Will named be affected by the 2007 changes to daylight savings rules in the US. - -A: No, so long as the machines internal clock (as reported by "date -u") remains - at UTC. The only visible change if you fail to upgrade your OS, if you are in a - affected area, will be that log messages will be a hour out during the period - where the old rules do not match the new rules. - - For most OS's this change just means that you need to update the conversion - rules from UTC to local time. Normally this involves updating a file in /etc - (which sets the default timezone for the machine) and possibly a directory - which has all the conversion rules for the world (e.g. /usr/share/zoneinfo). - When updating the OS do not forget to update any chroot areas as well. See your - OS's documetation for more details. - - The local timezone conversion rules can also be done on a individual basis by - setting the TZ envirionment variable appropriately. See your OS's documentation - for more details. - diff --git a/contrib/bind-9.3/FAQ.xml b/contrib/bind-9.3/FAQ.xml deleted file mode 100644 index f67f723b9f..0000000000 --- a/contrib/bind-9.3/FAQ.xml +++ /dev/null @@ -1,1276 +0,0 @@ - - - - - -
- Frequently Asked Questions about BIND 9 - - - 2004 - 2005 - 2006 - 2007 - Internet Systems Consortium, Inc. ("ISC") - - - 2000 - 2001 - 2002 - 2003 - Internet Software Consortium. - - - - - - - Why doesn't -u work on Linux 2.2.x when I build with - --enable-threads? - - - - - Linux threads do not fully implement the Posix threads - (pthreads) standard. In particular, setuid() operates only - on the current thread, not the full process. Because of - this limitation, BIND 9 cannot use setuid() on Linux as it - can on all other supported platforms. setuid() cannot be - called before creating threads, since the server does not - start listening on reserved ports until after threads have - started. - - - In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability - to preserve capabilities across a setuid() call is present. - This allows BIND 9 to call setuid() early, while retaining - the ability to bind reserved ports. This is a Linux-specific - hack. - - - On a 2.2 kernel, BIND 9 does drop many root privileges, so - it should be less of a security risk than a root process - that has not dropped privileges. - - - If Linux threads ever work correctly, this restriction will - go away. - - - Configuring BIND9 with the --disable-threads option (the - default) causes a non-threaded version to be built, which - will allow -u to be used. - - - - - - - - Why do I get the following errors: -general: errno2result.c:109: unexpected error: -general: unable to convert errno to isc_result: 14: Bad address -client: UDP client handler shutting down due to fatal receive error: unexpected error - - - - - This is the result of a Linux kernel bug. - - - See: - http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2 - - - - - - - - Why does named log the warning message no TTL specified - - using SOA MINTTL instead? - - - - - Your zone file is illegal according to RFC1035. It must either - have a line like: - - - -$TTL 86400 - - - at the beginning, or the first record in it must have a TTL field, - like the "84600" in this example: - - - -example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 ) - - - - - - - - Why do I see 5 (or more) copies of named on Linux? - - - - - Linux threads each show up as a process under ps. The - approximate number of threads running is n+4, where n is - the number of CPUs. Note that the amount of memory used - is not cumulative; if each process is using 10M of memory, - only a total of 10M is used. - - - Newer versions of Linux's ps command hide the individual threads - and require -L to display them. - - - - - - - - Why does BIND 9 log permission denied errors accessing - its configuration files or zones on my Linux system even - though it is running as root? - - - - - On Linux, BIND 9 drops most of its root privileges on - startup. This including the privilege to open files owned - by other users. Therefore, if the server is running as - root, the configuration files and zone files should also - be owned by root. - - - - - - - - Why do I get errors like dns_zone_load: zone foo/IN: loading - master file bar: ran out of space? - - - - - This is often caused by TXT records with missing close - quotes. Check that all TXT records containing quoted strings - have both open and close quotes. - - - - - - - - How do I produce a usable core file from a multithreaded - named on Linux? - - - - - If the Linux kernel is 2.4.7 or newer, multithreaded core - dumps are usable (that is, the correct thread is dumped). - Otherwise, if using a 2.2 kernel, apply the kernel patch - found in contrib/linux/coredump-patch and rebuild the kernel. - This patch will cause multithreaded programs to dump the - correct thread. - - - - - - - - How do I restrict people from looking up the server version? - - - - - Put a "version" option containing something other than the - real version in the "options" section of named.conf. Note - doing this will not prevent attacks and may impede people - trying to diagnose problems with your server. Also it is - possible to "fingerprint" nameservers to determine their - version. - - - - - - - - How do I restrict only remote users from looking up the - server version? - - - - - The following view statement will intercept lookups as the - internal view that holds the version information will be - matched last. The caveats of the previous answer still - apply, of course. - - - -view "chaos" chaos { - match-clients { <those to be refused>; }; - allow-query { none; }; - zone "." { - type hint; - file "/dev/null"; // or any empty file - }; -}; - - - - - - - - What do no source of entropy found or could not - open entropy source foo mean? - - - - - The server requires a source of entropy to perform certain - operations, mostly DNSSEC related. These messages indicate - that you have no source of entropy. On systems with - /dev/random or an equivalent, it is used by default. A - source of entropy can also be defined using the random-device - option in named.conf. - - - - - - - - I installed BIND 9 and restarted named, but it's still BIND 8. Why? - - - - - BIND 9 is installed under /usr/local by default. BIND 8 - is often installed under /usr. Check that the correct named - is running. - - - - - - - - I'm trying to use TSIG to authenticate dynamic updates or - zone transfers. I'm sure I have the keys set up correctly, - but the server is rejecting the TSIG. Why? - - - - - This may be a clock skew problem. Check that the the clocks - on the client and server are properly synchronised (e.g., - using ntp). - - - - - - - - I'm trying to compile BIND 9, and "make" is failing due to - files not being found. Why? - - - - - Using a parallel or distributed "make" to build BIND 9 is - not supported, and doesn't work. If you are using one of - these, use normal make or gmake instead. - - - - - - - - I have a BIND 9 master and a BIND 8.2.3 slave, and the - master is logging error messages like notify to 10.0.0.1#53 - failed: unexpected end of input. What's wrong? - - - - - This error message is caused by a known bug in BIND 8.2.3 - and is fixed in BIND 8.2.4. It can be safely ignored - the - notify has been acted on by the slave despite the error - message. - - - - - - - - I keep getting log messages like the following. Why? - - - Dec 4 23:47:59 client 10.0.0.1#1355: updating zone - 'example.com/IN': update failed: 'RRset exists (value - dependent)' prerequisite not satisfied (NXRRSET) - - - - - DNS updates allow the update request to test to see if - certain conditions are met prior to proceeding with the - update. The message above is saying that conditions were - not met and the update is not proceeding. See doc/rfc/rfc2136.txt - for more details on prerequisites. - - - - - - - - I keep getting log messages like the following. Why? - - - Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied - - - - - Someone is trying to update your DNS data using the RFC2136 - Dynamic Update protocol. Windows 2000 machines have a habit - of sending dynamic update requests to DNS servers without - being specifically configured to do so. If the update - requests are coming from a Windows 2000 machine, see - - http://support.microsoft.com/support/kb/articles/q246/8/04.asp - - for information about how to turn them off. - - - - - - - - I see a log message like the following. Why? - - - couldn't open pid file '/var/run/named.pid': Permission denied - - - - - You are most likely running named as a non-root user, and - that user does not have permission to write in /var/run. - The common ways of fixing this are to create a /var/run/named - directory owned by the named user and set pid-file to - "/var/run/named/named.pid", or set pid-file to "named.pid", - which will put the file in the directory specified by the - directory option (which, in this case, must be writable by - the named user). - - - - - - - - When I do a "dig . ns", many of the A records for the root - servers are missing. Why? - - - - - This is normal and harmless. It is a somewhat confusing - side effect of the way BIND 9 does RFC2181 trust ranking - and of the efforts BIND 9 makes to avoid promoting glue - into answers. - - - When BIND 9 first starts up and primes its cache, it receives - the root server addresses as additional data in an authoritative - response from a root server, and these records are eligible - for inclusion as additional data in responses. Subsequently - it receives a subset of the root server addresses as - additional data in a non-authoritative (referral) response - from a root server. This causes the addresses to now be - considered non-authoritative (glue) data, which is not - eligible for inclusion in responses. - - - The server does have a complete set of root server addresses - cached at all times, it just may not include all of them - as additional data, depending on whether they were last - received as answers or as glue. You can always look up the - addresses with explicit queries like "dig a.root-servers.net A". - - - - - - - - Zone transfers from my BIND 9 master to my Windows 2000 - slave fail. Why? - - - - - This may be caused by a bug in the Windows 2000 DNS server - where DNS messages larger than 16K are not handled properly. - This can be worked around by setting the option "transfer-format - one-answer;". Also check whether your zone contains domain - names with embedded spaces or other special characters, - like "John\032Doe\213s\032Computer", since such names have - been known to cause Windows 2000 slaves to incorrectly - reject the zone. - - - - - - - - Why don't my zones reload when I do an "rndc reload" or SIGHUP? - - - - - A zone can be updated either by editing zone files and - reloading the server or by dynamic update, but not both. - If you have enabled dynamic update for a zone using the - "allow-update" option, you are not supposed to edit the - zone file by hand, and the server will not attempt to reload - it. - - - - - - - - I can query the nameserver from the nameserver but not from other - machines. Why? - - - - - This is usually the result of the firewall configuration stopping - the queries and / or the replies. - - - - - - - - How can I make a server a slave for both an internal and - an external view at the same time? When I tried, both views - on the slave were transferred from the same view on the master. - - - - - You will need to give the master and slave multiple IP - addresses and use those to make sure you reach the correct - view on the other machine. - - - -Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias) - internal: - match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; }; - notify-source 10.0.1.1; - transfer-source 10.0.1.1; - query-source address 10.0.1.1; - external: - match-clients { any; }; - recursion no; // don't offer recursion to the world - notify-source 10.0.1.2; - transfer-source 10.0.1.2; - query-source address 10.0.1.2; - -Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias) - internal: - match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; }; - notify-source 10.0.1.3; - transfer-source 10.0.1.3; - query-source address 10.0.1.3; - external: - match-clients { any; }; - recursion no; // don't offer recursion to the world - notify-source 10.0.1.4; - transfer-source 10.0.1.4; - query-source address 10.0.1.4; - - - You put the external address on the alias so that all the other - dns clients on these boxes see the internal view by default. - - - - - BIND 9.3 and later: Use TSIG to select the appropriate view. - - - -Master 10.0.1.1: - key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; - }; - view "internal" { - match-clients { !key external; 10.0.1/24; }; - ... - }; - view "external" { - match-clients { key external; any; }; - server 10.0.1.2 { keys external; }; - recursion no; - ... - }; - -Slave 10.0.1.2: - key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; - }; - view "internal" { - match-clients { !key external; 10.0.1/24; }; - ... - }; - view "external" { - match-clients { key external; any; }; - server 10.0.1.1 { keys external; }; - recursion no; - ... - }; - - - - - - - - I have FreeBSD 4.x and "rndc-confgen -a" just sits there. - - - - - /dev/random is not configured. Use rndcontrol(8) to tell - the kernel to use certain interrupts as a source of random - events. You can make this permanent by setting rand_irqs - in /etc/rc.conf. - - - -/etc/rc.conf -rand_irqs="3 14 15" - - - See also - - http://people.freebsd.org/~dougb/randomness.html - - - - - - - - - Why is named listening on UDP port other than 53? - - - - - Named uses a system selected port to make queries of other - nameservers. This behaviour can be overridden by using - query-source to lock down the port and/or address. See - also notify-source and transfer-source. - - - - - - - - I get error messages like multiple RRs of singleton type - and CNAME and other data when transferring a zone. What - does this mean? - - - - - These indicate a malformed master zone. You can identify - the exact records involved by transferring the zone using - dig then running named-checkzone on it. - - - -dig axfr example.com @master-server > tmp -named-checkzone example.com tmp - - - A CNAME record cannot exist with the same name as another record - except for the DNSSEC records which prove its existance (NSEC). - - - RFC 1034, Section 3.6.2: If a CNAME RR is present at a node, - no other data should be present; this ensures that the data for a - canonical name and its aliases cannot be different. This rule also - insures that a cached CNAME can be used without checking with an - authoritative server for other RR types. - - - - - - - - I get error messages like named.conf:99: unexpected end - of input where 99 is the last line of named.conf. - - - - - Some text editors (notepad and wordpad) fail to put a line - title indication (e.g. CR/LF) on the last line of a - text file. This can be fixed by "adding" a blank line to - the end of the file. Named expects to see EOF immediately - after EOL and treats text files where this is not met as - truncated. - - - - - - - - I get warning messages like zone example.com/IN: refresh: - failure trying master 1.2.3.4#53: timed out. - - - - - Check that you can make UDP queries from the slave to the master - - - -dig +norec example.com soa @1.2.3.4 - - - You could be generating queries faster than the slave can - cope with. Lower the serial query rate. - - - -serial-query-rate 5; // default 20 - - - - - - - - How do I share a dynamic zone between multiple views? - - - - - You choose one view to be master and the second a slave and - transfer the zone between views. - - - -Master 10.0.1.1: - key "external" { - algorithm hmac-md5; - secret "xxxxxxxx"; - }; - - key "mykey" { - algorithm hmac-md5; - secret "yyyyyyyy"; - }; - - view "internal" { - match-clients { !external; 10.0.1/24; }; - server 10.0.1.1 { - /* Deliver notify messages to external view. */ - keys { external; }; - }; - zone "example.com" { - type master; - file "internal/example.db"; - allow-update { key mykey; }; - notify-also { 10.0.1.1; }; - }; - }; - - view "external" { - match-clients { external; any; }; - zone "example.com" { - type slave; - file "external/example.db"; - masters { 10.0.1.1; }; - transfer-source { 10.0.1.1; }; - // allow-update-forwarding { any; }; - // allow-notify { ... }; - }; - }; - - - - - - - - I get a error message like zone wireless.ietf56.ietf.org/IN: - loading master file primaries/wireless.ietf56.ietf.org: no - owner. - - - - - This error is produced when a line in the master file - contains leading white space (tab/space) but the is no - current record owner name to inherit the name from. Usually - this is the result of putting white space before a comment. - Forgeting the "@" for the SOA record or indenting the master - file. - - - - - - - - Why are my logs in GMT (UTC). - - - - - You are running chrooted (-t) and have not supplied local timzone - information in the chroot area. - - - FreeBSD: /etc/localtime - Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo - OSF: /etc/zoneinfo/localtime - - - See also tzset(3) and zic(8). - - - - - - - - I get the error message named: capset failed: Operation - not permitted when starting named. - - - - - The capability module, part of "Linux Security Modules/LSM", - has not been loaded into the kernel. See insmod(8). - - - - - - - - I get rndc: connect failed: connection refused when - I try to run rndc. - - - - - This is usually a configuration error. - - - First ensure that named is running and no errors are being - reported at startup (/var/log/messages or equivalent). - Running "named -g <usual arguments>" from a title - can help at this point. - - - Secondly ensure that named is configured to use rndc either - by "rndc-confgen -a", rndc-confgen or manually. The - Administrators Reference manual has details on how to do - this. - - - Old versions of rndc-confgen used localhost rather than - 127.0.0.1 in /etc/rndc.conf for the default server. Update - /etc/rndc.conf if necessary so that the default server - listed in /etc/rndc.conf matches the addresses used in - named.conf. "localhost" has two address (127.0.0.1 and - ::1). - - - If you use "rndc-confgen -a" and named is running with -t or -u - ensure that /etc/rndc.conf has the correct ownership and that - a copy is in the chroot area. You can do this by re-running - "rndc-confgen -a" with appropriate -t and -u arguments. - - - - - - - - I don't get RRSIG's returned when I use "dig +dnssec". - - - - - You need to ensure DNSSEC is enabled (dnssec-enable yes;). - - - - - - - - I get Error 1067 when starting named under Windows. - - - - - This is the service manager saying that named exited. You - need to examine the Application log in the EventViewer to - find out why. - - - Common causes are that you failed to create "named.conf" - (usually "C:\windows\dns\etc\named.conf") or failed to - specify the directory in named.conf. - - - -options { - Directory "C:\windows\dns\etc"; -}; - - - - - - - - I get transfer of 'example.net/IN' from 192.168.4.12#53: - failed while receiving responses: permission denied error - messages. - - - - - These indicate a filesystem permission error preventing - named creating / renaming the temporary file. These will - usually also have other associated error messages like - - - -"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied" - - - Named needs write permission on the directory containing - the file. Named writes the new cache file to a temporary - file then renames it to the name specified in named.conf - to ensure that the contents are always complete. This is - to prevent named loading a partial zone in the event of - power failure or similar interrupting the write of the - master file. - - - Note file names are relative to the directory specified in - options and any chroot directory ([<chroot - dir>/][<options dir>]). - - - - If named is invoked as "named -t /chroot/DNS" with - the following named.conf then "/chroot/DNS/var/named/sl" - needs to be writable by the user named is running as. - - -options { - directory "/var/named"; -}; - -zone "example.net" { - type slave; - file "sl/example.net"; - masters { 192.168.4.12; }; -}; - - - - - - - - How do I intergrate BIND 9 and Solaris SMF - - - - - Sun has a blog entry describing how to do this. - - - - http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris - - - - - - - - - Can a NS record refer to a CNAME. - - - - - No. The rules for glue (copies of the *address* records - in the parent zones) and additional section processing do - not allow it to work. - - - You would have to add both the CNAME and address records - (A/AAAA) as glue to the parent zone and have CNAMEs be - followed when doing additional section processing to make - it work. No namesever implementation supports either of - these requirements. - - - - - - - - What does RFC 1918 response from Internet for - 0.0.0.10.IN-ADDR.ARPA mean? - - - - - If the IN-ADDR.ARPA name covered refers to a internal address - space you are using then you have failed to follow RFC 1918 - usage rules and are leaking queries to the Internet. You - should establish your own zones for these addresses to prevent - you quering the Internet's name servers for these addresses. - Please see http://as112.net/ - for details of the problems you are causing and the counter - measures that have had to be deployed. - - - If you are not using these private addresses then a client - has queried for them. You can just ignore the messages, - get the offending client to stop sending you these messages - as they are most probably leaking them or setup your own zones - empty zones to serve answers to these queries. - - - -zone "10.IN-ADDR.ARPA" { - type master; - file "empty"; -}; - -zone "16.172.IN-ADDR.ARPA" { - type master; - file "empty"; -}; - -... - -zone "31.172.IN-ADDR.ARPA" { - type master; - file "empty"; -}; - -zone "168.192.IN-ADDR.ARPA" { - type master; - file "empty"; -}; - -empty: -@ 10800 IN SOA <name-of-server>. <contact-email>. ( - 1 3600 1200 604800 10800 ) -@ 10800 IN NS <name-of-server>. - - - - Future versions of named are likely to do this automatically. - - - - - - - - - I'm running BIND on Red Hat Enterprise Linux or Fedora Core - - - - Why can't named update slave zone database files? - - - Why can't named create DDNS journal files or update - the master zones from journals? - - - Why can't named create custom log files? - - - - - - Red Hat Security Enhanced Linux (SELinux) policy security - protections : - - - - Red Hat have adopted the National Security Agency's - SELinux security policy ( see http://www.nsa.gov/selinux - ) and recommendations for BIND security , which are more - secure than running named in a chroot and make use of - the bind-chroot environment unecessary . - - - - By default, named is not allowed by the SELinux policy - to write, create or delete any files EXCEPT in these - directories: - - -$ROOTDIR/var/named/slaves -$ROOTDIR/var/named/data -$ROOTDIR/var/tmp - - - where $ROOTDIR may be set in /etc/sysconfig/named if - bind-chroot is installed. - - - - The SELinux policy particularly does NOT allow named to modify - the $ROOTDIR/var/named directory, the default location for master - zone database files. - - - - SELinux policy overrules file access permissions - so - even if all the files under /var/named have ownership - named:named and mode rw-rw-r--, named will still not be - able to write or create files except in the directories - above, with SELinux in Enforcing mode. - - - - So, to allow named to update slave or DDNS zone files, - it is best to locate them in $ROOTDIR/var/named/slaves, - with named.conf zone statements such as: - - -zone "slave.zone." IN { - type slave; - file "slaves/slave.zone.db"; - ... -}; -zone "ddns.zone." IN { - type master; - allow-updates {...}; - file "slaves/ddns.zone.db"; -}; - - - - - - To allow named to create its cache dump and statistics - files, for example, you could use named.conf options - statements such as: - - -options { - ... - dump-file "/var/named/data/cache_dump.db"; - statistics-file "/var/named/data/named_stats.txt"; - ... -}; - - - - - - You can also tell SELinux to allow named to update any - zone database files, by setting the SELinux tunable boolean - parameter 'named_write_master_zones=1', using the - system-config-securitylevel GUI, using the 'setsebool' - command, or in /etc/selinux/targeted/booleans. - - - - You can disable SELinux protection for named entirely by - setting the 'named_disable_trans=1' SELinux tunable boolean - parameter. - - - - The SELinux named policy defines these SELinux contexts for named: - - -named_zone_t : for zone database files - $ROOTDIR/var/named/* -named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* -named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} - - - - - - If you want to retain use of the SELinux policy for named, - and put named files in different locations, you can do - so by changing the context of the custom file locations - . - - - - To create a custom configuration file location, eg. - '/root/named.conf', to use with the 'named -c' option, - do: - - -# chcon system_u:object_r:named_conf_t /root/named.conf - - - - - - To create a custom modifiable named data location, eg. - '/var/log/named' for a log file, do: - - -# chcon system_u:object_r:named_cache_t /var/log/named - - - - - - To create a custom zone file location, eg. /root/zones/, do: - - -# chcon system_u:object_r:named_zone_t /root/zones/{.,*} - - - - - - See these man-pages for more information : selinux(8), - named_selinux(8), chcon(1), setsebool(8) - - - - - - - I want to forward all DNS queries from my caching nameserver to - another server. But there are some domains which have to be - served locally, via rbldnsd. - - - How do I achieve this ? - - - - -options { - forward only; - forwarders { <ip.of.primary.nameserver>; }; -}; - -zone "sbl-xbl.spamhaus.org" { - type forward; forward only; - forwarders { <ip.of.rbldns.server> port 530; }; -}; - -zone "list.dsbl.org" { - type forward; forward only; - forwarders { <ip.of.rbldns.server> port 530; }; -}; - - - - - - - Will named be affected by the 2007 changes to daylight savings - rules in the US. - - - - - No, so long as the machines internal clock (as reported - by "date -u") remains at UTC. The only visible change - if you fail to upgrade your OS, if you are in a affected - area, will be that log messages will be a hour out during - the period where the old rules do not match the new rules. - - - For most OS's this change just means that you need to - update the conversion rules from UTC to local time. - Normally this involves updating a file in /etc (which - sets the default timezone for the machine) and possibly - a directory which has all the conversion rules for the - world (e.g. /usr/share/zoneinfo). When updating the OS - do not forget to update any chroot areas as well. - See your OS's documetation for more details. - - - The local timezone conversion rules can also be done on - a individual basis by setting the TZ envirionment variable - appropriately. See your OS's documentation for more - details. - - - - -
diff --git a/contrib/bind-9.3/README.DELETED b/contrib/bind-9.3/README.DELETED deleted file mode 100644 index d557f1f929..0000000000 --- a/contrib/bind-9.3/README.DELETED +++ /dev/null @@ -1,53 +0,0 @@ -bin/tests -bin/*/win32 -bin/win32 -lib/*/win32 -lib/win32 -lib/tests -lib/bind/configure* -lib/bind/port/aix32 -lib/bind/port/aix4 -lib/bind/port/aix5 -lib/bind/port/aux3 -lib/bind/port/bsdos* -lib/bind/port/cygwin -lib/bind/port/darwin -lib/bind/port/decunix -lib/bind/port/hpux* -lib/bind/port/irix -lib/bind/port/linux -lib/bind/port/lynxos -lib/bind/port/mpe -lib/bind/port/netbsd -lib/bind/port/next -lib/bind/port/openbsd -lib/bind/port/qnx -lib/bind/port/rhapsody -lib/bind/port/sco* -lib/bind/port/solaris -lib/bind/port/sunos -lib/bind/port/ultrix -lib/bind/port/unixware* -acconfig.h -win32utils -make -contrib -doc -docutil -FAQ.xml -*.m4 -*/*/*.m4 -config* -install-sh -isc-config.sh.in -ltmain.sh -mkinstalldirs -*Makefile* -*/Makefile* -*/*/Makefile* -*/*/*/Makefile* -*/*/*/*/Makefile* -*/*/*/*/*/Makefile* -*/*/*/*/*/*/Makefile* -*/*/*.docbook -*/*/*/*.docbook diff --git a/contrib/bind-9.3/README.DRAGONFLY b/contrib/bind-9.3/README.DRAGONFLY deleted file mode 100644 index fc211dabad..0000000000 --- a/contrib/bind-9.3/README.DRAGONFLY +++ /dev/null @@ -1,56 +0,0 @@ - - BIND-9.3.4 AS USED BY DRAGONFLY - - This directory contains a selected set of files from the ISC - bind-9.3.4.tar.gz distribution. No files have been moved - or modified from their extracted position. - - This also has the patch from 9.3.5 to 9.3.5-P1 backported here. - - This distribution was downloaded from the following site: - - http://www.isc.org/index.pl?/sw/bind/ - - DO NOT CREATE OR EDIT ANY FILES IN THIS DIRECTORY HIERARCHY! THIS - HIERARCHY REPRESENTS AN EXACT COPY, MINUS UNNEEDED FILES, OF THE - ORIGINAL ARCHIVE. All modifications are made in the - DragonFly build wrapper, in: - - /usr/src/usr.sbin/named - /usr/src/usr.sbin/(various) - /usr/src/usr.bin/(various) - /usr/src/lib/libbind - /usr/src/lib/libbind9 - /usr/src/lib/libisc - - The only additional files added to this directory are README.DRAGONFLY - and README.DELETED. - - UPGRADE PROCEDURE: - - * download a new bind distribution - - * extract the archive into /usr/src/contrib, using the subdirectory - that the archive extracts as. - - * redirect the build directory to the new directory: - - /usr/src/usr.sbin/named/Makefile.inc - /usr/src/lib/libbind/Makefile - /usr/src/lib/libisc/Makefile - - * remove files that are not used (or run a build and figure out - what files are not used and remove them). - - * Add the remainder to CVS. - - * Once the new archive is in place, the old one can be physically - removed from the DragonFly CVS repository. The CVS meister would - have to do the physical removal. - - DO NOT MAKE ANY EDITS TO THE DISTRIBUTION IN THIS CONTRIB - DIRECTORY, OTHER THEN TO ADD OR DELETE FILES ASSOCIATED WITH THE - DISTRIBUTION. - - The file README.DELETED contains a list of deleted files. - diff --git a/contrib/bind-9.3/acconfig.h b/contrib/bind-9.3/acconfig.h deleted file mode 100644 index 574ea358e0..0000000000 --- a/contrib/bind-9.3/acconfig.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: acconfig.h,v 1.35.2.4.2.10 2004/12/04 06:50:02 marka Exp $ */ - -/*** - *** This file is not to be included by any public header files, because - *** it does not get installed. - ***/ -@TOP@ - -/* define to `int' if doesn't define. */ -#undef ssize_t - -/* define on DEC OSF to enable 4.4BSD style sa_len support */ -#undef _SOCKADDR_LEN - -/* define if your system needs pthread_init() before using pthreads */ -#undef NEED_PTHREAD_INIT - -/* define if your system has sigwait() */ -#undef HAVE_SIGWAIT - -/* define if sigwait() is the UnixWare flavor */ -#undef HAVE_UNIXWARE_SIGWAIT - -/* define on Solaris to get sigwait() to work using pthreads semantics */ -#undef _POSIX_PTHREAD_SEMANTICS - -/* define if LinuxThreads is in use */ -#undef HAVE_LINUXTHREADS - -/* define if sysconf() is available */ -#undef HAVE_SYSCONF - -/* define if sysctlbyname() is available */ -#undef HAVE_SYSCTLBYNAME - -/* define if catgets() is available */ -#undef HAVE_CATGETS - -/* define if getifaddrs() exists */ -#undef HAVE_GETIFADDRS - -/* define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */ -#undef HAVE_IFLIST_SYSCTL - -/* define if chroot() is available */ -#undef HAVE_CHROOT - -/* define if tzset() is available */ -#undef HAVE_TZSET - -/* define if struct addrinfo exists */ -#undef HAVE_ADDRINFO - -/* define if getaddrinfo() exists */ -#undef HAVE_GETADDRINFO - -/* define if gai_strerror() exists */ -#undef HAVE_GAISTRERROR - -/* define if arc4random() exists */ -#undef HAVE_ARC4RANDOM - -/* define if pthread_setconcurrency() should be called to tell the - * OS how many threads we might want to run. - */ -#undef CALL_PTHREAD_SETCONCURRENCY - -/* define if IPv6 is not disabled */ -#undef WANT_IPV6 - -/* define if flockfile() is available */ -#undef HAVE_FLOCKFILE - -/* define if getc_unlocked() is available */ -#undef HAVE_GETCUNLOCKED - -/* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */ -#undef SHUTUP_SPUTAUX -#ifdef SHUTUP_SPUTAUX -struct __sFILE; -extern __inline int __sputaux(int _c, struct __sFILE *_p); -#endif - -/* Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */ -#undef SHUTUP_SIGWAIT -#ifdef SHUTUP_SIGWAIT -int sigwait(const unsigned int *set, int *sig); -#endif - -/* Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */ -#undef SHUTUP_STDARG_CAST -#if defined(SHUTUP_STDARG_CAST) && defined(__GNUC__) -#include /* Grr. Must be included *every time*. */ -/* - * The silly continuation line is to keep configure from - * commenting out the #undef. - */ -#undef \ - va_start -#define va_start(ap, last) \ - do { \ - union { const void *konst; long *var; } _u; \ - _u.konst = &(last); \ - ap = (va_list)(_u.var + __va_words(__typeof(last))); \ - } while (0) -#endif /* SHUTUP_STDARG_CAST && __GNUC__ */ - -/* define if the system has a random number generating device */ -#undef PATH_RANDOMDEV - -/* define if pthread_attr_getstacksize() is available */ -#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE - -/* define if pthread_attr_setstacksize() is available */ -#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE - -/* define if you have strerror in the C library. */ -#undef HAVE_STRERROR - -/* Define if you are running under Compaq TruCluster. */ -#undef HAVE_TRUCLUSTER - -/* Define if OpenSSL includes DSA support */ -#undef HAVE_OPENSSL_DSA - -/* Define to the length type used by the socket API (socklen_t, size_t, int). */ -#undef ISC_SOCKADDR_LEN_T - -/* Define if threads need PTHREAD_SCOPE_SYSTEM */ -#undef NEED_PTHREAD_SCOPE_SYSTEM diff --git a/contrib/bind-9.3/bin/check/check-tool.c b/contrib/bind-9.3/bin/check/check-tool.c deleted file mode 100644 index 1b67ca8859..0000000000 --- a/contrib/bind-9.3/bin/check/check-tool.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: check-tool.c,v 1.4.12.7 2004/11/30 01:15:40 marka Exp $ */ - -#include - -#include -#include - -#include "check-tool.h" -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#define CHECK(r) \ - do { \ - result = (r); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - -static const char *dbtype[] = { "rbt" }; - -int debug = 0; -isc_boolean_t nomerge = ISC_TRUE; -unsigned int zone_options = DNS_ZONEOPT_CHECKNS | - DNS_ZONEOPT_MANYERRORS | - DNS_ZONEOPT_CHECKNAMES; - -isc_result_t -setup_logging(isc_mem_t *mctx, isc_log_t **logp) { - isc_logdestination_t destination; - isc_logconfig_t *logconfig = NULL; - isc_log_t *log = NULL; - - RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS); - isc_log_setcontext(log); - - destination.file.stream = stdout; - destination.file.name = NULL; - destination.file.versions = ISC_LOG_ROLLNEVER; - destination.file.maximum_size = 0; - RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr", - ISC_LOG_TOFILEDESC, - ISC_LOG_DYNAMIC, - &destination, 0) == ISC_R_SUCCESS); - RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr", - NULL, NULL) == ISC_R_SUCCESS); - - *logp = log; - return (ISC_R_SUCCESS); -} - -isc_result_t -load_zone(isc_mem_t *mctx, const char *zonename, const char *filename, - const char *classname, dns_zone_t **zonep) -{ - isc_result_t result; - dns_rdataclass_t rdclass; - isc_textregion_t region; - isc_buffer_t buffer; - dns_fixedname_t fixorigin; - dns_name_t *origin; - dns_zone_t *zone = NULL; - - REQUIRE(zonep == NULL || *zonep == NULL); - - if (debug) - fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n", - zonename, filename, classname); - - CHECK(dns_zone_create(&zone, mctx)); - - dns_zone_settype(zone, dns_zone_master); - - isc_buffer_init(&buffer, zonename, strlen(zonename)); - isc_buffer_add(&buffer, strlen(zonename)); - dns_fixedname_init(&fixorigin); - origin = dns_fixedname_name(&fixorigin); - CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, - ISC_FALSE, NULL)); - CHECK(dns_zone_setorigin(zone, origin)); - CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype)); - CHECK(dns_zone_setfile(zone, filename)); - - DE_CONST(classname, region.base); - region.length = strlen(classname); - CHECK(dns_rdataclass_fromtext(&rdclass, ®ion)); - - dns_zone_setclass(zone, rdclass); - dns_zone_setoption(zone, zone_options, ISC_TRUE); - dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge); - - CHECK(dns_zone_load(zone)); - if (zonep != NULL){ - *zonep = zone; - zone = NULL; - } - - cleanup: - if (zone != NULL) - dns_zone_detach(&zone); - return (result); -} - -isc_result_t -dump_zone(const char *zonename, dns_zone_t *zone, const char *filename) -{ - isc_result_t result; - FILE *output = stdout; - - if (debug) { - if (filename != NULL) - fprintf(stderr, "dumping \"%s\" to \"%s\"\n", - zonename, filename); - else - fprintf(stderr, "dumping \"%s\"\n", zonename); - } - - if (filename != NULL) { - result = isc_stdio_open(filename, "w+", &output); - - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "could not open output " - "file \"%s\" for writing\n", filename); - return (ISC_R_FAILURE); - } - } - - result = dns_zone_fulldumptostream(zone, output); - - if (filename != NULL) - (void)isc_stdio_close(output); - - return (result); -} diff --git a/contrib/bind-9.3/bin/check/named-checkconf.c b/contrib/bind-9.3/bin/check/named-checkconf.c deleted file mode 100644 index f50461d792..0000000000 --- a/contrib/bind-9.3/bin/check/named-checkconf.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: named-checkconf.c,v 1.12.12.11 2006/03/02 00:37:20 marka Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include - -#include -#include -#include - -#include "check-tool.h" - -isc_log_t *logc = NULL; - -#define CHECK(r)\ - do { \ - result = (r); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ - } while (0) - -static void -usage(void) { - fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] " - "[named.conf]\n"); - exit(1); -} - -static isc_result_t -directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) { - isc_result_t result; - const char *directory; - - REQUIRE(strcasecmp("directory", clausename) == 0); - - UNUSED(arg); - UNUSED(clausename); - - /* - * Change directory. - */ - directory = cfg_obj_asstring(obj); - result = isc_dir_chdir(directory); - if (result != ISC_R_SUCCESS) { - cfg_obj_log(obj, logc, ISC_LOG_ERROR, - "change directory to '%s' failed: %s\n", - directory, isc_result_totext(result)); - return (result); - } - - return (ISC_R_SUCCESS); -} - -static isc_result_t -configure_zone(const char *vclass, const char *view, - const cfg_obj_t *zconfig, isc_mem_t *mctx) -{ - isc_result_t result; - const char *zclass; - const char *zname; - const char *zfile; - const cfg_obj_t *zoptions = NULL; - const cfg_obj_t *classobj = NULL; - const cfg_obj_t *typeobj = NULL; - const cfg_obj_t *fileobj = NULL; - const cfg_obj_t *dbobj = NULL; - - zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); - classobj = cfg_tuple_get(zconfig, "class"); - if (!cfg_obj_isstring(classobj)) - zclass = vclass; - else - zclass = cfg_obj_asstring(classobj); - zoptions = cfg_tuple_get(zconfig, "options"); - cfg_map_get(zoptions, "type", &typeobj); - if (typeobj == NULL) - return (ISC_R_FAILURE); - if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) - return (ISC_R_SUCCESS); - cfg_map_get(zoptions, "database", &dbobj); - if (dbobj != NULL) - return (ISC_R_SUCCESS); - cfg_map_get(zoptions, "file", &fileobj); - if (fileobj == NULL) - return (ISC_R_FAILURE); - zfile = cfg_obj_asstring(fileobj); - result = load_zone(mctx, zname, zfile, zclass, NULL); - if (result != ISC_R_SUCCESS) - fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass, - dns_result_totext(result)); - return(result); -} - -static isc_result_t -configure_view(const char *vclass, const char *view, const cfg_obj_t *config, - const cfg_obj_t *vconfig, isc_mem_t *mctx) -{ - const cfg_listelt_t *element; - const cfg_obj_t *voptions; - const cfg_obj_t *zonelist; - isc_result_t result = ISC_R_SUCCESS; - isc_result_t tresult; - - voptions = NULL; - if (vconfig != NULL) - voptions = cfg_tuple_get(vconfig, "options"); - - zonelist = NULL; - if (voptions != NULL) - (void)cfg_map_get(voptions, "zone", &zonelist); - else - (void)cfg_map_get(config, "zone", &zonelist); - - for (element = cfg_list_first(zonelist); - element != NULL; - element = cfg_list_next(element)) - { - const cfg_obj_t *zconfig = cfg_listelt_value(element); - tresult = configure_zone(vclass, view, zconfig, mctx); - if (tresult != ISC_R_SUCCESS) - result = tresult; - } - return (result); -} - - -static isc_result_t -load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { - const cfg_listelt_t *element; - const cfg_obj_t *classobj; - const cfg_obj_t *views; - const cfg_obj_t *vconfig; - const char *vclass; - isc_result_t result = ISC_R_SUCCESS; - isc_result_t tresult; - - views = NULL; - - (void)cfg_map_get(config, "view", &views); - for (element = cfg_list_first(views); - element != NULL; - element = cfg_list_next(element)) - { - const char *vname; - - vclass = "IN"; - vconfig = cfg_listelt_value(element); - if (vconfig != NULL) { - classobj = cfg_tuple_get(vconfig, "class"); - if (cfg_obj_isstring(classobj)) - vclass = cfg_obj_asstring(classobj); - } - vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); - tresult = configure_view(vclass, vname, config, vconfig, mctx); - if (tresult != ISC_R_SUCCESS) - result = tresult; - } - - if (views == NULL) { - tresult = configure_view("IN", "_default", config, NULL, mctx); - if (tresult != ISC_R_SUCCESS) - result = tresult; - } - return (result); -} - -int -main(int argc, char **argv) { - int c; - cfg_parser_t *parser = NULL; - cfg_obj_t *config = NULL; - const char *conffile = NULL; - isc_mem_t *mctx = NULL; - isc_result_t result; - int exit_status = 0; - isc_entropy_t *ectx = NULL; - isc_boolean_t load_zones = ISC_FALSE; - - while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) { - switch (c) { - case 'd': - debug++; - break; - - case 'j': - nomerge = ISC_FALSE; - break; - - case 't': - result = isc_dir_chroot(isc_commandline_argument); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chroot: %s\n", - isc_result_totext(result)); - exit(1); - } - result = isc_dir_chdir("/"); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chdir: %s\n", - isc_result_totext(result)); - exit(1); - } - break; - - case 'v': - printf(VERSION "\n"); - exit(0); - - case 'z': - load_zones = ISC_TRUE; - break; - - default: - usage(); - } - } - - if (argv[isc_commandline_index] != NULL) - conffile = argv[isc_commandline_index]; - if (conffile == NULL || conffile[0] == '\0') - conffile = NAMED_CONFFILE; - - RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); - - RUNTIME_CHECK(setup_logging(mctx, &logc) == ISC_R_SUCCESS); - - RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS); - RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE) - == ISC_R_SUCCESS); - - dns_result_register(); - - RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS); - - cfg_parser_setcallback(parser, directory_callback, NULL); - - if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) != - ISC_R_SUCCESS) - exit(1); - - result = bind9_check_namedconf(config, logc, mctx); - if (result != ISC_R_SUCCESS) - exit_status = 1; - - if (result == ISC_R_SUCCESS && load_zones) { - dns_log_init(logc); - dns_log_setcontext(logc); - result = load_zones_fromconfig(config, mctx); - if (result != ISC_R_SUCCESS) - exit_status = 1; - } - - cfg_obj_destroy(parser, &config); - - cfg_parser_destroy(&parser); - - isc_log_destroy(&logc); - - isc_hash_destroy(); - isc_entropy_detach(&ectx); - - isc_mem_destroy(&mctx); - - return (exit_status); -} diff --git a/contrib/bind-9.3/bin/check/named-checkconf.html b/contrib/bind-9.3/bin/check/named-checkconf.html deleted file mode 100644 index 2283c51626..0000000000 --- a/contrib/bind-9.3/bin/check/named-checkconf.html +++ /dev/null @@ -1,92 +0,0 @@ - - - - - -named-checkconf - - -
-
-
-

Name

-

named-checkconf — named configuration file syntax checking tool

-
-
-

Synopsis

-

named-checkconf [-v] [-j] [-t directory] {filename} [-z]

-
-
-

DESCRIPTION

-

- named-checkconf checks the syntax, but not - the semantics, of a named configuration file. -

-
-
-

OPTIONS

-
-
-t directory
-

- chroot to directory so that include - directives in the configuration file are processed as if - run by a similarly chrooted named. -

-
-v
-

- Print the version of the named-checkconf - program and exit. -

-
-z
-

- Perform a check load the master zonefiles found in - named.conf. -

-
-j
-

- When loading a zonefile read the journal if it exists. -

-
filename
-

- The name of the configuration file to be checked. If not - specified, it defaults to /etc/named.conf. -

-
-
-
-

RETURN VALUES

-

- named-checkconf returns an exit status of 1 if - errors were detected and 0 otherwise. -

-
-
-

SEE ALSO

-

- named(8), - BIND 9 Administrator Reference Manual. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/check/named-checkzone.8 b/contrib/bind-9.3/bin/check/named-checkzone.8 deleted file mode 100644 index f50085c784..0000000000 --- a/contrib/bind-9.3/bin/check/named-checkzone.8 +++ /dev/null @@ -1,116 +0,0 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") -.\" Copyright (C) 2000-2002 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH -.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM -.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE -.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -.\" PERFORMANCE OF THIS SOFTWARE. -.\" -.\" $Id: named-checkzone.8,v 1.11.2.1.8.11 2006/10/05 02:50:17 marka Exp $ -.\" -.hy 0 -.ad l -.\" Title: named\-checkzone -.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 -.\" Date: June 13, 2000 -.\" Manual: BIND9 -.\" Source: BIND9 -.\" -.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9" -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.SH "NAME" -named\-checkzone \- zone file validity checking tool -.SH "SYNOPSIS" -.HP 16 -\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] {zonename} {filename} -.SH "DESCRIPTION" -.PP -\fBnamed\-checkzone\fR -checks the syntax and integrity of a zone file. It performs the same checks as -\fBnamed\fR -does when loading a zone. This makes -\fBnamed\-checkzone\fR -useful for checking zone files before configuring them into a name server. -.SH "OPTIONS" -.TP 3n -\-d -Enable debugging. -.TP 3n -\-q -Quiet mode \- exit code only. -.TP 3n -\-v -Print the version of the -\fBnamed\-checkzone\fR -program and exit. -.TP 3n -\-j -When loading the zone file read the journal if it exists. -.TP 3n -\-c \fIclass\fR -Specify the class of the zone. If not specified "IN" is assumed. -.TP 3n -\-k \fImode\fR -Perform -\fB"check\-names"\fR -checks with the specified failure mode. Possible modes are -\fB"fail"\fR, -\fB"warn"\fR -(default) and -\fB"ignore"\fR. -.TP 3n -\-n \fImode\fR -Specify whether NS records should be checked to see if they are addresses. Possible modes are -\fB"fail"\fR, -\fB"warn"\fR -(default) and -\fB"ignore"\fR. -.TP 3n -\-o \fIfilename\fR -Write zone output to -\fIfilename\fR. -.TP 3n -\-t \fIdirectory\fR -chroot to -\fIdirectory\fR -so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP 3n -\-w \fIdirectory\fR -chdir to -\fIdirectory\fR -so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in -\fInamed.conf\fR. -.TP 3n -\-D -Dump zone file in canonical format. -.TP 3n -zonename -The domain name of the zone being checked. -.TP 3n -filename -The name of the zone file. -.SH "RETURN VALUES" -.PP -\fBnamed\-checkzone\fR -returns an exit status of 1 if errors were detected and 0 otherwise. -.SH "SEE ALSO" -.PP -\fBnamed\fR(8), -RFC 1035, -BIND 9 Administrator Reference Manual. -.SH "AUTHOR" -.PP -Internet Systems Consortium -.SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") diff --git a/contrib/bind-9.3/bin/check/named-checkzone.c b/contrib/bind-9.3/bin/check/named-checkzone.c deleted file mode 100644 index 0eea166822..0000000000 --- a/contrib/bind-9.3/bin/check/named-checkzone.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: named-checkzone.c,v 1.13.2.3.8.11 2004/10/25 01:36:06 marka Exp $ */ - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "check-tool.h" - -static int quiet = 0; -static isc_mem_t *mctx = NULL; -static isc_entropy_t *ectx = NULL; -dns_zone_t *zone = NULL; -dns_zonetype_t zonetype = dns_zone_master; -static int dumpzone = 0; -static const char *output_filename; - -#define ERRRET(result, function) \ - do { \ - if (result != ISC_R_SUCCESS) { \ - if (!quiet) \ - fprintf(stderr, "%s() returned %s\n", \ - function, dns_result_totext(result)); \ - return (result); \ - } \ - } while (0) - -static void -usage(void) { - fprintf(stderr, - "usage: named-checkzone [-djqvD] [-c class] [-o output] " - "[-t directory] [-w directory] [-k (ignore|warn|fail)] " - "[-n (ignore|warn|fail)] zonename filename\n"); - exit(1); -} - -static void -destroy(void) { - if (zone != NULL) - dns_zone_detach(&zone); -} - -int -main(int argc, char **argv) { - int c; - char *origin = NULL; - char *filename = NULL; - isc_log_t *lctx = NULL; - isc_result_t result; - char classname_in[] = "IN"; - char *classname = classname_in; - const char *workdir = NULL; - - while ((c = isc_commandline_parse(argc, argv, "c:dijk:n:qst:o:vw:D")) != EOF) { - switch (c) { - case 'c': - classname = isc_commandline_argument; - break; - - case 'd': - debug++; - break; - - case 'j': - nomerge = ISC_FALSE; - break; - - case 'n': - if (!strcmp(isc_commandline_argument, "ignore")) - zone_options &= ~(DNS_ZONEOPT_CHECKNS| - DNS_ZONEOPT_FATALNS); - else if (!strcmp(isc_commandline_argument, "warn")) { - zone_options |= DNS_ZONEOPT_CHECKNS; - zone_options &= ~DNS_ZONEOPT_FATALNS; - } else if (!strcmp(isc_commandline_argument, "fail")) - zone_options |= DNS_ZONEOPT_CHECKNS| - DNS_ZONEOPT_FATALNS; - break; - - case 'k': - if (!strcmp(isc_commandline_argument, "warn")) { - zone_options |= DNS_ZONEOPT_CHECKNAMES; - zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL; - } else if (!strcmp(isc_commandline_argument, - "fail")) { - zone_options |= DNS_ZONEOPT_CHECKNAMES | - DNS_ZONEOPT_CHECKNAMESFAIL; - } else if (!strcmp(isc_commandline_argument, - "ignore")) { - zone_options &= ~(DNS_ZONEOPT_CHECKNAMES | - DNS_ZONEOPT_CHECKNAMESFAIL); - } - break; - - case 'q': - quiet++; - break; - - case 't': - result = isc_dir_chroot(isc_commandline_argument); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chroot: %s: %s\n", - isc_commandline_argument, - isc_result_totext(result)); - exit(1); - } - result = isc_dir_chdir("/"); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chdir: %s\n", - isc_result_totext(result)); - exit(1); - } - break; - - case 'o': - output_filename = isc_commandline_argument; - break; - - case 'v': - printf(VERSION "\n"); - exit(0); - - case 'w': - workdir = isc_commandline_argument; - break; - - case 'D': - dumpzone++; - break; - - default: - usage(); - } - } - - if (workdir != NULL) { - result = isc_dir_chdir(workdir); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "isc_dir_chdir: %s: %s\n", - workdir, isc_result_totext(result)); - exit(1); - } - } - - if (isc_commandline_index + 2 > argc) - usage(); - - RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); - if (!quiet) { - RUNTIME_CHECK(setup_logging(mctx, &lctx) == ISC_R_SUCCESS); - dns_log_init(lctx); - dns_log_setcontext(lctx); - } - RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS); - RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE) - == ISC_R_SUCCESS); - - dns_result_register(); - - origin = argv[isc_commandline_index++]; - filename = argv[isc_commandline_index++]; - result = load_zone(mctx, origin, filename, classname, &zone); - - if (result == ISC_R_SUCCESS && dumpzone) { - result = dump_zone(origin, zone, output_filename); - } - - if (!quiet && result == ISC_R_SUCCESS) - fprintf(stdout, "OK\n"); - destroy(); - if (lctx != NULL) - isc_log_destroy(&lctx); - isc_hash_destroy(); - isc_entropy_detach(&ectx); - isc_mem_destroy(&mctx); - return ((result == ISC_R_SUCCESS) ? 0 : 1); -} diff --git a/contrib/bind-9.3/bin/check/named-checkzone.html b/contrib/bind-9.3/bin/check/named-checkzone.html deleted file mode 100644 index 8f5195a6d8..0000000000 --- a/contrib/bind-9.3/bin/check/named-checkzone.html +++ /dev/null @@ -1,135 +0,0 @@ - - - - - -named-checkzone - - -
-
-
-

Name

-

named-checkzone — zone file validity checking tool

-
-
-

Synopsis

-

named-checkzone [-d] [-j] [-q] [-v] [-c class] [-k mode] [-n mode] [-o filename] [-t directory] [-w directory] [-D] {zonename} {filename}

-
-
-

DESCRIPTION

-

- named-checkzone checks the syntax and integrity of - a zone file. It performs the same checks as named - does when loading a zone. This makes - named-checkzone useful for checking zone - files before configuring them into a name server. -

-
-
-

OPTIONS

-
-
-d
-

- Enable debugging. -

-
-q
-

- Quiet mode - exit code only. -

-
-v
-

- Print the version of the named-checkzone - program and exit. -

-
-j
-

- When loading the zone file read the journal if it exists. -

-
-c class
-

- Specify the class of the zone. If not specified "IN" is assumed. -

-
-k mode
-

- Perform "check-names" checks with the specified failure mode. - Possible modes are "fail", - "warn" (default) and - "ignore". -

-
-n mode
-

- Specify whether NS records should be checked to see if they - are addresses. Possible modes are "fail", - "warn" (default) and - "ignore". -

-
-o filename
-

- Write zone output to filename. -

-
-t directory
-

- chroot to directory so that include - directives in the configuration file are processed as if - run by a similarly chrooted named. -

-
-w directory
-

- chdir to directory so that relative - filenames in master file $INCLUDE directives work. This - is similar to the directory clause in - named.conf. -

-
-D
-

- Dump zone file in canonical format. -

-
zonename
-

- The domain name of the zone being checked. -

-
filename
-

- The name of the zone file. -

-
-
-
-

RETURN VALUES

-

- named-checkzone returns an exit status of 1 if - errors were detected and 0 otherwise. -

-
-
-

SEE ALSO

-

- named(8), - RFC 1035, - BIND 9 Administrator Reference Manual. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/dig/dig.html b/contrib/bind-9.3/bin/dig/dig.html deleted file mode 100644 index 06771b3a1c..0000000000 --- a/contrib/bind-9.3/bin/dig/dig.html +++ /dev/null @@ -1,514 +0,0 @@ - - - - - -dig - - -
-
-
-

Name

-

dig — DNS lookup utility

-
-
-

Synopsis

-

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-p port#] [-t type] [-x addr] [-y name:key] [-4] [-6] [name] [type] [class] [queryopt...]

-

dig [-h]

-

dig [global-queryopt...] [query...]

-
-
-

DESCRIPTION

-

-dig (domain information groper) is a flexible tool -for interrogating DNS name servers. It performs DNS lookups and -displays the answers that are returned from the name server(s) that -were queried. Most DNS administrators use dig to -troubleshoot DNS problems because of its flexibility, ease of use and -clarity of output. Other lookup tools tend to have less functionality -than dig. -

-

-Although dig is normally used with command-line -arguments, it also has a batch mode of operation for reading lookup -requests from a file. A brief summary of its command-line arguments -and options is printed when the -h option is given. -Unlike earlier versions, the BIND9 implementation of -dig allows multiple lookups to be issued from the -command line. -

-

-Unless it is told to query a specific name server, -dig will try each of the servers listed in -/etc/resolv.conf. -

-

-When no command line arguments or options are given, will perform an -NS query for "." (the root). -

-

-It is possible to set per-user defaults for dig via -${HOME}/.digrc. This file is read and any options in it -are applied before the command line arguments. -

-
-
-

SIMPLE USAGE

-

-A typical invocation of dig looks like: -

-
 dig @server name type
-

where: - -

-
-
server
-

-is the name or IP address of the name server to query. This can be an IPv4 -address in dotted-decimal notation or an IPv6 -address in colon-delimited notation. When the supplied -server argument is a hostname, -dig resolves that name before querying that name -server. If no server argument is provided, -dig consults /etc/resolv.conf -and queries the name servers listed there. The reply from the name -server that responds is displayed. -

-
name
-

-is the name of the resource record that is to be looked up. -

-
type
-

-indicates what type of query is required — -ANY, A, MX, SIG, etc. -type can be any valid query type. If no -type argument is supplied, -dig will perform a lookup for an A record. -

-
-

-

-
-
-

OPTIONS

-

-The -b option sets the source IP address of the query -to address. This must be a valid address on -one of the host's network interfaces or "0.0.0.0" or "::". An optional port -may be specified by appending "#<port>" -

-

-The default query class (IN for internet) is overridden by the --c option. class is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. -

-

-The -f option makes dig operate -in batch mode by reading a list of lookup requests to process from the -file filename. The file contains a number of -queries, one per line. Each entry in the file should be organised in -the same way they would be presented as queries to -dig using the command-line interface. -

-

-If a non-standard port number is to be queried, the --p option is used. port# is -the port number that dig will send its queries -instead of the standard DNS port number 53. This option would be used -to test a name server that has been configured to listen for queries -on a non-standard port number. -

-

-The -4 option forces dig to only -use IPv4 query transport. The -6 option forces -dig to only use IPv6 query transport. -

-

-The -t option sets the query type to -type. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the --x option is supplied to indicate a reverse lookup. -A zone transfer can be requested by specifying a type of AXFR. When -an incremental zone transfer (IXFR) is required, -type is set to ixfr=N. -The incremental zone transfer will contain the changes made to the zone -since the serial number in the zone's SOA record was -N. -

-

-Reverse lookups - mapping addresses to names - are simplified by the --x option. addr is an IPv4 -address in dotted-decimal notation, or a colon-delimited IPv6 address. -When this option is used, there is no need to provide the -name, class and -type arguments. dig -automatically performs a lookup for a name like -11.12.13.10.in-addr.arpa and sets the query type and -class to PTR and IN respectively. By default, IPv6 addresses are -looked up using nibble format under the IP6.ARPA domain. -To use the older RFC1886 method using the IP6.INT domain -specify the -i option. Bit string labels (RFC2874) -are now experimental and are not attempted. -

-

-To sign the DNS queries sent by dig and their -responses using transaction signatures (TSIG), specify a TSIG key file -using the -k option. You can also specify the TSIG -key itself on the command line using the -y option; -name is the name of the TSIG key and -key is the actual key. The key is a base-64 -encoded string, typically generated by dnssec-keygen(8). - -Caution should be taken when using the -y option on -multi-user systems as the key can be visible in the output from -ps(1 -) or in the shell's history file. When -using TSIG authentication with dig, the name -server that is queried needs to know the key and algorithm that is -being used. In BIND, this is done by providing appropriate -key and server statements in -named.conf. -

-
-
-

QUERY OPTIONS

-

-dig provides a number of query options which affect -the way in which lookups are made and the results displayed. Some of -these set or reset flag bits in the query header, some determine which -sections of the answer get printed, and others determine the timeout -and retry strategies. -

-

-Each query option is identified by a keyword preceded by a plus sign -(+). Some keywords set or reset an option. These may be preceded -by the string no to negate the meaning of that keyword. Other -keywords assign values to options like the timeout interval. They -have the form +keyword=value. -The query options are: - -

-
-
+[no]tcp
-

-Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in -which case a TCP connection is used. -

-
+[no]vc
-

-Use [do not use] TCP when querying name servers. This alternate -syntax to +[no]tcp is provided for backwards -compatibility. The "vc" stands for "virtual circuit". -

-
+[no]ignore
-

-Ignore truncation in UDP responses instead of retrying with TCP. By -default, TCP retries are performed. -

-
+domain=somename
-

-Set the search list to contain the single domain -somename, as if specified in a -domain directive in -/etc/resolv.conf, and enable search list -processing as if the +search option were given. -

-
+[no]search
-

-Use [do not use] the search list defined by the searchlist or domain -directive in resolv.conf (if any). -The search list is not used by default. -

-
+[no]defname
-

-Deprecated, treated as a synonym for +[no]search -

-
+[no]aaonly
-

-Sets the "aa" flag in the query. -

-
+[no]aaflag
-

-A synonym for +[no]aaonly. -

-
+[no]adflag
-

-Set [do not set] the AD (authentic data) bit in the query. The AD bit -currently has a standard meaning only in responses, not in queries, -but the ability to set the bit in the query is provided for -completeness. -

-
+[no]cdflag
-

-Set [do not set] the CD (checking disabled) bit in the query. This -requests the server to not perform DNSSEC validation of responses. -

-
+[no]cl
-

-Display [do not display] the CLASS when printing the record. -

-
+[no]ttlid
-

-Display [do not display] the TTL when printing the record. -

-
+[no]recurse
-

-Toggle the setting of the RD (recursion desired) bit in the query. -This bit is set by default, which means dig -normally sends recursive queries. Recursion is automatically disabled -when the +nssearch or -+trace query options are used. -

-
+[no]nssearch
-

-When this option is set, dig attempts to find the -authoritative name servers for the zone containing the name being -looked up and display the SOA record that each name server has for the -zone. -

-
+[no]trace
-

-Toggle tracing of the delegation path from the root name servers for -the name being looked up. Tracing is disabled by default. When -tracing is enabled, dig makes iterative queries to -resolve the name being looked up. It will follow referrals from the -root servers, showing the answer from each server that was used to -resolve the lookup. -

-
+[no]cmd
-

-toggles the printing of the initial comment in the output identifying -the version of dig and the query options that have -been applied. This comment is printed by default. -

-
+[no]short
-

-Provide a terse answer. The default is to print the answer in a -verbose form. -

-
+[no]identify
-

-Show [or do not show] the IP address and port number that supplied the -answer when the +short option is enabled. If -short form answers are requested, the default is not to show the -source address and port number of the server that provided the answer. -

-
+[no]comments
-

-Toggle the display of comment lines in the output. The default is to -print comments. -

-
+[no]stats
-

-This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is -to print the query statistics. -

-
+[no]qr
-

-Print [do not print] the query as it is sent. -By default, the query is not printed. -

-
+[no]question
-

-Print [do not print] the question section of a query when an answer is -returned. The default is to print the question section as a comment. -

-
+[no]answer
-

-Display [do not display] the answer section of a reply. The default -is to display it. -

-
+[no]authority
-

-Display [do not display] the authority section of a reply. The -default is to display it. -

-
+[no]additional
-

-Display [do not display] the additional section of a reply. -The default is to display it. -

-
+[no]all
-

-Set or clear all display flags. -

-
+time=T
-

- -Sets the timeout for a query to -T seconds. The default time out is 5 seconds. -An attempt to set T to less than 1 will result -in a query timeout of 1 second being applied. -

-
+tries=T
-

-Sets the number of times to try UDP queries to server to -T instead of the default, 3. If -T is less than or equal to zero, the number of -tries is silently rounded up to 1. -

-
+retry=T
-

-Sets the number of times to retry UDP queries to server to -T instead of the default, 2. Unlike -+tries, this does not include the initial -query. -

-
+ndots=D
-

-Set the number of dots that have to appear in -name to D for it to be -considered absolute. The default value is that defined using the -ndots statement in /etc/resolv.conf, or 1 if no -ndots statement is present. Names with fewer dots are interpreted as -relative names and will be searched for in the domains listed in the -search or domain directive in -/etc/resolv.conf. -

-
+bufsize=B
-

-Set the UDP message buffer size advertised using EDNS0 to -B bytes. The maximum and minimum sizes of this -buffer are 65535 and 0 respectively. Values outside this range are -rounded up or down appropriately. -

-
+[no]multiline
-

-Print records like the SOA records in a verbose multi-line -format with human-readable comments. The default is to print -each record on a single line, to facilitate machine parsing -of the dig output. -

-
+[no]fail
-

-Do not try the next server if you receive a SERVFAIL. The default is -to not try the next server which is the reverse of normal stub resolver -behaviour. -

-
+[no]besteffort
-

-Attempt to display the contents of messages which are malformed. -The default is to not display malformed answers. -

-
+[no]dnssec
-

-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) -in the OPT record in the additional section of the query. -

-
+[no]sigchase
-

-Chase DNSSEC signature chains. Requires dig be compiled with --DDIG_SIGCHASE. -

-
+trusted-key=####
-
-

- Specifies a file containing trusted keys to be used with - +sigchase. Each DNSKEY record must be - on its own line. -

-

- If not specified dig will look for - /etc/trusted-key.key then - trusted-key.key in the current directory. -

-

- Requires dig be compiled with -DDIG_SIGCHASE. -

-
-
+[no]topdown
-

-When chasing DNSSEC signature chains perform a top down validation. -Requires dig be compiled with -DDIG_SIGCHASE. -

-
-

- -

-
-
-

MULTIPLE QUERIES

-

-The BIND 9 implementation of dig supports -specifying multiple queries on the command line (in addition to -supporting the -f batch file option). Each of those -queries can be supplied with its own set of flags, options and query -options. -

-

-In this case, each query argument represent an -individual query in the command-line syntax described above. Each -consists of any of the standard options and flags, the name to be -looked up, an optional query type and class and any query options that -should be applied to that query. -

-

-A global set of query options, which should be applied to all queries, -can also be supplied. These global query options must precede the -first tuple of name, class, type, options, flags, and query options -supplied on the command line. Any global query options (except -the +[no]cmd option) can be -overridden by a query-specific set of query options. For example: -

-
-dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
-

-shows how dig could be used from the command line -to make three lookups: an ANY query for www.isc.org, a -reverse lookup of 127.0.0.1 and a query for the NS records of -isc.org. - -A global query option of +qr is applied, so -that dig shows the initial query it made for each -lookup. The final query has a local query option of -+noqr which means that dig -will not print the initial query when it looks up the NS records for -isc.org. -

-
-
-

FILES

-

-/etc/resolv.conf -

-

-${HOME}/.digrc -

-
-
-

SEE ALSO

-

-host(1), -named(8), -dnssec-keygen(8), -RFC1035. -

-
-
-

BUGS

-

-There are probably too many query options. -

-
-
- diff --git a/contrib/bind-9.3/bin/dig/host.html b/contrib/bind-9.3/bin/dig/host.html deleted file mode 100644 index 4c16215104..0000000000 --- a/contrib/bind-9.3/bin/dig/host.html +++ /dev/null @@ -1,171 +0,0 @@ - - - - - -host - - -
-
-
-

Name

-

host — DNS lookup utility

-
-
-

Synopsis

-

host [-aCdlnrTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-4] [-6] {name} [server]

-
-
-

DESCRIPTION

-

-host -is a simple utility for performing DNS lookups. -It is normally used to convert names to IP addresses and vice versa. -When no arguments or options are given, -host -prints a short summary of its command line arguments and options. -

-

-name is the domain name that is to be looked -up. It can also be a dotted-decimal IPv4 address or a colon-delimited -IPv6 address, in which case host will by default -perform a reverse lookup for that address. -server is an optional argument which is either -the name or IP address of the name server that host -should query instead of the server or servers listed in -/etc/resolv.conf. -

-

-The -a (all) option is equivalent to setting the --v option and asking host to make -a query of type ANY. -

-

-When the -C option is used, host -will attempt to display the SOA records for zone -name from all the listed authoritative name -servers for that zone. The list of name servers is defined by the NS -records that are found for the zone. -

-

-The -c option instructs to make a DNS query of class -class. This can be used to lookup Hesiod or -Chaosnet class resource records. The default class is IN (Internet). -

-

-Verbose output is generated by host when the --d or -v option is used. The two -options are equivalent. They have been provided for backwards -compatibility. In previous versions, the -d option -switched on debugging traces and -v enabled verbose -output. -

-

-List mode is selected by the -l option. This makes -host perform a zone transfer for zone -name. Transfer the zone printing out the NS, PTR -and address records (A/AAAA). If combined with -a -all records will be printed. -

-

-The -i -option specifies that reverse lookups of IPv6 addresses should -use the IP6.INT domain as defined in RFC1886. -The default is to use IP6.ARPA. -

-

-The -N option sets the number of dots that have to be -in name for it to be considered absolute. The -default value is that defined using the ndots statement in -/etc/resolv.conf, or 1 if no ndots statement is -present. Names with fewer dots are interpreted as relative names and -will be searched for in the domains listed in the search -or domain directive in -/etc/resolv.conf. -

-

-The number of UDP retries for a lookup can be changed with the --R option. number indicates -how many times host will repeat a query that does -not get answered. The default number of retries is 1. If -number is negative or zero, the number of -retries will default to 1. -

-

-Non-recursive queries can be made via the -r option. -Setting this option clears the RD — recursion -desired — bit in the query which host makes. -This should mean that the name server receiving the query will not -attempt to resolve name. The --r option enables host to mimic -the behaviour of a name server by making non-recursive queries and -expecting to receive answers to those queries that are usually -referrals to other name servers. -

-

-By default host uses UDP when making queries. The --T option makes it use a TCP connection when querying -the name server. TCP will be automatically selected for queries that -require it, such as zone transfer (AXFR) requests. -

-

-The -4 option forces host to only -use IPv4 query transport. The -6 option forces -host to only use IPv6 query transport. -

-

-The -t option is used to select the query type. -type can be any recognised query type: CNAME, -NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, -host automatically selects an appropriate query -type. By default it looks for A records, but if the --C option was given, queries will be made for SOA -records, and if name is a dotted-decimal IPv4 -address or colon-delimited IPv6 address, host will -query for PTR records. If a query type of IXFR is chosen the starting -serial number can be specified by appending an equal followed by the -starting serial number (e.g. -t IXFR=12345678). -

-

-The time to wait for a reply can be controlled through the --W and -w options. The --W option makes host wait for -wait seconds. If wait -is less than one, the wait interval is set to one second. When the --w option is used, host will -effectively wait forever for a reply. The time to wait for a response -will be set to the number of seconds given by the hardware's maximum -value for an integer quantity. -

-
-
-

FILES

-

-/etc/resolv.conf -

-
-
-

SEE ALSO

-

-dig(1), -named(8). -

-
-
- diff --git a/contrib/bind-9.3/bin/dig/nslookup.html b/contrib/bind-9.3/bin/dig/nslookup.html deleted file mode 100644 index e6801e9512..0000000000 --- a/contrib/bind-9.3/bin/dig/nslookup.html +++ /dev/null @@ -1,264 +0,0 @@ - - - - - -nslookup - - -
-
-
-

Name

-

nslookup — query Internet name servers interactively

-
-
-

Synopsis

-

nslookup [-option] [name | -] [server]

-
-
-

DESCRIPTION

-

-Nslookup -is a program to query Internet domain name servers. Nslookup -has two modes: interactive and non-interactive. Interactive mode allows -the user to query name servers for information about various hosts and -domains or to print a list of hosts in a domain. Non-interactive mode is -used to print just the name and requested information for a host or -domain. -

-
-
-

ARGUMENTS

-

-Interactive mode is entered in the following cases: -

-
    -

  1. -when no arguments are given (the default name server will be used) -

    2. -

  2. -when the first argument is a hyphen (-) and the second argument is -the host name or Internet address of a name server. -

    3. -
-

-

-

-Non-interactive mode is used when the name or Internet address of the -host to be looked up is given as the first argument. The optional second -argument specifies the host name or address of a name server. -

-

-Options can also be specified on the command line if they precede the -arguments and are prefixed with a hyphen. For example, to -change the default query type to host information, and the initial timeout to 10 seconds, type: -

-
-nslookup -query=hinfo  -timeout=10
-
-

-

-
-
-

INTERACTIVE COMMANDS

-
-
host [server]
-
-

-Look up information for host using the current default server or -using server, if specified. If host is an Internet address and -the query type is A or PTR, the name of the host is returned. -If host is a name and does not have a trailing period, the -search list is used to qualify the name. -

-

-To look up a host not in the current domain, append a period to -the name. -

-
-
server domain
-

-
lserver domain
-

-Change the default server to domain; lserver uses the initial -server to look up information about domain, while server uses -the current default server. If an authoritative answer can't be -found, the names of servers that might have the answer are -returned. -

-
root
-

not implemented

-
finger
-

not implemented

-
ls
-

not implemented

-
view
-

not implemented

-
help
-

not implemented

-
?
-

not implemented

-
exit
-

Exits the program.

-
set keyword[=value]
-
-

This command is used to change state information that affects -the lookups. Valid keywords are: -

-
-
all
-

Prints the current values of the frequently used - options to set. Information about the current default - server and host is also printed. -

-
class=value
-
-

- Change the query class to one of: -

-
-
IN
-

the Internet class

-
CH
-

the Chaos class

-
HS
-

the Hesiod class

-
ANY
-

wildcard

-
-

- The class specifies the protocol group of the information. -

-

- (Default = IN; abbreviation = cl) -

-
-
[no]debug
-
-

- Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. -

-

- (Default = nodebug; abbreviation = [no]deb) -

-
-
[no]d2
-
-

- Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. -

-

- (Default = nod2) -

-
-
domain=name
-

- Sets the search list to name. -

-
[no]search
-
-

- If the lookup request contains at least one period but - doesn't end with a trailing period, append the domain - names in the domain search list to the request until an - answer is received. -

-

- (Default = search) -

-
-
port=value
-
-

- Change the default TCP/UDP name server port to value. -

-

- (Default = 53; abbreviation = po) -

-
-
querytype=value
-

-
type=value
-
-

- Change the type of the information query. -

-

- (Default = A; abbreviations = q, ty) -

-
-
[no]recurse
-
-

- Tell the name server to query other servers if it does not have the - information. -

-

- (Default = recurse; abbreviation = [no]rec) -

-
-
retry=number
-

- Set the number of retries to number. -

-
timeout=number
-

- Change the initial timeout interval for waiting for a - reply to number seconds. -

-
[no]vc
-
-

- Always use a virtual circuit when sending requests to the server. -

-

- (Default = novc) -

-
-
-

-

-
-
-
-
-

FILES

-

-/etc/resolv.conf -

-
-
-

SEE ALSO

-

-dig(1), -host(1), -named(8). -

-
-
-

Author

-

-Andrew Cherenson -

-
-
- diff --git a/contrib/bind-9.3/bin/dnssec/dnssec-keygen.html b/contrib/bind-9.3/bin/dnssec/dnssec-keygen.html deleted file mode 100644 index 7a15099bae..0000000000 --- a/contrib/bind-9.3/bin/dnssec/dnssec-keygen.html +++ /dev/null @@ -1,228 +0,0 @@ - - - - - -dnssec-keygen - - -
-
-
-

Name

-

dnssec-keygen — DNSSEC key generation tool

-
-
-

Synopsis

-

dnssec-keygen {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

-
-
-

DESCRIPTION

-

- dnssec-keygen generates keys for DNSSEC - (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate - keys for use with TSIG (Transaction Signatures), as - defined in RFC 2845. -

-
-
-

OPTIONS

-
-
-a algorithm
-
-

- Selects the cryptographic algorithm. The value of - algorithm must be one of RSAMD5 (RSA) or RSASHA1, - DSA, DH (Diffie Hellman), or HMAC-MD5. These values - are case insensitive. -

-

- Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, - and DSA is recommended. For TSIG, HMAC-MD5 is mandatory. -

-

- Note 2: HMAC-MD5 and DH automatically set the -k flag. -

-
-
-b keysize
-

- Specifies the number of bits in the key. The choice of key - size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between - 512 and 2048 bits. Diffie Hellman keys must be between - 128 and 4096 bits. DSA keys must be between 512 and 1024 - bits and an exact multiple of 64. HMAC-MD5 keys must be - between 1 and 512 bits. -

-
-n nametype
-

- Specifies the owner type of the key. The value of - nametype must either be ZONE (for a DNSSEC - zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), - USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are - case insensitive. -

-
-c class
-

- Indicates that the DNS record containing the key should have - the specified class. If not specified, class IN is used. -

-
-e
-

- If generating an RSAMD5/RSASHA1 key, use a large exponent. -

-
-f flag
-

- Set the specified flag in the flag field of the KEY/DNSKEY record. - The only recognized flag is KSK (Key Signing Key) DNSKEY. -

-
-g generator
-

- If generating a Diffie Hellman key, use this generator. - Allowed values are 2 and 5. If no generator - is specified, a known prime from RFC 2539 will be used - if possible; otherwise the default is 2. -

-
-h
-

- Prints a short summary of the options and arguments to - dnssec-keygen. -

-
-k
-

- Generate KEY records rather than DNSKEY records. -

-
-p protocol
-

- Sets the protocol value for the generated key. The protocol - is a number between 0 and 255. The default is 3 (DNSSEC). - Other possible values for this argument are listed in - RFC 2535 and its successors. -

-
-r randomdev
-

- Specifies the source of randomness. If the operating - system does not provide a /dev/random - or equivalent device, the default source of randomness - is keyboard input. randomdev specifies - the name of a character device or file containing random - data to be used instead of the default. The special value - keyboard indicates that keyboard - input should be used. -

-
-s strength
-

- Specifies the strength value of the key. The strength is - a number between 0 and 15, and currently has no defined - purpose in DNSSEC. -

-
-t type
-

- Indicates the use of the key. type must be - one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default - is AUTHCONF. AUTH refers to the ability to authenticate - data, and CONF the ability to encrypt data. -

-
-v level
-

- Sets the debugging level. -

-
-
-
-

GENERATED KEYS

-

- When dnssec-keygen completes successfully, - it prints a string of the form Knnnn.+aaa+iiiii - to the standard output. This is an identification string for - the key it has generated. -

-
    -

  • - nnnn is the key name. -

    • -

  • - aaa is the numeric representation of the - algorithm. -

    • -

  • - iiiii is the key identifier (or footprint). -

    • -
-

- dnssec-keygen creates two file, with names based - on the printed string. Knnnn.+aaa+iiiii.key - contains the public key, and - Knnnn.+aaa+iiiii.private contains the private - key. -

-

- The .key file contains a DNS KEY record that - can be inserted into a zone file (directly or with a $INCLUDE - statement). -

-

- The .private file contains algorithm specific - fields. For obvious security reasons, this file does not have - general read permission. -

-

- Both .key and .private - files are generated for symmetric encryption algorithm such as - HMAC-MD5, even though the public and private key are equivalent. -

-
-
-

EXAMPLE

-

- To generate a 768-bit DSA key for the domain - example.com, the following command would be - issued: -

-

- dnssec-keygen -a DSA -b 768 -n ZONE example.com -

-

- The command would print a string of the form: -

-

- Kexample.com.+003+26160 -

-

- In this example, dnssec-keygen creates - the files Kexample.com.+003+26160.key and - Kexample.com.+003+26160.private -

-
-
-

SEE ALSO

-

- dnssec-signzone(8), - BIND 9 Administrator Reference Manual, - RFC 2535, - RFC 2845, - RFC 2539. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/dnssec/dnssec-signzone.html b/contrib/bind-9.3/bin/dnssec/dnssec-signzone.html deleted file mode 100644 index bd926312e8..0000000000 --- a/contrib/bind-9.3/bin/dnssec/dnssec-signzone.html +++ /dev/null @@ -1,220 +0,0 @@ - - - - - -dnssec-signzone - - -
-
-
-

Name

-

dnssec-signzone — DNSSEC zone signing tool

-
-
-

Synopsis

-

dnssec-signzone [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-n nthreads] [-o origin] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

-
-
-

DESCRIPTION

-

- dnssec-signzone signs a zone. It generates - NSEC and RRSIG records and produces a signed version of the - zone. The security status of delegations from the signed zone - (that is, whether the child zones are secure or not) is - determined by the presence or absence of a - keyset file for each child zone. -

-
-
-

OPTIONS

-
-
-a
-

- Verify all generated signatures. -

-
-c class
-

- Specifies the DNS class of the zone. -

-
-k key
-

- Treat specified key as a key signing key ignoring any - key flags. This option may be specified multiple times. -

-
-l domain
-

- Generate a DLV set in addition to the key (DNSKEY) and DS sets. - The domain is appended to the name of the records. -

-
-d directory
-

- Look for keyset files in - directory as the directory -

-
-g
-

- Generate DS records for child zones from keyset files. - Existing DS records will be removed. -

-
-s start-time
-

- Specify the date and time when the generated RRSIG records - become valid. This can be either an absolute or relative - time. An absolute start time is indicated by a number - in YYYYMMDDHHMMSS notation; 20000530144500 denotes - 14:45:00 UTC on May 30th, 2000. A relative start time is - indicated by +N, which is N seconds from the current time. - If no start-time is specified, the current - time minus 1 hour (to allow for clock skew) is used. -

-
-e end-time
-

- Specify the date and time when the generated RRSIG records - expire. As with start-time, an absolute - time is indicated in YYYYMMDDHHMMSS notation. A time relative - to the start time is indicated with +N, which is N seconds from - the start time. A time relative to the current time is - indicated with now+N. If no end-time is - specified, 30 days from the start time is used as a default. -

-
-f output-file
-

- The name of the output file containing the signed zone. The - default is to append .signed to the - input file. -

-
-h
-

- Prints a short summary of the options and arguments to - dnssec-signzone. -

-
-i interval
-
-

- When a previously signed zone is passed as input, records - may be resigned. The interval option - specifies the cycle interval as an offset from the current - time (in seconds). If a RRSIG record expires after the - cycle interval, it is retained. Otherwise, it is considered - to be expiring soon, and it will be replaced. -

-

- The default cycle interval is one quarter of the difference - between the signature end and start times. So if neither - end-time or start-time - are specified, dnssec-signzone generates - signatures that are valid for 30 days, with a cycle - interval of 7.5 days. Therefore, if any existing RRSIG records - are due to expire in less than 7.5 days, they would be - replaced. -

-
-
-n ncpus
-

- Specifies the number of threads to use. By default, one - thread is started for each detected CPU. -

-
-o origin
-

- The zone origin. If not specified, the name of the zone file - is assumed to be the origin. -

-
-p
-

- Use pseudo-random data when signing the zone. This is faster, - but less secure, than using real random data. This option - may be useful when signing large zones or when the entropy - source is limited. -

-
-r randomdev
-

- Specifies the source of randomness. If the operating - system does not provide a /dev/random - or equivalent device, the default source of randomness - is keyboard input. randomdev specifies - the name of a character device or file containing random - data to be used instead of the default. The special value - keyboard indicates that keyboard - input should be used. -

-
-t
-

- Print statistics at completion. -

-
-v level
-

- Sets the debugging level. -

-
-z
-

- Ignore KSK flag on key when determining what to sign. -

-
zonefile
-

- The file containing the zone to be signed. -

-
key
-

- The keys used to sign the zone. If no keys are specified, the - default all zone keys that have private key files in the - current directory. -

-
-
-
-

EXAMPLE

-

- The following command signs the example.com - zone with the DSA key generated in the dnssec-keygen - man page. The zone's keys must be in the zone. If there are - keyset files associated with child zones, - they must be in the current directory. - example.com, the following command would be - issued: -

-

- dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160 -

-

- The command would print a string of the form: -

-

- In this example, dnssec-signzone creates - the file db.example.com.signed. This file - should be referenced in a zone statement in a - named.conf file. -

-
-
-

SEE ALSO

-

- dnssec-keygen(8), - BIND 9 Administrator Reference Manual, - RFC 2535. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/named/aclconf.c b/contrib/bind-9.3/bin/named/aclconf.c deleted file mode 100644 index 102a891033..0000000000 --- a/contrib/bind-9.3/bin/named/aclconf.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: aclconf.c,v 1.27.12.7 2006/03/02 00:37:20 marka Exp $ */ - -#include - -#include -#include /* Required for HP/UX (and others?) */ -#include - -#include - -#include -#include -#include - -#include - -#define LOOP_MAGIC ISC_MAGIC('L','O','O','P') - -void -ns_aclconfctx_init(ns_aclconfctx_t *ctx) { - ISC_LIST_INIT(ctx->named_acl_cache); -} - -void -ns_aclconfctx_destroy(ns_aclconfctx_t *ctx) { - dns_acl_t *dacl, *next; - for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); - dacl != NULL; - dacl = next) - { - next = ISC_LIST_NEXT(dacl, nextincache); - dns_acl_detach(&dacl); - } -} - -/* - * Find the definition of the named acl whose name is "name". - */ -static isc_result_t -get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) { - isc_result_t result; - const cfg_obj_t *acls = NULL; - const cfg_listelt_t *elt; - - result = cfg_map_get(cctx, "acl", &acls); - if (result != ISC_R_SUCCESS) - return (result); - for (elt = cfg_list_first(acls); - elt != NULL; - elt = cfg_list_next(elt)) { - const cfg_obj_t *acl = cfg_listelt_value(elt); - const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); - if (strcasecmp(aclname, name) == 0) { - *ret = cfg_tuple_get(acl, "value"); - return (ISC_R_SUCCESS); - } - } - return (ISC_R_NOTFOUND); -} - -static isc_result_t -convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx, - ns_aclconfctx_t *ctx, isc_mem_t *mctx, - dns_acl_t **target) -{ - isc_result_t result; - const cfg_obj_t *cacl = NULL; - dns_acl_t *dacl; - dns_acl_t loop; - const char *aclname = cfg_obj_asstring(nameobj); - - /* Look for an already-converted version. */ - for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); - dacl != NULL; - dacl = ISC_LIST_NEXT(dacl, nextincache)) - { - if (strcasecmp(aclname, dacl->name) == 0) { - if (ISC_MAGIC_VALID(dacl, LOOP_MAGIC)) { - cfg_obj_log(nameobj, dns_lctx, ISC_LOG_ERROR, - "acl loop detected: %s", aclname); - return (ISC_R_FAILURE); - } - dns_acl_attach(dacl, target); - return (ISC_R_SUCCESS); - } - } - /* Not yet converted. Convert now. */ - result = get_acl_def(cctx, aclname, &cacl); - if (result != ISC_R_SUCCESS) { - cfg_obj_log(nameobj, dns_lctx, ISC_LOG_WARNING, - "undefined ACL '%s'", aclname); - return (result); - } - /* - * Add a loop detection element. - */ - memset(&loop, 0, sizeof(loop)); - ISC_LINK_INIT(&loop, nextincache); - DE_CONST(aclname, loop.name); - loop.magic = LOOP_MAGIC; - ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache); - result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl); - ISC_LIST_UNLINK(ctx->named_acl_cache, &loop, nextincache); - loop.magic = 0; - loop.name = NULL; - if (result != ISC_R_SUCCESS) - return (result); - dacl->name = isc_mem_strdup(dacl->mctx, aclname); - if (dacl->name == NULL) - return (ISC_R_NOMEMORY); - ISC_LIST_APPEND(ctx->named_acl_cache, dacl, nextincache); - dns_acl_attach(dacl, target); - return (ISC_R_SUCCESS); -} - -static isc_result_t -convert_keyname(const cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) { - isc_result_t result; - isc_buffer_t buf; - dns_fixedname_t fixname; - unsigned int keylen; - const char *txtname = cfg_obj_asstring(keyobj); - - keylen = strlen(txtname); - isc_buffer_init(&buf, txtname, keylen); - isc_buffer_add(&buf, keylen); - dns_fixedname_init(&fixname); - result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf, - dns_rootname, ISC_FALSE, NULL); - if (result != ISC_R_SUCCESS) { - cfg_obj_log(keyobj, dns_lctx, ISC_LOG_WARNING, - "key name '%s' is not a valid domain name", - txtname); - return (result); - } - return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname)); -} - -isc_result_t -ns_acl_fromconfig(const cfg_obj_t *caml, - const cfg_obj_t *cctx, - ns_aclconfctx_t *ctx, - isc_mem_t *mctx, - dns_acl_t **target) -{ - isc_result_t result; - unsigned int count; - dns_acl_t *dacl = NULL; - dns_aclelement_t *de; - const cfg_listelt_t *elt; - - REQUIRE(target != NULL && *target == NULL); - - count = 0; - for (elt = cfg_list_first(caml); - elt != NULL; - elt = cfg_list_next(elt)) - count++; - - result = dns_acl_create(mctx, count, &dacl); - if (result != ISC_R_SUCCESS) - return (result); - - de = dacl->elements; - for (elt = cfg_list_first(caml); - elt != NULL; - elt = cfg_list_next(elt)) - { - const cfg_obj_t *ce = cfg_listelt_value(elt); - if (cfg_obj_istuple(ce)) { - /* This must be a negated element. */ - ce = cfg_tuple_get(ce, "value"); - de->negative = ISC_TRUE; - } else { - de->negative = ISC_FALSE; - } - - if (cfg_obj_isnetprefix(ce)) { - /* Network prefix */ - de->type = dns_aclelementtype_ipprefix; - - cfg_obj_asnetprefix(ce, - &de->u.ip_prefix.address, - &de->u.ip_prefix.prefixlen); - } else if (cfg_obj_istype(ce, &cfg_type_keyref)) { - /* Key name */ - de->type = dns_aclelementtype_keyname; - dns_name_init(&de->u.keyname, NULL); - result = convert_keyname(ce, mctx, &de->u.keyname); - if (result != ISC_R_SUCCESS) - goto cleanup; - } else if (cfg_obj_islist(ce)) { - /* Nested ACL */ - de->type = dns_aclelementtype_nestedacl; - result = ns_acl_fromconfig(ce, cctx, ctx, mctx, - &de->u.nestedacl); - if (result != ISC_R_SUCCESS) - goto cleanup; - } else if (cfg_obj_isstring(ce)) { - /* ACL name */ - const char *name = cfg_obj_asstring(ce); - if (strcasecmp(name, "localhost") == 0) { - de->type = dns_aclelementtype_localhost; - } else if (strcasecmp(name, "localnets") == 0) { - de->type = dns_aclelementtype_localnets; - } else if (strcasecmp(name, "any") == 0) { - de->type = dns_aclelementtype_any; - } else if (strcasecmp(name, "none") == 0) { - de->type = dns_aclelementtype_any; - de->negative = ISC_TF(! de->negative); - } else { - de->type = dns_aclelementtype_nestedacl; - result = convert_named_acl(ce, cctx, ctx, mctx, - &de->u.nestedacl); - if (result != ISC_R_SUCCESS) - goto cleanup; - } - } else { - cfg_obj_log(ce, dns_lctx, ISC_LOG_WARNING, - "address match list contains " - "unsupported element type"); - result = ISC_R_FAILURE; - goto cleanup; - } - de++; - dacl->length++; - } - - *target = dacl; - return (ISC_R_SUCCESS); - - cleanup: - dns_acl_detach(&dacl); - return (result); -} diff --git a/contrib/bind-9.3/bin/named/lwresd.html b/contrib/bind-9.3/bin/named/lwresd.html deleted file mode 100644 index 6ab78242e7..0000000000 --- a/contrib/bind-9.3/bin/named/lwresd.html +++ /dev/null @@ -1,189 +0,0 @@ - - - - - -lwresd - - -
-
-
-

Name

-

lwresd — lightweight resolver daemon

-
-
-

Synopsis

-

lwresd [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v]

-
-
-

DESCRIPTION

-

- lwresd is the daemon providing name lookup - services to clients that use the BIND 9 lightweight resolver - library. It is essentially a stripped-down, caching-only name - server that answers queries using the BIND 9 lightweight - resolver protocol rather than the DNS protocol. -

-

- lwresd listens for resolver queries on a - UDP port on the IPv4 loopback interface, 127.0.0.1. This - means that lwresd can only be used by - processes running on the local machine. By default UDP port - number 921 is used for lightweight resolver requests and - responses. -

-

- Incoming lightweight resolver requests are decoded by the - server which then resolves them using the DNS protocol. When - the DNS lookup completes, lwresd encodes - the answers in the lightweight resolver format and returns - them to the client that made the request. -

-

- If /etc/resolv.conf contains any - nameserver entries, lwresd - sends recursive DNS queries to those servers. This is similar - to the use of forwarders in a caching name server. If no - nameserver entries are present, or if - forwarding fails, lwresd resolves the - queries autonomously starting at the root name servers, using - a built-in list of root server hints. -

-
-
-

OPTIONS

-
-
-C config-file
-

- Use config-file as the - configuration file instead of the default, - /etc/resolv.conf. -

-
-d debug-level
-

- Set the daemon's debug level to debug-level. - Debugging traces from lwresd become - more verbose as the debug level increases. -

-
-f
-

- Run the server in the foreground (i.e. do not daemonize). -

-
-g
-

- Run the server in the foreground and force all logging - to stderr. -

-
-n #cpus
-

- Create #cpus worker threads - to take advantage of multiple CPUs. If not specified, - lwresd will try to determine the - number of CPUs present and create one thread per CPU. - If it is unable to determine the number of CPUs, a - single worker thread will be created. -

-
-P port
-

- Listen for lightweight resolver queries on port - port. If - not specified, the default is port 921. -

-
-p port
-

- Send DNS lookups to port port. If not - specified, the default is port 53. This provides a - way of testing the lightweight resolver daemon with a - name server that listens for queries on a non-standard - port number. -

-
-s
-
-

- Write memory usage statistics to stdout - on exit. -

-
-

Note

-

- This option is mainly of interest to BIND 9 developers - and may be removed or changed in a future release. -

-
-
-
-t directory
-
-

- chroot() to directory after - processing the command line arguments, but before - reading the configuration file. -

-
-

Warning

-

- This option should be used in conjunction with the - -u option, as chrooting a process - running as root doesn't enhance security on most - systems; the way chroot() is - defined allows a process with root privileges to - escape a chroot jail. -

-
-
-
-u user
-

- setuid() to user after completing - privileged operations, such as creating sockets that - listen on privileged ports. -

-
-v
-

- Report the version number and exit. -

-
-
-
-

FILES

-
-
/etc/resolv.conf
-

- The default configuration file. -

-
/var/run/lwresd.pid
-

- The default process-id file. -

-
-
-
-

SEE ALSO

-

- named(8), - lwres(3), - resolver(5). -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/named/named.html b/contrib/bind-9.3/bin/named/named.html deleted file mode 100644 index 6e77e5b9c3..0000000000 --- a/contrib/bind-9.3/bin/named/named.html +++ /dev/null @@ -1,241 +0,0 @@ - - - - - -named - - -
-
-
-

Name

-

named — Internet domain name server

-
-
-

Synopsis

-

named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

-
-
-

DESCRIPTION

-

- named is a Domain Name System (DNS) server, - part of the BIND 9 distribution from ISC. For more - information on the DNS, see RFCs 1033, 1034, and 1035. -

-

- When invoked without arguments, named will - read the default configuration file - /etc/named.conf, read any initial - data, and listen for queries. -

-
-
-

OPTIONS

-
-
-4
-

- Use IPv4 only even if the host machine is capable of IPv6. - -4 and -6 are mutually - exclusive. -

-
-6
-

- Use IPv6 only even if the host machine is capable of IPv4. - -4 and -6 are mutually - exclusive. -

-
-c config-file
-

- Use config-file as the - configuration file instead of the default, - /etc/named.conf. To - ensure that reloading the configuration file continues - to work after the server has changed its working - directory due to to a possible - directory option in the configuration - file, config-file should be - an absolute pathname. -

-
-d debug-level
-

- Set the daemon's debug level to debug-level. - Debugging traces from named become - more verbose as the debug level increases. -

-
-f
-

- Run the server in the foreground (i.e. do not daemonize). -

-
-g
-

- Run the server in the foreground and force all logging - to stderr. -

-
-n #cpus
-

- Create #cpus worker threads - to take advantage of multiple CPUs. If not specified, - named will try to determine the - number of CPUs present and create one thread per CPU. - If it is unable to determine the number of CPUs, a - single worker thread will be created. -

-
-p port
-

- Listen for queries on port port. If not - specified, the default is port 53. -

-
-s
-
-

- Write memory usage statistics to stdout on exit. -

-
-

Note

-

- This option is mainly of interest to BIND 9 developers - and may be removed or changed in a future release. -

-
-
-
-t directory
-
-

- chroot() to directory after - processing the command line arguments, but before - reading the configuration file. -

-
-

Warning

-

- This option should be used in conjunction with the - -u option, as chrooting a process - running as root doesn't enhance security on most - systems; the way chroot() is - defined allows a process with root privileges to - escape a chroot jail. -

-
-
-
-u user
-
-

- setuid() to user after completing - privileged operations, such as creating sockets that - listen on privileged ports. -

-
-

Note

-

- On Linux, named uses the kernel's - capability mechanism to drop all root privileges - except the ability to bind() to a - privileged port and set process resource limits. - Unfortunately, this means that the -u - option only works when named is run - on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or - later, since previous kernels did not allow privileges - to be retained after setuid(). -

-
-
-
-v
-

- Report the version number and exit. -

-
-x cache-file
-
-

- Load data from cache-file into the - cache of the default view. -

-
-

Warning

-

- This option must not be used. It is only of interest - to BIND 9 developers and may be removed or changed in a - future release. -

-
-
-
-
-
-

SIGNALS

-

- In routine operation, signals should not be used to control - the nameserver; rndc should be used - instead. -

-
-
SIGHUP
-

- Force a reload of the server. -

-
SIGINT, SIGTERM
-

- Shut down the server. -

-
-

- The result of sending any other signals to the server is undefined. -

-
-
-

CONFIGURATION

-

- The named configuration file is too complex - to describe in detail here. A complete description is - provided in the BIND 9 Administrator Reference - Manual. -

-
-
-

FILES

-
-
/etc/named.conf
-

- The default configuration file. -

-
/var/run/named.pid
-

- The default process-id file. -

-
-
-
-

SEE ALSO

-

- RFC 1033, - RFC 1034, - RFC 1035, - rndc(8), - lwresd(8), - named.conf(5), - BIND 9 Administrator Reference Manual. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/nsupdate/nsupdate.html b/contrib/bind-9.3/bin/nsupdate/nsupdate.html deleted file mode 100644 index 4df8280ce8..0000000000 --- a/contrib/bind-9.3/bin/nsupdate/nsupdate.html +++ /dev/null @@ -1,468 +0,0 @@ - - - - - -nsupdate - - -
-
-
-

Name

-

nsupdate — Dynamic DNS update utility

-
-
-

Synopsis

-

nsupdate [-d] [[-y keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-v] [filename]

-
-
-

DESCRIPTION

-

-nsupdate -is used to submit Dynamic DNS Update requests as defined in RFC2136 -to a name server. -This allows resource records to be added or removed from a zone -without manually editing the zone file. -A single update request can contain requests to add or remove more than one -resource record. -

-

-Zones that are under dynamic control via -nsupdate -or a DHCP server should not be edited by hand. -Manual edits could -conflict with dynamic updates and cause data to be lost. -

-

-The resource records that are dynamically added or removed with -nsupdate -have to be in the same zone. -Requests are sent to the zone's master server. -This is identified by the MNAME field of the zone's SOA record. -

-

-The --d -option makes -nsupdate -operate in debug mode. -This provides tracing information about the update requests that are -made and the replies received from the name server. -

-

-Transaction signatures can be used to authenticate the Dynamic DNS -updates. -These use the TSIG resource record type described in RFC2845 or the -SIG(0) record described in RFC3535 and RFC2931. -TSIG relies on a shared secret that should only be known to -nsupdate and the name server. -Currently, the only supported encryption algorithm for TSIG is -HMAC-MD5, which is defined in RFC 2104. -Once other algorithms are defined for TSIG, applications will need to -ensure they select the appropriate algorithm as well as the key when -authenticating each other. -For instance suitable -key -and -server -statements would be added to -/etc/named.conf -so that the name server can associate the appropriate secret key -and algorithm with the IP address of the -client application that will be using TSIG authentication. -SIG(0) uses public key cryptography. To use a SIG(0) key, the public -key must be stored in a KEY record in a zone served by the name server. -nsupdate -does not read -/etc/named.conf. -

-

-nsupdate -uses the --y -or --k -option (with an HMAC-MD5 key) to provide the shared secret needed to generate -a TSIG record for authenticating Dynamic DNS update requests. -These options are mutually exclusive. -With the --k -option, -nsupdate -reads the shared secret from the file -keyfile, -whose name is of the form -K{name}.+157.+{random}.private. -For historical -reasons, the file -K{name}.+157.+{random}.key -must also be present. When the --y -option is used, a signature is generated from -keyname:secret. -keyname -is the name of the key, -and -secret -is the base64 encoded shared secret. -Use of the --y -option is discouraged because the shared secret is supplied as a command -line argument in clear text. -This may be visible in the output from -ps(1 -) -or in a history file maintained by the user's shell. -

-

-The -k may also be used to specify a SIG(0) key used -to authenticate Dynamic DNS update requests. In this case, the key -specified is not an HMAC-MD5 key. -

-

-By default -nsupdate -uses UDP to send update requests to the name server unless they are too -large to fit in a UDP request in which case TCP will be used. -The --v -option makes -nsupdate -use a TCP connection. -This may be preferable when a batch of update requests is made. -

-

The -t option sets the maximum time a update request can -take before it is aborted. The default is 300 seconds. Zero can be used -to disable the timeout. -

-

The -u option sets the UDP retry interval. The default is -3 seconds. If zero the interval will be computed from the timeout interval -and number of UDP retries. -

-

The -r option sets the number of UDP retries. The default is -3. If zero only one update request will be made. -

-
-
-

INPUT FORMAT

-

-nsupdate -reads input from -filename -or standard input. -Each command is supplied on exactly one line of input. -Some commands are for administrative purposes. -The others are either update instructions or prerequisite checks on the -contents of the zone. -These checks set conditions that some name or set of -resource records (RRset) either exists or is absent from the zone. -These conditions must be met if the entire update request is to succeed. -Updates will be rejected if the tests for the prerequisite conditions fail. -

-

-Every update request consists of zero or more prerequisites -and zero or more updates. -This allows a suitably authenticated update request to proceed if some -specified resource records are present or missing from the zone. -A blank input line (or the send command) causes the -accumulated commands to be sent as one Dynamic DNS update request to the -name server. -

-

-The command formats and their meaning are as follows: -

-
-
-

server {servername} [port]

-
-

-Sends all dynamic update requests to the name server -servername. -When no server statement is provided, -nsupdate -will send updates to the master server of the correct zone. -The MNAME field of that zone's SOA record will identify the master -server for that zone. -port -is the port number on -servername -where the dynamic update requests get sent. -If no port number is specified, the default DNS port number of 53 is -used. -

-
-

local {address} [port]

-
-

-Sends all dynamic update requests using the local -address. - -When no local statement is provided, -nsupdate -will send updates using an address and port chosen by the system. -port -can additionally be used to make requests come from a specific port. -If no port number is specified, the system will assign one. -

-
-

zone {zonename}

-
-

-Specifies that all updates are to be made to the zone -zonename. -If no -zone -statement is provided, -nsupdate -will attempt determine the correct zone to update based on the rest of the input. -

-
-

class {classname}

-
-

-Specify the default class. -If no class is specified the default class is -IN. -

-
-

key {name} {secret}

-
-

-Specifies that all updates are to be TSIG signed using the -keyname keysecret pair. -The key command -overrides any key specified on the command line via --y or -k. -

-
-

prereq nxdomain {domain-name}

-
-

-Requires that no resource record of any type exists with name -domain-name. -

-
-

prereq yxdomain {domain-name}

-
-

-Requires that -domain-name -exists (has as at least one resource record, of any type). -

-
-

prereq nxrrset {domain-name} [class] {type}

-
-

-Requires that no resource record exists of the specified -type, -class -and -domain-name. -If -class -is omitted, IN (internet) is assumed. -

-
-

prereq yxrrset {domain-name} [class] {type}

-
-

-This requires that a resource record of the specified -type, -class -and -domain-name -must exist. -If -class -is omitted, IN (internet) is assumed. -

-
-

prereq yxrrset {domain-name} [class] {type} {data...}

-
-

-The -data -from each set of prerequisites of this form -sharing a common -type, -class, -and -domain-name -are combined to form a set of RRs. This set of RRs must -exactly match the set of RRs existing in the zone at the -given -type, -class, -and -domain-name. -The -data -are written in the standard text representation of the resource record's -RDATA. -

-
-

update delete {domain-name} [ttl] [class] [type [data...]]

-
-

-Deletes any resource records named -domain-name. -If -type -and -data -is provided, only matching resource records will be removed. -The internet class is assumed if -class -is not supplied. The -ttl -is ignored, and is only allowed for compatibility. -

-
-

update add {domain-name} {ttl} [class] {type} {data...}

-
-

-Adds a new resource record with the specified -ttl, -class -and -data. -

-
-

show

-
-

-Displays the current message, containing all of the prerequisites and -updates specified since the last send. -

-
-

send

-
-

-Sends the current message. This is equivalent to entering a blank line. -

-
-

answer

-
-

-Displays the answer. -

-
-

-

-

-Lines beginning with a semicolon are comments and are ignored. -

-
-
-

EXAMPLES

-

-The examples below show how -nsupdate -could be used to insert and delete resource records from the -example.com -zone. -Notice that the input in each example contains a trailing blank line so that -a group of commands are sent as one dynamic update request to the -master name server for -example.com. - -

-
-# nsupdate
-> update delete oldhost.example.com A
-> update add newhost.example.com 86400 A 172.16.1.1
-> send
-
-

-

-

-Any A records for -oldhost.example.com -are deleted. -and an A record for -newhost.example.com -it IP address 172.16.1.1 is added. -The newly-added record has a 1 day TTL (86400 seconds) -

-
-# nsupdate
-> prereq nxdomain nickname.example.com
-> update add nickname.example.com 86400 CNAME somehost.example.com
-> send
-
-

-

-

-The prerequisite condition gets the name server to check that there -are no resource records of any type for -nickname.example.com. - -If there are, the update request fails. -If this name does not exist, a CNAME for it is added. -This ensures that when the CNAME is added, it cannot conflict with the -long-standing rule in RFC1034 that a name must not exist as any other -record type if it exists as a CNAME. -(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have -RRSIG, DNSKEY and NSEC records.) -

-
-
-

FILES

-
-
/etc/resolv.conf
-

-used to identify default name server -

-
K{name}.+157.+{random}.key
-

-base-64 encoding of HMAC-MD5 key created by -dnssec-keygen(8). -

-
K{name}.+157.+{random}.private
-

-base-64 encoding of HMAC-MD5 key created by -dnssec-keygen(8). -

-
-
-
-

SEE ALSO

-

-RFC2136, -RFC3007, -RFC2104, -RFC2845, -RFC1034, -RFC2535, -RFC2931, -named(8), -dnssec-keygen(8). -

-
-
-

BUGS

-

-The TSIG key is redundantly stored in two separate files. -This is a consequence of nsupdate using the DST library -for its cryptographic operations, and may change in future -releases. -

-
-
- diff --git a/contrib/bind-9.3/bin/rndc/rndc-confgen.html b/contrib/bind-9.3/bin/rndc/rndc-confgen.html deleted file mode 100644 index 058cd56d16..0000000000 --- a/contrib/bind-9.3/bin/rndc/rndc-confgen.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - -rndc-confgen - - -
-
-
-

Name

-

rndc-confgen — rndc key generation tool

-
-
-

Synopsis

-

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-
-
-

DESCRIPTION

-

- rndc-confgen generates configuration files - for rndc. It can be used as a - convenient alternative to writing the - rndc.conf file - and the corresponding controls - and key - statements in named.conf by hand. - Alternatively, it can be run with the -a - option to set up a rndc.key file and - avoid the need for a rndc.conf file - and a controls statement altogether. -

-
-
-

OPTIONS

-
-
-a
-
-

- Do automatic rndc configuration. - This creates a file rndc.key - in /etc (or whatever - sysconfdir - was specified as when BIND was built) - that is read by both rndc - and named on startup. The - rndc.key file defines a default - command channel and authentication key allowing - rndc to communicate with - named on the local host - with no further configuration. -

-

- Running rndc-confgen -a allows - BIND 9 and rndc to be used as drop-in - replacements for BIND 8 and ndc, - with no changes to the existing BIND 8 - named.conf file. -

-

- If a more elaborate configuration than that - generated by rndc-confgen -a - is required, for example if rndc is to be used remotely, - you should run rndc-confgen without the - -a option and set up a - rndc.conf and - named.conf - as directed. -

-
-
-b keysize
-

- Specifies the size of the authentication key in bits. - Must be between 1 and 512 bits; the default is 128. -

-
-c keyfile
-

- Used with the -a option to specify - an alternate location for rndc.key. -

-
-h
-

- Prints a short summary of the options and arguments to - rndc-confgen. -

-
-k keyname
-

- Specifies the key name of the rndc authentication key. - This must be a valid domain name. - The default is rndc-key. -

-
-p port
-

- Specifies the command channel port where named - listens for connections from rndc. - The default is 953. -

-
-r randomfile
-

- Specifies a source of random data for generating the - authorization. If the operating - system does not provide a /dev/random - or equivalent device, the default source of randomness - is keyboard input. randomdev specifies - the name of a character device or file containing random - data to be used instead of the default. The special value - keyboard indicates that keyboard - input should be used. -

-
-s address
-

- Specifies the IP address where named - listens for command channel connections from - rndc. The default is the loopback - address 127.0.0.1. -

-
-t chrootdir
-

- Used with the -a option to specify - a directory where named will run - chrooted. An additional copy of the rndc.key - will be written relative to this directory so that - it will be found by the chrooted named. -

-
-u user
-

- Used with the -a option to set the owner - of the rndc.key file generated. If - -t is also specified only the file in - the chroot area has its owner changed. -

-
-
-
-

EXAMPLES

-

- To allow rndc to be used with - no manual configuration, run -

-

- rndc-confgen -a -

-

- To print a sample rndc.conf file and - corresponding controls and key - statements to be manually inserted into named.conf, - run -

-

- rndc-confgen -

-
-
-

SEE ALSO

-

- rndc(8), - rndc.conf(5), - named(8), - BIND 9 Administrator Reference Manual. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/rndc/rndc.conf.html b/contrib/bind-9.3/bin/rndc/rndc.conf.html deleted file mode 100644 index fefe616d8d..0000000000 --- a/contrib/bind-9.3/bin/rndc/rndc.conf.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - -rndc.conf - - -
-
-
-

Name

-

rndc.conf — rndc configuration file

-
-
-

Synopsis

-

rndc.conf

-
-
-

DESCRIPTION

-

- rndc.conf is the configuration file - for rndc, the BIND 9 name server control - utility. This file has a similar structure and syntax to - named.conf. Statements are enclosed - in braces and terminated with a semi-colon. Clauses in - the statements are also semi-colon terminated. The usual - comment styles are supported: -

-

- C style: /* */ -

-

- C++ style: // to end of line -

-

- Unix style: # to end of line -

-

- rndc.conf is much simpler than - named.conf. The file uses three - statements: an options statement, a server statement - and a key statement. -

-

- The options statement contains three clauses. - The default-server clause is followed by the - name or address of a name server. This host will be used when - no name server is given as an argument to - rndc. The default-key - clause is followed by the name of a key which is identified by - a key statement. If no - keyid is provided on the rndc command line, - and no key clause is found in a matching - server statement, this default key will be - used to authenticate the server's commands and responses. The - default-port clause is followed by the port - to connect to on the remote name server. If no - port option is provided on the rndc command - line, and no port clause is found in a - matching server statement, this default port - will be used to connect. -

-

- After the server keyword, the server statement - includes a string which is the hostname or address for a name - server. The statement has two possible clauses: - key and port. The key name must - match the name of a key statement in the file. The port number - specifies the port to connect to. -

-

- The key statement begins with an identifying - string, the name of the key. The statement has two clauses. - algorithm identifies the encryption algorithm - for rndc to use; currently only HMAC-MD5 is - supported. This is followed by a secret clause which contains - the base-64 encoding of the algorithm's encryption key. The - base-64 string is enclosed in double quotes. -

-

- There are two common ways to generate the base-64 string for the - secret. The BIND 9 program rndc-confgen can - be used to generate a random key, or the - mmencode program, also known as - mimencode, can be used to generate a base-64 - string from known input. mmencode does not - ship with BIND 9 but is available on many systems. See the - EXAMPLE section for sample command lines for each. -

-
-
-

EXAMPLE

-
-    options {
-        default-server  localhost;
-        default-key     samplekey;
-      };
-
-      server localhost {
-        key             samplekey;
-      };
-
-      key samplekey {
-        algorithm       hmac-md5;
-        secret          "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
-      };
-
-

- In the above example, rndc will by default use - the server at localhost (127.0.0.1) and the key called samplekey. - Commands to the localhost server will use the samplekey key, which - must also be defined in the server's configuration file with the - same name and secret. The key statement indicates that samplekey - uses the HMAC-MD5 algorithm and its secret clause contains the - base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. -

-

- To generate a random secret with rndc-confgen: -

-

- rndc-confgen -

-

- A complete rndc.conf file, including the - randomly generated key, will be written to the standard - output. Commented out key and - controls statements for - named.conf are also printed. -

-

- To generate a base-64 secret with mmencode: -

-

- echo "known plaintext for a secret" | mmencode -

-
-
-

NAME SERVER CONFIGURATION

-

- The name server must be configured to accept rndc connections and - to recognize the key specified in the rndc.conf - file, using the controls statement in named.conf. - See the sections on the controls statement in the - BIND 9 Administrator Reference Manual for details. -

-
-
-

SEE ALSO

-

- rndc(8), - rndc-confgen(8), - mmencode(1), - BIND 9 Administrator Reference Manual. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/bin/rndc/rndc.html b/contrib/bind-9.3/bin/rndc/rndc.html deleted file mode 100644 index 4dfd318814..0000000000 --- a/contrib/bind-9.3/bin/rndc/rndc.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - -rndc - - -
-
-
-

Name

-

rndc — name server control utility

-
-
-

Synopsis

-

rndc [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-
-
-

DESCRIPTION

-

- rndc controls the operation of a name - server. It supersedes the ndc utility - that was provided in old BIND releases. If - rndc is invoked with no command line - options or arguments, it prints a short summary of the - supported commands and the available options and their - arguments. -

-

- rndc communicates with the name server - over a TCP connection, sending commands authenticated with - digital signatures. In the current versions of - rndc and named named - the only supported authentication algorithm is HMAC-MD5, - which uses a shared secret on each end of the connection. - This provides TSIG-style authentication for the command - request and the name server's response. All commands sent - over the channel must be signed by a key_id known to the - server. -

-

- rndc reads a configuration file to - determine how to contact the name server and decide what - algorithm and key it should use. -

-
-
-

OPTIONS

-
-
-c config-file
-

- Use config-file - as the configuration file instead of the default, - /etc/rndc.conf. -

-
-k key-file
-

- Use key-file - as the key file instead of the default, - /etc/rndc.key. The key in - /etc/rndc.key will be used to authenticate - commands sent to the server if the config-file - does not exist. -

-
-s server
-

- server is - the name or address of the server which matches a - server statement in the configuration file for - rndc. If no server is supplied on the - command line, the host named by the default-server clause - in the option statement of the configuration file will be - used. -

-
-p port
-

- Send commands to TCP port - port instead - of BIND 9's default control channel port, 953. -

-
-V
-

- Enable verbose logging. -

-
-y keyid
-

- Use the key keyid - from the configuration file. - keyid must be - known by named with the same algorithm and secret string - in order for control message validation to succeed. - If no keyid - is specified, rndc will first look - for a key clause in the server statement of the server - being used, or if no server statement is present for that - host, then the default-key clause of the options statement. - Note that the configuration file contains shared secrets - which are used to send authenticated control commands - to name servers. It should therefore not have general read - or write access. -

-
-

- For the complete set of commands supported by rndc, - see the BIND 9 Administrator Reference Manual or run - rndc without arguments to see its help message. -

-
-
-

LIMITATIONS

-

- rndc does not yet support all the commands of - the BIND 8 ndc utility. -

-

- There is currently no way to provide the shared secret for a - key_id without using the configuration file. -

-

- Several error messages could be clearer. -

-
-
-

SEE ALSO

-

- rndc.conf(5), - named(8), - named.conf(5) - ndc(8), - BIND 9 Administrator Reference Manual. -

-
-
-

AUTHOR

-

- Internet Systems Consortium -

-
-
- diff --git a/contrib/bind-9.3/lib/bind/api b/contrib/bind-9.3/lib/bind/api deleted file mode 100644 index 8632b1256a..0000000000 --- a/contrib/bind-9.3/lib/bind/api +++ /dev/null @@ -1,3 +0,0 @@ -LIBINTERFACE = 4 -LIBREVISION = 7 -LIBAGE = 0 diff --git a/contrib/bind-9.3/lib/bind/include/resolv.h b/contrib/bind-9.3/lib/bind/include/resolv.h deleted file mode 100644 index 87a95200bb..0000000000 --- a/contrib/bind-9.3/lib/bind/include/resolv.h +++ /dev/null @@ -1,506 +0,0 @@ -/* - * Copyright (c) 1983, 1987, 1989 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (c) 1996-1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * @(#)resolv.h 8.1 (Berkeley) 6/2/93 - * $Id: resolv.h,v 1.7.2.11.4.3 2005/08/25 04:44:13 marka Exp $ - */ - -#ifndef _RESOLV_H_ -#define _RESOLV_H_ - -#include -#if (!defined(BSD)) || (BSD < 199306) -# include -#else -# include -#endif -#include -#include -#include -#include - -/* - * Revision information. This is the release date in YYYYMMDD format. - * It can change every day so the right thing to do with it is use it - * in preprocessor commands such as "#if (__RES > 19931104)". Do not - * compare for equality; rather, use it to determine whether your resolver - * is new enough to contain a certain feature. - */ - -#define __RES 20030124 - -/* - * This used to be defined in res_query.c, now it's in herror.c. - * [XXX no it's not. It's in irs/irs_data.c] - * It was - * never extern'd by any *.h file before it was placed here. For thread - * aware programs, the last h_errno value set is stored in res->h_errno. - * - * XXX: There doesn't seem to be a good reason for exposing RES_SET_H_ERRNO - * (and __h_errno_set) to the public via . - * XXX: __h_errno_set is really part of IRS, not part of the resolver. - * If somebody wants to build and use a resolver that doesn't use IRS, - * what do they do? Perhaps something like - * #ifdef WANT_IRS - * # define RES_SET_H_ERRNO(r,x) __h_errno_set(r,x) - * #else - * # define RES_SET_H_ERRNO(r,x) (h_errno = (r)->res_h_errno = (x)) - * #endif - */ - -#define RES_SET_H_ERRNO(r,x) __h_errno_set(r,x) -struct __res_state; /* forward */ -__BEGIN_DECLS -void __h_errno_set(struct __res_state *res, int err); -__END_DECLS - -/* - * Resolver configuration file. - * Normally not present, but may contain the address of the - * initial name server(s) to query and the domain search list. - */ - -#ifndef _PATH_RESCONF -#define _PATH_RESCONF "/etc/resolv.conf" -#endif - -typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error } - res_sendhookact; - -#ifndef __PMT -#if defined(__STDC__) || defined(__cplusplus) -#define __PMT(args) args -#else -#define __PMT(args) () -#endif -#endif - -typedef res_sendhookact (*res_send_qhook)__PMT((struct sockaddr * const *, - const u_char **, int *, - u_char *, int, int *)); - -typedef res_sendhookact (*res_send_rhook)__PMT((const struct sockaddr *, - const u_char *, int, u_char *, - int, int *)); - -struct res_sym { - int number; /* Identifying number, like T_MX */ - const char * name; /* Its symbolic name, like "MX" */ - const char * humanname; /* Its fun name, like "mail exchanger" */ -}; - -/* - * Global defines and variables for resolver stub. - */ -#define MAXNS 3 /* max # name servers we'll track */ -#define MAXDFLSRCH 3 /* # default domain levels to try */ -#define MAXDNSRCH 6 /* max # domains in search path */ -#define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */ - -#define RES_TIMEOUT 5 /* min. seconds between retries */ -#define MAXRESOLVSORT 10 /* number of net to sort on */ -#define RES_MAXNDOTS 15 /* should reflect bit field size */ -#define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */ -#define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */ -#define RES_DFLRETRY 2 /* Default #/tries. */ -#define RES_MAXTIME 65535 /* Infinity, in milliseconds. */ - -struct __res_state_ext; - -struct __res_state { - int retrans; /* retransmission time interval */ - int retry; /* number of times to retransmit */ -#ifdef sun - u_int options; /* option flags - see below. */ -#else - u_long options; /* option flags - see below. */ -#endif - int nscount; /* number of name servers */ - struct sockaddr_in - nsaddr_list[MAXNS]; /* address of name server */ -#define nsaddr nsaddr_list[0] /* for backward compatibility */ - u_short id; /* current message id */ - char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ - char defdname[256]; /* default domain (deprecated) */ -#ifdef sun - u_int pfcode; /* RES_PRF_ flags - see below. */ -#else - u_long pfcode; /* RES_PRF_ flags - see below. */ -#endif - unsigned ndots:4; /* threshold for initial abs. query */ - unsigned nsort:4; /* number of elements in sort_list[] */ - char unused[3]; - struct { - struct in_addr addr; - u_int32_t mask; - } sort_list[MAXRESOLVSORT]; - res_send_qhook qhook; /* query hook */ - res_send_rhook rhook; /* response hook */ - int res_h_errno; /* last one set for this context */ - int _vcsock; /* PRIVATE: for res_send VC i/o */ - u_int _flags; /* PRIVATE: see below */ - u_int _pad; /* make _u 64 bit aligned */ - union { - /* On an 32-bit arch this means 512b total. */ - char pad[72 - 4*sizeof (int) - 2*sizeof (void *)]; - struct { - u_int16_t nscount; - u_int16_t nstimes[MAXNS]; /* ms. */ - int nssocks[MAXNS]; - struct __res_state_ext *ext; /* extention for IPv6 */ - } _ext; - } _u; -}; - -typedef struct __res_state *res_state; - -union res_sockaddr_union { - struct sockaddr_in sin; -#ifdef IN6ADDR_ANY_INIT - struct sockaddr_in6 sin6; -#endif -#ifdef ISC_ALIGN64 - int64_t __align64; /* 64bit alignment */ -#else - int32_t __align32; /* 32bit alignment */ -#endif - char __space[128]; /* max size */ -}; - -/* - * Resolver flags (used to be discrete per-module statics ints). - */ -#define RES_F_VC 0x00000001 /* socket is TCP */ -#define RES_F_CONN 0x00000002 /* socket is connected */ -#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */ -#define RES_F__UNUSED 0x00000008 /* (unused) */ -#define RES_F_LASTMASK 0x000000F0 /* ordinal server of last res_nsend */ -#define RES_F_LASTSHIFT 4 /* bit position of LASTMASK "flag" */ -#define RES_GETLAST(res) (((res)._flags & RES_F_LASTMASK) >> RES_F_LASTSHIFT) - -/* res_findzonecut2() options */ -#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */ -#define RES_IPV4ONLY 0x00000002 /* IPv4 only */ -#define RES_IPV6ONLY 0x00000004 /* IPv6 only */ - -/* - * Resolver options (keep these in synch with res_debug.c, please) - */ -#define RES_INIT 0x00000001 /* address initialized */ -#define RES_DEBUG 0x00000002 /* print debug messages */ -#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/ -#define RES_USEVC 0x00000008 /* use virtual circuit */ -#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */ -#define RES_IGNTC 0x00000020 /* ignore trucation errors */ -#define RES_RECURSE 0x00000040 /* recursion desired */ -#define RES_DEFNAMES 0x00000080 /* use default domain name */ -#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ -#define RES_DNSRCH 0x00000200 /* search up local domain tree */ -#define RES_INSECURE1 0x00000400 /* type 1 security disabled */ -#define RES_INSECURE2 0x00000800 /* type 2 security disabled */ -#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ -#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ -#define RES_ROTATE 0x00004000 /* rotate ns list after each query */ -#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity. */ -#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */ -#define RES_BLAST 0x00020000 /* blast all recursive servers */ -#define RES_NOTLDQUERY 0x00100000 /* don't unqualified name as a tld */ -#define RES_USE_DNSSEC 0x00200000 /* use DNSSEC using OK bit in OPT */ -/* #define RES_DEBUG2 0x00400000 */ /* nslookup internal */ -/* KAME extensions: use higher bit to avoid conflict with ISC use */ -#define RES_USE_DNAME 0x10000000 /* use DNAME */ -#define RES_USE_EDNS0 0x40000000 /* use EDNS0 if configured */ -#define RES_NO_NIBBLE2 0x80000000 /* disable alternate nibble lookup */ - -#define RES_DEFAULT (RES_RECURSE | RES_DEFNAMES | \ - RES_DNSRCH | RES_NO_NIBBLE2) - -/* - * Resolver "pfcode" values. Used by dig. - */ -#define RES_PRF_STATS 0x00000001 -#define RES_PRF_UPDATE 0x00000002 -#define RES_PRF_CLASS 0x00000004 -#define RES_PRF_CMD 0x00000008 -#define RES_PRF_QUES 0x00000010 -#define RES_PRF_ANS 0x00000020 -#define RES_PRF_AUTH 0x00000040 -#define RES_PRF_ADD 0x00000080 -#define RES_PRF_HEAD1 0x00000100 -#define RES_PRF_HEAD2 0x00000200 -#define RES_PRF_TTLID 0x00000400 -#define RES_PRF_HEADX 0x00000800 -#define RES_PRF_QUERY 0x00001000 -#define RES_PRF_REPLY 0x00002000 -#define RES_PRF_INIT 0x00004000 -#define RES_PRF_TRUNC 0x00008000 -/* 0x00010000 */ - -/* Things involving an internal (static) resolver context. */ -#ifdef _REENTRANT -__BEGIN_DECLS -extern struct __res_state *__res_state(void); -__END_DECLS -#define _res (*__res_state()) -#else -#ifdef __linux -__BEGIN_DECLS -extern struct __res_state * __res_state(void); -__END_DECLS -#endif -#ifndef __BIND_NOSTATIC -extern struct __res_state _res; -#endif -#endif - -#ifndef __BIND_NOSTATIC -#define fp_nquery __fp_nquery -#define fp_query __fp_query -#define hostalias __hostalias -#define p_query __p_query -#define res_close __res_close -#define res_init __res_init -#define res_isourserver __res_isourserver -#define res_mkquery __res_mkquery -#define res_query __res_query -#define res_querydomain __res_querydomain -#define res_search __res_search -#define res_send __res_send -#define res_sendsigned __res_sendsigned - -__BEGIN_DECLS -void fp_nquery __P((const u_char *, int, FILE *)); -void fp_query __P((const u_char *, FILE *)); -const char * hostalias __P((const char *)); -void p_query __P((const u_char *)); -void res_close __P((void)); -int res_init __P((void)); -int res_isourserver __P((const struct sockaddr_in *)); -int res_mkquery __P((int, const char *, int, int, const u_char *, - int, const u_char *, u_char *, int)); -int res_query __P((const char *, int, int, u_char *, int)); -int res_querydomain __P((const char *, const char *, int, int, - u_char *, int)); -int res_search __P((const char *, int, int, u_char *, int)); -int res_send __P((const u_char *, int, u_char *, int)); -int res_sendsigned __P((const u_char *, int, ns_tsig_key *, - u_char *, int)); -__END_DECLS -#endif - -#if !defined(SHARED_LIBBIND) || defined(LIB) -/* - * If libbind is a shared object (well, DLL anyway) - * these externs break the linker when resolv.h is - * included by a lib client (like named) - * Make them go away if a client is including this - * - */ -extern const struct res_sym __p_key_syms[]; -extern const struct res_sym __p_cert_syms[]; -extern const struct res_sym __p_class_syms[]; -extern const struct res_sym __p_type_syms[]; -extern const struct res_sym __p_rcode_syms[]; -#endif /* SHARED_LIBBIND */ - -#define b64_ntop __b64_ntop -#define b64_pton __b64_pton -#define dn_comp __dn_comp -#define dn_count_labels __dn_count_labels -#define dn_expand __dn_expand -#define dn_skipname __dn_skipname -#define fp_resstat __fp_resstat -#define loc_aton __loc_aton -#define loc_ntoa __loc_ntoa -#define p_cdname __p_cdname -#define p_cdnname __p_cdnname -#define p_class __p_class -#define p_fqname __p_fqname -#define p_fqnname __p_fqnname -#define p_option __p_option -#define p_secstodate __p_secstodate -#define p_section __p_section -#define p_time __p_time -#define p_type __p_type -#define p_rcode __p_rcode -#define p_sockun __p_sockun -#define putlong __putlong -#define putshort __putshort -#define res_dnok __res_dnok -#define res_findzonecut __res_findzonecut -#define res_findzonecut2 __res_findzonecut2 -#define res_hnok __res_hnok -#define res_hostalias __res_hostalias -#define res_mailok __res_mailok -#define res_nameinquery __res_nameinquery -#define res_nclose __res_nclose -#define res_ninit __res_ninit -#define res_nmkquery __res_nmkquery -#define res_pquery __res_pquery -#define res_nquery __res_nquery -#define res_nquerydomain __res_nquerydomain -#define res_nsearch __res_nsearch -#define res_nsend __res_nsend -#define res_nsendsigned __res_nsendsigned -#define res_nisourserver __res_nisourserver -#define res_ownok __res_ownok -#define res_queriesmatch __res_queriesmatch -#define res_randomid __res_randomid -#define sym_ntop __sym_ntop -#define sym_ntos __sym_ntos -#define sym_ston __sym_ston -#define res_nopt __res_nopt -#define res_ndestroy __res_ndestroy -#define res_nametoclass __res_nametoclass -#define res_nametotype __res_nametotype -#define res_setservers __res_setservers -#define res_getservers __res_getservers -#define res_buildprotolist __res_buildprotolist -#define res_destroyprotolist __res_destroyprotolist -#define res_destroyservicelist __res_destroyservicelist -#define res_get_nibblesuffix __res_get_nibblesuffix -#define res_get_nibblesuffix2 __res_get_nibblesuffix2 -#define res_ourserver_p __res_ourserver_p -#define res_protocolname __res_protocolname -#define res_protocolnumber __res_protocolnumber -#define res_send_setqhook __res_send_setqhook -#define res_send_setrhook __res_send_setrhook -#define res_servicename __res_servicename -#define res_servicenumber __res_servicenumber -__BEGIN_DECLS -int res_hnok __P((const char *)); -int res_ownok __P((const char *)); -int res_mailok __P((const char *)); -int res_dnok __P((const char *)); -int sym_ston __P((const struct res_sym *, const char *, int *)); -const char * sym_ntos __P((const struct res_sym *, int, int *)); -const char * sym_ntop __P((const struct res_sym *, int, int *)); -int b64_ntop __P((u_char const *, size_t, char *, size_t)); -int b64_pton __P((char const *, u_char *, size_t)); -int loc_aton __P((const char *, u_char *)); -const char * loc_ntoa __P((const u_char *, char *)); -int dn_skipname __P((const u_char *, const u_char *)); -void putlong __P((u_int32_t, u_char *)); -void putshort __P((u_int16_t, u_char *)); -#ifndef __ultrix__ -u_int16_t _getshort __P((const u_char *)); -u_int32_t _getlong __P((const u_char *)); -#endif -const char * p_class __P((int)); -const char * p_time __P((u_int32_t)); -const char * p_type __P((int)); -const char * p_rcode __P((int)); -const char * p_sockun __P((union res_sockaddr_union, char *, size_t)); -const u_char * p_cdnname __P((const u_char *, const u_char *, int, FILE *)); -const u_char * p_cdname __P((const u_char *, const u_char *, FILE *)); -const u_char * p_fqnname __P((const u_char *, const u_char *, - int, char *, int)); -const u_char * p_fqname __P((const u_char *, const u_char *, FILE *)); -const char * p_option __P((u_long)); -char * p_secstodate __P((u_long)); -int dn_count_labels __P((const char *)); -int dn_comp __P((const char *, u_char *, int, - u_char **, u_char **)); -int dn_expand __P((const u_char *, const u_char *, const u_char *, - char *, int)); -u_int res_randomid __P((void)); -int res_nameinquery __P((const char *, int, int, const u_char *, - const u_char *)); -int res_queriesmatch __P((const u_char *, const u_char *, - const u_char *, const u_char *)); -const char * p_section __P((int, int)); -/* Things involving a resolver context. */ -int res_ninit __P((res_state)); -int res_nisourserver __P((const res_state, - const struct sockaddr_in *)); -void fp_resstat __P((const res_state, FILE *)); -void res_pquery __P((const res_state, const u_char *, int, FILE *)); -const char * res_hostalias __P((const res_state, const char *, - char *, size_t)); -int res_nquery __P((res_state, const char *, int, int, - u_char *, int)); -int res_nsearch __P((res_state, const char *, int, int, u_char *, - int)); -int res_nquerydomain __P((res_state, const char *, const char *, - int, int, u_char *, int)); -int res_nmkquery __P((res_state, int, const char *, int, int, - const u_char *, int, const u_char *, - u_char *, int)); -int res_nsend __P((res_state, const u_char *, int, u_char *, int)); -int res_nsendsigned __P((res_state, const u_char *, int, - ns_tsig_key *, u_char *, int)); -int res_findzonecut __P((res_state, const char *, ns_class, int, - char *, size_t, struct in_addr *, int)); -int res_findzonecut2 __P((res_state, const char *, ns_class, int, - char *, size_t, - union res_sockaddr_union *, int)); -void res_nclose __P((res_state)); -int res_nopt __P((res_state, int, u_char *, int, int)); -void res_send_setqhook __P((res_send_qhook)); -void res_send_setrhook __P((res_send_rhook)); -int __res_vinit __P((res_state, int)); -void res_destroyservicelist __P((void)); -const char * res_servicename __P((u_int16_t, const char *)); -const char * res_protocolname __P((int)); -void res_destroyprotolist __P((void)); -void res_buildprotolist __P((void)); -const char * res_get_nibblesuffix __P((res_state)); -const char * res_get_nibblesuffix2 __P((res_state)); -void res_ndestroy __P((res_state)); -u_int16_t res_nametoclass __P((const char *, int *)); -u_int16_t res_nametotype __P((const char *, int *)); -void res_setservers __P((res_state, - const union res_sockaddr_union *, int)); -int res_getservers __P((res_state, - union res_sockaddr_union *, int)); -__END_DECLS - -#endif /* !_RESOLV_H_ */ diff --git a/contrib/bind-9.3/lib/bind9/api b/contrib/bind-9.3/lib/bind9/api deleted file mode 100644 index be7faa6948..0000000000 --- a/contrib/bind-9.3/lib/bind9/api +++ /dev/null @@ -1,3 +0,0 @@ -LIBINTERFACE = 0 -LIBREVISION = 8 -LIBAGE = 0 diff --git a/contrib/bind-9.3/lib/dns/acl.c b/contrib/bind-9.3/lib/dns/acl.c deleted file mode 100644 index e81d5ef338..0000000000 --- a/contrib/bind-9.3/lib/dns/acl.c +++ /dev/null @@ -1,446 +0,0 @@ -/* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: acl.c,v 1.23.52.6 2006/03/02 00:37:20 marka Exp $ */ - -#include - -#include -#include -#include - -#include - -isc_result_t -dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target) { - isc_result_t result; - dns_acl_t *acl; - - /* - * Work around silly limitation of isc_mem_get(). - */ - if (n == 0) - n = 1; - - acl = isc_mem_get(mctx, sizeof(*acl)); - if (acl == NULL) - return (ISC_R_NOMEMORY); - acl->mctx = mctx; - acl->name = NULL; - isc_refcount_init(&acl->refcount, 1); - acl->elements = NULL; - acl->alloc = 0; - acl->length = 0; - - ISC_LINK_INIT(acl, nextincache); - /* - * Must set magic early because we use dns_acl_detach() to clean up. - */ - acl->magic = DNS_ACL_MAGIC; - - acl->elements = isc_mem_get(mctx, n * sizeof(dns_aclelement_t)); - if (acl->elements == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup; - } - acl->alloc = n; - memset(acl->elements, 0, n * sizeof(dns_aclelement_t)); - *target = acl; - return (ISC_R_SUCCESS); - - cleanup: - dns_acl_detach(&acl); - return (result); -} - -isc_result_t -dns_acl_appendelement(dns_acl_t *acl, const dns_aclelement_t *elt) { - if (acl->length + 1 > acl->alloc) { - /* - * Resize the ACL. - */ - unsigned int newalloc; - void *newmem; - - newalloc = acl->alloc * 2; - if (newalloc < 4) - newalloc = 4; - newmem = isc_mem_get(acl->mctx, - newalloc * sizeof(dns_aclelement_t)); - if (newmem == NULL) - return (ISC_R_NOMEMORY); - memcpy(newmem, acl->elements, - acl->length * sizeof(dns_aclelement_t)); - isc_mem_put(acl->mctx, acl->elements, - acl->alloc * sizeof(dns_aclelement_t)); - acl->elements = newmem; - acl->alloc = newalloc; - } - /* - * Append the new element. - */ - acl->elements[acl->length++] = *elt; - - return (ISC_R_SUCCESS); -} - -static isc_result_t -dns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) { - isc_result_t result; - dns_acl_t *acl = NULL; - result = dns_acl_create(mctx, 1, &acl); - if (result != ISC_R_SUCCESS) - return (result); - acl->elements[0].negative = neg; - acl->elements[0].type = dns_aclelementtype_any; - acl->length = 1; - *target = acl; - return (result); -} - -isc_result_t -dns_acl_any(isc_mem_t *mctx, dns_acl_t **target) { - return (dns_acl_anyornone(mctx, ISC_FALSE, target)); -} - -isc_result_t -dns_acl_none(isc_mem_t *mctx, dns_acl_t **target) { - return (dns_acl_anyornone(mctx, ISC_TRUE, target)); -} - -isc_result_t -dns_acl_match(const isc_netaddr_t *reqaddr, - const dns_name_t *reqsigner, - const dns_acl_t *acl, - const dns_aclenv_t *env, - int *match, - dns_aclelement_t const**matchelt) -{ - unsigned int i; - - REQUIRE(reqaddr != NULL); - REQUIRE(matchelt == NULL || *matchelt == NULL); - - for (i = 0; i < acl->length; i++) { - dns_aclelement_t *e = &acl->elements[i]; - - if (dns_aclelement_match(reqaddr, reqsigner, - e, env, matchelt)) { - *match = e->negative ? -((int)i+1) : ((int)i+1); - return (ISC_R_SUCCESS); - } - } - /* No match. */ - *match = 0; - return (ISC_R_SUCCESS); -} - -isc_result_t -dns_acl_elementmatch(const dns_acl_t *acl, - const dns_aclelement_t *elt, - const dns_aclelement_t **matchelt) -{ - unsigned int i; - - REQUIRE(elt != NULL); - REQUIRE(matchelt == NULL || *matchelt == NULL); - - for (i = 0; i < acl->length; i++) { - dns_aclelement_t *e = &acl->elements[i]; - - if (dns_aclelement_equal(e, elt) == ISC_TRUE) { - if (matchelt != NULL) - *matchelt = e; - return (ISC_R_SUCCESS); - } - } - - return (ISC_R_NOTFOUND); -} - -isc_boolean_t -dns_aclelement_match(const isc_netaddr_t *reqaddr, - const dns_name_t *reqsigner, - const dns_aclelement_t *e, - const dns_aclenv_t *env, - const dns_aclelement_t **matchelt) -{ - dns_acl_t *inner = NULL; - const isc_netaddr_t *addr; - isc_netaddr_t v4addr; - int indirectmatch; - isc_result_t result; - - switch (e->type) { - case dns_aclelementtype_ipprefix: - if (env == NULL || - env->match_mapped == ISC_FALSE || - reqaddr->family != AF_INET6 || - !IN6_IS_ADDR_V4MAPPED(&reqaddr->type.in6)) - addr = reqaddr; - else { - isc_netaddr_fromv4mapped(&v4addr, reqaddr); - addr = &v4addr; - } - - if (isc_netaddr_eqprefix(addr, - &e->u.ip_prefix.address, - e->u.ip_prefix.prefixlen)) - goto matched; - break; - - case dns_aclelementtype_keyname: - if (reqsigner != NULL && - dns_name_equal(reqsigner, &e->u.keyname)) - goto matched; - break; - - case dns_aclelementtype_nestedacl: - inner = e->u.nestedacl; - nested: - result = dns_acl_match(reqaddr, reqsigner, - inner, - env, - &indirectmatch, matchelt); - INSIST(result == ISC_R_SUCCESS); - - /* - * Treat negative matches in indirect ACLs as - * "no match". - * That way, a negated indirect ACL will never become - * a surprise positive match through double negation. - * XXXDCL this should be documented. - */ - if (indirectmatch > 0) - goto matchelt_set; - - /* - * A negative indirect match may have set *matchelt, - * but we don't want it set when we return. - */ - if (matchelt != NULL) - *matchelt = NULL; - break; - - case dns_aclelementtype_any: - matched: - if (matchelt != NULL) - *matchelt = e; - matchelt_set: - return (ISC_TRUE); - - case dns_aclelementtype_localhost: - if (env != NULL && env->localhost != NULL) { - inner = env->localhost; - goto nested; - } else { - break; - } - - case dns_aclelementtype_localnets: - if (env != NULL && env->localnets != NULL) { - inner = env->localnets; - goto nested; - } else { - break; - } - - default: - INSIST(0); - break; - } - - return (ISC_FALSE); -} - -void -dns_acl_attach(dns_acl_t *source, dns_acl_t **target) { - REQUIRE(DNS_ACL_VALID(source)); - isc_refcount_increment(&source->refcount, NULL); - *target = source; -} - -static void -destroy(dns_acl_t *dacl) { - unsigned int i; - for (i = 0; i < dacl->length; i++) { - dns_aclelement_t *de = &dacl->elements[i]; - switch (de->type) { - case dns_aclelementtype_keyname: - dns_name_free(&de->u.keyname, dacl->mctx); - break; - case dns_aclelementtype_nestedacl: - dns_acl_detach(&de->u.nestedacl); - break; - default: - break; - } - } - if (dacl->elements != NULL) - isc_mem_put(dacl->mctx, dacl->elements, - dacl->alloc * sizeof(dns_aclelement_t)); - if (dacl->name != NULL) - isc_mem_free(dacl->mctx, dacl->name); - isc_refcount_destroy(&dacl->refcount); - dacl->magic = 0; - isc_mem_put(dacl->mctx, dacl, sizeof(*dacl)); -} - -void -dns_acl_detach(dns_acl_t **aclp) { - dns_acl_t *acl = *aclp; - unsigned int refs; - REQUIRE(DNS_ACL_VALID(acl)); - isc_refcount_decrement(&acl->refcount, &refs); - if (refs == 0) - destroy(acl); - *aclp = NULL; -} - -isc_boolean_t -dns_aclelement_equal(const dns_aclelement_t *ea, const dns_aclelement_t *eb) { - if (ea->type != eb->type) - return (ISC_FALSE); - switch (ea->type) { - case dns_aclelementtype_ipprefix: - if (ea->u.ip_prefix.prefixlen != - eb->u.ip_prefix.prefixlen) - return (ISC_FALSE); - return (isc_netaddr_eqprefix(&ea->u.ip_prefix.address, - &eb->u.ip_prefix.address, - ea->u.ip_prefix.prefixlen)); - case dns_aclelementtype_keyname: - return (dns_name_equal(&ea->u.keyname, &eb->u.keyname)); - case dns_aclelementtype_nestedacl: - return (dns_acl_equal(ea->u.nestedacl, eb->u.nestedacl)); - case dns_aclelementtype_localhost: - case dns_aclelementtype_localnets: - case dns_aclelementtype_any: - return (ISC_TRUE); - default: - INSIST(0); - return (ISC_FALSE); - } -} - -isc_boolean_t -dns_acl_equal(const dns_acl_t *a, const dns_acl_t *b) { - unsigned int i; - if (a == b) - return (ISC_TRUE); - if (a->length != b->length) - return (ISC_FALSE); - for (i = 0; i < a->length; i++) { - if (! dns_aclelement_equal(&a->elements[i], - &b->elements[i])) - return (ISC_FALSE); - } - return (ISC_TRUE); -} - -static isc_boolean_t -is_loopback(const dns_aclipprefix_t *p) { - switch (p->address.family) { - case AF_INET: - if (p->prefixlen == 32 && - htonl(p->address.type.in.s_addr) == INADDR_LOOPBACK) - return (ISC_TRUE); - break; - case AF_INET6: - if (p->prefixlen == 128 && - IN6_IS_ADDR_LOOPBACK(&p->address.type.in6)) - return (ISC_TRUE); - break; - default: - break; - } - return (ISC_FALSE); -} - -isc_boolean_t -dns_acl_isinsecure(const dns_acl_t *a) { - unsigned int i; - for (i = 0; i < a->length; i++) { - dns_aclelement_t *e = &a->elements[i]; - - /* A negated match can never be insecure. */ - if (e->negative) - continue; - - switch (e->type) { - case dns_aclelementtype_ipprefix: - /* The loopback address is considered secure. */ - if (! is_loopback(&e->u.ip_prefix)) - return (ISC_TRUE); - continue; - - case dns_aclelementtype_keyname: - case dns_aclelementtype_localhost: - continue; - - case dns_aclelementtype_nestedacl: - if (dns_acl_isinsecure(e->u.nestedacl)) - return (ISC_TRUE); - continue; - - case dns_aclelementtype_localnets: - case dns_aclelementtype_any: - return (ISC_TRUE); - - default: - INSIST(0); - return (ISC_TRUE); - } - } - /* No insecure elements were found. */ - return (ISC_FALSE); -} - -isc_result_t -dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) { - isc_result_t result; - env->localhost = NULL; - env->localnets = NULL; - result = dns_acl_create(mctx, 0, &env->localhost); - if (result != ISC_R_SUCCESS) - goto cleanup_nothing; - result = dns_acl_create(mctx, 0, &env->localnets); - if (result != ISC_R_SUCCESS) - goto cleanup_localhost; - env->match_mapped = ISC_FALSE; - return (ISC_R_SUCCESS); - - cleanup_localhost: - dns_acl_detach(&env->localhost); - cleanup_nothing: - return (result); -} - -void -dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s) { - dns_acl_detach(&t->localhost); - dns_acl_attach(s->localhost, &t->localhost); - dns_acl_detach(&t->localnets); - dns_acl_attach(s->localnets, &t->localnets); - t->match_mapped = s->match_mapped; -} - -void -dns_aclenv_destroy(dns_aclenv_t *env) { - dns_acl_detach(&env->localhost); - dns_acl_detach(&env->localnets); -} diff --git a/contrib/bind-9.3/lib/dns/api b/contrib/bind-9.3/lib/dns/api deleted file mode 100644 index 95b29be1b7..0000000000 --- a/contrib/bind-9.3/lib/dns/api +++ /dev/null @@ -1,3 +0,0 @@ -LIBINTERFACE = 23 -LIBREVISION = 0 -LIBAGE = 1 diff --git a/contrib/bind-9.3/lib/dns/gssapi_link.c b/contrib/bind-9.3/lib/dns/gssapi_link.c deleted file mode 100644 index 0a2e848a58..0000000000 --- a/contrib/bind-9.3/lib/dns/gssapi_link.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * $Id: gssapi_link.c,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $ - */ - -#ifdef GSSAPI - -#include - -#include -#include -#include -#include - -#include - -#include "dst_internal.h" -#include "dst_parse.h" - -#include - -#define INITIAL_BUFFER_SIZE 1024 -#define BUFFER_EXTRA 1024 - -#define REGION_TO_GBUFFER(r, gb) \ - do { \ - (gb).length = (r).length; \ - (gb).value = (r).base; \ - } while (0) - -typedef struct gssapi_ctx { - isc_buffer_t *buffer; - gss_ctx_id_t *context_id; -} gssapi_ctx_t; - - -static isc_result_t -gssapi_createctx(dst_key_t *key, dst_context_t *dctx) { - gssapi_ctx_t *ctx; - isc_result_t result; - - UNUSED(key); - - ctx = isc_mem_get(dctx->mctx, sizeof(gssapi_ctx_t)); - if (ctx == NULL) - return (ISC_R_NOMEMORY); - ctx->buffer = NULL; - result = isc_buffer_allocate(dctx->mctx, &ctx->buffer, - INITIAL_BUFFER_SIZE); - if (result != ISC_R_SUCCESS) { - isc_mem_put(dctx->mctx, ctx, sizeof(gssapi_ctx_t)); - return (result); - } - ctx->context_id = key->opaque; - dctx->opaque = ctx; - return (ISC_R_SUCCESS); -} - -static void -gssapi_destroyctx(dst_context_t *dctx) { - gssapi_ctx_t *ctx = dctx->opaque; - - if (ctx != NULL) { - if (ctx->buffer != NULL) - isc_buffer_free(&ctx->buffer); - isc_mem_put(dctx->mctx, ctx, sizeof(gssapi_ctx_t)); - dctx->opaque = NULL; - } -} - -static isc_result_t -gssapi_adddata(dst_context_t *dctx, const isc_region_t *data) { - gssapi_ctx_t *ctx = dctx->opaque; - isc_buffer_t *newbuffer = NULL; - isc_region_t r; - unsigned int length; - isc_result_t result; - - result = isc_buffer_copyregion(ctx->buffer, data); - if (result == ISC_R_SUCCESS) - return (ISC_R_SUCCESS); - - length = isc_buffer_length(ctx->buffer) + data->length + BUFFER_EXTRA; - - result = isc_buffer_allocate(dctx->mctx, &newbuffer, length); - if (result != ISC_R_SUCCESS) - return (result); - - isc_buffer_usedregion(ctx->buffer, &r); - (void) isc_buffer_copyregion(newbuffer, &r); - (void) isc_buffer_copyregion(newbuffer, data); - - isc_buffer_free(&ctx->buffer); - ctx->buffer = newbuffer; - - return (ISC_R_SUCCESS); -} - -static isc_result_t -gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) { - gssapi_ctx_t *ctx = dctx->opaque; - isc_region_t message; - gss_buffer_desc gmessage, gsig; - OM_uint32 minor, gret; - - isc_buffer_usedregion(ctx->buffer, &message); - REGION_TO_GBUFFER(message, gmessage); - - gret = gss_get_mic(&minor, ctx->context_id, - GSS_C_QOP_DEFAULT, &gmessage, &gsig); - if (gret != 0) - return (ISC_R_FAILURE); - - if (gsig.length > isc_buffer_availablelength(sig)) { - gss_release_buffer(&minor, &gsig); - return (ISC_R_NOSPACE); - } - - isc_buffer_putmem(sig, gsig.value, gsig.length); - - gss_release_buffer(&minor, &gsig); - - return (ISC_R_SUCCESS); -} - -static isc_result_t -gssapi_verify(dst_context_t *dctx, const isc_region_t *sig) { - gssapi_ctx_t *ctx = dctx->opaque; - isc_region_t message; - gss_buffer_desc gmessage, gsig; - OM_uint32 minor, gret; - - isc_buffer_usedregion(ctx->buffer, &message); - REGION_TO_GBUFFER(message, gmessage); - - REGION_TO_GBUFFER(*sig, gsig); - - gret = gss_verify_mic(&minor, ctx->context_id, &gmessage, &gsig, NULL); - if (gret != 0) - return (ISC_R_FAILURE); - - return (ISC_R_SUCCESS); -} - -static isc_boolean_t -gssapi_compare(const dst_key_t *key1, const dst_key_t *key2) { - gss_ctx_id_t gsskey1 = key1->opaque; - gss_ctx_id_t gsskey2 = key2->opaque; - - /* No idea */ - return (ISC_TF(gsskey1 == gsskey2)); -} - -static isc_result_t -gssapi_generate(dst_key_t *key, int unused) { - UNUSED(key); - UNUSED(unused); - - /* No idea */ - return (ISC_R_FAILURE); -} - -static isc_boolean_t -gssapi_isprivate(const dst_key_t *key) { - UNUSED(key); - return (ISC_TRUE); -} - -static void -gssapi_destroy(dst_key_t *key) { - UNUSED(key); - /* No idea */ -} - -static dst_func_t gssapi_functions = { - gssapi_createctx, - gssapi_destroyctx, - gssapi_adddata, - gssapi_sign, - gssapi_verify, - NULL, /* computesecret */ - gssapi_compare, - NULL, /* paramcompare */ - gssapi_generate, - gssapi_isprivate, - gssapi_destroy, - NULL, /* todns */ - NULL, /* fromdns */ - NULL, /* tofile */ - NULL, /* parse */ - NULL, /* cleanup */ -}; - -isc_result_t -dst__gssapi_init(dst_func_t **funcp) { - REQUIRE(funcp != NULL); - if (*funcp == NULL) - *funcp = &gssapi_functions; - return (ISC_R_SUCCESS); -} - -#else -int gssapi_link_unneeded = 1; -#endif diff --git a/contrib/bind-9.3/lib/dns/gssapictx.c b/contrib/bind-9.3/lib/dns/gssapictx.c deleted file mode 100644 index 2605a7a051..0000000000 --- a/contrib/bind-9.3/lib/dns/gssapictx.c +++ /dev/null @@ -1,262 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: gssapictx.c,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $ */ - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "dst_internal.h" - -#ifdef GSSAPI - -#include - -#define RETERR(x) do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto out; \ - } while (0) - -#define REGION_TO_GBUFFER(r, gb) \ - do { \ - (gb).length = (r).length; \ - (gb).value = (r).base; \ - } while (0) - -#define GBUFFER_TO_REGION(gb, r) \ - do { \ - (r).length = (gb).length; \ - (r).base = (gb).value; \ - } while (0) - -static inline void -name_to_gbuffer(dns_name_t *name, isc_buffer_t *buffer, - gss_buffer_desc *gbuffer) -{ - dns_name_t tname, *namep; - isc_region_t r; - isc_result_t result; - - if (!dns_name_isabsolute(name)) - namep = name; - else { - unsigned int labels; - dns_name_init(&tname, NULL); - labels = dns_name_countlabels(name); - dns_name_getlabelsequence(name, 0, labels - 1, &tname); - namep = &tname; - } - - result = dns_name_totext(namep, ISC_FALSE, buffer); - isc_buffer_putuint8(buffer, 0); - isc_buffer_usedregion(buffer, &r); - REGION_TO_GBUFFER(r, *gbuffer); -} - -isc_result_t -dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, void **cred) { - isc_buffer_t namebuf; - gss_name_t gname; - gss_buffer_desc gnamebuf; - unsigned char array[DNS_NAME_MAXTEXT + 1]; - OM_uint32 gret, minor; - gss_OID_set mechs; - OM_uint32 lifetime; - gss_cred_usage_t usage; - - REQUIRE(cred != NULL && *cred == NULL); - - if (name != NULL) { - isc_buffer_init(&namebuf, array, sizeof(array)); - name_to_gbuffer(name, &namebuf, &gnamebuf); - gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, - &gname); - if (gret != GSS_S_COMPLETE) - return (ISC_R_FAILURE); - } else - gname = NULL; - - if (initiate) - usage = GSS_C_INITIATE; - else - usage = GSS_C_ACCEPT; - - gret = gss_acquire_cred(&minor, gname, GSS_C_INDEFINITE, - GSS_C_NO_OID_SET, usage, - cred, &mechs, &lifetime); - if (gret != GSS_S_COMPLETE) - return (ISC_R_FAILURE); - return (ISC_R_SUCCESS); -} - -isc_result_t -dst_gssapi_initctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context) -{ - isc_region_t r; - isc_buffer_t namebuf; - gss_buffer_desc gnamebuf, gintoken, *gintokenp, gouttoken; - OM_uint32 gret, minor, flags, ret_flags; - gss_OID mech_type, ret_mech_type; - OM_uint32 lifetime; - gss_name_t gname; - isc_result_t result; - unsigned char array[DNS_NAME_MAXTEXT + 1]; - - isc_buffer_init(&namebuf, array, sizeof(array)); - name_to_gbuffer(name, &namebuf, &gnamebuf); - gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname); - if (gret != GSS_S_COMPLETE) - return (ISC_R_FAILURE); - - if (intoken != NULL) { - REGION_TO_GBUFFER(*intoken, gintoken); - gintokenp = &gintoken; - } else - gintokenp = NULL; - - if (*context == NULL) - *context = GSS_C_NO_CONTEXT; - flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG | - GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG; - mech_type = GSS_C_NO_OID; - - gret = gss_init_sec_context(&minor, cred, context, gname, - mech_type, flags, 0, - GSS_C_NO_CHANNEL_BINDINGS, gintokenp, - &ret_mech_type, &gouttoken, &ret_flags, - &lifetime); - if (gret != GSS_S_COMPLETE && gret != GSS_S_CONTINUE_NEEDED) - return (ISC_R_FAILURE); - - GBUFFER_TO_REGION(gouttoken, r); - RETERR(isc_buffer_copyregion(outtoken, &r)); - - if (gret == GSS_S_COMPLETE) - return (ISC_R_SUCCESS); - else - return (DNS_R_CONTINUE); - - out: - return (result); -} - -isc_result_t -dst_gssapi_acceptctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context) -{ - isc_region_t r; - isc_buffer_t namebuf; - gss_buffer_desc gnamebuf, gintoken, gouttoken; - OM_uint32 gret, minor, flags; - gss_OID mech_type; - OM_uint32 lifetime; - gss_cred_id_t delegated_cred; - gss_name_t gname; - isc_result_t result; - unsigned char array[DNS_NAME_MAXTEXT + 1]; - - isc_buffer_init(&namebuf, array, sizeof(array)); - name_to_gbuffer(name, &namebuf, &gnamebuf); - gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname); - if (gret != GSS_S_COMPLETE) - return (ISC_R_FAILURE); - - REGION_TO_GBUFFER(*intoken, gintoken); - - if (*context == NULL) - *context = GSS_C_NO_CONTEXT; - - gret = gss_accept_sec_context(&minor, context, cred, &gintoken, - GSS_C_NO_CHANNEL_BINDINGS, gname, - &mech_type, &gouttoken, &flags, - &lifetime, &delegated_cred); - if (gret != GSS_S_COMPLETE) - return (ISC_R_FAILURE); - - GBUFFER_TO_REGION(gouttoken, r); - RETERR(isc_buffer_copyregion(outtoken, &r)); - - return (ISC_R_SUCCESS); - - out: - return (result); -} - -#else - -isc_result_t -dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, void **cred) { - UNUSED(name); - UNUSED(initiate); - UNUSED(cred); - return (ISC_R_NOTIMPLEMENTED); -} - -isc_result_t -dst_gssapi_initctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context) -{ - UNUSED(name); - UNUSED(cred); - UNUSED(intoken); - UNUSED(outtoken); - UNUSED(context); - return (ISC_R_NOTIMPLEMENTED); -} - -isc_result_t -dst_gssapi_acceptctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context) -{ - UNUSED(name); - UNUSED(cred); - UNUSED(intoken); - UNUSED(outtoken); - UNUSED(context); - return (ISC_R_NOTIMPLEMENTED); -} - -#endif diff --git a/contrib/bind-9.3/lib/dns/hmac_link.c b/contrib/bind-9.3/lib/dns/hmac_link.c deleted file mode 100644 index 762fceecb4..0000000000 --- a/contrib/bind-9.3/lib/dns/hmac_link.c +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (C) 1999-2002 Internet Software Consortium. - * Portions Copyright (C) 1995-2000 by Network Associates, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE - * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR - * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $ - */ - -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include "dst_internal.h" -#include "dst_parse.h" - -#define HMAC_LEN 64 -#define HMAC_IPAD 0x36 -#define HMAC_OPAD 0x5c - -static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data); - -typedef struct hmackey { - unsigned char key[HMAC_LEN]; -} HMAC_Key; - -static isc_result_t -hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) { - isc_hmacmd5_t *hmacmd5ctx; - HMAC_Key *hkey = key->opaque; - - hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t)); - if (hmacmd5ctx == NULL) - return (ISC_R_NOMEMORY); - isc_hmacmd5_init(hmacmd5ctx, hkey->key, HMAC_LEN); - dctx->opaque = hmacmd5ctx; - return (ISC_R_SUCCESS); -} - -static void -hmacmd5_destroyctx(dst_context_t *dctx) { - isc_hmacmd5_t *hmacmd5ctx = dctx->opaque; - - if (hmacmd5ctx != NULL) { - isc_hmacmd5_invalidate(hmacmd5ctx); - isc_mem_put(dctx->mctx, hmacmd5ctx, sizeof(isc_hmacmd5_t)); - dctx->opaque = NULL; - } -} - -static isc_result_t -hmacmd5_adddata(dst_context_t *dctx, const isc_region_t *data) { - isc_hmacmd5_t *hmacmd5ctx = dctx->opaque; - - isc_hmacmd5_update(hmacmd5ctx, data->base, data->length); - return (ISC_R_SUCCESS); -} - -static isc_result_t -hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) { - isc_hmacmd5_t *hmacmd5ctx = dctx->opaque; - unsigned char *digest; - - if (isc_buffer_availablelength(sig) < ISC_MD5_DIGESTLENGTH) - return (ISC_R_NOSPACE); - digest = isc_buffer_used(sig); - isc_hmacmd5_sign(hmacmd5ctx, digest); - isc_buffer_add(sig, ISC_MD5_DIGESTLENGTH); - - return (ISC_R_SUCCESS); -} - -static isc_result_t -hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) { - isc_hmacmd5_t *hmacmd5ctx = dctx->opaque; - - if (sig->length < ISC_MD5_DIGESTLENGTH) - return (DST_R_VERIFYFAILURE); - - if (isc_hmacmd5_verify(hmacmd5ctx, sig->base)) - return (ISC_R_SUCCESS); - else - return (DST_R_VERIFYFAILURE); -} - -static isc_boolean_t -hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) { - HMAC_Key *hkey1, *hkey2; - - hkey1 = (HMAC_Key *)key1->opaque; - hkey2 = (HMAC_Key *)key2->opaque; - - if (hkey1 == NULL && hkey2 == NULL) - return (ISC_TRUE); - else if (hkey1 == NULL || hkey2 == NULL) - return (ISC_FALSE); - - if (memcmp(hkey1->key, hkey2->key, HMAC_LEN) == 0) - return (ISC_TRUE); - else - return (ISC_FALSE); -} - -static isc_result_t -hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) { - isc_buffer_t b; - isc_result_t ret; - int bytes; - unsigned char data[HMAC_LEN]; - - bytes = (key->key_size + 7) / 8; - if (bytes > 64) { - bytes = 64; - key->key_size = 512; - } - - memset(data, 0, HMAC_LEN); - ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); - - if (ret != ISC_R_SUCCESS) - return (ret); - - isc_buffer_init(&b, data, bytes); - isc_buffer_add(&b, bytes); - ret = hmacmd5_fromdns(key, &b); - memset(data, 0, HMAC_LEN); - - return (ret); -} - -static isc_boolean_t -hmacmd5_isprivate(const dst_key_t *key) { - UNUSED(key); - return (ISC_TRUE); -} - -static void -hmacmd5_destroy(dst_key_t *key) { - HMAC_Key *hkey = key->opaque; - memset(hkey, 0, sizeof(HMAC_Key)); - isc_mem_put(key->mctx, hkey, sizeof(HMAC_Key)); - key->opaque = NULL; -} - -static isc_result_t -hmacmd5_todns(const dst_key_t *key, isc_buffer_t *data) { - HMAC_Key *hkey; - unsigned int bytes; - - REQUIRE(key->opaque != NULL); - - hkey = (HMAC_Key *) key->opaque; - - bytes = (key->key_size + 7) / 8; - if (isc_buffer_availablelength(data) < bytes) - return (ISC_R_NOSPACE); - isc_buffer_putmem(data, hkey->key, bytes); - - return (ISC_R_SUCCESS); -} - -static isc_result_t -hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { - HMAC_Key *hkey; - int keylen; - isc_region_t r; - isc_md5_t md5ctx; - - isc_buffer_remainingregion(data, &r); - if (r.length == 0) - return (ISC_R_SUCCESS); - - hkey = (HMAC_Key *) isc_mem_get(key->mctx, sizeof(HMAC_Key)); - if (hkey == NULL) - return (ISC_R_NOMEMORY); - - memset(hkey->key, 0, sizeof(hkey->key)); - - if (r.length > HMAC_LEN) { - isc_md5_init(&md5ctx); - isc_md5_update(&md5ctx, r.base, r.length); - isc_md5_final(&md5ctx, hkey->key); - keylen = ISC_MD5_DIGESTLENGTH; - } - else { - memcpy(hkey->key, r.base, r.length); - keylen = r.length; - } - - key->key_size = keylen * 8; - key->opaque = hkey; - - return (ISC_R_SUCCESS); -} - -static isc_result_t -hmacmd5_tofile(const dst_key_t *key, const char *directory) { - int cnt = 0; - HMAC_Key *hkey; - dst_private_t priv; - int bytes = (key->key_size + 7) / 8; - - if (key->opaque == NULL) - return (DST_R_NULLKEY); - - hkey = (HMAC_Key *) key->opaque; - - priv.elements[cnt].tag = TAG_HMACMD5_KEY; - priv.elements[cnt].length = bytes; - priv.elements[cnt++].data = hkey->key; - - priv.nelements = cnt; - return (dst__privstruct_writefile(key, &priv, directory)); -} - -static isc_result_t -hmacmd5_parse(dst_key_t *key, isc_lex_t *lexer) { - dst_private_t priv; - isc_result_t ret; - isc_buffer_t b; - isc_mem_t *mctx = key->mctx; - - /* read private key file */ - ret = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, &priv); - if (ret != ISC_R_SUCCESS) - return (ret); - - isc_buffer_init(&b, priv.elements[0].data, priv.elements[0].length); - isc_buffer_add(&b, priv.elements[0].length); - ret = hmacmd5_fromdns(key, &b); - dst__privstruct_free(&priv, mctx); - memset(&priv, 0, sizeof(priv)); - return (ret); -} - -static dst_func_t hmacmd5_functions = { - hmacmd5_createctx, - hmacmd5_destroyctx, - hmacmd5_adddata, - hmacmd5_sign, - hmacmd5_verify, - NULL, /* computesecret */ - hmacmd5_compare, - NULL, /* paramcompare */ - hmacmd5_generate, - hmacmd5_isprivate, - hmacmd5_destroy, - hmacmd5_todns, - hmacmd5_fromdns, - hmacmd5_tofile, - hmacmd5_parse, - NULL, /* cleanup */ -}; - -isc_result_t -dst__hmacmd5_init(dst_func_t **funcp) { - REQUIRE(funcp != NULL); - if (*funcp == NULL) - *funcp = &hmacmd5_functions; - return (ISC_R_SUCCESS); -} diff --git a/contrib/bind-9.3/lib/dns/include/dns/rbt.h b/contrib/bind-9.3/lib/dns/include/dns/rbt.h deleted file mode 100644 index 6f99a7dfb0..0000000000 --- a/contrib/bind-9.3/lib/dns/include/dns/rbt.h +++ /dev/null @@ -1,838 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: rbt.h,v 1.55.12.6 2004/10/11 05:55:51 marka Exp $ */ - -#ifndef DNS_RBT_H -#define DNS_RBT_H 1 - -#include -#include - -#include - -ISC_LANG_BEGINDECLS - -#define DNS_RBT_USEHASH 1 - -/* - * Option values for dns_rbt_findnode() and dns_rbt_findname(). - * These are used to form a bitmask. - */ -#define DNS_RBTFIND_NOOPTIONS 0x00 -#define DNS_RBTFIND_EMPTYDATA 0x01 -#define DNS_RBTFIND_NOEXACT 0x02 -#define DNS_RBTFIND_NOPREDECESSOR 0x04 - -/* - * These should add up to 30. - */ -#define DNS_RBT_LOCKLENGTH 10 -#define DNS_RBT_REFLENGTH 20 - -#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O') -#if DNS_RBT_USEMAGIC -#define DNS_RBTNODE_VALID(n) ISC_MAGIC_VALID(n, DNS_RBTNODE_MAGIC) -#else -#define DNS_RBTNODE_VALID(n) ISC_TRUE -#endif - -/* - * This is the structure that is used for each node in the red/black - * tree of trees. NOTE WELL: the implementation manages this as a variable - * length structure, with the actual wire-format name and other data - * appended to this structure. Allocating a contiguous block of memory for - * multiple dns_rbtnode structures will not work. - */ -typedef struct dns_rbtnode { -#if DNS_RBT_USEMAGIC - unsigned int magic; -#endif - struct dns_rbtnode *parent; - struct dns_rbtnode *left; - struct dns_rbtnode *right; - struct dns_rbtnode *down; -#ifdef DNS_RBT_USEHASH - struct dns_rbtnode *hashnext; -#endif - /* - * The following bitfields add up to a total bitwidth of 32. - * The range of values necessary for each item is indicated, - * but in the case of "attributes" the field is wider to accomodate - * possible future expansion. "offsetlen" could be one bit - * narrower by always adjusting its value by 1 to find the real - * offsetlen, but doing so does not gain anything (except perhaps - * another bit for "attributes", which doesn't yet need any more). - * - * In each case below the "range" indicated is what's _necessary_ for - * the bitfield to hold, not what it actually _can_ hold. - */ - unsigned int is_root : 1; /* range is 0..1 */ - unsigned int color : 1; /* range is 0..1 */ - unsigned int find_callback : 1; /* range is 0..1 */ - unsigned int attributes : 4; /* range is 0..2 */ - unsigned int namelen : 8; /* range is 1..255 */ - unsigned int offsetlen : 8; /* range is 1..128 */ - unsigned int padbytes : 9; /* range is 0..380 */ - -#ifdef DNS_RBT_USEHASH - unsigned int hashval; -#endif - - /* - * These values are used in the RBT DB implementation. The appropriate - * node lock must be held before accessing them. - */ - void *data; - unsigned int dirty:1; - unsigned int wild:1; - unsigned int locknum:DNS_RBT_LOCKLENGTH; - unsigned int references:DNS_RBT_REFLENGTH; -} dns_rbtnode_t; - -typedef isc_result_t (*dns_rbtfindcallback_t)(dns_rbtnode_t *node, - dns_name_t *name, - void *callback_arg); - -/***** - ***** Chain Info - *****/ - -/* - * A chain is used to keep track of the sequence of nodes to reach any given - * node from the root of the tree. Originally nodes did not have parent - * pointers in them (for memory usage reasons) so there was no way to find - * the path back to the root from any given node. Now that nodes have parent - * pointers, chains might be going away in a future release, though the - * movement functionality would remain. - * - * In any event, parent information, whether via parent pointers or chains, is - * necessary information for iterating through the tree or for basic internal - * tree maintenance issues (ie, the rotations that are done to rebalance the - * tree when a node is added). The obvious implication of this is that for a - * chain to remain valid, the tree has to be locked down against writes for the - * duration of the useful life of the chain, because additions or removals can - * change the path from the root to the node the chain has targetted. - * - * The dns_rbtnodechain_ functions _first, _last, _prev and _next all take - * dns_name_t parameters for the name and the origin, which can be NULL. If - * non-NULL, 'name' will end up pointing to the name data and offsets that are - * stored at the node (and thus it will be read-only), so it should be a - * regular dns_name_t that has been initialized with dns_name_init. When - * 'origin' is non-NULL, it will get the name of the origin stored in it, so it - * needs to have its own buffer space and offsets, which is most easily - * accomplished with a dns_fixedname_t. It is _not_ necessary to reinitialize - * either 'name' or 'origin' between calls to the chain functions. - * - * NOTE WELL: even though the name data at the root of the tree of trees will - * be absolute (typically just "."), it will will be made into a relative name - * with an origin of "." -- an empty name when the node is ".". This is - * because a common on operation on 'name' and 'origin' is to use - * dns_name_concatenate() on them to generate the complete name. An empty name - * can be detected when dns_name_countlabels == 0, and is printed by - * dns_name_totext()/dns_name_format() as "@", consistent with RFC1035's - * definition of "@" as the current origin. - * - * dns_rbtnodechain_current is similar to the _first, _last, _prev and _next - * functions but additionally can provide the node to which the chain points. - */ - -/* - * The number of level blocks to allocate at a time. Currently the maximum - * number of levels is allocated directly in the structure, but future - * revisions of this code might have a static initial block with dynamic - * growth. Allocating space for 256 levels when the tree is almost never that - * deep is wasteful, but it's not clear that it matters, since the waste is - * only 2MB for 1000 concurrently active chains on a system with 64-bit - * pointers. - */ -#define DNS_RBT_LEVELBLOCK 254 - -typedef struct dns_rbtnodechain { - unsigned int magic; - isc_mem_t * mctx; - /* - * The terminal node of the chain. It is not in levels[]. - * This is ostensibly private ... but in a pinch it could be - * used tell that the chain points nowhere without needing to - * call dns_rbtnodechain_current(). - */ - dns_rbtnode_t * end; - /* - * The maximum number of labels in a name is 128; bitstrings mean - * a conceptually very large number (which I have not bothered to - * compute) of logical levels because splitting can potentially occur - * at each bit. However, DNSSEC restricts the number of "logical" - * labels in a name to 255, meaning only 254 pointers are needed - * in the worst case. - */ - dns_rbtnode_t * levels[DNS_RBT_LEVELBLOCK]; - /* - * level_count indicates how deep the chain points into the - * tree of trees, and is the index into the levels[] array. - * Thus, levels[level_count - 1] is the last level node stored. - * A chain that points to the top level of the tree of trees has - * a level_count of 0, the first level has a level_count of 1, and - * so on. - */ - unsigned int level_count; - /* - * level_matches tells how many levels matched above the node - * returned by dns_rbt_findnode(). A match (partial or exact) found - * in the first level thus results in level_matches being set to 1. - * This is used by the rbtdb to set the start point for a recursive - * search of superdomains until the RR it is looking for is found. - */ - unsigned int level_matches; -} dns_rbtnodechain_t; - -/***** - ***** Public interfaces. - *****/ - -isc_result_t -dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *), - void *deleter_arg, dns_rbt_t **rbtp); -/* - * Initialize a red-black tree of trees. - * - * Notes: - * The deleter argument, if non-null, points to a function that is - * responsible for cleaning up any memory associated with the data - * pointer of a node when the node is deleted. It is passed the - * deleted node's data pointer as its first argument and deleter_arg - * as its second argument. - * - * Requires: - * mctx is a pointer to a valid memory context. - * rbtp != NULL && *rbtp == NULL - * arg == NULL iff deleter == NULL - * - * Ensures: - * If result is ISC_R_SUCCESS: - * *rbtp points to a valid red-black tree manager - * - * If result is failure: - * *rbtp does not point to a valid red-black tree manager. - * - * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource limit: Out of Memory - */ - -isc_result_t -dns_rbt_addname(dns_rbt_t *rbt, dns_name_t *name, void *data); -/* - * Add 'name' to the tree of trees, associated with 'data'. - * - * Notes: - * 'data' is never required to be non-NULL, but specifying it - * when the name is added is faster than searching for 'name' - * again and then setting the data pointer. The lack of a data pointer - * for a node also has other ramifications regarding whether - * dns_rbt_findname considers a node to exist, or dns_rbt_deletename - * joins nodes. - * - * Requires: - * rbt is a valid rbt manager. - * dns_name_isabsolute(name) == TRUE - * - * Ensures: - * 'name' is not altered in any way. - * - * Any external references to nodes in the tree are unaffected by - * node splits that are necessary to insert the new name. - * - * If result is ISC_R_SUCCESS: - * 'name' is findable in the red/black tree of trees in O(log N). - * - * The data pointer of the node for 'name' is set to 'data'. - * - * If result is ISC_R_EXISTS or ISC_R_NOSPACE: - * The tree of trees is unaltered. - * - * If result is ISC_R_NOMEMORY: - * No guarantees. - * - * Returns: - * ISC_R_SUCCESS Success - * ISC_R_EXISTS The name already exists with associated data. - * ISC_R_NOSPACE The name had more logical labels than are allowed. - * ISC_R_NOMEMORY Resource Limit: Out of Memory - */ - -isc_result_t -dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep); - -/* - * Just like dns_rbt_addname, but returns the address of the node. - * - * Requires: - * rbt is a valid rbt structure. - * dns_name_isabsolute(name) == TRUE - * nodep != NULL && *nodep == NULL - * - * Ensures: - * 'name' is not altered in any way. - * - * Any external references to nodes in the tree are unaffected by - * node splits that are necessary to insert the new name. - * - * If result is ISC_R_SUCCESS: - * 'name' is findable in the red/black tree of trees in O(log N). - * - * *nodep is the node that was added for 'name'. - * - * If result is ISC_R_EXISTS: - * The tree of trees is unaltered. - * - * *nodep is the existing node for 'name'. - * - * If result is ISC_R_NOMEMORY: - * No guarantees. - * - * Returns: - * ISC_R_SUCCESS Success - * ISC_R_EXISTS The name already exists, possibly without data. - * ISC_R_NOMEMORY Resource Limit: Out of Memory - */ - -isc_result_t -dns_rbt_findname(dns_rbt_t *rbt, dns_name_t *name, unsigned int options, - dns_name_t *foundname, void **data); -/* - * Get the data pointer associated with 'name'. - * - * Notes: - * When DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is - * returned (also subject to DNS_RBTFIND_EMPTYDATA), even when there is - * an exact match in the tree. - * - * A node that has no data is considered not to exist for this function, - * unless the DNS_RBTFIND_EMPTYDATA option is set. - * - * Requires: - * rbt is a valid rbt manager. - * dns_name_isabsolute(name) == TRUE - * data != NULL && *data == NULL - * - * Ensures: - * 'name' and the tree are not altered in any way. - * - * If result is ISC_R_SUCCESS: - * *data is the data associated with 'name'. - * - * If result is DNS_R_PARTIALMATCH: - * *data is the data associated with the deepest superdomain - * of 'name' which has data. - * - * If result is ISC_R_NOTFOUND: - * Neither the name nor a superdomain was found with data. - * - * Returns: - * ISC_R_SUCCESS Success - * DNS_R_PARTIALMATCH Superdomain found with data - * ISC_R_NOTFOUND No match - * ISC_R_NOSPACE Concatenating nodes to form foundname failed - */ - -isc_result_t -dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, - dns_rbtnode_t **node, dns_rbtnodechain_t *chain, - unsigned int options, dns_rbtfindcallback_t callback, - void *callback_arg); -/* - * Find the node for 'name'. - * - * Notes: - * A node that has no data is considered not to exist for this function, - * unless the DNS_RBTFIND_EMPTYDATA option is set. This applies to both - * exact matches and partial matches. - * - * If the chain parameter is non-NULL, then the path through the tree - * to the DNSSEC predecessor of the searched for name is maintained, - * unless the DNS_RBTFIND_NOPREDECESSOR or DNS_RBTFIND_NOEXACT option - * is used. (For more details on those options, see below.) - * - * If there is no predecessor, then the chain will point to nowhere, as - * indicated by chain->end being NULL or dns_rbtnodechain_current - * returning ISC_R_NOTFOUND. Note that in a normal Internet DNS RBT - * there will always be a predecessor for all names except the root - * name, because '.' will exist and '.' is the predecessor of - * everything. But you can certainly construct a trivial tree and a - * search for it that has no predecessor. - * - * Within the chain structure, the 'levels' member of the structure holds - * the root node of each level except the first. - * - * The 'level_count' of the chain indicates how deep the chain to the - * predecessor name is, as an index into the 'levels[]' array. It does - * not count name elements, per se, but only levels of the tree of trees, - * the distinction arrising because multiple labels from a name can be - * stored on only one level. It is also does not include the level - * that has the node, since that level is not stored in levels[]. - * - * The chain's 'level_matches' is not directly related to the predecessor. - * It is the number of levels above the level of the found 'node', - * regardless of whether it was a partial match or exact match. When - * the node is found in the top level tree, or no node is found at all, - * level_matches is 0. - * - * When DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is - * returned (also subject to DNS_RBTFIND_EMPTYDATA), even when - * there is an exact match in the tree. In this case, the chain - * will not point to the DNSSEC predecessor, but will instead point - * to the exact match, if there was any. Thus the preceding paragraphs - * should have "exact match" substituted for "predecessor" to describe - * how the various elements of the chain are set. This was done to - * ensure that the chain's state was sane, and to prevent problems that - * occurred when running the predecessor location code under conditions - * it was not designed for. It is not clear *where* the chain should - * point when DNS_RBTFIND_NOEXACT is set, so if you end up using a chain - * with this option because you want a particular node, let us know - * where you want the chain pointed, so this can be made more firm. - * - * Requires: - * rbt is a valid rbt manager. - * dns_name_isabsolute(name) == TRUE. - * node != NULL && *node == NULL. - * DNS_RBTFIND_NOEXACT and DNS_RBTFIND_NOPREDECESSOR are mutally - * exclusive. - * - * Ensures: - * 'name' and the tree are not altered in any way. - * - * If result is ISC_R_SUCCESS: - * *node is the terminal node for 'name'. - * - * 'foundname' and 'name' represent the same name (though not - * the same memory). - * - * 'chain' points to the DNSSEC predecessor, if any, of 'name'. - * - * chain->level_matches and chain->level_count are equal. - * - * If result is DNS_R_PARTIALMATCH: - * *node is the data associated with the deepest superdomain - * of 'name' which has data. - * - * 'foundname' is the name of deepest superdomain (which has - * data, unless the DNS_RBTFIND_EMPTYDATA option is set). - * - * 'chain' points to the DNSSEC predecessor, if any, of 'name'. - * - * If result is ISC_R_NOTFOUND: - * Neither the name nor a superdomain was found. *node is NULL. - * - * 'chain' points to the DNSSEC predecessor, if any, of 'name'. - * - * chain->level_matches is 0. - * - * Returns: - * ISC_R_SUCCESS Success - * DNS_R_PARTIALMATCH Superdomain found with data - * ISC_R_NOTFOUND No match, or superdomain with no data - * ISC_R_NOSPACE Concatenating nodes to form foundname failed - */ - -isc_result_t -dns_rbt_deletename(dns_rbt_t *rbt, dns_name_t *name, isc_boolean_t recurse); -/* - * Delete 'name' from the tree of trees. - * - * Notes: - * When 'name' is removed, if recurse is ISC_TRUE then all of its - * subnames are removed too. - * - * Requires: - * rbt is a valid rbt manager. - * dns_name_isabsolute(name) == TRUE - * - * Ensures: - * 'name' is not altered in any way. - * - * Does NOT ensure that any external references to nodes in the tree - * are unaffected by node joins. - * - * If result is ISC_R_SUCCESS: - * 'name' does not appear in the tree with data; however, - * the node for the name might still exist which can be - * found with dns_rbt_findnode (but not dns_rbt_findname). - * - * If result is ISC_R_NOTFOUND: - * 'name' does not appear in the tree with data, because - * it did not appear in the tree before the function was called. - * - * If result is something else: - * See result codes for dns_rbt_findnode (if it fails, the - * node is not deleted) or dns_rbt_deletenode (if it fails, - * the node is deleted, but the tree is not optimized when - * it could have been). - * - * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOTFOUND No match - * something_else Any return code from dns_rbt_findnode except - * DNS_R_PARTIALMATCH (which causes ISC_R_NOTFOUND - * to be returned instead), and any code from - * dns_rbt_deletenode. - */ - -isc_result_t -dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse); -/* - * Delete 'node' from the tree of trees. - * - * Notes: - * When 'node' is removed, if recurse is ISC_TRUE then all nodes - * in levels down from it are removed too. - * - * Requires: - * rbt is a valid rbt manager. - * node != NULL. - * - * Ensures: - * Does NOT ensure that any external references to nodes in the tree - * are unaffected by node joins. - * - * If result is ISC_R_SUCCESS: - * 'node' does not appear in the tree with data; however, - * the node might still exist if it serves as a pointer to - * a lower tree level as long as 'recurse' was false, hence - * the node could can be found with dns_rbt_findnode whem - * that function's empty_data_ok parameter is true. - * - * If result is ISC_R_NOMEMORY or ISC_R_NOSPACE: - * The node was deleted, but the tree structure was not - * optimized. - * - * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource Limit: Out of Memory when joining nodes. - * ISC_R_NOSPACE dns_name_concatenate failed when joining nodes. - */ - -void -dns_rbt_namefromnode(dns_rbtnode_t *node, dns_name_t *name); -/* - * Convert the sequence of labels stored at 'node' into a 'name'. - * - * Notes: - * This function does not return the full name, from the root, but - * just the labels at the indicated node. - * - * The name data pointed to by 'name' is the information stored - * in the node, not a copy. Altering the data at this pointer - * will likely cause grief. - * - * Requires: - * name->offsets == NULL - * - * Ensures: - * 'name' is DNS_NAMEATTR_READONLY. - * - * 'name' will point directly to the labels stored after the - * dns_rbtnode_t struct. - * - * 'name' will have offsets that also point to the information stored - * as part of the node. - */ - -isc_result_t -dns_rbt_fullnamefromnode(dns_rbtnode_t *node, dns_name_t *name); -/* - * Like dns_rbt_namefromnode, but returns the full name from the root. - * - * Notes: - * Unlike dns_rbt_namefromnode, the name will not point directly - * to node data. Rather, dns_name_concatenate will be used to copy - * the name data from each node into the 'name' argument. - * - * Requires: - * name != NULL - * name has a dedicated buffer. - * - * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE (possible via dns_name_concatenate) - * DNS_R_NAMETOOLONG (possible via dns_name_concatenate) - */ - -char * -dns_rbt_formatnodename(dns_rbtnode_t *node, char *printname, - unsigned int size); -/* - * Format the full name of a node for printing, using dns_name_format(). - * - * Notes: - * 'size' is the length of the printname buffer. This should be - * DNS_NAME_FORMATSIZE or larger. - * - * Requires: - * node and printname are not NULL. - * - * Returns: - * The 'printname' pointer. - */ - -unsigned int -dns_rbt_nodecount(dns_rbt_t *rbt); -/* - * Obtain the number of nodes in the tree of trees. - * - * Requires: - * rbt is a valid rbt manager. - */ - -void -dns_rbt_destroy(dns_rbt_t **rbtp); -isc_result_t -dns_rbt_destroy2(dns_rbt_t **rbtp, unsigned int quantum); -/* - * Stop working with a red-black tree of trees. - * If 'quantum' is zero then the entire tree will be destroyed. - * If 'quantum' is non zero then up to 'quantum' nodes will be destroyed - * allowing the rbt to be incrementally destroyed by repeated calls to - * dns_rbt_destroy2(). Once dns_rbt_destroy2() has been called no other - * operations than dns_rbt_destroy()/dns_rbt_destroy2() should be - * performed on the tree of trees. - * - * Requires: - * *rbt is a valid rbt manager. - * - * Ensures on ISC_R_SUCCESS: - * All space allocated by the RBT library has been returned. - * - * *rbt is invalidated as an rbt manager. - * - * Returns: - * ISC_R_SUCCESS - * ISC_R_QUOTA if 'quantum' nodes have been destroyed. - */ - -void -dns_rbt_printall(dns_rbt_t *rbt); -/* - * Print an ASCII representation of the internal structure of the red-black - * tree of trees. - * - * Notes: - * The name stored at each node, along with the node's color, is printed. - * Then the down pointer, left and right pointers are displayed - * recursively in turn. NULL down pointers are silently omitted; - * NULL left and right pointers are printed. - */ - -/***** - ***** Chain Functions - *****/ - -void -dns_rbtnodechain_init(dns_rbtnodechain_t *chain, isc_mem_t *mctx); -/* - * Initialize 'chain'. - * - * Requires: - * 'chain' is a valid pointer. - * - * 'mctx' is a valid memory context. - * - * Ensures: - * 'chain' is suitable for use. - */ - -void -dns_rbtnodechain_reset(dns_rbtnodechain_t *chain); -/* - * Free any dynamic storage associated with 'chain', and then reinitialize - * 'chain'. - * - * Requires: - * 'chain' is a valid pointer. - * - * Ensures: - * 'chain' is suitable for use, and uses no dynamic storage. - */ - -void -dns_rbtnodechain_invalidate(dns_rbtnodechain_t *chain); -/* - * Free any dynamic storage associated with 'chain', and then invalidates it. - * - * Notes: - * Future calls to any dns_rbtnodechain_ function will need to call - * dns_rbtnodechain_init on the chain first (except, of course, - * dns_rbtnodechain_init itself). - * - * Requires: - * 'chain' is a valid chain. - * - * Ensures: - * 'chain' is no longer suitable for use, and uses no dynamic storage. - */ - -isc_result_t -dns_rbtnodechain_current(dns_rbtnodechain_t *chain, dns_name_t *name, - dns_name_t *origin, dns_rbtnode_t **node); -/* - * Provide the name, origin and node to which the chain is currently pointed. - * - * Notes: - * The tree need not have be locked against additions for the chain - * to remain valid, however there are no guarantees if any deletion - * has been made since the chain was established. - * - * Requires: - * 'chain' is a valid chain. - * - * Ensures: - * 'node', if non-NULL, is the node to which the chain was pointed - * by dns_rbt_findnode, dns_rbtnodechain_first or dns_rbtnodechain_last. - * If none were called for the chain since it was initialized or reset, - * or if the was no predecessor to the name searched for with - * dns_rbt_findnode, then '*node' is NULL and ISC_R_NOTFOUND is returned. - * - * 'name', if non-NULL, is the name stored at the terminal level of - * the chain. This is typically a single label, like the "www" of - * "www.isc.org", but need not be so. At the root of the tree of trees, - * if the node is "." then 'name' is ".", otherwise it is relative to ".". - * (Minimalist and atypical case: if the tree has just the name - * "isc.org." then the root node's stored name is "isc.org." but 'name' - * will be "isc.org".) - * - * 'origin', if non-NULL, is the sequence of labels in the levels - * above the terminal level, such as "isc.org." in the above example. - * 'origin' is always "." for the root node. - * - * - * Returns: - * ISC_R_SUCCESS name, origin & node were successfully set. - * ISC_R_NOTFOUND The chain does not point to any node. - * Any error return from dns_name_concatenate. - */ - -isc_result_t -dns_rbtnodechain_first(dns_rbtnodechain_t *chain, dns_rbt_t *rbt, - dns_name_t *name, dns_name_t *origin); -/* - * Set the chain to the lexically first node in the tree of trees. - * - * Notes: - * By the definition of ordering for DNS names, the root of the tree of - * trees is the very first node, since everything else in the megatree - * uses it as a common suffix. - * - * Requires: - * 'chain' is a valid chain. - * 'rbt' is a valid rbt manager. - * - * Ensures: - * The chain points to the very first node of the tree. - * - * 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. Thus 'origin' will always be ".". - * - * Returns: - * DNS_R_NEWORIGIN The name & origin were successfully set. - * Any error result from dns_rbtnodechain_current. - */ - -isc_result_t -dns_rbtnodechain_last(dns_rbtnodechain_t *chain, dns_rbt_t *rbt, - dns_name_t *name, dns_name_t *origin); -/* - * Set the chain to the lexically last node in the tree of trees. - * - * Requires: - * 'chain' is a valid chain. - * 'rbt' is a valid rbt manager. - * - * Ensures: - * The chain points to the very last node of the tree. - * - * 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. - * - * Returns: - * DNS_R_NEWORIGIN The name & origin were successfully set. - * ISC_R_NOMEMORY Resource Limit: Out of Memory building chain. - * Any error result from dns_name_concatenate. - */ - -isc_result_t -dns_rbtnodechain_prev(dns_rbtnodechain_t *chain, dns_name_t *name, - dns_name_t *origin); -/* - * Adjusts chain to point the DNSSEC predecessor of the name to which it - * is currently pointed. - * - * Requires: - * 'chain' is a valid chain. - * 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, - * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that - * dns_rbt_findnode is not guaranteed to point the chain somewhere, - * since there may have been no predecessor to the searched for name. - * - * Ensures: - * The chain is pointed to the predecessor of its current target. - * - * 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. - * - * 'origin' is only if a new origin was found. - * - * Returns: - * ISC_R_SUCCESS The predecessor was found and 'name' was set. - * DNS_R_NEWORIGIN The predecessor was found with a different - * origin and 'name' and 'origin' were set. - * ISC_R_NOMORE There was no predecessor. - * Any error result from dns_rbtnodechain_current. - */ - -isc_result_t -dns_rbtnodechain_next(dns_rbtnodechain_t *chain, dns_name_t *name, - dns_name_t *origin); -/* - * Adjusts chain to point the DNSSEC successor of the name to which it - * is currently pointed. - * - * Requires: - * 'chain' is a valid chain. - * 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, - * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that - * dns_rbt_findnode is not guaranteed to point the chain somewhere, - * since there may have been no predecessor to the searched for name. - * - * Ensures: - * The chain is pointed to the successor of its current target. - * - * 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. - * - * 'origin' is only if a new origin was found. - * - * Returns: - * ISC_R_SUCCESS The successor was found and 'name' was set. - * DNS_R_NEWORIGIN The successor was found with a different - * origin and 'name' and 'origin' were set. - * ISC_R_NOMORE There was no successor. - * Any error result from dns_name_concatenate. - */ - -ISC_LANG_ENDDECLS - -#endif /* DNS_RBT_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/stats.h b/contrib/bind-9.3/lib/dns/include/dns/stats.h deleted file mode 100644 index db94b52919..0000000000 --- a/contrib/bind-9.3/lib/dns/include/dns/stats.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: stats.h,v 1.4.206.1 2004/03/06 08:14:00 marka Exp $ */ - -#ifndef DNS_STATS_H -#define DNS_STATS_H 1 - -#include - -/* - * Query statistics counter types. - */ -typedef enum { - dns_statscounter_success = 0, /* Successful lookup */ - dns_statscounter_referral = 1, /* Referral result */ - dns_statscounter_nxrrset = 2, /* NXRRSET result */ - dns_statscounter_nxdomain = 3, /* NXDOMAIN result */ - dns_statscounter_recursion = 4, /* Recursion was used */ - dns_statscounter_failure = 5 /* Some other failure */ -} dns_statscounter_t; - -#define DNS_STATS_NCOUNTERS 6 - -LIBDNS_EXTERNAL_DATA extern const char *dns_statscounter_names[]; - -isc_result_t -dns_stats_alloccounters(isc_mem_t *mctx, isc_uint64_t **ctrp); -/* - * Allocate an array of query statistics counters from the memory - * context 'mctx'. - */ - -void -dns_stats_freecounters(isc_mem_t *mctx, isc_uint64_t **ctrp); -/* - * Free an array of query statistics counters allocated from the memory - * context 'mctx'. - */ - -ISC_LANG_ENDDECLS - -#endif /* DNS_STATS_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/tkey.h b/contrib/bind-9.3/lib/dns/include/dns/tkey.h deleted file mode 100644 index e5ca3b3bf4..0000000000 --- a/contrib/bind-9.3/lib/dns/include/dns/tkey.h +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: tkey.h,v 1.18.206.1 2004/03/06 08:14:00 marka Exp $ */ - -#ifndef DNS_TKEY_H -#define DNS_TKEY_H 1 - -#include - -#include - -#include - -ISC_LANG_BEGINDECLS - -/* Key agreement modes */ -#define DNS_TKEYMODE_SERVERASSIGNED 1 -#define DNS_TKEYMODE_DIFFIEHELLMAN 2 -#define DNS_TKEYMODE_GSSAPI 3 -#define DNS_TKEYMODE_RESOLVERASSIGNED 4 -#define DNS_TKEYMODE_DELETE 5 - -struct dns_tkeyctx { - dst_key_t *dhkey; - dns_name_t *domain; - void *gsscred; - isc_mem_t *mctx; - isc_entropy_t *ectx; -}; - -isc_result_t -dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp); -/* - * Create an empty TKEY context. - * - * Requires: - * 'mctx' is not NULL - * 'tctx' is not NULL - * '*tctx' is NULL - * - * Returns - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * return codes from dns_name_fromtext() - */ - -void -dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp); -/* - * Frees all data associated with the TKEY context - * - * Requires: - * 'tctx' is not NULL - * '*tctx' is not NULL - */ - -isc_result_t -dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, - dns_tsig_keyring_t *ring); -/* - * Processes a query containing a TKEY record, adding or deleting TSIG - * keys if necessary, and modifies the message to contain the response. - * - * Requires: - * 'msg' is a valid message - * 'tctx' is a valid TKEY context - * 'ring' is a valid TSIG keyring - * - * Returns - * ISC_R_SUCCESS msg was updated (the TKEY operation succeeded, - * or msg now includes a TKEY with an error set) - * DNS_R_FORMERR the packet was malformed (missing a TKEY - * or KEY). - * other An error occurred while processing the message - */ - -isc_result_t -dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, - dns_name_t *algorithm, isc_buffer_t *nonce, - isc_uint32_t lifetime); -/* - * Builds a query containing a TKEY that will generate a shared - * secret using a Diffie-Hellman key exchange. The shared key - * will be of the specified algorithm (only DNS_TSIG_HMACMD5_NAME - * is supported), and will be named either 'name', - * 'name' + server chosen domain, or random data + server chosen domain - * if 'name' == dns_rootname. If nonce is not NULL, it supplies - * random data used in the shared secret computation. The key is - * requested to have the specified lifetime (in seconds) - * - * - * Requires: - * 'msg' is a valid message - * 'key' is a valid Diffie Hellman dst key - * 'name' is a valid name - * 'algorithm' is a valid name - * - * Returns: - * ISC_R_SUCCESS msg was successfully updated to include the - * query to be sent - * other an error occurred while building the message - */ - -isc_result_t -dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, - dns_name_t *gname, void *cred, - isc_uint32_t lifetime, void **context); -/* - * XXX - */ - -isc_result_t -dns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key); -/* - * Builds a query containing a TKEY record that will delete the - * specified shared secret from the server. - * - * Requires: - * 'msg' is a valid message - * 'key' is a valid TSIG key - * - * Returns: - * ISC_R_SUCCESS msg was successfully updated to include the - * query to be sent - * other an error occurred while building the message - */ - -isc_result_t -dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, - dst_key_t *key, isc_buffer_t *nonce, - dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring); -/* - * Processes a response to a query containing a TKEY that was - * designed to generate a shared secret using a Diffie-Hellman key - * exchange. If the query was successful, a new shared key - * is created and added to the list of shared keys. - * - * Requires: - * 'qmsg' is a valid message (the query) - * 'rmsg' is a valid message (the response) - * 'key' is a valid Diffie Hellman dst key - * 'outkey' is either NULL or a pointer to NULL - * 'ring' is a valid keyring or NULL - * - * Returns: - * ISC_R_SUCCESS the shared key was successfully added - * ISC_R_NOTFOUND an error occurred while looking for a - * component of the query or response - */ - -isc_result_t -dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, - dns_name_t *gname, void *cred, void **context, - dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring); -/* - * XXX - */ - -isc_result_t -dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, - dns_tsig_keyring_t *ring); -/* - * Processes a response to a query containing a TKEY that was - * designed to delete a shared secret. If the query was successful, - * the shared key is deleted from the list of shared keys. - * - * Requires: - * 'qmsg' is a valid message (the query) - * 'rmsg' is a valid message (the response) - * 'ring' is not NULL - * - * Returns: - * ISC_R_SUCCESS the shared key was successfully deleted - * ISC_R_NOTFOUND an error occurred while looking for a - * component of the query or response - */ - - -ISC_LANG_ENDDECLS - -#endif /* DNS_TKEY_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dst/gssapi.h b/contrib/bind-9.3/lib/dns/include/dst/gssapi.h deleted file mode 100644 index 1d746568d6..0000000000 --- a/contrib/bind-9.3/lib/dns/include/dst/gssapi.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: gssapi.h,v 1.1.4.1 2004/12/09 04:07:20 marka Exp $ */ - -#ifndef DST_GSSAPI_H -#define DST_GSSAPI_H 1 - -#include - -#include - -ISC_LANG_BEGINDECLS - -/*** - *** Types - ***/ - -/*** - *** Functions - ***/ - -isc_result_t -dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, void **cred); - -isc_result_t -dst_gssapi_initctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context); - -isc_result_t -dst_gssapi_acceptctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context); - -/* - * XXX - */ - -ISC_LANG_ENDDECLS - -#endif /* DST_GSSAPI_H */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.c b/contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.c deleted file mode 100644 index 2d91758b1b..0000000000 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: dlv_65323.c,v 1.2.2.4 2004/03/16 12:38:14 marka Exp $ */ - -/* draft-ietf-dnsext-delegation-signer-05.txt */ - -#ifndef RDATA_GENERIC_DLV_65323_C -#define RDATA_GENERIC_DLV_65323_C - -#define RRTYPE_DLV_ATTRIBUTES 0 - -static inline isc_result_t -fromtext_dlv(ARGS_FROMTEXT) { - isc_token_t token; - - REQUIRE(type == 65323); - - UNUSED(type); - UNUSED(rdclass); - UNUSED(origin); - UNUSED(options); - UNUSED(callbacks); - - /* - * Key tag. - */ - RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, - ISC_FALSE)); - if (token.value.as_ulong > 0xffffU) - RETTOK(ISC_R_RANGE); - RETERR(uint16_tobuffer(token.value.as_ulong, target)); - - /* - * Algorithm. - */ - RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, - ISC_FALSE)); - if (token.value.as_ulong > 0xffU) - RETTOK(ISC_R_RANGE); - RETERR(uint8_tobuffer(token.value.as_ulong, target)); - - /* - * Digest type. - */ - RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, - ISC_FALSE)); - if (token.value.as_ulong > 0xffU) - RETTOK(ISC_R_RANGE); - RETERR(uint8_tobuffer(token.value.as_ulong, target)); - type = (isc_uint16_t) token.value.as_ulong; - - /* - * Digest. - */ - return (isc_hex_tobuffer(lexer, target, -1)); -} - -static inline isc_result_t -totext_dlv(ARGS_TOTEXT) { - isc_region_t sr; - char buf[sizeof("64000 ")]; - unsigned int n; - - REQUIRE(rdata->type == 65323); - REQUIRE(rdata->length != 0); - - UNUSED(tctx); - - dns_rdata_toregion(rdata, &sr); - - /* - * Key tag. - */ - n = uint16_fromregion(&sr); - isc_region_consume(&sr, 2); - sprintf(buf, "%u ", n); - RETERR(str_totext(buf, target)); - - /* - * Algorithm. - */ - n = uint8_fromregion(&sr); - isc_region_consume(&sr, 1); - sprintf(buf, "%u ", n); - RETERR(str_totext(buf, target)); - - /* - * Digest type. - */ - n = uint8_fromregion(&sr); - isc_region_consume(&sr, 1); - sprintf(buf, "%u", n); - RETERR(str_totext(buf, target)); - - /* - * Digest. - */ - if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) - RETERR(str_totext(" (", target)); - RETERR(str_totext(tctx->linebreak, target)); - RETERR(isc_hex_totext(&sr, tctx->width - 2, tctx->linebreak, target)); - if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) - RETERR(str_totext(" )", target)); - return (ISC_R_SUCCESS); -} - -static inline isc_result_t -fromwire_dlv(ARGS_FROMWIRE) { - isc_region_t sr; - - REQUIRE(type == 65323); - - UNUSED(type); - UNUSED(rdclass); - UNUSED(dctx); - UNUSED(options); - - isc_buffer_activeregion(source, &sr); - if (sr.length < 4) - return (ISC_R_UNEXPECTEDEND); - - isc_buffer_forward(source, sr.length); - return (mem_tobuffer(target, sr.base, sr.length)); -} - -static inline isc_result_t -towire_dlv(ARGS_TOWIRE) { - isc_region_t sr; - - REQUIRE(rdata->type == 65323); - REQUIRE(rdata->length != 0); - - UNUSED(cctx); - - dns_rdata_toregion(rdata, &sr); - return (mem_tobuffer(target, sr.base, sr.length)); -} - -static inline int -compare_dlv(ARGS_COMPARE) { - isc_region_t r1; - isc_region_t r2; - - REQUIRE(rdata1->type == rdata2->type); - REQUIRE(rdata1->rdclass == rdata2->rdclass); - REQUIRE(rdata1->type == 65323); - REQUIRE(rdata1->length != 0); - REQUIRE(rdata2->length != 0); - - dns_rdata_toregion(rdata1, &r1); - dns_rdata_toregion(rdata2, &r2); - return (isc_region_compare(&r1, &r2)); -} - -static inline isc_result_t -fromstruct_dlv(ARGS_FROMSTRUCT) { - dns_rdata_dlv_t *dlv = source; - - REQUIRE(type == 65323); - REQUIRE(source != NULL); - REQUIRE(dlv->common.rdtype == type); - REQUIRE(dlv->common.rdclass == rdclass); - - UNUSED(type); - UNUSED(rdclass); - - RETERR(uint16_tobuffer(dlv->key_tag, target)); - RETERR(uint8_tobuffer(dlv->algorithm, target)); - RETERR(uint8_tobuffer(dlv->digest_type, target)); - - return (mem_tobuffer(target, dlv->digest, dlv->length)); -} - -static inline isc_result_t -tostruct_dlv(ARGS_TOSTRUCT) { - dns_rdata_dlv_t *dlv = target; - isc_region_t region; - - REQUIRE(rdata->type == 65323); - REQUIRE(target != NULL); - REQUIRE(rdata->length != 0); - - dlv->common.rdclass = rdata->rdclass; - dlv->common.rdtype = rdata->type; - ISC_LINK_INIT(&dlv->common, link); - - dns_rdata_toregion(rdata, ®ion); - - dlv->key_tag = uint16_fromregion(®ion); - isc_region_consume(®ion, 2); - dlv->algorithm = uint8_fromregion(®ion); - isc_region_consume(®ion, 1); - dlv->digest_type = uint8_fromregion(®ion); - isc_region_consume(®ion, 1); - dlv->length = region.length; - - dlv->digest = mem_maybedup(mctx, region.base, region.length); - if (dlv->digest == NULL) - return (ISC_R_NOMEMORY); - - dlv->mctx = mctx; - return (ISC_R_SUCCESS); -} - -static inline void -freestruct_dlv(ARGS_FREESTRUCT) { - dns_rdata_dlv_t *dlv = source; - - REQUIRE(dlv != NULL); - REQUIRE(dlv->common.rdtype == 65323); - - if (dlv->mctx == NULL) - return; - - if (dlv->digest != NULL) - isc_mem_free(dlv->mctx, dlv->digest); - dlv->mctx = NULL; -} - -static inline isc_result_t -additionaldata_dlv(ARGS_ADDLDATA) { - REQUIRE(rdata->type == 65323); - - UNUSED(rdata); - UNUSED(add); - UNUSED(arg); - - return (ISC_R_SUCCESS); -} - -static inline isc_result_t -digest_dlv(ARGS_DIGEST) { - isc_region_t r; - - REQUIRE(rdata->type == 65323); - - dns_rdata_toregion(rdata, &r); - - return ((digest)(arg, &r)); -} - -static inline isc_boolean_t -checkowner_dlv(ARGS_CHECKOWNER) { - - REQUIRE(type == 65323); - - UNUSED(name); - UNUSED(type); - UNUSED(rdclass); - UNUSED(wildcard); - - return (ISC_TRUE); -} - -static inline isc_boolean_t -checknames_dlv(ARGS_CHECKNAMES) { - - REQUIRE(rdata->type == 65323); - - UNUSED(rdata); - UNUSED(owner); - UNUSED(bad); - - return (ISC_TRUE); -} - -#endif /* RDATA_GENERIC_DLV_65323_C */ diff --git a/contrib/bind-9.3/lib/dns/result.c b/contrib/bind-9.3/lib/dns/result.c deleted file mode 100644 index eb8308a33d..0000000000 --- a/contrib/bind-9.3/lib/dns/result.c +++ /dev/null @@ -1,272 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1998-2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: result.c,v 1.90.2.9.2.13 2004/05/14 05:06:39 marka Exp $ */ - -#include - -#include -#include - -#include -#include - -static const char *text[DNS_R_NRESULTS] = { - "label too long", /* 0 DNS_R_LABELTOOLONG */ - "bad escape", /* 1 DNS_R_BADESCAPE */ - /* - * Note that DNS_R_BADBITSTRING and DNS_R_BITSTRINGTOOLONG are - * deprecated. - */ - "bad bitstring", /* 2 DNS_R_BADBITSTRING */ - "bitstring too long", /* 3 DNS_R_BITSTRINGTOOLONG */ - "empty label", /* 4 DNS_R_EMPTYLABEL */ - - "bad dotted quad", /* 5 DNS_R_BADDOTTEDQUAD */ - "invalid NS owner name (wildcard)", /* 6 DNS_R_INVALIDNS */ - "unknown class/type", /* 7 DNS_R_UNKNOWN */ - "bad label type", /* 8 DNS_R_BADLABELTYPE */ - "bad compression pointer", /* 9 DNS_R_BADPOINTER */ - - "too many hops", /* 10 DNS_R_TOOMANYHOPS */ - "disallowed (by application policy)", /* 11 DNS_R_DISALLOWED */ - "extra input text", /* 12 DNS_R_EXTRATOKEN */ - "extra input data", /* 13 DNS_R_EXTRADATA */ - "text too long", /* 14 DNS_R_TEXTTOOLONG */ - - "not at top of zone", /* 15 DNS_R_NOTZONETOP */ - "syntax error", /* 16 DNS_R_SYNTAX */ - "bad checksum", /* 17 DNS_R_BADCKSUM */ - "bad IPv6 address", /* 18 DNS_R_BADAAAA */ - "no owner", /* 19 DNS_R_NOOWNER */ - - "no ttl", /* 20 DNS_R_NOTTL */ - "bad class", /* 21 DNS_R_BADCLASS */ - "name too long", /* 22 DNS_R_NAMETOOLONG */ - "partial match", /* 23 DNS_R_PARTIALMATCH */ - "new origin", /* 24 DNS_R_NEWORIGIN */ - - "unchanged", /* 25 DNS_R_UNCHANGED */ - "bad ttl", /* 26 DNS_R_BADTTL */ - "more data needed/to be rendered", /* 27 DNS_R_NOREDATA */ - "continue", /* 28 DNS_R_CONTINUE */ - "delegation", /* 29 DNS_R_DELEGATION */ - - "glue", /* 30 DNS_R_GLUE */ - "dname", /* 31 DNS_R_DNAME */ - "cname", /* 32 DNS_R_CNAME */ - "bad database", /* 33 DNS_R_BADDB */ - "zonecut", /* 34 DNS_R_ZONECUT */ - - "bad zone", /* 35 DNS_R_BADZONE */ - "more data", /* 36 DNS_R_MOREDATA */ - "up to date", /* 37 DNS_R_UPTODATE */ - "tsig verify failure", /* 38 DNS_R_TSIGVERIFYFAILURE */ - "tsig indicates error", /* 39 DNS_R_TSIGERRORSET */ - - "RRSIG failed to verify", /* 40 DNS_R_SIGINVALID */ - "RRSIG has expired", /* 41 DNS_R_SIGEXPIRED */ - "RRSIG validity period has not begun", /* 42 DNS_R_SIGFUTURE */ - "key is unauthorized to sign data", /* 43 DNS_R_KEYUNAUTHORIZED */ - "invalid time", /* 44 DNS_R_INVALIDTIME */ - - "expected a TSIG or SIG(0)", /* 45 DNS_R_EXPECTEDTSIG */ - "did not expect a TSIG or SIG(0)", /* 46 DNS_R_UNEXPECTEDTSIG */ - "TKEY is unacceptable", /* 47 DNS_R_INVALIDTKEY */ - "hint", /* 48 DNS_R_HINT */ - "drop", /* 49 DNS_R_DROP */ - - "zone not loaded", /* 50 DNS_R_NOTLOADED */ - "ncache nxdomain", /* 51 DNS_R_NCACHENXDOMAIN */ - "ncache nxrrset", /* 52 DNS_R_NCACHENXRRSET */ - "wait", /* 53 DNS_R_WAIT */ - "not verified yet", /* 54 DNS_R_NOTVERIFIEDYET */ - - "no identity", /* 55 DNS_R_NOIDENTITY */ - "no journal", /* 56 DNS_R_NOJOURNAL */ - "alias", /* 57 DNS_R_ALIAS */ - "use TCP", /* 58 DNS_R_USETCP */ - "no valid RRSIG", /* 59 DNS_R_NOVALIDSIG */ - - "no valid NSEC", /* 60 DNS_R_NOVALIDNSEC */ - "not insecure", /* 61 DNS_R_NOTINSECURE */ - "unknown service", /* 62 DNS_R_UNKNOWNSERVICE */ - "recoverable error occurred", /* 63 DNS_R_RECOVERABLE */ - "unknown opt attribute record", /* 64 DNS_R_UNKNOWNOPT */ - - "unexpected message id", /* 65 DNS_R_UNEXPECTEDID */ - "seen include file", /* 66 DNS_R_SEENINCLUDE */ - "not exact", /* 67 DNS_R_NOTEXACT */ - "address blackholed", /* 68 DNS_R_BLACKHOLED */ - "bad algorithm", /* 69 DNS_R_BADALG */ - - "invalid use of a meta type", /* 70 DNS_R_METATYPE */ - "CNAME and other data", /* 71 DNS_R_CNAMEANDOTHER */ - "multiple RRs of singleton type", /* 72 DNS_R_SINGLETON */ - "hint nxrrset", /* 73 DNS_R_HINTNXRRSET */ - "no master file configured", /* 74 DNS_R_NOMASTERFILE */ - - "unknown protocol", /* 75 DNS_R_UNKNOWNPROTO */ - "clocks are unsynchronized", /* 76 DNS_R_CLOCKSKEW */ - "IXFR failed", /* 77 DNS_R_BADIXFR */ - "not authoritative", /* 78 DNS_R_NOTAUTHORITATIVE */ - "no valid KEY", /* 79 DNS_R_NOVALIDKEY */ - - "obsolete", /* 80 DNS_R_OBSOLETE */ - "already frozen", /* 81 DNS_R_FROZEN */ - "unknown flag", /* 82 DNS_R_UNKNOWNFLAG */ - "expected a response", /* 83 DNS_R_EXPECTEDRESPONSE */ - "no valid DS", /* 84 DNS_R_NOVALIDDS */ - - "NS is an address", /* 85 DNS_R_NSISADDRESS */ - "received FORMERR", /* 86 DNS_R_REMOTEFORMERR */ - "truncated TCP response", /* 87 DNS_R_TRUNCATEDTCP */ - "lame server detected", /* 88 DNS_R_LAME */ - "unexpected RCODE", /* 89 DNS_R_UNEXPECTEDRCODE */ - - "unexpected OPCODE", /* 90 DNS_R_UNEXPECTEDOPCODE */ - "chase DS servers", /* 91 DNS_R_CHASEDSSERVERS */ - "empty name", /* 92 DNS_R_EMPTYNAME */ - "empty wild", /* 93 DNS_R_EMPTYWILD */ - "bad bitmap", /* 94 DNS_R_BADBITMAP */ - - "from wildcard", /* 95 DNS_R_FROMWILDCARD */ - "bad owner name (check-names)", /* 96 DNS_R_BADOWNERNAME */ - "bad name (check-names)", /* 97 DNS_R_BADNAME */ - "dynamic zone", /* 98 DNS_R_DYNAMIC */ - "unknown command", /* 99 DNS_R_UNKNOWNCOMMAND */ - - "must-be-secure", /* 100 DNS_R_MUSTBESECURE */ - "covering NSEC record returned" /* 101 DNS_R_COVERINGNSEC */ -}; - -static const char *rcode_text[DNS_R_NRCODERESULTS] = { - "NOERROR", /* 0 DNS_R_NOEROR */ - "FORMERR", /* 1 DNS_R_FORMERR */ - "SERVFAIL", /* 2 DNS_R_SERVFAIL */ - "NXDOMAIN", /* 3 DNS_R_NXDOMAIN */ - "NOTIMP", /* 4 DNS_R_NOTIMP */ - - "REFUSED", /* 5 DNS_R_REFUSED */ - "YXDOMAIN", /* 6 DNS_R_YXDOMAIN */ - "YXRRSET", /* 7 DNS_R_YXRRSET */ - "NXRRSET", /* 8 DNS_R_NXRRSET */ - "NOTAUTH", /* 9 DNS_R_NOTAUTH */ - - "NOTZONE", /* 10 DNS_R_NOTZONE */ - "", /* 11 has no macro */ - "", /* 12 has no macro */ - "", /* 13 has no macro */ - "", /* 14 has no macro */ - - "", /* 15 has no macro */ - "BADVERS", /* 16 DNS_R_BADVERS */ -}; - -#define DNS_RESULT_RESULTSET 2 -#define DNS_RESULT_RCODERESULTSET 3 - -static isc_once_t once = ISC_ONCE_INIT; - -static void -initialize_action(void) { - isc_result_t result; - - result = isc_result_register(ISC_RESULTCLASS_DNS, DNS_R_NRESULTS, - text, dns_msgcat, DNS_RESULT_RESULTSET); - if (result == ISC_R_SUCCESS) - result = isc_result_register(ISC_RESULTCLASS_DNSRCODE, - DNS_R_NRCODERESULTS, - rcode_text, dns_msgcat, - DNS_RESULT_RCODERESULTSET); - if (result != ISC_R_SUCCESS) - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_result_register() failed: %u", result); -} - -static void -initialize(void) { - dns_lib_initmsgcat(); - RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); -} - -const char * -dns_result_totext(isc_result_t result) { - initialize(); - - return (isc_result_totext(result)); -} - -void -dns_result_register(void) { - initialize(); -} - -dns_rcode_t -dns_result_torcode(isc_result_t result) { - dns_rcode_t rcode = dns_rcode_servfail; - - if (DNS_RESULT_ISRCODE(result)) { - /* - * Rcodes can't be bigger than 12 bits, which is why we - * AND with 0xFFF instead of 0xFFFF. - */ - return ((dns_rcode_t)((result) & 0xFFF)); - } - /* - * Try to supply an appropriate rcode. - */ - switch (result) { - case ISC_R_SUCCESS: - rcode = dns_rcode_noerror; - break; - case ISC_R_BADBASE64: - case ISC_R_NOSPACE: - case ISC_R_RANGE: - case ISC_R_UNEXPECTEDEND: - case DNS_R_BADAAAA: - /* case DNS_R_BADBITSTRING: deprecated */ - case DNS_R_BADCKSUM: - case DNS_R_BADCLASS: - case DNS_R_BADLABELTYPE: - case DNS_R_BADPOINTER: - case DNS_R_BADTTL: - case DNS_R_BADZONE: - /* case DNS_R_BITSTRINGTOOLONG: deprecated */ - case DNS_R_EXTRADATA: - case DNS_R_LABELTOOLONG: - case DNS_R_NOREDATA: - case DNS_R_SYNTAX: - case DNS_R_TEXTTOOLONG: - case DNS_R_TOOMANYHOPS: - case DNS_R_TSIGERRORSET: - case DNS_R_UNKNOWN: - rcode = dns_rcode_formerr; - break; - case DNS_R_DISALLOWED: - rcode = dns_rcode_refused; - break; - case DNS_R_TSIGVERIFYFAILURE: - case DNS_R_CLOCKSKEW: - rcode = dns_rcode_notauth; - break; - default: - rcode = dns_rcode_servfail; - } - - return (rcode); -} diff --git a/contrib/bind-9.3/lib/dns/rootns.c b/contrib/bind-9.3/lib/dns/rootns.c deleted file mode 100644 index 9e9c940903..0000000000 --- a/contrib/bind-9.3/lib/dns/rootns.c +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: rootns.c,v 1.20.2.3.2.5 2004/03/08 09:04:32 marka Exp $ */ - -#include - -#include -#include /* Required for HP/UX (and others?) */ -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static char root_ns[] = -";\n" -"; Internet Root Nameservers\n" -";\n" -"; Thu Sep 23 17:57:37 PDT 1999\n" -";\n" -"$TTL 518400\n" -". 518400 IN NS A.ROOT-SERVERS.NET.\n" -". 518400 IN NS B.ROOT-SERVERS.NET.\n" -". 518400 IN NS C.ROOT-SERVERS.NET.\n" -". 518400 IN NS D.ROOT-SERVERS.NET.\n" -". 518400 IN NS E.ROOT-SERVERS.NET.\n" -". 518400 IN NS F.ROOT-SERVERS.NET.\n" -". 518400 IN NS G.ROOT-SERVERS.NET.\n" -". 518400 IN NS H.ROOT-SERVERS.NET.\n" -". 518400 IN NS I.ROOT-SERVERS.NET.\n" -". 518400 IN NS J.ROOT-SERVERS.NET.\n" -". 518400 IN NS K.ROOT-SERVERS.NET.\n" -". 518400 IN NS L.ROOT-SERVERS.NET.\n" -". 518400 IN NS M.ROOT-SERVERS.NET.\n" -"A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n" -"B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n" -"C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n" -"D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90\n" -"E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n" -"F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n" -"G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n" -"H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n" -"I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n" -"J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n" -"K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n" -"L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12\n" -"M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"; - -static isc_result_t -in_rootns(dns_rdataset_t *rootns, dns_name_t *name) { - isc_result_t result; - dns_rdata_t rdata = DNS_RDATA_INIT; - dns_rdata_ns_t ns; - - if (!dns_rdataset_isassociated(rootns)) - return (ISC_R_NOTFOUND); - - result = dns_rdataset_first(rootns); - while (result == ISC_R_SUCCESS) { - dns_rdataset_current(rootns, &rdata); - result = dns_rdata_tostruct(&rdata, &ns, NULL); - if (result != ISC_R_SUCCESS) - return (result); - if (dns_name_compare(name, &ns.name) == 0) - return (ISC_R_SUCCESS); - result = dns_rdataset_next(rootns); - } - if (result == ISC_R_NOMORE) - result = ISC_R_NOTFOUND; - return (result); -} - -static isc_result_t -check_node(dns_rdataset_t *rootns, dns_name_t *name, - dns_rdatasetiter_t *rdsiter) { - isc_result_t result; - dns_rdataset_t rdataset; - - dns_rdataset_init(&rdataset); - result = dns_rdatasetiter_first(rdsiter); - while (result == ISC_R_SUCCESS) { - dns_rdatasetiter_current(rdsiter, &rdataset); - switch (rdataset.type) { - case dns_rdatatype_a: - case dns_rdatatype_aaaa: - result = in_rootns(rootns, name); - if (result != ISC_R_SUCCESS) - goto cleanup; - break; - case dns_rdatatype_ns: - if (dns_name_compare(name, dns_rootname) == 0) - break; - /*FALLTHROUGH*/ - default: - result = ISC_R_FAILURE; - goto cleanup; - } - dns_rdataset_disassociate(&rdataset); - result = dns_rdatasetiter_next(rdsiter); - } - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; - cleanup: - if (dns_rdataset_isassociated(&rdataset)) - dns_rdataset_disassociate(&rdataset); - return (result); -} - -static isc_result_t -check_hints(dns_db_t *db) { - isc_result_t result; - dns_rdataset_t rootns; - dns_dbiterator_t *dbiter = NULL; - dns_dbnode_t *node = NULL; - isc_stdtime_t now; - dns_fixedname_t fixname; - dns_name_t *name; - dns_rdatasetiter_t *rdsiter = NULL; - - isc_stdtime_get(&now); - - dns_fixedname_init(&fixname); - name = dns_fixedname_name(&fixname); - - dns_rdataset_init(&rootns); - (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, - now, NULL, name, &rootns, NULL); - result = dns_db_createiterator(db, ISC_FALSE, &dbiter); - if (result != ISC_R_SUCCESS) - goto cleanup; - result = dns_dbiterator_first(dbiter); - while (result == ISC_R_SUCCESS) { - result = dns_dbiterator_current(dbiter, &node, name); - if (result != ISC_R_SUCCESS) - goto cleanup; - result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter); - if (result != ISC_R_SUCCESS) - goto cleanup; - result = check_node(&rootns, name, rdsiter); - if (result != ISC_R_SUCCESS) - goto cleanup; - dns_rdatasetiter_destroy(&rdsiter); - dns_db_detachnode(db, &node); - result = dns_dbiterator_next(dbiter); - } - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; - - cleanup: - if (dns_rdataset_isassociated(&rootns)) - dns_rdataset_disassociate(&rootns); - if (rdsiter != NULL) - dns_rdatasetiter_destroy(&rdsiter); - if (node != NULL) - dns_db_detachnode(db, &node); - if (dbiter != NULL) - dns_dbiterator_destroy(&dbiter); - return (result); -} - -isc_result_t -dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, - const char *filename, dns_db_t **target) -{ - isc_result_t result, eresult; - isc_buffer_t source; - size_t len; - dns_rdatacallbacks_t callbacks; - dns_db_t *db = NULL; - - REQUIRE(target != NULL && *target == NULL); - - result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone, - rdclass, 0, NULL, &db); - if (result != ISC_R_SUCCESS) - return (result); - - dns_rdatacallbacks_init(&callbacks); - - len = strlen(root_ns); - isc_buffer_init(&source, root_ns, len); - isc_buffer_add(&source, len); - - result = dns_db_beginload(db, &callbacks.add, - &callbacks.add_private); - if (result != ISC_R_SUCCESS) - return (result); - if (filename != NULL) { - /* - * Load the hints from the specified filename. - */ - result = dns_master_loadfile(filename, &db->origin, - &db->origin, db->rdclass, - DNS_MASTER_HINT, - &callbacks, db->mctx); - } else if (rdclass == dns_rdataclass_in) { - /* - * Default to using the Internet root servers. - */ - result = dns_master_loadbuffer(&source, &db->origin, - &db->origin, db->rdclass, - DNS_MASTER_HINT, - &callbacks, db->mctx); - } else - result = ISC_R_NOTFOUND; - eresult = dns_db_endload(db, &callbacks.add_private); - if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) - result = eresult; - if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) - goto db_detach; - if (check_hints(db) != ISC_R_SUCCESS) - isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, - "extra data in root hints '%s'", - (filename != NULL) ? filename : ""); - *target = db; - return (ISC_R_SUCCESS); - - db_detach: - dns_db_detach(&db); - - return (result); -} diff --git a/contrib/bind-9.3/lib/dns/stats.c b/contrib/bind-9.3/lib/dns/stats.c deleted file mode 100644 index aefcbe0bcc..0000000000 --- a/contrib/bind-9.3/lib/dns/stats.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: stats.c,v 1.5.206.1 2004/03/06 08:13:46 marka Exp $ */ - -#include - -#include - -#include - -LIBDNS_EXTERNAL_DATA const char *dns_statscounter_names[DNS_STATS_NCOUNTERS] = - { - "success", - "referral", - "nxrrset", - "nxdomain", - "recursion", - "failure" - }; - -isc_result_t -dns_stats_alloccounters(isc_mem_t *mctx, isc_uint64_t **ctrp) { - int i; - isc_uint64_t *p = - isc_mem_get(mctx, DNS_STATS_NCOUNTERS * sizeof(isc_uint64_t)); - if (p == NULL) - return (ISC_R_NOMEMORY); - for (i = 0; i < DNS_STATS_NCOUNTERS; i++) - p[i] = 0; - *ctrp = p; - return (ISC_R_SUCCESS); -} - -void -dns_stats_freecounters(isc_mem_t *mctx, isc_uint64_t **ctrp) { - isc_mem_put(mctx, *ctrp, DNS_STATS_NCOUNTERS * sizeof(isc_uint64_t)); - *ctrp = NULL; -} diff --git a/contrib/bind-9.3/lib/isc/include/isc/msgs.h b/contrib/bind-9.3/lib/isc/include/isc/msgs.h deleted file mode 100644 index 967005bf35..0000000000 --- a/contrib/bind-9.3/lib/isc/include/isc/msgs.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000-2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: msgs.h,v 1.5.2.2.8.3 2004/03/06 08:14:44 marka Exp $ */ - -#ifndef ISC_MSGS_H -#define ISC_MSGS_H 1 - -#include /* Provide isc_msgcat global variable. */ -#include /* Provide isc_msgcat_*() functions. */ - -/* - * Message sets, named per source file, excepting "GENERAL". - * IMPORTANT: The original list is alphabetical, but any new sets must - * be added to the end. - */ -#define ISC_MSGSET_GENERAL 1 -/* ISC_RESULT_RESULTSET 2 */ /* XXX */ -/* ISC_RESULT_UNAVAILABLESET 3 */ /* XXX */ -#define ISC_MSGSET_APP 4 -#define ISC_MSGSET_COMMANDLINE 5 -#define ISC_MSGSET_ENTROPY 6 -#define ISC_MSGSET_IFITERIOCTL 7 -#define ISC_MSGSET_IFITERSYSCTL 8 -#define ISC_MSGSET_LEX 9 -#define ISC_MSGSET_LOG 10 -#define ISC_MSGSET_MEM 11 -#define ISC_MSGSET_NETADDR 12 -#define ISC_MSGSET_PRINT 13 -#define ISC_MSGSET_RESULT 14 -#define ISC_MSGSET_RWLOCK 15 -#define ISC_MSGSET_SOCKADDR 16 -#define ISC_MSGSET_SOCKET 17 -#define ISC_MSGSET_TASK 18 -#define ISC_MSGSET_TIMER 19 -#define ISC_MSGSET_UTIL 20 -#define ISC_MSGSET_IFITERGETIFADDRS 21 - -/* - * Message numbers. They are only required to be unique per message set, - * but are unique throughout the entire catalog to not be as confusing when - * debugging. - * - * The initial numbering was done by multiply by 100 the set number the - * message appears in then adding the incremental message number. - */ -#define ISC_MSG_FAILED 101 /* "failed" */ -#define ISC_MSG_SUCCEEDED 102 /* Compatible with "failed" */ -#define ISC_MSG_SUCCESS 103 /* More usual way to say "success" */ -#define ISC_MSG_STARTING 104 /* As in "daemon: starting" */ -#define ISC_MSG_STOPING 105 /* As in "daemon: stopping" */ -#define ISC_MSG_ENTERING 106 /* As in "some_subr: entering" */ -#define ISC_MSG_EXITING 107 /* As in "some_subr: exiting" */ -#define ISC_MSG_CALLING 108 /* As in "calling some_subr()" */ -#define ISC_MSG_RETURNED 109 /* As in "some_subr: returned " */ -#define ISC_MSG_FATALERROR 110 /* "fatal error" */ -#define ISC_MSG_SHUTTINGDOWN 111 /* "shutting down" */ -#define ISC_MSG_RUNNING 112 /* "running" */ -#define ISC_MSG_WAIT 113 /* "wait" */ -#define ISC_MSG_WAITUNTIL 114 /* "waituntil" */ - -#define ISC_MSG_SIGNALSETUP 201 /* "handle_signal() %d setup: %s" */ - -#define ISC_MSG_ILLEGALOPT 301 /* "illegal option" */ -#define ISC_MSG_OPTNEEDARG 302 /* "option requires an argument" */ - -#define ISC_MSG_ENTROPYSTATS 401 /* "Entropy pool %p: refcnt %u ..." */ - -#define ISC_MSG_MAKESCANSOCKET 501 /* "making interface scan socket: %s" */ -#define ISC_MSG_GETIFCONFIG 502 /* "get interface configuration: %s" */ -#define ISC_MSG_BUFFERMAX 503 /* "... maximum buffer size exceeded" */ -#define ISC_MSG_GETDESTADDR 504 /* "%s: getting destination address: %s" */ -#define ISC_MSG_GETNETMASK 505 /* "%s: getting netmask: %s" */ - -#define ISC_MSG_GETIFLISTSIZE 601 /* "getting interface list size: ..." */ -#define ISC_MSG_GETIFLIST 602 /* "getting interface list: ..." */ -#define ISC_MSG_UNEXPECTEDTYPE 603 /* "... unexpected ... message type" */ - -#define ISC_MSG_UNEXPECTEDSTATE 701 /* "Unexpected state %d" */ - -#define ISC_MSG_BADTIME 801 /* "Bad 00 99:99:99.999 " */ -#define ISC_MSG_LEVEL 802 /* "level %d: " */ - -#define ISC_MSG_ADDTRACE 901 /* "add %p size %u " */ -#define ISC_MSG_DELTRACE 902 /* "del %p size %u " */ -#define ISC_MSG_POOLSTATS 903 /* "[Pool statistics]\n" */ -#define ISC_MSG_POOLNAME 904 /* "name" */ -#define ISC_MSG_POOLSIZE 905 /* "size" */ -#define ISC_MSG_POOLMAXALLOC 906 /* "maxalloc" */ -#define ISC_MSG_POOLALLOCATED 907 /* "allocated" */ -#define ISC_MSG_POOLFREECOUNT 908 /* "freecount" */ -#define ISC_MSG_POOLFREEMAX 909 /* "freemax" */ -#define ISC_MSG_POOLFILLCOUNT 910 /* "fillcount" */ -#define ISC_MSG_POOLGETS 911 /* "gets" */ -#define ISC_MSG_DUMPALLOC 912 /* "DUMP OF ALL OUTSTANDING MEMORY ..." */ -#define ISC_MSG_NONE 913 /* "\tNone.\n" */ -#define ISC_MSG_PTRFILELINE 914 /* "\tptr %p file %s line %u\n" */ - -#define ISC_MSG_UNKNOWNADDR 1001 /* "" */ - -#define ISC_MSG_NOLONGDBL 1104 /* "long doubles are not supported" */ - -#define ISC_MSG_PRINTLOCK 1201 /* "rwlock %p thread %lu ..." */ -#define ISC_MSG_READ 1202 /* "read" */ -#define ISC_MSG_WRITE 1203 /* "write" */ -#define ISC_MSG_READING 1204 /* "reading" */ -#define ISC_MSG_WRITING 1205 /* "writing" */ -#define ISC_MSG_PRELOCK 1206 /* "prelock" */ -#define ISC_MSG_POSTLOCK 1207 /* "postlock" */ -#define ISC_MSG_PREUNLOCK 1208 /* "preunlock" */ -#define ISC_MSG_POSTUNLOCK 1209 /* "postunlock" */ - -#define ISC_MSG_UNKNOWNFAMILY 1301 /* "unknown address family: %d" */ - -#define ISC_MSG_WRITEFAILED 1401 /* "write() failed during watcher ..." */ -#define ISC_MSG_READFAILED 1402 /* "read() failed during watcher ... " */ -#define ISC_MSG_PROCESSCMSG 1403 /* "processing cmsg %p" */ -#define ISC_MSG_IFRECEIVED 1404 /* "interface received on ifindex %u" */ -#define ISC_MSG_SENDTODATA 1405 /* "sendto pktinfo data, ifindex %u" */ -#define ISC_MSG_DOIORECV 1406 /* "doio_recv: recvmsg(%d) %d bytes ..." */ -#define ISC_MSG_PKTRECV 1407 /* "packet received correctly" */ -#define ISC_MSG_DESTROYING 1408 /* "destroying" */ -#define ISC_MSG_CREATED 1409 /* "created" */ -#define ISC_MSG_ACCEPTLOCK 1410 /* "internal_accept called, locked ..." */ -#define ISC_MSG_ACCEPTEDCXN 1411 /* "accepted connection, new socket %p" */ -#define ISC_MSG_INTERNALRECV 1412 /* "internal_recv: task %p got event %p" */ -#define ISC_MSG_INTERNALSEND 1413 /* "internal_send: task %p got event %p" */ -#define ISC_MSG_WATCHERMSG 1414 /* "watcher got message %d" */ -#define ISC_MSG_SOCKETSREMAIN 1415 /* "sockets exist" */ -#define ISC_MSG_PKTINFOPROVIDED 1416 /* "pktinfo structure provided, ..." */ -#define ISC_MSG_BOUND 1417 /* "bound" */ -#define ISC_MSG_ACCEPTRETURNED 1418 /* accept() returned %d/%s */ -#define ISC_MSG_TOOMANYFDS 1419 /* %s: too many open file descriptors */ -#define ISC_MSG_ZEROPORT 1420 /* dropping source port zero packet */ -#define ISC_MSG_FILTER 1420 /* setsockopt(SO_ACCEPTFILTER): %s */ - -#define ISC_MSG_AWAKE 1502 /* "awake" */ -#define ISC_MSG_WORKING 1503 /* "working" */ -#define ISC_MSG_EXECUTE 1504 /* "execute action" */ -#define ISC_MSG_EMPTY 1505 /* "empty" */ -#define ISC_MSG_DONE 1506 /* "done" */ -#define ISC_MSG_QUANTUM 1507 /* "quantum" */ - -#define ISC_MSG_SCHEDULE 1601 /* "schedule" */ -#define ISC_MSG_SIGNALSCHED 1602 /* "signal (schedule)" */ -#define ISC_MSG_SIGNALDESCHED 1603 /* "signal (deschedule)" */ -#define ISC_MSG_SIGNALDESTROY 1604 /* "signal (destroy)" */ -#define ISC_MSG_IDLERESCHED 1605 /* "idle reschedule" */ -#define ISC_MSG_EVENTNOTALLOC 1606 /* "couldn't allocate event" */ -#define ISC_MSG_SCHEDFAIL 1607 /* "couldn't schedule timer: %u" */ -#define ISC_MSG_POSTING 1608 /* "posting" */ -#define ISC_MSG_WAKEUP 1609 /* "wakeup" */ - -#define ISC_MSG_LOCK 1701 /* "LOCK" */ -#define ISC_MSG_LOCKING 1702 /* "LOCKING" */ -#define ISC_MSG_LOCKED 1703 /* "LOCKED" */ -#define ISC_MSG_UNLOCKED 1704 /* "UNLOCKED" */ -#define ISC_MSG_RWLOCK 1705 /* "RWLOCK" */ -#define ISC_MSG_RWLOCKED 1706 /* "RWLOCKED" */ -#define ISC_MSG_RWUNLOCK 1707 /* "RWUNLOCK" */ -#define ISC_MSG_BROADCAST 1708 /* "BROADCAST" */ -#define ISC_MSG_SIGNAL 1709 /* "SIGNAL" */ -#define ISC_MSG_UTILWAIT 1710 /* "WAIT" */ -#define ISC_MSG_WAITED 1711 /* "WAITED" */ - -#define ISC_MSG_GETIFADDRS 1801 /* "getting interface addresses: ..." */ - - -#endif /* ISC_MSGS_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/result.h b/contrib/bind-9.3/lib/isc/include/isc/result.h deleted file mode 100644 index 93f7cefbd6..0000000000 --- a/contrib/bind-9.3/lib/isc/include/isc/result.h +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1998-2001, 2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: result.h,v 1.57.2.2.8.5 2004/05/15 03:46:13 jinmei Exp $ */ - -#ifndef ISC_RESULT_H -#define ISC_RESULT_H 1 - -#include -#include - -#define ISC_R_SUCCESS 0 /* success */ -#define ISC_R_NOMEMORY 1 /* out of memory */ -#define ISC_R_TIMEDOUT 2 /* timed out */ -#define ISC_R_NOTHREADS 3 /* no available threads */ -#define ISC_R_ADDRNOTAVAIL 4 /* address not available */ -#define ISC_R_ADDRINUSE 5 /* address in use */ -#define ISC_R_NOPERM 6 /* permission denied */ -#define ISC_R_NOCONN 7 /* no pending connections */ -#define ISC_R_NETUNREACH 8 /* network unreachable */ -#define ISC_R_HOSTUNREACH 9 /* host unreachable */ -#define ISC_R_NETDOWN 10 /* network down */ -#define ISC_R_HOSTDOWN 11 /* host down */ -#define ISC_R_CONNREFUSED 12 /* connection refused */ -#define ISC_R_NORESOURCES 13 /* not enough free resources */ -#define ISC_R_EOF 14 /* end of file */ -#define ISC_R_BOUND 15 /* socket already bound */ -#define ISC_R_RELOAD 16 /* reload */ -#define ISC_R_LOCKBUSY 17 /* lock busy */ -#define ISC_R_EXISTS 18 /* already exists */ -#define ISC_R_NOSPACE 19 /* ran out of space */ -#define ISC_R_CANCELED 20 /* operation canceled */ -#define ISC_R_NOTBOUND 21 /* socket is not bound */ -#define ISC_R_SHUTTINGDOWN 22 /* shutting down */ -#define ISC_R_NOTFOUND 23 /* not found */ -#define ISC_R_UNEXPECTEDEND 24 /* unexpected end of input */ -#define ISC_R_FAILURE 25 /* generic failure */ -#define ISC_R_IOERROR 26 /* I/O error */ -#define ISC_R_NOTIMPLEMENTED 27 /* not implemented */ -#define ISC_R_UNBALANCED 28 /* unbalanced parentheses */ -#define ISC_R_NOMORE 29 /* no more */ -#define ISC_R_INVALIDFILE 30 /* invalid file */ -#define ISC_R_BADBASE64 31 /* bad base64 encoding */ -#define ISC_R_UNEXPECTEDTOKEN 32 /* unexpected token */ -#define ISC_R_QUOTA 33 /* quota reached */ -#define ISC_R_UNEXPECTED 34 /* unexpected error */ -#define ISC_R_ALREADYRUNNING 35 /* already running */ -#define ISC_R_IGNORE 36 /* ignore */ -#define ISC_R_MASKNONCONTIG 37 /* addr mask not contiguous */ -#define ISC_R_FILENOTFOUND 38 /* file not found */ -#define ISC_R_FILEEXISTS 39 /* file already exists */ -#define ISC_R_NOTCONNECTED 40 /* socket is not connected */ -#define ISC_R_RANGE 41 /* out of range */ -#define ISC_R_NOENTROPY 42 /* out of entropy */ -#define ISC_R_MULTICAST 43 /* invalid use of multicast */ -#define ISC_R_NOTFILE 44 /* not a file */ -#define ISC_R_NOTDIRECTORY 45 /* not a directory */ -#define ISC_R_QUEUEFULL 46 /* queue is full */ -#define ISC_R_FAMILYMISMATCH 47 /* address family mismatch */ -#define ISC_R_FAMILYNOSUPPORT 48 /* AF not supported */ -#define ISC_R_BADHEX 49 /* bad hex encoding */ -#define ISC_R_TOOMANYOPENFILES 50 /* too many open files */ -#define ISC_R_NOTBLOCKING 51 /* not blocking */ -#define ISC_R_UNBALANCEDQUOTES 52 /* unbalanced quotes */ -#define ISC_R_INPROGRESS 53 /* operation in progress */ -#define ISC_R_CONNECTIONRESET 54 /* connection reset */ -#define ISC_R_SOFTQUOTA 55 /* soft quota reached */ -#define ISC_R_BADNUMBER 56 /* not a valid number */ -#define ISC_R_DISABLED 57 /* disabled */ -#define ISC_R_MAXSIZE 58 /* max size */ -#define ISC_R_BADADDRESSFORM 59 /* invalid address format */ - -/* - * Not a result code: the number of results. - */ -#define ISC_R_NRESULTS 60 - -ISC_LANG_BEGINDECLS - -const char * -isc_result_totext(isc_result_t); -/* - * Convert an isc_result_t into a string message describing the result. - */ - -isc_result_t -isc_result_register(unsigned int base, unsigned int nresults, - const char **text, isc_msgcat_t *msgcat, int set); - -ISC_LANG_ENDDECLS - -#endif /* ISC_RESULT_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/socket.h b/contrib/bind-9.3/lib/isc/include/isc/socket.h deleted file mode 100644 index 9dcadb213c..0000000000 --- a/contrib/bind-9.3/lib/isc/include/isc/socket.h +++ /dev/null @@ -1,704 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1998-2002 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: socket.h,v 1.54.12.4 2004/03/08 09:04:53 marka Exp $ */ - -#ifndef ISC_SOCKET_H -#define ISC_SOCKET_H 1 - -/***** - ***** Module Info - *****/ - -/* - * Sockets - * - * Provides TCP and UDP sockets for network I/O. The sockets are event - * sources in the task system. - * - * When I/O completes, a completion event for the socket is posted to the - * event queue of the task which requested the I/O. - * - * MP: - * The module ensures appropriate synchronization of data structures it - * creates and manipulates. - * - * Clients of this module must not be holding a socket's task's lock when - * making a call that affects that socket. Failure to follow this rule - * can result in deadlock. - * - * The caller must ensure that isc_socketmgr_destroy() is called only - * once for a given manager. - * - * Reliability: - * No anticipated impact. - * - * Resources: - * - * - * Security: - * No anticipated impact. - * - * Standards: - * None. - */ - -/*** - *** Imports - ***/ - -#include -#include -#include -#include -#include -#include -#include - -ISC_LANG_BEGINDECLS - -/*** - *** Constants - ***/ - -/* - * Maximum number of buffers in a scatter/gather read/write. The operating - * system in use must support at least this number (plus one on some.) - */ -#define ISC_SOCKET_MAXSCATTERGATHER 8 - -/*** - *** Types - ***/ - -struct isc_socketevent { - ISC_EVENT_COMMON(isc_socketevent_t); - isc_result_t result; /* OK, EOF, whatever else */ - unsigned int minimum; /* minimum i/o for event */ - unsigned int n; /* bytes read or written */ - unsigned int offset; /* offset into buffer list */ - isc_region_t region; /* for single-buffer i/o */ - isc_bufferlist_t bufferlist; /* list of buffers */ - isc_sockaddr_t address; /* source address */ - isc_time_t timestamp; /* timestamp of packet recv */ - struct in6_pktinfo pktinfo; /* ipv6 pktinfo */ - isc_uint32_t attributes; /* see below */ -}; - -typedef struct isc_socket_newconnev isc_socket_newconnev_t; -struct isc_socket_newconnev { - ISC_EVENT_COMMON(isc_socket_newconnev_t); - isc_socket_t * newsocket; - isc_result_t result; /* OK, EOF, whatever else */ - isc_sockaddr_t address; /* source address */ -}; - -typedef struct isc_socket_connev isc_socket_connev_t; -struct isc_socket_connev { - ISC_EVENT_COMMON(isc_socket_connev_t); - isc_result_t result; /* OK, EOF, whatever else */ -}; - -/* - * _ATTACHED: Internal use only. - * _TRUNC: Packet was truncated on receive. - * _CTRUNC: Packet control information was truncated. This can - * indicate that the packet is not complete, even though - * all the data is valid. - * _TIMESTAMP: The timestamp member is valid. - * _PKTINFO: The pktinfo member is valid. - * _MULTICAST: The UDP packet was received via a multicast transmission. - */ -#define ISC_SOCKEVENTATTR_ATTACHED 0x80000000U /* internal */ -#define ISC_SOCKEVENTATTR_TRUNC 0x00800000U /* public */ -#define ISC_SOCKEVENTATTR_CTRUNC 0x00400000U /* public */ -#define ISC_SOCKEVENTATTR_TIMESTAMP 0x00200000U /* public */ -#define ISC_SOCKEVENTATTR_PKTINFO 0x00100000U /* public */ -#define ISC_SOCKEVENTATTR_MULTICAST 0x00080000U /* public */ - -#define ISC_SOCKEVENT_ANYEVENT (0) -#define ISC_SOCKEVENT_RECVDONE (ISC_EVENTCLASS_SOCKET + 1) -#define ISC_SOCKEVENT_SENDDONE (ISC_EVENTCLASS_SOCKET + 2) -#define ISC_SOCKEVENT_NEWCONN (ISC_EVENTCLASS_SOCKET + 3) -#define ISC_SOCKEVENT_CONNECT (ISC_EVENTCLASS_SOCKET + 4) - -/* - * Internal events. - */ -#define ISC_SOCKEVENT_INTR (ISC_EVENTCLASS_SOCKET + 256) -#define ISC_SOCKEVENT_INTW (ISC_EVENTCLASS_SOCKET + 257) - -typedef enum { - isc_sockettype_udp = 1, - isc_sockettype_tcp = 2 -} isc_sockettype_t; - -/* - * How a socket should be shutdown in isc_socket_shutdown() calls. - */ -#define ISC_SOCKSHUT_RECV 0x00000001 /* close read side */ -#define ISC_SOCKSHUT_SEND 0x00000002 /* close write side */ -#define ISC_SOCKSHUT_ALL 0x00000003 /* close them all */ - -/* - * What I/O events to cancel in isc_socket_cancel() calls. - */ -#define ISC_SOCKCANCEL_RECV 0x00000001 /* cancel recv */ -#define ISC_SOCKCANCEL_SEND 0x00000002 /* cancel send */ -#define ISC_SOCKCANCEL_ACCEPT 0x00000004 /* cancel accept */ -#define ISC_SOCKCANCEL_CONNECT 0x00000008 /* cancel connect */ -#define ISC_SOCKCANCEL_ALL 0x0000000f /* cancel everything */ - -/* - * Flags for isc_socket_send() and isc_socket_recv() calls. - */ -#define ISC_SOCKFLAG_IMMEDIATE 0x00000001 /* send event only if needed */ -#define ISC_SOCKFLAG_NORETRY 0x00000002 /* drop failed UDP sends */ - -/*** - *** Socket and Socket Manager Functions - *** - *** Note: all Ensures conditions apply only if the result is success for - *** those functions which return an isc_result. - ***/ - -isc_result_t -isc_socket_create(isc_socketmgr_t *manager, - int pf, - isc_sockettype_t type, - isc_socket_t **socketp); -/* - * Create a new 'type' socket managed by 'manager'. - * - * Note: - * - * 'pf' is the desired protocol family, e.g. PF_INET or PF_INET6. - * - * Requires: - * - * 'manager' is a valid manager - * - * 'socketp' is a valid pointer, and *socketp == NULL - * - * Ensures: - * - * '*socketp' is attached to the newly created socket - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NORESOURCES - * ISC_R_UNEXPECTED - */ - -void -isc_socket_cancel(isc_socket_t *sock, isc_task_t *task, - unsigned int how); -/* - * Cancel pending I/O of the type specified by "how". - * - * Note: if "task" is NULL, then the cancel applies to all tasks using the - * socket. - * - * Requires: - * - * "socket" is a valid socket - * - * "task" is NULL or a valid task - * - * "how" is a bitmask describing the type of cancelation to perform. - * The type ISC_SOCKCANCEL_ALL will cancel all pending I/O on this - * socket. - * - * ISC_SOCKCANCEL_RECV: - * Cancel pending isc_socket_recv() calls. - * - * ISC_SOCKCANCEL_SEND: - * Cancel pending isc_socket_send() and isc_socket_sendto() calls. - * - * ISC_SOCKCANCEL_ACCEPT: - * Cancel pending isc_socket_accept() calls. - * - * ISC_SOCKCANCEL_CONNECT: - * Cancel pending isc_socket_connect() call. - */ - -void -isc_socket_shutdown(isc_socket_t *sock, unsigned int how); -/* - * Shutdown 'socket' according to 'how'. - * - * Requires: - * - * 'socket' is a valid socket. - * - * 'task' is NULL or is a valid task. - * - * If 'how' is 'ISC_SOCKSHUT_RECV' or 'ISC_SOCKSHUT_ALL' then - * - * The read queue must be empty. - * - * No further read requests may be made. - * - * If 'how' is 'ISC_SOCKSHUT_SEND' or 'ISC_SOCKSHUT_ALL' then - * - * The write queue must be empty. - * - * No further write requests may be made. - */ - -void -isc_socket_attach(isc_socket_t *sock, isc_socket_t **socketp); -/* - * Attach *socketp to socket. - * - * Requires: - * - * 'socket' is a valid socket. - * - * 'socketp' points to a NULL socket. - * - * Ensures: - * - * *socketp is attached to socket. - */ - -void -isc_socket_detach(isc_socket_t **socketp); -/* - * Detach *socketp from its socket. - * - * Requires: - * - * 'socketp' points to a valid socket. - * - * If '*socketp' is the last reference to the socket, - * then: - * - * There must be no pending I/O requests. - * - * Ensures: - * - * *socketp is NULL. - * - * If '*socketp' is the last reference to the socket, - * then: - * - * The socket will be shutdown (both reading and writing) - * for all tasks. - * - * All resources used by the socket have been freed - */ - -isc_result_t -isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp); -/* - * Bind 'socket' to '*addressp'. - * - * Requires: - * - * 'socket' is a valid socket - * - * 'addressp' points to a valid isc_sockaddr. - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_NOPERM - * ISC_R_ADDRNOTAVAIL - * ISC_R_ADDRINUSE - * ISC_R_BOUND - * ISC_R_UNEXPECTED - */ - -isc_result_t -isc_socket_filter(isc_socket_t *sock, const char *filter); -/* - * Inform the kernel that it should perform accept filtering. - * If filter is NULL the current filter will be removed.:w - */ - -isc_result_t -isc_socket_listen(isc_socket_t *sock, unsigned int backlog); -/* - * Set listen mode on the socket. After this call, the only function that - * can be used (other than attach and detach) is isc_socket_accept(). - * - * Notes: - * - * 'backlog' is as in the UNIX system call listen() and may be - * ignored by non-UNIX implementations. - * - * If 'backlog' is zero, a reasonable system default is used, usually - * SOMAXCONN. - * - * Requires: - * - * 'socket' is a valid, bound TCP socket. - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_UNEXPECTED - */ - -isc_result_t -isc_socket_accept(isc_socket_t *sock, - isc_task_t *task, isc_taskaction_t action, const void *arg); -/* - * Queue accept event. When a new connection is received, the task will - * get an ISC_SOCKEVENT_NEWCONN event with the sender set to the listen - * socket. The new socket structure is sent inside the isc_socket_newconnev_t - * event type, and is attached to the task 'task'. - * - * REQUIRES: - * 'socket' is a valid TCP socket that isc_socket_listen() was called - * on. - * - * 'task' is a valid task - * - * 'action' is a valid action - * - * RETURNS: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - */ - -isc_result_t -isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addressp, - isc_task_t *task, isc_taskaction_t action, - const void *arg); -/* - * Connect 'socket' to peer with address *saddr. When the connection - * succeeds, or when an error occurs, a CONNECT event with action 'action' - * and arg 'arg' will be posted to the event queue for 'task'. - * - * Requires: - * - * 'socket' is a valid TCP socket - * - * 'addressp' points to a valid isc_sockaddr - * - * 'task' is a valid task - * - * 'action' is a valid action - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - * - * Posted event's result code: - * - * ISC_R_SUCCESS - * ISC_R_TIMEDOUT - * ISC_R_CONNREFUSED - * ISC_R_NETUNREACH - * ISC_R_UNEXPECTED - */ - -isc_result_t -isc_socket_getpeername(isc_socket_t *sock, isc_sockaddr_t *addressp); -/* - * Get the name of the peer connected to 'socket'. - * - * Requires: - * - * 'socket' is a valid TCP socket. - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_TOOSMALL - * ISC_R_UNEXPECTED - */ - -isc_result_t -isc_socket_getsockname(isc_socket_t *sock, isc_sockaddr_t *addressp); -/* - * Get the name of 'socket'. - * - * Requires: - * - * 'socket' is a valid socket. - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_TOOSMALL - * ISC_R_UNEXPECTED - */ - -isc_result_t -isc_socket_recv(isc_socket_t *sock, isc_region_t *region, - unsigned int minimum, - isc_task_t *task, isc_taskaction_t action, const void *arg); -isc_result_t -isc_socket_recvv(isc_socket_t *sock, isc_bufferlist_t *buflist, - unsigned int minimum, - isc_task_t *task, isc_taskaction_t action, const void *arg); - -isc_result_t -isc_socket_recv2(isc_socket_t *sock, isc_region_t *region, - unsigned int minimum, isc_task_t *task, - isc_socketevent_t *event, unsigned int flags); - -/* - * Receive from 'socket', storing the results in region. - * - * Notes: - * - * Let 'length' refer to the length of 'region' or to the sum of all - * available regions in the list of buffers '*buflist'. - * - * If 'minimum' is non-zero and at least that many bytes are read, - * the completion event will be posted to the task 'task.' If minimum - * is zero, the exact number of bytes requested in the region must - * be read for an event to be posted. This only makes sense for TCP - * connections, and is always set to 1 byte for UDP. - * - * The read will complete when the desired number of bytes have been - * read, if end-of-input occurs, or if an error occurs. A read done - * event with the given 'action' and 'arg' will be posted to the - * event queue of 'task'. - * - * The caller may not modify 'region', the buffers which are passed - * into this function, or any data they refer to until the completion - * event is received. - * - * For isc_socket_recvv(): - * On successful completion, '*buflist' will be empty, and the list of - * all buffers will be returned in the done event's 'bufferlist' - * member. On error return, '*buflist' will be unchanged. - * - * For isc_socket_recv2(): - * 'event' is not NULL, and the non-socket specific fields are - * expected to be initialized. - * - * For isc_socket_recv2(): - * The only defined value for 'flags' is ISC_SOCKFLAG_IMMEDIATE. If - * set and the operation completes, the return value will be - * ISC_R_SUCCESS and the event will be filled in and not sent. If the - * operation does not complete, the return value will be - * ISC_R_INPROGRESS and the event will be sent when the operation - * completes. - * - * Requires: - * - * 'socket' is a valid, bound socket. - * - * For isc_socket_recv(): - * 'region' is a valid region - * - * For isc_socket_recvv(): - * 'buflist' is non-NULL, and '*buflist' contain at least one buffer. - * - * 'task' is a valid task - * - * For isc_socket_recv() and isc_socket_recvv(): - * action != NULL and is a valid action - * - * For isc_socket_recv2(): - * event != NULL - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_INPROGRESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - * - * Event results: - * - * ISC_R_SUCCESS - * ISC_R_UNEXPECTED - * XXX needs other net-type errors - */ - -isc_result_t -isc_socket_send(isc_socket_t *sock, isc_region_t *region, - isc_task_t *task, isc_taskaction_t action, const void *arg); -isc_result_t -isc_socket_sendto(isc_socket_t *sock, isc_region_t *region, - isc_task_t *task, isc_taskaction_t action, const void *arg, - isc_sockaddr_t *address, struct in6_pktinfo *pktinfo); -isc_result_t -isc_socket_sendv(isc_socket_t *sock, isc_bufferlist_t *buflist, - isc_task_t *task, isc_taskaction_t action, const void *arg); -isc_result_t -isc_socket_sendtov(isc_socket_t *sock, isc_bufferlist_t *buflist, - isc_task_t *task, isc_taskaction_t action, const void *arg, - isc_sockaddr_t *address, struct in6_pktinfo *pktinfo); -isc_result_t -isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region, - isc_task_t *task, - isc_sockaddr_t *address, struct in6_pktinfo *pktinfo, - isc_socketevent_t *event, unsigned int flags); - -/* - * Send the contents of 'region' to the socket's peer. - * - * Notes: - * - * Shutting down the requestor's task *may* result in any - * still pending writes being dropped or completed, depending on the - * underlying OS implementation. - * - * If 'action' is NULL, then no completion event will be posted. - * - * The caller may not modify 'region', the buffers which are passed - * into this function, or any data they refer to until the completion - * event is received. - * - * For isc_socket_sendv() and isc_socket_sendtov(): - * On successful completion, '*buflist' will be empty, and the list of - * all buffers will be returned in the done event's 'bufferlist' - * member. On error return, '*buflist' will be unchanged. - * - * For isc_socket_sendto2(): - * 'event' is not NULL, and the non-socket specific fields are - * expected to be initialized. - * - * For isc_socket_sendto2(): - * The only defined values for 'flags' are ISC_SOCKFLAG_IMMEDIATE - * and ISC_SOCKFLAG_NORETRY. - * - * If ISC_SOCKFLAG_IMMEDIATE is set and the operation completes, the - * return value will be ISC_R_SUCCESS and the event will be filled - * in and not sent. If the operation does not complete, the return - * value will be ISC_R_INPROGRESS and the event will be sent when - * the operation completes. - * - * ISC_SOCKFLAG_NORETRY can only be set for UDP sockets. If set - * and the send operation fails due to a transient error, the send - * will not be retried and the error will be indicated in the event. - * Using this option along with ISC_SOCKFLAG_IMMEDIATE allows the caller - * to specify a region that is allocated on the stack. - * - * Requires: - * - * 'socket' is a valid, bound socket. - * - * For isc_socket_send(): - * 'region' is a valid region - * - * For isc_socket_sendv() and isc_socket_sendtov(): - * 'buflist' is non-NULL, and '*buflist' contain at least one buffer. - * - * 'task' is a valid task - * - * For isc_socket_sendv(), isc_socket_sendtov(), isc_socket_send(), and - * isc_socket_sendto(): - * action == NULL or is a valid action - * - * For isc_socket_sendto2(): - * event != NULL - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_INPROGRESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - * - * Event results: - * - * ISC_R_SUCCESS - * ISC_R_UNEXPECTED - * XXX needs other net-type errors - */ - -isc_result_t -isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp); -/* - * Create a socket manager. - * - * Notes: - * - * All memory will be allocated in memory context 'mctx'. - * - * Requires: - * - * 'mctx' is a valid memory context. - * - * 'managerp' points to a NULL isc_socketmgr_t. - * - * Ensures: - * - * '*managerp' is a valid isc_socketmgr_t. - * - * Returns: - * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - */ - -void -isc_socketmgr_destroy(isc_socketmgr_t **managerp); -/* - * Destroy a socket manager. - * - * Notes: - * - * This routine blocks until there are no sockets left in the manager, - * so if the caller holds any socket references using the manager, it - * must detach them before calling isc_socketmgr_destroy() or it will - * block forever. - * - * Requires: - * - * '*managerp' is a valid isc_socketmgr_t. - * - * All sockets managed by this manager are fully detached. - * - * Ensures: - * - * *managerp == NULL - * - * All resources used by the manager have been freed. - */ - -isc_sockettype_t -isc_socket_gettype(isc_socket_t *sock); -/* - * Returns the socket type for "sock." - * - * Requires: - * - * "sock" is a valid socket. - */ - -isc_boolean_t -isc_socket_isbound(isc_socket_t *sock); - -void -isc_socket_ipv6only(isc_socket_t *sock, isc_boolean_t yes); -/* - * If the socket is an IPv6 socket set/clear the IPV6_IPV6ONLY socket - * option if the host OS supports this option. - * - * Requires: - * 'sock' is a valid socket. - */ - -ISC_LANG_ENDDECLS - -#endif /* ISC_SOCKET_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/string.h b/contrib/bind-9.3/lib/isc/include/isc/string.h deleted file mode 100644 index 4fbfe1909c..0000000000 --- a/contrib/bind-9.3/lib/isc/include/isc/string.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: string.h,v 1.9.164.3 2004/03/06 08:14:49 marka Exp $ */ - -#ifndef ISC_STRING_H -#define ISC_STRING_H 1 - -#include - -#include -#include -#include - -ISC_LANG_BEGINDECLS - -isc_uint64_t -isc_string_touint64(char *source, char **endp, int base); -/* - * Convert the string pointed to by 'source' to isc_uint64_t. - * - * On successful conversion 'endp' points to the first character - * after conversion is complete. - * - * 'base': 0 or 2..36 - * - * If base is 0 the base is computed from the string type. - * - * On error 'endp' points to 'source'. - */ - - -char * -isc_string_separate(char **stringp, const char *delim); - -#ifdef ISC_PLATFORM_NEEDSTRSEP -#define strsep isc_string_separate -#endif - -#ifdef ISC_PLATFORM_NEEDMEMMOVE -#define memmove(a,b,c) bcopy(b,a,c) -#endif - -size_t -isc_string_strlcpy(char *dst, const char *src, size_t size); - - -#ifdef ISC_PLATFORM_NEEDSTRLCPY -#define strlcpy isc_string_strlcpy -#endif - - -size_t -isc_string_strlcat(char *dst, const char *src, size_t size); - -#ifdef ISC_PLATFORM_NEEDSTRLCAT -#define strlcat isc_string_strlcat -#endif - -ISC_LANG_ENDDECLS - -#endif /* ISC_STRING_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/types.h b/contrib/bind-9.3/lib/isc/include/isc/types.h deleted file mode 100644 index fad77da99e..0000000000 --- a/contrib/bind-9.3/lib/isc/include/isc/types.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: types.h,v 1.32.2.3.2.1 2004/03/06 08:14:50 marka Exp $ */ - -#ifndef ISC_TYPES_H -#define ISC_TYPES_H 1 - -/* - * OS-specific types, from the OS-specific include directories. - */ -#include -#include - -/* - * XXXDCL should isc_boolean_t be moved here, requiring an explicit include - * of when ISC_TRUE/ISC_FALSE/ISC_TF() are desired? - */ -#include -/* - * XXXDCL This is just for ISC_LIST and ISC_LINK, but gets all of the other - * list macros too. - */ -#include - -/*** - *** Core Types. Alphabetized by defined type. - ***/ - -typedef struct isc_bitstring isc_bitstring_t; -typedef struct isc_buffer isc_buffer_t; -typedef ISC_LIST(isc_buffer_t) isc_bufferlist_t; -typedef struct isc_constregion isc_constregion_t; -typedef struct isc_consttextregion isc_consttextregion_t; -typedef struct isc_entropy isc_entropy_t; -typedef struct isc_entropysource isc_entropysource_t; -typedef struct isc_event isc_event_t; -typedef ISC_LIST(isc_event_t) isc_eventlist_t; -typedef unsigned int isc_eventtype_t; -typedef isc_uint32_t isc_fsaccess_t; -typedef struct isc_hash isc_hash_t; -typedef struct isc_interface isc_interface_t; -typedef struct isc_interfaceiter isc_interfaceiter_t; -typedef struct isc_interval isc_interval_t; -typedef struct isc_lex isc_lex_t; -typedef struct isc_log isc_log_t; -typedef struct isc_logcategory isc_logcategory_t; -typedef struct isc_logconfig isc_logconfig_t; -typedef struct isc_logmodule isc_logmodule_t; -typedef struct isc_mem isc_mem_t; -typedef struct isc_mempool isc_mempool_t; -typedef struct isc_msgcat isc_msgcat_t; -typedef struct isc_ondestroy isc_ondestroy_t; -typedef struct isc_netaddr isc_netaddr_t; -typedef struct isc_quota isc_quota_t; -typedef struct isc_random isc_random_t; -typedef struct isc_ratelimiter isc_ratelimiter_t; -typedef struct isc_region isc_region_t; -typedef isc_uint64_t isc_resourcevalue_t; -typedef unsigned int isc_result_t; -typedef struct isc_rwlock isc_rwlock_t; -typedef struct isc_sockaddr isc_sockaddr_t; -typedef struct isc_socket isc_socket_t; -typedef struct isc_socketevent isc_socketevent_t; -typedef struct isc_socketmgr isc_socketmgr_t; -typedef struct isc_symtab isc_symtab_t; -typedef struct isc_task isc_task_t; -typedef ISC_LIST(isc_task_t) isc_tasklist_t; -typedef struct isc_taskmgr isc_taskmgr_t; -typedef struct isc_textregion isc_textregion_t; -typedef struct isc_time isc_time_t; -typedef struct isc_timer isc_timer_t; -typedef struct isc_timermgr isc_timermgr_t; - -typedef void (*isc_taskaction_t)(isc_task_t *, isc_event_t *); - -typedef enum { - isc_resource_coresize = 1, - isc_resource_cputime, - isc_resource_datasize, - isc_resource_filesize, - isc_resource_lockedmemory, - isc_resource_openfiles, - isc_resource_processes, - isc_resource_residentsize, - isc_resource_stacksize -} isc_resource_t; - -#endif /* ISC_TYPES_H */ diff --git a/contrib/bind-9.3/lib/isc/rwlock.c b/contrib/bind-9.3/lib/isc/rwlock.c deleted file mode 100644 index 3e444d8a11..0000000000 --- a/contrib/bind-9.3/lib/isc/rwlock.c +++ /dev/null @@ -1,427 +0,0 @@ -/* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1998-2001, 2003 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: rwlock.c,v 1.33.2.4.2.3 2005/03/17 03:58:32 marka Exp $ */ - -#include - -#include - -#include -#include -#include -#include -#include - -#define RWLOCK_MAGIC ISC_MAGIC('R', 'W', 'L', 'k') -#define VALID_RWLOCK(rwl) ISC_MAGIC_VALID(rwl, RWLOCK_MAGIC) - -#ifdef ISC_PLATFORM_USETHREADS - -#ifndef RWLOCK_DEFAULT_READ_QUOTA -#define RWLOCK_DEFAULT_READ_QUOTA 4 -#endif - -#ifndef RWLOCK_DEFAULT_WRITE_QUOTA -#define RWLOCK_DEFAULT_WRITE_QUOTA 4 -#endif - -#ifdef ISC_RWLOCK_TRACE -#include /* Required for fprintf/stderr. */ -#include /* Requried for isc_thread_self(). */ - -static void -print_lock(const char *operation, isc_rwlock_t *rwl, isc_rwlocktype_t type) { - fprintf(stderr, - isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_PRINTLOCK, - "rwlock %p thread %lu %s(%s): %s, %u active, " - "%u granted, %u rwaiting, %u wwaiting\n"), - rwl, isc_thread_self(), operation, - (type == isc_rwlocktype_read ? - isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_READ, "read") : - isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_WRITE, "write")), - (rwl->type == isc_rwlocktype_read ? - isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_READING, "reading") : - isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_WRITING, "writing")), - rwl->active, rwl->granted, rwl->readers_waiting, - rwl->writers_waiting); -} -#endif - -isc_result_t -isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota, - unsigned int write_quota) -{ - isc_result_t result; - - REQUIRE(rwl != NULL); - - /* - * In case there's trouble initializing, we zero magic now. If all - * goes well, we'll set it to RWLOCK_MAGIC. - */ - rwl->magic = 0; - - rwl->type = isc_rwlocktype_read; - rwl->original = isc_rwlocktype_none; - rwl->active = 0; - rwl->granted = 0; - rwl->readers_waiting = 0; - rwl->writers_waiting = 0; - if (read_quota == 0) - read_quota = RWLOCK_DEFAULT_READ_QUOTA; - rwl->read_quota = read_quota; - if (write_quota == 0) - write_quota = RWLOCK_DEFAULT_WRITE_QUOTA; - rwl->write_quota = write_quota; - result = isc_mutex_init(&rwl->lock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s: %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed"), - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); - } - result = isc_condition_init(&rwl->readable); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_condition_init(readable) %s: %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed"), - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; - goto destroy_lock; - - } - result = isc_condition_init(&rwl->writeable); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_condition_init(writeable) %s: %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed"), - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; - goto destroy_rcond; - } - - rwl->magic = RWLOCK_MAGIC; - - return (ISC_R_SUCCESS); - - destroy_rcond: - (void)isc_condition_destroy(&rwl->readable); - destroy_lock: - DESTROYLOCK(&rwl->lock); - - return (result); -} - -static isc_result_t -doit(isc_rwlock_t *rwl, isc_rwlocktype_t type, isc_boolean_t nonblock) { - isc_boolean_t skip = ISC_FALSE; - isc_boolean_t done = ISC_FALSE; - isc_result_t result = ISC_R_SUCCESS; - - REQUIRE(VALID_RWLOCK(rwl)); - - LOCK(&rwl->lock); - -#ifdef ISC_RWLOCK_TRACE - print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_PRELOCK, "prelock"), rwl, type); -#endif - - if (type == isc_rwlocktype_read) { - if (rwl->readers_waiting != 0) - skip = ISC_TRUE; - while (!done) { - if (!skip && - ((rwl->active == 0 || - (rwl->type == isc_rwlocktype_read && - (rwl->writers_waiting == 0 || - rwl->granted < rwl->read_quota))))) - { - rwl->type = isc_rwlocktype_read; - rwl->active++; - rwl->granted++; - done = ISC_TRUE; - } else if (nonblock) { - result = ISC_R_LOCKBUSY; - done = ISC_TRUE; - } else { - skip = ISC_FALSE; - rwl->readers_waiting++; - WAIT(&rwl->readable, &rwl->lock); - rwl->readers_waiting--; - } - } - } else { - if (rwl->writers_waiting != 0) - skip = ISC_TRUE; - while (!done) { - if (!skip && rwl->active == 0) { - rwl->type = isc_rwlocktype_write; - rwl->active = 1; - rwl->granted++; - done = ISC_TRUE; - } else if (nonblock) { - result = ISC_R_LOCKBUSY; - done = ISC_TRUE; - } else { - skip = ISC_FALSE; - rwl->writers_waiting++; - WAIT(&rwl->writeable, &rwl->lock); - rwl->writers_waiting--; - } - } - } - -#ifdef ISC_RWLOCK_TRACE - print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_POSTLOCK, "postlock"), rwl, type); -#endif - - UNLOCK(&rwl->lock); - - return (result); -} - -isc_result_t -isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - return (doit(rwl, type, ISC_FALSE)); -} - -isc_result_t -isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - return (doit(rwl, type, ISC_TRUE)); -} - -isc_result_t -isc_rwlock_tryupgrade(isc_rwlock_t *rwl) { - isc_result_t result = ISC_R_SUCCESS; - - REQUIRE(VALID_RWLOCK(rwl)); - LOCK(&rwl->lock); - REQUIRE(rwl->type == isc_rwlocktype_read); - REQUIRE(rwl->active != 0); - - /* If we are the only reader then succeed. */ - if (rwl->active == 1) { - rwl->original = (rwl->original == isc_rwlocktype_none) ? - isc_rwlocktype_read : isc_rwlocktype_none; - rwl->type = isc_rwlocktype_write; - } else - result = ISC_R_LOCKBUSY; - - UNLOCK(&rwl->lock); - return (result); -} - -void -isc_rwlock_downgrade(isc_rwlock_t *rwl) { - - REQUIRE(VALID_RWLOCK(rwl)); - LOCK(&rwl->lock); - REQUIRE(rwl->type == isc_rwlocktype_write); - REQUIRE(rwl->active == 1); - - rwl->type = isc_rwlocktype_read; - rwl->original = (rwl->original == isc_rwlocktype_none) ? - isc_rwlocktype_write : isc_rwlocktype_none; - /* - * Resume processing any read request that were blocked when - * we upgraded. - */ - if (rwl->original == isc_rwlocktype_none && - (rwl->writers_waiting == 0 || rwl->granted < rwl->read_quota) && - rwl->readers_waiting > 0) - BROADCAST(&rwl->readable); - - UNLOCK(&rwl->lock); -} - -isc_result_t -isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - - REQUIRE(VALID_RWLOCK(rwl)); - LOCK(&rwl->lock); - REQUIRE(rwl->type == type); - - UNUSED(type); - -#ifdef ISC_RWLOCK_TRACE - print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_PREUNLOCK, "preunlock"), rwl, type); -#endif - - INSIST(rwl->active > 0); - rwl->active--; - if (rwl->active == 0) { - if (rwl->original != isc_rwlocktype_none) { - rwl->type = rwl->original; - rwl->original = isc_rwlocktype_none; - } - if (rwl->type == isc_rwlocktype_read) { - rwl->granted = 0; - if (rwl->writers_waiting > 0) { - rwl->type = isc_rwlocktype_write; - SIGNAL(&rwl->writeable); - } else if (rwl->readers_waiting > 0) { - /* Does this case ever happen? */ - BROADCAST(&rwl->readable); - } - } else { - if (rwl->readers_waiting > 0) { - if (rwl->writers_waiting > 0 && - rwl->granted < rwl->write_quota) { - SIGNAL(&rwl->writeable); - } else { - rwl->granted = 0; - rwl->type = isc_rwlocktype_read; - BROADCAST(&rwl->readable); - } - } else if (rwl->writers_waiting > 0) { - rwl->granted = 0; - SIGNAL(&rwl->writeable); - } else { - rwl->granted = 0; - } - } - } - INSIST(rwl->original == isc_rwlocktype_none); - -#ifdef ISC_RWLOCK_TRACE - print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, - ISC_MSG_POSTUNLOCK, "postunlock"), - rwl, type); -#endif - - UNLOCK(&rwl->lock); - - return (ISC_R_SUCCESS); -} - -void -isc_rwlock_destroy(isc_rwlock_t *rwl) { - REQUIRE(VALID_RWLOCK(rwl)); - - LOCK(&rwl->lock); - REQUIRE(rwl->active == 0 && - rwl->readers_waiting == 0 && - rwl->writers_waiting == 0); - UNLOCK(&rwl->lock); - - rwl->magic = 0; - (void)isc_condition_destroy(&rwl->readable); - (void)isc_condition_destroy(&rwl->writeable); - DESTROYLOCK(&rwl->lock); -} - -#else /* ISC_PLATFORM_USETHREADS */ - -isc_result_t -isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota, - unsigned int write_quota) -{ - REQUIRE(rwl != NULL); - - UNUSED(read_quota); - UNUSED(write_quota); - - rwl->type = isc_rwlocktype_read; - rwl->active = 0; - rwl->magic = RWLOCK_MAGIC; - - return (ISC_R_SUCCESS); -} - -isc_result_t -isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - REQUIRE(VALID_RWLOCK(rwl)); - - if (type == isc_rwlocktype_read) { - if (rwl->type != isc_rwlocktype_read && rwl->active != 0) - return (ISC_R_LOCKBUSY); - rwl->type = isc_rwlocktype_read; - rwl->active++; - } else { - if (rwl->active != 0) - return (ISC_R_LOCKBUSY); - rwl->type = isc_rwlocktype_write; - rwl->active = 1; - } - return (ISC_R_SUCCESS); -} - -isc_result_t -isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - return (isc_rwlock_lock(rwl, type)); -} - -isc_result_t -isc_rwlock_tryupgrade(isc_rwlock_t *rwl) { - isc_result_t result = ISC_R_SUCCESS; - - REQUIRE(VALID_RWLOCK(rwl)); - REQUIRE(rwl->type == isc_rwlocktype_read); - REQUIRE(rwl->active != 0); - - /* If we are the only reader then succeed. */ - if (rwl->active == 1) - rwl->type = isc_rwlocktype_write; - else - result = ISC_R_LOCKBUSY; - return (result); -} - -void -isc_rwlock_downgrade(isc_rwlock_t *rwl) { - - REQUIRE(VALID_RWLOCK(rwl)); - REQUIRE(rwl->type == isc_rwlocktype_write); - REQUIRE(rwl->active == 1); - - rwl->type = isc_rwlocktype_read; -} - -isc_result_t -isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { - REQUIRE(VALID_RWLOCK(rwl)); - REQUIRE(rwl->type == type); - - UNUSED(type); - - INSIST(rwl->active > 0); - rwl->active--; - - return (ISC_R_SUCCESS); -} - -void -isc_rwlock_destroy(isc_rwlock_t *rwl) { - REQUIRE(rwl != NULL); - REQUIRE(rwl->active == 0); - rwl->magic = 0; -} - -#endif /* ISC_PLATFORM_USETHREADS */ diff --git a/contrib/bind-9.3/lib/isccc/api b/contrib/bind-9.3/lib/isccc/api deleted file mode 100644 index 8c77091b90..0000000000 --- a/contrib/bind-9.3/lib/isccc/api +++ /dev/null @@ -1,3 +0,0 @@ -LIBINTERFACE = 2 -LIBREVISION = 2 -LIBAGE = 2 diff --git a/contrib/bind-9.3/lib/lwres/api b/contrib/bind-9.3/lib/lwres/api deleted file mode 100644 index 63704dd62a..0000000000 --- a/contrib/bind-9.3/lib/lwres/api +++ /dev/null @@ -1,3 +0,0 @@ -LIBINTERFACE = 10 -LIBREVISION = 5 -LIBAGE = 1 diff --git a/contrib/bind-9.3/lib/lwres/gethost.c b/contrib/bind-9.3/lib/lwres/gethost.c deleted file mode 100644 index 9c362b92c8..0000000000 --- a/contrib/bind-9.3/lib/lwres/gethost.c +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: gethost.c,v 1.29.206.1 2004/03/06 08:15:30 marka Exp $ */ - -#include - -#include -#include - -#include -#include - -#include "assert_p.h" - -#define LWRES_ALIGNBYTES (sizeof(char *) - 1) -#define LWRES_ALIGN(p) \ - (((unsigned long)(p) + LWRES_ALIGNBYTES) &~ LWRES_ALIGNBYTES) - -static struct hostent *he = NULL; -static int copytobuf(struct hostent *, struct hostent *, char *, int); - -struct hostent * -lwres_gethostbyname(const char *name) { - - if (he != NULL) - lwres_freehostent(he); - - he = lwres_getipnodebyname(name, AF_INET, 0, &lwres_h_errno); - return (he); -} - -struct hostent * -lwres_gethostbyname2(const char *name, int af) { - if (he != NULL) - lwres_freehostent(he); - - he = lwres_getipnodebyname(name, af, 0, &lwres_h_errno); - return (he); -} - -struct hostent * -lwres_gethostbyaddr(const char *addr, int len, int type) { - - if (he != NULL) - lwres_freehostent(he); - - he = lwres_getipnodebyaddr(addr, len, type, &lwres_h_errno); - return (he); -} - -struct hostent * -lwres_gethostent(void) { - if (he != NULL) - lwres_freehostent(he); - - return (NULL); -} - -void -lwres_sethostent(int stayopen) { - /* - * Empty. - */ - UNUSED(stayopen); -} - -void -lwres_endhostent(void) { - /* - * Empty. - */ -} - -struct hostent * -lwres_gethostbyname_r(const char *name, struct hostent *resbuf, - char *buf, int buflen, int *error) -{ - struct hostent *he; - int res; - - he = lwres_getipnodebyname(name, AF_INET, 0, error); - if (he == NULL) - return (NULL); - res = copytobuf(he, resbuf, buf, buflen); - lwres_freehostent(he); - if (res != 0) { - errno = ERANGE; - return (NULL); - } - return (resbuf); -} - -struct hostent * -lwres_gethostbyaddr_r(const char *addr, int len, int type, - struct hostent *resbuf, char *buf, int buflen, - int *error) -{ - struct hostent *he; - int res; - - he = lwres_getipnodebyaddr(addr, len, type, error); - if (he == NULL) - return (NULL); - res = copytobuf(he, resbuf, buf, buflen); - lwres_freehostent(he); - if (res != 0) { - errno = ERANGE; - return (NULL); - } - return (resbuf); -} - -struct hostent * -lwres_gethostent_r(struct hostent *resbuf, char *buf, int buflen, int *error) { - UNUSED(resbuf); - UNUSED(buf); - UNUSED(buflen); - *error = 0; - return (NULL); -} - -void -lwres_sethostent_r(int stayopen) { - /* - * Empty. - */ - UNUSED(stayopen); -} - -void -lwres_endhostent_r(void) { - /* - * Empty. - */ -} - -static int -copytobuf(struct hostent *he, struct hostent *hptr, char *buf, int buflen) { - char *cp; - char **ptr; - int i, n; - int nptr, len; - - /* - * Find out the amount of space required to store the answer. - */ - nptr = 2; /* NULL ptrs */ - len = (char *)LWRES_ALIGN(buf) - buf; - for (i = 0; he->h_addr_list[i]; i++, nptr++) { - len += he->h_length; - } - for (i = 0; he->h_aliases[i]; i++, nptr++) { - len += strlen(he->h_aliases[i]) + 1; - } - len += strlen(he->h_name) + 1; - len += nptr * sizeof(char*); - - if (len > buflen) { - return (-1); - } - - /* - * Copy address size and type. - */ - hptr->h_addrtype = he->h_addrtype; - n = hptr->h_length = he->h_length; - - ptr = (char **)LWRES_ALIGN(buf); - cp = (char *)LWRES_ALIGN(buf) + nptr * sizeof(char *); - - /* - * Copy address list. - */ - hptr->h_addr_list = ptr; - for (i = 0; he->h_addr_list[i]; i++, ptr++) { - memcpy(cp, he->h_addr_list[i], n); - hptr->h_addr_list[i] = cp; - cp += n; - } - hptr->h_addr_list[i] = NULL; - ptr++; - - /* - * Copy official name. - */ - n = strlen(he->h_name) + 1; - strcpy(cp, he->h_name); - hptr->h_name = cp; - cp += n; - - /* - * Copy aliases. - */ - hptr->h_aliases = ptr; - for (i = 0; he->h_aliases[i]; i++) { - n = strlen(he->h_aliases[i]) + 1; - strcpy(cp, he->h_aliases[i]); - hptr->h_aliases[i] = cp; - cp += n; - } - hptr->h_aliases[i] = NULL; - - return (0); -} diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/lwpacket.h b/contrib/bind-9.3/lib/lwres/include/lwres/lwpacket.h deleted file mode 100644 index 48f6a34862..0000000000 --- a/contrib/bind-9.3/lib/lwres/include/lwres/lwpacket.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwpacket.h,v 1.17.206.1 2004/03/06 08:15:35 marka Exp $ */ - -#ifndef LWRES_LWPACKET_H -#define LWRES_LWPACKET_H 1 - -#include -#include -#include - -typedef struct lwres_lwpacket lwres_lwpacket_t; - -struct lwres_lwpacket { - lwres_uint32_t length; - lwres_uint16_t version; - lwres_uint16_t pktflags; - lwres_uint32_t serial; - lwres_uint32_t opcode; - lwres_uint32_t result; - lwres_uint32_t recvlength; - lwres_uint16_t authtype; - lwres_uint16_t authlength; -}; - -#define LWRES_LWPACKET_LENGTH (4 * 5 + 2 * 4) - -#define LWRES_LWPACKETFLAG_RESPONSE 0x0001U /* if set, pkt is a response */ - - -#define LWRES_LWPACKETVERSION_0 0 - -/* - * "length" is the overall packet length, including the entire packet header. - * - * "version" specifies the header format. Currently, there is only one - * format, LWRES_LWPACKETVERSION_0. - * - * "flags" specifies library-defined flags for this packet. None of these - * are definable by the caller, but library-defined values can be set by - * the caller. For example, one bit in this field indicates if the packet - * is a request or a response. - * - * "serial" is set by the requestor and is returned in all replies. If two - * packets from the same source have the same serial number and are from - * the same source, they are assumed to be duplicates and the latter ones - * may be dropped. (The library does not do this by default on replies, but - * does so on requests.) - * - * "opcode" is application defined. Opcodes between 0x04000000 and 0xffffffff - * are application defined. Opcodes between 0x00000000 and 0x03ffffff are - * reserved for library use. - * - * "result" is application defined, and valid only on replies. - * Results between 0x04000000 and 0xffffffff are application defined. - * Results between 0x00000000 and 0x03ffffff are reserved for library use. - * (This is the same reserved range defined in , so it - * would be trivial to map ISC_R_* result codes into packet result codes - * when appropriate.) - * - * "recvlength" is set to the maximum buffer size that the receiver can - * handle on requests, and the size of the buffer needed to satisfy a request - * when the buffer is too large for replies. - * - * "authtype" is the packet level auth type used. - * Authtypes between 0x1000 and 0xffff are application defined. Authtypes - * between 0x0000 and 0x0fff are reserved for library use. This is currently - * unused and MUST be set to zero. - * - * "authlen" is the length of the authentication data. See the specific - * authtypes for more information on what is contained in this field. This - * is currently unused, and MUST be set to zero. - * - * The remainder of the packet consists of two regions, one described by - * "authlen" and one of "length - authlen - sizeof(lwres_lwpacket_t)". - * - * That is: - * - * pkt header - * authlen bytes of auth information - * data bytes - */ - -/* - * Currently defined opcodes: - * - * NOOP. Success is always returned, with the packet contents echoed. - * - * GETADDRSBYNAME. Return all known addresses for a given name. - * This may return NIS or /etc/hosts info as well as DNS - * information. Flags will be provided to indicate ip4/ip6 - * addresses are desired. - * - * GETNAMEBYADDR. Return the hostname for the given address. Once - * again, it will return data from multiple sources. - */ - -LWRES_LANG_BEGINDECLS - -/* XXXMLG document */ -lwres_result_t -lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); - -lwres_result_t -lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); - -LWRES_LANG_ENDDECLS - -#endif /* LWRES_LWPACKET_H */ diff --git a/contrib/bind-9.3/lib/lwres/lwbuffer.c b/contrib/bind-9.3/lib/lwres/lwbuffer.c deleted file mode 100644 index 69009f00ae..0000000000 --- a/contrib/bind-9.3/lib/lwres/lwbuffer.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwbuffer.c,v 1.10.206.1 2004/03/06 08:15:31 marka Exp $ */ - -#include - -#include - -#include - -#include "assert_p.h" - -void -lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length) -{ - /* - * Make 'b' refer to the 'length'-byte region starting at base. - */ - - REQUIRE(b != NULL); - - b->magic = LWRES_BUFFER_MAGIC; - b->base = base; - b->length = length; - b->used = 0; - b->current = 0; - b->active = 0; -} - -void -lwres_buffer_invalidate(lwres_buffer_t *b) -{ - /* - * Make 'b' an invalid buffer. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - - b->magic = 0; - b->base = NULL; - b->length = 0; - b->used = 0; - b->current = 0; - b->active = 0; -} - -void -lwres_buffer_add(lwres_buffer_t *b, unsigned int n) -{ - /* - * Increase the 'used' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + n <= b->length); - - b->used += n; -} - -void -lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n) -{ - /* - * Decrease the 'used' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used >= n); - - b->used -= n; - if (b->current > b->used) - b->current = b->used; - if (b->active > b->used) - b->active = b->used; -} - -void -lwres_buffer_clear(lwres_buffer_t *b) -{ - /* - * Make the used region empty. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - - b->used = 0; - b->current = 0; - b->active = 0; -} - -void -lwres_buffer_first(lwres_buffer_t *b) -{ - /* - * Make the consumed region empty. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - - b->current = 0; -} - -void -lwres_buffer_forward(lwres_buffer_t *b, unsigned int n) -{ - /* - * Increase the 'consumed' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->current + n <= b->used); - - b->current += n; -} - -void -lwres_buffer_back(lwres_buffer_t *b, unsigned int n) -{ - /* - * Decrease the 'consumed' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(n <= b->current); - - b->current -= n; -} - -lwres_uint8_t -lwres_buffer_getuint8(lwres_buffer_t *b) -{ - unsigned char *cp; - lwres_uint8_t result; - - /* - * Read an unsigned 8-bit integer from 'b' and return it. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= 1); - - cp = b->base; - cp += b->current; - b->current += 1; - result = ((unsigned int)(cp[0])); - - return (result); -} - -void -lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + 1 <= b->length); - - cp = b->base; - cp += b->used; - b->used += 1; - cp[0] = (val & 0x00ff); -} - -lwres_uint16_t -lwres_buffer_getuint16(lwres_buffer_t *b) -{ - unsigned char *cp; - lwres_uint16_t result; - - /* - * Read an unsigned 16-bit integer in network byte order from 'b', - * convert it to host byte order, and return it. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= 2); - - cp = b->base; - cp += b->current; - b->current += 2; - result = ((unsigned int)(cp[0])) << 8; - result |= ((unsigned int)(cp[1])); - - return (result); -} - -void -lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + 2 <= b->length); - - cp = b->base; - cp += b->used; - b->used += 2; - cp[0] = (val & 0xff00) >> 8; - cp[1] = (val & 0x00ff); -} - -lwres_uint32_t -lwres_buffer_getuint32(lwres_buffer_t *b) -{ - unsigned char *cp; - lwres_uint32_t result; - - /* - * Read an unsigned 32-bit integer in network byte order from 'b', - * convert it to host byte order, and return it. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= 4); - - cp = b->base; - cp += b->current; - b->current += 4; - result = ((unsigned int)(cp[0])) << 24; - result |= ((unsigned int)(cp[1])) << 16; - result |= ((unsigned int)(cp[2])) << 8; - result |= ((unsigned int)(cp[3])); - - return (result); -} - -void -lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + 4 <= b->length); - - cp = b->base; - cp += b->used; - b->used += 4; - cp[0] = (unsigned char)((val & 0xff000000) >> 24); - cp[1] = (unsigned char)((val & 0x00ff0000) >> 16); - cp[2] = (unsigned char)((val & 0x0000ff00) >> 8); - cp[3] = (unsigned char)(val & 0x000000ff); -} - -void -lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, - unsigned int length) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + length <= b->length); - - cp = (unsigned char *)b->base + b->used; - memcpy(cp, base, length); - b->used += length; -} - -void -lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, - unsigned int length) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= length); - - cp = b->base; - cp += b->current; - b->current += length; - - memcpy(base, cp, length); -} diff --git a/contrib/bind-9.3/lib/lwres/man/lwres.html b/contrib/bind-9.3/lib/lwres/man/lwres.html deleted file mode 100644 index 02af1f7d98..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres.html +++ /dev/null @@ -1,216 +0,0 @@ - - - - - -lwres - - -
-
-
-

Name

-

lwres — introduction to the lightweight resolver library

-
-
-

Synopsis

-
#include <lwres/lwres.h>
-
-
-

DESCRIPTION

-

-The BIND 9 lightweight resolver library is a simple, name service -independent stub resolver library. It provides hostname-to-address -and address-to-hostname lookup services to applications by -transmitting lookup requests to a resolver daemon -lwresd -running on the local host. The resover daemon performs the -lookup using the DNS or possibly other name service protocols, -and returns the results to the application through the library. -The library and resolver daemon communicate using a simple -UDP-based protocol. -

-
-
-

OVERVIEW

-

-The lwresd library implements multiple name service APIs. -The standard -gethostbyname(), -gethostbyaddr(), -gethostbyname_r(), -gethostbyaddr_r(), -getaddrinfo(), -getipnodebyname(), -and -getipnodebyaddr() -functions are all supported. To allow the lwres library to coexist -with system libraries that define functions of the same name, -the library defines these functions with names prefixed by -lwres_. -To define the standard names, applications must include the -header file -<lwres/netdb.h> -which contains macro definitions mapping the standard function names -into -lwres_ -prefixed ones. Operating system vendors who integrate the lwres -library into their base distributions should rename the functions -in the library proper so that the renaming macros are not needed. -

-

-The library also provides a native API consisting of the functions -lwres_getaddrsbyname() -and -lwres_getnamebyaddr(). -These may be called by applications that require more detailed -control over the lookup process than the standard functions -provide. -

-

-In addition to these name service independent address lookup -functions, the library implements a new, experimental API -for looking up arbitrary DNS resource records, using the -lwres_getaddrsbyname() -function. -

-

-Finally, there is a low-level API for converting lookup -requests and responses to and from raw lwres protocol packets. -This API can be used by clients requiring nonblocking operation, -and is also used when implementing the server side of the lwres -protocol, for example in the -lwresd -resolver daemon. The use of this low-level API in clients -and servers is outlined in the following sections. -

-
-
-

CLIENT-SIDE LOW-LEVEL API CALL FLOW

-

-When a client program wishes to make an lwres request using the -native low-level API, it typically performs the following -sequence of actions. -

-

-(1) Allocate or use an existing lwres_packet_t, -called pkt below. -

-

-(2) Set pkt.recvlength to the maximum length we will accept. -This is done so the receiver of our packets knows how large our receive -buffer is. The "default" is a constant in -lwres.h: LWRES_RECVLENGTH = 4096. -

-

-(3) Set pkt.serial -to a unique serial number. This value is echoed -back to the application by the remote server. -

-

-(4) Set pkt.pktflags. Usually this is set to 0. -

-

-(5) Set pkt.result to 0. -

-

-(6) Call lwres_*request_render(), -or marshall in the data using the primitives -such as lwres_packet_render() -and storing the packet data. -

-

-(7) Transmit the resulting buffer. -

-

-(8) Call lwres_*response_parse() -to parse any packets received. -

-

-(9) Verify that the opcode and serial match a request, and process the -packet specific information contained in the body. -

-
-
-

SERVER-SIDE LOW-LEVEL API CALL FLOW

-

-When implementing the server side of the lightweight resolver -protocol using the lwres library, a sequence of actions like the -following is typically involved in processing each request packet. -

-

-Note that the same lwres_packet_t is used -in both the _parse() and _render() calls, -with only a few modifications made -to the packet header's contents between uses. This method is recommended -as it keeps the serial, opcode, and other fields correct. -

-

-(1) When a packet is received, call lwres_*request_parse() to -unmarshall it. This returns a lwres_packet_t (also called pkt, below) -as well as a data specific type, such as lwres_gabnrequest_t. -

-

-(2) Process the request in the data specific type. -

-

-(3) Set the pkt.result, -pkt.recvlength as above. All other fields can -be left untouched since they were filled in by the *_parse() call -above. If using lwres_*response_render(), -pkt.pktflags will be set up -properly. Otherwise, the LWRES_LWPACKETFLAG_RESPONSE bit should be -set. -

-

-(4) Call the data specific rendering function, such as -lwres_gabnresponse_render(). -

-

-(5) Send the resulting packet to the client. -

-

-

-
-
-

SEE ALSO

-

-lwres_gethostent(3), - -lwres_getipnode(3), - -lwres_getnameinfo(3), - -lwres_noop(3), - -lwres_gabn(3), - -lwres_gnba(3), - -lwres_context(3), - -lwres_config(3), - -resolver(5), - -lwresd(8). - -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_buffer.html b/contrib/bind-9.3/lib/lwres/man/lwres_buffer.html deleted file mode 100644 index 9443fbda1e..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_buffer.html +++ /dev/null @@ -1,542 +0,0 @@ - - - - - -lwres_buffer - - -
-
-
-

Name

-

lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management

-
-
-

Synopsis

-
-
-#include <lwres/lwbuffer.h>
-
- - - - - - - - - - - - - - - - - - - - - -
-void -lwres_buffer_init( ,
  ,
  ,
   -);
- - - - - - - - - - - -
-void -lwres_buffer_invalidate(  -);
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_add( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_subtract( ,
  ,
   -);
- - - - - - - - - - - -
-void -lwres_buffer_clear(  -);
   -);
- - - - - - - - - - - -
-void -lwres_buffer_first(  -);
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_forward( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_back( ,
  ,
   -);
- - - - - - - - - - - -
-lwres_uint8_t -lwres_buffer_getuint8(  -);
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_putuint8( ,
  ,
   -);
- - - - - - - - - - - -
-lwres_uint16_t -lwres_buffer_getuint16(  -);
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_putuint16( ,
  ,
   -);
- - - - - - - - - - - -
-lwres_uint32_t -lwres_buffer_getuint32(  -);
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_buffer_putuint32( ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - -
-void -lwres_buffer_putmem( ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - -
-void -lwres_buffer_getmem( ,
  ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-These functions provide bounds checked access to a region of memory -where data is being read or written. -They are based on, and similar to, the -isc_buffer_ -functions in the ISC library. -

-

-A buffer is a region of memory, together with a set of related -subregions. -The used region and the -available region are disjoint, and -their union is the buffer's region. -The used region extends from the beginning of the buffer region to the -last used byte. -The available region extends from one byte greater than the last used -byte to the end of the buffer's region. -The size of the used region can be changed using various -buffer commands. -Initially, the used region is empty. -

-

-The used region is further subdivided into two disjoint regions: the -consumed region and the remaining region. -The union of these two regions is the used region. -The consumed region extends from the beginning of the used region to -the byte before the current offset (if any). -The remaining region the current pointer to the end of the used -region. -The size of the consumed region can be changed using various -buffer commands. -Initially, the consumed region is empty. -

-

-The active region is an (optional) subregion of the remaining -region. -It extends from the current offset to an offset in the -remaining region. -Initially, the active region is empty. -If the current offset advances beyond the chosen offset, -the active region will also be empty. -

-

-

-
- 
-   /------------entire length---------------\\
-   /----- used region -----\\/-- available --\\
-   +----------------------------------------+
-   | consumed  | remaining |                |
-   +----------------------------------------+
-   a           b     c     d                e
- 
-  a == base of buffer.
-  b == current pointer.  Can be anywhere between a and d.
-  c == active pointer.  Meaningful between b and d.
-  d == used pointer.
-  e == length of buffer.
- 
-  a-e == entire length of buffer.
-  a-d == used region.
-  a-b == consumed region.
-  b-d == remaining region.
-  b-c == optional active region.
-
-

-

-

-lwres_buffer_init() -initializes the -lwres_buffer_t -*b -and assocates it with the memory region of size -length -bytes starting at location -base. -

-

-lwres_buffer_invalidate() -marks the buffer -*b -as invalid. Invalidating a buffer after use is not required, -but makes it possible to catch its possible accidental use. -

-

-The functions -lwres_buffer_add() -and -lwres_buffer_subtract() -respectively increase and decrease the used space in -buffer -*b -by -n -bytes. -lwres_buffer_add() -checks for buffer overflow and -lwres_buffer_subtract() -checks for underflow. -These functions do not allocate or deallocate memory. -They just change the value of -used. -

-

-A buffer is re-initialised by -lwres_buffer_clear(). -The function sets -used , -current -and -active -to zero. -

-

-lwres_buffer_first -makes the consumed region of buffer -*p -empty by setting -current -to zero (the start of the buffer). -

-

-lwres_buffer_forward() -increases the consumed region of buffer -*b -by -n -bytes, checking for overflow. -Similarly, -lwres_buffer_back() -decreases buffer -b's -consumed region by -n -bytes and checks for underflow. -

-

-lwres_buffer_getuint8() -reads an unsigned 8-bit integer from -*b -and returns it. -lwres_buffer_putuint8() -writes the unsigned 8-bit integer -val -to buffer -*b. -

-

-lwres_buffer_getuint16() -and -lwres_buffer_getuint32() -are identical to -lwres_buffer_putuint8() -except that they respectively read an unsigned 16-bit or 32-bit integer -in network byte order from -b. -Similarly, -lwres_buffer_putuint16() -and -lwres_buffer_putuint32() -writes the unsigned 16-bit or 32-bit integer -val -to buffer -b, -in network byte order. -

-

-Arbitrary amounts of data are read or written from a lightweight -resolver buffer with -lwres_buffer_getmem() -and -lwres_buffer_putmem() -respectively. -lwres_buffer_putmem() -copies -length -bytes of memory at -base -to -b. -Conversely, -lwres_buffer_getmem() -copies -length -bytes of memory from -b -to -base. -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_config.html b/contrib/bind-9.3/lib/lwres/man/lwres_config.html deleted file mode 100644 index 339a487843..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_config.html +++ /dev/null @@ -1,200 +0,0 @@ - - - - - -lwres_config - - -
-
-
-

Name

-

lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration

-
-
-

Synopsis

-
-
#include <lwres/lwres.h>
- - - - - - - - - - - -
-void -lwres_conf_init(  -);
   -);
- - - - - - - - - - - -
-void -lwres_conf_clear(  -);
   -);
- - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_conf_parse( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_conf_print( ,
  ,
   -);
- - - - - - - - - - - -
-lwres_conf_t * -lwres_conf_get(  -);
   -);
-
-
-
-

DESCRIPTION

-

-lwres_conf_init() -creates an empty -lwres_conf_t -structure for lightweight resolver context -ctx. -

-

-lwres_conf_clear() -frees up all the internal memory used by -that -lwres_conf_t -structure in resolver context -ctx. -

-

-lwres_conf_parse() -opens the file -filename -and parses it to initialise the resolver context -ctx's -lwres_conf_t -structure. -

-

-lwres_conf_print() -prints the -lwres_conf_t -structure for resolver context -ctx -to the -FILE -fp. -

-
-
-

RETURN VALUES

-

-lwres_conf_parse() -returns -LWRES_R_SUCCESS -if it successfully read and parsed -filename. -It returns -LWRES_R_FAILURE -if -filename -could not be opened or contained incorrect -resolver statements. -

-

-lwres_conf_print() -returns -LWRES_R_SUCCESS -unless an error occurred when converting the network addresses to a -numeric host address string. -If this happens, the function returns -LWRES_R_FAILURE. -

-
-
-

SEE ALSO

-

-stdio(3), -resolver(5). -

-
-
-

FILES

-

-/etc/resolv.conf -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_context.html b/contrib/bind-9.3/lib/lwres/man/lwres_context.html deleted file mode 100644 index 6f7fbecec2..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_context.html +++ /dev/null @@ -1,376 +0,0 @@ - - - - - -lwres_context - - -
-
-
-

Name

-

lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management

-
-
-

Synopsis

-
-
#include <lwres/lwres.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_context_create( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - -
-lwres_result_t -lwres_context_destroy(  -);
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_context_initserial( ,
  ,
   -);
- - - - - - - - - - - -
-lwres_uint32_t -lwres_context_nextserial(  -);
   -);
- - - - - - - - - - - - - - - - - - - - - -
-void -lwres_context_freemem( ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_context_allocmem( ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-void * -lwres_context_sendrecv( ,
  ,
  ,
  ,
  ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-lwres_context_create() -creates a -lwres_context_t -structure for use in lightweight resolver operations. -It holds a socket and other data needed for communicating -with a resolver daemon. -The new -lwres_context_t -is returned through -contextp, - -a pointer to a -lwres_context_t -pointer. This -lwres_context_t -pointer must initially be NULL, and is modified -to point to the newly created -lwres_context_t. - -

-

-When the lightweight resolver needs to perform dynamic memory -allocation, it will call -malloc_function -to allocate memory and -free_function - -to free it. If -malloc_function -and -free_function - -are NULL, memory is allocated using -.Xr malloc 3 -and -free(3). - -It is not permitted to have a NULL -malloc_function -and a non-NULL -free_function -or vice versa. -arg -is passed as the first parameter to the memory -allocation functions. -If -malloc_function -and -free_function -are NULL, -arg - -is unused and should be passed as NULL. -

-

-Once memory for the structure has been allocated, -it is initialized using -lwres_conf_init(3) - -and returned via -*contextp. - -

-

-lwres_context_destroy() -destroys a -lwres_context_t, - -closing its socket. -contextp -is a pointer to a pointer to the context that is to be destroyed. -The pointer will be set to NULL when the context has been destroyed. -

-

-The context holds a serial number that is used to identify resolver -request packets and associate responses with the corresponding requests. -This serial number is controlled using -lwres_context_initserial() -and -lwres_context_nextserial(). -lwres_context_initserial() -sets the serial number for context -*ctx -to -serial. - -lwres_context_nextserial() -increments the serial number and returns the previous value. -

-

-Memory for a lightweight resolver context is allocated and freed using -lwres_context_allocmem() -and -lwres_context_freemem(). -These use whatever allocations were defined when the context was -created with -lwres_context_create(). -lwres_context_allocmem() -allocates -len -bytes of memory and if successful returns a pointer to the allocated -storage. -lwres_context_freemem() -frees -len -bytes of space starting at location -mem. - -

-

-lwres_context_sendrecv() -performs I/O for the context -ctx. - -Data are read and written from the context's socket. -It writes data from -sendbase -— typically a lightweight resolver query packet — -and waits for a reply which is copied to the receive buffer at -recvbase. - -The number of bytes that were written to this receive buffer is -returned in -*recvd_len. - -

-
-
-

RETURN VALUES

-

-lwres_context_create() -returns -LWRES_R_NOMEMORY -if memory for the -struct lwres_context -could not be allocated, -LWRES_R_SUCCESS -otherwise. -

-

-Successful calls to the memory allocator -lwres_context_allocmem() -return a pointer to the start of the allocated space. -It returns NULL if memory could not be allocated. -

-

-LWRES_R_SUCCESS -is returned when -lwres_context_sendrecv() -completes successfully. -LWRES_R_IOERROR -is returned if an I/O error occurs and -LWRES_R_TIMEOUT -is returned if -lwres_context_sendrecv() -times out waiting for a response. -

-
-
-

SEE ALSO

-

-lwres_conf_init(3), - -malloc(3), - -free(3 -). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gabn.html b/contrib/bind-9.3/lib/lwres/man/lwres_gabn.html deleted file mode 100644 index fce25c5170..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gabn.html +++ /dev/null @@ -1,357 +0,0 @@ - - - - - -lwres_gabn - - -
-
-
-

Name

-

lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling

-
-
-

Synopsis

-
-
#include <lwres/lwres.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gabnrequest_render( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gabnresponse_render( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gabnrequest_parse( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gabnresponse_parse( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_gabnresponse_free( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_gabnrequest_free( ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-These are low-level routines for creating and parsing -lightweight resolver name-to-address lookup request and -response messages. -

-

-There are four main functions for the getaddrbyname opcode. -One render function converts a getaddrbyname request structure — -lwres_gabnrequest_t — -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getaddrbyname request structure. -Another render function converts the getaddrbyname response structure — -lwres_gabnresponse_t — -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getaddrbyname response structure. -

-

-These structures are defined in -<lwres/lwres.h>. -They are shown below. -

-
-#define LWRES_OPCODE_GETADDRSBYNAME     0x00010001U
-
-typedef struct lwres_addr lwres_addr_t;
-typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t;
-
-typedef struct {
-        lwres_uint32_t  flags;
-        lwres_uint32_t  addrtypes;
-        lwres_uint16_t  namelen;
-        char           *name;
-} lwres_gabnrequest_t;
-
-typedef struct {
-        lwres_uint32_t          flags;
-        lwres_uint16_t          naliases;
-        lwres_uint16_t          naddrs;
-        char                   *realname;
-        char                  **aliases;
-        lwres_uint16_t          realnamelen;
-        lwres_uint16_t         *aliaslen;
-        lwres_addrlist_t        addrs;
-        void                   *base;
-        size_t                  baselen;
-} lwres_gabnresponse_t;
-
-

-

-

-lwres_gabnrequest_render() -uses resolver context -ctx -to convert getaddrbyname request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. - -The contents of -*req -are then appended to the buffer in canonical format. -lwres_gabnresponse_render() -performs the same task, except it converts a getaddrbyname response structure -lwres_gabnresponse_t -to the lightweight resolver's canonical format. -

-

-lwres_gabnrequest_parse() -uses context -ctx -to convert the contents of packet -pkt -to a -lwres_gabnrequest_t -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -lwres_gabnrequest_t -is made available through -*structp. - -lwres_gabnresponse_parse() -offers the same semantics as -lwres_gabnrequest_parse() -except it yields a -lwres_gabnresponse_t -structure. -

-

-lwres_gabnresponse_free() -and -lwres_gabnrequest_free() -release the memory in resolver context -ctx -that was allocated to the -lwres_gabnresponse_t -or -lwres_gabnrequest_t -structures referenced via -structp. - -Any memory associated with ancillary buffers and strings for those -structures is also discarded. -

-
-
-

RETURN VALUES

-

-The getaddrbyname opcode functions -lwres_gabnrequest_render(), -lwres_gabnresponse_render() -lwres_gabnrequest_parse() -and -lwres_gabnresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_gabnrequest_t -and -lwres_gabnresponse_t -structures. -lwres_gabnrequest_parse() -and -lwres_gabnresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query. -

-
-
-

SEE ALSO

-

-lwres_packet(3 -) -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.html b/contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.html deleted file mode 100644 index 4b244e3c8c..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.html +++ /dev/null @@ -1,124 +0,0 @@ - - - - - -lwres_gai_strerror - - -
-
-
-

Name

-

gai_strerror — print suitable error string

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
-

-char * -gai_strerror(int ecode);

-
-
-
-

DESCRIPTION

-

-lwres_gai_strerror() -returns an error message corresponding to an error code returned by -getaddrinfo(). -The following error codes and their meaning are defined in -include/lwres/netdb.h. -

-
-
EAI_ADDRFAMILY
-

-address family for hostname not supported -

-
EAI_AGAIN
-

-temporary failure in name resolution -

-
EAI_BADFLAGS
-

-invalid value for -ai_flags -

-
EAI_FAIL
-

-non-recoverable failure in name resolution -

-
EAI_FAMILY
-

-ai_family not supported -

-
EAI_MEMORY
-

-memory allocation failure -

-
EAI_NODATA
-

-no address associated with hostname -

-
EAI_NONAME
-

-hostname or servname not provided, or not known -

-
EAI_SERVICE
-

-servname not supported for ai_socktype -

-
EAI_SOCKTYPE
-

-ai_socktype not supported -

-
EAI_SYSTEM
-

-system error returned in errno -

-
-

-The message invalid error code is returned if -ecode -is out of range. -

-

-ai_flags, -ai_family -and -ai_socktype -are elements of the -struct addrinfo -used by -lwres_getaddrinfo(). -

-
-
-

SEE ALSO

-

-strerror(3), - -lwres_getaddrinfo(3), - -getaddrinfo(3), - -RFC2133. -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.html b/contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.html deleted file mode 100644 index 375c319c9c..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.html +++ /dev/null @@ -1,346 +0,0 @@ - - - - - -lwres_getaddrinfo - - -
-
-
-

Name

-

lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-int -lwres_getaddrinfo( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - -
-void -lwres_freeaddrinfo(  -);
   -);
-
-

-If the operating system does not provide a -struct addrinfo, -the following structure is used: - -

-
-struct  addrinfo {
-        int             ai_flags;       /* AI_PASSIVE, AI_CANONNAME */
-        int             ai_family;      /* PF_xxx */
-        int             ai_socktype;    /* SOCK_xxx */
-        int             ai_protocol;    /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
-        size_t          ai_addrlen;     /* length of ai_addr */
-        char            *ai_canonname;  /* canonical name for hostname */
-        struct sockaddr *ai_addr;       /* binary address */
-        struct addrinfo *ai_next;       /* next structure in linked list */
-};
-
-

-

-
-
-

DESCRIPTION

-

-lwres_getaddrinfo() -is used to get a list of IP addresses and port numbers for host -hostname -and service -servname. - -The function is the lightweight resolver's implementation of -getaddrinfo() -as defined in RFC2133. -hostname -and -servname -are pointers to null-terminated -strings or -NULL. - -hostname -is either a host name or a numeric host address string: a dotted decimal -IPv4 address or an IPv6 address. -servname -is either a decimal port number or a service name as listed in -/etc/services. -

-

-hints -is an optional pointer to a -struct addrinfo. -This structure can be used to provide hints concerning the type of socket -that the caller supports or wishes to use. -The caller can supply the following structure elements in -*hints: - -

-
-
ai_family
-

The protocol family that should be used. -When -ai_family -is set to -PF_UNSPEC, -it means the caller will accept any protocol family supported by the -operating system. -

-
ai_socktype
-

-denotes the type of socket — -SOCK_STREAM, -SOCK_DGRAM -or -SOCK_RAW -— that is wanted. -When -ai_socktype -is zero the caller will accept any socket type. -

-
ai_protocol
-

-indicates which transport protocol is wanted: IPPROTO_UDP or -IPPROTO_TCP. -If -ai_protocol -is zero the caller will accept any protocol. -

-
ai_flags
-
-

-Flag bits. -If the -AI_CANONNAME -bit is set, a successful call to -lwres_getaddrinfo() -will return a null-terminated string containing the canonical name -of the specified hostname in -ai_canonname -of the first -addrinfo -structure returned. -Setting the -AI_PASSIVE -bit indicates that the returned socket address structure is intended -for used in a call to -bind(2). - -In this case, if the hostname argument is a -NULL -pointer, then the IP address portion of the socket -address structure will be set to -INADDR_ANY -for an IPv4 address or -IN6ADDR_ANY_INIT -for an IPv6 address. -

-

-When -ai_flags -does not set the -AI_PASSIVE -bit, the returned socket address structure will be ready -for use in a call to -connect(2 -) -for a connection-oriented protocol or -connect(2), - -sendto(2), - -or -sendmsg(2 -) -if a connectionless protocol was chosen. -The IP address portion of the socket address structure will be -set to the loopback address if -hostname -is a -NULL -pointer and -AI_PASSIVE -is not set in -ai_flags. -

-

-If -ai_flags -is set to -AI_NUMERICHOST -it indicates that -hostname -should be treated as a numeric string defining an IPv4 or IPv6 address -and no name resolution should be attempted. -

-
-
-

-

-

-All other elements of the struct addrinfo passed -via hints must be zero. -

-

-A hints of NULL is treated as if -the caller provided a struct addrinfo initialized to zero -with ai_familyset to -PF_UNSPEC. -

-

-After a successful call to -lwres_getaddrinfo(), -*res -is a pointer to a linked list of one or more -addrinfo -structures. -Each -struct addrinfo -in this list cn be processed by following -the -ai_next -pointer, until a -NULL -pointer is encountered. -The three members -ai_family, -ai_socktype, -and -ai_protocol -in each -returned -addrinfo -structure contain the corresponding arguments for a call to -socket(2). -For each -addrinfo -structure in the list, the -ai_addr -member points to a filled-in socket address structure of length -ai_addrlen. -

-

-All of the information returned by -lwres_getaddrinfo() -is dynamically allocated: the addrinfo structures, and the socket -address structures and canonical host name strings pointed to by the -addrinfostructures. -Memory allocated for the dynamically allocated structures created by -a successful call to -lwres_getaddrinfo() -is released by -lwres_freeaddrinfo(). -ai -is a pointer to a -struct addrinfo -created by a call to -lwres_getaddrinfo(). -

-
-
-

RETURN VALUES

-

-lwres_getaddrinfo() -returns zero on success or one of the error codes listed in -gai_strerror(3 -) -if an error occurs. -If both -hostname -and -servname -are -NULL -lwres_getaddrinfo() -returns -EAI_NONAME. - -

-
-
-

SEE ALSO

-

-lwres(3), - -lwres_getaddrinfo(3), - -lwres_freeaddrinfo(3), - -lwres_gai_strerror(3), - -RFC2133, - -getservbyname(3), - -bind(2), - -connect(2), - -sendto(2), - -sendmsg(2), - -socket(2). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gethostent.html b/contrib/bind-9.3/lib/lwres/man/lwres_gethostent.html deleted file mode 100644 index fefc67b886..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gethostent.html +++ /dev/null @@ -1,463 +0,0 @@ - - - - - -lwres_gethostent - - -
-
-
-

Name

-

lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
- - - - - - - - - - - -
-struct hostent * -lwres_gethostbyname(  -);
   -);
- - - - - - - - - - - - - - - - -
-struct hostent * -lwres_gethostbyname2( ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - -
-struct hostent * -lwres_gethostbyaddr( ,
  ,
  ,
   -);
-

-struct hostent * -lwres_gethostent(void);

-

-void -lwres_sethostent(int stayopen);

-

-void -lwres_endhostent(void);

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-struct hostent * -lwres_gethostbyname_r( ,
  ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-struct hostent * -lwres_gethostbyaddr_r( ,
  ,
  ,
  ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-struct hostent * -lwres_gethostent_r( ,
  ,
  ,
  ,
   -);
-

-void -lwres_sethostent_r(int stayopen);

-

-void -lwres_endhostent_r(void);

-
-
-
-

DESCRIPTION

-

-These functions provide hostname-to-address and -address-to-hostname lookups by means of the lightweight resolver. -They are similar to the standard -gethostent(3 -) -functions provided by most operating systems. -They use a -struct hostent -which is usually defined in -<namedb.h>. - -

-
-struct  hostent {
-        char    *h_name;        /* official name of host */
-        char    **h_aliases;    /* alias list */
-        int     h_addrtype;     /* host address type */
-        int     h_length;       /* length of address */
-        char    **h_addr_list;  /* list of addresses from name server */
-};
-#define h_addr  h_addr_list[0]  /* address, for backward compatibility */
-
-

-

-

-The members of this structure are: -

-
-
h_name
-

-The official (canonical) name of the host. -

-
h_aliases
-

-A NULL-terminated array of alternate names (nicknames) for the host. -

-
h_addrtype
-

-The type of address being returned — -PF_INET -or -PF_INET6. -

-
h_length
-

-The length of the address in bytes. -

-
h_addr_list
-

-A NULL -terminated array of network addresses for the host. -Host addresses are returned in network byte order. -

-
-

-

-

-For backward compatibility with very old software, -h_addr -is the first address in -h_addr_list. -

-

-lwres_gethostent(), -lwres_sethostent(), -lwres_endhostent(), -lwres_gethostent_r(), -lwres_sethostent_r() -and -lwres_endhostent_r() -provide iteration over the known host entries on systems that -provide such functionality through facilities like -/etc/hosts -or NIS. The lightweight resolver does not currently implement -these functions; it only provides them as stub functions that always -return failure. -

-

-lwres_gethostbyname() and -lwres_gethostbyname2() look up the hostname -name. -lwres_gethostbyname() always looks for an IPv4 -address while lwres_gethostbyname2() looks for an -address of protocol family af: either -PF_INET or PF_INET6 — IPv4 or IPV6 -addresses respectively. Successful calls of the functions return a -struct hostentfor the name that was looked up. -NULL is returned if the lookups by -lwres_gethostbyname() or -lwres_gethostbyname2() fail. -

-

-Reverse lookups of addresses are performed by -lwres_gethostbyaddr(). -addr is an address of length -len bytes and protocol family -typePF_INET or -PF_INET6. -lwres_gethostbyname_r() is a thread-safe function -for forward lookups. If an error occurs, an error code is returned in -*error. -resbuf is a pointer to a struct -hostent which is initialised by a successful call to -lwres_gethostbyname_r() . -buf is a buffer of length -len bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the struct -hostent returned in resbuf. -Successful calls to lwres_gethostbyname_r() -return resbuf, -which is a pointer to the struct hostent it created. -

-

-lwres_gethostbyaddr_r() is a thread-safe function -that performs a reverse lookup of address addr -which is len bytes long and is of protocol -family typePF_INET or -PF_INET6. If an error occurs, the error code is returned -in *error. The other function parameters are -identical to those in lwres_gethostbyname_r(). -resbuf is a pointer to a struct -hostent which is initialised by a successful call to -lwres_gethostbyaddr_r(). -buf is a buffer of length -len bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the struct -hostent returned in resbuf. Successful -calls to lwres_gethostbyaddr_r() return -resbuf, which is a pointer to the -struct hostent() it created. -

-
-
-

RETURN VALUES

-

-The functions -lwres_gethostbyname(), -lwres_gethostbyname2(), -lwres_gethostbyaddr(), -and -lwres_gethostent() -return NULL to indicate an error. In this case the global variable -lwres_h_errno -will contain one of the following error codes defined in -<lwres/netdb.h>: - -

-
-
HOST_NOT_FOUND
-

-The host or address was not found. -

-
TRY_AGAIN
-

-A recoverable error occurred, e.g., a timeout. -Retrying the lookup may succeed. -

-
NO_RECOVERY
-

-A non-recoverable error occurred. -

-
NO_DATA
-

-The name exists, but has no address information -associated with it (or vice versa in the case -of a reverse lookup). The code NO_ADDRESS -is accepted as a synonym for NO_DATA for backwards -compatibility. -

-
-

-

-

-lwres_hstrerror(3 -) -translates these error codes to suitable error messages. -

-

-lwres_gethostent() -and -lwres_gethostent_r() -always return -NULL. -

-

-Successful calls to lwres_gethostbyname_r() and -lwres_gethostbyaddr_r() return -resbuf, a pointer to the struct -hostent that was initialised by these functions. They return -NULL if the lookups fail or if buf -was too small to hold the list of addresses and names referenced by -the h_name, h_aliases, and -h_addr_list elements of the struct -hostent. If buf was too small, both -lwres_gethostbyname_r() and -lwres_gethostbyaddr_r() set the global variable -errno to ERANGE. -

-
-
-

SEE ALSO

-

-gethostent(3), - -lwres_getipnode(3), - -lwres_hstrerror(3 -) -

-
-
-

BUGS

-

-lwres_gethostbyname(), -lwres_gethostbyname2(), -lwres_gethostbyaddr() -and -lwres_endhostent() -are not thread safe; they return pointers to static data and -provide error codes through a global variable. -Thread-safe versions for name and address lookup are provided by -lwres_gethostbyname_r(), -and -lwres_gethostbyaddr_r() -respectively. -

-

-The resolver daemon does not currently support any non-DNS -name services such as -/etc/hosts -or -NIS, -consequently the above functions don't, either. -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getipnode.html b/contrib/bind-9.3/lib/lwres/man/lwres_getipnode.html deleted file mode 100644 index 779da90673..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getipnode.html +++ /dev/null @@ -1,316 +0,0 @@ - - - - - -lwres_getipnode - - -
-
-
-

Name

-

lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-struct hostent * -lwres_getipnodebyname( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-struct hostent * -lwres_getipnodebyaddr( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - -
-void -lwres_freehostent(  -);
   -);
-
-
-
-

DESCRIPTION

-

-These functions perform thread safe, protocol independent -nodename-to-address and address-to-nodename -translation as defined in RFC2553. -

-

-They use a -struct hostent -which is defined in -namedb.h: -

-
-struct  hostent {
-        char    *h_name;        /* official name of host */
-        char    **h_aliases;    /* alias list */
-        int     h_addrtype;     /* host address type */
-        int     h_length;       /* length of address */
-        char    **h_addr_list;  /* list of addresses from name server */
-};
-#define h_addr  h_addr_list[0]  /* address, for backward compatibility */
-
-

-

-

-The members of this structure are: -

-
-
h_name
-

-The official (canonical) name of the host. -

-
h_aliases
-

-A NULL-terminated array of alternate names (nicknames) for the host. -

-
h_addrtype
-

-The type of address being returned - usually -PF_INET -or -PF_INET6. - -

-
h_length
-

-The length of the address in bytes. -

-
h_addr_list
-

-A -NULL -terminated array of network addresses for the host. -Host addresses are returned in network byte order. -

-
-

-

-

-lwres_getipnodebyname() -looks up addresses of protocol family -af - -for the hostname -name. - -The -flags -parameter contains ORed flag bits to -specify the types of addresses that are searched -for, and the types of addresses that are returned. -The flag bits are: -

-
-
AI_V4MAPPED
-

-This is used with an -af -of AF_INET6, and causes IPv4 addresses to be returned as IPv4-mapped -IPv6 addresses. -

-
AI_ALL
-

-This is used with an -af -of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. -If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped -IPv6 addresses. -

-
AI_ADDRCONFIG
-

-Only return an IPv6 or IPv4 address if here is an active network -interface of that type. This is not currently implemented -in the BIND 9 lightweight resolver, and the flag is ignored. -

-
AI_DEFAULT
-

-This default sets the -AI_V4MAPPED -and -AI_ADDRCONFIG -flag bits. -

-
-

-

-

-lwres_getipnodebyaddr() -performs a reverse lookup -of address -src -which is -len -bytes long. -af -denotes the protocol family, typically -PF_INET -or -PF_INET6. - -

-

-lwres_freehostent() -releases all the memory associated with -the -struct hostent -pointer -he. - -Any memory allocated for the -h_name, - -h_addr_list -and -h_aliases -is freed, as is the memory for the -hostent -structure itself. -

-
-
-

RETURN VALUES

-

-If an error occurs, -lwres_getipnodebyname() -and -lwres_getipnodebyaddr() -set -*error_num -to an appropriate error code and the function returns a -NULL -pointer. -The error codes and their meanings are defined in -<lwres/netdb.h>: -

-
-
HOST_NOT_FOUND
-

-No such host is known. -

-
NO_ADDRESS
-

-The server recognised the request and the name but no address is -available. Another type of request to the name server for the -domain might return an answer. -

-
TRY_AGAIN
-

-A temporary and possibly transient error occurred, such as a -failure of a server to respond. The request may succeed if -retried. -

-
NO_RECOVERY
-

-An unexpected failure occurred, and retrying the request -is pointless. -

-
-

-

-

-lwres_hstrerror(3 -) -translates these error codes to suitable error messages. -

-
-
-

SEE ALSO

-

-RFC2553, - -lwres(3), - -lwres_gethostent(3), - -lwres_getaddrinfo(3), - -lwres_getnameinfo(3), - -lwres_hstrerror(3). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.html b/contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.html deleted file mode 100644 index 3111730125..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - -lwres_getnameinfo - - -
-
-
-

Name

-

lwres_getnameinfo — lightweight resolver socket address structure to hostname and service name

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-int -lwres_getnameinfo( ,
  ,
  ,
  ,
  ,
  ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

This function is equivalent to the getnameinfo(3) function defined in RFC2133. -lwres_getnameinfo() returns the hostname for the -struct sockaddr sa which is -salen bytes long. The hostname is of length -hostlen and is returned via -*host. The maximum length of the hostname is -1025 bytes: NI_MAXHOST.

-

The name of the service associated with the port number in -sa is returned in *serv. -It is servlen bytes long. The maximum length -of the service name is NI_MAXSERV - 32 bytes. -

-

The flags argument sets the following -bits: -

-
-
NI_NOFQDN
-

-A fully qualified domain name is not required for local hosts. -The local part of the fully qualified domain name is returned instead. -

-
NI_NUMERICHOST
-

-Return the address in numeric form, as if calling inet_ntop(), -instead of a host name. -

-
NI_NAMEREQD
-

-A name is required. If the hostname cannot be found in the DNS and -this flag is set, a non-zero error code is returned. -If the hostname is not found and the flag is not set, the -address is returned in numeric form. -

-
NI_NUMERICSERV
-

-The service name is returned as a digit string representing the port number. -

-
NI_DGRAM
-

-Specifies that the service being looked up is a datagram -service, and causes getservbyport() to be called with a second -argument of "udp" instead of its default of "tcp". This is required -for the few ports (512-514) that have different services for UDP and -TCP. -

-
-

-

-
-
-

RETURN VALUES

-

-lwres_getnameinfo() -returns 0 on success or a non-zero error code if an error occurs. -

-
-
-

SEE ALSO

-

-RFC2133, -getservbyport(3), -lwres(3), -lwres_getnameinfo(3), -lwres_getnamebyaddr(3). -lwres_net_ntop(3). -

-
-
-

BUGS

-

-RFC2133 fails to define what the nonzero return values of -getnameinfo(3) -are. -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.html b/contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.html deleted file mode 100644 index 6cbed6fafe..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.html +++ /dev/null @@ -1,230 +0,0 @@ - - - - - -lwres_getrrsetbyname - - -
-
-
-

Name

-

lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-int -lwres_getrrsetbyname( ,
  ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - -
-void -lwres_freerrset(  -);
   -);
-
-

-The following structures are used: -

-
-struct  rdatainfo {
-        unsigned int            rdi_length;     /* length of data */
-        unsigned char           *rdi_data;      /* record data */
-};
-
-struct  rrsetinfo {
-        unsigned int            rri_flags;      /* RRSET_VALIDATED... */
-        unsigned int            rri_rdclass;    /* class number */
-        unsigned int            rri_rdtype;     /* RR type number */
-        unsigned int            rri_ttl;        /* time to live */
-        unsigned int            rri_nrdatas;    /* size of rdatas array */
-        unsigned int            rri_nsigs;      /* size of sigs array */
-        char                    *rri_name;      /* canonical name */
-        struct rdatainfo        *rri_rdatas;    /* individual records */
-        struct rdatainfo        *rri_sigs;      /* individual signatures */
-};
-
-

-

-
-
-

DESCRIPTION

-

-lwres_getrrsetbyname() -gets a set of resource records associated with a -hostname, - -class, - -and -type. - -hostname -is -a pointer a to null-terminated string. The -flags -field is currently unused and must be zero. -

-

-After a successful call to -lwres_getrrsetbyname(), - -*res -is a pointer to an -rrsetinfo -structure, containing a list of one or more -rdatainfo -structures containing resource records and potentially another list of -rdatainfo -structures containing SIG resource records -associated with those records. -The members -rri_rdclass -and -rri_rdtype -are copied from the parameters. -rri_ttl -and -rri_name -are properties of the obtained rrset. -The resource records contained in -rri_rdatas -and -rri_sigs -are in uncompressed DNS wire format. -Properties of the rdataset are represented in the -rri_flags -bitfield. If the RRSET_VALIDATED bit is set, the data has been DNSSEC -validated and the signatures verified. -

-

-All of the information returned by -lwres_getrrsetbyname() -is dynamically allocated: the -rrsetinfo -and -rdatainfo -structures, -and the canonical host name strings pointed to by the -rrsetinfostructure. - -Memory allocated for the dynamically allocated structures created by -a successful call to -lwres_getrrsetbyname() -is released by -lwres_freerrset(). - -rrset -is a pointer to a -struct rrset -created by a call to -lwres_getrrsetbyname(). - -

-

-

-
-
-

RETURN VALUES

-

-lwres_getrrsetbyname() -returns zero on success, and one of the following error -codes if an error occurred: -

-
-
ERRSET_NONAME
-

-the name does not exist -

-
ERRSET_NODATA
-

-the name exists, but does not have data of the desired type -

-
ERRSET_NOMEMORY
-

-memory could not be allocated -

-
ERRSET_INVAL
-

-a parameter is invalid -

-
ERRSET_FAIL
-

-other failure -

-
-

-

-
-

- -

-
-
-

SEE ALSO

-

-lwres(3). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gnba.html b/contrib/bind-9.3/lib/lwres/man/lwres_gnba.html deleted file mode 100644 index 4d07580fd0..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gnba.html +++ /dev/null @@ -1,355 +0,0 @@ - - - - - -lwres_gnba - - -
-
-
-

Name

-

lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling

-
-
-

Synopsis

-
-
-#include <lwres/lwres.h>
-
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gnbarequest_render -(  -ctx,
   -ctx,
   -req,
   -pkt,
   -b);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gnbaresponse_render -( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gnbarequest_parse( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_gnbaresponse_parse( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_gnbaresponse_free -( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_gnbarequest_free( ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-These are low-level routines for creating and parsing -lightweight resolver address-to-name lookup request and -response messages. -

-

-There are four main functions for the getnamebyaddr opcode. -One render function converts a getnamebyaddr request structure — -lwres_gnbarequest_t — -to the lightweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getnamebyaddr request structure. -Another render function converts the getnamebyaddr response structure — -lwres_gnbaresponse_t -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getnamebyaddr response structure. -

-

-These structures are defined in -lwres/lwres.h. -They are shown below. -

-
-#define LWRES_OPCODE_GETNAMEBYADDR      0x00010002U
-
-typedef struct {
-        lwres_uint32_t  flags;
-        lwres_addr_t    addr;
-} lwres_gnbarequest_t;
-
-typedef struct {
-        lwres_uint32_t  flags;
-        lwres_uint16_t  naliases;
-        char           *realname;
-        char          **aliases;
-        lwres_uint16_t  realnamelen;
-        lwres_uint16_t *aliaslen;
-        void           *base;
-        size_t          baselen;
-} lwres_gnbaresponse_t;
-
-

-

-

-lwres_gnbarequest_render() -uses resolver context -ctx -to convert getnamebyaddr request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. -The contents of -*req -are then appended to the buffer in canonical format. -lwres_gnbaresponse_render() -performs the same task, except it converts a getnamebyaddr response structure -lwres_gnbaresponse_t -to the lightweight resolver's canonical format. -

-

-lwres_gnbarequest_parse() -uses context -ctx -to convert the contents of packet -pkt -to a -lwres_gnbarequest_t -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -lwres_gnbarequest_t -is made available through -*structp. -lwres_gnbaresponse_parse() -offers the same semantics as -lwres_gnbarequest_parse() -except it yields a -lwres_gnbaresponse_t -structure. -

-

-lwres_gnbaresponse_free() -and -lwres_gnbarequest_free() -release the memory in resolver context -ctx -that was allocated to the -lwres_gnbaresponse_t -or -lwres_gnbarequest_t -structures referenced via -structp. -Any memory associated with ancillary buffers and strings for those -structures is also discarded. -

-
-
-

RETURN VALUES

-

-The getnamebyaddr opcode functions -lwres_gnbarequest_render(), -lwres_gnbaresponse_render() -lwres_gnbarequest_parse() -and -lwres_gnbaresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_gnbarequest_t -and -lwres_gnbaresponse_t -structures. -lwres_gnbarequest_parse() -and -lwres_gnbaresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query. -

-
-
-

SEE ALSO

-

-lwres_packet(3). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.html b/contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.html deleted file mode 100644 index d2f1e4aa70..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - -lwres_hstrerror - - -
-
-
-

Name

-

lwres_herror, lwres_hstrerror — lightweight resolver error message generation

-
-
-

Synopsis

-
-
#include <lwres/netdb.h>
-

-void -lwres_herror(const char *s);

-

-const char * -lwres_hstrerror(int err);

-
-
-
-

DESCRIPTION

-

-lwres_herror() prints the string -s on stderr followed by the string -generated by lwres_hstrerror() for the error code -stored in the global variable lwres_h_errno. -

-

-lwres_hstrerror() returns an appropriate string -for the error code gievn by err. The values of -the error codes and messages are as follows: - -

-
-
NETDB_SUCCESS
-

-Resolver Error 0 (no error) -

-
HOST_NOT_FOUND
-

-Unknown host -

-
TRY_AGAIN
-

-Host name lookup failure -

-
NO_RECOVERY
-

-Unknown server error -

-
NO_DATA
-

-No address associated with name -

-
-

-

-
-
-

RETURN VALUES

-

-The string Unknown resolver error is returned by -lwres_hstrerror() -when the value of -lwres_h_errno -is not a valid error code. -

-
-
-

SEE ALSO

-

-herror(3), - -lwres_hstrerror(3). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_inetntop.html b/contrib/bind-9.3/lib/lwres/man/lwres_inetntop.html deleted file mode 100644 index ca5c0bd693..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_inetntop.html +++ /dev/null @@ -1,103 +0,0 @@ - - - - - -lwres_inetntop - - -
-
-
-

Name

-

lwres_net_ntop — lightweight resolver IP address presentation

-
-
-

Synopsis

-
-
#include <lwres/net.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-const char * -lwres_net_ntop( ,
  ,
  ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-lwres_net_ntop() converts an IP address of -protocol family af — IPv4 or IPv6 — -at location src from network format to its -conventional representation as a string. For IPv4 addresses, that -string would be a dotted-decimal. An IPv6 address would be -represented in colon notation as described in RFC1884. -

-

-The generated string is copied to dst provided -size indicates it is long enough to store the -ASCII representation of the address. -

-
-
-

RETURN VALUES

-

-If successful, the function returns dst: -a pointer to a string containing the presentation format of the -address. lwres_net_ntop() returns -NULL and sets the global variable -errno to EAFNOSUPPORT if -the protocol family given in af is not -supported. -

-
-
-

SEE ALSO

-

-RFC1884, -inet_ntop(3), -errno(3). -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_noop.html b/contrib/bind-9.3/lib/lwres/man/lwres_noop.html deleted file mode 100644 index 145bcac084..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_noop.html +++ /dev/null @@ -1,325 +0,0 @@ - - - - - -lwres_noop - - -
-
-
-

Name

-

lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling

-
-
-

Synopsis

-
-
-#include <lwres/lwres.h>
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_nooprequest_render( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_noopresponse_render( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_nooprequest_parse( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_noopresponse_parse( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_noopresponse_free( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-void -lwres_nooprequest_free( ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-These are low-level routines for creating and parsing -lightweight resolver no-op request and response messages. -

-

-The no-op message is analogous to a ping packet: -a packet is sent to the resolver daemon and is simply echoed back. -The opcode is intended to allow a client to determine if the server is -operational or not. -

-

-There are four main functions for the no-op opcode. -One render function converts a no-op request structure — -lwres_nooprequest_t — -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a no-op request structure. -Another render function converts the no-op response structure — -lwres_noopresponse_t -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a no-op response structure. -

-

-These structures are defined in -lwres/lwres.h. - -They are shown below. -

-
-#define LWRES_OPCODE_NOOP       0x00000000U
-
-typedef struct {
-        lwres_uint16_t  datalength;
-        unsigned char   *data;
-} lwres_nooprequest_t;
-
-typedef struct {
-        lwres_uint16_t  datalength;
-        unsigned char   *data;
-} lwres_noopresponse_t;
-
-

-Although the structures have different types, they are identical. -This is because the no-op opcode simply echos whatever data was sent: -the response is therefore identical to the request. -

-

-lwres_nooprequest_render() uses resolver -context ctx to convert no-op request structure -req to canonical format. The packet header -structure pkt is initialised and transferred to -buffer b. The contents of -*req are then appended to the buffer in -canonical format. lwres_noopresponse_render() -performs the same task, except it converts a no-op response structure -lwres_noopresponse_t to the lightweight resolver's -canonical format. -

-

-lwres_nooprequest_parse() uses context -ctx to convert the contents of packet -pkt to a lwres_nooprequest_t -structure. Buffer b provides space to be used -for storing this structure. When the function succeeds, the resulting -lwres_nooprequest_t is made available through -*structp. -lwres_noopresponse_parse() offers the same -semantics as lwres_nooprequest_parse() except it -yields a lwres_noopresponse_t structure. -

-

-lwres_noopresponse_free() and -lwres_nooprequest_free() release the memory in -resolver context ctx that was allocated to the -lwres_noopresponse_t or lwres_nooprequest_t -structures referenced via structp. -

-
-
-

RETURN VALUES

-

-The no-op opcode functions -lwres_nooprequest_render(), - -lwres_noopresponse_render() -lwres_nooprequest_parse() -and -lwres_noopresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_nooprequest_t -and -lwres_noopresponse_t -structures. -lwres_nooprequest_parse() -and -lwres_noopresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query. -

-
-
-

SEE ALSO

-

-lwres_packet(3 -) -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_packet.html b/contrib/bind-9.3/lib/lwres/man/lwres_packet.html deleted file mode 100644 index 32bb81ee94..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_packet.html +++ /dev/null @@ -1,226 +0,0 @@ - - - - - -lwres_packet - - -
-
-
-

Name

-

lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions

-
-
-

Synopsis

-
-
#include <lwres/lwpacket.h>
- - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_lwpacket_renderheader( ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_lwpacket_parseheader( ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-These functions rely on a -struct lwres_lwpacket -which is defined in -lwres/lwpacket.h. - -

-
-typedef struct lwres_lwpacket lwres_lwpacket_t;
-
-struct lwres_lwpacket {
-        lwres_uint32_t          length;
-        lwres_uint16_t          version;
-        lwres_uint16_t          pktflags;
-        lwres_uint32_t          serial;
-        lwres_uint32_t          opcode;
-        lwres_uint32_t          result;
-        lwres_uint32_t          recvlength;
-        lwres_uint16_t          authtype;
-        lwres_uint16_t          authlength;
-};
-
-

-

-

-The elements of this structure are: -

-
-
length
-

-the overall packet length, including the entire packet header. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -

-
version
-

-the header format. There is currently only one format, -LWRES_LWPACKETVERSION_0. - -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -

-
pktflags
-

-library-defined flags for this packet: for instance whether the packet -is a request or a reply. Flag values can be set, but not defined by -the caller. -This field is filled in by the application wit the exception of the -LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the -lwres_gabn_*() and lwres_gnba_*() calls. -

-
serial
-

-is set by the requestor and is returned in all replies. If two or more -packets from the same source have the same serial number and are from -the same source, they are assumed to be duplicates and the latter ones -may be dropped. -This field must be set by the application. -

-
opcode
-

-indicates the operation. -Opcodes between 0x00000000 and 0x03ffffff are -reserved for use by the lightweight resolver library. Opcodes between -0x04000000 and 0xffffffff are application defined. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -

-
result
-

-is only valid for replies. -Results between 0x04000000 and 0xffffffff are application defined. -Results between 0x00000000 and 0x03ffffff are reserved for library use. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -

-
recvlength
-

-is the maximum buffer size that the receiver can handle on requests -and the size of the buffer needed to satisfy a request when the buffer -is too large for replies. -This field is supplied by the application. -

-
authtype
-

-defines the packet level authentication that is used. -Authorisation types between 0x1000 and 0xffff are application defined -and types between 0x0000 and 0x0fff are reserved for library use. -Currently these are not used and must be zero. -

-
authlen
-

-gives the length of the authentication data. -Since packet authentication is currently not used, this must be zero. -

-
-

-

-

-The following opcodes are currently defined: -

-
-
NOOP
-

-Success is always returned and the packet contents are echoed. -The lwres_noop_*() functions should be used for this type. -

-
GETADDRSBYNAME
-

-returns all known addresses for a given name. -The lwres_gabn_*() functions should be used for this type. -

-
GETNAMEBYADDR
-

-return the hostname for the given address. -The lwres_gnba_*() functions should be used for this type. -

-
-

-

-

-lwres_lwpacket_renderheader() transfers the -contents of lightweight resolver packet structure -lwres_lwpacket_t *pkt in network -byte order to the lightweight resolver buffer, -*b. -

-

-lwres_lwpacket_parseheader() performs the -converse operation. It transfers data in network byte order from -buffer *b to resolver packet -*pkt. The contents of the buffer -b should correspond to a -lwres_lwpacket_t. -

-
-
-

RETURN VALUES

-

Successful calls to -lwres_lwpacket_renderheader() and -lwres_lwpacket_parseheader() return -LWRES_R_SUCCESS. If there is insufficient -space to copy data between the buffer *b and -lightweight resolver packet *pkt both functions -return LWRES_R_UNEXPECTEDEND. -

-
-
- diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_resutil.html b/contrib/bind-9.3/lib/lwres/man/lwres_resutil.html deleted file mode 100644 index a9bc1eea10..0000000000 --- a/contrib/bind-9.3/lib/lwres/man/lwres_resutil.html +++ /dev/null @@ -1,275 +0,0 @@ - - - - - -lwres_resutil - - -
-
-
-

Name

-

lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions

-
-
-

Synopsis

-
-
#include <lwres/lwres.h>
- - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_string_parse( ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_addr_parse( ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_getaddrsbyname( ,
  ,
  ,
  ,
   -);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-lwres_result_t -lwres_getnamebyaddr( ,
  ,
  ,
  ,
  ,
   -);
-
-
-
-

DESCRIPTION

-

-lwres_string_parse() retrieves a DNS-encoded -string starting the current pointer of lightweight resolver buffer -b: i.e. b->current. -When the function returns, the address of the first byte of the -encoded string is returned via *c and the -length of that string is given by *len. The -buffer's current pointer is advanced to point at the character -following the string length, the encoded string, and the trailing -NULL character. -

-

-lwres_addr_parse() extracts an address from the -buffer b. The buffer's current pointer -b->current is presumed to point at an encoded -address: the address preceded by a 32-bit protocol family identifier -and a 16-bit length field. The encoded address is copied to -addr->address and -addr->length indicates the size in bytes of -the address that was copied. b->current is -advanced to point at the next byte of available data in the buffer -following the encoded address. -

-

-lwres_getaddrsbyname() -and -lwres_getnamebyaddr() -use the -lwres_gnbaresponse_t -structure defined below: -

-
-typedef struct {
-        lwres_uint32_t          flags;
-        lwres_uint16_t          naliases;
-        lwres_uint16_t          naddrs;
-        char                   *realname;
-        char                  **aliases;
-        lwres_uint16_t          realnamelen;
-        lwres_uint16_t         *aliaslen;
-        lwres_addrlist_t        addrs;
-        void                   *base;
-        size_t                  baselen;
-} lwres_gabnresponse_t;
-
-

-The contents of this structure are not manipulated directly but -they are controlled through the -lwres_gabn(3 -) -functions. -

-

-The lightweight resolver uses -lwres_getaddrsbyname() to perform foward lookups. -Hostname name is looked up using the resolver -context ctx for memory allocation. -addrtypes is a bitmask indicating which type of -addresses are to be looked up. Current values for this bitmask are -LWRES_ADDRTYPE_V4 for IPv4 addresses and -LWRES_ADDRTYPE_V6 for IPv6 addresses. Results of the -lookup are returned in *structp. -

-

-lwres_getnamebyaddr() performs reverse lookups. -Resolver context ctx is used for memory -allocation. The address type is indicated by -addrtype: LWRES_ADDRTYPE_V4 or -LWRES_ADDRTYPE_V6. The address to be looked up is given -by addr and its length is -addrlen bytes. The result of the function call -is made available through *structp. -

-
-
-

RETURN VALUES

-

-Successful calls to -lwres_string_parse() -and -lwres_addr_parse() -return -LWRES_R_SUCCESS. -Both functions return -LWRES_R_FAILURE -if the buffer is corrupt or -LWRES_R_UNEXPECTEDEND -if the buffer has less space than expected for the components of the -encoded string or address. -

-

-lwres_getaddrsbyname() -returns -LWRES_R_SUCCESS -on success and it returns -LWRES_R_NOTFOUND -if the hostname -name -could not be found. -

-

-LWRES_R_SUCCESS -is returned by a successful call to -lwres_getnamebyaddr(). -

-

-Both -lwres_getaddrsbyname() -and -lwres_getnamebyaddr() -return -LWRES_R_NOMEMORY -when memory allocation requests fail and -LWRES_R_UNEXPECTEDEND -if the buffers used for sending queries and receiving replies are too -small. -

-
-
-

SEE ALSO

-

-lwres_buffer(3), - -lwres_gabn(3). -

-
-
- diff --git a/contrib/bind-9.3/version b/contrib/bind-9.3/version deleted file mode 100644 index 9e33524cca..0000000000 --- a/contrib/bind-9.3/version +++ /dev/null @@ -1,10 +0,0 @@ -# $Id: version,v 1.26.2.17.2.31.4.1 2008/05/22 21:11:13 each Exp $ -# -# This file must follow /bin/sh rules. It is imported directly via -# configure. -# -MAJORVER=9 -MINORVER=3 -PATCHVER=4 -RELEASETYPE=-P -RELEASEVER=2 diff --git a/contrib/bind-9.3/CHANGES b/contrib/bind-9.5.2/CHANGES similarity index 75% rename from contrib/bind-9.3/CHANGES rename to contrib/bind-9.5.2/CHANGES index c7d3fdb58a..ffe99852ff 100644 --- a/contrib/bind-9.3/CHANGES +++ b/contrib/bind-9.5.2/CHANGES @@ -1,2034 +1,3276 @@ - --- 9.3.5-P1 released --- + --- 9.5.2 released --- -2375. [security] Fully randomize UDP query ports to improve - forgery resilience. [RT #17949] +2681. [bug] IPSECKEY RR of gateway type 3 was not correctly + decoded. [RT #20269] -(9.3.5 not in DragonFly at this time, just the -P1 above.) +2678. [func] Treat DS queries as if "minimal-response yes;" + was set. [RT #20258] - --- 9.3.4-P1 released --- +2427. [func] Treat DNSKEY queries as if "minimal-response yes;" + was set. [RT #18528] -2203. [security] Query id generation was cryptographically weak. - [RT # 16915] + --- 9.5.2rc1 released --- -2193. [port] win32: BINDInstall.exe is now linked statically. - [RT #16906] +2672. [bug] Don't enable searching in 'host' when doing reverse + lookups. [RT #20218] -2192. [port] win32: use vcredist_x86.exe to install Visual - Studio's redistributable dlls if building with - Visual Stdio 2005 or later. +2670. [bug] Unexpected connect failures failed to log enough + information to be useful. [RT #20205] - --- 9.3.4 released --- +2663. [func] win32: allow named to run as a service using + "NT AUTHORITY\LocalService" as the account. [RT #19977] -2126. [security] Serialise validation of type ANY responses. [RT #16555] +2656. [func] win32: add a "tools only" check box to the installer + which causes it to only install dig, host, nslookup, + nsupdate and relevent dlls. [RT #19998] -2124. [security] It was possible to dereference a freed fetch - context. [RT #16584] +2655. [doc] Document that key-directory does not affect + rndc.key. [RT #20155] - --- 9.3.3 released --- + --- 9.5.2b1 released --- -2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] +2649. [bug] Set the domain for forward only zones. [RT #19944] -2104. [port] Fix Solaris SMF error message. +2648. [port] win32: isc_time_seconds() was broken. [RT #19900] -2103. [port] Add /usr/sfw to list of locations for OpenSSL - under Solaris. +2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987] -2102. [port] Silence solaris 10 warnings. +2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms + which default to 64 bits. [RT #19927] -2101. [bug] OpenSSL version checks were not quite right. - [RT #16476] +2642. [bug] nsupdate could dump core on solaris when reading + improperly formatted key files. [RT #20015] -2100. [port] win32: copy libeay32.dll to Build\Debug. +2640. [security] A specially crafted update packet will cause named + to exit. [RT #20000] -2099. [port] win32: more manifiest issues. +2637. [func] Rationalize dnssec-signzone's signwithkey() calling. + [RT #19959] - --- 9.3.3rc3 released --- +2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses. + [RT #19716] -2096. [bug] libbind: handle applications that fail to detect - res_init() failures better. +2633. [bug] Handle 15 bit rand() functions. [RT #19783] -2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and - net_cidr_ntop_ipv6(). [RT #16388] - -2094. [contrib] Update named-bootconf. [RT# 16404] +2632. [func] util/kit.sh: warn if documentation appears to be out of + date. [RT #19922] -2092. [bug] win32: dig, host, nslookup. Use registry config - if resolv.conf does not exist or no nameservers - listed. [RT #15877] +2623. [bug] Named started seaches for DS non-optimally. [RT #19915] -2091. [port] dighost.c: race condition on cleanup. [RT #16417] +2621. [doc] Made copyright boilterplate consistent. [RT #19833] -2090. [port] win32: Visual C++ 2005 command line manifest support. - [RT #16417] +2920. [bug] Delay thawing the zone until the reload of it has + completed successfully. [RT #19750] -2089. [security] Raise the minimum safe OpenSSL versions to - OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions - prior to these have known security flaws which - are (potentially) exploitable in named. [RT #16391] +2618. [bug] The sdb and sdlz db_interator_seek() methods could + loop infinitely. [RT #19847] -2088. [security] Change the default RSA exponent from 3 to 65537. - [RT #16391] +2617. [bug] ifconfig.sh failed to emit an error message when + run from the wrong location. [RT #19375] -2086. [port] libbind: FreeBSD now has get*by*_r() functions. - [RT #16403] +2616. [bug] 'host' used the nameservers from resolv.conf even + when a explicit nameserver was specified. [RT #19852] -2085. [doc] win32: added index.html and README to zip. [RT #16201] +2615. [bug] "__attribute__((unused))" was in the wrong place + for ia64 gcc builds. [RT #19854] -2084. [contrib] dbus update for 9.3.3rc2. +2614. [port] win32: 'named -v' should automatically be executed + in the foreground. [RT #19844] -2083. [port] win32: Visual C++ 2005 support. +2610. [port] sunos: Change #2363 was not complete. [RT #19796] -2082. [doc] Document 'cache-file' as a test only option. +2606. [bug] "delegation-only" was not being accepted in + delegation-only type zones. [RT #19717] - --- 9.3.3rc2 released --- +2605. [bug] Accept DS responses from delegation only zones. + [RT # 19296] -2081. [port] libbind: minor 64-bit portability fix in memcluster.c. - [RT #16360] +2603. [port] win32: handle .exe extension of named-checkzone and + named-comilezone argv[0] names under windows. + [RT #19767] -2080. [port] libbind: res_init.c did not compile on older versions - of Solaris. [RT #16363] +2602. [port] win32: fix debugging command line build of libisccfg. + [RT #19767] -2076. [bug] Several files were missing #include - causing build failures on OSF. [RT #16341] +2599. [bug] Address rapid memory growth when validation fails. + [RT #19654] -2074. [bug] dns_request_createvia2(), dns_request_createvia3(), - dns_request_createraw2() and dns_request_createraw3() - failed to send multiple UDP requests. [RT #16349] +2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay + long, leading to inefficient memory usage or rejecting + newer cache entries in the worst case. [RT #19563] -2066. [security] Handle SIG queries gracefully. [RT #16300] +2595. [bug] Fix unknown extended rcodes in dig. [RT #19625] - --- 9.3.3rc1 released --- +2592. [bug] Treat "any" as a type in nsupdate. [RT #19455] -2071. [port] Test whether gcc accepts -fno-strict-aliasing. - [RT #16324] +2591. [bug] named could die when processing a update in + removed_orphaned_ds(). [RT #19507] -2070. [bug] The remote address was not always displayed when - reporting dispatch failures. [RT #16315] +2589. [bug] dns_db_unregister() failed to clear '*dbimp'. + [RT #19626] -2069. [bug] Cross compiling was not working. [RT #16330] +2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB + or SDB. [RT #19577] -2067. [bug] 'rndc' could close the socket too early triggering - a INSIST under Windows. [RT #16317] +2585. [bug] Uninitialized socket name could be referenced via a + statistics channel, triggering an assertion failure in + XML rendering. [RT #19427] -2065. [bug] libbind: probe for HPUX prototypes for - endprotoent_r() and endservent_r(). [RT 16313] +2584. [bug] alpha: gcc optimization could break atomic operations. + [RT #19227] -2064. [bug] libbind: silence AIX compiler warnings. [RT #16218] +2583. [port] netbsd: provide a control to not add the compile + date to the version string, -DNO_VERSION_DATE. -2063. [bug] Change #1955 introduced a bug which caused the first - 'rndc flush' call to not free memory. [RT #16244] +2582. [bug] Don't emit warning log message when we attempt to + remove non-existant journal. [RT #19516] -2062. [bug] 'dig +nssearch' was reusing a buffer before it had - been returned by the socket code. [RT #16307] +2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection. + Requires MySQL 5.0.19 or later. [RT #19084] -2057. [bug] Make setting "ra" dependent on both allow-query and - allow-recursion. [RT #16290] +2580. [bug] UpdateRej statistics counter could be incremented twice + for one rejection. [RT #19476] -2056. [bug] dig: ixfr= was not being treated case insensitively - at all times. [RT #15955] +2579. [bug] DNSSEC lookaside validation failed to handle unknown + algorithms. [RT #19479] -2055. [bug] Missing goto after dropping multicast query. - [RT #15944] +2577. [doc] Clarified some statistics counters. [RT #19454] -2054. [port] freebsd: do not explicitly link against -lpthread. - [RT #16170] +2573. [bug] Replacing a non-CNAME record with a CNAME record in a + single transaction in a signed zone failed. [RT #19397] -2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220] +2568. [bug] Report when the write to indicate a otherwise + successful start fails. [RT #19360] -2052. [bug] 'rndc' improve connect failed message to report - the failing address. [RT #15978] +2567. [bug] dst__privstruct_writefile() could miss write errors. + write_public_key() could miss write errors. + [RT #19360] -2051. [port] More strtol() fixes. [RT #16249] +2564. [bug] Only take EDNS fallback steps when processing timeouts. + [RT #19405] -2050. [bug] Parsing of NSAP records was not case insensitive. - [RT #16287] +2563. [bug] Dig could leak a socket causing it to wait forever + to exit. [RT #19359] -2049. [bug] Restore SOA before AXFR when falling back from - a attempted IXFR when transfering in a zone. - Allow a initial SOA query before attempting - a AXFR to be requested. [RT #16156] +2562. [doc] ARM: miscellaneous improvements, reorganization, + and some new content. -2048. [bug] It was possible to loop forever when using - avoid-v4-udp-ports / avoid-v6-udp-ports when - the OS always returned the same local port. - [RT #16182] +2561. [doc] Add isc-config.sh(1) man page. [RT #16378] -2047. [bug] Failed to initialise the interface flags to zero. - [RT #16245] +2560. [bug] Add #include to iptable.c. [RT #18258] -2043. [port] nsupdate/nslookup: Force the flushing of the prompt - for interactive sessions. [RT#16148] +2557. [cleanup] PCI compliance: + * new libisc log module file + * isc_dir_chroot() now also changes the working + directory to "/". + * additional INSISTs + * additional logging when files can't be removed. -2038. [bug] dig/nslookup/host was unlinking from wrong list - when handling errors. [RT #16122] +2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291] -2037. [func] When unlinking the first or last element in a list - check that the list head points to the element to - be unlinked. [RT #15959] +2552. [bug] zero-no-soa-ttl-cache was not being honoured. + [RT #19340] -2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. - [RT #16075] +2551. [bug] Potential Reference leak on return. [RT #19341] -2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] +2550. [bug] Check --with-openssl= finds . + [RT #19343] - --- 9.3.3b1 released --- +2549. [port] linux: define NR_OPEN if not currently defined. + [RT #19344] -2031. [bug] Emit a error message when "rndc refresh" is called on - a non slave/stub zone. [RT # 16073] +2547. [bug] openssl_link.c:mem_realloc() could reference an + out-of-range area of the source buffer. New public + function isc_mem_reallocate() was introduced to address + this bug. [RT #19313] -2030. [bug] We were being overly conservative when disabling - openssl engine support. [RT #16030] +2545. [doc] ARM: Legal hostname checking (check-names) is + for SRV RDATA too. [RT #19304] -2029. [bug] host printed out the server multiple times when - specified on the command line. [RT #15992] +2544. [cleanup] Removed unused structure members in adb.c. [RT #19225] -2028. [port] linux: socket.c compatability for old systems. - [RT #16015] +2542. [doc] Update the description of dig +adflag. [RT #19290] -2027. [port] libbind: Solaris x86 support. [RT #16020] +2541. [bug] Conditionally update dispatch manager statistics. + [RT #19247] -2026. [bug] Rate limit the two recursive client exceeded messages. - [RT #16044] +2539. [security] Update the interaction between recursion, allow-query, + allow-query-cache and allow-recursion. [RT #19198] -2024. [bug] named emited spurious "zone serial unchanged" - messages on reload. [RT #16027] +2538. [bug] cache/ADB memory could grow over max-cache-size, + especially with threads and smaller max-cache-size + values. [RT #19240] -2023. [bug] "make install" should create ${localstatedir}/run and - ${sysconfdir} if they do not exist. [RT #16033] +2537. [experimental] Added more statistics counters including those on socket + I/O events and query RTT histograms. [RT #18802] -2016. [bug] Return a partial answer if recursion is not - allowed but requested and we had the answer - to the original qname. [RT #15945] +2536. [cleanup] Silence some warnings when -Werror=format-security is + specified. [RT #19083] -2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR - responses more gracefully. [RT #15941] +2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091] -2009. [bug] libbind: coverity fixes. [RT #15808] +2532. [bug] dig: check the question section of the response to + see if it matches the asked question. [RT #18495] -2005. [bug] libbind: Retransmission timeouts should be - based on which attempt it is to the nameserver - and not the nameserver itself. [RT #13548] +2531. [bug] Change #2207 was incomplete. [RT #19098] -2004. [bug] dns_tsig_sign() could pass a NULL pointer to - dst_context_destroy() when cleaning up after a - error. [RT #15835] +2529. [cleanup] Upgrade libtool to silence complaints from recent + version of autoconf. [RT #18657] -2003. [bug] libbind: The DNS name/address lookup functions could - occasionally follow a random pointer due to - structures not being completely zeroed. [RT #15806] +2528. [cleanup] Silence spurious configure warning about + --datarootdir [RT #19096] -2002. [bug] libbind: tighten the constraints on when - struct addrinfo._ai_pad exists. [RT #15783] +2527. [bug] named could reuse cache on reload with + enabling/disabling validation. [RT #19119] -2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812] +2525. [experimental] New logging category "query-errors" to provide detailed + internal information about query failures, especially + about server failures. [RT #19027] -1998. [bug] Restrict handling of fifos as sockets to just SunOS. - This allows named to connect to entropy gathering - daemons that use fifos instead of sockets. [RT #15840] +2523. [bug] Random type rdata freed by dns_nsec_typepresent(). + [RT #19112] -1997. [bug] Named was failing to replace negative cache entries - when a positive one for the type was learnt. - [RT #15818] +2522. [security] Handle -1 from DSA_do_verify(). -1995. [bug] 'host' was reporting multiple "is an alias" messages. - [RT #15702] +2521. [bug] Improve epoll cross compilation support. [RT #19047] -1994. [port] OpenSSL 0.9.8 support. [RT #15694] +2519. [bug] dig/host with -4 or -6 didn't work if more than two + nameserver addresses of the excluded address family + preceded in resolv.conf. [RT #19081] -1993. [bug] Log messsage, via syslog, were missing the space - after the timestamp if "print-time yes" was specified. - [RT #15844] +2517. [bug] dig +trace with -4 or -6 failed when it chose a + nameserver address of the excluded address type. + [RT #18843] -1991. [cleanup] The configuration data, once read, should be treated - as readonly. Expand the use of const to enforce this - at compile time. [RT #15813] +2516. [bug] glue sort for responses was performed even when not + needed. [RT #19039] -1990. [bug] libbind: isc's override of broken gettimeofday() - implementions was not always effective. - [RT #15709] +2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains + a nameserver of the excluded address family. + [RT #18848] -1989. [bug] win32: don't check the service password when - re-installing. [RT #15882] +2511. [cleanup] dns_rdata_tofmttext() add const to linebreak. + [RT #18885] -1985. [protocol] DLV has now been assigned a official type code of - 32769. [RT #15807] +2506. [port] solaris: Check at configure time if + hack_shutup_pthreadonceinit is needed. [RT #19037] - Note: care should be taken to ensure you upgrade - both named and dnssec-signzone at the same time for - zones with DLV records where named is the master - server for the zone. Also any zones that contain - DLV records should be removed when upgrading a slave - zone. You do not however have to upgrade all - servers for a zone with DLV records simultaniously. +2505. [port] Treat amd64 similarly to x86_64 when determining + atomic operation support. [RT #19031] -1982. [bug] DNSKEY was being accepted on the parent side of - a delegation. KEY is still accepted there for - RFC 3007 validated updates. [RT #15620] +2503. [port] linux: improve compatibility with Linux Standard + Base. [RT #18793] -1981. [bug] win32: condition.c:wait() could fail to reattain - the mutex lock. +2502. [cleanup] isc_radix: Improve compliance with coding style, + document function in . [RT #18534] -1979. [port] linux: allow named to drop core after changing - user ids. [RT #15753] +2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent + function. [RT #18582] -1978. [port] Handle systems which have a broken recvmsg(). - [RT #15742] +2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash. + [RT #18837] -1977. [bug] Silence noisy log message. [RT #15704] + --- 9.5.1 released --- -1976. [bug] Handle systems with no IPv4 addresses. [RT #15695] +2520. [bug] Update xml statistics version number to 2.0 as change + #2388 made the schema incompatible to the previous + version. [RT #19080] -1975. [bug] libbind: isc_gethexstring() could misparse multi-line - hex strings with comments. [RT #15814] + --- 9.5.1rc2 released --- -1974. [doc] List each of the zone types and associated zone - options seperately in the ARM. +2513 [bug] Fix windows cli build. [RT #19062] -1972. [contrib] DBUS dynamic forwarders integation from - Jason Vas Dias . +2510. [bug] "dig +sigchase" could trigger REQUIRE failures. + [RT #19033] -1971. [port] linux: make detection of missing IF_NAMESIZE more - robust. [RT #15443] +2509. [bug] Specifying a fixed query source port was broken. + [RT #19051] -1970. [bug] nsupdate: adjust UDP timeout when falling back to - unsigned SOA query. [RT #15775] +2504. [bug] Address race condition in the socket code. [RT #18899] -1969. [bug] win32: the socket code was freeing the socket - structure too early. [RT #15776] + --- 9.5.1rc1 released --- -1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] +2498. [bug] Removed a bogus function argument used with + ISC_SOCKET_USE_POLLWATCH: it could cause compiler + warning or crash named with the debug 1 level + of logging. [RT #18917] -1966. [bug] Don't set CD when we have fallen back to plain DNS. - [RT #15727] +2496. [bug] Add sanity length checks to NSID option. [RT #18813] -1963. [port] Tru64 4.0E doesn't support send() and recv(). - [RT #15586] +2495. [bug] Tighten RRSIG checks. [RT #18795] -1962. [bug] Named failed to clear old update-policy when it - was removed. [RT #15491] +2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being + installed. [RT #18826] -1961. [bug] Check the port and address of responses forwarded - to dispatch. [RT #15474] +2493. [bug] The linux capabilites code was not correctly cleaning + up after itself. [RT #18767] -1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. - [RT #15465] +2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO + is cleared when IPV6_V6ONLY is set. [RT #18785] -1958. [bug] Named failed to update the zone's secure state - until the zone was reloaded. [RT #15412] +2489. [port] solaris: Workaround Solaris's kernel bug about + /dev/poll: + http://bugs.opensolaris.org/view_bug.do?bug_id=6724237 + Define ISC_SOCKET_USE_POLLWATCH at build time to enable + this workaround. [RT #18870] -1957. [bug] Dig mishandled responses to class ANY queries. - [RT #15402] +2487. [bug] Give TCP connections longer to complete. [RT #18675] -1956. [bug] Improve cross compile support, 'gen' is now built - by native compiler. See README for additional - cross compile support information. [RT #15148] +2485. [bug] Change update's the handling of obscured RRSIG + records. Not all orphand DS records were being + removed. [RT #18828] -1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998] +2482. [port] libxml2: support versions 2.7.* in addition + to 2.6.*. [RT #18806] -1952. [port] hpux: tell the linker to build a runtime link - path "-Wl,+b:". [RT #14816]. +2479. [bug] xfrout:covers was not properly initalized. [RT #18801] -1951. [security] Drop queries from particular well known ports. - Don't return FORMERR to queries from particular - well known ports. [RT #15636] - -1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() - a TCP socket. This prevents the source address being - set for TCP connections. [RT #15628] +2478. [bug] 'addresses' could be used uninitalized in + configure_forward(). [RT #18800] + +2476. [doc] ARM: improve documentation for max-journal-size and + ixfr-from-differences. [RT #15909] [RT #18541] -1948. [bug] If was possible to trigger a REQUIRE failure in - xfrin.c:maybe_free() if named ran out of memory. - [RT #15568] + --- 9.5.1b3 released --- -1946. [bug] resume_dslookup() could trigger a REQUIRE failure - when using forwarders. [RT #15549] +2475. [bug] LRU cache cleanup under overmem condition could purge + particular entries more aggressively. [RT #17628] -1944. [cleanup] isc_hash_create() does not need a read/write lock. - [RT #15522] +2474. [bug] ACL structures could be allocated with insufficient + space, causing an array overrun. [RT #18765] -1943. [bug] Set the loadtime after rolling forward the journal. - [RT #15647] +2473. [port] linux: raise the limit on open files to the possible + maximum value before spawning threads; 'files' + specified in named.conf doesn't seem to work with + threads as expected. [RT #18784] -1942. [bug] If the name of a DNSKEY match that of one in - trusted-keys do not attempt to validate the DNSKEY - using the parents DS RRset. [RT #15649] +2472. [port] linux: check the number of available cpu's before + calling chroot as it depends on "/proc". [RT #16923] -1941. [bug] ncache_adderesult() should set eresult even if no - rdataset is passed to it. [RT #15642] +2471. [bug] named-checkzone was not reporting missing mandatory + glue when sibling checks were disabled. [RT #18768] -1940. [bug] Fixed a number of error conditions reported by - Coverity. +2470. [bug] Elements of the isc_radix_node_t could be incorrectly + overwritten. [RT# 18719] -1939. [bug] The resolver could dereference a null pointer after - validation if all the queries have timed out. - [RT #15528] +2469. [port] solaris: Work around Solaris's select() limitations. + [RT #18769] -1938. [bug] The validator was not correctly handling unsecure - negative responses at or below a SEP. [RT #15528] +2468. [bug] Resolver could try unreachable servers multiple times. + [RT #18739] -1919. [contrib] queryperf: a set of new features: collecting/printing - response delays, printing intermediate results, and - adjusting query rate for the "target" qps. +2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740] - --- 9.3.2 released --- +2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue. + [RT #18302] - --- 9.3.2rc1 released --- +2465. [bug] Adb's handling of lame addresses was different + for IPv4 and IPv6. [RT #18738] -1936. [bug] The validator could leak memory. [RT #15544] +2464. [port] linux: check that a capability is present before + trying to set it. [RT #18135] -1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] +2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket + API and glibc hides parts of the IPv6 Advanced Socket + API as a result. This is stupid as it breaks how the + two halves (Basic and Advanced) of the IPv6 Socket API + were designed to be used but we have to live with it. + Define _GNU_SOURCE to pull in the IPv6 Advanced Socket + API. [RT #18388] - --- 9.3.2b2 released --- +2462. [doc] Document -m (enable memory usage debugging) + option for dig. [RT #18757] -1930. [port] HPUX: ia64 support. [RT #15473] +2461. [port] sunos: Change #2363 was not complete. [RT #17513] -1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM. +2458. [doc] ARM: update and correction for max-cache-size. + [RT #18294] -1926. [bug] The Windows installer did not check for empty - passwords. BINDinstall was being installed in - the wrong place. [RT #15483] +2457. [tuning] max-cache-size is reverted to 0, the previous + default. It should be safe because expired cache + entries are also purged. [RT #18684] -1925. [port] All outer level AC_TRY_RUNs need cross compiling - defaults. [RT #15469] +2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any + address, regardless of family. They now correctly + distinguish IPv4 from IPv6. [RT #18559] + +2455. [bug] Stop metadata being transferred via axfr/ixfr. + [RT #18639] -1924. [port] libbind: hpux ia64 support. [RT #15473] +2453. [bug] Remove NULL pointer dereference in dns_journal_print(). + [RT #18316] -1923. [bug] ns_client_detach() called too early. [RT #15499] +2451. [port] solaris: handle runtime linking better. [RT #18356] - --- 9.3.2b1 released --- +2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort. + [RT #18044] -1917. [doc] funcsynopsisinfo wasn't being treated as verbatim - when generating man pages. [RT #15385] +2445. [doc] ARM out-of-date on empty reverse zones (list includes + RFC1918 address, but these are not yet compiled in). + [RT #18578] -1915. [bug] dig +ndots was broken. [RT #15215] +2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery + (clear DF) for UDP responses and requests. -1914. [protocol] DS is required to accept mnemonic algorithms - (RFC 4034). Still emit numeric algorithms for - compatability with RFC 3658. [RT #15354] +2387. [bug] Silence compiler warnings in lib/isc/radix.c. + [RT #18147] [RT #18258] -1911. [bug] Update windows socket code. [RT #14965] +2369. [bug] libbind: Array bounds overrun on read in bitncmp(). + [RT #18054] -1910. [bug] dig's +sigchase code overhauled. [RT #14933] + --- 9.5.1b2 released --- -1909. [bug] The DLV code has been re-worked to make no longer - query order sensitive. [RT #14933] +2443. [bug] win32: UDP connect() would not generate an event, + and so connected UDP sockets would never clean up. + Fix this by doing an immediate WSAConnect() rather + than an io completion port type for UDP. -1905. [bug] Strings returned from cfg_obj_asstring() should be - treated as read-only. [RT #15256] +2442. [bug] A lock could be destroyed twice. [RT# 18626] -1901. [cleanup] Don't add DNSKEY records to the additional section. +2441. [bug] isc_radix_insert() could copy radix tree nodes + incompletely. [RT #18573] -1900. [bug] ixfr-from-differences failed to ensure that the - serial number increased. [RT #15036] +2440. [bug] named-checkconf used an incorrect test to determine + if an ACL was set to none. -1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and - ISC_NETADDR_FORMATSIZE to allow for scope details. +2439. [bug] Potential NULL dereference in dns_acl_isanyornone(). + [RT #18559] + +2438. [bug] Timeouts could be logged incorrectly under win32. + [RT #18617] -1894. [bug] Recursive clients soft quota support wasn't working - as expected. [RT #15103] +2437. [bug] Sockets could be closed too early, leading to + inconsistent states in the socket module. [RT #18298] -1893. [bug] A escaped character is, potentially, converted to - the output character set too early. [RT #14666] +2436. [security] win32: UDP client handler can be shutdown. [RT #18576] -1892. [port] Use uintptr_t if available. [RT #14606] +2435. [bug] Fixed an ACL memory leak affecting win32. -1889. [port] sunos: non blocking i/o support. [RT #14951] +2434. [bug] Fixed a minor error-reporting bug in + lib/isc/win32/socket.c. -1887. [bug] The cache could delete expired records too fast for - clients with a virtual time in the past. [RT #14991] +2433. [tuning] Set initial timeout to 800ms. -1886. [bug] fctx_create() could return success even though it - failed. [RT #14993] +2432. [bug] More Windows socket handling improvements. Stop + using I/O events and use IO Completion Ports + throughout. Rewrite the receive path logic to make + it easier to support multiple simultaneous + requesters in the future. Add stricter consistency + checking as a compile-time option (define + ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off). -1884. [cleanup] dighost.c: move external declarations into . +2431. [bug] Acl processing could leak memory. [RT #18323] -1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug - levels. [RT #14962] +2430. [bug] win32: isc_interval_set() could round down to + zero if the input was less than NS_INTERVAL + nanoseconds. Round up instead. [RT #18549] -1881. [func] Add a system test for named-checkconf. [RT #14931] +2429. [doc] nsupdate should be in section 1 of the man pages. + [RT #18283] -1877. [bug] Fix unreasonably low quantum on call to - dns_rbt_destroy2(). Remove unnecessay unhash_node() - call. [RT #14919] +2428. [bug] dns_iptable_merge() mishandled merges of negative + tables. [RT #18409] -1875. [bug] process_dhtkey() was using the wrong memory context - to free some memory. [RT #14890] +2426. [bug] libbind: inet_net_pton() can sometimes return the + wrong value if excessively large net masks are + supplied. [RT #18512] -1874. [port] sunos: portability fixes. [RT #14814] +2425. [bug] named didn't detect unavailable query source addresses + at load time. [RT #18536] -1873. [port] win32: isc__errno2result() now reports its caller. - [RT #13753] +2424. [port] configure now probes for a working epoll + implementation. Allow the use of kqueue, + epoll and /dev/poll to be selected at compile + time. [RT #18277] + +2422. [bug] Handle the special return value of a empty node as + if it was a NXRRSET in the validator. [RT #18447] -1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] +2421. [func] Add new command line option '-S' for named to specify + the max number of sockets. [RT #18493] + Use caution: this option may not work for some + operating systems without rebuilding named. -1867. [bug] It was possible to trigger a INSIST in - dlv_validatezonekey(). [RT #14846] +2420. [bug] Windows socket handling cleanup. Let the io + completion event send out cancelled read/write + done events, which keeps us from writing to memory + we no longer have ownership of. Add debugging + socket_log() function. Rework TCP socket handling + to not leak sockets. -1866. [bug] resolv.conf parse errors were being ignored by - dig/host/nslookup. [RT #14841] +2419. [cleanup] Document that isc_socket_create() and isc_socket_open() + should not be used for isc_sockettype_fdwatch sockets. + [RT #18521] -1865. [bug] Silently ignore nameservers in /etc/resolv.conf with - bad addresses. [RT #14841] +2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure + [RT #18430] -1864. [bug] Don't try the alternative transfer source if you - got a answer / transfer with the main source - address. [RT #14802] +2417. [bug] Connecting UDP sockets for outgoing queries could + unexpectedly fail with an 'address already in use' + error. [RT #18411] -1863. [bug] rrset-order "fixed" error messages not complete. +2416. [func] Log file descriptors that cause exceeding the + internal maximum. [RT #18460] -1861. [bug] dig could trigger a INSIST on certain malformed - responses. [RT #14801] +2415. [bug] 'rndc dumpdb' could trigger various assertion failures + in rbtdb.c. [RT #18455] -1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was - incorrectly set. [RT #14775] +2414. [bug] A masterdump context held the database lock too long, + causing various troubles such as dead lock and + recursive lock acquisition. [RT #18311, #18456] -1858. [bug] The flush-zones-on-shutdown option wasn't being - parsed. [RT #14686] +2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442] -1857. [bug] named could trigger a INSIST() if reconfigured / - reloaded too fast. [RT #14673] +2412. [bug] win32: address a resourse leak. [RT #18374] -1856. [doc] Switch Docbook toolchain from DSSSL to XSL. - [RT #11398] +2411. [bug] Allow using a larger number of sockets than FD_SETSIZE + for select(). To enable this, set ISC_SOCKET_MAXSOCKETS + at compilation time. [RT #18433] -1855. [bug] ixfr-from-differences was failing to detect changes - of ttl due to dns_diff_subtract() was ignoring the ttl - of records. [RT #14616] + Note: with changes #2469 and #2421 above, there is no + need to tweak ISC_SOCKET_MAXSOCKETS at compilation time + any more. -1854. [bug] lwres also needs to know the print format for - (long long). [RT #13754] +2410. [bug] Correctly delete m_versionInfo. [RT #18432] -1853. [bug] Rework how DLV interacts with proveunsecure(). - [RT #13605] +2409. [bug] Only log that we disabled EDNS processing if we were + subsequently successful. [RT #18029] -1852. [cleanup] Remove last vestiges of dnssec-signkey and - dnssec-makekeyset (removed from Makefile years ago). +2408. [bug] A duplicate TCP dispatch event could be sent, which + could then trigger an assertion failure in + resquery_response(). [RT #18275] -1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] +2407. [port] hpux: test for sys/dyntune.h. [RT #18421] -1849. [doc] All forms of the man pages (docbook, man, html) should - have consistant copyright dates. +2405. [cleanup] The default value for dnssec-validation was changed to + "yes" in 9.5.0-P1 and all subsequent releases; this + was inadvertently omitted from CHANGES at the time. -1848. [bug] Improve SMF integration. [RT #13238] +2404. [port] hpux: files unlimited support. -1847. [bug] isc_ondestroy_init() is called too late in - dns_rbtdb_create()/dns_rbtdb64_create(). - [RT #13661] - -1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer - . +2403. [bug] TSIG context leak. [RT #18341] -1845. [bug] Improve error reporting to distingish between - accept()/fcntl() and socket()/fcntl() errors. - [RT #13745] +2402. [port] Support Solaris 2.11 and over. [RT #18362] -1844. [bug] inet_pton() accepted more that 4 hexadecimal digits - for each 16 bit piece of the IPv6 address. The text - representation of a IPv6 address has been tighted - to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). - [RT #5662] +2401. [bug] Expect to get E[MN]FILE errno internal_accept() + (from accept() or fcntl() system calls). [RT #18358] -1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps - when CFLAGS contains "-I /usr/local/include" - resulting in old header files being used. +2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails. + [RT #18297] -1842. [port] cmsg_len() could produce incorrect results on - some platform. [RT #13744] +2398. [bug] Improve file descriptor management. New, + temporary, named.conf option reserved-sockets, + default 512. [RT #18344] -1841. [bug] "dig +nssearch" now makes a recursive query to - find the list of nameservers to query. [RT #13694] +2397. [bug] gssapi_functions bad declaration. [RT #18355] -1839. [bug] was not being installed. +2396. [bug] Don't set SO_REUSEADDR for randomized ports. + [RT #18336] -1838. [cleanup] Don't allow Linux capabilities to be inherited. - [RT #13707] +2395. [port] Avoid warning and no effect from "files unlimited" + on Linux when running as root. [RT #18335] -1837. [bug] Compile time option ISC_FACILITY was not effective - for 'named -u '. [RT #13714] +2394. [bug] Default configuration options set the limit for + open files to 'unlimited' as described in the + documentation. [RT #18331] -1836. [cleanup] Silence compiler warnings in hash_test.c. +2393. [bug] nested acls containing keys could trigger an + assertion in acl.c. [RT #18166] -1835. [bug] Update dnssec-signzone's usage message. [RT #13657] +2392. [bug] remove 'grep -q' from acl test script, some platforms + don't support it. [RT #18253] -1834. [bug] Bad memset in rdata_test.c. [RT #13658] +2391. [port] hpux: cover additional recvmsg() error codes. + [RT #18301] -1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660] +2390. [bug] dispatch.c could make a false warning on 'odd socket'. + [RT #18301]. -1832. [bug] named fails to return BADKEY on unknown TSIG algorithm. - [RT #13620] +2389. [bug] Move the "working directory writable" check to after + the ns_os_changeuser() call. [RT #18326] -1831. [doc] Update named-checkzone documentation. [RT#13604] +2388. [bug] Avoid using tables for layout purposes in + statistics XSL [RT #18159]. -1830. [bug] adb lame cache has sence of test reversed. [RT #13600] +2386. [func] Add warning about too small 'open files' limit. + [RT #18269] -1829. [bug] win32: "pid-file none;" broken. [RT #13563] + --- 9.5.1b1 released --- -1828. [bug] isc_rwlock_init() failed to properly cleanup if it - encountered a error. [RT #13549] +2385. [bug] A condition variable in socket.c could leak in + rare error handling [RT #17968]. -1827. [bug] host: update usage message for '-a'. [RT #37116] +2384. [security] Additional support for query port randomization (change + #2375) including performance improvement and port range + specification. [RT #17949, #18098] -1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out - of memory error. [RT #13537] +2383. [bug] named could double queries when they resulted in + SERVFAIL due to overkilling EDNS0 failure detection. + [RT #18182] -1825. [bug] Missing UNLOCK() on out of memory error from in - rbtdb.c:subtractrdataset(). [RT #13519] +2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP + to ARM. -1824. [bug] Memory leak on dns_zone_setdbtype() failure. - [RT #13510] +2381. [port] dlz/mysql: support multiple install layouts for + mysql. /include/{,mysql/}mysql.h and + /lib/{,mysql/}. [RT #18152] -1823. [bug] Wrong macro used to check for point to point interface. - [RT#13418] +2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET + proofs which, in turn, caused validation failures + for insecure zones immediately below a secure zone + the server was authoritative for. [RT #18112] -1822. [bug] check-names test for RT was reversed. [RT #13382] +2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant + TLDs and supported RRs with TTLs [RT #17972] -1821. [doc] acls definitions are no longer required to be - in named.conf prior to reference. They can be - defined after being referenced. +2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5. + [RT #18169] -1820. [bug] Gracefully handle acl loops. [RT #13659] +2377. [bug] Address race condition in dnssec-signzone. [RT #18142] -1819. [bug] The validator needed to check both the algorithm and - digest types of the DS to determine if it could be - used to introduce a secure zone. [RT #13593] +2376. [bug] Change #2144 was not complete. -1816. [port] UnixWare: failed to compile lib/isc/unix/net.c. - [RT #13597] +2375. [security] Fully randomize UDP query ports to improve + forgery resilience. [RT #17949] -1815. [bug] nsupdate triggered a REQUIRE if the server was set - without also setting the zone and it encountered - a CNAME and was using TSIG. [RT #13086] +2373. [bug] Default values of zone ACLs were re-parsed each time a + new zone was configured, causing an overconsumption + of memory. [RT #18092] -1810. [bug] configure, lib/bind/configure make different default - decisions about whether to do a threaded build. - [RT #13212] + --- 9.5.0 released --- -1809. [bug] "make distclean" failed for libbind if the platform - is not supported. +2374. [bug] "blackhole" ACLs could cause named to segfault due + to some uninitialized memory. [RT #18095] -1807. [bug] When forwarding (forward only) set the active domain - from the forward zone name. [RT #13526] - -1804. [bug] Ensure that if we are queried for glue that it fits - in the additional section or TC is set to tell the - client to retry using TCP. [RT #10114] +2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047] -1803. [bug] dnssec-signzone sometimes failed to remove old - RRSIGs. [RT #13483] +2371. [doc] add +nsid option to dig man page. [RT #18039] -1802. [bug] Handle connection resets better. [RT #11280] +2370. [bug] "rndc freeze" could trigger an assertion in named + when called on a nonexistent zone. [RT #18050] -1799. [bug] 'rndc flushname' failed to flush negative cache - entries. [RT #13438] + --- 9.5.0rc1 released --- -1795. [bug] "rndc dumpdb" was not fully documented. Minor - formating issues with "rndc dumpdb -all". [RT #13396] +2368. [port] Linux: use libcap for capability management if + possible. [RT# 18026] -1791. [bug] 'host -t a' still printed out AAAA and MX records. - [RT #13230] +2367. [bug] Improve counting of dns_resstatscounter_retry + [RT #18030] - --- 9.3.1 released --- +2366. [bug] Adb shutdown race. [RT #18021] -1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599] +2365. [bug] Fix a bug that caused dns_acl_isany() to return + spurious results. [RT #18000] - --- 9.3.1rc1 released --- +2364. [bug] named could trigger an assertion when serving a + malformed signed zone. [RT #17828] -1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect. - [RT #13453] +2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;". + [RT #17513] -1808. [bug] zone.c:notify_zone() contained a race condition, - zone->db could change underneath it. [RT #13511] +2362. [cleanup] Make "rrset-order fixed" a compile-time option. + settable by "./configure --enable-fixed-rrset". + Disabled by default. [RT #17977] -1806. [bug] The resolver returned the wrong result when a CNAME / - DNAME was encountered when fetching glue from a - secure namespace. [RT #13501] +2361. [bug] "recursion" statistics counter could be counted + multiple times for a single query. [RT #17990] -1805. [bug] Pending status was not being cleared when DLV was - active. [RT #13501] + --- 9.5.0b3 released --- - --- 9.3.1beta2 released --- +2360. [bug] Fix a condition where we release a database version + (which may acquire a lock) while holding the lock. -1800. [bug] Changes #1719 allowed a INSIST to be triggered. - [RT #13428] +2359. [bug] Fix NSID bug. [RT #17942] - --- 9.3.1beta1 released --- +2358. [doc] Update host's default query description. [RT #17934] -1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should - allow parallel make to succeed. +2356. [bug] Built in mutex profiler was not scalable enough. + [RT #17436] -1789. [bug] Prerequisite test for tkey and dnssec could fail - with "configure --with-libtool". +2355. [func] Extend the number statistics counters available. + [RT #17590] -1788. [bug] libbind9.la/libbind9.so needs to link against - libisccfg.la/libisccfg.so. +2354. [bug] Failed to initialize some rdatasetheader_t elements. + [RT #17927] -1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings. +2353. [func] Add support for Name Server ID (RFC 5001). + 'dig +nsid' requests NSID from server. + 'request-nsid yes;' causes recursive server to send + NSID requests to upstream servers. Server responds + to NSID requests with the string configured by + 'server-id' option. [RT #17091] -1786. [port] AIX: libt_api needs to be taught to look for - T_testlist in the main executable (--with-libtool). - [RT #13239] +2352. [bug] Various GSS_API fixups. [RT #17729] -1785. [bug] libbind9.la/libbind9.so needs to link against - libisc.la/libisc.so. +2351. [bug] convertxsl.pl generated very long lines. [RT #17906] -1784. [cleanup] "libtool -allow-undefined" is the default. - Leave hooks in configure to allow it to be set - if needed in the future. +2350. [port] win32: IPv6 support. [RT #17797] -1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the - source tree. +2347. [bug] Delete now traverses the RB tree in the canonical + order. [RT #17451] -1782. [port] OSX: --with-libtool + --enable-libbind broke on - __evOptMonoTime. [RT #13219] +2346. [func] Memory statistics now cover all active memory contexts + in increased detail. [RT #17580] -1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810] +2345. [bug] named-checkconf failed to detect when forwarders + were set at both the options/view level and in + a root zone. [RT #17671] -1780. [bug] Update libtool to 1.5.10. +2344. [bug] Improve "logging{ file ...; };" documentation. + [RT #17888] -1779. [port] OSF 5.1: libtool didn't handle -pthread correctly. +2343. [bug] (Seemingly) duplicate IPv6 entries could be + created in ADB. [RT #17837] -1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and - IN6ADDR_LOOPBACK_INIT macros. +2341. [bug] libbind: add missing -I../include for off source + tree builds. [RT #17606] -1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and - IN6ADDR_LOOPBACK_INIT macros. +2340. [port] openbsd: interface configuration. [RT #17700] -1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and - IN6ADDR_LOOPBACK_INIT macros. +2339. [port] tru64: support for libbind. [RT #17589] -1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205] +2338. [bug] check_ds() could be called with a non DS rdataset. + [RT #17598] -1774. [port] Aix: Silence compiler warnings / build failures. - [RT #13154] +2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614] -1773. [bug] Fast retry on host / net unreachable. [RT #13153] +2335. [port] sunos: libbind and *printf() support for long long. + [RT #17513] -1770. [bug] named-checkconf failed to report missing a missing - file clause for rbt{64} master/hint zones. [RT#13009] +2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one + bug in fromstruct_txt(). [RT #17609] -1769. [port] win32: change compiler flags /MTd ==> /MDd, - /MT ==> /MD. +2333. [bug] Fix off by one error in isc_time_nowplusinterval(). + [RT #17608] -1768. [bug] nsecnoexistnodata() could be called with a non-NSEC - rdataset. [RT #12907] +2332. [contrib] query-loc-0.4.0. [RT #17602] -1767. [port] Builds on IPv6 platforms without IPv6 Advanced API - support for (struct in6_pktinfo) failed. [RT #13077] +2331. [bug] Failure to regenerate any signatures was not being + reported nor being past back to the UPDATE client. + [RT #17570] -1766. [bug] Update the master file timestamp on successful refresh - as well as the journal's timestamp. [RT# 13062] +2330. [bug] Remove potential race condition when handling + over memory events. [RT #17572] -1765. [bug] configure --with-openssl=auto failed. [RT #12937] + WARNING: API CHANGE: over memory callback + function now needs to call isc_mem_waterack(). + See for details. -1764. [bug] dns_zone_replacedb failed to emit a error message - if there was no SOA record in the replacment db. - [RT #13016] +2329. [bug] Clearer help text for dig's '-x' and '-i' options. -1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS - even when it failed. [RT #12995] +2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET, + F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET, + J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and + M.ROOT-SERVERS.NET. -1761. [bug] 'rndc dumpdb' didn't report unassociated entries. - [RT #12971] +2327. [bug] It was possible to dereference a NULL pointer in + rbtdb.c. Implement dead node processing in zones as + we do for caches. [RT #17312] -1760. [bug] Host / net unreachable was not penalising rtt - estimates. [RT #12970] +2326. [bug] It was possible to trigger a INSIST in the acache + processing. -1759. [bug] Named failed to startup if the OS supported IPv6 - but had no IPv6 interfaces configured. [RT #12942] +2325. [port] Linux: use capset() function if available. [RT #17557] -1754. [bug] We wern't always attempting to query the parent - server for the DS records at the zone cut. - [RT #12774] + --- 9.5.0b2 released --- -1753. [bug] Don't serve a slave zone which has no NS records. - [RT #12894] +2324. [bug] Fix IPv6 matching against "any;". [RT #17533] -1752. [port] Move isc_app_start() to after ns_os_daemonise() - as some fork() implementations unblock the signals - that are blocked by isc_app_start(). [RT #12810] +2323. [port] tru64: namespace clash. [RT #17547] -1751. [bug] --enable-getifaddrs failed under linux. [RT #12867] +2322. [port] MacOS: work around the limitation of setrlimit() + for RLIMIT_NOFILE. [RT #17526] -1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly. - [RT #12864] +2320. [func] Make statistics counters thread-safe for platforms + that support certain atomic operations. [RT #17466] -1749. [bug] 'check-names response ignore;' failed to ignore. - [RT #12866] +2319. [bug] Silence Coverity warnings in + lib/dns/rdata/in_1/apl_42.c. [RT #17469] -1747. [bug] BIND 8 compatability: named/named-checkconf failed - to parse "host-statistics-max" in named.conf. +2318. [port] sunos fixes for libbind. [RT #17514] -1745. [bug] Dig/host/nslookup accept replies from link locals - regardless of scope if no scope was specified when - query was sent. [RT #12745] +2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518] -1744. [bug] If tuple2msgname() failed to convert a tuple to - a name a REQUIRE could be triggered. [RT #12796] +2316. [port] Missing #include in lib/dns/gssapictx.c. + [RT #17513] -1743. [bug] If isc_taskmgr_create() was not able to create the - requested number of worker threads then destruction - of the manager would trigger an INSIST() failure. - [RT #12790] - -1742. [bug] Deleting all records at a node then adding a - previously existing record, in a single UPDATE - transaction, failed to leave / regenerate the - associated RRSIG records. [RT #12788] +2315. [bug] Used incorrect address family for mapped IPv4 + addresses in acl.c. [RT #17519] -1741. [bug] Deleting all records at a node in a secure zone - using a update-policy grant failed. [RT #12787] +2314. [bug] Uninitialized memory use on error path in + bin/named/lwdnoop.c. [RT #17476] -1740. [bug] Replace rbt's hash algorithm as it performed badly - with certain zones. [RT #12729] - - NOTE: a hash context now needs to be established - via isc_hash_create() if the application was not - already doing this. +2313. [cleanup] Silence Coverity warnings. Handle private stacks. + [RT #17447] [RT #17478] -1739. [bug] dns_rbt_deletetree() could incorrectly return - ISC_R_QUOTA. [RT #12695] +2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c. + [RT #17458] -1738. [bug] Enable overrun checking by default. [RT #12695] +2311. [bug] IPv6 addresses could match IPv4 ACL entries and + vice versa. [RT #17462] -1737. [bug] named failed if more than 16 masters were specified. - [RT #12627] +2310. [bug] dig, host, nslookup: flush stdout before emitting + debug/fatal messages. [RT #17501] -1736. [bug] dst_key_fromnamedfile() could fail to read a - public key. [RT #12687] - -1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure. - [RE #12688] +2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c. + [RT #17455] -1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path. - [RT #12588] +2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c. + [RT #17495] -1733. [bug] Return non-zero exit status on initial load failure. - [RT #12658] +2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496] -1732. [bug] 'rrset-order name "*"' wasn't being applied to ".". - [RT #12467] +2306. [bug] Remove potential race from lib/dns/resolver.c. + [RT #17470] -1731. [port] darwin: relax version test in ifconfig.sh. - [RT #12581] +2305. [security] inet_network() buffer overflow. CVE-2008-0122. -1730. [port] Determine the length type used by the socket API. - [RT #12581] +2304. [bug] Check returns from all dns_rdata_tostruct() calls. + [RT #17460] -1728. [doc] Update check-names documentation. +2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c. + [RT #17471] -1727. [bug] named-checkzone: check-names support didn't match - documentation. +2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472] -1726. [port] aix5: add support for aix5. +2301. [bug] Remove resource leak and fix error messages in + bin/tests/system/lwresd/lwtest.c. [RT #17474] -1725. [port] linux: update error message on interaction of threads, - capabilities and setuid support (named -u). [RT #12541] +2300. [bug] Fixed failure to close open file in + bin/tests/names/t_names.c. [RT #17473] -1724. [bug] Look for DNSKEY records with "dig +sigtrace". - [RT #12557] +2299. [bug] Remove unnecessary NULL check in + bin/nsupdate/nsupdate.c. [RT #17475] -1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493] +2298. [bug] isc_mutex_lock() failure not caught in + bin/tests/timers/t_timers.c. [RT #17468] -1722. [bug] Don't commit the journal on malformed ixfr streams. - [RT #12519] +2297. [bug] isc_entropy_createfilesource() failure not caught in + bin/tests/dst/t_dst.c. [RT #17467] -1721. [bug] Error message from the journal processing were not - always identifing the relevent journal. [RT #12519] +2296. [port] Allow docbook stylesheet location to be specified to + configure. [RT #17457] -1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1 - negative response. [RT #12506] +2295. [bug] Silence static overrun error in bin/named/lwaddr.c. + [RT #17459] -1719. [bug] named was not correctly caching a RFC 2308 Type 1 - negative response. [RT #12506] +2294. [func] Allow the experimental statistics channels to have + multiple connections and ACL. + Note: the stats-server and stats-server-v6 options + available in the previous beta releases are replaced + with the generic statistics-channels statement. -1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative - responses when looking for the zone / master server. - [RT #12506] +2293. [func] Add ACL regression test. [RT #17375] -1717. [port] solaris: ifconfig.sh did not support Solaris 10. - "ifconfig.sh down" didn't work for Solaris 9. +2292. [bug] Log if the working directory is not writable. + [RT #17312] -1716. [doc] named.conf(5) was being installed in the wrong - location. [RT# 12441] +2291. [bug] PR_SET_DUMPABLE may be set too late. Also report + failure to set PR_SET_DUMPABLE. [RT #17312] -1714. [bug] dig/host/nslookup were only trying the first - address when a nameserver was specified by name. - [RT #12286] +2290. [bug] Let AD in the query signal that the client wants AD + set in the response. [RT #17301] -1713. [port] linux: extend capset failure message to say: - please ensure that the capset kernel module is - loaded. see insmod(8) +2288. [port] win32: mark service as running when we have finished + loading. [RT #17441] -1712. [bug] Missing FULLCHECK for "trusted-key" in dig. +2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413] - --- 9.3.0 released --- +2284. [bug] Memory leak in UPDATE prerequisite processing. + [RT #17377] -1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'. +2283. [bug] TSIG keys were not attaching to the memory + context. TSIG keys should use the rings + memory context rather than the clients memory + context. [RT #17377] - --- 9.3.0rc4 released --- +2282. [bug] Acl code fixups. [RT #17346] [RT #17374] -1709. [port] solaris: add SMF support. +2281. [bug] Attempts to use undefined acls were not being logged. + [RT #17307] -1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash() - for conformance to the name space convention. Binary - backward compatibility to the old function name is - provided. [RT #12376] +2280. [func] Allow the experimental http server to be reached + over IPv6 as well as IPv4. [RT #17332] -1707. [contrib] sdb/ldap updated to version 1.0-beta. +2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available, + to protect applications from receiving spurious + SIGPIPE signals when using the resolver. -1706. [bug] 'rndc stop' failed to cause zones to be flushed - sometimes. [RT #12328] +2278. [bug] win32: handle the case where Windows returns no + search list or DNS suffix. [RT #17354] -1704. [port] lwres needed a snprintf() implementation for - platforms without snprintf(). Add missing - "#include ". [RT #12321] +2277. [bug] Empty zone names were not correctly being caught at + in the post parse checks. [RT #17357] -1703. [bug] named would loop sending NOTIFY messages when it - failed to receive a response. [RT #12322] +2276. [bug] Install . [RT# 17359] -1702. [bug] also-notify should not be applied to builtin zones. - [RT #12323] +2275. [func] Add support to dig to perform IXFR queries over UDP. + [RT #17235] -1701. [doc] A minimal named.conf man page. +2274. [func] Log zone transfer statistics. [RT #17336] -1700. [func] nslookup is no longer to be treated as deprecated. - Remove "deprecated" warning message. Add man page. +2273. [bug] Adjust log level to WARNING when saving inconsistent + stub/slave master and journal files. [RT# 17279] -1699. [bug] dnssec-signzone can generate "not exact" errors - when resigning. [RT #12281] +2272. [bug] Handle illegal dnssec-lookaside trust-anchor names. + [RT #17262] -1698. [doc] Use reserved IPv6 documentation prefix. +2271. [bug] Fix a memory leak in http server code [RT #17100] -1697. [bug] xxx-source{,-v6} was not effective when it - specified one of listening addresses and a - different port than the listening port. [RT #12257] +2270. [bug] dns_db_closeversion() version->writer could be reset + before it is tested. [RT #17290] - --- 9.3.0rc3 released --- +2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232] -1696. [bug] dnssec-signzone failed to clean out nodes that - consisted of only NSEC and RRSIG records. - [RT #12154] +2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones + list. -1695. [bug] DS records when forwarding require special handling. - [RT #12133] + --- 9.5.0b1 released --- -1694. [bug] Report if the builtin views of "_default" / "_bind" - are defined in named.conf. [RT #12023] +2267. [bug] Radix tree node_num value could be set incorrectly, + causing positive ACL matches to look like negative + ones. [RT #17311] -1693. [bug] max-journal-size was not effective for master zones - with ixfr-from-differences set. [RT# 12024] +2266. [bug] client.c:get_clientmctx() returned the same mctx + once the pool of mctx's was filled. [RT #17218] -1692. [bug] Don't set -I, -L and -R flags when libcrypto is in - /usr/lib. [RT #11971] +2265. [bug] Test that the memory context's basic_table is non NULL + before freeing. [RT #17265] -1691. [bug] sdb's attachversion was not complete. [RT #11990] +2264. [bug] Server prefix length was being ignored. [RT #17308] -1690. [bug] Delay detaching view from the client until UPDATE - processing completes when shutting down. [RT #11714] +2263. [bug] "named-checkconf -z" failed to set default value + for "check-integrity". [RT #17306] -1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros - contained gratuitous semicolons. [RT #11707] +2262. [bug] Error status from all but the last view could be + lost. [RT #17292] -1688. [bug] LDFLAGS was not supported. +2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272] -1687. [bug] Race condition in dispatch. [RT #10272] +2260. [bug] Reported wrong clients-per-query when increasing the + value. [RT #17236] -1686. [bug] Named sent a extraneous NOTIFY when it received a - redundant UPDATE request. [RT #11943] +2259. [placeholder] - --- 9.3.0rc2 released --- + --- 9.5.0a7 released --- -1685. [bug] Change #1679 loop tests weren't quite right. +2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken. + [RT #17241] -1683. [bug] dig +sigchase could leak memory. [RT #11445] +2257. [bug] win32: Use the full path to vcredist_x86.exe when + calling it. [RT #17222] -1682. [port] Update configure test for (long long) printf format. - [RT #5066] +2256. [bug] win32: Correctly register the installation location of + bindevt.dll. [RT #17159] -1681. [bug] Only set SO_REUSEADDR when a port is specified in - isc_socket_bind(). [RT #11742] +2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42. -1679. [bug] When there was a single nameserver with multiple - addresses for a zone not all addresses were tried. - [RT #11706] +2254. [bug] timer.c:dispatch() failed to lock timer->lock + when reading timer->idle allowing it to see + intermediate values as timer->idle was reset by + isc_timer_touch(). [RT #17243] -1678. [bug] RRSIG should use TYPEXXXXX for unknown types. +2253. [func] "max-cache-size" defaults to 32M. + "max-acache-size" defaults to 16M. -1677. [bug] dig: +aaonly didn't work, +aaflag undocumented. +2252. [bug] Fixed errors in sortlist code [RT #17216] -1675. [bug] named would sometimes add extra NSEC records to - the authority section. - -1674. [port] linux: increase buffer size used to scan - /proc/net/if_inet6. +2251. [placeholder] -1673. [port] linux: issue a error messages if IPv6 interface - scans fails. +2250. [func] New flag 'memstatistics' to state whether the + memory statistics file should be written or not. + Additionally named's -m option will cause the + statistics file to be written. [RT #17113] -1672. [cleanup] Tests which only function in a threaded build - now return R:THREADONLY (rather than R:UNTESTED) - in a non-threaded build. +2249. [bug] Only set Authentic Data bit if client requested + DNSSEC, per RFC 3655 [RT #17175] -1671. [contrib] queryperf: add NAPTR to the list of known types. +2248. [cleanup] Fix several errors reported by Coverity. [RT #17160] -1670. [func] Log UPDATE requests to slave zones without an acl as - "disabled" at debug level 3. [RT# 11657] +2247. [doc] Sort doc/misc/options. [RT #17067] -1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core. +2246. [bug] Make the startup of test servers (ans.pl) more + robust. [RT #17147] -1667. [port] linux: not all versions have IF_NAMESIZE. +2245. [bug] Validating lack of DS records at trust anchors wasn't + working. [RT #17151] -1666. [bug] The optional port on hostnames in dual-stack-servers - was being ignored. +2244. [func] Allow the check of nameserver names against the + SOA MNAME field to be disabled by specifying + 'notify-to-soa yes;'. [RT #17073] -1663. [func] Look for OpenSSL by default. +2243. [func] Configuration files without a newline at the end now + parse without error. [RT #17120] -1661. [bug] Restore dns_name_concatenate() call in - adb.c:set_target(). [RT #11582] +2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos + library could require a source of random data. + [RT #17127] -1660. [bug] win32: connection_reset_fix() was being called - unconditionally. [RT #11595] +2241. [func] nsupdate: add a interactive 'help' command. [RT #17099] - --- 9.3.0rc1 released --- +2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert + a number of INSIST()s into plain fatal() errors + which report the triggering result code. + The 'key' command wasn't disabling GSS-TSIG. + [RT #17099] -1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY. +2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114] -1662. [bug] Change #1658 failed to change one use of 'type' - to 'keytype'. +2238. [bug] It was possible to trigger a REQUIRE when a + validation was canceled. [RT #17106] -1659. [cleanup] Cleanup some messages that were referring to KEY vs - DNSKEY, NXT vs NSEC and SIG vs RRSIG. +2237. [bug] libbind: res_init() was not thread aware. [RT #17123] -1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5 - and DH. Tighten which options apply to KEY and - DNSKEY records. +2236. [bug] dnssec-signzone failed to preserve the case of + of wildcard owner names. [RT #17085] -1657. [doc] ARM: document query log output. +2235. [bug] was not being installed. [RT #17135] -1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC - DNSKEY and RRSIG. [RT #11542] +2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134] -1655. [bug] Logging multiple versions w/o a size was broken. - [RT #11446] +2233. [func] Add support for O(1) ACL processing, based on + radix tree code originally written by Kevin + Brintnall. [RT #16288] -1654. [bug] isc_result_totext() contained array bounds read - error. +2232. [bug] dns_adb_findaddrinfo() could fail and return + ISC_R_SUCCESS. [RT #17137] -1653. [func] Add key type checking to dst_key_fromfilename(), - DST_TYPE_KEY should be used to read TSIG, TKEY and - SIG(0) keys. +2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken. + [RT #17088] -1652. [bug] TKEY still uses KEY. +2230. [bug] We could INSIST reading a corrupted journal. + [RT #17132] -1651. [bug] dig: process multiple dash options. +2229. [bug] Null pointer dereference on query pool creation + failure. [RT #17133] -1650. [bug] dig, nslookup: flush standard out after each command. +2228. [contrib] contrib: Change 2188 was incomplete. -1649. [bug] Silence "unexpected non-minimal diff" message. - [RT #11206] +2227. [cleanup] Tidied up the FAQ. [RT #17121] -1648. [func] Update dnssec-lookaside named.conf syntax to support - multiple dnssec-lookaside namespaces (not yet - implemented). +2226. [placeholder] -1647. [bug] It was possible trigger a INSIST when chasing a DS - record that required walking back over a empty node. - [RT #11445] +2225. [bug] More support for systems with no IPv4 addresses. + [RT #17111] -1646. [bug] win32: logging file versions didn't work with - non-UNC filenames. [RT#11486] +2224. [bug] Defer journal compaction if a xfrin is in progress. + [RT #17119] -1645. [bug] named could trigger a REQUIRE failure if multiple - masters with keys are specified. +2223. [bug] Make a new journal when compacting. [RT #17119] -1644. [bug] Update the journal modification time after a - sucessfull refresh query. [RT #11436] +2222. [func] named-checkconf now checks server key references. + [RT #17097] -1643. [bug] dns_db_closeversion() could leak memory / node - references. [RT #11163] +2221. [bug] Set the event result code to reflect the actual + record turned to caller when a cache update is + rejected due to a more credible answer existing. + [RT #17017] -1642. [port] Support OpenSSL implementations which don't have - DSA support. [RT #11360] +2220. [bug] win32: Address a race condition in final shutdown of + the Windows socket code. [RT #17028] -1641. [bug] Update the check-names description in ARM. [RT #11389] +2219. [bug] Apply zone consistency checks to additions, not + removals, when updating. [RT #17049] - --- 9.3.0beta4 released --- +2218. [bug] Remove unnecessary REQUIRE from dns_validator_create(). + [RT #16976] -1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was - incorrectly closing the socket. [RT #11291] +2217. [func] Adjust update log levels. [RT #17092] -1639. [func] Initial dlv system test. +2216. [cleanup] Fix a number of errors reported by Coverity. + [RT #17094] -1638. [bug] "ixfr-from-differences" could generate a REQUIRE - failure if the journal open failed. [RT #11347] - -1637. [bug] Node reference leak on error in addnoqname(). +2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094] -1636. [bug] The dump done callback could get ISC_R_SUCCESS even if - a error had occured. The database version no longer - matched the version of the database that was dumped. +2214. [bug] Deregister OpenSSL lock callback when cleaning + up. Reorder OpenSSL cleanup so that RAND_cleanup() + is called before the locks are destroyed. [RT #17098] -1635. [bug] Memory leak on error in query_addds(). +2213. [bug] SIG0 diagnostic failure messages were looking at the + wrong status code. [RT #17101] -1634. [bug] named didn't supply a useful error message when it - detected duplicate views. [RT #11208] +2212. [func] 'host -m' now causes memory statistics and active + memory to be printed at exit. [RT 17028] -1633. [bug] named should return NOTIMP to update requests to a - slaves without a allow-update-forwarding acl specified. - [RT #11331] +2211. [func] Update "dynamic update temporarily disabled" message. + [RT #17065] -1632. [bug] nsupdate failed to send prerequisite only UPDATE - messages. [RT #11288] +2210. [bug] Deleting class specific records via UPDATE could + fail. [RT #17074] -1631. [bug] dns_journal_compact() could sometimes corrupt the - journal. [RT #11124] +2209. [port] osx: linking against user supplied static OpenSSL + libraries failed as the system ones were still being + found. [RT #17078] -1630. [contrib] queryperf: add support for IPv6 transport. +2208. [port] win32: make sure both build methods produce the + same output. [RT #17058] -1629. [func] dig now supports IPv6 scoped addresses with the - extended format in the local-server part. [RT #8753] +2207. [port] Some implementations of getaddrinfo() fail to set + ai_canonname correctly. [RT #17061] -1628. [bug] Typo in Compaq Trucluster support. [RT# 11264] + --- 9.5.0a6 released --- -1627. [bug] win32: sockets were not being closed when the - last external reference was removed. [RT# 11179] +2206. [security] "allow-query-cache" and "allow-recursion" now + cross inherit from each other. -1626. [bug] --enable-getifaddrs was broken. [RT#11259] + If allow-query-cache is not set in named.conf then + allow-recursion is used if set, otherwise allow-query + is used if set, otherwise the default (localnets; + localhost;) is used. -1625. [bug] named failed to load/transfer RFC2535 signed zones - which contained CNAMES. [RT# 11237] + If allow-recursion is not set in named.conf then + allow-query-cache is used if set, otherwise allow-query + is used if set, otherwise the default (localnets; + localhost;) is used. -1606. [bug] DLV insecurity proof was failing. + [RT #16987] -1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC. +2205. [bug] libbind: change #2119 broke thread support. [RT #16982] - --- 9.3.0beta3 released --- +2204. [bug] "rndc flushanme name unknown-view" caused named + to crash. [RT #16984] -1624. [bug] zonemgr_putio() call should be locked. [RT# 11163] +2203. [security] Query id generation was cryptographically weak. + [RT # 16915] -1623. [bug] A serial number of zero was being displayed in the - "sending notifies" log message when also-notify was - used. [RT #11177] +2202. [security] The default acls for allow-query-cache and + allow-recursion were not being applied. [RT #16960] -1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is - available, and suppress wildcard binding if not. +2201. [bug] The build failed in a separate object directory. + [RT #16943] -1621. [bug] match-destinations did not work for IPv6 TCP queries. - [RT# 11156] +2200. [bug] The search for cached NSEC records was stopping to + early leading to excessive DLV queries. [RT #16930] -1620. [func] When loading a zone report if it is signed. [RT #11149] +2199. [bug] win32: don't call WSAStartup() while loading dlls. + [RT #16911] -1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches(). - [RT# 11118] +2198. [bug] win32: RegCloseKey() could be called when + RegOpenKeyEx() failed. [RT #16911] -1618. [bug] Fencepost errors in dns_name_ishostname() and - dns_name_ismailbox() could trigger a INSIST(). +2197. [bug] Add INSIST to catch negative responses which are + not setting the event result code appropriately. + [RT #16909] -1617. [port] win32: VC++ 6.0 support. +2196. [port] win32: yield processor while waiting for once to + to complete. [RT #16958] -1616. [compat] Ensure that named's version is visible in the core - dump. [RT #11127] +2195. [func] dnssec-keygen now defaults to nametype "ZONE" + when generating DNSKEYs. [RT #16954] -1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if - it is defined. +2194. [bug] Close journal before calling 'done' in xfrin.c. -1614. [port] win32: silence resource limit messages. [RT# 11101] + --- 9.5.0a5 released --- -1613. [bug] Builds would fail on machines w/o a if_nametoindex(). - Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif. - [RT #11119] +2193. [port] win32: BINDInstall.exe is now linked statically. + [RT #16906] -1612. [bug] check-names at the option/view level could trigger - an INSIST. [RT# 11116] +2192. [port] win32: use vcredist_x86.exe to install Visual + Studio's redistributable dlls if building with + Visual Stdio 2005 or later. -1611. [bug] solaris: IPv6 interface scanning failed to cope with - no active IPv6 interfaces. +2191. [func] named-checkzone now allows dumping to stdout (-). + named-checkconf now has -h for help. + named-checkzone now has -h for help. + rndc now has -h for help. + Better handling of '-?' for usage summaries. + [RT #16707] -1610. [bug] On dual stack machines "dig -b" failed to set the - address type to be looked up with "@server". - [RT #11069] +2190. [func] Make fallback to plain DNS from EDNS due to timeouts + more visible. New logging category "edns-disabled". + [RT #16871] -1600. [bug] Duplicate zone pre-load checks were not case - insensitive. +2189. [bug] Handle socket() returning EINTR. [RT #15949] -1599. [bug] Fix memory leak on error path when checking named.conf. +2188. [contrib] queryperf: autoconf changes to make the search for + libresolv or libbind more robust. [RT #16299] -1598. [func] Specify that certain parts of the namespace must - be secure (dnssec-must-be-secure). +2187. [bug] query_addds(), query_addwildcardproof() and + query_addnxrrsetnsec() should take a version + argument. [RT #16368] - --- 9.3.0beta2 released --- +2186. [port] cygwin: libbind: check for struct sockaddr_storage + independently of IPv6. [RT #16482] -1609. [func] dig now has support to chase DNSSEC signature chains. - Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES. +2185. [port] sunos: libbind: check for ssize_t, memmove() and + memchr(). [RT #16463] - DNSSEC validation code in dig coded by Olivier Courtay - (olivier.courtay@irisa.fr) for the IDsA project - (http://idsa.irisa.fr). +2184. [bug] bind9.xsl.h didn't build out of the source tree. + [RT #16830] -1608. [func] dig and host now accept -4/-6 to select IP transport - to use when making queries. +2183. [bug] dnssec-signzone didn't handle offline private keys + well. [RT #16832] -1607. [bug] dig, host and nslookup were still using random() - to generate query ids. [RT# 11013] +2182. [bug] dns_dispatch_createtcp() and dispatch_createudp() + could return ISC_R_SUCCESS when they ran out of + memory. [RT #16365] -1604. [bug] A xfrout_ctx_create() failure would result in - xfrout_ctx_destroy() being called with a - partially initialized structure. - -1603. [bug] nsupdate: set interactive based on isatty(). - [RT# 10929] +2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462] -1602. [bug] Logging to a file failed unless a size was specified. - [RT# 10925] +2180. [cleanup] Remove bit test from 'compress_test' as they + are no longer needed. [RT #16497] -1601. [bug] Silence spurious warning 'both "recursion no;" and - "allow-recursion" active' warning from view "_bind". - [RT# 10920] +2179. [func] 'rndc command zone' will now find 'zone' if it is + unique to all the views. [RT #16821] -1594. [bug] 'rndc dumpdb' could prevent named from answering - queries while the dump was in progress. [RT #10565] +2178. [bug] 'rndc reload' of a slave or stub zone resulted in + a reference leak. [RT #16867] -1593. [bug] rndc should return "unknown command" to unknown - commands. [RT# 10642] +2177. [bug] Array bounds overrun on read (rcodetext) at + debug level 10+. [RT #16798] - --- 9.3.0beta1 released --- +2176. [contrib] dbus update to handle race condition during + initialization (Bugzilla 235809). [RT #16842] -1592. [bug] configure_view() could leak a dispatch. [RT #10675] +2175. [bug] win32: windows broadcast condition variable support + was broken. [RT #16592] -1591. [bug] libbind: updated to BIND 8.4.5. +2174. [bug] I/O errors should always be fatal when reading + master files. [RT #16825] -1590. [port] netbsd: update thread support. +2173. [port] win32: When compiling with MSVS 2005 SP1 we also + need to ship Microsoft.VC80.MFCLOC. -1589. [func] DNSSEC lookaside validation. + --- 9.5.0a4 released --- -1588. [bug] win32: TCP sockets could become blocked. [RT #10115] +2172. [bug] query_addsoa() was being called with a non zone db. + [RT #16834] -1587. [bug] dns_message_settsigkey() failed to clear existing key. - [RT #10590] +2171. [bug] Handle breaks in DNSSEC trust chains where the parent + servers are not DS aware (DS queries to the parent + return a referral to the child). -1586. [func] "check-names" is now implemented. +2170. [func] Add acache processing to test suite. [RT #16711] -1584. [bug] "make test" failed with a read only source tree. - [RT #10461] +2169. [bug] host, nslookup: when reporting NXDOMAIN report the + given name and not the last name searched for. + [RT #16763] -1583. [bug] Records add via UPDATE failed to get the correct trust - level. [RT #10452] +2168. [bug] nsupdate: in non-interactive mode treat syntax errors + as fatal errors. [RT #16785] -1582. [bug] rrset-order failed to work on RRsets with more - than 32 elements. [RT #10381] +2167. [bug] When re-using a automatic zone named failed to + attach it to the new view. [RT #16786] -1581. [func] Disable DNSSEC support by default. To enable - DNSSEC specify "dnssec-enable yes;" in named.conf. + --- 9.5.0a3 released --- -1580. [bug] Zone destruction on final detach takes a long time. - [RT #3746] +2166. [bug] When running in batch mode, dig could misinterpret + a server address as a name to be looked up, causing + unexpected output. [RT #16743] -1579. [bug] Multiple task managers could not be created. +2165. [func] Allow the destination address of a query to determine + if we will answer the query or recurse. + allow-query-on, allow-recursion-on and + allow-query-cache-on. [RT #16291] -1578. [bug] Don't use CLASS E IPv4 addresses when resolving. - [RT #10346] +2164. [bug] The code to determine how named-checkzone / + named-compilezone was called failed under windows. + [RT #16764] -1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug - workaround code. [RT #10331] +2163. [bug] If only one of query-source and query-source-v6 + specified a port the query pools code broke (change + 2129). [RT #16768] -1576. [bug] Race condition in dns_dispatch_addresponse(). - [RT# 10272] +2162. [func] Allow "rrset-order fixed" to be disabled at compile + time. [RT #16665] -1575. [func] Log TSIG name on TSIG verify failure. [RT #4404] +2161. [bug] Fix which log messages are emitted for 'rndc flush'. + [RT #16698] -1574. [bug] Don't attempt to open the controls socket(s) when - running tests. [RT #9091] +2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned + from getifaddrs(). [RT #16708] -1573. [port] linux: update to libtool 1.5.2 so that - "make install DESTDIR=/xx" works with - "configure --with-libtool". [RT #9941] + --- 9.5.0a2 released --- -1572. [bug] nsupdate: sign the soa query to find the enclosing - zone if the server is specified. [RT #10148] +2159. [bug] Array bounds overrun in acache processing. [RT #16710] -1571. [bug] rbt:hash_node() could fail leaving the hash table - in an inconsistent state. [RT #10208] +2158. [bug] ns_client_isself() failed to initialize key + leading to a REQUIRE failure. [RT #16688] -1570. [bug] nsupdate failed to handle classes other than IN. - New keyword 'class' which sets the default class. - [RT #10202] +2157. [func] dns_db_transfernode() created. [RT #16685] -1569. [func] nsupdate new command 'answer' which displays the - complete answer message to the last update. +2156. [bug] Fix node reference leaks in lookup.c:lookup_find(), + resolver.c:validated() and resolver.c:cache_name(). + Fix a memory leak in rbtdb.c:free_noqname(). + Make lookup.c:lookup_find() robust against + event leaks. [RT #16685] -1568. [bug] nsupdate now reports that the update failed in - interactive mode. [RT# 10236] +2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com. + [RT #16694] -1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201. +2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be + matched in acls by omitting the scope. [RT #16599] -1566. [port] Support for the cmsg framework on Solaris and HP/UX. - This also solved the problem that match-destinations - for IPv6 addresses did not work on these systems. - [RT #10221] +2153. [bug] nsupdate could leak memory. [RT #16691] -1565. [bug] CD flag should be copied to outgoing queries unless - the query is under a secure entry point in which case - CD should be set. +2152. [cleanup] Use sizeof(buf) instead of fixed number in + dighost.c:get_trusted_key(). [RT #16678] -1564. [func] Attempt to provide a fallback entropy source to be - used if named is running chrooted and named is unable - to open entropy source within the chroot area. - [RT #10133] +2151. [bug] Missing newline in usage message for journalprint. + [RT #16679] -1563. [bug] Gracefully fail when unable to obtain neither an IPv4 - nor an IPv6 dispatch. [RT #10230] +2150. [bug] 'rrset-order cyclic' uniformly distribute the + starting point for the first response for a given + RRset. [RT #16655] -1562. [bug] isc_socket_create() and isc_socket_accept() could - leak memory under error conditions. [RT #10230] +2149. [bug] isc_mem_checkdestroyed() failed to abort on + if there were still active memory contexts. + [RT #16672] -1561. [bug] It was possible to release the same name twice if - named ran out of memory. [RT #10197] +2148. [func] Add positive logging for rndc commands. [RT #14623] -1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA - and EAI_NONAME to the same value. +2147. [bug] libbind: remove potential buffer overflow from + hmac_link.c. [RT #16437] -1559. [port] named should ignore SIGFSZ. +2146. [cleanup] Silence Linux's spurious "obsolete setsockopt + SO_BSDCOMPAT" message. [RT #16641] -1558. [func] New DNSSEC 'disable-algorithms'. Support entry into - child zones for which we don't have a supported - algorithm. Such child zones are treated as unsigned. +2145. [bug] Check DS/DLV digest lengths for known digests. + [RT #16622] -1557. [func] Implement missing DNSSEC tests for - * NOQNAME proof with wildcard answers. - * NOWILDARD proof with NXDOMAIN. - Cache and return NOQNAME with wildcard answers. +2144. [cleanup] Suppress logging of SERVFAIL from forwarders. + [RT #16619] -1556. [bug] nsupdate now treats all names as fully qualified. - [RT #6427] +2143. [bug] We failed to restart the IPv6 client when the + kernel failed to return the destination the + packet was sent to. [RT #16613] -1555. [func] 'rrset-order cyclic' no longer has a random starting - point. [RT #7572] +2142. [bug] Handle master files with a modification time that + matches the epoch. [RT# 16612] -1554. [bug] dig, host, nslookup failed when no nameservers - were specified in /etc/resolv.conf. [RT #8232] +2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN + equivalent of LDH checks). [RT #16609] -1553. [bug] The windows socket code could stop accepting - connections. [RT#10115] +2140. [bug] libbind: missing unlock on pthread_key_create() + failures. [RT #16654] -1552. [bug] Accept NOTIFY requests from mapped masters if - matched-mapped is set. [RT #10049] +2139. [bug] dns_view_find() was being called with wrong type + in adb.c. [RT #16670] -1551. [port] Open "/dev/null" before calling chroot(). +2138. [bug] Lock order reversal in resolver.c. [RT #16653] -1550. [port] Call tzset(), if available, before calling chroot(). +2137. [port] Mips little endian and/or mips 64 bit are now + supported for atomic operations. [RT#16648] -1549. [func] named-checkzone can now write out the zone contents - in a easily parsable format (-D and -o). +2136. [bug] nslookup/host looped if there was no search list + and the host didn't exist. [RT #16657] -1548. [bug] When parsing APL records it was possible to silently - accept out of range ADDRESSFAMILY values. [RT# 9979] +2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656] -1547. [bug] Named wasted memory recording duplicate lame zone - entries. [RT #9341] +2134. [func] Additional statistics support. [RT #16666] -1546. [bug] We were rejecting valid secure CNAME to negative - answers. +2133. [port] powerpc: Support both IBM and MacOS Power PC + assembler syntaxes. [RT #16647] -1545. [bug] It was possible to leak memory if named was unable to - bind to the specified transfer source and TSIG was - being used. [RT #10120] +2132. [bug] Missing unlock on out of memory in + dns_dispatchmgr_setudp(). -1544. [bug] Named would logged a single entry to a file despite it - being over the specified size limit. +2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630] -1543. [bug] Logging using "versions unlimited" did not work. +2130. [func] Log if CD or DO were set. [RT #16640] -1541. [func] NSEC now uses new bitmap format. +2129. [func] Provide a pool of UDP sockets for queries to be + made over. See use-queryport-pool, queryport-pool-ports + and queryport-pool-updateinterval. [RT #16415] -1540. [bug] "rndc reload " was silently accepted. - [RT #8934] +2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635] -1539. [bug] Open UDP sockets for notify-source and transfer-source - that use reserved ports at startup. [RT #9475] +2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563] -1537. [func] New option "querylog". If set specify whether query - logging is to be enabled or disabled at startup. +2126. [security] Serialize validation of type ANY responses. [RT #16555] -1536. [bug] Windows socket code failed to log a error description - when returning ISC_R_UNEXPECTED. [RT #9998] +2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ + was defined. [RT #16574] -1534. [bug] Race condition when priming cache. [RT# 9940] +2124. [security] It was possible to dereference a freed fetch + context. [RT #16584] -1533. [func] Warn if both "recursion no;" and "allow-recursion" - are active. [RT# 4389] + --- 9.5.0a1 released --- -1532. [port] netbsd: the configure test for - requires . +2123. [func] Use Doxygen to generate internal documentation. + [RT #11398] -1531. [port] AIX more libtool fixes. +2122. [func] Experimental http server and statistics support + for named via xml. -1530. [bug] It was possible to trigger a INSIST() failure if a - slave master file was removed at just the correct - moment. [RT #9462] +2121. [func] Add a 10 slot dead masters cache (LRU) with a 600 + second timeout. [RT #16553] -1529. [bug] "notify explicit;" failed to log that NOTIFY messages - were being sent for the zone. [RT# 9442] +2120. [doc] Fix markup on nsupdate man page. [RT #16556] -1528. [cleanup] Simplify some dns_name_ functions based on the - deprecation of bitstring labels. +2119. [compat] libbind: allow res_init() to succeed enough to + return the default domain even if it was unable + to allocate memory. -1527. [cleanup] Reduce the number of gettimeofday() calls without - losing necessary timer granularity. +2118. [bug] Handle response with long chains of domain name + compression pointers which point to other compression + pointers. [RT #16427] -1525. [bug] dns_cache_create() could trigger a REQUIRE - failure in isc_mem_put() during error cleanup. - [RT# 9360] +2117. [bug] DNSSEC fixes: named could fail to cache NSEC records + which could lead to validation failures. named didn't + handle negative DS responses that were in the process + of being validated. Check CNAME bit before accepting + NODATA proof. To be able to ignore a child NSEC there + must be SOA (and NS) set in the bitmap. [RT #16399] -1524. [port] AIX needs to be able to resolve all symbols when - creating shared libraries (--with-libtool). +2116. [bug] 'rndc reload' could cause the cache to continually + be cleaned. [RT #16401] -1523. [bug] Fix race condition in rbtdb. [RT# 9189] +2115. [bug] 'rndc reconfig' could trigger a INSIST if the + number of masters for a zone was reduced. [RT #16444] -1522. [bug] dns_db_findnode() relax the requirements on 'name'. - [RT# 9286] +2114. [bug] dig/host/nslookup: searches for names with multiple + labels were failing. [RT #16447] -1521. [bug] dns_view_createresolver() failed to check the - result from isc_mem_create(). [RT# 9294] +2113. [bug] nsupdate: if a zone is specified it should be used + for server discover. [RT# 16455] -1520. [protocol] Add SSHFP (SSH Finger Print) type. +2112. [security] Warn if weak RSA exponent is used. [RT #16460] -1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong - length of the new bitmap. +2111. [bug] Fix a number of errors reported by Coverity. + [RT #16507] -1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(), - contained a off-by-one error when working out the - number of octets in the bitmap. +2110. [bug] "minimal-responses yes;" interacted badly with BIND 8 + priming queries. [RT #16491] -1517. [port] Support for IPv6 interface scanning on HP/UX and - TrueUNIX 5.1. +2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502] -1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. +2108. [func] DHCID support. [RT #16456] -1515. [func] Allow transfer source to be set in a server statement. - [RT #6496] +2107. [bug] dighost.c: more cleanup of buffers. [RT #16499] -1514. [bug] named: isc_hash_destroy() was being called too early. - [RT #9160] +2106. [func] 'rndc status' now reports named's version. [RT #16426] -1513. [doc] Add "US" to root-delegation-only exclude list. +2105. [func] GSS-TSIG support (RFC 3645). -1512. [bug] Extend the delegation-only logging to return query - type, class and responding nameserver. +2104. [port] Fix Solaris SMF error message. -1511. [bug] delegation-only was generating false positives - on negative answers from subzones. +2103. [port] Add /usr/sfw to list of locations for OpenSSL + under Solaris. -1510. [func] New view option "root-delegation-only". Apply - delegation-only check to all TLDs and root. - Note there are some TLDs that are NOT delegation - only (e.g. DE, LV, US and MUSEUM) these can be excluded - from the checks by using exclude. +2102. [port] Silence Solaris 10 warnings. - root-delegation-only exclude { - "DE"; "LV"; "US"; "MUSEUM"; - }; +2101. [bug] OpenSSL version checks were not quite right. + [RT #16476] -1509. [bug] Hint zones should accept delegation-only. Forward - zone should not accept delegation-only. +2100. [port] win32: copy libeay32.dll to Build\Debug. + Copy Debug\named-checkzone to Debug\named-compilezone. -1508. [bug] Don't apply delegation-only checks to answers from - forwarders. +2099. [port] win32: more manifest issues. -1507. [bug] Handle BIND 8 style returns to NS queries to parents - when making delegation-only checks. +2098. [bug] Race in rbtdb.c:no_references(), which occasionally + triggered an INSIST failure about the node lock + reference. [RT #16411] -1506. [bug] Wrong return type for dns_view_isdelegationonly(). +2097. [bug] named could reference a destroyed memory context + after being reloaded / reconfigured. [RT #16428] -1505. [bug] Uninitialized rdataset in sdb. [RT #8750] +2096. [bug] libbind: handle applications that fail to detect + res_init() failures better. -1504. [func] New zone type "delegation-only". +2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and + net_cidr_ntop_ipv6(). [RT #16388] -1503. [port] win32: install libeay32.dll outside of system32. +2094. [contrib] Update named-bootconf. [RT# 16404] -1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP. +2093. [bug] named-checkzone -s was broken. -1501. [func] Allow TCP queue length to be specified via - named.conf, tcp-listen-queue. +2092. [bug] win32: dig, host, nslookup. Use registry config + if resolv.conf does not exist or no nameservers + listed. [RT #15877] -1500. [bug] host failed to lookup MX records. Also look up - AAAA records. +2091. [port] dighost.c: race condition on cleanup. [RT #16417] -1475. [port] Probe for old sprintf(). +2090. [port] win32: Visual C++ 2005 command line manifest support. + [RT #16417] -1474. [port] Provide strtoul() and memmove() for platforms - without them. +2089. [security] Raise the minimum safe OpenSSL versions to + OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions + prior to these have known security flaws which + are (potentially) exploitable in named. [RT #16391] -1469. [func] Log end of outgoing zone transfer at same level - as the start of transfer is logged. [RT #4441] +2088. [security] Change the default RSA exponent from 3 to 65537. + [RT #16391] -1468. [func] Internal zones are no longer counted for - 'rndc status'. [RT #4706] +2087. [port] libisc failed to compile on OS's w/o a vsnprintf. + [RT #16382] -1467. [func] $GENERATES now supports optional class and ttl. +2086. [port] libbind: FreeBSD now has get*by*_r() functions. + [RT #16403] -1458. [cleanup] sprintf() -> snprintf(). +2085. [doc] win32: added index.html and README to zip. [RT #16201] -1457. [port] Provide strlcat() and strlcpy() for platforms without - them. +2084. [contrib] dbus update for 9.3.3rc2. -1455. [bug] missing from server grammar in - doc/misc/options. [RT #5616] +2083. [port] win32: Visual C++ 2005 support. -1454. [port] Use getifaddrs() if available for interface scanning. - --disable-getifaddrs to override. Glibc currently - has a getifaddrs() that does not support IPv6. - Use --enable-getifaddrs=glibc to force the use of - this version under linux machines. +2082. [doc] Document 'cache-file' as a test only option. -1446. [func] Implemented undocumented alternate transfer sources - from BIND 8. See use-alt-transfer-source, - alt-transfer-source and alt-transfer-source-v6. +2081. [port] libbind: minor 64-bit portability fix in memcluster.c. + [RT #16360] - SECURITY: use-alt-transfer-source is ENABLED unless - you are using views. This may cause a security risk - resulting in accidental disclosure of wrong zone - content if the master supplying different source - content based on IP address. If you are not certain - ISC recommends setting use-alt-transfer-source no; +2080. [port] libbind: res_init.c did not compile on older versions + of Solaris. [RT #16363] -1444. [func] dns_view_findzonecut2() allows you to specify if the - cache should be searched for zone cuts. +2079. [bug] The lame cache was not handling multiple types + correctly. [RT #16361] -1443. [func] Masters lists can now be specified and referenced - in zone masters clauses and other masters lists. +2078. [bug] dnssec-checkzone output style "default" was badly + named. It is now called "relative". [RT #16326] -1442. [func] New functions for manipulating port lists: - dns_portlist_create(), dns_portlist_add(), - dns_portlist_remove(), dns_portlist_match(), - dns_portlist_attach() and dns_portlist_detach(). +2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the + complete signed zone. [RT #16326] -1441. [func] It is now possible to tell dig to bind to a specific - source port. +2076. [bug] Several files were missing #include + causing build failures on OSF. [RT #16341] -1440. [func] It is now possible to tell named to avoid using - certain source ports (avoid-v4-udp-ports, - avoid-v6-udp-ports). +2075. [bug] The spillat timer event hander could leak memory. + [RT #16357] -1438. [func] Log TSIG (if any) when logging NOTIFY requests. +2074. [bug] dns_request_createvia2(), dns_request_createvia3(), + dns_request_createraw2() and dns_request_createraw3() + failed to send multiple UDP requests. [RT #16349] -1436. [func] dns_zonemgr_resumexfrs() can be used to restart - stalled transfers. +2073. [bug] Incorrect semantics check for update policy "wildcard". + [RT #16353] -1433. [bug] named could trigger a REQUIRE failure if it could - not get a file descriptor when attempting to write - a master file. [RT #4347] +2072. [bug] We were not generating valid HMAC SHA digests. + [RT #16320] -1432. [func] The advertised EDNS UDP buffer size can now be set - via named.conf (edns-udp-size). +2071. [port] Test whether gcc accepts -fno-strict-aliasing. + [RT #16324] -1430. [port] linux: IPv6 interface scanning support. +2070. [bug] The remote address was not always displayed when + reporting dispatch failures. [RT #16315] -1422. [func] Log name/type/class when denying a query. [RT #4663] +2069. [bug] Cross compiling was not working. [RT #16330] -1421. [func] Differentiate updates that don't succeed due to - prerequisites (unsuccessful) vs other reasons - (failed). +2068. [cleanup] Lower incremental tuning message to debug 1. + [RT #16319] -1417. [func] ID.SERVER/CHAOS is now a built in zone. - See "server-id" for how to configure. +2067. [bug] 'rndc' could close the socket too early triggering + a INSIST under Windows. [RT #16317] -1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived - from SOA MINIMUM. +2066. [security] Handle SIG queries gracefully. [RT #16300] -1414. [func] Support for KSK flag. +2065. [bug] libbind: probe for HPUX prototypes for + endprotoent_r() and endservent_r(). [RT 16313] -1413. [func] Explicitly request the (re-)generation of DS records - from keysets (dnssec-signzone -g). +2064. [bug] libbind: silence AIX compiler warnings. [RT #16218] -1412. [func] You can now specify servers to be tried if a nameserver - has IPv6 address and you only support IPv4 or the - reverse. See dual-stack-servers. +2063. [bug] Change #1955 introduced a bug which caused the first + 'rndc flush' call to not free memory. [RT #16244] -1410. [func] Handle records that live in the parent zone, e.g. DS. +2062. [bug] 'dig +nssearch' was reusing a buffer before it had + been returned by the socket code. [RT #16307] -1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC. +2061. [bug] Accept expired wildcard message reversed. [RT #16296] -1404. [bug] libbind: ns_name_ntol() could overwrite a zero length - buffer. +2060. [bug] Enabling DLZ support could leave views partially + configured. [RT #16295] -1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset - dnssec-signkey now report their version in the - usage message. +2059. [bug] Search into cache rbtdb could trigger an INSIST + failure while cleaning up a stale rdataset. + [RT #16292] -1402. [cleanup] A6 has been moved to experimental and is no longer - fully supported. +2058. [bug] Adjust how we calculate rtt estimates in the presence + of authoritative servers that drop EDNS and/or CD + requests. Also fallback to EDNS/512 and plain DNS + faster for zones with less than 3 servers. [RT #16187] -1400. [bug] Block the addition of wildcard NS records by IXFR - or UPDATE. [RT #3502] +2057. [bug] Make setting "ra" dependent on both allow-query-cache + and allow-recursion. [RT #16290] -1398. [doc] ARM: notify-also should have been also-notify. - [RT #4345] - -1396. [func] dnssec-signzone: adjust the default signing time by - 1 hour to allow for clock skew. +2056. [bug] dig: ixfr= was not being treated case insensitively + at all times. [RT #15955] -1394. [func] It is now possible to check if a particular element is - in a acl. Remove duplicate entries from the localnets - acl. +2055. [bug] Missing goto after dropping multicast query. + [RT #15944] -1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY - is not available in the kernel to prevent accidently - listening on IPv4 interfaces. +2054. [port] freebsd: do not explicitly link against -lpthread. + [RT #16170] -1392. [bug] named-checkzone: update usage. +2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220] -1391. [func] Add support for IPv6 scoped addresses in named. +2052. [bug] 'rndc' improve connect failed message to report + the failing address. [RT #15978] -1390. [func] host now supports ixfr. +2051. [port] More strtol() fixes. [RT #16249] -1386. [bug] named-checkzone -z stopped on errors in a zone. - [RT #3653] +2050. [bug] Parsing of NSAP records was not case insensitive. + [RT #16287] -1383. [func] Track the serial number in a IXFR response and log if - a mismatch occurs. This is a more specific error than - "not exact". [RT #3445] +2049. [bug] Restore SOA before AXFR when falling back from + a attempted IXFR when transferring in a zone. + Allow a initial SOA query before attempting + a AXFR to be requested. [RT #16156] -1380. [func] 'rndc recursing' dump recursing queries to - 'recursing-file = "named.recursing";'. +2048. [bug] It was possible to loop forever when using + avoid-v4-udp-ports / avoid-v6-udp-ports when + the OS always returned the same local port. + [RT #16182] -1379. [func] 'rndc status' now reports tcp and recursion quota - states. +2047. [bug] Failed to initialize the interface flags to zero. + [RT #16245] -1378. [func] Improved positive feedback for 'rndc {reload|refresh}. +2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate + cleanup [RT #16247]. -1377. [func] dns_zone_load{new}() now reports if the zone was - loaded, queued for loading to up to date. +2045. [func] Use lock buckets for acache entries to limit memory + consumption. [RT #16183] -1376. [func] New function dns_zone_logc() to log to specified - category. +2044. [port] Add support for atomic operations for Itanium. + [RT #16179] -1375. [func] 'rndc dumpdb' now dumps the adb cache along with the - data cache. +2043. [port] nsupdate/nslookup: Force the flushing of the prompt + for interactive sessions. [RT#16148] -1374. [func] dns_adb_dump() now logs the lame zones associated - with each server. +2042. [bug] named-checkconf was incorrectly rejecting the + logging category "config". [RT #16117] -1371. [bug] notify-source-v6, transfer-source-v6 and - query-source-v6 with explicit addresses and using the - same ports as named was listening on could interfere - with named's ability to answer queries sent to those - addresses. +2041. [bug] "configure --with-dlz-bdb=yes" produced a bad + set of libraries to be linked. [RT #16129] -1368. [func] remove support for bitstring labels. +2040. [bug] rbtdb no_references() could trigger an INSIST + failure with --enable-atomic. [RT #16022] -1367. [func] Use response times to select forwarders. +2039. [func] Check that all buffers passed to the socket code + have been retrieved when the socket event is freed. + [RT #16122] -1365. [func] "localhost" and "localnets" acls now include IPv6 - addresses / prefixes. +2038. [bug] dig/nslookup/host was unlinking from wrong list + when handling errors. [RT #16122] -1364. [func] Log file name when unable to open memory statistics - and dump database files. [RT# 3437] +2037. [func] When unlinking the first or last element in a list + check that the list head points to the element to + be unlinked. [RT #15959] -1363. [func] Listen-on-v6 now supports specific addresses. +2036. [bug] 'rndc recursing' could cause trigger a REQUIRE. + [RT #16075] -1362. [bug] remove IFF_RUNNING test when scanning interfaces. +2035. [func] Make falling back to TCP on UDP refresh failure + optional. Default "try-tcp-refresh yes;" for BIND 8 + compatibility. [RT #16123] -1361. [func] log the reason for rejecting a server when resolving - queries. +2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124] -1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME. +2033. [bug] We weren't creating multiple client memory contexts + on demand as expected. [RT #16095] -1344. [func] Log if the serial number on the master has gone - backwards. - If you have multiple machines specified in the masters - clause you may want to set 'multi-master yes;' to - suppress this warning. +2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074] -1343. [func] Log successful notifies received (info). Adjust log - level for failed notifies to notice. +2031. [bug] Emit a error message when "rndc refresh" is called on + a non slave/stub zone. [RT # 16073] -1342. [func] Log remote address with TCP dispatch failures. +2030. [bug] We were being overly conservative when disabling + openssl engine support. [RT #16030] -1341. [func] Allow a rate limiter to be stalled. +2029. [bug] host printed out the server multiple times when + specified on the command line. [RT #15992] -1339. [func] dig, host and nslookup now use IP6.ARPA for nibble - lookups. Bit string lookups are no longer attempted. +2028. [port] linux: socket.c compatibility for old systems. + [RT #16015] -1336. [func] Nibble lookups under IP6.ARPA are now supported by - dns_byaddr_create(). dns_byaddr_createptrname() is - deprecated, use dns_byaddr_createptrname2() instead. +2027. [port] libbind: Solaris x86 support. [RT #16020] -1332. [func] Report the current serial with periodic commits when - rolling forward the journal. +2026. [bug] Rate limit the two recursive client exceeded messages. + [RT #16044] -1331. [func] Generate DNSSEC wildcard proofs. +2025. [func] Update "zone serial unchanged" message. [RT #16026] -1329. [func] named-checkzone will now check if nameservers that - appear to be IP addresses. Available modes "fail", - "warn" (default) and "ignore" the results of the - check. +2024. [bug] named emitted spurious "zone serial unchanged" + messages on reload. [RT #16027] -1328. [bug] The validator could incorrectly verify an invalid - negative proof. +2023. [bug] "make install" should create ${localstatedir}/run and + ${sysconfdir} if they do not exist. [RT #16033] -1322. [bug] dnssec-signzone usage message was misleading. +2022. [bug] If dnssec validation is disabled only assert CD if + CD was requested. [RT #16037] -1321. [bug] If the last RRset in a zone is glue, dnssec-signzone - would incorrectly duplicate its output and sign it. +2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037] -1313. [func] Query log now says if the query was signed (S) or - if EDNS was used (E). +2020. [bug] rdataset_setadditional() could leak memory. [RT #16034] -1312. [func] Log TSIG key used w/ outgoing zone transfers. +2019. [tuning] Reduce the amount of work performed per quantum + when cleaning the cache. [RT #15986] -1309. [func] Log that a zone transfer was covered by a TSIG. +2018. [bug] Checking if the HMAC MD5 private file was broken. + [RT #15960] -1308. [func] DS (delegation signer) support. +2017. [bug] allow-query default was not correct. [RT #15946] -1304. [func] New function: dns_zone_name(). +2016. [bug] Return a partial answer if recursion is not + allowed but requested and we had the answer + to the original qname. [RT #15945] -1303. [func] Option 'flush-zones-on-shutdown ;'. +2015. [cleanup] use-additional-cache is now acache-enable for + consistency. Default acache-enable off in BIND 9.4 + as it requires memory usage to be configured. + It may be enabled by default in BIND 9.5 once we + have more experience with it. -1302. [func] Extended rndc dumpdb to support dumping of zones and - view selection: 'dumpdb [-all|-zones|-cache] [view]'. +2014. [func] Statistics about acache now recorded and sent + to log. [RT #15976] -1301. [func] New category 'update-security'. +2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR + responses more gracefully. [RT #15941] -1300. [port] Compaq Trucluster support. +2012. [func] Don't insert new acache entries if acache is full. + [RT #15970] -1293. [func] Entropy can now be retrieved from EGDs. [RT #2438] +2011. [func] dnssec-signzone can now update the SOA record of + the signed zone, either as an increment or as the + system time(). [RT #15633] -1292. [func] Enable IPv6 support when using ioctl style interface - scanning and OS supports SIOCGLIFADDR using struct - if_laddrreq. +2010. [placeholder] rt15958 -1291. [func] Enable IPv6 support when using sysctl style interface - scanning. +2009. [bug] libbind: Coverity fixes. [RT #15808] -1290. [func] "dig axfr" now reports the number of messages - as well as the number of records. +2008. [func] It is now possible to enable/disable DNSSEC + validation from rndc. This is useful for the + mobile hosts where the current connection point + breaks DNSSEC (firewall/proxy). [RT #15592] -1285. [func] lwres: probe the system to see what address families - are currently in use. + rndc validation newstate [view] -1283. [func] Use "dataready" accept filter if available. +2007. [func] It is now possible to explicitly enable DNSSEC + validation. default dnssec-validation no; to + be changed to yes in 9.5.0. [RT #15674] -1281. [func] Log zone when unable to get private keys to update - zone. Log zone when NXT records are missing from - secure zone. +2006. [security] Allow-query-cache and allow-recursion now default + to the built in acls "localnets" and "localhost". -1278. [func] dig: now supports +[no]cl +[no]ttlid. + This is being done to make caching servers less + attractive as reflective amplifying targets for + spoofed traffic. This still leave authoritative + servers exposed. -1277. [func] You can now create your own customized printing - styles: dns_master_stylecreate() and - dns_master_styledestroy(). + The best fix is for full BCP 38 deployment to + remove spoofed traffic. -1271. [bug] "recursion available: {denied,approved}" was too - confusing. +2005. [bug] libbind: Retransmission timeouts should be + based on which attempt it is to the nameserver + and not the nameserver itself. [RT #13548] -1267. [func] isc_file_openunique() now creates file using mode - 0666 rather than 0600. +2004. [bug] dns_tsig_sign() could pass a NULL pointer to + dst_context_destroy() when cleaning up after a + error. [RT #15835] -1254. [func] preferred-glue option from BIND 8.3. +2003. [bug] libbind: The DNS name/address lookup functions could + occasionally follow a random pointer due to + structures not being completely zeroed. [RT #15806] -1250. [func] Nsupdate will report the address the update was - sent to. +2002. [bug] libbind: tighten the constraints on when + struct addrinfo._ai_pad exists. [RT #15783] -1247. [bug] Don't reset the interface index for link/site local - addresses. [RT #2576] +2001. [func] Check the KSK flag when updating a secure dynamic zone. + New zone option "update-check-ksk yes;". [RT #15817] -1246. [func] New functions isc_sockaddr_issitelocal(), - isc_sockaddr_islinklocal(), isc_netaddr_issitelocal() - and isc_netaddr_islinklocal(). +2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812] -1243. [bug] It was possible to trigger a REQUIRE() in - dns_message_findtype(). [RT #2659] +1999. [func] Implement "rrset-order fixed". [RT #13662] -1235. [func] Report 'out of memory' errors from openssl. +1998. [bug] Restrict handling of fifos as sockets to just SunOS. + This allows named to connect to entropy gathering + daemons that use fifos instead of sockets. [RT #15840] -1234. [bug] contrib/sdb: 'zonetodb' failed to call - dns_result_register(). DNS_R_SEENINCLUDE should not - be fatal. +1997. [bug] Named was failing to replace negative cache entries + when a positive one for the type was learnt. + [RT #15818] -1233. [bug] The flags field of a KEY record can be expressed in - hex as well as decimal. +1996. [bug] nsupdate: if a zone has been specified it should + appear in the output of 'show'. [RT #15797] -1226. [func] Use EDNS for zone refresh queries. [RT #2551] +1995. [bug] 'host' was reporting multiple "is an alias" messages. + [RT #15702] -1225. [func] dns_message_setopt() no longer requires that - dns_message_renderbegin() to have been called. +1994. [port] OpenSSL 0.9.8 support. [RT #15694] -1224. [bug] 'rrset-order' and 'sortlist' should be additive - not exclusive. +1993. [bug] Log messages, via syslog, were missing the space + after the timestamp if "print-time yes" was specified. + [RT #15844] -1223. [func] 'rrset-order' partially works 'cyclic' and 'random' - are supported. +1992. [bug] Not all incoming zone transfer messages included the + view. [RT #15825] -1220. [func] Support for APL rdata type. +1991. [cleanup] The configuration data, once read, should be treated + as read only. Expand the use of const to enforce this + at compile time. [RT #15813] -1219. [func] Named now reports the TSIG extended error code when - signature verification fails. [RT #1651] +1990. [bug] libbind: isc's override of broken gettimeofday() + implementations was not always effective. + [RT #15709] -1217. [func] Report locations of previous key definition when a - duplicate is detected. +1989. [bug] win32: don't check the service password when + re-installing. [RT #15882] -1213. [func] Report view associated with client if it is not a - standard view (_default or _bind). +1988. [bug] Remove a bus error from the SHA256/SHA512 support. + [RT #15878] -1203. [func] Report locations of previous acl and zone definitions - when a duplicate is detected. +1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608] -1202. [func] New functions: cfg_obj_line() and cfg_obj_file(). +1986. [func] Report when a zone is removed. [RT #15849] -1192. [bug] The seconds fields in LOC records were restricted - to three decimal places. More decimal places should - be allowed but warned about. +1985. [protocol] DLV has now been assigned a official type code of + 32769. [RT #15807] -1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands. - [RT #2394] + Note: care should be taken to ensure you upgrade + both named and dnssec-signzone at the same time for + zones with DLV records where named is the master + server for the zone. Also any zones that contain + DLV records should be removed when upgrading a slave + zone. You do not however have to upgrade all + servers for a zone with DLV records simultaneously. -1187. [bug] named was incorrectly returning DNSSEC records - in negative responses when the DO bit was not set. +1984. [func] dig, nslookup and host now advertise a 4096 byte + EDNS UDP buffer size by default. [RT #15855] -1181. [func] Add the "key-directory" configuration statement, - which allows the server to look for online signing - keys in alternate directories. +1983. [func] Two new update policies. "selfsub" and "selfwild". + [RT #12895] -1180. [func] dnssec-keygen should always generate keys with - protocol 3 (DNSSEC), since it's less confusing - that way. +1982. [bug] DNSKEY was being accepted on the parent side of + a delegation. KEY is still accepted there for + RFC 3007 validated updates. [RT #15620] -1179. [func] Add SIG(0) support to nsupdate. +1981. [bug] win32: condition.c:wait() could fail to reattain + the mutex lock. -1177. [func] Report view when loading zones if it is not a - standard view (_default or _bind). [RT #2270] +1980. [func] dnssec-signzone: output the SOA record as the + first record in the signed zone. [RT #15758] -1171. [func] Added function isc_region_compare(), updated files in - lib/dns to use this function instead of local one. +1979. [port] linux: allow named to drop core after changing + user ids. [RT #15753] -1169. [func] Identify recursive queries in the query log. +1978. [port] Handle systems which have a broken recvmsg(). + [RT #15742] -1163. [func] isc_time_formattimestamp() now includes the year. +1977. [bug] Silence noisy log message. [RT #15704] -1159. [bug] MD and MF are not permitted to be loaded by RFC1123. +1976. [bug] Handle systems with no IPv4 addresses. [RT #15695] -1158. [func] Report the client's address when logging notify - messages. +1975. [bug] libbind: isc_gethexstring() could misparse multi-line + hex strings with comments. [RT #15814] + +1974. [doc] List each of the zone types and associated zone + options separately in the ARM. + +1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and + HMACSHA512 support. [RT #13606] + +1972. [contrib] DBUS dynamic forwarders integration from + Jason Vas Dias . + +1971. [port] linux: make detection of missing IF_NAMESIZE more + robust. [RT #15443] + +1970. [bug] nsupdate: adjust UDP timeout when falling back to + unsigned SOA query. [RT #15775] + +1969. [bug] win32: the socket code was freeing the socket + structure too early. [RT #15776] + +1968. [bug] Missing lock in resolver.c:validated(). [RT #15739] + +1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779] + +1966. [bug] Don't set CD when we have fallen back to plain DNS. + [RT #15727] + +1965. [func] Suppress spurious "recusion requested but not + available" warning with 'dig +qr'. [RT #15780]. + +1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723] + +1963. [port] Tru64 4.0E doesn't support send() and recv(). + [RT #15586] + +1962. [bug] Named failed to clear old update-policy when it + was removed. [RT #15491] + +1961. [bug] Check the port and address of responses forwarded + to dispatch. [RT #15474] + +1960. [bug] Update code should set NSEC ttls from SOA MINIMUM. + [RT #15465] + +1959. [func] Control the zeroing of the negative response TTL to + a soa query. Defaults "zero-no-soa-ttl yes;" and + "zero-no-soa-ttl-cache no;". [RT #15460] + +1958. [bug] Named failed to update the zone's secure state + until the zone was reloaded. [RT #15412] + +1957. [bug] Dig mishandled responses to class ANY queries. + [RT #15402] + +1956. [bug] Improve cross compile support, 'gen' is now built + by native compiler. See README for additional + cross compile support information. [RT #15148] + +1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998] + +1954. [func] Named now falls back to advertising EDNS with a + 512 byte receive buffer if the initial EDNS queries + fail. [RT #14852] + +1953. [func] The maximum EDNS UDP response named will send can + now be set in named.conf (max-udp-size). This is + independent of the advertised receive buffer + (edns-udp-size). [RT #14852] + +1952. [port] hpux: tell the linker to build a runtime link + path "-Wl,+b:". [RT #14816]. + +1951. [security] Drop queries from particular well known ports. + Don't return FORMERR to queries from particular + well known ports. [RT #15636] + +1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect() + a TCP socket. This prevents the source address being + set for TCP connections. [RT #15628] + +1949. [func] Addition memory leakage checks. [RT #15544] + +1948. [bug] If was possible to trigger a REQUIRE failure in + xfrin.c:maybe_free() if named ran out of memory. + [RT #15568] + +1947. [func] It is now possible to configure named to accept + expired RRSIGs. Default "dnssec-accept-expired no;". + Setting "dnssec-accept-expired yes;" leaves named + vulnerable to replay attacks. [RT #14685] + +1946. [bug] resume_dslookup() could trigger a REQUIRE failure + when using forwarders. [RT #15549] + +1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended. + To generate a RSAMD5 key you must explicitly request + RSAMD5. [RT #13780] + +1944. [cleanup] isc_hash_create() does not need a read/write lock. + [RT #15522] + +1943. [bug] Set the loadtime after rolling forward the journal. + [RT #15647] + +1942. [bug] If the name of a DNSKEY match that of one in + trusted-keys do not attempt to validate the DNSKEY + using the parents DS RRset. [RT #15649] + +1941. [bug] ncache_adderesult() should set eresult even if no + rdataset is passed to it. [RT #15642] + +1940. [bug] Fixed a number of error conditions reported by + Coverity. + +1939. [bug] The resolver could dereference a null pointer after + validation if all the queries have timed out. + [RT #15528] + +1938. [bug] The validator was not correctly handling unsecure + negative responses at or below a SEP. [RT #15528] + +1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564] + +1936. [bug] The validator could leak memory. [RT #15544] + +1935. [bug] 'acache' was DO sensitive. [RT #15430] + +1934. [func] Validate pending NS RRsets, in the authority section, + prior to returning them if it can be done without + requiring DNSKEYs to be fetched. [RT #15430] + +1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534] + +1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530] + +1931. [bug] Per-client mctx could require a huge amount of memory, + particularly for a busy caching server. [RT #15519] + +1930. [port] HPUX: ia64 support. [RT #15473] + +1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM. + +1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517] + +1927. [bug] Access to soanode or nsnode in rbtdb violated the + lock order rule and could cause a dead lock. + [RT# 15518] + +1926. [bug] The Windows installer did not check for empty + passwords. BINDinstall was being installed in + the wrong place. [RT #15483] + +1925. [port] All outer level AC_TRY_RUNs need cross compiling + defaults. [RT #15469] + +1924. [port] libbind: hpux ia64 support. [RT #15473] + +1923. [bug] ns_client_detach() called too early. [RT #15499] + +1922. [bug] check-tool.c:setup_logging() missing call to + dns_log_setcontext(). + +1921. [bug] Client memory contexts were not using internal + malloc. [RT# 15434] + +1920. [bug] The cache rbtdb lock array was too small to + have the desired performance characteristics. + [RT #15454] + +1919. [contrib] queryperf: a set of new features: collecting/printing + response delays, printing intermediate results, and + adjusting query rate for the "target" qps. + +1918. [bug] Memory leak when checking acls. [RT #15391] + +1917. [doc] funcsynopsisinfo wasn't being treated as verbatim + when generating man pages. [RT #15385] + +1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383] + +1915. [bug] dig +ndots was broken. [RT #15215] + +1914. [protocol] DS is required to accept mnemonic algorithms + (RFC 4034). Still emit numeric algorithms for + compatibility with RFC 3658. [RT #15354] + +1913. [func] Integrate contributed DLZ code into named. [RT #11382] + +1912. [port] aix: atomic locking for powerpc. [RT #15020] + +1911. [bug] Update windows socket code. [RT #14965] + +1910. [bug] dig's +sigchase code overhauled. [RT #14933] + +1909. [bug] The DLV code has been re-worked to make no longer + query order sensitive. [RT #14933] + +1908. [func] dig now warns if 'RA' is not set in the answer when + 'RD' was set in the query. host/nslookup skip servers + that fail to set 'RA' when 'RD' is set unless a server + is explicitly set. [RT #15005] + +1907. [func] host/nslookup now continue (default)/fail on SERVFAIL. + [RT #15006] + +1906. [func] dig now has a '-q queryname' and '+showsearch' options. + [RT #15034] + +1905. [bug] Strings returned from cfg_obj_asstring() should be + treated as read-only. The prototype for + cfg_obj_asstring() has been updated to reflect this. + [RT #15256] + +1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and + friends. Note: RFC 1918 zones are not yet covered by + this but are likely to be in a future release. + + New options: empty-server, empty-contact, + empty-zones-enable and disable-empty-zone. + +1903. [func] ISC string copy API. + +1902. [func] Attempt to make the amount of work performed in a + iteration self tuning. The covers nodes clean from + the cache per iteration, nodes written to disk when + rewriting a master file and nodes destroyed per + iteration when destroying a zone or a cache. + [RT #14996] + +1901. [cleanup] Don't add DNSKEY records to the additional section. + +1900. [bug] ixfr-from-differences failed to ensure that the + serial number increased. [RT #15036] + +1899. [func] named-checkconf now validates update-policy entries. + [RT #14963] + +1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and + ISC_NETADDR_FORMATSIZE to allow for scope details. + +1897. [func] x86 and x86_64 now have separate atomic locking + implementations. + +1896. [bug] Recursive clients soft quota support wasn't working + as expected. [RT #15103] + +1895. [bug] A escaped character is, potentially, converted to + the output character set too early. [RT #14666] + +1894. [doc] Review ARM for BIND 9.4. + +1893. [port] Use uintptr_t if available. [RT #14606] + +1892. [func] Support for SPF rdata type. [RT #15033] + +1891. [port] freebsd: pthread_mutex_init can fail if it runs out + of memory. [RT #14995] + +1890. [func] Raise the UDP receive buffer size to 32k if it is + less than 32k. [RT #14953] + +1889. [port] sunos: non blocking i/o support. [RT #14951] + +1888. [func] Support for IPSECKEY rdata type. [RT #14967] + +1887. [bug] The cache could delete expired records too fast for + clients with a virtual time in the past. [RT #14991] + +1886. [bug] fctx_create() could return success even though it + failed. [RT #14993] + +1885. [func] dig: report the number of extra bytes still left in + the packet after processing all the records. + +1884. [cleanup] dighost.c: move external declarations into . + +1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug + levels. [RT #14962] + +1882. [func] Limit the number of recursive clients that can be + waiting for a single query () to + resolve. New options clients-per-query and + max-clients-per-query. + +1881. [func] Add a system test for named-checkconf. [RT #14931] + +1880. [func] The lame cache is now done on a + basis as some servers only appear to be lame for + certain query types. [RT #14916] + +1879. [func] "USE INTERNAL MALLOC" is now runtime selectable. + [RT #14892] + +1878. [func] Detect duplicates of UDP queries we are recursing on + and drop them. New stats category "duplicate". + [RT #2471] + +1877. [bug] Fix unreasonably low quantum on call to + dns_rbt_destroy2(). Remove unnecessary unhash_node() + call. [RT #14919] + +1876. [func] Additional memory debugging support to track size + and mctx arguments. [RT #14814] + +1875. [bug] process_dhtkey() was using the wrong memory context + to free some memory. [RT #14890] + +1874. [port] sunos: portability fixes. [RT #14814] + +1873. [port] win32: isc__errno2result() now reports its caller. + [RT #13753] + +1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753] + +1871. [placeholder] + +1870. [func] Added framework for handling multiple EDNS versions. + [RT #14873] + +1869. [func] dig can now specify the EDNS version when making + a query. [RT #14873] + +1868. [func] edns-udp-size can now be overridden on a per + server basis. [RT #14851] + +1867. [bug] It was possible to trigger a INSIST in + dlv_validatezonekey(). [RT #14846] + +1866. [bug] resolv.conf parse errors were being ignored by + dig/host/nslookup. [RT #14841] + +1865. [bug] Silently ignore nameservers in /etc/resolv.conf with + bad addresses. [RT #14841] + +1864. [bug] Don't try the alternative transfer source if you + got a answer / transfer with the main source + address. [RT #14802] + +1863. [bug] rrset-order "fixed" error messages not complete. + +1862. [func] Add additional zone data constancy checks. + named-checkzone has extended checking of NS, MX and + SRV record and the hosts they reference. + named has extended post zone load checks. + New zone options: check-mx and integrity-check. + [RT #4940] + +1861. [bug] dig could trigger a INSIST on certain malformed + responses. [RT #14801] + +1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was + incorrectly set. [RT #14775] + +1859. [func] Add support for CH A record. [RT #14695] + +1858. [bug] The flush-zones-on-shutdown option wasn't being + parsed. [RT #14686] + +1857. [bug] named could trigger a INSIST() if reconfigured / + reloaded too fast. [RT #14673] + +1856. [doc] Switch Docbook toolchain from DSSSL to XSL. + [RT #11398] + +1855. [bug] ixfr-from-differences was failing to detect changes + of ttl due to dns_diff_subtract() was ignoring the ttl + of records. [RT #14616] + +1854. [bug] lwres also needs to know the print format for + (long long). [RT #13754] + +1853. [bug] Rework how DLV interacts with proveunsecure(). + [RT #13605] + +1852. [cleanup] Remove last vestiges of dnssec-signkey and + dnssec-makekeyset (removed from Makefile years ago). + +1851. [doc] Doxygen comment markup. [RT #11398] + +1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] + +1849. [doc] All forms of the man pages (docbook, man, html) should + have consistent copyright dates. + +1848. [bug] Improve SMF integration. [RT #13238] + +1847. [bug] isc_ondestroy_init() is called too late in + dns_rbtdb_create()/dns_rbtdb64_create(). + [RT #13661] + +1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer + . + +1845. [bug] Improve error reporting to distinguish between + accept()/fcntl() and socket()/fcntl() errors. + [RT #13745] + +1844. [bug] inet_pton() accepted more that 4 hexadecimal digits + for each 16 bit piece of the IPv6 address. The text + representation of a IPv6 address has been tightened + to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). + [RT #5662] + +1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps + when CFLAGS contains "-I /usr/local/include" + resulting in old header files being used. + +1842. [port] cmsg_len() could produce incorrect results on + some platform. [RT #13744] + +1841. [bug] "dig +nssearch" now makes a recursive query to + find the list of nameservers to query. [RT #13694] + +1840. [func] dnssec-signzone can now randomize signature end times + (dnssec-signzone -j jitter). [RT #13609] + +1839. [bug] was not being installed. + +1838. [cleanup] Don't allow Linux capabilities to be inherited. + [RT #13707] + +1837. [bug] Compile time option ISC_FACILITY was not effective + for 'named -u '. [RT #13714] + +1836. [cleanup] Silence compiler warnings in hash_test.c. + +1835. [bug] Update dnssec-signzone's usage message. [RT #13657] + +1834. [bug] Bad memset in rdata_test.c. [RT #13658] + +1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660] + +1832. [bug] named fails to return BADKEY on unknown TSIG algorithm. + [RT #13620] + +1831. [doc] Update named-checkzone documentation. [RT#13604] + +1830. [bug] adb lame cache has sence of test reversed. [RT #13600] + +1829. [bug] win32: "pid-file none;" broken. [RT #13563] + +1828. [bug] isc_rwlock_init() failed to properly cleanup if it + encountered a error. [RT #13549] + +1827. [bug] host: update usage message for '-a'. [RT #37116] + +1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out + of memory error. [RT #13537] + +1825. [bug] Missing UNLOCK() on out of memory error from in + rbtdb.c:subtractrdataset(). [RT #13519] + +1824. [bug] Memory leak on dns_zone_setdbtype() failure. + [RT #13510] + +1823. [bug] Wrong macro used to check for point to point interface. + [RT#13418] + +1822. [bug] check-names test for RT was reversed. [RT #13382] + +1821. [placeholder] + +1820. [bug] Gracefully handle acl loops. [RT #13659] + +1819. [bug] The validator needed to check both the algorithm and + digest types of the DS to determine if it could be + used to introduce a secure zone. [RT #13593] + +1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599] + +1817. [func] Add support for additional zone file formats for + improving loading performance. The masterfile-format + option in named.conf can be used to specify a + non-default format. A separate command + named-compilezone was provided to generate zone files + in the new format. Additionally, the -I and -O options + for dnssec-signzone specify the input and output + formats. + +1816. [port] UnixWare: failed to compile lib/isc/unix/net.c. + [RT #13597] + +1815. [bug] nsupdate triggered a REQUIRE if the server was set + without also setting the zone and it encountered + a CNAME and was using TSIG. [RT #13086] + +1814. [func] UNIX domain controls are now supported. + +1813. [func] Restructured the data locking framework using + architecture dependent atomic operations (when + available), improving response performance on + multi-processor machines significantly. + x86, x86_64, alpha, powerpc, and mips are currently + supported. + +1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect. + [RT #13453] + +1811. [func] Preserve the case of domain names in rdata during + zone transfers. [RT #13547] + +1810. [bug] configure, lib/bind/configure make different default + decisions about whether to do a threaded build. + [RT #13212] + +1809. [bug] "make distclean" failed for libbind if the platform + is not supported. + +1808. [bug] zone.c:notify_zone() contained a race condition, + zone->db could change underneath it. [RT #13511] + +1807. [bug] When forwarding (forward only) set the active domain + from the forward zone name. [RT #13526] + +1806. [bug] The resolver returned the wrong result when a CNAME / + DNAME was encountered when fetching glue from a + secure namespace. [RT #13501] + +1805. [bug] Pending status was not being cleared when DLV was + active. [RT #13501] + +1804. [bug] Ensure that if we are queried for glue that it fits + in the additional section or TC is set to tell the + client to retry using TCP. [RT #10114] + +1803. [bug] dnssec-signzone sometimes failed to remove old + RRSIGs. [RT #13483] + +1802. [bug] Handle connection resets better. [RT #11280] + +1801. [func] Report differences between hints and real NS rrset + and associated address records. + +1800. [bug] Changes #1719 allowed a INSIST to be triggered. + [RT #13428] + +1799. [bug] 'rndc flushname' failed to flush negative cache + entries. [RT #13438] + +1798. [func] The server syntax has been extended to support a + range of servers. [RT #11132] + +1797. [func] named-checkconf now check acls to verify that they + only refer to existing acls. [RT #13101] + +1796. [func] "rndc freeze/thaw" now freezes/thaws all zones. + +1795. [bug] "rndc dumpdb" was not fully documented. Minor + formating issues with "rndc dumpdb -all". [RT #13396] + +1794. [func] Named and named-checkzone can now both check for + non-terminal wildcard records. + +1793. [func] Extend adjusting TTL warning messages. [RT #13378] + +1792. [func] New zone option "notify-delay". Specify a minimum + delay between sets of NOTIFY messages. + +1791. [bug] 'host -t a' still printed out AAAA and MX records. + [RT #13230] + +1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should + allow parallel make to succeed. + +1789. [bug] Prerequisite test for tkey and dnssec could fail + with "configure --with-libtool". + +1788. [bug] libbind9.la/libbind9.so needs to link against + libisccfg.la/libisccfg.so. + +1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings. + +1786. [port] AIX: libt_api needs to be taught to look for + T_testlist in the main executable (--with-libtool). + [RT #13239] + +1785. [bug] libbind9.la/libbind9.so needs to link against + libisc.la/libisc.so. + +1784. [cleanup] "libtool -allow-undefined" is the default. + Leave hooks in configure to allow it to be set + if needed in the future. + +1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the + source tree. + +1782. [port] OSX: --with-libtool + --enable-libbind broke on + __evOptMonoTime. [RT #13219] + +1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810] + +1780. [bug] Update libtool to 1.5.10. + +1779. [port] OSF 5.1: libtool didn't handle -pthread correctly. + +1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and + IN6ADDR_LOOPBACK_INIT macros. + +1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and + IN6ADDR_LOOPBACK_INIT macros. + +1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and + IN6ADDR_LOOPBACK_INIT macros. + +1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205] + +1774. [port] Aix: Silence compiler warnings / build failures. + [RT #13154] + +1773. [bug] Fast retry on host / net unreachable. [RT #13153] + +1772. [placeholder] + +1771. [placeholder] + +1770. [bug] named-checkconf failed to report missing a missing + file clause for rbt{64} master/hint zones. [RT#13009] + +1769. [port] win32: change compiler flags /MTd ==> /MDd, + /MT ==> /MD. + +1768. [bug] nsecnoexistnodata() could be called with a non-NSEC + rdataset. [RT #12907] + +1767. [port] Builds on IPv6 platforms without IPv6 Advanced API + support for (struct in6_pktinfo) failed. [RT #13077] + +1766. [bug] Update the master file timestamp on successful refresh + as well as the journal's timestamp. [RT# 13062] + +1765. [bug] configure --with-openssl=auto failed. [RT #12937] + +1764. [bug] dns_zone_replacedb failed to emit a error message + if there was no SOA record in the replacement db. + [RT #13016] + +1763. [func] Perform sanity checks on NS records which refer to + 'in zone' names. [RT #13002] + +1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS + even when it failed. [RT #12995] + +1761. [bug] 'rndc dumpdb' didn't report unassociated entries. + [RT #12971] + +1760. [bug] Host / net unreachable was not penalising rtt + estimates. [RT #12970] + +1759. [bug] Named failed to startup if the OS supported IPv6 + but had no IPv6 interfaces configured. [RT #12942] + +1758. [func] Don't send notify messages to self. [RT #12933] + +1757. [func] host now can turn on memory debugging flags with '-m'. + +1756. [func] named-checkconf now checks the logging configuration. + [RT #12352] + +1755. [func] allow-update is now settable at the options / view + level. [RT #6636] + +1754. [bug] We weren't always attempting to query the parent + server for the DS records at the zone cut. + [RT #12774] + +1753. [bug] Don't serve a slave zone which has no NS records. + [RT #12894] + +1752. [port] Move isc_app_start() to after ns_os_daemonise() + as some fork() implementations unblock the signals + that are blocked by isc_app_start(). [RT #12810] + +1751. [bug] --enable-getifaddrs failed under linux. [RT #12867] + +1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly. + [RT #12864] + +1749. [bug] 'check-names response ignore;' failed to ignore. + [RT #12866] + +1748. [func] dig now returns the byte count for axfr/ixfr. + +1747. [bug] BIND 8 compatibility: named/named-checkconf failed + to parse "host-statistics-max" in named.conf. + +1746. [func] Make public the function to read a key file, + dst_key_read_public(). [RT #12450] + +1745. [bug] Dig/host/nslookup accept replies from link locals + regardless of scope if no scope was specified when + query was sent. [RT #12745] + +1744. [bug] If tuple2msgname() failed to convert a tuple to + a name a REQUIRE could be triggered. [RT #12796] + +1743. [bug] If isc_taskmgr_create() was not able to create the + requested number of worker threads then destruction + of the manager would trigger an INSIST() failure. + [RT #12790] + +1742. [bug] Deleting all records at a node then adding a + previously existing record, in a single UPDATE + transaction, failed to leave / regenerate the + associated RRSIG records. [RT #12788] + +1741. [bug] Deleting all records at a node in a secure zone + using a update-policy grant failed. [RT #12787] + +1740. [bug] Replace rbt's hash algorithm as it performed badly + with certain zones. [RT #12729] + + NOTE: a hash context now needs to be established + via isc_hash_create() if the application was not + already doing this. + +1739. [bug] dns_rbt_deletetree() could incorrectly return + ISC_R_QUOTA. [RT #12695] + +1738. [bug] Enable overrun checking by default. [RT #12695] + +1737. [bug] named failed if more than 16 masters were specified. + [RT #12627] + +1736. [bug] dst_key_fromnamedfile() could fail to read a + public key. [RT #12687] + +1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure. + [RE #12688] + +1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path. + [RT #12588] + +1733. [bug] Return non-zero exit status on initial load failure. + [RT #12658] + +1732. [bug] 'rrset-order name "*"' wasn't being applied to ".". + [RT #12467] + +1731. [port] darwin: relax version test in ifconfig.sh. + [RT #12581] + +1730. [port] Determine the length type used by the socket API. + [RT #12581] + +1729. [func] Improve check-names error messages. + +1728. [doc] Update check-names documentation. + +1727. [bug] named-checkzone: check-names support didn't match + documentation. + +1726. [port] aix5: add support for aix5. + +1725. [port] linux: update error message on interaction of threads, + capabilities and setuid support (named -u). [RT #12541] + +1724. [bug] Look for DNSKEY records with "dig +sigtrace". + [RT #12557] + +1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493] + +1722. [bug] Don't commit the journal on malformed ixfr streams. + [RT #12519] + +1721. [bug] Error message from the journal processing were not + always identifying the relevant journal. [RT #12519] + +1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1 + negative response. [RT #12506] + +1719. [bug] named was not correctly caching a RFC 2308 Type 1 + negative response. [RT #12506] + +1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative + responses when looking for the zone / master server. + [RT #12506] + +1717. [port] solaris: ifconfig.sh did not support Solaris 10. + "ifconfig.sh down" didn't work for Solaris 9. + +1716. [doc] named.conf(5) was being installed in the wrong + location. [RT# 12441] + +1715. [func] 'dig +trace' now randomly selects the next servers + to try. Report if there is a bad delegation. + +1714. [bug] dig/host/nslookup were only trying the first + address when a nameserver was specified by name. + [RT #12286] + +1713. [port] linux: extend capset failure message to say: + please ensure that the capset kernel module is + loaded. see insmod(8) + +1712. [bug] Missing FULLCHECK for "trusted-key" in dig. + +1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'. + +1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY + messages for the specified zone. [RT #9479] + +1709. [port] solaris: add SMF support from Sun. + +1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash() + for conformance to the name space convention. Binary + backward compatibility to the old function name is + provided. [RT #12376] + +1707. [contrib] sdb/ldap updated to version 1.0-beta. + +1706. [bug] 'rndc stop' failed to cause zones to be flushed + sometimes. [RT #12328] + +1705. [func] Allow the journal's name to be changed via named.conf. + +1704. [port] lwres needed a snprintf() implementation for + platforms without snprintf(). Add missing + "#include ". [RT #12321] + +1703. [bug] named would loop sending NOTIFY messages when it + failed to receive a response. [RT #12322] + +1702. [bug] also-notify should not be applied to built in zones. + [RT #12323] + +1701. [doc] A minimal named.conf man page. + +1700. [func] nslookup is no longer to be treated as deprecated. + Remove "deprecated" warning message. Add man page. + +1699. [bug] dnssec-signzone can generate "not exact" errors + when resigning. [RT #12281] + +1698. [doc] Use reserved IPv6 documentation prefix. + +1697. [bug] xxx-source{,-v6} was not effective when it + specified one of listening addresses and a + different port than the listening port. [RT #12257] + +1696. [bug] dnssec-signzone failed to clean out nodes that + consisted of only NSEC and RRSIG records. + [RT #12154] + +1695. [bug] DS records when forwarding require special handling. + [RT #12133] + +1694. [bug] Report if the builtin views of "_default" / "_bind" + are defined in named.conf. [RT #12023] + +1693. [bug] max-journal-size was not effective for master zones + with ixfr-from-differences set. [RT# 12024] + +1692. [bug] Don't set -I, -L and -R flags when libcrypto is in + /usr/lib. [RT #11971] + +1691. [bug] sdb's attachversion was not complete. [RT #11990] + +1690. [bug] Delay detaching view from the client until UPDATE + processing completes when shutting down. [RT #11714] + +1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros + contained gratuitous semicolons. [RT #11707] + +1688. [bug] LDFLAGS was not supported. + +1687. [bug] Race condition in dispatch. [RT #10272] + +1686. [bug] Named sent a extraneous NOTIFY when it received a + redundant UPDATE request. [RT #11943] + +1685. [bug] Change #1679 loop tests weren't quite right. + +1684. [func] ixfr-from-differences now takes master and slave in + addition to yes and no at the options and view levels. + +1683. [bug] dig +sigchase could leak memory. [RT #11445] + +1682. [port] Update configure test for (long long) printf format. + [RT #5066] + +1681. [bug] Only set SO_REUSEADDR when a port is specified in + isc_socket_bind(). [RT #11742] + +1680. [func] rndc: the source address can now be specified. + +1679. [bug] When there was a single nameserver with multiple + addresses for a zone not all addresses were tried. + [RT #11706] + +1678. [bug] RRSIG should use TYPEXXXXX for unknown types. + +1677. [bug] dig: +aaonly didn't work, +aaflag undocumented. + +1676. [func] New option "allow-query-cache". This lets + allow-query be used to specify the default zone + access level rather than having to have every + zone override the global value. allow-query-cache + can be set at both the options and view levels. + If allow-query-cache is not set allow-query applies. + +1675. [bug] named would sometimes add extra NSEC records to + the authority section. + +1674. [port] linux: increase buffer size used to scan + /proc/net/if_inet6. + +1673. [port] linux: issue a error messages if IPv6 interface + scans fails. + +1672. [cleanup] Tests which only function in a threaded build + now return R:THREADONLY (rather than R:UNTESTED) + in a non-threaded build. + +1671. [contrib] queryperf: add NAPTR to the list of known types. + +1670. [func] Log UPDATE requests to slave zones without an acl as + "disabled" at debug level 3. [RT# 11657] + +1669. [placeholder] + +1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core. + +1667. [port] linux: not all versions have IF_NAMESIZE. + +1666. [bug] The optional port on hostnames in dual-stack-servers + was being ignored. + +1665. [func] rndc now allows addresses to be set in the + server clauses. + +1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY. + +1663. [func] Look for OpenSSL by default. + +1662. [bug] Change #1658 failed to change one use of 'type' + to 'keytype'. + +1661. [bug] Restore dns_name_concatenate() call in + adb.c:set_target(). [RT #11582] + +1660. [bug] win32: connection_reset_fix() was being called + unconditionally. [RT #11595] + +1659. [cleanup] Cleanup some messages that were referring to KEY vs + DNSKEY, NXT vs NSEC and SIG vs RRSIG. + +1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5 + and DH. Tighten which options apply to KEY and + DNSKEY records. + +1657. [doc] ARM: document query log output. + +1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC + DNSKEY and RRSIG. [RT #11542] + +1655. [bug] Logging multiple versions w/o a size was broken. + [RT #11446] + +1654. [bug] isc_result_totext() contained array bounds read + error. + +1653. [func] Add key type checking to dst_key_fromfilename(), + DST_TYPE_KEY should be used to read TSIG, TKEY and + SIG(0) keys. + +1652. [bug] TKEY still uses KEY. + +1651. [bug] dig: process multiple dash options. + +1650. [bug] dig, nslookup: flush standard out after each command. + +1649. [bug] Silence "unexpected non-minimal diff" message. + [RT #11206] + +1648. [func] Update dnssec-lookaside named.conf syntax to support + multiple dnssec-lookaside namespaces (not yet + implemented). + +1647. [bug] It was possible trigger a INSIST when chasing a DS + record that required walking back over a empty node. + [RT #11445] + +1646. [bug] win32: logging file versions didn't work with + non-UNC filenames. [RT#11486] + +1645. [bug] named could trigger a REQUIRE failure if multiple + masters with keys are specified. -1157. [func] match-clients and match-destinations now accept - keys. [RT #2045] +1644. [bug] Update the journal modification time after a + successful refresh query. [RT #11436] -1155. [func] Recover from master files being removed from under - us. +1643. [bug] dns_db_closeversion() could leak memory / node + references. [RT #11163] -1153. [func] 'rndc {stop|halt} -p' now reports the process id - of the instance of named being shutdown. +1642. [port] Support OpenSSL implementations which don't have + DSA support. [RT #11360] -1151. [bug] nslookup failed to check that the arguments to - the port, timeout, and retry options were - valid integers and in range. [RT #2099] +1641. [bug] Update the check-names description in ARM. [RT #11389] -1150. [bug] named incorrectly accepted TTL values - containing plus or minus signs, such as - 1d+1h-1s. +1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was + incorrectly closing the socket. [RT #11291] + +1639. [func] Initial dlv system test. + +1638. [bug] "ixfr-from-differences" could generate a REQUIRE + failure if the journal open failed. [RT #11347] + +1637. [bug] Node reference leak on error in addnoqname(). + +1636. [bug] The dump done callback could get ISC_R_SUCCESS even if + a error had occurred. The database version no longer + matched the version of the database that was dumped. + +1635. [bug] Memory leak on error in query_addds(). + +1634. [bug] named didn't supply a useful error message when it + detected duplicate views. [RT #11208] + +1633. [bug] named should return NOTIMP to update requests to a + slaves without a allow-update-forwarding acl specified. + [RT #11331] + +1632. [bug] nsupdate failed to send prerequisite only UPDATE + messages. [RT #11288] + +1631. [bug] dns_journal_compact() could sometimes corrupt the + journal. [RT #11124] + +1630. [contrib] queryperf: add support for IPv6 transport. + +1629. [func] dig now supports IPv6 scoped addresses with the + extended format in the local-server part. [RT #8753] + +1628. [bug] Typo in Compaq Trucluster support. [RT# 11264] + +1627. [bug] win32: sockets were not being closed when the + last external reference was removed. [RT# 11179] + +1626. [bug] --enable-getifaddrs was broken. [RT#11259] + +1625. [bug] named failed to load/transfer RFC2535 signed zones + which contained CNAMES. [RT# 11237] + +1624. [bug] zonemgr_putio() call should be locked. [RT# 11163] + +1623. [bug] A serial number of zero was being displayed in the + "sending notifies" log message when also-notify was + used. [RT #11177] + +1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is + available, and suppress wildcard binding if not. + +1621. [bug] match-destinations did not work for IPv6 TCP queries. + [RT# 11156] + +1620. [func] When loading a zone report if it is signed. [RT #11149] + +1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches(). + [RT# 11118] + +1618. [bug] Fencepost errors in dns_name_ishostname() and + dns_name_ismailbox() could trigger a INSIST(). + +1617. [port] win32: VC++ 6.0 support. + +1616. [compat] Ensure that named's version is visible in the core + dump. [RT #11127] + +1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if + it is defined. + +1614. [port] win32: silence resource limit messages. [RT# 11101] + +1613. [bug] Builds would fail on machines w/o a if_nametoindex(). + Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif. + [RT #11119] + +1612. [bug] check-names at the option/view level could trigger + an INSIST. [RT# 11116] + +1611. [bug] solaris: IPv6 interface scanning failed to cope with + no active IPv6 interfaces. + +1610. [bug] On dual stack machines "dig -b" failed to set the + address type to be looked up with "@server". + [RT #11069] + +1609. [func] dig now has support to chase DNSSEC signature chains. + Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES. + + DNSSEC validation code in dig coded by Olivier Courtay + (olivier.courtay@irisa.fr) for the IDsA project + (http://idsa.irisa.fr). + +1608. [func] dig and host now accept -4/-6 to select IP transport + to use when making queries. + +1607. [bug] dig, host and nslookup were still using random() + to generate query ids. [RT# 11013] + +1606. [bug] DLV insecurity proof was failing. + +1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC. + +1604. [bug] A xfrout_ctx_create() failure would result in + xfrout_ctx_destroy() being called with a + partially initialized structure. + +1603. [bug] nsupdate: set interactive based on isatty(). + [RT# 10929] + +1602. [bug] Logging to a file failed unless a size was specified. + [RT# 10925] + +1601. [bug] Silence spurious warning 'both "recursion no;" and + "allow-recursion" active' warning from view "_bind". + [RT# 10920] + +1600. [bug] Duplicate zone pre-load checks were not case + insensitive. + +1599. [bug] Fix memory leak on error path when checking named.conf. + +1598. [func] Specify that certain parts of the namespace must + be secure (dnssec-must-be-secure). + +1597. [func] Allow notify-source and query-source to be specified + on a per server basis similar to transfer-source. + [RT #6496] + +1596. [func] Accept 'notify-source' style syntax for query-source. + +1595. [func] New notify type 'master-only'. Enable notify for + master zones only. + +1594. [bug] 'rndc dumpdb' could prevent named from answering + queries while the dump was in progress. [RT #10565] + +1593. [bug] rndc should return "unknown command" to unknown + commands. [RT# 10642] + +1592. [bug] configure_view() could leak a dispatch. [RT# 10675] + +1591. [bug] libbind: updated to BIND 8.4.5. + +1590. [port] netbsd: update thread support. + +1589. [func] DNSSEC lookaside validation. + +1588. [bug] win32: TCP sockets could become blocked. [RT #10115] + +1587. [bug] dns_message_settsigkey() failed to clear existing key. + [RT #10590] + +1586. [func] "check-names" is now implemented. + +1585. [placeholder] + +1584. [bug] "make test" failed with a read only source tree. + [RT #10461] + +1583. [bug] Records add via UPDATE failed to get the correct trust + level. [RT #10452] + +1582. [bug] rrset-order failed to work on RRsets with more + than 32 elements. [RT #10381] + +1581. [func] Disable DNSSEC support by default. To enable + DNSSEC specify "dnssec-enable yes;" in named.conf. + +1580. [bug] Zone destruction on final detach takes a long time. + [RT #3746] + +1579. [bug] Multiple task managers could not be created. + +1578. [bug] Don't use CLASS E IPv4 addresses when resolving. + [RT #10346] + +1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug + workaround code. [RT #10331] + +1576. [bug] Race condition in dns_dispatch_addresponse(). + [RT# 10272] + +1575. [func] Log TSIG name on TSIG verify failure. [RT #4404] + +1574. [bug] Don't attempt to open the controls socket(s) when + running tests. [RT #9091] + +1573. [port] linux: update to libtool 1.5.2 so that + "make install DESTDIR=/xx" works with + "configure --with-libtool". [RT #9941] + +1572. [bug] nsupdate: sign the soa query to find the enclosing + zone if the server is specified. [RT #10148] + +1571. [bug] rbt:hash_node() could fail leaving the hash table + in an inconsistent state. [RT #10208] + +1570. [bug] nsupdate failed to handle classes other than IN. + New keyword 'class' which sets the default class. + [RT #10202] + +1569. [func] nsupdate new command 'answer' which displays the + complete answer message to the last update. + +1568. [bug] nsupdate now reports that the update failed in + interactive mode. [RT# 10236] + +1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201. + +1566. [port] Support for the cmsg framework on Solaris and HP/UX. + This also solved the problem that match-destinations + for IPv6 addresses did not work on these systems. + [RT #10221] + +1565. [bug] CD flag should be copied to outgoing queries unless + the query is under a secure entry point in which case + CD should be set. + +1564. [func] Attempt to provide a fallback entropy source to be + used if named is running chrooted and named is unable + to open entropy source within the chroot area. + [RT #10133] + +1563. [bug] Gracefully fail when unable to obtain neither an IPv4 + nor an IPv6 dispatch. [RT #10230] + +1562. [bug] isc_socket_create() and isc_socket_accept() could + leak memory under error conditions. [RT #10230] + +1561. [bug] It was possible to release the same name twice if + named ran out of memory. [RT #10197] + +1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA + and EAI_NONAME to the same value. + +1559. [port] named should ignore SIGFSZ. + +1558. [func] New DNSSEC 'disable-algorithms'. Support entry into + child zones for which we don't have a supported + algorithm. Such child zones are treated as unsigned. + +1557. [func] Implement missing DNSSEC tests for + * NOQNAME proof with wildcard answers. + * NOWILDARD proof with NXDOMAIN. + Cache and return NOQNAME with wildcard answers. + +1556. [bug] nsupdate now treats all names as fully qualified. + [RT #6427] -1149. [func] New function isc_parse_uint32(). +1555. [func] 'rrset-order cyclic' no longer has a random starting + point per query. [RT #7572] -1148. [func] 'rndc-confgen -a' now provides positive feedback. +1554. [bug] dig, host, nslookup failed when no nameservers + were specified in /etc/resolv.conf. [RT #8232] -1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by - the OS. listen-on-v6 { any; }; should no longer - result in IPv4 queries be accepted. Similarly - control { inet :: ... }; should no longer result - in IPv4 connections being accepted. This can be - overridden at compile time by defining - ISC_ALLOW_MAPPED=1. +1553. [bug] The windows socket code could stop accepting + connections. [RT#10115] -1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if - supported by the OS by a new function - isc_socket_ipv6only(). +1552. [bug] Accept NOTIFY requests from mapped masters if + matched-mapped is set. [RT #10049] -1145. [func] "host" no longer reports a NOERROR/NODATA response - by printing nothing. [RT #2065] +1551. [port] Open "/dev/null" before calling chroot(). -1143. [bug] When a trusted-keys statement was present and named - was built without crypto support, it would leak memory. +1550. [port] Call tzset(), if available, before calling chroot(). -1139. [func] It is now possible to flush a given name from the - cache(s) via 'rndc flushname name [view]'. [RT #2051] +1549. [func] named-checkzone can now write out the zone contents + in a easily parsable format (-D and -o). -1138. [func] It is now possible to flush a given name from the - cache by calling the new function - dns_cache_flushname(). +1548. [bug] When parsing APL records it was possible to silently + accept out of range ADDRESSFAMILY values. [RT# 9979] -1137. [func] It is now possible to flush a given name from the - ADB by calling the new function dns_adb_flushname(). +1547. [bug] Named wasted memory recording duplicate lame zone + entries. [RT #9341] -1135. [func] You can now override the default syslog() facility for - named/lwresd at compile time. [RT #1982] +1546. [bug] We were rejecting valid secure CNAME to negative + answers. -1132. [func] Improve UPDATE prerequisite failure diagnostic messages. +1545. [bug] It was possible to leak memory if named was unable to + bind to the specified transfer source and TSIG was + being used. [RT #10120] -1128. [func] sdb drivers can now provide RR data in either text - or wire format, the latter using the new functions - dns_sdb_putrdata() and dns_sdb_putnamedrdata(). +1544. [bug] Named would logged a single entry to a file despite it + being over the specified size limit. -1127. [func] rndc: If the server to contact has multiple addresses, - try all of them. +1543. [bug] Logging using "versions unlimited" did not work. -1119. [func] Added support in Win32 for NTFS file/directory ACL's - for access control. +1542. [placeholder] -1115. [func] Set maximum values for cleaning-interval, - heartbeat-interval, interface-interval, - max-transfer-idle-in, max-transfer-idle-out, - max-transfer-time-in, max-transfer-time-out, - statistics-interval of 28 days and - sig-validity-interval of 3660 days. [RT #2002] +1541. [func] NSEC now uses new bitmap format. -1110. [bug] dig should only accept valid abbreviations of +options. - [RT #2003] +1540. [bug] "rndc reload " was silently accepted. + [RT #8934] -1105. [port] OpenUNIX 8 enable threads by default. [RT #1970] +1539. [bug] Open UDP sockets for notify-source and transfer-source + that use reserved ports at startup. [RT #9475] -1080. [bug] BIND 8 compatibility: accept bare IP prefixes - as the second element of a two-element top level - sort list statement. [RT #1964] +1538. [placeholder] rt9997 -1079. [bug] BIND 8 compatibility: accept bare elements at top - level of sort list treating them as if they were - a single element list. [RT #1963] +1537. [func] New option "querylog". If set specify whether query + logging is to be enabled or disabled at startup. -1077. [func] Do not accept further recursive clients when - the total number of recursive lookups being - processed exceeds max-recursive-clients, even - if some of the lookups are internally generated. - [RT #1915, #1938] +1536. [bug] Windows socket code failed to log a error description + when returning ISC_R_UNEXPECTED. [RT #9998] -1073. [bug] The ADB cache cleaning should also be space driven. - [RT #1915, #1938] +1535. [placeholder] -1067. [func] Allow quotas to be soft, isc_quota_soft(). +1534. [bug] Race condition when priming cache. [RT# 9940] -1065. [func] Runtime support to select new / old style interface - scanning using ioctls. +1533. [func] Warn if both "recursion no;" and "allow-recursion" + are active. [RT# 4389] -1060. [func] Move refresh, stub and notify UDP retry processing - into dns_request. +1532. [port] netbsd: the configure test for + requires . -1059. [func] dns_request now support will now retry UDP queries, - dns_request_createvia2() and dns_request_createraw2(). +1531. [port] AIX more libtool fixes. -1058. [func] Limited lifetime ticker timers are now available, - isc_timertype_limited. +1530. [bug] It was possible to trigger a INSIST() failure if a + slave master file was removed at just the correct + moment. [RT #9462] -1055. [func] Version and hostname queries can now be disabled - using "version none;" and "hostname none;", - respectively. +1529. [bug] "notify explicit;" failed to log that NOTIFY messages + were being sent for the zone. [RT# 9442] -1049. [func] "pid-file none;" will disable writing a pid file. - [RT #1848] +1528. [cleanup] Simplify some dns_name_ functions based on the + deprecation of bitstring labels. -1037. [bug] Negative responses whose authority section contain - SOA or NS records whose owner names are not equal - equal to or parents of the query name should be - rejected. [RT #1862] +1527. [cleanup] Reduce the number of gettimeofday() calls without + losing necessary timer granularity. -1036. [func] Silently drop requests received via multicast as - long as there is no final multicast DNS standard. +1526. [func] Implemented "additional section caching (or acache)", + an internal cache framework for additional section + content to improve response performance. Several + configuration options were provided to control the + behavior. -1035. [bug] If we respond to multicast queries (which we - currently do not), respond from a unicast address - as specified in RFC 1123. [RT #137] +1525. [bug] dns_cache_create() could trigger a REQUIRE + failure in isc_mem_put() during error cleanup. + [RT# 9360] -1034. [bug] Ignore the RD bit on multicast queries as specified - in RFC 1123. [RT #137] +1524. [port] AIX needs to be able to resolve all symbols when + creating shared libraries (--with-libtool). -1032. [func] hostname.bind/txt/chaos now returns the name of - the machine hosting the nameserver. This is useful - in diagnosing problems with anycast servers. +1523. [bug] Fix race condition in rbtdb. [RT# 9189] -1025. [bug] Don't use multicast addresses to resolve iterative - queries. [RT #101] +1522. [bug] dns_db_findnode() relax the requirements on 'name'. + [RT# 9286] -1024. [port] Compilation failed on HP-UX 11.11 due to - incompatible use of the SIOCGLIFCONF macro - name. [RT #1831] +1521. [bug] dns_view_createresolver() failed to check the + result from isc_mem_create(). [RT# 9294] -1023. [func] Accept hints without TTLs. +1520. [protocol] Add SSHFP (SSH Finger Print) type. -1011. [cleanup] Removed isc_dir_current(). +1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong + length of the new bitmap. -1009. [port] OpenUNIX 8 support. [RT #1728] +1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(), + contained a off-by-one error when working out the + number of octets in the bitmap. -1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2. +1517. [port] Support for IPv6 interface scanning on HP/UX and + TrueUNIX 5.1. -1007. [port] config.guess, config.sub from autoconf-2.52. +1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY. -1003. [func] Add the +retry option to dig. +1515. [func] Allow transfer source to be set in a server statement. + [RT #6496] - 999. [func] "rndc retransfer zone [class [view]]" added. - [RT #1752] +1514. [bug] named: isc_hash_destroy() was being called too early. + [RT #9160] - 998. [func] named-checkzone now has arguments to specify the - chroot directory (-t) and working directory (-w). - [RT #1755] +1513. [doc] Add "US" to root-delegation-only exclude list. - 997. [func] Add support for RSA-SHA1 keys (RFC3110). +1512. [bug] Extend the delegation-only logging to return query + type, class and responding nameserver. - 996. [func] Issue warning if the configuration filename contains - the chroot path. +1511. [bug] delegation-only was generating false positives + on negative answers from sub-zones. - 994. [func] Treat non-authoritative responses to queries for type - NS as referrals even if the NS records are in the - answer section, because BIND 8 servers incorrectly - send them that way. This is necessary for DNSSEC - validation of the NS records of a secure zone to - succeed when the parent is a BIND 8 server. [RT #1706] +1510. [func] New view option "root-delegation-only". Apply + delegation-only check to all TLDs and root. + Note there are some TLDs that are NOT delegation + only (e.g. DE, LV, US and MUSEUM) these can be excluded + from the checks by using exclude. - 993. [func] dig: -v now reports the version. + root-delegation-only exclude { + "DE"; "LV"; "US"; "MUSEUM"; + }; - 991. [func] Lower UDP refresh timeout messages to level - debug 1. +1509. [bug] Hint zones should accept delegation-only. Forward + zone should not accept delegation-only. - 985. [func] Consider network interfaces to be up iff they have - a nonzero IP address rather than based on the - IFF_UP flag. [RT #1160] +1508. [bug] Don't apply delegation-only checks to answers from + forwarders. - 983. [func] The server now supports generating IXFR difference - sequences for non-dynamic zones by comparing zone - versions, when enabled using the new config - option "ixfr-from-differences". [RT #1727] +1507. [bug] Handle BIND 8 style returns to NS queries to parents + when making delegation-only checks. - 982. [func] If "memstatistics-file" is set in options the memory - statistics will be written to it. +1506. [bug] Wrong return type for dns_view_isdelegationonly(). - 981. [func] The dnssec tools can now take multiple '-r randomfile' - arguments. +1505. [bug] Uninitialized rdataset in sdb. [RT #8750] - 979. [func] Incremental master file dumping. dns_master_dumpinc(), - dns_master_dumptostreaminc(), dns_dumpctx_attach(), - dns_dumpctx_detach(), dns_dumpctx_cancel(), - dns_dumpctx_db() and dns_dumpctx_version(). +1504. [func] New zone type "delegation-only". - 976. [func] named-checkconf can now test load master zones - (named-checkconf -z). [RT #1468] +1503. [port] win32: install libeay32.dll outside of system32. - 970. [func] 'max-journal-size' can now be used to set a target - size for a journal. +1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP. - 969. [func] dig now supports the undocumented dig 8 feature - of allowing arbitrary labels, not just dotted - decimal quads, with the -x option. This can be - used to conveniently look up RFC2317 names as in - "dig -x 10.0.0.0-127". [RT #827, #1576, #1598] +1501. [func] Allow TCP queue length to be specified via + named.conf, tcp-listen-queue. - --- 9.2.3rc1 released --- +1500. [bug] host failed to lookup MX records. Also look up + AAAA records. 1499. [bug] isc_random need to be seeded better if arc4random() is not used. 1498. [port] bsdos: 5.x support. -1497. [protocol] dig, nslookup and host now perform nibble lookups - under IP6.ARPA, use -i for IP6.INT (dig and host). - lwres now uses IP6.ARPA. +1497. [placeholder] 1496. [port] test for pthread_attr_setstacksize(). @@ -2036,7 +3278,7 @@ 1494. [security] Turn on RSA BLINDING as a precaution. -1493. [doc] A6 and "bitstring" labels are now experimental. +1493. [placeholder] 1492. [cleanup] Preserve rwlock quota context when upgrading / downgrading. [RT #5599] @@ -2092,8 +3334,12 @@ 1477. [bug] memory leak using stub zones and TSIG. -1476. [port] win32: port unreachables were blocking further i/o - on sockets (Windows 2000 SP2 and later). +1476. [placeholder] + +1475. [port] Probe for old sprintf(). + +1474. [port] Provide strtoul() and memmove() for platforms + without them. 1473. [bug] create_map() and create_string() failed to handle out of memory cleanup. [RT #6813] @@ -2104,6 +3350,14 @@ 1470. [bug] Incorrect length passed to snprintf. [RT #5966] +1469. [func] Log end of outgoing zone transfer at same level + as the start of transfer is logged. [RT #4441] + +1468. [func] Internal zones are no longer counted for + 'rndc status'. [RT #4706] + +1467. [func] $GENERATES now supports optional class and ttl. + 1466. [bug] lwresd configuration errors resulted in memory and lock leaks. [RT #5228] @@ -2125,15 +3379,27 @@ 1460. [bug] inet_pton() failed to reject certain malformed IPv6 literals. -1459. [bug] win32: we were leaking a bits in the exception - fd_set resulting in "Socket operation on non-socket" - errors from select(). [RT #2966] +1459. [placeholder] + +1458. [cleanup] sprintf() -> snprintf(). + +1457. [port] Provide strlcat() and strlcpy() for platforms without + them. 1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer. +1455. [bug] missing from server grammar in + doc/misc/options. [RT #5616] + +1454. [port] Use getifaddrs() if available for interface scanning. + --disable-getifaddrs to override. Glibc currently + has a getifaddrs() that does not support IPv6. + Use --enable-getifaddrs=glibc to force the use of + this version under linux machines. + 1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298] -1452. [bug] Bad #ifdef, ISC_RFC2335 -> ISC_RFC2535. +1452. [placeholder] 1451. [bug] rndc-confgen didn't exit with a error code for all failures. [RT #5209] @@ -2150,44 +3416,121 @@ rdataset->private4 is now rdataset->privateuint4 to reflect a type change. +1446. [func] Implemented undocumented alternate transfer sources + from BIND 8. See use-alt-transfer-source, + alt-transfer-source and alt-transfer-source-v6. + + SECURITY: use-alt-transfer-source is ENABLED unless + you are using views. This may cause a security risk + resulting in accidental disclosure of wrong zone + content if the master supplying different source + content based on IP address. If you are not certain + ISC recommends setting use-alt-transfer-source no; + 1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has been replaced with DNS_ADBFIND_STARTATZONE which causes the search to start using the closest zone. +1444. [func] dns_view_findzonecut2() allows you to specify if the + cache should be searched for zone cuts. + +1443. [func] Masters lists can now be specified and referenced + in zone masters clauses and other masters lists. + +1442. [func] New functions for manipulating port lists: + dns_portlist_create(), dns_portlist_add(), + dns_portlist_remove(), dns_portlist_match(), + dns_portlist_attach() and dns_portlist_detach(). + +1441. [func] It is now possible to tell dig to bind to a specific + source port. + +1440. [func] It is now possible to tell named to avoid using + certain source ports (avoid-v4-udp-ports, + avoid-v6-udp-ports). + 1439. [bug] Named could return NOERROR with certain NOTIFY failures. Return NOTAUTH if the NOTIFY zone is not being served. +1438. [func] Log TSIG (if any) when logging NOTIFY requests. + +1437. [bug] Leave space for stdio to work in. [RT #5033] + +1436. [func] dns_zonemgr_resumexfrs() can be used to restart + stalled transfers. + 1435. [bug] zmgr_resume_xfrs() was being called read locked rather than write locked. zmgr_resume_xfrs() was not being called if the zone was being shutdown. -1437. [bug] Leave space for stdio to work in. [RT #5033] - 1434. [bug] "rndc reconfig" failed to initiate the initial zone transfer of new slave zones. +1433. [bug] named could trigger a REQUIRE failure if it could + not get a file descriptor when attempting to write + a master file. [RT #4347] + +1432. [func] The advertised EDNS UDP buffer size can now be set + via named.conf (edns-udp-size). + 1431. [bug] isc_print_snprintf() "%s" with precision could walk off end of argument. [RT #5191] +1430. [port] linux: IPv6 interface scanning support. + 1429. [bug] Prevent the cache getting locked to old servers. +1428. [placeholder] + +1427. [bug] Race condition in adb with threaded build. + +1426. [placeholder] + +1425. [port] linux/libbind: define __USE_MISC when testing *_r() + function prototypes in netdb.h. [RT #4921] + 1424. [bug] EDNS version not being correctly printed. 1423. [contrib] queryperf: added A6 and SRV. +1422. [func] Log name/type/class when denying a query. [RT #4663] + +1421. [func] Differentiate updates that don't succeed due to + prerequisites (unsuccessful) vs other reasons + (failed). + 1420. [port] solaris: work around gcc optimizer bug. 1419. [port] openbsd: use /dev/arandom. [RT #4950] 1418. [bug] 'rndc reconfig' did not cause new slaves to load. +1417. [func] ID.SERVER/CHAOS is now a built in zone. + See "server-id" for how to configure. + 1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN. [RT #4715] +1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived + from SOA MINIMUM. + +1414. [func] Support for KSK flag. + +1413. [func] Explicitly request the (re-)generation of DS records + from keysets (dnssec-signzone -g). + +1412. [func] You can now specify servers to be tried if a nameserver + has IPv6 address and you only support IPv4 or the + reverse. See dual-stack-servers. + 1411. [bug] empty nodes should stop wildcard matches. [RT #4802] +1410. [func] Handle records that live in the parent zone, e.g. DS. + +1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC. + 1408. [bug] "make distclean" was not complete. [RT #4700] 1407. [bug] lfsr incorrectly implements the shift register. @@ -2198,12 +3541,48 @@ 1405. [func] Use arc4random() if available. +1404. [bug] libbind: ns_name_ntol() could overwrite a zero length + buffer. + +1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset + dnssec-signkey now report their version in the + usage message. + +1402. [cleanup] A6 has been moved to experimental and is no longer + fully supported. + 1401. [bug] adb wasn't clearing state when the timer expired. +1400. [bug] Block the addition of wildcard NS records by IXFR + or UPDATE. [RT #3502] + 1399. [bug] Use serial number arithmetic when testing SIG timestamps. [RT #4268] -1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30. +1398. [doc] ARM: notify-also should have been also-notify. + [RT #4345] + +1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30. + +1396. [func] dnssec-signzone: adjust the default signing time by + 1 hour to allow for clock skew. + +1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't + have a working implementation. [RT #4079] + +1394. [func] It is now possible to check if a particular element is + in a acl. Remove duplicate entries from the localnets + acl. + +1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY + is not available in the kernel to prevent accidently + listening on IPv4 interfaces. + +1392. [bug] named-checkzone: update usage. + +1391. [func] Add support for IPv6 scoped addresses in named. + +1390. [func] host now supports ixfr. 1389. [bug] named could fail to rotate long log files. [RT #3666] @@ -2214,68 +3593,81 @@ space (which caused an assertion failure) in incremental cleaning. [RT #3588] +1386. [bug] named-checkzone -z stopped on errors in a zone. + [RT #3653] + 1385. [bug] Setting serial-query-rate to 10 would trigger a REQUIRE failure. 1384. [bug] host was incompatible with BIND 8 in its exit code and in the output with the -l option. [RT #3536] -1373. [bug] Recovery from expired glue failed under certain - circumstances. +1383. [func] Track the serial number in a IXFR response and log if + a mismatch occurs. This is a more specific error than + "not exact". [RT #3445] -1372. [bug] named crashes with an assertion failure on exit when - sharing the same port for listening and querying, and - changing listening addresses several times. [RT# 3509] +1382. [bug] make install failed with --enable-libbind. [RT #3656] -1370. [bug] dig '+[no]recurse' was incorrectly documented. +1381. [bug] named failed to correctly process answers that + contained DNAME records where the resulting CNAME + resulted in a negative answer. -1369. [bug] Adding an NS record as the lexicographically last - record in a secure zone didn't work. +1380. [func] 'rndc recursing' dump recursing queries to + 'recursing-file = "named.recursing";'. -1366. [contrib] queryperf usage was incomplete. Add '-h' for help. +1379. [func] 'rndc status' now reports tcp and recursion quota + states. -1348. [port] win32: Rewrote code to use I/O Completion Ports - in socket.c and eliminating a host of socket - errors. Performance is enhanced. +1378. [func] Improved positive feedback for 'rndc {reload|refresh}. -1333. [contrib] queryperf now reports a summary of returned - rcodes (-c), rcodes are printed in mnemonic form (-v). +1377. [func] dns_zone_load{new}() now reports if the zone was + loaded, queued for loading to up to date. -1299. [bug] Set AI_ADDRCONFIG when looking up addresses - via getaddrinfo() (affects dig, host, nslookup, rndc - and nsupdate). +1376. [func] New function dns_zone_logc() to log to specified + category. -1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. - [RT #2436] +1375. [func] 'rndc dumpdb' now dumps the adb cache along with the + data cache. -1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. - [RT #2046] +1374. [func] dns_adb_dump() now logs the lame zones associated + with each server. - 992. [doc] dig: ~/.digrc is now documented. +1373. [bug] Recovery from expired glue failed under certain + circumstances. - --- 9.2.2 released --- +1372. [bug] named crashes with an assertion failure on exit when + sharing the same port for listening and querying, and + changing listening addresses several times. [RT# 3509] -1428. [port] hpux: temporary work around of hpux 11.11 interface - scanning. +1371. [bug] notify-source-v6, transfer-source-v6 and + query-source-v6 with explicit addresses and using the + same ports as named was listening on could interfere + with named's ability to answer queries sent to those + addresses. -1427. [bug] Race condition in adb with threaded build. +1370. [bug] dig '+[no]recurse' was incorrectly documented. -1426. [cleanup] Disable RFC2535 style DNSSEC. This is incompatible - with the forthcoming DS style DNSSEC. +1369. [bug] Adding an NS record as the lexicographically last + record in a secure zone didn't work. -1425. [port] linux/libbind: define __USE_MISC when testing *_r() - function prototypes in netdb.h. [RT #4921] +1368. [func] remove support for bitstring labels. -1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't - have a working implementation. [RT #4079] +1367. [func] Use response times to select forwarders. -1382. [bug] make install failed with --enable-libbind. [RT #3656] +1366. [contrib] queryperf usage was incomplete. Add '-h' for help. -1381. [bug] named failed to correctly process answers that - contained DNAME records where the resulting CNAME - resulted in a negative answer. +1365. [func] "localhost" and "localnets" acls now include IPv6 + addresses / prefixes. + +1364. [func] Log file name when unable to open memory statistics + and dump database files. [RT# 3437] + +1363. [func] Listen-on-v6 now supports specific addresses. + +1362. [bug] remove IFF_RUNNING test when scanning interfaces. - --- 9.2.2rc1 released --- +1361. [func] log the reason for rejecting a server when resolving + queries. 1360. [bug] --enable-libbind would fail when not built in the source tree for certain OS's. @@ -2290,6 +3682,8 @@ 1356. [tuning] Reduce the number of events / quantum for zone tasks. +1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME. + 1354. [doc] lwres man pages had illegal nroff. 1353. [contrib] sdb/ldap to version 0.9. @@ -2307,26 +3701,68 @@ 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a). http://www.cert.org/advisories/CA-2002-23.html -1346. [bug] Win32: select timeout in socket.c was too small - as value given was meant to be milliseconds and - timeval structure requires microseconds. This - caused high CPU loads with a compute bound loop. - [RT #3358] +1348. [port] win32: Rewrote code to use I/O Completion Ports + in socket.c and eliminating a host of socket + errors. Performance is enhanced. + +1347. [placeholder] + +1346. [placeholder] 1345. [port] Use a explicit -Wformat with gcc. Not all versions include it in -Wall. +1344. [func] Log if the serial number on the master has gone + backwards. + If you have multiple machines specified in the masters + clause you may want to set 'multi-master yes;' to + suppress this warning. + +1343. [func] Log successful notifies received (info). Adjust log + level for failed notifies to notice. + +1342. [func] Log remote address with TCP dispatch failures. + +1341. [func] Allow a rate limiter to be stalled. + 1340. [bug] Delay and spread out the startup refresh load. +1339. [func] dig, host and nslookup now use IP6.ARPA for nibble + lookups. Bit string lookups are no longer attempted. + +1338. [placeholder] + +1337. [placeholder] + +1336. [func] Nibble lookups under IP6.ARPA are now supported by + dns_byaddr_create(). dns_byaddr_createptrname() is + deprecated, use dns_byaddr_createptrname2() instead. + 1335. [bug] When performing a nonexistence proof, the validator should discard parent NXTs from higher in the DNS. 1334. [bug] When signing/verifying rdatasets, duplicate rdatas need to be suppressed. +1333. [contrib] queryperf now reports a summary of returned + rcodes (-c), rcodes are printed in mnemonic form (-v). + +1332. [func] Report the current serial with periodic commits when + rolling forward the journal. + +1331. [func] Generate DNSSEC wildcard proofs. + 1330. [bug] When processing events (non-threaded) only allow the task one chance to use to use its quantum. +1329. [func] named-checkzone will now check if nameservers that + appear to be IP addresses. Available modes "fail", + "warn" (default) and "ignore" the results of the + check. + +1328. [bug] The validator could incorrectly verify an invalid + negative proof. + 1327. [bug] The validator would incorrectly mark data as insecure when seeing a bogus signature before a correct signature. @@ -2341,6 +3777,11 @@ 1323. [port] linux: Slackware 4.0 needs . [RT #3205] +1322. [bug] dnssec-signzone usage message was misleading. + +1321. [bug] If the last RRset in a zone is glue, dnssec-signzone + would incorrectly duplicate its output and sign it. + 1320. [doc] query-source-v6 was missing from options section. [RT #3218] @@ -2358,11 +3799,20 @@ 1314. [port] Handle ECONNRESET from sendmsg() [unix]. +1313. [func] Query log now says if the query was signed (S) or + if EDNS was used (E). + +1312. [func] Log TSIG key used w/ outgoing zone transfers. + 1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159] 1310. [bug] 'rndc stop' failed to cause zones to be flushed sometimes. [RT #3157] +1309. [func] Log that a zone transfer was covered by a TSIG. + +1308. [func] DS (delegation signer) support. + 1307. [bug] nsupdate: allow white space base64 key data. 1306. [bug] Badly encoded LOC record when the size, horizontal @@ -2371,6 +3821,21 @@ 1305. [bug] Document that internal zones are included in the rndc status results. +1304. [func] New function: dns_zone_name(). + +1303. [func] Option 'flush-zones-on-shutdown ;'. + +1302. [func] Extended rndc dumpdb to support dumping of zones and + view selection: 'dumpdb [-all|-zones|-cache] [view]'. + +1301. [func] New category 'update-security'. + +1300. [port] Compaq Trucluster support. + +1299. [bug] Set AI_ADDRCONFIG when looking up addresses + via getaddrinfo() (affects dig, host, nslookup, rndc + and nsupdate). + 1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile could be left with a trailing "\" after configure has been run. @@ -2388,6 +3853,18 @@ IPv6 reverse resolution. Try IP6.ARPA then IP6.INT for nibble style resolution. +1293. [func] Entropy can now be retrieved from EGDs. [RT #2438] + +1292. [func] Enable IPv6 support when using ioctl style interface + scanning and OS supports SIOCGLIFADDR using struct + if_laddrreq. + +1291. [func] Enable IPv6 support when using sysctl style interface + scanning. + +1290. [func] "dig axfr" now reports the number of messages + as well as the number of records. + 1289. [port] See if -ldl is required for OpenSSL? [RT #2672] 1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better @@ -2400,16 +3877,31 @@ 1286. [bug] dns_name_downcase() enforce requirement that target != NULL or name->buffer != NULL. +1285. [func] lwres: probe the system to see what address families + are currently in use. + 1284. [bug] The RTT estimate on unused servers was not aged. [RT #2569] +1283. [func] Use "dataready" accept filter if available. + 1282. [port] libbind: hpux 11.11 interface scanning. +1281. [func] Log zone when unable to get private keys to update + zone. Log zone when NXT records are missing from + secure zone. + 1280. [bug] libbind: escape '(' and ')' when converting to presentation form. 1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590] +1278. [func] dig: now supports +[no]cl +[no]ttlid. + +1277. [func] You can now create your own customized printing + styles: dns_master_stylecreate() and + dns_master_styledestroy(). + 1276. [bug] libbind: const pointer conflicts in res_debug.c. 1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN. @@ -2421,6 +3913,9 @@ 1272. [contrib] Berkeley DB 4.0 sdb implementation from Nuno Miguel Rodrigues . +1271. [bug] "recursion available: {denied,approved}" was too + confusing. + 1270. [bug] Check that system inet_pton() and inet_ntop() support AF_INET6. @@ -2429,6 +3924,9 @@ 1268. [port] Openserver: the value FD_SETSIZE depends on whether is included or not. Be consistent. +1267. [func] isc_file_openunique() now creates file using mode + 0666 rather than 0600. + 1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE, __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE are not C++ compatible, use *_TYPE versions instead. @@ -2436,6 +3934,8 @@ 1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with C++, use LINK_INIT_TYPE and UNLINK_TYPE instead. +1264. [placeholder] + 1263. [bug] Reference after free error if dns_dispatchmgr_create() failed. @@ -2465,6 +3965,8 @@ next name, and for NOERROR NODATA responses, check that the type is not present in the NXT bitmap. +1254. [func] preferred-glue option from BIND 8.3. + 1253. [bug] The dnssec system test failed to remove the correct files. @@ -2472,48 +3974,38 @@ the answer was coming from against the address it was sent to. [RT# 2692] -1248. [bug] DESTDIR was not being propagated between makes. - -1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for - accept(). - -1242. [bug] named-checkzone failed if a journal existed. [RT #2657] - -1241. [bug] Drop received UDP messages with a zero source port - as these are invariably forged. [RT #2621] - -1209. [bug] Dig, host, nslookup were not checking the message ids - on the responses. [RT #2454] - -1097. [func] libbind: RES_PRF_TRUNC for dig. - -1096. [func] libbind: "DNSSEC OK" (DO) support. +1251. [port] win32: a make file contained absolute version specific + references. -1095. [func] libbind: resolver option: no-tld-query. disables - trying unqualified as a tld. no_tld_query is also - supported for FreeBSD compatibility. +1250. [func] Nsupdate will report the address the update was + sent to. -1094. [func] libbind: add support gcc's format string checking. +1249. [bug] Missing masters clause was not handled gracefully. + [RT #2703] -1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 - support. +1248. [bug] DESTDIR was not being propagated between makes. - --- 9.2.1 released --- +1247. [bug] Don't reset the interface index for link/site local + addresses. [RT #2576] -1251. [port] win32: a make file contained absolute version specific - references. +1246. [func] New functions isc_sockaddr_issitelocal(), + isc_sockaddr_islinklocal(), isc_netaddr_issitelocal() + and isc_netaddr_islinklocal(). -1249. [bug] Missing masters clause was not handled gracefully. - [RT #2703] +1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for + accept(). 1244. [bug] Receiving a TCP message from a blackhole address would prevent further messages being received over that interface. -1178. [bug] Follow and cache (if appropriate) A6 and other - data chains to completion in the additional section. +1243. [bug] It was possible to trigger a REQUIRE() in + dns_message_findtype(). [RT #2659] - --- 9.2.1rc2 released --- +1242. [bug] named-checkzone failed if a journal existed. [RT #2657] + +1241. [bug] Drop received UDP messages with a zero source port + as these are invariably forged. [RT #2621] 1240. [bug] It was possible to leak zone references by specifying an incorrect zone to rndc. @@ -2530,6 +4022,15 @@ 1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non NULL terminated text regions. [RT #2588] +1235. [func] Report 'out of memory' errors from openssl. + +1234. [bug] contrib/sdb: 'zonetodb' failed to call + dns_result_register(). DNS_R_SEENINCLUDE should not + be fatal. + +1233. [bug] The flags field of a KEY record can be expressed in + hex as well as decimal. + 1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL. 1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL. @@ -2545,15 +4046,34 @@ if a number was expected and some other token was found. [RT#2532] +1226. [func] Use EDNS for zone refresh queries. [RT #2551] + +1225. [func] dns_message_setopt() no longer requires that + dns_message_renderbegin() to have been called. + +1224. [bug] 'rrset-order' and 'sortlist' should be additive + not exclusive. + +1223. [func] 'rrset-order' partially works 'cyclic' and 'random' + are supported. + 1222. [bug] Specifying 'port *' did not always result in a system selected (non-reserved) port being used. [RT #2537] 1221. [bug] Zone types 'master', 'slave' and 'stub' were not being compared case insensitively. [RT #2542] +1220. [func] Support for APL rdata type. + +1219. [func] Named now reports the TSIG extended error code when + signature verification fails. [RT #1651] + 1218. [bug] Named incorrectly returned SERVFAIL rather than NOTAUTH when there was a TSIG BADTIME error. [RT #2519] +1217. [func] Report locations of previous key definition when a + duplicate is detected. + 1216. [bug] Multiple server clauses for the same server were not reported. [RT #2514] @@ -2562,6 +4082,9 @@ 1214. [bug] Win32: isc_file_renameunique() could leave zero length files behind. +1213. [func] Report view associated with client if it is not a + standard view (_default or _bind). + 1212. [port] libbind: 64k answer buffers were causing stack space to be exceeded for certain OS. Use heap space instead. @@ -2571,12 +4094,13 @@ 1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped / compatible addresses. [RT #2461] +1209. [bug] Dig, host, nslookup were not checking the message ids + on the responses. [RT #2454] + 1208. [bug] dns_master_load*() failed to log a error message if an error was detected when parsing the ownername of a record. [RT #2448] - --- 9.2.1rc1 released --- - 1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with an invalid pointer. @@ -2589,6 +4113,11 @@ 1204. [bug] libbind: res_nupdate() failed to update the name server addresses before sending the update. +1203. [func] Report locations of previous acl and zone definitions + when a duplicate is detected. + +1202. [func] New functions: cfg_obj_line() and cfg_obj_file(). + 1201. [bug] Require that if 'callbacks' is passed to dns_rdata_fromtext(), callbacks->error and callbacks->warn are initialized. @@ -2596,6 +4125,9 @@ 1200. [bug] Log 'errno' that we are unable to convert to isc_result_t. [RT #2404] +1199. [doc] ARM reference to RFC 2157 should have been RFC 1918. + [RT #2436] + 1198. [bug] OPT printing style was not consistent with the way the header fields are printed. The DO bit was not reported if set. Report if any of the MBZ bits are set. @@ -2611,11 +4143,20 @@ 1194. [bug] Not all duplicate zone definitions were being detected at the named.conf checking stage. [RT #2431] -1193. [bug] Best effort parsing didn't handle packet truncation. +1193. [bug] dig +besteffort parsing didn't handle packet + truncation. dns_message_parse() has new flag + DNS_MESSAGE_IGNORETRUNCATION. + +1192. [bug] The seconds fields in LOC records were restricted + to three decimal places. More decimal places should + be allowed but warned about. 1191. [bug] A dynamic update removing the last non-apex name in a secure zone would fail. [RT #2399] +1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands. + [RT #2394] + 1189. [bug] On some systems, malloc(0) returns NULL, which could cause the caller to report an out of memory error. [RT #2398] @@ -2623,6 +4164,9 @@ 1188. [bug] Dynamic updates of a signed zone would fail if some of the zone private keys were unavailable. +1187. [bug] named was incorrectly returning DNSSEC records + in negative responses when the DO bit was not set. + 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the EOL token when reading to end of line. @@ -2638,14 +4182,30 @@ 1182. [bug] The server could throw an assertion failure when constructing a negative response packet. +1181. [func] Add the "key-directory" configuration statement, + which allows the server to look for online signing + keys in alternate directories. + +1180. [func] dnssec-keygen should always generate keys with + protocol 3 (DNSSEC), since it's less confusing + that way. + +1179. [func] Add SIG(0) support to nsupdate. + +1178. [bug] Follow and cache (if appropriate) A6 and other + data chains to completion in the additional section. + +1177. [func] Report view when loading zones if it is not a + standard view (_default or _bind). [RT #2270] + 1176. [doc] Document that allow-v6-synthesis is only performed for clients that are supplied recursive service. [RT #2260] -1175. [bug] named-checkzone failed to call dns_result_register() - at startup which could result in runtime - exceptions when printing "out of memory" errors. - [RT #2335] +1175. [bug] named-checkzone and named-checkconf failed to call + dns_result_register() at startup which could + result in runtime exceptions when printing + "out of memory" errors. [RT #2335] 1174. [bug] Win32: add WSAECONNRESET to the expected errors from connect(). [RT #2308] @@ -2656,9 +4216,14 @@ 1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to table of RR types in ARM. +1171. [func] Added function isc_region_compare(), updated files in + lib/dns to use this function instead of local one. + 1170. [bug] Don't attempt to print the token when a I/O error occurs when parsing named.conf. [RT #2275] +1169. [func] Identify recursive queries in the query log. + 1168. [bug] Empty also-notify clauses were not handled. [RT #2309] 1167. [contrib] nslint-2.1a3 (from author). @@ -2671,6 +4236,8 @@ 1164. [bug] Empty masters clauses in slave / stub zones were not handled gracefully. [RT #2262] +1163. [func] isc_time_formattimestamp() now includes the year. + 1162. [bug] The allow-notify option was not accepted in slave zone statements. @@ -2680,18 +4247,62 @@ 1160. [bug] Generating Diffie-Hellman keys longer than 1024 bits could fail. [RT #2241] +1159. [bug] MD and MF are not permitted to be loaded by RFC1123. + +1158. [func] Report the client's address when logging notify + messages. + +1157. [func] match-clients and match-destinations now accept + keys. [RT #2045] + 1156. [port] The configure test for strsep() incorrectly succeeded on certain patched versions of AIX 4.3.3. [RT #2190] +1155. [func] Recover from master files being removed from under + us. + 1154. [bug] Don't attempt to obtain the netmask of a interface if there is no address configured. [RT #2176] +1153. [func] 'rndc {stop|halt} -p' now reports the process id + of the instance of named being shutdown. + 1152. [bug] libbind: read buffer overflows. +1151. [bug] nslookup failed to check that the arguments to + the port, timeout, and retry options were + valid integers and in range. [RT #2099] + +1150. [bug] named incorrectly accepted TTL values + containing plus or minus signs, such as + 1d+1h-1s. + +1149. [func] New function isc_parse_uint32(). + +1148. [func] 'rndc-confgen -a' now provides positive feedback. + +1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by + the OS. listen-on-v6 { any; }; should no longer + result in IPv4 queries be accepted. Similarly + control { inet :: ... }; should no longer result + in IPv4 connections being accepted. This can be + overridden at compile time by defining + ISC_ALLOW_MAPPED=1. + +1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if + supported by the OS by a new function + isc_socket_ipv6only(). + +1145. [func] "host" no longer reports a NOERROR/NODATA response + by printing nothing. [RT #2065] + 1144. [bug] rndc-confgen would crash if both the -a and -t options were specified. [RT #2159] +1143. [bug] When a trusted-keys statement was present and named + was built without crypto support, it would leak memory. + 1142. [bug] dnssec-signzone would fail to delete temporary files in some failure cases. [RT #2144] @@ -2701,52 +4312,24 @@ [RT #2139, #2164] 1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments - to the -s option. [RT #2138] - -1136. [bug] CNAME records synthesized from DNAMEs did not - have a TTL of zero as required by RFC2672. - [RT #2129] - -1125. [bug] rndc: -k option was missing from usage message. - [RT #2057] - -1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail - are now documented. [RT #2052] - -1123. [bug] dig +[no]fail did not match description. [RT #2052] - -1109. [bug] nsupdate accepted illegal ttl values. - -1108. [bug] On Win32, rndc was hanging when named was not running - due to failure to select for exceptional conditions - in select(). [RT #1870] - -1081. [bug] Multicast queries were incorrectly identified - based on the source address, not the destination - address. - -1072. [bug] The TCP client quota could be exceeded when - recursion occurred. [RT #1937] - -1071. [bug] Sockets listening for TCP DNS connections - specified an excessive listen backlog. [RT #1937] - -1070. [bug] Copy DNSSEC OK (DO) to response as specified by - draft-ietf-dnsext-dnssec-okbit-03.txt. + to the -s option. [RT #2138] -1014. [bug] Some queries would cause statistics counters to - increment more than once or not at all. [RT #1321] +1139. [func] It is now possible to flush a given name from the + cache(s) via 'rndc flushname name [view]'. [RT #2051] -1012. [bug] The -p option to named did not behave as documented. +1138. [func] It is now possible to flush a given name from the + cache by calling the new function + dns_cache_flushname(). - 988. [bug] 'additional-from-auth no;' did not work reliably - in the case of queries answered from the cache. - [RT #1436] +1137. [func] It is now possible to flush a given name from the + ADB by calling the new function dns_adb_flushname(). - 995. [bug] dig, host, nslookup: using a raw IPv6 address as a - target address should be fatal on a IPv4 only system. +1136. [bug] CNAME records synthesized from DNAMEs did not + have a TTL of zero as required by RFC2672. + [RT #2129] - --- 9.2.0 released --- +1135. [func] You can now override the default syslog() facility for + named/lwresd at compile time. [RT #1982] 1134. [bug] Multi-threaded servers could deadlock in ferror() when reloading zone files. [RT #1951, #1998] @@ -2754,7 +4337,7 @@ 1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106] - --- 9.2.0rc10 released --- +1132. [func] Improve UPDATE prerequisite failure diagnostic messages. 1131. [bug] The match-destinations view option did not work with IPv6 destinations. [RT #2073, #2074] @@ -2766,16 +4349,37 @@ 1129. [bug] Multi-threaded servers could crash under heavy resolution load due to a race condition. [RT #2018] +1128. [func] sdb drivers can now provide RR data in either text + or wire format, the latter using the new functions + dns_sdb_putrdata() and dns_sdb_putnamedrdata(). + +1127. [func] rndc: If the server to contact has multiple addresses, + try all of them. + 1126. [bug] The server could access a freed event if shut down while a client start event was pending delivery. [RT #2061] +1125. [bug] rndc: -k option was missing from usage message. + [RT #2057] + +1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail + are now documented. [RT #2052] + +1123. [bug] dig +[no]fail did not match description. [RT #2052] + +1122. [tuning] Resolution timeout reduced from 90 to 30 seconds. + [RT #2046] + 1121. [bug] The server could attempt to access a NULL zone table if shut down while resolving. [RT #1587, #2054] 1120. [bug] Errors in options were not fatal. [RT #2002] +1119. [func] Added support in Win32 for NTFS file/directory ACL's + for access control. + 1118. [bug] On multi-threaded servers, a race condition could cause an assertion failure in resolver.c during resolver shutdown. [RT #2029] @@ -2789,16 +4393,32 @@ or transfers-per-ns to a value greater than 2147483647 disabled transfers. [RT #2002] +1115. [func] Set maximum values for cleaning-interval, + heartbeat-interval, interface-interval, + max-transfer-idle-in, max-transfer-idle-out, + max-transfer-time-in, max-transfer-time-out, + statistics-interval of 28 days and + sig-validity-interval of 3660 days. [RT #2002] + 1114. [port] Ignore more accept() errors. [RT #2021] 1113. [bug] The allow-update-forwarding option was ignored when specified in a view. [RT #2014] +1112. [placeholder] + 1111. [bug] Multi-threaded servers could deadlock processing recursive queries due to a locking hierarchy violation in adb.c. [RT #2017] - --- 9.2.0rc9 released --- +1110. [bug] dig should only accept valid abbreviations of +options. + [RT #2003] + +1109. [bug] nsupdate accepted illegal ttl values. + +1108. [bug] On Win32, rndc was hanging when named was not running + due to failure to select for exceptional conditions + in select(). [RT #1870] 1107. [bug] nsupdate could catch an assertion failure if an invalid domain name was given as the argument to @@ -2807,6 +4427,8 @@ 1106. [bug] After seeing an out of range TTL, nsupdate would treat all TTLs as out of range. [RT #2001] +1105. [port] OpenUNIX 8 enable threads by default. [RT #1970] + 1104. [bug] Invalid arguments to the transfer-format option could cause an assertion failure. [RT #1995] @@ -2824,6 +4446,16 @@ 1098. [bug] libbind: HMAC-MD5 key files are now mode 0600. +1097. [func] libbind: RES_PRF_TRUNC for dig. + +1096. [func] libbind: "DNSSEC OK" (DO) support. + +1095. [func] libbind: resolver option: no-tld-query. disables + trying unqualified as a tld. no_tld_query is also + supported for FreeBSD compatibility. + +1094. [func] libbind: add support gcc's format string checking. + 1093. [doc] libbind: miscellaneous nroff fixes. 1092. [bug] libbind: get*by*() failed to check if res_init() had @@ -2837,6 +4469,9 @@ wasting space. We weren't suppressing duplicate addresses. +1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6 + support. + 1088. [port] libbind: MPE/iX C.70 (incomplete) 1087. [bug] libbind: struct __res_state too large on 64 bit arch. @@ -2856,9 +4491,27 @@ to be sent to syslog in addition to stderr. [RT #1974] +1081. [bug] Multicast queries were incorrectly identified + based on the source address, not the destination + address. + +1080. [bug] BIND 8 compatibility: accept bare IP prefixes + as the second element of a two-element top level + sort list statement. [RT #1964] + +1079. [bug] BIND 8 compatibility: accept bare elements at top + level of sort list treating them as if they were + a single element list. [RT #1963] + 1078. [bug] We failed to correct bad tv_usec values in one case. [RT #1966] +1077. [func] Do not accept further recursive clients when + the total number of recursive lookups being + processed exceeds max-recursive-clients, even + if some of the lookups are internally generated. + [RT #1915, #1938] + 1076. [bug] A badly defined global key could trigger an assertion on load/reload if views were used. [RT #1947] @@ -2868,13 +4521,30 @@ 1074. [bug] Running out of memory in dump_rdataset() could cause an assertion failure. [RT #1946] - --- 9.2.0rc8 released --- +1073. [bug] The ADB cache cleaning should also be space driven. + [RT #1915, #1938] + +1072. [bug] The TCP client quota could be exceeded when + recursion occurred. [RT #1937] + +1071. [bug] Sockets listening for TCP DNS connections + specified an excessive listen backlog. [RT #1937] + +1070. [bug] Copy DNSSEC OK (DO) to response as specified by + draft-ietf-dnsext-dnssec-okbit-03.txt. + +1069. [placeholder] 1068. [bug] errno could be overwritten by catgets(). [RT #1921] +1067. [func] Allow quotas to be soft, isc_quota_soft(). + 1066. [bug] Provide a thread safe wrapper for strerror(). [RT #1689] +1065. [func] Runtime support to select new / old style interface + scanning using ioctls. + 1064. [bug] Do not shut down active network interfaces if we are unable to scan the interface list. [RT #1921] @@ -2890,6 +4560,15 @@ maximum cache size was in progress, the server could catch an assertion failure. [RT #1912] +1060. [func] Move refresh, stub and notify UDP retry processing + into dns_request. + +1059. [func] dns_request now support will now retry UDP queries, + dns_request_createvia2() and dns_request_createraw2(). + +1058. [func] Limited lifetime ticker timers are now available, + isc_timertype_limited. + 1057. [bug] Reloading the server after adding a "file" clause to a zone statement could cause the server to crash due to a typo in change 1016. @@ -2897,7 +4576,9 @@ 1056. [bug] Rndc could catch an assertion failure on SIGINT due to an uninitialized variable. [RT #1908] - --- 9.2.0rc7 released --- +1055. [func] Version and hostname queries can now be disabled + using "version none;" and "hostname none;", + respectively. 1054. [bug] On Win32, cfg_categories and cfg_modules need to be exported from the libisccfg DLL. @@ -2919,6 +4600,9 @@ failed to include the correct error code, file name, and line number. [RT #1890] +1049. [func] "pid-file none;" will disable writing a pid file. + [RT #1848] + 1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1 didn't work. @@ -2956,11 +4640,28 @@ TKEY queries with an owner name other than the root could cause an assertion failure. [RT #1866, #1869] +1037. [bug] Negative responses whose authority section contain + SOA or NS records whose owner names are not equal + equal to or parents of the query name should be + rejected. [RT #1862] + +1036. [func] Silently drop requests received via multicast as + long as there is no final multicast DNS standard. + +1035. [bug] If we respond to multicast queries (which we + currently do not), respond from a unicast address + as specified in RFC 1123. [RT #137] + +1034. [bug] Ignore the RD bit on multicast queries as specified + in RFC 1123. [RT #137] + 1033. [bug] Always respond to requests with an unsupported opcode with NOTIMP, even if we don't have a matching view or cannot determine the class. - --- 9.2.0rc6 released --- +1032. [func] hostname.bind/txt/chaos now returns the name of + the machine hosting the nameserver. This is useful + in diagnosing problems with anycast servers. 1031. [bug] libbind.a: isc__gettimeofday() infinite recursion. [RT #1858] @@ -2979,13 +4680,20 @@ 1027. [bug] RRs having the reserved type 0 should be rejected. [RT #1471] -1026. [port] Recognize OpenUNIX 8 in config.guess. [RT #1830] +1026. [placeholder] + +1025. [bug] Don't use multicast addresses to resolve iterative + queries. [RT #101] + +1024. [port] Compilation failed on HP-UX 11.11 due to + incompatible use of the SIOCGLIFCONF macro + name. [RT #1831] + +1023. [func] Accept hints without TTLs. 1022. [bug] Don't report empty root hints as "extra data". [RT #1802] - --- 9.2.0rc5 released --- - 1021. [bug] On Win32, log message timestamps were one month later than they should have been, and the server would exhibit unspecified behavior in December. @@ -3010,16 +4718,27 @@ "size" option failed to create numbered log files. [RT #1783] - --- 9.2.0rc4 released --- +1014. [bug] Some queries would cause statistics counters to + increment more than once or not at all. [RT #1321] 1013. [bug] It was possible to cancel a query twice when marking a server as bogus or by having a blackhole acl. [RT #1776] +1012. [bug] The -p option to named did not behave as documented. + +1011. [cleanup] Removed isc_dir_current(). + 1010. [bug] The server could attempt to execute a command channel command after initiating server shutdown, causing an assertion failure. [RT #1766] +1009. [port] OpenUNIX 8 support. [RT #1728] + +1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2. + +1007. [port] config.guess, config.sub from autoconf-2.52. + 1006. [bug] If a KEY RR was found missing during DNSSEC validation, an assertion failure could subsequently be triggered in the resolver. [RT #1763] @@ -3029,6 +4748,8 @@ 1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770] +1003. [func] Add the +retry option to dig. + 1002. [bug] When reporting an unknown class name in named.conf, including the file name and line number. [RT #1759] @@ -3039,31 +4760,83 @@ 1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias for class "HS". [RT #1759] - --- 9.2.0rc3 released --- + 999. [func] "rndc retransfer zone [class [view]]" added. + [RT #1752] + + 998. [func] named-checkzone now has arguments to specify the + chroot directory (-t) and working directory (-w). + [RT #1755] + + 997. [func] Add support for RSA-SHA1 keys (RFC3110). + + 996. [func] Issue warning if the configuration filename contains + the chroot path. + + 995. [bug] dig, host, nslookup: using a raw IPv6 address as a + target address should be fatal on a IPv4 only system. + + 994. [func] Treat non-authoritative responses to queries for type + NS as referrals even if the NS records are in the + answer section, because BIND 8 servers incorrectly + send them that way. This is necessary for DNSSEC + validation of the NS records of a secure zone to + succeed when the parent is a BIND 8 server. [RT #1706] + + 993. [func] dig: -v now reports the version. + + 992. [doc] dig: ~/.digrc is now documented. + + 991. [func] Lower UDP refresh timeout messages to level + debug 1. 990. [bug] The rndc-confgen man page was not installed. 989. [bug] Report filename if $INCLUDE fails for file related errors. [RT #1736] + 988. [bug] 'additional-from-auth no;' did not work reliably + in the case of queries answered from the cache. + [RT #1436] + 987. [bug] "dig -help" didn't show "+[no]stats". 986. [bug] "dig +noall" failed to clear stats and command printing. + 985. [func] Consider network interfaces to be up iff they have + a nonzero IP address rather than based on the + IFF_UP flag. [RT #1160] + 984. [bug] Multi-threading should be enabled by default on Solaris 2.7 and newer, but it wasn't. - --- 9.2.0rc2 released --- + 983. [func] The server now supports generating IXFR difference + sequences for non-dynamic zones by comparing zone + versions, when enabled using the new config + option "ixfr-from-differences". [RT #1727] + + 982. [func] If "memstatistics-file" is set in options the memory + statistics will be written to it. + + 981. [func] The dnssec tools can now take multiple '-r randomfile' + arguments. 980. [bug] Incoming zone transfers restarting after an error could trigger an assertion failure. [RT #1692] + 979. [func] Incremental master file dumping. dns_master_dumpinc(), + dns_master_dumptostreaminc(), dns_dumpctx_attach(), + dns_dumpctx_detach(), dns_dumpctx_cancel(), + dns_dumpctx_db() and dns_dumpctx_version(). + 978. [bug] dns_db_attachversion() had an invalid REQUIRE() condition. 977. [bug] Improve "not at top of zone" error message. + 976. [func] named-checkconf can now test load master zones + (named-checkconf -z). [RT #1468] + 975. [bug] "max-cache-size default;" as a view option caused an assertion failure. @@ -3077,6 +4850,17 @@ 972. [bug] The file modification time code in zone.c was using the wrong epoch. [RT #1667] + 971. [placeholder] + + 970. [func] 'max-journal-size' can now be used to set a target + size for a journal. + + 969. [func] dig now supports the undocumented dig 8 feature + of allowing arbitrary labels, not just dotted + decimal quads, with the -x option. This can be + used to conveniently look up RFC2317 names as in + "dig -x 10.0.0.0-127". [RT #827, #1576, #1598] + 968. [bug] On win32, the isc_time_now() function was unnecessarily calling strtime(). [RT #1671] @@ -3125,7 +4909,7 @@ 954. [bug] When requesting AXFRs or IXFRs using dig, host, or nslookup, the RD bit should not be set as zone - transfers are inherently nonrecursive. [RT #1575] + transfers are inherently non-recursive. [RT #1575] 953. [func] The /var/run/named.key file from change #843 has been replaced by /etc/rndc.key. Both @@ -3286,6 +5070,8 @@ 910. [port] Some pre-RFC2133 IPv6 implementations do not define IN6ADDR_ANY_INIT. [RT #1416] + 909. [placeholder] + 908. [func] New program, rndc-confgen, to simplify setting up rndc. 907. [func] The ability to get entropy from either the @@ -3368,6 +5154,46 @@ 887. [port] Detect broken compilers that can't call static functions from inline functions. [RT #1212] + 886. [placeholder] + + 885. [placeholder] + + 884. [placeholder] + + 883. [placeholder] + + 882. [placeholder] + + 881. [placeholder] + + 880. [placeholder] + + 879. [placeholder] + + 878. [placeholder] + + 877. [placeholder] + + 876. [placeholder] + + 875. [placeholder] + + 874. [placeholder] + + 873. [placeholder] + + 872. [placeholder] + + 871. [placeholder] + + 870. [placeholder] + + 869. [placeholder] + + 868. [placeholder] + + 867. [placeholder] + 866. [func] Close debug only file channels when debug is set to zero. [RT #1246] @@ -3398,7 +5224,7 @@ 860. [func] Drop cross class glue in zone transfers. 859. [bug] Cache cleaning now won't swamp the CPU if there - is a persistent overlimit condition. + is a persistent over limit condition. 858. [func] isc_mem_setwater() no longer requires that when the callback function is non-NULL then its hi_water @@ -3574,7 +5400,7 @@ 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194] 810. [bug] The signer name in SIG records was not properly - downcased when signing/verifying records. [RT #1186] + down-cased when signing/verifying records. [RT #1186] 809. [bug] Configuring a non-local address as a transfer-source could cause an assertion failure during load. @@ -3586,9 +5412,9 @@ ignored like it should be. 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up - the calling stack to the zone maintence level, causing - zones to not reload when an included file was touched - but the top-level zone file was not. + the calling stack to the zone maintenance level, + causing zones to not reload when an included file was + touched but the top-level zone file was not. 805. [bug] When using "forward only", missing root hints should not cause queries to fail. [RT #1143] @@ -3628,7 +5454,7 @@ in rndc.conf. 793. [cleanup] The DNSSEC tools could create filenames that were - illegal or contained shell metacharacters. They + illegal or contained shell meta-characters. They now use a different text encoding of names that doesn't have these problems. [RT #1101] @@ -3652,7 +5478,7 @@ names when mapping them into file names. 786. [bug] When DNSSEC signing/verifying data, owner names were - not properly downcased. + not properly down-cased. 785. [bug] A race condition in the resolver could cause an assertion failure. [RT #673, #872, #1048] @@ -3671,7 +5497,7 @@ 780. [bug] Error handling code dealing with out of memory or other rare errors could lead to assertion failures - by calling functions on unitialized names. [RT #1065] + by calling functions on uninitialized names. [RT #1065] 779. [func] Added the "minimal-responses" option. @@ -3814,7 +5640,7 @@ 735. [doc] Add BIND 4 migration notes. 734. [bug] An attempt to re-lock the zone lock could occur if - the server was shutdown during a zone tranfer. + the server was shutdown during a zone transfer. [RT #830] 733. [bug] Reference counts of dns_acl_t objects need to be @@ -3954,7 +5780,7 @@ 688. [func] "make tags" now works on systems with the "Exuberant Ctags" etags. - 687. [bug] Only say we have IPv6, with sufficent functionality, + 687. [bug] Only say we have IPv6, with sufficient functionality, if it has actually been tested. [RT #586] 686. [bug] dig and nslookup can now be properly aborted during @@ -4175,6 +6001,8 @@ to be non-null. Also 'done' will not be called if dns_master_load*inc() fails immediately. [RT #565] + 619. [placeholder] + 618. [bug] Queries to a signed zone could sometimes cause an assertion failure. @@ -4270,7 +6098,7 @@ --- 9.1.0b1 released --- 591. [bug] Work around non-reentrancy in openssl by disabling - precomputation in keys. + pre-computation in keys. 590. [doc] There are now man pages for the lwres library in doc/man/lwres. @@ -4319,7 +6147,7 @@ source address for notify messages. 577. [func] Log illegal RDATA combinations. e.g. multiple - singlton types, cname and other data. + singleton types, cname and other data. 576. [doc] isc_log_create() description did not match reality. @@ -4330,7 +6158,7 @@ have their responses validated and would leak memory. 573. [bug] The journal files of IXFRed slave zones were - inadvertantly discarded on server reload, causing + inadvertently discarded on server reload, causing "journal out of sync with zone" errors on subsequent reloads. [RT #482] @@ -4407,6 +6235,8 @@ 548. [func] The lexer now ungets tokens more correctly. + 547. [placeholder] + 546. [func] Option 'lame-ttl' is now implemented. 545. [func] Name limit and counting options removed from dig; @@ -4432,6 +6262,8 @@ 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo(). + 537. [placeholder] + 536. [func] Use transfer-source{-v6} when sending refresh queries. Transfer-source{-v6} now take a optional port parameter for setting the UDP source port. The port @@ -4495,7 +6327,7 @@ others). 519. [bug] dns_name_split() would improperly split some bitstring - labels, zeroing a few of the least signficant bits in + labels, zeroing a few of the least significant bits in the prefix part. When such an improperly created prefix was returned to the RBT database, the bogus label was dutifully stored, corrupting the tree. @@ -4523,7 +6355,7 @@ 513. [func] New functionality added to rdnc and server to allow individual zones to be refreshed or reloaded. - 512. [bug] The zone transfer code could throw an execption with + 512. [bug] The zone transfer code could throw an exception with an invalid IXFR stream. 511. [bug] The message code could throw an assertion on an @@ -4714,7 +6546,7 @@ 452. [bug] Warn if the unimplemented option "statistics-file" is specified in named.conf. [RT #301] - 451. [func] Update forwarding implememted. + 451. [func] Update forwarding implemented. 450. [func] New function ns_client_sendraw(). @@ -4815,7 +6647,7 @@ e.g. due to corrupt zones with multiple SOA records. [RT #279] - 423. [bug] When responding to a recusive query, errors that occur + 423. [bug] When responding to a recursive query, errors that occur after following a CNAME should cause the query to fail. [RT #274] @@ -4860,7 +6692,7 @@ 409. [bug] If named was shut down early in the startup process, ns_omapi_shutdown() would attempt to lock - an unintialized mutex. [RT #262] + an uninitialized mutex. [RT #262] 408. [bug] stub zones could leak memory and reference counts if all the masters were unreachable. @@ -4927,7 +6759,7 @@ making the functions dns_zone_adddbarg() and dns_zone_cleardbargs() unnecessary. - 389. [bug] Attempting to send a reqeust over IPv6 using + 389. [bug] Attempting to send a request over IPv6 using dns_request_create() on a system without IPv6 support caused an assertion failure [RT #235]. @@ -4984,7 +6816,7 @@ of a very large RRset could cause an assertion failure during logging. - 370. [bug] The error messages for rollforward failures were + 370. [bug] The error messages for roll-forward failures were overly terse. 369. [func] Support new named.conf options, view and zone @@ -5005,6 +6837,8 @@ 364. [func] Added additional-from-{cache,auth} + 363. [placeholder] + 362. [bug] rndc no longer aborts if the configuration file is missing an options statement. [RT #209] @@ -5056,8 +6890,7 @@ 347. [bug] Don't crash if an argument is left off options in dig. - 346. [func] Add support for .digrc config file, in the - user's current directory. + 346. [placeholder] 345. [bug] Large-scale changes/cleanups to dig: * Significantly improve structure handling @@ -5126,7 +6959,7 @@ 328. [func] Added isc_base64_decodestring(). - 327. [bug] rndc.conf parser wasn't correctly recognising an IP + 327. [bug] rndc.conf parser wasn't correctly recognizing an IP address where a host specification was required. 326. [func] 'keys' in an 'inet' control statement is now @@ -5156,7 +6989,7 @@ where they previously didn't. 321. [bug] When synthesizing a CNAME RR for a DNAME - response, query_addcname() failed to intitialize + response, query_addcname() failed to initialize the type and class of the CNAME dns_rdata_t, causing random failures. @@ -5432,7 +7265,7 @@ --- 9.0.0b4 released --- - 253. [func] resolv.conf parser now recognises ';' and '#' as + 253. [func] resolv.conf parser now recognizes ';' and '#' as comments (anywhere in line, not just as the beginning). 252. [bug] resolv.conf parser mishandled masks on sortlists. @@ -5502,7 +7335,7 @@ requiring a quoted string. 233. [cleanup] Convert all config structure integer values to unsigned - integer (isc_uint32_t) to match grammer. + integer (isc_uint32_t) to match grammar. 232. [bug] Allow slave zones to not have a file. @@ -5539,7 +7372,7 @@ from confparser.c, because of yacc's code, are unfortunately to be expected.) - 223. [func] Several functions were reprototyped to qualify one + 223. [func] Several functions were re-prototyped to qualify one or more of their arguments with "const". Similarly, several functions that return pointers now have those pointers qualified with const. @@ -5617,7 +7450,6 @@ 201. [cleanup] Removed the test/sdig program, it has been replaced by bin/dig/dig. - --- 9.0.0b3 released --- 200. [bug] Failures in sending query responses to clients @@ -5705,7 +7537,7 @@ 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful for logging the program name or other identifier. - 182. [cleanup] New commandline parameters for dnssec tools + 182. [cleanup] New command-line parameters for dnssec tools 181. [func] Added dst_key_buildfilename and dst_key_parsefilename @@ -5750,8 +7582,8 @@ --with-mit-pthreads option is no longer needed and has been removed. - 170. [cleanup] Remove inter server consistancy checks from zone, - these should return as a seperate module in 9.1. + 170. [cleanup] Remove inter server consistency checks from zone, + these should return as a separate module in 9.1. dns_zone_checkservers(), dns_zone_checkparents(), dns_zone_checkchildren(), dns_zone_checkglue(). @@ -5843,7 +7675,7 @@ than continuing to itemize every header which changed, this changelog entry just notes that if a header file did not need another header file that it was including - in order to provide its advertized functionality, the + in order to provide its advertised functionality, the inclusion of the other header file was removed. See util/check-includes for how this was tested. @@ -6235,7 +8067,7 @@ 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@. - 30. [func] config file grammer change to support optional + 30. [func] config file grammar change to support optional class type for a view. 29. [func] support new config file view options: @@ -6299,7 +8131,7 @@ 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore out-of-zone data. - 12. [bug] Fixed possible unitialized variable error. + 12. [bug] Fixed possible uninitialized variable error. 11. [bug] axfr_rrstream_first() didn't check the result code of db_rr_iterator_first(), possibly causing an assertion diff --git a/contrib/bind-9.3/COPYRIGHT b/contrib/bind-9.5.2/COPYRIGHT similarity index 87% rename from contrib/bind-9.3/COPYRIGHT rename to contrib/bind-9.5.2/COPYRIGHT index 8bbcf244d6..fe042aafc8 100644 --- a/contrib/bind-9.3/COPYRIGHT +++ b/contrib/bind-9.5.2/COPYRIGHT @@ -1,7 +1,7 @@ -Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. -Permission to use, copy, modify, and distribute this software for any +Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. @@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -$Id: COPYRIGHT,v 1.6.2.2.8.4 2006/01/04 00:37:22 marka Exp $ +$Id: COPYRIGHT,v 1.13.130.2 2009/01/05 23:46:51 tbox Exp $ Portions Copyright (C) 1996-2001 Nominum, Inc. diff --git a/contrib/bind-9.5.2/FAQ b/contrib/bind-9.5.2/FAQ new file mode 100644 index 0000000000..4df1d764ce --- /dev/null +++ b/contrib/bind-9.5.2/FAQ @@ -0,0 +1,877 @@ +Frequently Asked Questions about BIND 9 + +Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC") + +Copyright © 2000-2003 Internet Software Consortium. + +----------------------------------------------------------------------- + +1. Compilation and Installation Questions + +Q: I'm trying to compile BIND 9, and "make" is failing due to files not + being found. Why? + +A: Using a parallel or distributed "make" to build BIND 9 is not + supported, and doesn't work. If you are using one of these, use normal + make or gmake instead. + +Q: Isn't "make install" supposed to generate a default named.conf? + +A: Short Answer: No. + + Long Answer: There really isn't a default configuration which fits any + site perfectly. There are lots of decisions that need to be made and + there is no consensus on what the defaults should be. For example + FreeBSD uses /etc/namedb as the location where the configuration files + for named are stored. Others use /var/named. + + What addresses to listen on? For a laptop on the move a lot you may + only want to listen on the loop back interfaces. + + Who do you offer recursive service to? Is there are firewall to + consider? If so is it stateless or stateful. Are you directly on the + Internet? Are you on a private network? Are you on a NAT'd network? The + answers to all these questions change how you configure even a caching + name server. + +2. Configuration and Setup Questions + +Q: Why does named log the warning message "no TTL specified - using SOA + MINTTL instead"? + +A: Your zone file is illegal according to RFC1035. It must either have a + line like: + + $TTL 86400 + + at the beginning, or the first record in it must have a TTL field, like + the "84600" in this example: + + example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 ) + +Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master + file bar: ran out of space"? + +A: This is often caused by TXT records with missing close quotes. Check + that all TXT records containing quoted strings have both open and close + quotes. + +Q: How do I restrict people from looking up the server version? + +A: Put a "version" option containing something other than the real version + in the "options" section of named.conf. Note doing this will not + prevent attacks and may impede people trying to diagnose problems with + your server. Also it is possible to "fingerprint" nameservers to + determine their version. + +Q: How do I restrict only remote users from looking up the server version? + +A: The following view statement will intercept lookups as the internal + view that holds the version information will be matched last. The + caveats of the previous answer still apply, of course. + + view "chaos" chaos { + match-clients { ; }; + allow-query { none; }; + zone "." { + type hint; + file "/dev/null"; // or any empty file + }; + }; + +Q: What do "no source of entropy found" or "could not open entropy source + foo" mean? + +A: The server requires a source of entropy to perform certain operations, + mostly DNSSEC related. These messages indicate that you have no source + of entropy. On systems with /dev/random or an equivalent, it is used by + default. A source of entropy can also be defined using the + random-device option in named.conf. + +Q: I'm trying to use TSIG to authenticate dynamic updates or zone + transfers. I'm sure I have the keys set up correctly, but the server is + rejecting the TSIG. Why? + +A: This may be a clock skew problem. Check that the the clocks on the + client and server are properly synchronised (e.g., using ntp). + +Q: I see a log message like the following. Why? + + couldn't open pid file '/var/run/named.pid': Permission denied + +A: You are most likely running named as a non-root user, and that user + does not have permission to write in /var/run. The common ways of + fixing this are to create a /var/run/named directory owned by the named + user and set pid-file to "/var/run/named/named.pid", or set pid-file to + "named.pid", which will put the file in the directory specified by the + directory option (which, in this case, must be writable by the named + user). + +Q: I can query the nameserver from the nameserver but not from other + machines. Why? + +A: This is usually the result of the firewall configuration stopping the + queries and / or the replies. + +Q: How can I make a server a slave for both an internal and an external + view at the same time? When I tried, both views on the slave were + transferred from the same view on the master. + +A: You will need to give the master and slave multiple IP addresses and + use those to make sure you reach the correct view on the other machine. + + Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias) + internal: + match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; }; + notify-source 10.0.1.1; + transfer-source 10.0.1.1; + query-source address 10.0.1.1; + external: + match-clients { any; }; + recursion no; // don't offer recursion to the world + notify-source 10.0.1.2; + transfer-source 10.0.1.2; + query-source address 10.0.1.2; + + Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias) + internal: + match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; }; + notify-source 10.0.1.3; + transfer-source 10.0.1.3; + query-source address 10.0.1.3; + external: + match-clients { any; }; + recursion no; // don't offer recursion to the world + notify-source 10.0.1.4; + transfer-source 10.0.1.4; + query-source address 10.0.1.4; + + You put the external address on the alias so that all the other dns + clients on these boxes see the internal view by default. + +A: BIND 9.3 and later: Use TSIG to select the appropriate view. + + Master 10.0.1.1: + key "external" { + algorithm hmac-md5; + secret "xxxxxxxx"; + }; + view "internal" { + match-clients { !key external; // reject message ment for the + // external view. + 10.0.1/24; }; // accept from these addresses. + ... + }; + view "external" { + match-clients { key external; any; }; + server 10.0.1.2 { keys external; }; // tag messages from the + // external view to the + // other servers for the + // view. + recursion no; + ... + }; + + Slave 10.0.1.2: + key "external" { + algorithm hmac-md5; + secret "xxxxxxxx"; + }; + view "internal" { + match-clients { !key external; 10.0.1/24; }; + ... + }; + view "external" { + match-clients { key external; any; }; + server 10.0.1.1 { keys external; }; + recursion no; + ... + }; + +Q: I get error messages like "multiple RRs of singleton type" and "CNAME + and other data" when transferring a zone. What does this mean? + +A: These indicate a malformed master zone. You can identify the exact + records involved by transferring the zone using dig then running + named-checkzone on it. + + dig axfr example.com @master-server > tmp + named-checkzone example.com tmp + + A CNAME record cannot exist with the same name as another record except + for the DNSSEC records which prove its existence (NSEC). + + RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other + data should be present; this ensures that the data for a canonical name + and its aliases cannot be different. This rule also insures that a + cached CNAME can be used without checking with an authoritative server + for other RR types." + +Q: I get error messages like "named.conf:99: unexpected end of input" + where 99 is the last line of named.conf. + +A: There are unbalanced quotes in named.conf. + +A: Some text editors (notepad and wordpad) fail to put a line title + indication (e.g. CR/LF) on the last line of a text file. This can be + fixed by "adding" a blank line to the end of the file. Named expects to + see EOF immediately after EOL and treats text files where this is not + met as truncated. + +Q: How do I share a dynamic zone between multiple views? + +A: You choose one view to be master and the second a slave and transfer + the zone between views. + + Master 10.0.1.1: + key "external" { + algorithm hmac-md5; + secret "xxxxxxxx"; + }; + + key "mykey" { + algorithm hmac-md5; + secret "yyyyyyyy"; + }; + + view "internal" { + match-clients { !key external; 10.0.1/24; }; + server 10.0.1.1 { + /* Deliver notify messages to external view. */ + keys { external; }; + }; + zone "example.com" { + type master; + file "internal/example.db"; + allow-update { key mykey; }; + notify-also { 10.0.1.1; }; + }; + }; + + view "external" { + match-clients { key external; any; }; + zone "example.com" { + type slave; + file "external/example.db"; + masters { 10.0.1.1; }; + transfer-source { 10.0.1.1; }; + // allow-update-forwarding { any; }; + // allow-notify { ... }; + }; + }; + +Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading + master file primaries/wireless.ietf56.ietf.org: no owner". + +A: This error is produced when a line in the master file contains leading + white space (tab/space) but the is no current record owner name to + inherit the name from. Usually this is the result of putting white + space before a comment, forgetting the "@" for the SOA record, or + indenting the master file. + +Q: Why are my logs in GMT (UTC). + +A: You are running chrooted (-t) and have not supplied local timezone + information in the chroot area. + + FreeBSD: /etc/localtime + Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo + OSF: /etc/zoneinfo/localtime + + See also tzset(3) and zic(8). + +Q: I get "rndc: connect failed: connection refused" when I try to run + rndc. + +A: This is usually a configuration error. + + First ensure that named is running and no errors are being reported at + startup (/var/log/messages or equivalent). Running "named -g " from a title can help at this point. + + Secondly ensure that named is configured to use rndc either by + "rndc-confgen -a", rndc-confgen or manually. The Administrators + Reference manual has details on how to do this. + + Old versions of rndc-confgen used localhost rather than 127.0.0.1 in / + etc/rndc.conf for the default server. Update /etc/rndc.conf if + necessary so that the default server listed in /etc/rndc.conf matches + the addresses used in named.conf. "localhost" has two address + (127.0.0.1 and ::1). + + If you use "rndc-confgen -a" and named is running with -t or -u ensure + that /etc/rndc.conf has the correct ownership and that a copy is in the + chroot area. You can do this by re-running "rndc-confgen -a" with + appropriate -t and -u arguments. + +Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while + receiving responses: permission denied" error messages. + +A: These indicate a filesystem permission error preventing named creating + / renaming the temporary file. These will usually also have other + associated error messages like + + "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied" + + Named needs write permission on the directory containing the file. + Named writes the new cache file to a temporary file then renames it to + the name specified in named.conf to ensure that the contents are always + complete. This is to prevent named loading a partial zone in the event + of power failure or similar interrupting the write of the master file. + + Note file names are relative to the directory specified in options and + any chroot directory ([/][]). + + If named is invoked as "named -t /chroot/DNS" with the following + named.conf then "/chroot/DNS/var/named/sl" needs to be writable by the + user named is running as. + + options { + directory "/var/named"; + }; + + zone "example.net" { + type slave; + file "sl/example.net"; + masters { 192.168.4.12; }; + }; + +Q: I want to forward all DNS queries from my caching nameserver to another + server. But there are some domains which have to be served locally, via + rbldnsd. + + How do I achieve this ? + +A: options { + forward only; + forwarders { ; }; + }; + + zone "sbl-xbl.spamhaus.org" { + type forward; forward only; + forwarders { port 530; }; + }; + + zone "list.dsbl.org" { + type forward; forward only; + forwarders { port 530; }; + }; + + +Q: Can you help me understand how BIND 9 uses memory to store DNS zones? + + Some times it seems to take several times the amount of memory it needs + to store the zone. + +A: When reloading a zone named my have multiple copies of the zone in + memory at one time. The zone it is serving and the one it is loading. + If reloads are ultra fast it can have more still. + + e.g. Ones that are transferring out, the one that it is serving and the + one that is loading. + + BIND 8 destroyed the zone before loading and also killed off outgoing + transfers of the zone. + + The new strategy allows slaves to get copies of the new zone regardless + of how often the master is loaded compared to the transfer time. The + slave might skip some intermediate versions but the transfers will + complete and it will keep reasonably in sync with the master. + + The new strategy also allows the master to recover from syntax and + other errors in the master file as it still has an in-core copy of the + old contents. + +Q: I want to use IPv6 locally but I don't have a external IPv6 connection. + External lookups are slow. + +A: You can use server clauses to stop named making external lookups over + IPv6. + + server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix + server ::/0 { bogus yes; }; + +3. Operations Questions + +Q: How to change the nameservers for a zone? + +A: Step 1: Ensure all nameservers, new and old, are serving the same zone + content. + + Step 2: Work out the maximum TTL of the NS RRset in the parent and + child zones. This is the time it will take caches to be clear of a + particular version of the NS RRset. If you are just removing + nameservers you can skip to Step 6. + + Step 3: Add new nameservers to the NS RRset for the zone and wait until + all the servers for the zone are answering with this new NS RRset. + + Step 4: Inform the parent zone of the new NS RRset then wait for all + the parent servers to be answering with the new NS RRset. + + Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for + how long. If you are just adding nameservers you are done. + + Step 6: Remove any old nameservers from the zones NS RRset and wait for + all the servers for the zone to be serving the new NS RRset. + + Step 7: Inform the parent zone of the new NS RRset then wait for all + the parent servers to be answering with the new NS RRset. + + Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for + how long. + + Step 9: Turn off the old nameservers or remove the zone entry from the + configuration of the old nameservers. + + Step 10: Increment the serial number and wait for the change to be + visible in all nameservers for the zone. This ensures that zone + transfers are still working after the old servers are decommissioned. + + Note: the above procedure is designed to be transparent to dns clients. + Decommissioning the old servers too early will result in some clients + not being able to look up answers in the zone. + + Note: while it is possible to run the addition and removal stages + together it is not recommended. + +4. General Questions + +Q: I keep getting log messages like the following. Why? + + Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': + update failed: 'RRset exists (value dependent)' prerequisite not + satisfied (NXRRSET) + +A: DNS updates allow the update request to test to see if certain + conditions are met prior to proceeding with the update. The message + above is saying that conditions were not met and the update is not + proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites. + +Q: I keep getting log messages like the following. Why? + + Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied + +A: Someone is trying to update your DNS data using the RFC2136 Dynamic + Update protocol. Windows 2000 machines have a habit of sending dynamic + update requests to DNS servers without being specifically configured to + do so. If the update requests are coming from a Windows 2000 machine, + see + for information about how to turn them off. + +Q: When I do a "dig . ns", many of the A records for the root servers are + missing. Why? + +A: This is normal and harmless. It is a somewhat confusing side effect of + the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 + makes to avoid promoting glue into answers. + + When BIND 9 first starts up and primes its cache, it receives the root + server addresses as additional data in an authoritative response from a + root server, and these records are eligible for inclusion as additional + data in responses. Subsequently it receives a subset of the root server + addresses as additional data in a non-authoritative (referral) response + from a root server. This causes the addresses to now be considered + non-authoritative (glue) data, which is not eligible for inclusion in + responses. + + The server does have a complete set of root server addresses cached at + all times, it just may not include all of them as additional data, + depending on whether they were last received as answers or as glue. You + can always look up the addresses with explicit queries like "dig + a.root-servers.net A". + +Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP? + +A: A zone can be updated either by editing zone files and reloading the + server or by dynamic update, but not both. If you have enabled dynamic + update for a zone using the "allow-update" option, you are not supposed + to edit the zone file by hand, and the server will not attempt to + reload it. + +Q: Why is named listening on UDP port other than 53? + +A: Named uses a system selected port to make queries of other nameservers. + This behaviour can be overridden by using query-source to lock down the + port and/or address. See also notify-source and transfer-source. + +Q: I get warning messages like "zone example.com/IN: refresh: failure + trying master 1.2.3.4#53: timed out". + +A: Check that you can make UDP queries from the slave to the master + + dig +norec example.com soa @1.2.3.4 + + You could be generating queries faster than the slave can cope with. + Lower the serial query rate. + + serial-query-rate 5; // default 20 + +Q: I don't get RRSIG's returned when I use "dig +dnssec". + +A: You need to ensure DNSSEC is enabled (dnssec-enable yes;). + +Q: Can a NS record refer to a CNAME. + +A: No. The rules for glue (copies of the *address* records in the parent + zones) and additional section processing do not allow it to work. + + You would have to add both the CNAME and address records (A/AAAA) as + glue to the parent zone and have CNAMEs be followed when doing + additional section processing to make it work. No nameserver + implementation supports either of these requirements. + +Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" + mean? + +A: If the IN-ADDR.ARPA name covered refers to a internal address space you + are using then you have failed to follow RFC 1918 usage rules and are + leaking queries to the Internet. You should establish your own zones + for these addresses to prevent you querying the Internet's name servers + for these addresses. Please see for details of the + problems you are causing and the counter measures that have had to be + deployed. + + If you are not using these private addresses then a client has queried + for them. You can just ignore the messages, get the offending client to + stop sending you these messages as they are most probably leaking them + or setup your own zones empty zones to serve answers to these queries. + + zone "10.IN-ADDR.ARPA" { + type master; + file "empty"; + }; + + zone "16.172.IN-ADDR.ARPA" { + type master; + file "empty"; + }; + + ... + + zone "31.172.IN-ADDR.ARPA" { + type master; + file "empty"; + }; + + zone "168.192.IN-ADDR.ARPA" { + type master; + file "empty"; + }; + + empty: + @ 10800 IN SOA . . ( + 1 3600 1200 604800 10800 ) + @ 10800 IN NS . + + Note + + Future versions of named are likely to do this automatically. + +Q: Will named be affected by the 2007 changes to daylight savings rules in + the US. + +A: No, so long as the machines internal clock (as reported by "date -u") + remains at UTC. The only visible change if you fail to upgrade your OS, + if you are in a affected area, will be that log messages will be a hour + out during the period where the old rules do not match the new rules. + + For most OS's this change just means that you need to update the + conversion rules from UTC to local time. Normally this involves + updating a file in /etc (which sets the default timezone for the + machine) and possibly a directory which has all the conversion rules + for the world (e.g. /usr/share/zoneinfo). When updating the OS do not + forget to update any chroot areas as well. See your OS's documentation + for more details. + + The local timezone conversion rules can also be done on a individual + basis by setting the TZ environment variable appropriately. See your + OS's documentation for more details. + +Q: Is there a bugzilla (or other tool) database that mere mortals can have + (read-only) access to for bind? + +A: No. The BIND 9 bug database is kept closed for a number of reasons. + These include, but are not limited to, that the database contains + proprietory information from people reporting bugs. The database has in + the past and may in future contain unfixed bugs which are capable of + bringing down most of the Internet's DNS infrastructure. + + The release pages for each version contain up to date lists of bugs + that have been fixed post release. That is as close as we can get to + providing a bug database. + +Q: Why do queries for NSEC3 records fail to return the NSEC3 record? + +A: NSEC3 records are strictly meta data and can only be returned in the + authority section. This is done so that signing the zone using NSEC3 + records does not bring names into existence that do not exist in the + unsigned version of the zone. + +5. Operating-System Specific Questions + +5.1. HPUX + +Q: I get the following error trying to configure BIND: + + checking if unistd.h or sys/types.h defines fd_set... no + configure: error: need either working unistd.h or sys/select.h + +A: You have attempted to configure BIND with the bundled C compiler. This + compiler does not meet the minimum compiler requirements to for + building BIND. You need to install a ANSI C compiler and / or teach + configure how to find the ANSI C compiler. The later can be done by + adjusting the PATH environment variable and / or specifying the + compiler via CC. + + ./configure CC= ... + +5.2. Linux + +Q: Why do I get the following errors: + + general: errno2result.c:109: unexpected error: + general: unable to convert errno to isc_result: 14: Bad address + client: UDP client handler shutting down due to fatal receive error: unexpected error + +A: This is the result of a Linux kernel bug. + + See: + +Q: Why does named lock up when it attempts to connect over IPSEC tunnels? + +A: This is due to a kernel bug where the fact that a socket is marked + non-blocking is ignored. It is reported that setting xfrm_larval_drop + to 1 helps but this may have negative side effects. See: and . + + xfrm_larval_drop can be set to 1 by the following procedure: + + echo "1" > proc/sys/net/core/xfrm_larval_drop + +Q: Why do I see 5 (or more) copies of named on Linux? + +A: Linux threads each show up as a process under ps. The approximate + number of threads running is n+4, where n is the number of CPUs. Note + that the amount of memory used is not cumulative; if each process is + using 10M of memory, only a total of 10M is used. + + Newer versions of Linux's ps command hide the individual threads and + require -L to display them. + +Q: Why does BIND 9 log "permission denied" errors accessing its + configuration files or zones on my Linux system even though it is + running as root? + +A: On Linux, BIND 9 drops most of its root privileges on startup. This + including the privilege to open files owned by other users. Therefore, + if the server is running as root, the configuration files and zone + files should also be owned by root. + +Q: I get the error message "named: capset failed: Operation not permitted" + when starting named. + +A: The capability module, part of "Linux Security Modules/LSM", has not + been loaded into the kernel. See insmod(8), modprobe(8). + + The relevant modules can be loaded by running: + + modprobe commoncap + modprobe capability + +Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core - + + Why can't named update slave zone database files? + + Why can't named create DDNS journal files or update the master zones + from journals? + + Why can't named create custom log files? + +A: Red Hat Security Enhanced Linux (SELinux) policy security protections : + + Red Hat have adopted the National Security Agency's SELinux security + policy (see ) and recommendations for BIND + security , which are more secure than running named in a chroot and + make use of the bind-chroot environment unnecessary . + + By default, named is not allowed by the SELinux policy to write, create + or delete any files EXCEPT in these directories: + + $ROOTDIR/var/named/slaves + $ROOTDIR/var/named/data + $ROOTDIR/var/tmp + + + where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is + installed. + + The SELinux policy particularly does NOT allow named to modify the + $ROOTDIR/var/named directory, the default location for master zone + database files. + + SELinux policy overrules file access permissions - so even if all the + files under /var/named have ownership named:named and mode rw-rw-r--, + named will still not be able to write or create files except in the + directories above, with SELinux in Enforcing mode. + + So, to allow named to update slave or DDNS zone files, it is best to + locate them in $ROOTDIR/var/named/slaves, with named.conf zone + statements such as: + + zone "slave.zone." IN { + type slave; + file "slaves/slave.zone.db"; + ... + }; + zone "ddns.zone." IN { + type master; + allow-updates {...}; + file "slaves/ddns.zone.db"; + }; + + + To allow named to create its cache dump and statistics files, for + example, you could use named.conf options statements such as: + + options { + ... + dump-file "/var/named/data/cache_dump.db"; + statistics-file "/var/named/data/named_stats.txt"; + ... + }; + + + You can also tell SELinux to allow named to update any zone database + files, by setting the SELinux tunable boolean parameter + 'named_write_master_zones=1', using the system-config-securitylevel + GUI, using the 'setsebool' command, or in /etc/selinux/targeted/ + booleans. + + You can disable SELinux protection for named entirely by setting the + 'named_disable_trans=1' SELinux tunable boolean parameter. + + The SELinux named policy defines these SELinux contexts for named: + + named_zone_t : for zone database files - $ROOTDIR/var/named/* + named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.* + named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}} + + + If you want to retain use of the SELinux policy for named, and put + named files in different locations, you can do so by changing the + context of the custom file locations . + + To create a custom configuration file location, e.g. '/root/ + named.conf', to use with the 'named -c' option, do: + + # chcon system_u:object_r:named_conf_t /root/named.conf + + + To create a custom modifiable named data location, e.g. '/var/log/ + named' for a log file, do: + + # chcon system_u:object_r:named_cache_t /var/log/named + + + To create a custom zone file location, e.g. /root/zones/, do: + + # chcon system_u:object_r:named_zone_t /root/zones/{.,*} + + + See these man-pages for more information : selinux(8), named_selinux + (8), chcon(1), setsebool(8) + +Q: Listening on individual IPv6 interfaces does not work. + +A: This is usually due to "/proc/net/if_inet6" not being available in the + chroot file system. Mount another instance of "proc" in the chroot file + system. + + This can be be made permanent by adding a second instance to /etc/ + fstab. + + proc /proc proc defaults 0 0 + proc /var/named/proc proc defaults 0 0 + +5.3. Windows + +Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. + Why? + +A: This may be caused by a bug in the Windows 2000 DNS server where DNS + messages larger than 16K are not handled properly. This can be worked + around by setting the option "transfer-format one-answer;". Also check + whether your zone contains domain names with embedded spaces or other + special characters, like "John\032Doe\213s\032Computer", since such + names have been known to cause Windows 2000 slaves to incorrectly + reject the zone. + +Q: I get "Error 1067" when starting named under Windows. + +A: This is the service manager saying that named exited. You need to + examine the Application log in the EventViewer to find out why. + + Common causes are that you failed to create "named.conf" (usually "C:\ + windows\dns\etc\named.conf") or failed to specify the directory in + named.conf. + + options { + Directory "C:\windows\dns\etc"; + }; + +5.4. FreeBSD + +Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there. + +A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to + use certain interrupts as a source of random events. You can make this + permanent by setting rand_irqs in /etc/rc.conf. + + rand_irqs="3 14 15" + + See also . + +5.5. Solaris + +Q: How do I integrate BIND 9 and Solaris SMF + +A: Sun has a blog entry describing how to do this. + + + +5.6. Apple Mac OS X + +Q: How do I run BIND 9 on Apple Mac OS X? + +A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do: + + % sudo rndc-confgen > /etc/rndc.conf + + Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.: + + key "rndc-key" { + algorithm hmac-md5; + secret "uvceheVuqf17ZwIcTydddw=="; + }; + + Then start the relevant service: + + % sudo service org.isc.named start + + This is persistent upon a reboot, so you will have to do it only once. + +A: Alternatively you can just generate /etc/rndc.key by running: + + % sudo rndc-confgen -a + + Then start the relevant service: + + % sudo service org.isc.named start + + Named will look for /etc/rndc.key when it starts if it doesn't have a + controls section or the existing controls are missing keys sub-clauses. + This is persistent upon a reboot, so you will have to do it only once. + diff --git a/contrib/bind-9.3/README b/contrib/bind-9.5.2/README similarity index 58% rename from contrib/bind-9.3/README rename to contrib/bind-9.5.2/README index 75aa741b02..8fdec25327 100644 --- a/contrib/bind-9.3/README +++ b/contrib/bind-9.5.2/README @@ -42,45 +42,195 @@ BIND 9 Stichting NLnet - NLnet Foundation Nominum, Inc. -BIND 9.3.4-P1 - BIND 9.3.4-P1 is a security release. +BIND 9.5.2 -BIND 9.3.4 + BIND 9.5.2 is a maintenance release, fixing bugs in 9.5.1. - BIND 9.3.4 is a security release. +BIND 9.5.1 -BIND 9.3.3 + BIND 9.5.1 is a maintenance release, fixing bugs in 9.5.0. - BIND 9.3.3 is a maintenance release, containing fixes for - a number of bugs in 9.3.2. +BIND 9.5.0 -BIND 9.3.2 + BIND 9.5.0 has a number of new features over 9.4, + including: + + - GSS-TSIG support (RFC 3645). + - DHCID support. + - Experimental http server and statistics support for named via xml. + - More detailed statistics counters including those supported in + BIND 8. + - Faster ACL processing. + - Internal documentation generated by Doxygen. + - Efficient LRU cache-cleaning mechanism. + - NSID support (RFC 5001). - BIND 9.3.2 is a maintenance release, containing fixes for - a number of bugs in 9.3.1. +BIND 9.4.0 - libbind: corresponds to that from BIND 8.4.7-REL. + BIND 9.4.0 has a number of new features over 9.3, + including: - Known Issues: + Implemented "additional section caching (or acache)", an + internal cache framework for additional section content to + improve response performance. Several configuration options + were provided to control the behavior. - The following INSIST can be triggered with DNSSEC enabled. + New notify type 'master-only'. Enable notify for master + zones only. -resolver.c:762: INSIST(result != 0 || dns_rdataset_isassociated(event->rdataset) || fctx->type == ((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rdatatype_t)dns_rdatatype_rrsig)) failed + Accept 'notify-source' style syntax for query-source. - We are still trying to isolate the cause. If you have core - dump please send a bug report to bind9-bugs@isc.org with - the location of the core, named executable and OS details. - - Note: contrib/nanny contains a perl script to restart named - in the event of a INSIST/REQUIRE/ENSURE failure. + rndc now allows addresses to be set in the server clauses. + + New option "allow-query-cache". This lets "allow-query" + be used to specify the default zone access level rather + than having to have every zone override the global value. + "allow-query-cache" can be set at both the options and view + levels. If "allow-query-cache" is not set then "allow-recursion" + is used if set, otherwise "allow-query" is used if set + unless "recursion no;" is set in which case "none;" is used, + otherwise the default (localhost; localnets;) is used. + + rndc: the source address can now be specified. + + ixfr-from-differences now takes master and slave in addition + to yes and no at the options and view levels. + + Allow the journal's name to be changed via named.conf. + + 'rndc notify zone [class [view]]' resend the NOTIFY messages + for the specified zone. + + 'dig +trace' now randomly selects the next servers to try. + Report if there is a bad delegation. + + Improve check-names error messages. + + Make public the function to read a key file, dst_key_read_public(). + + dig now returns the byte count for axfr/ixfr. + + allow-update is now settable at the options / view level. + + named-checkconf now checks the logging configuration. + + host now can turn on memory debugging flags with '-m'. + + Don't send notify messages to self. + + Perform sanity checks on NS records which refer to 'in zone' names. + + New zone option "notify-delay". Specify a minimum delay + between sets of NOTIFY messages. + + Extend adjusting TTL warning messages. + + Named and named-checkzone can now both check for non-terminal + wildcard records. + + "rndc freeze/thaw" now freezes/thaws all zones. + + named-checkconf now check acls to verify that they only + refer to existing acls. + + The server syntax has been extended to support a range of + servers. + + Report differences between hints and real NS rrset and + associated address records. + + Preserve the case of domain names in rdata during zone + transfers. + + Restructured the data locking framework using architecture + dependent atomic operations (when available), improving + response performance on multi-processor machines significantly. + x86, x86_64, alpha, powerpc, and mips are currently supported. + + UNIX domain controls are now supported. + + Add support for additional zone file formats for improving + loading performance. The masterfile-format option in + named.conf can be used to specify a non-default format. A + separate command named-compilezone was provided to generate + zone files in the new format. Additionally, the -I and -O + options for dnssec-signzone specify the input and output + formats. -BIND 9.3.1 + dnssec-signzone can now randomize signature end times + (dnssec-signzone -j jitter). - BIND 9.3.1 is a maintenance release, containing fixes for - a number of bugs in 9.3.0. + Add support for CH A record. - libbind: corresponds to that from BIND 8.4.6-REL. + Add additional zone data constancy checks. named-checkzone + has extended checking of NS, MX and SRV record and the hosts + they reference. named has extended post zone load checks. + New zone options: check-mx and integrity-check. + + + edns-udp-size can now be overridden on a per server basis. + + dig can now specify the EDNS version when making a query. + + Added framework for handling multiple EDNS versions. + + Additional memory debugging support to track size and mctx + arguments. + + Detect duplicates of UDP queries we are recursing on and + drop them. New stats category "duplicates". + + "USE INTERNAL MALLOC" is now runtime selectable. + + The lame cache is now done on a basis + as some servers only appear to be lame for certain query + types. + + Limit the number of recursive clients that can be waiting + for a single query () to resolve. New + options clients-per-query and max-clients-per-query. + + dig: report the number of extra bytes still left in the + packet after processing all the records. + + Support for IPSECKEY rdata type. + + Raise the UDP recieve buffer size to 32k if it is less than 32k. + + x86 and x86_64 now have seperate atomic locking implementations. + + named-checkconf now validates update-policy entries. + + Attempt to make the amount of work performed in a iteration + self tuning. The covers nodes clean from the cache per + iteration, nodes written to disk when rewriting a master + file and nodes destroyed per iteration when destroying a + zone or a cache. + + ISC string copy API. + + Automatic empty zone creation for D.F.IP6.ARPA and friends. + Note: RFC 1918 zones are not yet covered by this but are + likely to be in a future release. + + New options: empty-server, empty-contact, empty-zones-enable + and disable-empty-zone. + + dig now has a '-q queryname' and '+showsearch' options. + + host/nslookup now continue (default)/fail on SERVFAIL. + + dig now warns if 'RA' is not set in the answer when 'RD' + was set in the query. host/nslookup skip servers that fail + to set 'RA' when 'RD' is set unless a server is explicitly + set. + + Integrate contibuted DLZ code into named. + + Integrate contibuted IDN code from JPNIC. + + libbind: corresponds to that from BIND 8.4.7. BIND 9.3.0 @@ -157,7 +307,7 @@ BIND 9.2.0 This does not apply to the use of TSIG, which does not require OpenSSL. - - The source distribution now builds on Windows NT/2000. + - The source distribution now builds on Windows. See win32utils/readme1.txt and win32utils/win32-build.txt for details. @@ -206,11 +356,8 @@ BIND 9.2.0 --with-libtool does not work on AIX. - --with-libtool does not work on SunOS 4. configure - requires "printf" which is not available. - - A bug in the Windows 2000 DNS server can cause zone transfers - from a BIND 9 server to a W2K server to fail. For details, + A bug in some versions of the Microsoft DNS server can cause zone + transfers from a BIND 9 server to a W2K server to fail. For details, see the "Zone Transfers" section in doc/misc/migration. For a detailed list of user-visible changes from @@ -225,27 +372,35 @@ Building We've had successful builds and tests on the following systems: COMPAQ Tru64 UNIX 5.1B - FreeBSD 4.10, 5.2.1 + Fedora Core 6 + FreeBSD 4.10, 5.2.1, 6.2 HP-UX 11.11 - NetBSD 1.5 - Slackware Linux 8.1 - Solaris 8, 9, 9 (x86) - Windows NT/2000/XP/2003 - - Additionally, we have unverified reports of success building - previous versions of BIND 9 from users of the following systems: - - AIX 5L - SuSE Linux 7.0 - Slackware Linux 7.x, 8.0 - Red Hat Linux 7.1 - Debian GNU/Linux 2.2 and 3.0 - Mandrake 8.1 - OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8 - UnixWare 7.1.1 - HP-UX 10.20 - BSD/OS 4.2 - Mac OS X 10.1, 10.3.8 + Mac OS X 10.5 + NetBSD 3.x and 4.0-beta + OpenBSD 3.3 and up + Solaris 8, 9, 9 (x86), 10 + Ubuntu 7.04, 7.10 + Windows XP/2003/2008 + + NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of + Windows, including Windows NT and Windows 2000, are no longer + supported. + + We have recent reports from the user community that a supported + version of BIND will build and run on the following systems: + + AIX 4.3, 5L + CentOS 4, 4.5, 5 + Darwin 9.0.0d1/ARM + Debian 4 + Fedora Core 5, 7 + FreeBSD 6.1 + HP-UX 11.23 PA + MacOS X 10.4, 10.5 + Red Hat Enterprise Linux 4, 5 + SCO OpenServer 5.0.6 + Slackware 9, 10 + SuSE 9, 10 To build, just @@ -282,6 +437,14 @@ Building -DDIG_SIGCHASE_BU=1) Disable dropping queries from particular well known ports. -DNS_CLIENT_DROPPORT=0 + Sibling glue checking in named-checkzone is enabled by default. + To disable the default check set. -DCHECK_SIBLING=0 + named-checkzone checks out-of-zone addresses by default. + To disable this default set. -DCHECK_LOCAL=0 + Enable workaround for Solaris kernel bug about /dev/poll + -DISC_SOCKET_USE_POLLWATCH=1 + The watch timeout is also configurable, e.g., + -DISC_SOCKET_POLLWATCH_TIMEOUT=20 LDFLAGS Linker flags. Defaults to empty string. @@ -310,6 +473,10 @@ Building To build libbind (the BIND 8 resolver library), specify "--enable-libbind" on the configure command line. + On some platforms it is necessary to explictly request large + file support to handle files bigger than 2GB. This can be + done by "--enable-largefile" on the configure command line. + On some platforms, BIND 9 can be built with multithreading support, allowing it to take advantage of multiple CPUs. You can specify whether to build a multithreaded BIND 9 @@ -317,6 +484,11 @@ Building on the configure command line. The default is operating system dependent. + Support for the "fixed" rrset-order option can be enabled + or disabled by specifying "--enable-fixed-rrset" or + "--disable-fixed-rrset" on the configure command line. + The default is "disabled", to reduce memory footprint. + If your operating system has integrated support for IPv6, it will be used automatically. If you have installed KAME IPv6 separately, use "--with-kame[=PATH]" to specify its location. @@ -359,6 +531,9 @@ Building on your system, and some require Perl; see bin/tests/system/README for details. + SunOS 4 requires "printf" to be installed to make the shared + libraries. sh-utils-1.16 provides a "printf" which compiles + on SunOS 4. Documentation diff --git a/contrib/bind-9.5.2/README.idnkit b/contrib/bind-9.5.2/README.idnkit new file mode 100644 index 0000000000..4cb6641339 --- /dev/null +++ b/contrib/bind-9.5.2/README.idnkit @@ -0,0 +1,112 @@ + + BIND-9 IDN patch + + Japan Network Information Center (JPNIC) + + +* What is this patch for? + +This patch adds internationalized domain name (IDN) support to BIND-9. +You'll get internationalized version of dig/host/nslookup commands. + + + internationalized dig/host/nslookup + dig/host/nslookup accepts non-ASCII domain names in the local + codeset (such as Shift JIS, Big5 or ISO8859-1) determined by + the locale information. The domain names are normalized and + converted to the encoding on the DNS protocol, and sent to DNS + servers. The replies are converted back to the local codeset + and displayed. + + +* Compilation & installation + +0. Prerequisite + +You have to build and install idnkit before building this patched version +of bind-9. + +1. Running configure script + +Run `configure' in the top directory. See `README' for the +configuration options. + +This patch adds the following 4 options to `configure'. You should +at least specify `--with-idn' option to enable IDN support. + + --with-idn[=IDN_PREFIX] + To enable IDN support, you have to specify `--with-idn' option. + The argument IDN_PREFIX is the install prefix of idnkit. If + IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX') + is assumed. + + --with-libiconv[=LIBICONV_PREFIX] + Specify this option if idnkit you have installed links GNU + libiconv. The argument LIBICONV_PREFIX is install prefix of + GNU libiconv. If the argument is omitted, PREFIX (derived + from `--prefix=PREFIX') is assumed. + + `--with-libiconv' is shorthand option for GNU libiconv. + + --with-libiconv=/usr/local + + This is equivalent to: + + --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv' + + `--with-libiconv' assumes that your C compiler has `-R' + option, and that the option adds the specified run-time path + to an executable binary. If `-R' option of your compiler has + different meaning, or your compiler lacks the option, you + should use `--with-iconv' option instead. Binary command + without run-time path information might be unexecutable. + In that case, you would see an error message like: + + error in loading shared libraries: libiconv.so.2: cannot + open shared object file + + If both `--with-libiconv' and `--with-iconv' options are + specified, `--with-iconv' is prior to `--with-libiconv'. + + --with-iconv=ICONV_LIBSPEC + If your libc doesn't provide iconv(), you need to specify the + library containing iconv() with this option. `ICONV_LIBSPEC' + is the argument(s) to `cc' or `ld' to link the library, for + example, `--with-iconv="-L/usr/local/lib -liconv"'. + You don't need to specify the header file directory for "iconv.h" + to the compiler, as it isn't included directly by bind-9 with + this patch. + + --with-idnlib=IDN_LIBSPEC + With this option, you can explicitly specify the argument(s) + to `cc' or `ld' to link the idnkit's library, `libidnkit'. If + this option is not specified, `-L${PREFIX}/lib -lidnkit' is + assumed, where ${PREFIX} is the installation prefix specified + with `--with-idn' option above. You may need to use this + option to specify extra arguments, for example, + `--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'. + +Please consult `README' for other configuration options. + +Note that if you want to specify some extra header file directories, +you should use the environment variable STD_CINCLUDES instead of +CFLAGS, as described in README. + +2. Compilation and installation + +After running "configure", just do + + make + make install + +for compiling and installing. + + +* Contact information + +Please see http//www.nic.ad.jp/en/idn/ for the latest news +about idnkit and this patch. + +Bug reports and comments on this kit should be sent to +mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively. + +; $Id: README.idnkit,v 1.2.558.1 2009/01/19 00:01:09 marka Exp $ diff --git a/contrib/bind-9.5.2/bin/check/check-tool.c b/contrib/bind-9.5.2/bin/check/check-tool.c new file mode 100644 index 0000000000..c50eee328b --- /dev/null +++ b/contrib/bind-9.5.2/bin/check/check-tool.c @@ -0,0 +1,660 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: check-tool.c,v 1.31.62.5 2009/01/27 21:17:39 jinmei Exp $ */ + +/*! \file */ + +#include + +#include + +#include "check-tool.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#ifndef CHECK_SIBLING +#define CHECK_SIBLING 1 +#endif + +#ifndef CHECK_LOCAL +#define CHECK_LOCAL 1 +#endif + +#ifdef HAVE_ADDRINFO +#ifdef HAVE_GETADDRINFO +#ifdef HAVE_GAISTRERROR +#define USE_GETADDRINFO +#endif +#endif +#endif + +#define CHECK(r) \ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ + } while (0) + +#define ERR_IS_CNAME 1 +#define ERR_NO_ADDRESSES 2 +#define ERR_LOOKUP_FAILURE 3 +#define ERR_EXTRA_A 4 +#define ERR_EXTRA_AAAA 5 +#define ERR_MISSING_GLUE 5 +#define ERR_IS_MXCNAME 6 +#define ERR_IS_SRVCNAME 7 + +static const char *dbtype[] = { "rbt" }; + +int debug = 0; +isc_boolean_t nomerge = ISC_TRUE; +#if CHECK_LOCAL +isc_boolean_t docheckmx = ISC_TRUE; +isc_boolean_t dochecksrv = ISC_TRUE; +isc_boolean_t docheckns = ISC_TRUE; +#else +isc_boolean_t docheckmx = ISC_FALSE; +isc_boolean_t dochecksrv = ISC_FALSE; +isc_boolean_t docheckns = ISC_FALSE; +#endif +unsigned int zone_options = DNS_ZONEOPT_CHECKNS | + DNS_ZONEOPT_CHECKMX | + DNS_ZONEOPT_MANYERRORS | + DNS_ZONEOPT_CHECKNAMES | + DNS_ZONEOPT_CHECKINTEGRITY | +#if CHECK_SIBLING + DNS_ZONEOPT_CHECKSIBLING | +#endif + DNS_ZONEOPT_CHECKWILDCARD | + DNS_ZONEOPT_WARNMXCNAME | + DNS_ZONEOPT_WARNSRVCNAME; + +/* + * This needs to match the list in bin/named/log.c. + */ +static isc_logcategory_t categories[] = { + { "", 0 }, + { "client", 0 }, + { "network", 0 }, + { "update", 0 }, + { "queries", 0 }, + { "unmatched", 0 }, + { "update-security", 0 }, + { "query-errors", 0 }, + { NULL, 0 } +}; + +static isc_symtab_t *symtab = NULL; +static isc_mem_t *sym_mctx; + +static void +freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) { + UNUSED(type); + UNUSED(value); + isc_mem_free(userarg, key); +} + +static void +add(char *key, int value) { + isc_result_t result; + isc_symvalue_t symvalue; + + if (sym_mctx == NULL) { + result = isc_mem_create(0, 0, &sym_mctx); + if (result != ISC_R_SUCCESS) + return; + } + + if (symtab == NULL) { + result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx, + ISC_FALSE, &symtab); + if (result != ISC_R_SUCCESS) + return; + } + + key = isc_mem_strdup(sym_mctx, key); + if (key == NULL) + return; + + symvalue.as_pointer = NULL; + result = isc_symtab_define(symtab, key, value, symvalue, + isc_symexists_reject); + if (result != ISC_R_SUCCESS) + isc_mem_free(sym_mctx, key); +} + +static isc_boolean_t +logged(char *key, int value) { + isc_result_t result; + + if (symtab == NULL) + return (ISC_FALSE); + + result = isc_symtab_lookup(symtab, key, value, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + return (ISC_FALSE); +} + +static isc_boolean_t +checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner, + dns_rdataset_t *a, dns_rdataset_t *aaaa) +{ +#ifdef USE_GETADDRINFO + dns_rdataset_t *rdataset; + dns_rdata_t rdata = DNS_RDATA_INIT; + struct addrinfo hints, *ai, *cur; + char namebuf[DNS_NAME_FORMATSIZE + 1]; + char ownerbuf[DNS_NAME_FORMATSIZE]; + char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")]; + isc_boolean_t answer = ISC_TRUE; + isc_boolean_t match; + const char *type; + void *ptr = NULL; + int result; + + REQUIRE(a == NULL || !dns_rdataset_isassociated(a) || + a->type == dns_rdatatype_a); + REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) || + aaaa->type == dns_rdatatype_aaaa); + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + dns_name_format(name, namebuf, sizeof(namebuf) - 1); + /* + * Turn off search. + */ + if (dns_name_countlabels(name) > 1U) + strcat(namebuf, "."); + dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); + + result = getaddrinfo(namebuf, NULL, &hints, &ai); + dns_name_format(name, namebuf, sizeof(namebuf) - 1); + switch (result) { + case 0: + /* + * Work around broken getaddrinfo() implementations that + * fail to set ai_canonname on first entry. + */ + cur = ai; + while (cur != NULL && cur->ai_canonname == NULL && + cur->ai_next != NULL) + cur = cur->ai_next; + if (cur != NULL && cur->ai_canonname != NULL && + strcasecmp(cur->ai_canonname, namebuf) != 0 && + !logged(namebuf, ERR_IS_CNAME)) { + dns_zone_log(zone, ISC_LOG_ERROR, + "%s/NS '%s' (out of zone) " + "is a CNAME (illegal)", + ownerbuf, namebuf); + /* XXX950 make fatal for 9.5.0 */ + /* answer = ISC_FALSE; */ + add(namebuf, ERR_IS_CNAME); + } + break; + case EAI_NONAME: +#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) + case EAI_NODATA: +#endif + if (!logged(namebuf, ERR_NO_ADDRESSES)) { + dns_zone_log(zone, ISC_LOG_ERROR, + "%s/NS '%s' (out of zone) " + "has no addresses records (A or AAAA)", + ownerbuf, namebuf); + add(namebuf, ERR_NO_ADDRESSES); + } + /* XXX950 make fatal for 9.5.0 */ + return (ISC_TRUE); + + default: + if (!logged(namebuf, ERR_LOOKUP_FAILURE)) { + dns_zone_log(zone, ISC_LOG_WARNING, + "getaddrinfo(%s) failed: %s", + namebuf, gai_strerror(result)); + add(namebuf, ERR_LOOKUP_FAILURE); + } + return (ISC_TRUE); + } + if (a == NULL || aaaa == NULL) + return (answer); + /* + * Check that all glue records really exist. + */ + if (!dns_rdataset_isassociated(a)) + goto checkaaaa; + result = dns_rdataset_first(a); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(a, &rdata); + match = ISC_FALSE; + for (cur = ai; cur != NULL; cur = cur->ai_next) { + if (cur->ai_family != AF_INET) + continue; + ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr; + if (memcmp(ptr, rdata.data, rdata.length) == 0) { + match = ISC_TRUE; + break; + } + } + if (!match && !logged(namebuf, ERR_EXTRA_A)) { + dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' " + "extra GLUE A record (%s)", + ownerbuf, namebuf, + inet_ntop(AF_INET, rdata.data, + addrbuf, sizeof(addrbuf))); + add(namebuf, ERR_EXTRA_A); + /* XXX950 make fatal for 9.5.0 */ + /* answer = ISC_FALSE; */ + } + dns_rdata_reset(&rdata); + result = dns_rdataset_next(a); + } + + checkaaaa: + if (!dns_rdataset_isassociated(aaaa)) + goto checkmissing; + result = dns_rdataset_first(aaaa); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(aaaa, &rdata); + match = ISC_FALSE; + for (cur = ai; cur != NULL; cur = cur->ai_next) { + if (cur->ai_family != AF_INET6) + continue; + ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr; + if (memcmp(ptr, rdata.data, rdata.length) == 0) { + match = ISC_TRUE; + break; + } + } + if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) { + dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' " + "extra GLUE AAAA record (%s)", + ownerbuf, namebuf, + inet_ntop(AF_INET6, rdata.data, + addrbuf, sizeof(addrbuf))); + add(namebuf, ERR_EXTRA_AAAA); + /* XXX950 make fatal for 9.5.0. */ + /* answer = ISC_FALSE; */ + } + dns_rdata_reset(&rdata); + result = dns_rdataset_next(aaaa); + } + + checkmissing: + /* + * Check that all addresses appear in the glue. + */ + if (!logged(namebuf, ERR_MISSING_GLUE)) { + isc_boolean_t missing_glue = ISC_FALSE; + for (cur = ai; cur != NULL; cur = cur->ai_next) { + switch (cur->ai_family) { + case AF_INET: + rdataset = a; + ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr; + type = "A"; + break; + case AF_INET6: + rdataset = aaaa; + ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr; + type = "AAAA"; + break; + default: + continue; + } + match = ISC_FALSE; + if (dns_rdataset_isassociated(rdataset)) + result = dns_rdataset_first(rdataset); + else + result = ISC_R_FAILURE; + while (result == ISC_R_SUCCESS && !match) { + dns_rdataset_current(rdataset, &rdata); + if (memcmp(ptr, rdata.data, rdata.length) == 0) + match = ISC_TRUE; + dns_rdata_reset(&rdata); + result = dns_rdataset_next(rdataset); + } + if (!match) { + dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' " + "missing GLUE %s record (%s)", + ownerbuf, namebuf, type, + inet_ntop(cur->ai_family, ptr, + addrbuf, sizeof(addrbuf))); + /* XXX950 make fatal for 9.5.0. */ + /* answer = ISC_FALSE; */ + missing_glue = ISC_TRUE; + } + } + if (missing_glue) + add(namebuf, ERR_MISSING_GLUE); + } + freeaddrinfo(ai); + return (answer); +#else + return (ISC_TRUE); +#endif +} + +static isc_boolean_t +checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) { +#ifdef USE_GETADDRINFO + struct addrinfo hints, *ai, *cur; + char namebuf[DNS_NAME_FORMATSIZE + 1]; + char ownerbuf[DNS_NAME_FORMATSIZE]; + int result; + int level = ISC_LOG_ERROR; + isc_boolean_t answer = ISC_TRUE; + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + dns_name_format(name, namebuf, sizeof(namebuf) - 1); + /* + * Turn off search. + */ + if (dns_name_countlabels(name) > 1U) + strcat(namebuf, "."); + dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); + + result = getaddrinfo(namebuf, NULL, &hints, &ai); + dns_name_format(name, namebuf, sizeof(namebuf) - 1); + switch (result) { + case 0: + /* + * Work around broken getaddrinfo() implementations that + * fail to set ai_canonname on first entry. + */ + cur = ai; + while (cur != NULL && cur->ai_canonname == NULL && + cur->ai_next != NULL) + cur = cur->ai_next; + if (cur != NULL && cur->ai_canonname != NULL && + strcasecmp(cur->ai_canonname, namebuf) != 0) { + if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0) + level = ISC_LOG_WARNING; + if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) { + if (!logged(namebuf, ERR_IS_MXCNAME)) { + dns_zone_log(zone, level, + "%s/MX '%s' (out of zone)" + " is a CNAME (illegal)", + ownerbuf, namebuf); + add(namebuf, ERR_IS_MXCNAME); + } + if (level == ISC_LOG_ERROR) + answer = ISC_FALSE; + } + } + freeaddrinfo(ai); + return (answer); + + case EAI_NONAME: +#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) + case EAI_NODATA: +#endif + if (!logged(namebuf, ERR_NO_ADDRESSES)) { + dns_zone_log(zone, ISC_LOG_ERROR, + "%s/MX '%s' (out of zone) " + "has no addresses records (A or AAAA)", + ownerbuf, namebuf); + add(namebuf, ERR_NO_ADDRESSES); + } + /* XXX950 make fatal for 9.5.0. */ + return (ISC_TRUE); + + default: + if (!logged(namebuf, ERR_LOOKUP_FAILURE)) { + dns_zone_log(zone, ISC_LOG_WARNING, + "getaddrinfo(%s) failed: %s", + namebuf, gai_strerror(result)); + add(namebuf, ERR_LOOKUP_FAILURE); + } + return (ISC_TRUE); + } +#else + return (ISC_TRUE); +#endif +} + +static isc_boolean_t +checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) { +#ifdef USE_GETADDRINFO + struct addrinfo hints, *ai, *cur; + char namebuf[DNS_NAME_FORMATSIZE + 1]; + char ownerbuf[DNS_NAME_FORMATSIZE]; + int result; + int level = ISC_LOG_ERROR; + isc_boolean_t answer = ISC_TRUE; + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + dns_name_format(name, namebuf, sizeof(namebuf) - 1); + /* + * Turn off search. + */ + if (dns_name_countlabels(name) > 1U) + strcat(namebuf, "."); + dns_name_format(owner, ownerbuf, sizeof(ownerbuf)); + + result = getaddrinfo(namebuf, NULL, &hints, &ai); + dns_name_format(name, namebuf, sizeof(namebuf) - 1); + switch (result) { + case 0: + /* + * Work around broken getaddrinfo() implementations that + * fail to set ai_canonname on first entry. + */ + cur = ai; + while (cur != NULL && cur->ai_canonname == NULL && + cur->ai_next != NULL) + cur = cur->ai_next; + if (cur != NULL && cur->ai_canonname != NULL && + strcasecmp(cur->ai_canonname, namebuf) != 0) { + if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0) + level = ISC_LOG_WARNING; + if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) { + if (!logged(namebuf, ERR_IS_SRVCNAME)) { + dns_zone_log(zone, level, "%s/SRV '%s'" + " (out of zone) is a " + "CNAME (illegal)", + ownerbuf, namebuf); + add(namebuf, ERR_IS_SRVCNAME); + } + if (level == ISC_LOG_ERROR) + answer = ISC_FALSE; + } + } + freeaddrinfo(ai); + return (answer); + + case EAI_NONAME: +#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) + case EAI_NODATA: +#endif + if (!logged(namebuf, ERR_NO_ADDRESSES)) { + dns_zone_log(zone, ISC_LOG_ERROR, + "%s/SRV '%s' (out of zone) " + "has no addresses records (A or AAAA)", + ownerbuf, namebuf); + add(namebuf, ERR_NO_ADDRESSES); + } + /* XXX950 make fatal for 9.5.0. */ + return (ISC_TRUE); + + default: + if (!logged(namebuf, ERR_LOOKUP_FAILURE)) { + dns_zone_log(zone, ISC_LOG_WARNING, + "getaddrinfo(%s) failed: %s", + namebuf, gai_strerror(result)); + add(namebuf, ERR_LOOKUP_FAILURE); + } + return (ISC_TRUE); + } +#else + return (ISC_TRUE); +#endif +} + +isc_result_t +setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) { + isc_logdestination_t destination; + isc_logconfig_t *logconfig = NULL; + isc_log_t *log = NULL; + + RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS); + isc_log_registercategories(log, categories); + isc_log_setcontext(log); + dns_log_init(log); + dns_log_setcontext(log); + cfg_log_init(log); + + destination.file.stream = errout; + destination.file.name = NULL; + destination.file.versions = ISC_LOG_ROLLNEVER; + destination.file.maximum_size = 0; + RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr", + ISC_LOG_TOFILEDESC, + ISC_LOG_DYNAMIC, + &destination, 0) == ISC_R_SUCCESS); + RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr", + NULL, NULL) == ISC_R_SUCCESS); + + *logp = log; + return (ISC_R_SUCCESS); +} + +/*% load the zone */ +isc_result_t +load_zone(isc_mem_t *mctx, const char *zonename, const char *filename, + dns_masterformat_t fileformat, const char *classname, + dns_zone_t **zonep) +{ + isc_result_t result; + dns_rdataclass_t rdclass; + isc_textregion_t region; + isc_buffer_t buffer; + dns_fixedname_t fixorigin; + dns_name_t *origin; + dns_zone_t *zone = NULL; + + REQUIRE(zonep == NULL || *zonep == NULL); + + if (debug) + fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n", + zonename, filename, classname); + + CHECK(dns_zone_create(&zone, mctx)); + + dns_zone_settype(zone, dns_zone_master); + + isc_buffer_init(&buffer, zonename, strlen(zonename)); + isc_buffer_add(&buffer, strlen(zonename)); + dns_fixedname_init(&fixorigin); + origin = dns_fixedname_name(&fixorigin); + CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, + ISC_FALSE, NULL)); + CHECK(dns_zone_setorigin(zone, origin)); + CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype)); + CHECK(dns_zone_setfile2(zone, filename, fileformat)); + + DE_CONST(classname, region.base); + region.length = strlen(classname); + CHECK(dns_rdataclass_fromtext(&rdclass, ®ion)); + + dns_zone_setclass(zone, rdclass); + dns_zone_setoption(zone, zone_options, ISC_TRUE); + dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge); + if (docheckmx) + dns_zone_setcheckmx(zone, checkmx); + if (docheckns) + dns_zone_setcheckns(zone, checkns); + if (dochecksrv) + dns_zone_setchecksrv(zone, checksrv); + + CHECK(dns_zone_load(zone)); + if (zonep != NULL) { + *zonep = zone; + zone = NULL; + } + + cleanup: + if (zone != NULL) + dns_zone_detach(&zone); + return (result); +} + +/*% dump the zone */ +isc_result_t +dump_zone(const char *zonename, dns_zone_t *zone, const char *filename, + dns_masterformat_t fileformat, const dns_master_style_t *style) +{ + isc_result_t result; + FILE *output = stdout; + + if (debug) { + if (filename != NULL && strcmp(filename, "-") != 0) + fprintf(stderr, "dumping \"%s\" to \"%s\"\n", + zonename, filename); + else + fprintf(stderr, "dumping \"%s\"\n", zonename); + } + + if (filename != NULL && strcmp(filename, "-") != 0) { + result = isc_stdio_open(filename, "w+", &output); + + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "could not open output " + "file \"%s\" for writing\n", filename); + return (ISC_R_FAILURE); + } + } + + result = dns_zone_dumptostream2(zone, output, fileformat, style); + + if (output != stdout) + (void)isc_stdio_close(output); + + return (result); +} diff --git a/contrib/bind-9.3/bin/check/check-tool.h b/contrib/bind-9.5.2/bin/check/check-tool.h similarity index 65% rename from contrib/bind-9.3/bin/check/check-tool.h rename to contrib/bind-9.5.2/bin/check/check-tool.h index 105cd258ca..b0ba7e06ef 100644 --- a/contrib/bind-9.3/bin/check/check-tool.h +++ b/contrib/bind-9.5.2/bin/check/check-tool.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,30 +15,39 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.h,v 1.2.12.5 2004/03/08 04:04:13 marka Exp $ */ +/* $Id: check-tool.h,v 1.14 2007/06/18 23:47:17 tbox Exp $ */ #ifndef CHECK_TOOL_H #define CHECK_TOOL_H -#include +/*! \file */ +#include +#include #include + +#include #include ISC_LANG_BEGINDECLS isc_result_t -setup_logging(isc_mem_t *mctx, isc_log_t **logp); +setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp); isc_result_t load_zone(isc_mem_t *mctx, const char *zonename, const char *filename, - const char *classname, dns_zone_t **zonep); + dns_masterformat_t fileformat, const char *classname, + dns_zone_t **zonep); isc_result_t -dump_zone(const char *zonename, dns_zone_t *zone, const char *filename); +dump_zone(const char *zonename, dns_zone_t *zone, const char *filename, + dns_masterformat_t fileformat, const dns_master_style_t *style); extern int debug; extern isc_boolean_t nomerge; +extern isc_boolean_t docheckmx; +extern isc_boolean_t docheckns; +extern isc_boolean_t dochecksrv; extern unsigned int zone_options; ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/bin/check/named-checkconf.8 b/contrib/bind-9.5.2/bin/check/named-checkconf.8 similarity index 72% rename from contrib/bind-9.3/bin/check/named-checkconf.8 rename to contrib/bind-9.5.2/bin/check/named-checkconf.8 index 7d0633582d..84b2d302a4 100644 --- a/contrib/bind-9.3/bin/check/named-checkconf.8 +++ b/contrib/bind-9.5.2/bin/check/named-checkconf.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.11.12.8 2006/06/29 13:02:30 marka Exp $ +.\" $Id: named-checkconf.8,v 1.30.130.1 2009/07/11 01:43:26 tbox Exp $ .\" .hy 0 .ad l .\" Title: named\-checkconf .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 14, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,33 +33,48 @@ named\-checkconf \- named configuration file syntax checking tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR] +\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR] .SH "DESCRIPTION" .PP \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file. .SH "OPTIONS" -.TP 3n +.PP +\-h +.RS 4 +Print the usage summary and exit. +.RE +.PP \-t \fIdirectory\fR -chroot to +.RS 4 +Chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP 3n +.RE +.PP \-v +.RS 4 Print the version of the \fBnamed\-checkconf\fR program and exit. -.TP 3n +.RE +.PP \-z -Perform a check load the master zonefiles found in +.RS 4 +Perform a test load of all master zones found in \fInamed.conf\fR. -.TP 3n +.RE +.PP \-j +.RS 4 When loading a zonefile read the journal if it exists. -.TP 3n +.RE +.PP filename +.RS 4 The name of the configuration file to be checked. If not specified, it defaults to \fI/etc/named.conf\fR. +.RE .SH "RETURN VALUES" .PP \fBnamed\-checkconf\fR @@ -67,9 +82,13 @@ returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkzone\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2002 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/bin/check/named-checkconf.c b/contrib/bind-9.5.2/bin/check/named-checkconf.c new file mode 100644 index 0000000000..57cc20cefc --- /dev/null +++ b/contrib/bind-9.5.2/bin/check/named-checkconf.c @@ -0,0 +1,498 @@ +/* + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named-checkconf.c,v 1.46.18.2 2009/02/16 23:46:44 tbox Exp $ */ + +/*! \file */ + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include +#include + +#include "check-tool.h" + +static const char *program = "named-checkconf"; + +isc_log_t *logc = NULL; + +#define CHECK(r)\ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ + } while (0) + +/*% usage */ +static void +usage(void) { + fprintf(stderr, "usage: %s [-h] [-j] [-v] [-z] [-t directory] " + "[named.conf]\n", program); + exit(1); +} + +/*% directory callback */ +static isc_result_t +directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) { + isc_result_t result; + const char *directory; + + REQUIRE(strcasecmp("directory", clausename) == 0); + + UNUSED(arg); + UNUSED(clausename); + + /* + * Change directory. + */ + directory = cfg_obj_asstring(obj); + result = isc_dir_chdir(directory); + if (result != ISC_R_SUCCESS) { + cfg_obj_log(obj, logc, ISC_LOG_ERROR, + "change directory to '%s' failed: %s\n", + directory, isc_result_totext(result)); + return (result); + } + + return (ISC_R_SUCCESS); +} + +static isc_boolean_t +get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) { + int i; + for (i = 0;; i++) { + if (maps[i] == NULL) + return (ISC_FALSE); + if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) + return (ISC_TRUE); + } +} + +static isc_boolean_t +get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) { + const cfg_listelt_t *element; + const cfg_obj_t *checknames; + const cfg_obj_t *type; + const cfg_obj_t *value; + isc_result_t result; + int i; + + for (i = 0;; i++) { + if (maps[i] == NULL) + return (ISC_FALSE); + checknames = NULL; + result = cfg_map_get(maps[i], "check-names", &checknames); + if (result != ISC_R_SUCCESS) + continue; + if (checknames != NULL && !cfg_obj_islist(checknames)) { + *obj = checknames; + return (ISC_TRUE); + } + for (element = cfg_list_first(checknames); + element != NULL; + element = cfg_list_next(element)) { + value = cfg_listelt_value(element); + type = cfg_tuple_get(value, "type"); + if (strcasecmp(cfg_obj_asstring(type), "master") != 0) + continue; + *obj = cfg_tuple_get(value, "mode"); + return (ISC_TRUE); + } + } +} + +static isc_result_t +config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) { + int i; + + for (i = 0;; i++) { + if (maps[i] == NULL) + return (ISC_R_NOTFOUND); + if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) + return (ISC_R_SUCCESS); + } +} + +/*% configure the zone */ +static isc_result_t +configure_zone(const char *vclass, const char *view, + const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, + const cfg_obj_t *config, isc_mem_t *mctx) +{ + int i = 0; + isc_result_t result; + const char *zclass; + const char *zname; + const char *zfile; + const cfg_obj_t *maps[4]; + const cfg_obj_t *zoptions = NULL; + const cfg_obj_t *classobj = NULL; + const cfg_obj_t *typeobj = NULL; + const cfg_obj_t *fileobj = NULL; + const cfg_obj_t *dbobj = NULL; + const cfg_obj_t *obj = NULL; + const cfg_obj_t *fmtobj = NULL; + dns_masterformat_t masterformat; + + zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS; + + zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); + classobj = cfg_tuple_get(zconfig, "class"); + if (!cfg_obj_isstring(classobj)) + zclass = vclass; + else + zclass = cfg_obj_asstring(classobj); + + zoptions = cfg_tuple_get(zconfig, "options"); + maps[i++] = zoptions; + if (vconfig != NULL) + maps[i++] = cfg_tuple_get(vconfig, "options"); + if (config != NULL) { + cfg_map_get(config, "options", &obj); + if (obj != NULL) + maps[i++] = obj; + } + maps[i++] = NULL; + + cfg_map_get(zoptions, "type", &typeobj); + if (typeobj == NULL) + return (ISC_R_FAILURE); + if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) + return (ISC_R_SUCCESS); + cfg_map_get(zoptions, "database", &dbobj); + if (dbobj != NULL) + return (ISC_R_SUCCESS); + cfg_map_get(zoptions, "file", &fileobj); + if (fileobj == NULL) + return (ISC_R_FAILURE); + zfile = cfg_obj_asstring(fileobj); + + obj = NULL; + if (get_maps(maps, "check-mx", &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_CHECKMX; + zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + zone_options |= DNS_ZONEOPT_CHECKMX; + zone_options |= DNS_ZONEOPT_CHECKMXFAIL; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options &= ~DNS_ZONEOPT_CHECKMX; + zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_CHECKMX; + zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL; + } + + obj = NULL; + if (get_maps(maps, "check-integrity", &obj)) { + if (cfg_obj_asboolean(obj)) + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; + else + zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY; + } else + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; + + obj = NULL; + if (get_maps(maps, "check-mx-cname", &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_WARNMXCNAME; + zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + zone_options &= ~DNS_ZONEOPT_WARNMXCNAME; + zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options |= DNS_ZONEOPT_WARNMXCNAME; + zone_options |= DNS_ZONEOPT_IGNOREMXCNAME; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_WARNMXCNAME; + zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME; + } + + obj = NULL; + if (get_maps(maps, "check-srv-cname", &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_WARNSRVCNAME; + zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME; + zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options |= DNS_ZONEOPT_WARNSRVCNAME; + zone_options |= DNS_ZONEOPT_IGNORESRVCNAME; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_WARNSRVCNAME; + zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME; + } + + obj = NULL; + if (get_maps(maps, "check-sibling", &obj)) { + if (cfg_obj_asboolean(obj)) + zone_options |= DNS_ZONEOPT_CHECKSIBLING; + else + zone_options &= ~DNS_ZONEOPT_CHECKSIBLING; + } + + obj = NULL; + if (get_checknames(maps, &obj)) { + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + zone_options |= DNS_ZONEOPT_CHECKNAMES; + zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + zone_options |= DNS_ZONEOPT_CHECKNAMES; + zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + zone_options &= ~DNS_ZONEOPT_CHECKNAMES; + zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL; + } else + INSIST(0); + } else { + zone_options |= DNS_ZONEOPT_CHECKNAMES; + zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL; + } + + masterformat = dns_masterformat_text; + fmtobj = NULL; + result = config_get(maps, "masterfile-format", &fmtobj); + if (result == ISC_R_SUCCESS) { + const char *masterformatstr = cfg_obj_asstring(fmtobj); + if (strcasecmp(masterformatstr, "text") == 0) + masterformat = dns_masterformat_text; + else if (strcasecmp(masterformatstr, "raw") == 0) + masterformat = dns_masterformat_raw; + else + INSIST(0); + } + + result = load_zone(mctx, zname, zfile, masterformat, zclass, NULL); + if (result != ISC_R_SUCCESS) + fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass, + dns_result_totext(result)); + return(result); +} + +/*% configure a view */ +static isc_result_t +configure_view(const char *vclass, const char *view, const cfg_obj_t *config, + const cfg_obj_t *vconfig, isc_mem_t *mctx) +{ + const cfg_listelt_t *element; + const cfg_obj_t *voptions; + const cfg_obj_t *zonelist; + isc_result_t result = ISC_R_SUCCESS; + isc_result_t tresult; + + voptions = NULL; + if (vconfig != NULL) + voptions = cfg_tuple_get(vconfig, "options"); + + zonelist = NULL; + if (voptions != NULL) + (void)cfg_map_get(voptions, "zone", &zonelist); + else + (void)cfg_map_get(config, "zone", &zonelist); + + for (element = cfg_list_first(zonelist); + element != NULL; + element = cfg_list_next(element)) + { + const cfg_obj_t *zconfig = cfg_listelt_value(element); + tresult = configure_zone(vclass, view, zconfig, vconfig, + config, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + return (result); +} + + +/*% load zones from the configuration */ +static isc_result_t +load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { + const cfg_listelt_t *element; + const cfg_obj_t *classobj; + const cfg_obj_t *views; + const cfg_obj_t *vconfig; + const char *vclass; + isc_result_t result = ISC_R_SUCCESS; + isc_result_t tresult; + + views = NULL; + + (void)cfg_map_get(config, "view", &views); + for (element = cfg_list_first(views); + element != NULL; + element = cfg_list_next(element)) + { + const char *vname; + + vclass = "IN"; + vconfig = cfg_listelt_value(element); + if (vconfig != NULL) { + classobj = cfg_tuple_get(vconfig, "class"); + if (cfg_obj_isstring(classobj)) + vclass = cfg_obj_asstring(classobj); + } + vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); + tresult = configure_view(vclass, vname, config, vconfig, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + + if (views == NULL) { + tresult = configure_view("IN", "_default", config, NULL, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + return (result); +} + +/*% The main processing routine */ +int +main(int argc, char **argv) { + int c; + cfg_parser_t *parser = NULL; + cfg_obj_t *config = NULL; + const char *conffile = NULL; + isc_mem_t *mctx = NULL; + isc_result_t result; + int exit_status = 0; + isc_entropy_t *ectx = NULL; + isc_boolean_t load_zones = ISC_FALSE; + + isc_commandline_errprint = ISC_FALSE; + + while ((c = isc_commandline_parse(argc, argv, "dhjt:vz")) != EOF) { + switch (c) { + case 'd': + debug++; + break; + + case 'j': + nomerge = ISC_FALSE; + break; + + case 't': + result = isc_dir_chroot(isc_commandline_argument); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "isc_dir_chroot: %s\n", + isc_result_totext(result)); + exit(1); + } + break; + + case 'v': + printf(VERSION "\n"); + exit(0); + + case 'z': + load_zones = ISC_TRUE; + docheckmx = ISC_FALSE; + docheckns = ISC_FALSE; + dochecksrv = ISC_FALSE; + break; + + case '?': + if (isc_commandline_option != '?') + fprintf(stderr, "%s: invalid argument -%c\n", + program, isc_commandline_option); + case 'h': + usage(); + + default: + fprintf(stderr, "%s: unhandled option -%c\n", + program, isc_commandline_option); + exit(1); + } + } + + if (isc_commandline_index + 1 < argc) + usage(); + if (argv[isc_commandline_index] != NULL) + conffile = argv[isc_commandline_index]; + if (conffile == NULL || conffile[0] == '\0') + conffile = NAMED_CONFFILE; + + RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); + + RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS); + + RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS); + RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE) + == ISC_R_SUCCESS); + + dns_result_register(); + + RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS); + + cfg_parser_setcallback(parser, directory_callback, NULL); + + if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) != + ISC_R_SUCCESS) + exit(1); + + result = bind9_check_namedconf(config, logc, mctx); + if (result != ISC_R_SUCCESS) + exit_status = 1; + + if (result == ISC_R_SUCCESS && load_zones) { + result = load_zones_fromconfig(config, mctx); + if (result != ISC_R_SUCCESS) + exit_status = 1; + } + + cfg_obj_destroy(parser, &config); + + cfg_parser_destroy(&parser); + + dns_name_destroy(); + + isc_log_destroy(&logc); + + isc_hash_destroy(); + isc_entropy_detach(&ectx); + + isc_mem_destroy(&mctx); + + return (exit_status); +} diff --git a/contrib/bind-9.5.2/bin/check/named-checkconf.html b/contrib/bind-9.5.2/bin/check/named-checkconf.html new file mode 100644 index 0000000000..3b17022ff9 --- /dev/null +++ b/contrib/bind-9.5.2/bin/check/named-checkconf.html @@ -0,0 +1,96 @@ + + + + + +named-checkconf + + +
+
+
+

Name

+

named-checkconf — named configuration file syntax checking tool

+
+
+

Synopsis

+

named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-z]

+
+
+

DESCRIPTION

+

named-checkconf + checks the syntax, but not the semantics, of a named + configuration file. +

+
+
+

OPTIONS

+
+
-h
+

+ Print the usage summary and exit. +

+
-t directory
+

+ Chroot to directory so that + include + directives in the configuration file are processed as if + run by a similarly chrooted named. +

+
-v
+

+ Print the version of the named-checkconf + program and exit. +

+
-z
+

+ Perform a test load of all master zones found in + named.conf. +

+
-j
+

+ When loading a zonefile read the journal if it exists. +

+
filename
+

+ The name of the configuration file to be checked. If not + specified, it defaults to /etc/named.conf. +

+
+
+
+

RETURN VALUES

+

named-checkconf + returns an exit status of 1 if + errors were detected and 0 otherwise. +

+
+
+

SEE ALSO

+

named(8), + named-checkzone(8), + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.5.2/bin/check/named-checkzone.8 b/contrib/bind-9.5.2/bin/check/named-checkzone.8 new file mode 100644 index 0000000000..8e69900187 --- /dev/null +++ b/contrib/bind-9.5.2/bin/check/named-checkzone.8 @@ -0,0 +1,278 @@ +.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000-2002 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: named-checkzone.8,v 1.42.130.2 2009/07/11 01:43:26 tbox Exp $ +.\" +.hy 0 +.ad l +.\" Title: named\-checkzone +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: June 13, 2000 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +named\-checkzone, named\-compilezone \- zone file validity checking or converting tool +.SH "SYNOPSIS" +.HP 16 +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +.HP 18 +\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +.SH "DESCRIPTION" +.PP +\fBnamed\-checkzone\fR +checks the syntax and integrity of a zone file. It performs the same checks as +\fBnamed\fR +does when loading a zone. This makes +\fBnamed\-checkzone\fR +useful for checking zone files before configuring them into a name server. +.PP +\fBnamed\-compilezone\fR +is similar to +\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by +\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the +\fBnamed\fR +configuration file. +.SH "OPTIONS" +.PP +\-d +.RS 4 +Enable debugging. +.RE +.PP +\-h +.RS 4 +Print the usage summary and exit. +.RE +.PP +\-q +.RS 4 +Quiet mode \- exit code only. +.RE +.PP +\-v +.RS 4 +Print the version of the +\fBnamed\-checkzone\fR +program and exit. +.RE +.PP +\-j +.RS 4 +When loading the zone file read the journal if it exists. +.RE +.PP +\-c \fIclass\fR +.RS 4 +Specify the class of the zone. If not specified, "IN" is assumed. +.RE +.PP +\-i \fImode\fR +.RS 4 +Perform post\-load zone integrity checks. Possible modes are +\fB"full"\fR +(default), +\fB"full\-sibling"\fR, +\fB"local"\fR, +\fB"local\-sibling"\fR +and +\fB"none"\fR. +.sp +Mode +\fB"full"\fR +checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode +\fB"local"\fR +only checks MX records which refer to in\-zone hostnames. +.sp +Mode +\fB"full"\fR +checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode +\fB"local"\fR +only checks SRV records which refer to in\-zone hostnames. +.sp +Mode +\fB"full"\fR +checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode +\fB"local"\fR +only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone. +.sp +Mode +\fB"full\-sibling"\fR +and +\fB"local\-sibling"\fR +disable sibling glue checks but are otherwise the same as +\fB"full"\fR +and +\fB"local"\fR +respectively. +.sp +Mode +\fB"none"\fR +disables the checks. +.RE +.PP +\-f \fIformat\fR +.RS 4 +Specify the format of the zone file. Possible formats are +\fB"text"\fR +(default) and +\fB"raw"\fR. +.RE +.PP +\-F \fIformat\fR +.RS 4 +Specify the format of the output file specified. Possible formats are +\fB"text"\fR +(default) and +\fB"raw"\fR. For +\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents. +.RE +.PP +\-k \fImode\fR +.RS 4 +Perform +\fB"check\-names"\fR +checks with the specified failure mode. Possible modes are +\fB"fail"\fR +(default for +\fBnamed\-compilezone\fR), +\fB"warn"\fR +(default for +\fBnamed\-checkzone\fR) and +\fB"ignore"\fR. +.RE +.PP +\-m \fImode\fR +.RS 4 +Specify whether MX records should be checked to see if they are addresses. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. +.RE +.PP +\-M \fImode\fR +.RS 4 +Check if a MX record refers to a CNAME. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. +.RE +.PP +\-n \fImode\fR +.RS 4 +Specify whether NS records should be checked to see if they are addresses. Possible modes are +\fB"fail"\fR +(default for +\fBnamed\-compilezone\fR), +\fB"warn"\fR +(default for +\fBnamed\-checkzone\fR) and +\fB"ignore"\fR. +.RE +.PP +\-o \fIfilename\fR +.RS 4 +Write zone output to +\fIfilename\fR. If +\fIfilename\fR +is +\fI\-\fR +then write to standard out. This is mandatory for +\fBnamed\-compilezone\fR. +.RE +.PP +\-s \fIstyle\fR +.RS 4 +Specify the style of the dumped zone file. Possible styles are +\fB"full"\fR +(default) and +\fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For +\fBnamed\-checkzone\fR +this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text. +.RE +.PP +\-S \fImode\fR +.RS 4 +Check if a SRV record refers to a CNAME. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. +.RE +.PP +\-t \fIdirectory\fR +.RS 4 +Chroot to +\fIdirectory\fR +so that include directives in the configuration file are processed as if run by a similarly chrooted named. +.RE +.PP +\-w \fIdirectory\fR +.RS 4 +chdir to +\fIdirectory\fR +so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in +\fInamed.conf\fR. +.RE +.PP +\-D +.RS 4 +Dump zone file in canonical format. This is always enabled for +\fBnamed\-compilezone\fR. +.RE +.PP +\-W \fImode\fR +.RS 4 +Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are +\fB"warn"\fR +(default) and +\fB"ignore"\fR. +.RE +.PP +zonename +.RS 4 +The domain name of the zone being checked. +.RE +.PP +filename +.RS 4 +The name of the zone file. +.RE +.SH "RETURN VALUES" +.PP +\fBnamed\-checkzone\fR +returns an exit status of 1 if errors were detected and 0 otherwise. +.SH "SEE ALSO" +.PP +\fBnamed\fR(8), +\fBnamed\-checkconf\fR(8), +RFC 1035, +BIND 9 Administrator Reference Manual. +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2004\-2007, 2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2002 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/bin/check/named-checkzone.c b/contrib/bind-9.5.2/bin/check/named-checkzone.c new file mode 100644 index 0000000000..6d509ab240 --- /dev/null +++ b/contrib/bind-9.5.2/bin/check/named-checkzone.c @@ -0,0 +1,455 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named-checkzone.c,v 1.49.130.5 2009/05/29 02:18:32 marka Exp $ */ + +/*! \file */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "check-tool.h" + +static int quiet = 0; +static isc_mem_t *mctx = NULL; +static isc_entropy_t *ectx = NULL; +dns_zone_t *zone = NULL; +dns_zonetype_t zonetype = dns_zone_master; +static int dumpzone = 0; +static const char *output_filename; +static char *prog_name = NULL; +static const dns_master_style_t *outputstyle = NULL; +static enum { progmode_check, progmode_compile } progmode; + +#define ERRRET(result, function) \ + do { \ + if (result != ISC_R_SUCCESS) { \ + if (!quiet) \ + fprintf(stderr, "%s() returned %s\n", \ + function, dns_result_totext(result)); \ + return (result); \ + } \ + } while (0) + +static void +usage(void) { + fprintf(stderr, + "usage: %s [-djqvD] [-c class] [-o output] " + "[-f inputformat] [-F outputformat] " + "[-t directory] [-w directory] [-k (ignore|warn|fail)] " + "[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] " + "[-i (full|full-sibling|local|local-sibling|none)] " + "[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] " + "[-W (ignore|warn)] " + "zonename filename\n", prog_name); + exit(1); +} + +static void +destroy(void) { + if (zone != NULL) + dns_zone_detach(&zone); + dns_name_destroy(); +} + +/*% main processing routine */ +int +main(int argc, char **argv) { + int c; + char *origin = NULL; + char *filename = NULL; + isc_log_t *lctx = NULL; + isc_result_t result; + char classname_in[] = "IN"; + char *classname = classname_in; + const char *workdir = NULL; + const char *inputformatstr = NULL; + const char *outputformatstr = NULL; + dns_masterformat_t inputformat = dns_masterformat_text; + dns_masterformat_t outputformat = dns_masterformat_text; + FILE *errout = stdout; + + outputstyle = &dns_master_style_full; + + prog_name = strrchr(argv[0], '/'); + if (prog_name == NULL) + prog_name = strrchr(argv[0], '\\'); + if (prog_name != NULL) + prog_name++; + else + prog_name = argv[0]; + /* + * Libtool doesn't preserve the program name prior to final + * installation. Remove the libtool prefix ("lt-"). + */ + if (strncmp(prog_name, "lt-", 3) == 0) + prog_name += 3; + +#define PROGCMP(X) \ + (strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0) + + if (PROGCMP("named-checkzone")) + progmode = progmode_check; + else if (PROGCMP("named-compilezone")) + progmode = progmode_compile; + else + INSIST(0); + + /* Compilation specific defaults */ + if (progmode == progmode_compile) { + zone_options |= (DNS_ZONEOPT_CHECKNS | + DNS_ZONEOPT_FATALNS | + DNS_ZONEOPT_CHECKNAMES | + DNS_ZONEOPT_CHECKNAMESFAIL | + DNS_ZONEOPT_CHECKWILDCARD); + } + +#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0) + + isc_commandline_errprint = ISC_FALSE; + + while ((c = isc_commandline_parse(argc, argv, + "c:df:hi:jk:m:n:qs:t:o:vw:DF:M:S:W:")) + != EOF) { + switch (c) { + case 'c': + classname = isc_commandline_argument; + break; + + case 'd': + debug++; + break; + + case 'i': + if (ARGCMP("full")) { + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY | + DNS_ZONEOPT_CHECKSIBLING; + docheckmx = ISC_TRUE; + docheckns = ISC_TRUE; + dochecksrv = ISC_TRUE; + } else if (ARGCMP("full-sibling")) { + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; + zone_options &= ~DNS_ZONEOPT_CHECKSIBLING; + docheckmx = ISC_TRUE; + docheckns = ISC_TRUE; + dochecksrv = ISC_TRUE; + } else if (ARGCMP("local")) { + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; + zone_options |= DNS_ZONEOPT_CHECKSIBLING; + docheckmx = ISC_FALSE; + docheckns = ISC_FALSE; + dochecksrv = ISC_FALSE; + } else if (ARGCMP("local-sibling")) { + zone_options |= DNS_ZONEOPT_CHECKINTEGRITY; + zone_options &= ~DNS_ZONEOPT_CHECKSIBLING; + docheckmx = ISC_FALSE; + docheckns = ISC_FALSE; + dochecksrv = ISC_FALSE; + } else if (ARGCMP("none")) { + zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY; + zone_options &= ~DNS_ZONEOPT_CHECKSIBLING; + docheckmx = ISC_FALSE; + docheckns = ISC_FALSE; + dochecksrv = ISC_FALSE; + } else { + fprintf(stderr, "invalid argument to -i: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'f': + inputformatstr = isc_commandline_argument; + break; + + case 'F': + outputformatstr = isc_commandline_argument; + break; + + case 'j': + nomerge = ISC_FALSE; + break; + + case 'k': + if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_CHECKNAMES; + zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL; + } else if (ARGCMP("fail")) { + zone_options |= DNS_ZONEOPT_CHECKNAMES | + DNS_ZONEOPT_CHECKNAMESFAIL; + } else if (ARGCMP("ignore")) { + zone_options &= ~(DNS_ZONEOPT_CHECKNAMES | + DNS_ZONEOPT_CHECKNAMESFAIL); + } else { + fprintf(stderr, "invalid argument to -k: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'n': + if (ARGCMP("ignore")) { + zone_options &= ~(DNS_ZONEOPT_CHECKNS| + DNS_ZONEOPT_FATALNS); + } else if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_CHECKNS; + zone_options &= ~DNS_ZONEOPT_FATALNS; + } else if (ARGCMP("fail")) { + zone_options |= DNS_ZONEOPT_CHECKNS| + DNS_ZONEOPT_FATALNS; + } else { + fprintf(stderr, "invalid argument to -n: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'm': + if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_CHECKMX; + zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL; + } else if (ARGCMP("fail")) { + zone_options |= DNS_ZONEOPT_CHECKMX | + DNS_ZONEOPT_CHECKMXFAIL; + } else if (ARGCMP("ignore")) { + zone_options &= ~(DNS_ZONEOPT_CHECKMX | + DNS_ZONEOPT_CHECKMXFAIL); + } else { + fprintf(stderr, "invalid argument to -m: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'q': + quiet++; + break; + + case 't': + result = isc_dir_chroot(isc_commandline_argument); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "isc_dir_chroot: %s: %s\n", + isc_commandline_argument, + isc_result_totext(result)); + exit(1); + } + break; + + case 's': + if (ARGCMP("full")) + outputstyle = &dns_master_style_full; + else if (ARGCMP("relative")) { + outputstyle = &dns_master_style_default; + } else { + fprintf(stderr, + "unknown or unsupported style: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'o': + output_filename = isc_commandline_argument; + break; + + case 'v': + printf(VERSION "\n"); + exit(0); + + case 'w': + workdir = isc_commandline_argument; + break; + + case 'D': + dumpzone++; + break; + + case 'M': + if (ARGCMP("fail")) { + zone_options &= ~DNS_ZONEOPT_WARNMXCNAME; + zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME; + } else if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_WARNMXCNAME; + zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME; + } else if (ARGCMP("ignore")) { + zone_options |= DNS_ZONEOPT_WARNMXCNAME; + zone_options |= DNS_ZONEOPT_IGNOREMXCNAME; + } else { + fprintf(stderr, "invalid argument to -M: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'S': + if (ARGCMP("fail")) { + zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME; + zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME; + } else if (ARGCMP("warn")) { + zone_options |= DNS_ZONEOPT_WARNSRVCNAME; + zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME; + } else if (ARGCMP("ignore")) { + zone_options |= DNS_ZONEOPT_WARNSRVCNAME; + zone_options |= DNS_ZONEOPT_IGNORESRVCNAME; + } else { + fprintf(stderr, "invalid argument to -S: %s\n", + isc_commandline_argument); + exit(1); + } + break; + + case 'W': + if (ARGCMP("warn")) + zone_options |= DNS_ZONEOPT_CHECKWILDCARD; + else if (ARGCMP("ignore")) + zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD; + break; + + case '?': + if (isc_commandline_option != '?') + fprintf(stderr, "%s: invalid argument -%c\n", + prog_name, isc_commandline_option); + case 'h': + usage(); + + default: + fprintf(stderr, "%s: unhandled option -%c\n", + prog_name, isc_commandline_option); + exit(1); + } + } + + if (workdir != NULL) { + result = isc_dir_chdir(workdir); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "isc_dir_chdir: %s: %s\n", + workdir, isc_result_totext(result)); + exit(1); + } + } + + if (inputformatstr != NULL) { + if (strcasecmp(inputformatstr, "text") == 0) + inputformat = dns_masterformat_text; + else if (strcasecmp(inputformatstr, "raw") == 0) + inputformat = dns_masterformat_raw; + else { + fprintf(stderr, "unknown file format: %s\n", + inputformatstr); + exit(1); + } + } + + if (outputformatstr != NULL) { + if (strcasecmp(outputformatstr, "text") == 0) + outputformat = dns_masterformat_text; + else if (strcasecmp(outputformatstr, "raw") == 0) + outputformat = dns_masterformat_raw; + else { + fprintf(stderr, "unknown file format: %s\n", + outputformatstr); + exit(1); + } + } + + if (progmode == progmode_compile) { + dumpzone = 1; /* always dump */ + if (output_filename == NULL) { + fprintf(stderr, + "output file required, but not specified\n"); + usage(); + } + } + + if (output_filename != NULL) + dumpzone = 1; + + /* + * If we are outputing to stdout then send the informational + * output to stderr. + */ + if (dumpzone && + (output_filename == NULL || + strcmp(output_filename, "-") == 0 || + strcmp(output_filename, "/dev/fd/1") == 0 || + strcmp(output_filename, "/dev/stdout") == 0)) + errout = stderr; + + if (isc_commandline_index + 2 != argc) + usage(); + + RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); + if (!quiet) + RUNTIME_CHECK(setup_logging(mctx, errout, &lctx) + == ISC_R_SUCCESS); + RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS); + RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE) + == ISC_R_SUCCESS); + + dns_result_register(); + + origin = argv[isc_commandline_index++]; + filename = argv[isc_commandline_index++]; + result = load_zone(mctx, origin, filename, inputformat, classname, + &zone); + + if (result == ISC_R_SUCCESS && dumpzone) { + if (!quiet && progmode == progmode_compile) { + fprintf(errout, "dump zone to %s...", output_filename); + fflush(errout); + } + result = dump_zone(origin, zone, output_filename, + outputformat, outputstyle); + if (!quiet && progmode == progmode_compile) + fprintf(errout, "done\n"); + } + + if (!quiet && result == ISC_R_SUCCESS) + fprintf(errout, "OK\n"); + destroy(); + if (lctx != NULL) + isc_log_destroy(&lctx); + isc_hash_destroy(); + isc_entropy_detach(&ectx); + isc_mem_destroy(&mctx); + return ((result == ISC_R_SUCCESS) ? 0 : 1); +} diff --git a/contrib/bind-9.5.2/bin/check/named-checkzone.html b/contrib/bind-9.5.2/bin/check/named-checkzone.html new file mode 100644 index 0000000000..ae11598bbc --- /dev/null +++ b/contrib/bind-9.5.2/bin/check/named-checkzone.html @@ -0,0 +1,262 @@ + + + + + +named-checkzone + + +
+
+
+

Name

+

named-checkzone, named-compilezone — zone file validity checking or converting tool

+
+
+

Synopsis

+

named-checkzone [-d] [-h] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-o filename] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
+
+

DESCRIPTION

+

named-checkzone + checks the syntax and integrity of a zone file. It performs the + same checks as named does when loading a + zone. This makes named-checkzone useful for + checking zone files before configuring them into a name server. +

+

+ named-compilezone is similar to + named-checkzone, but it always dumps the + zone contents to a specified file in a specified format. + Additionally, it applies stricter check levels by default, + since the dump output will be used as an actual zone file + loaded by named. + When manually specified otherwise, the check levels must at + least be as strict as those specified in the + named configuration file. +

+
+
+

OPTIONS

+
+
-d
+

+ Enable debugging. +

+
-h
+

+ Print the usage summary and exit. +

+
-q
+

+ Quiet mode - exit code only. +

+
-v
+

+ Print the version of the named-checkzone + program and exit. +

+
-j
+

+ When loading the zone file read the journal if it exists. +

+
-c class
+

+ Specify the class of the zone. If not specified, "IN" is assumed. +

+
-i mode
+
+

+ Perform post-load zone integrity checks. Possible modes are + "full" (default), + "full-sibling", + "local", + "local-sibling" and + "none". +

+

+ Mode "full" checks that MX records + refer to A or AAAA record (both in-zone and out-of-zone + hostnames). Mode "local" only + checks MX records which refer to in-zone hostnames. +

+

+ Mode "full" checks that SRV records + refer to A or AAAA record (both in-zone and out-of-zone + hostnames). Mode "local" only + checks SRV records which refer to in-zone hostnames. +

+

+ Mode "full" checks that delegation NS + records refer to A or AAAA record (both in-zone and out-of-zone + hostnames). It also checks that glue address records + in the zone match those advertised by the child. + Mode "local" only checks NS records which + refer to in-zone hostnames or that some required glue exists, + that is when the nameserver is in a child zone. +

+

+ Mode "full-sibling" and + "local-sibling" disable sibling glue + checks but are otherwise the same as "full" + and "local" respectively. +

+

+ Mode "none" disables the checks. +

+
+
-f format
+

+ Specify the format of the zone file. + Possible formats are "text" (default) + and "raw". +

+
-F format
+

+ Specify the format of the output file specified. + Possible formats are "text" (default) + and "raw". + For named-checkzone, + this does not cause any effects unless it dumps the zone + contents. +

+
-k mode
+

+ Perform "check-names" checks with the + specified failure mode. + Possible modes are "fail" + (default for named-compilezone), + "warn" + (default for named-checkzone) and + "ignore". +

+
-m mode
+

+ Specify whether MX records should be checked to see if they + are addresses. Possible modes are "fail", + "warn" (default) and + "ignore". +

+
-M mode
+

+ Check if a MX record refers to a CNAME. + Possible modes are "fail", + "warn" (default) and + "ignore". +

+
-n mode
+

+ Specify whether NS records should be checked to see if they + are addresses. + Possible modes are "fail" + (default for named-compilezone), + "warn" + (default for named-checkzone) and + "ignore". +

+
-o filename
+

+ Write zone output to filename. + If filename is - then + write to standard out. + This is mandatory for named-compilezone. +

+
-s style
+

+ Specify the style of the dumped zone file. + Possible styles are "full" (default) + and "relative". + The full format is most suitable for processing + automatically by a separate script. + On the other hand, the relative format is more + human-readable and is thus suitable for editing by hand. + For named-checkzone + this does not cause any effects unless it dumps the zone + contents. + It also does not have any meaning if the output format + is not text. +

+
-S mode
+

+ Check if a SRV record refers to a CNAME. + Possible modes are "fail", + "warn" (default) and + "ignore". +

+
-t directory
+

+ Chroot to directory so that + include + directives in the configuration file are processed as if + run by a similarly chrooted named. +

+
-w directory
+

+ chdir to directory so that + relative + filenames in master file $INCLUDE directives work. This + is similar to the directory clause in + named.conf. +

+
-D
+

+ Dump zone file in canonical format. + This is always enabled for named-compilezone. +

+
-W mode
+

+ Specify whether to check for non-terminal wildcards. + Non-terminal wildcards are almost always the result of a + failure to understand the wildcard matching algorithm (RFC 1034). + Possible modes are "warn" (default) + and + "ignore". +

+
zonename
+

+ The domain name of the zone being checked. +

+
filename
+

+ The name of the zone file. +

+
+
+
+

RETURN VALUES

+

named-checkzone + returns an exit status of 1 if + errors were detected and 0 otherwise. +

+
+
+

SEE ALSO

+

named(8), + named-checkconf(8), + RFC 1035, + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/dig/dig.1 b/contrib/bind-9.5.2/bin/dig/dig.1 similarity index 77% rename from contrib/bind-9.3/bin/dig/dig.1 rename to contrib/bind-9.5.2/bin/dig/dig.1 index 735f31c2a5..3a63d433bf 100644 --- a/contrib/bind-9.3/bin/dig/dig.1 +++ b/contrib/bind-9.5.2/bin/dig/dig.1 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $ +.\" $Id: dig.1,v 1.45.150.8 2009/07/11 01:43:26 tbox Exp $ .\" .hy 0 .ad l .\" Title: dig .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] .HP 4 \fBdig\fR [\fB\-h\fR] .HP 4 @@ -50,7 +50,7 @@ Although \fBdig\fR is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the \fB\-h\fR -option is given. Unlike earlier versions, the BIND9 implementation of +option is given. Unlike earlier versions, the BIND 9 implementation of \fBdig\fR allows multiple lookups to be issued from the command line. .PP @@ -59,27 +59,38 @@ Unless it is told to query a specific name server, will try each of the servers listed in \fI/etc/resolv.conf\fR. .PP -When no command line arguments or options are given, will perform an NS query for "." (the root). +When no command line arguments or options are given, +\fBdig\fR +will perform an NS query for "." (the root). .PP It is possible to set per\-user defaults for \fBdig\fR via \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments. +.PP +The IN and CH class names overlap with the IN and CH top level domains names. Either use the +\fB\-t\fR +and +\fB\-c\fR +options to specify the type and class, use the +\fB\-q\fR +the specify the domain name, or use "IN." and "CH." when looking up these top level domains. .SH "SIMPLE USAGE" .PP A typical invocation of \fBdig\fR looks like: .sp -.RS 3n +.RS 4 .nf dig @server name type .fi .RE .sp where: -.TP 3n +.PP \fBserver\fR +.RS 4 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied \fIserver\fR argument is a hostname, @@ -91,11 +102,15 @@ argument is provided, consults \fI/etc/resolv.conf\fR and queries the name servers listed there. The reply from the name server that responds is displayed. -.TP 3n +.RE +.PP \fBname\fR +.RS 4 is the name of the resource record that is to be looked up. -.TP 3n +.RE +.PP \fBtype\fR +.RS 4 indicates what type of query is required \(em ANY, A, MX, SIG, etc. \fItype\fR can be any valid query type. If no @@ -103,6 +118,7 @@ can be any valid query type. If no argument is supplied, \fBdig\fR will perform a lookup for an A record. +.RE .SH "OPTIONS" .PP The @@ -114,17 +130,21 @@ The default query class (IN for internet) is overridden by the \fB\-c\fR option. \fIclass\fR -is any valid class, such as HS for Hesiod records or CH for CHAOSNET records. +is any valid class, such as HS for Hesiod records or CH for Chaosnet records. .PP The \fB\-f\fR option makes \fBdig \fR operate in batch mode by reading a list of lookup requests to process from the file -\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to +\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to \fBdig\fR using the command\-line interface. .PP +The +\fB\-m\fR +option enables memory usage debugging. +.PP If a non\-standard port number is to be queried, the \fB\-p\fR option is used. @@ -146,7 +166,7 @@ to only use IPv6 query transport. The \fB\-t\fR option sets the query type to -\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the +\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the \fB\-x\fR option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, \fItype\fR @@ -154,7 +174,14 @@ is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was \fIN\fR. .PP -Reverse lookups \- mapping addresses to names \- are simplified by the +The +\fB\-q\fR +option sets the query name to +\fIname\fR. This useful do distinguish the +\fIname\fR +from other arguments. +.PP +Reverse lookups \(em mapping addresses to names \(em are simplified by the \fB\-x\fR option. \fIaddr\fR @@ -178,6 +205,8 @@ and their responses using transaction signatures (TSIG), specify a TSIG key file option. You can also specify the TSIG key itself on the command line using the \fB\-y\fR option; +\fIhmac\fR +is the type of the TSIG, default HMAC\-MD5, \fIname\fR is the name of the TSIG key and \fIkey\fR @@ -185,7 +214,7 @@ is the actual key. The key is a base\-64 encoded string, typically generated by \fBdnssec\-keygen\fR(8). Caution should be taken when using the \fB\-y\fR option on multi\-user systems as the key can be visible in the output from -\fBps\fR(1 ) +\fBps\fR(1) or in the shell's history file. When using TSIG authentication with \fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate \fBkey\fR @@ -202,19 +231,26 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: -.TP 3n +.PP \fB+[no]tcp\fR -Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.TP 3n +.RS 4 +Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. +.RE +.PP \fB+[no]vc\fR +.RS 4 Use [do not use] TCP when querying name servers. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility. The "vc" stands for "virtual circuit". -.TP 3n +.RE +.PP \fB+[no]ignore\fR +.RS 4 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. -.TP 3n +.RE +.PP \fB+domain=somename\fR +.RS 4 Set the search list to contain the single domain \fIsomename\fR, as if specified in a \fBdomain\fR @@ -222,36 +258,59 @@ directive in \fI/etc/resolv.conf\fR, and enable search list processing as if the \fI+search\fR option were given. -.TP 3n +.RE +.PP \fB+[no]search\fR +.RS 4 Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv.conf\fR (if any). The search list is not used by default. -.TP 3n +.RE +.PP +\fB+[no]showsearch\fR +.RS 4 +Perform [do not perform] a search showing intermediate results. +.RE +.PP \fB+[no]defname\fR +.RS 4 Deprecated, treated as a synonym for \fI+[no]search\fR -.TP 3n +.RE +.PP \fB+[no]aaonly\fR +.RS 4 Sets the "aa" flag in the query. -.TP 3n +.RE +.PP \fB+[no]aaflag\fR +.RS 4 A synonym for \fI+[no]aaonly\fR. -.TP 3n +.RE +.PP \fB+[no]adflag\fR -Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. -.TP 3n +.RS 4 +Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. +.RE +.PP \fB+[no]cdflag\fR +.RS 4 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. -.TP 3n +.RE +.PP \fB+[no]cl\fR +.RS 4 Display [do not display] the CLASS when printing the record. -.TP 3n +.RE +.PP \fB+[no]ttlid\fR +.RS 4 Display [do not display] the TTL when printing the record. -.TP 3n +.RE +.PP \fB+[no]recurse\fR +.RS 4 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means \fBdig\fR normally sends recursive queries. Recursion is automatically disabled when the @@ -259,75 +318,109 @@ normally sends recursive queries. Recursion is automatically disabled when the or \fI+trace\fR query options are used. -.TP 3n +.RE +.PP \fB+[no]nssearch\fR +.RS 4 When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.TP 3n +.RE +.PP \fB+[no]trace\fR +.RS 4 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.TP 3n +.RE +.PP \fB+[no]cmd\fR -toggles the printing of the initial comment in the output identifying the version of +.RS 4 +Toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied. This comment is printed by default. -.TP 3n +.RE +.PP \fB+[no]short\fR +.RS 4 Provide a terse answer. The default is to print the answer in a verbose form. -.TP 3n +.RE +.PP \fB+[no]identify\fR +.RS 4 Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.TP 3n +.RE +.PP \fB+[no]comments\fR +.RS 4 Toggle the display of comment lines in the output. The default is to print comments. -.TP 3n +.RE +.PP \fB+[no]stats\fR -This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. -.TP 3n +.RS 4 +This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. +.RE +.PP \fB+[no]qr\fR +.RS 4 Print [do not print] the query as it is sent. By default, the query is not printed. -.TP 3n +.RE +.PP \fB+[no]question\fR +.RS 4 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.TP 3n +.RE +.PP \fB+[no]answer\fR +.RS 4 Display [do not display] the answer section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]authority\fR +.RS 4 Display [do not display] the authority section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]additional\fR +.RS 4 Display [do not display] the additional section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]all\fR +.RS 4 Set or clear all display flags. -.TP 3n +.RE +.PP \fB+time=T\fR +.RS 4 Sets the timeout for a query to \fIT\fR -seconds. The default time out is 5 seconds. An attempt to set +seconds. The default timeout is 5 seconds. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied. -.TP 3n +.RE +.PP \fB+tries=T\fR +.RS 4 Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1. -.TP 3n +.RE +.PP \fB+retry=T\fR +.RS 4 Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2. Unlike \fI+tries\fR, this does not include the initial query. -.TP 3n +.RE +.PP \fB+ndots=D\fR +.RS 4 Set the number of dots that have to appear in \fIname\fR to @@ -339,34 +432,55 @@ or \fBdomain\fR directive in \fI/etc/resolv.conf\fR. -.TP 3n +.RE +.PP \fB+bufsize=B\fR +.RS 4 Set the UDP message buffer size advertised using EDNS0 to \fIB\fR -bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. -.TP 3n +bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent. +.RE +.PP +\fB+edns=#\fR +.RS 4 +Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. +\fB+noedns\fR +clears the remembered EDNS version. +.RE +.PP \fB+[no]multiline\fR +.RS 4 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output. -.TP 3n +.RE +.PP \fB+[no]fail\fR -Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. -.TP 3n +.RS 4 +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. +.RE +.PP \fB+[no]besteffort\fR +.RS 4 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.TP 3n +.RE +.PP \fB+[no]dnssec\fR +.RS 4 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. -.TP 3n +.RE +.PP \fB+[no]sigchase\fR +.RS 4 Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. -.TP 3n +.RE +.PP \fB+trusted\-key=####\fR +.RS 4 Specifies a file containing trusted keys to be used with \fB+sigchase\fR. Each DNSKEY record must be on its own line. .sp -If not specified +If not specified, \fBdig\fR will look for \fI/etc/trusted\-key.key\fR @@ -375,9 +489,17 @@ then in the current directory. .sp Requires dig be compiled with \-DDIG_SIGCHASE. -.TP 3n +.RE +.PP \fB+[no]topdown\fR -When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RS 4 +When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RE +.PP +\fB+[no]nsid\fR +.RS 4 +Include an EDNS name server ID request when sending a query. +.RE .SH "MULTIPLE QUERIES" .PP The BIND 9 implementation of @@ -394,7 +516,7 @@ A global set of query options, which should be applied to all queries, can also \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options. For example: .sp -.RS 3n +.RS 4 .nf dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi @@ -414,6 +536,17 @@ which means that \fBdig\fR will not print the initial query when it looks up the NS records for isc.org. +.SH "IDN SUPPORT" +.PP +If +\fBdig\fR +has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names. +\fBdig\fR +appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the +\fBIDN_DISABLE\fR +environment variable. The IDN support is disabled if the variable is set when +\fBdig\fR +runs. .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -425,8 +558,11 @@ isc.org. \fBnamed\fR(8), \fBdnssec\-keygen\fR(8), RFC1035. -.SH "BUGS " +.SH "BUGS" .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/dig/dig.c b/contrib/bind-9.5.2/bin/dig/dig.c similarity index 81% rename from contrib/bind-9.3/bin/dig/dig.c rename to contrib/bind-9.5.2/bin/dig/dig.c index 619e029806..e511d9066f 100644 --- a/contrib/bind-9.3/bin/dig/dig.c +++ b/contrib/bind-9.5.2/bin/dig/dig.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */ +/* $Id: dig.c,v 1.218.12.9 2009/05/06 10:19:49 fdupont Exp $ */ + +/*! \file */ #include #include @@ -40,6 +42,7 @@ #include #include #include +#include #include @@ -47,7 +50,7 @@ #define ADD_STRING(b, s) { \ if (strlen(s) >= isc_buffer_availablelength(b)) \ - return (ISC_R_NOSPACE); \ + return (ISC_R_NOSPACE); \ else \ isc_buffer_putstr(b, s); \ } @@ -67,7 +70,8 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE, ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE, multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE; -static const char *opcodetext[] = { +/*% opcode text */ +static const char * const opcodetext[] = { "QUERY", "IQUERY", "STATUS", @@ -86,7 +90,8 @@ static const char *opcodetext[] = { "RESERVED15" }; -static const char *rcodetext[] = { +/*% return code text */ +static const char * const rcodetext[] = { "NOERROR", "FORMERR", "SERVFAIL", @@ -106,6 +111,25 @@ static const char *rcodetext[] = { "BADVERS" }; +/*% safe rcodetext[] */ +static char * +rcode_totext(dns_rcode_t rcode) +{ + static char buf[sizeof("?65535")]; + union { + const char *consttext; + char *deconsttext; + } totext; + + if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) { + snprintf(buf, sizeof(buf), "?%u", rcode); + totext.deconsttext = buf; + } else + totext.consttext = rcodetext[rcode]; + return totext.deconsttext; +} + +/*% print usage */ static void print_usage(FILE *fp) { fputs( @@ -122,11 +146,13 @@ usage(void) { exit(1); } +/*% version */ static void version(void) { fputs("DiG " VERSION "\n", stderr); } +/*% help */ static void help(void) { print_usage(stdout); @@ -136,17 +162,19 @@ help(void) { " q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n" " (Use ixfr=version for type ixfr)\n" " q-opt is one of:\n" -" -x dot-notation (shortcut for in-addr lookups)\n" -" -i (IP6.INT reverse IPv6 lookups)\n" +" -x dot-notation (shortcut for reverse lookups)\n" +" -i (use IP6.INT for IPv6 reverse lookups)\n" " -f filename (batch mode)\n" " -b address[#port] (bind to source address/port)\n" " -p port (specify port number)\n" +" -q name (specify query name)\n" " -t type (specify query type)\n" " -c class (specify query class)\n" " -k keyfile (specify tsig key file)\n" -" -y name:key (specify named base64 tsig key)\n" +" -y [hmac:]name:key (specify named base64 tsig key)\n" " -4 (use IPv4 query transport only)\n" " -6 (use IPv6 query transport only)\n" +" -m (enable memory usage debugging)\n" " d-opt is of the form +keyword[=value], where keyword is:\n" " +[no]vc (TCP mode)\n" " +[no]tcp (TCP mode, alternate syntax)\n" @@ -156,7 +184,9 @@ help(void) { " +domain=### (Set default domainname)\n" " +bufsize=### (Set EDNS0 Max UDP packet size)\n" " +ndots=### (Set NDOTS value)\n" +" +edns=### (Set EDNS version)\n" " +[no]search (Set whether to use searchlist)\n" +" +[no]showsearch (Search with intermediate results)\n" " +[no]defname (Ditto)\n" " +[no]recurse (Recursive mode)\n" " +[no]ignore (Don't revert to TCP for TC responses.)" @@ -183,6 +213,7 @@ help(void) { " +[no]identify (ID responders in short answers)\n" " +[no]trace (Trace delegation down from root)\n" " +[no]dnssec (Request DNSSEC records)\n" +" +[no]nsid (Request Name Server ID)\n" #ifdef DIG_SIGCHASE " +[no]sigchase (Chase DNSSEC signatures)\n" " +trusted-key=#### (Trusted Key when chasing DNSSEC sigs)\n" @@ -198,7 +229,7 @@ help(void) { stdout); } -/* +/*% * Callback from dighost.c to print the received message. */ void @@ -219,10 +250,12 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { time(&tnow); printf(";; WHEN: %s", ctime(&tnow)); if (query->lookup->doing_xfr) { - printf(";; XFR size: %u records (messages %u)\n", - query->rr_count, query->msg_count); + printf(";; XFR size: %u records (messages %u, " + "bytes %" ISC_PRINT_QUADFORMAT "u)\n", + query->rr_count, query->msg_count, + query->byte_count); } else { - printf(";; MSG SIZE rcvd: %d\n", bytes); + printf(";; MSG SIZE rcvd: %u\n", bytes); } if (key != NULL) { @@ -236,8 +269,11 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { puts(""); } else if (query->lookup->identify && !short_form) { diff = isc_time_microdiff(&now, &query->time_sent); - printf(";; Received %u bytes from %s(%s) in %d ms\n\n", - bytes, fromtext, query->servname, + printf(";; Received %" ISC_PRINT_QUADFORMAT "u bytes " + "from %s(%s) in %d ms\n\n", + query->lookup->doing_xfr ? + query->byte_count : (isc_uint64_t)bytes, + fromtext, query->servname, (int)diff/1000); } } @@ -253,7 +289,7 @@ trying(char *frm, dig_lookup_t *lookup) { UNUSED(lookup); } -/* +/*% * Internal print routine used to print short form replies. */ static isc_result_t @@ -283,7 +319,7 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) { return (ISC_R_SUCCESS); } -/* +/*% * short_form message print handler. Calls above say_message() */ static isc_result_t @@ -367,7 +403,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, else if (nottl || noclass) result = dns_master_stylecreate(&style, styleflags, 24, 24, 32, 40, 80, 8, mctx); - else + else result = dns_master_stylecreate(&style, styleflags, 24, 32, 40, 48, 80, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -376,7 +412,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, if (style != NULL) dns_master_styledestroy(&style, mctx); - + return(result); } #endif @@ -413,7 +449,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { else if (nottl || noclass) result = dns_master_stylecreate(&style, styleflags, 24, 24, 32, 40, 80, 8, mctx); - else + else result = dns_master_stylecreate(&style, styleflags, 24, 32, 40, 48, 80, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -451,7 +487,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (headers) { printf(";; ->>HEADER<<- opcode: %s, status: %s, " "id: %u\n", - opcodetext[msg->opcode], rcodetext[msg->rcode], + opcodetext[msg->opcode], + rcode_totext(msg->rcode), msg->id); printf(";; flags:"); if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) @@ -475,7 +512,16 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { msg->counts[DNS_SECTION_ANSWER], msg->counts[DNS_SECTION_AUTHORITY], msg->counts[DNS_SECTION_ADDITIONAL]); + + if (msg != query->lookup->sendmsg && + (msg->flags & DNS_MESSAGEFLAG_RD) != 0 && + (msg->flags & DNS_MESSAGEFLAG_RA) == 0) + printf(";; WARNING: recursion requested " + "but not available\n"); } + if (msg != query->lookup->sendmsg && extrabytes != 0U) + printf(";; WARNING: Messages has %u extra byte%s at " + "end\n", extrabytes, extrabytes != 0 ? "s" : ""); } repopulate_buffer: @@ -578,7 +624,7 @@ cleanup: return (result); } -/* +/*% * print the greeting message when the program first starts up. */ static void @@ -613,7 +659,7 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { strncat(lookup->cmdline, append, remaining); } if (first) { - snprintf(append, sizeof(append), + snprintf(append, sizeof(append), ";; global options: %s %s\n", short_form ? "short_form" : "", printcmd ? "printcmd" : ""); @@ -625,42 +671,6 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { } } -/* - * Reorder an argument list so that server names all come at the end. - * This is a bit of a hack, to allow batch-mode processing to properly - * handle the server options. - */ -static void -reorder_args(int argc, char *argv[]) { - int i, j; - char *ptr; - int end; - - debug("reorder_args()"); - end = argc - 1; - while (argv[end][0] == '@') { - end--; - if (end == 0) - return; - } - debug("arg[end]=%s", argv[end]); - for (i = 1; i < end - 1; i++) { - if (argv[i][0] == '@') { - debug("arg[%d]=%s", i, argv[i]); - ptr = argv[i]; - for (j = i + 1; j < end; j++) { - debug("Moving %s to %d", argv[j], j - 1); - argv[j - 1] = argv[j]; - } - debug("moving %s to end, %d", ptr, end - 1); - argv[end - 1] = ptr; - end--; - if (end < 1) - return; - } - } -} - static isc_uint32_t parse_uint(char *arg, const char *desc, isc_uint32_t max) { isc_result_t result; @@ -674,7 +684,7 @@ parse_uint(char *arg, const char *desc, isc_uint32_t max) { return (tmp); } -/* +/*% * We're not using isc_commandline_parse() here since the command line * syntax of dig is quite a bit different from that which can be described * by that routine. @@ -727,7 +737,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, FULLCHECK2("aaonly", "aaflag"); lookup->aaonly = state; break; - case 'd': + case 'd': switch (cmd[2]) { case 'd': /* additional */ FULLCHECK("additional"); @@ -810,13 +820,17 @@ plus_option(char *option, isc_boolean_t is_batchfile, switch (cmd[1]) { case 'e': /* defname */ FULLCHECK("defname"); - usesearch = state; + if (!lookup->trace) { + usesearch = state; + } break; - case 'n': /* dnssec */ + case 'n': /* dnssec */ FULLCHECK("dnssec"); + if (state && lookup->edns == -1) + lookup->edns = 0; lookup->dnssec = state; break; - case 'o': /* domain */ + case 'o': /* domain */ FULLCHECK("domain"); if (value == NULL) goto need_value; @@ -829,6 +843,16 @@ plus_option(char *option, isc_boolean_t is_batchfile, goto invalid_option; } break; + case 'e': + FULLCHECK("edns"); + if (!state) { + lookup->edns = -1; + break; + } + if (value == NULL) + goto need_value; + lookup->edns = (isc_int16_t) parse_uint(value, "edns", 255); + break; case 'f': /* fail */ FULLCHECK("fail"); lookup->servfail_stops = state; @@ -840,7 +864,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->identify = state; break; case 'g': /* ignore */ - default: /* Inherets default for compatibility */ + default: /* Inherits default for compatibility */ FULLCHECK("ignore"); lookup->ignore = ISC_TRUE; } @@ -859,28 +883,40 @@ plus_option(char *option, isc_boolean_t is_batchfile, goto invalid_option; ndots = parse_uint(value, "ndots", MAXNDOTS); break; - case 's': /* nssearch */ - FULLCHECK("nssearch"); - lookup->ns_search_only = state; - if (state) { - lookup->trace_root = ISC_TRUE; - lookup->recurse = ISC_TRUE; - lookup->identify = ISC_TRUE; - lookup->stats = ISC_FALSE; - lookup->comments = ISC_FALSE; - lookup->section_additional = ISC_FALSE; - lookup->section_authority = ISC_FALSE; - lookup->section_question = ISC_FALSE; - lookup->rdtype = dns_rdatatype_ns; - lookup->rdtypeset = ISC_TRUE; - short_form = ISC_TRUE; + case 's': + switch (cmd[2]) { + case 'i': /* nsid */ + FULLCHECK("nsid"); + if (state && lookup->edns == -1) + lookup->edns = 0; + lookup->nsid = state; + break; + case 's': /* nssearch */ + FULLCHECK("nssearch"); + lookup->ns_search_only = state; + if (state) { + lookup->trace_root = ISC_TRUE; + lookup->recurse = ISC_TRUE; + lookup->identify = ISC_TRUE; + lookup->stats = ISC_FALSE; + lookup->comments = ISC_FALSE; + lookup->section_additional = ISC_FALSE; + lookup->section_authority = ISC_FALSE; + lookup->section_question = ISC_FALSE; + lookup->rdtype = dns_rdatatype_ns; + lookup->rdtypeset = ISC_TRUE; + short_form = ISC_TRUE; + } + break; + default: + goto invalid_option; } break; default: goto invalid_option; } break; - case 'q': + case 'q': switch (cmd[1]) { case 'r': /* qr */ FULLCHECK("qr"); @@ -926,28 +962,45 @@ plus_option(char *option, isc_boolean_t is_batchfile, switch (cmd[1]) { case 'e': /* search */ FULLCHECK("search"); - usesearch = state; + if (!lookup->trace) { + usesearch = state; + } break; - case 'h': /* short */ - FULLCHECK("short"); - short_form = state; - if (state) { - printcmd = ISC_FALSE; - lookup->section_additional = ISC_FALSE; - lookup->section_answer = ISC_TRUE; - lookup->section_authority = ISC_FALSE; - lookup->section_question = ISC_FALSE; - lookup->comments = ISC_FALSE; - lookup->stats = ISC_FALSE; + case 'h': + if (cmd[2] != 'o') + goto invalid_option; + switch (cmd[3]) { + case 'r': /* short */ + FULLCHECK("short"); + short_form = state; + if (state) { + printcmd = ISC_FALSE; + lookup->section_additional = ISC_FALSE; + lookup->section_answer = ISC_TRUE; + lookup->section_authority = ISC_FALSE; + lookup->section_question = ISC_FALSE; + lookup->comments = ISC_FALSE; + lookup->stats = ISC_FALSE; + } + break; + case 'w': /* showsearch */ + FULLCHECK("showsearch"); + if (!lookup->trace) { + showsearch = state; + usesearch = state; + } + break; + default: + goto invalid_option; } break; #ifdef DIG_SIGCHASE case 'i': /* sigchase */ - FULLCHECK("sigchase"); + FULLCHECK("sigchase"); lookup->sigchase = state; if (lookup->sigchase) lookup->dnssec = ISC_TRUE; - break; + break; #endif case 't': /* stats */ FULLCHECK("stats"); @@ -975,7 +1028,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, timeout = 1; break; #if DIG_SIGCHASE_TD - case 'o': /* topdown */ + case 'o': /* topdown */ FULLCHECK("topdown"); lookup->do_topdown = state; break; @@ -994,6 +1047,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->section_additional = ISC_FALSE; lookup->section_authority = ISC_TRUE; lookup->section_question = ISC_FALSE; + usesearch = ISC_FALSE; } break; case 'i': /* tries */ @@ -1010,7 +1064,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, #ifdef DIG_SIGCHASE case 'u': /* trusted-key */ FULLCHECK("trusted-key"); - if (value == NULL) + if (value == NULL) goto need_value; if (!state) goto invalid_option; @@ -1047,16 +1101,18 @@ plus_option(char *option, isc_boolean_t is_batchfile, return; } -/* - * ISC_TRUE returned if value was used +/*% + * #ISC_TRUE returned if value was used */ static const char *single_dash_opts = "46dhimnv"; static const char *dash_opts = "46bcdfhikmnptvyx"; static isc_boolean_t dash_option(char *option, char *next, dig_lookup_t **lookup, - isc_boolean_t *open_type_class) + isc_boolean_t *open_type_class, isc_boolean_t *need_clone, + isc_boolean_t config_only, int argc, char **argv, + isc_boolean_t *firstarg) { - char opt, *value, *ptr; + char opt, *value, *ptr, *ptr2, *ptr3; isc_result_t result; isc_boolean_t value_from_next; isc_textregion_t tr; @@ -1142,7 +1198,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, hash = strchr(value, '#'); if (hash != NULL) { srcport = (in_port_t) - parse_uint(hash + 1, + parse_uint(hash + 1, "port number", MAXPORT); *hash = '\0'; } else @@ -1189,6 +1245,26 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, case 'p': port = (in_port_t) parse_uint(value, "port number", MAXPORT); return (value_from_next); + case 'q': + if (!config_only) { + if (*need_clone) + (*lookup) = clone_lookup(default_lookup, + ISC_TRUE); + *need_clone = ISC_TRUE; + strncpy((*lookup)->textname, value, + sizeof((*lookup)->textname)); + (*lookup)->textname[sizeof((*lookup)->textname)-1]=0; + (*lookup)->trace_root = ISC_TF((*lookup)->trace || + (*lookup)->ns_search_only); + (*lookup)->new_search = ISC_TRUE; + if (*firstarg) { + printgreeting(argc, argv, *lookup); + *firstarg = ISC_FALSE; + } + ISC_LIST_APPEND(lookup_list, (*lookup), link); + debug("looking up %s", (*lookup)->textname); + } + return (value_from_next); case 't': *open_type_class = ISC_FALSE; if (strncasecmp(value, "ixfr=", 5) == 0) { @@ -1214,9 +1290,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup)->rdtypeset = ISC_TRUE; (*lookup)->ixfr_serial = parse_uint(&value[5], "serial number", - MAXSERIAL); + MAXSERIAL); (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; + (*lookup)->tcp_mode = ISC_TRUE; } else { (*lookup)->rdtype = rdtype; (*lookup)->rdtypeset = ISC_TRUE; @@ -1232,20 +1309,89 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, value); return (value_from_next); case 'y': - ptr = next_token(&value,":"); + ptr = next_token(&value,":"); /* hmac type or name */ if (ptr == NULL) { usage(); } + ptr2 = next_token(&value, ":"); /* name or secret */ + if (ptr2 == NULL) + usage(); + ptr3 = next_token(&value,":"); /* secret or NULL */ + if (ptr3 != NULL) { + if (strcasecmp(ptr, "hmac-md5") == 0) { + hmacname = DNS_TSIG_HMACMD5_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-md5-", 9) == 0) { + hmacname = DNS_TSIG_HMACMD5_NAME; + digestbits = parse_uint(&ptr[9], + "digest-bits [0..128]", + 128); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha1") == 0) { + hmacname = DNS_TSIG_HMACSHA1_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha1-", 10) == 0) { + hmacname = DNS_TSIG_HMACSHA1_NAME; + digestbits = parse_uint(&ptr[10], + "digest-bits [0..160]", + 160); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha224") == 0) { + hmacname = DNS_TSIG_HMACSHA224_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha224-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA224_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..224]", + 224); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha256") == 0) { + hmacname = DNS_TSIG_HMACSHA256_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha256-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA256_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..256]", + 256); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha384") == 0) { + hmacname = DNS_TSIG_HMACSHA384_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha384-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA384_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..384]", + 384); + digestbits = (digestbits + 7) & ~0x7U; + } else if (strcasecmp(ptr, "hmac-sha512") == 0) { + hmacname = DNS_TSIG_HMACSHA512_NAME; + digestbits = 0; + } else if (strncasecmp(ptr, "hmac-sha512-", 12) == 0) { + hmacname = DNS_TSIG_HMACSHA512_NAME; + digestbits = parse_uint(&ptr[12], + "digest-bits [0..512]", + 512); + digestbits = (digestbits + 7) & ~0x7U; + } else { + fprintf(stderr, ";; Warning, ignoring " + "invalid TSIG algorithm %s\n", ptr); + return (value_from_next); + } + ptr = ptr2; + ptr2 = ptr3; + } else { + hmacname = DNS_TSIG_HMACMD5_NAME; + digestbits = 0; + } strncpy(keynametext, ptr, sizeof(keynametext)); keynametext[sizeof(keynametext)-1]=0; - ptr = next_token(&value, ""); - if (ptr == NULL) - usage(); - strncpy(keysecret, ptr, sizeof(keysecret)); + strncpy(keysecret, ptr2, sizeof(keysecret)); keysecret[sizeof(keysecret)-1]=0; return (value_from_next); case 'x': - *lookup = clone_lookup(default_lookup, ISC_TRUE); + if (*need_clone) + *lookup = clone_lookup(default_lookup, ISC_TRUE); + *need_clone = ISC_TRUE; if (get_reverse(textname, sizeof(textname), value, ip6_int, ISC_FALSE) == ISC_R_SUCCESS) { strncpy((*lookup)->textname, textname, @@ -1259,6 +1405,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, if (!(*lookup)->rdclassset) (*lookup)->rdclass = dns_rdataclass_in; (*lookup)->new_search = ISC_TRUE; + if (*firstarg) { + printgreeting(argc, argv, *lookup); + *firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, *lookup, link); } else { fprintf(stderr, "Invalid IP address %s\n", value); @@ -1273,10 +1423,11 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, return (ISC_FALSE); } -/* +/*% * Because we may be trying to do memory allocation recording, we're going * to need to parse the arguments for the -m *before* we start the main * argument parsing routine. + * * I'd prefer not to have to do this, but I am not quite sure how else to * fix the problem. Argument parsing in dig involves memory allocation * by its nature, so it can't be done in the main argument parser. @@ -1315,7 +1466,7 @@ getaddresses(dig_lookup_t *lookup, const char *host) { char tmp[ISC_NETADDR_FORMATSIZE]; result = bind9_getaddresses(host, 0, sockaddrs, - DIG_MAX_ADDRESSES, &count); + DIG_MAX_ADDRESSES, &count); if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); @@ -1349,6 +1500,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, char rcfile[256]; #endif char *input; + int i; + isc_boolean_t need_clone = ISC_TRUE; /* * The semantics for parsing the args is a bit complex; if @@ -1375,7 +1528,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, if (homedir != NULL) { unsigned int n; n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc", - homedir); + homedir); if (n < sizeof(rcfile)) batchfp = fopen(rcfile, "r"); } @@ -1396,7 +1549,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug(".digrc argv %d: %s", + i, bargv[i]); parse_args(ISC_TRUE, ISC_TRUE, bargc, (char **)bargv); } @@ -1405,7 +1560,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, #endif } - lookup = default_lookup; + if (is_batchfile && !config_only) { + /* Processing '-f batchfile'. */ + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_FALSE; + } else + lookup = default_lookup; rc = argc; rv = argv; @@ -1421,13 +1581,17 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, } else if (rv[0][0] == '-') { if (rc <= 1) { if (dash_option(&rv[0][1], NULL, - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, config_only, + argc, argv, &firstarg)) { rc--; rv++; } } else { if (dash_option(&rv[0][1], rv[1], - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, config_only, + argc, argv, &firstarg)) { rc--; rv++; } @@ -1444,7 +1608,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, tr.base = rv[0]; tr.length = strlen(rv[0]); result = dns_rdatatype_fromtext(&rdtype, - (isc_textregion_t *)&tr); + (isc_textregion_t *)&tr); if (result == ISC_R_SUCCESS && rdtype == dns_rdatatype_ixfr) { result = DNS_R_UNKNOWN; @@ -1465,11 +1629,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup->rdtypeset = ISC_TRUE; lookup->ixfr_serial = parse_uint(&rv[0][5], - "serial number", - MAXSERIAL); + "serial number", + MAXSERIAL); lookup->section_question = plusquest; lookup->comments = pluscomm; + lookup->tcp_mode = ISC_TRUE; } else { lookup->rdtype = rdtype; lookup->rdtypeset = ISC_TRUE; @@ -1495,21 +1660,29 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, continue; } } + if (!config_only) { - lookup = clone_lookup(default_lookup, - ISC_TRUE); - strncpy(lookup->textname, rv[0], + if (need_clone) + lookup = clone_lookup(default_lookup, + ISC_TRUE); + need_clone = ISC_TRUE; + strncpy(lookup->textname, rv[0], sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1]=0; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; + if (firstarg) { + printgreeting(argc, argv, lookup); + firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, lookup, link); debug("looking up %s", lookup->textname); } /* XXX Error message */ } } + /* * If we have a batchfile, seed the lookup list with the * first entry, then trust the callback in dighost_shutdown @@ -1544,15 +1717,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); + return; } + return; } /* * If no lookup specified, search for root */ if ((lookup_list.head == NULL) && !config_only) { - lookup = clone_lookup(default_lookup, ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_TRUE; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; @@ -1564,10 +1742,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, firstarg = ISC_FALSE; } ISC_LIST_APPEND(lookup_list, lookup, link); - } else if (!config_only && firstarg) { - printgreeting(argc, argv, lookup); - firstarg = ISC_FALSE; } + if (!need_clone) + destroy_lookup(lookup); } /* @@ -1581,7 +1758,7 @@ dighost_shutdown(void) { int bargc; char *bargv[16]; char *input; - + int i; if (batchname == NULL) { isc_app_shutdown(); @@ -1609,7 +1786,8 @@ dighost_shutdown(void) { bargv[0] = argv0; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); start_lookup(); } else { @@ -1621,10 +1799,10 @@ dighost_shutdown(void) { } } +/*% Main processing routine for dig */ int main(int argc, char **argv) { isc_result_t result; - dig_server_t *s, *s2; ISC_LIST_INIT(lookup_list); ISC_LIST_INIT(server_list); @@ -1645,16 +1823,7 @@ main(int argc, char **argv) { result = isc_app_onrun(mctx, global_task, onrun_callback, NULL); check_result(result, "isc_app_onrun"); isc_app_run(); - s = ISC_LIST_HEAD(default_lookup->my_server_list); - while (s != NULL) { - debug("freeing server %p belonging to %p", - s, default_lookup); - s2 = s; - s = ISC_LIST_NEXT(s, link); - ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link); - isc_mem_free(mctx, s2); - } - isc_mem_free(mctx, default_lookup); + destroy_lookup(default_lookup); if (batchname != NULL) { if (batchfp != stdin) fclose(batchfp); diff --git a/contrib/bind-9.5.2/bin/dig/dig.html b/contrib/bind-9.5.2/bin/dig/dig.html new file mode 100644 index 0000000000..13e1010541 --- /dev/null +++ b/contrib/bind-9.5.2/bin/dig/dig.html @@ -0,0 +1,639 @@ + + + + + +dig + + +
+
+
+

Name

+

dig — DNS lookup utility

+
+
+

Synopsis

+

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]

+

dig [-h]

+

dig [global-queryopt...] [query...]

+
+
+

DESCRIPTION

+

dig + (domain information groper) is a flexible tool + for interrogating DNS name servers. It performs DNS lookups and + displays the answers that are returned from the name server(s) that + were queried. Most DNS administrators use dig to + troubleshoot DNS problems because of its flexibility, ease of use and + clarity of output. Other lookup tools tend to have less functionality + than dig. +

+

+ Although dig is normally used with + command-line + arguments, it also has a batch mode of operation for reading lookup + requests from a file. A brief summary of its command-line arguments + and options is printed when the -h option is given. + Unlike earlier versions, the BIND 9 implementation of + dig allows multiple lookups to be issued + from the + command line. +

+

+ Unless it is told to query a specific name server, + dig will try each of the servers listed + in + /etc/resolv.conf. +

+

+ When no command line arguments or options are given, + dig will perform an NS query for "." (the root). +

+

+ It is possible to set per-user defaults for dig via + ${HOME}/.digrc. This file is read and + any options in it + are applied before the command line arguments. +

+

+ The IN and CH class names overlap with the IN and CH top level + domains names. Either use the -t and + -c options to specify the type and class, + use the -q the specify the domain name, or + use "IN." and "CH." when looking up these top level domains. +

+
+
+

SIMPLE USAGE

+

+ A typical invocation of dig looks like: +

+
 dig @server name type
+

+ where: + +

+
+
server
+

+ is the name or IP address of the name server to query. This can + be an IPv4 + address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + server argument is a + hostname, + dig resolves that name before + querying that name + server. If no server + argument is provided, + dig consults /etc/resolv.conf + and queries the name servers listed there. The reply from the + name + server that responds is displayed. +

+
name
+

+ is the name of the resource record that is to be looked up. +

+
type
+

+ indicates what type of query is required — + ANY, A, MX, SIG, etc. + type can be any valid query + type. If no + type argument is supplied, + dig will perform a lookup for an + A record. +

+
+

+

+
+
+

OPTIONS

+

+ The -b option sets the source IP address of the query + to address. This must be a valid + address on + one of the host's network interfaces or "0.0.0.0" or "::". An optional + port + may be specified by appending "#<port>" +

+

+ The default query class (IN for internet) is overridden by the + -c option. class is + any valid + class, such as HS for Hesiod records or CH for Chaosnet records. +

+

+ The -f option makes dig + operate + in batch mode by reading a list of lookup requests to process from the + file filename. The file contains a + number of + queries, one per line. Each entry in the file should be organized in + the same way they would be presented as queries to + dig using the command-line interface. +

+

+ The -m option enables memory usage debugging. + +

+

+ If a non-standard port number is to be queried, the + -p option is used. port# is + the port number that dig will send its + queries + instead of the standard DNS port number 53. This option would be used + to test a name server that has been configured to listen for queries + on a non-standard port number. +

+

+ The -4 option forces dig + to only + use IPv4 query transport. The -6 option forces + dig to only use IPv6 query transport. +

+

+ The -t option sets the query type to + type. It can be any valid query type + which is + supported in BIND 9. The default query type is "A", unless the + -x option is supplied to indicate a reverse lookup. + A zone transfer can be requested by specifying a type of AXFR. When + an incremental zone transfer (IXFR) is required, + type is set to ixfr=N. + The incremental zone transfer will contain the changes made to the zone + since the serial number in the zone's SOA record was + N. +

+

+ The -q option sets the query name to + name. This useful do distinguish the + name from other arguments. +

+

+ Reverse lookups — mapping addresses to names — are simplified by the + -x option. addr is + an IPv4 + address in dotted-decimal notation, or a colon-delimited IPv6 address. + When this option is used, there is no need to provide the + name, class and + type arguments. dig + automatically performs a lookup for a name like + 11.12.13.10.in-addr.arpa and sets the + query type and + class to PTR and IN respectively. By default, IPv6 addresses are + looked up using nibble format under the IP6.ARPA domain. + To use the older RFC1886 method using the IP6.INT domain + specify the -i option. Bit string labels (RFC2874) + are now experimental and are not attempted. +

+

+ To sign the DNS queries sent by dig and + their + responses using transaction signatures (TSIG), specify a TSIG key file + using the -k option. You can also specify the TSIG + key itself on the command line using the -y option; + hmac is the type of the TSIG, default HMAC-MD5, + name is the name of the TSIG key and + key is the actual key. The key is a + base-64 + encoded string, typically generated by + dnssec-keygen(8). + + Caution should be taken when using the -y option on + multi-user systems as the key can be visible in the output from + ps(1) + or in the shell's history file. When + using TSIG authentication with dig, the name + server that is queried needs to know the key and algorithm that is + being used. In BIND, this is done by providing appropriate + key and server statements in + named.conf. +

+
+
+

QUERY OPTIONS

+

dig + provides a number of query options which affect + the way in which lookups are made and the results displayed. Some of + these set or reset flag bits in the query header, some determine which + sections of the answer get printed, and others determine the timeout + and retry strategies. +

+

+ Each query option is identified by a keyword preceded by a plus sign + (+). Some keywords set or reset an + option. These may be preceded + by the string no to negate the meaning of + that keyword. Other + keywords assign values to options like the timeout interval. They + have the form +keyword=value. + The query options are: + +

+
+
+[no]tcp
+

+ Use [do not use] TCP when querying name servers. The default + behavior is to use UDP unless an AXFR or IXFR query is + requested, in + which case a TCP connection is used. +

+
+[no]vc
+

+ Use [do not use] TCP when querying name servers. This alternate + syntax to +[no]tcp is + provided for backwards + compatibility. The "vc" stands for "virtual circuit". +

+
+[no]ignore
+

+ Ignore truncation in UDP responses instead of retrying with TCP. + By + default, TCP retries are performed. +

+
+domain=somename
+

+ Set the search list to contain the single domain + somename, as if specified in + a + domain directive in + /etc/resolv.conf, and enable + search list + processing as if the +search + option were given. +

+
+[no]search
+

+ Use [do not use] the search list defined by the searchlist or + domain + directive in resolv.conf (if + any). + The search list is not used by default. +

+
+[no]showsearch
+

+ Perform [do not perform] a search showing intermediate + results. +

+
+[no]defname
+

+ Deprecated, treated as a synonym for +[no]search +

+
+[no]aaonly
+

+ Sets the "aa" flag in the query. +

+
+[no]aaflag
+

+ A synonym for +[no]aaonly. +

+
+[no]adflag
+

+ Set [do not set] the AD (authentic data) bit in the + query. This requests the server to return whether + all of the answer and authority sections have all + been validated as secure according to the security + policy of the server. AD=1 indicates that all records + have been validated as secure and the answer is not + from a OPT-OUT range. AD=0 indicate that some part + of the answer was insecure or not validated. +

+
+[no]cdflag
+

+ Set [do not set] the CD (checking disabled) bit in the query. + This + requests the server to not perform DNSSEC validation of + responses. +

+
+[no]cl
+

+ Display [do not display] the CLASS when printing the record. +

+
+[no]ttlid
+

+ Display [do not display] the TTL when printing the record. +

+
+[no]recurse
+

+ Toggle the setting of the RD (recursion desired) bit in the + query. + This bit is set by default, which means dig + normally sends recursive queries. Recursion is automatically + disabled + when the +nssearch or + +trace query options are + used. +

+
+[no]nssearch
+

+ When this option is set, dig + attempts to find the + authoritative name servers for the zone containing the name + being + looked up and display the SOA record that each name server has + for the + zone. +

+
+[no]trace
+

+ Toggle tracing of the delegation path from the root name servers + for + the name being looked up. Tracing is disabled by default. When + tracing is enabled, dig makes + iterative queries to + resolve the name being looked up. It will follow referrals from + the + root servers, showing the answer from each server that was used + to + resolve the lookup. +

+
+[no]cmd
+

+ Toggles the printing of the initial comment in the output + identifying + the version of dig and the query + options that have + been applied. This comment is printed by default. +

+
+[no]short
+

+ Provide a terse answer. The default is to print the answer in a + verbose form. +

+
+[no]identify
+

+ Show [or do not show] the IP address and port number that + supplied the + answer when the +short option + is enabled. If + short form answers are requested, the default is not to show the + source address and port number of the server that provided the + answer. +

+
+[no]comments
+

+ Toggle the display of comment lines in the output. The default + is to + print comments. +

+
+[no]stats
+

+ This query option toggles the printing of statistics: when the + query + was made, the size of the reply and so on. The default + behavior is + to print the query statistics. +

+
+[no]qr
+

+ Print [do not print] the query as it is sent. + By default, the query is not printed. +

+
+[no]question
+

+ Print [do not print] the question section of a query when an + answer is + returned. The default is to print the question section as a + comment. +

+
+[no]answer
+

+ Display [do not display] the answer section of a reply. The + default + is to display it. +

+
+[no]authority
+

+ Display [do not display] the authority section of a reply. The + default is to display it. +

+
+[no]additional
+

+ Display [do not display] the additional section of a reply. + The default is to display it. +

+
+[no]all
+

+ Set or clear all display flags. +

+
+time=T
+

+ + Sets the timeout for a query to + T seconds. The default + timeout is 5 seconds. + An attempt to set T to less + than 1 will result + in a query timeout of 1 second being applied. +

+
+tries=T
+

+ Sets the number of times to try UDP queries to server to + T instead of the default, 3. + If + T is less than or equal to + zero, the number of + tries is silently rounded up to 1. +

+
+retry=T
+

+ Sets the number of times to retry UDP queries to server to + T instead of the default, 2. + Unlike + +tries, this does not include + the initial + query. +

+
+ndots=D
+

+ Set the number of dots that have to appear in + name to D for it to be + considered absolute. The default value is that defined using + the + ndots statement in /etc/resolv.conf, or 1 if no + ndots statement is present. Names with fewer dots are + interpreted as + relative names and will be searched for in the domains listed in + the + search or domain directive in + /etc/resolv.conf. +

+
+bufsize=B
+

+ Set the UDP message buffer size advertised using EDNS0 to + B bytes. The maximum and minimum sizes + of this buffer are 65535 and 0 respectively. Values outside + this range are rounded up or down appropriately. + Values other than zero will cause a EDNS query to be sent. +

+
+edns=#
+

+ Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause a + EDNS query to be sent. +noedns clears the + remembered EDNS version. +

+
+[no]multiline
+

+ Print records like the SOA records in a verbose multi-line + format with human-readable comments. The default is to print + each record on a single line, to facilitate machine parsing + of the dig output. +

+
+[no]fail
+

+ Do not try the next server if you receive a SERVFAIL. The + default is + to not try the next server which is the reverse of normal stub + resolver + behavior. +

+
+[no]besteffort
+

+ Attempt to display the contents of messages which are malformed. + The default is to not display malformed answers. +

+
+[no]dnssec
+

+ Requests DNSSEC records be sent by setting the DNSSEC OK bit + (DO) + in the OPT record in the additional section of the query. +

+
+[no]sigchase
+

+ Chase DNSSEC signature chains. Requires dig be compiled with + -DDIG_SIGCHASE. +

+
+trusted-key=####
+
+

+ Specifies a file containing trusted keys to be used with + +sigchase. Each DNSKEY record must be + on its own line. +

+

+ If not specified, dig will look for + /etc/trusted-key.key then + trusted-key.key in the current directory. +

+

+ Requires dig be compiled with -DDIG_SIGCHASE. +

+
+
+[no]topdown
+

+ When chasing DNSSEC signature chains perform a top-down + validation. + Requires dig be compiled with -DDIG_SIGCHASE. +

+
+[no]nsid
+

+ Include an EDNS name server ID request when sending a query. +

+
+

+ +

+
+
+

MULTIPLE QUERIES

+

+ The BIND 9 implementation of dig + supports + specifying multiple queries on the command line (in addition to + supporting the -f batch file option). Each of those + queries can be supplied with its own set of flags, options and query + options. +

+

+ In this case, each query argument + represent an + individual query in the command-line syntax described above. Each + consists of any of the standard options and flags, the name to be + looked up, an optional query type and class and any query options that + should be applied to that query. +

+

+ A global set of query options, which should be applied to all queries, + can also be supplied. These global query options must precede the + first tuple of name, class, type, options, flags, and query options + supplied on the command line. Any global query options (except + the +[no]cmd option) can be + overridden by a query-specific set of query options. For example: +

+
+dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
+
+

+ shows how dig could be used from the + command line + to make three lookups: an ANY query for www.isc.org, a + reverse lookup of 127.0.0.1 and a query for the NS records of + isc.org. + + A global query option of +qr is + applied, so + that dig shows the initial query it made + for each + lookup. The final query has a local query option of + +noqr which means that dig + will not print the initial query when it looks up the NS records for + isc.org. +

+
+
+

IDN SUPPORT

+

+ If dig has been built with IDN (internationalized + domain name) support, it can accept and display non-ASCII domain names. + dig appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. + If you'd like to turn off the IDN support for some reason, defines + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + dig runs. +

+
+
+

FILES

+

/etc/resolv.conf +

+

${HOME}/.digrc +

+
+
+

SEE ALSO

+

host(1), + named(8), + dnssec-keygen(8), + RFC1035. +

+
+
+

BUGS

+

+ There are probably too many query options. +

+
+
+ diff --git a/contrib/bind-9.3/bin/dig/dighost.c b/contrib/bind-9.5.2/bin/dig/dighost.c similarity index 88% rename from contrib/bind-9.3/bin/dig/dighost.c rename to contrib/bind-9.5.2/bin/dig/dighost.c index 398711d4f1..09c2cdafdd 100644 --- a/contrib/bind-9.3/bin/dig/dighost.c +++ b/contrib/bind-9.5.2/bin/dig/dighost.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */ +/* $Id: dighost.c,v 1.304.12.16 2009/06/24 03:42:32 marka Exp $ */ -/* +/*! \file + * \note * Notice to programmers: Do not use this code as an example of how to * use the ISC library to perform DNS lookups. Dig and Host both operate * on the request level, since they allow fine-tuning of output and are @@ -32,6 +33,17 @@ #include #include +#ifdef HAVE_LOCALE_H +#include +#endif + +#ifdef WITH_IDN +#include +#include +#include +#include +#endif + #include #ifdef DIG_SIGCHASE #include @@ -95,16 +107,19 @@ dig_serverlist_t server_list; dig_searchlistlist_t search_list; isc_boolean_t + check_ra = ISC_FALSE, have_ipv4 = ISC_FALSE, have_ipv6 = ISC_FALSE, specified_source = ISC_FALSE, free_now = ISC_FALSE, cancel_now = ISC_FALSE, usesearch = ISC_FALSE, + showsearch = ISC_FALSE, qr = ISC_FALSE, is_dst_up = ISC_FALSE; in_port_t port = 53; unsigned int timeout = 0; +unsigned int extrabytes; isc_mem_t *mctx = NULL; isc_taskmgr_t *taskmgr = NULL; isc_task_t *global_task = NULL; @@ -119,20 +134,36 @@ int ndots = -1; int tries = 3; int lookup_counter = 0; -/* +#ifdef WITH_IDN +static void initialize_idn(void); +static isc_result_t output_filter(isc_buffer_t *buffer, + unsigned int used_org, + isc_boolean_t absolute); +static idn_result_t append_textname(char *name, const char *origin, + size_t namesize); +static void idn_check_result(idn_result_t r, const char *msg); + +#define MAXDLEN 256 +int idnoptions = 0; +#endif + +/*% * Exit Codes: - * 0 Everything went well, including things like NXDOMAIN - * 1 Usage error - * 7 Got too many RR's or Names - * 8 Couldn't open batch file - * 9 No reply from server - * 10 Internal error + * + *\li 0 Everything went well, including things like NXDOMAIN + *\li 1 Usage error + *\li 7 Got too many RR's or Names + *\li 8 Couldn't open batch file + *\li 9 No reply from server + *\li 10 Internal error */ int exitcode = 0; int fatalexit = 0; char keynametext[MXNAME]; char keyfile[MXNAME] = ""; char keysecret[MXNAME] = ""; +dns_name_t *hmacname = NULL; +unsigned int digestbits = 0; isc_buffer_t *namebuf = NULL; dns_tsigkey_t *key = NULL; isc_boolean_t validated = ISC_TRUE; @@ -293,7 +324,7 @@ struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0}; #define DIG_MAX_ADDRESSES 20 -/* +/*% * Apply and clear locks at the event level in global task. * Can I get rid of these using shutdown events? XXX */ @@ -377,7 +408,7 @@ hex_dump(isc_buffer_t *b) { printf("\n"); } -/* +/*% * Append 'len' bytes of 'text' at '*p', failing with * ISC_R_NOSPACE if that would advance p past 'end'. */ @@ -462,6 +493,7 @@ void fatal(const char *format, ...) { va_list args; + fflush(stdout); fprintf(stderr, "%s: ", progname); va_start(args, format); vfprintf(stderr, format, args); @@ -479,6 +511,7 @@ debug(const char *format, ...) { va_list args; if (debugging) { + fflush(stdout); va_start(args, format); vfprintf(stderr, format, args); va_end(args); @@ -493,7 +526,7 @@ check_result(isc_result_t result, const char *msg) { } } -/* +/*% * Create a server structure, which is part of the lookup structure. * This is little more than a linked list of servers to query in hopes * of finding the answer the user is looking for @@ -535,7 +568,7 @@ addr2af(int lwresaddrtype) return (af); } -/* +/*% * Create a copy of the server list from the lwres configuration structure. * The dest list must have already had ISC_LIST_INIT applied. */ @@ -550,6 +583,11 @@ copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) { for (i = 0; i < confdata->nsnext; i++) { af = addr2af(confdata->nameservers[i].family); + if (af == AF_INET && !have_ipv4) + continue; + if (af == AF_INET6 && !have_ipv6) + continue; + lwres_net_ntop(af, confdata->nameservers[i].address, tmp, sizeof(tmp)); newsrv = make_server(tmp, tmp); @@ -591,7 +629,7 @@ set_nameserver(char *opt) { opt, isc_result_totext(result)); flush_server_list(); - + for (i = 0; i < count; i++) { isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]); isc_netaddr_format(&netaddr, tmp, sizeof(tmp)); @@ -630,7 +668,7 @@ add_nameserver(lwres_conf_t *confdata, const char *addr, int af) { return (ISC_R_FAILURE); } -/* +/*% * Produce a cloned server list. The dest list must have already had * ISC_LIST_INIT applied. */ @@ -648,7 +686,7 @@ clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) { } } -/* +/*% * Create an empty lookup structure, which holds all the information needed * to get an answer to a user's question. This structure contains two * linked lists: the server list (servers to query) and the query list @@ -691,6 +729,7 @@ make_empty_lookup(void) { looknew->servfail_stops = ISC_TRUE; looknew->besteffort = ISC_TRUE; looknew->dnssec = ISC_FALSE; + looknew->nsid = ISC_FALSE; #ifdef DIG_SIGCHASE looknew->sigchase = ISC_FALSE; #if DIG_SIGCHASE_TD @@ -704,6 +743,7 @@ make_empty_lookup(void) { #endif #endif looknew->udpsize = 0; + looknew->edns = -1; looknew->recurse = ISC_TRUE; looknew->aaonly = ISC_FALSE; looknew->adflag = ISC_FALSE; @@ -723,18 +763,20 @@ make_empty_lookup(void) { looknew->section_authority = ISC_TRUE; looknew->section_additional = ISC_TRUE; looknew->new_search = ISC_FALSE; + looknew->done_as_is = ISC_FALSE; + looknew->need_search = ISC_FALSE; ISC_LINK_INIT(looknew, link); ISC_LIST_INIT(looknew->q); ISC_LIST_INIT(looknew->my_server_list); return (looknew); } -/* +/*% * Clone a lookup, perhaps copying the server list. This does not clone * the query list, since it will be regenerated by the setup_lookup() * function, nor does it queue up the new lookup for processing. * Caution: If you don't clone the servers, you MUST clone the server - * list seperately from somewhere else, or construct it by hand. + * list separately from somewhere else, or construct it by hand. */ dig_lookup_t * clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { @@ -767,6 +809,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->servfail_stops = lookold->servfail_stops; looknew->besteffort = lookold->besteffort; looknew->dnssec = lookold->dnssec; + looknew->nsid = lookold->nsid; #ifdef DIG_SIGCHASE looknew->sigchase = lookold->sigchase; #if DIG_SIGCHASE_TD @@ -780,6 +823,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { #endif #endif looknew->udpsize = lookold->udpsize; + looknew->edns = lookold->edns; looknew->recurse = lookold->recurse; looknew->aaonly = lookold->aaonly; looknew->adflag = lookold->adflag; @@ -794,6 +838,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->section_additional = lookold->section_additional; looknew->retries = lookold->retries; looknew->tsigctx = NULL; + looknew->need_search = lookold->need_search; + looknew->done_as_is = lookold->done_as_is; if (servers) clone_server_list(lookold->my_server_list, @@ -801,7 +847,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { return (looknew); } -/* +/*% * Requeue a lookup for further processing, perhaps copying the server * list. The new lookup structure is returned to the caller, and is * queued for processing. If servers are not cloned in the requeue, they @@ -854,7 +900,7 @@ setup_text_key(void) { result = isc_base64_decodestring(keysecret, &secretbuf); if (result != ISC_R_SUCCESS) goto failure; - + secretsize = isc_buffer_usedlength(&secretbuf); result = dns_name_fromtext(&keyname, namebuf, @@ -863,14 +909,15 @@ setup_text_key(void) { if (result != ISC_R_SUCCESS) goto failure; - result = dns_tsigkey_create(&keyname, dns_tsig_hmacmd5_name, - secretstore, secretsize, - ISC_FALSE, NULL, 0, 0, mctx, + result = dns_tsigkey_create(&keyname, hmacname, secretstore, + secretsize, ISC_FALSE, NULL, 0, 0, mctx, NULL, &key); failure: if (result != ISC_R_SUCCESS) printf(";; Couldn't create key %s: %s\n", keynametext, isc_result_totext(result)); + else + dst_key_setbits(key->key, digestbits); isc_mem_free(mctx, secretstore); dns_name_invalidate(&keyname); @@ -891,8 +938,31 @@ setup_file_key(void) { goto failure; } - result = dns_tsigkey_createfromkey(dst_key_name(dstkey), - dns_tsig_hmacmd5_name, + switch (dst_key_alg(dstkey)) { + case DST_ALG_HMACMD5: + hmacname = DNS_TSIG_HMACMD5_NAME; + break; + case DST_ALG_HMACSHA1: + hmacname = DNS_TSIG_HMACSHA1_NAME; + break; + case DST_ALG_HMACSHA224: + hmacname = DNS_TSIG_HMACSHA224_NAME; + break; + case DST_ALG_HMACSHA256: + hmacname = DNS_TSIG_HMACSHA256_NAME; + break; + case DST_ALG_HMACSHA384: + hmacname = DNS_TSIG_HMACSHA384_NAME; + break; + case DST_ALG_HMACSHA512: + hmacname = DNS_TSIG_HMACSHA512_NAME; + break; + default: + printf(";; Couldn't create key %s: bad algorithm\n", + keynametext); + goto failure; + } + result = dns_tsigkey_createfromkey(dst_key_name(dstkey), hmacname, dstkey, ISC_FALSE, NULL, 0, 0, mctx, NULL, &key); if (result != ISC_R_SUCCESS) { @@ -933,7 +1003,7 @@ create_search_list(lwres_conf_t *confdata) { } } -/* +/*% * Setup the system as a whole, reading key information and resolv.conf * settings. */ @@ -941,10 +1011,18 @@ void setup_system(void) { dig_searchlist_t *domain = NULL; lwres_result_t lwresult; + unsigned int lwresflags; debug("setup_system()"); - lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free, 1); + lwresflags = LWRES_CONTEXT_SERVERMODE; + if (have_ipv4) + lwresflags |= LWRES_CONTEXT_USEIPV4; + if (have_ipv6) + lwresflags |= LWRES_CONTEXT_USEIPV6; + + lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free, + lwresflags); if (lwresult != LWRES_R_SUCCESS) fatal("lwres_context_create failed"); @@ -964,14 +1042,18 @@ setup_system(void) { domain = NULL; } } - + if (ndots == -1) { ndots = lwconf->ndots; debug("ndots is %d.", ndots); } + /* If user doesn't specify server use nameservers from resolv.conf. */ + if (ISC_LIST_EMPTY(server_list)) + copy_server_list(lwconf, &server_list); + /* If we don't find a nameserver fall back to localhost */ - if (lwconf->nsnext == 0) { + if (ISC_LIST_EMPTY(server_list)) { if (have_ipv4) { lwresult = add_nameserver(lwconf, "127.0.0.1", AF_INET); if (lwresult != ISC_R_SUCCESS) @@ -982,10 +1064,13 @@ setup_system(void) { if (lwresult != ISC_R_SUCCESS) fatal("add_nameserver failed"); } - } - if (ISC_LIST_EMPTY(server_list)) copy_server_list(lwconf, &server_list); + } + +#ifdef WITH_IDN + initialize_idn(); +#endif if (keyfile[0] != 0) setup_file_key(); @@ -1017,19 +1102,19 @@ clear_searchlist(void) { } } -/* +/*% * Override the search list derived from resolv.conf by 'domain'. */ void set_search_domain(char *domain) { dig_searchlist_t *search; - + clear_searchlist(); search = make_searchlist_entry(domain); ISC_LIST_APPEND(search_list, search, link); } -/* +/*% * Setup the ISC and DNS libraries for use by the system. */ void @@ -1086,12 +1171,14 @@ setup_libs(void) { dns_result_register(); } -/* +/*% * Add EDNS0 option record to a message. Currently, the only supported - * options are UDP buffer size and the DO bit. + * options are UDP buffer size, the DO bit, and NSID request. */ static void -add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) { +add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns, + isc_boolean_t dnssec, isc_boolean_t nsid) +{ dns_rdataset_t *rdataset = NULL; dns_rdatalist_t *rdatalist = NULL; dns_rdata_t *rdata = NULL; @@ -1110,11 +1197,22 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) { rdatalist->type = dns_rdatatype_opt; rdatalist->covers = 0; rdatalist->rdclass = udpsize; - rdatalist->ttl = 0; + rdatalist->ttl = edns << 16; if (dnssec) - rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; - rdata->data = NULL; - rdata->length = 0; + rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; + if (nsid) { + unsigned char data[4]; + isc_buffer_t buf; + + isc_buffer_init(&buf, data, sizeof(data)); + isc_buffer_putuint16(&buf, DNS_OPT_NSID); + isc_buffer_putuint16(&buf, 0); + rdata->data = data; + rdata->length = sizeof(data); + } else { + rdata->data = NULL; + rdata->length = 0; + } ISC_LIST_INIT(rdatalist->rdata); ISC_LIST_APPEND(rdatalist->rdata, rdata, link); dns_rdatalist_tordataset(rdatalist, rdataset); @@ -1122,7 +1220,7 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec) { check_result(result, "dns_message_setopt"); } -/* +/*% * Add a question section to a message, asking for the specified name, * type, and class. */ @@ -1142,7 +1240,7 @@ add_question(dns_message_t *message, dns_name_t *name, ISC_LIST_APPEND(name->list, rdataset, link); } -/* +/*% * Check if we're done with all the queued lookups, which is true iff * all sockets, sends, and recvs are accounted for (counters == 0), * and the lookup list is empty. @@ -1163,7 +1261,7 @@ check_if_done(void) { } } -/* +/*% * Clear out a query when we're done with it. WARNING: This routine * WILL invalidate the query pointer. */ @@ -1202,16 +1300,14 @@ clear_query(dig_query_t *query) { isc_mem_free(mctx, query); } -/* +/*% * Try and clear out a lookup if we're done with it. Return ISC_TRUE if * the lookup was successfully cleared. If ISC_TRUE is returned, the * lookup pointer has been invalidated. */ static isc_boolean_t try_clear_lookup(dig_lookup_t *lookup) { - dig_server_t *s; dig_query_t *q; - void *ptr; REQUIRE(lookup != NULL); @@ -1232,7 +1328,16 @@ try_clear_lookup(dig_lookup_t *lookup) { * At this point, we know there are no queries on the lookup, * so can make it go away also. */ - debug("cleared"); + destroy_lookup(lookup); + return (ISC_TRUE); +} + +void +destroy_lookup(dig_lookup_t *lookup) { + dig_server_t *s; + void *ptr; + + debug("destroy"); s = ISC_LIST_HEAD(lookup->my_server_list); while (s != NULL) { debug("freeing server %p belonging to %p", s, lookup); @@ -1257,10 +1362,9 @@ try_clear_lookup(dig_lookup_t *lookup) { dst_context_destroy(&lookup->tsigctx); isc_mem_free(mctx, lookup); - return (ISC_TRUE); } -/* +/*% * If we can, start the next lookup in the queue running. * This assumes that the lookup on the head of the queue hasn't been * started yet. It also removes the lookup from the head of the queue, @@ -1312,7 +1416,7 @@ start_lookup(void) { key_name) == ISC_TRUE) trustedkey = tk_list.key[i]; /* - * Verifier que la temp est bien la plus basse + * Verify temp is really the lowest * WARNING */ } @@ -1336,7 +1440,7 @@ start_lookup(void) { current_lookup->qrdtype_sigchase = current_lookup->qrdtype; current_lookup->qrdtype = dns_rdatatype_ns; - + current_lookup->rdclass_sigchase = current_lookup->rdclass; current_lookup->rdclass_sigchaseset @@ -1373,7 +1477,7 @@ start_lookup(void) { } } -/* +/*% * If we can, clear the current lookup and start the next one running. * This calls try_clear_lookup, so may invalidate the lookup pointer. */ @@ -1394,7 +1498,7 @@ check_next_lookup(dig_lookup_t *lookup) { } } -/* +/*% * Create and queue a new lookup as a followup to the current lookup, * based on the supplied message and section. This is used in trace and * name server search modes to start a new lookup using servers from @@ -1411,11 +1515,13 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) isc_result_t result; isc_boolean_t success = ISC_FALSE; int numLookups = 0; + dns_name_t *domain; + isc_boolean_t horizontal = ISC_FALSE, bad = ISC_FALSE; INSIST(!free_now); debug("following up %s", query->lookup->textname); - + for (result = dns_message_firstname(msg, section); result == ISC_R_SUCCESS; result = dns_message_nextname(msg, section)) { @@ -1437,6 +1543,26 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) debug("found NS set"); + if (query->lookup->trace && !query->lookup->trace_root) { + dns_namereln_t namereln; + unsigned int nlabels; + int order; + + domain = dns_fixedname_name(&query->lookup->fdomain); + namereln = dns_name_fullcompare(name, domain, + &order, &nlabels); + if (namereln == dns_namereln_equal) { + if (!horizontal) + printf(";; BAD (HORIZONTAL) REFERRAL\n"); + horizontal = ISC_TRUE; + } else if (namereln != dns_namereln_subdomain) { + if (!bad) + printf(";; BAD REFERRAL\n"); + bad = ISC_TRUE; + continue; + } + } + for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) { @@ -1450,7 +1576,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) dns_rdataset_current(rdataset, &rdata); query->lookup->nsfound++; - (void)dns_rdata_tostruct(&rdata, &ns, NULL); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + check_result(result, "dns_rdata_tostruct"); dns_name_format(&ns.name, namestr, sizeof(namestr)); dns_rdata_freestruct(&ns); @@ -1474,6 +1601,9 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) lookup->trace_root = ISC_FALSE; if (lookup->ns_search_only) lookup->recurse = ISC_FALSE; + dns_fixedname_init(&lookup->fdomain); + domain = dns_fixedname_name(&lookup->fdomain); + dns_name_copy(name, domain, NULL); } srv = make_server(namestr, namestr); debug("adding server %s", srv->servername); @@ -1487,10 +1617,32 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) (query->lookup->trace || query->lookup->ns_search_only)) return (followup_lookup(msg, query, DNS_SECTION_AUTHORITY)); - return numLookups; + /* + * Randomize the order the nameserver will be tried. + */ + if (numLookups > 1) { + isc_uint32_t i, j; + dig_serverlist_t my_server_list; + + ISC_LIST_INIT(my_server_list); + + for (i = numLookups; i > 0; i--) { + isc_random_get(&j); + j %= i; + srv = ISC_LIST_HEAD(lookup->my_server_list); + while (j-- > 0) + srv = ISC_LIST_NEXT(srv, link); + ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link); + ISC_LIST_APPEND(my_server_list, srv, link); + } + ISC_LIST_APPENDLIST(lookup->my_server_list, + my_server_list, link); + } + + return (numLookups); } -/* +/*% * Create and queue a new lookup using the next origin from the search * list, read in setup_system(). * @@ -1499,6 +1651,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) static isc_boolean_t next_origin(dns_message_t *msg, dig_query_t *query) { dig_lookup_t *lookup; + dig_searchlist_t *search; UNUSED(msg); @@ -1513,18 +1666,27 @@ next_origin(dns_message_t *msg, dig_query_t *query) { * about finding the next entry. */ return (ISC_FALSE); - if (query->lookup->origin == NULL) + if (query->lookup->origin == NULL && !query->lookup->need_search) /* * Then we just did rootorg; there's nothing left. */ return (ISC_FALSE); - lookup = requeue_lookup(query->lookup, ISC_TRUE); - lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link); + if (query->lookup->origin == NULL && query->lookup->need_search) { + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } else { + search = ISC_LIST_NEXT(query->lookup->origin, link); + if (search == NULL && query->lookup->done_as_is) + return (ISC_FALSE); + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = search; + } cancel_lookup(query->lookup); return (ISC_TRUE); } -/* +/*% * Insert an SOA record into the sendmessage in a lookup. Used for * creating IXFR queries. */ @@ -1590,7 +1752,7 @@ insert_soa(dig_lookup_t *lookup) { dns_message_addname(lookup->sendmsg, soaname, DNS_SECTION_AUTHORITY); } -/* +/*% * Setup the supplied lookup structure, making it ready to start sending * queries to servers. Create and initialize the message to be sent as * well as the query structures and buffer space for the replies. If the @@ -1606,6 +1768,15 @@ setup_lookup(dig_lookup_t *lookup) { isc_buffer_t b; dns_compress_t cctx; char store[MXNAME]; +#ifdef WITH_IDN + idn_result_t mr; + char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; +#endif + +#ifdef WITH_IDN + result = dns_name_settotextfilter(output_filter); + check_result(result, "dns_name_settotextfilter"); +#endif REQUIRE(lookup != NULL); INSIST(!free_now); @@ -1634,6 +1805,17 @@ setup_lookup(dig_lookup_t *lookup) { isc_buffer_init(&lookup->onamebuf, lookup->onamespace, sizeof(lookup->onamespace)); +#ifdef WITH_IDN + /* + * We cannot convert `textname' and `origin' separately. + * `textname' doesn't contain TLD, but local mapping needs + * TLD. + */ + mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, + utf8_textname, sizeof(utf8_textname)); + idn_check_result(mr, "convert textname to UTF-8"); +#endif + /* * If the name has too many dots, force the origin to be NULL * (which produces an absolute lookup). Otherwise, take the origin @@ -1641,12 +1823,43 @@ setup_lookup(dig_lookup_t *lookup) { * take the first entry in the searchlist iff either usesearch * is TRUE or we got a domain line in the resolv.conf file. */ - /* XXX New search here? */ - if ((count_dots(lookup->textname) >= ndots) || !usesearch) - lookup->origin = NULL; /* Force abs lookup */ - else if (lookup->origin == NULL && lookup->new_search && usesearch) - lookup->origin = ISC_LIST_HEAD(search_list); + if (lookup->new_search) { +#ifdef WITH_IDN + if ((count_dots(utf8_textname) >= ndots) || !usesearch) { + lookup->origin = NULL; /* Force abs lookup */ + lookup->done_as_is = ISC_TRUE; + lookup->need_search = usesearch; + } else if (lookup->origin == NULL && usesearch) { + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } +#else + if ((count_dots(lookup->textname) >= ndots) || !usesearch) { + lookup->origin = NULL; /* Force abs lookup */ + lookup->done_as_is = ISC_TRUE; + lookup->need_search = usesearch; + } else if (lookup->origin == NULL && usesearch) { + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } +#endif + } +#ifdef WITH_IDN + if (lookup->origin != NULL) { + mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, + lookup->origin->origin, utf8_origin, + sizeof(utf8_origin)); + idn_check_result(mr, "convert origin to UTF-8"); + mr = append_textname(utf8_textname, utf8_origin, + sizeof(utf8_textname)); + idn_check_result(mr, "append origin to textname"); + } + mr = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP | + IDN_IDNCONV | IDN_LENCHECK, utf8_textname, + idn_textname, sizeof(idn_textname)); + idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); +#else if (lookup->origin != NULL) { debug("trying origin %s", lookup->origin->origin); result = dns_message_gettempname(lookup->sendmsg, @@ -1687,11 +1900,22 @@ setup_lookup(dig_lookup_t *lookup) { lookup->textname, isc_result_totext(result)); } dns_message_puttempname(lookup->sendmsg, &lookup->oname); - } else { + } else +#endif + { debug("using root origin"); if (lookup->trace && lookup->trace_root) dns_name_clone(dns_rootname, lookup->name); else { +#ifdef WITH_IDN + len = strlen(idn_textname); + isc_buffer_init(&b, idn_textname, len); + isc_buffer_add(&b, len); + result = dns_name_fromtext(lookup->name, &b, + dns_rootname, + ISC_FALSE, + &lookup->namebuf); +#else len = strlen(lookup->textname); isc_buffer_init(&b, lookup->textname, len); isc_buffer_add(&b, len); @@ -1699,6 +1923,7 @@ setup_lookup(dig_lookup_t *lookup) { dns_rootname, ISC_FALSE, &lookup->namebuf); +#endif } if (result != ISC_R_SUCCESS) { dns_message_puttempname(lookup->sendmsg, @@ -1757,12 +1982,15 @@ setup_lookup(dig_lookup_t *lookup) { if ((lookup->rdtype == dns_rdatatype_axfr) || (lookup->rdtype == dns_rdatatype_ixfr)) { - lookup->doing_xfr = ISC_TRUE; /* - * Force TCP mode if we're doing an xfr. - * XXX UDP ixfr's would be useful + * Force TCP mode if we're doing an axfr. */ - lookup->tcp_mode = ISC_TRUE; + if (lookup->rdtype == dns_rdatatype_axfr) { + lookup->doing_xfr = ISC_TRUE; + lookup->tcp_mode = ISC_TRUE; + } else if (lookup->tcp_mode) { + lookup->doing_xfr = ISC_TRUE; + } } add_question(lookup->sendmsg, lookup->name, lookup->rdclass, @@ -1793,10 +2021,13 @@ setup_lookup(dig_lookup_t *lookup) { result = dns_message_renderbegin(lookup->sendmsg, &cctx, &lookup->renderbuf); check_result(result, "dns_message_renderbegin"); - if (lookup->udpsize > 0 || lookup->dnssec) { + if (lookup->udpsize > 0 || lookup->dnssec || lookup->edns > -1) { if (lookup->udpsize == 0) - lookup->udpsize = 2048; - add_opt(lookup->sendmsg, lookup->udpsize, lookup->dnssec); + lookup->udpsize = 4096; + if (lookup->edns < 0) + lookup->edns = 0; + add_opt(lookup->sendmsg, lookup->udpsize, + lookup->edns, lookup->dnssec, lookup->nsid); } result = dns_message_rendersection(lookup->sendmsg, @@ -1844,6 +2075,7 @@ setup_lookup(dig_lookup_t *lookup) { query->userarg = serv->userarg; query->rr_count = 0; query->msg_count = 0; + query->byte_count = 0; ISC_LINK_INIT(query, link); ISC_LIST_INIT(query->recvlist); ISC_LIST_INIT(query->lengthlist); @@ -1862,12 +2094,13 @@ setup_lookup(dig_lookup_t *lookup) { } /* XXX qrflag, print_query, etc... */ if (!ISC_LIST_EMPTY(lookup->q) && qr) { + extrabytes = 0; printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg, ISC_TRUE); } } -/* +/*% * Event handler for send completion. Track send counter, and clear out * the query if the send was canceled. */ @@ -1891,7 +2124,7 @@ send_done(isc_task_t *_task, isc_event_t *event) { for (b = ISC_LIST_HEAD(sevent->bufferlist); b != NULL; - b = ISC_LIST_HEAD(sevent->bufferlist)) + b = ISC_LIST_HEAD(sevent->bufferlist)) ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); query = event->ev_arg; @@ -1914,7 +2147,7 @@ send_done(isc_task_t *_task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Cancel a lookup, sending isc_socket_cancel() requests to all outstanding * IO sockets. The cancel handlers should take care of cleaning up the * query and lookup structures @@ -1971,12 +2204,27 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) { &l->interval, global_task, connect_timeout, l, &l->timer); check_result(result, "isc_timer_create"); -} +} + +static void +force_timeout(dig_lookup_t *l, dig_query_t *query) { + isc_event_t *event; + + event = isc_event_allocate(mctx, query, ISC_TIMEREVENT_IDLE, + connect_timeout, l, + sizeof(isc_event_t)); + if (event == NULL) { + fatal("isc_event_allocate: %s", + isc_result_totext(ISC_R_NOMEMORY)); + } + isc_task_send(global_task, &event); +} + static void connect_done(isc_task_t *task, isc_event_t *event); -/* +/*% * Unlike send_udp, this can't be called multiple times with the same * query. When we retry TCP, we requeue the whole lookup, which should * start anew. @@ -1992,8 +2240,17 @@ send_tcp_connect(dig_query_t *query) { l = query->lookup; query->waiting_connect = ISC_TRUE; query->lookup->current_query = query; - get_address(query->servname, port, &query->sockaddr); - + result = get_address(query->servname, port, &query->sockaddr); + if (result == ISC_R_NOTFOUND) { + /* + * This servname doesn't have an address. Try the next server + * by triggering an immediate 'timeout' (we lie, but the effect + * is the same). + */ + force_timeout(l, query); + return; + } + if (specified_source && (isc_sockaddr_pf(&query->sockaddr) != isc_sockaddr_pf(&bind_address))) { @@ -2019,14 +2276,15 @@ send_tcp_connect(dig_query_t *query) { sockcount++; debug("sockcount=%d", sockcount); if (specified_source) - result = isc_socket_bind(query->sock, &bind_address); + result = isc_socket_bind(query->sock, &bind_address, + ISC_SOCKET_REUSEADDRESS); else { if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) && have_ipv4) isc_sockaddr_any(&bind_any); else isc_sockaddr_any6(&bind_any); - result = isc_socket_bind(query->sock, &bind_any); + result = isc_socket_bind(query->sock, &bind_any, 0); } check_result(result, "isc_socket_bind"); bringup_timer(query, TCP_TIMEOUT); @@ -2045,7 +2303,7 @@ send_tcp_connect(dig_query_t *query) { } } -/* +/*% * Send a UDP packet to the remote nameserver, possible starting the * recv action as well. Also make sure that the timer is running and * is properly reset. @@ -2064,7 +2322,12 @@ send_udp(dig_query_t *query) { if (!query->recv_made) { /* XXX Check the sense of this, need assertion? */ query->waiting_connect = ISC_FALSE; - get_address(query->servname, port, &query->sockaddr); + result = get_address(query->servname, port, &query->sockaddr); + if (result == ISC_R_NOTFOUND) { + /* This servname doesn't have an address. */ + force_timeout(l, query); + return; + } result = isc_socket_create(socketmgr, isc_sockaddr_pf(&query->sockaddr), @@ -2073,11 +2336,12 @@ send_udp(dig_query_t *query) { sockcount++; debug("sockcount=%d", sockcount); if (specified_source) { - result = isc_socket_bind(query->sock, &bind_address); + result = isc_socket_bind(query->sock, &bind_address, + ISC_SOCKET_REUSEADDRESS); } else { isc_sockaddr_anyofpf(&bind_any, isc_sockaddr_pf(&query->sockaddr)); - result = isc_socket_bind(query->sock, &bind_any); + result = isc_socket_bind(query->sock, &bind_any, 0); } check_result(result, "isc_socket_bind"); @@ -2106,7 +2370,7 @@ send_udp(dig_query_t *query) { sendcount++; } -/* +/*% * IO timeout handler, used for both connect and recv timeouts. If * retries are still allowed, either resend the UDP packet or queue a * new TCP lookup. Otherwise, cancel the lookup. @@ -2134,8 +2398,14 @@ connect_timeout(isc_task_t *task, isc_event_t *event) { cq = query->lookup->current_query; if (!l->tcp_mode) send_udp(ISC_LIST_NEXT(cq, link)); - else + else { + isc_socket_cancel(query->sock, NULL, + ISC_SOCKCANCEL_ALL); + isc_socket_detach(&query->sock); + sockcount--; + debug("sockcount=%d", sockcount); send_tcp_connect(ISC_LIST_NEXT(cq, link)); + } UNLOCK_LOOKUP; return; } @@ -2165,7 +2435,7 @@ connect_timeout(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Event handler for the TCP recv which gets the length header of TCP * packets. Start the next recv of length bytes. */ @@ -2249,7 +2519,7 @@ tcp_length_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * For transfers that involve multiple recvs (XFR's in particular), * launch the next recv. */ @@ -2308,7 +2578,7 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { return; } -/* +/*% * Event handler for TCP connect complete. Make sure the connection was * successful, then pass into launch_next_query to actually send the * question. @@ -2388,7 +2658,7 @@ connect_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Check if the ongoing XFR needs more data before it's complete, using * the semantics of IXFR and AXFR protocols. Much of the complexity of * this routine comes from determining when an IXFR is complete. @@ -2416,6 +2686,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, */ query->msg_count++; + query->byte_count += sevent->n; result = dns_message_firstname(msg, DNS_SECTION_ANSWER); if (result != ISC_R_SUCCESS) { puts("; Transfer failed."); @@ -2462,7 +2733,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, goto next_rdata; /* Now we have an SOA. Work with it. */ debug("got an SOA"); - (void)dns_rdata_tostruct(&rdata, &soa, NULL); + result = dns_rdata_tostruct(&rdata, &soa, NULL); + check_result(result, "dns_rdata_tostruct"); serial = soa.serial; dns_rdata_freestruct(&soa); if (!query->first_soa_rcvd) { @@ -2531,7 +2803,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, return (ISC_TRUE); } -/* +/*% * Event handler for recv complete. Perform whatever actions are necessary, * based on the specifics of the user's request. */ @@ -2616,7 +2888,11 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->tcp_mode && - !isc_sockaddr_equal(&sevent->address, &query->sockaddr)) { + !isc_sockaddr_compare(&sevent->address, &query->sockaddr, + ISC_SOCKADDR_CMPADDR| + ISC_SOCKADDR_CMPPORT| + ISC_SOCKADDR_CMPSCOPE| + ISC_SOCKADDR_CMPSCOPEZERO)) { char buf1[ISC_SOCKADDR_FORMATSIZE]; char buf2[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t any; @@ -2626,26 +2902,11 @@ recv_done(isc_task_t *task, isc_event_t *event) { else isc_sockaddr_any6(&any); -#ifdef ISC_PLATFORM_HAVESCOPEID - /* - * Accept answers from any scope if we havn't specified the - * scope as long as the address and port match. - */ - if (isc_sockaddr_pf(&query->sockaddr) == AF_INET6 && - query->sockaddr.type.sin6.sin6_scope_id == 0 && - memcmp(&sevent->address.type.sin6.sin6_addr, - &query->sockaddr.type.sin6.sin6_addr, - sizeof(query->sockaddr.type.sin6.sin6_addr)) == 0 && - isc_sockaddr_getport(&sevent->address) == - isc_sockaddr_getport(&query->sockaddr)) - /* empty */; - else -#endif /* - * We don't expect a match above when the packet is - * sent to 0.0.0.0, :: or to a multicast addresses. - * XXXMPA broadcast needs to be handled here as well. - */ + * We don't expect a match when the packet is + * sent to 0.0.0.0, :: or to a multicast addresses. + * XXXMPA broadcast needs to be handled here as well. + */ if ((!isc_sockaddr_eqaddr(&query->sockaddr, &any) && !isc_sockaddr_ismulticast(&query->sockaddr)) || isc_sockaddr_getport(&query->sockaddr) != @@ -2660,7 +2921,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { } } - result = dns_message_peekheader(b, &id, &msgflags); + result = dns_message_peekheader(b, &id, &msgflags); if (result != ISC_R_SUCCESS || l->sendmsg->id != id) { match = ISC_FALSE; if (l->tcp_mode) { @@ -2695,18 +2956,11 @@ recv_done(isc_task_t *task, isc_event_t *event) { "(< header size) message received\n"); } - if (!match) { - isc_buffer_invalidate(&query->recvbuf); - isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE); - ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link); - result = isc_socket_recvv(query->sock, &query->recvlist, 1, - global_task, recv_done, query); - check_result(result, "isc_socket_recvv"); - recvcount++; - isc_event_free(&event); - UNLOCK_LOOKUP; - return; - } + if (result == ISC_R_SUCCESS && (msgflags & DNS_MESSAGEFLAG_QR) == 0) + printf(";; Warning: query response not set\n"); + + if (!match) + goto udp_mismatch; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg); check_result(result, "dns_message_create"); @@ -2761,8 +3015,54 @@ recv_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; return; } - if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 - && !l->ignore && !l->tcp_mode) { + if (msg->counts[DNS_SECTION_QUESTION] != 0) { + match = ISC_TRUE; + for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION); + result == ISC_R_SUCCESS && match; + result = dns_message_nextname(msg, DNS_SECTION_QUESTION)) { + dns_name_t *name = NULL; + dns_rdataset_t *rdataset; + + dns_message_currentname(msg, DNS_SECTION_QUESTION, + &name); + for (rdataset = ISC_LIST_HEAD(name->list); + rdataset != NULL; + rdataset = ISC_LIST_NEXT(rdataset, link)) { + if (l->rdtype != rdataset->type || + l->rdclass != rdataset->rdclass || + !dns_name_equal(l->name, name)) { + char namestr[DNS_NAME_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; + char classbuf[DNS_RDATACLASS_FORMATSIZE]; + dns_name_format(name, namestr, + sizeof(namestr)); + dns_rdatatype_format(rdataset->type, + typebuf, + sizeof(typebuf)); + dns_rdataclass_format(rdataset->rdclass, + classbuf, + sizeof(classbuf)); + printf(";; Question section mismatch: " + "got %s/%s/%s\n", + namestr, typebuf, classbuf); + match = ISC_FALSE; + } + } + } + if (!match) { + dns_message_destroy(&msg); + if (l->tcp_mode) { + isc_event_free(&event); + clear_query(query); + check_next_lookup(l); + UNLOCK_LOOKUP; + return; + } else + goto udp_mismatch; + } + } + if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 && + !l->ignore && !l->tcp_mode) { printf(";; Truncated, retrying in TCP mode.\n"); n = requeue_lookup(l, ISC_TRUE); n->tcp_mode = ISC_TRUE; @@ -2774,8 +3074,10 @@ recv_done(isc_task_t *task, isc_event_t *event) { check_next_lookup(l); UNLOCK_LOOKUP; return; - } - if (msg->rcode == dns_rcode_servfail && !l->servfail_stops) { + } + if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) || + (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse)) + { dig_query_t *next = ISC_LIST_NEXT(query, link); if (l->current_query == query) l->current_query = NULL; @@ -2793,9 +3095,13 @@ recv_done(isc_task_t *task, isc_event_t *event) { */ if ((ISC_LIST_HEAD(l->q) != query) || (ISC_LIST_NEXT(query, link) != NULL)) { - printf(";; Got SERVFAIL reply from %s, " - "trying next server\n", - query->servname); + if( l->comments == ISC_TRUE ) + printf(";; Got %s from %s, " + "trying next server\n", + msg->rcode == dns_rcode_servfail ? + "SERVFAIL reply" : + "recursion not available", + query->servname); clear_query(query); check_next_lookup(l); dns_message_destroy(&msg); @@ -2822,6 +3128,8 @@ recv_done(isc_task_t *task, isc_event_t *event) { check_result(result,"dns_message_getquerytsig"); } + extrabytes = isc_buffer_remaininglength(b); + debug("after parse"); if (l->doing_xfr && l->xfr_q == NULL) { l->xfr_q = query; @@ -2856,8 +3164,9 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->doing_xfr || l->xfr_q == query) { - if (msg->rcode != dns_rcode_noerror && l->origin != NULL) { - if (!next_origin(msg, query)) { + if (msg->rcode != dns_rcode_noerror && + (l->origin != NULL || l->need_search)) { + if (!next_origin(msg, query) || showsearch) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); } @@ -2925,11 +3234,11 @@ recv_done(isc_task_t *task, isc_event_t *event) { isc_buffer_usedregion(b, &r); result = isc_buffer_allocate(mctx, &buf, r.length); - + check_result(result, "isc_buffer_allocate"); result = isc_buffer_copyregion(buf, &r); check_result(result, "isc_buffer_copyregion"); - + result = dns_message_parse(msg_temp, buf, 0); isc_buffer_free(&buf); @@ -2946,7 +3255,6 @@ recv_done(isc_task_t *task, isc_event_t *event) { chase_msg2->msg = msg; } #endif - } #ifdef DIG_SIGCHASE @@ -3007,14 +3315,27 @@ recv_done(isc_task_t *task, isc_event_t *event) { } isc_event_free(&event); UNLOCK_LOOKUP; + return; + + udp_mismatch: + isc_buffer_invalidate(&query->recvbuf); + isc_buffer_init(&query->recvbuf, query->recvspace, COMMSIZE); + ISC_LIST_ENQUEUE(query->recvlist, &query->recvbuf, link); + result = isc_socket_recvv(query->sock, &query->recvlist, 1, + global_task, recv_done, query); + check_result(result, "isc_socket_recvv"); + recvcount++; + isc_event_free(&event); + UNLOCK_LOOKUP; + return; } -/* +/*% * Turn a name into an address, using system-supplied routines. This is * used in looking up server names, etc... and needs to use system-supplied * routines, since they may be using a non-DNS system for these lookups. */ -void +isc_result_t get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { int count; isc_result_t result; @@ -3023,12 +3344,14 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { result = bind9_getaddresses(host, port, sockaddr, 1, &count); isc_app_unblock(); if (result != ISC_R_SUCCESS) - fatal("couldn't get address for '%s': %s", - host, isc_result_totext(result)); + return (result); + INSIST(count == 1); + + return (ISC_R_SUCCESS); } -/* +/*% * Initiate either a TCP or UDP lookup */ void @@ -3044,7 +3367,7 @@ do_lookup(dig_lookup_t *lookup) { send_udp(ISC_LIST_HEAD(lookup->q)); } -/* +/*% * Start everything in action upon task startup. */ void @@ -3057,7 +3380,7 @@ onrun_callback(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; } -/* +/*% * Make everything on the lookup queue go away. Mainly used by the * SIGINT handler. */ @@ -3079,7 +3402,7 @@ cancel_all(void) { isc_timer_detach(¤t_lookup->timer); q = ISC_LIST_HEAD(current_lookup->q); while (q != NULL) { - debug("cancelling query %p, belonging to %p", + debug("canceling query %p, belonging to %p", q, current_lookup); nq = ISC_LIST_NEXT(q, link); if (q->sock != NULL) { @@ -3101,7 +3424,7 @@ cancel_all(void) { UNLOCK_LOOKUP; } -/* +/*% * Destroy all of the libs we are using, and get everything ready for a * clean shutdown. */ @@ -3111,6 +3434,9 @@ destroy_libs(void) { void * ptr; dig_message_t *chase_msg; #endif +#ifdef WITH_IDN + isc_result_t result; +#endif debug("destroy_libs()"); if (global_task != NULL) { @@ -3142,6 +3468,13 @@ destroy_libs(void) { flush_server_list(); clear_searchlist(); + +#ifdef WITH_IDN + result = dns_name_settotextfilter(NULL); + check_result(result, "dns_name_settotextfilter"); +#endif + dns_name_destroy(); + if (commctx != NULL) { debug("freeing commctx"); isc_mempool_destroy(&commctx); @@ -3210,7 +3543,7 @@ destroy_libs(void) { #endif debug("Destroy memory"); - + #endif if (memdebugging != 0) isc_mem_stats(mctx, stderr); @@ -3218,8 +3551,104 @@ destroy_libs(void) { isc_mem_destroy(&mctx); } +#ifdef WITH_IDN +static void +initialize_idn(void) { + idn_result_t r; + isc_result_t result; + +#ifdef HAVE_SETLOCALE + /* Set locale */ + (void)setlocale(LC_ALL, ""); +#endif + /* Create configuration context. */ + r = idn_nameinit(1); + if (r != idn_success) + fatal("idn api initialization failed: %s", + idn_result_tostring(r)); + + /* Set domain name -> text post-conversion filter. */ + result = dns_name_settotextfilter(output_filter); + check_result(result, "dns_name_settotextfilter"); +} + +static isc_result_t +output_filter(isc_buffer_t *buffer, unsigned int used_org, + isc_boolean_t absolute) +{ + char tmp1[MAXDLEN], tmp2[MAXDLEN]; + size_t fromlen, tolen; + isc_boolean_t end_with_dot; + + /* + * Copy contents of 'buffer' to 'tmp1', supply trailing dot + * if 'absolute' is true, and terminate with NUL. + */ + fromlen = isc_buffer_usedlength(buffer) - used_org; + if (fromlen >= MAXDLEN) + return (ISC_R_SUCCESS); + memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen); + end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; + if (absolute && !end_with_dot) { + fromlen++; + if (fromlen >= MAXDLEN) + return (ISC_R_SUCCESS); + tmp1[fromlen - 1] = '.'; + } + tmp1[fromlen] = '\0'; + + /* + * Convert contents of 'tmp1' to local encoding. + */ + if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success) + return (ISC_R_SUCCESS); + strcpy(tmp1, tmp2); + /* + * Copy the converted contents in 'tmp1' back to 'buffer'. + * If we have appended trailing dot, remove it. + */ + tolen = strlen(tmp1); + if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') + tolen--; + + if (isc_buffer_length(buffer) < used_org + tolen) + return (ISC_R_NOSPACE); + + isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org); + memcpy(isc_buffer_used(buffer), tmp1, tolen); + isc_buffer_add(buffer, tolen); + + return (ISC_R_SUCCESS); +} +static idn_result_t +append_textname(char *name, const char *origin, size_t namesize) { + size_t namelen = strlen(name); + size_t originlen = strlen(origin); + + /* Already absolute? */ + if (namelen > 0 && name[namelen - 1] == '.') + return idn_success; + + /* Append dot and origin */ + + if (namelen + 1 + originlen >= namesize) + return idn_buffer_overflow; + + name[namelen++] = '.'; + (void)strcpy(name + namelen, origin); + return idn_success; +} + +static void +idn_check_result(idn_result_t r, const char *msg) { + if (r != idn_success) { + exitcode = 1; + fatal("%s: %s", msg, idn_result_tostring(r)); + } +} +#endif /* WITH_IDN */ #ifdef DIG_SIGCHASE void @@ -3254,7 +3683,7 @@ dump_database_section(dns_message_t *msg, int section) dns_message_currentname(msg, section, &msg_name); for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL; - rdataset = ISC_LIST_NEXT(rdataset, link)) { + rdataset = ISC_LIST_NEXT(rdataset, link)) { dns_name_print(msg_name, stdout); printf("\n"); print_rdataset(msg_name, rdataset, mctx); @@ -3277,7 +3706,7 @@ dump_database(void) { if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY) == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_AUTHORITY); - + if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL) == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL); @@ -3289,7 +3718,7 @@ dns_rdataset_t * search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { dns_rdataset_t *rdataset; dns_rdata_sig_t siginfo; - dns_rdata_t sigrdata; + dns_rdata_t sigrdata = DNS_RDATA_INIT; isc_result_t result; for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; @@ -3299,7 +3728,6 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { return (rdataset); } else if ((type == dns_rdatatype_rrsig) && (rdataset->type == dns_rdatatype_rrsig)) { - dns_rdata_init(&sigrdata); result = dns_rdataset_first(rdataset); check_result(result, "empty rdataset"); dns_rdataset_current(rdataset, &sigrdata); @@ -3309,7 +3737,7 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { if ((siginfo.covered == covers) || (covers == dns_rdatatype_any)) { dns_rdata_reset(&sigrdata); - dns_rdata_freestruct(&siginfo); + dns_rdata_freestruct(&siginfo); return (rdataset); } dns_rdata_reset(&sigrdata); @@ -3516,7 +3944,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { isc_mem_free(mctx, tempname); return (ISC_R_FAILURE); } - + x = cp--; while (cp >= tempname && *cp == 'X') { isc_random_get(&which); @@ -3528,12 +3956,12 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { tempnamekey = isc_mem_allocate(mctx, tempnamekeylen); if (tempnamekey == NULL) return (ISC_R_NOMEMORY); - + memset(tempnamekey, 0, tempnamekeylen); strncpy(tempnamekey, tempname, tempnamelen); strcat(tempnamekey ,".key"); - + if (isc_file_exists(tempnamekey)) { isc_mem_free(mctx, tempnamekey); isc_mem_free(mctx, tempname); @@ -3554,7 +3982,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { cleanup: isc_mem_free(mctx, tempname); - + return (result); } @@ -3593,7 +4021,7 @@ get_trusted_key(isc_mem_t *mctx) filename); return (ISC_R_FAILURE); } - while (fgets(buf, 1500, fp) != NULL) { + while (fgets(buf, sizeof(buf), fp) != NULL) { result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp); if (result != ISC_R_SUCCESS) { fclose(fp); @@ -3701,9 +4129,8 @@ prepare_lookup(dns_name_t *name) dns_rdataset_current(chase_nsrdataset, &rdata); - (void)dns_rdata_tostruct(&rdata, &ns, NULL); - - + result = dns_rdata_tostruct(&rdata, &ns, NULL); + check_result(result, "dns_rdata_tostruct"); #ifdef __FOLLOW_GLUE__ @@ -3730,7 +4157,7 @@ prepare_lookup(dns_name_t *name) srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } @@ -3760,7 +4187,7 @@ prepare_lookup(dns_name_t *name) srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } @@ -3772,7 +4199,7 @@ prepare_lookup(dns_name_t *name) dns_name_print(&ns.name, stdout); printf("\n"); srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); #endif @@ -3823,7 +4250,7 @@ isc_result_t grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset) { isc_result_t result; - dns_rdata_t sigrdata; + dns_rdata_t sigrdata = DNS_RDATA_INIT; dns_rdata_sig_t siginfo; result = dns_rdataset_first(sigrdataset); @@ -3843,6 +4270,7 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset) } dns_rdata_freestruct(&siginfo); + dns_rdata_reset(&sigrdata); } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS); @@ -3919,7 +4347,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) { * return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key * and the RRset is valid * return ISC_R_NOTFOUND if not contains trusted key - or if the RRset isn't valid + or if the RRset isn't valid * return ISC_R_FAILURE if problem * */ @@ -3929,7 +4357,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) { isc_result_t result; - dns_rdata_t rdata; + dns_rdata_t rdata = DNS_RDATA_INIT; dst_key_t *trustedKey = NULL; dst_key_t *dnsseckey = NULL; int i; @@ -3939,12 +4367,11 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, result = dns_rdataset_first(rdataset); check_result(result, "empty rdataset"); - dns_rdata_init(&rdata); do { dns_rdataset_current(rdataset, &rdata); INSIST(rdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -3954,7 +4381,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, if (dst_key_compare(tk_list.key[i], dnsseckey) == ISC_TRUE) { dns_rdata_reset(&rdata); - + printf(";; Ok, find a Trusted Key in the " "DNSKEY RRset: %d\n", dst_key_id(dnsseckey)); @@ -3989,7 +4416,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) { isc_result_t result; - dns_rdata_t keyrdata; + dns_rdata_t keyrdata = DNS_RDATA_INIT; dst_key_t *dnsseckey = NULL; result = dns_rdataset_first(keyrdataset); @@ -3999,7 +4426,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4012,6 +4439,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset, return (ISC_R_SUCCESS); } dst_key_free(&dnsseckey); + dns_rdata_reset(&keyrdata); } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS); dns_rdata_reset(&keyrdata); @@ -4025,7 +4453,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx) { isc_result_t result; - dns_rdata_t sigrdata; + dns_rdata_t sigrdata = DNS_RDATA_INIT; dns_rdata_sig_t siginfo; result = dns_rdataset_first(sigrdataset); @@ -4063,6 +4491,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset, } } dns_rdata_freestruct(&siginfo); + dns_rdata_reset(&sigrdata); } while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS); @@ -4077,30 +4506,28 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdataset_t *dsrdataset, isc_mem_t *mctx) { isc_result_t result; - dns_rdata_t keyrdata; - dns_rdata_t newdsrdata; - dns_rdata_t dsrdata; + dns_rdata_t keyrdata = DNS_RDATA_INIT; + dns_rdata_t newdsrdata = DNS_RDATA_INIT; + dns_rdata_t dsrdata = DNS_RDATA_INIT; dns_rdata_ds_t dsinfo; dst_key_t *dnsseckey = NULL; unsigned char dsbuf[DNS_DS_BUFFERSIZE]; result = dns_rdataset_first(dsrdataset); check_result(result, "empty DSset dataset"); - dns_rdata_init(&dsrdata); do { dns_rdataset_current(dsrdataset, &dsrdata); result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL); - check_result(result, "dns_rdata_tostruct for DS"); + check_result(result, "dns_rdata_tostruct for DS"); result = dns_rdataset_first(keyrdataset); check_result(result, "empty KEY dataset"); - dns_rdata_init(&keyrdata); do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4110,7 +4537,6 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, * id of DNSKEY referenced by the DS */ if (dsinfo.key_tag == dst_key_id(dnsseckey)) { - dns_rdata_init(&newdsrdata); result = dns_ds_buildrdata(name, &keyrdata, dsinfo.digest_type, @@ -4127,8 +4553,8 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, " new DS rdata\n"); return (result); } - - + + if (dns_rdata_compare(&dsrdata, &newdsrdata) == 0) { printf(";; OK a DS valids a DNSKEY" @@ -4136,7 +4562,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, printf(";; Now verify that this" " DNSKEY validates the " "DNSKEY RRset\n"); - + result = sigchase_verify_sig_key(name, keyrdataset, dnsseckey, @@ -4147,7 +4573,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_reset(&newdsrdata); dns_rdata_reset(&dsrdata); dst_key_free(&dnsseckey); - + return (result); } } else { @@ -4158,14 +4584,16 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_reset(&newdsrdata); } dst_key_free(&dnsseckey); + dns_rdata_reset(&keyrdata); dnsseckey = NULL; } while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS); - dns_rdata_reset(&keyrdata); + dns_rdata_reset(&dsrdata); } while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS); -#if 0 - dns_rdata_reset(&dsrdata); WARNING -#endif + + dns_rdata_reset(&keyrdata); + dns_rdata_reset(&newdsrdata); + dns_rdata_reset(&dsrdata); return (ISC_R_NOTFOUND); } @@ -4372,7 +4800,7 @@ sigchase_td(dns_message_t *msg) chase_sigrdataset = NULL; have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; - + dns_name_init(&tmp_name, NULL); result = child_of_zone(&chase_name, &chase_current_name, &tmp_name); @@ -4454,7 +4882,7 @@ sigchase_td(dns_message_t *msg) prepare_lookup(&chase_authority_name); - + have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; delegation_follow = ISC_TRUE; @@ -4558,7 +4986,7 @@ getneededrr(dns_message_t *msg) { isc_result_t result; dns_name_t *name = NULL; - dns_rdata_t sigrdata; + dns_rdata_t sigrdata = DNS_RDATA_INIT; dns_rdata_sig_t siginfo; isc_boolean_t true = ISC_TRUE; @@ -4612,7 +5040,6 @@ getneededrr(dns_message_t *msg) /* first find the DNSKEY name */ result = dns_rdataset_first(chase_sigrdataset); check_result(result, "empty RRSIG dataset"); - dns_rdata_init(&sigrdata); dns_rdataset_current(chase_sigrdataset, &sigrdata); result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL); check_result(result, "sigrdata tostruct siginfo"); @@ -4769,7 +5196,7 @@ sigchase_bu(dns_message_t *msg) } printf(";; An NSEC prove the non-existence of a answers," " Now we want validate this NSEC\n"); - + dup_name(&rdata_name, &chase_name, mctx); free_name(&rdata_name, mctx); chase_rdataset = rdataset; @@ -4990,6 +5417,7 @@ prove_nx_domain(dns_message_t *msg, } dns_rdata_freestruct(&nsecstruct); + dns_rdata_reset(&nsec); } } while (dns_message_nextname(msg, DNS_SECTION_AUTHORITY) == ISC_R_SUCCESS); @@ -5021,7 +5449,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset, ret = dns_rdataset_first(nsecset); check_result(ret,"dns_rdataset_first"); - + dns_rdataset_current(nsecset, &nsec); ret = dns_nsec_typepresent(&nsec, type); @@ -5057,7 +5485,7 @@ prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class, isc_result_t ret; dns_rdataset_t *nsecset = NULL; - printf("We want to prove the non-existance of a type of rdata %d" + printf("We want to prove the non-existence of a type of rdata %d" " or of the zone: \n", type); if ((ret = dns_message_firstname(msg, DNS_SECTION_AUTHORITY)) @@ -5089,5 +5517,6 @@ prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class, rdataset, sigrdataset); return (ret); } + /* Never get here */ } #endif diff --git a/contrib/bind-9.3/bin/dig/host.1 b/contrib/bind-9.5.2/bin/dig/host.1 similarity index 74% rename from contrib/bind-9.3/bin/dig/host.1 rename to contrib/bind-9.5.2/bin/dig/host.1 index 3a0432cc1d..9222ca2e22 100644 --- a/contrib/bind-9.3/bin/dig/host.1 +++ b/contrib/bind-9.5.2/bin/dig/host.1 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $ +.\" $Id: host.1,v 1.28.164.4 2009/07/11 01:43:27 tbox Exp $ .\" .hy 0 .ad l .\" Title: host .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ host \- DNS lookup utility .SH "SYNOPSIS" .HP 5 -\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] +\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] .SH "DESCRIPTION" .PP \fBhost\fR @@ -130,9 +130,9 @@ makes. This should mean that the name server receiving the query will not attemp \fB\-r\fR option enables \fBhost\fR -to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. +to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. .PP -By default +By default, \fBhost\fR uses UDP when making queries. The \fB\-T\fR @@ -152,9 +152,9 @@ The \fB\-t\fR option is used to select the query type. \fItype\fR -can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, +can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, \fBhost\fR -automatically selects an appropriate query type. By default it looks for A records, but if the +automatically selects an appropriate query type. By default, it looks for A, AAAA, and MX records, but if the \fB\-C\fR option was given, queries will be made for SOA records, and if \fIname\fR @@ -179,6 +179,32 @@ is less than one, the wait interval is set to one second. When the option is used, \fBhost\fR will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity. +.PP +The +\fB\-s\fR +option tells +\fBhost\fR +\fInot\fR +to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior. +.PP +The +\fB\-m\fR +can be used to set the memory usage debugging flags +\fIrecord\fR, +\fIusage\fR +and +\fItrace\fR. +.SH "IDN SUPPORT" +.PP +If +\fBhost\fR +has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names. +\fBhost\fR +appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the +\fBIDN_DISABLE\fR +environment variable. The IDN support is disabled if the variable is set when +\fBhost\fR +runs. .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -187,4 +213,7 @@ will effectively wait forever for a reply. The time to wait for a response will \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2002 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/dig/host.c b/contrib/bind-9.5.2/bin/dig/host.c similarity index 86% rename from contrib/bind-9.3/bin/dig/host.c rename to contrib/bind-9.5.2/bin/dig/host.c index 7d8ce9b80b..54655e906a 100644 --- a/contrib/bind-9.3/bin/dig/host.c +++ b/contrib/bind-9.5.2/bin/dig/host.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,25 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */ +/* $Id: host.c,v 1.116.12.3 2009/09/08 23:28:40 marka Exp $ */ + +/*! \file */ #include +#include #include +#ifdef HAVE_LOCALE_H +#include +#endif + +#ifdef WITH_IDN +#include +#include +#include +#include +#endif + #include #include #include @@ -110,12 +124,29 @@ struct rtype rtypes[] = { { 0, NULL } }; +static char * +rcode_totext(dns_rcode_t rcode) +{ + static char buf[sizeof("?65535")]; + union { + const char *consttext; + char *deconsttext; + } totext; + + if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) { + snprintf(buf, sizeof(buf), "?%u", rcode); + totext.deconsttext = buf; + } else + totext.consttext = rcodetext[rcode]; + return totext.deconsttext; +} + static void show_usage(void) { fputs( "Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n" -" [-R number] hostname [server]\n" -" -a is equivalent to -v -t *\n" +" [-R number] [-m flag] hostname [server]\n" +" -a is equivalent to -v -t ANY\n" " -c specifies query class for non-IN data\n" " -C compares SOA records on authoritative nameservers\n" " -d is equivalent to -v\n" @@ -124,13 +155,15 @@ show_usage(void) { " -N changes the number of dots allowed before root lookup is done\n" " -r disables recursive processing\n" " -R specifies number of retries for UDP packets\n" +" -s a SERVFAIL response should stop query\n" " -t specifies the query type\n" " -T enables TCP/IP mode\n" " -v enables verbose output\n" " -w specifies to wait forever for a reply\n" " -W specifies how long to wait for a reply\n" " -4 use IPv4 query transport only\n" -" -6 use IPv6 query transport only\n", stderr); +" -6 use IPv6 query transport only\n" +" -m set memory debugging flag (trace|record|usage)\n", stderr); exit(1); } @@ -254,10 +287,10 @@ printsection(dns_message_t *msg, dns_section_t sectionid, if (query->lookup->rdtype == dns_rdatatype_axfr && !((!list_addresses && (list_type == dns_rdatatype_any || - rdataset->type == list_type)) || + rdataset->type == list_type)) || (list_addresses && (rdataset->type == dns_rdatatype_a || - rdataset->type == dns_rdatatype_aaaa || + rdataset->type == dns_rdatatype_aaaa || rdataset->type == dns_rdatatype_ns || rdataset->type == dns_rdatatype_ptr)))) continue; @@ -361,7 +394,7 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) { dns_rdata_t rdata = DNS_RDATA_INIT; unsigned int i = msg->counts[DNS_SECTION_ANSWER]; - while (i-- > 0) { + while (i-- > 0) { rdataset = NULL; result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname, dns_rdatatype_cname, 0, NULL, @@ -410,8 +443,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (msg->rcode != 0) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, namestr, sizeof(namestr)); - printf("Host %s not found: %d(%s)\n", namestr, - msg->rcode, rcodetext[msg->rcode]); + printf("Host %s not found: %d(%s)\n", + (msg->rcode != dns_rcode_nxdomain) ? namestr : + query->lookup->textname, msg->rcode, + rcode_totext(msg->rcode)); return (ISC_R_SUCCESS); } @@ -433,7 +468,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1] = 0; lookup->rdtype = dns_rdatatype_aaaa; - lookup->rdtypeset = ISC_TRUE; + lookup->rdtypeset = ISC_TRUE; lookup->origin = NULL; lookup->retries = tries; ISC_LIST_APPEND(lookup_list, lookup, link); @@ -444,7 +479,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1] = 0; lookup->rdtype = dns_rdatatype_mx; - lookup->rdtypeset = ISC_TRUE; + lookup->rdtypeset = ISC_TRUE; lookup->origin = NULL; lookup->retries = tries; ISC_LIST_APPEND(lookup_list, lookup, link); @@ -453,7 +488,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (!short_form) { printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n", - opcodetext[msg->opcode], rcodetext[msg->rcode], + opcodetext[msg->opcode], rcode_totext(msg->rcode), msg->id); printf(";; flags: "); if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) { @@ -556,6 +591,53 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { return (result); } +static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:"; + +static void +pre_parse_args(int argc, char **argv) { + int c; + + while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) { + switch (c) { + case 'm': + memdebugging = ISC_TRUE; + if (strcasecmp("trace", isc_commandline_argument) == 0) + isc_mem_debugging |= ISC_MEM_DEBUGTRACE; + else if (!strcasecmp("record", + isc_commandline_argument) == 0) + isc_mem_debugging |= ISC_MEM_DEBUGRECORD; + else if (strcasecmp("usage", + isc_commandline_argument) == 0) + isc_mem_debugging |= ISC_MEM_DEBUGUSAGE; + break; + + case '4': break; + case '6': break; + case 'a': break; + case 'c': break; + case 'd': break; + case 'i': break; + case 'l': break; + case 'n': break; + case 'r': break; + case 's': break; + case 't': break; + case 'v': break; + case 'w': break; + case 'C': break; + case 'D': break; + case 'N': break; + case 'R': break; + case 'T': break; + case 'W': break; + default: + show_usage(); + } + } + isc_commandline_reset = ISC_TRUE; + isc_commandline_index = 1; +} + static void parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { char hostname[MXNAME]; @@ -572,8 +654,10 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { lookup = make_empty_lookup(); - while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46")) - != EOF) { + lookup->servfail_stops = ISC_FALSE; + lookup->comments = ISC_FALSE; + + while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) { switch (c) { case 'l': lookup->tcp_mode = ISC_TRUE; @@ -612,6 +696,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { lookup->rdtype != dns_rdatatype_axfr) lookup->rdtype = rdtype; lookup->rdtypeset = ISC_TRUE; +#ifdef WITH_IDN + idnoptions = 0; +#endif if (rdtype == dns_rdatatype_axfr) { /* -l -t any -v */ list_type = dns_rdatatype_any; @@ -619,7 +706,15 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { lookup->tcp_mode = ISC_TRUE; } else if (rdtype == dns_rdatatype_ixfr) { lookup->ixfr_serial = serial; + lookup->tcp_mode = ISC_TRUE; + list_type = rdtype; +#ifdef WITH_IDN + } else if (rdtype == dns_rdatatype_a || + rdtype == dns_rdatatype_aaaa || + rdtype == dns_rdatatype_mx) { + idnoptions = IDN_ASCCHECK; list_type = rdtype; +#endif } else list_type = rdtype; list_addresses = ISC_FALSE; @@ -657,6 +752,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { case 'n': /* deprecated */ break; + case 'm': + /* Handled by pre_parse_args(). */ + break; case 'w': /* * The timer routines are coded such that @@ -710,6 +808,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { } else fatal("can't find IPv6 networking"); break; + case 's': + lookup->servfail_stops = ISC_TRUE; + break; } } @@ -724,7 +825,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { set_nameserver(argv[isc_commandline_index+1]); debug("server is %s", argv[isc_commandline_index+1]); listed_server = ISC_TRUE; - } + } else + check_ra = ISC_TRUE; lookup->pending = ISC_FALSE; if (get_reverse(store, sizeof(store), hostname, @@ -737,11 +839,10 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { } else { strncpy(lookup->textname, hostname, sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1]=0; + usesearch = ISC_TRUE; } lookup->new_search = ISC_TRUE; ISC_LIST_APPEND(lookup_list, lookup, link); - - usesearch = ISC_TRUE; } int @@ -753,11 +854,15 @@ main(int argc, char **argv) { ISC_LIST_INIT(lookup_list); ISC_LIST_INIT(server_list); ISC_LIST_INIT(search_list); - + fatalexit = 1; +#ifdef WITH_IDN + idnoptions = IDN_ASCCHECK; +#endif debug("main()"); progname = argv[0]; + pre_parse_args(argc, argv); result = isc_app_start(); check_result(result, "isc_app_start"); setup_libs(); @@ -771,4 +876,3 @@ main(int argc, char **argv) { isc_app_finish(); return ((seen_error == 0) ? 0 : 1); } - diff --git a/contrib/bind-9.5.2/bin/dig/host.html b/contrib/bind-9.5.2/bin/dig/host.html new file mode 100644 index 0000000000..de1323e23c --- /dev/null +++ b/contrib/bind-9.5.2/bin/dig/host.html @@ -0,0 +1,212 @@ + + + + + +host + + +
+
+
+

Name

+

host — DNS lookup utility

+
+
+

Synopsis

+

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

+
+
+

DESCRIPTION

+

host + is a simple utility for performing DNS lookups. + It is normally used to convert names to IP addresses and vice versa. + When no arguments or options are given, + host + prints a short summary of its command line arguments and options. +

+

name is the domain name that is to be + looked + up. It can also be a dotted-decimal IPv4 address or a colon-delimited + IPv6 address, in which case host will by + default + perform a reverse lookup for that address. + server is an optional argument which + is either + the name or IP address of the name server that host + should query instead of the server or servers listed in + /etc/resolv.conf. +

+

+ The -a (all) option is equivalent to setting the + -v option and asking host to make + a query of type ANY. +

+

+ When the -C option is used, host + will attempt to display the SOA records for zone + name from all the listed + authoritative name + servers for that zone. The list of name servers is defined by the NS + records that are found for the zone. +

+

+ The -c option instructs to make a DNS query of class + class. This can be used to lookup + Hesiod or + Chaosnet class resource records. The default class is IN (Internet). +

+

+ Verbose output is generated by host when + the + -d or -v option is used. The two + options are equivalent. They have been provided for backwards + compatibility. In previous versions, the -d option + switched on debugging traces and -v enabled verbose + output. +

+

+ List mode is selected by the -l option. This makes + host perform a zone transfer for zone + name. Transfer the zone printing out + the NS, PTR + and address records (A/AAAA). If combined with -a + all records will be printed. +

+

+ The -i + option specifies that reverse lookups of IPv6 addresses should + use the IP6.INT domain as defined in RFC1886. + The default is to use IP6.ARPA. +

+

+ The -N option sets the number of dots that have to be + in name for it to be considered + absolute. The + default value is that defined using the ndots statement in + /etc/resolv.conf, or 1 if no ndots + statement is + present. Names with fewer dots are interpreted as relative names and + will be searched for in the domains listed in the search + or domain directive in + /etc/resolv.conf. +

+

+ The number of UDP retries for a lookup can be changed with the + -R option. number + indicates + how many times host will repeat a query + that does + not get answered. The default number of retries is 1. If + number is negative or zero, the + number of + retries will default to 1. +

+

+ Non-recursive queries can be made via the -r option. + Setting this option clears the RD — recursion + desired — bit in the query which host makes. + This should mean that the name server receiving the query will not + attempt to resolve name. The + -r option enables host + to mimic + the behavior of a name server by making non-recursive queries and + expecting to receive answers to those queries that are usually + referrals to other name servers. +

+

+ By default, host uses UDP when making + queries. The + -T option makes it use a TCP connection when querying + the name server. TCP will be automatically selected for queries that + require it, such as zone transfer (AXFR) requests. +

+

+ The -4 option forces host to only + use IPv4 query transport. The -6 option forces + host to only use IPv6 query transport. +

+

+ The -t option is used to select the query type. + type can be any recognized query + type: CNAME, + NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, + host automatically selects an appropriate + query + type. By default, it looks for A, AAAA, and MX records, but if the + -C option was given, queries will be made for SOA + records, and if name is a + dotted-decimal IPv4 + address or colon-delimited IPv6 address, host will + query for PTR records. If a query type of IXFR is chosen the starting + serial number can be specified by appending an equal followed by the + starting serial number (e.g. -t IXFR=12345678). +

+

+ The time to wait for a reply can be controlled through the + -W and -w options. The + -W option makes host + wait for + wait seconds. If wait + is less than one, the wait interval is set to one second. When the + -w option is used, host + will + effectively wait forever for a reply. The time to wait for a response + will be set to the number of seconds given by the hardware's maximum + value for an integer quantity. +

+

+ The -s option tells host + not to send the query to the next nameserver + if any server responds with a SERVFAIL response, which is the + reverse of normal stub resolver behavior. +

+

+ The -m can be used to set the memory usage debugging + flags + record, usage and + trace. +

+
+
+

IDN SUPPORT

+

+ If host has been built with IDN (internationalized + domain name) support, it can accept and display non-ASCII domain names. + host appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. + If you'd like to turn off the IDN support for some reason, defines + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + host runs. +

+
+
+

FILES

+

/etc/resolv.conf +

+
+
+

SEE ALSO

+

dig(1), + named(8). +

+
+
+ diff --git a/contrib/bind-9.3/bin/dig/include/dig/dig.h b/contrib/bind-9.5.2/bin/dig/include/dig/dig.h similarity index 82% rename from contrib/bind-9.3/bin/dig/include/dig/dig.h rename to contrib/bind-9.5.2/bin/dig/include/dig/dig.h index 91dae5cf2e..bfb3acb37c 100644 --- a/contrib/bind-9.3/bin/dig/include/dig/dig.h +++ b/contrib/bind-9.5.2/bin/dig/include/dig/dig.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */ +/* $Id: dig.h,v 1.105.130.3 2008/12/16 02:59:46 jinmei Exp $ */ #ifndef DIG_H #define DIG_H +/*! \file */ + #include #include @@ -38,29 +40,36 @@ #define MXSERV 20 #define MXNAME (DNS_NAME_MAXTEXT+1) #define MXRD 32 +/*% Buffer Size */ #define BUFSIZE 512 #define COMMSIZE 0xffff #ifndef RESOLV_CONF +/*% location of resolve.conf */ #define RESOLV_CONF "/etc/resolv.conf" #endif +/*% output buffer */ #define OUTPUTBUF 32767 +/*% Max RR Limit */ #define MAXRRLIMIT 0xffffffff #define MAXTIMEOUT 0xffff +/*% Max number of tries */ #define MAXTRIES 0xffffffff +/*% Max number of dots */ #define MAXNDOTS 0xffff +/*% Max number of ports */ #define MAXPORT 0xffff +/*% Max serial number */ #define MAXSERIAL 0xffffffff -/* - * Default timeout values - */ +/*% Default TCP Timeout */ #define TCP_TIMEOUT 10 +/*% Default UDP Timeout */ #define UDP_TIMEOUT 5 #define SERVER_TIMEOUT 1 #define LOOKUP_LIMIT 64 -/* +/*% * Lookup_limit is just a limiter, keeping too many lookups from being * created. It's job is mainly to prevent the program from running away * in a tight loop of constant lookups. It's value is arbitrary. @@ -90,22 +99,23 @@ typedef struct dig_message dig_message_t; typedef ISC_LIST(dig_server_t) dig_serverlist_t; typedef struct dig_searchlist dig_searchlist_t; +/*% The dig_lookup structure */ struct dig_lookup { isc_boolean_t - pending, /* Pending a successful answer */ + pending, /*%< Pending a successful answer */ waiting_connect, doing_xfr, - ns_search_only, /* dig +nssearch, host -C */ - identify, /* Append an "on server " message */ - identify_previous_line, /* Prepend a "Nameserver :" + ns_search_only, /*%< dig +nssearch, host -C */ + identify, /*%< Append an "on server " message */ + identify_previous_line, /*% Prepend a "Nameserver :" message, with newline and tab */ ignore, recurse, aaonly, adflag, cdflag, - trace, /* dig +trace */ - trace_root, /* initial query for either +trace or +nssearch */ + trace, /*% dig +trace */ + trace_root, /*% initial query for either +trace or +nssearch */ tcp_mode, ip6_int, comments, @@ -116,28 +126,31 @@ struct dig_lookup { section_additional, servfail_stops, new_search, + need_search, + done_as_is, besteffort, - dnssec; + dnssec, + nsid; /*% Name Server ID (RFC 5001) */ #ifdef DIG_SIGCHASE isc_boolean_t sigchase; #if DIG_SIGCHASE_TD - isc_boolean_t do_topdown, - trace_root_sigchase, - rdtype_sigchaseset, - rdclass_sigchaseset; + isc_boolean_t do_topdown, + trace_root_sigchase, + rdtype_sigchaseset, + rdclass_sigchaseset; /* Name we are going to validate RRset */ - char textnamesigchase[MXNAME]; + char textnamesigchase[MXNAME]; #endif #endif - - char textname[MXNAME]; /* Name we're going to be looking up */ + + char textname[MXNAME]; /*% Name we're going to be looking up */ char cmdline[MXNAME]; dns_rdatatype_t rdtype; dns_rdatatype_t qrdtype; #if DIG_SIGCHASE_TD - dns_rdatatype_t rdtype_sigchase; - dns_rdatatype_t qrdtype_sigchase; - dns_rdataclass_t rdclass_sigchase; + dns_rdatatype_t rdtype_sigchase; + dns_rdatatype_t qrdtype_sigchase; + dns_rdataclass_t rdclass_sigchase; #endif dns_rdataclass_t rdclass; isc_boolean_t rdtypeset; @@ -162,14 +175,17 @@ isc_boolean_t sigchase; isc_uint32_t retries; int nsfound; isc_uint16_t udpsize; + isc_int16_t edns; isc_uint32_t ixfr_serial; isc_buffer_t rdatabuf; char rdatastore[MXNAME]; dst_context_t *tsigctx; isc_buffer_t *querysig; isc_uint32_t msgcounter; + dns_fixedname_t fdomain; }; +/*% The dig_query structure */ struct dig_query { dig_lookup_t *lookup; isc_boolean_t waiting_connect, @@ -200,6 +216,7 @@ struct dig_query { ISC_LINK(dig_query_t) link; isc_sockaddr_t sockaddr; isc_time_t time_sent; + isc_uint64_t byte_count; isc_buffer_t sendbuf; }; @@ -215,7 +232,7 @@ struct dig_searchlist { }; #ifdef DIG_SIGCHASE struct dig_message { - dns_message_t *msg; + dns_message_t *msg; ISC_LINK(dig_message_t) link; }; #endif @@ -230,9 +247,10 @@ typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t; extern dig_lookuplist_t lookup_list; extern dig_serverlist_t server_list; extern dig_searchlistlist_t search_list; +extern unsigned int extrabytes; -extern isc_boolean_t have_ipv4, have_ipv6, specified_source, - usesearch, qr; +extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source, + usesearch, showsearch, qr; extern in_port_t port; extern unsigned int timeout; extern isc_mem_t *mctx; @@ -245,6 +263,8 @@ extern isc_sockaddr_t bind_address; extern char keynametext[MXNAME]; extern char keyfile[MXNAME]; extern char keysecret[MXNAME]; +extern dns_name_t *hmacname; +extern unsigned int digestbits; #ifdef DIG_SIGCHASE extern char trustedkey[MXNAME]; #endif @@ -258,11 +278,14 @@ extern isc_boolean_t debugging, memdebugging; extern char *progname; extern int tries; extern int fatalexit; +#ifdef WITH_IDN +extern int idnoptions; +#endif /* * Routines in dighost.c. */ -void +isc_result_t get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr); isc_result_t @@ -281,6 +304,9 @@ check_result(isc_result_t result, const char *msg); void setup_lookup(dig_lookup_t *lookup); +void +destroy_lookup(dig_lookup_t *lookup); + void do_lookup(dig_lookup_t *lookup); @@ -346,13 +372,13 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers); -/* +/*%< * Print the final result of the lookup. */ void received(int bytes, isc_sockaddr_t *from, dig_query_t *query); -/* +/*%< * Print a message about where and when the response * was received from, like the final comment in the * output of "dig". diff --git a/contrib/bind-9.3/bin/dig/nslookup.1 b/contrib/bind-9.5.2/bin/dig/nslookup.1 similarity index 77% rename from contrib/bind-9.3/bin/dig/nslookup.1 rename to contrib/bind-9.5.2/bin/dig/nslookup.1 index 7b1d4d2f7f..4fde34c0fc 100644 --- a/contrib/bind-9.3/bin/dig/nslookup.1 +++ b/contrib/bind-9.5.2/bin/dig/nslookup.1 @@ -1,6 +1,6 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -12,13 +12,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.1.6.7 2006/06/29 13:02:30 marka Exp $ +.\" $Id: nslookup.1,v 1.14.150.1 2009/07/11 01:43:27 tbox Exp $ .\" .hy 0 .ad l .\" Title: nslookup .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use .SH "ARGUMENTS" .PP Interactive mode is entered in the following cases: -.TP 3n +.TP 4 1. when no arguments are given (the default name server will be used) -.TP 3n +.TP 4 2. when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. .sp @@ -54,17 +54,22 @@ when the first argument is a hyphen (\-) and the second argument is the host nam Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: -.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE +.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE .SH "INTERACTIVE COMMANDS" -.TP 3n -host [server] +.PP +\fBhost\fR [server] +.RS 4 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. .sp To look up a host not in the current domain, append a period to the name. -.TP 3n +.RE +.PP \fBserver\fR \fIdomain\fR -.TP 3n +.RS 4 +.RE +.PP \fBlserver\fR \fIdomain\fR +.RS 4 Change the default server to \fIdomain\fR; \fBlserver\fR @@ -72,107 +77,165 @@ uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. -.TP 3n +.RE +.PP \fBroot\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBfinger\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBls\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBview\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBhelp\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fB?\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBexit\fR +.RS 4 Exits the program. -.TP 3n +.RE +.PP \fBset\fR \fIkeyword\fR\fI[=value]\fR +.RS 4 This command is used to change state information that affects the lookups. Valid keywords are: -.RS 3n -.TP 3n +.RS 4 +.PP \fBall\fR +.RS 4 Prints the current values of the frequently used options to \fBset\fR. Information about the current default server and host is also printed. -.TP 3n +.RE +.PP \fBclass=\fR\fIvalue\fR +.RS 4 Change the query class to one of: -.RS 3n -.TP 3n +.RS 4 +.PP \fBIN\fR +.RS 4 the Internet class -.TP 3n +.RE +.PP \fBCH\fR +.RS 4 the Chaos class -.TP 3n +.RE +.PP \fBHS\fR +.RS 4 the Hesiod class -.TP 3n +.RE +.PP \fBANY\fR +.RS 4 wildcard .RE -.IP "" 3n +.RE +.IP "" 4 The class specifies the protocol group of the information. .sp (Default = IN; abbreviation = cl) -.TP 3n -\fB\fI[no]\fR\fR\fBdebug\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR +.RS 4 +Turn on or off the display of the full response packet and any intermediate response packets when searching. .sp (Default = nodebug; abbreviation = [no]deb) -.TP 3n -\fB\fI[no]\fR\fR\fBd2\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBd2\fR +.RS 4 +Turn debugging mode on or off. This displays more about what nslookup is doing. .sp (Default = nod2) -.TP 3n +.RE +.PP \fBdomain=\fR\fIname\fR +.RS 4 Sets the search list to \fIname\fR. -.TP 3n -\fB\fI[no]\fR\fR\fBsearch\fR +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR +.RS 4 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. .sp (Default = search) -.TP 3n +.RE +.PP \fBport=\fR\fIvalue\fR +.RS 4 Change the default TCP/UDP name server port to \fIvalue\fR. .sp (Default = 53; abbreviation = po) -.TP 3n +.RE +.PP \fBquerytype=\fR\fIvalue\fR -.TP 3n +.RS 4 +.RE +.PP \fBtype=\fR\fIvalue\fR +.RS 4 Change the type of the information query. .sp (Default = A; abbreviations = q, ty) -.TP 3n -\fB\fI[no]\fR\fR\fBrecurse\fR +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR +.RS 4 Tell the name server to query other servers if it does not have the information. .sp (Default = recurse; abbreviation = [no]rec) -.TP 3n +.RE +.PP \fBretry=\fR\fInumber\fR +.RS 4 Set the number of retries to number. -.TP 3n +.RE +.PP \fBtimeout=\fR\fInumber\fR +.RS 4 Change the initial timeout interval for waiting for a reply to number seconds. -.TP 3n -\fB\fI[no]\fR\fR\fBvc\fR +.RE +.PP +\fB \fR\fB\fI[no]\fR\fR\fBvc\fR +.RS 4 Always use a virtual circuit when sending requests to the server. .sp (Default = novc) .RE -.IP "" 3n +.PP +\fB \fR\fB\fI[no]\fR\fR\fBfail\fR +.RS 4 +Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response. +.sp +(Default = nofail) +.RE +.RE +.IP "" 4 +.RE .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -185,4 +248,5 @@ Always use a virtual circuit when sending requests to the server. .PP Andrew Cherenson .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/contrib/bind-9.3/bin/dig/nslookup.c b/contrib/bind-9.5.2/bin/dig/nslookup.c similarity index 93% rename from contrib/bind-9.3/bin/dig/nslookup.c rename to contrib/bind-9.5.2/bin/dig/nslookup.c index 5ae64d0d59..bba97d6934 100644 --- a/contrib/bind-9.3/bin/dig/nslookup.c +++ b/contrib/bind-9.5.2/bin/dig/nslookup.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */ +/* $Id: nslookup.c,v 1.117.130.5 2009/05/06 23:46:49 tbox Exp $ */ #include @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -50,7 +51,8 @@ static isc_boolean_t short_form = ISC_TRUE, comments = ISC_TRUE, section_question = ISC_TRUE, section_answer = ISC_TRUE, section_authority = ISC_TRUE, section_additional = ISC_TRUE, recurse = ISC_TRUE, - aaonly = ISC_FALSE; + aaonly = ISC_FALSE, nofail = ISC_TRUE; + static isc_boolean_t in_use = ISC_FALSE; static char defclass[MXRD] = "IN"; static char deftype[MXRD] = "A"; @@ -128,6 +130,23 @@ static const char *rtypetext[] = { static void flush_lookup_list(void); static void getinput(isc_task_t *task, isc_event_t *event); +static char * +rcode_totext(dns_rcode_t rcode) +{ + static char buf[sizeof("?65535")]; + union { + const char *consttext; + char *deconsttext; + } totext; + + if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) { + snprintf(buf, sizeof(buf), "?%u", rcode); + totext.deconsttext = buf; + } else + totext.consttext = rcodetext[rcode]; + return totext.deconsttext; +} + void dighost_shutdown(void) { isc_event_t *event = global_event; @@ -384,14 +403,14 @@ trying(char *frm, dig_lookup_t *lookup) { isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { - char servtext[ISC_SOCKADDR_FORMATSIZE]; + char servtext[ISC_SOCKADDR_FORMATSIZE]; debug("printmessage()"); isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext)); printf("Server:\t\t%s\n", query->userarg); printf("Address:\t%s\n", servtext); - + puts(""); if (!short_form) { @@ -409,8 +428,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { char nametext[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, nametext, sizeof(nametext)); - printf("** server can't find %s: %s\n", nametext, - rcodetext[msg->rcode]); + printf("** server can't find %s: %s\n", + (msg->rcode != dns_rcode_nxdomain) ? nametext : + query->lookup->textname, rcode_totext(msg->rcode)); debug("returning with rcode == 0"); return (ISC_R_SUCCESS); } @@ -439,13 +459,16 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) { dig_server_t *srv; isc_sockaddr_t sockaddr; dig_searchlist_t *listent; + isc_result_t result; srv = ISC_LIST_HEAD(server_list); while (srv != NULL) { char sockstr[ISC_SOCKADDR_FORMATSIZE]; - get_address(srv->servername, port, &sockaddr); + result = get_address(srv->servername, port, &sockaddr); + check_result(result, "get_address"); + isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr)); printf("Default server: %s\nAddress: %s\n", srv->userarg, sockstr); @@ -503,7 +526,7 @@ testclass(char *typetext) { tr.base = typetext; tr.length = strlen(typetext); result = dns_rdataclass_fromtext(&rdclass, &tr); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) return (ISC_TRUE); else { printf("unknown query class: %s\n", typetext); @@ -601,7 +624,7 @@ setoption(char *opt) { set_timeout(&opt[8]); } else if (strncasecmp(opt, "t=", 2) == 0) { set_timeout(&opt[2]); - } else if (strncasecmp(opt, "rec", 3) == 0) { + } else if (strncasecmp(opt, "rec", 3) == 0) { recurse = ISC_TRUE; } else if (strncasecmp(opt, "norec", 5) == 0) { recurse = ISC_FALSE; @@ -609,19 +632,21 @@ setoption(char *opt) { set_tries(&opt[6]); } else if (strncasecmp(opt, "ret=", 4) == 0) { set_tries(&opt[4]); - } else if (strncasecmp(opt, "def", 3) == 0) { + } else if (strncasecmp(opt, "def", 3) == 0) { usesearch = ISC_TRUE; } else if (strncasecmp(opt, "nodef", 5) == 0) { usesearch = ISC_FALSE; - } else if (strncasecmp(opt, "vc", 3) == 0) { + } else if (strncasecmp(opt, "vc", 3) == 0) { tcpmode = ISC_TRUE; } else if (strncasecmp(opt, "novc", 5) == 0) { tcpmode = ISC_FALSE; - } else if (strncasecmp(opt, "deb", 3) == 0) { + } else if (strncasecmp(opt, "deb", 3) == 0) { short_form = ISC_FALSE; + showsearch = ISC_TRUE; } else if (strncasecmp(opt, "nodeb", 5) == 0) { short_form = ISC_TRUE; - } else if (strncasecmp(opt, "d2", 2) == 0) { + showsearch = ISC_FALSE; + } else if (strncasecmp(opt, "d2", 2) == 0) { debugging = ISC_TRUE; } else if (strncasecmp(opt, "nod2", 4) == 0) { debugging = ISC_FALSE; @@ -631,8 +656,12 @@ setoption(char *opt) { usesearch = ISC_FALSE; } else if (strncasecmp(opt, "sil", 3) == 0) { /* deprecation_msg = ISC_FALSE; */ + } else if (strncasecmp(opt, "fail", 3) == 0) { + nofail=ISC_FALSE; + } else if (strncasecmp(opt, "nofail", 3) == 0) { + nofail=ISC_TRUE; } else { - printf("*** Invalid option: %s\n", opt); + printf("*** Invalid option: %s\n", opt); } } @@ -689,6 +718,8 @@ addlookup(char *opt) { lookup->section_authority = section_authority; lookup->section_additional = section_additional; lookup->new_search = ISC_TRUE; + if (nofail) + lookup->servfail_stops = ISC_FALSE; ISC_LIST_INIT(lookup->q); ISC_LINK_INIT(lookup, link); ISC_LIST_APPEND(lookup_list, lookup, link); @@ -728,6 +759,7 @@ get_next_command(void) { (strcasecmp(ptr, "lserver") == 0)) { isc_app_block(); set_nameserver(arg); + check_ra = ISC_FALSE; isc_app_unblock(); show_settings(ISC_TRUE, ISC_TRUE); } else if (strcasecmp(ptr, "exit") == 0) { @@ -766,9 +798,10 @@ parse_args(int argc, char **argv) { have_lookup = ISC_TRUE; in_use = ISC_TRUE; addlookup(argv[0]); - } - else + } else { set_nameserver(argv[0]); + check_ra = ISC_FALSE; + } } } } @@ -844,6 +877,8 @@ main(int argc, char **argv) { ISC_LIST_INIT(server_list); ISC_LIST_INIT(search_list); + check_ra = ISC_TRUE; + result = isc_app_start(); check_result(result, "isc_app_start"); diff --git a/contrib/bind-9.5.2/bin/dig/nslookup.html b/contrib/bind-9.5.2/bin/dig/nslookup.html new file mode 100644 index 0000000000..8009044186 --- /dev/null +++ b/contrib/bind-9.5.2/bin/dig/nslookup.html @@ -0,0 +1,307 @@ + + + + + +nslookup + + +
+
+
+

Name

+

nslookup — query Internet name servers interactively

+
+
+

Synopsis

+

nslookup [-option] [name | -] [server]

+
+
+

DESCRIPTION

+

Nslookup + is a program to query Internet domain name servers. Nslookup + has two modes: interactive and non-interactive. Interactive mode allows + the user to query name servers for information about various hosts and + domains or to print a list of hosts in a domain. Non-interactive mode + is + used to print just the name and requested information for a host or + domain. +

+
+
+

ARGUMENTS

+

+ Interactive mode is entered in the following cases: +

+
    +

  1. + when no arguments are given (the default name server will be used) +

    2. +

  2. + when the first argument is a hyphen (-) and the second argument is + the host name or Internet address of a name server. +

    3. +
+

+

+

+ Non-interactive mode is used when the name or Internet address of the + host to be looked up is given as the first argument. The optional second + argument specifies the host name or address of a name server. +

+

+ Options can also be specified on the command line if they precede the + arguments and are prefixed with a hyphen. For example, to + change the default query type to host information, and the initial + timeout to 10 seconds, type: +

+
+nslookup -query=hinfo  -timeout=10
+
+

+

+
+
+

INTERACTIVE COMMANDS

+
+
host [server]
+
+

+ Look up information for host using the current default server or + using server, if specified. If host is an Internet address and + the query type is A or PTR, the name of the host is returned. + If host is a name and does not have a trailing period, the + search list is used to qualify the name. +

+

+ To look up a host not in the current domain, append a period to + the name. +

+
+
server domain
+

+
lserver domain
+

+ Change the default server to domain; lserver uses the initial + server to look up information about domain, while server uses + the current default server. If an authoritative answer can't be + found, the names of servers that might have the answer are + returned. +

+
root
+

+ not implemented +

+
finger
+

+ not implemented +

+
ls
+

+ not implemented +

+
view
+

+ not implemented +

+
help
+

+ not implemented +

+
?
+

+ not implemented +

+
exit
+

+ Exits the program. +

+
set + keyword[=value]
+
+

+ This command is used to change state information that affects + the lookups. Valid keywords are: +

+
+
all
+

+ Prints the current values of the frequently used + options to set. + Information about the current default + server and host is also printed. +

+
class=value
+
+

+ Change the query class to one of: +

+
+
IN
+

+ the Internet class +

+
CH
+

+ the Chaos class +

+
HS
+

+ the Hesiod class +

+
ANY
+

+ wildcard +

+
+

+ The class specifies the protocol group of the information. + +

+

+ (Default = IN; abbreviation = cl) +

+
+
+ [no]debug
+
+

+ Turn on or off the display of the full response packet and + any intermediate response packets when searching. +

+

+ (Default = nodebug; abbreviation = [no]deb) +

+
+
+ [no]d2
+
+

+ Turn debugging mode on or off. This displays more about + what nslookup is doing. +

+

+ (Default = nod2) +

+
+
domain=name
+

+ Sets the search list to name. +

+
+ [no]search
+
+

+ If the lookup request contains at least one period but + doesn't end with a trailing period, append the domain + names in the domain search list to the request until an + answer is received. +

+

+ (Default = search) +

+
+
port=value
+
+

+ Change the default TCP/UDP name server port to value. +

+

+ (Default = 53; abbreviation = po) +

+
+
querytype=value
+

+
type=value
+
+

+ Change the type of the information query. +

+

+ (Default = A; abbreviations = q, ty) +

+
+
+ [no]recurse
+
+

+ Tell the name server to query other servers if it does not + have the + information. +

+

+ (Default = recurse; abbreviation = [no]rec) +

+
+
retry=number
+

+ Set the number of retries to number. +

+
timeout=number
+

+ Change the initial timeout interval for waiting for a + reply to number seconds. +

+
+ [no]vc
+
+

+ Always use a virtual circuit when sending requests to the + server. +

+

+ (Default = novc) +

+
+
+ [no]fail
+
+

+ Try the next nameserver if a nameserver responds with + SERVFAIL or a referral (nofail) or terminate query + (fail) on such a response. +

+

+ (Default = nofail) +

+
+
+

+

+
+
+
+
+

FILES

+

/etc/resolv.conf +

+
+
+

SEE ALSO

+

dig(1), + host(1), + named(8). +

+
+
+

Author

+

+ Andrew Cherenson +

+
+
+ diff --git a/contrib/bind-9.3/bin/dnssec/dnssec-keygen.8 b/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.8 similarity index 82% rename from contrib/bind-9.3/bin/dnssec/dnssec-keygen.8 rename to contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.8 index 35bb0efda5..edeee13e16 100644 --- a/contrib/bind-9.3/bin/dnssec/dnssec-keygen.8 +++ b/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.12.10 2006/06/29 13:02:30 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.38.130.3 2009/07/11 01:43:27 tbox Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-keygen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -37,10 +37,11 @@ dnssec\-keygen \- DNSSEC key generation tool .SH "DESCRIPTION" .PP \fBdnssec\-keygen\fR -generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC . It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. +generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. .SH "OPTIONS" -.TP 3n +.PP \-a \fIalgorithm\fR +.RS 4 Selects the cryptographic algorithm. The value of \fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive. @@ -48,38 +49,58 @@ must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. .sp Note 2: HMAC\-MD5 and DH automatically set the \-k flag. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. -.TP 3n +.RE +.PP \-n \fInametype\fR +.RS 4 Specifies the owner type of the key. The value of \fBnametype\fR -must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. -.TP 3n +must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation. +.RE +.PP \-c \fIclass\fR +.RS 4 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used. -.TP 3n +.RE +.PP \-e +.RS 4 If generating an RSAMD5/RSASHA1 key, use a large exponent. -.TP 3n +.RE +.PP \-f \fIflag\fR +.RS 4 Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY. -.TP 3n +.RE +.PP \-g \fIgenerator\fR +.RS 4 If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR. -.TP 3n +.RE +.PP \-k +.RS 4 Generate KEY records rather than DNSKEY records. -.TP 3n +.RE +.PP \-p \fIprotocol\fR +.RS 4 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -87,17 +108,24 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIstrength\fR +.RS 4 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC. -.TP 3n +.RE +.PP \-t \fItype\fR +.RS 4 Indicates the use of the key. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. +.RE .SH "GENERATED KEYS" .PP When @@ -105,23 +133,21 @@ When completes successfully, it prints a string of the form \fIKnnnn.+aaa+iiiii\fR to the standard output. This is an identification string for the key it has generated. -.TP 3n +.TP 4 \(bu \fInnnn\fR is the key name. -.TP 3n +.TP 4 \(bu \fIaaa\fR is the numeric representation of the algorithm. -.TP 3n +.TP 4 \(bu \fIiiiii\fR is the key identifier (or footprint). -.sp -.RE .PP \fBdnssec\-keygen\fR -creates two file, with names based on the printed string. +creates two files, with names based on the printed string. \fIKnnnn.+aaa+iiiii.key\fR contains the public key, and \fIKnnnn.+aaa+iiiii.private\fR @@ -133,13 +159,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o .PP The \fI.private\fR -file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission. +file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission. .PP Both \fI.key\fR and \fI.private\fR -files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent. +files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent. .SH "EXAMPLE" .PP To generate a 768\-bit DSA key for the domain @@ -156,16 +182,19 @@ In this example, creates the files \fIKexample.com.+003+26160.key\fR and -\fIKexample.com.+003+26160.private\fR +\fIKexample.com.+003+26160.private\fR. .SH "SEE ALSO" .PP \fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, -RFC 2535, +RFC 2539, RFC 2845, -RFC 2539. +RFC 4033. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/dnssec/dnssec-keygen.c b/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.c similarity index 67% rename from contrib/bind-9.3/bin/dnssec/dnssec-keygen.c rename to contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.c index 7feaf7c3d9..3fd29b379c 100644 --- a/contrib/bind-9.3/bin/dnssec/dnssec-keygen.c +++ b/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (C) 2000-2003 Internet Software Consortium. + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.48.2.1.10.11 2004/06/11 01:17:34 marka Exp $ */ +/* $Id: dnssec-keygen.c,v 1.79 2007/08/28 07:20:42 tbox Exp $ */ + +/*! \file */ #include @@ -47,7 +62,9 @@ const char *program = "dnssec-keygen"; int verbose; -static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5"; +static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 |" + " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | " + " HMAC-SHA384 | HMAC-SHA512"; static isc_boolean_t dsa_size_ok(int size) { @@ -57,7 +74,7 @@ dsa_size_ok(int size) { static void usage(void) { fprintf(stderr, "Usage:\n"); - fprintf(stderr, " %s -a alg -b bits -n type [options] name\n\n", + fprintf(stderr, " %s -a alg -b bits [-n type] [options] name\n\n", program); fprintf(stderr, "Version: %s\n", VERSION); fprintf(stderr, "Required options:\n"); @@ -68,10 +85,17 @@ usage(void) { fprintf(stderr, " DH:\t\t[128..4096]\n"); fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n"); fprintf(stderr, " HMAC-MD5:\t[1..512]\n"); + fprintf(stderr, " HMAC-SHA1:\t[1..160]\n"); + fprintf(stderr, " HMAC-SHA224:\t[1..224]\n"); + fprintf(stderr, " HMAC-SHA256:\t[1..256]\n"); + fprintf(stderr, " HMAC-SHA384:\t[1..384]\n"); + fprintf(stderr, " HMAC-SHA512:\t[1..512]\n"); fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n"); + fprintf(stderr, " (DNSKEY generation defaults to ZONE\n"); fprintf(stderr, " name: owner of the key\n"); fprintf(stderr, "Other options:\n"); fprintf(stderr, " -c (default: IN)\n"); + fprintf(stderr, " -d (0 => max, default)\n"); fprintf(stderr, " -e use large exponent (RSAMD5/RSASHA1 only)\n"); fprintf(stderr, " -f keyflag: KSK\n"); fprintf(stderr, " -g use specified generator " @@ -115,6 +139,7 @@ main(int argc, char **argv) { isc_entropy_t *ectx = NULL; dns_rdataclass_t rdclass; int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC; + int dbits = 0; if (argc == 1) usage(); @@ -123,8 +148,10 @@ main(int argc, char **argv) { dns_result_register(); + isc_commandline_errprint = ISC_FALSE; + while ((ch = isc_commandline_parse(argc, argv, - "a:b:c:ef:g:kn:t:p:s:r:v:h")) != -1) + "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1) { switch (ch) { case 'a': @@ -138,6 +165,11 @@ main(int argc, char **argv) { case 'c': classname = isc_commandline_argument; break; + case 'd': + dbits = strtol(isc_commandline_argument, &endp, 10); + if (*endp != '\0' || dbits < 0) + fatal("-d requires a non-negative number"); + break; case 'e': rsa_exp = 1; break; @@ -186,12 +218,17 @@ main(int argc, char **argv) { fatal("-v must be followed by a number"); break; + case '?': + if (isc_commandline_option != '?') + fprintf(stderr, "%s: invalid argument -%c\n", + program, isc_commandline_option); case 'h': usage(); + default: - fprintf(stderr, "%s: invalid argument -%c\n", - program, ch); - usage(); + fprintf(stderr, "%s: unhandled option -%c\n", + program, isc_commandline_option); + exit(1); } } @@ -211,9 +248,29 @@ main(int argc, char **argv) { if (algname == NULL) fatal("no algorithm was specified"); - if (strcasecmp(algname, "HMAC-MD5") == 0) { + if (strcasecmp(algname, "RSA") == 0) { + fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n" + "If you still wish to use RSA (RSAMD5) please " + "specify \"-a RSAMD5\"\n"); + return (1); + } else if (strcasecmp(algname, "HMAC-MD5") == 0) { options |= DST_TYPE_KEY; alg = DST_ALG_HMACMD5; + } else if (strcasecmp(algname, "HMAC-SHA1") == 0) { + options |= DST_TYPE_KEY; + alg = DST_ALG_HMACSHA1; + } else if (strcasecmp(algname, "HMAC-SHA224") == 0) { + options |= DST_TYPE_KEY; + alg = DST_ALG_HMACSHA224; + } else if (strcasecmp(algname, "HMAC-SHA256") == 0) { + options |= DST_TYPE_KEY; + alg = DST_ALG_HMACSHA256; + } else if (strcasecmp(algname, "HMAC-SHA384") == 0) { + options |= DST_TYPE_KEY; + alg = DST_ALG_HMACSHA384; + } else if (strcasecmp(algname, "HMAC-SHA512") == 0) { + options |= DST_TYPE_KEY; + alg = DST_ALG_HMACSHA512; } else { r.base = algname; r.length = strlen(algname); @@ -260,6 +317,56 @@ main(int argc, char **argv) { case DST_ALG_HMACMD5: if (size < 1 || size > 512) fatal("HMAC-MD5 key size %d out of range", size); + if (dbits != 0 && (dbits < 80 || dbits > 128)) + fatal("HMAC-MD5 digest bits %d out of range", dbits); + if ((dbits % 8) != 0) + fatal("HMAC-MD5 digest bits %d not divisible by 8", + dbits); + break; + case DST_ALG_HMACSHA1: + if (size < 1 || size > 160) + fatal("HMAC-SHA1 key size %d out of range", size); + if (dbits != 0 && (dbits < 80 || dbits > 160)) + fatal("HMAC-SHA1 digest bits %d out of range", dbits); + if ((dbits % 8) != 0) + fatal("HMAC-SHA1 digest bits %d not divisible by 8", + dbits); + break; + case DST_ALG_HMACSHA224: + if (size < 1 || size > 224) + fatal("HMAC-SHA224 key size %d out of range", size); + if (dbits != 0 && (dbits < 112 || dbits > 224)) + fatal("HMAC-SHA224 digest bits %d out of range", dbits); + if ((dbits % 8) != 0) + fatal("HMAC-SHA224 digest bits %d not divisible by 8", + dbits); + break; + case DST_ALG_HMACSHA256: + if (size < 1 || size > 256) + fatal("HMAC-SHA256 key size %d out of range", size); + if (dbits != 0 && (dbits < 128 || dbits > 256)) + fatal("HMAC-SHA256 digest bits %d out of range", dbits); + if ((dbits % 8) != 0) + fatal("HMAC-SHA256 digest bits %d not divisible by 8", + dbits); + break; + case DST_ALG_HMACSHA384: + if (size < 1 || size > 384) + fatal("HMAC-384 key size %d out of range", size); + if (dbits != 0 && (dbits < 192 || dbits > 384)) + fatal("HMAC-SHA384 digest bits %d out of range", dbits); + if ((dbits % 8) != 0) + fatal("HMAC-SHA384 digest bits %d not divisible by 8", + dbits); + break; + case DST_ALG_HMACSHA512: + if (size < 1 || size > 512) + fatal("HMAC-SHA512 key size %d out of range", size); + if (dbits != 0 && (dbits < 256 || dbits > 512)) + fatal("HMAC-SHA512 digest bits %d out of range", dbits); + if ((dbits % 8) != 0) + fatal("HMAC-SHA512 digest bits %d not divisible by 8", + dbits); break; } @@ -270,11 +377,13 @@ main(int argc, char **argv) { if (alg != DNS_KEYALG_DH && generator != 0) fatal("specified DH generator for a non-DH key"); - if (nametype == NULL) - fatal("no nametype specified"); - if (strcasecmp(nametype, "zone") == 0) + if (nametype == NULL) { + if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */ + fatal("no nametype specified"); + flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */ + } else if (strcasecmp(nametype, "zone") == 0) flags |= DNS_KEYOWNER_ZONE; - else if ((options & DST_TYPE_KEY) != 0) { /* KEY */ + else if ((options & DST_TYPE_KEY) != 0) { /* KEY / HMAC */ if (strcasecmp(nametype, "host") == 0 || strcasecmp(nametype, "entity") == 0) flags |= DNS_KEYOWNER_ENTITY; @@ -287,7 +396,7 @@ main(int argc, char **argv) { rdclass = strtoclass(classname); - if ((options & DST_TYPE_KEY) != 0) /* KEY */ + if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */ flags |= signatory; else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */ flags |= ksk; @@ -306,7 +415,10 @@ main(int argc, char **argv) { } if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE && - (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5)) + (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5 || + alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 || + alg == DST_ALG_HMACSHA256 || alg == DST_ALG_HMACSHA384 || + alg == DST_ALG_HMACSHA512)) fatal("a key with algorithm '%s' cannot be a zone key", algname); @@ -330,6 +442,11 @@ main(int argc, char **argv) { break; case DNS_KEYALG_DSA: case DST_ALG_HMACMD5: + case DST_ALG_HMACSHA1: + case DST_ALG_HMACSHA224: + case DST_ALG_HMACSHA256: + case DST_ALG_HMACSHA384: + case DST_ALG_HMACSHA512: param = 0; break; } @@ -358,6 +475,8 @@ main(int argc, char **argv) { exit(-1); } + dst_key_setbits(key, dbits); + /* * Try to read a key with the same name, alg and id from disk. * If there is one we must continue generating a new one @@ -407,6 +526,7 @@ main(int argc, char **argv) { cleanup_logging(&log); cleanup_entropy(&ectx); dst_lib_destroy(); + dns_name_destroy(); if (verbose > 10) isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); diff --git a/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.html b/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.html new file mode 100644 index 0000000000..ef20fcd310 --- /dev/null +++ b/contrib/bind-9.5.2/bin/dnssec/dnssec-keygen.html @@ -0,0 +1,232 @@ + + + + + +dnssec-keygen + + +
+
+
+

Name

+

dnssec-keygen — DNSSEC key generation tool

+
+
+

Synopsis

+

dnssec-keygen {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

+
+
+

DESCRIPTION

+

dnssec-keygen + generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 + and RFC 4034. It can also generate keys for use with + TSIG (Transaction Signatures), as defined in RFC 2845. +

+
+
+

OPTIONS

+
+
-a algorithm
+
+

+ Selects the cryptographic algorithm. The value of + algorithm must be one of RSAMD5 (RSA) or RSASHA1, + DSA, DH (Diffie Hellman), or HMAC-MD5. These values + are case insensitive. +

+

+ Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement + algorithm, + and DSA is recommended. For TSIG, HMAC-MD5 is mandatory. +

+

+ Note 2: HMAC-MD5 and DH automatically set the -k flag. +

+
+
-b keysize
+

+ Specifies the number of bits in the key. The choice of key + size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be + between + 512 and 2048 bits. Diffie Hellman keys must be between + 128 and 4096 bits. DSA keys must be between 512 and 1024 + bits and an exact multiple of 64. HMAC-MD5 keys must be + between 1 and 512 bits. +

+
-n nametype
+

+ Specifies the owner type of the key. The value of + nametype must either be ZONE (for a DNSSEC + zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with + a host (KEY)), + USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). + These values are case insensitive. Defaults to ZONE for DNSKEY + generation. +

+
-c class
+

+ Indicates that the DNS record containing the key should have + the specified class. If not specified, class IN is used. +

+
-e
+

+ If generating an RSAMD5/RSASHA1 key, use a large exponent. +

+
-f flag
+

+ Set the specified flag in the flag field of the KEY/DNSKEY record. + The only recognized flag is KSK (Key Signing Key) DNSKEY. +

+
-g generator
+

+ If generating a Diffie Hellman key, use this generator. + Allowed values are 2 and 5. If no generator + is specified, a known prime from RFC 2539 will be used + if possible; otherwise the default is 2. +

+
-h
+

+ Prints a short summary of the options and arguments to + dnssec-keygen. +

+
-k
+

+ Generate KEY records rather than DNSKEY records. +

+
-p protocol
+

+ Sets the protocol value for the generated key. The protocol + is a number between 0 and 255. The default is 3 (DNSSEC). + Other possible values for this argument are listed in + RFC 2535 and its successors. +

+
-r randomdev
+

+ Specifies the source of randomness. If the operating + system does not provide a /dev/random + or equivalent device, the default source of randomness + is keyboard input. randomdev + specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + keyboard indicates that keyboard + input should be used. +

+
-s strength
+

+ Specifies the strength value of the key. The strength is + a number between 0 and 15, and currently has no defined + purpose in DNSSEC. +

+
-t type
+

+ Indicates the use of the key. type must be + one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default + is AUTHCONF. AUTH refers to the ability to authenticate + data, and CONF the ability to encrypt data. +

+
-v level
+

+ Sets the debugging level. +

+
+
+
+

GENERATED KEYS

+

+ When dnssec-keygen completes + successfully, + it prints a string of the form Knnnn.+aaa+iiiii + to the standard output. This is an identification string for + the key it has generated. +

+
    +

  • nnnn is the key name. +

    • +

  • aaa is the numeric representation + of the + algorithm. +

    • +

  • iiiii is the key identifier (or + footprint). +

    • +
+

dnssec-keygen + creates two files, with names based + on the printed string. Knnnn.+aaa+iiiii.key + contains the public key, and + Knnnn.+aaa+iiiii.private contains the + private + key. +

+

+ The .key file contains a DNS KEY record + that + can be inserted into a zone file (directly or with a $INCLUDE + statement). +

+

+ The .private file contains + algorithm-specific + fields. For obvious security reasons, this file does not have + general read permission. +

+

+ Both .key and .private + files are generated for symmetric encryption algorithms such as + HMAC-MD5, even though the public and private key are equivalent. +

+
+
+

EXAMPLE

+

+ To generate a 768-bit DSA key for the domain + example.com, the following command would be + issued: +

+

dnssec-keygen -a DSA -b 768 -n ZONE example.com +

+

+ The command would print a string of the form: +

+

Kexample.com.+003+26160 +

+

+ In this example, dnssec-keygen creates + the files Kexample.com.+003+26160.key + and + Kexample.com.+003+26160.private. +

+
+
+

SEE ALSO

+

dnssec-signzone(8), + BIND 9 Administrator Reference Manual, + RFC 2539, + RFC 2845, + RFC 4033. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/dnssec/dnssec-signzone.8 b/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.8 similarity index 58% rename from contrib/bind-9.3/bin/dnssec/dnssec-signzone.8 rename to contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.8 index 734eca6f80..9e01c83fcf 100644 --- a/contrib/bind-9.3/bin/dnssec/dnssec-signzone.8 +++ b/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.11 2006/06/29 13:02:30 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.45.164.3 2009/07/11 01:43:27 tbox Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-signzone .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ dnssec\-signzone \- DNSSEC zone signing tool .SH "SYNOPSIS" .HP 16 -\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-n\ \fR\fB\fInthreads\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...] +\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...] .SH "DESCRIPTION" .PP \fBdnssec\-signzone\fR @@ -41,51 +41,72 @@ signs a zone. It generates NSEC and RRSIG records and produces a signed version \fIkeyset\fR file for each child zone. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Verify all generated signatures. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Specifies the DNS class of the zone. -.TP 3n +.RE +.PP \-k \fIkey\fR +.RS 4 Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times. -.TP 3n +.RE +.PP \-l \fIdomain\fR +.RS 4 Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records. -.TP 3n +.RE +.PP \-d \fIdirectory\fR +.RS 4 Look for \fIkeyset\fR files in \fBdirectory\fR as the directory -.TP 3n +.RE +.PP \-g +.RS 4 Generate DS records for child zones from keyset files. Existing DS records will be removed. -.TP 3n +.RE +.PP \-s \fIstart\-time\fR +.RS 4 Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time minus 1 hour (to allow for clock skew) is used. -.TP 3n +.RE +.PP \-e \fIend\-time\fR +.RS 4 Specify the date and time when the generated RRSIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP 3n +.RE +.PP \-f \fIoutput\-file\fR +.RS 4 The name of the output file containing the signed zone. The default is to append \fI.signed\fR -to the input file. -.TP 3n +to the input filename. +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR. -.TP 3n +.RE +.PP \-i \fIinterval\fR -When a previously signed zone is passed as input, records may be resigned. The +.RS 4 +When a previously\-signed zone is passed as input, records may be resigned. The \fBinterval\fR option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced. .sp @@ -96,17 +117,77 @@ or are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced. -.TP 3n +.RE +.PP +\-I \fIinput\-format\fR +.RS 4 +The format of the input zone file. Possible formats are +\fB"text"\fR +(default) and +\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones. +.RE +.PP +\-j \fIjitter\fR +.RS 4 +When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The +\fBjitter\fR +option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time. +.sp +Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time. +.RE +.PP \-n \fIncpus\fR +.RS 4 Specifies the number of threads to use. By default, one thread is started for each detected CPU. -.TP 3n +.RE +.PP +\-N \fIsoa\-serial\-format\fR +.RS 4 +The SOA serial number format of the signed zone. Possible formats are +\fB"keep"\fR +(default), +\fB"increment"\fR +and +\fB"unixtime"\fR. +.RS 4 +.PP +\fB"keep"\fR +.RS 4 +Do not modify the SOA serial number. +.RE +.PP +\fB"increment"\fR +.RS 4 +Increment the SOA serial number using RFC 1982 arithmetics. +.RE +.PP +\fB"unixtime"\fR +.RS 4 +Set the SOA serial number to the number of seconds since epoch. +.RE +.RE +.RE +.PP \-o \fIorigin\fR +.RS 4 The zone origin. If not specified, the name of the zone file is assumed to be the origin. -.TP 3n +.RE +.PP +\-O \fIoutput\-format\fR +.RS 4 +The format of the output file containing the signed zone. Possible formats are +\fB"text"\fR +(default) and +\fB"raw"\fR. +.RE +.PP \-p +.RS 4 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -114,49 +195,78 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-t +.RS 4 Print statistics at completion. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. -.TP 3n +.RE +.PP \-z +.RS 4 Ignore KSK flag on key when determining what to sign. -.TP 3n +.RE +.PP zonefile +.RS 4 The file containing the zone to be signed. -.TP 3n +.RE +.PP key -The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory. +.RS 4 +Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing. +.RE .SH "EXAMPLE" .PP The following command signs the \fBexample.com\fR -zone with the DSA key generated in the +zone with the DSA key generated by \fBdnssec\-keygen\fR -man page. The zone's keys must be in the zone. If there are +(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for \fIkeyset\fR -files associated with child zones, they must be in the current directory. -\fBexample.com\fR, the following command would be issued: -.PP -\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR -.PP -The command would print a string of the form: +files, in the current directory, so that DS records can be generated from them (\fB\-g\fR). +.sp +.RS 4 +.nf +% dnssec\-signzone \-g \-o example.com db.example.com \\ +Kexample.com.+003+17247 +db.example.com.signed +% +.fi +.RE .PP -In this example, +In the above example, \fBdnssec\-signzone\fR creates the file \fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a \fInamed.conf\fR file. +.PP +This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory. +.sp +.RS 4 +.nf +% cp db.example.com.signed db.example.com +% dnssec\-signzone \-o example.com db.example.com +db.example.com.signed +% +.fi +.RE .SH "SEE ALSO" .PP \fBdnssec\-keygen\fR(8), BIND 9 Administrator Reference Manual, -RFC 2535. +RFC 4033. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/dnssec/dnssec-signzone.c b/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.c similarity index 85% rename from contrib/bind-9.3/bin/dnssec/dnssec-signzone.c rename to contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.c index 4ac840df06..685033d2f6 100644 --- a/contrib/bind-9.3/bin/dnssec/dnssec-signzone.c +++ b/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.139.2.2.4.23 2006/01/04 23:50:19 marka Exp $ */ +/* $Id: dnssec-signzone.c,v 1.204.94.5 2009/07/21 06:45:06 tbox Exp $ */ + +/*! \file */ #include @@ -33,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -58,6 +74,7 @@ #include #include #include +#include #include #include @@ -85,6 +102,10 @@ struct signer_key_struct { #define SIGNER_EVENT_WRITE (SIGNER_EVENTCLASS + 0) #define SIGNER_EVENT_WORK (SIGNER_EVENTCLASS + 1) +#define SOA_SERIAL_KEEP 0 +#define SOA_SERIAL_INCREMENT 1 +#define SOA_SERIAL_UNIXTIME 2 + typedef struct signer_event sevent_t; struct signer_event { ISC_EVENT_COMMON(sevent_t); @@ -96,6 +117,7 @@ static ISC_LIST(signer_key_t) keylist; static unsigned int keycount = 0; static isc_stdtime_t starttime = 0, endtime = 0, now; static int cycle = -1; +static int jitter = 0; static isc_boolean_t tryverify = ISC_FALSE; static isc_boolean_t printstats = ISC_FALSE; static isc_mem_t *mctx = NULL; @@ -104,6 +126,8 @@ static dns_ttl_t zonettl; static FILE *fp; static char *tempfile = NULL; static const dns_master_style_t *masterstyle; +static dns_masterformat_t inputformat = dns_masterformat_text; +static dns_masterformat_t outputformat = dns_masterformat_text; static unsigned int nsigned = 0, nretained = 0, ndropped = 0; static unsigned int nverified = 0, nverifyfailed = 0; static const char *directory; @@ -117,7 +141,6 @@ static dns_name_t *gorigin; /* The database origin */ static isc_task_t *master = NULL; static unsigned int ntasks = 0; static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE; -static unsigned int assigned = 0, completed = 0; static isc_boolean_t nokeys = ISC_FALSE; static isc_boolean_t removefile = ISC_FALSE; static isc_boolean_t generateds = ISC_FALSE; @@ -125,6 +148,7 @@ static isc_boolean_t ignoreksk = ISC_FALSE; static dns_name_t *dlv = NULL; static dns_fixedname_t dlv_fixed; static dns_master_style_t *dsstyle = NULL; +static unsigned int serialformat = SOA_SERIAL_KEEP; #define INCSTAT(counter) \ if (printstats) { \ @@ -154,42 +178,13 @@ static void dumpnode(dns_name_t *name, dns_dbnode_t *node) { isc_result_t result; + if (outputformat != dns_masterformat_text) + return; result = dns_master_dumpnodetostream(mctx, gdb, gversion, node, name, masterstyle, fp); check_result(result, "dns_master_dumpnodetostream"); } -static void -dumpdb(dns_db_t *db) { - dns_dbiterator_t *dbiter = NULL; - dns_dbnode_t *node; - dns_fixedname_t fname; - dns_name_t *name; - isc_result_t result; - - dbiter = NULL; - result = dns_db_createiterator(db, ISC_FALSE, &dbiter); - check_result(result, "dns_db_createiterator()"); - - dns_fixedname_init(&fname); - name = dns_fixedname_name(&fname); - node = NULL; - - for (result = dns_dbiterator_first(dbiter); - result == ISC_R_SUCCESS; - result = dns_dbiterator_next(dbiter)) - { - result = dns_dbiterator_current(dbiter, &node, name); - check_result(result, "dns_dbiterator_current()"); - dumpnode(name, node); - dns_db_detachnode(db, &node); - } - if (result != ISC_R_NOMORE) - fatal("iterating database: %s", isc_result_totext(result)); - - dns_dbiterator_destroy(&dbiter); -} - static signer_key_t * newkeystruct(dst_key_t *dstkey, isc_boolean_t signwithkey) { signer_key_t *key; @@ -212,14 +207,30 @@ newkeystruct(dst_key_t *dstkey, isc_boolean_t signwithkey) { return (key); } +/*% + * Sign the given RRset with given key, and add the signature record to the + * given tuple. + */ + static void -signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, - dst_key_t *key, isc_buffer_t *b) +signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_t *key, + dns_ttl_t ttl, dns_diff_t *add, const char *logmsg) { isc_result_t result; + isc_stdtime_t jendtime; + char keystr[KEY_FORMATSIZE]; + dns_rdata_t trdata = DNS_RDATA_INIT; + unsigned char array[BUFSIZE]; + isc_buffer_t b; + dns_difftuple_t *tuple; + + key_format(key, keystr, sizeof(keystr)); + vbprintf(1, "\t%s %s\n", logmsg, keystr); - result = dns_dnssec_sign(name, rdataset, key, &starttime, &endtime, - mctx, b, rdata); + jendtime = (jitter != 0) ? isc_random_jitter(endtime, jitter) : endtime; + isc_buffer_init(&b, array, sizeof(array)); + result = dns_dnssec_sign(name, rdataset, key, &starttime, &jendtime, + mctx, &b, &trdata); isc_entropy_stopcallbacksources(ectx); if (result != ISC_R_SUCCESS) { char keystr[KEY_FORMATSIZE]; @@ -231,7 +242,7 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, if (tryverify) { result = dns_dnssec_verify(name, rdataset, key, - ISC_TRUE, mctx, rdata); + ISC_TRUE, mctx, &trdata); if (result == ISC_R_SUCCESS) { vbprintf(3, "\tsignature verified\n"); INCSTAT(nverified); @@ -240,6 +251,12 @@ signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata, INCSTAT(nverifyfailed); } } + + tuple = NULL; + result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, ttl, &trdata, + &tuple); + check_result(result, "dns_difftuple_create"); + dns_diff_append(add, &tuple); } static inline isc_boolean_t @@ -253,7 +270,7 @@ iszonekey(signer_key_t *key) { dst_key_iszonekey(key->key))); } -/* +/*% * Finds the key that generated a RRSIG, if possible. First look at the keys * that we've loaded already, and then see if there's a key on disk. */ @@ -291,7 +308,7 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) { return (key); } -/* +/*% * Check to see if we expect to find a key at this name. If we see a RRSIG * and can't find the signing key that we expect to find, we drop the rrsig. * I'm not sure if this is completely correct, but it seems to work. @@ -337,7 +354,7 @@ setverifies(dns_name_t *name, dns_rdataset_t *set, signer_key_t *key, } } -/* +/*% * Signs a set. Goes through contortions to decide if each RRSIG should * be dropped or retained, and then determines if any new SIGs need to * be generated. @@ -498,24 +515,11 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, } if (resign) { - isc_buffer_t b; - dns_rdata_t trdata = DNS_RDATA_INIT; - unsigned char array[BUFSIZE]; - char keystr[KEY_FORMATSIZE]; - INSIST(!keep); - key_format(key->key, keystr, sizeof(keystr)); - vbprintf(1, "\tresigning with dnskey %s\n", keystr); - isc_buffer_init(&b, array, sizeof(array)); - signwithkey(name, set, &trdata, key->key, &b); + signwithkey(name, set, key->key, ttl, add, + "resigning with dnskey"); nowsignedby[key->position] = ISC_TRUE; - tuple = NULL; - result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, - name, ttl, &trdata, - &tuple); - check_result(result, "dns_difftuple_create"); - dns_diff_append(add, &tuple); } dns_rdata_reset(&sigrdata); @@ -533,11 +537,6 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, key != NULL; key = ISC_LIST_NEXT(key, link)) { - isc_buffer_t b; - dns_rdata_t trdata; - unsigned char array[BUFSIZE]; - char keystr[KEY_FORMATSIZE]; - if (nowsignedby[key->position]) continue; @@ -549,16 +548,8 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, dns_name_equal(name, gorigin)))) continue; - key_format(key->key, keystr, sizeof(keystr)); - vbprintf(1, "\tsigning with dnskey %s\n", keystr); - dns_rdata_init(&trdata); - isc_buffer_init(&b, array, sizeof(array)); - signwithkey(name, set, &trdata, key->key, &b); - tuple = NULL; - result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, - ttl, &trdata, &tuple); - check_result(result, "dns_difftuple_create"); - dns_diff_append(add, &tuple); + signwithkey(name, set, key->key, ttl, add, + "signing with dnskey"); } isc_mem_put(mctx, wassignedby, arraysize * sizeof(isc_boolean_t)); @@ -598,7 +589,7 @@ opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass, dns_db_detach(dbp); } -/* +/*% * Loads the key set for a child zone, if there is one, and builds DS records. */ static isc_result_t @@ -653,6 +644,16 @@ loadds(dns_name_t *name, isc_uint32_t ttl, dns_rdataset_t *dsset) { ttl, &ds, &tuple); check_result(result, "dns_difftuple_create"); dns_diff_append(&diff, &tuple); + + dns_rdata_reset(&ds); + result = dns_ds_buildrdata(name, &key, DNS_DSDIGEST_SHA256, + dsbuf, &ds); + check_result(result, "dns_ds_buildrdata"); + + result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, + ttl, &ds, &tuple); + check_result(result, "dns_difftuple_create"); + dns_diff_append(&diff, &tuple); } result = dns_diff_apply(&diff, db, ver); check_result(result, "dns_diff_apply"); @@ -775,7 +776,7 @@ delegation(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp) { return (ISC_TF(result == ISC_R_SUCCESS)); } -/* +/*% * Signs all records at a name. This mostly just signs each set individually, * but also adds the RRSIG bit to any NSECs generated earlier, deals with * parent/child KEY signatures, and handles other exceptional cases. @@ -957,7 +958,7 @@ active_node(dns_dbnode_t *node) { isc_result_totext(result)); if (!active) { - /* + /*% * The node is empty of everything but NSEC / RRSIG records. */ for (result = dns_rdatasetiter_first(rdsiter); @@ -974,7 +975,7 @@ active_node(dns_dbnode_t *node) { fatal("rdataset iteration failed: %s", isc_result_totext(result)); } else { - /* + /* * Delete RRSIGs for types that no longer exist. */ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2); @@ -1021,7 +1022,7 @@ active_node(dns_dbnode_t *node) { return (active); } -/* +/*% * Extracts the TTL from the SOA. */ static dns_ttl_t @@ -1053,7 +1054,82 @@ soattl(void) { return (ttl); } -/* +/*% + * Increment (or set if nonzero) the SOA serial + */ +static isc_result_t +setsoaserial(isc_uint32_t serial) { + isc_result_t result; + dns_dbnode_t *node = NULL; + dns_rdataset_t rdataset; + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_uint32_t old_serial, new_serial; + + result = dns_db_getoriginnode(gdb, &node); + if (result != ISC_R_SUCCESS) + return result; + + dns_rdataset_init(&rdataset); + + result = dns_db_findrdataset(gdb, node, gversion, + dns_rdatatype_soa, 0, + 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) + goto cleanup; + + result = dns_rdataset_first(&rdataset); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + dns_rdataset_current(&rdataset, &rdata); + + old_serial = dns_soa_getserial(&rdata); + + if (serial) { + /* Set SOA serial to the value provided. */ + new_serial = serial; + } else { + /* Increment SOA serial using RFC 1982 arithmetics */ + new_serial = (old_serial + 1) & 0xFFFFFFFF; + if (new_serial == 0) + new_serial = 1; + } + + /* If the new serial is not likely to cause a zone transfer + * (a/ixfr) from servers having the old serial, warn the user. + * + * RFC1982 section 7 defines the maximum increment to be + * (2^(32-1))-1. Using u_int32_t arithmetic, we can do a single + * comparison. (5 - 6 == (2^32)-1, not negative-one) + */ + if (new_serial == old_serial || + (new_serial - old_serial) > 0x7fffffffU) + fprintf(stderr, "%s: warning: Serial number not advanced, " + "zone may not transfer\n", program); + + dns_soa_setserial(new_serial, &rdata); + + result = dns_db_deleterdataset(gdb, node, gversion, + dns_rdatatype_soa, 0); + check_result(result, "dns_db_deleterdataset"); + if (result != ISC_R_SUCCESS) + goto cleanup; + + result = dns_db_addrdataset(gdb, node, gversion, + 0, &rdataset, 0, NULL); + check_result(result, "dns_db_addrdataset"); + if (result != ISC_R_SUCCESS) + goto cleanup; + +cleanup: + dns_rdataset_disassociate(&rdataset); + if (node != NULL) + dns_db_detachnode(gdb, &node); + dns_rdata_reset(&rdata); + + return (result); +} + +/*% * Delete any RRSIG records at a node. */ static void @@ -1062,6 +1138,9 @@ cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) { dns_rdataset_t set; isc_result_t result, dresult; + if (outputformat != dns_masterformat_text) + return; + dns_rdataset_init(&set); result = dns_db_allrdatasets(db, node, version, 0, &rdsiter); check_result(result, "dns_db_allrdatasets"); @@ -1089,7 +1168,7 @@ cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) { dns_rdatasetiter_destroy(&rdsiter); } -/* +/*% * Set up the iterator and global state before starting the tasks. */ static void @@ -1104,7 +1183,7 @@ presign(void) { check_result(result, "dns_dbiterator_first()"); } -/* +/*% * Clean up the iterator and global state after the tasks complete. */ static void @@ -1112,7 +1191,33 @@ postsign(void) { dns_dbiterator_destroy(&gdbiter); } -/* +/*% + * Sign the apex of the zone. + */ +static void +signapex(void) { + dns_dbnode_t *node = NULL; + dns_fixedname_t fixed; + dns_name_t *name; + isc_result_t result; + + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + result = dns_dbiterator_current(gdbiter, &node, name); + check_result(result, "dns_dbiterator_current()"); + signname(node, name); + dumpnode(name, node); + cleannode(gdb, gversion, node); + dns_db_detachnode(gdb, &node); + result = dns_dbiterator_next(gdbiter); + if (result == ISC_R_NOMORE) + finished = ISC_TRUE; + else if (result != ISC_R_SUCCESS) + fatal("failure iterating database: %s", + isc_result_totext(result)); +} + +/*% * Assigns a node to a worker thread. This is protected by the master task's * lock. */ @@ -1125,16 +1230,19 @@ assignwork(isc_task_t *task, isc_task_t *worker) { dns_rdataset_t nsec; isc_boolean_t found; isc_result_t result; + static unsigned int ended = 0; /* Protected by namelock. */ if (shuttingdown) return; + LOCK(&namelock); if (finished) { - if (assigned == completed) { + ended++; + if (ended == ntasks) { isc_task_detach(&task); isc_app_shutdown(); } - return; + goto unlock; } fname = isc_mem_get(mctx, sizeof(dns_fixedname_t)); @@ -1144,7 +1252,6 @@ assignwork(isc_task_t *task, isc_task_t *worker) { name = dns_fixedname_name(fname); node = NULL; found = ISC_FALSE; - LOCK(&namelock); while (!found) { result = dns_dbiterator_current(gdbiter, &node, name); if (result != ISC_R_SUCCESS) @@ -1171,14 +1278,14 @@ assignwork(isc_task_t *task, isc_task_t *worker) { fatal("failure iterating database: %s", isc_result_totext(result)); } - UNLOCK(&namelock); if (!found) { - if (assigned == completed) { + ended++; + if (ended == ntasks) { isc_task_detach(&task); isc_app_shutdown(); } isc_mem_put(mctx, fname, sizeof(dns_fixedname_t)); - return; + goto unlock; } sevent = (sevent_t *) isc_event_allocate(mctx, task, SIGNER_EVENT_WORK, @@ -1189,10 +1296,11 @@ assignwork(isc_task_t *task, isc_task_t *worker) { sevent->node = node; sevent->fname = fname; isc_task_send(worker, ISC_EVENT_PTR(&sevent)); - assigned++; + unlock: + UNLOCK(&namelock); } -/* +/*% * Start a worker task */ static void @@ -1204,7 +1312,7 @@ startworker(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); } -/* +/*% * Write a node to the output file, and restart the worker task. */ static void @@ -1212,7 +1320,6 @@ writenode(isc_task_t *task, isc_event_t *event) { isc_task_t *worker; sevent_t *sevent = (sevent_t *)event; - completed++; worker = (isc_task_t *)event->ev_sender; dumpnode(dns_fixedname_name(sevent->fname), sevent->node); cleannode(gdb, gversion, sevent->node); @@ -1222,7 +1329,7 @@ writenode(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); } -/* +/*% * Sign a database node. */ static void @@ -1247,7 +1354,7 @@ sign(isc_task_t *task, isc_event_t *event) { isc_task_send(master, ISC_EVENT_PTR(&wevent)); } -/* +/*% * Generate NSEC records for the zone. */ static void @@ -1318,7 +1425,7 @@ nsecify(void) { dns_dbiterator_destroy(&dbiter); } -/* +/*% * Load the zone file from disk */ static void @@ -1344,13 +1451,13 @@ loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) { rdclass, 0, NULL, db); check_result(result, "dns_db_create()"); - result = dns_db_load(*db, file); + result = dns_db_load2(*db, file, inputformat); if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) fatal("failed loading zone from '%s': %s", file, isc_result_totext(result)); } -/* +/*% * Finds all public zone keys in the zone, and attempts to load the * private keys from disk. */ @@ -1382,14 +1489,14 @@ loadzonekeys(dns_db_t *db) { for (i = 0; i < nkeys; i++) { signer_key_t *key; - key = newkeystruct(keys[i], ISC_TRUE); + key = newkeystruct(keys[i], dst_key_isprivate(keys[i])); ISC_LIST_APPEND(keylist, key, link); } dns_db_detachnode(db, &node); dns_db_closeversion(db, ¤tversion, ISC_FALSE); } -/* +/*% * Finds all public zone keys in the zone. */ static void @@ -1506,7 +1613,7 @@ writeset(const char *prefix, dns_rdatatype_t type) { unsigned char dsbuf[DNS_DS_BUFFERSIZE]; unsigned char keybuf[DST_KEY_MAXSIZE]; unsigned int filenamelen; - const dns_master_style_t *style = + const dns_master_style_t *style = (type == dns_rdatatype_dnskey) ? masterstyle : dsstyle; isc_buffer_init(&namebuf, namestr, sizeof(namestr)); @@ -1580,6 +1687,19 @@ writeset(const char *prefix, dns_rdatatype_t type) { ds.type = dns_rdatatype_dlv; result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, 0, &ds, &tuple); + check_result(result, "dns_difftuple_create"); + dns_diff_append(&diff, &tuple); + + dns_rdata_reset(&ds); + result = dns_ds_buildrdata(gorigin, &rdata, + DNS_DSDIGEST_SHA256, + dsbuf, &ds); + check_result(result, "dns_ds_buildrdata"); + if (type == dns_rdatatype_dlv) + ds.type = dns_rdatatype_dlv; + result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, + name, 0, &ds, &tuple); + } else result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, gorigin, zonettl, @@ -1612,12 +1732,18 @@ static void print_time(FILE *fp) { time_t currenttime; + if (outputformat != dns_masterformat_text) + return; + currenttime = time(NULL); fprintf(fp, "; File written on %s", ctime(¤ttime)); } static void print_version(FILE *fp) { + if (outputformat != dns_masterformat_text) + return; + fprintf(fp, "; dnssec_signzone version " VERSION "\n"); } @@ -1644,12 +1770,20 @@ usage(void) { fprintf(stderr, "\t-i interval:\n"); fprintf(stderr, "\t\tcycle interval - resign " "if < interval from end ( (end-start)/4 )\n"); + fprintf(stderr, "\t-j jitter:\n"); + fprintf(stderr, "\t\trandomize signature end time up to jitter seconds\n"); fprintf(stderr, "\t-v debuglevel (0)\n"); fprintf(stderr, "\t-o origin:\n"); fprintf(stderr, "\t\tzone origin (name of zonefile)\n"); fprintf(stderr, "\t-f outfile:\n"); fprintf(stderr, "\t\tfile the signed zone is written in " "(zonefile + .signed)\n"); + fprintf(stderr, "\t-I format:\n"); + fprintf(stderr, "\t\tfile format of input zonefile (text)\n"); + fprintf(stderr, "\t-O format:\n"); + fprintf(stderr, "\t\tfile format of signed zone file (text)\n"); + fprintf(stderr, "\t-N format:\n"); + fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n"); fprintf(stderr, "\t-r randomdev:\n"); fprintf(stderr, "\t\ta file containing random data\n"); fprintf(stderr, "\t-a:\t"); @@ -1692,13 +1826,13 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) { printf("Signatures successfully verified: %10d\n", nverified); printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed); runtime_ms = runtime_us / 1000; - printf("Runtime in seconds: %7u.%03u\n", - (unsigned int) (runtime_ms / 1000), + printf("Runtime in seconds: %7u.%03u\n", + (unsigned int) (runtime_ms / 1000), (unsigned int) (runtime_ms % 1000)); if (runtime_us > 0) { sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us; printf("Signatures per second: %7u.%03u\n", - (unsigned int) sig_ms / 1000, + (unsigned int) sig_ms / 1000, (unsigned int) sig_ms % 1000); } } @@ -1708,6 +1842,8 @@ main(int argc, char *argv[]) { int i, ch; char *startstr = NULL, *endstr = NULL, *classname = NULL; char *origin = NULL, *file = NULL, *output = NULL; + char *inputformatstr = NULL, *outputformatstr = NULL; + char *serialformatstr = NULL; char *dskeyfile[MAXDSKEYS]; int ndskeys = 0; char *endp; @@ -1720,7 +1856,6 @@ main(int argc, char *argv[]) { isc_boolean_t free_output = ISC_FALSE; int tempfilelen; dns_rdataclass_t rdclass; - dns_db_t *udb = NULL; isc_task_t **tasks = NULL; isc_buffer_t b; int len; @@ -1735,8 +1870,10 @@ main(int argc, char *argv[]) { dns_result_register(); + isc_commandline_errprint = ISC_FALSE; + while ((ch = isc_commandline_parse(argc, argv, - "ac:d:e:f:ghi:k:l:n:o:pr:s:Stv:z")) + "ac:d:e:f:ghi:I:j:k:l:n:N:o:O:pr:s:Stv:z")) != -1) { switch (ch) { case 'a': @@ -1763,11 +1900,19 @@ main(int argc, char *argv[]) { generateds = ISC_TRUE; break; + case '?': + if (isc_commandline_option != '?') + fprintf(stderr, "%s: invalid argument -%c\n", + program, isc_commandline_option); case 'h': - default: usage(); break; + default: + fprintf(stderr, "%s: unhandled option -%c\n", + program, isc_commandline_option); + exit(1); + case 'i': endp = NULL; cycle = strtol(isc_commandline_argument, &endp, 0); @@ -1776,7 +1921,18 @@ main(int argc, char *argv[]) { "positive"); break; - case 'l': + case 'I': + inputformatstr = isc_commandline_argument; + break; + + case 'j': + endp = NULL; + jitter = strtol(isc_commandline_argument, &endp, 0); + if (*endp != '\0' || jitter < 0) + fatal("jitter must be numeric and positive"); + break; + + case 'l': dns_fixedname_init(&dlv_fixed); len = strlen(isc_commandline_argument); isc_buffer_init(&b, isc_commandline_argument, len); @@ -1802,10 +1958,18 @@ main(int argc, char *argv[]) { fatal("number of cpus must be numeric"); break; + case 'N': + serialformatstr = isc_commandline_argument; + break; + case 'o': origin = isc_commandline_argument; break; + case 'O': + outputformatstr = isc_commandline_argument; + break; + case 'p': pseudorandom = ISC_TRUE; break; @@ -1901,10 +2065,40 @@ main(int argc, char *argv[]) { sprintf(output, "%s.signed", file); } + if (inputformatstr != NULL) { + if (strcasecmp(inputformatstr, "text") == 0) + inputformat = dns_masterformat_text; + else if (strcasecmp(inputformatstr, "raw") == 0) + inputformat = dns_masterformat_raw; + else + fatal("unknown file format: %s\n", inputformatstr); + } + + if (outputformatstr != NULL) { + if (strcasecmp(outputformatstr, "text") == 0) + outputformat = dns_masterformat_text; + else if (strcasecmp(outputformatstr, "raw") == 0) + outputformat = dns_masterformat_raw; + else + fatal("unknown file format: %s\n", outputformatstr); + } + + if (serialformatstr != NULL) { + if (strcasecmp(serialformatstr, "keep") == 0) + serialformat = SOA_SERIAL_KEEP; + else if (strcasecmp(serialformatstr, "increment") == 0 || + strcasecmp(serialformatstr, "incr") == 0) + serialformat = SOA_SERIAL_INCREMENT; + else if (strcasecmp(serialformatstr, "unixtime") == 0) + serialformat = SOA_SERIAL_UNIXTIME; + else + fatal("unknown soa serial format: %s\n", serialformatstr); + } + result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL, 0, 24, 0, 0, 0, 8, mctx); check_result(result, "dns_master_stylecreate"); - + gdb = NULL; TIME_NOW(&timer_start); @@ -1926,8 +2120,11 @@ main(int argc, char *argv[]) { DST_TYPE_PRIVATE, mctx, &newkey); if (result != ISC_R_SUCCESS) - fatal("cannot load dnskey %s: %s", argv[i], - isc_result_totext(result)); + fatal("cannot load dnskey %s: %s", argv[i], + isc_result_totext(result)); + + if (!dns_name_equal(gorigin, dst_key_name(newkey))) + fatal("key %s not at origin\n", argv[i]); key = ISC_LIST_HEAD(keylist); while (key != NULL) { @@ -1935,7 +2132,7 @@ main(int argc, char *argv[]) { if (dst_key_id(dkey) == dst_key_id(newkey) && dst_key_alg(dkey) == dst_key_alg(newkey) && dns_name_equal(dst_key_name(dkey), - dst_key_name(newkey))) + dst_key_name(newkey))) { if (!dst_key_isprivate(dkey)) fatal("cannot sign zone with " @@ -1964,7 +2161,10 @@ main(int argc, char *argv[]) { mctx, &newkey); if (result != ISC_R_SUCCESS) fatal("cannot load dnskey %s: %s", dskeyfile[i], - isc_result_totext(result)); + isc_result_totext(result)); + + if (!dns_name_equal(gorigin, dst_key_name(newkey))) + fatal("key %s not at origin\n", dskeyfile[i]); key = ISC_LIST_HEAD(keylist); while (key != NULL) { @@ -1972,7 +2172,7 @@ main(int argc, char *argv[]) { if (dst_key_id(dkey) == dst_key_id(newkey) && dst_key_alg(dkey) == dst_key_alg(newkey) && dns_name_equal(dst_key_name(dkey), - dst_key_name(newkey))) + dst_key_name(newkey))) { /* Override key flags. */ key->issigningkey = ISC_TRUE; @@ -2005,6 +2205,19 @@ main(int argc, char *argv[]) { result = dns_db_newversion(gdb, &gversion); check_result(result, "dns_db_newversion()"); + switch (serialformat) { + case SOA_SERIAL_INCREMENT: + setsoaserial(0); + break; + case SOA_SERIAL_UNIXTIME: + setsoaserial(now); + break; + case SOA_SERIAL_KEEP: + default: + /* do nothing */ + break; + } + nsecify(); if (!nokeys) { @@ -2053,10 +2266,6 @@ main(int argc, char *argv[]) { if (result != ISC_R_SUCCESS) fatal("failed to create task: %s", isc_result_totext(result)); - result = isc_app_onrun(mctx, master, startworker, tasks[i]); - if (result != ISC_R_SUCCESS) - fatal("failed to start task: %s", - isc_result_totext(result)); } RUNTIME_CHECK(isc_mutex_init(&namelock) == ISC_R_SUCCESS); @@ -2064,9 +2273,24 @@ main(int argc, char *argv[]) { RUNTIME_CHECK(isc_mutex_init(&statslock) == ISC_R_SUCCESS); presign(); - (void)isc_app_run(); - if (!finished) - fatal("process aborted by user"); + signapex(); + if (!finished) { + /* + * There is more work to do. Spread it out over multiple + * processors if possible. + */ + for (i = 0; i < (int)ntasks; i++) { + result = isc_app_onrun(mctx, master, startworker, + tasks[i]); + if (result != ISC_R_SUCCESS) + fatal("failed to start task: %s", + isc_result_totext(result)); + } + (void)isc_app_run(); + if (!finished) + fatal("process aborted by user"); + } else + isc_task_detach(&master); shuttingdown = ISC_TRUE; for (i = 0; i < (int)ntasks; i++) isc_task_detach(&tasks[i]); @@ -2074,9 +2298,11 @@ main(int argc, char *argv[]) { isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *)); postsign(); - if (udb != NULL) { - dumpdb(udb); - dns_db_detach(&udb); + if (outputformat != dns_masterformat_text) { + result = dns_master_dumptostream2(mctx, gdb, gversion, + masterstyle, outputformat, + fp); + check_result(result, "dns_master_dumptostream2"); } result = isc_stdio_close(fp); @@ -2115,6 +2341,7 @@ main(int argc, char *argv[]) { dst_lib_destroy(); isc_hash_destroy(); cleanup_entropy(&ectx); + dns_name_destroy(); if (verbose > 10) isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); diff --git a/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.html b/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.html new file mode 100644 index 0000000000..6755fecdd6 --- /dev/null +++ b/contrib/bind-9.5.2/bin/dnssec/dnssec-signzone.html @@ -0,0 +1,285 @@ + + + + + +dnssec-signzone + + +
+
+
+

Name

+

dnssec-signzone — DNSSEC zone signing tool

+
+
+

Synopsis

+

dnssec-signzone [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

+
+
+

DESCRIPTION

+

dnssec-signzone + signs a zone. It generates + NSEC and RRSIG records and produces a signed version of the + zone. The security status of delegations from the signed zone + (that is, whether the child zones are secure or not) is + determined by the presence or absence of a + keyset file for each child zone. +

+
+
+

OPTIONS

+
+
-a
+

+ Verify all generated signatures. +

+
-c class
+

+ Specifies the DNS class of the zone. +

+
-k key
+

+ Treat specified key as a key signing key ignoring any + key flags. This option may be specified multiple times. +

+
-l domain
+

+ Generate a DLV set in addition to the key (DNSKEY) and DS sets. + The domain is appended to the name of the records. +

+
-d directory
+

+ Look for keyset files in + directory as the directory +

+
-g
+

+ Generate DS records for child zones from keyset files. + Existing DS records will be removed. +

+
-s start-time
+

+ Specify the date and time when the generated RRSIG records + become valid. This can be either an absolute or relative + time. An absolute start time is indicated by a number + in YYYYMMDDHHMMSS notation; 20000530144500 denotes + 14:45:00 UTC on May 30th, 2000. A relative start time is + indicated by +N, which is N seconds from the current time. + If no start-time is specified, the current + time minus 1 hour (to allow for clock skew) is used. +

+
-e end-time
+

+ Specify the date and time when the generated RRSIG records + expire. As with start-time, an absolute + time is indicated in YYYYMMDDHHMMSS notation. A time relative + to the start time is indicated with +N, which is N seconds from + the start time. A time relative to the current time is + indicated with now+N. If no end-time is + specified, 30 days from the start time is used as a default. +

+
-f output-file
+

+ The name of the output file containing the signed zone. The + default is to append .signed to + the + input filename. +

+
-h
+

+ Prints a short summary of the options and arguments to + dnssec-signzone. +

+
-i interval
+
+

+ When a previously-signed zone is passed as input, records + may be resigned. The interval option + specifies the cycle interval as an offset from the current + time (in seconds). If a RRSIG record expires after the + cycle interval, it is retained. Otherwise, it is considered + to be expiring soon, and it will be replaced. +

+

+ The default cycle interval is one quarter of the difference + between the signature end and start times. So if neither + end-time or start-time + are specified, dnssec-signzone + generates + signatures that are valid for 30 days, with a cycle + interval of 7.5 days. Therefore, if any existing RRSIG records + are due to expire in less than 7.5 days, they would be + replaced. +

+
+
-I input-format
+

+ The format of the input zone file. + Possible formats are "text" (default) + and "raw". + This option is primarily intended to be used for dynamic + signed zones so that the dumped zone file in a non-text + format containing updates can be signed directly. + The use of this option does not make much sense for + non-dynamic zones. +

+
-j jitter
+
+

+ When signing a zone with a fixed signature lifetime, all + RRSIG records issued at the time of signing expires + simultaneously. If the zone is incrementally signed, i.e. + a previously-signed zone is passed as input to the signer, + all expired signatures have to be regenerated at about the + same time. The jitter option specifies a + jitter window that will be used to randomize the signature + expire time, thus spreading incremental signature + regeneration over time. +

+

+ Signature lifetime jitter also to some extent benefits + validators and servers by spreading out cache expiration, + i.e. if large numbers of RRSIGs don't expire at the same time + from all caches there will be less congestion than if all + validators need to refetch at mostly the same time. +

+
+
-n ncpus
+

+ Specifies the number of threads to use. By default, one + thread is started for each detected CPU. +

+
-N soa-serial-format
+
+

+ The SOA serial number format of the signed zone. + Possible formats are "keep" (default), + "increment" and + "unixtime". +

+
+
"keep"
+

Do not modify the SOA serial number.

+
"increment"
+

Increment the SOA serial number using RFC 1982 + arithmetics.

+
"unixtime"
+

Set the SOA serial number to the number of seconds + since epoch.

+
+
+
-o origin
+

+ The zone origin. If not specified, the name of the zone file + is assumed to be the origin. +

+
-O output-format
+

+ The format of the output file containing the signed zone. + Possible formats are "text" (default) + and "raw". +

+
-p
+

+ Use pseudo-random data when signing the zone. This is faster, + but less secure, than using real random data. This option + may be useful when signing large zones or when the entropy + source is limited. +

+
-r randomdev
+

+ Specifies the source of randomness. If the operating + system does not provide a /dev/random + or equivalent device, the default source of randomness + is keyboard input. randomdev + specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + keyboard indicates that keyboard + input should be used. +

+
-t
+

+ Print statistics at completion. +

+
-v level
+

+ Sets the debugging level. +

+
-z
+

+ Ignore KSK flag on key when determining what to sign. +

+
zonefile
+

+ The file containing the zone to be signed. +

+
key
+

+ Specify which keys should be used to sign the zone. If + no keys are specified, then the zone will be examined + for DNSKEY records at the zone apex. If these are found and + there are matching private keys, in the current directory, + then these will be used for signing. +

+
+
+
+

EXAMPLE

+

+ The following command signs the example.com + zone with the DSA key generated by dnssec-keygen + (Kexample.com.+003+17247). The zone's keys must be in the master + file (db.example.com). This invocation looks + for keyset files, in the current directory, + so that DS records can be generated from them (-g). +

+
% dnssec-signzone -g -o example.com db.example.com \
+Kexample.com.+003+17247
+db.example.com.signed
+%
+

+ In the above example, dnssec-signzone creates + the file db.example.com.signed. This + file should be referenced in a zone statement in a + named.conf file. +

+

+ This example re-signs a previously signed zone with default parameters. + The private keys are assumed to be in the current directory. +

+
% cp db.example.com.signed db.example.com
+% dnssec-signzone -o example.com db.example.com
+db.example.com.signed
+%
+
+
+

SEE ALSO

+

dnssec-keygen(8), + BIND 9 Administrator Reference Manual, + RFC 4033. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/dnssec/dnssectool.c b/contrib/bind-9.5.2/bin/dnssec/dnssectool.c similarity index 96% rename from contrib/bind-9.3/bin/dnssec/dnssectool.c rename to contrib/bind-9.5.2/bin/dnssec/dnssectool.c index 83ba76d912..e933a06d60 100644 --- a/contrib/bind-9.3/bin/dnssec/dnssectool.c +++ b/contrib/bind-9.5.2/bin/dnssec/dnssectool.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssectool.c,v 1.31.2.3.2.6 2005/07/02 02:42:43 marka Exp $ */ +/* $Id: dnssectool.c,v 1.45 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ + +/*% + * DNSSEC Support Routines. + */ #include diff --git a/contrib/bind-9.3/bin/dnssec/dnssectool.h b/contrib/bind-9.5.2/bin/dnssec/dnssectool.h similarity index 90% rename from contrib/bind-9.3/bin/dnssec/dnssectool.h rename to contrib/bind-9.5.2/bin/dnssec/dnssectool.h index 0d179503b7..a0b20e37e3 100644 --- a/contrib/bind-9.3/bin/dnssec/dnssectool.h +++ b/contrib/bind-9.5.2/bin/dnssec/dnssectool.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssectool.h,v 1.15.12.3 2004/03/08 04:04:18 marka Exp $ */ +/* $Id: dnssectool.h,v 1.20 2007/06/19 23:46:59 tbox Exp $ */ #ifndef DNSSECTOOL_H #define DNSSECTOOL_H 1 diff --git a/contrib/bind-9.5.2/bin/named/bind9.xsl b/contrib/bind-9.5.2/bin/named/bind9.xsl new file mode 100644 index 0000000000..65a50a7812 --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/bind9.xsl @@ -0,0 +1,492 @@ + + + + + + + + + + + BIND 9 Statistics + + +
+

Bind 9 Configuration and Statistics

+
+ +
+ + + + + + + + + + + +
Times
boot-time
current-time
+ +
+ + + + + + + + + +
Incoming Requests
+ +
+ + + + + + + + + +
Incoming Queries
+ +
+ + + + + + + + + + + + +
Outgoing Queries from View
+
+ + +
+ +
+

Server Statistics

+ +
+
+
+
+ +
+
+ +
+

Zone Maintenance Statistics

+ +
+
+
+
+ +
+
+ +
+

Resolver Statistics (Common)

+ +
+
+
+
+ +
+
+ + +
+

Resolver Statistics for View

+ +
+
+
+
+ +
+
+ + +
+ + + + + + + + + + + + +
Cache DB RRsets for View
+
+ + +
+

Socket I/O Statistics

+ +
+
+
+
+ +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Zones for View
NameClassSerialSuccessReferralNXRRSETNXDOMAINFailureXfrReqDoneXfrRej
+ + + + + + + + + + + + + + + + + + + +
+
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Network Status
IDNameTypeReferencesLocalAddressPeerAddressState
+ + + + + + + + + + + + + + + +
+
+ + + + + + + + + + + + + + + + + + + + +
Task Manager Configuration
Thread-Model + +
Worker Threads + +
Default Quantum + +
Tasks Running + +
+
+ + + + + + + + + + + + + + + + + + + + +
Tasks
IDNameReferencesStateQuantum
+ + + + + + + + + +
+
+ + + + + + + + + + +
Memory Usage Summary
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Memory Contexts
IDNameReferencesTotalUseInUseMaxUseBlockSizePoolsHiWaterLoWater
+ + + + + + + + + + + + + + + + + + + +
+ + + + + diff --git a/contrib/bind-9.5.2/bin/named/bind9.xsl.h b/contrib/bind-9.5.2/bin/named/bind9.xsl.h new file mode 100644 index 0000000000..020c48ad27 --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/bind9.xsl.h @@ -0,0 +1,497 @@ +/* + * Generated by convertxsl.pl 1.9.60.5 2008/07/17 23:50:58 jinmei Exp + * From bind9.xsl 1.13.130.8 2009/01/29 23:47:13 tbox Exp + */ +static char xslmsg[] = + "\n" + "\n" + "\n" + "\n" + "\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " BIND 9 Statistics\n" + " \n" + " \n" + "
\n" + "

Bind 9 Configuration and Statistics

\n" + "
\n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Times
boot-time
current-time
\n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Incoming Requests
\n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Incoming Queries
\n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Outgoing Queries from View
\n" + "
\n" + " \n" + "\n" + "
\n" + "\n" + "
\n" + "

Server Statistics

\n" + " \n" + "
\n" + "
\n" + "
\n" + "
\n" + " \n" + "
\n" + "
\n" + "\n" + "
\n" + "

Zone Maintenance Statistics

\n" + " \n" + "
\n" + "
\n" + "
\n" + "
\n" + " \n" + "
\n" + "
\n" + "\n" + "
\n" + "

Resolver Statistics (Common)

\n" + " \n" + "
\n" + "
\n" + "
\n" + "
\n" + " \n" + "
\n" + "
\n" + "\n" + " \n" + "
\n" + "

Resolver Statistics for View

\n" + " \n" + "
\n" + "
\n" + "
\n" + "
\n" + " \n" + "
\n" + "
\n" + " \n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Cache DB RRsets for View
\n" + "
\n" + " \n" + "\n" + "
\n" + "

Socket I/O Statistics

\n" + " \n" + "
\n" + "
\n" + "
\n" + "
\n" + " \n" + "
\n" + "
\n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Zones for View
NameClassSerialSuccessReferralNXRRSETNXDOMAINFailureXfrReqDoneXfrRej
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
\n" + "
\n" + " \n" + "\n" + "
\n" + "\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Network Status
IDNameTypeReferencesLocalAddressPeerAddressState
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
\n" + "
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Task Manager Configuration
Thread-Model\n" + " \n" + "
Worker Threads\n" + " \n" + "
Default Quantum\n" + " \n" + "
Tasks Running\n" + " \n" + "
\n" + "
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Tasks
IDNameReferencesStateQuantum
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
\n" + "
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Memory Usage Summary
\n" + "
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
Memory Contexts
IDNameReferencesTotalUseInUseMaxUseBlockSizePoolsHiWaterLoWater
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
\n" + "\n" + " \n" + " \n" + " \n" + "\n"; diff --git a/contrib/bind-9.3/bin/named/builtin.c b/contrib/bind-9.5.2/bin/named/builtin.c similarity index 65% rename from contrib/bind-9.3/bin/named/builtin.c rename to contrib/bind-9.5.2/bin/named/builtin.c index af4d7a3f0d..7927737d68 100644 --- a/contrib/bind-9.3/bin/named/builtin.c +++ b/contrib/bind-9.5.2/bin/named/builtin.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: builtin.c,v 1.4.106.4 2004/03/08 04:04:18 marka Exp $ */ +/* $Id: builtin.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */ -/* - * The built-in "version", "hostname", "id" and "authors" databases. +/*! \file + * \brief + * The built-in "version", "hostname", "id", "authors" and "empty" databases. */ #include @@ -26,12 +27,13 @@ #include #include +#include #include #include #include -#include #include +#include #include #include @@ -44,6 +46,7 @@ static isc_result_t do_version_lookup(dns_sdblookup_t *lookup); static isc_result_t do_hostname_lookup(dns_sdblookup_t *lookup); static isc_result_t do_authors_lookup(dns_sdblookup_t *lookup); static isc_result_t do_id_lookup(dns_sdblookup_t *lookup); +static isc_result_t do_empty_lookup(dns_sdblookup_t *lookup); /* * We can't use function pointers as the db_data directly @@ -53,12 +56,15 @@ static isc_result_t do_id_lookup(dns_sdblookup_t *lookup); struct builtin { isc_result_t (*do_lookup)(dns_sdblookup_t *lookup); + char *server; + char *contact; }; -static builtin_t version_builtin = { do_version_lookup }; -static builtin_t hostname_builtin = { do_hostname_lookup }; -static builtin_t authors_builtin = { do_authors_lookup }; -static builtin_t id_builtin = { do_id_lookup }; +static builtin_t version_builtin = { do_version_lookup, NULL, NULL }; +static builtin_t hostname_builtin = { do_hostname_lookup, NULL, NULL }; +static builtin_t authors_builtin = { do_authors_lookup, NULL, NULL }; +static builtin_t id_builtin = { do_id_lookup, NULL, NULL }; +static builtin_t empty_builtin = { do_empty_lookup, NULL, NULL }; static dns_sdbimplementation_t *builtin_impl; @@ -166,17 +172,38 @@ do_id_lookup(dns_sdblookup_t *lookup) { return (put_txt(lookup, ns_g_server->server_id)); } +static isc_result_t +do_empty_lookup(dns_sdblookup_t *lookup) { + + UNUSED(lookup); + return (ISC_R_SUCCESS); +} + static isc_result_t builtin_authority(const char *zone, void *dbdata, dns_sdblookup_t *lookup) { isc_result_t result; + const char *contact = "hostmaster"; + const char *server = "@"; + builtin_t *b = (builtin_t *) dbdata; UNUSED(zone); UNUSED(dbdata); - result = dns_sdb_putsoa(lookup, "@", "hostmaster", 0); + if (b == &empty_builtin) { + server = "."; + contact = "."; + } else { + if (b->server != NULL) + server = b->server; + if (b->contact != NULL) + contact = b->contact; + } + + result = dns_sdb_putsoa(lookup, server, contact, 0); if (result != ISC_R_SUCCESS) return (ISC_R_FAILURE); - result = dns_sdb_putrr(lookup, "ns", 0, "@"); + + result = dns_sdb_putrr(lookup, "ns", 0, server); if (result != ISC_R_SUCCESS) return (ISC_R_FAILURE); @@ -187,10 +214,17 @@ static isc_result_t builtin_create(const char *zone, int argc, char **argv, void *driverdata, void **dbdata) { + REQUIRE(argc >= 1); + UNUSED(zone); UNUSED(driverdata); - if (argc != 1) + + if (strcmp(argv[0], "empty") == 0) { + if (argc != 3) + return (DNS_R_SYNTAX); + } else if (argc != 1) return (DNS_R_SYNTAX); + if (strcmp(argv[0], "version") == 0) *dbdata = &version_builtin; else if (strcmp(argv[0], "hostname") == 0) @@ -199,17 +233,62 @@ builtin_create(const char *zone, int argc, char **argv, *dbdata = &authors_builtin; else if (strcmp(argv[0], "id") == 0) *dbdata = &id_builtin; - else + else if (strcmp(argv[0], "empty") == 0) { + builtin_t *empty; + char *server; + char *contact; + /* + * We don't want built-in zones to fail. Fallback to + * the static configuration if memory allocation fails. + */ + empty = isc_mem_get(ns_g_mctx, sizeof(*empty)); + server = isc_mem_strdup(ns_g_mctx, argv[1]); + contact = isc_mem_strdup(ns_g_mctx, argv[2]); + if (empty == NULL || server == NULL || contact == NULL) { + *dbdata = &empty_builtin; + if (server != NULL) + isc_mem_free(ns_g_mctx, server); + if (contact != NULL) + isc_mem_free(ns_g_mctx, contact); + if (empty != NULL) + isc_mem_put(ns_g_mctx, empty, sizeof (*empty)); + } else { + memcpy(empty, &empty_builtin, sizeof (empty_builtin)); + empty->server = server; + empty->contact = contact; + *dbdata = empty; + } + } else return (ISC_R_NOTIMPLEMENTED); return (ISC_R_SUCCESS); } +static void +builtin_destroy(const char *zone, void *driverdata, void **dbdata) { + builtin_t *b = (builtin_t *) *dbdata; + + UNUSED(zone); + UNUSED(driverdata); + + /* + * Don't free the static versions. + */ + if (*dbdata == &version_builtin || *dbdata == &hostname_builtin || + *dbdata == &authors_builtin || *dbdata == &id_builtin || + *dbdata == &empty_builtin) + return; + + isc_mem_free(ns_g_mctx, b->server); + isc_mem_free(ns_g_mctx, b->contact); + isc_mem_put(ns_g_mctx, b, sizeof (*b)); +} + static dns_sdbmethods_t builtin_methods = { builtin_lookup, builtin_authority, NULL, /* allnodes */ builtin_create, - NULL /* destroy */ + builtin_destroy }; isc_result_t diff --git a/contrib/bind-9.3/bin/named/client.c b/contrib/bind-9.5.2/bin/named/client.c similarity index 83% rename from contrib/bind-9.3/bin/named/client.c rename to contrib/bind-9.5.2/bin/named/client.c index 30b77eb0f6..2e86115730 100644 --- a/contrib/bind-9.3/bin/named/client.c +++ b/contrib/bind-9.5.2/bin/named/client.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,14 +15,16 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.13.4.31.6.1 2007/06/26 04:14:55 marka Exp $ */ +/* $Id: client.c,v 1.250.16.10 2009/01/29 22:41:43 jinmei Exp $ */ #include #include #include #include +#include #include +#include #include #include #include @@ -33,12 +35,14 @@ #include #include #include +#include #include -#include #include #include #include #include +#include +#include #include #include #include @@ -46,6 +50,7 @@ #include #include #include +#include #include #include @@ -53,7 +58,9 @@ *** Client ***/ -/* +/*! \file + * Client Routines + * * Important note! * * All client state changes, other than that from idle to listening, occur @@ -87,6 +94,25 @@ #define SEND_BUFFER_SIZE 4096 #define RECV_BUFFER_SIZE 4096 +#ifdef ISC_PLATFORM_USETHREADS +#define NMCTXS 100 +/*%< + * Number of 'mctx pools' for clients. (Should this be configurable?) + * When enabling threads, we use a pool of memory contexts shared by + * client objects, since concurrent access to a shared context would cause + * heavy contentions. The above constant is expected to be enough for + * completely avoiding contentions among threads for an authoritative-only + * server. + */ +#else +#define NMCTXS 0 +/*%< + * If named with built without thread, simply share manager's context. Using + * a separate context in this case would simply waste memory. + */ +#endif + +/*% nameserver client manager structure */ struct ns_clientmgr { /* Unlocked. */ unsigned int magic; @@ -96,15 +122,20 @@ struct ns_clientmgr { isc_mutex_t lock; /* Locked by lock. */ isc_boolean_t exiting; - client_list_t active; /* Active clients */ - client_list_t recursing; /* Recursing clients */ - client_list_t inactive; /* To be recycled */ + client_list_t active; /*%< Active clients */ + client_list_t recursing; /*%< Recursing clients */ + client_list_t inactive; /*%< To be recycled */ +#if NMCTXS > 0 + /*%< mctx pool for clients. */ + unsigned int nextmctx; + isc_mem_t * mctxpool[NMCTXS]; +#endif }; #define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm') #define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC) -/* +/*! * Client object states. Ordering is significant: higher-numbered * states are generally "more active", meaning that the client can * have more dynamically allocated data, outstanding events, etc. @@ -117,12 +148,12 @@ struct ns_clientmgr { */ #define NS_CLIENTSTATE_FREED 0 -/* +/*%< * The client object no longer exists. */ #define NS_CLIENTSTATE_INACTIVE 1 -/* +/*%< * The client object exists and has a task and timer. * Its "query" struct and sendbuf are initialized. * It is on the client manager's list of inactive clients. @@ -130,7 +161,7 @@ struct ns_clientmgr { */ #define NS_CLIENTSTATE_READY 2 -/* +/*%< * The client object is either a TCP or a UDP one, and * it is associated with a network interface. It is on the * client manager's list of active clients. @@ -143,7 +174,7 @@ struct ns_clientmgr { */ #define NS_CLIENTSTATE_READING 3 -/* +/*%< * The client object is a TCP client object that has received * a connection. It has a tcpsocket, tcpmsg, TCP quota, and an * outstanding TCP read request. This state is not used for @@ -151,14 +182,14 @@ struct ns_clientmgr { */ #define NS_CLIENTSTATE_WORKING 4 -/* +/*%< * The client object has received a request and is working * on it. It has a view, and it may have any of a non-reset OPT, * recursion quota, and an outstanding write request. */ #define NS_CLIENTSTATE_MAX 9 -/* +/*%< * Sentinel value used to indicate "no state". When client->newstate * has this value, we are not attempting to exit the current state. * Must be greater than any valid state. @@ -171,6 +202,8 @@ struct ns_clientmgr { #define NS_CLIENT_DROPPORT 1 #endif +unsigned int ns_client_requests; + static void client_read(ns_client_t *client); static void client_accept(ns_client_t *client); static void client_udprecv(ns_client_t *client); @@ -227,7 +260,7 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) { } } -/* +/*% * Check for a deactivation or shutdown request and take appropriate * action. Returns ISC_TRUE if either is in progress; in this case * the caller must no longer use the client object as it may have been @@ -256,7 +289,7 @@ exit_check(ns_client_t *client) { * * Keep the view attached until any outstanding updates complete. */ - if (client->nupdates == 0 && + if (client->nupdates == 0 && client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL) dns_view_detach(&client->view); @@ -489,7 +522,7 @@ exit_check(ns_client_t *client) { CTRACE("free"); client->magic = 0; - isc_mem_put(client->mctx, client, sizeof(*client)); + isc_mem_putanddetach(&client->mctx, client, sizeof(*client)); goto unlock; } @@ -510,7 +543,7 @@ exit_check(ns_client_t *client) { return (ISC_TRUE); } -/* +/*% * The client's task has received the client's control event * as part of the startup process. */ @@ -536,7 +569,7 @@ client_start(isc_task_t *task, isc_event_t *event) { } -/* +/*% * The client's task has received a shutdown event. */ static void @@ -591,6 +624,7 @@ ns_client_endrequest(ns_client_t *client) { client->udpsize = 512; client->extflags = 0; + client->ednsversion = -1; dns_message_reset(client->message, DNS_MESSAGE_INTENTPARSE); if (client->recursionquota != NULL) @@ -609,7 +643,7 @@ ns_client_checkactive(ns_client_t *client) { /* * This client object should normally go inactive * at this point, but if we have fewer active client - * objects than desired due to earlier quota exhaustion, + * objects than desired due to earlier quota exhaustion, * keep it active to make up for the shortage. */ isc_boolean_t need_another_client = ISC_FALSE; @@ -705,7 +739,7 @@ client_senddone(isc_task_t *task, isc_event_t *event) { ns_client_next(client, ISC_R_SUCCESS); } -/* +/*% * We only want to fail with ISC_R_NOSPACE when called from * ns_client_sendraw() and not when called from ns_client_send(), * tcpbuffer is NULL when called from ns_client_sendraw() and @@ -786,7 +820,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) { isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); if (ns_g_server->blackholeacl != NULL && dns_acl_match(&netaddr, NULL, - ns_g_server->blackholeacl, + ns_g_server->blackholeacl, &ns_g_server->aclenv, &match, NULL) == ISC_R_SUCCESS && match > 0) @@ -803,7 +837,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) { isc_buffer_usedregion(buffer, &r); CTRACE("sendto"); - + result = isc_socket_sendto2(socket, &r, client->task, address, pktinfo, client->sendevent, sockflags); @@ -875,6 +909,7 @@ ns_client_send(ns_client_t *client) { unsigned char sendbuf[SEND_BUFFER_SIZE]; unsigned int dnssec_opts; unsigned int preferred_glue; + isc_boolean_t opt_included = ISC_FALSE; REQUIRE(NS_CLIENT_VALID(client)); @@ -912,11 +947,10 @@ ns_client_send(ns_client_t *client) { result = dns_message_renderbegin(client->message, &cctx, &buffer); if (result != ISC_R_SUCCESS) goto done; + if (client->opt != NULL) { result = dns_message_setopt(client->message, client->opt); - /* - * XXXRTH dns_message_setopt() should probably do this... - */ + opt_included = ISC_TRUE; client->opt = NULL; if (result != ISC_R_SUCCESS) goto done; @@ -972,6 +1006,25 @@ ns_client_send(ns_client_t *client) { result = client_sendpkg(client, &tcpbuffer); } else result = client_sendpkg(client, &buffer); + + /* update statistics (XXXJT: is it okay to access message->xxxkey?) */ + isc_stats_increment(ns_g_server->nsstats, dns_nsstatscounter_response); + if (opt_included) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_edns0out); + } + if (client->message->tsigkey != NULL) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_tsigout); + } + if (client->message->sig0key != NULL) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_sig0out); + } + if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0) + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_truncatedresp); + if (result == ISC_R_SUCCESS) return; @@ -1077,8 +1130,8 @@ ns_client_error(ns_client_t *client, isc_result_t result) { /* * FORMERR loop avoidance: If we sent a FORMERR message * with the same ID to the same client less than two - * seconds ago, assume that we are in an infinite error - * packet dialog with a server for some protocol whose + * seconds ago, assume that we are in an infinite error + * packet dialog with a server for some protocol whose * error responses look enough like DNS queries to * elicit a FORMERR response. Drop a packet to break * the loop. @@ -1148,11 +1201,46 @@ client_addopt(ns_client_t *client) { */ rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE); - /* - * No ENDS options in the default case. - */ - rdata->data = NULL; - rdata->length = 0; + /* Set EDNS options if applicable */ + if (client->attributes & NS_CLIENTATTR_WANTNSID && + (ns_g_server->server_id != NULL || + ns_g_server->server_usehostname)) { + /* + * Space required for NSID data: + * 2 bytes for opt code + * + 2 bytes for NSID length + * + NSID itself + */ + char nsid[BUFSIZ], *nsidp; + isc_buffer_t *buffer = NULL; + + if (ns_g_server->server_usehostname) { + isc_result_t result; + result = ns_os_gethostname(nsid, sizeof(nsid)); + if (result != ISC_R_SUCCESS) { + goto no_nsid; + } + nsidp = nsid; + } else + nsidp = ns_g_server->server_id; + + rdata->length = strlen(nsidp) + 4; + result = isc_buffer_allocate(client->mctx, &buffer, + rdata->length); + if (result != ISC_R_SUCCESS) + goto no_nsid; + + isc_buffer_putuint16(buffer, DNS_OPT_NSID); + isc_buffer_putuint16(buffer, strlen(nsidp)); + isc_buffer_putstr(buffer, nsidp); + rdata->data = buffer->base; + dns_message_takebuffer(client->message, &buffer); + } else { +no_nsid: + rdata->data = NULL; + rdata->length = 0; + } + rdata->rdclass = rdatalist->rdclass; rdata->type = rdatalist->type; rdata->flags = 0; @@ -1181,6 +1269,64 @@ allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl) { return (ISC_FALSE); } +/* + * Callback to see if a non-recursive query coming from 'srcaddr' to + * 'destaddr', with optional key 'mykey' for class 'rdclass' would be + * delivered to 'myview'. + * + * We run this unlocked as both the view list and the interface list + * are updated when the appropriate task has exclusivity. + */ +isc_boolean_t +ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey, + isc_sockaddr_t *srcaddr, isc_sockaddr_t *dstaddr, + dns_rdataclass_t rdclass, void *arg) +{ + dns_view_t *view; + dns_tsigkey_t *key = NULL; + dns_name_t *tsig = NULL; + isc_netaddr_t netsrc; + isc_netaddr_t netdst; + + UNUSED(arg); + + if (!ns_interfacemgr_listeningon(ns_g_server->interfacemgr, dstaddr)) + return (ISC_FALSE); + + isc_netaddr_fromsockaddr(&netsrc, srcaddr); + isc_netaddr_fromsockaddr(&netdst, dstaddr); + + for (view = ISC_LIST_HEAD(ns_g_server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + + if (view->matchrecursiveonly) + continue; + + if (rdclass != view->rdclass) + continue; + + if (mykey != NULL) { + isc_boolean_t match; + isc_result_t result; + + result = dns_view_gettsig(view, &mykey->name, &key); + if (result != ISC_R_SUCCESS) + continue; + match = dst_key_compare(mykey->key, key->key); + dns_tsigkey_detach(&key); + if (!match) + continue; + tsig = dns_tsigkey_identity(mykey); + } + + if (allowed(&netsrc, tsig, view->matchclients) && + allowed(&netdst, tsig, view->matchdestinations)) + break; + } + return (ISC_TF(view == myview)); +} + /* * Handle an incoming request event from the socket (UDP case) * or tcpmsg (TCP case). @@ -1195,13 +1341,16 @@ client_request(isc_task_t *task, isc_event_t *event) { isc_buffer_t tbuffer; dns_view_t *view; dns_rdataset_t *opt; - isc_boolean_t ra; /* Recursion available. */ + dns_name_t *signame; + isc_boolean_t ra; /* Recursion available. */ isc_netaddr_t netaddr; isc_netaddr_t destaddr; int match; dns_messageid_t id; unsigned int flags; isc_boolean_t notimp; + dns_rdata_t rdata; + isc_uint16_t optcode; REQUIRE(event != NULL); client = event->ev_arg; @@ -1215,6 +1364,8 @@ client_request(isc_task_t *task, isc_event_t *event) { NS_CLIENTSTATE_READING : NS_CLIENTSTATE_READY); + ns_client_requests++; + if (event->ev_type == ISC_SOCKEVENT_RECVDONE) { INSIST(!TCP_CLIENT(client)); sevent = (isc_socketevent_t *)event; @@ -1348,6 +1499,20 @@ client_request(isc_task_t *task, isc_event_t *event) { } } + /* + * Update some statistics counters. Don't count responses. + */ + if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_requestv4); + } else { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_requestv6); + } + if (TCP_CLIENT(client)) + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_tcp); + /* * It's a request. Parse it. */ @@ -1361,6 +1526,8 @@ client_request(isc_task_t *task, isc_event_t *event) { goto cleanup; } + dns_opcodestats_increment(ns_g_server->opcodestats, + client->message->opcode); switch (client->message->opcode) { case dns_opcode_query: case dns_opcode_update: @@ -1384,8 +1551,6 @@ client_request(isc_task_t *task, isc_event_t *event) { */ opt = dns_message_getopt(client->message); if (opt != NULL) { - unsigned int version; - /* * Set the client's UDP buffer size. */ @@ -1404,22 +1569,47 @@ client_request(isc_task_t *task, isc_event_t *event) { client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF); /* - * Create an OPT for our reply. + * Do we understand this version of EDNS? + * + * XXXRTH need library support for this! */ - result = client_addopt(client); - if (result != ISC_R_SUCCESS) { + client->ednsversion = (opt->ttl & 0x00FF0000) >> 16; + if (client->ednsversion > 0) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_badednsver); + result = client_addopt(client); + if (result == ISC_R_SUCCESS) + result = DNS_R_BADVERS; ns_client_error(client, result); goto cleanup; } + /* Check for NSID request */ + result = dns_rdataset_first(opt); + if (result == ISC_R_SUCCESS) { + dns_rdata_init(&rdata); + dns_rdataset_current(opt, &rdata); + if (rdata.length >= 2) { + isc_buffer_t nsidbuf; + isc_buffer_init(&nsidbuf, + rdata.data, rdata.length); + isc_buffer_add(&nsidbuf, rdata.length); + optcode = isc_buffer_getuint16(&nsidbuf); + if (optcode == DNS_OPT_NSID) + client->attributes |= + NS_CLIENTATTR_WANTNSID; + } + } + + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_edns0in); + /* - * Do we understand this version of ENDS? - * - * XXXRTH need library support for this! + * Create an OPT for our reply. */ - version = (opt->ttl & 0x00FF0000) >> 16; - if (version != 0) { - ns_client_error(client, DNS_R_BADVERS); + result = client_addopt(client); + if (result != ISC_R_SUCCESS) { + ns_client_error(client, result); goto cleanup; } } @@ -1443,7 +1633,7 @@ client_request(isc_task_t *task, isc_event_t *event) { * For IPv6 UDP queries, we get this from the pktinfo structure (if * supported). * If all the attempts fail (this can happen due to memory shortage, - * etc), we regard this as an error for safety. + * etc), we regard this as an error for safety. */ if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0) isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr); @@ -1485,6 +1675,7 @@ client_request(isc_task_t *task, isc_event_t *event) { "failed to get request's " "destination: %s", isc_result_totext(result)); + ns_client_next(client, ISC_R_SUCCESS); goto cleanup; } } @@ -1499,11 +1690,12 @@ client_request(isc_task_t *task, isc_event_t *event) { client->message->rdclass == dns_rdataclass_any) { dns_name_t *tsig = NULL; + sigresult = dns_message_rechecksig(client->message, view); if (sigresult == ISC_R_SUCCESS) - tsig = client->message->tsigname; - + tsig = dns_tsigkey_identity(client->message->tsigkey); + if (allowed(&netaddr, tsig, view->matchclients) && allowed(&destaddr, tsig, view->matchdestinations) && !((client->message->flags & DNS_MESSAGEFLAG_RD) @@ -1556,6 +1748,17 @@ client_request(isc_task_t *task, isc_event_t *event) { client->signer = NULL; dns_name_init(&client->signername, NULL); result = dns_message_signer(client->message, &client->signername); + if (result != ISC_R_NOTFOUND) { + signame = NULL; + if (dns_message_gettsig(client->message, &signame) != NULL) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_tsigin); + } else { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_sig0in); + } + + } if (result == ISC_R_SUCCESS) { ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), @@ -1572,22 +1775,48 @@ client_request(isc_task_t *task, isc_event_t *event) { } else { char tsigrcode[64]; isc_buffer_t b; - dns_name_t *name = NULL; + dns_rcode_t status; + isc_result_t tresult; - isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); - RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus, - &b) == ISC_R_SUCCESS); - tsigrcode[isc_buffer_usedlength(&b)] = '\0'; /* There is a signature, but it is bad. */ - if (dns_message_gettsig(client->message, &name) != NULL) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_invalidsig); + signame = NULL; + if (dns_message_gettsig(client->message, &signame) != NULL) { char namebuf[DNS_NAME_FORMATSIZE]; - dns_name_format(name, namebuf, sizeof(namebuf)); - ns_client_log(client, DNS_LOGCATEGORY_SECURITY, - NS_LOGMODULE_CLIENT, ISC_LOG_ERROR, - "request has invalid signature: " - "TSIG %s: %s (%s)", namebuf, - isc_result_totext(result), tsigrcode); + char cnamebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(signame, namebuf, sizeof(namebuf)); + status = client->message->tsigstatus; + isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); + tresult = dns_tsigrcode_totext(status, &b); + INSIST(tresult == ISC_R_SUCCESS); + tsigrcode[isc_buffer_usedlength(&b)] = '\0'; + if (client->message->tsigkey->generated) { + dns_name_format(client->message->tsigkey->creator, + cnamebuf, sizeof(cnamebuf)); + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_CLIENT, + ISC_LOG_ERROR, + "request has invalid signature: " + "TSIG %s (%s): %s (%s)", namebuf, + cnamebuf, + isc_result_totext(result), + tsigrcode); + } else { + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_CLIENT, + ISC_LOG_ERROR, + "request has invalid signature: " + "TSIG %s: %s (%s)", namebuf, + isc_result_totext(result), + tsigrcode); + } } else { + status = client->message->sig0status; + isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); + tresult = dns_tsigrcode_totext(status, &b); + INSIST(tresult == ISC_R_SUCCESS); + tsigrcode[isc_buffer_usedlength(&b)] = '\0'; ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_ERROR, "request has invalid signature: %s (%s)", @@ -1615,9 +1844,17 @@ client_request(isc_task_t *task, isc_event_t *event) { ra = ISC_FALSE; if (client->view->resolver != NULL && client->view->recursion == ISC_TRUE && - ns_client_checkaclsilent(client, client->view->recursionacl, + ns_client_checkaclsilent(client, NULL, + client->view->recursionacl, + ISC_TRUE) == ISC_R_SUCCESS && + ns_client_checkaclsilent(client, NULL, + client->view->queryacl, ISC_TRUE) == ISC_R_SUCCESS && - ns_client_checkaclsilent(client, client->view->queryacl, + ns_client_checkaclsilent(client, &client->interface->addr, + client->view->recursiononacl, + ISC_TRUE) == ISC_R_SUCCESS && + ns_client_checkaclsilent(client, &client->interface->addr, + client->view->queryonacl, ISC_TRUE) == ISC_R_SUCCESS) ra = ISC_TRUE; @@ -1626,7 +1863,20 @@ client_request(isc_task_t *task, isc_event_t *event) { ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), ra ? "recursion available" : - "recursion not available"); + "recursion not available"); + + /* + * Adjust maximum UDP response size for this client. + */ + if (client->udpsize > 512) { + dns_peer_t *peer = NULL; + isc_uint16_t udpsize = view->maxudp; + (void) dns_peerlist_peerbyaddr(view->peers, &netaddr, &peer); + if (peer != NULL) + dns_peer_getmaxudp(peer, &udpsize); + if (client->udpsize > udpsize) + client->udpsize = udpsize; + } /* * Dispatch the request. @@ -1688,10 +1938,44 @@ client_timeout(isc_task_t *task, isc_event_t *event) { (void)exit_check(client); } +static isc_result_t +get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) { + isc_mem_t *clientmctx; +#if NMCTXS > 0 + isc_result_t result; +#endif + + /* + * Caller must be holding the manager lock. + */ +#if NMCTXS > 0 + INSIST(manager->nextmctx < NMCTXS); + clientmctx = manager->mctxpool[manager->nextmctx]; + if (clientmctx == NULL) { + result = isc_mem_create(0, 0, &clientmctx); + if (result != ISC_R_SUCCESS) + return (result); + isc_mem_setname(clientmctx, "client", NULL); + + manager->mctxpool[manager->nextmctx] = clientmctx; + } + manager->nextmctx++; + if (manager->nextmctx == NMCTXS) + manager->nextmctx = 0; +#else + clientmctx = manager->mctx; +#endif + + isc_mem_attach(clientmctx, mctxp); + + return (ISC_R_SUCCESS); +} + static isc_result_t client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { ns_client_t *client; isc_result_t result; + isc_mem_t *mctx = NULL; /* * Caller must be holding the manager lock. @@ -1703,9 +1987,16 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { REQUIRE(clientp != NULL && *clientp == NULL); - client = isc_mem_get(manager->mctx, sizeof(*client)); - if (client == NULL) + result = get_clientmctx(manager, &mctx); + if (result != ISC_R_SUCCESS) + return (result); + + client = isc_mem_get(mctx, sizeof(*client)); + if (client == NULL) { + isc_mem_detach(&mctx); return (ISC_R_NOMEMORY); + } + client->mctx = mctx; client->task = NULL; result = isc_task_create(manager->taskmgr, 0, &client->task); @@ -1722,7 +2013,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { client->timerset = ISC_FALSE; client->message = NULL; - result = dns_message_create(manager->mctx, DNS_MESSAGE_INTENTPARSE, + result = dns_message_create(client->mctx, DNS_MESSAGE_INTENTPARSE, &client->message); if (result != ISC_R_SUCCESS) goto cleanup_timer; @@ -1730,7 +2021,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { /* XXXRTH Hardwired constants */ client->sendevent = (isc_socketevent_t *) - isc_event_allocate(manager->mctx, client, + isc_event_allocate(client->mctx, client, ISC_SOCKEVENT_SENDDONE, client_senddone, client, sizeof(isc_socketevent_t)); @@ -1739,14 +2030,14 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { goto cleanup_message; } - client->recvbuf = isc_mem_get(manager->mctx, RECV_BUFFER_SIZE); + client->recvbuf = isc_mem_get(client->mctx, RECV_BUFFER_SIZE); if (client->recvbuf == NULL) { result = ISC_R_NOMEMORY; goto cleanup_sendevent; } client->recvevent = (isc_socketevent_t *) - isc_event_allocate(manager->mctx, client, + isc_event_allocate(client->mctx, client, ISC_SOCKEVENT_RECVDONE, client_request, client, sizeof(isc_socketevent_t)); @@ -1756,7 +2047,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { } client->magic = NS_CLIENT_MAGIC; - client->mctx = manager->mctx; client->manager = NULL; client->state = NS_CLIENTSTATE_INACTIVE; client->newstate = NS_CLIENTSTATE_MAX; @@ -1778,6 +2068,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { client->opt = NULL; client->udpsize = 512; client->extflags = 0; + client->ednsversion = -1; client->next = NULL; client->shutdown = NULL; client->shutdown_arg = NULL; @@ -1826,7 +2117,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { isc_event_free((isc_event_t **)&client->recvevent); cleanup_recvbuf: - isc_mem_put(manager->mctx, client->recvbuf, RECV_BUFFER_SIZE); + isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE); cleanup_sendevent: isc_event_free((isc_event_t **)&client->sendevent); @@ -1843,7 +2134,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { isc_task_detach(&client->task); cleanup_client: - isc_mem_put(manager->mctx, client, sizeof(*client)); + isc_mem_putanddetach(&client->mctx, client, sizeof(*client)); return (result); } @@ -1903,6 +2194,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { */ if (nevent->result == ISC_R_SUCCESS) { client->tcpsocket = nevent->newsocket; + isc_socket_setname(client->tcpsocket, "client-tcp", NULL); client->state = NS_CLIENTSTATE_READING; INSIST(client->recursionquota == NULL); @@ -1915,7 +2207,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { } else { /* * XXXRTH What should we do? We're trying to accept but - * it didn't work. If we just give up, then TCP + * it didn't work. If we just give up, then TCP * service may eventually stop. * * For now, we just go idle. @@ -1940,7 +2232,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { if (ns_g_server->blackholeacl != NULL && dns_acl_match(&netaddr, NULL, - ns_g_server->blackholeacl, + ns_g_server->blackholeacl, &ns_g_server->aclenv, &match, NULL) == ISC_R_SUCCESS && match > 0) @@ -1962,7 +2254,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) { * Let a new client take our place immediately, before * we wait for a request packet. If we don't, * telnetting to port 53 (once per CPU) will - * deny service to legititmate TCP clients. + * deny service to legitimate TCP clients. */ result = isc_quota_attach(&ns_g_server->tcpquota, &client->tcpquota); @@ -1996,7 +2288,7 @@ client_accept(ns_client_t *client) { isc_result_totext(result)); /* * XXXRTH What should we do? We're trying to accept but - * it didn't work. If we just give up, then TCP + * it didn't work. If we just give up, then TCP * service may eventually stop. * * For now, we just go idle. @@ -2096,12 +2388,23 @@ ns_client_replace(ns_client_t *client) { static void clientmgr_destroy(ns_clientmgr_t *manager) { +#if NMCTXS > 0 + int i; +#endif + REQUIRE(ISC_LIST_EMPTY(manager->active)); REQUIRE(ISC_LIST_EMPTY(manager->inactive)); REQUIRE(ISC_LIST_EMPTY(manager->recursing)); MTRACE("clientmgr_destroy"); +#if NMCTXS > 0 + for (i = 0; i < NMCTXS; i++) { + if (manager->mctxpool[i] != NULL) + isc_mem_detach(&manager->mctxpool[i]); + } +#endif + DESTROYLOCK(&manager->lock); manager->magic = 0; isc_mem_put(manager->mctx, manager, sizeof(*manager)); @@ -2113,6 +2416,9 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, { ns_clientmgr_t *manager; isc_result_t result; +#if NMCTXS > 0 + int i; +#endif manager = isc_mem_get(mctx, sizeof(*manager)); if (manager == NULL) @@ -2129,6 +2435,11 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, ISC_LIST_INIT(manager->active); ISC_LIST_INIT(manager->inactive); ISC_LIST_INIT(manager->recursing); +#if NMCTXS > 0 + manager->nextmctx = 0; + for (i = 0; i < NMCTXS; i++) + manager->mctxpool[i] = NULL; /* will be created on-demand */ +#endif manager->magic = MANAGER_MAGIC; MTRACE("create"); @@ -2270,8 +2581,8 @@ ns_client_getsockaddr(ns_client_t *client) { } isc_result_t -ns_client_checkaclsilent(ns_client_t *client, dns_acl_t *acl, - isc_boolean_t default_allow) +ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr, + dns_acl_t *acl, isc_boolean_t default_allow) { isc_result_t result; int match; @@ -2284,11 +2595,16 @@ ns_client_checkaclsilent(ns_client_t *client, dns_acl_t *acl, goto deny; } - isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); + + if (sockaddr == NULL) + isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); + else + isc_netaddr_fromsockaddr(&netaddr, sockaddr); result = dns_acl_match(&netaddr, client->signer, acl, &ns_g_server->aclenv, &match, NULL); + if (result != ISC_R_SUCCESS) goto deny; /* Internal error, already logged. */ if (match > 0) @@ -2303,14 +2619,14 @@ ns_client_checkaclsilent(ns_client_t *client, dns_acl_t *acl, } isc_result_t -ns_client_checkacl(ns_client_t *client, +ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr, const char *opname, dns_acl_t *acl, isc_boolean_t default_allow, int log_level) { isc_result_t result = - ns_client_checkaclsilent(client, acl, default_allow); + ns_client_checkaclsilent(client, sockaddr, acl, default_allow); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), "%s approved", opname); @@ -2331,7 +2647,7 @@ ns_client_name(ns_client_t *client, char *peerbuf, size_t len) { void ns_client_logv(ns_client_t *client, isc_logcategory_t *category, - isc_logmodule_t *module, int level, const char *fmt, va_list ap) + isc_logmodule_t *module, int level, const char *fmt, va_list ap) { char msgbuf[2048]; char peerbuf[ISC_SOCKADDR_FORMATSIZE]; @@ -2366,16 +2682,16 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category, void ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type, - dns_rdataclass_t rdclass, char *buf, size_t len) + dns_rdataclass_t rdclass, char *buf, size_t len) { - char namebuf[DNS_NAME_FORMATSIZE]; - char typebuf[DNS_RDATATYPE_FORMATSIZE]; - char classbuf[DNS_RDATACLASS_FORMATSIZE]; - - dns_name_format(name, namebuf, sizeof(namebuf)); - dns_rdatatype_format(type, typebuf, sizeof(typebuf)); - dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf)); - (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf, + char namebuf[DNS_NAME_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; + char classbuf[DNS_RDATACLASS_FORMATSIZE]; + + dns_name_format(name, namebuf, sizeof(namebuf)); + dns_rdatatype_format(type, typebuf, sizeof(typebuf)); + dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf)); + (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf, classbuf); } @@ -2403,7 +2719,7 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) { isc_mem_put(client->mctx, buf, len); len += 1024; } else if (result == ISC_R_SUCCESS) - ns_client_log(client, NS_LOGCATEGORY_UNMATCHED, + ns_client_log(client, NS_LOGCATEGORY_UNMATCHED, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), "%s\n%.*s", reason, (int)isc_buffer_usedlength(&buffer), @@ -2423,7 +2739,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) { const char *sep; REQUIRE(VALID_MANAGER(manager)); - + LOCK(&manager->lock); client = ISC_LIST_HEAD(manager->recursing); while (client != NULL) { diff --git a/contrib/bind-9.3/bin/named/config.c b/contrib/bind-9.5.2/bin/named/config.c similarity index 83% rename from contrib/bind-9.3/bin/named/config.c rename to contrib/bind-9.5.2/bin/named/config.c index 7b5b99e672..6ac2d1a32a 100644 --- a/contrib/bind-9.3/bin/named/config.c +++ b/contrib/bind-9.5.2/bin/named/config.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.11.2.4.8.32 2006/02/28 06:32:53 marka Exp $ */ +/* $Id: config.c,v 1.82.38.8 2008/09/27 23:39:42 jinmei Exp $ */ + +/*! \file */ #include #include -#include #include #include #include +#include #include #include #include +#include #include #include @@ -42,13 +45,14 @@ #include #include +/*% default configuration */ static char defaultconf[] = "\ options {\n\ # blackhole {none;};\n" #ifndef WIN32 " coresize default;\n\ datasize default;\n\ - files default;\n\ + files unlimited;\n\ stacksize default;\n" #endif " deallocate-on-exit true;\n\ @@ -76,7 +80,7 @@ options {\n\ #endif "\ recursive-clients 1000;\n\ - rrset-order {order cyclic;};\n\ + rrset-order {type NS order random; order cyclic; };\n\ serial-queries 20;\n\ serial-query-rate 20;\n\ server-id none;\n\ @@ -94,11 +98,17 @@ options {\n\ use-id-pool true;\n\ use-ixfr true;\n\ edns-udp-size 4096;\n\ + max-udp-size 4096;\n\ + request-nsid false;\n\ + reserved-sockets 512;\n\ \n\ /* view */\n\ allow-notify {none;};\n\ allow-update-forwarding {none;};\n\ - allow-recursion {any;};\n\ + allow-query-cache { localnets; localhost; };\n\ + allow-query-cache-on { any; };\n\ + allow-recursion { localnets; localhost; };\n\ + allow-recursion-on { any; };\n\ # allow-v6-synthesis ;\n\ # sortlist \n\ # topology \n\ @@ -115,7 +125,7 @@ options {\n\ query-source-v6 address *;\n\ notify-source *;\n\ notify-source-v6 *;\n\ - cleaning-interval 60;\n\ + cleaning-interval 0; /* now meaningless */\n\ min-roots 2;\n\ lame-ttl 600;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ @@ -125,14 +135,26 @@ options {\n\ check-names master fail;\n\ check-names slave warn;\n\ check-names response ignore;\n\ - dnssec-enable no; /* Make yes for 9.4. */ \n\ + check-mx warn;\n\ + acache-enable no;\n\ + acache-cleaning-interval 60;\n\ + max-acache-size 16M;\n\ + dnssec-enable yes;\n\ + dnssec-validation yes; \n\ + dnssec-accept-expired no;\n\ + clients-per-query 10;\n\ + max-clients-per-query 100;\n\ + zero-no-soa-ttl-cache no;\n\ " " /* zone */\n\ allow-query {any;};\n\ + allow-query-on {any;};\n\ allow-transfer {any;};\n\ notify yes;\n\ # also-notify \n\ + notify-delay 5;\n\ + notify-to-soa no;\n\ dialup no;\n\ # forward \n\ # forwarders \n\ @@ -155,11 +177,19 @@ options {\n\ zone-statistics false;\n\ max-journal-size unlimited;\n\ ixfr-from-differences false;\n\ + check-wildcard yes;\n\ + check-sibling yes;\n\ + check-integrity yes;\n\ + check-mx-cname warn;\n\ + check-srv-cname warn;\n\ + zero-no-soa-ttl yes;\n\ + update-check-ksk yes;\n\ + try-tcp-refresh yes; /* BIND 8 compat */\n\ };\n\ " "#\n\ -# Zones in the \"_bind\" view are NOT counted is the count of zones.\n\ +# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\ #\n\ view \"_bind\" chaos {\n\ recursion no;\n\ @@ -258,7 +288,6 @@ ns_config_listcount(const cfg_obj_t *list) { isc_result_t ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, dns_rdataclass_t *classp) { - const char *str; isc_textregion_t r; isc_result_t result; @@ -266,20 +295,18 @@ ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, *classp = defclass; return (ISC_R_SUCCESS); } - str = cfg_obj_asstring(classobj); - DE_CONST(str, r.base); - r.length = strlen(str); + DE_CONST(cfg_obj_asstring(classobj), r.base); + r.length = strlen(r.base); result = dns_rdataclass_fromtext(classp, &r); if (result != ISC_R_SUCCESS) cfg_obj_log(classobj, ns_g_lctx, ISC_LOG_ERROR, - "unknown class '%s'", str); + "unknown class '%s'", r.base); return (result); } isc_result_t ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype, dns_rdatatype_t *typep) { - const char *str; isc_textregion_t r; isc_result_t result; @@ -287,13 +314,12 @@ ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype, *typep = deftype; return (ISC_R_SUCCESS); } - str = cfg_obj_asstring(typeobj); - DE_CONST(str, r.base); - r.length = strlen(str); + DE_CONST(cfg_obj_asstring(typeobj), r.base); + r.length = strlen(r.base); result = dns_rdatatype_fromtext(typep, &r); if (result != ISC_R_SUCCESS) cfg_obj_log(typeobj, ns_g_lctx, ISC_LOG_ERROR, - "unknown type '%s'", str); + "unknown type '%s'", r.base); return (result); } @@ -425,7 +451,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, dns_fixedname_t fname; isc_sockaddr_t *addrs = NULL; dns_name_t **keys = NULL; - const char **lists = NULL; + struct { const char *name; } *lists = NULL; struct { const cfg_listelt_t *element; in_port_t port; @@ -494,21 +520,21 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, } /* Seen? */ for (j = 0; j < l; j++) - if (strcasecmp(lists[j], listname) == 0) + if (strcasecmp(lists[j].name, listname) == 0) break; if (j < l) continue; tresult = get_masters_def(config, listname, &list); if (tresult == ISC_R_NOTFOUND) { cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR, - "masters \"%s\" not found", listname); + "masters \"%s\" not found", listname); result = tresult; goto cleanup; } if (tresult != ISC_R_SUCCESS) goto cleanup; - lists[l++] = listname; + lists[l++].name = listname; /* Grow stack? */ if (stackcount == pushed) { void * new; @@ -579,7 +605,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, if (keys[i] == NULL) goto cleanup; dns_name_init(keys[i], NULL); - + keystr = cfg_obj_asstring(key); isc_buffer_init(&b, keystr, strlen(keystr)); isc_buffer_add(&b, strlen(keystr)); @@ -635,7 +661,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, isc_mem_put(mctx, lists, listcount * sizeof(*lists)); if (stack != NULL) isc_mem_put(mctx, stack, stackcount * sizeof(*stack)); - + INSIST(keycount == addrcount); *addrsp = addrs; @@ -713,16 +739,65 @@ ns_config_getport(const cfg_obj_t *config, in_port_t *portp) { return (ISC_R_SUCCESS); } +struct keyalgorithms { + const char *str; + enum { hmacnone, hmacmd5, hmacsha1, hmacsha224, + hmacsha256, hmacsha384, hmacsha512 } hmac; + isc_uint16_t size; +} algorithms[] = { + { "hmac-md5", hmacmd5, 128 }, + { "hmac-md5.sig-alg.reg.int", hmacmd5, 0 }, + { "hmac-md5.sig-alg.reg.int.", hmacmd5, 0 }, + { "hmac-sha1", hmacsha1, 160 }, + { "hmac-sha224", hmacsha224, 224 }, + { "hmac-sha256", hmacsha256, 256 }, + { "hmac-sha384", hmacsha384, 384 }, + { "hmac-sha512", hmacsha512, 512 }, + { NULL, hmacnone, 0 } +}; + isc_result_t -ns_config_getkeyalgorithm(const char *str, dns_name_t **name) +ns_config_getkeyalgorithm(const char *str, dns_name_t **name, + isc_uint16_t *digestbits) { - if (strcasecmp(str, "hmac-md5") == 0 || - strcasecmp(str, "hmac-md5.sig-alg.reg.int") == 0 || - strcasecmp(str, "hmac-md5.sig-alg.reg.int.") == 0) - { - if (name != NULL) - *name = dns_tsig_hmacmd5_name; - return (ISC_R_SUCCESS); + int i; + size_t len = 0; + isc_uint16_t bits; + isc_result_t result; + + for (i = 0; algorithms[i].str != NULL; i++) { + len = strlen(algorithms[i].str); + if (strncasecmp(algorithms[i].str, str, len) == 0 && + (str[len] == '\0' || + (algorithms[i].size != 0 && str[len] == '-'))) + break; } - return (ISC_R_NOTFOUND); + if (algorithms[i].str == NULL) + return (ISC_R_NOTFOUND); + if (str[len] == '-') { + result = isc_parse_uint16(&bits, str + len + 1, 10); + if (result != ISC_R_SUCCESS) + return (result); + if (bits > algorithms[i].size) + return (ISC_R_RANGE); + } else if (algorithms[i].size == 0) + bits = 128; + else + bits = algorithms[i].size; + + if (name != NULL) { + switch (algorithms[i].hmac) { + case hmacmd5: *name = dns_tsig_hmacmd5_name; break; + case hmacsha1: *name = dns_tsig_hmacsha1_name; break; + case hmacsha224: *name = dns_tsig_hmacsha224_name; break; + case hmacsha256: *name = dns_tsig_hmacsha256_name; break; + case hmacsha384: *name = dns_tsig_hmacsha384_name; break; + case hmacsha512: *name = dns_tsig_hmacsha512_name; break; + default: + INSIST(0); + } + } + if (digestbits != NULL) + *digestbits = bits; + return (ISC_R_SUCCESS); } diff --git a/contrib/bind-9.3/bin/named/control.c b/contrib/bind-9.5.2/bin/named/control.c similarity index 80% rename from contrib/bind-9.3/bin/named/control.c rename to contrib/bind-9.5.2/bin/named/control.c index c9d17abe02..ca9f7f7d7d 100644 --- a/contrib/bind-9.3/bin/named/control.c +++ b/contrib/bind-9.5.2/bin/named/control.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,15 +15,17 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.c,v 1.7.2.2.2.14 2005/04/29 01:04:47 marka Exp $ */ +/* $Id: control.c,v 1.33.62.2 2009/07/11 23:46:45 tbox Exp $ */ + +/*! \file */ #include -#include #include #include #include +#include #include #include @@ -52,15 +54,16 @@ command_compare(const char *text, const char *command) { return (ISC_FALSE); } -/* +/*% * This function is called to process the incoming command - * when a control channel message is received. + * when a control channel message is received. */ isc_result_t ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { isccc_sexpr_t *data; char *command; isc_result_t result; + int log_level; #ifdef HAVE_LIBSCF ns_smf_want_disable = 0; #endif @@ -81,14 +84,20 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { return (result); } + /* + * Compare the 'command' parameter against all known control commands. + */ + if (command_compare(command, NS_COMMAND_NULL) || + command_compare(command, NS_COMMAND_STATUS)) { + log_level = ISC_LOG_DEBUG(1); + } else { + log_level = ISC_LOG_INFO; + } isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_CONTROL, ISC_LOG_DEBUG(1), + NS_LOGMODULE_CONTROL, log_level, "received control channel command '%s'", command); - /* - * Compare the 'command' parameter against all known control commands. - */ if (command_compare(command, NS_COMMAND_RELOAD)) { result = ns_server_reloadcommand(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_RECONFIG)) { @@ -156,15 +165,28 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { result = ns_server_flushname(ns_g_server, command); } else if (command_compare(command, NS_COMMAND_STATUS)) { result = ns_server_status(ns_g_server, text); + } else if (command_compare(command, NS_COMMAND_TSIGLIST)) { + result = ns_server_tsiglist(ns_g_server, text); + } else if (command_compare(command, NS_COMMAND_TSIGDELETE)) { + result = ns_server_tsigdelete(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_FREEZE)) { - result = ns_server_freeze(ns_g_server, ISC_TRUE, command); + result = ns_server_freeze(ns_g_server, ISC_TRUE, command, + text); } else if (command_compare(command, NS_COMMAND_UNFREEZE) || command_compare(command, NS_COMMAND_THAW)) { - result = ns_server_freeze(ns_g_server, ISC_FALSE, command); + result = ns_server_freeze(ns_g_server, ISC_FALSE, command, + text); } else if (command_compare(command, NS_COMMAND_RECURSING)) { result = ns_server_dumprecursing(ns_g_server); + } else if (command_compare(command, NS_COMMAND_TIMERPOKE)) { + result = ISC_R_SUCCESS; + isc_timermgr_poke(ns_g_timermgr); } else if (command_compare(command, NS_COMMAND_NULL)) { result = ISC_R_SUCCESS; + } else if (command_compare(command, NS_COMMAND_NOTIFY)) { + result = ns_server_notifycommand(ns_g_server, command, text); + } else if (command_compare(command, NS_COMMAND_VALIDATION)) { + result = ns_server_validation(ns_g_server, command); } else { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, diff --git a/contrib/bind-9.3/bin/named/controlconf.c b/contrib/bind-9.5.2/bin/named/controlconf.c similarity index 84% rename from contrib/bind-9.3/bin/named/controlconf.c rename to contrib/bind-9.5.2/bin/named/controlconf.c index b6bcc16620..b9af98c8a4 100644 --- a/contrib/bind-9.3/bin/named/controlconf.c +++ b/contrib/bind-9.5.2/bin/named/controlconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.28.2.9.2.10 2006/02/28 06:32:53 marka Exp $ */ +/* $Id: controlconf.c,v 1.55.64.4 2008/07/23 23:31:17 marka Exp $ */ + +/*! \file */ #include @@ -96,6 +98,10 @@ struct controllistener { isc_boolean_t exiting; controlkeylist_t keys; controlconnectionlist_t connections; + isc_sockettype_t type; + isc_uint32_t perm; + isc_uint32_t owner; + isc_uint32_t group; ISC_LINK(controllistener_t) link; }; @@ -191,6 +197,8 @@ shutdown_listener(controllistener_t *listener) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE, "stopping command channel on %s", socktext); + if (listener->type == isc_sockettype_unix) + isc_socket_cleanunix(&listener->address, ISC_TRUE); listener->exiting = ISC_TRUE; } @@ -337,9 +345,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { listener = conn->listener; secret.rstart = NULL; - /* Is the server shutting down? */ - if (listener->controls->shuttingdown) - goto cleanup; + /* Is the server shutting down? */ + if (listener->controls->shuttingdown) + goto cleanup; if (conn->ccmsg.result != ISC_R_SUCCESS) { if (conn->ccmsg.result != ISC_R_CANCELED && @@ -356,9 +364,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { { ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; @@ -367,7 +372,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_fromwire(&ccregion, &request, &secret); if (result == ISC_R_SUCCESS) break; - else if (result == ISCCC_R_BADAUTH) { + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + if (result == ISCCC_R_BADAUTH) { /* * For some reason, request is non-NULL when * isccc_cc_fromwire returns ISCCC_R_BADAUTH. @@ -388,7 +394,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { /* We shouldn't be getting a reply. */ if (isccc_cc_isreply(request)) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } isc_stdtime_get(&now); @@ -399,17 +405,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); - goto cleanup; + goto cleanup_request; } } else { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } /* @@ -418,7 +424,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && now > exp) { log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); - goto cleanup; + goto cleanup_request; } /* @@ -428,16 +434,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_checkdup(listener->controls->symtab, request, now); if (result != ISC_R_SUCCESS) { if (result == ISC_R_EXISTS) - result = ISCCC_R_DUPLICATE; + result = ISCCC_R_DUPLICATE; log_invalid(&conn->ccmsg, result); - goto cleanup; + goto cleanup_request; } if (conn->nonce != 0 && (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || conn->nonce != nonce)) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); - goto cleanup; + goto cleanup_request; } /* @@ -451,7 +457,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_createresponse(request, now, now + 60, &response); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_request; if (eresult != ISC_R_SUCCESS) { isccc_sexpr_t *data; @@ -459,7 +465,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (data != NULL) { const char *estr = isc_result_totext(eresult); if (isccc_cc_definestring(data, "err", estr) == NULL) - goto cleanup; + goto cleanup_response; } } @@ -470,20 +476,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (data != NULL) { char *str = (char *)isc_buffer_base(&text); if (isccc_cc_definestring(data, "text", str) == NULL) - goto cleanup; + goto cleanup_response; } } _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL || isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) - goto cleanup; + goto cleanup_response; ccregion.rstart = conn->buffer + 4; ccregion.rend = conn->buffer + sizeof(conn->buffer); result = isccc_cc_towire(response, &ccregion, &secret); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_response; isc_buffer_init(&b, conn->buffer, 4); len = sizeof(conn->buffer) - REGION_SIZE(ccregion); isc_buffer_putuint32(&b, len - 4); @@ -492,31 +498,27 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isc_socket_send(conn->sock, &r, task, control_senddone, conn); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_response; conn->sending = ISC_TRUE; - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); - if (request != NULL) - isccc_sexpr_free(&request); - if (response != NULL) - isccc_sexpr_free(&response); + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + isccc_sexpr_free(&request); + isccc_sexpr_free(&response); return; + cleanup_response: + isccc_sexpr_free(&response); + + cleanup_request: + isccc_sexpr_free(&request); + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + cleanup: - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); isc_socket_detach(&conn->sock); isccc_ccmsg_invalidate(&conn->ccmsg); conn->ccmsg_valid = ISC_FALSE; maybe_free_connection(conn); maybe_free_listener(listener); - if (request != NULL) - isccc_sexpr_free(&request); - if (response != NULL) - isccc_sexpr_free(&response); } static void @@ -540,7 +542,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) { conn = isc_mem_get(listener->mctx, sizeof(*conn)); if (conn == NULL) return (ISC_R_NOMEMORY); - + conn->sock = sock; isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg); conn->ccmsg_valid = ISC_TRUE; @@ -595,8 +597,10 @@ control_newconn(isc_task_t *task, isc_event_t *event) { } sock = nevent->newsocket; + isc_socket_setname(sock, "control", NULL); (void)isc_socket_getpeername(sock, &peeraddr); - if (!address_ok(&peeraddr, listener->acl)) { + if (listener->type == isc_sockettype_tcp && + !address_ok(&peeraddr, listener->acl)) { char socktext[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext)); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, @@ -651,7 +655,7 @@ ns_controls_shutdown(ns_controls_t *controls) { static isc_result_t cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname, - const cfg_obj_t **objp) + const cfg_obj_t **objp) { const cfg_listelt_t *element; const char *str; @@ -681,7 +685,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, char *newstr = NULL; const char *str; const cfg_obj_t *obj; - controlkey_t *key = NULL; + controlkey_t *key; for (element = cfg_list_first(keylist); element != NULL; @@ -700,7 +704,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, key->secret.length = 0; ISC_LINK_INIT(key, link); ISC_LIST_APPEND(*keyids, key, link); - key = NULL; newstr = NULL; } return (ISC_R_SUCCESS); @@ -708,8 +711,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, cleanup: if (newstr != NULL) isc_mem_free(mctx, newstr); - if (key != NULL) - isc_mem_put(mctx, key, sizeof(*key)); free_controlkeylist(keyids, mctx); return (ISC_R_NOMEMORY); } @@ -751,7 +752,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, algstr = cfg_obj_asstring(algobj); secretstr = cfg_obj_asstring(secretobj); - if (ns_config_getkeyalgorithm(algstr, NULL) != + if (ns_config_getkeyalgorithm(algstr, NULL, NULL) != ISC_R_SUCCESS) { cfg_obj_log(control, ns_g_lctx, @@ -802,7 +803,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, if (result != ISC_R_SUCCESS) \ goto cleanup; \ } while (0) - + static isc_result_t get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; @@ -822,14 +823,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { CHECK(cfg_map_get(config, "key", &key)); keyid = isc_mem_get(mctx, sizeof(*keyid)); - if (keyid == NULL) + if (keyid == NULL) CHECK(ISC_R_NOMEMORY); keyid->keyname = isc_mem_strdup(mctx, cfg_obj_asstring(cfg_map_getname(key))); keyid->secret.base = NULL; keyid->secret.length = 0; ISC_LINK_INIT(keyid, link); - if (keyid->keyname == NULL) + if (keyid->keyname == NULL) CHECK(ISC_R_NOMEMORY); CHECK(bind9_check_key(key, ns_g_lctx)); @@ -841,7 +842,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { algstr = cfg_obj_asstring(algobj); secretstr = cfg_obj_asstring(secretobj); - if (ns_config_getkeyalgorithm(algstr, NULL) != ISC_R_SUCCESS) { + if (ns_config_getkeyalgorithm(algstr, NULL, NULL) != ISC_R_SUCCESS) { cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, "unsupported algorithm '%s' in " @@ -885,7 +886,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { cfg_parser_destroy(&pctx); return (result); } - + /* * Ensures that both '*global_keylistp' and '*control_keylistp' are * valid or both are NULL. @@ -918,8 +919,8 @@ get_key_info(const cfg_obj_t *config, const cfg_obj_t *control, static void update_listener(ns_controls_t *cp, controllistener_t **listenerp, const cfg_obj_t *control, const cfg_obj_t *config, - isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx, - const char *socktext) + isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, + const char *socktext, isc_sockettype_t type) { controllistener_t *listener; const cfg_obj_t *allow; @@ -939,7 +940,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp, *listenerp = NULL; return; } - + /* * There is already a listener for this sockaddr. * Update the access list and key information. @@ -1004,10 +1005,11 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp, /* * Now, keep the old access list unless a new one can be made. */ - if (control != NULL) { + if (control != NULL && type == isc_sockettype_tcp) { allow = cfg_tuple_get(control, "allow"); - result = ns_acl_fromconfig(allow, config, aclconfctx, - listener->mctx, &new_acl); + result = cfg_acl_fromconfig(allow, config, ns_g_lctx, + aclconfctx, listener->mctx, 0, + &new_acl); } else { result = dns_acl_any(listener->mctx, &new_acl); } @@ -1029,14 +1031,34 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp, "command channel %s: %s", socktext, isc_result_totext(result)); + if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) { + isc_uint32_t perm, owner, group; + perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm")); + owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner")); + group = cfg_obj_asuint32(cfg_tuple_get(control, "group")); + result = ISC_R_SUCCESS; + if (listener->perm != perm || listener->owner != owner || + listener->group != group) + result = isc_socket_permunix(&listener->address, perm, + owner, group); + if (result == ISC_R_SUCCESS) { + listener->perm = perm; + listener->owner = owner; + listener->group = group; + } else if (control != NULL) + cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, + "couldn't update ownership/permission for " + "command channel %s", socktext); + } + *listenerp = listener; } static void add_listener(ns_controls_t *cp, controllistener_t **listenerp, const cfg_obj_t *control, const cfg_obj_t *config, - isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx, - const char *socktext) + isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, + const char *socktext, isc_sockettype_t type) { isc_mem_t *mctx = cp->server->mctx; controllistener_t *listener; @@ -1059,6 +1081,10 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, listener->listening = ISC_FALSE; listener->exiting = ISC_FALSE; listener->acl = NULL; + listener->type = type; + listener->perm = 0; + listener->owner = 0; + listener->group = 0; ISC_LINK_INIT(listener, link); ISC_LIST_INIT(listener->keys); ISC_LIST_INIT(listener->connections); @@ -1066,10 +1092,11 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, /* * Make the acl. */ - if (control != NULL) { + if (control != NULL && type == isc_sockettype_tcp) { allow = cfg_tuple_get(control, "allow"); - result = ns_acl_fromconfig(allow, config, aclconfctx, - mctx, &new_acl); + result = cfg_acl_fromconfig(allow, config, ns_g_lctx, + aclconfctx, mctx, 0, + &new_acl); } else { result = dns_acl_any(mctx, &new_acl); } @@ -1104,20 +1131,37 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, if (result == ISC_R_SUCCESS) { int pf = isc_sockaddr_pf(&listener->address); if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) || +#ifdef ISC_PLATFORM_HAVESYSUNH + (pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) || +#endif (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS)) result = ISC_R_FAMILYNOSUPPORT; } + if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) + isc_socket_cleanunix(&listener->address, ISC_FALSE); + if (result == ISC_R_SUCCESS) result = isc_socket_create(ns_g_socketmgr, isc_sockaddr_pf(&listener->address), - isc_sockettype_tcp, - &listener->sock); - + type, &listener->sock); if (result == ISC_R_SUCCESS) - result = isc_socket_bind(listener->sock, - &listener->address); + isc_socket_setname(listener->sock, "control", NULL); + if (result == ISC_R_SUCCESS) + result = isc_socket_bind(listener->sock, &listener->address, + ISC_SOCKET_REUSEADDRESS); + + if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) { + listener->perm = cfg_obj_asuint32(cfg_tuple_get(control, + "perm")); + listener->owner = cfg_obj_asuint32(cfg_tuple_get(control, + "owner")); + listener->group = cfg_obj_asuint32(cfg_tuple_get(control, + "group")); + result = isc_socket_permunix(&listener->address, listener->perm, + listener->owner, listener->group); + } if (result == ISC_R_SUCCESS) result = control_listen(listener); @@ -1154,7 +1198,7 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, isc_result_t ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, - ns_aclconfctx_t *aclconfctx) + cfg_aclconfctx_t *aclconfctx) { controllistener_t *listener; controllistenerlist_t new_listeners; @@ -1200,9 +1244,6 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, * The parser handles BIND 8 configuration file * syntax, so it allows unix phrases as well * inet phrases with no keys{} clause. - * - * "unix" phrases have been reported as - * unsupported by the parser. */ control = cfg_listelt_value(element2); @@ -1223,7 +1264,81 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, socktext); update_listener(cp, &listener, control, config, - &addr, aclconfctx, socktext); + &addr, aclconfctx, socktext, + isc_sockettype_tcp); + + if (listener != NULL) + /* + * Remove the listener from the old + * list, so it won't be shut down. + */ + ISC_LIST_UNLINK(cp->listeners, + listener, link); + else + /* + * This is a new listener. + */ + add_listener(cp, &listener, control, + config, &addr, aclconfctx, + socktext, + isc_sockettype_tcp); + + if (listener != NULL) + ISC_LIST_APPEND(new_listeners, + listener, link); + } + } + for (element = cfg_list_first(controlslist); + element != NULL; + element = cfg_list_next(element)) { + const cfg_obj_t *controls; + const cfg_obj_t *unixcontrols = NULL; + + controls = cfg_listelt_value(element); + (void)cfg_map_get(controls, "unix", &unixcontrols); + if (unixcontrols == NULL) + continue; + + for (element2 = cfg_list_first(unixcontrols); + element2 != NULL; + element2 = cfg_list_next(element2)) { + const cfg_obj_t *control; + const cfg_obj_t *path; + isc_sockaddr_t addr; + isc_result_t result; + + /* + * The parser handles BIND 8 configuration file + * syntax, so it allows unix phrases as well + * inet phrases with no keys{} clause. + */ + control = cfg_listelt_value(element2); + + path = cfg_tuple_get(control, "path"); + result = isc_sockaddr_frompath(&addr, + cfg_obj_asstring(path)); + if (result != ISC_R_SUCCESS) { + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, + ISC_LOG_DEBUG(9), + "control channel '%s': %s", + cfg_obj_asstring(path), + isc_result_totext(result)); + continue; + } + + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, + ISC_LOG_DEBUG(9), + "processing control channel '%s'", + cfg_obj_asstring(path)); + + update_listener(cp, &listener, control, config, + &addr, aclconfctx, + cfg_obj_asstring(path), + isc_sockettype_unix); if (listener != NULL) /* @@ -1238,7 +1353,8 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, */ add_listener(cp, &listener, control, config, &addr, aclconfctx, - socktext); + cfg_obj_asstring(path), + isc_sockettype_unix); if (listener != NULL) ISC_LIST_APPEND(new_listeners, @@ -1267,9 +1383,10 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, isc_sockaddr_setport(&addr, NS_CONTROL_PORT); isc_sockaddr_format(&addr, socktext, sizeof(socktext)); - + update_listener(cp, &listener, NULL, NULL, - &addr, NULL, socktext); + &addr, NULL, socktext, + isc_sockettype_tcp); if (listener != NULL) /* @@ -1283,7 +1400,8 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, * This is a new listener. */ add_listener(cp, &listener, NULL, NULL, - &addr, NULL, socktext); + &addr, NULL, socktext, + isc_sockettype_tcp); if (listener != NULL) ISC_LIST_APPEND(new_listeners, diff --git a/contrib/bind-9.5.2/bin/named/convertxsl.pl b/contrib/bind-9.5.2/bin/named/convertxsl.pl new file mode 100755 index 0000000000..722668eb29 --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/convertxsl.pl @@ -0,0 +1,57 @@ +#!/usr/bin/env perl +# +# Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: convertxsl.pl,v 1.9.60.5 2008/07/17 23:50:58 jinmei Exp $ + +use strict; +use warnings; + +my $rev = '$Id: convertxsl.pl,v 1.9.60.5 2008/07/17 23:50:58 jinmei Exp $'; +$rev =~ s/\$//g; +$rev =~ s/,v//g; +$rev =~ s/Id: //; + +my $xsl = "unknown"; +my $lines = ''; + +while (<>) { + chomp; + # pickout the id for comment. + $xsl = $_ if (//); + # convert Id string to a form not recognisable by cvs. + $_ =~ s///; + s/[\ \t]+/ /g; + s/\>\ \\.*//; +$xsl =~ s/,v//; + +print "/*\n * Generated by $rev \n * From $xsl\n */\n"; +print 'static char xslmsg[] =',"\n"; +print $lines; + +print ';', "\n"; diff --git a/contrib/bind-9.3/bin/named/include/named/builtin.h b/contrib/bind-9.5.2/bin/named/include/named/builtin.h similarity index 79% rename from contrib/bind-9.3/bin/named/include/named/builtin.h rename to contrib/bind-9.5.2/bin/named/include/named/builtin.h index 15564bf3fb..a5185ba60f 100644 --- a/contrib/bind-9.3/bin/named/include/named/builtin.h +++ b/contrib/bind-9.5.2/bin/named/include/named/builtin.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: builtin.h,v 1.1.204.3 2004/03/08 04:04:20 marka Exp $ */ +/* $Id: builtin.h,v 1.6 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_BUILTIN_H #define NAMED_BUILTIN_H 1 +/*! \file */ + #include isc_result_t ns_builtin_init(void); diff --git a/contrib/bind-9.3/bin/named/include/named/client.h b/contrib/bind-9.5.2/bin/named/include/named/client.h similarity index 78% rename from contrib/bind-9.3/bin/named/include/named/client.h rename to contrib/bind-9.5.2/bin/named/include/named/client.h index f602be84e6..8efea4ac28 100644 --- a/contrib/bind-9.3/bin/named/include/named/client.h +++ b/contrib/bind-9.5.2/bin/named/include/named/client.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.h,v 1.60.2.2.10.12 2006/06/06 00:11:40 marka Exp $ */ +/* $Id: client.h,v 1.82.128.4 2009/01/19 23:47:01 tbox Exp $ */ #ifndef NAMED_CLIENT_H #define NAMED_CLIENT_H 1 @@ -24,9 +24,8 @@ ***** Module Info *****/ -/* - * Client - * +/*! \file + * \brief * This module defines two objects, ns_client_t and ns_clientmgr_t. * * An ns_client_t object handles incoming DNS requests from clients @@ -44,12 +43,12 @@ * fully handled (which can be much later), the ns_client_t must be * notified of this by calling one of the following functions * exactly once in the context of its task: - * + * \code * ns_client_send() (sending a non-error response) * ns_client_sendraw() (sending a raw response) * ns_client_error() (sending an error response) * ns_client_next() (sending no response) - * + *\endcode * This will release any resources used by the request and * and allow the ns_client_t to listen for the next request. * @@ -84,6 +83,7 @@ typedef ISC_LIST(ns_client_t) client_list_t; +/*% nameserver client structure */ struct ns_client { unsigned int magic; isc_mem_t * mctx; @@ -116,15 +116,16 @@ struct ns_client { dns_rdataset_t * opt; isc_uint16_t udpsize; isc_uint16_t extflags; + isc_int16_t ednsversion; /* -1 noedns */ void (*next)(ns_client_t *); void (*shutdown)(void *arg, isc_result_t result); void *shutdown_arg; ns_query_t query; isc_stdtime_t requesttime; isc_stdtime_t now; - dns_name_t signername; /* [T]SIG key name */ - dns_name_t * signer; /* NULL if not valid sig */ - isc_boolean_t mortal; /* Die after handling request */ + dns_name_t signername; /*%< [T]SIG key name */ + dns_name_t * signer; /*%< NULL if not valid sig */ + isc_boolean_t mortal; /*%< Die after handling request */ isc_quota_t *tcpquota; isc_quota_t *recursionquota; ns_interface_t *interface; @@ -132,7 +133,7 @@ struct ns_client { isc_boolean_t peeraddr_valid; struct in6_pktinfo pktinfo; isc_event_t ctlevent; - /* + /*% * Information about recent FORMERR response(s), for * FORMERR loop avoidance. This is separate for each * client object rather than global only to avoid @@ -144,7 +145,7 @@ struct ns_client { dns_messageid_t id; } formerrcache; ISC_LINK(ns_client_t) link; - /* + /*% * The list 'link' is part of, or NULL if not on any list. */ client_list_t *list; @@ -154,38 +155,43 @@ struct ns_client { #define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC) #define NS_CLIENTATTR_TCP 0x01 -#define NS_CLIENTATTR_RA 0x02 /* Client gets recusive service */ -#define NS_CLIENTATTR_PKTINFO 0x04 /* pktinfo is valid */ -#define NS_CLIENTATTR_MULTICAST 0x08 /* recv'd from multicast */ -#define NS_CLIENTATTR_WANTDNSSEC 0x10 /* include dnssec records */ +#define NS_CLIENTATTR_RA 0x02 /*%< Client gets recursive service */ +#define NS_CLIENTATTR_PKTINFO 0x04 /*%< pktinfo is valid */ +#define NS_CLIENTATTR_MULTICAST 0x08 /*%< recv'd from multicast */ +#define NS_CLIENTATTR_WANTDNSSEC 0x10 /*%< include dnssec records */ +#define NS_CLIENTATTR_WANTNSID 0x20 /*%< include nameserver ID */ +extern unsigned int ns_client_requests; /*** *** Functions ***/ -/* +/*% * Note! These ns_client_ routines MUST be called ONLY from the client's * task in order to ensure synchronization. */ void ns_client_send(ns_client_t *client); -/* +/*% * Finish processing the current client request and * send client->message as a response. + * \brief + * Note! These ns_client_ routines MUST be called ONLY from the client's + * task in order to ensure synchronization. */ void ns_client_sendraw(ns_client_t *client, dns_message_t *msg); -/* +/*% * Finish processing the current client request and * send msg as a response using client->message->id for the id. */ void ns_client_error(ns_client_t *client, isc_result_t result); -/* +/*% * Finish processing the current client request and return * an error response to the client. The error response * will have an RCODE determined by 'result'. @@ -193,38 +199,32 @@ ns_client_error(ns_client_t *client, isc_result_t result); void ns_client_next(ns_client_t *client, isc_result_t result); -/* +/*% * Finish processing the current client request, * return no response to the client. */ -void -ns_client_qnamereplace(ns_client_t *client, dns_name_t *name); -/*% - * Replace the qname. - */ - isc_boolean_t ns_client_shuttingdown(ns_client_t *client); -/* +/*% * Return ISC_TRUE iff the client is currently shutting down. */ void ns_client_attach(ns_client_t *source, ns_client_t **target); -/* +/*% * Attach '*targetp' to 'source'. */ void ns_client_detach(ns_client_t **clientp); -/* +/*% * Detach '*clientp' from its client. */ isc_result_t ns_client_replace(ns_client_t *client); -/* +/*% * Try to replace the current client with a new one, so that the * current one can go off and do some lengthy work without * leaving the dispatch/socket without service. @@ -232,20 +232,20 @@ ns_client_replace(ns_client_t *client); void ns_client_settimeout(ns_client_t *client, unsigned int seconds); -/* +/*% * Set a timer in the client to go off in the specified amount of time. */ isc_result_t ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, ns_clientmgr_t **managerp); -/* +/*% * Create a client manager. */ void ns_clientmgr_destroy(ns_clientmgr_t **managerp); -/* +/*% * Destroy a client manager and all ns_client_t objects * managed by it. */ @@ -253,7 +253,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp); isc_result_t ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, ns_interface_t *ifp, isc_boolean_t tcp); -/* +/*% * Create up to 'n' clients listening on interface 'ifp'. * If 'tcp' is ISC_TRUE, the clients will listen for TCP connections, * otherwise for UDP requests. @@ -261,53 +261,59 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n, isc_sockaddr_t * ns_client_getsockaddr(ns_client_t *client); -/* +/*% * Get the socket address of the client whose request is * currently being processed. */ isc_result_t -ns_client_checkaclsilent(ns_client_t *client,dns_acl_t *acl, +ns_client_checkaclsilent(ns_client_t *client, + isc_sockaddr_t *sockaddr, + dns_acl_t *acl, isc_boolean_t default_allow); -/* +/*% * Convenience function for client request ACL checking. * * Check the current client request against 'acl'. If 'acl' * is NULL, allow the request iff 'default_allow' is ISC_TRUE. + * If netaddr is NULL, check the ACL against client->peeraddr; + * otherwise check it against netaddr. * * Notes: - * This is appropriate for checking allow-update, + *\li This is appropriate for checking allow-update, * allow-query, allow-transfer, etc. It is not appropriate * for checking the blackhole list because we treat positive * matches as "allow" and negative matches as "deny"; in * the case of the blackhole list this would be backwards. * * Requires: - * 'client' points to a valid client. - * 'acl' points to a valid ACL, or is NULL. + *\li 'client' points to a valid client. + *\li 'sockaddr' points to a valid address, or is NULL. + *\li 'acl' points to a valid ACL, or is NULL. * * Returns: - * ISC_R_SUCCESS if the request should be allowed - * ISC_R_REFUSED if the request should be denied - * No other return values are possible. + *\li ISC_R_SUCCESS if the request should be allowed + * \li ISC_R_REFUSED if the request should be denied + *\li No other return values are possible. */ isc_result_t ns_client_checkacl(ns_client_t *client, + isc_sockaddr_t *sockaddr, const char *opname, dns_acl_t *acl, isc_boolean_t default_allow, int log_level); -/* - * Like ns_client_checkacl, but also logs the outcome of the - * check at log level 'log_level' if denied, and at debug 3 - * if approved. Log messages will refer to the request as - * an 'opname' request. +/*% + * Like ns_client_checkaclsilent, except the outcome of the check is + * logged at log level 'log_level' if denied, and at debug 3 if approved. + * Log messages will refer to the request as an 'opname' request. * * Requires: - * Those of ns_client_checkaclsilent(), and: - * - * 'opname' points to a null-terminated string. + *\li 'client' points to a valid client. + *\li 'sockaddr' points to a valid address, or is NULL. + *\li 'acl' points to a valid ACL, or is NULL. + *\li 'opname' points to a null-terminated string. */ void @@ -330,8 +336,7 @@ ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type, void ns_client_recursing(ns_client_t *client); /*% - * Add client to end of recursing list. If 'killoldest' is true - * kill the oldest recursive client (list head). + * Add client to end of th recursing list. */ void @@ -342,8 +347,22 @@ ns_client_killoldestquery(ns_client_t *client); void ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager); -/* +/*% * Dump the outstanding recursive queries to 'f'. */ +void +ns_client_qnamereplace(ns_client_t *client, dns_name_t *name); +/*% + * Replace the qname. + */ + +isc_boolean_t +ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey, + isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, + dns_rdataclass_t rdclass, void *arg); +/*% + * Isself callback. + */ + #endif /* NAMED_CLIENT_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/config.h b/contrib/bind-9.5.2/bin/named/include/named/config.h similarity index 87% rename from contrib/bind-9.3/bin/named/include/named/config.h rename to contrib/bind-9.5.2/bin/named/include/named/config.h index 8e5b94a7fc..f7ceed81f7 100644 --- a/contrib/bind-9.3/bin/named/include/named/config.h +++ b/contrib/bind-9.5.2/bin/named/include/named/config.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.h,v 1.4.12.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: config.h,v 1.14 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_CONFIG_H #define NAMED_CONFIG_H 1 +/*! \file */ + #include #include @@ -71,6 +73,7 @@ isc_result_t ns_config_getport(const cfg_obj_t *config, in_port_t *portp); isc_result_t -ns_config_getkeyalgorithm(const char *str, dns_name_t **name); +ns_config_getkeyalgorithm(const char *str, dns_name_t **name, + isc_uint16_t *digestbits); #endif /* NAMED_CONFIG_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/control.h b/contrib/bind-9.5.2/bin/named/include/named/control.h similarity index 82% rename from contrib/bind-9.3/bin/named/include/named/control.h rename to contrib/bind-9.5.2/bin/named/include/named/control.h index bdb706e3cf..d382ffe61d 100644 --- a/contrib/bind-9.3/bin/named/include/named/control.h +++ b/contrib/bind-9.5.2/bin/named/include/named/control.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,18 +15,20 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.h,v 1.6.2.2.2.9 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: control.h,v 1.25 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_CONTROL_H #define NAMED_CONTROL_H 1 -/* +/*! \file + * \brief * The name server command channel. */ #include -#include +#include + #include #define NS_CONTROL_PORT 953 @@ -45,21 +47,26 @@ #define NS_COMMAND_FLUSH "flush" #define NS_COMMAND_FLUSHNAME "flushname" #define NS_COMMAND_STATUS "status" +#define NS_COMMAND_TSIGLIST "tsig-list" +#define NS_COMMAND_TSIGDELETE "tsig-delete" #define NS_COMMAND_FREEZE "freeze" #define NS_COMMAND_UNFREEZE "unfreeze" #define NS_COMMAND_THAW "thaw" +#define NS_COMMAND_TIMERPOKE "timerpoke" #define NS_COMMAND_RECURSING "recursing" #define NS_COMMAND_NULL "null" +#define NS_COMMAND_NOTIFY "notify" +#define NS_COMMAND_VALIDATION "validation" isc_result_t ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp); -/* +/*%< * Create an initial, empty set of command channels for 'server'. */ void ns_controls_destroy(ns_controls_t **ctrlsp); -/* +/*%< * Destroy a set of command channels. * * Requires: @@ -68,8 +75,8 @@ ns_controls_destroy(ns_controls_t **ctrlsp); isc_result_t ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config, - ns_aclconfctx_t *aclconfctx); -/* + cfg_aclconfctx_t *aclconfctx); +/*%< * Configure zero or more command channels into 'controls' * as defined in the configuration parse tree 'config'. * The channels will evaluate ACLs in the context of @@ -78,7 +85,7 @@ ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config, void ns_controls_shutdown(ns_controls_t *controls); -/* +/*%< * Initiate shutdown of all the command channels in 'controls'. */ diff --git a/contrib/bind-9.3/bin/named/include/named/globals.h b/contrib/bind-9.5.2/bin/named/include/named/globals.h similarity index 90% rename from contrib/bind-9.3/bin/named/include/named/globals.h rename to contrib/bind-9.5.2/bin/named/include/named/globals.h index b8137e8d33..90ebd001fb 100644 --- a/contrib/bind-9.3/bin/named/include/named/globals.h +++ b/contrib/bind-9.5.2/bin/named/include/named/globals.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.59.68.7 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: globals.h,v 1.73.46.2 2008/10/24 01:44:15 tbox Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 +/*! \file */ + #include #include #include @@ -46,6 +48,7 @@ EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL); EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL); EXTERN isc_entropy_t * ns_g_entropy INIT(NULL); EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL); +EXTERN unsigned int ns_g_cpus_detected INIT(1); /* * XXXRTH We're going to want multiple timer managers eventually. One @@ -111,6 +114,8 @@ EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR EXTERN const char * ns_g_username INIT(NULL); EXTERN int ns_g_listen INIT(3); +EXTERN isc_time_t ns_g_boottime; +EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE); #undef EXTERN #undef INIT diff --git a/contrib/bind-9.3/bin/named/include/named/interfacemgr.h b/contrib/bind-9.5.2/bin/named/include/named/interfacemgr.h similarity index 75% rename from contrib/bind-9.3/bin/named/include/named/interfacemgr.h rename to contrib/bind-9.5.2/bin/named/include/named/interfacemgr.h index 54bd91cbd4..2724c393cd 100644 --- a/contrib/bind-9.3/bin/named/include/named/interfacemgr.h +++ b/contrib/bind-9.5.2/bin/named/include/named/interfacemgr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.h,v 1.23.24.7 2004/04/29 01:31:22 marka Exp $ */ +/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_INTERFACEMGR_H #define NAMED_INTERFACEMGR_H 1 @@ -24,24 +24,23 @@ ***** Module Info *****/ -/* - * Interface manager - * +/*! \file + * \brief * The interface manager monitors the operating system's list * of network interfaces, creating and destroying listeners * as needed. * * Reliability: - * No impact expected. + *\li No impact expected. * * Resources: * * Security: - * The server will only be able to bind to the DNS port on + * \li The server will only be able to bind to the DNS port on * newly discovered interfaces if it is running as root. * * Standards: - * The API for scanning varies greatly among operating systems. + *\li The API for scanning varies greatly among operating systems. * This module attempts to hide the differences. */ @@ -65,23 +64,24 @@ #define IFACE_MAGIC ISC_MAGIC('I',':','-',')') #define NS_INTERFACE_VALID(t) ISC_MAGIC_VALID(t, IFACE_MAGIC) -#define NS_INTERFACEFLAG_ANYADDR 0x01U /* bound to "any" address */ +#define NS_INTERFACEFLAG_ANYADDR 0x01U /*%< bound to "any" address */ +/*% The nameserver interface structure */ struct ns_interface { - unsigned int magic; /* Magic number. */ - ns_interfacemgr_t * mgr; /* Interface manager. */ + unsigned int magic; /*%< Magic number. */ + ns_interfacemgr_t * mgr; /*%< Interface manager. */ isc_mutex_t lock; - int references; /* Locked */ - unsigned int generation; /* Generation number. */ - isc_sockaddr_t addr; /* Address and port. */ - unsigned int flags; /* Interface characteristics */ - char name[32]; /* Null terminated. */ - dns_dispatch_t * udpdispatch; /* UDP dispatcher. */ - isc_socket_t * tcpsocket; /* TCP socket. */ - int ntcptarget; /* Desired number of concurrent - TCP accepts */ - int ntcpcurrent; /* Current ditto, locked */ - ns_clientmgr_t * clientmgr; /* Client manager. */ + int references; /*%< Locked */ + unsigned int generation; /*%< Generation number. */ + isc_sockaddr_t addr; /*%< Address and port. */ + unsigned int flags; /*%< Interface characteristics */ + char name[32]; /*%< Null terminated. */ + dns_dispatch_t * udpdispatch; /*%< UDP dispatcher. */ + isc_socket_t * tcpsocket; /*%< TCP socket. */ + int ntcptarget; /*%< Desired number of concurrent + TCP accepts */ + int ntcpcurrent; /*%< Current ditto, locked */ + ns_clientmgr_t * clientmgr; /*%< Client manager. */ ISC_LINK(ns_interface_t) link; }; @@ -94,7 +94,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_socketmgr_t *socketmgr, dns_dispatchmgr_t *dispatchmgr, ns_interfacemgr_t **mgrp); -/* +/*% * Create a new interface manager. * * Initially, the new manager will not listen on any interfaces. @@ -113,7 +113,7 @@ ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr); void ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose); -/* +/*% * Scan the operatings system's list of network interfaces * and create listeners when new interfaces are discovered. * Shut down the sockets for interfaces that go away. @@ -126,7 +126,7 @@ ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose); void ns_interfacemgr_adjust(ns_interfacemgr_t *mgr, ns_listenlist_t *list, isc_boolean_t verbose); -/* +/*% * Similar to ns_interfacemgr_scan(), but this function also tries to see the * need for an explicit listen-on when a list element in 'list' is going to * override an already-listening a wildcard interface. @@ -139,14 +139,14 @@ ns_interfacemgr_adjust(ns_interfacemgr_t *mgr, ns_listenlist_t *list, void ns_interfacemgr_setlistenon4(ns_interfacemgr_t *mgr, ns_listenlist_t *value); -/* +/*% * Set the IPv4 "listen-on" list of 'mgr' to 'value'. * The previous IPv4 listen-on list is freed. */ void ns_interfacemgr_setlistenon6(ns_interfacemgr_t *mgr, ns_listenlist_t *value); -/* +/*% * Set the IPv6 "listen-on" list of 'mgr' to 'value'. * The previous IPv6 listen-on list is freed. */ @@ -162,7 +162,7 @@ ns_interface_detach(ns_interface_t **targetp); void ns_interface_shutdown(ns_interface_t *ifp); -/* +/*% * Stop listening for queries on interface 'ifp'. * May safely be called multiple times. */ @@ -170,4 +170,7 @@ ns_interface_shutdown(ns_interface_t *ifp); void ns_interfacemgr_dumprecursing(FILE *f, ns_interfacemgr_t *mgr); +isc_boolean_t +ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr); + #endif /* NAMED_INTERFACEMGR_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/listenlist.h b/contrib/bind-9.5.2/bin/named/include/named/listenlist.h similarity index 89% rename from contrib/bind-9.3/bin/named/include/named/listenlist.h rename to contrib/bind-9.5.2/bin/named/include/named/listenlist.h index 31e8893938..9e65d5df3a 100644 --- a/contrib/bind-9.3/bin/named/include/named/listenlist.h +++ b/contrib/bind-9.5.2/bin/named/include/named/listenlist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: listenlist.h,v 1.10.208.1 2004/03/06 10:21:24 marka Exp $ */ +/* $Id: listenlist.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LISTENLIST_H #define NAMED_LISTENLIST_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * "Listen lists", as in the "listen-on" configuration statement. */ @@ -62,38 +63,38 @@ struct ns_listenlist { isc_result_t ns_listenelt_create(isc_mem_t *mctx, in_port_t port, dns_acl_t *acl, ns_listenelt_t **target); -/* +/*% * Create a listen-on list element. */ void ns_listenelt_destroy(ns_listenelt_t *elt); -/* +/*% * Destroy a listen-on list element. */ isc_result_t ns_listenlist_create(isc_mem_t *mctx, ns_listenlist_t **target); -/* +/*% * Create a new, empty listen-on list. */ void ns_listenlist_attach(ns_listenlist_t *source, ns_listenlist_t **target); -/* +/*% * Attach '*target' to '*source'. */ void ns_listenlist_detach(ns_listenlist_t **listp); -/* +/*% * Detach 'listp'. */ isc_result_t ns_listenlist_default(isc_mem_t *mctx, in_port_t port, isc_boolean_t enabled, ns_listenlist_t **target); -/* +/*% * Create a listen-on list with default contents, matching * all addresses with port 'port' (if 'enabled' is ISC_TRUE), * or no addresses (if 'enabled' is ISC_FALSE). diff --git a/contrib/bind-9.3/bin/named/include/named/log.h b/contrib/bind-9.5.2/bin/named/include/named/log.h similarity index 90% rename from contrib/bind-9.3/bin/named/include/named/log.h rename to contrib/bind-9.5.2/bin/named/include/named/log.h index e8ad1ca15f..d3a2e4fdba 100644 --- a/contrib/bind-9.3/bin/named/include/named/log.h +++ b/contrib/bind-9.5.2/bin/named/include/named/log.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.19.12.3 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: log.h,v 1.25.128.2 2009/01/27 23:46:49 tbox Exp $ */ #ifndef NAMED_LOG_H #define NAMED_LOG_H 1 +/*! \file */ + #include #include @@ -34,6 +36,7 @@ #define NS_LOGCATEGORY_QUERIES (&ns_g_categories[4]) #define NS_LOGCATEGORY_UNMATCHED (&ns_g_categories[5]) #define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6]) +#define NS_LOGCATEGORY_QUERY_EERRORS (&ns_g_categories[7]) /* * Backwards compatibility. @@ -54,7 +57,7 @@ isc_result_t ns_log_init(isc_boolean_t safe); -/* +/*% * Initialize the logging system and set up an initial default * logging default configuration that will be used until the * config file has been read. @@ -66,7 +69,7 @@ ns_log_init(isc_boolean_t safe); isc_result_t ns_log_setdefaultchannels(isc_logconfig_t *lcfg); -/* +/*% * Set up logging channels according to the named defaults, which * may differ from the logging library defaults. Currently, * this just means setting up default_debug. @@ -74,19 +77,19 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg); isc_result_t ns_log_setsafechannels(isc_logconfig_t *lcfg); -/* +/*% * Like ns_log_setdefaultchannels(), but omits any logging to files. */ isc_result_t ns_log_setdefaultcategory(isc_logconfig_t *lcfg); -/* +/*% * Set up "category default" to go to the right places. */ isc_result_t ns_log_setunmatchedcategory(isc_logconfig_t *lcfg); -/* +/*% * Set up "category unmatched" to go to the right places. */ diff --git a/contrib/bind-9.3/bin/named/include/named/logconf.h b/contrib/bind-9.5.2/bin/named/include/named/logconf.h similarity index 81% rename from contrib/bind-9.3/bin/named/include/named/logconf.h rename to contrib/bind-9.5.2/bin/named/include/named/logconf.h index b92ad31384..03543452a9 100644 --- a/contrib/bind-9.3/bin/named/include/named/logconf.h +++ b/contrib/bind-9.5.2/bin/named/include/named/logconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,16 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.h,v 1.10.208.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: logconf.h,v 1.17 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LOGCONF_H #define NAMED_LOGCONF_H 1 +/*! \file */ + #include isc_result_t ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt); -/* +/*%< * Set up the logging configuration in '*logconf' according to * the named.conf data in 'logstmt'. */ diff --git a/contrib/bind-9.3/bin/named/include/named/lwaddr.h b/contrib/bind-9.5.2/bin/named/include/named/lwaddr.h similarity index 83% rename from contrib/bind-9.3/bin/named/include/named/lwaddr.h rename to contrib/bind-9.5.2/bin/named/include/named/lwaddr.h index 0aa66b7801..962aa91cd8 100644 --- a/contrib/bind-9.3/bin/named/include/named/lwaddr.h +++ b/contrib/bind-9.5.2/bin/named/include/named/lwaddr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwaddr.h,v 1.3.208.1 2004/03/06 10:21:24 marka Exp $ */ +/* $Id: lwaddr.h,v 1.8 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include #include diff --git a/contrib/bind-9.3/bin/named/include/named/lwdclient.h b/contrib/bind-9.5.2/bin/named/include/named/lwdclient.h similarity index 86% rename from contrib/bind-9.3/bin/named/include/named/lwdclient.h rename to contrib/bind-9.5.2/bin/named/include/named/lwdclient.h index 09d68ff086..e0d31ab847 100644 --- a/contrib/bind-9.3/bin/named/include/named/lwdclient.h +++ b/contrib/bind-9.5.2/bin/named/include/named/lwdclient.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdclient.h,v 1.13.208.1 2004/03/06 10:21:24 marka Exp $ */ +/* $Id: lwdclient.h,v 1.18.128.2 2009/01/19 23:47:01 tbox Exp $ */ #ifndef NAMED_LWDCLIENT_H #define NAMED_LWDCLIENT_H 1 +/*! \file */ + #include #include #include @@ -37,23 +39,24 @@ #define LWRD_SHUTDOWN (LWRD_EVENTCLASS + 0x0001) +/*% Lightweight Resolver Daemon Client */ struct ns_lwdclient { - isc_sockaddr_t address; /* where to reply */ + isc_sockaddr_t address; /*%< where to reply */ struct in6_pktinfo pktinfo; isc_boolean_t pktinfo_valid; - ns_lwdclientmgr_t *clientmgr; /* our parent */ + ns_lwdclientmgr_t *clientmgr; /*%< our parent */ ISC_LINK(ns_lwdclient_t) link; unsigned int state; - void *arg; /* packet processing state */ + void *arg; /*%< packet processing state */ /* * Received data info. */ - unsigned char buffer[LWRES_RECVLENGTH]; /* receive buffer */ - isc_uint32_t recvlength; /* length recv'd */ + unsigned char buffer[LWRES_RECVLENGTH]; /*%< receive buffer */ + isc_uint32_t recvlength; /*%< length recv'd */ lwres_lwpacket_t pkt; - /* + /*% * Send data state. If sendbuf != buffer (that is, the send buffer * isn't our receive buffer) it will be freed to the lwres_context_t. */ @@ -61,19 +64,19 @@ struct ns_lwdclient { isc_uint32_t sendlength; isc_buffer_t recv_buffer; - /* + /*% * gabn (get address by name) state info. */ dns_adbfind_t *find; dns_adbfind_t *v4find; dns_adbfind_t *v6find; - unsigned int find_wanted; /* Addresses we want */ + unsigned int find_wanted; /*%< Addresses we want */ dns_fixedname_t query_name; dns_fixedname_t target_name; ns_lwsearchctx_t searchctx; lwres_gabnresponse_t gabn; - /* + /*% * gnba (get name by address) state info. */ lwres_gnbaresponse_t gnba; @@ -81,7 +84,7 @@ struct ns_lwdclient { unsigned int options; isc_netaddr_t na; - /* + /*% * grbn (get rrset by name) state info. * * Note: this also uses target_name and searchctx. @@ -90,7 +93,7 @@ struct ns_lwdclient { dns_lookup_t *lookup; dns_rdatatype_t rdtype; - /* + /*% * Alias and address info. This is copied up to the gabn/gnba * structures eventually. * @@ -103,7 +106,7 @@ struct ns_lwdclient { lwres_addr_t addrs[LWRES_MAX_ADDRS]; }; -/* +/*% * Client states. * * _IDLE The client is not doing anything at all. @@ -156,7 +159,7 @@ struct ns_lwdclient { #define NS_LWDCLIENT_ISSEND(c) \ ((c)->state == NS_LWDCLIENT_STATESEND) -/* +/*% * Overall magic test that means we're not idle. */ #define NS_LWDCLIENT_ISRUNNING(c) (!NS_LWDCLIENT_ISIDLE(c)) @@ -174,17 +177,18 @@ struct ns_lwdclient { #define NS_LWDCLIENT_SETSENDDONE(c) \ ((c)->state = NS_LWDCLIENT_STATESENDDONE) +/*% lightweight daemon client manager */ struct ns_lwdclientmgr { ns_lwreslistener_t *listener; isc_mem_t *mctx; - isc_socket_t *sock; /* socket to use */ + isc_socket_t *sock; /*%< socket to use */ dns_view_t *view; - lwres_context_t *lwctx; /* lightweight proto context */ - isc_task_t *task; /* owning task */ + lwres_context_t *lwctx; /*%< lightweight proto context */ + isc_task_t *task; /*%< owning task */ unsigned int flags; ISC_LINK(ns_lwdclientmgr_t) link; - ISC_LIST(ns_lwdclient_t) idle; /* idle client slots */ - ISC_LIST(ns_lwdclient_t) running; /* running clients */ + ISC_LIST(ns_lwdclient_t) idle; /*%< idle client slots */ + ISC_LIST(ns_lwdclient_t) running; /*%< running clients */ }; #define NS_LWDCLIENTMGR_FLAGRECVPENDING 0x00000001 diff --git a/contrib/bind-9.3/bin/named/include/named/lwresd.h b/contrib/bind-9.5.2/bin/named/include/named/lwresd.h similarity index 85% rename from contrib/bind-9.3/bin/named/include/named/lwresd.h rename to contrib/bind-9.5.2/bin/named/include/named/lwresd.h index 2aa1d55cce..565e58d7ab 100644 --- a/contrib/bind-9.3/bin/named/include/named/lwresd.h +++ b/contrib/bind-9.5.2/bin/named/include/named/lwresd.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: lwresd.h,v 1.19 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LWRESD_H #define NAMED_LWRESD_H 1 +/*! \file */ + #include #include @@ -52,7 +54,7 @@ struct ns_lwreslistener { ISC_LINK(ns_lwreslistener_t) link; }; -/* +/*% * Configure lwresd. */ isc_result_t @@ -62,7 +64,7 @@ isc_result_t ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, cfg_obj_t **configp); -/* +/*% * Trigger shutdown. */ void @@ -71,29 +73,36 @@ ns_lwresd_shutdown(void); /* * Manager functions */ +/*% create manager */ isc_result_t ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres, ns_lwresd_t **lwresdp); +/*% attach to manager */ void ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp); +/*% detach from manager */ void ns_lwdmanager_detach(ns_lwresd_t **lwresdp); /* * Listener functions */ +/*% attach to listener */ void ns_lwreslistener_attach(ns_lwreslistener_t *source, ns_lwreslistener_t **targetp); +/*% detach from lister */ void ns_lwreslistener_detach(ns_lwreslistener_t **listenerp); +/*% link client manager */ void ns_lwreslistener_unlinkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm); +/*% unlink client manager */ void ns_lwreslistener_linkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm); diff --git a/contrib/bind-9.3/bin/named/include/named/lwsearch.h b/contrib/bind-9.5.2/bin/named/include/named/lwsearch.h similarity index 86% rename from contrib/bind-9.3/bin/named/include/named/lwsearch.h rename to contrib/bind-9.5.2/bin/named/include/named/lwsearch.h index a864a89d82..c1b4f48f62 100644 --- a/contrib/bind-9.3/bin/named/include/named/lwsearch.h +++ b/contrib/bind-9.5.2/bin/named/include/named/lwsearch.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwsearch.h,v 1.4.208.1 2004/03/06 10:21:25 marka Exp $ */ +/* $Id: lwsearch.h,v 1.9 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LWSEARCH_H #define NAMED_LWSEARCH_H 1 @@ -28,7 +28,8 @@ #include -/* +/*! \file + * \brief * Lightweight resolver search list types and routines. * * An ns_lwsearchlist_t holds a list of search path elements. @@ -37,6 +38,7 @@ * operation. */ +/*% An ns_lwsearchlist_t holds a list of search path elements. */ struct ns_lwsearchlist { unsigned int magic; @@ -45,7 +47,7 @@ struct ns_lwsearchlist { unsigned int refs; dns_namelist_t names; }; - +/*% An ns_lwsearchctx stores the state of search list during a lookup operation. */ struct ns_lwsearchctx { dns_name_t *relname; dns_name_t *searchname; @@ -57,51 +59,51 @@ struct ns_lwsearchctx { isc_result_t ns_lwsearchlist_create(isc_mem_t *mctx, ns_lwsearchlist_t **listp); -/* +/*%< * Create an empty search list object. */ void ns_lwsearchlist_attach(ns_lwsearchlist_t *source, ns_lwsearchlist_t **target); -/* +/*%< * Attach to a search list object. */ void ns_lwsearchlist_detach(ns_lwsearchlist_t **listp); -/* +/*%< * Detach from a search list object. */ isc_result_t ns_lwsearchlist_append(ns_lwsearchlist_t *list, dns_name_t *name); -/* +/*%< * Append an element to a search list. This creates a copy of the name. */ void ns_lwsearchctx_init(ns_lwsearchctx_t *sctx, ns_lwsearchlist_t *list, dns_name_t *name, unsigned int ndots); -/* +/*%< * Creates a search list context structure. */ void ns_lwsearchctx_first(ns_lwsearchctx_t *sctx); -/* +/*%< * Moves the search list context iterator to the first element, which * is usually the exact name. */ isc_result_t ns_lwsearchctx_next(ns_lwsearchctx_t *sctx); -/* +/*%< * Moves the search list context iterator to the next element. */ isc_result_t ns_lwsearchctx_current(ns_lwsearchctx_t *sctx, dns_name_t *absname); -/* +/*%< * Obtains the current name to be looked up. This involves either * concatenating the name with a search path element, making an * exact name absolute, or doing nothing. diff --git a/contrib/bind-9.3/bin/named/include/named/main.h b/contrib/bind-9.5.2/bin/named/include/named/main.h similarity index 81% rename from contrib/bind-9.3/bin/named/include/named/main.h rename to contrib/bind-9.5.2/bin/named/include/named/main.h index e37b5198fd..e834539467 100644 --- a/contrib/bind-9.3/bin/named/include/named/main.h +++ b/contrib/bind-9.5.2/bin/named/include/named/main.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.h,v 1.8.2.2.8.4 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: main.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_MAIN_H #define NAMED_MAIN_H 1 +/*! \file */ + void ns_main_earlyfatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); diff --git a/contrib/bind-9.3/bin/named/include/named/notify.h b/contrib/bind-9.5.2/bin/named/include/named/notify.h similarity index 77% rename from contrib/bind-9.3/bin/named/include/named/notify.h rename to contrib/bind-9.5.2/bin/named/include/named/notify.h index 3cb1d854e9..a000cf96ce 100644 --- a/contrib/bind-9.3/bin/named/include/named/notify.h +++ b/contrib/bind-9.5.2/bin/named/include/named/notify.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: notify.h,v 1.9.208.1 2004/03/06 10:21:25 marka Exp $ */ +/* $Id: notify.h,v 1.14.128.2 2009/01/19 23:47:01 tbox Exp $ */ #ifndef NAMED_NOTIFY_H #define NAMED_NOTIFY_H 1 @@ -27,8 +27,9 @@ *** Module Info ***/ -/* - * RFC 1996 +/*! \file + * \brief + * RFC1996 * A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY) */ @@ -39,15 +40,15 @@ void ns_notify_start(ns_client_t *client); -/* - * Examines the incoming message to determine apporiate zone. +/*%< + * Examines the incoming message to determine appropriate zone. * Returns FORMERR if there is not exactly one question. * Returns REFUSED if we do not serve the listed zone. * Pass the message to the zone module for processing * and returns the return status. * * Requires - * client to be valid. + *\li client to be valid. */ #endif /* NAMED_NOTIFY_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/ns_smf_globals.h b/contrib/bind-9.5.2/bin/named/include/named/ns_smf_globals.h similarity index 85% rename from contrib/bind-9.3/bin/named/include/named/ns_smf_globals.h rename to contrib/bind-9.5.2/bin/named/include/named/ns_smf_globals.h index 49aa31dc5c..3a35743577 100644 --- a/contrib/bind-9.3/bin/named/include/named/ns_smf_globals.h +++ b/contrib/bind-9.5.2/bin/named/include/named/ns_smf_globals.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ns_smf_globals.h,v 1.2.4.4 2005/05/13 01:22:33 marka Exp $ */ +/* $Id: ns_smf_globals.h,v 1.7 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NS_SMF_GLOBALS_H #define NS_SMF_GLOBALS_H 1 diff --git a/contrib/bind-9.3/bin/named/include/named/query.h b/contrib/bind-9.5.2/bin/named/include/named/query.h similarity index 88% rename from contrib/bind-9.3/bin/named/include/named/query.h rename to contrib/bind-9.5.2/bin/named/include/named/query.h index 6f348d530e..500b57714e 100644 --- a/contrib/bind-9.3/bin/named/include/named/query.h +++ b/contrib/bind-9.5.2/bin/named/include/named/query.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.28.2.3.8.6 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: query.h,v 1.40 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 +/*! \file */ + #include #include #include @@ -28,6 +30,7 @@ #include +/*% nameserver database version structure */ typedef struct ns_dbversion { dns_db_t *db; dns_dbversion_t *version; @@ -35,6 +38,7 @@ typedef struct ns_dbversion { ISC_LINK(struct ns_dbversion) link; } ns_dbversion_t; +/*% nameserver query structure */ struct ns_query { unsigned int attributes; unsigned int restarts; diff --git a/contrib/bind-9.3/bin/named/include/named/server.h b/contrib/bind-9.5.2/bin/named/include/named/server.h similarity index 58% rename from contrib/bind-9.3/bin/named/include/named/server.h rename to contrib/bind-9.5.2/bin/named/include/named/server.h index 37526c0bef..6917acaf15 100644 --- a/contrib/bind-9.3/bin/named/include/named/server.h +++ b/contrib/bind-9.5.2/bin/named/include/named/server.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.h,v 1.58.2.1.10.13 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: server.h,v 1.88.10.7 2009/07/11 04:28:14 marka Exp $ */ #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 +/*! \file */ + #include -#include #include -#include #include +#include +#include +#include -#include #include +#include #include @@ -35,7 +38,7 @@ #define NS_EVENT_RELOAD (NS_EVENTCLASS + 0) #define NS_EVENT_CLIENTCONTROL (NS_EVENTCLASS + 1) -/* +/*% * Name server state. Better here than in lots of separate global variables. */ struct ns_server { @@ -49,18 +52,18 @@ struct ns_server { isc_quota_t tcpquota; isc_quota_t recursionquota; dns_acl_t *blackholeacl; - char * statsfile; /* Statistics file name */ - char * dumpfile; /* Dump file name */ - char * recfile; /* Recursive file name */ - isc_boolean_t version_set; /* User has set version */ - char * version; /* User-specified version */ - isc_boolean_t hostname_set; /* User has set hostname */ - char * hostname; /* User-specified hostname */ - /* Use hostname for server id */ + char * statsfile; /*%< Statistics file name */ + char * dumpfile; /*%< Dump file name */ + char * recfile; /*%< Recursive file name */ + isc_boolean_t version_set; /*%< User has set version */ + char * version; /*%< User-specified version */ + isc_boolean_t hostname_set; /*%< User has set hostname */ + char * hostname; /*%< User-specified hostname */ + /*% Use hostname for server id */ isc_boolean_t server_usehostname; - char * server_id; /* User-specified server id */ + char * server_id; /*%< User-specified server id */ - /* + /*% * Current ACL environment. This defines the * current values of the localhost and localnets * ACLs. @@ -77,6 +80,8 @@ struct ns_server { isc_timer_t * interface_timer; isc_timer_t * heartbeat_timer; + isc_timer_t * pps_timer; + isc_uint32_t interface_interval; isc_uint32_t heartbeat_interval; @@ -84,22 +89,79 @@ struct ns_server { isc_event_t * reload_event; isc_boolean_t flushonshutdown; - isc_boolean_t log_queries; /* For BIND 8 compatibility */ + isc_boolean_t log_queries; /*%< For BIND 8 compatibility */ - isc_uint64_t * querystats; /* Query statistics counters */ + isc_stats_t * nsstats; /*%< Server statistics */ + dns_stats_t * rcvquerystats; /*% Incoming query statistics */ + dns_stats_t * opcodestats; /*%< Incoming message statistics */ + isc_stats_t * zonestats; /*% Zone management statistics */ + isc_stats_t * resolverstats; /*% Resolver statistics */ - ns_controls_t * controls; /* Control channels */ + isc_stats_t * sockstats; /*%< Socket statistics */ + ns_controls_t * controls; /*%< Control channels */ unsigned int dispatchgen; ns_dispatchlist_t dispatches; - + + dns_acache_t *acache; + + ns_statschannellist_t statschannels; }; #define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R') #define NS_SERVER_VALID(s) ISC_MAGIC_VALID(s, NS_SERVER_MAGIC) +/*% + * Server statistics counters. Used as isc_statscounter_t values. + */ +enum { + dns_nsstatscounter_requestv4 = 0, + dns_nsstatscounter_requestv6 = 1, + dns_nsstatscounter_edns0in = 2, + dns_nsstatscounter_badednsver = 3, + dns_nsstatscounter_tsigin = 4, + dns_nsstatscounter_sig0in = 5, + dns_nsstatscounter_invalidsig = 6, + dns_nsstatscounter_tcp = 7, + + dns_nsstatscounter_authrej = 8, + dns_nsstatscounter_recurserej = 9, + dns_nsstatscounter_xfrrej = 10, + dns_nsstatscounter_updaterej = 11, + + dns_nsstatscounter_response = 12, + dns_nsstatscounter_truncatedresp = 13, + dns_nsstatscounter_edns0out = 14, + dns_nsstatscounter_tsigout = 15, + dns_nsstatscounter_sig0out = 16, + + dns_nsstatscounter_success = 17, + dns_nsstatscounter_authans = 18, + dns_nsstatscounter_nonauthans = 19, + dns_nsstatscounter_referral = 20, + dns_nsstatscounter_nxrrset = 21, + dns_nsstatscounter_servfail = 22, + dns_nsstatscounter_formerr = 23, + dns_nsstatscounter_nxdomain = 24, + dns_nsstatscounter_recursion = 25, + dns_nsstatscounter_duplicate = 26, + dns_nsstatscounter_dropped = 27, + dns_nsstatscounter_failure = 28, + + dns_nsstatscounter_xfrdone = 29, + + dns_nsstatscounter_updatereqfwd = 30, + dns_nsstatscounter_updaterespfwd = 31, + dns_nsstatscounter_updatefwdfail = 32, + dns_nsstatscounter_updatedone = 33, + dns_nsstatscounter_updatefail = 34, + dns_nsstatscounter_updatebadprereq = 35, + + dns_nsstatscounter_max = 36 +}; + void ns_server_create(isc_mem_t *mctx, ns_server_t **serverp); -/* +/*%< * Create a server object with default settings. * This function either succeeds or causes the program to exit * with a fatal error. @@ -107,13 +169,13 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp); void ns_server_destroy(ns_server_t **serverp); -/* +/*%< * Destroy a server object, freeing its memory. */ void ns_server_reloadwanted(ns_server_t *server); -/* +/*%< * Inform a server that a reload is wanted. This function * may be called asynchronously, from outside the server's task. * If a reload is already scheduled or in progress, the call @@ -122,92 +184,117 @@ ns_server_reloadwanted(ns_server_t *server); void ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush); -/* +/*%< * Inform the server that the zones should be flushed to disk on shutdown. */ isc_result_t ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text); -/* +/*%< * Act on a "reload" command from the command channel. */ isc_result_t ns_server_reconfigcommand(ns_server_t *server, char *args); -/* +/*%< * Act on a "reconfig" command from the command channel. */ +isc_result_t +ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text); +/*%< + * Act on a "notify" command from the command channel. + */ + isc_result_t ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text); -/* +/*%< * Act on a "refresh" command from the command channel. */ isc_result_t ns_server_retransfercommand(ns_server_t *server, char *args); -/* +/*%< * Act on a "retransfer" command from the command channel. */ isc_result_t ns_server_togglequerylog(ns_server_t *server); -/* +/*%< * Toggle logging of queries, as in BIND 8. */ -/* +/*% * Dump the current statistics to the statistics file. */ isc_result_t ns_server_dumpstats(ns_server_t *server); -/* +/*% * Dump the current cache to the dump file. */ isc_result_t ns_server_dumpdb(ns_server_t *server, char *args); -/* +/*% * Change or increment the server debug level. */ isc_result_t ns_server_setdebuglevel(ns_server_t *server, char *args); -/* +/*% * Flush the server's cache(s) */ isc_result_t ns_server_flushcache(ns_server_t *server, char *args); -/* +/*% * Flush a particular name from the server's cache(s) */ isc_result_t ns_server_flushname(ns_server_t *server, char *args); -/* +/*% * Report the server's status. */ isc_result_t ns_server_status(ns_server_t *server, isc_buffer_t *text); -/* +/*% + * Report a list of dynamic and static tsig keys, per view. + */ +isc_result_t +ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text); + +/*% + * Delete a specific key (with optional view). + */ +isc_result_t +ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text); + +/*% * Enable or disable updates for a zone. */ isc_result_t -ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args); +ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, + isc_buffer_t *text); -/* +/*% * Dump the current recursive queries. */ isc_result_t ns_server_dumprecursing(ns_server_t *server); -/* +/*% * Maintain a list of dispatches that require reserved ports. */ void ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr); +/*% + * Enable or disable dnssec validation. + */ +isc_result_t +ns_server_validation(ns_server_t *server, char *args); + #endif /* NAMED_SERVER_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/sortlist.h b/contrib/bind-9.5.2/bin/named/include/named/sortlist.h similarity index 91% rename from contrib/bind-9.3/bin/named/include/named/sortlist.h rename to contrib/bind-9.5.2/bin/named/include/named/sortlist.h index 9966686e63..b9f6076114 100644 --- a/contrib/bind-9.3/bin/named/include/named/sortlist.h +++ b/contrib/bind-9.5.2/bin/named/include/named/sortlist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,22 +15,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.h,v 1.4.208.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: sortlist.h,v 1.11 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_SORTLIST_H #define NAMED_SORTLIST_H 1 +/*! \file */ + #include #include -/* +/*% * Type for callback functions that rank addresses. */ typedef int (*dns_addressorderfunc_t)(const isc_netaddr_t *address, const void *arg); -/* +/*% * Return value type for setup_sortlist. */ typedef enum { @@ -42,7 +44,7 @@ typedef enum { ns_sortlisttype_t ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, const void **argp); -/* +/*%< * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any. * * If a 1-element sortlist item applies, return NS_SORTLISTTYPE_1ELEMENT and @@ -57,14 +59,14 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, int ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg); -/* +/*%< * Find the sort order of 'addr' in 'arg', the matching element * of a 1-element top-level sortlist statement. */ int ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg); -/* +/*%< * Find the sort order of 'addr' in 'arg', a topology-like * ACL forming the second element in a 2-element top-level * sortlist statement. @@ -74,7 +76,7 @@ void ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr, dns_addressorderfunc_t *orderp, const void **argp); -/* +/*%< * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any. * If a sortlist statement applies, return in '*orderp' a pointer to a function * for ranking network addresses based on that sortlist statement, and in diff --git a/contrib/bind-9.5.2/bin/named/include/named/statschannel.h b/contrib/bind-9.5.2/bin/named/include/named/statschannel.h new file mode 100644 index 0000000000..da89423dbf --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/include/named/statschannel.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: statschannel.h,v 1.2.2.2 2008/04/03 06:10:19 marka Exp $ */ + +#ifndef NAMED_STATSCHANNEL_H +#define NAMED_STATSCHANNEL_H 1 + +/*! \file + * \brief + * The statistics channels built-in the name server. + */ + +#include + +#include + +#include + +#define NS_STATSCHANNEL_HTTPPORT 80 + +isc_result_t +ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config, + cfg_aclconfctx_t *aclconfctx); +/*%< + * [Re]configure the statistics channels. + * + * If it is no longer there but was previously configured, destroy + * it here. + * + * If the IP address or port has changed, destroy the old server + * and create a new one. + */ + + +void +ns_statschannels_shutdown(ns_server_t *server); +/*%< + * Initiate shutdown of all the statistics channel listeners. + */ + +isc_result_t +ns_stats_dump(ns_server_t *server, FILE *fp); +/*%< + * Dump statistics counters managed by the server to the file fp. + */ + +#endif /* NAMED_STATSCHANNEL_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/tkeyconf.h b/contrib/bind-9.5.2/bin/named/include/named/tkeyconf.h similarity index 73% rename from contrib/bind-9.3/bin/named/include/named/tkeyconf.h rename to contrib/bind-9.5.2/bin/named/include/named/tkeyconf.h index ac72f3e98e..02bd71883a 100644 --- a/contrib/bind-9.3/bin/named/include/named/tkeyconf.h +++ b/contrib/bind-9.5.2/bin/named/include/named/tkeyconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: tkeyconf.h,v 1.16 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NS_TKEYCONF_H #define NS_TKEYCONF_H 1 +/*! \file */ + #include #include @@ -30,20 +32,20 @@ ISC_LANG_BEGINDECLS isc_result_t ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp); -/* +/*%< * Create a TKEY context and configure it, including the default DH key * and default domain, according to 'options'. * * Requires: - * 'cfg' is a valid configuration options object. - * 'mctx' is not NULL - * 'ectx' is not NULL - * 'tctx' is not NULL - * '*tctx' is NULL + *\li 'cfg' is a valid configuration options object. + *\li 'mctx' is not NULL + *\li 'ectx' is not NULL + *\li 'tctx' is not NULL + *\li '*tctx' is NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li ISC_R_SUCCESS + *\li ISC_R_NOMEMORY */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/bin/named/include/named/tsigconf.h b/contrib/bind-9.5.2/bin/named/include/named/tsigconf.h similarity index 76% rename from contrib/bind-9.3/bin/named/include/named/tsigconf.h rename to contrib/bind-9.5.2/bin/named/include/named/tsigconf.h index fcb415eb42..49ad82af39 100644 --- a/contrib/bind-9.3/bin/named/include/named/tsigconf.h +++ b/contrib/bind-9.5.2/bin/named/include/named/tsigconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.h,v 1.9.208.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: tsigconf.h,v 1.16 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NS_TSIGCONF_H #define NS_TSIGCONF_H 1 +/*! \file */ + #include #include @@ -28,18 +30,18 @@ ISC_LANG_BEGINDECLS isc_result_t ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_tsig_keyring_t **ringp); -/* +/*%< * Create a TSIG key ring and configure it according to the 'key' * statements in the global and view configuration objects. * * Requires: - * 'config' is not NULL. - * 'mctx' is not NULL - * 'ring' is not NULL, and '*ring' is NULL + * \li 'config' is not NULL. + * \li 'mctx' is not NULL + * \li 'ring' is not NULL, and '*ring' is NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li ISC_R_SUCCESS + * \li ISC_R_NOMEMORY */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/bin/named/include/named/types.h b/contrib/bind-9.5.2/bin/named/include/named/types.h similarity index 78% rename from contrib/bind-9.3/bin/named/include/named/types.h rename to contrib/bind-9.5.2/bin/named/include/named/types.h index eb44c53b66..ca1468717f 100644 --- a/contrib/bind-9.3/bin/named/include/named/types.h +++ b/contrib/bind-9.5.2/bin/named/include/named/types.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.19.208.2 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: types.h,v 1.27.128.2 2008/01/17 23:46:36 tbox Exp $ */ #ifndef NAMED_TYPES_H #define NAMED_TYPES_H 1 +/*! \file */ + #include typedef struct ns_client ns_client_t; typedef struct ns_clientmgr ns_clientmgr_t; typedef struct ns_query ns_query_t; typedef struct ns_server ns_server_t; +typedef struct ns_xmld ns_xmld_t; +typedef struct ns_xmldmgr ns_xmldmgr_t; typedef struct ns_interface ns_interface_t; typedef struct ns_interfacemgr ns_interfacemgr_t; typedef struct ns_lwresd ns_lwresd_t; @@ -37,5 +41,6 @@ typedef struct ns_lwsearchctx ns_lwsearchctx_t; typedef struct ns_controls ns_controls_t; typedef struct ns_dispatch ns_dispatch_t; typedef ISC_LIST(ns_dispatch_t) ns_dispatchlist_t; - +typedef struct ns_statschannel ns_statschannel_t; +typedef ISC_LIST(ns_statschannel_t) ns_statschannellist_t; #endif /* NAMED_TYPES_H */ diff --git a/contrib/bind-9.3/bin/named/include/named/update.h b/contrib/bind-9.5.2/bin/named/include/named/update.h similarity index 81% rename from contrib/bind-9.3/bin/named/include/named/update.h rename to contrib/bind-9.5.2/bin/named/include/named/update.h index 4c97235cc9..a34570c2f5 100644 --- a/contrib/bind-9.3/bin/named/include/named/update.h +++ b/contrib/bind-9.5.2/bin/named/include/named/update.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.h,v 1.8.208.1 2004/03/06 10:21:26 marka Exp $ */ +/* $Id: update.h,v 1.13 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_UPDATE_H #define NAMED_UPDATE_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * RFC2136 Dynamic Update */ diff --git a/contrib/bind-9.3/bin/named/include/named/xfrout.h b/contrib/bind-9.5.2/bin/named/include/named/xfrout.h similarity index 80% rename from contrib/bind-9.3/bin/named/include/named/xfrout.h rename to contrib/bind-9.5.2/bin/named/include/named/xfrout.h index e96ff31dd2..4bb79a31e9 100644 --- a/contrib/bind-9.3/bin/named/include/named/xfrout.h +++ b/contrib/bind-9.5.2/bin/named/include/named/xfrout.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.h,v 1.7.208.1 2004/03/06 10:21:27 marka Exp $ */ +/* $Id: xfrout.h,v 1.12 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_XFROUT_H #define NAMED_XFROUT_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * Outgoing zone transfers (AXFR + IXFR). */ diff --git a/contrib/bind-9.3/bin/named/include/named/zoneconf.h b/contrib/bind-9.5.2/bin/named/include/named/zoneconf.h similarity index 75% rename from contrib/bind-9.3/bin/named/include/named/zoneconf.h rename to contrib/bind-9.5.2/bin/named/include/named/zoneconf.h index 3e63053f38..b973013c22 100644 --- a/contrib/bind-9.3/bin/named/include/named/zoneconf.h +++ b/contrib/bind-9.5.2/bin/named/include/named/zoneconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,25 +15,26 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.h,v 1.16.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: zoneconf.h,v 1.26 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NS_ZONECONF_H #define NS_ZONECONF_H 1 +/*! \file */ + #include #include +#include #include -#include - ISC_LANG_BEGINDECLS isc_result_t ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, - const cfg_obj_t *zconfig, ns_aclconfctx_t *ac, + const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac, dns_zone_t *zone); -/* +/*%< * Configure or reconfigure a zone according to the named.conf * data in 'cctx' and 'czone'. * @@ -41,16 +42,16 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, * at zone creation time. * * Require: - * 'lctx' to be initialized or NULL. - * 'cctx' to be initialized or NULL. - * 'ac' to point to an initialized ns_aclconfctx_t. - * 'czone' to be initialized. - * 'zone' to be initialized. + * \li 'lctx' to be initialized or NULL. + * \li 'cctx' to be initialized or NULL. + * \li 'ac' to point to an initialized ns_aclconfctx_t. + * \li 'czone' to be initialized. + * \li 'zone' to be initialized. */ isc_boolean_t ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig); -/* +/*%< * If 'zone' can be safely reconfigured according to the configuration * data in 'zconfig', return ISC_TRUE. If the configuration data is so * different from the current zone state that the zone needs to be destroyed diff --git a/contrib/bind-9.3/bin/named/interfacemgr.c b/contrib/bind-9.5.2/bin/named/interfacemgr.c similarity index 87% rename from contrib/bind-9.3/bin/named/interfacemgr.c rename to contrib/bind-9.5.2/bin/named/interfacemgr.c index a3410567e6..3f16baf68e 100644 --- a/contrib/bind-9.3/bin/named/interfacemgr.c +++ b/contrib/bind-9.5.2/bin/named/interfacemgr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.59.2.5.8.18 2006/07/19 00:16:28 marka Exp $ */ +/* $Id: interfacemgr.c,v 1.90.64.5 2009/01/19 23:47:01 tbox Exp $ */ + +/*! \file */ #include @@ -37,24 +39,29 @@ #define IFMGR_COMMON_LOGARGS \ ns_g_lctx, NS_LOGCATEGORY_NETWORK, NS_LOGMODULE_INTERFACEMGR +/*% nameserver interface manager structure */ struct ns_interfacemgr { - unsigned int magic; /* Magic number. */ + unsigned int magic; /*%< Magic number. */ int references; isc_mutex_t lock; - isc_mem_t * mctx; /* Memory context. */ - isc_taskmgr_t * taskmgr; /* Task manager. */ - isc_socketmgr_t * socketmgr; /* Socket manager. */ + isc_mem_t * mctx; /*%< Memory context. */ + isc_taskmgr_t * taskmgr; /*%< Task manager. */ + isc_socketmgr_t * socketmgr; /*%< Socket manager. */ dns_dispatchmgr_t * dispatchmgr; - unsigned int generation; /* Current generation no. */ + unsigned int generation; /*%< Current generation no. */ ns_listenlist_t * listenon4; ns_listenlist_t * listenon6; - dns_aclenv_t aclenv; /* Localhost/localnets ACLs */ - ISC_LIST(ns_interface_t) interfaces; /* List of interfaces. */ + dns_aclenv_t aclenv; /*%< Localhost/localnets ACLs */ + ISC_LIST(ns_interface_t) interfaces; /*%< List of interfaces. */ + ISC_LIST(isc_sockaddr_t) listenon; }; static void purge_old_interfaces(ns_interfacemgr_t *mgr); +static void +clearlistenon(ns_interfacemgr_t *mgr); + isc_result_t ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_socketmgr_t *socketmgr, @@ -83,8 +90,9 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, mgr->generation = 1; mgr->listenon4 = NULL; mgr->listenon6 = NULL; - + ISC_LIST_INIT(mgr->interfaces); + ISC_LIST_INIT(mgr->listenon); /* * The listen-on lists are initially empty. @@ -117,6 +125,7 @@ ns_interfacemgr_destroy(ns_interfacemgr_t *mgr) { dns_aclenv_destroy(&mgr->aclenv); ns_listenlist_detach(&mgr->listenon4); ns_listenlist_detach(&mgr->listenon6); + clearlistenon(mgr); DESTROYLOCK(&mgr->lock); mgr->magic = 0; isc_mem_put(mgr->mctx, mgr, sizeof(*mgr)); @@ -158,7 +167,7 @@ void ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr) { REQUIRE(NS_INTERFACEMGR_VALID(mgr)); - /* + /*% * Shut down and detach all interfaces. * By incrementing the generation count, we make purge_old_interfaces() * consider all interfaces "old". @@ -295,10 +304,12 @@ ns_interface_accepttcp(ns_interface_t *ifp) { isc_result_totext(result)); goto tcp_socket_failure; } + isc_socket_setname(ifp->tcpsocket, "dispatcher", NULL); #ifndef ISC_ALLOW_MAPPED isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE); #endif - result = isc_socket_bind(ifp->tcpsocket, &ifp->addr); + result = isc_socket_bind(ifp->tcpsocket, &ifp->addr, + ISC_SOCKET_REUSEADDRESS); if (result != ISC_R_SUCCESS) { isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR, "binding TCP socket: %s", @@ -313,7 +324,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) { goto tcp_listen_failure; } - /* + /* * If/when there a multiple filters listen to the * result. */ @@ -432,7 +443,7 @@ ns_interface_detach(ns_interface_t **targetp) { *targetp = NULL; } -/* +/*% * Search the interface list for an interface whose address and port * both match those of 'addr'. Return a pointer to it, or NULL if not found. */ @@ -447,7 +458,7 @@ find_matching_interface(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) { return (ifp); } -/* +/*% * Remove any interfaces whose generation number is not the current one. */ static void @@ -473,7 +484,7 @@ static isc_result_t clearacl(isc_mem_t *mctx, dns_acl_t **aclp) { dns_acl_t *newacl = NULL; isc_result_t result; - result = dns_acl_create(mctx, 10, &newacl); + result = dns_acl_create(mctx, 0, &newacl); if (result != ISC_R_SUCCESS) return (result); dns_acl_detach(aclp); @@ -484,36 +495,31 @@ clearacl(isc_mem_t *mctx, dns_acl_t **aclp) { static isc_boolean_t listenon_is_ip6_any(ns_listenelt_t *elt) { - if (elt->acl->length != 1) - return (ISC_FALSE); - if (elt->acl->elements[0].negative == ISC_FALSE && - elt->acl->elements[0].type == dns_aclelementtype_any) - return (ISC_TRUE); /* listen-on-v6 { any; } */ - return (ISC_FALSE); /* All others */ + REQUIRE(elt && elt->acl); + return dns_acl_isany(elt->acl); } static isc_result_t setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) { isc_result_t result; - dns_aclelement_t elt; - unsigned int family; unsigned int prefixlen; + isc_netaddr_t *netaddr; + + netaddr = &interface->address; - family = interface->address.family; - - elt.type = dns_aclelementtype_ipprefix; - elt.negative = ISC_FALSE; - elt.u.ip_prefix.address = interface->address; - elt.u.ip_prefix.prefixlen = (family == AF_INET) ? 32 : 128; - result = dns_acl_appendelement(mgr->aclenv.localhost, &elt); + /* First add localhost address */ + prefixlen = (netaddr->family == AF_INET) ? 32 : 128; + result = dns_iptable_addprefix(mgr->aclenv.localhost->iptable, + netaddr, prefixlen, ISC_TRUE); if (result != ISC_R_SUCCESS) return (result); + /* Then add localnets prefix */ result = isc_netaddr_masktoprefixlen(&interface->netmask, &prefixlen); - /* Non contigious netmasks not allowed by IPv6 arch. */ - if (result != ISC_R_SUCCESS && family == AF_INET6) + /* Non contiguous netmasks not allowed by IPv6 arch. */ + if (result != ISC_R_SUCCESS && netaddr->family == AF_INET6) return (result); if (result != ISC_R_SUCCESS) { @@ -523,20 +529,54 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) { "localnets ACL: %s", interface->name, isc_result_totext(result)); - } else { - elt.u.ip_prefix.prefixlen = prefixlen; - if (dns_acl_elementmatch(mgr->aclenv.localnets, &elt, - NULL) == ISC_R_NOTFOUND) { - result = dns_acl_appendelement(mgr->aclenv.localnets, - &elt); - if (result != ISC_R_SUCCESS) - return (result); - } + return (ISC_R_SUCCESS); } + result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable, + netaddr, prefixlen, ISC_TRUE); + if (result != ISC_R_SUCCESS) + return (result); + return (ISC_R_SUCCESS); } +static void +setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface, + in_port_t port) +{ + isc_sockaddr_t *addr; + isc_sockaddr_t *old; + + addr = isc_mem_get(mgr->mctx, sizeof(*addr)); + if (addr == NULL) + return; + + isc_sockaddr_fromnetaddr(addr, &interface->address, port); + + for (old = ISC_LIST_HEAD(mgr->listenon); + old != NULL; + old = ISC_LIST_NEXT(old, link)) + if (isc_sockaddr_equal(addr, old)) + break; + + if (old != NULL) + isc_mem_put(mgr->mctx, addr, sizeof(*addr)); + else + ISC_LIST_APPEND(mgr->listenon, addr, link); +} + +static void +clearlistenon(ns_interfacemgr_t *mgr) { + isc_sockaddr_t *old; + + old = ISC_LIST_HEAD(mgr->listenon); + while (old != NULL) { + ISC_LIST_UNLINK(mgr->listenon, old, link); + isc_mem_put(mgr->mctx, old, sizeof(*old)); + old = ISC_LIST_HEAD(mgr->listenon); + } +} + static isc_result_t do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, isc_boolean_t verbose) @@ -553,6 +593,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, isc_sockaddr_t listen_addr; ns_interface_t *ifp; isc_boolean_t log_explicit = ISC_FALSE; + isc_boolean_t dolistenon; if (ext_listen != NULL) adjusting = ISC_TRUE; @@ -643,6 +684,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, result = clearacl(mgr->mctx, &mgr->aclenv.localnets); if (result != ISC_R_SUCCESS) goto cleanup_iter; + clearlistenon(mgr); } for (result = isc_interfaceiter_first(iter); @@ -651,7 +693,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, { isc_interface_t interface; ns_listenlist_t *ll; - unsigned int family; + unsigned int family; result = isc_interfaceiter_current(iter, &interface); if (result != ISC_R_SUCCESS) @@ -688,6 +730,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, } ll = (family == AF_INET) ? mgr->listenon4 : mgr->listenon6; + dolistenon = ISC_TRUE; for (le = ISC_LIST_HEAD(ll->elts); le != NULL; le = ISC_LIST_NEXT(le, link)) @@ -723,6 +766,11 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, if (match <= 0) continue; + if (adjusting == ISC_FALSE && dolistenon == ISC_TRUE) { + setup_listenon(mgr, &interface, le->port); + dolistenon = ISC_FALSE; + } + /* * The case of "any" IPv6 address will require * special considerations later, so remember it. @@ -748,7 +796,9 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, (void)dns_acl_match(&listen_netaddr, NULL, ele->acl, NULL, &match, NULL); - if (match > 0 && ele->port == le->port) + if (match > 0 && + (ele->port == le->port || + ele->port == 0)) break; else match = 0; @@ -827,7 +877,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, UNEXPECTED_ERROR(__FILE__, __LINE__, "interface iteration failed: %s", isc_result_totext(result)); - else + else result = ISC_R_SUCCESS; cleanup_iter: isc_interfaceiter_destroy(&iter); @@ -858,7 +908,7 @@ ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, /* * Warn if we are not listening on any interface, unless - * we're in lwresd-only mode, in which case that is to + * we're in lwresd-only mode, in which case that is to * be expected. */ if (ext_listen == NULL && @@ -909,3 +959,16 @@ ns_interfacemgr_dumprecursing(FILE *f, ns_interfacemgr_t *mgr) { } UNLOCK(&mgr->lock); } + +isc_boolean_t +ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) { + isc_sockaddr_t *old; + + old = ISC_LIST_HEAD(mgr->listenon); + for (old = ISC_LIST_HEAD(mgr->listenon); + old != NULL; + old = ISC_LIST_NEXT(old, link)) + if (isc_sockaddr_equal(old, addr)) + return (ISC_TRUE); + return (ISC_FALSE); +} diff --git a/contrib/bind-9.3/bin/named/listenlist.c b/contrib/bind-9.5.2/bin/named/listenlist.c similarity index 93% rename from contrib/bind-9.3/bin/named/listenlist.c rename to contrib/bind-9.5.2/bin/named/listenlist.c index bba164f081..513fe9c70b 100644 --- a/contrib/bind-9.3/bin/named/listenlist.c +++ b/contrib/bind-9.5.2/bin/named/listenlist.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: listenlist.c,v 1.9.208.1 2004/03/06 10:21:18 marka Exp $ */ +/* $Id: listenlist.c,v 1.14 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/bin/named/log.c b/contrib/bind-9.5.2/bin/named/log.c similarity index 91% rename from contrib/bind-9.3/bin/named/log.c rename to contrib/bind-9.5.2/bin/named/log.c index 9032af795d..5d994b2d31 100644 --- a/contrib/bind-9.3/bin/named/log.c +++ b/contrib/bind-9.5.2/bin/named/log.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.33.2.1.10.6 2005/05/24 23:58:17 marka Exp $ */ +/* $Id: log.c,v 1.46.130.3 2009/01/27 21:17:39 jinmei Exp $ */ + +/*! \file */ #include @@ -29,9 +31,10 @@ #define ISC_FACILITY LOG_DAEMON #endif -/* +/*% * When adding a new category, be sure to add the appropriate - * #define to . + * \#define to and to update the list in + * bin/check/check-tool.c. */ static isc_logcategory_t categories[] = { { "", 0 }, @@ -41,12 +44,13 @@ static isc_logcategory_t categories[] = { { "queries", 0 }, { "unmatched", 0 }, { "update-security", 0 }, + { "query-errors", 0 }, { NULL, 0 } }; -/* +/*% * When adding a new module, be sure to add the appropriate - * #define to . + * \#define to . */ static isc_logmodule_t modules[] = { { "main", 0 }, @@ -78,6 +82,9 @@ ns_log_init(isc_boolean_t safe) { if (result != ISC_R_SUCCESS) return (result); + /* + * named-checktool.c:setup_logging() needs to be kept in sync. + */ isc_log_registercategories(ns_g_lctx, ns_g_categories); isc_log_registermodules(ns_g_lctx, ns_g_modules); isc_log_setcontext(ns_g_lctx); @@ -114,7 +121,7 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg) { /* * By default, the logging library makes "default_debug" log to * stderr. In BIND, we want to override this and log to named.run - * instead, unless the the -g option was given. + * instead, unless the -g option was given. */ if (! ns_g_logstderr) { destination.file.stream = NULL; diff --git a/contrib/bind-9.3/bin/named/logconf.c b/contrib/bind-9.5.2/bin/named/logconf.c similarity index 97% rename from contrib/bind-9.3/bin/named/logconf.c rename to contrib/bind-9.5.2/bin/named/logconf.c index 1bf3b5589e..e32496507e 100644 --- a/contrib/bind-9.3/bin/named/logconf.c +++ b/contrib/bind-9.5.2/bin/named/logconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.30.2.3.10.4 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: logconf.c,v 1.42 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -36,7 +38,7 @@ if (result != ISC_R_SUCCESS) goto cleanup; \ } while (0) -/* +/*% * Set up a logging category according to the named.conf data * in 'ccat' and add it to 'lctx'. */ @@ -84,7 +86,7 @@ category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { return (ISC_R_SUCCESS); } -/* +/*% * Set up a logging channel according to the named.conf data * in 'cchan' and add it to 'lctx'. */ diff --git a/contrib/bind-9.3/bin/named/lwaddr.c b/contrib/bind-9.5.2/bin/named/lwaddr.c similarity index 89% rename from contrib/bind-9.3/bin/named/lwaddr.c rename to contrib/bind-9.5.2/bin/named/lwaddr.c index 1bd8d82875..44cfc9211a 100644 --- a/contrib/bind-9.3/bin/named/lwaddr.c +++ b/contrib/bind-9.5.2/bin/named/lwaddr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwaddr.c,v 1.3.208.1 2004/03/06 10:21:18 marka Exp $ */ +/* $Id: lwaddr.c,v 1.8.130.2 2008/01/11 23:46:27 tbox Exp $ */ + +/*! \file */ #include @@ -29,7 +31,7 @@ #include -/* +/*% * Convert addresses from lwres to isc format. */ isc_result_t @@ -63,7 +65,7 @@ lwaddr_sockaddr_fromlwresaddr(isc_sockaddr_t *sa, lwres_addr_t *la, return (ISC_R_SUCCESS); } -/* +/*% * Convert addresses from isc to lwres format. */ @@ -79,7 +81,7 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) { } else { la->family = LWRES_ADDRTYPE_V6; la->length = 16; - memcpy(la->address, &na->type.in, 16); + memcpy(la->address, &na->type.in6, 16); } return (ISC_R_SUCCESS); } diff --git a/contrib/bind-9.3/bin/named/lwdclient.c b/contrib/bind-9.5.2/bin/named/lwdclient.c similarity index 97% rename from contrib/bind-9.3/bin/named/lwdclient.c rename to contrib/bind-9.5.2/bin/named/lwdclient.c index 7975a4991e..a843134002 100644 --- a/contrib/bind-9.3/bin/named/lwdclient.c +++ b/contrib/bind-9.5.2/bin/named/lwdclient.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdclient.c,v 1.13.12.5 2004/03/08 09:04:15 marka Exp $ */ +/* $Id: lwdclient.c,v 1.22 2007/06/18 23:47:18 tbox Exp $ */ + +/*! \file */ #include @@ -100,6 +102,7 @@ ns_lwdclientmgr_create(ns_lwreslistener_t *listener, unsigned int nclients, result = isc_task_create(taskmgr, 0, &cm->task); if (result != ISC_R_SUCCESS) goto errout; + isc_task_setname(cm->task, "lwdclient", NULL); /* * This MUST be last, since there is no way to cancel an onshutdown... diff --git a/contrib/bind-9.3/bin/named/lwderror.c b/contrib/bind-9.5.2/bin/named/lwderror.c similarity index 91% rename from contrib/bind-9.3/bin/named/lwderror.c rename to contrib/bind-9.5.2/bin/named/lwderror.c index 51cecf0abd..33f247a458 100644 --- a/contrib/bind-9.3/bin/named/lwderror.c +++ b/contrib/bind-9.5.2/bin/named/lwderror.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwderror.c,v 1.7.208.1 2004/03/06 10:21:18 marka Exp $ */ +/* $Id: lwderror.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -25,7 +27,7 @@ #include #include -/* +/*% * Generate an error packet for the client, schedule a send, and put us in * the SEND state. * diff --git a/contrib/bind-9.3/bin/named/lwdgabn.c b/contrib/bind-9.5.2/bin/named/lwdgabn.c similarity index 98% rename from contrib/bind-9.3/bin/named/lwdgabn.c rename to contrib/bind-9.5.2/bin/named/lwdgabn.c index 539c25bf3d..dec1e1a571 100644 --- a/contrib/bind-9.3/bin/named/lwdgabn.c +++ b/contrib/bind-9.5.2/bin/named/lwdgabn.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgabn.c,v 1.13.12.5 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: lwdgabn.c,v 1.22 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -47,7 +49,7 @@ static isc_result_t start_find(ns_lwdclient_t *); static void restart_find(ns_lwdclient_t *); static void init_gabn(ns_lwdclient_t *); -/* +/*% * Destroy any finds. This can be used to "start over from scratch" and * should only be called when events are _not_ being generated by the finds. */ @@ -432,7 +434,7 @@ restart_find(ns_lwdclient_t *client) { client->clientmgr->task, process_gabn_finddone, client, dns_fixedname_name(&client->target_name), - dns_rootname, options, 0, + dns_rootname, 0, options, 0, dns_fixedname_name(&client->target_name), client->clientmgr->view->dstport, &client->find); diff --git a/contrib/bind-9.3/bin/named/lwdgnba.c b/contrib/bind-9.5.2/bin/named/lwdgnba.c similarity index 96% rename from contrib/bind-9.3/bin/named/lwdgnba.c rename to contrib/bind-9.5.2/bin/named/lwdgnba.c index 21ef804ac9..2309329df1 100644 --- a/contrib/bind-9.3/bin/named/lwdgnba.c +++ b/contrib/bind-9.5.2/bin/named/lwdgnba.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgnba.c,v 1.13.2.1.2.5 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwdgnba.c,v 1.20.130.2 2008/01/14 23:46:28 tbox Exp $ */ + +/*! \file */ #include @@ -218,8 +220,6 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) { b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) goto out; - if (req->addr.address == NULL) - goto out; client->options = 0; if (req->addr.family == LWRES_ADDRTYPE_V4) { diff --git a/contrib/bind-9.3/bin/named/lwdgrbn.c b/contrib/bind-9.5.2/bin/named/lwdgrbn.c similarity index 97% rename from contrib/bind-9.3/bin/named/lwdgrbn.c rename to contrib/bind-9.5.2/bin/named/lwdgrbn.c index 3ad9e9e38d..b54e83d0dd 100644 --- a/contrib/bind-9.3/bin/named/lwdgrbn.c +++ b/contrib/bind-9.5.2/bin/named/lwdgrbn.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgrbn.c,v 1.11.208.5 2006/01/04 23:50:19 marka Exp $ */ +/* $Id: lwdgrbn.c,v 1.20 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -183,8 +185,6 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node, isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens)); if (newrdatas != NULL) isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas)); - if (newlens != NULL) - isc_mem_put(mctx, newlens, used * sizeof(*oldlens)); return (result); } diff --git a/contrib/bind-9.3/bin/named/lwdnoop.c b/contrib/bind-9.5.2/bin/named/lwdnoop.c similarity index 80% rename from contrib/bind-9.3/bin/named/lwdnoop.c rename to contrib/bind-9.5.2/bin/named/lwdnoop.c index 30d95ee8d8..b01deeba80 100644 --- a/contrib/bind-9.3/bin/named/lwdnoop.c +++ b/contrib/bind-9.5.2/bin/named/lwdnoop.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdnoop.c,v 1.6.208.1 2004/03/06 10:21:19 marka Exp $ */ +/* $Id: lwdnoop.c,v 1.11.130.2 2008/01/22 23:27:35 tbox Exp $ */ + +/*! \file */ #include @@ -42,7 +44,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { result = lwres_nooprequest_parse(client->clientmgr->lwctx, b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) - goto out; + goto send_error; client->pkt.recvlength = LWRES_RECVLENGTH; client->pkt.authtype = 0; /* XXXMLG */ @@ -55,7 +57,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp, &client->pkt, &lwb); if (lwres != LWRES_R_SUCCESS) - goto out; + goto cleanup_req; r.base = lwb.base; r.length = lwb.used; @@ -63,7 +65,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { client->sendlength = r.length; result = ns_lwdclient_sendreply(client, &r); if (result != ISC_R_SUCCESS) - goto out; + goto cleanup_lwb; /* * We can now destroy request. @@ -74,13 +76,12 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { return; - out: - if (req != NULL) - lwres_nooprequest_free(client->clientmgr->lwctx, &req); + cleanup_lwb: + lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length); - if (lwb.base != NULL) - lwres_context_freemem(client->clientmgr->lwctx, - lwb.base, lwb.length); + cleanup_req: + lwres_nooprequest_free(client->clientmgr->lwctx, &req); + send_error: ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); } diff --git a/contrib/bind-9.3/bin/named/lwresd.8 b/contrib/bind-9.5.2/bin/named/lwresd.8 similarity index 68% rename from contrib/bind-9.3/bin/named/lwresd.8 rename to contrib/bind-9.5.2/bin/named/lwresd.8 index 1333a5d509..805e40c19b 100644 --- a/contrib/bind-9.3/bin/named/lwresd.8 +++ b/contrib/bind-9.5.2/bin/named/lwresd.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.208.6 2006/06/29 13:02:30 marka Exp $ +.\" $Id: lwresd.8,v 1.27.150.3 2009/07/11 01:43:27 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwresd .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ lwresd \- lightweight resolver daemon .SH "SYNOPSIS" .HP 7 -\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] +\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR] .SH "DESCRIPTION" .PP \fBlwresd\fR @@ -42,7 +42,7 @@ is the daemon providing name lookup services to clients that use the BIND 9 ligh \fBlwresd\fR listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that \fBlwresd\fR -can only be used by processes running on the local machine. By default UDP port number 921 is used for lightweight resolver requests and responses. +can only be used by processes running on the local machine. By default, UDP port number 921 is used for lightweight resolver requests and responses. .PP Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes, \fBlwresd\fR @@ -60,42 +60,108 @@ entries are present, or if forwarding fails, \fBlwresd\fR resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. .SH "OPTIONS" -.TP 3n +.PP +\-4 +.RS 4 +Use IPv4 only even if the host machine is capable of IPv6. +\fB\-4\fR +and +\fB\-6\fR +are mutually exclusive. +.RE +.PP +\-6 +.RS 4 +Use IPv6 only even if the host machine is capable of IPv4. +\fB\-4\fR +and +\fB\-6\fR +are mutually exclusive. +.RE +.PP +\-c \fIconfig\-file\fR +.RS 4 +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +\fI/etc/lwresd.conf\fR. +\fB\-c\fR +can not be used with +\fB\-C\fR. +.RE +.PP \-C \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -.TP 3n +\fB\-C\fR +can not be used with +\fB\-c\fR. +.RE +.PP \-d \fIdebug\-level\fR +.RS 4 Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBlwresd\fR become more verbose as the debug level increases. -.TP 3n +.RE +.PP \-f +.RS 4 Run the server in the foreground (i.e. do not daemonize). -.TP 3n +.RE +.PP \-g +.RS 4 Run the server in the foreground and force all logging to \fIstderr\fR. -.TP 3n +.RE +.PP +\-i \fIpid\-file\fR +.RS 4 +Use +\fIpid\-file\fR +as the PID file instead of the default, +\fI/var/run/lwresd.pid\fR. +.RE +.PP +\-m \fIflag\fR +.RS 4 +Turn on memory usage debugging flags. Possible flags are +\fIusage\fR, +\fItrace\fR, +\fIrecord\fR, +\fIsize\fR, and +\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in +\fI\fR. +.RE +.PP \-n \fI#cpus\fR +.RS 4 Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBlwresd\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP 3n +.RE +.PP \-P \fIport\fR +.RS 4 Listen for lightweight resolver queries on port \fIport\fR. If not specified, the default is port 921. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Send DNS lookups to port \fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. -.TP 3n +.RE +.PP \-s +.RS 4 Write memory usage statistics to \fIstdout\fR on exit. @@ -103,10 +169,11 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP 3n +.RE +.PP \-t \fIdirectory\fR -\fBchroot()\fR -to +.RS 4 +Chroot to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. .RS @@ -114,25 +181,33 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP 3n +.RE +.PP \-u \fIuser\fR -\fBsetuid()\fR -to +.RS 4 +Setuid to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. -.TP 3n +.RE +.PP \-v +.RS 4 Report the version number and exit. +.RE .SH "FILES" -.TP 3n +.PP \fI/etc/resolv.conf\fR +.RS 4 The default configuration file. -.TP 3n +.RE +.PP \fI/var/run/lwresd.pid\fR +.RS 4 The default process\-id file. +.RE .SH "SEE ALSO" .PP \fBnamed\fR(8), @@ -142,4 +217,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/named/lwresd.c b/contrib/bind-9.5.2/bin/named/lwresd.c similarity index 97% rename from contrib/bind-9.3/bin/named/lwresd.c rename to contrib/bind-9.5.2/bin/named/lwresd.c index e48822f711..93409faaf5 100644 --- a/contrib/bind-9.3/bin/named/lwresd.c +++ b/contrib/bind-9.5.2/bin/named/lwresd.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.37.2.2.2.8 2006/02/28 06:32:53 marka Exp $ */ +/* $Id: lwresd.c,v 1.55.130.3 2008/07/23 23:31:17 marka Exp $ */ -/* +/*! \file + * \brief * Main program for the Lightweight Resolver Daemon. * * To paraphrase the old saying about X11, "It's not a lightweight deamon @@ -59,11 +60,11 @@ #define LWRESLISTENER_MAGIC ISC_MAGIC('L', 'W', 'R', 'L') #define VALID_LWRESLISTENER(l) ISC_MAGIC_VALID(l, LWRESLISTENER_MAGIC) -/* +/*! * The total number of clients we can handle will be NTASKS * NRECVS. */ -#define NTASKS 2 /* tasks to create to handle lwres queries */ -#define NRECVS 2 /* max clients per task */ +#define NTASKS 2 /*%< tasks to create to handle lwres queries */ +#define NRECVS 2 /*%< max clients per task */ typedef ISC_LIST(ns_lwreslistener_t) ns_lwreslistenerlist_t; @@ -78,7 +79,7 @@ initialize_mutex(void) { } -/* +/*% * Wrappers around our memory management stuff, for the lwres functions. */ void * @@ -223,7 +224,7 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, for (i = 0; i < lwc->searchnxt; i++) { CHECK(buffer_putstr(&b, "\t\t\"")); CHECK(buffer_putstr(&b, lwc->search[i])); - CHECK(buffer_putstr(&b, "\";\n")); + CHECK(buffer_putstr(&b, "\";\n")); } CHECK(buffer_putstr(&b, "\t};\n")); } @@ -511,13 +512,19 @@ listener_create(isc_mem_t *mctx, ns_lwresd_t *lwresd, ns_lwreslistener_t **listenerp) { ns_lwreslistener_t *listener; + isc_result_t result; REQUIRE(listenerp != NULL && *listenerp == NULL); listener = isc_mem_get(mctx, sizeof(ns_lwreslistener_t)); if (listener == NULL) return (ISC_R_NOMEMORY); - RUNTIME_CHECK(isc_mutex_init(&listener->lock) == ISC_R_SUCCESS); + + result = isc_mutex_init(&listener->lock); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, listener, sizeof(ns_lwreslistener_t)); + return (result); + } listener->magic = LWRESLISTENER_MAGIC; listener->refs = 1; @@ -569,7 +576,8 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) { return (result); } - result = isc_socket_bind(sock, &listener->address); + result = isc_socket_bind(sock, &listener->address, + ISC_SOCKET_REUSEADDRESS); if (result != ISC_R_SUCCESS) { char socktext[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_format(&listener->address, socktext, diff --git a/contrib/bind-9.5.2/bin/named/lwresd.html b/contrib/bind-9.5.2/bin/named/lwresd.html new file mode 100644 index 0000000000..d5e060dd17 --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/lwresd.html @@ -0,0 +1,225 @@ + + + + + +lwresd + + +
+
+
+

Name

+

lwresd — lightweight resolver daemon

+
+
+

Synopsis

+

lwresd [-c config-file] [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-m flag] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v] [-4] [-6]

+
+
+

DESCRIPTION

+

lwresd + is the daemon providing name lookup + services to clients that use the BIND 9 lightweight resolver + library. It is essentially a stripped-down, caching-only name + server that answers queries using the BIND 9 lightweight + resolver protocol rather than the DNS protocol. +

+

lwresd + listens for resolver queries on a + UDP port on the IPv4 loopback interface, 127.0.0.1. This + means that lwresd can only be used by + processes running on the local machine. By default, UDP port + number 921 is used for lightweight resolver requests and + responses. +

+

+ Incoming lightweight resolver requests are decoded by the + server which then resolves them using the DNS protocol. When + the DNS lookup completes, lwresd encodes + the answers in the lightweight resolver format and returns + them to the client that made the request. +

+

+ If /etc/resolv.conf contains any + nameserver entries, lwresd + sends recursive DNS queries to those servers. This is similar + to the use of forwarders in a caching name server. If no + nameserver entries are present, or if + forwarding fails, lwresd resolves the + queries autonomously starting at the root name servers, using + a built-in list of root server hints. +

+
+
+

OPTIONS

+
+
-4
+

+ Use IPv4 only even if the host machine is capable of IPv6. + -4 and -6 are mutually + exclusive. +

+
-6
+

+ Use IPv6 only even if the host machine is capable of IPv4. + -4 and -6 are mutually + exclusive. +

+
-c config-file
+

+ Use config-file as the + configuration file instead of the default, + /etc/lwresd.conf. + + -c can not be used with -C. +

+
-C config-file
+

+ Use config-file as the + configuration file instead of the default, + /etc/resolv.conf. + -C can not be used with -c. +

+
-d debug-level
+

+ Set the daemon's debug level to debug-level. + Debugging traces from lwresd become + more verbose as the debug level increases. +

+
-f
+

+ Run the server in the foreground (i.e. do not daemonize). +

+
-g
+

+ Run the server in the foreground and force all logging + to stderr. +

+
-i pid-file
+

+ Use pid-file as the + PID file instead of the default, + /var/run/lwresd.pid. +

+
-m flag
+

+ Turn on memory usage debugging flags. Possible flags are + usage, + trace, + record, + size, and + mctx. + These correspond to the ISC_MEM_DEBUGXXXX flags described in + <isc/mem.h>. +

+
-n #cpus
+

+ Create #cpus worker threads + to take advantage of multiple CPUs. If not specified, + lwresd will try to determine the + number of CPUs present and create one thread per CPU. + If it is unable to determine the number of CPUs, a + single worker thread will be created. +

+
-P port
+

+ Listen for lightweight resolver queries on port + port. If + not specified, the default is port 921. +

+
-p port
+

+ Send DNS lookups to port port. If not + specified, the default is port 53. This provides a + way of testing the lightweight resolver daemon with a + name server that listens for queries on a non-standard + port number. +

+
-s
+
+

+ Write memory usage statistics to stdout + on exit. +

+
+

Note

+

+ This option is mainly of interest to BIND 9 developers + and may be removed or changed in a future release. +

+
+
+
-t directory
+
+

Chroot + to directory after + processing the command line arguments, but before + reading the configuration file. +

+
+

Warning

+

+ This option should be used in conjunction with the + -u option, as chrooting a process + running as root doesn't enhance security on most + systems; the way chroot(2) is + defined allows a process with root privileges to + escape a chroot jail. +

+
+
+
-u user
+

Setuid + to user after completing + privileged operations, such as creating sockets that + listen on privileged ports. +

+
-v
+

+ Report the version number and exit. +

+
+
+
+

FILES

+
+
/etc/resolv.conf
+

+ The default configuration file. +

+
/var/run/lwresd.pid
+

+ The default process-id file. +

+
+
+
+

SEE ALSO

+

named(8), + lwres(3), + resolver(5). +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/named/lwsearch.c b/contrib/bind-9.5.2/bin/named/lwsearch.c similarity index 92% rename from contrib/bind-9.3/bin/named/lwsearch.c rename to contrib/bind-9.5.2/bin/named/lwsearch.c index 8b9ea526f1..6754c987bc 100644 --- a/contrib/bind-9.3/bin/named/lwsearch.c +++ b/contrib/bind-9.5.2/bin/named/lwsearch.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwsearch.c,v 1.7.208.1 2004/03/06 10:21:20 marka Exp $ */ +/* $Id: lwsearch.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -38,6 +40,7 @@ isc_result_t ns_lwsearchlist_create(isc_mem_t *mctx, ns_lwsearchlist_t **listp) { ns_lwsearchlist_t *list; + isc_result_t result; REQUIRE(mctx != NULL); REQUIRE(listp != NULL && *listp == NULL); @@ -46,7 +49,11 @@ ns_lwsearchlist_create(isc_mem_t *mctx, ns_lwsearchlist_t **listp) { if (list == NULL) return (ISC_R_NOMEMORY); - RUNTIME_CHECK(isc_mutex_init(&list->lock) == ISC_R_SUCCESS); + result = isc_mutex_init(&list->lock); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, list, sizeof(ns_lwsearchlist_t)); + return (result); + } list->mctx = NULL; isc_mem_attach(mctx, &list->mctx); list->refs = 1; diff --git a/contrib/bind-9.3/bin/named/main.c b/contrib/bind-9.5.2/bin/named/main.c similarity index 88% rename from contrib/bind-9.3/bin/named/main.c rename to contrib/bind-9.5.2/bin/named/main.c index 960de2a34b..6892fc7df0 100644 --- a/contrib/bind-9.3/bin/named/main.c +++ b/contrib/bind-9.5.2/bin/named/main.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.119.2.3.2.25 2006/11/10 18:51:06 marka Exp $ */ +/* $Id: main.c,v 1.158.48.8 2009/04/03 20:18:26 marka Exp $ */ + +/*! \file */ #include @@ -31,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -71,11 +74,19 @@ */ /* #include "xxdb.h" */ +/* + * Include DLZ drivers if appropriate. + */ +#ifdef DLZ +#include +#endif + static isc_boolean_t want_stats = ISC_FALSE; static char program_name[ISC_DIR_NAMEMAX] = "named"; static char absolute_conffile[ISC_DIR_PATHMAX]; static char saved_command_line[512]; static char version[512]; +static unsigned int maxsocks = 0; void ns_main_earlywarning(const char *format, ...) { @@ -128,7 +139,7 @@ assertion_failed(const char *file, int line, isc_assertiontype_t type, if (ns_g_lctx != NULL) { /* - * Reset the assetion callback in case it is the log + * Reset the assertion callback in case it is the log * routines causing the assertion. */ isc_assertion_setcallback(NULL); @@ -226,7 +237,7 @@ lwresd_usage(void) { " [-f|-g] [-n number_of_cpus] [-p port] " "[-P listen-port] [-s]\n" " [-t chrootdir] [-u username] [-i pidfile]\n" - " [-m {usage|trace|record}]\n"); + " [-m {usage|trace|record|size|mctx}]\n"); } static void @@ -239,7 +250,7 @@ usage(void) { "usage: named [-4|-6] [-c conffile] [-d debuglevel] " "[-f|-g] [-n number_of_cpus]\n" " [-p port] [-s] [-t chrootdir] [-u username]\n" - " [-m {usage|trace|record}]\n"); + " [-m {usage|trace|record|size|mctx}]\n"); } static void @@ -307,6 +318,8 @@ static struct flag_def { { "trace", ISC_MEM_DEBUGTRACE }, { "record", ISC_MEM_DEBUGRECORD }, { "usage", ISC_MEM_DEBUGUSAGE }, + { "size", ISC_MEM_DEBUGSIZE }, + { "mctx", ISC_MEM_DEBUGCTX }, { NULL, 0 } }; @@ -345,7 +358,8 @@ parse_command_line(int argc, char *argv[]) { isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, - "46c:C:d:fgi:lm:n:N:p:P:st:u:vx:")) != -1) { + "46c:C:d:fgi:lm:n:N:p:P:" + "sS:t:u:vx:")) != -1) { switch (ch) { case '4': if (disable4) @@ -424,6 +438,10 @@ parse_command_line(int argc, char *argv[]) { /* XXXRTH temporary syntax */ want_stats = ISC_TRUE; break; + case 'S': + maxsocks = parse_int(isc_commandline_argument, + "max number of sockets"); + break; case 't': /* XXXJAB should we make a copy? */ ns_g_chrootdir = isc_commandline_argument; @@ -436,6 +454,8 @@ parse_command_line(int argc, char *argv[]) { exit(0); case '?': usage(); + if (isc_commandline_option == '?') + exit(0); ns_main_earlyfatal("unknown option '-%c'", isc_commandline_option); default: @@ -455,17 +475,14 @@ parse_command_line(int argc, char *argv[]) { static isc_result_t create_managers(void) { isc_result_t result; -#ifdef ISC_PLATFORM_USETHREADS - unsigned int cpus_detected; -#endif + unsigned int socks; #ifdef ISC_PLATFORM_USETHREADS - cpus_detected = isc_os_ncpus(); if (ns_g_cpus == 0) - ns_g_cpus = cpus_detected; + ns_g_cpus = ns_g_cpus_detected; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s", - cpus_detected, cpus_detected == 1 ? "" : "s", + ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s", ns_g_cpus, ns_g_cpus == 1 ? "" : "s"); #else ns_g_cpus = 1; @@ -486,13 +503,19 @@ create_managers(void) { return (ISC_R_UNEXPECTED); } - result = isc_socketmgr_create(ns_g_mctx, &ns_g_socketmgr); + result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_socketmgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } + result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks); + if (result == ISC_R_SUCCESS) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_INFO, "using up to %u sockets", socks); + } result = isc_entropy_create(ns_g_mctx, &ns_g_entropy); if (result != ISC_R_SUCCESS) { @@ -539,6 +562,7 @@ destroy_managers(void) { static void setup(void) { isc_result_t result; + isc_resourcevalue_t old_openfiles; #ifdef HAVE_LIBSCF char *instance = NULL; #endif @@ -592,6 +616,13 @@ setup(void) { } #endif +#ifdef ISC_PLATFORM_USETHREADS + /* + * Check for the number of cpu's before ns_os_chroot(). + */ + ns_g_cpus_detected = isc_os_ncpus(); +#endif + ns_os_chroot(ns_g_chrootdir); /* @@ -644,6 +675,23 @@ setup(void) { (void)isc_resource_getlimit(isc_resource_openfiles, &ns_g_initopenfiles); + /* + * System resources cannot effectively be tuned on some systems. + * Raise the limit in such cases for safety. + */ + old_openfiles = ns_g_initopenfiles; + ns_os_adjustnofile(); + (void)isc_resource_getlimit(isc_resource_openfiles, + &ns_g_initopenfiles); + if (old_openfiles != ns_g_initopenfiles) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, + "adjusted limit on open files from " + "%" ISC_PRINT_QUADFORMAT "u to " + "%" ISC_PRINT_QUADFORMAT "u", + old_openfiles, ns_g_initopenfiles); + } + /* * If the named configuration filename is relative, prepend the current * directory's name before possibly changing to another directory. @@ -654,11 +702,19 @@ setup(void) { sizeof(absolute_conffile)); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("could not construct absolute path of " - "configuration file: %s", + "configuration file: %s", isc_result_totext(result)); ns_g_conffile = absolute_conffile; } + /* + * Record the server's startup time. + */ + result = isc_time_now(&ns_g_boottime); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("isc_time_now() failed: %s", + isc_result_totext(result)); + result = create_managers(); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("create_managers() failed: %s", @@ -671,6 +727,16 @@ setup(void) { */ /* xxdb_init(); */ +#ifdef DLZ + /* + * Register any DLZ drivers. + */ + result = dlz_drivers_init(); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("dlz_drivers_init() failed: %s", + isc_result_totext(result)); +#endif + ns_server_create(ns_g_mctx, &ns_g_server); } @@ -687,6 +753,15 @@ cleanup(void) { */ /* xxdb_clear(); */ +#ifdef DLZ + /* + * Unregister any DLZ drivers. + */ + dlz_drivers_clear(); +#endif + + dns_name_destroy(); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "exiting"); ns_log_shutdown(); @@ -727,7 +802,7 @@ ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) { if (debug) UNEXPECTED_ERROR(__FILE__, __LINE__, "scf_handle_create() failed: %s", - scf_strerror(scf_error())); + scf_strerror(scf_error())); return (ISC_R_FAILURE); } @@ -786,10 +861,10 @@ main(int argc, char *argv[]) { * strings named.core | grep "named version:" */ strlcat(version, -#ifdef __DATE__ - "named version: BIND " VERSION " (" __DATE__ ")", -#else +#if defined(NO_VERSION_DATE) || !defined(__DATE__) "named version: BIND " VERSION, +#else + "named version: BIND " VERSION " (" __DATE__ ")", #endif sizeof(version)); result = isc_file_progname(*argv, program_name, sizeof(program_name)); @@ -827,6 +902,7 @@ main(int argc, char *argv[]) { if (result != ISC_R_SUCCESS) ns_main_earlyfatal("isc_mem_create() failed: %s", isc_result_totext(result)); + isc_mem_setname(ns_g_mctx, "main", NULL); setup(); @@ -872,7 +948,8 @@ main(int argc, char *argv[]) { isc_mem_stats(ns_g_mctx, stdout); isc_mutex_stats(stdout); } - if (memstats != NULL) { + + if (ns_g_memstatistics && memstats != NULL) { FILE *fp = NULL; result = isc_stdio_open(memstats, "w", &fp); if (result == ISC_R_SUCCESS) { @@ -882,6 +959,7 @@ main(int argc, char *argv[]) { } } isc_mem_destroy(&ns_g_mctx); + isc_mem_checkdestroyed(stderr); ns_main_setmemstats(NULL); diff --git a/contrib/bind-9.3/bin/named/named.8 b/contrib/bind-9.5.2/bin/named/named.8 similarity index 72% rename from contrib/bind-9.3/bin/named/named.8 rename to contrib/bind-9.5.2/bin/named/named.8 index 7172393534..bf22aa34a8 100644 --- a/contrib/bind-9.3/bin/named/named.8 +++ b/contrib/bind-9.5.2/bin/named/named.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.208.9 2006/06/29 13:02:30 marka Exp $ +.\" $Id: named.8,v 1.34.130.2 2009/07/11 01:43:29 tbox Exp $ .\" .hy 0 .ad l .\" Title: named .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR @@ -44,22 +44,27 @@ When invoked without arguments, will read the default configuration file \fI/etc/named.conf\fR, read any initial data, and listen for queries. .SH "OPTIONS" -.TP 3n +.PP \-4 +.RS 4 Use IPv4 only even if the host machine is capable of IPv6. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP 3n +.RE +.PP \-6 +.RS 4 Use IPv6 only even if the host machine is capable of IPv4. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP 3n +.RE +.PP \-c \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, @@ -68,32 +73,55 @@ as the configuration file instead of the default, option in the configuration file, \fIconfig\-file\fR should be an absolute pathname. -.TP 3n +.RE +.PP \-d \fIdebug\-level\fR +.RS 4 Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBnamed\fR become more verbose as the debug level increases. -.TP 3n +.RE +.PP \-f +.RS 4 Run the server in the foreground (i.e. do not daemonize). -.TP 3n +.RE +.PP \-g +.RS 4 Run the server in the foreground and force all logging to \fIstderr\fR. -.TP 3n +.RE +.PP +\-m \fIflag\fR +.RS 4 +Turn on memory usage debugging flags. Possible flags are +\fIusage\fR, +\fItrace\fR, +\fIrecord\fR, +\fIsize\fR, and +\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in +\fI\fR. +.RE +.PP \-n \fI#cpus\fR +.RS 4 Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBnamed\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Listen for queries on port \fIport\fR. If not specified, the default is port 53. -.TP 3n +.RE +.PP \-s +.RS 4 Write memory usage statistics to \fIstdout\fR on exit. @@ -101,10 +129,26 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP 3n +.RE +.PP +\-S \fI#max\-socks\fR +.RS 4 +Allow +\fBnamed\fR +to use up to +\fI#max\-socks\fR +sockets. +.RS +.B "Warning:" +This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because +\fBnamed\fR +reserves some file descriptors for its internal use. +.RE +.RE +.PP \-t \fIdirectory\fR -\fBchroot()\fR -to +.RS 4 +Chroot to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. .RS @@ -112,13 +156,14 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP 3n +.RE +.PP \-u \fIuser\fR -\fBsetuid()\fR -to +.RS 4 +Setuid to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. .RS @@ -126,19 +171,23 @@ after completing privileged operations, such as creating sockets that listen on On Linux, \fBnamed\fR uses the kernel's capability mechanism to drop all root privileges except the ability to -\fBbind()\fR +\fBbind(2)\fR to a privileged port and set process resource limits. Unfortunately, this means that the \fB\-u\fR option only works when \fBnamed\fR is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after -\fBsetuid()\fR. +\fBsetuid(2)\fR. +.RE .RE -.TP 3n +.PP \-v +.RS 4 Report the version number and exit. -.TP 3n +.RE +.PP \-x \fIcache\-file\fR +.RS 4 Load data from \fIcache\-file\fR into the cache of the default view. @@ -146,17 +195,22 @@ into the cache of the default view. .B "Warning:" This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release. .RE +.RE .SH "SIGNALS" .PP In routine operation, signals should not be used to control the nameserver; \fBrndc\fR should be used instead. -.TP 3n +.PP SIGHUP +.RS 4 Force a reload of the server. -.TP 3n +.RE +.PP SIGINT, SIGTERM +.RS 4 Shut down the server. +.RE .PP The result of sending any other signals to the server is undefined. .SH "CONFIGURATION" @@ -166,17 +220,23 @@ The configuration file is too complex to describe in detail here. A complete description is provided in the BIND 9 Administrator Reference Manual. .SH "FILES" -.TP 3n +.PP \fI/etc/named.conf\fR +.RS 4 The default configuration file. -.TP 3n +.RE +.PP \fI/var/run/named.pid\fR +.RS 4 The default process\-id file. +.RE .SH "SEE ALSO" .PP RFC 1033, RFC 1034, RFC 1035, +\fBnamed\-checkconf\fR(8), +\fBnamed\-checkzone\fR(8), \fBrndc\fR(8), \fBlwresd\fR(8), \fBnamed.conf\fR(5), @@ -185,4 +245,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/named/named.conf.5 b/contrib/bind-9.5.2/bin/named/named.conf.5 similarity index 78% rename from contrib/bind-9.3/bin/named/named.conf.5 rename to contrib/bind-9.5.2/bin/named/named.conf.5 index 1ace4da31c..9a243195dd 100644 --- a/contrib/bind-9.3/bin/named/named.conf.5 +++ b/contrib/bind-9.5.2/bin/named/named.conf.5 @@ -1,6 +1,6 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -12,13 +12,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $ +.\" $Id: named.conf.5,v 1.31.38.2 2009/07/11 01:43:28 tbox Exp $ .\" .hy 0 .ad l .\" Title: \fInamed.conf\fR .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Aug 13, 2004 .\" Manual: BIND9 .\" Source: BIND9 @@ -46,14 +46,14 @@ C++ style: // to end of line Unix style: # to end of line .SH "ACL" .sp -.RS 3n +.RS 4 .nf acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi .RE .SH "KEY" .sp -.RS 3n +.RS 4 .nf key \fIdomain_name\fR { algorithm \fIstring\fR; @@ -63,7 +63,7 @@ key \fIdomain_name\fR { .RE .SH "MASTERS" .sp -.RS 3n +.RS 4 .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | @@ -73,11 +73,13 @@ masters \fIstring\fR [ port \fIinteger\fR ] { .RE .SH "SERVER" .sp -.RS 3n +.RS 4 .nf -server ( \fIipv4_address\fR | \fIipv6_address\fR ) { +server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) { bogus \fIboolean\fR; edns \fIboolean\fR; + edns\-udp\-size \fIinteger\fR; + max\-udp\-size \fIinteger\fR; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; keys \fIserver_key\fR; @@ -93,7 +95,7 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) { .RE .SH "TRUSTED\-KEYS" .sp -.RS 3n +.RS 4 .nf trusted\-keys { \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... @@ -102,7 +104,7 @@ trusted\-keys { .RE .SH "CONTROLS" .sp -.RS 3n +.RS 4 .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) @@ -115,7 +117,7 @@ controls { .RE .SH "LOGGING" .sp -.RS 3n +.RS 4 .nf logging { channel \fIstring\fR { @@ -134,7 +136,7 @@ logging { .RE .SH "LWRES" .sp -.RS 3n +.RS 4 .nf lwres { listen\-on [ port \fIinteger\fR ] { @@ -148,7 +150,7 @@ lwres { .RE .SH "OPTIONS" .sp -.RS 3n +.RS 4 .nf options { avoid\-v4\-udp\-ports { \fIport\fR; ... }; @@ -157,7 +159,6 @@ options { coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; - cache\-file \fIquoted_string\fR; // test option dump\-file \fIquoted_string\fR; files \fIsize\fR; heartbeat\-interval \fIinteger\fR; @@ -173,6 +174,7 @@ options { port \fIinteger\fR; querylog \fIboolean\fR; recursing\-file \fIquoted_string\fR; + reserved\-sockets \fIinteger\fR; random\-device \fIquoted_string\fR; recursive\-clients \fIinteger\fR; serial\-query\-rate \fIinteger\fR; @@ -191,6 +193,7 @@ options { use\-ixfr \fIboolean\fR; version ( \fIquoted_string\fR | none ); allow\-recursion { \fIaddress_match_element\fR; ... }; + allow\-recursion\-on { \fIaddress_match_element\fR; ... }; sortlist { \fIaddress_match_element\fR; ... }; topology { \fIaddress_match_element\fR; ... }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed @@ -205,39 +208,64 @@ options { rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; - query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; - query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; + query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; + query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; + use\-queryport\-pool \fIboolean\fR; + queryport\-pool\-ports \fIinteger\fR; + queryport\-pool\-updateinterval \fIinteger\fR; cleaning\-interval \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; max\-ncache\-ttl \fIinteger\fR; max\-cache\-ttl \fIinteger\fR; transfer\-format ( many\-answers | one\-answer ); - max\-cache\-size \fIsize_no_default\fR; + max\-cache\-size \fIsize\fR; + max\-acache\-size \fIsize\fR; + clients\-per\-query \fInumber\fR; + max\-clients\-per\-query \fInumber\fR; check\-names ( master | slave | response ) ( fail | warn | ignore ); - cache\-file \fIquoted_string\fR; + check\-mx ( fail | warn | ignore ); + check\-integrity \fIboolean\fR; + check\-mx\-cname ( fail | warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + cache\-file \fIquoted_string\fR; // test option suppress\-initial\-notify \fIboolean\fR; // not yet implemented preferred\-glue \fIstring\fR; dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ); ... - } + }; edns\-udp\-size \fIinteger\fR; + max\-udp\-size \fIinteger\fR; root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; + dnssec\-validation \fIboolean\fR; dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; + dnssec\-accept\-expired \fIboolean\fR; + empty\-server \fIstring\fR; + empty\-contact \fIstring\fR; + empty\-zones\-enable \fIboolean\fR; + disable\-empty\-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; allow\-query { \fIaddress_match_element\fR; ... }; + allow\-query\-on { \fIaddress_match_element\fR; ... }; + allow\-query\-cache { \fIaddress_match_element\fR; ... }; + allow\-query\-cache\-on { \fIaddress_match_element\fR; ... }; allow\-transfer { \fIaddress_match_element\fR; ... }; + allow\-update { \fIaddress_match_element\fR; ... }; allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; + update\-check\-ksk \fIboolean\fR; + masterfile\-format ( text | raw ); notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + notify\-delay \fIseconds\fR; + notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; allow\-notify { \fIaddress_match_element\fR; ... }; @@ -267,6 +295,9 @@ options { use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; + try\-tcp\-refresh \fIboolean\fR; + zero\-no\-soa\-ttl \fIboolean\fR; + zero\-no\-soa\-ttl\-cache \fIboolean\fR; allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete deallocate\-on\-exit \fIboolean\fR; // obsolete fake\-iquery \fIboolean\fR; // obsolete @@ -284,7 +315,7 @@ options { .RE .SH "VIEW" .sp -.RS 3n +.RS 4 .nf view \fIstring\fR \fIoptional_class\fR { match\-clients { \fIaddress_match_element\fR; ... }; @@ -297,13 +328,14 @@ view \fIstring\fR \fIoptional_class\fR { zone \fIstring\fR \fIoptional_class\fR { ... }; - server ( \fIipv4_address\fR | \fIipv6_address\fR ) { + server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) { ... }; trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ... }; allow\-recursion { \fIaddress_match_element\fR; ... }; + allow\-recursion\-on { \fIaddress_match_element\fR; ... }; sortlist { \fIaddress_match_element\fR; ... }; topology { \fIaddress_match_element\fR; ... }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed @@ -318,18 +350,28 @@ view \fIstring\fR \fIoptional_class\fR { rfc2308\-type1 \fIboolean\fR; // not yet implemented additional\-from\-auth \fIboolean\fR; additional\-from\-cache \fIboolean\fR; - query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; - query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ]; + query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; + query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ]; + use\-queryport\-pool \fIboolean\fR; + queryport\-pool\-ports \fIinteger\fR; + queryport\-pool\-updateinterval \fIinteger\fR; cleaning\-interval \fIinteger\fR; min\-roots \fIinteger\fR; // not implemented lame\-ttl \fIinteger\fR; max\-ncache\-ttl \fIinteger\fR; max\-cache\-ttl \fIinteger\fR; transfer\-format ( many\-answers | one\-answer ); - max\-cache\-size \fIsize_no_default\fR; + max\-cache\-size \fIsize\fR; + max\-acache\-size \fIsize\fR; + clients\-per\-query \fInumber\fR; + max\-clients\-per\-query \fInumber\fR; check\-names ( master | slave | response ) ( fail | warn | ignore ); - cache\-file \fIquoted_string\fR; + check\-mx ( fail | warn | ignore ); + check\-integrity \fIboolean\fR; + check\-mx\-cname ( fail | warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); + cache\-file \fIquoted_string\fR; // test option suppress\-initial\-notify \fIboolean\fR; // not yet implemented preferred\-glue \fIstring\fR; dual\-stack\-servers [ port \fIinteger\fR ] { @@ -338,19 +380,34 @@ view \fIstring\fR \fIoptional_class\fR { \fIipv6_address\fR [port \fIinteger\fR] ); ... }; edns\-udp\-size \fIinteger\fR; + max\-udp\-size \fIinteger\fR; root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; + dnssec\-validation \fIboolean\fR; dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; + dnssec\-accept\-expired \fIboolean\fR; + empty\-server \fIstring\fR; + empty\-contact \fIstring\fR; + empty\-zones\-enable \fIboolean\fR; + disable\-empty\-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; allow\-query { \fIaddress_match_element\fR; ... }; + allow\-query\-on { \fIaddress_match_element\fR; ... }; + allow\-query\-cache { \fIaddress_match_element\fR; ... }; + allow\-query\-cache\-on { \fIaddress_match_element\fR; ... }; allow\-transfer { \fIaddress_match_element\fR; ... }; + allow\-update { \fIaddress_match_element\fR; ... }; allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; + update\-check\-ksk \fIboolean\fR; + masterfile\-format ( text | raw ); notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + notify\-delay \fIseconds\fR; + notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; allow\-notify { \fIaddress_match_element\fR; ... }; @@ -379,7 +436,10 @@ view \fIstring\fR \fIoptional_class\fR { [ port ( \fIinteger\fR | * ) ]; use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; + try\-tcp\-refresh \fIboolean\fR; key\-directory \fIquoted_string\fR; + zero\-no\-soa\-ttl \fIboolean\fR; + zero\-no\-soa\-ttl\-cache \fIboolean\fR; allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete fetch\-glue \fIboolean\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete @@ -389,7 +449,7 @@ view \fIstring\fR \fIoptional_class\fR { .RE .SH "ZONE" .sp -.RS 3n +.RS 4 .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | @@ -403,9 +463,16 @@ zone \fIstring\fR \fIoptional_class\fR { database \fIstring\fR; delegation\-only \fIboolean\fR; check\-names ( fail | warn | ignore ); + check\-mx ( fail | warn | ignore ); + check\-integrity \fIboolean\fR; + check\-mx\-cname ( fail | warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); dialup \fIdialuptype\fR; ixfr\-from\-differences \fIboolean\fR; + journal \fIquoted_string\fR; + zero\-no\-soa\-ttl \fIboolean\fR; allow\-query { \fIaddress_match_element\fR; ... }; + allow\-query\-on { \fIaddress_match_element\fR; ... }; allow\-transfer { \fIaddress_match_element\fR; ... }; allow\-update { \fIaddress_match_element\fR; ... }; allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; @@ -414,9 +481,13 @@ zone \fIstring\fR \fIoptional_class\fR { ( name | subdomain | wildcard | self ) \fIstring\fR \fIrrtypelist\fR; ... }; + update\-check\-ksk \fIboolean\fR; + masterfile\-format ( text | raw ); notify \fInotifytype\fR; notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]; + notify\-delay \fIseconds\fR; + notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... }; allow\-notify { \fIaddress_match_element\fR; ... }; @@ -445,6 +516,7 @@ zone \fIstring\fR \fIoptional_class\fR { [ port ( \fIinteger\fR | * ) ]; use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; + try\-tcp\-refresh \fIboolean\fR; key\-directory \fIquoted_string\fR; ixfr\-base \fIquoted_string\fR; // obsolete ixfr\-tmp\-file \fIquoted_string\fR; // obsolete @@ -460,7 +532,9 @@ zone \fIstring\fR \fIoptional_class\fR { .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkconf\fR(8), \fBrndc\fR(8), -\fBBIND 9 Administrator Reference Manual\fR(). +BIND 9 Administrator Reference Manual. .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/contrib/bind-9.3/bin/named/named.conf.html b/contrib/bind-9.5.2/bin/named/named.conf.html similarity index 78% rename from contrib/bind-9.3/bin/named/named.conf.html rename to contrib/bind-9.5.2/bin/named/named.conf.html index b43ee7f83c..ae056615ff 100644 --- a/contrib/bind-9.3/bin/named/named.conf.html +++ b/contrib/bind-9.5.2/bin/named/named.conf.html @@ -1,7 +1,7 @@ - + named.conf - +
-
+

Name

named.conf — configuration file for named

@@ -31,33 +31,33 @@

named.conf

-

DESCRIPTION

-

- named.conf is the configuration file for - named. Statements are enclosed - in braces and terminated with a semi-colon. Clauses in - the statements are also semi-colon terminated. The usual - comment styles are supported: +

DESCRIPTION

+

named.conf is the configuration file + for + named. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported:

- C style: /* */ + C style: /* */

- C++ style: // to end of line + C++ style: // to end of line

- Unix style: # to end of line + Unix style: # to end of line

-

ACL

+

ACL


acl string { address_match_element; ... };

-

KEY

+

KEY


key domain_name {
algorithm string;
@@ -66,7 +66,7 @@ key

-

MASTERS

+

MASTERS


masters string [ port integer ] {
( masters | ipv4_address [port integer] |
@@ -75,11 +75,13 @@ masters

-

SERVER

+

SERVER


-server ( ipv4_address | ipv6_address ) {
+server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
bogus boolean;
edns boolean;
+ edns-udp-size integer;
+ max-udp-size integer;
provide-ixfr boolean;
request-ixfr boolean;
keys server_key;
@@ -95,7 +97,7 @@ server

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys {
domain_name flags protocol algorithm key; ... 
@@ -103,7 +105,7 @@ trusted-keys

-

CONTROLS

+

CONTROLS


controls {
inet ( ipv4_address | ipv6_address | * )
@@ -115,7 +117,7 @@ controls

-

LOGGING

+

LOGGING


logging {
channel string {
@@ -133,7 +135,7 @@ logging

-

LWRES

+

LWRES


lwres {
listen-on [ port integer ] {
@@ -146,7 +148,7 @@ lwres

-

OPTIONS

+

OPTIONS


options {
avoid-v4-udp-ports { port; ... };
@@ -155,7 +157,6 @@ options coresize size;
datasize size;
directory quoted_string;
- cache-file quoted_string; // test option
dump-file quoted_string;
files size;
heartbeat-interval integer;
@@ -171,6 +172,7 @@ options port integer;
querylog boolean;
recursing-file quoted_string;
+ reserved-sockets integer;
random-device quoted_string;
recursive-clients integer;
serial-query-rate integer;
@@ -189,6 +191,7 @@ options use-ixfr boolean;
version ( quoted_string | none );
allow-recursion { address_match_element; ... };
+ allow-recursion-on { address_match_element; ... };
sortlist { address_match_element; ... };
topology { address_match_element; ... }; // not implemented
auth-nxdomain boolean; // default changed
@@ -203,42 +206,68 @@ options rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
- query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
- query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
+ query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
+ query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
+ use-queryport-pool boolean;
+ queryport-pool-ports integer;
+ queryport-pool-updateinterval integer;
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
max-ncache-ttl integer;
max-cache-ttl integer;
transfer-format ( many-answers | one-answer );
- max-cache-size size_no_default;
+ max-cache-size size;
+ max-acache-size size;
+ clients-per-query number;
+ max-clients-per-query number;
check-names ( master | slave | response )
( fail | warn | ignore );
- cache-file quoted_string;
+ check-mx ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ cache-file quoted_string; // test option
suppress-initial-notify boolean; // not yet implemented
preferred-glue string;
dual-stack-servers [ port integer ] {
( quoted_string [port integer] |
ipv4_address [port integer] |
ipv6_address [port integer] ); ...
- }
+ };
edns-udp-size integer;
+ max-udp-size integer;
root-delegation-only [ exclude { quoted_string; ... } ];
disable-algorithms string { string; ... };
dnssec-enable boolean;
+ dnssec-validation boolean;
dnssec-lookaside string trust-anchor string;
dnssec-must-be-secure string boolean;
+ dnssec-accept-expired boolean;
+
+ empty-server string;
+ empty-contact string;
+ empty-zones-enable boolean;
+ disable-empty-zone string;

dialup dialuptype;
ixfr-from-differences ixfrdiff;

allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
+ allow-query-cache { address_match_element; ... };
+ allow-query-cache-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
+ update-check-ksk boolean;

+ masterfile-format ( text | raw );
notify notifytype;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+ notify-delay seconds;
+ notify-to-soa boolean;
also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };
@@ -273,6 +302,9 @@ options
zone-statistics boolean;
key-directory quoted_string;
+ try-tcp-refresh boolean;
+ zero-no-soa-ttl boolean;
+ zero-no-soa-ttl-cache boolean;

allow-v6-synthesis { address_match_element; ... }; // obsolete
deallocate-on-exit boolean; // obsolete
@@ -290,7 +322,7 @@ options

-

VIEW

+

VIEW


view string optional_class {
match-clients { address_match_element; ... };
@@ -306,7 +338,7 @@ view ...
};

- server ( ipv4_address | ipv6_address ) {
+ server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
...
};

@@ -315,6 +347,7 @@ view };

allow-recursion { address_match_element; ... };
+ allow-recursion-on { address_match_element; ... };
sortlist { address_match_element; ... };
topology { address_match_element; ... }; // not implemented
auth-nxdomain boolean; // default changed
@@ -329,18 +362,28 @@ view rfc2308-type1 boolean; // not yet implemented
additional-from-auth boolean;
additional-from-cache boolean;
- query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
- query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
+ query-source ( ( ipv4_address | * ) | [ address ( ipv4_address | * ) ] ) [ port ( integer | * ) ];
+ query-source-v6 ( ( ipv6_address | * ) | [ address ( ipv6_address | * ) ] ) [ port ( integer | * ) ];
+ use-queryport-pool boolean;
+ queryport-pool-ports integer;
+ queryport-pool-updateinterval integer;
cleaning-interval integer;
min-roots integer; // not implemented
lame-ttl integer;
max-ncache-ttl integer;
max-cache-ttl integer;
transfer-format ( many-answers | one-answer );
- max-cache-size size_no_default;
+ max-cache-size size;
+ max-acache-size size;
+ clients-per-query number;
+ max-clients-per-query number;
check-names ( master | slave | response )
( fail | warn | ignore );
- cache-file quoted_string;
+ check-mx ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
+ cache-file quoted_string; // test option
suppress-initial-notify boolean; // not yet implemented
preferred-glue string;
dual-stack-servers [ port integer ] {
@@ -349,22 +392,38 @@ view ipv6_address [port integer] ); ...
};
edns-udp-size integer;
+ max-udp-size integer;
root-delegation-only [ exclude { quoted_string; ... } ];
disable-algorithms string { string; ... };
dnssec-enable boolean;
+ dnssec-validation boolean;
dnssec-lookaside string trust-anchor string;
-
dnssec-must-be-secure string boolean;
+ dnssec-accept-expired boolean;
+
+ empty-server string;
+ empty-contact string;
+ empty-zones-enable boolean;
+ disable-empty-zone string;
+
dialup dialuptype;
ixfr-from-differences ixfrdiff;

allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
+ allow-query-cache { address_match_element; ... };
+ allow-query-cache-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
+ allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
+ update-check-ksk boolean;

+ masterfile-format ( text | raw );
notify notifytype;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+ notify-delay seconds;
+ notify-to-soa boolean;
also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };
@@ -398,7 +457,10 @@ view use-alt-transfer-source boolean;

zone-statistics boolean;
+ try-tcp-refresh boolean;
key-directory quoted_string;
+ zero-no-soa-ttl boolean;
+ zero-no-soa-ttl-cache boolean;

allow-v6-synthesis { address_match_element; ... }; // obsolete
fetch-glue boolean; // obsolete
@@ -408,7 +470,7 @@ view

-

ZONE

+

ZONE


zone string optional_class {
type ( master | slave | stub | hint |
@@ -424,10 +486,17 @@ zone database string;
delegation-only boolean;
check-names ( fail | warn | ignore );
+ check-mx ( fail | warn | ignore );
+ check-integrity boolean;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
dialup dialuptype;
ixfr-from-differences boolean;
+ journal quoted_string;
+ zero-no-soa-ttl boolean;

allow-query { address_match_element; ... };
+ allow-query-on { address_match_element; ... };
allow-transfer { address_match_element; ... };
allow-update { address_match_element; ... };
allow-update-forwarding { address_match_element; ... };
@@ -436,10 +505,14 @@ zone ( name | subdomain | wildcard | self ) string
rrtypelist; ...
};
+ update-check-ksk boolean;

+ masterfile-format ( text | raw );
notify notifytype;
notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+ notify-delay seconds;
+ notify-to-soa boolean;
also-notify [ port integer ] { ( ipv4_address | ipv6_address )
[ port integer ]; ... };
allow-notify { address_match_element; ... };
@@ -473,6 +546,7 @@ zone use-alt-transfer-source boolean;

zone-statistics boolean;
+ try-tcp-refresh boolean;
key-directory quoted_string;

ixfr-base quoted_string; // obsolete
@@ -484,18 +558,17 @@ zone

-

FILES

-

-/etc/named.conf -

+

FILES

+

/etc/named.conf +

-

SEE ALSO

-

-named(8), -rndc(8), -BIND 9 Administrator Reference Manual. -

+

SEE ALSO

+

named(8), + named-checkconf(8), + rndc(8), + BIND 9 Administrator Reference Manual. +

diff --git a/contrib/bind-9.5.2/bin/named/named.html b/contrib/bind-9.5.2/bin/named/named.html new file mode 100644 index 0000000000..e934958e91 --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/named.html @@ -0,0 +1,280 @@ + + + + + +named + + +
+
+
+

Name

+

named — Internet domain name server

+
+
+

Synopsis

+

named [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-x cache-file]

+
+
+

DESCRIPTION

+

named + is a Domain Name System (DNS) server, + part of the BIND 9 distribution from ISC. For more + information on the DNS, see RFCs 1033, 1034, and 1035. +

+

+ When invoked without arguments, named + will + read the default configuration file + /etc/named.conf, read any initial + data, and listen for queries. +

+
+
+

OPTIONS

+
+
-4
+

+ Use IPv4 only even if the host machine is capable of IPv6. + -4 and -6 are mutually + exclusive. +

+
-6
+

+ Use IPv6 only even if the host machine is capable of IPv4. + -4 and -6 are mutually + exclusive. +

+
-c config-file
+

+ Use config-file as the + configuration file instead of the default, + /etc/named.conf. To + ensure that reloading the configuration file continues + to work after the server has changed its working + directory due to to a possible + directory option in the configuration + file, config-file should be + an absolute pathname. +

+
-d debug-level
+

+ Set the daemon's debug level to debug-level. + Debugging traces from named become + more verbose as the debug level increases. +

+
-f
+

+ Run the server in the foreground (i.e. do not daemonize). +

+
-g
+

+ Run the server in the foreground and force all logging + to stderr. +

+
-m flag
+

+ Turn on memory usage debugging flags. Possible flags are + usage, + trace, + record, + size, and + mctx. + These correspond to the ISC_MEM_DEBUGXXXX flags described in + <isc/mem.h>. +

+
-n #cpus
+

+ Create #cpus worker threads + to take advantage of multiple CPUs. If not specified, + named will try to determine the + number of CPUs present and create one thread per CPU. + If it is unable to determine the number of CPUs, a + single worker thread will be created. +

+
-p port
+

+ Listen for queries on port port. If not + specified, the default is port 53. +

+
-s
+
+

+ Write memory usage statistics to stdout on exit. +

+
+

Note

+

+ This option is mainly of interest to BIND 9 developers + and may be removed or changed in a future release. +

+
+
+
-S #max-socks
+
+

+ Allow named to use up to + #max-socks sockets. +

+
+

Warning

+

+ This option should be unnecessary for the vast majority + of users. + The use of this option could even be harmful because the + specified value may exceed the limitation of the + underlying system API. + It is therefore set only when the default configuration + causes exhaustion of file descriptors and the + operational environment is known to support the + specified number of sockets. + Note also that the actual maximum number is normally a little + fewer than the specified value because + named reserves some file descriptors + for its internal use. +

+
+
+
-t directory
+
+

Chroot + to directory after + processing the command line arguments, but before + reading the configuration file. +

+
+

Warning

+

+ This option should be used in conjunction with the + -u option, as chrooting a process + running as root doesn't enhance security on most + systems; the way chroot(2) is + defined allows a process with root privileges to + escape a chroot jail. +

+
+
+
-u user
+
+

Setuid + to user after completing + privileged operations, such as creating sockets that + listen on privileged ports. +

+
+

Note

+

+ On Linux, named uses the kernel's + capability mechanism to drop all root privileges + except the ability to bind(2) to + a + privileged port and set process resource limits. + Unfortunately, this means that the -u + option only works when named is + run + on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or + later, since previous kernels did not allow privileges + to be retained after setuid(2). +

+
+
+
-v
+

+ Report the version number and exit. +

+
-x cache-file
+
+

+ Load data from cache-file into the + cache of the default view. +

+
+

Warning

+

+ This option must not be used. It is only of interest + to BIND 9 developers and may be removed or changed in a + future release. +

+
+
+
+
+
+

SIGNALS

+

+ In routine operation, signals should not be used to control + the nameserver; rndc should be used + instead. +

+
+
SIGHUP
+

+ Force a reload of the server. +

+
SIGINT, SIGTERM
+

+ Shut down the server. +

+
+

+ The result of sending any other signals to the server is undefined. +

+
+
+

CONFIGURATION

+

+ The named configuration file is too complex + to describe in detail here. A complete description is provided + in the + BIND 9 Administrator Reference Manual. +

+
+
+

FILES

+
+
/etc/named.conf
+

+ The default configuration file. +

+
/var/run/named.pid
+

+ The default process-id file. +

+
+
+
+

SEE ALSO

+

RFC 1033, + RFC 1034, + RFC 1035, + named-checkconf(8), + named-checkzone(8), + rndc(8), + lwresd(8), + named.conf(5), + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/named/notify.c b/contrib/bind-9.5.2/bin/named/notify.c similarity index 84% rename from contrib/bind-9.3/bin/named/notify.c rename to contrib/bind-9.5.2/bin/named/notify.c index e3c5b2a898..de52b8c82b 100644 --- a/contrib/bind-9.3/bin/named/notify.c +++ b/contrib/bind-9.5.2/bin/named/notify.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: notify.c,v 1.24.2.2.2.7 2004/08/28 06:25:30 marka Exp $ */ +/* $Id: notify.c,v 1.37 2007/06/19 23:46:59 tbox Exp $ */ #include @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -32,8 +33,9 @@ #include #include -/* - * This module implements notify as in RFC 1996. +/*! \file + * \brief + * This module implements notify as in RFC1996. */ static void @@ -79,7 +81,7 @@ ns_notify_start(ns_client_t *client) { dns_zone_t *zone = NULL; char namebuf[DNS_NAME_FORMATSIZE]; char tsigbuf[DNS_NAME_FORMATSIZE + sizeof(": TSIG ''")]; - dns_name_t *tsigname; + dns_tsigkey_t *tsigkey; /* * Interpret the question section. @@ -118,10 +120,20 @@ ns_notify_start(ns_client_t *client) { goto formerr; } - tsigname = NULL; - if (dns_message_gettsig(request, &tsigname) != NULL) { - dns_name_format(tsigname, namebuf, sizeof(namebuf)); - snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s'", namebuf); + tsigkey = dns_message_gettsigkey(request); + if (tsigkey != NULL) { + dns_name_format(&tsigkey->name, namebuf, sizeof(namebuf)); + + if (tsigkey->generated) { + char cnamebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(tsigkey->creator, cnamebuf, + sizeof(cnamebuf)); + snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s' (%s)", + namebuf, cnamebuf); + } else { + snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s'", + namebuf); + } } else tsigbuf[0] = '\0'; dns_name_format(zonename, namebuf, sizeof(namebuf)); diff --git a/contrib/bind-9.3/bin/named/query.c b/contrib/bind-9.5.2/bin/named/query.c similarity index 69% rename from contrib/bind-9.3/bin/named/query.c rename to contrib/bind-9.5.2/bin/named/query.c index c0a76a8bdd..08dc9c3f01 100644 --- a/contrib/bind-9.3/bin/named/query.c +++ b/contrib/bind-9.5.2/bin/named/query.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,20 +15,28 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */ +/* $Id: query.c,v 1.298.48.15 2009/09/16 22:28:52 marka Exp $ */ + +/*! \file */ #include #include #include +#include #include #include #include #include +#ifdef DLZ +#include +#endif +#include #include #include +#include #include #include #include @@ -51,24 +59,34 @@ #include #include +/*% Partial answer? */ #define PARTIALANSWER(c) (((c)->query.attributes & \ NS_QUERYATTR_PARTIALANSWER) != 0) +/*% Use Cache? */ #define USECACHE(c) (((c)->query.attributes & \ NS_QUERYATTR_CACHEOK) != 0) +/*% Recursion OK? */ #define RECURSIONOK(c) (((c)->query.attributes & \ NS_QUERYATTR_RECURSIONOK) != 0) +/*% Recursing? */ #define RECURSING(c) (((c)->query.attributes & \ NS_QUERYATTR_RECURSING) != 0) +/*% Cache glue ok? */ #define CACHEGLUEOK(c) (((c)->query.attributes & \ NS_QUERYATTR_CACHEGLUEOK) != 0) +/*% Want Recursion? */ #define WANTRECURSION(c) (((c)->query.attributes & \ NS_QUERYATTR_WANTRECURSION) != 0) +/*% Want DNSSEC? */ #define WANTDNSSEC(c) (((c)->attributes & \ NS_CLIENTATTR_WANTDNSSEC) != 0) +/*% No authority? */ #define NOAUTHORITY(c) (((c)->query.attributes & \ NS_QUERYATTR_NOAUTHORITY) != 0) +/*% No additional? */ #define NOADDITIONAL(c) (((c)->query.attributes & \ NS_QUERYATTR_NOADDITIONAL) != 0) +/*% Secure? */ #define SECURE(c) (((c)->query.attributes & \ NS_QUERYATTR_SECURE) != 0) @@ -92,59 +110,94 @@ #define DNS_GETDB_NOLOG 0x02U #define DNS_GETDB_PARTIAL 0x04U -static void +typedef struct client_additionalctx { + ns_client_t *client; + dns_rdataset_t *rdataset; +} client_additionalctx_t; + +static isc_result_t query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype); -/* +static isc_boolean_t +validate(ns_client_t *client, dns_db_t *db, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); + +static inline void +log_queryerror(ns_client_t *client, isc_result_t result, int line, int level); + +/*% * Increment query statistics counters. */ static inline void -inc_stats(ns_client_t *client, dns_statscounter_t counter) { +inc_stats(ns_client_t *client, isc_statscounter_t counter) { dns_zone_t *zone = client->query.authzone; - REQUIRE(counter < DNS_STATS_NCOUNTERS); - - ns_g_server->querystats[counter]++; + isc_stats_increment(ns_g_server->nsstats, counter); if (zone != NULL) { - isc_uint64_t *zonestats = dns_zone_getstatscounters(zone); + isc_stats_t *zonestats = dns_zone_getrequeststats(zone); if (zonestats != NULL) - zonestats[counter]++; + isc_stats_increment(zonestats, counter); } } static void query_send(ns_client_t *client) { - dns_statscounter_t counter; + isc_statscounter_t counter; + if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0) + inc_stats(client, dns_nsstatscounter_nonauthans); + else + inc_stats(client, dns_nsstatscounter_authans); if (client->message->rcode == dns_rcode_noerror) { if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) { if (client->query.isreferral) { - counter = dns_statscounter_referral; + counter = dns_nsstatscounter_referral; } else { - counter = dns_statscounter_nxrrset; + counter = dns_nsstatscounter_nxrrset; } } else { - counter = dns_statscounter_success; + counter = dns_nsstatscounter_success; } } else if (client->message->rcode == dns_rcode_nxdomain) { - counter = dns_statscounter_nxdomain; + counter = dns_nsstatscounter_nxdomain; } else { /* We end up here in case of YXDOMAIN, and maybe others */ - counter = dns_statscounter_failure; + counter = dns_nsstatscounter_failure; } inc_stats(client, counter); ns_client_send(client); } static void -query_error(ns_client_t *client, isc_result_t result) { - inc_stats(client, dns_statscounter_failure); +query_error(ns_client_t *client, isc_result_t result, int line) { + int loglevel = ISC_LOG_DEBUG(3); + + switch (result) { + case DNS_R_SERVFAIL: + loglevel = ISC_LOG_DEBUG(1); + inc_stats(client, dns_nsstatscounter_servfail); + break; + case DNS_R_FORMERR: + inc_stats(client, dns_nsstatscounter_formerr); + break; + default: + inc_stats(client, dns_nsstatscounter_failure); + break; + } + + log_queryerror(client, result, line, loglevel); + ns_client_error(client, result); } static void query_next(ns_client_t *client, isc_result_t result) { - inc_stats(client, dns_statscounter_failure); + if (result == DNS_R_DUPLICATE) + inc_stats(client, dns_nsstatscounter_duplicate); + else if (result == DNS_R_DROP) + inc_stats(client, dns_nsstatscounter_dropped); + else + inc_stats(client, dns_nsstatscounter_failure); ns_client_next(client, result); } @@ -187,7 +240,7 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { isc_buffer_t *dbuf, *dbuf_next; ns_dbversion_t *dbversion, *dbversion_next; - /* + /*% * Reset the query state of a client to its default state. */ @@ -266,7 +319,7 @@ query_newnamebuf(ns_client_t *client) { isc_result_t result; CTRACE("query_newnamebuf"); - /* + /*% * Allocate a name buffer. */ @@ -289,7 +342,7 @@ query_getnamebuf(ns_client_t *client) { isc_region_t r; CTRACE("query_getnamebuf"); - /* + /*% * Return a name buffer with space for a maximal name, allocating * a new one if necessary. */ @@ -325,7 +378,7 @@ query_keepname(ns_client_t *client, dns_name_t *name, isc_buffer_t *dbuf) { isc_region_t r; CTRACE("query_keepname"); - /* + /*% * 'name' is using space in 'dbuf', but 'dbuf' has not yet been * adjusted to take account of that. We do the adjustment. */ @@ -342,7 +395,7 @@ static inline void query_releasename(ns_client_t *client, dns_name_t **namep) { dns_name_t *name = *namep; - /* + /*% * 'name' is no longer needed. Return it to our pool of temporary * names. If it is using a name buffer, relinquish its exclusive * rights on the buffer. @@ -479,7 +532,7 @@ ns_query_init(ns_client_t *client) { client->query.authdb = NULL; client->query.authzone = NULL; client->query.authdbset = ISC_FALSE; - client->query.isreferral = ISC_FALSE; + client->query.isreferral = ISC_FALSE; query_reset(client, ISC_FALSE); result = query_newdbversion(client, 3); if (result != ISC_R_SUCCESS) { @@ -499,7 +552,7 @@ query_findversion(ns_client_t *client, dns_db_t *db, { ns_dbversion_t *dbversion; - /* + /*% * We may already have done a query related to this * database. If so, we must be sure to make subsequent * queries from the same version. @@ -532,42 +585,23 @@ query_findversion(ns_client_t *client, dns_db_t *db, } static inline isc_result_t -query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, - unsigned int options, dns_zone_t **zonep, dns_db_t **dbp, - dns_dbversion_t **versionp) +query_validatezonedb(ns_client_t *client, dns_name_t *name, + dns_rdatatype_t qtype, unsigned int options, + dns_zone_t *zone, dns_db_t *db, + dns_dbversion_t **versionp) { isc_result_t result; isc_boolean_t check_acl, new_zone; dns_acl_t *queryacl; ns_dbversion_t *dbversion; - unsigned int ztoptions; - dns_zone_t *zone = NULL; - dns_db_t *db = NULL; - isc_boolean_t partial = ISC_FALSE; - REQUIRE(zonep != NULL && *zonep == NULL); - REQUIRE(dbp != NULL && *dbp == NULL); - - /* - * Find a zone database to answer the query. - */ - ztoptions = ((options & DNS_GETDB_NOEXACT) != 0) ? - DNS_ZTFIND_NOEXACT : 0; - - result = dns_zt_find(client->view->zonetable, name, ztoptions, NULL, - &zone); - if (result == DNS_R_PARTIALMATCH) - partial = ISC_TRUE; - if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) - result = dns_zone_getdb(zone, &db); - - if (result != ISC_R_SUCCESS) - goto fail; + REQUIRE(zone != NULL); + REQUIRE(db != NULL); /* * This limits our searching to the zone where the first name * (the query target) was looked for. This prevents following - * CNAMES or DNAMES into other zones and prevents returning + * CNAMES or DNAMES into other zones and prevents returning * additional data from other zones. */ if (!client->view->additionalfromauth && @@ -628,7 +662,8 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, if (check_acl) { isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0); - result = ns_client_checkaclsilent(client, queryacl, ISC_TRUE); + result = ns_client_checkaclsilent(client, NULL, queryacl, + ISC_TRUE); if (log) { char msg[NS_CLIENT_ACLMSGSIZE("query")]; if (result == ISC_R_SUCCESS) { @@ -644,7 +679,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, ISC_LOG_DEBUG(3), "%s approved", msg); } - } else { + } else { ns_client_aclmsg("query", name, qtype, client->view->rdclass, msg, sizeof(msg)); @@ -683,17 +718,63 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, */ dbversion->queryok = ISC_TRUE; + /* Transfer ownership, if necessary. */ + if (versionp != NULL) + *versionp = dbversion->version; + + return (ISC_R_SUCCESS); + + refuse: + return (DNS_R_REFUSED); + + fail: + return (result); +} + +static inline isc_result_t +query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, + unsigned int options, dns_zone_t **zonep, dns_db_t **dbp, + dns_dbversion_t **versionp) +{ + isc_result_t result; + unsigned int ztoptions; + dns_zone_t *zone = NULL; + dns_db_t *db = NULL; + isc_boolean_t partial = ISC_FALSE; + + REQUIRE(zonep != NULL && *zonep == NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + + /*% + * Find a zone database to answer the query. + */ + ztoptions = ((options & DNS_GETDB_NOEXACT) != 0) ? + DNS_ZTFIND_NOEXACT : 0; + + result = dns_zt_find(client->view->zonetable, name, ztoptions, NULL, + &zone); + if (result == DNS_R_PARTIALMATCH) + partial = ISC_TRUE; + if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) + result = dns_zone_getdb(zone, &db); + + if (result != ISC_R_SUCCESS) + goto fail; + + result = query_validatezonedb(client, name, qtype, options, zone, db, + versionp); + + if (result != ISC_R_SUCCESS) + goto fail; + /* Transfer ownership. */ *zonep = zone; *dbp = db; - *versionp = dbversion->version; if (partial && (options & DNS_GETDB_PARTIAL) != 0) return (DNS_R_PARTIALMATCH); return (ISC_R_SUCCESS); - refuse: - result = DNS_R_REFUSED; fail: if (zone != NULL) dns_zone_detach(&zone); @@ -713,7 +794,7 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, REQUIRE(dbp != NULL && *dbp == NULL); - /* + /*% * Find a cache database to answer the query. * This may fail with DNS_R_REFUSED if the client * is not allowed to use the cache. @@ -745,8 +826,8 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, if (check_acl) { isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0); char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")]; - - result = ns_client_checkaclsilent(client, + + result = ns_client_checkaclsilent(client, NULL, client->view->queryacl, ISC_TRUE); if (result == ISC_R_SUCCESS) { @@ -811,9 +892,85 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, { isc_result_t result; +#ifdef DLZ + isc_result_t tresult; + unsigned int namelabels; + unsigned int zonelabels; + dns_zone_t *zone = NULL; + dns_db_t *tdbp; + + REQUIRE(zonep != NULL && *zonep == NULL); + + tdbp = NULL; + + /* Calculate how many labels are in name. */ + namelabels = dns_name_countlabels(name); + zonelabels = 0; + + /* Try to find name in bind's standard database. */ + result = query_getzonedb(client, name, qtype, options, &zone, + dbp, versionp); + + /* See how many labels are in the zone's name. */ + if (result == ISC_R_SUCCESS && zone != NULL) + zonelabels = dns_name_countlabels(dns_zone_getorigin(zone)); + /* + * If # zone labels < # name labels, try to find an even better match + * Only try if a DLZ driver is loaded for this view + */ + if (zonelabels < namelabels && client->view->dlzdatabase != NULL) { + tresult = dns_dlzfindzone(client->view, name, + zonelabels, &tdbp); + /* If we successful, we found a better match. */ + if (tresult == ISC_R_SUCCESS) { + /* + * If the previous search returned a zone, detach it. + */ + if (zone != NULL) + dns_zone_detach(&zone); + + /* + * If the previous search returned a database, + * detach it. + */ + if (*dbp != NULL) + dns_db_detach(dbp); + + /* + * If the previous search returned a version, clear it. + */ + *versionp = NULL; + + /* + * Get our database version. + */ + dns_db_currentversion(tdbp, versionp); + + /* + * Be sure to return our database. + */ + *dbp = tdbp; + + /* + * We return a null zone, No stats for DLZ zones. + */ + zone = NULL; + result = tresult; + } + } +#else result = query_getzonedb(client, name, qtype, options, zonep, dbp, versionp); +#endif + + /* If successful, Transfer ownership of zone. */ if (result == ISC_R_SUCCESS) { +#ifdef DLZ + *zonep = zone; +#endif + /* + * If neither attempt above succeeded, return the cache instead + */ *is_zonep = ISC_TRUE; } else if (result == ISC_R_NOTFOUND) { result = query_getcachedb(client, name, qtype, dbp, options); @@ -975,10 +1132,23 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { * Most likely the client isn't allowed to query the cache. */ goto try_glue; - - result = dns_db_find(db, name, version, type, client->query.dboptions, + /* + * Attempt to validate glue. + */ + if (sigrdataset == NULL) { + sigrdataset = query_newrdataset(client); + if (sigrdataset == NULL) + goto cleanup; + } + result = dns_db_find(db, name, version, type, + client->query.dboptions | DNS_DBFIND_GLUEOK, client->now, &node, fname, rdataset, sigrdataset); + if (result == DNS_R_GLUE && + validate(client, db, fname, rdataset, sigrdataset)) + result = ISC_R_SUCCESS; + if (!WANTDNSSEC(client)) + query_putrdataset(client, &sigrdataset); if (result == ISC_R_SUCCESS) goto found; @@ -1010,7 +1180,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { goto cleanup; /* - * Don't poision caches using the bailiwick protection model. + * Don't poison caches using the bailiwick protection model. */ if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb))) goto cleanup; @@ -1140,31 +1310,559 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { INSIST(sigrdataset == NULL || ! dns_rdataset_isassociated(sigrdataset)); } - if (result == ISC_R_SUCCESS) { - mname = NULL; - if (!query_isduplicate(client, fname, - dns_rdatatype_aaaa, &mname)) { + if (result == ISC_R_SUCCESS) { + mname = NULL; + if (!query_isduplicate(client, fname, + dns_rdatatype_aaaa, &mname)) { + if (mname != NULL) { + query_releasename(client, &fname); + fname = mname; + } else + need_addname = ISC_TRUE; + ISC_LIST_APPEND(fname->list, rdataset, link); + added_something = ISC_TRUE; + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + { + ISC_LIST_APPEND(fname->list, + sigrdataset, link); + sigrdataset = NULL; + } + rdataset = NULL; + } + } + } + + addname: + CTRACE("query_addadditional: addname"); + /* + * If we haven't added anything, then we're done. + */ + if (!added_something) + goto cleanup; + + /* + * We may have added our rdatasets to an existing name, if so, then + * need_addname will be ISC_FALSE. Whether we used an existing name + * or a new one, we must set fname to NULL to prevent cleanup. + */ + if (need_addname) + dns_message_addname(client->message, fname, + DNS_SECTION_ADDITIONAL); + fname = NULL; + + /* + * In a few cases, we want to add additional data for additional + * data. It's simpler to just deal with special cases here than + * to try to create a general purpose mechanism and allow the + * rdata implementations to do it themselves. + * + * This involves recursion, but the depth is limited. The + * most complex case is adding a SRV rdataset, which involves + * recursing to add address records, which in turn can cause + * recursion to add KEYs. + */ + if (type == dns_rdatatype_srv && trdataset != NULL) { + /* + * If we're adding SRV records to the additional data + * section, it's helpful if we add the SRV additional data + * as well. + */ + eresult = dns_rdataset_additionaldata(trdataset, + query_addadditional, + client); + } + + cleanup: + CTRACE("query_addadditional: cleanup"); + query_putrdataset(client, &rdataset); + if (sigrdataset != NULL) + query_putrdataset(client, &sigrdataset); + if (fname != NULL) + query_releasename(client, &fname); + if (node != NULL) + dns_db_detachnode(db, &node); + if (db != NULL) + dns_db_detach(&db); + if (zone != NULL) + dns_zone_detach(&zone); + + CTRACE("query_addadditional: done"); + return (eresult); +} + +static inline void +query_discardcache(ns_client_t *client, dns_rdataset_t *rdataset_base, + dns_rdatasetadditional_t additionaltype, + dns_rdatatype_t type, dns_zone_t **zonep, dns_db_t **dbp, + dns_dbversion_t **versionp, dns_dbnode_t **nodep, + dns_name_t *fname) +{ + dns_rdataset_t *rdataset; + + while ((rdataset = ISC_LIST_HEAD(fname->list)) != NULL) { + ISC_LIST_UNLINK(fname->list, rdataset, link); + query_putrdataset(client, &rdataset); + } + if (*versionp != NULL) + dns_db_closeversion(*dbp, versionp, ISC_FALSE); + if (*nodep != NULL) + dns_db_detachnode(*dbp, nodep); + if (*dbp != NULL) + dns_db_detach(dbp); + if (*zonep != NULL) + dns_zone_detach(zonep); + (void)dns_rdataset_putadditional(client->view->acache, rdataset_base, + additionaltype, type); +} + +static inline isc_result_t +query_iscachevalid(dns_zone_t *zone, dns_db_t *db, dns_db_t *db0, + dns_dbversion_t *version) +{ + isc_result_t result = ISC_R_SUCCESS; + dns_dbversion_t *version_current = NULL; + dns_db_t *db_current = db0; + + if (db_current == NULL) { + result = dns_zone_getdb(zone, &db_current); + if (result != ISC_R_SUCCESS) + return (result); + } + dns_db_currentversion(db_current, &version_current); + if (db_current != db || version_current != version) { + result = ISC_R_FAILURE; + goto cleanup; + } + + cleanup: + dns_db_closeversion(db_current, &version_current, ISC_FALSE); + if (db0 == NULL && db_current != NULL) + dns_db_detach(&db_current); + + return (result); +} + +static isc_result_t +query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { + client_additionalctx_t *additionalctx = arg; + dns_rdataset_t *rdataset_base; + ns_client_t *client; + isc_result_t result, eresult; + dns_dbnode_t *node, *cnode; + dns_db_t *db, *cdb; + dns_name_t *fname, *mname0, cfname; + dns_rdataset_t *rdataset, *sigrdataset; + dns_rdataset_t *crdataset, *crdataset_next; + isc_buffer_t *dbuf; + isc_buffer_t b; + dns_dbversion_t *version, *cversion; + isc_boolean_t added_something, need_addname, needadditionalcache; + isc_boolean_t need_sigrrset; + dns_zone_t *zone; + dns_rdatatype_t type; + dns_rdatasetadditional_t additionaltype; + + if (qtype != dns_rdatatype_a) { + /* + * This function is optimized for "address" types. For other + * types, use a generic routine. + * XXX: ideally, this function should be generic enough. + */ + return (query_addadditional(additionalctx->client, + name, qtype)); + } + + /* + * Initialization. + */ + rdataset_base = additionalctx->rdataset; + client = additionalctx->client; + REQUIRE(NS_CLIENT_VALID(client)); + eresult = ISC_R_SUCCESS; + fname = NULL; + rdataset = NULL; + sigrdataset = NULL; + db = NULL; + cdb = NULL; + version = NULL; + cversion = NULL; + node = NULL; + cnode = NULL; + added_something = ISC_FALSE; + need_addname = ISC_FALSE; + zone = NULL; + needadditionalcache = ISC_FALSE; + additionaltype = dns_rdatasetadditional_fromauth; + dns_name_init(&cfname, NULL); + + CTRACE("query_addadditional2"); + + /* + * We treat type A additional section processing as if it + * were "any address type" additional section processing. + * To avoid multiple lookups, we do an 'any' database + * lookup and iterate over the node. + * XXXJT: this approach can cause a suboptimal result when the cache + * DB only has partial address types and the glue DB has remaining + * ones. + */ + type = dns_rdatatype_any; + + /* + * Get some resources. + */ + dbuf = query_getnamebuf(client); + if (dbuf == NULL) + goto cleanup; + fname = query_newname(client, dbuf, &b); + if (fname == NULL) + goto cleanup; + dns_name_setbuffer(&cfname, &b); /* share the buffer */ + + /* Check additional cache */ + result = dns_rdataset_getadditional(rdataset_base, additionaltype, + type, client->view->acache, &zone, + &cdb, &cversion, &cnode, &cfname, + client->message, client->now); + if (result != ISC_R_SUCCESS) + goto findauthdb; + if (zone == NULL) { + CTRACE("query_addadditional2: auth zone not found"); + goto try_cache; + } + + /* Is the cached DB up-to-date? */ + result = query_iscachevalid(zone, cdb, NULL, cversion); + if (result != ISC_R_SUCCESS) { + CTRACE("query_addadditional2: old auth additional cache"); + query_discardcache(client, rdataset_base, additionaltype, + type, &zone, &cdb, &cversion, &cnode, + &cfname); + goto findauthdb; + } + + if (cnode == NULL) { + /* + * We have a negative cache. We don't have to check the zone + * ACL, since the result (not using this zone) would be same + * regardless of the result. + */ + CTRACE("query_addadditional2: negative auth additional cache"); + dns_db_closeversion(cdb, &cversion, ISC_FALSE); + dns_db_detach(&cdb); + dns_zone_detach(&zone); + goto try_cache; + } + + result = query_validatezonedb(client, name, qtype, DNS_GETDB_NOLOG, + zone, cdb, NULL); + if (result != ISC_R_SUCCESS) { + query_discardcache(client, rdataset_base, additionaltype, + type, &zone, &cdb, &cversion, &cnode, + &cfname); + goto try_cache; + } + + /* We've got an active cache. */ + CTRACE("query_addadditional2: auth additional cache"); + dns_db_closeversion(cdb, &cversion, ISC_FALSE); + db = cdb; + node = cnode; + dns_name_clone(&cfname, fname); + query_keepname(client, fname, dbuf); + goto foundcache; + + /* + * Look for a zone database that might contain authoritative + * additional data. + */ + findauthdb: + result = query_getzonedb(client, name, qtype, DNS_GETDB_NOLOG, + &zone, &db, &version); + if (result != ISC_R_SUCCESS) { + /* Cache the negative result */ + (void)dns_rdataset_setadditional(rdataset_base, additionaltype, + type, client->view->acache, + NULL, NULL, NULL, NULL, + NULL); + goto try_cache; + } + + CTRACE("query_addadditional2: db_find"); + + /* + * Since we are looking for authoritative data, we do not set + * the GLUEOK flag. Glue will be looked for later, but not + * necessarily in the same database. + */ + node = NULL; + result = dns_db_find(db, name, version, type, client->query.dboptions, + client->now, &node, fname, NULL, NULL); + if (result == ISC_R_SUCCESS) + goto found; + + /* Cache the negative result */ + (void)dns_rdataset_setadditional(rdataset_base, additionaltype, + type, client->view->acache, zone, db, + version, NULL, fname); + + if (node != NULL) + dns_db_detachnode(db, &node); + version = NULL; + dns_db_detach(&db); + + /* + * No authoritative data was found. The cache is our next best bet. + */ + + try_cache: + additionaltype = dns_rdatasetadditional_fromcache; + result = query_getcachedb(client, name, qtype, &db, DNS_GETDB_NOLOG); + if (result != ISC_R_SUCCESS) + /* + * Most likely the client isn't allowed to query the cache. + */ + goto try_glue; + + result = dns_db_find(db, name, version, type, + client->query.dboptions | DNS_DBFIND_GLUEOK, + client->now, &node, fname, NULL, NULL); + if (result == ISC_R_SUCCESS) + goto found; + + if (node != NULL) + dns_db_detachnode(db, &node); + dns_db_detach(&db); + + try_glue: + /* + * No cached data was found. Glue is our last chance. + * RFC1035 sayeth: + * + * NS records cause both the usual additional section + * processing to locate a type A record, and, when used + * in a referral, a special search of the zone in which + * they reside for glue information. + * + * This is the "special search". Note that we must search + * the zone where the NS record resides, not the zone it + * points to, and that we only do the search in the delegation + * case (identified by client->query.gluedb being set). + */ + if (client->query.gluedb == NULL) + goto cleanup; + + /* + * Don't poison caches using the bailiwick protection model. + */ + if (!dns_name_issubdomain(name, dns_db_origin(client->query.gluedb))) + goto cleanup; + + /* Check additional cache */ + additionaltype = dns_rdatasetadditional_fromglue; + result = dns_rdataset_getadditional(rdataset_base, additionaltype, + type, client->view->acache, NULL, + &cdb, &cversion, &cnode, &cfname, + client->message, client->now); + if (result != ISC_R_SUCCESS) + goto findglue; + + result = query_iscachevalid(zone, cdb, client->query.gluedb, cversion); + if (result != ISC_R_SUCCESS) { + CTRACE("query_addadditional2: old glue additional cache"); + query_discardcache(client, rdataset_base, additionaltype, + type, &zone, &cdb, &cversion, &cnode, + &cfname); + goto findglue; + } + + if (cnode == NULL) { + /* We have a negative cache. */ + CTRACE("query_addadditional2: negative glue additional cache"); + dns_db_closeversion(cdb, &cversion, ISC_FALSE); + dns_db_detach(&cdb); + goto cleanup; + } + + /* Cache hit. */ + CTRACE("query_addadditional2: glue additional cache"); + dns_db_closeversion(cdb, &cversion, ISC_FALSE); + db = cdb; + node = cnode; + dns_name_clone(&cfname, fname); + query_keepname(client, fname, dbuf); + goto foundcache; + + findglue: + dns_db_attach(client->query.gluedb, &db); + result = dns_db_find(db, name, version, type, + client->query.dboptions | DNS_DBFIND_GLUEOK, + client->now, &node, fname, NULL, NULL); + if (!(result == ISC_R_SUCCESS || + result == DNS_R_ZONECUT || + result == DNS_R_GLUE)) { + /* cache the negative result */ + (void)dns_rdataset_setadditional(rdataset_base, additionaltype, + type, client->view->acache, + NULL, db, version, NULL, + fname); + goto cleanup; + } + + found: + /* + * We have found a DB node to iterate over from a DB. + * We are going to look for address RRsets (i.e., A and AAAA) in the DB + * node we've just found. We'll then store the complete information + * in the additional data cache. + */ + dns_name_clone(fname, &cfname); + query_keepname(client, fname, dbuf); + needadditionalcache = ISC_TRUE; + + rdataset = query_newrdataset(client); + if (rdataset == NULL) + goto cleanup; + + sigrdataset = query_newrdataset(client); + if (sigrdataset == NULL) + goto cleanup; + + /* + * Find A RRset with sig RRset. Even if we don't find a sig RRset + * for a client using DNSSEC, we'll continue the process to make a + * complete list to be cached. However, we need to cancel the + * caching when something unexpected happens, in order to avoid + * caching incomplete information. + */ + result = dns_db_findrdataset(db, node, version, dns_rdatatype_a, 0, + client->now, rdataset, sigrdataset); + /* + * If we can't promote glue/pending from the cache to secure + * then drop it. + */ + if (result == ISC_R_SUCCESS && + additionaltype == dns_rdatasetadditional_fromcache && + (rdataset->trust == dns_trust_pending || + rdataset->trust == dns_trust_glue) && + !validate(client, db, fname, rdataset, sigrdataset)) { + dns_rdataset_disassociate(rdataset); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + result = ISC_R_NOTFOUND; + } + if (result == DNS_R_NCACHENXDOMAIN) + goto setcache; + if (result == DNS_R_NCACHENXRRSET) { + dns_rdataset_disassociate(rdataset); + /* + * Negative cache entries don't have sigrdatasets. + */ + INSIST(! dns_rdataset_isassociated(sigrdataset)); + } + if (result == ISC_R_SUCCESS) { + /* Remember the result as a cache */ + ISC_LIST_APPEND(cfname.list, rdataset, link); + if (dns_rdataset_isassociated(sigrdataset)) { + ISC_LIST_APPEND(cfname.list, sigrdataset, link); + sigrdataset = query_newrdataset(client); + } + rdataset = query_newrdataset(client); + if (sigrdataset == NULL || rdataset == NULL) { + /* do not cache incomplete information */ + goto foundcache; + } + } + + /* Find AAAA RRset with sig RRset */ + result = dns_db_findrdataset(db, node, version, dns_rdatatype_aaaa, + 0, client->now, rdataset, sigrdataset); + /* + * If we can't promote glue/pending from the cache to secure + * then drop it. + */ + if (result == ISC_R_SUCCESS && + additionaltype == dns_rdatasetadditional_fromcache && + (rdataset->trust == dns_trust_pending || + rdataset->trust == dns_trust_glue) && + !validate(client, db, fname, rdataset, sigrdataset)) { + dns_rdataset_disassociate(rdataset); + if (dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + result = ISC_R_NOTFOUND; + } + if (result == ISC_R_SUCCESS) { + ISC_LIST_APPEND(cfname.list, rdataset, link); + rdataset = NULL; + if (dns_rdataset_isassociated(sigrdataset)) { + ISC_LIST_APPEND(cfname.list, sigrdataset, link); + sigrdataset = NULL; + } + } + + setcache: + /* + * Set the new result in the cache if required. We do not support + * caching additional data from a cache DB. + */ + if (needadditionalcache == ISC_TRUE && + (additionaltype == dns_rdatasetadditional_fromauth || + additionaltype == dns_rdatasetadditional_fromglue)) { + (void)dns_rdataset_setadditional(rdataset_base, additionaltype, + type, client->view->acache, + zone, db, version, node, + &cfname); + } + + foundcache: + need_sigrrset = ISC_FALSE; + mname0 = NULL; + for (crdataset = ISC_LIST_HEAD(cfname.list); + crdataset != NULL; + crdataset = crdataset_next) { + dns_name_t *mname; + + crdataset_next = ISC_LIST_NEXT(crdataset, link); + + mname = NULL; + if (crdataset->type == dns_rdatatype_a || + crdataset->type == dns_rdatatype_aaaa) { + if (!query_isduplicate(client, fname, crdataset->type, + &mname)) { if (mname != NULL) { + /* + * A different type of this name is + * already stored in the additional + * section. We'll reuse the name. + * Note that this should happen at most + * once. Otherwise, fname->link could + * leak below. + */ + INSIST(mname0 == NULL); + query_releasename(client, &fname); fname = mname; + mname0 = mname; } else need_addname = ISC_TRUE; - ISC_LIST_APPEND(fname->list, rdataset, link); + ISC_LIST_UNLINK(cfname.list, crdataset, link); + ISC_LIST_APPEND(fname->list, crdataset, link); added_something = ISC_TRUE; - if (sigrdataset != NULL && - dns_rdataset_isassociated(sigrdataset)) - { - ISC_LIST_APPEND(fname->list, - sigrdataset, link); - sigrdataset = NULL; - } - rdataset = NULL; - } + need_sigrrset = ISC_TRUE; + } else + need_sigrrset = ISC_FALSE; + } else if (crdataset->type == dns_rdatatype_rrsig && + need_sigrrset && WANTDNSSEC(client)) { + ISC_LIST_UNLINK(cfname.list, crdataset, link); + ISC_LIST_APPEND(fname->list, crdataset, link); + added_something = ISC_TRUE; /* just in case */ + need_sigrrset = ISC_FALSE; } } - addname: - CTRACE("query_addadditional: addname"); + CTRACE("query_addadditional2: addname"); + /* * If we haven't added anything, then we're done. */ @@ -1181,33 +1879,17 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { DNS_SECTION_ADDITIONAL); fname = NULL; - /* - * In a few cases, we want to add additional data for additional - * data. It's simpler to just deal with special cases here than - * to try to create a general purpose mechanism and allow the - * rdata implementations to do it themselves. - * - * This involves recursion, but the depth is limited. The - * most complex case is adding a SRV rdataset, which involves - * recursing to add address records, which in turn can cause - * recursion to add KEYs. - */ - if (type == dns_rdatatype_srv && trdataset != NULL) { - /* - * If we're adding SRV records to the additional data - * section, it's helpful if we add the SRV additional data - * as well. - */ - eresult = dns_rdataset_additionaldata(trdataset, - query_addadditional, - client); - } - cleanup: - CTRACE("query_addadditional: cleanup"); - query_putrdataset(client, &rdataset); + CTRACE("query_addadditional2: cleanup"); + + if (rdataset != NULL) + query_putrdataset(client, &rdataset); if (sigrdataset != NULL) query_putrdataset(client, &sigrdataset); + while ((crdataset = ISC_LIST_HEAD(cfname.list)) != NULL) { + ISC_LIST_UNLINK(cfname.list, crdataset, link); + query_putrdataset(client, &crdataset); + } if (fname != NULL) query_releasename(client, &fname); if (node != NULL) @@ -1217,7 +1899,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { if (zone != NULL) dns_zone_detach(&zone); - CTRACE("query_addadditional: done"); + CTRACE("query_addadditional2: done"); return (eresult); } @@ -1225,6 +1907,8 @@ static inline void query_addrdataset(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) { + client_additionalctx_t additionalctx; + /* * Add 'rdataset' and any pertinent additional data to * 'fname', a name in the response message for 'client'. @@ -1238,6 +1922,8 @@ query_addrdataset(ns_client_t *client, dns_name_t *fname, rdataset->attributes |= dns_order_find(client->view->order, fname, rdataset->type, rdataset->rdclass); + rdataset->attributes |= DNS_RDATASETATTR_LOADORDER; + if (NOADDITIONAL(client)) return; @@ -1246,8 +1932,10 @@ query_addrdataset(ns_client_t *client, dns_name_t *fname, * * We don't care if dns_rdataset_additionaldata() fails. */ - (void)dns_rdataset_additionaldata(rdataset, - query_addadditional, client); + additionalctx.client = client; + additionalctx.rdataset = rdataset; + (void)dns_rdataset_additionaldata(rdataset, query_addadditional2, + &additionalctx); CTRACE("query_addrdataset: done"); } @@ -1260,7 +1948,7 @@ query_addrrset(ns_client_t *client, dns_name_t **namep, dns_rdataset_t *rdataset, *mrdataset, *sigrdataset; isc_result_t result; - /* + /*% * To the current response for 'client', add the answer RRset * '*rdatasetp' and an optional signature set '*sigrdatasetp', with * owner name '*namep', to section 'section', unless they are @@ -1328,11 +2016,12 @@ query_addrrset(ns_client_t *client, dns_name_t **namep, } static inline isc_result_t -query_addsoa(ns_client_t *client, dns_db_t *db, isc_boolean_t zero_ttl) { - dns_name_t *name, *fname; +query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version, + isc_boolean_t zero_ttl) +{ + dns_name_t *name; dns_dbnode_t *node; isc_result_t result, eresult; - dns_fixedname_t foundname; dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL; dns_rdataset_t **sigrdatasetp = NULL; @@ -1344,8 +2033,6 @@ query_addsoa(ns_client_t *client, dns_db_t *db, isc_boolean_t zero_ttl) { name = NULL; rdataset = NULL; node = NULL; - dns_fixedname_init(&foundname); - fname = dns_fixedname_name(&foundname); /* * Get resources and make 'name' be the database origin. @@ -1371,9 +2058,23 @@ query_addsoa(ns_client_t *client, dns_db_t *db, isc_boolean_t zero_ttl) { /* * Find the SOA. */ - result = dns_db_find(db, name, NULL, dns_rdatatype_soa, - client->query.dboptions, 0, &node, - fname, rdataset, sigrdataset); + result = dns_db_getoriginnode(db, &node); + if (result == ISC_R_SUCCESS) { + result = dns_db_findrdataset(db, node, version, + dns_rdatatype_soa, + 0, client->now, rdataset, + sigrdataset); + } else { + dns_fixedname_t foundname; + dns_name_t *fname; + + dns_fixedname_init(&foundname); + fname = dns_fixedname_name(&foundname); + + result = dns_db_find(db, name, version, dns_rdatatype_soa, + client->query.dboptions, 0, &node, + fname, rdataset, sigrdataset); + } if (result != ISC_R_SUCCESS) { /* * This is bad. We tried to get the SOA RR at the zone top @@ -1429,7 +2130,7 @@ query_addsoa(ns_client_t *client, dns_db_t *db, isc_boolean_t zero_ttl) { } static inline isc_result_t -query_addns(ns_client_t *client, dns_db_t *db) { +query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) { dns_name_t *name, *fname; dns_dbnode_t *node; isc_result_t result, eresult; @@ -1476,13 +2177,22 @@ query_addns(ns_client_t *client, dns_db_t *db) { /* * Find the NS rdataset. */ - CTRACE("query_addns: calling dns_db_find"); - result = dns_db_find(db, name, NULL, dns_rdatatype_ns, - client->query.dboptions, 0, &node, - fname, rdataset, sigrdataset); - CTRACE("query_addns: dns_db_find complete"); + result = dns_db_getoriginnode(db, &node); + if (result == ISC_R_SUCCESS) { + result = dns_db_findrdataset(db, node, version, + dns_rdatatype_ns, + 0, client->now, rdataset, + sigrdataset); + } else { + CTRACE("query_addns: calling dns_db_find"); + result = dns_db_find(db, name, NULL, dns_rdatatype_ns, + client->query.dboptions, 0, &node, + fname, rdataset, sigrdataset); + CTRACE("query_addns: dns_db_find complete"); + } if (result != ISC_R_SUCCESS) { - CTRACE("query_addns: dns_db_find failed"); + CTRACE("query_addns: " + "dns_db_findrdataset or dns_db_find failed"); /* * This is bad. We tried to get the NS rdataset at the zone * top and it didn't work! @@ -1575,6 +2285,161 @@ query_addcnamelike(ns_client_t *client, dns_name_t *qname, dns_name_t *tname, return (ISC_R_SUCCESS); } +/* + * Mark the RRsets as secure. Update the cache (db) to reflect the + * change in trust level. + */ +static void +mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) +{ + isc_result_t result; + dns_dbnode_t *node = NULL; + + rdataset->trust = dns_trust_secure; + sigrdataset->trust = dns_trust_secure; + + /* + * Save the updated secure state. Ignore failures. + */ + result = dns_db_findnode(db, name, ISC_TRUE, &node); + if (result != ISC_R_SUCCESS) + return; + (void)dns_db_addrdataset(db, node, NULL, client->now, rdataset, + 0, NULL); + (void)dns_db_addrdataset(db, node, NULL, client->now, sigrdataset, + 0, NULL); + dns_db_detachnode(db, &node); +} + +/* + * Find the secure key that corresponds to rrsig. + * Note: 'keyrdataset' maintains state between successive calls, + * there may be multiple keys with the same keyid. + * Return ISC_FALSE if we have exhausted all the possible keys. + */ +static isc_boolean_t +get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig, + dns_rdataset_t *keyrdataset, dst_key_t **keyp) +{ + isc_result_t result; + dns_dbnode_t *node = NULL; + isc_boolean_t secure = ISC_FALSE; + + if (!dns_rdataset_isassociated(keyrdataset)) { + result = dns_db_findnode(db, &rrsig->signer, ISC_FALSE, &node); + if (result != ISC_R_SUCCESS) + return (ISC_FALSE); + + result = dns_db_findrdataset(db, node, NULL, + dns_rdatatype_dnskey, 0, + client->now, keyrdataset, NULL); + dns_db_detachnode(db, &node); + if (result != ISC_R_SUCCESS) + return (ISC_FALSE); + + if (keyrdataset->trust != dns_trust_secure) + return (ISC_FALSE); + + result = dns_rdataset_first(keyrdataset); + } else + result = dns_rdataset_next(keyrdataset); + + for ( ; result == ISC_R_SUCCESS; + result = dns_rdataset_next(keyrdataset)) { + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_buffer_t b; + + dns_rdataset_current(keyrdataset, &rdata); + isc_buffer_init(&b, rdata.data, rdata.length); + isc_buffer_add(&b, rdata.length); + result = dst_key_fromdns(&rrsig->signer, rdata.rdclass, &b, + client->mctx, keyp); + if (result != ISC_R_SUCCESS) + continue; + if (rrsig->algorithm == (dns_secalg_t)dst_key_alg(*keyp) && + rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) && + dst_key_iszonekey(*keyp)) { + secure = ISC_TRUE; + break; + } + dst_key_free(keyp); + } + return (secure); +} + +static isc_boolean_t +verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset, + dns_rdata_t *rdata, isc_mem_t *mctx, isc_boolean_t acceptexpired) +{ + isc_result_t result; + dns_fixedname_t fixed; + isc_boolean_t ignore = ISC_FALSE; + + dns_fixedname_init(&fixed); + +again: + result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx, + rdata, NULL); + if (result == DNS_R_SIGEXPIRED && acceptexpired) { + ignore = ISC_TRUE; + goto again; + } + if (result == ISC_R_SUCCESS || result == DNS_R_FROMWILDCARD) + return (ISC_TRUE); + return (ISC_FALSE); +} + +/* + * Validate the rdataset if possible with available records. + */ +static isc_boolean_t +validate(ns_client_t *client, dns_db_t *db, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) +{ + isc_result_t result; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_rrsig_t rrsig; + dst_key_t *key = NULL; + dns_rdataset_t keyrdataset; + + if (sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset)) + return (ISC_FALSE); + + for (result = dns_rdataset_first(sigrdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(sigrdataset)) { + + dns_rdata_reset(&rdata); + dns_rdataset_current(sigrdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &rrsig, NULL); + if (result != ISC_R_SUCCESS) + return (ISC_FALSE); + if (!dns_resolver_algorithm_supported(client->view->resolver, + name, rrsig.algorithm)) + continue; + if (!dns_name_issubdomain(name, &rrsig.signer)) + continue; + dns_rdataset_init(&keyrdataset); + do { + if (!get_key(client, db, &rrsig, &keyrdataset, &key)) + break; + if (verify(key, name, rdataset, &rdata, client->mctx, + client->view->acceptexpired)) { + dst_key_free(&key); + dns_rdataset_disassociate(&keyrdataset); + mark_secure(client, db, name, rdataset, + sigrdataset); + return (ISC_TRUE); + } + dst_key_free(&key); + } while (1); + if (dns_rdataset_isassociated(&keyrdataset)) + dns_rdataset_disassociate(&keyrdataset); + } + return (ISC_FALSE); +} + static void query_addbestns(ns_client_t *client) { dns_db_t *db, *zdb; @@ -1622,7 +2487,11 @@ query_addbestns(ns_client_t *client) { rdataset = query_newrdataset(client); if (fname == NULL || rdataset == NULL) goto cleanup; - if (WANTDNSSEC(client)) { + /* + * Get the RRSIGs if the client requested them or if we may + * need to validate answers from the cache. + */ + if (WANTDNSSEC(client) || !is_zone) { sigrdataset = query_newrdataset(client); if (sigrdataset == NULL) goto cleanup; @@ -1698,16 +2567,27 @@ query_addbestns(ns_client_t *client) { zsigrdataset = NULL; } - if ((client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0 && - (rdataset->trust == dns_trust_pending || - (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))) + /* + * Attempt to validate RRsets that are pending or that are glue. + */ + if ((rdataset->trust == dns_trust_pending || + (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending)) + && !validate(client, db, fname, rdataset, sigrdataset) && + (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0) goto cleanup; - if (WANTDNSSEC(client) && SECURE(client) && - (rdataset->trust == dns_trust_glue || - (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue))) + if ((rdataset->trust == dns_trust_glue || + (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) && + !validate(client, db, fname, rdataset, sigrdataset) && + SECURE(client) && WANTDNSSEC(client)) goto cleanup; + /* + * If the client doesn't want DNSSEC we can discard the sigrdataset + * now. + */ + if (!WANTDNSSEC(client)) + query_putrdataset(client, &sigrdataset); query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf, DNS_SECTION_AUTHORITY); @@ -1735,7 +2615,9 @@ query_addbestns(ns_client_t *client) { } static void -query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) { +query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node, + dns_dbversion_t *version) +{ dns_name_t *rname; dns_rdataset_t *rdataset, *sigrdataset; isc_result_t result; @@ -1756,12 +2638,12 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) { /* * Look for the DS record, which may or may not be present. */ - result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ds, 0, + result = dns_db_findrdataset(db, node, version, dns_rdatatype_ds, 0, client->now, rdataset, sigrdataset); /* * If we didn't find it, look for an NSEC. */ if (result == ISC_R_NOTFOUND) - result = dns_db_findrdataset(db, node, NULL, + result = dns_db_findrdataset(db, node, version, dns_rdatatype_nsec, 0, client->now, rdataset, sigrdataset); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) @@ -1800,7 +2682,8 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) { static void query_addwildcardproof(ns_client_t *client, dns_db_t *db, - dns_name_t *name, isc_boolean_t ispositive) + dns_dbversion_t *version, dns_name_t *name, + isc_boolean_t ispositive) { isc_buffer_t *dbuf, b; dns_name_t *fname; @@ -1823,7 +2706,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, node = NULL; /* - * Get the NOQNAME proof then if !ispositve + * Get the NOQNAME proof then if !ispositive * get the NOWILDCARD proof. * * DNS_DBFIND_NOWILD finds the NSEC records that covers the @@ -1837,20 +2720,20 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, * Given: * example SOA * example NSEC b.example - * b.example A - * b.example NSEC a.d.example - * a.d.example A - * a.d.example NSEC g.f.example - * g.f.example A - * g.f.example NSEC z.i.example - * z.i.example A - * z.i.example NSEC example + * b.example A + * b.example NSEC a.d.example + * a.d.example A + * a.d.example NSEC g.f.example + * g.f.example A + * g.f.example NSEC z.i.example + * z.i.example A + * z.i.example NSEC example * * QNAME: * a.example -> example NSEC b.example - * owner common example - * next common example - * wild *.example + * owner common example + * next common example + * wild *.example * d.b.example -> b.example NSEC a.d.example * owner common b.example * next common example @@ -1861,7 +2744,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, * wild *.f.example * j.example -> z.i.example NSEC example * owner common example - * next common example + * next common example * wild *.f.example */ options = client->query.dboptions | DNS_DBFIND_NOWILD; @@ -1881,7 +2764,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, if (fname == NULL || rdataset == NULL || sigrdataset == NULL) goto cleanup; - result = dns_db_find(db, name, NULL, dns_rdatatype_nsec, options, + result = dns_db_find(db, name, version, dns_rdatatype_nsec, options, 0, &node, fname, rdataset, sigrdataset); if (node != NULL) dns_db_detachnode(db, &node); @@ -1897,6 +2780,13 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, &olabels); (void)dns_name_fullcompare(name, &nsec.next, &order, &nlabels); + /* + * Check for a pathological condition created when + * serving some malformed signed zones and bail out. + */ + if (dns_name_countlabels(name) == nlabels) + goto cleanup; + if (olabels > nlabels) dns_name_split(name, olabels, NULL, wname); else @@ -1922,7 +2812,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, name = wname; goto again; } - } + } cleanup: if (rdataset != NULL) query_putrdataset(client, &rdataset); @@ -1933,8 +2823,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, } static void -query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep, - dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp) +query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, + dns_dbversion_t *version, dns_name_t **namep, + dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp) { dns_name_t *name; dns_rdataset_t *sigrdataset; @@ -1971,8 +2862,7 @@ query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep, return; /* XXX */ - query_addwildcardproof(client, db, - client->query.qname, + query_addwildcardproof(client, db, version, client->query.qname, ISC_TRUE); /* @@ -1995,8 +2885,12 @@ query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep, static void query_resume(isc_task_t *task, isc_event_t *event) { dns_fetchevent_t *devent = (dns_fetchevent_t *)event; + dns_fetch_t *fetch; ns_client_t *client; - isc_boolean_t fetch_cancelled, client_shuttingdown; + isc_boolean_t fetch_canceled, client_shuttingdown; + isc_result_t result; + isc_logcategory_t *logcategory = NS_LOGCATEGORY_QUERY_EERRORS; + int errorloglevel; /* * Resume a query after recursion. @@ -2017,30 +2911,31 @@ query_resume(isc_task_t *task, isc_event_t *event) { */ INSIST(devent->fetch == client->query.fetch); client->query.fetch = NULL; - fetch_cancelled = ISC_FALSE; + fetch_canceled = ISC_FALSE; /* * Update client->now. */ isc_stdtime_get(&client->now); } else { /* - * This is a fetch completion event for a cancelled fetch. + * This is a fetch completion event for a canceled fetch. * Clean up and don't resume the find. */ - fetch_cancelled = ISC_TRUE; + fetch_canceled = ISC_TRUE; } UNLOCK(&client->query.fetchlock); INSIST(client->query.fetch == NULL); client->query.attributes &= ~NS_QUERYATTR_RECURSING; - dns_resolver_destroyfetch(&devent->fetch); + fetch = devent->fetch; + devent->fetch = NULL; /* * If this client is shutting down, or this transaction * has timed out, do not resume the find. */ client_shuttingdown = ns_client_shuttingdown(client); - if (fetch_cancelled || client_shuttingdown) { + if (fetch_canceled || client_shuttingdown) { if (devent->node != NULL) dns_db_detachnode(devent->db, &devent->node); if (devent->db != NULL) @@ -2049,8 +2944,8 @@ query_resume(isc_task_t *task, isc_event_t *event) { if (devent->sigrdataset != NULL) query_putrdataset(client, &devent->sigrdataset); isc_event_free(&event); - if (fetch_cancelled) - query_error(client, DNS_R_SERVFAIL); + if (fetch_canceled) + query_error(client, DNS_R_SERVFAIL, __LINE__); else query_next(client, ISC_R_CANCELED); /* @@ -2058,18 +2953,34 @@ query_resume(isc_task_t *task, isc_event_t *event) { */ ns_client_detach(&client); } else { - query_find(client, devent, 0); + result = query_find(client, devent, 0); + if (result != ISC_R_SUCCESS) { + if (result == DNS_R_SERVFAIL) + errorloglevel = ISC_LOG_DEBUG(2); + else + errorloglevel = ISC_LOG_DEBUG(4); + if (isc_log_wouldlog(ns_g_lctx, errorloglevel)) { + dns_resolver_logfetch(fetch, ns_g_lctx, + logcategory, + NS_LOGMODULE_QUERY, + errorloglevel, ISC_FALSE); + } + } } + + dns_resolver_destroyfetch(&fetch); } static isc_result_t query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, - dns_rdataset_t *nameservers) + dns_rdataset_t *nameservers, isc_boolean_t resuming) { isc_result_t result; dns_rdataset_t *rdataset, *sigrdataset; + isc_sockaddr_t *peeraddr; - inc_stats(client, dns_statscounter_recursion); + if (!resuming) + inc_stats(client, dns_nsstatscounter_recursion); /* * We are about to recurse, which means that this client will @@ -2149,14 +3060,19 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, if (client->query.timerset == ISC_FALSE) ns_client_settimeout(client, 60); - result = dns_resolver_createfetch(client->view->resolver, - client->query.qname, - qtype, qdomain, nameservers, - NULL, client->query.fetchoptions, - client->task, - query_resume, client, - rdataset, sigrdataset, - &client->query.fetch); + if ((client->attributes & NS_CLIENTATTR_TCP) == 0) + peeraddr = &client->peeraddr; + else + peeraddr = NULL; + result = dns_resolver_createfetch2(client->view->resolver, + client->query.qname, + qtype, qdomain, nameservers, + NULL, peeraddr, client->message->id, + client->query.fetchoptions, + client->task, + query_resume, client, + rdataset, sigrdataset, + &client->query.fetch); if (result == ISC_R_SUCCESS) { /* @@ -2179,6 +3095,7 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, do { \ eresult = r; \ want_restart = ISC_FALSE; \ + line = __LINE__; \ } while (0) /* @@ -2193,7 +3110,7 @@ static isc_result_t rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) { struct in_addr ina; struct in6_addr in6a; - + switch (rdata->type) { case dns_rdatatype_a: INSIST(rdata->length == 4); @@ -2246,7 +3163,7 @@ setup_query_sortlist(ns_client_t *client) { isc_netaddr_t netaddr; dns_rdatasetorderfunc_t order = NULL; const void *order_arg = NULL; - + isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (ns_sortlist_setup(client->view->sortlist, &netaddr, &order_arg)) { @@ -2296,11 +3213,11 @@ query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) { cleanup: if (nsec != NULL) - query_putrdataset(client, &nsec); - if (nsecsig != NULL) - query_putrdataset(client, &nsecsig); - if (fname != NULL) - query_releasename(client, &fname); + query_putrdataset(client, &nsec); + if (nsecsig != NULL) + query_putrdataset(client, &nsecsig); + if (fname != NULL) + query_releasename(client, &fname); } static inline void @@ -2331,12 +3248,116 @@ answer_in_glue(ns_client_t *client, dns_rdatatype_t qtype) { } } +#define NS_NAME_INIT(A,B) \ + { \ + DNS_NAME_MAGIC, \ + A, sizeof(A), sizeof(B), \ + DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, \ + B, NULL, { (void *)-1, (void *)-1}, \ + {NULL, NULL} \ + } + +static unsigned char inaddr10_offsets[] = { 0, 3, 11, 16 }; +static unsigned char inaddr172_offsets[] = { 0, 3, 7, 15, 20 }; +static unsigned char inaddr192_offsets[] = { 0, 4, 8, 16, 21 }; + +static unsigned char inaddr10[] = "\00210\007IN-ADDR\004ARPA"; + +static unsigned char inaddr16172[] = "\00216\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr17172[] = "\00217\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr18172[] = "\00218\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr19172[] = "\00219\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr20172[] = "\00220\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr21172[] = "\00221\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr22172[] = "\00222\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr23172[] = "\00223\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr24172[] = "\00224\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr25172[] = "\00225\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr26172[] = "\00226\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr27172[] = "\00227\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr28172[] = "\00228\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr29172[] = "\00229\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr30172[] = "\00230\003172\007IN-ADDR\004ARPA"; +static unsigned char inaddr31172[] = "\00231\003172\007IN-ADDR\004ARPA"; + +static unsigned char inaddr168192[] = "\003168\003192\007IN-ADDR\004ARPA"; + +static dns_name_t rfc1918names[] = { + NS_NAME_INIT(inaddr10, inaddr10_offsets), + NS_NAME_INIT(inaddr16172, inaddr172_offsets), + NS_NAME_INIT(inaddr17172, inaddr172_offsets), + NS_NAME_INIT(inaddr18172, inaddr172_offsets), + NS_NAME_INIT(inaddr19172, inaddr172_offsets), + NS_NAME_INIT(inaddr20172, inaddr172_offsets), + NS_NAME_INIT(inaddr21172, inaddr172_offsets), + NS_NAME_INIT(inaddr22172, inaddr172_offsets), + NS_NAME_INIT(inaddr23172, inaddr172_offsets), + NS_NAME_INIT(inaddr24172, inaddr172_offsets), + NS_NAME_INIT(inaddr25172, inaddr172_offsets), + NS_NAME_INIT(inaddr26172, inaddr172_offsets), + NS_NAME_INIT(inaddr27172, inaddr172_offsets), + NS_NAME_INIT(inaddr28172, inaddr172_offsets), + NS_NAME_INIT(inaddr29172, inaddr172_offsets), + NS_NAME_INIT(inaddr30172, inaddr172_offsets), + NS_NAME_INIT(inaddr31172, inaddr172_offsets), + NS_NAME_INIT(inaddr168192, inaddr192_offsets) +}; + + +static unsigned char prisoner_data[] = "\010prisoner\004iana\003org"; +static unsigned char hostmaster_data[] = "\012hostmaster\014root-servers\003org"; + +static unsigned char prisoner_offsets[] = { 0, 9, 14, 18 }; +static unsigned char hostmaster_offsets[] = { 0, 11, 24, 28 }; + +static dns_name_t prisoner = NS_NAME_INIT(prisoner_data, prisoner_offsets); +static dns_name_t hostmaster = NS_NAME_INIT(hostmaster_data, hostmaster_offsets); + +static void +warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) { + unsigned int i; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_soa_t soa; + dns_rdataset_t found; + isc_result_t result; + + for (i = 0; i < (sizeof(rfc1918names)/sizeof(*rfc1918names)); i++) { + if (dns_name_issubdomain(fname, &rfc1918names[i])) { + dns_rdataset_init(&found); + result = dns_ncache_getrdataset(rdataset, + &rfc1918names[i], + dns_rdatatype_soa, + &found); + if (result != ISC_R_SUCCESS) + return; + + result = dns_rdataset_first(&found); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_rdataset_current(&found, &rdata); + result = dns_rdata_tostruct(&rdata, &soa, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (dns_name_equal(&soa.origin, &prisoner) && + dns_name_equal(&soa.contact, &hostmaster)) { + char buf[DNS_NAME_FORMATSIZE]; + dns_name_format(fname, buf, sizeof(buf)); + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_QUERY, + ISC_LOG_WARNING, + "RFC 1918 response from " + "Internet for %s", buf); + } + dns_rdataset_disassociate(&found); + return; + } + } +} + /* * Do the bulk of query processing for the current query of 'client'. * If 'event' is non-NULL, we are returning from recursion and 'qtype' * is ignored. Otherwise, 'qtype' is the query type. */ -static void +static isc_result_t query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) { dns_db_t *db, *zdb; @@ -2364,6 +3385,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) unsigned int options; isc_boolean_t empty_wild; dns_rdataset_t *noqname; + isc_boolean_t resuming; + int line = -1; CTRACE("query_find"); @@ -2389,6 +3412,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) need_wildcardproof = ISC_FALSE; empty_wild = ISC_FALSE; options = 0; + resuming = ISC_FALSE; + is_zone = ISC_FALSE; if (event != NULL) { /* @@ -2398,7 +3423,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) want_restart = ISC_FALSE; authoritative = ISC_FALSE; - is_zone = ISC_FALSE; qtype = event->qtype; if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) @@ -2431,10 +3455,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } result = event->result; + resuming = ISC_TRUE; goto resume; } - + /* * Not returning from recursion. */ @@ -2518,6 +3543,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } if (result != ISC_R_SUCCESS) { if (result == DNS_R_REFUSED) { + if (WANTRECURSION(client)) { + inc_stats(client, + dns_nsstatscounter_recurserej); + } else + inc_stats(client, dns_nsstatscounter_authrej); if (!PARTIALANSWER(client)) QUERY_ERROR(DNS_R_REFUSED); } else @@ -2527,10 +3557,20 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) if (is_zone) authoritative = ISC_TRUE; - + if (event == NULL && client->query.restarts == 0) { if (is_zone) { - dns_zone_attach(zone, &client->query.authzone); +#ifdef DLZ + if (zone != NULL) { + /* + * if is_zone = true, zone = NULL then this is + * a DLZ zone. Don't attempt to attach zone. + */ +#endif + dns_zone_attach(zone, &client->query.authzone); +#ifdef DLZ + } +#endif dns_db_attach(db, &client->query.authdb); } client->query.authdbset = ISC_TRUE; @@ -2621,11 +3661,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (RECURSIONOK(client)) { result = query_recurse(client, qtype, - NULL, NULL); + NULL, NULL, resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; - else { + else if (result == DNS_R_DUPLICATE || + result == DNS_R_DROP) { + /* Duplicate query. */ + QUERY_ERROR(result); + } else { /* Unable to recurse. */ QUERY_ERROR(DNS_R_SERVFAIL); } @@ -2723,7 +3767,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dbuf, DNS_SECTION_AUTHORITY); client->query.gluedb = NULL; if (WANTDNSSEC(client) && dns_db_issecure(db)) - query_addds(client, db, node); + query_addds(client, db, node, version); } else { /* * We might have a better answer or delegation @@ -2788,13 +3832,18 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (dns_rdatatype_atparent(type)) result = query_recurse(client, qtype, - NULL, NULL); + NULL, NULL, + resuming); else result = query_recurse(client, qtype, - fname, rdataset); + fname, rdataset, + resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; + else if (result == DNS_R_DUPLICATE || + result == DNS_R_DROP) + QUERY_ERROR(result); else QUERY_ERROR(DNS_R_SERVFAIL); } else { @@ -2824,7 +3873,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) client->query.attributes &= ~NS_QUERYATTR_CACHEGLUEOK; if (WANTDNSSEC(client)) - query_addds(client, db, node); + query_addds(client, db, node, version); } } goto cleanup; @@ -2851,7 +3900,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * Add SOA. */ - result = query_addsoa(client, db, ISC_FALSE); + result = query_addsoa(client, db, version, ISC_FALSE); if (result != ISC_R_SUCCESS) { QUERY_ERROR(result); goto cleanup; @@ -2861,8 +3910,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (WANTDNSSEC(client)) { if (dns_rdataset_isassociated(rdataset)) - query_addnxrrsetnsec(client, db, &fname, - &rdataset, &sigrdataset); + query_addnxrrsetnsec(client, db, version, + &fname, &rdataset, + &sigrdataset); } goto cleanup; case DNS_R_EMPTYWILD: @@ -2891,10 +3941,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * the containing zone of an arbitrary name with a stub * resolver and not have it cached. */ - if (qtype == dns_rdatatype_soa) - result = query_addsoa(client, db, ISC_TRUE); + if (qtype == dns_rdatatype_soa && +#ifdef DLZ + zone != NULL && +#endif + dns_zone_getzeronosoattl(zone)) + result = query_addsoa(client, db, version, ISC_TRUE); else - result = query_addsoa(client, db, ISC_FALSE); + result = query_addsoa(client, db, version, ISC_FALSE); if (result != ISC_R_SUCCESS) { QUERY_ERROR(result); goto cleanup; @@ -2907,7 +3961,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) query_addrrset(client, &fname, &rdataset, &sigrdataset, NULL, DNS_SECTION_AUTHORITY); - query_addwildcardproof(client, db, + query_addwildcardproof(client, db, version, client->query.qname, ISC_FALSE); } @@ -2929,6 +3983,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (result == DNS_R_NCACHENXDOMAIN) client->message->rcode = dns_rcode_nxdomain; + /* + * Look for RFC 1918 leakage from Internet. + */ + if (result == DNS_R_NCACHENXDOMAIN && + qtype == dns_rdatatype_ptr && + client->message->rdclass == dns_rdataclass_in && + dns_name_countlabels(fname) == 7) + warn_rfc1918(client, fname, rdataset); /* * We don't call query_addrrset() because we don't need any * of its extra features (and things would probably break!). @@ -3090,7 +4152,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns_message_puttempname(client->message, &tname); if (result == ISC_R_NOSPACE) { /* - * RFC 2672, section 4.1, subsection 3c says + * RFC2672, section 4.1, subsection 3c says * we should return YXDOMAIN if the constructed * name would be too long. */ @@ -3212,6 +4274,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * an error unless we were searching for * glue. Ugh. */ + if (!is_zone) { + authoritative = ISC_FALSE; + dns_rdatasetiter_destroy(&rdsiter); + if (RECURSIONOK(client)) { + result = query_recurse(client, + qtype, + NULL, + NULL, + resuming); + if (result == ISC_R_SUCCESS) + client->query.attributes |= + NS_QUERYATTR_RECURSING; + else + QUERY_ERROR(DNS_R_SERVFAIL); } + goto addauth; + } /* * We were searching for SIG records in * a nonsecure zone. Send a "no error, @@ -3220,7 +4298,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * Add SOA. */ - result = query_addsoa(client, db, ISC_FALSE); + result = query_addsoa(client, db, version, + ISC_FALSE); if (result == ISC_R_SUCCESS) result = ISC_R_NOMORE; } else { @@ -3249,6 +4328,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) noqname = rdataset; else noqname = NULL; + /* + * BIND 8 priming queries need the additional section. + */ + if (is_zone && qtype == dns_rdatatype_ns && + dns_name_equal(client->query.qname, dns_rootname)) + client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL; + query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf, DNS_SECTION_ANSWER); if (noqname != NULL) @@ -3272,7 +4358,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) qtype == dns_rdatatype_any) && dns_name_equal(client->query.qname, dns_db_origin(db)))) - (void)query_addns(client, db); + (void)query_addns(client, db, version); } else if (qtype != dns_rdatatype_ns) { if (fname != NULL) query_releasename(client, &fname); @@ -3285,7 +4371,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * DNSSEC wildcard proofs. */ if (need_wildcardproof && dns_db_issecure(db)) - query_addwildcardproof(client, db, + query_addwildcardproof(client, db, version, dns_fixedname_name(&wildcardname), ISC_TRUE); cleanup: @@ -3337,13 +4423,23 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) if (eresult != ISC_R_SUCCESS && (!PARTIALANSWER(client) || WANTRECURSION(client))) { - /* - * If we don't have any answer to give the client, - * or if the client requested recursion and thus wanted - * the complete answer, send an error response. - */ - query_error(client, eresult); - ns_client_detach(&client); + if (eresult == DNS_R_DUPLICATE || eresult == DNS_R_DROP) { + /* + * This was a duplicate query that we are + * recursing on. Don't send a response now. + * The original query will still cause a response. + */ + query_next(client, eresult); + } else { + /* + * If we don't have any answer to give the client, + * or if the client requested recursion and thus wanted + * the complete answer, send an error response. + */ + INSIST(line >= 0); + query_error(client, eresult, line); + } + ns_client_detach(&client); } else if (!RECURSING(client)) { /* * We are done. Set up sortlist data for the message @@ -3358,7 +4454,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * is in the glue sort it to the start of the additional * section. */ - if (client->message->counts[DNS_SECTION_ANSWER] == 0 && + if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER]) && client->message->rcode == dns_rcode_noerror && (qtype == dns_rdatatype_a || qtype == dns_rdatatype_aaaa)) answer_in_glue(client, qtype); @@ -3367,14 +4463,26 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) client->view->auth_nxdomain == ISC_TRUE) client->message->flags |= DNS_MESSAGEFLAG_AA; + /* + * If the response is somehow unexpected for the client and this + * is a result of recursion, return an error to the caller + * to indicate it may need to be logged. + */ + if (resuming && + (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER]) || + client->message->rcode != dns_rcode_noerror)) + eresult = ISC_R_FAILURE; + query_send(client); ns_client_detach(&client); } CTRACE("query_find: done"); + + return (eresult); } static inline void -log_query(ns_client_t *client) { +log_query(ns_client_t *client, unsigned int flags, unsigned int extflags) { char namebuf[DNS_NAME_FORMATSIZE]; char typename[DNS_RDATATYPE_FORMATSIZE]; char classname[DNS_RDATACLASS_FORMATSIZE]; @@ -3391,10 +4499,54 @@ log_query(ns_client_t *client) { dns_rdatatype_format(rdataset->type, typename, sizeof(typename)); ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY, - level, "query: %s %s %s %s%s%s", namebuf, classname, + level, "query: %s %s %s %s%s%s%s%s", namebuf, classname, typename, WANTRECURSION(client) ? "+" : "-", (client->signer != NULL) ? "S": "", - (client->opt != NULL) ? "E" : ""); + (client->opt != NULL) ? "E" : "", + ((extflags & DNS_MESSAGEEXTFLAG_DO) != 0) ? "D" : "", + ((flags & DNS_MESSAGEFLAG_CD) != 0) ? "C" : ""); +} + +static inline void +log_queryerror(ns_client_t *client, isc_result_t result, int line, int level) { + char namebuf[DNS_NAME_FORMATSIZE]; + char typename[DNS_RDATATYPE_FORMATSIZE]; + char classname[DNS_RDATACLASS_FORMATSIZE]; + const char *namep, *typep, *classp, *sep1, *sep2; + dns_rdataset_t *rdataset; + + if (!isc_log_wouldlog(ns_g_lctx, level)) + return; + + namep = typep = classp = sep1 = sep2 = ""; + + /* + * Query errors can happen for various reasons. In some cases we cannot + * even assume the query contains a valid question section, so we should + * expect exceptional cases. + */ + if (client->query.origqname != NULL) { + dns_name_format(client->query.origqname, namebuf, + sizeof(namebuf)); + namep = namebuf; + sep1 = " for "; + + rdataset = ISC_LIST_HEAD(client->query.origqname->list); + if (rdataset != NULL) { + dns_rdataclass_format(rdataset->rdclass, classname, + sizeof(classname)); + classp = classname; + dns_rdatatype_format(rdataset->type, typename, + sizeof(typename)); + typep = typename; + sep2 = "/"; + } + } + + ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, NS_LOGMODULE_QUERY, + level, "query failed (%s)%s%s%s%s%s%s at %s:%d", + isc_result_totext(result), sep1, namep, sep2, + classp, sep2, typep, __FILE__, line); } void @@ -3404,6 +4556,9 @@ ns_query_start(ns_client_t *client) { dns_rdataset_t *rdataset; ns_client_t *qclient; dns_rdatatype_t qtype; + unsigned int saved_extflags = client->extflags; + unsigned int saved_flags = client->message->flags; + isc_boolean_t want_ad; CTRACE("ns_query_start"); @@ -3418,14 +4573,16 @@ ns_query_start(ns_client_t *client) { if (!client->view->enablednssec) { message->flags &= ~DNS_MESSAGEFLAG_CD; client->extflags &= ~DNS_MESSAGEEXTFLAG_DO; + if (client->opt != NULL) + client->opt->ttl &= ~DNS_MESSAGEEXTFLAG_DO; } if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) client->query.attributes |= NS_QUERYATTR_WANTRECURSION; - + if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0) client->attributes |= NS_CLIENTATTR_WANTDNSSEC; - + if (client->view->minimalresponses) client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | NS_QUERYATTR_NOADDITIONAL); @@ -3454,7 +4611,7 @@ ns_query_start(ns_client_t *client) { */ result = dns_message_firstname(message, DNS_SECTION_QUESTION); if (result != ISC_R_SUCCESS) { - query_error(client, result); + query_error(client, result, __LINE__); return; } dns_message_currentname(message, DNS_SECTION_QUESTION, @@ -3467,20 +4624,20 @@ ns_query_start(ns_client_t *client) { * There's more than one QNAME in the question * section. */ - query_error(client, DNS_R_FORMERR); + query_error(client, DNS_R_FORMERR, __LINE__); } else - query_error(client, result); + query_error(client, result, __LINE__); return; } if (ns_g_server->log_queries) - log_query(client); + log_query(client, saved_flags, saved_extflags); /* * Check for multiple question queries, since edns1 is dead. */ if (message->counts[DNS_SECTION_QUESTION] > 1) { - query_error(client, DNS_R_FORMERR); + query_error(client, DNS_R_FORMERR, __LINE__); return; } @@ -3490,6 +4647,7 @@ ns_query_start(ns_client_t *client) { rdataset = ISC_LIST_HEAD(client->query.qname->list); INSIST(rdataset != NULL); qtype = rdataset->type; + dns_rdatatypestats_increment(ns_g_server->rcvquerystats, qtype); if (dns_rdatatype_ismeta(qtype)) { switch (qtype) { case dns_rdatatype_any: @@ -3500,7 +4658,7 @@ ns_query_start(ns_client_t *client) { return; case dns_rdatatype_maila: case dns_rdatatype_mailb: - query_error(client, DNS_R_NOTIMP); + query_error(client, DNS_R_NOTIMP, __LINE__); return; case dns_rdatatype_tkey: result = dns_tkey_processquery(client->message, @@ -3509,25 +4667,36 @@ ns_query_start(ns_client_t *client) { if (result == ISC_R_SUCCESS) query_send(client); else - query_error(client, result); + query_error(client, result, __LINE__); return; default: /* TSIG, etc. */ - query_error(client, DNS_R_FORMERR); + query_error(client, DNS_R_FORMERR, __LINE__); return; } } + /* + * Turn on minimal response for DNSKEY and DS queries. + */ + if (qtype == dns_rdatatype_dnskey || qtype == dns_rdatatype_ds) + client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | + NS_QUERYATTR_NOADDITIONAL); + /* * If the client has requested that DNSSEC checking be disabled, * allow lookups to return pending data and instruct the resolver * to return data before validation has completed. + * + * We don't need to set DNS_DBFIND_PENDINGOK when validation is + * disabled as there will be no pending data. */ if (message->flags & DNS_MESSAGEFLAG_CD || qtype == dns_rdatatype_rrsig) { client->query.dboptions |= DNS_DBFIND_PENDINGOK; client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE; - } + } else if (!client->view->enablevalidation) + client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE; /* * Allow glue NS records to be added to the authority section @@ -3536,6 +4705,15 @@ ns_query_start(ns_client_t *client) { if (message->flags & DNS_MESSAGEFLAG_CD) client->query.attributes &= ~NS_QUERYATTR_SECURE; + /* + * Set 'want_ad' if the client has set AD in the query. + * This allows AD to be returned on queries without DO set. + */ + if ((message->flags & DNS_MESSAGEFLAG_AD) != 0) + want_ad = ISC_TRUE; + else + want_ad = ISC_FALSE; + /* * This is an ordinary query. */ @@ -3555,10 +4733,10 @@ ns_query_start(ns_client_t *client) { * Set AD. We must clear it if we add non-validated data to a * response. */ - if (client->view->enablednssec) + if (WANTDNSSEC(client) || want_ad) message->flags |= DNS_MESSAGEFLAG_AD; qclient = NULL; ns_client_attach(client, &qclient); - query_find(qclient, NULL, qtype); + (void)query_find(qclient, NULL, qtype); } diff --git a/contrib/bind-9.3/bin/named/server.c b/contrib/bind-9.5.2/bin/named/server.c similarity index 69% rename from contrib/bind-9.3/bin/named/server.c rename to contrib/bind-9.5.2/bin/named/server.c index c4db6131e6..d3fdb01444 100644 --- a/contrib/bind-9.3/bin/named/server.c +++ b/contrib/bind-9.5.2/bin/named/server.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.339.2.15.2.70 2006/05/24 04:30:24 marka Exp $ */ +/* $Id: server.c,v 1.495.10.29 2009/07/11 04:28:14 marka Exp $ */ + +/*! \file */ #include #include +#include #include #include @@ -27,32 +30,43 @@ #include #include #include +#include #include #include +#include #include #include +#include +#include #include #include #include #include #include +#include #include #include +#include #include #include #include #include +#ifdef DLZ +#include +#endif #include #include #include +#include #include #include #include #include #include +#include #include #include #include @@ -61,6 +75,7 @@ #include #include #include +#include #include #include #include @@ -78,6 +93,7 @@ #include #include #include +#include #include #include #include @@ -86,17 +102,17 @@ #include #endif -/* +/*% * Check an operation for failure. Assumes that the function * using it has a 'result' variable and a 'cleanup' label. */ #define CHECK(op) \ - do { result = (op); \ - if (result != ISC_R_SUCCESS) goto cleanup; \ + do { result = (op); \ + if (result != ISC_R_SUCCESS) goto cleanup; \ } while (0) #define CHECKM(op, msg) \ - do { result = (op); \ + do { result = (op); \ if (result != ISC_R_SUCCESS) { \ isc_log_write(ns_g_lctx, \ NS_LOGCATEGORY_GENERAL, \ @@ -109,7 +125,7 @@ } while (0) \ #define CHECKMF(op, msg, file) \ - do { result = (op); \ + do { result = (op); \ if (result != ISC_R_SUCCESS) { \ isc_log_write(ns_g_lctx, \ NS_LOGCATEGORY_GENERAL, \ @@ -122,7 +138,7 @@ } while (0) \ #define CHECKFATAL(op, msg) \ - do { result = (op); \ + do { result = (op); \ if (result != ISC_R_SUCCESS) \ fatal(msg, result); \ } while (0) \ @@ -160,6 +176,55 @@ struct zonelistentry { ISC_LINK(struct zonelistentry) link; }; +/* + * These zones should not leak onto the Internet. + */ +static const struct { + const char *zone; + isc_boolean_t rfc1918; +} empty_zones[] = { +#ifdef notyet + /* RFC 1918 */ + { "10.IN-ADDR.ARPA", ISC_TRUE }, + { "16.172.IN-ADDR.ARPA", ISC_TRUE }, + { "17.172.IN-ADDR.ARPA", ISC_TRUE }, + { "18.172.IN-ADDR.ARPA", ISC_TRUE }, + { "19.172.IN-ADDR.ARPA", ISC_TRUE }, + { "20.172.IN-ADDR.ARPA", ISC_TRUE }, + { "21.172.IN-ADDR.ARPA", ISC_TRUE }, + { "22.172.IN-ADDR.ARPA", ISC_TRUE }, + { "23.172.IN-ADDR.ARPA", ISC_TRUE }, + { "24.172.IN-ADDR.ARPA", ISC_TRUE }, + { "25.172.IN-ADDR.ARPA", ISC_TRUE }, + { "26.172.IN-ADDR.ARPA", ISC_TRUE }, + { "27.172.IN-ADDR.ARPA", ISC_TRUE }, + { "28.172.IN-ADDR.ARPA", ISC_TRUE }, + { "29.172.IN-ADDR.ARPA", ISC_TRUE }, + { "30.172.IN-ADDR.ARPA", ISC_TRUE }, + { "31.172.IN-ADDR.ARPA", ISC_TRUE }, + { "168.192.IN-ADDR.ARPA", ISC_TRUE }, +#endif + + /* RFC 3330 */ + { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */ + { "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */ + { "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */ + { "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */ + { "255.255.255.255.IN-ADDR.ARPA", ISC_FALSE }, /* BROADCAST */ + + /* Local IPv6 Unicast Addresses */ + { "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE }, + { "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", ISC_FALSE }, + /* LOCALLY ASSIGNED LOCAL ADDRESS SCOPE */ + { "D.F.IP6.ARPA", ISC_FALSE }, + { "8.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */ + { "9.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */ + { "A.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */ + { "B.E.F.IP6.ARPA", ISC_FALSE }, /* LINK LOCAL */ + + { NULL, ISC_FALSE } +}; + static void fatal(const char *msg, isc_result_t result); @@ -168,11 +233,11 @@ ns_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - ns_aclconfctx_t *actx, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenelt_t **target); static isc_result_t ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - ns_aclconfctx_t *actx, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenlist_t **target); static isc_result_t @@ -186,19 +251,18 @@ configure_alternates(const cfg_obj_t *config, dns_view_t *view, static isc_result_t configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view, - ns_aclconfctx_t *aclconf); + cfg_aclconfctx_t *aclconf); static void end_reserved_dispatches(ns_server_t *server, isc_boolean_t all); -/* - * Configure a single view ACL at '*aclp'. Get its configuration by - * calling 'getvcacl' (for per-view configuration) and maybe 'getscacl' - * (for a global default). +/*% + * Configure a single view ACL at '*aclp'. Get its configuration from + * 'vconfig' (for per-view configuration) and maybe from 'config' */ static isc_result_t configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config, - const char *aclname, ns_aclconfctx_t *actx, + const char *aclname, cfg_aclconfctx_t *actx, isc_mem_t *mctx, dns_acl_t **aclp) { isc_result_t result; @@ -221,11 +285,56 @@ configure_view_acl(const cfg_obj_t *vconfig, const cfg_obj_t *config, (void)ns_config_get(maps, aclname, &aclobj); if (aclobj == NULL) /* - * No value available. *aclp == NULL. + * No value available. *aclp == NULL. */ return (ISC_R_SUCCESS); - result = ns_acl_fromconfig(aclobj, config, actx, mctx, aclp); + result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, + actx, mctx, 0, aclp); + + return (result); +} + + +/*% + * Configure a sortlist at '*aclp'. Essentially the same as + * configure_view_acl() except it calls cfg_acl_fromconfig with a + * nest_level value of 2. + */ +static isc_result_t +configure_view_sortlist(const cfg_obj_t *vconfig, const cfg_obj_t *config, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + dns_acl_t **aclp) +{ + isc_result_t result; + const cfg_obj_t *maps[3]; + const cfg_obj_t *aclobj = NULL; + int i = 0; + + if (*aclp != NULL) + dns_acl_detach(aclp); + if (vconfig != NULL) + maps[i++] = cfg_tuple_get(vconfig, "options"); + if (config != NULL) { + const cfg_obj_t *options = NULL; + (void)cfg_map_get(config, "options", &options); + if (options != NULL) + maps[i++] = options; + } + maps[i] = NULL; + + (void)ns_config_get(maps, "sortlist", &aclobj); + if (aclobj == NULL) + return (ISC_R_SUCCESS); + + /* + * Use a nest level of 3 for the "top level" of the sortlist; + * this means each entry in the top three levels will be stored + * as lists of separate, nested ACLs, rather than merged together + * into IP tables as is usually done with ACLs. + */ + result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, + actx, mctx, 3, aclp); return (result); } @@ -290,6 +399,13 @@ configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key, keystruct.datalen = r.length; keystruct.data = r.base; + if ((keystruct.algorithm == DST_ALG_RSASHA1 || + keystruct.algorithm == DST_ALG_RSAMD5) && + r.length > 1 && r.base[0] == 1 && r.base[1] == 3) + cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, + "trusted key '%s' has a weak exponent", + keynamestr); + CHECK(dns_rdata_fromstruct(NULL, keystruct.common.rdclass, keystruct.common.rdtype, @@ -326,12 +442,12 @@ configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key, return (result); } -/* +/*% * Configure DNSSEC keys for a view. Currently used only for * the security roots. * * The per-view configuration values and the server-global defaults are read - * from 'vconfig' and 'config'. The variable to be configured is '*target'. + * from 'vconfig' and 'config'. The variable to be configured is '*target'. */ static isc_result_t configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config, @@ -375,7 +491,7 @@ configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config, *target = keytable; /* Transfer ownership. */ keytable = NULL; result = ISC_R_SUCCESS; - + cleanup: return (result); } @@ -391,7 +507,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) isc_boolean_t value; isc_result_t result; isc_buffer_t b; - + dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); for (element = cfg_list_first(mbs); @@ -409,23 +525,25 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) } result = ISC_R_SUCCESS; - + cleanup: return (result); } -/* +/*% * Get a dispatch appropriate for the resolver of a given view. */ static isc_result_t get_view_querysource_dispatch(const cfg_obj_t **maps, - int af, dns_dispatch_t **dispatchp) + int af, dns_dispatch_t **dispatchp, + isc_boolean_t is_firstview) { isc_result_t result; dns_dispatch_t *disp; isc_sockaddr_t sa; unsigned int attrs, attrmask; const cfg_obj_t *obj = NULL; + unsigned int maxdispatchbuffers; /* * Make compiler happy. @@ -477,12 +595,18 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, attrs |= DNS_DISPATCHATTR_IPV6; break; } - - if (isc_sockaddr_getport(&sa) != 0) { + if (isc_sockaddr_getport(&sa) == 0) { + attrs |= DNS_DISPATCHATTR_EXCLUSIVE; + maxdispatchbuffers = 4096; + } else { INSIST(obj != NULL); - cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO, - "using specific query-source port suppresses port " - "randomization and can be insecure."); + if (is_firstview) { + cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO, + "using specific query-source port " + "suppresses port randomization and can be " + "insecure."); + } + maxdispatchbuffers = 1000; } attrmask = 0; @@ -494,7 +618,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, disp = NULL; result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &sa, 4096, - 1024, 32768, 16411, 16433, + maxdispatchbuffers, 32768, 16411, 16433, attrs, attrmask, &disp); if (result != ISC_R_SUCCESS) { isc_sockaddr_t any; @@ -546,7 +670,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) { return (result); obj = cfg_tuple_get(ent, "name"); - if (cfg_obj_isstring(obj)) + if (cfg_obj_isstring(obj)) str = cfg_obj_asstring(obj); else str = "*"; @@ -589,18 +713,17 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) { static isc_result_t configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { - const isc_sockaddr_t *sa; isc_netaddr_t na; dns_peer_t *peer; const cfg_obj_t *obj; const char *str; isc_result_t result; + unsigned int prefixlen; - sa = cfg_obj_assockaddr(cfg_map_getname(cpeer)); - isc_netaddr_fromsockaddr(&na, sa); + cfg_obj_asnetprefix(cfg_map_getname(cpeer), &na, &prefixlen); peer = NULL; - result = dns_peer_new(mctx, &na, &peer); + result = dns_peer_newprefix(mctx, &na, prefixlen, &peer); if (result != ISC_R_SUCCESS) return (result); @@ -619,11 +742,38 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { if (obj != NULL) CHECK(dns_peer_setrequestixfr(peer, cfg_obj_asboolean(obj))); + obj = NULL; + (void)cfg_map_get(cpeer, "request-nsid", &obj); + if (obj != NULL) + CHECK(dns_peer_setrequestnsid(peer, cfg_obj_asboolean(obj))); + obj = NULL; (void)cfg_map_get(cpeer, "edns", &obj); if (obj != NULL) CHECK(dns_peer_setsupportedns(peer, cfg_obj_asboolean(obj))); + obj = NULL; + (void)cfg_map_get(cpeer, "edns-udp-size", &obj); + if (obj != NULL) { + isc_uint32_t udpsize = cfg_obj_asuint32(obj); + if (udpsize < 512) + udpsize = 512; + if (udpsize > 4096) + udpsize = 4096; + CHECK(dns_peer_setudpsize(peer, (isc_uint16_t)udpsize)); + } + + obj = NULL; + (void)cfg_map_get(cpeer, "max-udp-size", &obj); + if (obj != NULL) { + isc_uint32_t udpsize = cfg_obj_asuint32(obj); + if (udpsize < 512) + udpsize = 512; + if (udpsize > 4096) + udpsize = 4096; + CHECK(dns_peer_setmaxudp(peer, (isc_uint16_t)udpsize)); + } + obj = NULL; (void)cfg_map_get(cpeer, "transfers", &obj); if (obj != NULL) @@ -652,7 +802,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { } obj = NULL; - if (isc_sockaddr_pf(sa) == AF_INET) + if (na.family == AF_INET) (void)cfg_map_get(cpeer, "transfer-source", &obj); else (void)cfg_map_get(cpeer, "transfer-source-v6", &obj); @@ -661,7 +811,35 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) { cfg_obj_assockaddr(obj)); if (result != ISC_R_SUCCESS) goto cleanup; + ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); + } + + obj = NULL; + if (na.family == AF_INET) + (void)cfg_map_get(cpeer, "notify-source", &obj); + else + (void)cfg_map_get(cpeer, "notify-source-v6", &obj); + if (obj != NULL) { + result = dns_peer_setnotifysource(peer, + cfg_obj_assockaddr(obj)); + if (result != ISC_R_SUCCESS) + goto cleanup; + ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); + } + + obj = NULL; + if (na.family == AF_INET) + (void)cfg_map_get(cpeer, "query-source", &obj); + else + (void)cfg_map_get(cpeer, "query-source-v6", &obj); + if (obj != NULL) { + result = dns_peer_setquerysource(peer, + cfg_obj_assockaddr(obj)); + if (result != ISC_R_SUCCESS) + goto cleanup; + ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); } + *peerp = peer; return (ISC_R_SUCCESS); @@ -716,6 +894,103 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { return (result); } +static isc_boolean_t +on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) { + const cfg_listelt_t *element; + dns_fixedname_t fixed; + dns_name_t *name; + isc_result_t result; + const cfg_obj_t *value; + const char *str; + isc_buffer_t b; + + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + + for (element = cfg_list_first(disablelist); + element != NULL; + element = cfg_list_next(element)) + { + value = cfg_listelt_value(element); + str = cfg_obj_asstring(value); + isc_buffer_init(&b, str, strlen(str)); + isc_buffer_add(&b, strlen(str)); + result = dns_name_fromtext(name, &b, dns_rootname, + ISC_TRUE, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (dns_name_equal(name, zonename)) + return (ISC_TRUE); + } + return (ISC_FALSE); +} + +static void +check_dbtype(dns_zone_t **zonep, unsigned int dbtypec, const char **dbargv, + isc_mem_t *mctx) +{ + char **argv = NULL; + unsigned int i; + isc_result_t result; + + result = dns_zone_getdbtype(*zonep, &argv, mctx); + if (result != ISC_R_SUCCESS) { + dns_zone_detach(zonep); + return; + } + + /* + * Check that all the arguments match. + */ + for (i = 0; i < dbtypec; i++) + if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) { + dns_zone_detach(zonep); + break; + } + + /* + * Check that there are not extra arguments. + */ + if (i == dbtypec && argv[i] != NULL) + dns_zone_detach(zonep); + isc_mem_free(mctx, argv); +} + +static isc_result_t +setquerystats(dns_zone_t *zone, isc_mem_t *mctx, isc_boolean_t on) { + isc_result_t result; + isc_stats_t *zoneqrystats; + + zoneqrystats = NULL; + if (on) { + result = isc_stats_create(mctx, &zoneqrystats, + dns_nsstatscounter_max); + if (result != ISC_R_SUCCESS) + return (result); + } + dns_zone_setrequeststats(zone, zoneqrystats); + if (zoneqrystats != NULL) + isc_stats_detach(&zoneqrystats); + + return (ISC_R_SUCCESS); +} + +static isc_boolean_t +cache_reusable(dns_view_t *originview, dns_view_t *view, + isc_boolean_t new_zero_no_soattl) +{ + if (originview->checknames != view->checknames || + dns_resolver_getzeronosoattl(originview->resolver) != + new_zero_no_soattl || + originview->acceptexpired != view->acceptexpired || + originview->enablevalidation != view->enablevalidation || + originview->maxcachettl != view->maxcachettl || + originview->maxncachettl != view->maxncachettl) { + return (ISC_FALSE); + } + + return (ISC_TRUE); +} + /* * Configure 'view' according to 'vconfig', taking defaults from 'config' * where values are missing in 'vconfig'. @@ -725,8 +1000,8 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { */ static isc_result_t configure_view(dns_view_t *view, const cfg_obj_t *config, - const cfg_obj_t *vconfig, isc_mem_t *mctx, ns_aclconfctx_t *actx, - isc_boolean_t need_hints) + const cfg_obj_t *vconfig, isc_mem_t *mctx, + cfg_aclconfctx_t *actx, isc_boolean_t need_hints) { const cfg_obj_t *maps[4]; const cfg_obj_t *cfgmaps[3]; @@ -736,6 +1011,11 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, const cfg_obj_t *forwarders; const cfg_obj_t *alternates; const cfg_obj_t *zonelist; +#ifdef DLZ + const cfg_obj_t *dlz; + unsigned int dlzargc; + char **dlzargv; +#endif const cfg_obj_t *disabled; const cfg_obj_t *obj; const cfg_listelt_t *element; @@ -744,6 +1024,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, isc_result_t result; isc_uint32_t max_adb_size; isc_uint32_t max_cache_size; + isc_uint32_t max_acache_size; isc_uint32_t lame_ttl; dns_tsig_keyring_t *ring; dns_view_t *pview = NULL; /* Production view */ @@ -755,7 +1036,18 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, const char *str; dns_order_t *order = NULL; isc_uint32_t udpsize; - unsigned int check = 0; + unsigned int resopts = 0; + dns_zone_t *zone = NULL; + isc_uint32_t max_clients_per_query; + const char *sep = ": view "; + const char *viewname = view->name; + const char *forview = " for view "; + isc_boolean_t rfc1918; + isc_boolean_t empty_zones_enable; + const cfg_obj_t *disablelist = NULL; + isc_stats_t *resstats = NULL; + dns_stats_t *resquerystats = NULL; + isc_boolean_t zero_no_soattl; REQUIRE(DNS_VIEW_VALID(view)); @@ -781,12 +1073,65 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, cfgmaps[i++] = config; cfgmaps[i] = NULL; + if (!strcmp(viewname, "_default")) { + sep = ""; + viewname = ""; + forview = ""; + } + /* * Set the view's port number for outgoing queries. */ CHECKM(ns_config_getport(config, &port), "port"); dns_view_setdstport(view, port); + /* + * Create additional cache for this view and zones under the view + * if explicitly enabled. + * XXX950 default to on. + */ + obj = NULL; + (void)ns_config_get(maps, "acache-enable", &obj); + if (obj != NULL && cfg_obj_asboolean(obj)) { + cmctx = NULL; + CHECK(isc_mem_create(0, 0, &cmctx)); + CHECK(dns_acache_create(&view->acache, cmctx, ns_g_taskmgr, + ns_g_timermgr)); + isc_mem_setname(cmctx, "acache", NULL); + isc_mem_detach(&cmctx); + } + if (view->acache != NULL) { + obj = NULL; + result = ns_config_get(maps, "acache-cleaning-interval", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_acache_setcleaninginterval(view->acache, + cfg_obj_asuint32(obj) * 60); + + obj = NULL; + result = ns_config_get(maps, "max-acache-size", &obj); + INSIST(result == ISC_R_SUCCESS); + if (cfg_obj_isstring(obj)) { + str = cfg_obj_asstring(obj); + INSIST(strcasecmp(str, "unlimited") == 0); + max_acache_size = ISC_UINT32_MAX; + } else { + isc_resourcevalue_t value; + + value = cfg_obj_asuint64(obj); + if (value > ISC_UINT32_MAX) { + cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR, + "'max-acache-size " + "%" ISC_PRINT_QUADFORMAT + "d' is too large", + value); + result = ISC_R_RANGE; + goto cleanup; + } + max_acache_size = (isc_uint32_t)value; + } + dns_acache_setcachesize(view->acache, max_acache_size); + } + /* * Configure the zones. */ @@ -804,18 +1149,110 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, actx)); } +#ifdef DLZ + /* + * Create Dynamically Loadable Zone driver. + */ + dlz = NULL; + if (voptions != NULL) + (void)cfg_map_get(voptions, "dlz", &dlz); + else + (void)cfg_map_get(config, "dlz", &dlz); + + obj = NULL; + if (dlz != NULL) { + (void)cfg_map_get(cfg_tuple_get(dlz, "options"), + "database", &obj); + if (obj != NULL) { + char *s = isc_mem_strdup(mctx, cfg_obj_asstring(obj)); + if (s == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + + result = dns_dlzstrtoargv(mctx, s, &dlzargc, &dlzargv); + if (result != ISC_R_SUCCESS) { + isc_mem_free(mctx, s); + goto cleanup; + } + + obj = cfg_tuple_get(dlz, "name"); + result = dns_dlzcreate(mctx, cfg_obj_asstring(obj), + dlzargv[0], dlzargc, dlzargv, + &view->dlzdatabase); + isc_mem_free(mctx, s); + isc_mem_put(mctx, dlzargv, dlzargc * sizeof(*dlzargv)); + if (result != ISC_R_SUCCESS) + goto cleanup; + } + } +#endif + + /* + * Obtain configuration parameters that affect the decision of whether + * we can reuse/share an existing cache. + */ + /* Check-names. */ + obj = NULL; + result = ns_checknames_get(maps, "response", &obj); + INSIST(result == ISC_R_SUCCESS); + + str = cfg_obj_asstring(obj); + if (strcasecmp(str, "fail") == 0) { + resopts |= DNS_RESOLVER_CHECKNAMES | + DNS_RESOLVER_CHECKNAMESFAIL; + view->checknames = ISC_TRUE; + } else if (strcasecmp(str, "warn") == 0) { + resopts |= DNS_RESOLVER_CHECKNAMES; + view->checknames = ISC_FALSE; + } else if (strcasecmp(str, "ignore") == 0) { + view->checknames = ISC_FALSE; + } else + INSIST(0); + + obj = NULL; + result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj); + INSIST(result == ISC_R_SUCCESS); + zero_no_soattl = cfg_obj_asboolean(obj); + + obj = NULL; + result = ns_config_get(maps, "dnssec-accept-expired", &obj); + INSIST(result == ISC_R_SUCCESS); + view->acceptexpired = cfg_obj_asboolean(obj); + + obj = NULL; + result = ns_config_get(maps, "dnssec-validation", &obj); + INSIST(result == ISC_R_SUCCESS); + view->enablevalidation = cfg_obj_asboolean(obj); + + obj = NULL; + result = ns_config_get(maps, "max-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->maxcachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "max-ncache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->maxncachettl = cfg_obj_asuint32(obj); + if (view->maxncachettl > 7 * 24 * 3600) + view->maxncachettl = 7 * 24 * 3600; + /* * Configure the view's cache. Try to reuse an existing * cache if possible, otherwise create a new cache. * Note that the ADB is not preserved in either case. + * When a matching view is found, the associated statistics are + * also retrieved and reused. * - * XXX Determining when it is safe to reuse a cache is - * tricky. When the view's configuration changes, the cached - * data may become invalid because it reflects our old - * view of the world. As more view attributes become - * configurable, we will have to add code here to check - * whether they have changed in ways that could - * invalidate the cache. + * XXX Determining when it is safe to reuse a cache is tricky. + * When the view's configuration changes, the cached data may become + * invalid because it reflects our old view of the world. We check + * some of the configuration parameters that could invalidate the cache, + * but there are other configuration options that should be checked. + * For example, if a view uses a forwarder, changes in the forwarder + * configuration may invalidate the cache. At the moment, it's the + * administrator's responsibility to ensure these configuration options + * don't invalidate reusing. */ result = dns_viewlist_find(&ns_g_server->viewlist, view->name, view->rdclass, @@ -823,17 +1260,29 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) goto cleanup; if (pview != NULL) { - INSIST(pview->cache != NULL); - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(3), - "reusing existing cache"); - reused_cache = ISC_TRUE; - dns_cache_attach(pview->cache, &cache); + if (cache_reusable(pview, view, zero_no_soattl)) { + INSIST(pview->cache != NULL); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(3), + "reusing existing cache"); + reused_cache = ISC_TRUE; + dns_cache_attach(pview->cache, &cache); + } else { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), + "cache cannot be reused for view %s " + "due to configuration parameter mismatch", + view->name); + } + dns_view_getresstats(pview, &resstats); + dns_view_getresquerystats(pview, &resquerystats); dns_view_detach(&pview); - } else { + } + if (cache == NULL) { CHECK(isc_mem_create(0, 0, &cmctx)); CHECK(dns_cache_create(cmctx, ns_g_taskmgr, ns_g_timermgr, view->rdclass, "rbt", 0, NULL, &cache)); + isc_mem_setname(cmctx, "cache", NULL); } dns_view_setcache(view, cache); @@ -878,34 +1327,17 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, dns_cache_detach(&cache); - /* - * Check-names. - */ - obj = NULL; - result = ns_checknames_get(maps, "response", &obj); - INSIST(result == ISC_R_SUCCESS); - - str = cfg_obj_asstring(obj); - if (strcasecmp(str, "fail") == 0) { - check = DNS_RESOLVER_CHECKNAMES | - DNS_RESOLVER_CHECKNAMESFAIL; - view->checknames = ISC_TRUE; - } else if (strcasecmp(str, "warn") == 0) { - check = DNS_RESOLVER_CHECKNAMES; - view->checknames = ISC_FALSE; - } else if (strcasecmp(str, "ignore") == 0) { - check = 0; - view->checknames = ISC_FALSE; - } else - INSIST(0); - /* * Resolver. * * XXXRTH Hardwired number of tasks. */ - CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4)); - CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6)); + CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4, + ISC_TF(ISC_LIST_PREV(view, link) + == NULL))); + CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6, + ISC_TF(ISC_LIST_PREV(view, link) + == NULL))); if (dispatch4 == NULL && dispatch6 == NULL) { UNEXPECTED_ERROR(__FILE__, __LINE__, "unable to obtain neither an IPv4 nor" @@ -915,9 +1347,18 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, } CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31, ns_g_socketmgr, ns_g_timermgr, - check, ns_g_dispatchmgr, + resopts, ns_g_dispatchmgr, dispatch4, dispatch6)); + if (resstats == NULL) { + CHECK(isc_stats_create(mctx, &resstats, + dns_resstatscounter_max)); + } + dns_view_setresstats(view, resstats); + if (resquerystats == NULL) + CHECK(dns_rdatatypestats_create(mctx, &resquerystats)); + dns_view_setresquerystats(view, resquerystats); + /* * Set the ADB cache size to 1/8th of the max-cache-size. */ @@ -939,7 +1380,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (lame_ttl > 1800) lame_ttl = 1800; dns_resolver_setlamettl(view->resolver, lame_ttl); - + /* * Set the resolver's EDNS UDP size. */ @@ -952,7 +1393,20 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (udpsize > 4096) udpsize = 4096; dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize); - + + /* + * Set the maximum UDP response size. + */ + obj = NULL; + result = ns_config_get(maps, "max-udp-size", &obj); + INSIST(result == ISC_R_SUCCESS); + udpsize = cfg_obj_asuint32(obj); + if (udpsize < 512) + udpsize = 512; + if (udpsize > 4096) + udpsize = 4096; + view->maxudp = udpsize; + /* * Set supported DNSSEC algorithms. */ @@ -976,7 +1430,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, (void)ns_config_get(maps, "forward", &forwardtype); (void)ns_config_get(maps, "forwarders", &forwarders); if (forwarders != NULL) - CHECK(configure_forward(config, view, dns_rootname, + CHECK(configure_forward(config, view, dns_rootname, forwarders, forwardtype)); /* @@ -996,7 +1450,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, /* * If we still have no hints, this is a non-IN view with no * "hints zone" configured. Issue a warning, except if this - * is a root server. Root servers never need to consult + * is a root server. Root servers never need to consult * their hints, so it's no point requiring users to configure * them. */ @@ -1119,7 +1573,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, view->transfer_format = dns_one_answer; else INSIST(0); - + /* * Set sources where additional data and CNAME/DNAME * targets for authoritative answers may be found. @@ -1146,37 +1600,96 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, view->additionalfromcache = ISC_TRUE; } - CHECK(configure_view_acl(vconfig, config, "allow-query", + /* + * Set "allow-query-cache", "allow-query-cache-on", + * "allow-recursion", and "allow-recursion-on" acls if + * configured in named.conf. + */ + CHECK(configure_view_acl(vconfig, config, "allow-query-cache", actx, ns_g_mctx, &view->queryacl)); - - if (strcmp(view->name, "_bind") != 0) + CHECK(configure_view_acl(vconfig, config, "allow-query-cache-on", + actx, ns_g_mctx, &view->queryonacl)); + if (view->queryonacl == NULL) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-query-cache-on", actx, + ns_g_mctx, &view->queryonacl)); + if (strcmp(view->name, "_bind") != 0) { CHECK(configure_view_acl(vconfig, config, "allow-recursion", - actx, ns_g_mctx, &view->recursionacl)); + actx, ns_g_mctx, + &view->recursionacl)); + CHECK(configure_view_acl(vconfig, config, "allow-recursion-on", + actx, ns_g_mctx, + &view->recursiononacl)); + } /* - * Warning if both "recursion no;" and allow-recursion are active - * except for "allow-recursion { none; };". + * "allow-query-cache" inherits from "allow-recursion" if set, + * otherwise from "allow-query" if set. + * "allow-recursion" inherits from "allow-query-cache" if set, + * otherwise from "allow-query" if set. */ - if (!view->recursion && view->recursionacl != NULL && - (view->recursionacl->length != 1 || - view->recursionacl->elements[0].type != dns_aclelementtype_any || - view->recursionacl->elements[0].negative != ISC_TRUE)) { - const char *forview = " for view "; - const char *viewname = view->name; - - if (!strcmp(view->name, "_bind") || - !strcmp(view->name, "_default")) { - forview = ""; - viewname = ""; - } - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_WARNING, - "both \"recursion no;\" and \"allow-recursion\" " - "active%s%s", forview, viewname); - } + if (view->queryacl == NULL && view->recursionacl != NULL) + dns_acl_attach(view->recursionacl, &view->queryacl); + if (view->queryacl == NULL && view->recursion) + CHECK(configure_view_acl(vconfig, config, "allow-query", + actx, ns_g_mctx, &view->queryacl)); + if (view->recursion && + view->recursionacl == NULL && view->queryacl != NULL) + dns_acl_attach(view->queryacl, &view->recursionacl); - CHECK(configure_view_acl(vconfig, config, "sortlist", - actx, ns_g_mctx, &view->sortlist)); + /* + * Set default "allow-recursion", "allow-recursion-on" and + * "allow-query-cache" acls. + */ + if (view->recursionacl == NULL && view->recursion) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-recursion", + actx, ns_g_mctx, + &view->recursionacl)); + if (view->recursiononacl == NULL && view->recursion) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-recursion-on", + actx, ns_g_mctx, + &view->recursiononacl)); + if (view->queryacl == NULL) { + if (view->recursion) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-query-cache", actx, + ns_g_mctx, &view->queryacl)); + else { + if (view->queryacl != NULL) + dns_acl_detach(&view->queryacl); + CHECK(dns_acl_none(ns_g_mctx, &view->queryacl)); + } + } + + /* + * Configure sortlist, if set + */ + CHECK(configure_view_sortlist(vconfig, config, actx, ns_g_mctx, + &view->sortlist)); + + /* + * Configure default allow-transfer, allow-notify, allow-update + * and allow-update-forwarding ACLs, if set, so they can be + * inherited by zones. + */ + if (view->notifyacl == NULL) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-notify", actx, + ns_g_mctx, &view->notifyacl)); + if (view->transferacl == NULL) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-transfer", actx, + ns_g_mctx, &view->transferacl)); + if (view->updateacl == NULL) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-update", actx, + ns_g_mctx, &view->updateacl)); + if (view->upfwdacl == NULL) + CHECK(configure_view_acl(NULL, ns_g_config, + "allow-update-forwarding", actx, + ns_g_mctx, &view->upfwdacl)); obj = NULL; result = ns_config_get(maps, "request-ixfr", &obj); @@ -1187,7 +1700,24 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, result = ns_config_get(maps, "provide-ixfr", &obj); INSIST(result == ISC_R_SUCCESS); view->provideixfr = cfg_obj_asboolean(obj); - + + obj = NULL; + result = ns_config_get(maps, "request-nsid", &obj); + INSIST(result == ISC_R_SUCCESS); + view->requestnsid = cfg_obj_asboolean(obj); + + obj = NULL; + result = ns_config_get(maps, "max-clients-per-query", &obj); + INSIST(result == ISC_R_SUCCESS); + max_clients_per_query = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "clients-per-query", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setclientsperquery(view->resolver, + cfg_obj_asuint32(obj), + max_clients_per_query); + obj = NULL; result = ns_config_get(maps, "dnssec-enable", &obj); INSIST(result == ISC_R_SUCCESS); @@ -1239,27 +1769,13 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, * For now, there is only one kind of trusted keys, the * "security roots". */ - if (view->enablednssec) { - CHECK(configure_view_dnsseckeys(vconfig, config, mctx, - &view->secroots)); - dns_resolver_resetmustbesecure(view->resolver); - obj = NULL; - result = ns_config_get(maps, "dnssec-must-be-secure", &obj); - if (result == ISC_R_SUCCESS) - CHECK(mustbesecure(obj, view->resolver)); - } - - obj = NULL; - result = ns_config_get(maps, "max-cache-ttl", &obj); - INSIST(result == ISC_R_SUCCESS); - view->maxcachettl = cfg_obj_asuint32(obj); - + CHECK(configure_view_dnsseckeys(vconfig, config, mctx, + &view->secroots)); + dns_resolver_resetmustbesecure(view->resolver); obj = NULL; - result = ns_config_get(maps, "max-ncache-ttl", &obj); - INSIST(result == ISC_R_SUCCESS); - view->maxncachettl = cfg_obj_asuint32(obj); - if (view->maxncachettl > 7 * 24 * 3600) - view->maxncachettl = 7 * 24 * 3600; + result = ns_config_get(maps, "dnssec-must-be-secure", &obj); + if (result == ISC_R_SUCCESS) + CHECK(mustbesecure(obj, view->resolver)); obj = NULL; result = ns_config_get(maps, "preferred-glue", &obj); @@ -1303,13 +1819,202 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, } else dns_view_setrootdelonly(view, ISC_FALSE); + /* + * Setup automatic empty zones. If recursion is off then + * they are disabled by default. + */ + obj = NULL; + (void)ns_config_get(maps, "empty-zones-enable", &obj); + (void)ns_config_get(maps, "disable-empty-zone", &disablelist); + if (obj == NULL && disablelist == NULL && + view->rdclass == dns_rdataclass_in) { + rfc1918 = ISC_FALSE; + empty_zones_enable = view->recursion; + } else if (view->rdclass == dns_rdataclass_in) { + rfc1918 = ISC_TRUE; + if (obj != NULL) + empty_zones_enable = cfg_obj_asboolean(obj); + else + empty_zones_enable = view->recursion; + } else { + rfc1918 = ISC_FALSE; + empty_zones_enable = ISC_FALSE; + } + if (empty_zones_enable) { + const char *empty; + int empty_zone = 0; + dns_fixedname_t fixed; + dns_name_t *name; + isc_buffer_t buffer; + const char *str; + char server[DNS_NAME_FORMATSIZE + 1]; + char contact[DNS_NAME_FORMATSIZE + 1]; + isc_boolean_t logit; + const char *empty_dbtype[4] = + { "_builtin", "empty", NULL, NULL }; + int empty_dbtypec = 4; + isc_boolean_t zonestats_on; + + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + + obj = NULL; + result = ns_config_get(maps, "empty-server", &obj); + if (result == ISC_R_SUCCESS) { + str = cfg_obj_asstring(obj); + isc_buffer_init(&buffer, str, strlen(str)); + isc_buffer_add(&buffer, strlen(str)); + CHECK(dns_name_fromtext(name, &buffer, dns_rootname, + ISC_FALSE, NULL)); + isc_buffer_init(&buffer, server, sizeof(server) - 1); + CHECK(dns_name_totext(name, ISC_FALSE, &buffer)); + server[isc_buffer_usedlength(&buffer)] = 0; + empty_dbtype[2] = server; + } else + empty_dbtype[2] = "@"; + + obj = NULL; + result = ns_config_get(maps, "empty-contact", &obj); + if (result == ISC_R_SUCCESS) { + str = cfg_obj_asstring(obj); + isc_buffer_init(&buffer, str, strlen(str)); + isc_buffer_add(&buffer, strlen(str)); + CHECK(dns_name_fromtext(name, &buffer, dns_rootname, + ISC_FALSE, NULL)); + isc_buffer_init(&buffer, contact, sizeof(contact) - 1); + CHECK(dns_name_totext(name, ISC_FALSE, &buffer)); + contact[isc_buffer_usedlength(&buffer)] = 0; + empty_dbtype[3] = contact; + } else + empty_dbtype[3] = "."; + + obj = NULL; + result = ns_config_get(maps, "zone-statistics", &obj); + INSIST(result == ISC_R_SUCCESS); + zonestats_on = cfg_obj_asboolean(obj); + + logit = ISC_TRUE; + for (empty = empty_zones[empty_zone].zone; + empty != NULL; + empty = empty_zones[++empty_zone].zone) + { + dns_forwarders_t *forwarders = NULL; + dns_view_t *pview = NULL; + + isc_buffer_init(&buffer, empty, strlen(empty)); + isc_buffer_add(&buffer, strlen(empty)); + /* + * Look for zone on drop list. + */ + CHECK(dns_name_fromtext(name, &buffer, dns_rootname, + ISC_FALSE, NULL)); + if (disablelist != NULL && + on_disable_list(disablelist, name)) + continue; + + /* + * This zone already exists. + */ + (void)dns_view_findzone(view, name, &zone); + if (zone != NULL) { + CHECK(setquerystats(zone, mctx, zonestats_on)); + dns_zone_detach(&zone); + continue; + } + + /* + * If we would forward this name don't add a + * empty zone for it. + */ + result = dns_fwdtable_find(view->fwdtable, name, + &forwarders); + if (result == ISC_R_SUCCESS && + forwarders->fwdpolicy == dns_fwdpolicy_only) + continue; + + if (!rfc1918 && empty_zones[empty_zone].rfc1918) { + if (logit) { + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_WARNING, + "Warning%s%s: " + "'empty-zones-enable/" + "disable-empty-zone' " + "not set: disabling " + "RFC 1918 empty zones", + sep, viewname); + logit = ISC_FALSE; + } + continue; + } + + /* + * See if we can re-use a existing zone. + */ + result = dns_viewlist_find(&ns_g_server->viewlist, + view->name, view->rdclass, + &pview); + if (result != ISC_R_NOTFOUND && + result != ISC_R_SUCCESS) + goto cleanup; + + if (pview != NULL) { + (void)dns_view_findzone(pview, name, &zone); + dns_view_detach(&pview); + if (zone != NULL) + check_dbtype(&zone, empty_dbtypec, + empty_dbtype, mctx); + if (zone != NULL) { + dns_zone_setview(zone, view); + CHECK(dns_view_addzone(view, zone)); + CHECK(setquerystats(zone, mctx, + zonestats_on)); + dns_zone_detach(&zone); + continue; + } + } + + CHECK(dns_zone_create(&zone, mctx)); + CHECK(dns_zone_setorigin(zone, name)); + dns_zone_setview(zone, view); + CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone)); + dns_zone_setclass(zone, view->rdclass); + dns_zone_settype(zone, dns_zone_master); + dns_zone_setstats(zone, ns_g_server->zonestats); + CHECK(dns_zone_setdbtype(zone, empty_dbtypec, + empty_dbtype)); + if (view->queryacl != NULL) + dns_zone_setqueryacl(zone, view->queryacl); + if (view->queryonacl != NULL) + dns_zone_setqueryonacl(zone, view->queryonacl); + dns_zone_setdialup(zone, dns_dialuptype_no); + dns_zone_setnotifytype(zone, dns_notifytype_no); + dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, + ISC_TRUE); + CHECK(setquerystats(zone, mctx, zonestats_on)); + CHECK(dns_view_addzone(view, zone)); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "automatic empty zone%s%s: %s", + sep, viewname, empty); + dns_zone_detach(&zone); + } + } + result = ISC_R_SUCCESS; cleanup: + if (zone != NULL) + dns_zone_detach(&zone); if (dispatch4 != NULL) dns_dispatch_detach(&dispatch4); if (dispatch6 != NULL) dns_dispatch_detach(&dispatch6); + if (resstats != NULL) + isc_stats_detach(&resstats); + if (resquerystats != NULL) + dns_stats_detach(&resquerystats); if (order != NULL) dns_order_detach(&order); if (cmctx != NULL) @@ -1434,6 +2139,8 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, isc_result_t result; in_port_t port; + ISC_LIST_INIT(addresses); + /* * Determine which port to send forwarded requests to. */ @@ -1459,8 +2166,6 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, if (forwarders != NULL) faddresses = cfg_tuple_get(forwarders, "addresses"); - ISC_LIST_INIT(addresses); - for (element = cfg_list_first(faddresses); element != NULL; element = cfg_list_next(element)) @@ -1571,7 +2276,7 @@ create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, static isc_result_t configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, isc_mem_t *mctx, dns_view_t *view, - ns_aclconfctx_t *aclconf) + cfg_aclconfctx_t *aclconf) { dns_view_t *pview = NULL; /* Production view */ dns_zone_t *zone = NULL; /* New or reused zone */ @@ -1616,7 +2321,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, "name")); else vname = ""; - + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "zone '%s': wrong class for view '%s'", @@ -1736,10 +2441,8 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, result = dns_view_findzone(pview, origin, &zone); if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) goto cleanup; - if (zone != NULL) { - if (! ns_zone_reusable(zone, zconfig)) - dns_zone_detach(&zone); - } + if (zone != NULL && !ns_zone_reusable(zone, zconfig)) + dns_zone_detach(&zone); if (zone != NULL) { /* @@ -1747,6 +2450,8 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, * new view. */ dns_zone_setview(zone, view); + if (view->acache != NULL) + dns_zone_setacache(zone, view->acache); } else { /* * We cannot reuse an existing zone, we have @@ -1755,7 +2460,10 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, CHECK(dns_zone_create(&zone, mctx)); CHECK(dns_zone_setorigin(zone, origin)); dns_zone_setview(zone, view); + if (view->acache != NULL) + dns_zone_setacache(zone, view->acache); CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone)); + dns_zone_setstats(zone, ns_g_server->zonestats); } /* @@ -1871,25 +2579,23 @@ add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr, { ns_listenelt_t *lelt = NULL; dns_acl_t *src_acl = NULL; - dns_aclelement_t aelt; isc_result_t result; isc_sockaddr_t any_sa6; + isc_netaddr_t netaddr; REQUIRE(isc_sockaddr_pf(addr) == AF_INET6); isc_sockaddr_any6(&any_sa6); if (!isc_sockaddr_equal(&any_sa6, addr) && (wcardport_ok || isc_sockaddr_getport(addr) != 0)) { - aelt.type = dns_aclelementtype_ipprefix; - aelt.negative = ISC_FALSE; - aelt.u.ip_prefix.prefixlen = 128; - isc_netaddr_fromin6(&aelt.u.ip_prefix.address, - &addr->type.sin6.sin6_addr); + isc_netaddr_fromin6(&netaddr, &addr->type.sin6.sin6_addr); - result = dns_acl_create(mctx, 1, &src_acl); + result = dns_acl_create(mctx, 0, &src_acl); if (result != ISC_R_SUCCESS) return (result); - result = dns_acl_appendelement(src_acl, &aelt); + + result = dns_iptable_addprefix(src_acl->iptable, + &netaddr, 128, ISC_TRUE); if (result != ISC_R_SUCCESS) goto clean; @@ -1988,7 +2694,7 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) { } ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE); - + clean: ns_listenlist_detach(&list); return; @@ -2040,6 +2746,21 @@ heartbeat_timer_tick(isc_task_t *task, isc_event_t *event) { } } +static void +pps_timer_tick(isc_task_t *task, isc_event_t *event) { + static unsigned int oldrequests = 0; + unsigned int requests = ns_client_requests; + + UNUSED(task); + isc_event_free(&event); + + /* + * Don't worry about wrapping as the overflow result will be right. + */ + dns_pps = (requests - oldrequests) / 1200; + oldrequests = requests; +} + /* * Replace the current value of '*field', a dynamically allocated * string or NULL, with a dynamically allocated copy of the @@ -2062,7 +2783,7 @@ setstring(ns_server_t *server, char **field, const char *value) { *field = copy; return (ISC_R_SUCCESS); -} +} /* * Replace the current value of '*field', a dynamically allocated @@ -2104,7 +2825,7 @@ set_limit(const cfg_obj_t **maps, const char *configname, result = isc_resource_setlimit(resourceid, value); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, result == ISC_R_SUCCESS ? - ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, + ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, "set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s", description, value, isc_result_totext(result)); } @@ -2121,57 +2842,105 @@ set_limits(const cfg_obj_t **maps) { SETLIMIT("files", openfiles, "open files"); } -static isc_result_t -portlist_fromconf(dns_portlist_t *portlist, unsigned int family, - const cfg_obj_t *ports) +static void +portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports, + isc_boolean_t positive) { const cfg_listelt_t *element; - isc_result_t result = ISC_R_SUCCESS; for (element = cfg_list_first(ports); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *obj = cfg_listelt_value(element); - in_port_t port = (in_port_t)cfg_obj_asuint32(obj); - - result = dns_portlist_add(portlist, family, port); - if (result != ISC_R_SUCCESS) - break; + + if (cfg_obj_isuint32(obj)) { + in_port_t port = (in_port_t)cfg_obj_asuint32(obj); + + if (positive) + isc_portset_add(portset, port); + else + isc_portset_remove(portset, port); + } else { + const cfg_obj_t *obj_loport, *obj_hiport; + in_port_t loport, hiport; + + obj_loport = cfg_tuple_get(obj, "loport"); + loport = (in_port_t)cfg_obj_asuint32(obj_loport); + obj_hiport = cfg_tuple_get(obj, "hiport"); + hiport = (in_port_t)cfg_obj_asuint32(obj_hiport); + + if (positive) + isc_portset_addrange(portset, loport, hiport); + else { + isc_portset_removerange(portset, loport, + hiport); + } + } } - return (result); +} + +static isc_result_t +removed(dns_zone_t *zone, void *uap) { + const char *type; + + if (dns_zone_getview(zone) != uap) + return (ISC_R_SUCCESS); + + switch (dns_zone_gettype(zone)) { + case dns_zone_master: + type = "master"; + break; + case dns_zone_slave: + type = "slave"; + break; + case dns_zone_stub: + type = "stub"; + break; + default: + type = "other"; + break; + } + dns_zone_log(zone, ISC_LOG_INFO, "(%s) removed", type); + return (ISC_R_SUCCESS); } static isc_result_t load_configuration(const char *filename, ns_server_t *server, isc_boolean_t first_time) { - isc_result_t result; - cfg_parser_t *parser = NULL; + cfg_aclconfctx_t aclconfctx; cfg_obj_t *config; + cfg_parser_t *parser = NULL; + const cfg_listelt_t *element; + const cfg_obj_t *builtin_views; + const cfg_obj_t *maps[3]; + const cfg_obj_t *obj; const cfg_obj_t *options; + const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports; const cfg_obj_t *views; - const cfg_obj_t *obj; - const cfg_obj_t *v4ports, *v6ports; - const cfg_obj_t *maps[3]; - const cfg_obj_t *builtin_views; - const cfg_listelt_t *element; dns_view_t *view = NULL; dns_view_t *view_next; - dns_viewlist_t viewlist; dns_viewlist_t tmpviewlist; - ns_aclconfctx_t aclconfctx; - isc_uint32_t interface_interval; + dns_viewlist_t viewlist; + in_port_t listen_port, udpport_low, udpport_high; + int i; + isc_interval_t interval; + isc_portset_t *v4portset = NULL; + isc_portset_t *v6portset = NULL; + isc_resourcevalue_t nfiles; + isc_result_t result; isc_uint32_t heartbeat_interval; + isc_uint32_t interface_interval; + isc_uint32_t reserved; isc_uint32_t udpsize; - in_port_t listen_port; - int i; + unsigned int maxsocks; - ns_aclconfctx_init(&aclconfctx); + cfg_aclconfctx_init(&aclconfctx); ISC_LIST_INIT(viewlist); /* Ensure exclusive access to configuration data. */ result = isc_task_beginexclusive(server->task); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + RUNTIME_CHECK(result == ISC_R_SUCCESS); /* * Parse the global default pseudo-config file. @@ -2244,6 +3013,48 @@ load_configuration(const char *filename, ns_server_t *server, */ set_limits(maps); + /* + * Check if max number of open sockets that the system allows is + * sufficiently large. Failing this condition is not necessarily fatal, + * but may cause subsequent runtime failures for a busy recursive + * server. + */ + result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks); + if (result != ISC_R_SUCCESS) + maxsocks = 0; + result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles); + if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "max open files (%" ISC_PRINT_QUADFORMAT "u)" + " is smaller than max sockets (%u)", + nfiles, maxsocks); + } + + /* + * Set the number of socket reserved for TCP, stdio etc. + */ + obj = NULL; + result = ns_config_get(maps, "reserved-sockets", &obj); + INSIST(result == ISC_R_SUCCESS); + reserved = cfg_obj_asuint32(obj); + if (maxsocks != 0) { + if (maxsocks < 128U) /* Prevent underflow. */ + reserved = 0; + else if (reserved > maxsocks - 128U) /* Minimum UDP space. */ + reserved = maxsocks - 128; + } + /* Minimum TCP/stdio space. */ + if (reserved < 128U) + reserved = 128; + if (reserved + 128U > maxsocks && maxsocks != 0) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "less than 128 UDP sockets available after " + "applying 'reserved-sockets' and 'maxsockets'"); + } + isc__socketmgr_setreserved(ns_g_socketmgr, reserved); + /* * Configure various server options. */ @@ -2268,24 +3079,67 @@ load_configuration(const char *filename, ns_server_t *server, INSIST(result == ISC_R_SUCCESS); server->aclenv.match_mapped = cfg_obj_asboolean(obj); - v4ports = NULL; - v6ports = NULL; - (void)ns_config_get(maps, "avoid-v4-udp-ports", &v4ports); - (void)ns_config_get(maps, "avoid-v6-udp-ports", &v6ports); - if (v4ports != NULL || v6ports != NULL) { - dns_portlist_t *portlist = NULL; - result = dns_portlist_create(ns_g_mctx, &portlist); - if (result == ISC_R_SUCCESS && v4ports != NULL) - result = portlist_fromconf(portlist, AF_INET, v4ports); - if (result == ISC_R_SUCCESS && v6ports != NULL) - portlist_fromconf(portlist, AF_INET6, v6ports); - if (result == ISC_R_SUCCESS) - dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, portlist); - if (portlist != NULL) - dns_portlist_detach(&portlist); - CHECK(result); - } else - dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, NULL); + CHECKM(ns_statschannels_configure(ns_g_server, config, &aclconfctx), + "configuring statistics server(s)"); + + /* + * Configure sets of UDP query source ports. + */ + CHECKM(isc_portset_create(ns_g_mctx, &v4portset), + "creating UDP port set"); + CHECKM(isc_portset_create(ns_g_mctx, &v6portset), + "creating UDP port set"); + + usev4ports = NULL; + usev6ports = NULL; + avoidv4ports = NULL; + avoidv6ports = NULL; + + (void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports); + if (usev4ports != NULL) + portset_fromconf(v4portset, usev4ports, ISC_TRUE); + else { + CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low, + &udpport_high), + "get the default UDP/IPv4 port range"); + if (udpport_low == udpport_high) + isc_portset_add(v4portset, udpport_low); + else { + isc_portset_addrange(v4portset, udpport_low, + udpport_high); + } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv4 port range: [%d, %d]", + udpport_low, udpport_high); + } + (void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports); + if (avoidv4ports != NULL) + portset_fromconf(v4portset, avoidv4ports, ISC_FALSE); + + (void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports); + if (usev6ports != NULL) + portset_fromconf(v6portset, usev6ports, ISC_TRUE); + else { + CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low, + &udpport_high), + "get the default UDP/IPv6 port range"); + if (udpport_low == udpport_high) + isc_portset_add(v6portset, udpport_low); + else { + isc_portset_addrange(v6portset, udpport_low, + udpport_high); + } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv6 port range: [%d, %d]", + udpport_low, udpport_high); + } + (void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports); + if (avoidv6ports != NULL) + portset_fromconf(v6portset, avoidv6ports, ISC_FALSE); + + dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset); /* * Set the EDNS UDP size when we don't match a view. @@ -2421,7 +3275,6 @@ load_configuration(const char *filename, ns_server_t *server, isc_timertype_inactive, NULL, NULL, ISC_TRUE)); } else if (server->interface_interval != interface_interval) { - isc_interval_t interval; isc_interval_set(&interval, interface_interval, 0); CHECK(isc_timer_reset(server->interface_timer, isc_timertype_ticker, @@ -2441,7 +3294,6 @@ load_configuration(const char *filename, ns_server_t *server, isc_timertype_inactive, NULL, NULL, ISC_TRUE)); } else if (server->heartbeat_interval != heartbeat_interval) { - isc_interval_t interval; isc_interval_set(&interval, heartbeat_interval, 0); CHECK(isc_timer_reset(server->heartbeat_timer, isc_timertype_ticker, @@ -2449,6 +3301,10 @@ load_configuration(const char *filename, ns_server_t *server, } server->heartbeat_interval = heartbeat_interval; + isc_interval_set(&interval, 1200, 0); + CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL, + &interval, ISC_FALSE)); + /* * Configure and freeze all explicit views. Explicit * views that have zones were already created at parsing @@ -2591,6 +3447,15 @@ load_configuration(const char *filename, ns_server_t *server, if (first_time) ns_os_changeuser(); + /* + * Check that the working directory is writable. + */ + if (access(".", W_OK) != 0) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "the working directory is not writable"); + } + /* * Configure the logging system. * @@ -2684,11 +3549,20 @@ load_configuration(const char *filename, ns_server_t *server, ns_os_writepidfile(lwresd_g_defaultpidfile, first_time); else ns_os_writepidfile(ns_g_defaultpidfile, first_time); - + obj = NULL; if (options != NULL && - cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS) + cfg_map_get(options, "memstatistics", &obj) == ISC_R_SUCCESS) + ns_g_memstatistics = cfg_obj_asboolean(obj); + else + ns_g_memstatistics = + ISC_TF((isc_mem_debugging & ISC_MEM_DEBUGRECORD) != 0); + + obj = NULL; + if (ns_config_get(maps, "memstatistics-file", &obj) == ISC_R_SUCCESS) ns_main_setmemstats(cfg_obj_asstring(obj)); + else if (ns_g_memstatistics) + ns_main_setmemstats("named.memstats"); else ns_main_setmemstats(NULL); @@ -2732,11 +3606,15 @@ load_configuration(const char *filename, ns_server_t *server, result = ns_config_get(maps, "server-id", &obj); server->server_usehostname = ISC_FALSE; if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) { - server->server_usehostname = ISC_TRUE; + /* The parser translates "hostname" to ISC_TRUE */ + server->server_usehostname = cfg_obj_asboolean(obj); + result = setstring(server, &server->server_id, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); } else if (result == ISC_R_SUCCESS) { + /* Found a quoted string */ CHECKM(setoptstring(server, &server->server_id, obj), "strdup"); } else { - result = setoptstring(server, &server->server_id, NULL); + result = setstring(server, &server->server_id, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); } @@ -2751,7 +3629,13 @@ load_configuration(const char *filename, ns_server_t *server, result = ISC_R_SUCCESS; cleanup: - ns_aclconfctx_destroy(&aclconfctx); + if (v4portset != NULL) + isc_portset_destroy(ns_g_mctx, &v4portset); + + if (v6portset != NULL) + isc_portset_destroy(ns_g_mctx, &v6portset); + + cfg_aclconfctx_destroy(&aclconfctx); if (parser != NULL) { if (config != NULL) @@ -2772,8 +3656,11 @@ load_configuration(const char *filename, ns_server_t *server, view = view_next) { view_next = ISC_LIST_NEXT(view, link); ISC_LIST_UNLINK(viewlist, view, link); + if (result == ISC_R_SUCCESS && + strcmp(view->name, "_bind") != 0) + (void)dns_zt_apply(view->zonetable, ISC_FALSE, + removed, view); dns_view_detach(&view); - } /* @@ -2818,7 +3705,7 @@ load_zones(ns_server_t *server, isc_boolean_t stop) { */ CHECK(dns_zonemgr_forcemaint(server->zonemgr)); cleanup: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -2846,7 +3733,7 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) { */ dns_zonemgr_resumexfrs(server->zonemgr); cleanup: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -2863,6 +3750,8 @@ run_server(isc_task_t *task, isc_event_t *event) { &ns_g_dispatchmgr), "creating dispatch manager"); + dns_dispatchmgr_setstats(ns_g_dispatchmgr, server->resolverstats); + CHECKFATAL(ns_interfacemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_socketmgr, ns_g_dispatchmgr, &server->interfacemgr), @@ -2880,6 +3769,11 @@ run_server(isc_task_t *task, isc_event_t *event) { server, &server->heartbeat_timer), "creating heartbeat timer"); + CHECKFATAL(isc_timer_create(ns_g_timermgr, isc_timertype_inactive, + NULL, NULL, server->task, pps_timer_tick, + server, &server->pps_timer), + "creating pps timer"); + CHECKFATAL(cfg_parser_create(ns_g_mctx, NULL, &ns_g_parser), "creating default configuration parser"); @@ -2900,7 +3794,7 @@ run_server(isc_task_t *task, isc_event_t *event) { ISC_LOG_NOTICE, "running"); } -void +void ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) { REQUIRE(NS_SERVER_VALID(server)); @@ -2925,6 +3819,7 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { ISC_LOG_INFO, "shutting down%s", flush ? ": flushing changes" : ""); + ns_statschannels_shutdown(server); ns_controls_shutdown(server->controls); end_reserved_dispatches(server, ISC_TRUE); @@ -2944,6 +3839,7 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { isc_timer_detach(&server->interface_timer); isc_timer_detach(&server->heartbeat_timer); + isc_timer_detach(&server->pps_timer); ns_interfacemgr_shutdown(server->interfacemgr); ns_interfacemgr_detach(&server->interfacemgr); @@ -3032,7 +3928,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->interface_timer = NULL; server->heartbeat_timer = NULL; - + server->pps_timer = NULL; + server->interface_interval = 0; server->heartbeat_interval = 0; @@ -3043,7 +3940,16 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->statsfile = isc_mem_strdup(server->mctx, "named.stats"); CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS, "isc_mem_strdup"); - server->querystats = NULL; + server->nsstats = NULL; + server->rcvquerystats = NULL; + server->opcodestats = NULL; + server->zonestats = NULL; + server->resolverstats = NULL; + server->sockstats = NULL; + CHECKFATAL(isc_stats_create(server->mctx, &server->sockstats, + isc_sockstatscounter_max), + "isc_stats_create"); + isc_socketmgr_setstats(ns_g_socketmgr, server->sockstats); server->dumpfile = isc_mem_strdup(server->mctx, "named_dump.db"); CHECKFATAL(server->dumpfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS, @@ -3055,13 +3961,29 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->hostname_set = ISC_FALSE; server->hostname = NULL; - server->version_set = ISC_FALSE; + server->version_set = ISC_FALSE; server->version = NULL; server->server_usehostname = ISC_FALSE; server->server_id = NULL; - CHECKFATAL(dns_stats_alloccounters(ns_g_mctx, &server->querystats), - "dns_stats_alloccounters"); + CHECKFATAL(isc_stats_create(ns_g_mctx, &server->nsstats, + dns_nsstatscounter_max), + "dns_stats_create (server)"); + + CHECKFATAL(dns_rdatatypestats_create(ns_g_mctx, + &server->rcvquerystats), + "dns_stats_create (rcvquery)"); + + CHECKFATAL(dns_opcodestats_create(ns_g_mctx, &server->opcodestats), + "dns_stats_create (opcode)"); + + CHECKFATAL(isc_stats_create(ns_g_mctx, &server->zonestats, + dns_zonestatscounter_max), + "dns_stats_create (zone)"); + + CHECKFATAL(isc_stats_create(ns_g_mctx, &server->resolverstats, + dns_resstatscounter_max), + "dns_stats_create (resolver)"); server->flushonshutdown = ISC_FALSE; server->log_queries = ISC_FALSE; @@ -3072,6 +3994,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->dispatchgen = 0; ISC_LIST_INIT(server->dispatches); + ISC_LIST_INIT(server->statschannels); + server->magic = NS_SERVER_MAGIC; *serverp = server; } @@ -3083,7 +4007,12 @@ ns_server_destroy(ns_server_t **serverp) { ns_controls_destroy(&server->controls); - dns_stats_freecounters(server->mctx, &server->querystats); + isc_stats_detach(&server->nsstats); + dns_stats_detach(&server->rcvquerystats); + dns_stats_detach(&server->opcodestats); + isc_stats_detach(&server->zonestats); + isc_stats_detach(&server->resolverstats); + isc_stats_detach(&server->sockstats); isc_mem_free(server->mctx, server->statsfile); isc_mem_free(server->mctx, server->dumpfile); @@ -3211,7 +4140,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) { result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &dispatch->addr, 4096, 1000, 32768, 16411, 16433, - attrs, attrmask, &dispatch->dispatch); + attrs, attrmask, &dispatch->dispatch); if (result != ISC_R_SUCCESS) goto cleanup; @@ -3237,13 +4166,17 @@ loadconfig(ns_server_t *server) { result = load_configuration(ns_g_lwresdonly ? lwresd_g_conffile : ns_g_conffile, server, ISC_FALSE); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { end_reserved_dispatches(server, ISC_FALSE); - else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "reloading configuration succeeded"); + } else { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "reloading configuration failed: %s", isc_result_totext(result)); + } return (result); } @@ -3253,12 +4186,16 @@ reload(ns_server_t *server) { CHECK(loadconfig(server)); result = load_zones(server, ISC_FALSE); - if (result != ISC_R_SUCCESS) { + if (result == ISC_R_SUCCESS) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "reloading zones succeeded"); + else isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "reloading zones failed: %s", isc_result_totext(result)); - } + cleanup: return (result); } @@ -3269,12 +4206,16 @@ reconfig(ns_server_t *server) { CHECK(loadconfig(server)); result = load_new_zones(server, ISC_FALSE); - if (result != ISC_R_SUCCESS) { + if (result == ISC_R_SUCCESS) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "any newly configured zones are now loaded"); + else isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "loading new zones failed: %s", isc_result_totext(result)); - } + cleanup: ; } @@ -3288,6 +4229,9 @@ ns_server_reload(isc_task_t *task, isc_event_t *event) { INSIST(task = server->task); UNUSED(task); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "received SIGHUP signal to reload zones"); (void)reload(server); LOCK(&server->reload_event_lock); @@ -3314,7 +4258,7 @@ next_token(char **stringp, const char *delim) { break; } while (*res == '\0'); return (res); -} +} /* * Find the zone specified in the control channel command 'args', @@ -3369,23 +4313,28 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) { result = dns_rdataclass_fromtext(&rdclass, &r); if (result != ISC_R_SUCCESS) goto fail1; - } else { + } else rdclass = dns_rdataclass_in; + + if (viewtxt == NULL) { + result = dns_viewlist_findzone(&server->viewlist, + dns_fixedname_name(&name), + ISC_TF(classtxt == NULL), + rdclass, zonep); + } else { + result = dns_viewlist_find(&server->viewlist, viewtxt, + rdclass, &view); + if (result != ISC_R_SUCCESS) + goto fail1; + + result = dns_zt_find(view->zonetable, dns_fixedname_name(&name), + 0, NULL, zonep); + dns_view_detach(&view); } - - if (viewtxt == NULL) - viewtxt = "_default"; - result = dns_viewlist_find(&server->viewlist, viewtxt, - rdclass, &view); - if (result != ISC_R_SUCCESS) - goto fail1; - - result = dns_zt_find(view->zonetable, dns_fixedname_name(&name), - 0, NULL, zonep); + /* Partial match? */ if (result != ISC_R_SUCCESS && *zonep != NULL) dns_zone_detach(zonep); - dns_view_detach(&view); fail1: return (result); } @@ -3398,7 +4347,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -3411,7 +4360,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { result = ISC_R_NOTFOUND; dns_zone_detach(&zone); return (result); -} +} /* * Act on a "reload" command from the command channel. @@ -3422,7 +4371,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { dns_zone_t *zone = NULL; dns_zonetype_t type; const char *msg = NULL; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -3434,11 +4383,12 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { type = dns_zone_gettype(zone); if (type == dns_zone_slave || type == dns_zone_stub) { dns_zone_refresh(zone); + dns_zone_detach(&zone); msg = "zone refresh queued"; } else { result = dns_zone_load(zone); dns_zone_detach(&zone); - switch (result) { + switch (result) { case ISC_R_SUCCESS: msg = "zone reload successful"; break; @@ -3460,7 +4410,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putmem(text, (const unsigned char *)msg, strlen(msg) + 1); return (result); -} +} /* * Act on a "reconfig" command from the command channel. @@ -3473,6 +4423,29 @@ ns_server_reconfigcommand(ns_server_t *server, char *args) { return (ISC_R_SUCCESS); } +/* + * Act on a "notify" command from the command channel. + */ +isc_result_t +ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) { + isc_result_t result; + dns_zone_t *zone = NULL; + const unsigned char msg[] = "zone notify queued"; + + result = zone_from_args(server, args, &zone); + if (result != ISC_R_SUCCESS) + return (result); + if (zone == NULL) + return (ISC_R_UNEXPECTEDEND); + + dns_zone_notify(zone); + dns_zone_detach(&zone); + if (sizeof(msg) <= isc_buffer_availablelength(text)) + isc_buffer_putmem(text, msg, sizeof(msg)); + + return (ISC_R_SUCCESS); +} + /* * Act on a "refresh" command from the command channel. */ @@ -3498,17 +4471,17 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putmem(text, msg1, sizeof(msg1)); return (ISC_R_SUCCESS); } - + dns_zone_detach(&zone); if (sizeof(msg2) <= isc_buffer_availablelength(text)) isc_buffer_putmem(text, msg2, sizeof(msg2)); return (ISC_R_FAILURE); -} +} isc_result_t ns_server_togglequerylog(ns_server_t *server) { server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE; - + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "query logging is now %s", @@ -3518,7 +4491,7 @@ ns_server_togglequerylog(ns_server_t *server) { static isc_result_t ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - ns_aclconfctx_t *actx, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenlist_t **target) { isc_result_t result; @@ -3557,7 +4530,7 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, */ static isc_result_t ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - ns_aclconfctx_t *actx, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, ns_listenelt_t **target) { isc_result_t result; @@ -3589,8 +4562,9 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (result != ISC_R_SUCCESS) return (result); - result = ns_acl_fromconfig(cfg_tuple_get(listener, "acl"), - config, actx, mctx, &delt->acl); + result = cfg_acl_fromconfig(cfg_tuple_get(listener, "acl"), + config, ns_g_lctx, actx, mctx, 0, + &delt->acl); if (result != ISC_R_SUCCESS) { ns_listenelt_destroy(delt); return (result); @@ -3602,61 +4576,26 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, isc_result_t ns_server_dumpstats(ns_server_t *server) { isc_result_t result; - dns_zone_t *zone, *next; - isc_stdtime_t now; FILE *fp = NULL; - int i; - int ncounters; - - isc_stdtime_get(&now); CHECKMF(isc_stdio_open(server->statsfile, "a", &fp), "could not open statistics dump file", server->statsfile); - - ncounters = DNS_STATS_NCOUNTERS; - fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now); - - for (i = 0; i < ncounters; i++) - fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n", - dns_statscounter_names[i], - server->querystats[i]); - - zone = NULL; - for (result = dns_zone_first(server->zonemgr, &zone); - result == ISC_R_SUCCESS; - next = NULL, result = dns_zone_next(zone, &next), zone = next) - { - isc_uint64_t *zonestats = dns_zone_getstatscounters(zone); - if (zonestats != NULL) { - char zonename[DNS_NAME_FORMATSIZE]; - dns_view_t *view; - char *viewname; - - dns_name_format(dns_zone_getorigin(zone), - zonename, sizeof(zonename)); - view = dns_zone_getview(zone); - viewname = view->name; - for (i = 0; i < ncounters; i++) { - fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT - "u %s", - dns_statscounter_names[i], - zonestats[i], - zonename); - if (strcmp(viewname, "_default") != 0) - fprintf(fp, " %s", viewname); - fprintf(fp, "\n"); - } - } - } - if (result == ISC_R_NOMORE) - result = ISC_R_SUCCESS; + + result = ns_stats_dump(server, fp); CHECK(result); - - fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now); cleanup: if (fp != NULL) (void)isc_stdio_close(fp); + if (result == ISC_R_SUCCESS) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "dumpstats complete"); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "dumpstats failed: %s", + dns_result_totext(result)); return (result); } @@ -3679,7 +4618,7 @@ static isc_result_t add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) { struct viewlistentry *vle; isc_result_t result = ISC_R_SUCCESS; - + /* * Prevent duplicate views. */ @@ -3742,7 +4681,7 @@ dumpdone(void *arg, isc_result_t result) { struct dumpcontext *dctx = arg; char buf[1024+32]; const dns_master_style_t *style; - + if (result != ISC_R_SUCCESS) goto cleanup; if (dctx->mdctx != NULL) @@ -3841,7 +4780,7 @@ dumpdone(void *arg, isc_result_t result) { cleanup: if (result != ISC_R_SUCCESS) isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_INFO, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "dumpdb failed: %s", dns_result_totext(result)); dumpcontext_destroy(dctx); } @@ -3899,7 +4838,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) { dctx->dumpzones = ISC_TRUE; dctx->dumpcache = ISC_FALSE; ptr = next_token(&args, " \t"); - } + } nextview: for (view = ISC_LIST_HEAD(server->viewlist); @@ -3938,6 +4877,15 @@ ns_server_dumprecursing(ns_server_t *server) { cleanup: if (fp != NULL) result = isc_stdio_close(fp); + if (result == ISC_R_SUCCESS) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "dumprecursing complete"); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "dumprecursing failed: %s", + dns_result_totext(result)); return (result); } @@ -3967,21 +4915,39 @@ ns_server_setdebuglevel(ns_server_t *server, char *args) { ns_g_debuglevel = (unsigned int)newlevel; } isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "debug level is now %d", ns_g_debuglevel); return (ISC_R_SUCCESS); } isc_result_t -ns_server_flushcache(ns_server_t *server, char *args) { +ns_server_validation(ns_server_t *server, char *args) { char *ptr, *viewname; dns_view_t *view; - isc_boolean_t flushed = ISC_FALSE; + isc_boolean_t changed = ISC_FALSE; isc_result_t result; + isc_boolean_t enable; /* Skip the command name. */ ptr = next_token(&args, " \t"); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); + /* Find out what we are to do. */ + ptr = next_token(&args, " \t"); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); + + if (!strcasecmp(ptr, "on") || !strcasecmp(ptr, "yes") || + !strcasecmp(ptr, "enable") || !strcasecmp(ptr, "true")) + enable = ISC_TRUE; + else if (!strcasecmp(ptr, "off") || !strcasecmp(ptr, "no") || + !strcasecmp(ptr, "disable") || !strcasecmp(ptr, "false")) + enable = ISC_FALSE; + else + return (DNS_R_SYNTAX); + /* Look for the view name. */ viewname = next_token(&args, " \t"); @@ -3996,14 +4962,76 @@ ns_server_flushcache(ns_server_t *server, char *args) { result = dns_view_flushcache(view); if (result != ISC_R_SUCCESS) goto out; - flushed = ISC_TRUE; + view->enablevalidation = enable; + changed = ISC_TRUE; } - if (flushed) + if (changed) result = ISC_R_SUCCESS; else result = ISC_R_FAILURE; out: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); + return (result); +} + +isc_result_t +ns_server_flushcache(ns_server_t *server, char *args) { + char *ptr, *viewname; + dns_view_t *view; + isc_boolean_t flushed; + isc_boolean_t found; + isc_result_t result; + + /* Skip the command name. */ + ptr = next_token(&args, " \t"); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); + + /* Look for the view name. */ + viewname = next_token(&args, " \t"); + + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + flushed = ISC_TRUE; + found = ISC_FALSE; + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) + { + if (viewname != NULL && strcasecmp(viewname, view->name) != 0) + continue; + found = ISC_TRUE; + result = dns_view_flushcache(view); + if (result != ISC_R_SUCCESS) { + flushed = ISC_FALSE; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "flushing cache in view '%s' failed: %s", + view->name, isc_result_totext(result)); + } + } + if (flushed && found) { + if (viewname != NULL) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "flushing cache in view '%s' succeeded", + viewname); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "flushing caches in all views succeeded"); + result = ISC_R_SUCCESS; + } else { + if (!found) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "flushing cache in view '%s' failed: " + "view not found", viewname); + result = ISC_R_NOTFOUND; + } else + result = ISC_R_FAILURE; + } + isc_task_endexclusive(server->task); return (result); } @@ -4011,7 +5039,8 @@ isc_result_t ns_server_flushname(ns_server_t *server, char *args) { char *ptr, *target, *viewname; dns_view_t *view; - isc_boolean_t flushed = ISC_FALSE; + isc_boolean_t flushed; + isc_boolean_t found; isc_result_t result; isc_buffer_t b; dns_fixedname_t fixed; @@ -4041,21 +5070,46 @@ ns_server_flushname(ns_server_t *server, char *args) { result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); flushed = ISC_TRUE; + found = ISC_FALSE; for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; view = ISC_LIST_NEXT(view, link)) { if (viewname != NULL && strcasecmp(viewname, view->name) != 0) continue; + found = ISC_TRUE; result = dns_view_flushname(view, name); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { flushed = ISC_FALSE; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "flushing name '%s' in cache view '%s' " + "failed: %s", target, view->name, + isc_result_totext(result)); + } } - if (flushed) + if (flushed && found) { + if (viewname != NULL) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "flushing name '%s' in cache view '%s' " + "succeeded", target, viewname); + else + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "flushing name '%s' in all cache views " + "succeeded", target); result = ISC_R_SUCCESS; - else + } else { + if (!found) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "flushing name '%s' in cache view '%s' " + "failed: view not found", target, + viewname); result = ISC_R_FAILURE; - isc_task_endexclusive(server->task); + } + isc_task_endexclusive(server->task); return (result); } @@ -4063,7 +5117,16 @@ isc_result_t ns_server_status(ns_server_t *server, isc_buffer_t *text) { int zonecount, xferrunning, xferdeferred, soaqueries; unsigned int n; + const char *ob = "", *cb = "", *alt = ""; + if (ns_g_server->version_set) { + ob = " ("; + cb = ")"; + if (ns_g_server->version == NULL) + alt = "version.bind/txt/ch disabled"; + else + alt = ns_g_server->version; + } zonecount = dns_zonemgr_getcount(server->zonemgr, DNS_ZONESTATE_ANY); xferrunning = dns_zonemgr_getcount(server->zonemgr, DNS_ZONESTATE_XFERRUNNING); @@ -4073,18 +5136,21 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text) { DNS_ZONESTATE_SOAQUERY); n = snprintf((char *)isc_buffer_used(text), isc_buffer_availablelength(text), + "version: %s%s%s%s\n" "number of zones: %u\n" "debug level: %d\n" "xfers running: %u\n" "xfers deferred: %u\n" "soa queries in progress: %u\n" "query logging is %s\n" - "recursive clients: %d/%d\n" + "recursive clients: %d/%d/%d\n" "tcp clients: %d/%d\n" "server is up and running", + ns_g_version, ob, alt, cb, zonecount, ns_g_debuglevel, xferrunning, xferdeferred, soaqueries, server->log_queries ? "ON" : "OFF", - server->recursionquota.used, server->recursionquota.max, + server->recursionquota.used, server->recursionquota.soft, + server->recursionquota.max, server->tcpquota.used, server->tcpquota.max); if (n >= isc_buffer_availablelength(text)) return (ISC_R_NOSPACE); @@ -4092,12 +5158,243 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text) { return (ISC_R_SUCCESS); } +static isc_result_t +delete_keynames(dns_tsig_keyring_t *ring, char *target, + unsigned int *foundkeys) +{ + char namestr[DNS_NAME_FORMATSIZE]; + isc_result_t result; + dns_rbtnodechain_t chain; + dns_name_t foundname; + dns_fixedname_t fixedorigin; + dns_name_t *origin; + dns_rbtnode_t *node; + dns_tsigkey_t *tkey; + + dns_name_init(&foundname, NULL); + dns_fixedname_init(&fixedorigin); + origin = dns_fixedname_name(&fixedorigin); + + again: + dns_rbtnodechain_init(&chain, ring->mctx); + result = dns_rbtnodechain_first(&chain, ring->keys, &foundname, + origin); + if (result == ISC_R_NOTFOUND) { + dns_rbtnodechain_invalidate(&chain); + return (ISC_R_SUCCESS); + } + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + return (result); + } + + for (;;) { + node = NULL; + dns_rbtnodechain_current(&chain, &foundname, origin, &node); + tkey = node->data; + + if (tkey != NULL) { + if (!tkey->generated) + goto nextkey; + + dns_name_format(&tkey->name, namestr, sizeof(namestr)); + if (strcmp(namestr, target) == 0) { + (*foundkeys)++; + dns_rbtnodechain_invalidate(&chain); + (void)dns_rbt_deletename(ring->keys, + &tkey->name, + ISC_FALSE); + goto again; + } + } + + nextkey: + result = dns_rbtnodechain_next(&chain, &foundname, origin); + if (result == ISC_R_NOMORE) + break; + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + return (result); + } + } + + return (ISC_R_SUCCESS); +} + +isc_result_t +ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text) { + isc_result_t result; + unsigned int n; + dns_view_t *view; + unsigned int foundkeys = 0; + char *target; + char *viewname; + + (void)next_token(&command, " \t"); /* skip command name */ + target = next_token(&command, " \t"); + if (target == NULL) + return (ISC_R_UNEXPECTEDEND); + viewname = next_token(&command, " \t"); + + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + if (viewname == NULL || strcmp(view->name, viewname) == 0) { + RWLOCK(&view->dynamickeys->lock, isc_rwlocktype_write); + result = delete_keynames(view->dynamickeys, target, + &foundkeys); + RWUNLOCK(&view->dynamickeys->lock, + isc_rwlocktype_write); + if (result != ISC_R_SUCCESS) { + isc_task_endexclusive(server->task); + return (result); + } + } + } + isc_task_endexclusive(server->task); + + n = snprintf((char *)isc_buffer_used(text), + isc_buffer_availablelength(text), + "%d tsig keys deleted.\n", foundkeys); + if (n >= isc_buffer_availablelength(text)) { + isc_task_endexclusive(server->task); + return (ISC_R_NOSPACE); + } + isc_buffer_add(text, n); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +list_keynames(dns_view_t *view, dns_tsig_keyring_t *ring, isc_buffer_t *text, + unsigned int *foundkeys) +{ + char namestr[DNS_NAME_FORMATSIZE]; + char creatorstr[DNS_NAME_FORMATSIZE]; + isc_result_t result; + dns_rbtnodechain_t chain; + dns_name_t foundname; + dns_fixedname_t fixedorigin; + dns_name_t *origin; + dns_rbtnode_t *node; + dns_tsigkey_t *tkey; + unsigned int n; + const char *viewname; + + if (view != NULL) + viewname = view->name; + else + viewname = "(global)"; + + dns_name_init(&foundname, NULL); + dns_fixedname_init(&fixedorigin); + origin = dns_fixedname_name(&fixedorigin); + dns_rbtnodechain_init(&chain, ring->mctx); + result = dns_rbtnodechain_first(&chain, ring->keys, &foundname, + origin); + if (result == ISC_R_NOTFOUND) { + dns_rbtnodechain_invalidate(&chain); + return (ISC_R_SUCCESS); + } + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + return (result); + } + + for (;;) { + node = NULL; + dns_rbtnodechain_current(&chain, &foundname, origin, &node); + tkey = node->data; + + if (tkey != NULL) { + (*foundkeys)++; + dns_name_format(&tkey->name, namestr, sizeof(namestr)); + if (tkey->generated) { + dns_name_format(tkey->creator, creatorstr, + sizeof(creatorstr)); + n = snprintf((char *)isc_buffer_used(text), + isc_buffer_availablelength(text), + "view \"%s\"; type \"dynamic\"; key \"%s\"; creator \"%s\";\n", + viewname, namestr, creatorstr); + } else { + n = snprintf((char *)isc_buffer_used(text), + isc_buffer_availablelength(text), + "view \"%s\"; type \"static\"; key \"%s\";\n", + viewname, namestr); + } + if (n >= isc_buffer_availablelength(text)) { + dns_rbtnodechain_invalidate(&chain); + return (ISC_R_NOSPACE); + } + isc_buffer_add(text, n); + } + result = dns_rbtnodechain_next(&chain, &foundname, origin); + if (result == ISC_R_NOMORE) + break; + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + return (result); + } + } + + return (ISC_R_SUCCESS); +} + +isc_result_t +ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) { + isc_result_t result; + unsigned int n; + dns_view_t *view; + unsigned int foundkeys = 0; + + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + RWLOCK(&view->statickeys->lock, isc_rwlocktype_read); + result = list_keynames(view, view->statickeys, text, + &foundkeys); + RWUNLOCK(&view->statickeys->lock, isc_rwlocktype_read); + if (result != ISC_R_SUCCESS) { + isc_task_endexclusive(server->task); + return (result); + } + RWLOCK(&view->dynamickeys->lock, isc_rwlocktype_read); + result = list_keynames(view, view->dynamickeys, text, + &foundkeys); + RWUNLOCK(&view->dynamickeys->lock, isc_rwlocktype_read); + if (result != ISC_R_SUCCESS) { + isc_task_endexclusive(server->task); + return (result); + } + } + isc_task_endexclusive(server->task); + + if (foundkeys == 0) { + n = snprintf((char *)isc_buffer_used(text), + isc_buffer_availablelength(text), + "no tsig keys found.\n"); + if (n >= isc_buffer_availablelength(text)) { + isc_task_endexclusive(server->task); + return (ISC_R_NOSPACE); + } + isc_buffer_add(text, n); + } + + return (ISC_R_SUCCESS); +} + /* - * Act on a "freeze" or "unfreeze" command from the command channel. + * Act on a "freeze" or "thaw" command from the command channel. */ isc_result_t -ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { - isc_result_t result; +ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, + isc_buffer_t *text) +{ + isc_result_t result, tresult; dns_zone_t *zone = NULL; dns_zonetype_t type; char classstr[DNS_RDATACLASS_FORMATSIZE]; @@ -4106,12 +5403,31 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { char *journal; const char *vname, *sep; isc_boolean_t frozen; - + const char *msg = NULL; + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); - if (zone == NULL) - return (ISC_R_UNEXPECTEDEND); + if (zone == NULL) { + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + tresult = ISC_R_SUCCESS; + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + result = dns_view_freezezones(view, freeze); + if (result != ISC_R_SUCCESS && + tresult == ISC_R_SUCCESS) + tresult = result; + } + isc_task_endexclusive(server->task); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "%s all zones: %s", + freeze ? "freezing" : "thawing", + isc_result_totext(tresult)); + return (tresult); + } type = dns_zone_gettype(zone); if (type != dns_zone_master) { dns_zone_detach(&zone); @@ -4120,25 +5436,47 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { frozen = dns_zone_getupdatedisabled(zone); if (freeze) { - if (frozen) + if (frozen) { + msg = "WARNING: The zone was already frozen.\n" + "Someone else may be editing it or " + "it may still be re-loading."; result = DNS_R_FROZEN; - if (result == ISC_R_SUCCESS) + } + if (result == ISC_R_SUCCESS) { result = dns_zone_flush(zone); + if (result != ISC_R_SUCCESS) + msg = "Flushing the zone updates to " + "disk failed."; + } if (result == ISC_R_SUCCESS) { journal = dns_zone_getjournal(zone); if (journal != NULL) (void)isc_file_remove(journal); } + if (result == ISC_R_SUCCESS) + dns_zone_setupdatedisabled(zone, freeze); } else { if (frozen) { - result = dns_zone_load(zone); - if (result == DNS_R_CONTINUE || - result == DNS_R_UPTODATE) + result = dns_zone_loadandthaw(zone); + switch (result) { + case ISC_R_SUCCESS: + case DNS_R_UPTODATE: + msg = "The zone reload and thaw was " + "successful."; + result = ISC_R_SUCCESS; + break; + case DNS_R_CONTINUE: + msg = "A zone reload and thaw was started.\n" + "Check the logs to see the result."; result = ISC_R_SUCCESS; + break; + } } } - if (result == ISC_R_SUCCESS) - dns_zone_setupdatedisabled(zone, freeze); + + if (msg != NULL && strlen(msg) < isc_buffer_availablelength(text)) + isc_buffer_putmem(text, (const unsigned char *)msg, + strlen(msg) + 1); view = dns_zone_getview(zone); if (strcmp(view->name, "_bind") == 0 || @@ -4157,7 +5495,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "%s zone '%s/%s'%s%s: %s", - freeze ? "freezing" : "unfreezing", + freeze ? "freezing" : "thawing", zonename, classstr, sep, vname, isc_result_totext(result)); dns_zone_detach(&zone); diff --git a/contrib/bind-9.3/bin/named/sortlist.c b/contrib/bind-9.5.2/bin/named/sortlist.c similarity index 88% rename from contrib/bind-9.3/bin/named/sortlist.c rename to contrib/bind-9.5.2/bin/named/sortlist.c index 0feba3bbee..daefa0772e 100644 --- a/contrib/bind-9.3/bin/named/sortlist.c +++ b/contrib/bind-9.5.2/bin/named/sortlist.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.c,v 1.5.12.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: sortlist.c,v 1.17 2007/09/14 01:46:05 marka Exp $ */ + +/*! \file */ #include @@ -49,15 +51,19 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, const dns_aclelement_t *matched_elt = NULL; if (e->type == dns_aclelementtype_nestedacl) { - dns_acl_t *inner = e->u.nestedacl; + dns_acl_t *inner = e->nestedacl; - if (inner->length < 1 || inner->length > 2) + if (inner->length == 0) + try_elt = e; + else if (inner->length > 2) goto dont_sort; - if (inner->elements[0].negative) + else if (inner->elements[0].negative) goto dont_sort; - try_elt = &inner->elements[0]; - if (inner->length == 2) - order_elt = &inner->elements[1]; + else { + try_elt = &inner->elements[0]; + if (inner->length == 2) + order_elt = &inner->elements[1]; + } } else { /* * BIND 8 allows bare elements at the top level @@ -72,7 +78,7 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, if (order_elt != NULL) { if (order_elt->type == dns_aclelementtype_nestedacl) { - *argp = order_elt->u.nestedacl; + *argp = order_elt->nestedacl; return (NS_SORTLISTTYPE_2ELEMENT); } else if (order_elt->type == dns_aclelementtype_localhost && diff --git a/contrib/bind-9.5.2/bin/named/statschannel.c b/contrib/bind-9.5.2/bin/named/statschannel.c new file mode 100644 index 0000000000..8d65935ffe --- /dev/null +++ b/contrib/bind-9.5.2/bin/named/statschannel.c @@ -0,0 +1,1355 @@ +/* + * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: statschannel.c,v 1.2.2.19 2009/02/17 03:47:27 marka Exp $ */ + +/*! \file */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "bind9.xsl.h" + +struct ns_statschannel { + /* Unlocked */ + isc_httpdmgr_t *httpdmgr; + isc_sockaddr_t address; + isc_mem_t *mctx; + + /* + * Locked by channel lock: can be referenced and modified by both + * the server task and the channel task. + */ + isc_mutex_t lock; + dns_acl_t *acl; + + /* Locked by server task */ + ISC_LINK(struct ns_statschannel) link; +}; + +typedef enum { statsformat_file, statsformat_xml } statsformat_t; + +typedef struct +stats_dumparg { + statsformat_t type; + void *arg; /* type dependent argument */ + int ncounters; /* used for general statistics */ + int *counterindices; /* used for general statistics */ + isc_uint64_t *countervalues; /* used for general statistics */ +} stats_dumparg_t; + +static isc_once_t once = ISC_ONCE_INIT; + +/*% + * Statistics descriptions. These could be statistically initialized at + * compile time, but we configure them run time in the init_desc() function + * below so that they'll be less susceptible to counter name changes. + */ +static const char *nsstats_desc[dns_nsstatscounter_max]; +static const char *resstats_desc[dns_resstatscounter_max]; +static const char *zonestats_desc[dns_zonestatscounter_max]; +static const char *sockstats_desc[isc_sockstatscounter_max]; +#ifdef HAVE_LIBXML2 +static const char *nsstats_xmldesc[dns_nsstatscounter_max]; +static const char *resstats_xmldesc[dns_resstatscounter_max]; +static const char *zonestats_xmldesc[dns_zonestatscounter_max]; +static const char *sockstats_xmldesc[isc_sockstatscounter_max]; +#else +#define nsstats_xmldesc NULL +#define resstats_xmldesc NULL +#define zonestats_xmldesc NULL +#define sockstats_xmldesc NULL +#endif /* HAVE_LIBXML2 */ + +/*% + * Mapping arrays to represent statistics counters in the order of our + * preference, regardless of the order of counter indices. For example, + * nsstats_desc[nsstats_index[0]] will be the description that is shown first. + */ +static int nsstats_index[dns_nsstatscounter_max]; +static int resstats_index[dns_resstatscounter_max]; +static int zonestats_index[dns_zonestatscounter_max]; +static int sockstats_index[isc_sockstatscounter_max]; + +static inline void +set_desc(int counter, int maxcounter, const char *fdesc, const char **fdescs, + const char *xdesc, const char **xdescs) +{ + REQUIRE(counter < maxcounter); + REQUIRE(fdescs[counter] == NULL); +#ifdef HAVE_LIBXML2 + REQUIRE(xdescs[counter] == NULL); +#endif + + fdescs[counter] = fdesc; +#ifdef HAVE_LIBXML2 + xdescs[counter] = xdesc; +#else + UNUSED(xdesc); + UNUSED(xdescs); +#endif +} + +static void +init_desc(void) { + int i; + + /* Initialize name server statistics */ + memset((void *)nsstats_desc, 0, + dns_nsstatscounter_max * sizeof(nsstats_desc[0])); +#ifdef HAVE_LIBXML2 + memset((void *)nsstats_xmldesc, 0, + dns_nsstatscounter_max * sizeof(nsstats_xmldesc[0])); +#endif + +#define SET_NSSTATDESC(counterid, desc, xmldesc) \ + do { \ + set_desc(dns_nsstatscounter_ ## counterid, \ + dns_nsstatscounter_max, \ + desc, nsstats_desc, xmldesc, nsstats_xmldesc); \ + nsstats_index[i++] = dns_nsstatscounter_ ## counterid; \ + } while (0) + + i = 0; + SET_NSSTATDESC(requestv4, "IPv4 requests received", "Requestv4"); + SET_NSSTATDESC(requestv6, "IPv6 requests received", "Requestv6"); + SET_NSSTATDESC(edns0in, "requests with EDNS(0) received", "ReqEdns0"); + SET_NSSTATDESC(badednsver, + "requests with unsupported EDNS version received", + "ReqBadEDNSVer"); + SET_NSSTATDESC(tsigin, "requests with TSIG received", "ReqTSIG"); + SET_NSSTATDESC(sig0in, "requests with SIG(0) received", "ReqSIG0"); + SET_NSSTATDESC(invalidsig, "requests with invalid signature", + "ReqBadSIG"); + SET_NSSTATDESC(tcp, "TCP requests received", "ReqTCP"); + SET_NSSTATDESC(authrej, "auth queries rejected", "AuthQryRej"); + SET_NSSTATDESC(recurserej, "recursive queries rejected", "RecQryRej"); + SET_NSSTATDESC(xfrrej, "transfer requests rejected", "XfrRej"); + SET_NSSTATDESC(updaterej, "update requests rejected", "UpdateRej"); + SET_NSSTATDESC(response, "responses sent", "Response"); + SET_NSSTATDESC(truncatedresp, "truncated responses sent", + "TruncatedResp"); + SET_NSSTATDESC(edns0out, "responses with EDNS(0) sent", "RespEDNS0"); + SET_NSSTATDESC(tsigout, "responses with TSIG sent", "RespTSIG"); + SET_NSSTATDESC(sig0out, "responses with SIG(0) sent", "RespSIG0"); + SET_NSSTATDESC(success, "queries resulted in successful answer", + "QrySuccess"); + SET_NSSTATDESC(authans, "queries resulted in authoritative answer", + "QryAuthAns"); + SET_NSSTATDESC(nonauthans, + "queries resulted in non authoritative answer", + "QryNoauthAns"); + SET_NSSTATDESC(referral, "queries resulted in referral answer", + "QryReferral"); + SET_NSSTATDESC(nxrrset, "queries resulted in nxrrset", "QryNxrrset"); + SET_NSSTATDESC(servfail, "queries resulted in SERVFAIL", "QrySERVFAIL"); + SET_NSSTATDESC(formerr, "queries resulted in FORMERR", "QryFORMERR"); + SET_NSSTATDESC(nxdomain, "queries resulted in NXDOMAIN", "QryNXDOMAIN"); + SET_NSSTATDESC(recursion, "queries caused recursion","QryRecursion"); + SET_NSSTATDESC(duplicate, "duplicate queries received", "QryDuplicate"); + SET_NSSTATDESC(dropped, "queries dropped", "QryDropped"); + SET_NSSTATDESC(failure, "other query failures", "QryFailure"); + SET_NSSTATDESC(xfrdone, "requested transfers completed", "XfrReqDone"); + SET_NSSTATDESC(updatereqfwd, "update requests forwarded", + "UpdateReqFwd"); + SET_NSSTATDESC(updaterespfwd, "update responses forwarded", + "UpdateRespFwd"); + SET_NSSTATDESC(updatefwdfail, "update forward failed", "UpdateFwdFail"); + SET_NSSTATDESC(updatedone, "updates completed", "UpdateDone"); + SET_NSSTATDESC(updatefail, "updates failed", "UpdateFail"); + SET_NSSTATDESC(updatebadprereq, + "updates rejected due to prerequisite failure", + "UpdateBadPrereq"); + INSIST(i == dns_nsstatscounter_max); + + /* Initialize resolver statistics */ + memset((void *)resstats_desc, 0, + dns_resstatscounter_max * sizeof(resstats_desc[0])); +#ifdef HAVE_LIBXML2 + memset((void *)resstats_xmldesc, 0, + dns_resstatscounter_max * sizeof(resstats_xmldesc[0])); +#endif + +#define SET_RESSTATDESC(counterid, desc, xmldesc) \ + do { \ + set_desc(dns_resstatscounter_ ## counterid, \ + dns_resstatscounter_max, \ + desc, resstats_desc, xmldesc, resstats_xmldesc); \ + resstats_index[i++] = dns_resstatscounter_ ## counterid; \ + } while (0) + + i = 0; + SET_RESSTATDESC(queryv4, "IPv4 queries sent", "Queryv4"); + SET_RESSTATDESC(queryv6, "IPv6 queries sent", "Queryv6"); + SET_RESSTATDESC(responsev4, "IPv4 responses received", "Responsev4"); + SET_RESSTATDESC(responsev6, "IPv6 responses received", "Responsev6"); + SET_RESSTATDESC(nxdomain, "NXDOMAIN received", "NXDOMAIN"); + SET_RESSTATDESC(servfail, "SERVFAIL received", "SERVFAIL"); + SET_RESSTATDESC(formerr, "FORMERR received", "FORMERR"); + SET_RESSTATDESC(othererror, "other errors received", "OtherError"); + SET_RESSTATDESC(edns0fail, "EDNS(0) query failures", "EDNS0Fail"); + SET_RESSTATDESC(mismatch, "mismatch responses received", "Mismatch"); + SET_RESSTATDESC(truncated, "truncated responses received", "Truncated"); + SET_RESSTATDESC(lame, "lame delegations received", "Lame"); + SET_RESSTATDESC(retry, "query retries", "Retry"); + SET_RESSTATDESC(dispabort, "queries aborted due to quota", + "QueryAbort"); + SET_RESSTATDESC(dispsockfail, "failures in opening query sockets", + "QuerySockFail"); + SET_RESSTATDESC(querytimeout, "query timeouts", "QueryTimeout"); + SET_RESSTATDESC(gluefetchv4, "IPv4 NS address fetches", "GlueFetchv4"); + SET_RESSTATDESC(gluefetchv6, "IPv6 NS address fetches", "GlueFetchv6"); + SET_RESSTATDESC(gluefetchv4fail, "IPv4 NS address fetch failed", + "GlueFetchv4Fail"); + SET_RESSTATDESC(gluefetchv6fail, "IPv6 NS address fetch failed", + "GlueFetchv6Fail"); + SET_RESSTATDESC(val, "DNSSEC validation attempted", "ValAttempt"); + SET_RESSTATDESC(valsuccess, "DNSSEC validation succeeded", "ValOk"); + SET_RESSTATDESC(valnegsuccess, "DNSSEC NX validation succeeded", + "ValNegOk"); + SET_RESSTATDESC(valfail, "DNSSEC validation failed", "ValFail"); + SET_RESSTATDESC(queryrtt0, "queries with RTT < " + DNS_RESOLVER_QRYRTTCLASS0STR "ms", + "QryRTT" DNS_RESOLVER_QRYRTTCLASS0STR); + SET_RESSTATDESC(queryrtt1, "queries with RTT " + DNS_RESOLVER_QRYRTTCLASS0STR "-" + DNS_RESOLVER_QRYRTTCLASS1STR "ms", + "QryRTT" DNS_RESOLVER_QRYRTTCLASS1STR); + SET_RESSTATDESC(queryrtt2, "queries with RTT " + DNS_RESOLVER_QRYRTTCLASS1STR "-" + DNS_RESOLVER_QRYRTTCLASS2STR "ms", + "QryRTT" DNS_RESOLVER_QRYRTTCLASS2STR); + SET_RESSTATDESC(queryrtt3, "queries with RTT " + DNS_RESOLVER_QRYRTTCLASS2STR "-" + DNS_RESOLVER_QRYRTTCLASS3STR "ms", + "QryRTT" DNS_RESOLVER_QRYRTTCLASS3STR); + SET_RESSTATDESC(queryrtt4, "queries with RTT " + DNS_RESOLVER_QRYRTTCLASS3STR "-" + DNS_RESOLVER_QRYRTTCLASS4STR "ms", + "QryRTT" DNS_RESOLVER_QRYRTTCLASS4STR); + SET_RESSTATDESC(queryrtt5, "queries with RTT > " + DNS_RESOLVER_QRYRTTCLASS4STR "ms", + "QryRTT" DNS_RESOLVER_QRYRTTCLASS4STR "+"); + INSIST(i == dns_resstatscounter_max); + + /* Initialize zone statistics */ + memset((void *)zonestats_desc, 0, + dns_zonestatscounter_max * sizeof(zonestats_desc[0])); +#ifdef HAVE_LIBXML2 + memset((void *)zonestats_xmldesc, 0, + dns_zonestatscounter_max * sizeof(zonestats_xmldesc[0])); +#endif + +#define SET_ZONESTATDESC(counterid, desc, xmldesc) \ + do { \ + set_desc(dns_zonestatscounter_ ## counterid, \ + dns_zonestatscounter_max, \ + desc, zonestats_desc, xmldesc, zonestats_xmldesc); \ + zonestats_index[i++] = dns_zonestatscounter_ ## counterid; \ + } while (0) + + i = 0; + SET_ZONESTATDESC(notifyoutv4, "IPv4 notifies sent", "NotifyOutv4"); + SET_ZONESTATDESC(notifyoutv6, "IPv6 notifies sent", "NotifyOutv6"); + SET_ZONESTATDESC(notifyinv4, "IPv4 notifies received", "NotifyInv4"); + SET_ZONESTATDESC(notifyinv6, "IPv6 notifies received", "NotifyInv6"); + SET_ZONESTATDESC(notifyrej, "notifies rejected", "NotifyRej"); + SET_ZONESTATDESC(soaoutv4, "IPv4 SOA queries sent", "SOAOutv4"); + SET_ZONESTATDESC(soaoutv6, "IPv6 SOA queries sent", "SOAOutv6"); + SET_ZONESTATDESC(axfrreqv4, "IPv4 AXFR requested", "AXFRReqv4"); + SET_ZONESTATDESC(axfrreqv6, "IPv6 AXFR requested", "AXFRReqv6"); + SET_ZONESTATDESC(ixfrreqv4, "IPv4 IXFR requested", "IXFRReqv4"); + SET_ZONESTATDESC(ixfrreqv6, "IPv6 IXFR requested", "IXFRReqv6"); + SET_ZONESTATDESC(xfrsuccess, "transfer requests succeeded","XfrSuccess"); + SET_ZONESTATDESC(xfrfail, "transfer requests failed", "XfrFail"); + INSIST(i == dns_zonestatscounter_max); + + /* Initialize socket statistics */ + memset((void *)sockstats_desc, 0, + isc_sockstatscounter_max * sizeof(sockstats_desc[0])); +#ifdef HAVE_LIBXML2 + memset((void *)sockstats_xmldesc, 0, + isc_sockstatscounter_max * sizeof(sockstats_xmldesc[0])); +#endif + +#define SET_SOCKSTATDESC(counterid, desc, xmldesc) \ + do { \ + set_desc(isc_sockstatscounter_ ## counterid, \ + isc_sockstatscounter_max, \ + desc, sockstats_desc, xmldesc, sockstats_xmldesc); \ + sockstats_index[i++] = isc_sockstatscounter_ ## counterid; \ + } while (0) + + i = 0; + SET_SOCKSTATDESC(udp4open, "UDP/IPv4 sockets opened", "UDP4Open"); + SET_SOCKSTATDESC(udp6open, "UDP/IPv6 sockets opened", "UDP6Open"); + SET_SOCKSTATDESC(tcp4open, "TCP/IPv4 sockets opened", "TCP4Open"); + SET_SOCKSTATDESC(tcp6open, "TCP/IPv6 sockets opened", "TCP6Open"); + SET_SOCKSTATDESC(unixopen, "Unix domain sockets opened", "UnixOpen"); + SET_SOCKSTATDESC(udp4openfail, "UDP/IPv4 socket open failures", + "UDP4OpenFail"); + SET_SOCKSTATDESC(udp6openfail, "UDP/IPv6 socket open failures", + "UDP6OpenFail"); + SET_SOCKSTATDESC(tcp4openfail, "TCP/IPv4 socket open failures", + "TCP4OpenFail"); + SET_SOCKSTATDESC(tcp6openfail, "TCP/IPv6 socket open failures", + "TCP6OpenFail"); + SET_SOCKSTATDESC(unixopenfail, "Unix domain socket open failures", + "UnixOpenFail"); + SET_SOCKSTATDESC(udp4close, "UDP/IPv4 sockets closed", "UDP4Close"); + SET_SOCKSTATDESC(udp6close, "UDP/IPv6 sockets closed", "UDP6Close"); + SET_SOCKSTATDESC(tcp4close, "TCP/IPv4 sockets closed", "TCP4Close"); + SET_SOCKSTATDESC(tcp6close, "TCP/IPv6 sockets closed", "TCP6Close"); + SET_SOCKSTATDESC(unixclose, "Unix domain sockets closed", "UnixClose"); + SET_SOCKSTATDESC(fdwatchclose, "FDwatch sockets closed", + "FDWatchClose"); + SET_SOCKSTATDESC(udp4bindfail, "UDP/IPv4 socket bind failures", + "UDP4BindFail"); + SET_SOCKSTATDESC(udp6bindfail, "UDP/IPv6 socket bind failures", + "UDP6BindFail"); + SET_SOCKSTATDESC(tcp4bindfail, "TCP/IPv4 socket bind failures", + "TCP4BindFail"); + SET_SOCKSTATDESC(tcp6bindfail, "TCP/IPv6 socket bind failures", + "TCP6BindFail"); + SET_SOCKSTATDESC(unixbindfail, "Unix domain socket bind failures", + "UnixBindFail"); + SET_SOCKSTATDESC(fdwatchbindfail, "FDwatch socket bind failures", + "FdwatchBindFail"); + SET_SOCKSTATDESC(udp4connectfail, "UDP/IPv4 socket connect failures", + "UDP4ConnFail"); + SET_SOCKSTATDESC(udp6connectfail, "UDP/IPv6 socket connect failures", + "UDP6ConnFail"); + SET_SOCKSTATDESC(tcp4connectfail, "TCP/IPv4 socket connect failures", + "TCP4ConnFail"); + SET_SOCKSTATDESC(tcp6connectfail, "TCP/IPv6 socket connect failures", + "TCP6ConnFail"); + SET_SOCKSTATDESC(unixconnectfail, "Unix domain socket connect failures", + "UnixConnFail"); + SET_SOCKSTATDESC(fdwatchconnectfail, "FDwatch socket connect failures", + "FDwatchConnFail"); + SET_SOCKSTATDESC(udp4connect, "UDP/IPv4 connections established", + "UDP4Conn"); + SET_SOCKSTATDESC(udp6connect, "UDP/IPv6 connections established", + "UDP6Conn"); + SET_SOCKSTATDESC(tcp4connect, "TCP/IPv4 connections established", + "TCP4Conn"); + SET_SOCKSTATDESC(tcp6connect, "TCP/IPv6 connections established", + "TCP6Conn"); + SET_SOCKSTATDESC(unixconnect, "Unix domain connections established", + "UnixConn"); + SET_SOCKSTATDESC(fdwatchconnect, + "FDwatch domain connections established", + "FDwatchConn"); + SET_SOCKSTATDESC(tcp4acceptfail, "TCP/IPv4 connection accept failures", + "TCP4AcceptFail"); + SET_SOCKSTATDESC(tcp6acceptfail, "TCP/IPv6 connection accept failures", + "TCP6AcceptFail"); + SET_SOCKSTATDESC(unixacceptfail, + "Unix domain connection accept failures", + "UnixAcceptFail"); + SET_SOCKSTATDESC(tcp4accept, "TCP/IPv4 connections accepted", + "TCP4Accept"); + SET_SOCKSTATDESC(tcp6accept, "TCP/IPv6 connections accepted", + "TCP6Accept"); + SET_SOCKSTATDESC(unixaccept, "Unix domain connections accepted", + "UnixAccept"); + SET_SOCKSTATDESC(udp4sendfail, "UDP/IPv4 send errors", "UDP4SendErr"); + SET_SOCKSTATDESC(udp6sendfail, "UDP/IPv6 send errors", "UDP6SendErr"); + SET_SOCKSTATDESC(tcp4sendfail, "TCP/IPv4 send errors", "TCP4SendErr"); + SET_SOCKSTATDESC(tcp6sendfail, "TCP/IPv6 send errors", "TCP6SendErr"); + SET_SOCKSTATDESC(unixsendfail, "Unix domain send errors", + "UnixSendErr"); + SET_SOCKSTATDESC(fdwatchsendfail, "FDwatch send errors", + "FDwatchSendErr"); + SET_SOCKSTATDESC(udp4recvfail, "UDP/IPv4 recv errors", "UDP4RecvErr"); + SET_SOCKSTATDESC(udp6recvfail, "UDP/IPv6 recv errors", "UDP6RecvErr"); + SET_SOCKSTATDESC(tcp4recvfail, "TCP/IPv4 recv errors", "TCP4RecvErr"); + SET_SOCKSTATDESC(tcp6recvfail, "TCP/IPv6 recv errors", "TCP6RecvErr"); + SET_SOCKSTATDESC(unixrecvfail, "Unix domain recv errors", + "UnixRecvErr"); + SET_SOCKSTATDESC(fdwatchrecvfail, "FDwatch recv errors", + "FDwatchRecvErr"); + INSIST(i == isc_sockstatscounter_max); + + /* Sanity check */ + for (i = 0; i < dns_nsstatscounter_max; i++) + INSIST(nsstats_desc[i] != NULL); + for (i = 0; i < dns_resstatscounter_max; i++) + INSIST(resstats_desc[i] != NULL); + for (i = 0; i < dns_zonestatscounter_max; i++) + INSIST(zonestats_desc[i] != NULL); + for (i = 0; i < isc_sockstatscounter_max; i++) + INSIST(sockstats_desc[i] != NULL); +#ifdef HAVE_LIBXML2 + for (i = 0; i < dns_nsstatscounter_max; i++) + INSIST(nsstats_xmldesc[i] != NULL); + for (i = 0; i < dns_resstatscounter_max; i++) + INSIST(resstats_xmldesc[i] != NULL); + for (i = 0; i < dns_zonestatscounter_max; i++) + INSIST(zonestats_xmldesc[i] != NULL); + for (i = 0; i < isc_sockstatscounter_max; i++) + INSIST(sockstats_xmldesc[i] != NULL); +#endif +} + +/*% + * Dump callback functions. + */ +static void +generalstat_dump(isc_statscounter_t counter, isc_uint64_t val, void *arg) { + stats_dumparg_t *dumparg = arg; + + REQUIRE(counter < dumparg->ncounters); + dumparg->countervalues[counter] = val; +} + +static void +dump_counters(isc_stats_t *stats, statsformat_t type, void *arg, + const char *category, const char **desc, int ncounters, + int *indices, isc_uint64_t *values, int options) +{ + int i, index; + isc_uint64_t value; + stats_dumparg_t dumparg; + FILE *fp; +#ifdef HAVE_LIBXML2 + xmlTextWriterPtr writer; +#endif + +#ifndef HAVE_LIBXML2 + UNUSED(category); +#endif + + dumparg.type = type; + dumparg.ncounters = ncounters; + dumparg.counterindices = indices; + dumparg.countervalues = values; + + memset(values, 0, sizeof(values[0]) * ncounters); + isc_stats_dump(stats, generalstat_dump, &dumparg, options); + + for (i = 0; i < ncounters; i++) { + index = indices[i]; + value = values[index]; + + if (value == 0 && (options & ISC_STATSDUMP_VERBOSE) == 0) + continue; + + switch (dumparg.type) { + case statsformat_file: + fp = arg; + fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", + value, desc[index]); + break; + case statsformat_xml: +#ifdef HAVE_LIBXML2 + writer = arg; + + if (category != NULL) { + xmlTextWriterStartElement(writer, + ISC_XMLCHAR + category); + xmlTextWriterStartElement(writer, + ISC_XMLCHAR "name"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR + desc[index]); + xmlTextWriterEndElement(writer); /* name */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR + "counter"); + } else { + xmlTextWriterStartElement(writer, ISC_XMLCHAR + desc[index]); + } + xmlTextWriterWriteFormatString(writer, + "%" ISC_PRINT_QUADFORMAT + "u", value); + xmlTextWriterEndElement(writer); /* counter */ + if (category != NULL) + xmlTextWriterEndElement(writer); /* category */ +#endif + break; + } + } +} + +static void +rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) { + char typebuf[64]; + const char *typestr; + stats_dumparg_t *dumparg = arg; + FILE *fp; +#ifdef HAVE_LIBXML2 + xmlTextWriterPtr writer; +#endif + + if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) + == 0) { + dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf, + sizeof(typebuf)); + typestr = typebuf; + } else + typestr = "Others"; + + switch (dumparg->type) { + case statsformat_file: + fp = dumparg->arg; + fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, typestr); + break; + case statsformat_xml: +#ifdef HAVE_LIBXML2 + writer = dumparg->arg; + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype"); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr); + xmlTextWriterEndElement(writer); /* name */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"); + xmlTextWriterWriteFormatString(writer, + "%" ISC_PRINT_QUADFORMAT "u", + val); + xmlTextWriterEndElement(writer); /* counter */ + + xmlTextWriterEndElement(writer); /* rdtype */ +#endif + break; + } +} + +static void +rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) { + stats_dumparg_t *dumparg = arg; + FILE *fp; + char typebuf[64]; + const char *typestr; + isc_boolean_t nxrrset = ISC_FALSE; +#ifdef HAVE_LIBXML2 + xmlTextWriterPtr writer; +#endif + + if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) + != 0) { + typestr = "NXDOMAIN"; + } else if ((DNS_RDATASTATSTYPE_ATTR(type) & + DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) != 0) { + typestr = "Others"; + } else { + dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf, + sizeof(typebuf)); + typestr = typebuf; + } + + if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXRRSET) + != 0) + nxrrset = ISC_TRUE; + + switch (dumparg->type) { + case statsformat_file: + fp = dumparg->arg; + fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s%s\n", val, + nxrrset ? "!" : "", typestr); + break; + case statsformat_xml: +#ifdef HAVE_LIBXML2 + writer = dumparg->arg; + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset"); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteFormatString(writer, "%s%s", + nxrrset ? "!" : "", typestr); + xmlTextWriterEndElement(writer); /* name */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"); + xmlTextWriterWriteFormatString(writer, + "%" ISC_PRINT_QUADFORMAT "u", + val); + xmlTextWriterEndElement(writer); /* counter */ + + xmlTextWriterEndElement(writer); /* rrset */ +#endif + break; + } +} + +static void +opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) { + FILE *fp = arg; + isc_buffer_t b; + char codebuf[64]; + stats_dumparg_t *dumparg = arg; +#ifdef HAVE_LIBXML2 + xmlTextWriterPtr writer; +#endif + + isc_buffer_init(&b, codebuf, sizeof(codebuf) - 1); + dns_opcode_totext(code, &b); + codebuf[isc_buffer_usedlength(&b)] = '\0'; + + switch (dumparg->type) { + case statsformat_file: + fp = dumparg->arg; + fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, codebuf); + break; + case statsformat_xml: +#ifdef HAVE_LIBXML2 + writer = dumparg->arg; + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "opcode"); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR codebuf); + xmlTextWriterEndElement(writer); /* name */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"); + xmlTextWriterWriteFormatString(writer, + "%" ISC_PRINT_QUADFORMAT "u", + val); + xmlTextWriterEndElement(writer); /* counter */ + + xmlTextWriterEndElement(writer); /* opcode */ +#endif + break; + } +} + +#ifdef HAVE_LIBXML2 + +/* XXXMLG below here sucks. */ + +#define TRY(a) do { result = (a); INSIST(result == ISC_R_SUCCESS); } while(0); +#define TRY0(a) do { xmlrc = (a); INSIST(xmlrc >= 0); } while(0); + +static isc_result_t +zone_xmlrender(dns_zone_t *zone, void *arg) { + char buf[1024 + 32]; /* sufficiently large for zone name and class */ + dns_rdataclass_t rdclass; + isc_uint32_t serial; + xmlTextWriterPtr writer = arg; + isc_stats_t *zonestats; + isc_uint64_t nsstat_values[dns_nsstatscounter_max]; + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone"); + + dns_zone_name(zone, buf, sizeof(buf)); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR buf); + xmlTextWriterEndElement(writer); + + rdclass = dns_zone_getclass(zone); + dns_rdataclass_format(rdclass, buf, sizeof(buf)); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdataclass"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR buf); + xmlTextWriterEndElement(writer); + + serial = dns_zone_getserial(zone); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial"); + xmlTextWriterWriteFormatString(writer, "%u", serial); + xmlTextWriterEndElement(writer); + + zonestats = dns_zone_getrequeststats(zone); + if (zonestats != NULL) { + xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"); + dump_counters(zonestats, statsformat_xml, writer, NULL, + nsstats_xmldesc, dns_nsstatscounter_max, + nsstats_index, nsstat_values, + ISC_STATSDUMP_VERBOSE); + xmlTextWriterEndElement(writer); /* counters */ + } + + xmlTextWriterEndElement(writer); /* zone */ + + return (ISC_R_SUCCESS); +} + +static void +generatexml(ns_server_t *server, int *buflen, xmlChar **buf) { + char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"]; + char nowstr[sizeof "yyyy-mm-ddThh:mm:ssZ"]; + isc_time_t now; + xmlTextWriterPtr writer; + xmlDocPtr doc; + int xmlrc; + dns_view_t *view; + stats_dumparg_t dumparg; + dns_stats_t *cachestats; + isc_uint64_t nsstat_values[dns_nsstatscounter_max]; + isc_uint64_t resstat_values[dns_resstatscounter_max]; + isc_uint64_t zonestat_values[dns_zonestatscounter_max]; + isc_uint64_t sockstat_values[isc_sockstatscounter_max]; + + isc_time_now(&now); + isc_time_formatISO8601(&ns_g_boottime, boottime, sizeof boottime); + isc_time_formatISO8601(&now, nowstr, sizeof nowstr); + + writer = xmlNewTextWriterDoc(&doc, 0); + TRY0(xmlTextWriterStartDocument(writer, NULL, "UTF-8", NULL)); + TRY0(xmlTextWriterWritePI(writer, ISC_XMLCHAR "xml-stylesheet", + ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.xsl\"")); + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "isc")); + TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version", + ISC_XMLCHAR "1.0")); + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "bind")); + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics")); + TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version", + ISC_XMLCHAR "2.0")); + + /* Set common fields for statistics dump */ + dumparg.type = statsformat_xml; + dumparg.arg = writer; + + /* + * Start by rendering the views we know of here. For each view we + * know of, call its rendering function. + */ + view = ISC_LIST_HEAD(server->viewlist); + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "views")); + while (view != NULL) { + xmlTextWriterStartElement(writer, ISC_XMLCHAR "view"); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR view->name); + xmlTextWriterEndElement(writer); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones"); + dns_zt_apply(view->zonetable, ISC_FALSE, zone_xmlrender, + writer); + xmlTextWriterEndElement(writer); + + if (view->resquerystats != NULL) { + dns_rdatatypestats_dump(view->resquerystats, + rdtypestat_dump, &dumparg, 0); + } + + if (view->resstats != NULL) { + dump_counters(view->resstats, statsformat_xml, writer, + "resstat", resstats_xmldesc, + dns_resstatscounter_max, resstats_index, + resstat_values, ISC_STATSDUMP_VERBOSE); + } + + cachestats = dns_db_getrrsetstats(view->cachedb); + if (cachestats != NULL) { + xmlTextWriterStartElement(writer, + ISC_XMLCHAR "cache"); + dns_rdatasetstats_dump(cachestats, rdatasetstats_dump, + &dumparg, 0); + xmlTextWriterEndElement(writer); /* cache */ + } + + xmlTextWriterEndElement(writer); /* view */ + + view = ISC_LIST_NEXT(view, link); + } + TRY0(xmlTextWriterEndElement(writer)); /* views */ + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "socketmgr")); + isc_socketmgr_renderxml(ns_g_socketmgr, writer); + TRY0(xmlTextWriterEndElement(writer)); /* socketmgr */ + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "taskmgr")); + isc_taskmgr_renderxml(ns_g_taskmgr, writer); + TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */ + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server")); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime); + xmlTextWriterEndElement(writer); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr); + xmlTextWriterEndElement(writer); + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "requests")); + dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg, + 0); + xmlTextWriterEndElement(writer); /* requests */ + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "queries-in")); + dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump, + &dumparg, 0); + xmlTextWriterEndElement(writer); /* queries-in */ + + dump_counters(server->nsstats, statsformat_xml, writer, + "nsstat", nsstats_xmldesc, dns_nsstatscounter_max, + nsstats_index, nsstat_values, ISC_STATSDUMP_VERBOSE); + + dump_counters(server->zonestats, statsformat_xml, writer, "zonestat", + zonestats_xmldesc, dns_zonestatscounter_max, + zonestats_index, zonestat_values, ISC_STATSDUMP_VERBOSE); + + /* + * Most of the common resolver statistics entries are 0, so we don't + * use the verbose dump here. + */ + dump_counters(server->resolverstats, statsformat_xml, writer, "resstat", + resstats_xmldesc, dns_resstatscounter_max, resstats_index, + resstat_values, 0); + + dump_counters(server->sockstats, statsformat_xml, writer, "sockstat", + sockstats_xmldesc, isc_sockstatscounter_max, + sockstats_index, sockstat_values, ISC_STATSDUMP_VERBOSE); + + xmlTextWriterEndElement(writer); /* server */ + + TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory")); + isc_mem_renderxml(writer); + TRY0(xmlTextWriterEndElement(writer)); /* memory */ + + TRY0(xmlTextWriterEndElement(writer)); /* statistics */ + TRY0(xmlTextWriterEndElement(writer)); /* bind */ + TRY0(xmlTextWriterEndElement(writer)); /* isc */ + + TRY0(xmlTextWriterEndDocument(writer)); + + xmlFreeTextWriter(writer); + + xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 1); + xmlFreeDoc(doc); +} + +static void +wrap_xmlfree(isc_buffer_t *buffer, void *arg) { + UNUSED(arg); + + xmlFree(isc_buffer_base(buffer)); +} + +static isc_result_t +render_index(const char *url, const char *querystring, void *arg, + unsigned int *retcode, const char **retmsg, const char **mimetype, + isc_buffer_t *b, isc_httpdfree_t **freecb, + void **freecb_args) +{ + unsigned char *msg; + int msglen; + ns_server_t *server = arg; + + UNUSED(url); + UNUSED(querystring); + + generatexml(server, &msglen, &msg); + + *retcode = 200; + *retmsg = "OK"; + *mimetype = "text/xml"; + isc_buffer_reinit(b, msg, msglen); + isc_buffer_add(b, msglen); + *freecb = wrap_xmlfree; + *freecb_args = NULL; + + return (ISC_R_SUCCESS); +} + +#endif /* HAVE_LIBXML2 */ + +static isc_result_t +render_xsl(const char *url, const char *querystring, void *args, + unsigned int *retcode, const char **retmsg, const char **mimetype, + isc_buffer_t *b, isc_httpdfree_t **freecb, + void **freecb_args) +{ + UNUSED(url); + UNUSED(querystring); + UNUSED(args); + + *retcode = 200; + *retmsg = "OK"; + *mimetype = "text/xslt+xml"; + isc_buffer_reinit(b, xslmsg, strlen(xslmsg)); + isc_buffer_add(b, strlen(xslmsg)); + *freecb = NULL; + *freecb_args = NULL; + + return (ISC_R_SUCCESS); +} + +static void +shutdown_listener(ns_statschannel_t *listener) { + char socktext[ISC_SOCKADDR_FORMATSIZE]; + isc_sockaddr_format(&listener->address, socktext, sizeof(socktext)); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,NS_LOGMODULE_SERVER, + ISC_LOG_NOTICE, "stopping statistics channel on %s", + socktext); + + isc_httpdmgr_shutdown(&listener->httpdmgr); +} + +static isc_boolean_t +client_ok(const isc_sockaddr_t *fromaddr, void *arg) { + ns_statschannel_t *listener = arg; + isc_netaddr_t netaddr; + char socktext[ISC_SOCKADDR_FORMATSIZE]; + int match; + + REQUIRE(listener != NULL); + + isc_netaddr_fromsockaddr(&netaddr, fromaddr); + + LOCK(&listener->lock); + if (dns_acl_match(&netaddr, NULL, listener->acl, &ns_g_server->aclenv, + &match, NULL) == ISC_R_SUCCESS && match > 0) { + UNLOCK(&listener->lock); + return (ISC_TRUE); + } + UNLOCK(&listener->lock); + + isc_sockaddr_format(fromaddr, socktext, sizeof(socktext)); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "rejected statistics connection from %s", socktext); + + return (ISC_FALSE); +} + +static void +destroy_listener(void *arg) { + ns_statschannel_t *listener = arg; + + REQUIRE(listener != NULL); + REQUIRE(!ISC_LINK_LINKED(listener, link)); + + /* We don't have to acquire the lock here since it's already unlinked */ + dns_acl_detach(&listener->acl); + + DESTROYLOCK(&listener->lock); + isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener)); +} + +static isc_result_t +add_listener(ns_server_t *server, ns_statschannel_t **listenerp, + const cfg_obj_t *listen_params, const cfg_obj_t *config, + isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, + const char *socktext) +{ + isc_result_t result; + ns_statschannel_t *listener; + isc_task_t *task = NULL; + isc_socket_t *sock = NULL; + const cfg_obj_t *allow; + dns_acl_t *new_acl = NULL; + + listener = isc_mem_get(server->mctx, sizeof(*listener)); + if (listener == NULL) + return (ISC_R_NOMEMORY); + + listener->httpdmgr = NULL; + listener->address = *addr; + listener->acl = NULL; + listener->mctx = NULL; + ISC_LINK_INIT(listener, link); + + result = isc_mutex_init(&listener->lock); + if (result != ISC_R_SUCCESS) { + isc_mem_put(server->mctx, listener, sizeof(*listener)); + return (ISC_R_FAILURE); + } + + isc_mem_attach(server->mctx, &listener->mctx); + + allow = cfg_tuple_get(listen_params, "allow"); + if (allow != NULL && cfg_obj_islist(allow)) { + result = cfg_acl_fromconfig(allow, config, ns_g_lctx, + aclconfctx, listener->mctx, 0, + &new_acl); + } else + result = dns_acl_any(listener->mctx, &new_acl); + if (result != ISC_R_SUCCESS) + goto cleanup; + dns_acl_attach(new_acl, &listener->acl); + dns_acl_detach(&new_acl); + + result = isc_task_create(ns_g_taskmgr, 0, &task); + if (result != ISC_R_SUCCESS) + goto cleanup; + isc_task_setname(task, "statchannel", NULL); + + result = isc_socket_create(ns_g_socketmgr, isc_sockaddr_pf(addr), + isc_sockettype_tcp, &sock); + if (result != ISC_R_SUCCESS) + goto cleanup; + isc_socket_setname(sock, "statchannel", NULL); + +#ifndef ISC_ALLOW_MAPPED + isc_socket_ipv6only(sock, ISC_TRUE); +#endif + + result = isc_socket_bind(sock, addr, ISC_SOCKET_REUSEADDRESS); + if (result != ISC_R_SUCCESS) + goto cleanup; + + result = isc_httpdmgr_create(server->mctx, sock, task, client_ok, + destroy_listener, listener, ns_g_timermgr, + &listener->httpdmgr); + if (result != ISC_R_SUCCESS) + goto cleanup; + +#ifdef HAVE_LIBXML2 + isc_httpdmgr_addurl(listener->httpdmgr, "/", render_index, server); +#endif + isc_httpdmgr_addurl(listener->httpdmgr, "/bind9.xsl", render_xsl, + server); + + *listenerp = listener; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_NOTICE, + "statistics channel listening on %s", socktext); + +cleanup: + if (result != ISC_R_SUCCESS) { + if (listener->acl != NULL) + dns_acl_detach(&listener->acl); + DESTROYLOCK(&listener->lock); + isc_mem_putanddetach(&listener->mctx, listener, + sizeof(*listener)); + } + if (task != NULL) + isc_task_detach(&task); + if (sock != NULL) + isc_socket_detach(&sock); + + return (result); +} + +static void +update_listener(ns_server_t *server, ns_statschannel_t **listenerp, + const cfg_obj_t *listen_params, const cfg_obj_t *config, + isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, + const char *socktext) +{ + ns_statschannel_t *listener; + const cfg_obj_t *allow = NULL; + dns_acl_t *new_acl = NULL; + isc_result_t result = ISC_R_SUCCESS; + + for (listener = ISC_LIST_HEAD(server->statschannels); + listener != NULL; + listener = ISC_LIST_NEXT(listener, link)) + if (isc_sockaddr_equal(addr, &listener->address)) + break; + + if (listener == NULL) { + *listenerp = NULL; + return; + } + + /* + * Now, keep the old access list unless a new one can be made. + */ + allow = cfg_tuple_get(listen_params, "allow"); + if (allow != NULL && cfg_obj_islist(allow)) { + result = cfg_acl_fromconfig(allow, config, ns_g_lctx, + aclconfctx, listener->mctx, 0, + &new_acl); + } else + result = dns_acl_any(listener->mctx, &new_acl); + + if (result == ISC_R_SUCCESS) { + LOCK(&listener->lock); + + dns_acl_detach(&listener->acl); + dns_acl_attach(new_acl, &listener->acl); + dns_acl_detach(&new_acl); + + UNLOCK(&listener->lock); + } else { + cfg_obj_log(listen_params, ns_g_lctx, ISC_LOG_WARNING, + "couldn't install new acl for " + "statistics channel %s: %s", + socktext, isc_result_totext(result)); + } + + *listenerp = listener; +} + +isc_result_t +ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config, + cfg_aclconfctx_t *aclconfctx) +{ + ns_statschannel_t *listener, *listener_next; + ns_statschannellist_t new_listeners; + const cfg_obj_t *statschannellist = NULL; + const cfg_listelt_t *element, *element2; + char socktext[ISC_SOCKADDR_FORMATSIZE]; + + RUNTIME_CHECK(isc_once_do(&once, init_desc) == ISC_R_SUCCESS); + + ISC_LIST_INIT(new_listeners); + + /* + * Get the list of named.conf 'statistics-channels' statements. + */ + (void)cfg_map_get(config, "statistics-channels", &statschannellist); + + /* + * Run through the new address/port list, noting sockets that are + * already being listened on and moving them to the new list. + * + * Identifying duplicate addr/port combinations is left to either + * the underlying config code, or to the bind attempt getting an + * address-in-use error. + */ + if (statschannellist != NULL) { +#ifndef HAVE_LIBXML2 + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_WARNING, + "statistics-channels specified but not effective " + "due to missing XML library"); +#endif + + for (element = cfg_list_first(statschannellist); + element != NULL; + element = cfg_list_next(element)) { + const cfg_obj_t *statschannel; + const cfg_obj_t *listenercfg = NULL; + + statschannel = cfg_listelt_value(element); + (void)cfg_map_get(statschannel, "inet", + &listenercfg); + if (listenercfg == NULL) + continue; + + for (element2 = cfg_list_first(listenercfg); + element2 != NULL; + element2 = cfg_list_next(element2)) { + const cfg_obj_t *listen_params; + const cfg_obj_t *obj; + isc_sockaddr_t addr; + + listen_params = cfg_listelt_value(element2); + + obj = cfg_tuple_get(listen_params, "address"); + addr = *cfg_obj_assockaddr(obj); + if (isc_sockaddr_getport(&addr) == 0) + isc_sockaddr_setport(&addr, NS_STATSCHANNEL_HTTPPORT); + + isc_sockaddr_format(&addr, socktext, + sizeof(socktext)); + + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_DEBUG(9), + "processing statistics " + "channel %s", + socktext); + + update_listener(server, &listener, + listen_params, config, &addr, + aclconfctx, socktext); + + if (listener != NULL) { + /* + * Remove the listener from the old + * list, so it won't be shut down. + */ + ISC_LIST_UNLINK(server->statschannels, + listener, link); + } else { + /* + * This is a new listener. + */ + isc_result_t r; + + r = add_listener(server, &listener, + listen_params, config, + &addr, aclconfctx, + socktext); + if (r != ISC_R_SUCCESS) { + cfg_obj_log(listen_params, + ns_g_lctx, + ISC_LOG_WARNING, + "couldn't allocate " + "statistics channel" + " %s: %s", + socktext, + isc_result_totext(r)); + } + } + + if (listener != NULL) + ISC_LIST_APPEND(new_listeners, listener, + link); + } + } + } + + for (listener = ISC_LIST_HEAD(server->statschannels); + listener != NULL; + listener = listener_next) { + listener_next = ISC_LIST_NEXT(listener, link); + ISC_LIST_UNLINK(server->statschannels, listener, link); + shutdown_listener(listener); + } + + ISC_LIST_APPENDLIST(server->statschannels, new_listeners, link); + return (ISC_R_SUCCESS); +} + +void +ns_statschannels_shutdown(ns_server_t *server) { + ns_statschannel_t *listener; + + while ((listener = ISC_LIST_HEAD(server->statschannels)) != NULL) { + ISC_LIST_UNLINK(server->statschannels, listener, link); + shutdown_listener(listener); + } +} + +isc_result_t +ns_stats_dump(ns_server_t *server, FILE *fp) { + isc_stdtime_t now; + isc_result_t result; + dns_view_t *view; + dns_zone_t *zone, *next; + stats_dumparg_t dumparg; + isc_uint64_t nsstat_values[dns_nsstatscounter_max]; + isc_uint64_t resstat_values[dns_resstatscounter_max]; + isc_uint64_t zonestat_values[dns_zonestatscounter_max]; + isc_uint64_t sockstat_values[isc_sockstatscounter_max]; + + RUNTIME_CHECK(isc_once_do(&once, init_desc) == ISC_R_SUCCESS); + + /* Set common fields */ + dumparg.type = statsformat_file; + dumparg.arg = fp; + + isc_stdtime_get(&now); + fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now); + + fprintf(fp, "++ Incoming Requests ++\n"); + dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg, 0); + + fprintf(fp, "++ Incoming Queries ++\n"); + dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump, + &dumparg, 0); + + fprintf(fp, "++ Outgoing Queries ++\n"); + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + if (view->resquerystats == NULL) + continue; + if (strcmp(view->name, "_default") == 0) + fprintf(fp, "[View: default]\n"); + else + fprintf(fp, "[View: %s]\n", view->name); + dns_rdatatypestats_dump(view->resquerystats, rdtypestat_dump, + &dumparg, 0); + } + + fprintf(fp, "++ Name Server Statistics ++\n"); + dump_counters(server->nsstats, statsformat_file, fp, NULL, + nsstats_desc, dns_nsstatscounter_max, nsstats_index, + nsstat_values, 0); + + fprintf(fp, "++ Zone Maintenance Statistics ++\n"); + dump_counters(server->zonestats, statsformat_file, fp, NULL, + zonestats_desc, dns_zonestatscounter_max, + zonestats_index, zonestat_values, 0); + + fprintf(fp, "++ Resolver Statistics ++\n"); + fprintf(fp, "[Common]\n"); + dump_counters(server->resolverstats, statsformat_file, fp, NULL, + resstats_desc, dns_resstatscounter_max, resstats_index, + resstat_values, 0); + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + if (view->resstats == NULL) + continue; + if (strcmp(view->name, "_default") == 0) + fprintf(fp, "[View: default]\n"); + else + fprintf(fp, "[View: %s]\n", view->name); + dump_counters(view->resstats, statsformat_file, fp, NULL, + resstats_desc, dns_resstatscounter_max, + resstats_index, resstat_values, 0); + } + + fprintf(fp, "++ Cache DB RRsets ++\n"); + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + dns_stats_t *cachestats; + + cachestats = dns_db_getrrsetstats(view->cachedb); + if (cachestats == NULL) + continue; + if (strcmp(view->name, "_default") == 0) + fprintf(fp, "[View: default]\n"); + else + fprintf(fp, "[View: %s]\n", view->name); + dns_rdatasetstats_dump(cachestats, rdatasetstats_dump, &dumparg, + 0); + } + + fprintf(fp, "++ Socket I/O Statistics ++\n"); + dump_counters(server->sockstats, statsformat_file, fp, NULL, + sockstats_desc, isc_sockstatscounter_max, sockstats_index, + sockstat_values, 0); + + fprintf(fp, "++ Per Zone Query Statistics ++\n"); + zone = NULL; + for (result = dns_zone_first(server->zonemgr, &zone); + result == ISC_R_SUCCESS; + next = NULL, result = dns_zone_next(zone, &next), zone = next) + { + isc_stats_t *zonestats = dns_zone_getrequeststats(zone); + if (zonestats != NULL) { + char zonename[DNS_NAME_FORMATSIZE]; + + dns_name_format(dns_zone_getorigin(zone), + zonename, sizeof(zonename)); + view = dns_zone_getview(zone); + + fprintf(fp, "[%s", zonename); + if (strcmp(view->name, "_default") != 0) + fprintf(fp, " (view: %s)", view->name); + fprintf(fp, "]\n"); + + dump_counters(zonestats, statsformat_file, fp, NULL, + nsstats_desc, dns_nsstatscounter_max, + nsstats_index, nsstat_values, 0); + } + } + + fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now); + + return (ISC_R_SUCCESS); /* this function currently always succeeds */ +} diff --git a/contrib/bind-9.3/bin/named/tkeyconf.c b/contrib/bind-9.5.2/bin/named/tkeyconf.c similarity index 89% rename from contrib/bind-9.3/bin/named/tkeyconf.c rename to contrib/bind-9.5.2/bin/named/tkeyconf.c index f23c1dba5f..82cf573bf7 100644 --- a/contrib/bind-9.3/bin/named/tkeyconf.c +++ b/contrib/bind-9.5.2/bin/named/tkeyconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.c,v 1.19.208.4 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: tkeyconf.c,v 1.29 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -40,6 +42,13 @@ goto failure; \ } while (0) +#include +#define LOG(msg) \ + isc_log_write(ns_g_lctx, \ + NS_LOGCATEGORY_GENERAL, \ + NS_LOGMODULE_SERVER, \ + ISC_LOG_ERROR, \ + "%s", msg) isc_result_t ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, @@ -98,6 +107,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, result = cfg_map_get(options, "tkey-gssapi-credential", &obj); if (result == ISC_R_SUCCESS) { s = cfg_obj_asstring(obj); + isc_buffer_init(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); dns_fixedname_init(&fname); diff --git a/contrib/bind-9.3/bin/named/tsigconf.c b/contrib/bind-9.5.2/bin/named/tsigconf.c similarity index 88% rename from contrib/bind-9.3/bin/named/tsigconf.c rename to contrib/bind-9.5.2/bin/named/tsigconf.c index a90438d85e..b3c6e023db 100644 --- a/contrib/bind-9.3/bin/named/tsigconf.c +++ b/contrib/bind-9.5.2/bin/named/tsigconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.c,v 1.21.208.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: tsigconf.c,v 1.30 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include @@ -38,6 +40,7 @@ static isc_result_t add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { + dns_tsigkey_t *tsigkey = NULL; const cfg_listelt_t *element; const cfg_obj_t *key = NULL; const char *keyid = NULL; @@ -46,6 +49,7 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, int secretlen = 0; isc_result_t ret; isc_stdtime_t now; + isc_uint16_t bits; for (element = cfg_list_first(list); element != NULL; @@ -86,10 +90,11 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, * Create the algorithm. */ algstr = cfg_obj_asstring(algobj); - if (ns_config_getkeyalgorithm(algstr, &alg) != ISC_R_SUCCESS) { + if (ns_config_getkeyalgorithm(algstr, &alg, &bits) + != ISC_R_SUCCESS) { cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR, - "key '%s': the only supported algorithm " - "is hmac-md5", keyid); + "key '%s': has a unsupported algorithm '%s'", + keyid, algstr); ret = DNS_R_BADALG; goto failure; } @@ -110,11 +115,16 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_stdtime_get(&now); ret = dns_tsigkey_create(&keyname, alg, secret, secretlen, ISC_FALSE, NULL, now, now, - mctx, ring, NULL); + mctx, ring, &tsigkey); isc_mem_put(mctx, secret, secretalloc); secret = NULL; if (ret != ISC_R_SUCCESS) goto failure; + /* + * Set digest bits. + */ + dst_key_setbits(tsigkey->key, bits); + dns_tsigkey_detach(&tsigkey); } return (ISC_R_SUCCESS); @@ -127,7 +137,6 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, if (secret != NULL) isc_mem_put(mctx, secret, secretalloc); return (ret); - } isc_result_t diff --git a/contrib/bind-9.3/bin/named/unix/include/named/os.h b/contrib/bind-9.5.2/bin/named/unix/include/named/os.h similarity index 83% rename from contrib/bind-9.3/bin/named/unix/include/named/os.h rename to contrib/bind-9.5.2/bin/named/unix/include/named/os.h index 03baee57ea..1ab86aa290 100644 --- a/contrib/bind-9.3/bin/named/unix/include/named/os.h +++ b/contrib/bind-9.5.2/bin/named/unix/include/named/os.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.14.2.2.8.9 2004/09/29 06:36:44 marka Exp $ */ +/* $Id: os.h,v 1.27.128.2 2008/10/24 01:44:15 tbox Exp $ */ #ifndef NS_OS_H #define NS_OS_H 1 +/*! \file */ + #include void @@ -43,12 +45,14 @@ ns_os_inituserinfo(const char *username); void ns_os_changeuser(void); +void +ns_os_adjustnofile(void); + void ns_os_minprivs(void); void ns_os_writepidfile(const char *filename, isc_boolean_t first_time); - void ns_os_shutdown(void); diff --git a/contrib/bind-9.3/bin/named/unix/os.c b/contrib/bind-9.5.2/bin/named/unix/os.c similarity index 79% rename from contrib/bind-9.3/bin/named/unix/os.c rename to contrib/bind-9.5.2/bin/named/unix/os.c index 361d1b6363..337d230ec8 100644 --- a/contrib/bind-9.3/bin/named/unix/os.c +++ b/contrib/bind-9.5.2/bin/named/unix/os.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.46.2.4.8.24 2006/02/03 23:51:37 marka Exp $ */ +/* $Id: os.c,v 1.79.128.13 2009/03/02 03:07:05 marka Exp $ */ + +/*! \file */ #include #include @@ -40,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -67,7 +70,7 @@ static int devnullfd = -1; /* * Linux defines: * (T) HAVE_LINUXTHREADS - * (C) HAVE_LINUX_CAPABILITY_H + * (C) HAVE_SYS_CAPABILITY_H (or HAVE_LINUX_CAPABILITY_H) * (P) HAVE_SYS_PRCTL_H * The possible cases are: * none: setuid() normally @@ -114,16 +117,25 @@ static int dfd[2] = { -1, -1 }; static isc_boolean_t non_root = ISC_FALSE; static isc_boolean_t non_root_caps = ISC_FALSE; -/* +#ifdef HAVE_SYS_CAPABILITY_H +#include +#else +/*% * We define _LINUX_FS_H to prevent it from being included. We don't need * anything from it, and the files it includes cause warnings with 2.2 * kernels, and compilation failures (due to conflicts between * and ) on 2.3 kernels. */ #define _LINUX_FS_H - -#include /* Required for syscall(). */ -#include /* Required for _LINUX_CAPABILITY_VERSION. */ +#include +#include +#ifndef SYS_capset +#ifndef __NR_capset +#include /* Slackware 4.0 needs this. */ +#endif /* __NR_capset */ +#define SYS_capset __NR_capset +#endif /* SYS_capset */ +#endif /* HAVE_SYS_CAPABILITY_H */ #ifdef HAVE_SYS_PRCTL_H #include /* Required for prctl(). */ @@ -140,22 +152,24 @@ static isc_boolean_t non_root_caps = ISC_FALSE; #endif /* HAVE_SYS_PRCTL_H */ -#ifndef SYS_capset -#ifndef __NR_capset -#include /* Slackware 4.0 needs this. */ -#endif -#define SYS_capset __NR_capset -#endif +#ifdef HAVE_LIBCAP +#define SETCAPS_FUNC "cap_set_proc " +#else +typedef unsigned int cap_t; +#define SETCAPS_FUNC "syscall(capset) " +#endif /* HAVE_LIBCAP */ static void -linux_setcaps(unsigned int caps) { +linux_setcaps(cap_t caps) { +#ifndef HAVE_LIBCAP struct __user_cap_header_struct caphead; struct __user_cap_data_struct cap; +#endif char strbuf[ISC_STRERRORSIZE]; if ((getuid() != 0 && !non_root_caps) || non_root) return; - +#ifndef HAVE_LIBCAP memset(&caphead, 0, sizeof(caphead)); caphead.version = _LINUX_CAPABILITY_VERSION; caphead.pid = 0; @@ -163,36 +177,89 @@ linux_setcaps(unsigned int caps) { cap.effective = caps; cap.permitted = caps; cap.inheritable = 0; +#endif +#ifdef HAVE_LIBCAP + if (cap_set_proc(caps) < 0) { +#else if (syscall(SYS_capset, &caphead, &cap) < 0) { +#endif isc__strerror(errno, strbuf, sizeof(strbuf)); - ns_main_earlyfatal("capset failed: %s:" + ns_main_earlyfatal(SETCAPS_FUNC "failed: %s:" " please ensure that the capset kernel" " module is loaded. see insmod(8)", strbuf); } } +#ifdef HAVE_LIBCAP +#define SET_CAP(flag) \ + do { \ + capval = (flag); \ + cap_flag_value_t curval; \ + err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \ + if (err != -1 && curval) { \ + err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \ + if (err == -1) { \ + isc__strerror(errno, strbuf, sizeof(strbuf)); \ + ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \ + } \ + \ + err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \ + if (err == -1) { \ + isc__strerror(errno, strbuf, sizeof(strbuf)); \ + ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \ + } \ + } \ + } while (0) +#define INIT_CAP \ + do { \ + caps = cap_init(); \ + if (caps == NULL) { \ + isc__strerror(errno, strbuf, sizeof(strbuf)); \ + ns_main_earlyfatal("cap_init failed: %s", strbuf); \ + } \ + curcaps = cap_get_proc(); \ + if (curcaps == NULL) { \ + isc__strerror(errno, strbuf, sizeof(strbuf)); \ + ns_main_earlyfatal("cap_get_proc failed: %s", strbuf); \ + } \ + } while (0) +#define FREE_CAP \ + { \ + cap_free(caps); \ + cap_free(curcaps); \ + } while (0) +#else +#define SET_CAP(flag) do { caps |= (1 << (flag)); } while (0) +#define INIT_CAP do { caps = 0; } while (0) +#endif /* HAVE_LIBCAP */ + static void linux_initialprivs(void) { - unsigned int caps; + cap_t caps; +#ifdef HAVE_LIBCAP + cap_t curcaps; + cap_value_t capval; + char strbuf[ISC_STRERRORSIZE]; + int err; +#endif - /* + /*% * We don't need most privileges, so we drop them right away. * Later on linux_minprivs() will be called, which will drop our * capabilities to the minimum needed to run the server. */ - - caps = 0; + INIT_CAP; /* * We need to be able to bind() to privileged ports, notably port 53! */ - caps |= (1 << CAP_NET_BIND_SERVICE); + SET_CAP(CAP_NET_BIND_SERVICE); /* * We need chroot() initially too. */ - caps |= (1 << CAP_SYS_CHROOT); + SET_CAP(CAP_SYS_CHROOT); #if defined(HAVE_SYS_PRCTL_H) || !defined(HAVE_LINUXTHREADS) /* @@ -201,19 +268,19 @@ linux_initialprivs(void) { * tried) or we're not using threads. If either of these is * true, we want the setuid capability. */ - caps |= (1 << CAP_SETUID); + SET_CAP(CAP_SETUID); #endif /* * Since we call initgroups, we need this. */ - caps |= (1 << CAP_SETGID); + SET_CAP(CAP_SETGID); /* * Without this, we run into problems reading a configuration file * owned by a non-root user and non-world-readable on startup. */ - caps |= (1 << CAP_DAC_READ_SEARCH); + SET_CAP(CAP_DAC_READ_SEARCH); /* * XXX We might want to add CAP_SYS_RESOURCE, though it's not @@ -222,16 +289,27 @@ linux_initialprivs(void) { * of files, the stack size, data size, and core dump size to * support named.conf options, this is now being added to test. */ - caps |= (1 << CAP_SYS_RESOURCE); + SET_CAP(CAP_SYS_RESOURCE); linux_setcaps(caps); + +#ifdef HAVE_LIBCAP + FREE_CAP; +#endif } static void linux_minprivs(void) { - unsigned int caps; + cap_t caps; +#ifdef HAVE_LIBCAP + cap_t curcaps; + cap_value_t capval; + char strbuf[ISC_STRERRORSIZE]; + int err; +#endif - /* + INIT_CAP; + /*% * Drop all privileges except the ability to bind() to privileged * ports. * @@ -239,8 +317,7 @@ linux_minprivs(void) { * chroot() could be used to escape from the chrooted area. */ - caps = 0; - caps |= (1 << CAP_NET_BIND_SERVICE); + SET_CAP(CAP_NET_BIND_SERVICE); /* * XXX We might want to add CAP_SYS_RESOURCE, though it's not @@ -249,16 +326,20 @@ linux_minprivs(void) { * of files, the stack size, data size, and core dump size to * support named.conf options, this is now being added to test. */ - caps |= (1 << CAP_SYS_RESOURCE); + SET_CAP(CAP_SYS_RESOURCE); linux_setcaps(caps); + +#ifdef HAVE_LIBCAP + FREE_CAP; +#endif } #ifdef HAVE_SYS_PRCTL_H static void linux_keepcaps(void) { char strbuf[ISC_STRERRORSIZE]; - /* + /*% * Ask the kernel to allow us to keep our capabilities after we * setuid(). */ @@ -324,7 +405,7 @@ ns_os_daemonize(void) { /* * Wait for the child to finish loading for the first time. * This would be so much simpler if fork() worked once we - * were multi-threaded. + * were multi-threaded. */ (void)close(dfd[1]); do { @@ -381,10 +462,12 @@ ns_os_started(void) { char buf = 0; /* - * Signal to the parent that we stated successfully. + * Signal to the parent that we started successfully. */ if (dfd[0] != -1 && dfd[1] != -1) { - write(dfd[1], &buf, 1); + if (write(dfd[1], &buf, 1) != 1) + ns_main_earlyfatal("unable to signal parent that we " + "otherwise started successfully."); close(dfd[1]); dfd[0] = dfd[1] = -1; } @@ -424,10 +507,14 @@ ns_os_chroot(const char *root) { ns_smf_chroot = 0; #endif if (root != NULL) { +#ifdef HAVE_CHROOT if (chroot(root) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("chroot(): %s", strbuf); } +#else + ns_main_earlyfatal("chroot(): disabled"); +#endif if (chdir("/") < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("chdir(/): %s", strbuf); @@ -494,15 +581,37 @@ ns_os_changeuser(void) { ns_main_earlyfatal("setuid(): %s", strbuf); } -#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) - linux_minprivs(); -#endif #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) /* * Restore the ability of named to drop core after the setuid() * call has disabled it. */ - prctl(PR_SET_DUMPABLE,1,0,0,0); + if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s", + strbuf); + } +#endif +#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) + linux_minprivs(); +#endif +} + +void +ns_os_adjustnofile() { +#ifdef HAVE_LINUXTHREADS + isc_result_t result; + isc_resourcevalue_t newvalue; + + /* + * Linux: max number of open files specified by one thread doesn't seem + * to apply to other threads on Linux. + */ + newvalue = ISC_RESOURCE_UNLIMITED; + + result = isc_resource_setlimit(isc_resource_openfiles, newvalue); + if (result != ISC_R_SUCCESS) + ns_main_earlywarning("couldn't adjust limit on open files"); #endif } @@ -538,7 +647,8 @@ safe_open(const char *filename, isc_boolean_t append) { fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); else { - (void)unlink(filename); + if (unlink(filename) < 0 && errno != ENOENT) + return (-1); fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); } @@ -547,8 +657,11 @@ safe_open(const char *filename, isc_boolean_t append) { static void cleanup_pidfile(void) { + int n; if (pidfile != NULL) { - (void)unlink(pidfile); + n = unlink(pidfile); + if (n == -1 && errno != ENOENT) + ns_main_earlywarning("unlink '%s': failed", pidfile); free(pidfile); } pidfile = NULL; @@ -663,7 +776,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) { ptr = next_token(&input, " \t"); if (ptr == NULL) return; - + if (strcmp(ptr, "-p") != 0) return; diff --git a/contrib/bind-9.3/bin/named/update.c b/contrib/bind-9.5.2/bin/named/update.c similarity index 78% rename from contrib/bind-9.3/bin/named/update.c rename to contrib/bind-9.5.2/bin/named/update.c index fa0ddb0104..d1ca0997bd 100644 --- a/contrib/bind-9.3/bin/named/update.c +++ b/contrib/bind-9.5.2/bin/named/update.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.88.2.5.2.29 2006/01/06 00:01:42 marka Exp $ */ +/* $Id: update.c,v 1.138.2.13 2009/07/28 15:54:31 marka Exp $ */ #include #include +#include #include #include #include @@ -31,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -46,40 +48,42 @@ #include #include +#include #include -/* +/*! \file + * \brief * This module implements dynamic update as in RFC2136. */ /* - XXX TODO: - - document strict minimality -*/ + * XXX TODO: + * - document strict minimality + */ /**************************************************************************/ -/* +/*% * Log level for tracing dynamic update protocol requests. */ #define LOGLEVEL_PROTOCOL ISC_LOG_INFO -/* +/*% * Log level for low-level debug tracing. */ -#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) +#define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) -/* +/*% * Check an operation for failure. These macros all assume that * the function using them has a 'result' variable and a 'failure' * label. */ #define CHECK(op) \ - do { result = (op); \ - if (result != ISC_R_SUCCESS) goto failure; \ + do { result = (op); \ + if (result != ISC_R_SUCCESS) goto failure; \ } while (0) -/* +/*% * Fail unconditionally with result 'code', which must not * be ISC_R_SUCCESS. The reason for failure presumably has * been logged already. @@ -94,7 +98,7 @@ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) -/* +/*% * Fail unconditionally and log as a client error. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". @@ -110,11 +114,16 @@ case DNS_R_NXRRSET: \ _what = "unsuccessful"; \ } \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ - "update %s: %s (%s)", _what, \ - msg, isc_result_totext(result)); \ + update_log(client, zone, LOGLEVEL_PROTOCOL, \ + "update %s: %s (%s)", _what, \ + msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) +#define PREREQFAILC(code, msg) \ + do { \ + inc_stats(zone, dns_nsstatscounter_updatebadprereq); \ + FAILC(code, msg); \ + } while (0) #define FAILN(code, name, msg) \ do { \ @@ -130,12 +139,17 @@ if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \ char _nbuf[DNS_NAME_FORMATSIZE]; \ dns_name_format(name, _nbuf, sizeof(_nbuf)); \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ + update_log(client, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s: %s (%s)", _what, _nbuf, \ msg, isc_result_totext(result)); \ } \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) +#define PREREQFAILN(code, name, msg) \ + do { \ + inc_stats(zone, dns_nsstatscounter_updatebadprereq); \ + FAILN(code, name, msg); \ + } while (0) #define FAILNT(code, name, type, msg) \ do { \ @@ -153,14 +167,20 @@ char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \ dns_name_format(name, _nbuf, sizeof(_nbuf)); \ dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \ - update_log(client, zone, LOGLEVEL_PROTOCOL, \ + update_log(client, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s/%s: %s (%s)", \ _what, _nbuf, _tbuf, msg, \ isc_result_totext(result)); \ } \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) -/* +#define PREREQFAILNT(code, name, type, msg) \ + do { \ + inc_stats(zone, dns_nsstatscounter_updatebadprereq); \ + FAILNT(code, name, type, msg); \ + } while (0) + +/*% * Fail unconditionally and log as a server error. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". @@ -169,8 +189,8 @@ do { \ result = (code); \ update_log(client, zone, LOGLEVEL_PROTOCOL, \ - "error: %s: %s", \ - msg, isc_result_totext(result)); \ + "error: %s: %s", \ + msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) @@ -180,15 +200,15 @@ typedef struct rr rr_t; struct rr { /* dns_name_t name; */ - isc_uint32_t ttl; - dns_rdata_t rdata; + isc_uint32_t ttl; + dns_rdata_t rdata; }; typedef struct update_event update_event_t; struct update_event { ISC_EVENT_COMMON(update_event_t); - dns_zone_t *zone; + dns_zone_t *zone; isc_result_t result; dns_message_t *answer; }; @@ -238,9 +258,38 @@ update_log(ns_client_t *client, dns_zone_t *zone, namebuf, classbuf, message); } +/*% + * Increment updated-related statistics counters. + */ +static inline void +inc_stats(dns_zone_t *zone, isc_statscounter_t counter) { + isc_stats_increment(ns_g_server->nsstats, counter); + + if (zone != NULL) { + isc_stats_t *zonestats = dns_zone_getrequeststats(zone); + if (zonestats != NULL) + isc_stats_increment(zonestats, counter); + } +} + +/*% + * Override the default acl logging when checking whether a client + * can update the zone or whether we can forward the request to the + * master based on IP address. + * + * 'message' contains the type of operation that is being attempted. + * 'slave' indicates if this is a slave zone. If 'acl' is NULL then + * log at debug=3. + * If the zone has no access controls configured ('acl' == NULL && + * 'has_ssutable == ISC_FALS) log the attempt at info, otherwise + * at error. + * + * If the request was signed log that we received it. + */ static isc_result_t checkupdateacl(ns_client_t *client, dns_acl_t *acl, const char *message, - dns_name_t *zonename, isc_boolean_t slave) + dns_name_t *zonename, isc_boolean_t slave, + isc_boolean_t has_ssutable) { char namebuf[DNS_NAME_FORMATSIZE]; char classbuf[DNS_RDATACLASS_FORMATSIZE]; @@ -252,12 +301,21 @@ checkupdateacl(ns_client_t *client, dns_acl_t *acl, const char *message, result = DNS_R_NOTIMP; level = ISC_LOG_DEBUG(3); msg = "disabled"; - } else - result = ns_client_checkaclsilent(client, acl, ISC_FALSE); + } else { + result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE); + if (result == ISC_R_SUCCESS) { + level = ISC_LOG_DEBUG(3); + msg = "approved"; + } else if (acl == NULL && !has_ssutable) { + level = ISC_LOG_INFO; + } + } - if (result == ISC_R_SUCCESS) { - level = ISC_LOG_DEBUG(3); - msg = "approved"; + if (client->signer != NULL) { + dns_name_format(client->signer, namebuf, sizeof(namebuf)); + ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, + NS_LOGMODULE_UPDATE, ISC_LOG_INFO, + "signer \"%s\" %s", namebuf, msg); } dns_name_format(zonename, namebuf, sizeof(namebuf)); @@ -265,22 +323,21 @@ checkupdateacl(ns_client_t *client, dns_acl_t *acl, const char *message, sizeof(classbuf)); ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY, - NS_LOGMODULE_UPDATE, level, "%s '%s/%s' %s", - message, namebuf, classbuf, msg); + NS_LOGMODULE_UPDATE, level, "%s '%s/%s' %s", + message, namebuf, classbuf, msg); return (result); } -/* +/*% * Update a single RR in version 'ver' of 'db' and log the * update in 'diff'. * * Ensures: - * '*tuple' == NULL. Either the tuple is freed, or its - * ownership has been transferred to the diff. + * \li '*tuple' == NULL. Either the tuple is freed, or its + * ownership has been transferred to the diff. */ static isc_result_t -do_one_tuple(dns_difftuple_t **tuple, - dns_db_t *db, dns_dbversion_t *ver, +do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff) { dns_diff_t temp_diff; @@ -313,12 +370,12 @@ do_one_tuple(dns_difftuple_t **tuple, return (ISC_R_SUCCESS); } -/* +/*% * Perform the updates in 'updates' in version 'ver' of 'db' and log the * update in 'diff'. * * Ensures: - * 'updates' is empty. + * \li 'updates' is empty. */ static isc_result_t do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver, @@ -339,8 +396,8 @@ do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver, static isc_result_t update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, - dns_diffop_t op, dns_name_t *name, - dns_ttl_t ttl, dns_rdata_t *rdata) + dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, + dns_rdata_t *rdata) { dns_difftuple_t *tuple = NULL; isc_result_t result; @@ -371,17 +428,17 @@ update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, * XXXRTH We might want to make this public somewhere in libdns. */ -/* +/*% * Function type for foreach_rrset() iterator actions. */ typedef isc_result_t rrset_func(void *data, dns_rdataset_t *rrset); -/* +/*% * Function type for foreach_rr() iterator actions. */ typedef isc_result_t rr_func(void *data, rr_t *rr); -/* +/*% * Internal context struct for foreach_node_rr(). */ typedef struct { @@ -389,7 +446,7 @@ typedef struct { void * rr_action_data; } foreach_node_rr_ctx_t; -/* +/*% * Internal helper function for foreach_node_rr(). */ static isc_result_t @@ -401,7 +458,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) { result = dns_rdataset_next(rdataset)) { rr_t rr = { 0, DNS_RDATA_INIT }; - + dns_rdataset_current(rdataset, &rr.rdata); rr.ttl = rdataset->ttl; result = (*ctx->rr_action)(ctx->rr_action_data, &rr); @@ -413,7 +470,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) { return (ISC_R_SUCCESS); } -/* +/*% * For each rdataset of 'name' in 'ver' of 'db', call 'action' * with the rdataset and 'action_data' as arguments. If the name * does not exist, do nothing. @@ -421,11 +478,8 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) { * If 'action' returns an error, abort iteration and return the error. */ static isc_result_t -foreach_rrset(dns_db_t *db, - dns_dbversion_t *ver, - dns_name_t *name, - rrset_func *action, - void *action_data) +foreach_rrset(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, + rrset_func *action, void *action_data) { isc_result_t result; dns_dbnode_t *node; @@ -471,7 +525,7 @@ foreach_rrset(dns_db_t *db, return (result); } -/* +/*% * For each RR of 'name' in 'ver' of 'db', call 'action' * with the RR and 'action_data' as arguments. If the name * does not exist, do nothing. @@ -480,11 +534,8 @@ foreach_rrset(dns_db_t *db, * and return the error. */ static isc_result_t -foreach_node_rr(dns_db_t *db, - dns_dbversion_t *ver, - dns_name_t *name, - rr_func *rr_action, - void *rr_action_data) +foreach_node_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, + rr_func *rr_action, void *rr_action_data) { foreach_node_rr_ctx_t ctx; ctx.rr_action = rr_action; @@ -494,7 +545,7 @@ foreach_node_rr(dns_db_t *db, } -/* +/*% * For each of the RRs specified by 'db', 'ver', 'name', 'type', * (which can be dns_rdatatype_any to match any type), and 'covers', call * 'action' with the RR and 'action_data' as arguments. If the name @@ -504,12 +555,8 @@ foreach_node_rr(dns_db_t *db, * If 'action' returns an error, abort iteration and return the error. */ static isc_result_t -foreach_rr(dns_db_t *db, - dns_dbversion_t *ver, - dns_name_t *name, - dns_rdatatype_t type, - dns_rdatatype_t covers, - rr_func *rr_action, +foreach_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, + dns_rdatatype_t type, dns_rdatatype_t covers, rr_func *rr_action, void *rr_action_data) { @@ -566,13 +613,13 @@ foreach_rr(dns_db_t *db, * Various tests on the database contents (for prerequisites, etc). */ -/* +/*% * Function type for predicate functions that compare a database RR 'db_rr' * against an update RR 'update_rr'. */ typedef isc_boolean_t rr_predicate(dns_rdata_t *update_rr, dns_rdata_t *db_rr); -/* +/*% * Helper function for rrset_exists(). */ static isc_result_t @@ -582,7 +629,7 @@ rrset_exists_action(void *data, rr_t *rr) { return (ISC_R_EXISTS); } -/* +/*% * Utility macro for RR existence checking functions. * * If the variable 'result' has the value ISC_R_EXISTS or @@ -595,20 +642,20 @@ rrset_exists_action(void *data, rr_t *rr) { * This would be more readable as "do { if ... } while(0)", * but that form generates tons of warnings on Solaris 2.6. */ -#define RETURN_EXISTENCE_FLAG \ - return ((result == ISC_R_EXISTS) ? \ - (*exists = ISC_TRUE, ISC_R_SUCCESS) : \ +#define RETURN_EXISTENCE_FLAG \ + return ((result == ISC_R_EXISTS) ? \ + (*exists = ISC_TRUE, ISC_R_SUCCESS) : \ ((result == ISC_R_SUCCESS) ? \ (*exists = ISC_FALSE, ISC_R_SUCCESS) : \ result)) -/* +/*% * Set '*exists' to true iff an rrset of the given type exists, * to false otherwise. */ static isc_result_t -rrset_exists(dns_db_t *db, dns_dbversion_t *ver, - dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, +rrset_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, + dns_rdatatype_t type, dns_rdatatype_t covers, isc_boolean_t *exists) { isc_result_t result; @@ -617,7 +664,46 @@ rrset_exists(dns_db_t *db, dns_dbversion_t *ver, RETURN_EXISTENCE_FLAG; } -/* +/*% + * Set '*visible' to true if the RRset exists and is part of the + * visible zone. Otherwise '*visible' is set to false unless a + * error occurs. + */ +static isc_result_t +rrset_visible(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, + dns_rdatatype_t type, isc_boolean_t *visible) +{ + isc_result_t result; + dns_fixedname_t fixed; + + dns_fixedname_init(&fixed); + result = dns_db_find(db, name, ver, type, DNS_DBFIND_NOWILD, + (isc_stdtime_t) 0, NULL, + dns_fixedname_name(&fixed), NULL, NULL); + switch (result) { + case ISC_R_SUCCESS: + *visible = ISC_TRUE; + break; + /* + * Glue, obscured, deleted or replaced records. + */ + case DNS_R_DELEGATION: + case DNS_R_DNAME: + case DNS_R_CNAME: + case DNS_R_NXDOMAIN: + case DNS_R_NXRRSET: + case DNS_R_EMPTYNAME: + case DNS_R_COVERINGNSEC: + *visible = ISC_FALSE; + result = ISC_R_SUCCESS; + break; + default: + break; + } + return (result); +} + +/*% * Helper function for cname_incompatible_rrset_exists. */ static isc_result_t @@ -629,7 +715,7 @@ cname_compatibility_action(void *data, dns_rdataset_t *rrset) { return (ISC_R_SUCCESS); } -/* +/*% * Check whether there is an rrset incompatible with adding a CNAME RR, * i.e., anything but another CNAME (which can be replaced) or a * DNSSEC RR (which can coexist). @@ -646,7 +732,7 @@ cname_incompatible_rrset_exists(dns_db_t *db, dns_dbversion_t *ver, RETURN_EXISTENCE_FLAG; } -/* +/*% * Helper function for rr_count(). */ static isc_result_t @@ -657,7 +743,7 @@ count_rr_action(void *data, rr_t *rr) { return (ISC_R_SUCCESS); } -/* +/*% * Count the number of RRs of 'type' belonging to 'name' in 'ver' of 'db'. */ static isc_result_t @@ -669,7 +755,7 @@ rr_count(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, count_rr_action, countp)); } -/* +/*% * Context struct and helper function for name_exists(). */ @@ -680,7 +766,7 @@ name_exists_action(void *data, dns_rdataset_t *rrset) { return (ISC_R_EXISTS); } -/* +/*% * Set '*exists' to true iff the given name exists, to false otherwise. */ static isc_result_t @@ -694,7 +780,8 @@ name_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, } typedef struct { - dns_name_t *name, *signer; + dns_name_t *name; + dns_name_t *signer; dns_ssutable_t *table; } ssu_check_t; @@ -736,12 +823,12 @@ ssu_checkall(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, * In the RFC2136 section 3.2.5, this is the pseudocode involving * a variable called "temp", a mapping of tuples to rrsets. * - * Here, we represent the "temp" data structure as (non-minimial) "dns_diff_t" - * where each typle has op==DNS_DIFFOP_EXISTS. + * Here, we represent the "temp" data structure as (non-minimal) "dns_diff_t" + * where each tuple has op==DNS_DIFFOP_EXISTS. */ -/* +/*% * Append a tuple asserting the existence of the RR with * 'name' and 'rdata' to 'diff'. */ @@ -752,13 +839,13 @@ temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) { REQUIRE(DNS_DIFF_VALID(diff)); CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS, - name, 0, rdata, &tuple)); + name, 0, rdata, &tuple)); ISC_LIST_APPEND(diff->tuples, tuple, link); failure: return (result); } -/* +/*% * Compare two rdatasets represented as sorted lists of tuples. * All list elements must have the same owner name and type. * Return ISC_R_SUCCESS if the rdatasets are equal, rcode(dns_rcode_nxrrset) @@ -783,7 +870,7 @@ temp_check_rrset(dns_difftuple_t *a, dns_difftuple_t *b) { return (ISC_R_SUCCESS); } -/* +/*% * A comparison function defining the sorting order for the entries * in the "temp" data structure. The major sort key is the owner name, * followed by the type and rdata. @@ -805,7 +892,7 @@ temp_order(const void *av, const void *bv) { return (r); } -/* +/*% * Check the "RRset exists (value dependent)" prerequisite information * in 'temp' against the contents of the database 'db'. * @@ -841,10 +928,14 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, /* A new unique name begins here. */ node = NULL; result = dns_db_findnode(db, name, ISC_FALSE, &node); - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND) { + dns_diff_clear(&trash); return (DNS_R_NXRRSET); - if (result != ISC_R_SUCCESS) + } + if (result != ISC_R_SUCCESS) { + dns_diff_clear(&trash); return (result); + } /* A new unique type begins here. */ while (t != NULL && dns_name_equal(&t->name, name)) { @@ -852,14 +943,18 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, dns_rdataset_t rdataset; dns_diff_t d_rrs; /* Database RRs with this name and type */ - dns_diff_t u_rrs; /* Update RRs with + dns_diff_t u_rrs; /* Update RRs with this name and type */ *typep = type = t->rdata.type; if (type == dns_rdatatype_rrsig || type == dns_rdatatype_sig) covers = dns_rdata_covers(&t->rdata); - else + else if (type == dns_rdatatype_any) { + dns_db_detachnode(db, &node); + dns_diff_clear(&trash); + return (DNS_R_NXRRSET); + } else covers = 0; /* @@ -872,6 +967,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, &rdataset, NULL); if (result != ISC_R_SUCCESS) { dns_db_detachnode(db, &node); + dns_diff_clear(&trash); return (DNS_R_NXRRSET); } @@ -948,7 +1044,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, * Conditional deletion of RRs. */ -/* +/*% * Context structure for delete_if(). */ @@ -961,11 +1057,11 @@ typedef struct { dns_rdata_t *update_rr; } conditional_delete_ctx_t; -/* +/*% * Predicate functions for delete_if(). */ -/* +/*% * Return true iff 'db_rr' is neither a SOA nor an NS RR nor * an RRSIG nor a NSEC. */ @@ -979,7 +1075,7 @@ type_not_soa_nor_ns_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { ISC_TRUE : ISC_FALSE); } -/* +/*% * Return true iff 'db_rr' is neither a RRSIG nor a NSEC. */ static isc_boolean_t @@ -990,7 +1086,7 @@ type_not_dnssec(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { ISC_TRUE : ISC_FALSE); } -/* +/*% * Return true always. */ static isc_boolean_t @@ -1000,7 +1096,17 @@ true_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { return (ISC_TRUE); } -/* +/*% + * Return true if the record is a RRSIG. + */ +static isc_boolean_t +rrsig_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { + UNUSED(update_rr); + return ((db_rr->type == dns_rdatatype_rrsig) ? + ISC_TRUE : ISC_FALSE); +} + +/*% * Return true iff the two RRs have identical rdata. */ static isc_boolean_t @@ -1014,7 +1120,7 @@ rr_equal_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { ISC_TRUE : ISC_FALSE); } -/* +/*% * Return true iff 'update_rr' should replace 'db_rr' according * to the special RFC2136 rules for CNAME, SOA, and WKS records. * @@ -1048,7 +1154,7 @@ replaces_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) { return (ISC_FALSE); } -/* +/*% * Internal helper function for delete_if(). */ static isc_result_t @@ -1065,7 +1171,7 @@ delete_if_action(void *data, rr_t *rr) { } } -/* +/*% * Conditionally delete RRs. Apply 'predicate' to the RRs * specified by 'db', 'ver', 'name', and 'type' (which can * be dns_rdatatype_any to match any type). Delete those @@ -1073,14 +1179,9 @@ delete_if_action(void *data, rr_t *rr) { * deletions in 'diff'. */ static isc_result_t -delete_if(rr_predicate *predicate, - dns_db_t *db, - dns_dbversion_t *ver, - dns_name_t *name, - dns_rdatatype_t type, - dns_rdatatype_t covers, - dns_rdata_t *update_rr, - dns_diff_t *diff) +delete_if(rr_predicate *predicate, dns_db_t *db, dns_dbversion_t *ver, + dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, + dns_rdata_t *update_rr, dns_diff_t *diff) { conditional_delete_ctx_t ctx; ctx.predicate = predicate; @@ -1094,7 +1195,7 @@ delete_if(rr_predicate *predicate, } /**************************************************************************/ -/* +/*% * Prepare an RR for the addition of the new RR 'ctx->update_rr', * with TTL 'ctx->update_rr_ttl', to its rdataset, by deleting * the RRs if it is replaced by the new RR or has a conflicting TTL. @@ -1117,7 +1218,7 @@ typedef struct { static isc_result_t add_rr_prepare_action(void *data, rr_t *rr) { - isc_result_t result = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; add_rr_prepare_ctx_t *ctx = data; dns_difftuple_t *tuple = NULL; isc_boolean_t equal; @@ -1137,10 +1238,8 @@ add_rr_prepare_action(void *data, rr_t *rr) { * be deleted before the update RR is added. */ if (replaces_p(ctx->update_rr, &rr->rdata)) { - CHECK(dns_difftuple_create(ctx->del_diff.mctx, - DNS_DIFFOP_DEL, ctx->name, - rr->ttl, - &rr->rdata, + CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL, + ctx->name, rr->ttl, &rr->rdata, &tuple)); dns_diff_append(&ctx->del_diff, &tuple); return (ISC_R_SUCCESS); @@ -1151,18 +1250,15 @@ add_rr_prepare_action(void *data, rr_t *rr) { * its TTL must be adjusted. */ if (rr->ttl != ctx->update_rr_ttl) { - CHECK(dns_difftuple_create(ctx->del_diff.mctx, - DNS_DIFFOP_DEL, ctx->name, - rr->ttl, - &rr->rdata, + CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL, + ctx->name, rr->ttl, &rr->rdata, &tuple)); dns_diff_append(&ctx->del_diff, &tuple); if (!equal) { CHECK(dns_difftuple_create(ctx->add_diff.mctx, DNS_DIFFOP_ADD, ctx->name, ctx->update_rr_ttl, - &rr->rdata, - &tuple)); + &rr->rdata, &tuple)); dns_diff_append(&ctx->add_diff, &tuple); } } @@ -1175,7 +1271,7 @@ add_rr_prepare_action(void *data, rr_t *rr) { * Miscellaneous subroutines. */ -/* +/*% * Extract a single update RR from 'section' of dynamic update message * 'msg', with consistency checking. * @@ -1184,10 +1280,9 @@ add_rr_prepare_action(void *data, rr_t *rr) { */ static void get_current_rr(dns_message_t *msg, dns_section_t section, - dns_rdataclass_t zoneclass, - dns_name_t **name, dns_rdata_t *rdata, dns_rdatatype_t *covers, - dns_ttl_t *ttl, - dns_rdataclass_t *update_class) + dns_rdataclass_t zoneclass, dns_name_t **name, + dns_rdata_t *rdata, dns_rdatatype_t *covers, + dns_ttl_t *ttl, dns_rdataclass_t *update_class) { dns_rdataset_t *rdataset; isc_result_t result; @@ -1205,7 +1300,7 @@ get_current_rr(dns_message_t *msg, dns_section_t section, rdata->rdclass = zoneclass; } -/* +/*% * Increment the SOA serial number of database 'db', version 'ver'. * Replace the SOA record in the database, and log the * change in 'diff'. @@ -1250,7 +1345,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, return (result); } -/* +/*% * Check that the new SOA record at 'update_rdata' does not * illegally cause the SOA serial number to decrease or stay * unchanged relative to the existing SOA in 'db'. @@ -1272,8 +1367,7 @@ increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver, */ static isc_result_t check_soa_increment(dns_db_t *db, dns_dbversion_t *ver, - dns_rdata_t *update_rdata, - isc_boolean_t *ok) + dns_rdata_t *update_rdata, isc_boolean_t *ok) { isc_uint32_t db_serial; isc_uint32_t update_serial; @@ -1300,9 +1394,9 @@ check_soa_increment(dns_db_t *db, dns_dbversion_t *ver, * Incremental updating of NSECs and RRSIGs. */ -#define MAXZONEKEYS 32 /* Maximum number of zone keys supported. */ +#define MAXZONEKEYS 32 /*%< Maximum number of zone keys supported. */ -/* +/*% * We abuse the dns_diff_t type to represent a set of domain names * affected by the update. */ @@ -1310,8 +1404,8 @@ static isc_result_t namelist_append_name(dns_diff_t *list, dns_name_t *name) { isc_result_t result; dns_difftuple_t *tuple = NULL; - static dns_rdata_t dummy_rdata = { NULL, 0, 0, 0, 0, - { (void*)(-1), (void*)(-1) } }; + static dns_rdata_t dummy_rdata = DNS_RDATA_INIT; + CHECK(dns_difftuple_create(list->mctx, DNS_DIFFOP_EXISTS, name, 0, &dummy_rdata, &tuple)); dns_diff_append(list, &tuple); @@ -1353,7 +1447,7 @@ namelist_append_subdomain(dns_db_t *db, dns_name_t *name, dns_diff_t *affected) -/* +/*% * Helper function for non_nsec_rrset_exists(). */ static isc_result_t @@ -1366,7 +1460,7 @@ is_non_nsec_action(void *data, dns_rdataset_t *rrset) { return (ISC_R_SUCCESS); } -/* +/*% * Check whether there is an rrset other than a NSEC or RRSIG NSEC, * i.e., anything that justifies the continued existence of a name * after a secure update. @@ -1379,12 +1473,11 @@ non_nsec_rrset_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t *exists) { isc_result_t result; - result = foreach_rrset(db, ver, name, - is_non_nsec_action, NULL); + result = foreach_rrset(db, ver, name, is_non_nsec_action, NULL); RETURN_EXISTENCE_FLAG; } -/* +/*% * A comparison function for sorting dns_diff_t:s by name. */ static int @@ -1418,10 +1511,9 @@ uniqify_name_list(dns_diff_t *list) { return (result); } - static isc_result_t -is_glue(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - isc_boolean_t *flag) +is_active(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, + isc_boolean_t *flag, isc_boolean_t *cut, isc_boolean_t *unsecure) { isc_result_t result; dns_fixedname_t foundname; @@ -1431,25 +1523,49 @@ is_glue(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, (isc_stdtime_t) 0, NULL, dns_fixedname_name(&foundname), NULL, NULL); - if (result == ISC_R_SUCCESS) { - *flag = ISC_FALSE; + if (result == ISC_R_SUCCESS || result == DNS_R_EMPTYNAME) { + *flag = ISC_TRUE; + *cut = ISC_FALSE; + if (unsecure != NULL) + *unsecure = ISC_FALSE; return (ISC_R_SUCCESS); } else if (result == DNS_R_ZONECUT) { - /* - * We are at the zonecut. The name will have an NSEC, but - * non-delegation will be omitted from the type bit map. - */ - *flag = ISC_FALSE; - return (ISC_R_SUCCESS); - } else if (result == DNS_R_GLUE || result == DNS_R_DNAME) { *flag = ISC_TRUE; + *cut = ISC_TRUE; + if (unsecure != NULL) { + /* + * We are at the zonecut. Check to see if there + * is a DS RRset. + */ + if (dns_db_find(db, name, ver, dns_rdatatype_ds, 0, + (isc_stdtime_t) 0, NULL, + dns_fixedname_name(&foundname), + NULL, NULL) == DNS_R_NXRRSET) + *unsecure = ISC_TRUE; + else + *unsecure = ISC_FALSE; + } + return (ISC_R_SUCCESS); + } else if (result == DNS_R_GLUE || result == DNS_R_DNAME || + result == DNS_R_DELEGATION || result == DNS_R_NXDOMAIN) { + *flag = ISC_FALSE; + *cut = ISC_FALSE; + if (unsecure != NULL) + *unsecure = ISC_FALSE; return (ISC_R_SUCCESS); } else { + /* + * Silence compiler. + */ + *flag = ISC_FALSE; + *cut = ISC_FALSE; + if (unsecure != NULL) + *unsecure = ISC_FALSE; return (result); } } -/* +/*% * Find the next/previous name that has a NSEC record. * In other words, skip empty database nodes and names that * have had their NSECs removed because they are obscured by @@ -1512,7 +1628,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, return (result); } -/* +/*% * Add a NSEC record for "name", recording the change in "diff". * The existing NSEC is removed. */ @@ -1564,12 +1680,13 @@ add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, return (result); } -/* +/*% * Add a placeholder NSEC record for "name", recording the change in "diff". */ static isc_result_t add_placeholder_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_diff_t *diff) { + dns_diff_t *diff) +{ isc_result_t result; dns_difftuple_t *tuple = NULL; isc_region_t r; @@ -1603,14 +1720,53 @@ find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, return (result); } -/* +static isc_boolean_t +ksk_sanity(dns_db_t *db, dns_dbversion_t *ver) { + isc_boolean_t ret = ISC_FALSE; + isc_boolean_t have_ksk = ISC_FALSE, have_nonksk = ISC_FALSE; + isc_result_t result; + dns_dbnode_t *node = NULL; + dns_rdataset_t rdataset; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_dnskey_t dnskey; + + dns_rdataset_init(&rdataset); + CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node)); + CHECK(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0, + &rdataset, NULL)); + CHECK(dns_rdataset_first(&rdataset)); + while (result == ISC_R_SUCCESS && (!have_ksk || !have_nonksk)) { + dns_rdataset_current(&rdataset, &rdata); + CHECK(dns_rdata_tostruct(&rdata, &dnskey, NULL)); + if ((dnskey.flags & (DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH)) + == DNS_KEYOWNER_ZONE) { + if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0) + have_ksk = ISC_TRUE; + else + have_nonksk = ISC_TRUE; + } + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rdataset); + } + if (have_ksk && have_nonksk) + ret = ISC_TRUE; + failure: + if (dns_rdataset_isassociated(&rdataset)) + dns_rdataset_disassociate(&rdataset); + if (node != NULL) + dns_db_detachnode(db, &node); + return (ret); +} + +/*% * Add RRSIG records for an RRset, recording the change in "diff". */ static isc_result_t -add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys, - unsigned int nkeys, isc_mem_t *mctx, isc_stdtime_t inception, - isc_stdtime_t expire) +add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, + dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, + dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys, + isc_stdtime_t inception, isc_stdtime_t expire, + isc_boolean_t check_ksk) { isc_result_t result; dns_dbnode_t *node = NULL; @@ -1619,6 +1775,8 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_buffer_t buffer; unsigned char data[1024]; /* XXX */ unsigned int i; + isc_boolean_t added_sig = ISC_FALSE; + isc_mem_t *mctx = client->mctx; dns_rdataset_init(&rdataset); isc_buffer_init(&buffer, data, sizeof(data)); @@ -1626,11 +1784,18 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, /* Get the rdataset to sign. */ CHECK(dns_db_findnode(db, name, ISC_FALSE, &node)); CHECK(dns_db_findrdataset(db, node, ver, type, 0, - (isc_stdtime_t) 0, - &rdataset, NULL)); + (isc_stdtime_t) 0, &rdataset, NULL)); dns_db_detachnode(db, &node); for (i = 0; i < nkeys; i++) { + + if (check_ksk && type != dns_rdatatype_dnskey && + (dst_key_flags(keys[i]) & DNS_KEYFLAG_KSK) != 0) + continue; + + if (!dst_key_isprivate(keys[i])) + continue; + /* Calculate the signature, creating a RRSIG RDATA. */ CHECK(dns_dnssec_sign(name, &rdataset, keys[i], &inception, &expire, @@ -1641,6 +1806,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name, rdataset.ttl, &sig_rdata)); dns_rdata_reset(&sig_rdata); + added_sig = ISC_TRUE; + } + if (!added_sig) { + update_log(client, zone, ISC_LOG_ERROR, + "found no private keys, " + "unable to generate any signatures"); + result = ISC_R_NOTFOUND; } failure: @@ -1651,9 +1823,76 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, return (result); } -/* +static isc_result_t +add_exposed_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, + dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t cut, + dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys, + isc_stdtime_t inception, isc_stdtime_t expire, + isc_boolean_t check_ksk) +{ + isc_result_t result; + dns_dbnode_t *node; + dns_rdatasetiter_t *iter; + + node = NULL; + result = dns_db_findnode(db, name, ISC_FALSE, &node); + if (result == ISC_R_NOTFOUND) + return (ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) + return (result); + + iter = NULL; + result = dns_db_allrdatasets(db, node, ver, + (isc_stdtime_t) 0, &iter); + if (result != ISC_R_SUCCESS) + goto cleanup_node; + + for (result = dns_rdatasetiter_first(iter); + result == ISC_R_SUCCESS; + result = dns_rdatasetiter_next(iter)) + { + dns_rdataset_t rdataset; + dns_rdatatype_t type; + isc_boolean_t flag; + + dns_rdataset_init(&rdataset); + dns_rdatasetiter_current(iter, &rdataset); + type = rdataset.type; + dns_rdataset_disassociate(&rdataset); + + /* + * We don't need to sign unsigned NSEC records at the cut + * as they are handled elsewhere. + */ + if ((type == dns_rdatatype_rrsig) || + (cut && type != dns_rdatatype_ds)) + continue; + result = rrset_exists(db, ver, name, dns_rdatatype_rrsig, + type, &flag); + if (result != ISC_R_SUCCESS) + goto cleanup_iterator; + if (flag) + continue;; + result = add_sigs(client, zone, db, ver, name, type, diff, + keys, nkeys, inception, expire, check_ksk); + if (result != ISC_R_SUCCESS) + goto cleanup_iterator; + } + if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + + cleanup_iterator: + dns_rdatasetiter_destroy(&iter); + + cleanup_node: + dns_db_detachnode(db, &node); + + return (result); +} + +/*% * Update RRSIG and NSEC records affected by an update. The original - * update, including the SOA serial update but exluding the RRSIG & NSEC + * update, including the SOA serial update but excluding the RRSIG & NSEC * changes, is in "diff" and has already been applied to "newver" of "db". * The database version prior to the update is "oldver". * @@ -1684,6 +1923,8 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_t rdataset; dns_dbnode_t *node = NULL; + isc_boolean_t check_ksk; + isc_boolean_t cut; dns_diff_init(client->mctx, &diffnames); dns_diff_init(client->mctx, &affected); @@ -1704,13 +1945,24 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, inception = now - 3600; /* Allow for some clock skew. */ expire = now + sigvalidityinterval; + /* + * Do we look at the KSK flag on the DNSKEY to determining which + * keys sign which RRsets? First check the zone option then + * check the keys flags to make sure at least one has a ksk set + * and one doesn't. + */ + check_ksk = ISC_TF((dns_zone_getoptions(zone) & + DNS_ZONEOPT_UPDATECHECKKSK) != 0); + if (check_ksk) + check_ksk = ksk_sanity(db, newver); + /* * Get the NSEC's TTL from the SOA MINIMUM field. */ CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node)); dns_rdataset_init(&rdataset); CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0, - (isc_stdtime_t) 0, &rdataset, NULL)); + (isc_stdtime_t) 0, &rdataset, NULL)); CHECK(dns_rdataset_first(&rdataset)); dns_rdataset_current(&rdataset, &rdata); CHECK(dns_rdata_tostruct(&rdata, &soa, NULL)); @@ -1755,15 +2007,15 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, NULL, &sig_diff)); /* - * If this RRset still exists after the update, + * If this RRset is still visible after the update, * add a new signature for it. */ - CHECK(rrset_exists(db, newver, name, type, 0, &flag)); + CHECK(rrset_visible(db, newver, name, type, &flag)); if (flag) { - CHECK(add_sigs(db, newver, name, type, - &sig_diff, zone_keys, nkeys, - client->mctx, inception, - expire)); + CHECK(add_sigs(client, zone, db, newver, name, + type, &sig_diff, zone_keys, + nkeys, inception, expire, + check_ksk)); } skip: /* Skip any other updates to the same RRset. */ @@ -1870,27 +2122,34 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, t = ISC_LIST_NEXT(t, link)) { isc_boolean_t exists; - CHECK(name_exists(db, newver, &t->name, &exists)); + dns_name_t *name = &t->name; + + CHECK(name_exists(db, newver, name, &exists)); if (! exists) continue; - CHECK(is_glue(db, newver, &t->name, &flag)); - if (flag) { + CHECK(is_active(db, newver, name, &flag, &cut, NULL)); + if (!flag) { /* * This name is obscured. Delete any * existing NSEC record. */ - CHECK(delete_if(true_p, db, newver, &t->name, + CHECK(delete_if(true_p, db, newver, name, dns_rdatatype_nsec, 0, NULL, &nsec_diff)); + CHECK(delete_if(rrsig_p, db, newver, name, + dns_rdatatype_any, 0, NULL, diff)); } else { /* * This name is not obscured. It should have a NSEC. */ - CHECK(rrset_exists(db, newver, &t->name, + CHECK(rrset_exists(db, newver, name, dns_rdatatype_nsec, 0, &flag)); if (! flag) CHECK(add_placeholder_nsec(db, newver, &t->name, diff)); + CHECK(add_exposed_sigs(client, zone, db, newver, name, + cut, diff, zone_keys, nkeys, + inception, expire, check_ksk)); } } @@ -1946,9 +2205,10 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_rdatatype_rrsig, dns_rdatatype_nsec, NULL, &sig_diff)); } else if (t->op == DNS_DIFFOP_ADD) { - CHECK(add_sigs(db, newver, &t->name, dns_rdatatype_nsec, - &sig_diff, zone_keys, nkeys, - client->mctx, inception, expire)); + CHECK(add_sigs(client, zone, db, newver, &t->name, + dns_rdatatype_nsec, &sig_diff, + zone_keys, nkeys, inception, expire, + check_ksk)); } else { INSIST(0); } @@ -1984,7 +2244,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, /**************************************************************************/ -/* +/*% * The actual update code in all its glory. We try to follow * the RFC2136 pseudocode as closely as possible. */ @@ -2052,8 +2312,7 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) { */ result = dns_message_firstname(request, DNS_SECTION_ZONE); if (result != ISC_R_SUCCESS) - FAILC(DNS_R_FORMERR, - "update zone section empty"); + FAILC(DNS_R_FORMERR, "update zone section empty"); /* * The zone section must contain exactly one "question", and @@ -2078,8 +2337,7 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) { result = dns_zt_find(client->view->zonetable, zonename, 0, NULL, &zone); if (result != ISC_R_SUCCESS) - FAILC(DNS_R_NOTAUTH, - "not authoritative for update zone"); + FAILC(DNS_R_NOTAUTH, "not authoritative for update zone"); switch(dns_zone_gettype(zone)) { case dns_zone_master: @@ -2093,16 +2351,20 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) { break; case dns_zone_slave: CHECK(checkupdateacl(client, dns_zone_getforwardacl(zone), - "update forwarding", zonename, ISC_TRUE)); + "update forwarding", zonename, ISC_TRUE, + ISC_FALSE)); CHECK(send_forward_event(client, zone)); break; default: - FAILC(DNS_R_NOTAUTH, - "not authoritative for update zone"); + FAILC(DNS_R_NOTAUTH, "not authoritative for update zone"); } return; failure: + if (result == DNS_R_REFUSED) { + INSIST(dns_zone_gettype(zone) == dns_zone_slave); + inc_stats(zone, dns_nsstatscounter_updaterej); + } /* * We failed without having sent an update event to the zone. * We are still in the client task context, so we can @@ -2113,7 +2375,7 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) { dns_zone_detach(&zone); } -/* +/*% * DS records are not allowed to exist without corresponding NS records, * draft-ietf-dnsext-delegation-signer-11.txt, 2.2 Protocol Change, * "DS RRsets MUST NOT appear at non-delegation points or at a zone's apex". @@ -2122,30 +2384,144 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) { static isc_result_t remove_orphaned_ds(dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) { isc_result_t result; - isc_boolean_t ns_exists, ds_exists; + isc_boolean_t ns_exists; + dns_difftuple_t *tupple; + dns_diff_t temp_diff; + + dns_diff_init(diff->mctx, &temp_diff); + + for (tupple = ISC_LIST_HEAD(diff->tuples); + tupple != NULL; + tupple = ISC_LIST_NEXT(tupple, link)) { + if (!((tupple->op == DNS_DIFFOP_DEL && + tupple->rdata.type == dns_rdatatype_ns) || + (tupple->op == DNS_DIFFOP_ADD && + tupple->rdata.type == dns_rdatatype_ds))) + continue; + CHECK(rrset_exists(db, newver, &tupple->name, + dns_rdatatype_ns, 0, &ns_exists)); + if (ns_exists && + !dns_name_equal(&tupple->name, dns_db_origin(db))) + continue; + CHECK(delete_if(true_p, db, newver, &tupple->name, + dns_rdatatype_ds, 0, NULL, &temp_diff)); + } + result = ISC_R_SUCCESS; + + failure: + for (tupple = ISC_LIST_HEAD(temp_diff.tuples); + tupple != NULL; + tupple = ISC_LIST_HEAD(temp_diff.tuples)) { + ISC_LIST_UNLINK(temp_diff.tuples, tupple, link); + dns_diff_appendminimal(diff, &tupple); + } + return (result); +} + +/* + * This implements the post load integrity checks for mx records. + */ +static isc_result_t +check_mx(ns_client_t *client, dns_zone_t *zone, + dns_db_t *db, dns_dbversion_t *newver, dns_diff_t *diff) +{ + char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123.")]; + char ownerbuf[DNS_NAME_FORMATSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; + char altbuf[DNS_NAME_FORMATSIZE]; dns_difftuple_t *t; + dns_fixedname_t fixed; + dns_name_t *foundname; + dns_rdata_mx_t mx; + dns_rdata_t rdata; + isc_boolean_t ok = ISC_TRUE; + isc_boolean_t isaddress; + isc_result_t result; + struct in6_addr addr6; + struct in_addr addr; + unsigned int options; + + dns_fixedname_init(&fixed); + foundname = dns_fixedname_name(&fixed); + dns_rdata_init(&rdata); + options = dns_zone_getoptions(zone); for (t = ISC_LIST_HEAD(diff->tuples); t != NULL; t = ISC_LIST_NEXT(t, link)) { - if (t->op != DNS_DIFFOP_DEL || - t->rdata.type != dns_rdatatype_ns) + if (t->op != DNS_DIFFOP_ADD || + t->rdata.type != dns_rdatatype_mx) continue; - CHECK(rrset_exists(db, newver, &t->name, dns_rdatatype_ns, 0, - &ns_exists)); - if (ns_exists) + + result = dns_rdata_tostruct(&t->rdata, &mx, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + /* + * Check if we will error out if we attempt to reload the + * zone. + */ + dns_name_format(&mx.mx, namebuf, sizeof(namebuf)); + dns_name_format(&t->name, ownerbuf, sizeof(ownerbuf)); + isaddress = ISC_FALSE; + if ((options & DNS_RDATA_CHECKMX) != 0 && + strlcpy(tmp, namebuf, sizeof(tmp)) < sizeof(tmp)) { + if (tmp[strlen(tmp) - 1] == '.') + tmp[strlen(tmp) - 1] = '\0'; + if (inet_aton(tmp, &addr) == 1 || + inet_pton(AF_INET6, tmp, &addr6) == 1) + isaddress = ISC_TRUE; + } + + if (isaddress && (options & DNS_RDATA_CHECKMXFAIL) != 0) { + update_log(client, zone, ISC_LOG_ERROR, + "%s/MX: '%s': %s", + ownerbuf, namebuf, + dns_result_totext(DNS_R_MXISADDRESS)); + ok = ISC_FALSE; + } else if (isaddress) { + update_log(client, zone, ISC_LOG_WARNING, + "%s/MX: warning: '%s': %s", + ownerbuf, namebuf, + dns_result_totext(DNS_R_MXISADDRESS)); + } + + /* + * Check zone integrity checks. + */ + if ((options & DNS_ZONEOPT_CHECKINTEGRITY) == 0) continue; - CHECK(rrset_exists(db, newver, &t->name, dns_rdatatype_ds, 0, - &ds_exists)); - if (!ds_exists) + result = dns_db_find(db, &mx.mx, newver, dns_rdatatype_a, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) continue; - CHECK(delete_if(true_p, db, newver, &t->name, - dns_rdatatype_ds, 0, NULL, diff)); - } - return (ISC_R_SUCCESS); - failure: - return (result); + if (result == DNS_R_NXRRSET) { + result = dns_db_find(db, &mx.mx, newver, + dns_rdatatype_aaaa, + 0, 0, NULL, foundname, + NULL, NULL); + if (result == ISC_R_SUCCESS) + continue; + } + + if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN) { + update_log(client, zone, ISC_LOG_ERROR, + "%s/MX '%s' has no address records " + "(A or AAAA)", ownerbuf, namebuf); + ok = ISC_FALSE; + } else if (result == DNS_R_CNAME) { + update_log(client, zone, ISC_LOG_ERROR, + "%s/MX '%s' is a CNAME (illegal)", + ownerbuf, namebuf); + ok = ISC_FALSE; + } else if (result == DNS_R_DNAME) { + dns_name_format(foundname, altbuf, sizeof altbuf); + update_log(client, zone, ISC_LOG_ERROR, + "%s/MX '%s' is below a DNAME '%s' (illegal)", + ownerbuf, namebuf, altbuf); + ok = ISC_FALSE; + } + } + return (ok ? ISC_R_SUCCESS : DNS_R_REFUSED); } static void @@ -2158,8 +2534,8 @@ update_action(isc_task_t *task, isc_event_t *event) { dns_db_t *db = NULL; dns_dbversion_t *oldver = NULL; dns_dbversion_t *ver = NULL; - dns_diff_t diff; /* Pending updates. */ - dns_diff_t temp; /* Pending RR existence assertions. */ + dns_diff_t diff; /* Pending updates. */ + dns_diff_t temp; /* Pending RR existence assertions. */ isc_boolean_t soa_serial_changed = ISC_FALSE; isc_mem_t *mctx = client->mctx; dns_rdatatype_t covers; @@ -2169,6 +2545,7 @@ update_action(isc_task_t *task, isc_event_t *event) { dns_ssutable_t *ssutable = NULL; dns_fixedname_t tmpnamefixed; dns_name_t *tmpname = NULL; + unsigned int options; INSIST(event->ev_type == DNS_EVENT_UPDATE); @@ -2200,54 +2577,59 @@ update_action(isc_task_t *task, isc_event_t *event) { &name, &rdata, &covers, &ttl, &update_class); if (ttl != 0) - FAILC(DNS_R_FORMERR, "prerequisite TTL is not zero"); + PREREQFAILC(DNS_R_FORMERR, + "prerequisite TTL is not zero"); if (! dns_name_issubdomain(name, zonename)) - FAILN(DNS_R_NOTZONE, name, - "prerequisite name is out of zone"); + PREREQFAILN(DNS_R_NOTZONE, name, + "prerequisite name is out of zone"); if (update_class == dns_rdataclass_any) { if (rdata.length != 0) - FAILC(DNS_R_FORMERR, + PREREQFAILC(DNS_R_FORMERR, "class ANY prerequisite " "RDATA is not empty"); if (rdata.type == dns_rdatatype_any) { CHECK(name_exists(db, ver, name, &flag)); if (! flag) { - FAILN(DNS_R_NXDOMAIN, name, - "'name in use' prerequisite " - "not satisfied"); + PREREQFAILN(DNS_R_NXDOMAIN, name, + "'name in use' " + "prerequisite not " + "satisfied"); } } else { CHECK(rrset_exists(db, ver, name, rdata.type, covers, &flag)); if (! flag) { /* RRset does not exist. */ - FAILNT(DNS_R_NXRRSET, name, rdata.type, + PREREQFAILNT(DNS_R_NXRRSET, name, rdata.type, "'rrset exists (value independent)' " "prerequisite not satisfied"); } } } else if (update_class == dns_rdataclass_none) { if (rdata.length != 0) - FAILC(DNS_R_FORMERR, - "class NONE prerequisite " - "RDATA is not empty"); + PREREQFAILC(DNS_R_FORMERR, + "class NONE prerequisite " + "RDATA is not empty"); if (rdata.type == dns_rdatatype_any) { CHECK(name_exists(db, ver, name, &flag)); if (flag) { - FAILN(DNS_R_YXDOMAIN, name, - "'name not in use' prerequisite " - "not satisfied"); + PREREQFAILN(DNS_R_YXDOMAIN, name, + "'name not in use' " + "prerequisite not " + "satisfied"); } } else { CHECK(rrset_exists(db, ver, name, rdata.type, covers, &flag)); if (flag) { /* RRset exists. */ - FAILNT(DNS_R_YXRRSET, name, rdata.type, - "'rrset does not exist' " - "prerequisite not satisfied"); + PREREQFAILNT(DNS_R_YXRRSET, name, + rdata.type, + "'rrset does not exist' " + "prerequisite not " + "satisfied"); } } } else if (update_class == zoneclass) { @@ -2260,7 +2642,7 @@ update_action(isc_task_t *task, isc_event_t *event) { FAIL(ISC_R_UNEXPECTED); } } else { - FAILC(DNS_R_FORMERR, "malformed prerequisite"); + PREREQFAILC(DNS_R_FORMERR, "malformed prerequisite"); } } if (result != ISC_R_NOMORE) @@ -2302,13 +2684,15 @@ update_action(isc_task_t *task, isc_event_t *event) { result = ISC_R_SUCCESS; if (ssutable == NULL) CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone), - "update", zonename, ISC_FALSE)); + "update", zonename, ISC_FALSE, ISC_FALSE)); else if (client->signer == NULL) CHECK(checkupdateacl(client, NULL, "update", zonename, - ISC_FALSE)); - + ISC_FALSE, ISC_TRUE)); + if (dns_zone_getupdatedisabled(zone)) - FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled"); + FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled " + "because the zone is frozen. Use " + "'rndc thaw' to re-enable updates."); /* * Perform the Update Section Prescan. @@ -2402,6 +2786,7 @@ update_action(isc_task_t *task, isc_event_t *event) { * Process the Update Section. */ + options = dns_zone_getoptions(zone); for (result = dns_message_firstname(request, DNS_SECTION_UPDATE); result == ISC_R_SUCCESS; result = dns_message_nextname(request, DNS_SECTION_UPDATE)) @@ -2418,7 +2803,7 @@ update_action(isc_task_t *task, isc_event_t *event) { if (update_class == zoneclass) { /* - * RFC 1123 doesn't allow MF and MD in master zones. */ + * RFC1123 doesn't allow MF and MD in master zones. */ if (rdata.type == dns_rdatatype_md || rdata.type == dns_rdatatype_mf) { char typebuf[DNS_RDATATYPE_FORMATSIZE]; @@ -2488,6 +2873,15 @@ update_action(isc_task_t *task, isc_event_t *event) { } soa_serial_changed = ISC_TRUE; } + if ((options & DNS_ZONEOPT_CHECKWILDCARD) != 0 && + dns_name_internalwildcard(name)) { + char namestr[DNS_NAME_FORMATSIZE]; + dns_name_format(name, namestr, + sizeof(namestr)); + update_log(client, zone, LOGLEVEL_PROTOCOL, + "warning: ownername '%s' contains " + "a non-terminal wildcard", namestr); + } if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { char namestr[DNS_NAME_FORMATSIZE]; @@ -2496,8 +2890,7 @@ update_action(isc_task_t *task, isc_event_t *event) { sizeof(namestr)); dns_rdatatype_format(rdata.type, typestr, sizeof(typestr)); - update_log(client, zone, - LOGLEVEL_PROTOCOL, + update_log(client, zone, LOGLEVEL_PROTOCOL, "adding an RR at '%s' %s", namestr, typestr); } @@ -2556,8 +2949,7 @@ update_action(isc_task_t *task, isc_event_t *event) { } else if (dns_name_equal(name, zonename) && (rdata.type == dns_rdatatype_soa || rdata.type == dns_rdatatype_ns)) { - update_log(client, zone, - LOGLEVEL_PROTOCOL, + update_log(client, zone, LOGLEVEL_PROTOCOL, "attempt to delete all SOA " "or NS records ignored"); continue; @@ -2636,6 +3028,8 @@ update_action(isc_task_t *task, isc_event_t *event) { CHECK(increment_soa_serial(db, ver, &diff, mctx)); } + CHECK(check_mx(client, zone, db, ver, &diff)); + CHECK(remove_orphaned_ds(db, ver, &diff)); if (dns_db_issecure(db)) { @@ -2701,7 +3095,7 @@ update_action(isc_task_t *task, isc_event_t *event) { * The reason for failure should have been logged at this point. */ if (ver != NULL) { - update_log(client, zone, LOGLEVEL_DEBUG, + update_log(client, zone, LOGLEVEL_DEBUG, "rolling back"); dns_db_closeversion(db, &ver, ISC_FALSE); } @@ -2719,11 +3113,10 @@ update_action(isc_task_t *task, isc_event_t *event) { if (ssutable != NULL) dns_ssutable_detach(&ssutable); - if (zone != NULL) - dns_zone_detach(&zone); - isc_task_detach(&task); uev->result = result; + if (zone != NULL) + INSIST(uev->zone == zone); /* we use this later */ uev->ev_type = DNS_EVENT_UPDATEDONE; uev->ev_action = updatedone_action; isc_task_send(client->task, &event); @@ -2741,19 +3134,32 @@ updatedone_action(isc_task_t *task, isc_event_t *event) { INSIST(task == client->task); INSIST(client->nupdates > 0); + switch (uev->result) { + case ISC_R_SUCCESS: + inc_stats(uev->zone, dns_nsstatscounter_updatedone); + break; + case DNS_R_REFUSED: + inc_stats(uev->zone, dns_nsstatscounter_updaterej); + break; + default: + inc_stats(uev->zone, dns_nsstatscounter_updatefail); + break; + } + if (uev->zone != NULL) + dns_zone_detach(&uev->zone); client->nupdates--; respond(client, uev->result); isc_event_free(&event); ns_client_detach(&client); } -/* +/*% * Update forwarding support. */ static void forward_fail(isc_task_t *task, isc_event_t *event) { - ns_client_t *client = (ns_client_t *)event->ev_arg; + ns_client_t *client = (ns_client_t *)event->ev_arg; UNUSED(task); @@ -2769,17 +3175,21 @@ static void forward_callback(void *arg, isc_result_t result, dns_message_t *answer) { update_event_t *uev = arg; ns_client_t *client = uev->ev_arg; + dns_zone_t *zone = uev->zone; if (result != ISC_R_SUCCESS) { INSIST(answer == NULL); uev->ev_type = DNS_EVENT_UPDATEDONE; uev->ev_action = forward_fail; + inc_stats(zone, dns_nsstatscounter_updatefwdfail); } else { uev->ev_type = DNS_EVENT_UPDATEDONE; uev->ev_action = forward_done; uev->answer = answer; + inc_stats(zone, dns_nsstatscounter_updaterespfwd); } isc_task_send(client->task, ISC_EVENT_PTR(&uev)); + dns_zone_detach(&zone); } static void @@ -2810,8 +3220,10 @@ forward_action(isc_task_t *task, isc_event_t *event) { uev->ev_type = DNS_EVENT_UPDATEDONE; uev->ev_action = forward_fail; isc_task_send(client->task, &event); - } - dns_zone_detach(&zone); + inc_stats(zone, dns_nsstatscounter_updatefwdfail); + dns_zone_detach(&zone); + } else + inc_stats(zone, dns_nsstatscounter_updatereqfwd); isc_task_detach(&task); } diff --git a/contrib/bind-9.3/bin/named/xfrout.c b/contrib/bind-9.5.2/bin/named/xfrout.c similarity index 90% rename from contrib/bind-9.3/bin/named/xfrout.c rename to contrib/bind-9.5.2/bin/named/xfrout.c index 687c287f4b..fc76a5b1a8 100644 --- a/contrib/bind-9.3/bin/named/xfrout.c +++ b/contrib/bind-9.5.2/bin/named/xfrout.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.c,v 1.101.2.5.2.12 2005/10/14 02:13:05 marka Exp $ */ +/* $Id: xfrout.c,v 1.126.128.8 2009/01/29 22:41:44 jinmei Exp $ */ #include @@ -23,10 +23,14 @@ #include #include #include +#include #include #include #include +#ifdef DLZ +#include +#endif #include #include #include @@ -37,6 +41,7 @@ #include #include #include +#include #include #include #include @@ -48,7 +53,8 @@ #include #include -/* +/*! \file + * \brief * Outgoing AXFR and IXFR. */ @@ -71,7 +77,7 @@ #define XFROUT_RR_LOGLEVEL ISC_LOG_DEBUG(8) -/* +/*% * Fail unconditionally and log as a client error. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". @@ -82,7 +88,7 @@ ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \ NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \ "bad zone transfer request: %s (%s)", \ - msg, isc_result_totext(code)); \ + msg, isc_result_totext(code)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) @@ -96,32 +102,33 @@ ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \ NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \ "bad zone transfer request: '%s/%s': %s (%s)", \ - _buf1, _buf2, msg, isc_result_totext(code)); \ + _buf1, _buf2, msg, isc_result_totext(code)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) #define CHECK(op) \ - do { result = (op); \ + do { result = (op); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) /**************************************************************************/ -/* +/*% * A db_rr_iterator_t is an iterator that iterates over an entire database, * returning one RR at a time, in some arbitrary order. */ typedef struct db_rr_iterator db_rr_iterator_t; +/*% db_rr_iterator structure */ struct db_rr_iterator { isc_result_t result; dns_db_t *db; - dns_dbiterator_t *dbit; + dns_dbiterator_t *dbit; dns_dbversion_t *ver; isc_stdtime_t now; dns_dbnode_t *node; dns_fixedname_t fixedname; - dns_rdatasetiter_t *rdatasetit; + dns_rdatasetiter_t *rdatasetit; dns_rdataset_t rdataset; dns_rdata_t rdata; }; @@ -143,6 +150,16 @@ db_rr_iterator_current(db_rr_iterator_t *it, dns_name_t **name, static void db_rr_iterator_destroy(db_rr_iterator_t *it); +static inline void +inc_stats(dns_zone_t *zone, isc_statscounter_t counter) { + isc_stats_increment(ns_g_server->nsstats, counter); + if (zone != NULL) { + isc_stats_t *zonestats = dns_zone_getrequeststats(zone); + if (zonestats != NULL) + isc_stats_increment(zonestats, counter); + } +} + static isc_result_t db_rr_iterator_init(db_rr_iterator_t *it, dns_db_t *db, dns_dbversion_t *ver, isc_stdtime_t now) @@ -195,7 +212,7 @@ db_rr_iterator_first(db_rr_iterator_t *it) { continue; } dns_rdatasetiter_current(it->rdatasetit, &it->rdataset); - + it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER; it->result = dns_rdataset_first(&it->rdataset); return (it->result); } @@ -245,6 +262,7 @@ db_rr_iterator_next(db_rr_iterator_t *it) { if (it->result != ISC_R_SUCCESS) return (it->result); dns_rdatasetiter_current(it->rdatasetit, &it->rdataset); + it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER; it->result = dns_rdataset_first(&it->rdataset); if (it->result != ISC_R_SUCCESS) return (it->result); @@ -283,7 +301,7 @@ db_rr_iterator_current(db_rr_iterator_t *it, dns_name_t **name, /**************************************************************************/ -/* Log an RR (for debugging) */ +/*% Log an RR (for debugging) */ static void log_rr(dns_name_t *name, dns_rdata_t *rdata, isc_uint32_t ttl) { @@ -297,6 +315,11 @@ log_rr(dns_name_t *name, dns_rdata_t *rdata, isc_uint32_t ttl) { rdl.type = rdata->type; rdl.rdclass = rdata->rdclass; rdl.ttl = ttl; + if (rdata->type == dns_rdatatype_sig || + rdata->type == dns_rdatatype_rrsig) + rdl.covers = dns_rdata_covers(rdata); + else + rdl.covers = dns_rdatatype_none; ISC_LIST_INIT(rdl.rdata); ISC_LINK_INIT(&rdl, link); dns_rdataset_init(&rds); @@ -320,7 +343,7 @@ log_rr(dns_name_t *name, dns_rdata_t *rdata, isc_uint32_t ttl) { INSIST(buf.used >= 1 && ((char *) buf.base)[buf.used - 1] == '\n'); buf.used--; - + isc_log_write(XFROUT_RR_LOGARGS, "%.*s", (int)isc_buffer_usedlength(&buf), (char *)isc_buffer_base(&buf)); @@ -812,6 +835,7 @@ typedef struct { dns_name_t *qname; /* Question name of request */ dns_rdatatype_t qtype; /* dns_rdatatype_{a,i}xfr */ dns_rdataclass_t qclass; + dns_zone_t *zone; /* (necessary for stats) */ dns_db_t *db; dns_dbversion_t *ver; isc_quota_t *quota; @@ -835,7 +859,7 @@ typedef struct { static isc_result_t xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id, dns_name_t *qname, dns_rdatatype_t qtype, - dns_rdataclass_t qclass, + dns_rdataclass_t qclass, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota, rrstream_t *stream, dns_tsigkey_t *tsigkey, isc_buffer_t *lasttsig, @@ -903,6 +927,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")]; char keyname[DNS_NAME_FORMATSIZE]; isc_boolean_t is_poll = ISC_FALSE; +#ifdef DLZ + isc_boolean_t is_dlz = ISC_FALSE; +#endif switch (reqtype) { case dns_rdatatype_axfr: @@ -953,19 +980,71 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { result = dns_zt_find(client->view->zonetable, question_name, 0, NULL, &zone); + if (result != ISC_R_SUCCESS) - FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", - question_name, question_class); - switch(dns_zone_gettype(zone)) { - case dns_zone_master: - case dns_zone_slave: - break; /* Master and slave zones are OK for transfer. */ - default: - FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", - question_name, question_class); +#ifdef DLZ + { + /* + * Normal zone table does not have a match. Try the DLZ database + */ + if (client->view->dlzdatabase != NULL) { + result = dns_dlzallowzonexfr(client->view, + question_name, &client->peeraddr, + &db); + + if (result == ISC_R_NOPERM) { + char _buf1[DNS_NAME_FORMATSIZE]; + char _buf2[DNS_RDATACLASS_FORMATSIZE]; + + result = DNS_R_REFUSED; + dns_name_format(question_name, _buf1, + sizeof(_buf1)); + dns_rdataclass_format(question_class, + _buf2, sizeof(_buf2)); + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_XFER_OUT, + ISC_LOG_ERROR, + "zone transfer '%s/%s' denied", + _buf1, _buf2); + goto failure; + } + if (result != ISC_R_SUCCESS) +#endif + FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", + question_name, question_class); +#ifdef DLZ + is_dlz = ISC_TRUE; + /* + * DLZ only support full zone transfer, not incremental + */ + if (reqtype != dns_rdatatype_axfr) { + mnemonic = "AXFR-style IXFR"; + reqtype = dns_rdatatype_axfr; + } + + } else { + /* + * not DLZ and not in normal zone table, we are + * not authoritative + */ + FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", + question_name, question_class); + } + } else { + /* zone table has a match */ +#endif + switch(dns_zone_gettype(zone)) { + case dns_zone_master: + case dns_zone_slave: + break; /* Master and slave zones are OK for transfer. */ + default: + FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class); + } + CHECK(dns_zone_getdb(zone, &db)); + dns_db_currentversion(db, &ver); +#ifdef DLZ } - CHECK(dns_zone_getdb(zone, &db)); - dns_db_currentversion(db, &ver); +#endif xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6), "%s question section OK", mnemonic); @@ -1021,11 +1100,20 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { /* * Decide whether to allow this transfer. */ - ns_client_aclmsg("zone transfer", question_name, reqtype, - client->view->rdclass, msg, sizeof(msg)); - CHECK(ns_client_checkacl(client, msg, - dns_zone_getxfracl(zone), ISC_TRUE, - ISC_LOG_ERROR)); +#ifdef DLZ + /* + * if not a DLZ zone decide whether to allow this transfer. + */ + if (!is_dlz) { +#endif + ns_client_aclmsg("zone transfer", question_name, reqtype, + client->view->rdclass, msg, sizeof(msg)); + CHECK(ns_client_checkacl(client, NULL, msg, + dns_zone_getxfracl(zone), + ISC_TRUE, ISC_LOG_ERROR)); +#ifdef DLZ + } +#endif /* * AXFR over UDP is not possible. @@ -1049,6 +1137,10 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { /* * Get a dynamically allocated copy of the current SOA. */ +#ifdef DLZ + if (is_dlz) + dns_db_currentversion(db, &ver); +#endif CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS, ¤t_soa_tuple)); @@ -1117,7 +1209,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { } /* - * Bracket the the data stream with SOAs. + * Bracket the data stream with SOAs. */ CHECK(soa_rrstream_create(mctx, db, ver, &soa_stream)); CHECK(compound_rrstream_create(mctx, &soa_stream, &data_stream, @@ -1131,15 +1223,34 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { * Create the xfrout context object. This transfers the ownership * of "stream", "db", "ver", and "quota" to the xfrout context object. */ - CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, - reqtype, question_class, db, ver, quota, - stream, dns_message_gettsigkey(request), - tsigbuf, - dns_zone_getmaxxfrout(zone), - dns_zone_getidleout(zone), - (format == dns_many_answers) ? + + + +#ifdef DLZ + if (is_dlz) + CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, + reqtype, question_class, zone, db, ver, + quota, stream, + dns_message_gettsigkey(request), + tsigbuf, + 3600, + 3600, + (format == dns_many_answers) ? ISC_TRUE : ISC_FALSE, - &xfr)); + &xfr)); + else +#endif + CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, + reqtype, question_class, zone, db, ver, + quota, stream, + dns_message_gettsigkey(request), + tsigbuf, + dns_zone_getmaxxfrout(zone), + dns_zone_getidleout(zone), + (format == dns_many_answers) ? + ISC_TRUE : ISC_FALSE, + &xfr)); + xfr->mnemonic = mnemonic; stream = NULL; quota = NULL; @@ -1170,6 +1281,8 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { result = ISC_R_SUCCESS; failure: + if (result == DNS_R_REFUSED) + inc_stats(zone, dns_nsstatscounter_xfrrej); if (quota != NULL) isc_quota_detach("a); if (current_soa_tuple != NULL) @@ -1200,7 +1313,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { static isc_result_t xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id, dns_name_t *qname, dns_rdatatype_t qtype, - dns_rdataclass_t qclass, + dns_rdataclass_t qclass, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota, rrstream_t *stream, dns_tsigkey_t *tsigkey, isc_buffer_t *lasttsig, unsigned int maxtime, @@ -1223,8 +1336,11 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id, xfr->qname = qname; xfr->qtype = qtype; xfr->qclass = qclass; + xfr->zone = NULL; xfr->db = NULL; xfr->ver = NULL; + if (zone != NULL) /* zone will be NULL if it's DLZ */ + dns_zone_attach(zone, &xfr->zone); dns_db_attach(db, &xfr->db); dns_db_attachversion(db, ver, &xfr->ver); xfr->end_of_stream = ISC_FALSE; @@ -1308,7 +1424,7 @@ failure: * * Requires: * The stream iterator is initialized and points at an RR, - * or possiby at the end of the stream (that is, the + * or possibly at the end of the stream (that is, the * _first method of the iterator has been called). */ static void @@ -1482,6 +1598,11 @@ sendstream(xfrout_ctx_t *xfr) { msgrdl->type = rdata->type; msgrdl->rdclass = rdata->rdclass; msgrdl->ttl = ttl; + if (rdata->type == dns_rdatatype_sig || + rdata->type == dns_rdatatype_rrsig) + msgrdl->covers = dns_rdata_covers(rdata); + else + msgrdl->covers = dns_rdatatype_none; ISC_LINK_INIT(msgrdl, link); ISC_LIST_INIT(msgrdl->rdata); ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link); @@ -1511,6 +1632,7 @@ sendstream(xfrout_ctx_t *xfr) { if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) { CHECK(dns_compress_init(&cctx, -1, xfr->mctx)); + dns_compress_setsensitive(&cctx, ISC_TRUE); cleanup_cctx = ISC_TRUE; CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf)); CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0)); @@ -1571,7 +1693,7 @@ sendstream(xfrout_ctx_t *xfr) { * iterators before returning from the event handler. */ xfr->stream->methods->pause(xfr->stream); - + if (result == ISC_R_SUCCESS) return; @@ -1599,6 +1721,8 @@ xfrout_ctx_destroy(xfrout_ctx_t **xfrp) { isc_quota_detach(&xfr->quota); if (xfr->ver != NULL) dns_db_closeversion(xfr->db, &xfr->ver, ISC_FALSE); + if (xfr->zone != NULL) + dns_zone_detach(&xfr->zone); if (xfr->db != NULL) dns_db_detach(&xfr->db); @@ -1632,6 +1756,7 @@ xfrout_senddone(isc_task_t *task, isc_event_t *event) { sendstream(xfr); } else { /* End of zone transfer stream. */ + inc_stats(xfr->zone, dns_nsstatscounter_xfrdone); xfrout_log(xfr, ISC_LOG_INFO, "%s ended", xfr->mnemonic); ns_client_next(xfr->client, ISC_R_SUCCESS); xfrout_ctx_destroy(&xfr); diff --git a/contrib/bind-9.3/bin/named/zoneconf.c b/contrib/bind-9.5.2/bin/named/zoneconf.c similarity index 73% rename from contrib/bind-9.3/bin/named/zoneconf.c rename to contrib/bind-9.5.2/bin/named/zoneconf.c index 66ef9050c5..ea0b1de049 100644 --- a/contrib/bind-9.3/bin/named/zoneconf.c +++ b/contrib/bind-9.5.2/bin/named/zoneconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.87.2.4.10.19 2006/02/28 06:32:53 marka Exp $ */ +/* $Id: zoneconf.c,v 1.139.56.7 2009/01/29 23:47:13 tbox Exp $ */ + +/*% */ #include @@ -23,6 +25,7 @@ #include #include #include +#include #include /* Required for HP/UX (and others?) */ #include @@ -32,16 +35,27 @@ #include #include #include +#include #include #include +#include #include #include #include #include #include -/* +/* ACLs associated with zone */ +typedef enum { + allow_notify, + allow_query, + allow_transfer, + allow_update, + allow_update_forwarding +} acl_type_t; + +/*% * These are BIND9 server defaults, not necessarily identical to the * library defaults defined in zone.c. */ @@ -51,24 +65,74 @@ return (_r); \ } while (0) -/* +/*% * Convenience function for configuring a single zone ACL. */ static isc_result_t configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, - const cfg_obj_t *config, const char *aclname, - ns_aclconfctx_t *actx, dns_zone_t *zone, + const cfg_obj_t *config, acl_type_t acltype, + cfg_aclconfctx_t *actx, dns_zone_t *zone, void (*setzacl)(dns_zone_t *, dns_acl_t *), void (*clearzacl)(dns_zone_t *)) { isc_result_t result; - const cfg_obj_t *maps[4]; + const cfg_obj_t *maps[5] = {NULL, NULL, NULL, NULL, NULL}; const cfg_obj_t *aclobj = NULL; int i = 0; - dns_acl_t *dacl = NULL; + dns_acl_t **aclp = NULL, *acl = NULL; + const char *aclname; + dns_view_t *view; + + view = dns_zone_getview(zone); - if (zconfig != NULL) - maps[i++] = cfg_tuple_get(zconfig, "options"); + switch (acltype) { + case allow_notify: + if (view != NULL) + aclp = &view->notifyacl; + aclname = "allow-notify"; + break; + case allow_query: + if (view != NULL) + aclp = &view->queryacl; + aclname = "allow-query"; + break; + case allow_transfer: + if (view != NULL) + aclp = &view->transferacl; + aclname = "allow-transfer"; + break; + case allow_update: + if (view != NULL) + aclp = &view->updateacl; + aclname = "allow-update"; + break; + case allow_update_forwarding: + if (view != NULL) + aclp = &view->upfwdacl; + aclname = "allow-update-forwarding"; + break; + default: + INSIST(0); + return (ISC_R_FAILURE); + } + + /* First check to see if ACL is defined within the zone */ + if (zconfig != NULL) { + maps[0] = cfg_tuple_get(zconfig, "options"); + ns_config_get(maps, aclname, &aclobj); + if (aclobj != NULL) { + aclp = NULL; + goto parse_acl; + } + } + + /* Failing that, see if there's a default ACL already in the view */ + if (aclp != NULL && *aclp != NULL) { + (*setzacl)(zone, *aclp); + return (ISC_R_SUCCESS); + } + + /* Check for default ACLs that haven't been parsed yet */ if (vconfig != NULL) maps[i++] = cfg_tuple_get(vconfig, "options"); if (config != NULL) { @@ -77,6 +141,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, if (options != NULL) maps[i++] = options; } + maps[i++] = ns_g_defaults; maps[i] = NULL; result = ns_config_get(maps, aclname, &aclobj); @@ -85,16 +150,22 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, return (ISC_R_SUCCESS); } - result = ns_acl_fromconfig(aclobj, config, actx, - dns_zone_getmctx(zone), &dacl); +parse_acl: + result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx, + dns_zone_getmctx(zone), 0, &acl); if (result != ISC_R_SUCCESS) return (result); - (*setzacl)(zone, dacl); - dns_acl_detach(&dacl); + (*setzacl)(zone, acl); + + /* Set the view default now */ + if (aclp != NULL) + dns_acl_attach(acl, aclp); + + dns_acl_detach(&acl); return (ISC_R_SUCCESS); } -/* +/*% * Parse the zone update-policy statement. */ static isc_result_t @@ -150,6 +221,18 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone) { mtype = DNS_SSUMATCHTYPE_WILDCARD; else if (strcasecmp(str, "self") == 0) mtype = DNS_SSUMATCHTYPE_SELF; + else if (strcasecmp(str, "selfsub") == 0) + mtype = DNS_SSUMATCHTYPE_SELFSUB; + else if (strcasecmp(str, "selfwild") == 0) + mtype = DNS_SSUMATCHTYPE_SELFWILD; + else if (strcasecmp(str, "ms-self") == 0) + mtype = DNS_SSUMATCHTYPE_SELFMS; + else if (strcasecmp(str, "krb5-self") == 0) + mtype = DNS_SSUMATCHTYPE_SELFKRB5; + else if (strcasecmp(str, "ms-subdomain") == 0) + mtype = DNS_SSUMATCHTYPE_SUBDOMAINMS; + else if (strcasecmp(str, "krb5-subdomain") == 0) + mtype = DNS_SSUMATCHTYPE_SUBDOMAINKRB5; else INSIST(0); @@ -235,7 +318,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone) { return (result); } -/* +/*% * Convert a config file zone type into a server zone type. */ static inline dns_zonetype_t @@ -248,7 +331,7 @@ zonetype_fromconfig(const cfg_obj_t *map) { return (ns_config_getzonetype(obj)); } -/* +/*% * Helper function for strtoargv(). Pardon the gratuitous recursion. */ static isc_result_t @@ -256,11 +339,11 @@ strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp, unsigned int n) { isc_result_t result; - + /* Discard leading whitespace. */ while (*s == ' ' || *s == '\t') s++; - + if (*s == '\0') { /* We have reached the end of the string. */ *argcp = n; @@ -282,7 +365,7 @@ strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, return (ISC_R_SUCCESS); } -/* +/*% * Tokenize the string "s" into whitespace-separated words, * return the number of words in '*argcp' and an array * of pointers to the words in '*argvp'. The caller @@ -313,7 +396,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps, isc_result_t ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, - const cfg_obj_t *zconfig, ns_aclconfctx_t *ac, + const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac, dns_zone_t *zone) { isc_result_t result; @@ -342,6 +425,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_boolean_t alt; dns_view_t *view; isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE; + isc_boolean_t warn = ISC_FALSE, ignore = ISC_FALSE; + isc_boolean_t ixfrdiff; + dns_masterformat_t masterformat; + isc_stats_t *zoneqrystats; + isc_boolean_t zonestats_on; i = 0; if (zconfig != NULL) { @@ -409,18 +497,37 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, result = cfg_map_get(zoptions, "file", &obj); if (result == ISC_R_SUCCESS) filename = cfg_obj_asstring(obj); - RETERR(dns_zone_setfile(zone, filename)); + + masterformat = dns_masterformat_text; + obj = NULL; + result= ns_config_get(maps, "masterfile-format", &obj); + if (result == ISC_R_SUCCESS) { + const char *masterformatstr = cfg_obj_asstring(obj); + + if (strcasecmp(masterformatstr, "text") == 0) + masterformat = dns_masterformat_text; + else if (strcasecmp(masterformatstr, "raw") == 0) + masterformat = dns_masterformat_raw; + else + INSIST(0); + } + RETERR(dns_zone_setfile2(zone, filename, masterformat)); + + obj = NULL; + result = cfg_map_get(zoptions, "journal", &obj); + if (result == ISC_R_SUCCESS) + RETERR(dns_zone_setjournal(zone, cfg_obj_asstring(obj))); if (ztype == dns_zone_slave) RETERR(configure_zone_acl(zconfig, vconfig, config, - "allow-notify", ac, zone, + allow_notify, ac, zone, dns_zone_setnotifyacl, dns_zone_clearnotifyacl)); /* * XXXAG This probably does not make sense for stubs. */ RETERR(configure_zone_acl(zconfig, vconfig, config, - "allow-query", ac, zone, + allow_query, ac, zone, dns_zone_setqueryacl, dns_zone_clearqueryacl)); @@ -450,7 +557,15 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "zone-statistics", &obj); INSIST(result == ISC_R_SUCCESS); - RETERR(dns_zone_setstatistics(zone, cfg_obj_asboolean(obj))); + zonestats_on = cfg_obj_asboolean(obj); + zoneqrystats = NULL; + if (zonestats_on) { + RETERR(isc_stats_create(mctx, &zoneqrystats, + dns_nsstatscounter_max)); + } + dns_zone_setrequeststats(zone, zoneqrystats); + if (zoneqrystats != NULL) + isc_stats_detach(&zoneqrystats); /* * Configure master functionality. This applies @@ -470,6 +585,8 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, const char *notifystr = cfg_obj_asstring(obj); if (strcasecmp(notifystr, "explicit") == 0) notifytype = dns_notifytype_explicit; + else if (strcasecmp(notifystr, "master-only") == 0) + notifytype = dns_notifytype_masteronly; else INSIST(0); } @@ -504,8 +621,16 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj))); ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); + obj = NULL; + result = ns_config_get(maps, "notify-to-soa", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA, + cfg_obj_asboolean(obj)); + + dns_zone_setisself(zone, ns_client_isself, NULL); + RETERR(configure_zone_acl(zconfig, vconfig, config, - "allow-transfer", ac, zone, + allow_transfer, ac, zone, dns_zone_setxfracl, dns_zone_clearxfracl)); @@ -546,8 +671,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "ixfr-from-differences", &obj); INSIST(result == ISC_R_SUCCESS); - dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, - cfg_obj_asboolean(obj)); + if (cfg_obj_isboolean(obj)) + ixfrdiff = cfg_obj_asboolean(obj); + else if (strcasecmp(cfg_obj_asstring(obj), "master") && + ztype == dns_zone_master) + ixfrdiff = ISC_TRUE; + else if (strcasecmp(cfg_obj_asstring(obj), "slave") && + ztype == dns_zone_slave) + ixfrdiff = ISC_TRUE; + else + ixfrdiff = ISC_FALSE; + dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff); checknames(ztype, maps, &obj); INSIST(obj != NULL); @@ -562,6 +696,22 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, INSIST(0); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, check); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, fail); + + obj = NULL; + result = ns_config_get(maps, "notify-delay", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj)); + + obj = NULL; + result = ns_config_get(maps, "check-sibling", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING, + cfg_obj_asboolean(obj)); + + obj = NULL; + result = ns_config_get(maps, "zero-no-soa-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj)); } /* @@ -571,10 +721,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, if (ztype == dns_zone_master) { dns_acl_t *updateacl; RETERR(configure_zone_acl(zconfig, vconfig, config, - "allow-update", ac, zone, + allow_update, ac, zone, dns_zone_setupdateacl, dns_zone_clearupdateacl)); - + updateacl = dns_zone_getupdateacl(zone); if (updateacl != NULL && dns_acl_isinsecure(updateacl)) isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY, @@ -582,7 +732,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, "zone '%s' allows updates by IP " "address, which is insecure", zname); - + RETERR(configure_zone_ssutable(zoptions, zone)); obj = NULL; @@ -604,9 +754,73 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, RETERR(dns_zone_setkeydirectory(zone, filename)); } + obj = NULL; + result = ns_config_get(maps, "check-wildcard", &obj); + if (result == ISC_R_SUCCESS) + check = cfg_obj_asboolean(obj); + else + check = ISC_FALSE; + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check); + + obj = NULL; + result = ns_config_get(maps, "check-mx", &obj); + INSIST(obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + fail = ISC_FALSE; + check = ISC_TRUE; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + fail = check = ISC_TRUE; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + fail = check = ISC_FALSE; + } else + INSIST(0); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMX, check); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail); + + obj = NULL; + result = ns_config_get(maps, "check-integrity", &obj); + INSIST(obj != NULL); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY, + cfg_obj_asboolean(obj)); + + obj = NULL; + result = ns_config_get(maps, "check-mx-cname", &obj); + INSIST(obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + warn = ISC_TRUE; + ignore = ISC_FALSE; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + warn = ignore = ISC_FALSE; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + warn = ignore = ISC_TRUE; + } else + INSIST(0); + dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn); + dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore); + + obj = NULL; + result = ns_config_get(maps, "check-srv-cname", &obj); + INSIST(obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { + warn = ISC_TRUE; + ignore = ISC_FALSE; + } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) { + warn = ignore = ISC_FALSE; + } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) { + warn = ignore = ISC_TRUE; + } else + INSIST(0); + dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn); + dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore); + + obj = NULL; + result = ns_config_get(maps, "update-check-ksk", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK, + cfg_obj_asboolean(obj)); } else if (ztype == dns_zone_slave) { RETERR(configure_zone_acl(zconfig, vconfig, config, - "allow-update-forwarding", ac, zone, + allow_update_forwarding, ac, zone, dns_zone_setforwardacl, dns_zone_clearforwardacl)); } @@ -711,6 +925,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, alt = cfg_obj_asboolean(obj); dns_zone_setoption(zone, DNS_ZONEOPT_USEALTXFRSRC, alt); + obj = NULL; + (void)ns_config_get(maps, "try-tcp-refresh", &obj); + dns_zone_setoption(zone, DNS_ZONEOPT_TRYTCPREFRESH, + cfg_obj_asboolean(obj)); break; default: diff --git a/contrib/bind-9.3/bin/nsupdate/nsupdate.8 b/contrib/bind-9.5.2/bin/nsupdate/nsupdate.1 similarity index 77% rename from contrib/bind-9.3/bin/nsupdate/nsupdate.8 rename to contrib/bind-9.5.2/bin/nsupdate/nsupdate.1 index 7e254e0e2e..8425be522f 100644 --- a/contrib/bind-9.3/bin/nsupdate/nsupdate.8 +++ b/contrib/bind-9.5.2/bin/nsupdate/nsupdate.1 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,18 +13,18 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.2.2.9 2006/06/29 13:02:30 marka Exp $ +.\" $Id: nsupdate.1,v 1.1.2.4 2009/07/11 01:43:29 tbox Exp $ .\" .hy 0 .ad l .\" Title: nsupdate .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9" +.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -33,7 +33,7 @@ nsupdate \- Dynamic DNS update utility .SH "SYNOPSIS" .HP 9 -\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] +\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename] .SH "DESCRIPTION" .PP \fBnsupdate\fR @@ -55,7 +55,7 @@ operate in debug mode. This provides tracing information about the update reques .PP Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to \fBnsupdate\fR -and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable +and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable \fBkey\fR and \fBserver\fR @@ -71,7 +71,7 @@ uses the \fB\-y\fR or \fB\-k\fR -option (with an HMAC\-MD5 key) to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests. These options are mutually exclusive. With the +option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests, default type HMAC\-MD5. These options are mutually exclusive. With the \fB\-k\fR option, \fBnsupdate\fR @@ -82,21 +82,21 @@ reads the shared secret from the file must also be present. When the \fB\-y\fR option is used, a signature is generated from -\fIkeyname:secret.\fR +[\fIhmac:\fR]\fIkeyname:secret.\fR \fIkeyname\fR is the name of the key, and \fIsecret\fR is the base64 encoded shared secret. Use of the \fB\-y\fR option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from -\fBps\fR(1 ) +\fBps\fR(1) or in a history file maintained by the user's shell. .PP The \fB\-k\fR may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key. .PP -By default +By default, \fBnsupdate\fR uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The \fB\-v\fR @@ -106,15 +106,25 @@ use a TCP connection. This may be preferable when a batch of update requests is .PP The \fB\-t\fR -option sets the maximum time a update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. +option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. .PP The \fB\-u\fR -option sets the UDP retry interval. The default is 3 seconds. If zero the interval will be computed from the timeout interval and number of UDP retries. +option sets the UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries. .PP The \fB\-r\fR -option sets the number of UDP retries. The default is 3. If zero only one update request will be made. +option sets the number of UDP retries. The default is 3. If zero, only one update request will be made. +.PP +The +\fB\-R \fR\fB\fIrandomdev\fR\fR +option specifies a source of randomness. If the operating system does not provide a +\fI/dev/random\fR +or equivalent device, the default source of randomness is keyboard input. +\fIrandomdev\fR +specifies the name of a character device or file containing random data to be used instead of the default. The special value +\fIkeyboard\fR +indicates that keyboard input should be used. This option may be specified multiple times. .SH "INPUT FORMAT" .PP \fBnsupdate\fR @@ -127,8 +137,9 @@ Every update request consists of zero or more prerequisites and zero or more upd command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server. .PP The command formats and their meaning are as follows: -.TP 3n -.HP 7 \fBserver\fR {servername} [port] +.PP +\fBserver\fR {servername} [port] +.RS 4 Sends all dynamic update requests to the name server \fIservername\fR. When no server statement is provided, \fBnsupdate\fR @@ -137,31 +148,39 @@ will send updates to the master server of the correct zone. The MNAME field of t is the port number on \fIservername\fR where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. -.TP 3n -.HP 6 \fBlocal\fR {address} [port] +.RE +.PP +\fBlocal\fR {address} [port] +.RS 4 Sends all dynamic update requests using the local \fIaddress\fR. When no local statement is provided, \fBnsupdate\fR will send updates using an address and port chosen by the system. \fIport\fR can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. -.TP 3n -.HP 5 \fBzone\fR {zonename} +.RE +.PP +\fBzone\fR {zonename} +.RS 4 Specifies that all updates are to be made to the zone \fIzonename\fR. If no \fIzone\fR statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input. -.TP 3n -.HP 6 \fBclass\fR {classname} +.RE +.PP +\fBclass\fR {classname} +.RS 4 Specify the default class. If no \fIclass\fR -is specified the default class is +is specified, the default class is \fIIN\fR. -.TP 3n -.HP 4 \fBkey\fR {name} {secret} -Specifies that all updates are to be TSIG signed using the +.RE +.PP +\fBkey\fR {name} {secret} +.RS 4 +Specifies that all updates are to be TSIG\-signed using the \fIkeyname\fR \fIkeysecret\fR pair. The @@ -170,17 +189,23 @@ command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR. -.TP 3n -.HP 16 \fBprereq nxdomain\fR {domain\-name} +.RE +.PP +\fBprereq nxdomain\fR {domain\-name} +.RS 4 Requires that no resource record of any type exists with name \fIdomain\-name\fR. -.TP 3n -.HP 16 \fBprereq yxdomain\fR {domain\-name} +.RE +.PP +\fBprereq yxdomain\fR {domain\-name} +.RS 4 Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type). -.TP 3n -.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} +.RE +.PP +\fBprereq nxrrset\fR {domain\-name} [class] {type} +.RS 4 Requires that no resource record exists of the specified \fItype\fR, \fIclass\fR @@ -188,8 +213,10 @@ and \fIdomain\-name\fR. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP 3n -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} +.RE +.PP +\fBprereq yxrrset\fR {domain\-name} [class] {type} +.RS 4 This requires that a resource record of the specified \fItype\fR, \fIclass\fR @@ -198,8 +225,10 @@ and must exist. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP 3n -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +.RE +.PP +\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +.RS 4 The \fIdata\fR from each set of prerequisites of this form sharing a common @@ -212,8 +241,10 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of \fIdomain\-name\fR. The \fIdata\fR are written in the standard text representation of the resource record's RDATA. -.TP 3n -.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +.RE +.PP +\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +.RS 4 Deletes any resource records named \fIdomain\-name\fR. If \fItype\fR @@ -224,22 +255,31 @@ is provided, only matching resource records will be removed. The internet class is not supplied. The \fIttl\fR is ignored, and is only allowed for compatibility. -.TP 3n -.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +.RE +.PP +\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +.RS 4 Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR. -.TP 3n -.HP 5 \fBshow\fR +.RE +.PP +\fBshow\fR +.RS 4 Displays the current message, containing all of the prerequisites and updates specified since the last send. -.TP 3n -.HP 5 \fBsend\fR +.RE +.PP +\fBsend\fR +.RS 4 Sends the current message. This is equivalent to entering a blank line. -.TP 3n -.HP 7 \fBanswer\fR +.RE +.PP +\fBanswer\fR +.RS 4 Displays the answer. +.RE .PP Lines beginning with a semicolon are comments and are ignored. .SH "EXAMPLES" @@ -251,7 +291,7 @@ could be used to insert and delete resource records from the zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample.com\fR. .sp -.RS 3n +.RS 4 .nf # nsupdate > update delete oldhost.example.com A @@ -263,11 +303,11 @@ zone. Notice that the input in each example contains a trailing blank line so th .PP Any A records for \fBoldhost.example.com\fR -are deleted. and an A record for +are deleted. And an A record for \fBnewhost.example.com\fR -it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds). .sp -.RS 3n +.RS 4 .nf # nsupdate > prereq nxdomain nickname.example.com @@ -280,17 +320,23 @@ it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (8640 The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.) .SH "FILES" -.TP 3n +.PP \fB/etc/resolv.conf\fR +.RS 4 used to identify default name server -.TP 3n +.RE +.PP \fBK{name}.+157.+{random}.key\fR +.RS 4 base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). -.TP 3n +.RE +.PP \fBK{name}.+157.+{random}.private\fR +.RS 4 base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). +.RE .SH "SEE ALSO" .PP \fBRFC2136\fR(), @@ -306,4 +352,7 @@ base\-64 encoding of HMAC\-MD5 key created by .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/nsupdate/nsupdate.c b/contrib/bind-9.5.2/bin/nsupdate/nsupdate.c similarity index 65% rename from contrib/bind-9.3/bin/nsupdate/nsupdate.c rename to contrib/bind-9.5.2/bin/nsupdate/nsupdate.c index 107d85f980..c641f53806 100644 --- a/contrib/bind-9.3/bin/nsupdate/nsupdate.c +++ b/contrib/bind-9.5.2/bin/nsupdate/nsupdate.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.103.2.15.2.23 2006/06/09 07:29:24 marka Exp $ */ +/* $Id: nsupdate.c,v 1.154.56.6 2009/04/30 07:12:15 marka Exp $ */ + +/*! \file */ #include @@ -33,8 +35,10 @@ #include #include #include +#include #include #include +#include #include #include #include @@ -50,6 +54,7 @@ #include #include #include +#include #include #include #include @@ -62,6 +67,7 @@ #include #include #include +#include #include #include @@ -69,8 +75,12 @@ #include #include +#ifdef GSSAPI +#include +#endif #include + #ifdef HAVE_ADDRINFO #ifdef HAVE_GETADDRINFO #ifdef HAVE_GAISTRERROR @@ -105,9 +115,13 @@ static isc_boolean_t have_ipv4 = ISC_FALSE; static isc_boolean_t have_ipv6 = ISC_FALSE; static isc_boolean_t is_dst_up = ISC_FALSE; static isc_boolean_t usevc = ISC_FALSE; +static isc_boolean_t usegsstsig = ISC_FALSE; +static isc_boolean_t use_win2k_gsstsig = ISC_FALSE; +static isc_boolean_t tried_other_gsstsig = ISC_FALSE; static isc_taskmgr_t *taskmgr = NULL; static isc_task_t *global_task = NULL; static isc_event_t *global_event = NULL; +static isc_log_t *lctx = NULL; static isc_mem_t *mctx = NULL; static dns_dispatchmgr_t *dispatchmgr = NULL; static dns_requestmgr_t *requestmgr = NULL; @@ -118,6 +132,10 @@ static dns_dispatch_t *dispatchv6 = NULL; static dns_message_t *updatemsg = NULL; static dns_fixedname_t fuserzone; static dns_name_t *userzone = NULL; +static dns_name_t *zonename = NULL; +static dns_name_t tmpzonename; +static dns_name_t restart_master; +static dns_tsig_keyring_t *gssring = NULL; static dns_tsigkey_t *tsigkey = NULL; static dst_key_t *sig0key; static lwres_context_t *lwctx = NULL; @@ -127,14 +145,17 @@ static int ns_inuse = 0; static int ns_total = 0; static isc_sockaddr_t *userserver = NULL; static isc_sockaddr_t *localaddr = NULL; +static isc_sockaddr_t *serveraddr = NULL; +static isc_sockaddr_t tempaddr; static char *keystr = NULL, *keyfile = NULL; -static isc_entropy_t *entp = NULL; +static isc_entropy_t *entropy = NULL; static isc_boolean_t shuttingdown = ISC_FALSE; static FILE *input; static isc_boolean_t interactive = ISC_TRUE; static isc_boolean_t seenerror = ISC_FALSE; static const dns_master_style_t *style; static int requests = 0; +static unsigned int logdebuglevel = 0; static unsigned int timeout = 300; static unsigned int udp_timeout = 3; static unsigned int udp_retries = 3; @@ -159,11 +180,98 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); static void ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); +#ifdef GSSAPI +static dns_fixedname_t fkname; +static isc_sockaddr_t *kserver = NULL; +static char servicename[DNS_NAME_FORMATSIZE]; +static dns_name_t *keyname; +typedef struct nsu_gssinfo { + dns_message_t *msg; + isc_sockaddr_t *addr; + gss_ctx_id_t context; +} nsu_gssinfo_t; + +static void +start_gssrequest(dns_name_t *master); +static void +send_gssrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, + dns_message_t *msg, dns_request_t **request, + gss_ctx_id_t context); +static void +recvgss(isc_task_t *task, isc_event_t *event); +#endif /* GSSAPI */ + +static void +error(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); + #define STATUS_MORE (isc_uint16_t)0 #define STATUS_SEND (isc_uint16_t)1 #define STATUS_QUIT (isc_uint16_t)2 #define STATUS_SYNTAX (isc_uint16_t)3 +typedef struct entropysource entropysource_t; + +struct entropysource { + isc_entropysource_t *source; + isc_mem_t *mctx; + ISC_LINK(entropysource_t) link; +}; + +static ISC_LIST(entropysource_t) sources; + +static void +setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) +{ + isc_result_t result; + isc_entropysource_t *source = NULL; + entropysource_t *elt; + int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE; + + REQUIRE(ectx != NULL); + + if (*ectx == NULL) { + result = isc_entropy_create(mctx, ectx); + if (result != ISC_R_SUCCESS) + fatal("could not create entropy object"); + ISC_LIST_INIT(sources); + } + + if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) { + usekeyboard = ISC_ENTROPY_KEYBOARDYES; + randomfile = NULL; + } + + result = isc_entropy_usebestsource(*ectx, &source, randomfile, + usekeyboard); + + if (result != ISC_R_SUCCESS) + fatal("could not initialize entropy source: %s", + isc_result_totext(result)); + + if (source != NULL) { + elt = isc_mem_get(mctx, sizeof(*elt)); + if (elt == NULL) + fatal("out of memory"); + elt->source = source; + elt->mctx = mctx; + ISC_LINK_INIT(elt, link); + ISC_LIST_APPEND(sources, elt, link); + } +} + +static void +cleanup_entropy(isc_entropy_t **ectx) { + entropysource_t *source; + while (!ISC_LIST_EMPTY(sources)) { + source = ISC_LIST_HEAD(sources); + ISC_LIST_UNLINK(sources, source, link); + isc_entropy_destroysource(&source->source); + isc_mem_put(source->mctx, source, sizeof(*source)); + } + isc_entropy_detach(ectx); +} + + static dns_rdataclass_t getzoneclass(void) { if (zoneclass == dns_rdataclass_none) @@ -192,6 +300,16 @@ fatal(const char *format, ...) { exit(1); } +static void +error(const char *format, ...) { + va_list args; + + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); +} + static void debug(const char *format, ...) { va_list args; @@ -280,6 +398,81 @@ reset_system(void) { check_result(result, "dns_message_create"); } updatemsg->opcode = dns_opcode_update; + if (usegsstsig) { + if (tsigkey != NULL) + dns_tsigkey_detach(&tsigkey); + if (gssring != NULL) + dns_tsigkeyring_destroy(&gssring); + tried_other_gsstsig = ISC_FALSE; + } +} + +static isc_uint16_t +parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len) { + isc_uint16_t digestbits = 0; + isc_result_t result; + char buf[20]; + + REQUIRE(hmac != NULL && *hmac == NULL); + REQUIRE(hmacstr != NULL); + + if (len >= sizeof(buf)) + fatal("unknown key type '%.*s'", (int)(len), hmacstr); + + strncpy(buf, hmacstr, len); + buf[len] = 0; + + if (strcasecmp(buf, "hmac-md5") == 0) { + *hmac = DNS_TSIG_HMACMD5_NAME; + } else if (strncasecmp(buf, "hmac-md5-", 9) == 0) { + *hmac = DNS_TSIG_HMACMD5_NAME; + result = isc_parse_uint16(&digestbits, &buf[9], 10); + if (result != ISC_R_SUCCESS || digestbits > 128) + fatal("digest-bits out of range [0..128]"); + digestbits = (digestbits +7) & ~0x7U; + } else if (strcasecmp(buf, "hmac-sha1") == 0) { + *hmac = DNS_TSIG_HMACSHA1_NAME; + } else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) { + *hmac = DNS_TSIG_HMACSHA1_NAME; + result = isc_parse_uint16(&digestbits, &buf[10], 10); + if (result != ISC_R_SUCCESS || digestbits > 160) + fatal("digest-bits out of range [0..160]"); + digestbits = (digestbits +7) & ~0x7U; + } else if (strcasecmp(buf, "hmac-sha224") == 0) { + *hmac = DNS_TSIG_HMACSHA224_NAME; + } else if (strncasecmp(buf, "hmac-sha224-", 12) == 0) { + *hmac = DNS_TSIG_HMACSHA224_NAME; + result = isc_parse_uint16(&digestbits, &buf[12], 10); + if (result != ISC_R_SUCCESS || digestbits > 224) + fatal("digest-bits out of range [0..224]"); + digestbits = (digestbits +7) & ~0x7U; + } else if (strcasecmp(buf, "hmac-sha256") == 0) { + *hmac = DNS_TSIG_HMACSHA256_NAME; + } else if (strncasecmp(buf, "hmac-sha256-", 12) == 0) { + *hmac = DNS_TSIG_HMACSHA256_NAME; + result = isc_parse_uint16(&digestbits, &buf[12], 10); + if (result != ISC_R_SUCCESS || digestbits > 256) + fatal("digest-bits out of range [0..256]"); + digestbits = (digestbits +7) & ~0x7U; + } else if (strcasecmp(buf, "hmac-sha384") == 0) { + *hmac = DNS_TSIG_HMACSHA384_NAME; + } else if (strncasecmp(buf, "hmac-sha384-", 12) == 0) { + *hmac = DNS_TSIG_HMACSHA384_NAME; + result = isc_parse_uint16(&digestbits, &buf[12], 10); + if (result != ISC_R_SUCCESS || digestbits > 384) + fatal("digest-bits out of range [0..384]"); + digestbits = (digestbits +7) & ~0x7U; + } else if (strcasecmp(buf, "hmac-sha512") == 0) { + *hmac = DNS_TSIG_HMACSHA512_NAME; + } else if (strncasecmp(buf, "hmac-sha512-", 12) == 0) { + *hmac = DNS_TSIG_HMACSHA512_NAME; + result = isc_parse_uint16(&digestbits, &buf[12], 10); + if (result != ISC_R_SUCCESS || digestbits > 512) + fatal("digest-bits out of range [0..512]"); + digestbits = (digestbits +7) & ~0x7U; + } else + fatal("unknown key type '%s'", buf); + return (digestbits); } static void @@ -290,9 +483,12 @@ setup_keystr(void) { isc_result_t result; isc_buffer_t keynamesrc; char *secretstr; - char *s; + char *s, *n; dns_fixedname_t fkeyname; dns_name_t *keyname; + char *name; + dns_name_t *hmacname = NULL; + isc_uint16_t digestbits = 0; dns_fixedname_init(&fkeyname); keyname = dns_fixedname_name(&fkeyname); @@ -300,12 +496,24 @@ setup_keystr(void) { debug("Creating key..."); s = strchr(keystr, ':'); - if (s == NULL || s == keystr || *s == 0) - fatal("key option must specify keyname:secret"); + if (s == NULL || s == keystr || s[1] == 0) + fatal("key option must specify [hmac:]keyname:secret"); secretstr = s + 1; + n = strchr(secretstr, ':'); + if (n != NULL) { + if (n == secretstr || n[1] == 0) + fatal("key option must specify [hmac:]keyname:secret"); + name = secretstr; + secretstr = n + 1; + digestbits = parse_hmac(&hmacname, keystr, s - keystr); + } else { + hmacname = DNS_TSIG_HMACMD5_NAME; + name = keystr; + n = s; + } - isc_buffer_init(&keynamesrc, keystr, s - keystr); - isc_buffer_add(&keynamesrc, s - keystr); + isc_buffer_init(&keynamesrc, name, n - name); + isc_buffer_add(&keynamesrc, n - name); debug("namefromtext"); result = dns_name_fromtext(keyname, &keynamesrc, dns_rootname, @@ -328,12 +536,13 @@ setup_keystr(void) { secretlen = isc_buffer_usedlength(&secretbuf); debug("keycreate"); - result = dns_tsigkey_create(keyname, dns_tsig_hmacmd5_name, - secret, secretlen, ISC_TRUE, NULL, - 0, 0, mctx, NULL, &tsigkey); + result = dns_tsigkey_create(keyname, hmacname, secret, secretlen, + ISC_TRUE, NULL, 0, 0, mctx, NULL, &tsigkey); if (result != ISC_R_SUCCESS) fprintf(stderr, "could not create key from %s: %s\n", keystr, dns_result_totext(result)); + else + dst_key_setbits(tsigkey->key, digestbits); failure: if (secret != NULL) isc_mem_free(mctx, secret); @@ -343,6 +552,7 @@ static void setup_keyfile(void) { dst_key_t *dstkey = NULL; isc_result_t result; + dns_name_t *hmacname = NULL; debug("Creating key..."); @@ -354,11 +564,31 @@ setup_keyfile(void) { keyfile, isc_result_totext(result)); return; } - if (dst_key_alg(dstkey) == DST_ALG_HMACMD5) { + switch (dst_key_alg(dstkey)) { + case DST_ALG_HMACMD5: + hmacname = DNS_TSIG_HMACMD5_NAME; + break; + case DST_ALG_HMACSHA1: + hmacname = DNS_TSIG_HMACSHA1_NAME; + break; + case DST_ALG_HMACSHA224: + hmacname = DNS_TSIG_HMACSHA224_NAME; + break; + case DST_ALG_HMACSHA256: + hmacname = DNS_TSIG_HMACSHA256_NAME; + break; + case DST_ALG_HMACSHA384: + hmacname = DNS_TSIG_HMACSHA384_NAME; + break; + case DST_ALG_HMACSHA512: + hmacname = DNS_TSIG_HMACSHA512_NAME; + break; + } + if (hmacname != NULL) { result = dns_tsigkey_createfromkey(dst_key_name(dstkey), - dns_tsig_hmacmd5_name, - dstkey, ISC_FALSE, NULL, - 0, 0, mctx, NULL, &tsigkey); + hmacname, dstkey, ISC_FALSE, + NULL, 0, 0, mctx, NULL, + &tsigkey); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not create key from %s: %s\n", keyfile, isc_result_totext(result)); @@ -398,10 +628,7 @@ doshutdown(void) { is_dst_up = ISC_FALSE; } - if (entp != NULL) { - ddebug("Detach from entropy"); - isc_entropy_detach(&entp); - } + cleanup_entropy(&entropy); lwres_conf_clear(lwctx); lwres_context_destroy(&lwctx); @@ -452,6 +679,7 @@ setup_system(void) { lwres_result_t lwresult; unsigned int attrs, attrmask; int i; + isc_logconfig_t *logconfig = NULL; ddebug("setup_system()"); @@ -468,8 +696,17 @@ setup_system(void) { if (!have_ipv4 && !have_ipv6) fatal("could not find either IPv4 or IPv6"); - result = isc_mem_create(0, 0, &mctx); - check_result(result, "isc_mem_create"); + result = isc_log_create(mctx, &lctx, &logconfig); + check_result(result, "isc_log_create"); + + isc_log_setcontext(lctx); + dns_log_init(lctx); + dns_log_setcontext(lctx); + + result = isc_log_usechannel(logconfig, "default_debug", NULL, NULL); + check_result(result, "isc_log_usechannel"); + + isc_log_setdebuglevel(lctx, logdebuglevel); lwresult = lwres_context_create(&lwctx, mctx, mem_alloc, mem_free, 1); if (lwresult != LWRES_R_SUCCESS) @@ -506,14 +743,13 @@ setup_system(void) { } } - result = isc_entropy_create(mctx, &entp); - check_result(result, "isc_entropy_create"); + setup_entropy(mctx, NULL, &entropy); - result = isc_hash_create(mctx, entp, DNS_NAME_MAXWIRE); + result = isc_hash_create(mctx, entropy, DNS_NAME_MAXWIRE); check_result(result, "isc_hash_create"); isc_hash_init(); - result = dns_dispatchmgr_create(mctx, entp, &dispatchmgr); + result = dns_dispatchmgr_create(mctx, entropy, &dispatchmgr); check_result(result, "dns_dispatchmgr_create"); result = isc_socketmgr_create(mctx, &socketmgr); @@ -531,7 +767,7 @@ setup_system(void) { result = isc_task_onshutdown(global_task, shutdown_program, NULL); check_result(result, "isc_task_onshutdown"); - result = dst_lib_init(mctx, entp, 0); + result = dst_lib_init(mctx, entropy, 0); check_result(result, "dst_lib_init"); is_dst_up = ISC_TRUE; @@ -587,14 +823,47 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { INSIST(count == 1); } +#define PARSE_ARGS_FMT "dDMl:y:govk:rR::t:u:" + +static void +pre_parse_args(int argc, char **argv) { + int ch; + + while ((ch = isc_commandline_parse(argc, argv, PARSE_ARGS_FMT)) != -1) { + switch (ch) { + case 'M': /* was -dm */ + debugging = ISC_TRUE; + ddebugging = ISC_TRUE; + memdebugging = ISC_TRUE; + isc_mem_debugging = ISC_MEM_DEBUGTRACE | + ISC_MEM_DEBUGRECORD; + break; + + case '?': + if (isc_commandline_option != '?') + fprintf(stderr, "%s: invalid argument -%c\n", + argv[0], isc_commandline_option); + fprintf(stderr, "usage: nsupdate [-d] " + "[-g | -o | -y keyname:secret | -k keyfile] " + "[-v] [filename]\n"); + exit(1); + + default: + break; + } + } + isc_commandline_reset = ISC_TRUE; + isc_commandline_index = 1; +} + static void -parse_args(int argc, char **argv) { +parse_args(int argc, char **argv, isc_mem_t *mctx, isc_entropy_t **ectx) { int ch; + isc_uint32_t i; isc_result_t result; debug("parse_args"); - while ((ch = isc_commandline_parse(argc, argv, "dDMy:vk:r:t:u:")) != -1) - { + while ((ch = isc_commandline_parse(argc, argv, PARSE_ARGS_FMT)) != -1) { switch (ch) { case 'd': debugging = ISC_TRUE; @@ -603,12 +872,17 @@ parse_args(int argc, char **argv) { debugging = ISC_TRUE; ddebugging = ISC_TRUE; break; - case 'M': /* was -dm */ - debugging = ISC_TRUE; - ddebugging = ISC_TRUE; - memdebugging = ISC_TRUE; - isc_mem_debugging = ISC_MEM_DEBUGTRACE | - ISC_MEM_DEBUGRECORD; + case 'M': + break; + case 'l': + result = isc_parse_uint32(&i, isc_commandline_argument, + 10); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "bad library debug value " + "'%s'\n", isc_commandline_argument); + exit(1); + } + logdebuglevel = i; break; case 'y': keystr = isc_commandline_argument; @@ -619,6 +893,14 @@ parse_args(int argc, char **argv) { case 'k': keyfile = isc_commandline_argument; break; + case 'g': + usegsstsig = ISC_TRUE; + use_win2k_gsstsig = ISC_FALSE; + break; + case 'o': + usegsstsig = ISC_TRUE; + use_win2k_gsstsig = ISC_TRUE; + break; case 't': result = isc_parse_uint32(&timeout, isc_commandline_argument, 10); @@ -647,12 +929,14 @@ parse_args(int argc, char **argv) { exit(1); } break; + + case 'R': + setup_entropy(mctx, isc_commandline_argument, ectx); + break; + default: - fprintf(stderr, "%s: invalid argument -%c\n", - argv[0], ch); - fprintf(stderr, "usage: nsupdate [-d] " - "[-y keyname:secret | -k keyfile] [-v] " - "[filename]\n"); + fprintf(stderr, "%s: unhandled option: %c\n", + argv[0], isc_commandline_option); exit(1); } } @@ -662,6 +946,21 @@ parse_args(int argc, char **argv) { exit(1); } +#ifdef GSSAPI + if (usegsstsig && (keyfile != NULL || keystr != NULL)) { + fprintf(stderr, "%s: cannot specify -g with -k or -y\n", + argv[0]); + exit(1); + } +#else + if (usegsstsig) { + fprintf(stderr, "%s: cannot specify -g or -o, " \ + "program not linked with GSS API Library\n", + argv[0]); + exit(1); + } +#endif + if (argv[isc_commandline_index] != NULL) { if (strcmp(argv[isc_commandline_index], "-") == 0) { input = stdin; @@ -998,6 +1297,9 @@ evaluate_key(char *cmdline) { int secretlen; unsigned char *secret = NULL; isc_buffer_t secretbuf; + dns_name_t *hmacname = NULL; + isc_uint16_t digestbits = 0; + char *n; namestr = nsu_strsep(&cmdline, " \t\r\n"); if (*namestr == 0) { @@ -1008,6 +1310,13 @@ evaluate_key(char *cmdline) { dns_fixedname_init(&fkeyname); keyname = dns_fixedname_name(&fkeyname); + n = strchr(namestr, ':'); + if (n != NULL) { + digestbits = parse_hmac(&hmacname, namestr, n - namestr); + namestr = n + 1; + } else + hmacname = DNS_TSIG_HMACMD5_NAME; + isc_buffer_init(&b, namestr, strlen(namestr)); isc_buffer_add(&b, strlen(namestr)); result = dns_name_fromtext(keyname, &b, dns_rootname, ISC_FALSE, NULL); @@ -1025,7 +1334,7 @@ evaluate_key(char *cmdline) { secret = isc_mem_allocate(mctx, secretlen); if (secret == NULL) fatal("out of memory"); - + isc_buffer_init(&secretbuf, secret, secretlen); result = isc_base64_decodestring(secretstr, &secretbuf); if (result != ISC_R_SUCCESS) { @@ -1038,15 +1347,16 @@ evaluate_key(char *cmdline) { if (tsigkey != NULL) dns_tsigkey_detach(&tsigkey); - result = dns_tsigkey_create(keyname, dns_tsig_hmacmd5_name, - secret, secretlen, ISC_TRUE, NULL, 0, 0, - mctx, NULL, &tsigkey); + result = dns_tsigkey_create(keyname, hmacname, secret, secretlen, + ISC_TRUE, NULL, 0, 0, mctx, NULL, + &tsigkey); isc_mem_free(mctx, secret); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not create key from %s %s: %s\n", namestr, secretstr, dns_result_totext(result)); return (STATUS_SYNTAX); } + dst_key_setbits(tsigkey->key, digestbits); return (STATUS_MORE); } @@ -1091,8 +1401,8 @@ evaluate_class(char *cmdline) { } r.base = word; - r.length = strlen(word); - result = dns_rdataclass_fromtext(&rdclass, &r); + r.length = strlen(word); + result = dns_rdataclass_fromtext(&rdclass, &r); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not parse class name: %s\n", word); return (STATUS_SYNTAX); @@ -1197,8 +1507,9 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) { } region.base = word; region.length = strlen(word); + rdataclass = dns_rdataclass_any; result = dns_rdataclass_fromtext(&rdataclass, ®ion); - if (result == ISC_R_SUCCESS) { + if (result == ISC_R_SUCCESS && rdataclass != dns_rdataclass_any) { if (!setzoneclass(rdataclass)) { fprintf(stderr, "class mismatch: %s\n", word); goto failure; @@ -1276,8 +1587,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) { failure: if (name != NULL) dns_message_puttempname(updatemsg, &name); - if (rdata != NULL) - dns_message_puttemprdata(updatemsg, &rdata); + dns_message_puttemprdata(updatemsg, &rdata); return (STATUS_SYNTAX); } @@ -1304,14 +1614,52 @@ evaluate_update(char *cmdline) { } static void -show_message(dns_message_t *msg) { +setzone(dns_name_t *zonename) { + isc_result_t result; + dns_name_t *name = NULL; + dns_rdataset_t *rdataset = NULL; + + result = dns_message_firstname(updatemsg, DNS_SECTION_ZONE); + if (result == ISC_R_SUCCESS) { + dns_message_currentname(updatemsg, DNS_SECTION_ZONE, &name); + dns_message_removename(updatemsg, name, DNS_SECTION_ZONE); + for (rdataset = ISC_LIST_HEAD(name->list); + rdataset != NULL; + rdataset = ISC_LIST_HEAD(name->list)) { + ISC_LIST_UNLINK(name->list, rdataset, link); + dns_rdataset_disassociate(rdataset); + dns_message_puttemprdataset(updatemsg, &rdataset); + } + dns_message_puttempname(updatemsg, &name); + } + + if (zonename != NULL) { + result = dns_message_gettempname(updatemsg, &name); + check_result(result, "dns_message_gettempname"); + dns_name_init(name, NULL); + dns_name_clone(zonename, name); + result = dns_message_gettemprdataset(updatemsg, &rdataset); + check_result(result, "dns_message_gettemprdataset"); + dns_rdataset_makequestion(rdataset, getzoneclass(), + dns_rdatatype_soa); + ISC_LIST_INIT(name->list); + ISC_LIST_APPEND(name->list, rdataset, link); + dns_message_addname(updatemsg, name, DNS_SECTION_ZONE); + } +} + +static void +show_message(FILE *stream, dns_message_t *msg, const char *description) { isc_result_t result; isc_buffer_t *buf = NULL; int bufsz; ddebug("show_message()"); + + setzone(userzone); + bufsz = INITTEXT; - do { + do { if (bufsz > MAXTEXT) { fprintf(stderr, "could not allocate large enough " "buffer to display message\n"); @@ -1329,9 +1677,8 @@ show_message(dns_message_t *msg) { isc_buffer_free(&buf); return; } - printf("Outgoing update query:\n%.*s", - (int)isc_buffer_usedlength(buf), - (char*)isc_buffer_base(buf)); + fprintf(stream, "%s\n%.*s", description, + (int)isc_buffer_usedlength(buf), (char*)isc_buffer_base(buf)); isc_buffer_free(&buf); } @@ -1377,16 +1724,58 @@ get_next_command(void) { if (strcasecmp(word, "send") == 0) return (STATUS_SEND); if (strcasecmp(word, "show") == 0) { - show_message(updatemsg); + show_message(stdout, updatemsg, "Outgoing update query:"); return (STATUS_MORE); } if (strcasecmp(word, "answer") == 0) { if (answer != NULL) - show_message(answer); + show_message(stdout, answer, "Answer:"); return (STATUS_MORE); } - if (strcasecmp(word, "key") == 0) + if (strcasecmp(word, "key") == 0) { + usegsstsig = ISC_FALSE; return (evaluate_key(cmdline)); + } + if (strcasecmp(word, "gsstsig") == 0) { +#ifdef GSSAPI + usegsstsig = ISC_TRUE; + use_win2k_gsstsig = ISC_FALSE; +#else + fprintf(stderr, "gsstsig not supported\n"); +#endif + return (STATUS_MORE); + } + if (strcasecmp(word, "oldgsstsig") == 0) { +#ifdef GSSAPI + usegsstsig = ISC_TRUE; + use_win2k_gsstsig = ISC_TRUE; +#else + fprintf(stderr, "gsstsig not supported\n"); +#endif + return (STATUS_MORE); + } + if (strcasecmp(word, "help") == 0) { + fprintf(stdout, +"local address [port] (set local resolver)\n" +"server address [port] (set master server for zone)\n" +"send (send the update request)\n" +"show (show the update request)\n" +"answer (show the answer to the last request)\n" +"quit (quit, any pending update is not sent\n" +"help (display this message_\n" +"key [hmac:]keyname secret (use TSIG to sign the request)\n" +"gsstsig (use GSS_TSIG to sign the request)\n" +"oldgsstsig (use Microsoft's GSS_TSIG to sign the request)\n" +"zone name (set the zone to be updated)\n" +"class CLASS (set the zone's DNS class, e.g. IN (default), CH)\n" +"prereq nxdomain name (does this name not exist)\n" +"prereq yxdomain name (does this name exist)\n" +"prereq nxrrset .... (does this RRset exist)\n" +"prereq yxrrset .... (does this RRset not exist)\n" +"update add .... (add the given record to the zone)\n" +"update delete .... (remove the given record(s) from the zone)\n"); + return (STATUS_MORE); + } fprintf(stderr, "incorrect section name: %s\n", word); return (STATUS_SYNTAX); } @@ -1396,8 +1785,11 @@ user_interaction(void) { isc_uint16_t result = STATUS_MORE; ddebug("user_interaction()"); - while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) + while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) { result = get_next_command(); + if (!interactive && result == STATUS_SYNTAX) + fatal("syntax error"); + } if (result == STATUS_SEND) return (ISC_TRUE); return (ISC_FALSE); @@ -1470,12 +1862,23 @@ update_completed(isc_task_t *task, isc_event_t *event) { DNS_MESSAGEPARSE_PRESERVEORDER); switch (result) { case ISC_R_SUCCESS: + if (answer->verify_attempted) + ddebug("tsig verification successful"); break; case DNS_R_CLOCKSKEW: case DNS_R_EXPECTEDTSIG: case DNS_R_TSIGERRORSET: case DNS_R_TSIGVERIFYFAILURE: case DNS_R_UNEXPECTEDTSIG: + case ISC_R_FAILURE: +#if 0 + if (usegsstsig && answer->rcode == dns_rcode_noerror) { + /* + * For MS DNS that violates RFC 2845, section 4.2 + */ + break; + } +#endif fprintf(stderr, "; TSIG error with server: %s\n", isc_result_totext(result)); seenerror = ISC_TRUE; @@ -1490,7 +1893,7 @@ update_completed(isc_task_t *task, isc_event_t *event) { char buf[64]; isc_buffer_t b; dns_rdataset_t *rds; - + isc_buffer_init(&b, buf, sizeof(buf) - 1); result = dns_rcode_totext(answer->rcode, &b); check_result(result, "dns_rcode_totext"); @@ -1501,32 +1904,15 @@ update_completed(isc_task_t *task, isc_event_t *event) { (int)isc_buffer_usedlength(&b), buf); } } - if (debugging) { - isc_buffer_t *buf = NULL; - int bufsz; - - bufsz = INITTEXT; - do { - if (bufsz > MAXTEXT) { - fprintf(stderr, "could not allocate large " - "enough buffer to display message\n"); - exit(1); - } - if (buf != NULL) - isc_buffer_free(&buf); - result = isc_buffer_allocate(mctx, &buf, bufsz); - check_result(result, "isc_buffer_allocate"); - result = dns_message_totext(answer, style, 0, buf); - bufsz *= 2; - } while (result == ISC_R_NOSPACE); - check_result(result, "dns_message_totext"); - fprintf(stderr, "\nReply from update query:\n%.*s\n", - (int)isc_buffer_usedlength(buf), - (char*)isc_buffer_base(buf)); - isc_buffer_free(&buf); - } + if (debugging) + show_message(stderr, answer, "\nReply from update query:"); + done: dns_request_destroy(&request); + if (usegsstsig) { + dns_name_free(&tmpzonename, mctx); + dns_name_free(&restart_master, mctx); + } isc_event_free(&event); done_update(); } @@ -1537,22 +1923,11 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master, { isc_result_t result; dns_request_t *request = NULL; - dns_name_t *name = NULL; - dns_rdataset_t *rdataset = NULL; unsigned int options = 0; ddebug("send_update()"); - result = dns_message_gettempname(updatemsg, &name); - check_result(result, "dns_message_gettempname"); - dns_name_init(name, NULL); - dns_name_clone(zonename, name); - result = dns_message_gettemprdataset(updatemsg, &rdataset); - check_result(result, "dns_message_gettemprdataset"); - dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa); - ISC_LIST_INIT(name->list); - ISC_LIST_APPEND(name->list, rdataset, link); - dns_message_addname(updatemsg, name, DNS_SECTION_ZONE); + setzone(zonename); if (usevc) options |= DNS_REQUESTOPT_TCP; @@ -1566,6 +1941,7 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master, isc_sockaddr_format(master, addrbuf, sizeof(addrbuf)); fprintf(stderr, "Sending update to %s\n", addrbuf); } + result = dns_request_createvia3(requestmgr, updatemsg, srcaddr, master, options, tsigkey, timeout, udp_timeout, udp_retries, global_task, @@ -1573,7 +1949,7 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master, check_result(result, "dns_request_createvia3"); if (debugging) - show_message(updatemsg); + show_message(stdout, updatemsg, "Outgoing update query:"); requests++; } @@ -1591,8 +1967,6 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_rdata_t soarr = DNS_RDATA_INIT; int pass = 0; dns_name_t master; - isc_sockaddr_t *serveraddr, tempaddr; - dns_name_t *zonename; nsu_requestinfo_t *reqinfo; dns_message_t *soaquery = NULL; isc_sockaddr_t *addr; @@ -1605,7 +1979,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { ddebug("recvsoa()"); requests--; - + REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE); reqev = (dns_requestevent_t *)event; request = reqev->request; @@ -1628,7 +2002,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf)); fprintf(stderr, "; Communication with %s failed: %s\n", - addrbuf, isc_result_totext(eresult)); + addrbuf, isc_result_totext(eresult)); if (userserver != NULL) fatal("could not talk to specified name server"); else if (++ns_inuse >= lwconf->nsnext) @@ -1643,8 +2017,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) { setzoneclass(dns_rdataclass_none); return; } - isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t)); + isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t)); + reqinfo = NULL; isc_event_free(&event); reqev = NULL; @@ -1676,39 +2051,32 @@ recvsoa(isc_task_t *task, isc_event_t *event) { } check_result(result, "dns_request_getresponse"); section = DNS_SECTION_ANSWER; - if (debugging) { - isc_buffer_t *buf = NULL; - int bufsz; - bufsz = INITTEXT; - do { - if (buf != NULL) - isc_buffer_free(&buf); - if (bufsz > MAXTEXT) { - fprintf(stderr, "could not allocate enough " - "space for debugging message\n"); - exit(1); - } - result = isc_buffer_allocate(mctx, &buf, bufsz); - check_result(result, "isc_buffer_allocate"); - result = dns_message_totext(rcvmsg, style, 0, buf); - } while (result == ISC_R_NOSPACE); - check_result(result, "dns_message_totext"); - fprintf(stderr, "Reply from SOA query:\n%.*s\n", - (int)isc_buffer_usedlength(buf), - (char*)isc_buffer_base(buf)); - isc_buffer_free(&buf); - } + if (debugging) + show_message(stderr, rcvmsg, "Reply from SOA query:"); if (rcvmsg->rcode != dns_rcode_noerror && rcvmsg->rcode != dns_rcode_nxdomain) fatal("response to SOA query was unsuccessful"); + if (userzone != NULL && rcvmsg->rcode == dns_rcode_nxdomain) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(userzone, namebuf, sizeof(namebuf)); + error("specified zone '%s' does not exist (NXDOMAIN)", + namebuf); + dns_message_destroy(&rcvmsg); + dns_request_destroy(&request); + dns_message_destroy(&soaquery); + ddebug("Out of recvsoa"); + done_update(); + return; + } + lookforsoa: if (pass == 0) section = DNS_SECTION_ANSWER; else if (pass == 1) section = DNS_SECTION_AUTHORITY; - else + else goto droplabel; result = dns_message_firstname(rcvmsg, section); @@ -1727,17 +2095,14 @@ recvsoa(isc_task_t *task, isc_event_t *event) { if (section == DNS_SECTION_ANSWER) { dns_rdataset_t *tset = NULL; if (dns_message_findtype(name, dns_rdatatype_cname, 0, - &tset) == ISC_R_SUCCESS - || + &tset) == ISC_R_SUCCESS || dns_message_findtype(name, dns_rdatatype_dname, 0, - &tset) == ISC_R_SUCCESS - ) - { + &tset) == ISC_R_SUCCESS ) { seencname = ISC_TRUE; break; } } - + result = dns_message_nextname(rcvmsg, section); } @@ -1792,8 +2157,21 @@ recvsoa(isc_task_t *task, isc_event_t *event) { } dns_rdata_freestruct(&soa); +#ifdef GSSAPI + if (usegsstsig) { + dns_name_init(&tmpzonename, NULL); + dns_name_dup(zonename, mctx, &tmpzonename); + dns_name_init(&restart_master, NULL); + dns_name_dup(&master, mctx, &restart_master); + start_gssrequest(&master); + } else { + send_update(zonename, serveraddr, localaddr); + setzoneclass(dns_rdataclass_none); + } +#else send_update(zonename, serveraddr, localaddr); setzoneclass(dns_rdataclass_none); +#endif dns_message_destroy(&soaquery); dns_request_destroy(&request); @@ -1802,7 +2180,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_message_destroy(&rcvmsg); ddebug("Out of recvsoa"); return; - + droplabel: result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION); INSIST(result == ISC_R_SUCCESS); @@ -1820,8 +2198,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { if (userserver != NULL) sendrequest(localaddr, userserver, soaquery, &request); else - sendrequest(localaddr, &servers[ns_inuse], soaquery, - &request); + sendrequest(localaddr, &servers[ns_inuse], soaquery, &request); goto out; } @@ -1845,6 +2222,286 @@ sendrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, requests++; } +#ifdef GSSAPI +static void +start_gssrequest(dns_name_t *master) +{ + gss_ctx_id_t context; + isc_buffer_t buf; + isc_result_t result; + isc_uint32_t val = 0; + dns_message_t *rmsg; + dns_request_t *request = NULL; + dns_name_t *servname; + dns_fixedname_t fname; + char namestr[DNS_NAME_FORMATSIZE]; + char keystr[DNS_NAME_FORMATSIZE]; + + debug("start_gssrequest"); + usevc = ISC_TRUE; + + if (gssring != NULL) + dns_tsigkeyring_destroy(&gssring); + gssring = NULL; + result = dns_tsigkeyring_create(mctx, &gssring); + + if (result != ISC_R_SUCCESS) + fatal("dns_tsigkeyring_create failed: %s", + isc_result_totext(result)); + + dns_name_format(master, namestr, sizeof(namestr)); + if (kserver == NULL) { + kserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t)); + if (kserver == NULL) + fatal("out of memory"); + } + if (userserver == NULL) + get_address(namestr, DNSDEFAULTPORT, kserver); + else + (void)memcpy(kserver, userserver, sizeof(isc_sockaddr_t)); + + dns_fixedname_init(&fname); + servname = dns_fixedname_name(&fname); + + result = isc_string_printf(servicename, sizeof(servicename), + "DNS/%s", namestr); + if (result != ISC_R_SUCCESS) + fatal("isc_string_printf(servicename) failed: %s", + isc_result_totext(result)); + isc_buffer_init(&buf, servicename, strlen(servicename)); + isc_buffer_add(&buf, strlen(servicename)); + result = dns_name_fromtext(servname, &buf, dns_rootname, + ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) + fatal("dns_name_fromtext(servname) failed: %s", + isc_result_totext(result)); + + dns_fixedname_init(&fkname); + keyname = dns_fixedname_name(&fkname); + + isc_random_get(&val); + result = isc_string_printf(keystr, sizeof(keystr), "%u.sig-%s", + val, namestr); + if (result != ISC_R_SUCCESS) + fatal("isc_string_printf(keystr) failed: %s", + isc_result_totext(result)); + isc_buffer_init(&buf, keystr, strlen(keystr)); + isc_buffer_add(&buf, strlen(keystr)); + + result = dns_name_fromtext(keyname, &buf, dns_rootname, + ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) + fatal("dns_name_fromtext(keyname) failed: %s", + isc_result_totext(result)); + + /* Windows doesn't recognize name compression in the key name. */ + keyname->attributes |= DNS_NAMEATTR_NOCOMPRESS; + + rmsg = NULL; + result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &rmsg); + if (result != ISC_R_SUCCESS) + fatal("dns_message_create failed: %s", + isc_result_totext(result)); + + /* Build first request. */ + + context = GSS_C_NO_CONTEXT; + result = dns_tkey_buildgssquery(rmsg, keyname, servname, NULL, 0, + &context, use_win2k_gsstsig); + if (result == ISC_R_FAILURE) + fatal("Check your Kerberos ticket, it may have expired."); + if (result != ISC_R_SUCCESS) + fatal("dns_tkey_buildgssquery failed: %s", + isc_result_totext(result)); + + send_gssrequest(localaddr, kserver, rmsg, &request, context); +} + +static void +send_gssrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, + dns_message_t *msg, dns_request_t **request, + gss_ctx_id_t context) +{ + isc_result_t result; + nsu_gssinfo_t *reqinfo; + unsigned int options = 0; + + debug("send_gssrequest"); + reqinfo = isc_mem_get(mctx, sizeof(nsu_gssinfo_t)); + if (reqinfo == NULL) + fatal("out of memory"); + reqinfo->msg = msg; + reqinfo->addr = destaddr; + reqinfo->context = context; + + options |= DNS_REQUESTOPT_TCP; + result = dns_request_createvia3(requestmgr, msg, srcaddr, destaddr, + options, tsigkey, FIND_TIMEOUT * 20, + FIND_TIMEOUT, 3, global_task, recvgss, + reqinfo, request); + check_result(result, "dns_request_createvia3"); + if (debugging) + show_message(stdout, msg, "Outgoing update query:"); + requests++; +} + +static void +recvgss(isc_task_t *task, isc_event_t *event) { + dns_requestevent_t *reqev = NULL; + dns_request_t *request = NULL; + isc_result_t result, eresult; + dns_message_t *rcvmsg = NULL; + nsu_gssinfo_t *reqinfo; + dns_message_t *tsigquery = NULL; + isc_sockaddr_t *addr; + gss_ctx_id_t context; + isc_buffer_t buf; + dns_name_t *servname; + dns_fixedname_t fname; + + UNUSED(task); + + ddebug("recvgss()"); + + requests--; + + REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE); + reqev = (dns_requestevent_t *)event; + request = reqev->request; + eresult = reqev->result; + reqinfo = reqev->ev_arg; + tsigquery = reqinfo->msg; + context = reqinfo->context; + addr = reqinfo->addr; + + if (shuttingdown) { + dns_request_destroy(&request); + dns_message_destroy(&tsigquery); + isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t)); + isc_event_free(&event); + maybeshutdown(); + return; + } + + if (eresult != ISC_R_SUCCESS) { + char addrbuf[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf)); + fprintf(stderr, "; Communication with %s failed: %s\n", + addrbuf, isc_result_totext(eresult)); + if (userserver != NULL) + fatal("could not talk to specified name server"); + else if (++ns_inuse >= lwconf->nsnext) + fatal("could not talk to any default name server"); + ddebug("Destroying request [%p]", request); + dns_request_destroy(&request); + dns_message_renderreset(tsigquery); + sendrequest(localaddr, &servers[ns_inuse], tsigquery, + &request); + isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t)); + isc_event_free(&event); + return; + } + isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t)); + + isc_event_free(&event); + reqev = NULL; + + ddebug("recvgss creating rcvmsg"); + result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &rcvmsg); + check_result(result, "dns_message_create"); + + result = dns_request_getresponse(request, rcvmsg, + DNS_MESSAGEPARSE_PRESERVEORDER); + check_result(result, "dns_request_getresponse"); + + if (debugging) + show_message(stderr, rcvmsg, + "recvmsg reply from GSS-TSIG query"); + + if (rcvmsg->rcode == dns_rcode_formerr && !tried_other_gsstsig) { + ddebug("recvgss trying %s GSS-TSIG", + use_win2k_gsstsig ? "Standard" : "Win2k"); + if (use_win2k_gsstsig) + use_win2k_gsstsig = ISC_FALSE; + else + use_win2k_gsstsig = ISC_TRUE; + tried_other_gsstsig = ISC_TRUE; + start_gssrequest(&restart_master); + goto done; + } + + if (rcvmsg->rcode != dns_rcode_noerror && + rcvmsg->rcode != dns_rcode_nxdomain) + fatal("response to GSS-TSIG query was unsuccessful"); + + + dns_fixedname_init(&fname); + servname = dns_fixedname_name(&fname); + isc_buffer_init(&buf, servicename, strlen(servicename)); + isc_buffer_add(&buf, strlen(servicename)); + result = dns_name_fromtext(servname, &buf, dns_rootname, + ISC_FALSE, NULL); + check_result(result, "dns_name_fromtext"); + + tsigkey = NULL; + result = dns_tkey_gssnegotiate(tsigquery, rcvmsg, servname, + &context, &tsigkey, gssring, + use_win2k_gsstsig); + switch (result) { + + case DNS_R_CONTINUE: + send_gssrequest(localaddr, kserver, tsigquery, &request, + context); + break; + + case ISC_R_SUCCESS: + /* + * XXXSRA Waaay too much fun here. There's no good + * reason why we need a TSIG here (the people who put + * it into the spec admitted at the time that it was + * not a security issue), and Windows clients don't + * seem to work if named complies with the spec and + * includes the gratuitous TSIG. So we're in the + * bizarre situation of having to choose between + * complying with a useless requirement in the spec + * and interoperating. This is nuts. If we can + * confirm this behavior, we should ask the WG to + * consider removing the requirement for the + * gratuitous TSIG here. For the moment, we ignore + * the TSIG -- this too is a spec violation, but it's + * the least insane thing to do. + */ +#if 0 + /* + * Verify the signature. + */ + rcvmsg->state = DNS_SECTION_ANY; + dns_message_setquerytsig(rcvmsg, NULL); + result = dns_message_settsigkey(rcvmsg, tsigkey); + check_result(result, "dns_message_settsigkey"); + result = dns_message_checksig(rcvmsg, NULL); + ddebug("tsig verification: %s", dns_result_totext(result)); + check_result(result, "dns_message_checksig"); +#endif /* 0 */ + + send_update(&tmpzonename, serveraddr, localaddr); + setzoneclass(dns_rdataclass_none); + break; + + default: + fatal("dns_tkey_negotiategss: %s", isc_result_totext(result)); + } + + done: + dns_request_destroy(&request); + dns_message_destroy(&tsigquery); + + dns_message_destroy(&rcvmsg); + ddebug("Out of recvgss"); +} +#endif + static void start_update(void) { isc_result_t result; @@ -1859,17 +2516,8 @@ start_update(void) { if (answer != NULL) dns_message_destroy(&answer); - result = dns_message_firstname(updatemsg, section); - if (result == ISC_R_NOMORE) { - section = DNS_SECTION_PREREQUISITE; - result = dns_message_firstname(updatemsg, section); - } - if (result != ISC_R_SUCCESS) { - done_update(); - return; - } - if (userzone != NULL && userserver != NULL) { + if (userzone != NULL && userserver != NULL && ! usegsstsig) { send_update(userzone, userserver, localaddr); setzoneclass(dns_rdataclass_none); return; @@ -1879,7 +2527,8 @@ start_update(void) { &soaquery); check_result(result, "dns_message_create"); - soaquery->flags |= DNS_MESSAGEFLAG_RD; + if (userserver == NULL) + soaquery->flags |= DNS_MESSAGEFLAG_RD; result = dns_message_gettempname(soaquery, &name); check_result(result, "dns_message_gettempname"); @@ -1889,10 +2538,28 @@ start_update(void) { dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa); - firstname = NULL; - dns_message_currentname(updatemsg, section, &firstname); - dns_name_init(name, NULL); - dns_name_clone(firstname, name); + if (userzone != NULL) { + dns_name_init(name, NULL); + dns_name_clone(userzone, name); + } else { + result = dns_message_firstname(updatemsg, section); + if (result == ISC_R_NOMORE) { + section = DNS_SECTION_PREREQUISITE; + result = dns_message_firstname(updatemsg, section); + } + if (result != ISC_R_SUCCESS) { + dns_message_puttempname(soaquery, &name); + dns_rdataset_disassociate(rdataset); + dns_message_puttemprdataset(soaquery, &rdataset); + dns_message_destroy(&soaquery); + done_update(); + return; + } + firstname = NULL; + dns_message_currentname(updatemsg, section, &firstname); + dns_name_init(name, NULL); + dns_name_clone(firstname, name); + } ISC_LIST_INIT(name->list); ISC_LIST_APPEND(name->list, rdataset, link); @@ -1912,6 +2579,22 @@ cleanup(void) { if (answer != NULL) dns_message_destroy(&answer); + +#ifdef GSSAPI + if (tsigkey != NULL) { + ddebug("detach tsigkey x%p", tsigkey); + dns_tsigkey_detach(&tsigkey); + } + if (gssring != NULL) { + ddebug("Destroying GSS-TSIG keyring"); + dns_tsigkeyring_destroy(&gssring); + } + if (kserver != NULL) { + isc_mem_put(mctx, kserver, sizeof(isc_sockaddr_t)); + kserver = NULL; + } +#endif + ddebug("Shutting down task manager"); isc_taskmgr_destroy(&taskmgr); @@ -1927,6 +2610,12 @@ cleanup(void) { ddebug("Destroying hash context"); isc_hash_destroy(); + ddebug("Destroying name state"); + dns_name_destroy(); + + ddebug("Removing log context"); + isc_log_destroy(&lctx); + ddebug("Destroying memory context"); if (memdebugging) isc_mem_stats(mctx, stderr); @@ -1968,7 +2657,12 @@ main(int argc, char **argv) { isc_app_start(); - parse_args(argc, argv); + pre_parse_args(argc, argv); + + result = isc_mem_create(0, 0, &mctx); + check_result(result, "isc_mem_create"); + + parse_args(argc, argv, mctx, &entropy); setup_system(); diff --git a/contrib/bind-9.5.2/bin/nsupdate/nsupdate.html b/contrib/bind-9.5.2/bin/nsupdate/nsupdate.html new file mode 100644 index 0000000000..522b20fa19 --- /dev/null +++ b/contrib/bind-9.5.2/bin/nsupdate/nsupdate.html @@ -0,0 +1,511 @@ + + + + + +nsupdate + + +
+
+
+

Name

+

nsupdate — Dynamic DNS update utility

+
+
+

Synopsis

+

nsupdate [-d] [[-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

+
+
+

DESCRIPTION

+

nsupdate + is used to submit Dynamic DNS Update requests as defined in RFC2136 + to a name server. + This allows resource records to be added or removed from a zone + without manually editing the zone file. + A single update request can contain requests to add or remove more than + one + resource record. +

+

+ Zones that are under dynamic control via + nsupdate + or a DHCP server should not be edited by hand. + Manual edits could + conflict with dynamic updates and cause data to be lost. +

+

+ The resource records that are dynamically added or removed with + nsupdate + have to be in the same zone. + Requests are sent to the zone's master server. + This is identified by the MNAME field of the zone's SOA record. +

+

+ The + -d + option makes + nsupdate + operate in debug mode. + This provides tracing information about the update requests that are + made and the replies received from the name server. +

+

+ Transaction signatures can be used to authenticate the Dynamic DNS + updates. + These use the TSIG resource record type described in RFC2845 or the + SIG(0) record described in RFC3535 and RFC2931. + TSIG relies on a shared secret that should only be known to + nsupdate and the name server. + Currently, the only supported encryption algorithm for TSIG is + HMAC-MD5, which is defined in RFC 2104. + Once other algorithms are defined for TSIG, applications will need to + ensure they select the appropriate algorithm as well as the key when + authenticating each other. + For instance, suitable + key + and + server + statements would be added to + /etc/named.conf + so that the name server can associate the appropriate secret key + and algorithm with the IP address of the + client application that will be using TSIG authentication. + SIG(0) uses public key cryptography. To use a SIG(0) key, the public + key must be stored in a KEY record in a zone served by the name server. + nsupdate + does not read + /etc/named.conf. +

+

nsupdate + uses the -y or -k option + to provide the shared secret needed to generate a TSIG record + for authenticating Dynamic DNS update requests, default type + HMAC-MD5. These options are mutually exclusive. With the + -k option, nsupdate reads + the shared secret from the file keyfile, + whose name is of the form + K{name}.+157.+{random}.private. For + historical reasons, the file + K{name}.+157.+{random}.key must also be + present. When the -y option is used, a + signature is generated from + [hmac:]keyname:secret. + keyname is the name of the key, and + secret is the base64 encoded shared + secret. Use of the -y option is discouraged + because the shared secret is supplied as a command line + argument in clear text. This may be visible in the output + from + ps(1) or in a history file maintained by the user's + shell. +

+

+ The -k may also be used to specify a SIG(0) key used + to authenticate Dynamic DNS update requests. In this case, the key + specified is not an HMAC-MD5 key. +

+

+ By default, + nsupdate + uses UDP to send update requests to the name server unless they are too + large to fit in a UDP request in which case TCP will be used. + The + -v + option makes + nsupdate + use a TCP connection. + This may be preferable when a batch of update requests is made. +

+

+ The -t option sets the maximum time an update request + can + take before it is aborted. The default is 300 seconds. Zero can be + used + to disable the timeout. +

+

+ The -u option sets the UDP retry interval. The default + is + 3 seconds. If zero, the interval will be computed from the timeout + interval + and number of UDP retries. +

+

+ The -r option sets the number of UDP retries. The + default is + 3. If zero, only one update request will be made. +

+

+ The -R randomdev option + specifies a source of randomness. If the operating system + does not provide a /dev/random or + equivalent device, the default source of randomness is keyboard + input. randomdev specifies the name of + a character device or file containing random data to be used + instead of the default. The special value + keyboard indicates that keyboard input + should be used. This option may be specified multiple times. +

+
+
+

INPUT FORMAT

+

nsupdate + reads input from + filename + or standard input. + Each command is supplied on exactly one line of input. + Some commands are for administrative purposes. + The others are either update instructions or prerequisite checks on the + contents of the zone. + These checks set conditions that some name or set of + resource records (RRset) either exists or is absent from the zone. + These conditions must be met if the entire update request is to succeed. + Updates will be rejected if the tests for the prerequisite conditions + fail. +

+

+ Every update request consists of zero or more prerequisites + and zero or more updates. + This allows a suitably authenticated update request to proceed if some + specified resource records are present or missing from the zone. + A blank input line (or the send command) + causes the + accumulated commands to be sent as one Dynamic DNS update request to the + name server. +

+

+ The command formats and their meaning are as follows: +

+
+
+ server + {servername} + [port] +
+

+ Sends all dynamic update requests to the name server + servername. + When no server statement is provided, + nsupdate + will send updates to the master server of the correct zone. + The MNAME field of that zone's SOA record will identify the + master + server for that zone. + port + is the port number on + servername + where the dynamic update requests get sent. + If no port number is specified, the default DNS port number of + 53 is + used. +

+
+ local + {address} + [port] +
+

+ Sends all dynamic update requests using the local + address. + + When no local statement is provided, + nsupdate + will send updates using an address and port chosen by the + system. + port + can additionally be used to make requests come from a specific + port. + If no port number is specified, the system will assign one. +

+
+ zone + {zonename} +
+

+ Specifies that all updates are to be made to the zone + zonename. + If no + zone + statement is provided, + nsupdate + will attempt determine the correct zone to update based on the + rest of the input. +

+
+ class + {classname} +
+

+ Specify the default class. + If no class is specified, the + default class is + IN. +

+
+ key + {name} + {secret} +
+

+ Specifies that all updates are to be TSIG-signed using the + keyname keysecret pair. + The key command + overrides any key specified on the command line via + -y or -k. +

+
+ prereq nxdomain + {domain-name} +
+

+ Requires that no resource record of any type exists with name + domain-name. +

+
+ prereq yxdomain + {domain-name} +
+

+ Requires that + domain-name + exists (has as at least one resource record, of any type). +

+
+ prereq nxrrset + {domain-name} + [class] + {type} +
+

+ Requires that no resource record exists of the specified + type, + class + and + domain-name. + If + class + is omitted, IN (internet) is assumed. +

+
+ prereq yxrrset + {domain-name} + [class] + {type} +
+

+ This requires that a resource record of the specified + type, + class + and + domain-name + must exist. + If + class + is omitted, IN (internet) is assumed. +

+
+ prereq yxrrset + {domain-name} + [class] + {type} + {data...} +
+

+ The + data + from each set of prerequisites of this form + sharing a common + type, + class, + and + domain-name + are combined to form a set of RRs. This set of RRs must + exactly match the set of RRs existing in the zone at the + given + type, + class, + and + domain-name. + The + data + are written in the standard text representation of the resource + record's + RDATA. +

+
+ update delete + {domain-name} + [ttl] + [class] + [type [data...]] +
+

+ Deletes any resource records named + domain-name. + If + type + and + data + is provided, only matching resource records will be removed. + The internet class is assumed if + class + is not supplied. The + ttl + is ignored, and is only allowed for compatibility. +

+
+ update add + {domain-name} + {ttl} + [class] + {type} + {data...} +
+

+ Adds a new resource record with the specified + ttl, + class + and + data. +

+
+ show +
+

+ Displays the current message, containing all of the + prerequisites and + updates specified since the last send. +

+
+ send +
+

+ Sends the current message. This is equivalent to entering a + blank line. +

+
+ answer +
+

+ Displays the answer. +

+
+

+

+

+ Lines beginning with a semicolon are comments and are ignored. +

+
+
+

EXAMPLES

+

+ The examples below show how + nsupdate + could be used to insert and delete resource records from the + example.com + zone. + Notice that the input in each example contains a trailing blank line so + that + a group of commands are sent as one dynamic update request to the + master name server for + example.com. + +

+
+# nsupdate
+> update delete oldhost.example.com A
+> update add newhost.example.com 86400 A 172.16.1.1
+> send
+
+

+

+

+ Any A records for + oldhost.example.com + are deleted. + And an A record for + newhost.example.com + with IP address 172.16.1.1 is added. + The newly-added record has a 1 day TTL (86400 seconds). +

+
+# nsupdate
+> prereq nxdomain nickname.example.com
+> update add nickname.example.com 86400 CNAME somehost.example.com
+> send
+
+

+

+

+ The prerequisite condition gets the name server to check that there + are no resource records of any type for + nickname.example.com. + + If there are, the update request fails. + If this name does not exist, a CNAME for it is added. + This ensures that when the CNAME is added, it cannot conflict with the + long-standing rule in RFC1034 that a name must not exist as any other + record type if it exists as a CNAME. + (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have + RRSIG, DNSKEY and NSEC records.) +

+
+
+

FILES

+
+
/etc/resolv.conf
+

+ used to identify default name server +

+
K{name}.+157.+{random}.key
+

+ base-64 encoding of HMAC-MD5 key created by + dnssec-keygen(8). +

+
K{name}.+157.+{random}.private
+

+ base-64 encoding of HMAC-MD5 key created by + dnssec-keygen(8). +

+
+
+
+

SEE ALSO

+

RFC2136, + RFC3007, + RFC2104, + RFC2845, + RFC1034, + RFC2535, + RFC2931, + named(8), + dnssec-keygen(8). +

+
+
+

BUGS

+

+ The TSIG key is redundantly stored in two separate files. + This is a consequence of nsupdate using the DST library + for its cryptographic operations, and may change in future + releases. +

+
+
+ diff --git a/contrib/bind-9.3/bin/rndc/include/rndc/os.h b/contrib/bind-9.5.2/bin/rndc/include/rndc/os.h similarity index 79% rename from contrib/bind-9.3/bin/rndc/include/rndc/os.h rename to contrib/bind-9.5.2/bin/rndc/include/rndc/os.h index b5ade476b9..e48ee5119b 100644 --- a/contrib/bind-9.3/bin/rndc/include/rndc/os.h +++ b/contrib/bind-9.5.2/bin/rndc/include/rndc/os.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.4.206.1 2004/03/06 10:21:33 marka Exp $ */ +/* $Id: os.h,v 1.9.128.2 2009/01/19 23:47:01 tbox Exp $ */ + +/*! \file */ #ifndef RNDC_OS_H #define RNDC_OS_H 1 @@ -26,14 +28,14 @@ ISC_LANG_BEGINDECLS FILE *safe_create(const char *filename); -/* +/*%< * Open 'filename' for writing, truncate if necessary. If the file was * created ensure that only the owner can read/write it. */ int set_user(FILE *fd, const char *user); -/* - * Set the owner of the file refernced by 'fd' to 'user'. +/*%< + * Set the owner of the file referenced by 'fd' to 'user'. * Returns: * 0 success * -1 insufficient permissions, or 'user' does not exist. diff --git a/contrib/bind-9.3/bin/rndc/rndc-confgen.8 b/contrib/bind-9.5.2/bin/rndc/rndc-confgen.8 similarity index 89% rename from contrib/bind-9.3/bin/rndc/rndc-confgen.8 rename to contrib/bind-9.5.2/bin/rndc/rndc-confgen.8 index c6a421879b..405422ac4a 100644 --- a/contrib/bind-9.3/bin/rndc/rndc-confgen.8 +++ b/contrib/bind-9.5.2/bin/rndc/rndc-confgen.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2001, 2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.3.2.5.2.8 2006/06/29 13:02:31 marka Exp $ +.\" $Id: rndc-confgen.8,v 1.20.214.1 2009/07/11 01:43:30 tbox Exp $ .\" .hy 0 .ad l .\" Title: rndc\-confgen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Aug 27, 2001 .\" Manual: BIND9 .\" Source: BIND9 @@ -56,8 +56,9 @@ file and a \fBcontrols\fR statement altogether. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Do automatic \fBrndc\fR configuration. This creates a file @@ -100,31 +101,43 @@ option and set up a and \fInamed.conf\fR as directed. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. -.TP 3n +.RE +.PP \-c \fIkeyfile\fR +.RS 4 Used with the \fB\-a\fR option to specify an alternate location for \fIrndc.key\fR. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBrndc\-confgen\fR. -.TP 3n +.RE +.PP \-k \fIkeyname\fR +.RS 4 Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is \fBrndc\-key\fR. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR. The default is 953. -.TP 3n +.RE +.PP \-r \fIrandomfile\fR +.RS 4 Specifies a source of random data for generating the authorization. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -132,14 +145,18 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIaddress\fR +.RS 4 Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR. The default is the loopback address 127.0.0.1. -.TP 3n +.RE +.PP \-t \fIchrootdir\fR +.RS 4 Used with the \fB\-a\fR option to specify a directory where @@ -148,8 +165,10 @@ will run chrooted. An additional copy of the \fIrndc.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR. -.TP 3n +.RE +.PP \-u \fIuser\fR +.RS 4 Used with the \fB\-a\fR option to set the owner of the @@ -157,6 +176,7 @@ option to set the owner of the file generated. If \fB\-t\fR is also specified only the file in the chroot area has its owner changed. +.RE .SH "EXAMPLES" .PP To allow @@ -185,4 +205,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2001, 2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/rndc/rndc-confgen.c b/contrib/bind-9.5.2/bin/rndc/rndc-confgen.c similarity index 89% rename from contrib/bind-9.3/bin/rndc/rndc-confgen.c rename to contrib/bind-9.5.2/bin/rndc/rndc-confgen.c index f6e578ed98..c37b7e3a33 100644 --- a/contrib/bind-9.3/bin/rndc/rndc-confgen.c +++ b/contrib/bind-9.5.2/bin/rndc/rndc-confgen.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc-confgen.c,v 1.9.2.6.2.5 2004/09/28 07:14:57 marka Exp $ */ +/* $Id: rndc-confgen.c,v 1.24.128.2 2008/10/15 23:46:53 tbox Exp $ */ + +/*! \file */ + +/** + * rndc-confgen generates configuration files for rndc. It can be used + * as a convenient alternative to writing the rndc.conf file and the + * corresponding controls and key statements in named.conf by hand. + * Alternatively, it can be run with the -a option to set up a + * rndc.key file and avoid the need for a rndc.conf file and a + * controls statement altogether. + */ #include @@ -45,13 +56,13 @@ #include "util.h" -#define DEFAULT_KEYLENGTH 128 /* Bits. */ +#define DEFAULT_KEYLENGTH 128 /*% Bits. */ #define DEFAULT_KEYNAME "rndc-key" #define DEFAULT_SERVER "127.0.0.1" #define DEFAULT_PORT 953 static char program[256]; -char *progname; +const char *progname; isc_boolean_t verbose = ISC_FALSE; @@ -78,7 +89,7 @@ Usage:\n\ exit (status); } -/* +/*% * Write an rndc.key file to 'keyfile'. If 'user' is non-NULL, * make that user the owner of the file. The key will have * the name 'keyname' and the secret in the buffer 'secret'. @@ -137,7 +148,7 @@ main(int argc, char **argv) { isc_boolean_t keyonly = ISC_FALSE; int len; - keydef = keyfile = RNDC_KEYFILE; + keydef = keyfile = RNDC_KEYFILE; result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) @@ -149,6 +160,8 @@ main(int argc, char **argv) { serveraddr = DEFAULT_SERVER; port = DEFAULT_PORT; + isc_commandline_errprint = ISC_FALSE; + while ((ch = isc_commandline_parse(argc, argv, "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) { switch (ch) { @@ -203,12 +216,17 @@ main(int argc, char **argv) { verbose = ISC_TRUE; break; case '?': - usage(1); + if (isc_commandline_option != '?') { + fprintf(stderr, "%s: invalid argument -%c\n", + program, isc_commandline_option); + usage(1); + } else + usage(0); break; default: - fatal("unexpected error parsing command arguments: " - "got %c\n", ch); - break; + fprintf(stderr, "%s: unhandled option -%c\n", + program, isc_commandline_option); + exit(1); } } @@ -275,7 +293,7 @@ main(int argc, char **argv) { fatal("isc_mem_get(%d) failed\n", len); snprintf(buf, len, "%s%s%s", chrootdir, (*keyfile != '/') ? "/" : "", keyfile); - + write_key_file(buf, user, keyname, &key_txtbuffer); isc_mem_put(mctx, buf, len); } diff --git a/contrib/bind-9.5.2/bin/rndc/rndc-confgen.html b/contrib/bind-9.5.2/bin/rndc/rndc-confgen.html new file mode 100644 index 0000000000..0219888027 --- /dev/null +++ b/contrib/bind-9.5.2/bin/rndc/rndc-confgen.html @@ -0,0 +1,188 @@ + + + + + +rndc-confgen + + +
+
+
+

Name

+

rndc-confgen — rndc key generation tool

+
+
+

Synopsis

+

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

+
+
+

DESCRIPTION

+

rndc-confgen + generates configuration files + for rndc. It can be used as a + convenient alternative to writing the + rndc.conf file + and the corresponding controls + and key + statements in named.conf by hand. + Alternatively, it can be run with the -a + option to set up a rndc.key file and + avoid the need for a rndc.conf file + and a controls statement altogether. +

+
+
+

OPTIONS

+
+
-a
+
+

+ Do automatic rndc configuration. + This creates a file rndc.key + in /etc (or whatever + sysconfdir + was specified as when BIND was + built) + that is read by both rndc + and named on startup. The + rndc.key file defines a default + command channel and authentication key allowing + rndc to communicate with + named on the local host + with no further configuration. +

+

+ Running rndc-confgen -a allows + BIND 9 and rndc to be used as + drop-in + replacements for BIND 8 and ndc, + with no changes to the existing BIND 8 + named.conf file. +

+

+ If a more elaborate configuration than that + generated by rndc-confgen -a + is required, for example if rndc is to be used remotely, + you should run rndc-confgen without + the + -a option and set up a + rndc.conf and + named.conf + as directed. +

+
+
-b keysize
+

+ Specifies the size of the authentication key in bits. + Must be between 1 and 512 bits; the default is 128. +

+
-c keyfile
+

+ Used with the -a option to specify + an alternate location for rndc.key. +

+
-h
+

+ Prints a short summary of the options and arguments to + rndc-confgen. +

+
-k keyname
+

+ Specifies the key name of the rndc authentication key. + This must be a valid domain name. + The default is rndc-key. +

+
-p port
+

+ Specifies the command channel port where named + listens for connections from rndc. + The default is 953. +

+
-r randomfile
+

+ Specifies a source of random data for generating the + authorization. If the operating + system does not provide a /dev/random + or equivalent device, the default source of randomness + is keyboard input. randomdev + specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + keyboard indicates that keyboard + input should be used. +

+
-s address
+

+ Specifies the IP address where named + listens for command channel connections from + rndc. The default is the loopback + address 127.0.0.1. +

+
-t chrootdir
+

+ Used with the -a option to specify + a directory where named will run + chrooted. An additional copy of the rndc.key + will be written relative to this directory so that + it will be found by the chrooted named. +

+
-u user
+

+ Used with the -a option to set the + owner + of the rndc.key file generated. + If + -t is also specified only the file + in + the chroot area has its owner changed. +

+
+
+
+

EXAMPLES

+

+ To allow rndc to be used with + no manual configuration, run +

+

rndc-confgen -a +

+

+ To print a sample rndc.conf file and + corresponding controls and key + statements to be manually inserted into named.conf, + run +

+

rndc-confgen +

+
+
+

SEE ALSO

+

rndc(8), + rndc.conf(5), + named(8), + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/rndc/rndc.8 b/contrib/bind-9.5.2/bin/rndc/rndc.8 similarity index 70% rename from contrib/bind-9.3/bin/rndc/rndc.8 rename to contrib/bind-9.5.2/bin/rndc/rndc.8 index 04bd133f37..596d8543d4 100644 --- a/contrib/bind-9.3/bin/rndc/rndc.8 +++ b/contrib/bind-9.5.2/bin/rndc/rndc.8 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.206.6 2006/06/29 13:02:30 marka Exp $ +.\" $Id: rndc.8,v 1.42.10.1 2009/07/11 01:43:29 tbox Exp $ .\" .hy 0 .ad l .\" Title: rndc .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ rndc \- name server control utility .SH "SYNOPSIS" .HP 5 -\fBrndc\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command} +\fBrndc\fR [\fB\-b\ \fR\fB\fIsource\-address\fR\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command} .SH "DESCRIPTION" .PP \fBrndc\fR @@ -47,20 +47,29 @@ is invoked with no command line options or arguments, it prints a short summary communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of \fBrndc\fR and -\fBnamed\fR -named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. +\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. .PP \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. .SH "OPTIONS" -.TP 3n +.PP +\-b \fIsource\-address\fR +.RS 4 +Use +\fIsource\-address\fR +as the source address for the connection to the server. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses. +.RE +.PP \-c \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/rndc.conf\fR. -.TP 3n +.RE +.PP \-k \fIkey\-file\fR +.RS 4 Use \fIkey\-file\fR as the key file instead of the default, @@ -69,30 +78,41 @@ as the key file instead of the default, will be used to authenticate commands sent to the server if the \fIconfig\-file\fR does not exist. -.TP 3n +.RE +.PP \-s \fIserver\fR +.RS 4 \fIserver\fR is the name or address of the server which matches a server statement in the configuration file for -\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used. -.TP 3n +\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the +\fBrndc\fR +configuration file will be used. +.RE +.PP \-p \fIport\fR +.RS 4 Send commands to TCP port \fIport\fR instead of BIND 9's default control channel port, 953. -.TP 3n +.RE +.PP \-V +.RS 4 Enable verbose logging. -.TP 3n -\-y \fIkeyid\fR +.RE +.PP +\-y \fIkey_id\fR +.RS 4 Use the key -\fIkeyid\fR +\fIkey_id\fR from the configuration file. -\fIkeyid\fR +\fIkey_id\fR must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no -\fIkeyid\fR +\fIkey_id\fR is specified, \fBrndc\fR will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access. +.RE .PP For the complete set of commands supported by \fBrndc\fR, see the BIND 9 Administrator Reference Manual or run @@ -113,12 +133,16 @@ Several error messages could be clearer. .SH "SEE ALSO" .PP \fBrndc.conf\fR(5), +\fBrndc\-confgen\fR(8), \fBnamed\fR(8), -\fBnamed.conf\fR(5) +\fBnamed.conf\fR(5), \fBndc\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.3/bin/rndc/rndc.c b/contrib/bind-9.5.2/bin/rndc/rndc.c similarity index 76% rename from contrib/bind-9.3/bin/rndc/rndc.c rename to contrib/bind-9.5.2/bin/rndc/rndc.c index a5e912ddfd..51ed206fb5 100644 --- a/contrib/bind-9.3/bin/rndc/rndc.c +++ b/contrib/bind-9.5.2/bin/rndc/rndc.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.77.2.5.2.19 2006/08/04 03:03:08 marka Exp $ */ +/* $Id: rndc.c,v 1.118.128.6 2009/01/19 23:47:01 tbox Exp $ */ + +/*! \file */ /* * Principal Author: DCL @@ -30,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -50,13 +53,15 @@ #include #include +#include + #include #include "util.h" #define SERVERADDRS 10 -char *progname; +const char *progname; isc_boolean_t verbose; static const char *admin_conffile; @@ -64,6 +69,8 @@ static const char *admin_keyfile; static const char *version = VERSION; static const char *servername = NULL; static isc_sockaddr_t serveraddrs[SERVERADDRS]; +static isc_sockaddr_t local4, local6; +static isc_boolean_t local4set = ISC_FALSE, local6set = ISC_FALSE; static int nserveraddrs; static int currentaddr = 0; static unsigned int remoteport = 0; @@ -86,7 +93,7 @@ static void usage(int status) { fprintf(stderr, "\ Usage: %s [-c config] [-s server] [-p port]\n\ - [-k key-file ] [-y key] [-V] command\n\ + [-k key-file ] [-y key] [-V] command\n\ \n\ command is one of the following:\n\ \n\ @@ -97,10 +104,14 @@ command is one of the following:\n\ Schedule immediate maintenance for a zone.\n\ retransfer zone [class [view]]\n\ Retransfer a single zone without checking serial number.\n\ + freeze Suspend updates to all dynamic zones.\n\ freeze zone [class [view]]\n\ - Suspend updates to a dynamic zone.\n\ + Suspend updates to a dynamic zone.\n\ + thaw Enable updates to all dynamic zones and reload them.\n\ thaw zone [class [view]]\n\ - Enable updates to a frozen dynamic zone and reload it.\n\ + Enable updates to a frozen dynamic zone and reload it.\n\ + notify zone [class [view]]\n\ + Resend NOTIFY messages for the zone.\n\ reconfig Reload configuration file and new zones only.\n\ stats Write server statistics to the statistics file.\n\ querylog Toggle query logging.\n\ @@ -121,6 +132,8 @@ command is one of the following:\n\ Flush the given name from the server's cache(s)\n\ status Display status of the server.\n\ recursing Dump the queries that are currently recursing (named.recursing)\n\ + validation newstate [view]\n\ + Enable / disable DNSSEC validation.\n\ *restart Restart the server.\n\ \n\ * == not yet implemented\n\ @@ -133,11 +146,20 @@ Version: %s\n", static void get_addresses(const char *host, in_port_t port) { isc_result_t result; - - isc_app_block(); - result = bind9_getaddresses(servername, port, - serveraddrs, SERVERADDRS, &nserveraddrs); - isc_app_unblock(); + int found = 0, count; + + if (*host == '/') { + result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs], + host); + if (result == ISC_R_SUCCESS) + nserveraddrs++; + } else { + count = SERVERADDRS - nserveraddrs; + result = bind9_getaddresses(host, port, + &serveraddrs[nserveraddrs], + count, &found); + nserveraddrs += found; + } if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); @@ -174,10 +196,12 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) { if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" - "This may indicate that the remote server is using " - "an older version of \n" - "the command protocol, this host is not authorized " - "to connect,\nor the key is invalid."); + "This may indicate that\n" + "* the remote server is using an older version of" + " the command protocol,\n" + "* this host is not authorized to connect,\n" + "* the clocks are not synchronized, or\n" + "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); @@ -235,10 +259,12 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) { if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" - "This may indicate that the remote server is using " - "an older version of \n" - "the command protocol, this host is not authorized " - "to connect,\nor the key is invalid."); + "This may indicate that\n" + "* the remote server is using an older version of" + " the command protocol,\n" + "* this host is not authorized to connect,\n" + "* the clocks are not synchronized, or\n" + "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); @@ -343,7 +369,7 @@ rndc_connected(isc_task_t *task, isc_event_t *event) { r.base = databuf; isccc_ccmsg_init(mctx, sock, &ccmsg); - isccc_ccmsg_setmaxsize(&ccmsg, 1024); + isccc_ccmsg_setmaxsize(&ccmsg, 1024 * 1024); DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, rndc_recvnonce, NULL)); @@ -357,6 +383,8 @@ rndc_connected(isc_task_t *task, isc_event_t *event) { static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { isc_result_t result; + int pf; + isc_sockettype_t type; char socktext[ISC_SOCKADDR_FORMATSIZE]; @@ -364,9 +392,22 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { notify("using server %s (%s)", servername, socktext); - DO("create socket", isc_socket_create(socketmgr, - isc_sockaddr_pf(addr), - isc_sockettype_tcp, &sock)); + pf = isc_sockaddr_pf(addr); + if (pf == AF_INET || pf == AF_INET6) + type = isc_sockettype_tcp; + else + type = isc_sockettype_unix; + DO("create socket", isc_socket_create(socketmgr, pf, type, &sock)); + switch (isc_sockaddr_pf(addr)) { + case AF_INET: + DO("bind socket", isc_socket_bind(sock, &local4, 0)); + break; + case AF_INET6: + DO("bind socket", isc_socket_bind(sock, &local6, 0)); + break; + default: + break; + } DO("connect", isc_socket_connect(sock, addr, task, rndc_connected, NULL)); connects++; @@ -376,8 +417,6 @@ static void rndc_start(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); - get_addresses(servername, (in_port_t) remoteport); - currentaddr = 0; rndc_startconnect(&serveraddrs[currentaddr], task); } @@ -388,6 +427,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, { isc_result_t result; const char *conffile = admin_conffile; + const cfg_obj_t *addresses = NULL; const cfg_obj_t *defkey = NULL; const cfg_obj_t *options = NULL; const cfg_obj_t *servers = NULL; @@ -398,12 +438,14 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, const cfg_obj_t *secretobj = NULL; const cfg_obj_t *algorithmobj = NULL; cfg_obj_t *config = NULL; + const cfg_obj_t *address = NULL; const cfg_listelt_t *elt; const char *secretstr; const char *algorithm; static char secretarray[1024]; const cfg_type_t *conftype = &cfg_type_rndcconf; isc_boolean_t key_only = ISC_FALSE; + const cfg_listelt_t *element; if (! isc_file_exists(conffile)) { conffile = admin_keyfile; @@ -443,7 +485,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, (void)cfg_map_get(config, "server", &servers); if (servers != NULL) { for (elt = cfg_list_first(servers); - elt != NULL; + elt != NULL; elt = cfg_list_next(elt)) { const char *name; @@ -479,7 +521,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, else { DO("get config key list", cfg_map_get(config, "key", &keys)); for (elt = cfg_list_first(keys); - elt != NULL; + elt != NULL; elt = cfg_list_next(elt)) { key = cfg_listelt_value(elt); @@ -521,10 +563,96 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, if (defport != NULL) { remoteport = cfg_obj_asuint32(defport); if (remoteport > 65535 || remoteport == 0) - fatal("port %d out of range", remoteport); + fatal("port %u out of range", remoteport); } else if (remoteport == 0) remoteport = NS_CONTROL_PORT; + if (server != NULL) + result = cfg_map_get(server, "addresses", &addresses); + else + result = ISC_R_NOTFOUND; + if (result == ISC_R_SUCCESS) { + for (element = cfg_list_first(addresses); + element != NULL; + element = cfg_list_next(element)) + { + isc_sockaddr_t sa; + + address = cfg_listelt_value(element); + if (!cfg_obj_issockaddr(address)) { + unsigned int myport; + const char *name; + const cfg_obj_t *obj; + + obj = cfg_tuple_get(address, "name"); + name = cfg_obj_asstring(obj); + obj = cfg_tuple_get(address, "port"); + if (cfg_obj_isuint32(obj)) { + myport = cfg_obj_asuint32(obj); + if (myport > ISC_UINT16_MAX || + myport == 0) + fatal("port %u out of range", + myport); + } else + myport = remoteport; + if (nserveraddrs < SERVERADDRS) + get_addresses(name, (in_port_t) myport); + else + fprintf(stderr, "too many address: " + "%s: dropped\n", name); + continue; + } + sa = *cfg_obj_assockaddr(address); + if (isc_sockaddr_getport(&sa) == 0) + isc_sockaddr_setport(&sa, remoteport); + if (nserveraddrs < SERVERADDRS) + serveraddrs[nserveraddrs++] = sa; + else { + char socktext[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(&sa, socktext, + sizeof(socktext)); + fprintf(stderr, + "too many address: %s: dropped\n", + socktext); + } + } + } + + if (!local4set && server != NULL) { + address = NULL; + cfg_map_get(server, "source-address", &address); + if (address != NULL) { + local4 = *cfg_obj_assockaddr(address); + local4set = ISC_TRUE; + } + } + if (!local4set && options != NULL) { + address = NULL; + cfg_map_get(options, "default-source-address", &address); + if (address != NULL) { + local4 = *cfg_obj_assockaddr(address); + local4set = ISC_TRUE; + } + } + + if (!local6set && server != NULL) { + address = NULL; + cfg_map_get(server, "source-address-v6", &address); + if (address != NULL) { + local6 = *cfg_obj_assockaddr(address); + local6set = ISC_TRUE; + } + } + if (!local6set && options != NULL) { + address = NULL; + cfg_map_get(options, "default-source-address-v6", &address); + if (address != NULL) { + local6 = *cfg_obj_assockaddr(address); + local6set = ISC_TRUE; + } + } + *configp = config; } @@ -540,6 +668,8 @@ main(int argc, char **argv) { cfg_parser_t *pctx = NULL; cfg_obj_t *config = NULL; const char *keyname = NULL; + struct in_addr in; + struct in6_addr in6; char *p; size_t argslen; int ch; @@ -553,13 +683,30 @@ main(int argc, char **argv) { admin_conffile = RNDC_CONFFILE; admin_keyfile = RNDC_KEYFILE; + isc_sockaddr_any(&local4); + isc_sockaddr_any6(&local6); + result = isc_app_start(); if (result != ISC_R_SUCCESS) fatal("isc_app_start() failed: %s", isc_result_totext(result)); - while ((ch = isc_commandline_parse(argc, argv, "c:k:Mmp:s:Vy:")) + isc_commandline_errprint = ISC_FALSE; + + while ((ch = isc_commandline_parse(argc, argv, "b:c:hk:Mmp:s:Vy:")) != -1) { switch (ch) { + case 'b': + if (inet_pton(AF_INET, isc_commandline_argument, + &in) == 1) { + isc_sockaddr_fromin(&local4, &in, 0); + local4set = ISC_TRUE; + } else if (inet_pton(AF_INET6, isc_commandline_argument, + &in6) == 1) { + isc_sockaddr_fromin6(&local6, &in6, 0); + local6set = ISC_TRUE; + } + break; + case 'c': admin_conffile = isc_commandline_argument; break; @@ -586,19 +733,28 @@ main(int argc, char **argv) { case 's': servername = isc_commandline_argument; break; + case 'V': verbose = ISC_TRUE; break; + case 'y': keyname = isc_commandline_argument; break; + case '?': + if (isc_commandline_option != '?') { + fprintf(stderr, "%s: invalid argument -%c\n", + program, isc_commandline_option); + usage(1); + } + case 'h': usage(0); break; default: - fatal("unexpected error parsing command arguments: " - "got %c\n", ch); - break; + fprintf(stderr, "%s: unhandled option -%c\n", + program, isc_commandline_option); + exit(1); } } @@ -624,7 +780,7 @@ main(int argc, char **argv) { logdest.file.maximum_size = 0; DO("creating log channel", isc_log_createchannel(logconfig, "stderr", - ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, + ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL)); DO("enabling log channel", isc_log_usechannel(logconfig, "stderr", NULL, NULL)); @@ -665,6 +821,9 @@ main(int argc, char **argv) { if (strcmp(command, "restart") == 0) fatal("'%s' is not implemented", command); + if (nserveraddrs == 0) + get_addresses(servername, (in_port_t) remoteport); + DO("post event", isc_app_onrun(mctx, task, rndc_start, NULL)); result = isc_app_run(); @@ -686,6 +845,8 @@ main(int argc, char **argv) { isc_mem_put(mctx, args, argslen); isccc_ccmsg_invalidate(&ccmsg); + dns_name_destroy(); + if (show_final_mem) isc_mem_stats(mctx, stderr); diff --git a/contrib/bind-9.3/bin/rndc/rndc.conf b/contrib/bind-9.5.2/bin/rndc/rndc.conf similarity index 70% rename from contrib/bind-9.3/bin/rndc/rndc.conf rename to contrib/bind-9.5.2/bin/rndc/rndc.conf index 1dc56074d7..67542b91c7 100644 --- a/contrib/bind-9.3/bin/rndc/rndc.conf +++ b/contrib/bind-9.5.2/bin/rndc/rndc.conf @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.conf,v 1.7.206.1 2004/03/06 10:21:32 marka Exp $ */ +/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */ /* * Sample rndc configuration file. @@ -30,6 +30,17 @@ server localhost { key "key"; }; +key "cc64b3d1db63fc88d7cb5d2f9f57d258" { + algorithm hmac-md5; + secret "34f88008d07deabbe65bd01f1d233d47"; +}; + +server "test1" { + key "cc64b3d1db63fc88d7cb5d2f9f57d258"; + port 5353; + addresses { 10.53.0.1; }; +}; + key "key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; diff --git a/contrib/bind-9.3/bin/rndc/rndc.conf.5 b/contrib/bind-9.5.2/bin/rndc/rndc.conf.5 similarity index 73% rename from contrib/bind-9.3/bin/rndc/rndc.conf.5 rename to contrib/bind-9.5.2/bin/rndc/rndc.conf.5 index 3a06a44cd0..9265664038 100644 --- a/contrib/bind-9.3/bin/rndc/rndc.conf.5 +++ b/contrib/bind-9.5.2/bin/rndc/rndc.conf.5 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.21.206.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: rndc.conf.5,v 1.38.162.1 2009/07/11 01:43:30 tbox Exp $ .\" .hy 0 .ad l .\" Title: \fIrndc.conf\fR .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -53,7 +53,7 @@ is much simpler than .PP The \fBoptions\fR -statement contains three clauses. The +statement contains five clauses. The \fBdefault\-server\fR clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to \fBrndc\fR. The @@ -74,14 +74,25 @@ option is provided on the rndc command line, and no \fBport\fR clause is found in a matching \fBserver\fR -statement, this default port will be used to connect. +statement, this default port will be used to connect. The +\fBdefault\-source\-address\fR +and +\fBdefault\-source\-address\-v6\fR +clauses which can be used to set the IPv4 and IPv6 source addresses respectively. .PP After the \fBserver\fR -keyword, the server statement includes a string which is the hostname or address for a name server. The statement has two possible clauses: -\fBkey\fR +keyword, the server statement includes a string which is the hostname or address for a name server. The statement has three possible clauses: +\fBkey\fR, +\fBport\fR and -\fBport\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. +\fBaddresses\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. If an +\fBaddresses\fR +clause is supplied these addresses will be used instead of the server name. Each address can take an optional port. If an +\fBsource\-address\fR +or +\fBsource\-address\-v6\fR +of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively. .PP The \fBkey\fR @@ -100,27 +111,66 @@ program, also known as \fBmmencode\fR does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each. .SH "EXAMPLE" -.sp -.RS 3n +.PP +.RS 4 .nf - options { + options { default\-server localhost; default\-key samplekey; }; +.fi +.RE +.sp +.PP +.RS 4 +.nf server localhost { key samplekey; }; +.fi +.RE +.sp +.PP +.RS 4 +.nf + server testserver { + key testkey; + addresses { localhost port 5353; }; + }; +.fi +.RE +.sp +.PP +.RS 4 +.nf key samplekey { algorithm hmac\-md5; - secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; + secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz"; }; .fi .RE +.sp +.PP +.RS 4 +.nf + key testkey { + algorithm hmac\-md5; + secret "R3HI8P6BKw9ZwXwN3VZKuQ=="; + }; +.fi +.RE +.sp .PP In the above example, \fBrndc\fR will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes. .PP +If +\fBrndc \-s testserver\fR +is used then +\fBrndc\fR +will connect to server on localhost port 5353 using the key testkey. +.PP To generate a random secret with \fBrndc\-confgen\fR: .PP @@ -128,7 +178,7 @@ To generate a random secret with .PP A complete \fIrndc.conf\fR -file, including the randomly generated key, will be written to the standard output. Commented out +file, including the randomly generated key, will be written to the standard output. Commented\-out \fBkey\fR and \fBcontrols\fR @@ -158,4 +208,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/bin/rndc/rndc.conf.html b/contrib/bind-9.5.2/bin/rndc/rndc.conf.html new file mode 100644 index 0000000000..367bd5cd50 --- /dev/null +++ b/contrib/bind-9.5.2/bin/rndc/rndc.conf.html @@ -0,0 +1,217 @@ + + + + + +rndc.conf + + +
+
+
+

Name

+

rndc.conf — rndc configuration file

+
+
+

Synopsis

+

rndc.conf

+
+
+

DESCRIPTION

+

rndc.conf is the configuration file + for rndc, the BIND 9 name server control + utility. This file has a similar structure and syntax to + named.conf. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: +

+

+ C style: /* */ +

+

+ C++ style: // to end of line +

+

+ Unix style: # to end of line +

+

rndc.conf is much simpler than + named.conf. The file uses three + statements: an options statement, a server statement + and a key statement. +

+

+ The options statement contains five clauses. + The default-server clause is followed by the + name or address of a name server. This host will be used when + no name server is given as an argument to + rndc. The default-key + clause is followed by the name of a key which is identified by + a key statement. If no + keyid is provided on the rndc command line, + and no key clause is found in a matching + server statement, this default key will be + used to authenticate the server's commands and responses. The + default-port clause is followed by the port + to connect to on the remote name server. If no + port option is provided on the rndc command + line, and no port clause is found in a + matching server statement, this default port + will be used to connect. + The default-source-address and + default-source-address-v6 clauses which + can be used to set the IPv4 and IPv6 source addresses + respectively. +

+

+ After the server keyword, the server + statement includes a string which is the hostname or address + for a name server. The statement has three possible clauses: + key, port and + addresses. The key name must match the + name of a key statement in the file. The port number + specifies the port to connect to. If an addresses + clause is supplied these addresses will be used instead of + the server name. Each address can take an optional port. + If an source-address or source-address-v6 + of supplied then these will be used to specify the IPv4 and IPv6 + source addresses respectively. +

+

+ The key statement begins with an identifying + string, the name of the key. The statement has two clauses. + algorithm identifies the encryption algorithm + for rndc to use; currently only HMAC-MD5 + is + supported. This is followed by a secret clause which contains + the base-64 encoding of the algorithm's encryption key. The + base-64 string is enclosed in double quotes. +

+

+ There are two common ways to generate the base-64 string for the + secret. The BIND 9 program rndc-confgen + can + be used to generate a random key, or the + mmencode program, also known as + mimencode, can be used to generate a + base-64 + string from known input. mmencode does + not + ship with BIND 9 but is available on many systems. See the + EXAMPLE section for sample command lines for each. +

+
+
+

EXAMPLE

+
+      options {
+        default-server  localhost;
+        default-key     samplekey;
+      };
+
+

+

+
+      server localhost {
+        key             samplekey;
+      };
+
+

+

+
+      server testserver {
+        key		testkey;
+        addresses	{ localhost port 5353; };
+      };
+
+

+

+
+      key samplekey {
+        algorithm       hmac-md5;
+        secret          "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
+      };
+
+

+

+
+      key testkey {
+        algorithm	hmac-md5;
+        secret		"R3HI8P6BKw9ZwXwN3VZKuQ==";
+      };
+
+

+

+

+ In the above example, rndc will by + default use + the server at localhost (127.0.0.1) and the key called samplekey. + Commands to the localhost server will use the samplekey key, which + must also be defined in the server's configuration file with the + same name and secret. The key statement indicates that samplekey + uses the HMAC-MD5 algorithm and its secret clause contains the + base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. +

+

+ If rndc -s testserver is used then rndc will + connect to server on localhost port 5353 using the key testkey. +

+

+ To generate a random secret with rndc-confgen: +

+

rndc-confgen +

+

+ A complete rndc.conf file, including + the + randomly generated key, will be written to the standard + output. Commented-out key and + controls statements for + named.conf are also printed. +

+

+ To generate a base-64 secret with mmencode: +

+

echo "known plaintext for a secret" | mmencode +

+
+
+

NAME SERVER CONFIGURATION

+

+ The name server must be configured to accept rndc connections and + to recognize the key specified in the rndc.conf + file, using the controls statement in named.conf. + See the sections on the controls statement in the + BIND 9 Administrator Reference Manual for details. +

+
+
+

SEE ALSO

+

rndc(8), + rndc-confgen(8), + mmencode(1), + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.5.2/bin/rndc/rndc.html b/contrib/bind-9.5.2/bin/rndc/rndc.html new file mode 100644 index 0000000000..2aacf741df --- /dev/null +++ b/contrib/bind-9.5.2/bin/rndc/rndc.html @@ -0,0 +1,165 @@ + + + + + +rndc + + +
+
+
+

Name

+

rndc — name server control utility

+
+
+

Synopsis

+

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

+
+
+

DESCRIPTION

+

rndc + controls the operation of a name + server. It supersedes the ndc utility + that was provided in old BIND releases. If + rndc is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. +

+

rndc + communicates with the name server + over a TCP connection, sending commands authenticated with + digital signatures. In the current versions of + rndc and named, + the only supported authentication algorithm is HMAC-MD5, + which uses a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. +

+

rndc + reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. +

+
+
+

OPTIONS

+
+
-b source-address
+

+ Use source-address + as the source address for the connection to the server. + Multiple instances are permitted to allow setting of both + the IPv4 and IPv6 source addresses. +

+
-c config-file
+

+ Use config-file + as the configuration file instead of the default, + /etc/rndc.conf. +

+
-k key-file
+

+ Use key-file + as the key file instead of the default, + /etc/rndc.key. The key in + /etc/rndc.key will be used to + authenticate + commands sent to the server if the config-file + does not exist. +

+
-s server
+

server is + the name or address of the server which matches a + server statement in the configuration file for + rndc. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the rndc + configuration file will be used. +

+
-p port
+

+ Send commands to TCP port + port + instead + of BIND 9's default control channel port, 953. +

+
-V
+

+ Enable verbose logging. +

+
-y key_id
+

+ Use the key key_id + from the configuration file. + key_id + must be + known by named with the same algorithm and secret string + in order for control message validation to succeed. + If no key_id + is specified, rndc will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. +

+
+

+ For the complete set of commands supported by rndc, + see the BIND 9 Administrator Reference Manual or run + rndc without arguments to see its help + message. +

+
+
+

LIMITATIONS

+

rndc + does not yet support all the commands of + the BIND 8 ndc utility. +

+

+ There is currently no way to provide the shared secret for a + key_id without using the configuration file. +

+

+ Several error messages could be clearer. +

+
+
+

SEE ALSO

+

rndc.conf(5), + rndc-confgen(8), + named(8), + named.conf(5), + ndc(8), + BIND 9 Administrator Reference Manual. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/bin/rndc/unix/os.c b/contrib/bind-9.5.2/bin/rndc/unix/os.c similarity index 87% rename from contrib/bind-9.3/bin/rndc/unix/os.c rename to contrib/bind-9.5.2/bin/rndc/unix/os.c index 1adfdee9f1..ddf8259838 100644 --- a/contrib/bind-9.3/bin/rndc/unix/os.c +++ b/contrib/bind-9.5.2/bin/rndc/unix/os.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.5.206.1 2004/03/06 10:21:33 marka Exp $ */ +/* $Id: os.c,v 1.10 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/bin/rndc/util.c b/contrib/bind-9.5.2/bin/rndc/util.c similarity index 85% rename from contrib/bind-9.3/bin/rndc/util.c rename to contrib/bind-9.5.2/bin/rndc/util.c index 249cbe2ab1..c654462bf0 100644 --- a/contrib/bind-9.3/bin/rndc/util.c +++ b/contrib/bind-9.5.2/bin/rndc/util.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.c,v 1.2.206.1 2004/03/06 10:21:32 marka Exp $ */ +/* $Id: util.c,v 1.7 2007/06/19 23:46:59 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/bin/rndc/util.h b/contrib/bind-9.5.2/bin/rndc/util.h similarity index 84% rename from contrib/bind-9.3/bin/rndc/util.h rename to contrib/bind-9.5.2/bin/rndc/util.h index 3c19cd4475..7adcaa5bfa 100644 --- a/contrib/bind-9.3/bin/rndc/util.h +++ b/contrib/bind-9.5.2/bin/rndc/util.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.h,v 1.5.206.1 2004/03/06 10:21:32 marka Exp $ */ +/* $Id: util.h,v 1.10 2007/06/19 23:46:59 tbox Exp $ */ #ifndef RNDC_UTIL_H #define RNDC_UTIL_H 1 +/*! \file */ + #include #include diff --git a/contrib/bind-9.5.2/bind.keys b/contrib/bind-9.5.2/bind.keys new file mode 100644 index 0000000000..49e0a97e96 --- /dev/null +++ b/contrib/bind-9.5.2/bind.keys @@ -0,0 +1,6 @@ +trusted-keys { + # NOTE: This key is current as of September 2009. + # If it doesn't work, it may have expired; see + # https://www.isc.org/solutions/dlv for a replacement + dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh"; +}; diff --git a/contrib/bind-9.5.2/isc-config.sh.1 b/contrib/bind-9.5.2/isc-config.sh.1 new file mode 100644 index 0000000000..3e92b59646 --- /dev/null +++ b/contrib/bind-9.5.2/isc-config.sh.1 @@ -0,0 +1,87 @@ +.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: isc-config.sh.1,v 1.1.4.2 2009/02/20 23:46:49 tbox Exp $ +.\" +.hy 0 +.ad l +.\" Title: isc\-config.sh +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: December 19, 2008 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "ISC\-CONFIG.SH" "1" "December 19, 2008" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +isc\-config.sh \- Get information about the installed version of ISC BIND +.SH "SYNOPSIS" +.HP 14 +\fBisc\-config.sh\fR [\fB\-\-cflags\fR] [\fB\-\-exec\-prefix\fR] [\fB\-\-libs\fR] [\fB\-\-prefix\fR] [\fB\-\-version\fR] [libraries...] +.SH "DESCRIPTION" +.PP +\fBisc\-config.sh\fR +prints information related to the installed version of ISC BIND, such as the compiler and linker flags required to compile and link programs that use ISC BIND libraries. +.PP +The optional libraries are used to report specific details for compiling and linking for the listed libraries. The allowed choices are: +\fBisc\fR, +\fBisccc\fR, +\fBisccfg\fR, +\fBdns\fR, +\fBlwres\fR, and +\fBbind9\fR. Multiple libraries may be listed on the command line. (Some libraries require other libraries, so are implied.) +.SH "OPTIONS" +.PP +\-\-cflags +.RS 4 +Prints the compiler command line options required to compile files that use ISC BIND. Use the +\fBlibraries\fR +command line argument(s) to print additional specific flags to pass to the C compiler. +.RE +.PP +\-\-exec\-prefix +.RS 4 +Prints the directory prefix used in the ISC BIND installation for architecture dependent files to standard output. +.RE +.PP +\-\-libs +.RS 4 +Prints the linker command line options used to link with the ISC BIND libraries. Use the +\fBlibraries\fR +command line argument(s) to print additional specific flags. +.RE +.PP +\-\-prefix +.RS 4 +Prints the directory prefix used in the ISC BIND installation for architecture independent files to standard output. +.RE +.PP +\-\-version +.RS 4 +Prints the version of the installed ISC BIND suite. +.RE +.SH "RETURN VALUES" +.PP +\fBisc\-config.sh\fR +returns an exit status of 1 if invoked with invalid arguments or no arguments at all. It returns 0 if information was successfully printed. +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/contrib/bind-9.5.2/isc-config.sh.docbook b/contrib/bind-9.5.2/isc-config.sh.docbook new file mode 100644 index 0000000000..df77cbbf75 --- /dev/null +++ b/contrib/bind-9.5.2/isc-config.sh.docbook @@ -0,0 +1,160 @@ +]> + + + + + + December 19, 2008 + + + + isc-config.sh + 1 + BIND9 + + + + + 2009 + Internet Systems Consortium, Inc. ("ISC") + + + + + isc-config.sh + Get information about the installed version of ISC BIND + + + + + isc-config.sh + + + + + + libraries + + + + + DESCRIPTION + isc-config.sh + prints information related to the installed version of ISC BIND, + such as the compiler and linker flags required to compile + and link programs that use ISC BIND libraries. + + + The optional libraries are used to report specific details + for compiling and linking for the listed libraries. + The allowed choices are: + , + , + , + , + , and + . + Multiple libraries may be listed on the command line. + (Some libraries require other libraries, so are implied.) + + + + + + OPTIONS + + + + + --cflags + + + Prints the compiler command line options required to + compile files that use ISC BIND. + Use the command line argument(s) + to print additional specific flags to pass to the C compiler. + + + + + + --exec-prefix + + + Prints the directory prefix used in the ISC BIND installation + for architecture dependent files to standard output. + + + + + + --libs + + + Prints the linker command line options used to + link with the ISC BIND libraries. + Use the command line argument(s) + to print additional specific flags. + + + + + + --prefix + + + Prints the directory prefix used in the ISC BIND installation + for architecture independent files to standard output. + + + + + + --version + + + Prints the version of the installed ISC BIND suite. + + + + + + + + + + RETURN VALUES + isc-config.sh + returns an exit status of 1 if + invoked with invalid arguments or no arguments at all. + It returns 0 if information was successfully printed. + + + + + AUTHOR + Internet Systems Consortium + + + + diff --git a/contrib/bind-9.5.2/isc-config.sh.html b/contrib/bind-9.5.2/isc-config.sh.html new file mode 100644 index 0000000000..9ccf04e9e1 --- /dev/null +++ b/contrib/bind-9.5.2/isc-config.sh.html @@ -0,0 +1,102 @@ + + + + + + +isc-config.sh + + +
+
+
+

Name

+

isc-config.sh — Get information about the installed version of ISC BIND

+
+
+

Synopsis

+

isc-config.sh [--cflags] [--exec-prefix] [--libs] [--prefix] [--version] [libraries...]

+
+
+

DESCRIPTION

+

isc-config.sh + prints information related to the installed version of ISC BIND, + such as the compiler and linker flags required to compile + and link programs that use ISC BIND libraries. +

+

+ The optional libraries are used to report specific details + for compiling and linking for the listed libraries. + The allowed choices are: + isc, + isccc, + isccfg, + dns, + lwres, and + bind9. + Multiple libraries may be listed on the command line. + (Some libraries require other libraries, so are implied.) +

+
+
+

OPTIONS

+
+
--cflags
+

+ Prints the compiler command line options required to + compile files that use ISC BIND. + Use the libraries command line argument(s) + to print additional specific flags to pass to the C compiler. +

+
--exec-prefix
+

+ Prints the directory prefix used in the ISC BIND installation + for architecture dependent files to standard output. +

+
--libs
+

+ Prints the linker command line options used to + link with the ISC BIND libraries. + Use the libraries command line argument(s) + to print additional specific flags. +

+
--prefix
+

+ Prints the directory prefix used in the ISC BIND installation + for architecture independent files to standard output. +

+
--version
+

+ Prints the version of the installed ISC BIND suite. +

+
+
+
+

RETURN VALUES

+

isc-config.sh + returns an exit status of 1 if + invoked with invalid arguments or no arguments at all. + It returns 0 if information was successfully printed. +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/contrib/bind-9.3/lib/bind/README b/contrib/bind-9.5.2/lib/bind/README similarity index 100% rename from contrib/bind-9.3/lib/bind/README rename to contrib/bind-9.5.2/lib/bind/README diff --git a/contrib/bind-9.5.2/lib/bind/api b/contrib/bind-9.5.2/lib/bind/api new file mode 100644 index 0000000000..7ffeba810f --- /dev/null +++ b/contrib/bind-9.5.2/lib/bind/api @@ -0,0 +1,3 @@ +LIBINTERFACE = 5 +LIBREVISION = 2 +LIBAGE = 1 diff --git a/contrib/bind-9.3/lib/bind/bsd/daemon.c b/contrib/bind-9.5.2/lib/bind/bsd/daemon.c similarity index 96% rename from contrib/bind-9.3/lib/bind/bsd/daemon.c rename to contrib/bind-9.5.2/lib/bind/bsd/daemon.c index a1472f969b..54ff83b753 100644 --- a/contrib/bind-9.3/lib/bind/bsd/daemon.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/daemon.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: daemon.c,v 1.1 2001/03/29 06:30:31 marka Exp $"; +static const char rcsid[] = "$Id: daemon.c,v 1.2 2005/04/27 04:56:10 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -77,3 +77,5 @@ daemon(int nochdir, int noclose) { return (0); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/ftruncate.c b/contrib/bind-9.5.2/lib/bind/bsd/ftruncate.c similarity index 91% rename from contrib/bind-9.3/lib/bind/bsd/ftruncate.c rename to contrib/bind-9.5.2/lib/bind/bsd/ftruncate.c index 56ce8d34a9..5ac4ebac9b 100644 --- a/contrib/bind-9.3/lib/bind/bsd/ftruncate.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/ftruncate.c @@ -1,8 +1,9 @@ #ifndef LINT -static const char rcsid[] = "$Id: ftruncate.c,v 1.1 2001/03/29 06:30:32 marka Exp $"; +static const char rcsid[] = "$Id: ftruncate.c,v 1.3 2005/04/27 18:16:45 sra Exp $"; #endif -/* +/*! \file + * \brief * ftruncate - set file size, BSD Style * * shortens or enlarges the file as neeeded diff --git a/contrib/bind-9.3/lib/bind/bsd/gettimeofday.c b/contrib/bind-9.5.2/lib/bind/bsd/gettimeofday.c similarity index 91% rename from contrib/bind-9.3/lib/bind/bsd/gettimeofday.c rename to contrib/bind-9.5.2/lib/bind/bsd/gettimeofday.c index ffde020213..75b69430f6 100644 --- a/contrib/bind-9.3/lib/bind/bsd/gettimeofday.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/gettimeofday.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Id: gettimeofday.c,v 1.1.2.2 2002/07/12 00:49:51 marka Exp $"; +static const char rcsid[] = "$Id: gettimeofday.c,v 1.4 2005/04/27 04:56:11 sra Exp $"; #endif #include "port_before.h" @@ -9,7 +9,7 @@ static const char rcsid[] = "$Id: gettimeofday.c,v 1.1.2.2 2002/07/12 00:49:51 m #include "port_after.h" #if !defined(NEED_GETTIMEOFDAY) -/* +/*% * gettimeofday() occasionally returns invalid tv_usec on some platforms. */ #define MILLION 1000000 @@ -60,3 +60,5 @@ gettimeofday(struct timeval *tvp, struct _TIMEZONE *tzp) { return (0); } #endif /*NEED_GETTIMEOFDAY*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/mktemp.c b/contrib/bind-9.5.2/lib/bind/bsd/mktemp.c similarity index 96% rename from contrib/bind-9.3/lib/bind/bsd/mktemp.c rename to contrib/bind-9.5.2/lib/bind/bsd/mktemp.c index 9852a356ac..001b24b58f 100644 --- a/contrib/bind-9.3/lib/bind/bsd/mktemp.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/mktemp.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)mktemp.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: mktemp.c,v 1.1 2001/03/29 06:30:33 marka Exp $"; +static const char rcsid[] = "$Id: mktemp.c,v 1.2 2005/04/27 04:56:11 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -96,7 +96,7 @@ gettemp(char *path, int *doopen) { u_int pid; pid = getpid(); - for (trv = path; *trv; ++trv); /* extra X's get set to 0's */ + for (trv = path; *trv; ++trv); /*%< extra X's get set to 0's */ while (*--trv == 'X') { *trv = (pid % 10) + '0'; pid /= 10; @@ -152,3 +152,5 @@ gettemp(char *path, int *doopen) { } #endif /*NEED_MKTEMP*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/putenv.c b/contrib/bind-9.5.2/lib/bind/bsd/putenv.c similarity index 77% rename from contrib/bind-9.3/lib/bind/bsd/putenv.c rename to contrib/bind-9.5.2/lib/bind/bsd/putenv.c index abaa525d36..2dcbc57e6c 100644 --- a/contrib/bind-9.3/lib/bind/bsd/putenv.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/putenv.c @@ -1,11 +1,11 @@ #ifndef LINT -static const char rcsid[] = "$Id: putenv.c,v 1.1 2001/03/29 06:30:33 marka Exp $"; +static const char rcsid[] = "$Id: putenv.c,v 1.2 2005/04/27 04:56:11 sra Exp $"; #endif #include "port_before.h" #include "port_after.h" -/* +/*% * To give a little credit to Sun, SGI, * and many vendors in the SysV world. */ @@ -23,3 +23,5 @@ putenv(char *str) { return (setenv(str, tmp, 1)); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/readv.c b/contrib/bind-9.5.2/lib/bind/bsd/readv.c similarity index 85% rename from contrib/bind-9.3/lib/bind/bsd/readv.c rename to contrib/bind-9.5.2/lib/bind/bsd/readv.c index ccfcb5af33..5fa691a92f 100644 --- a/contrib/bind-9.3/lib/bind/bsd/readv.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/readv.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Id: readv.c,v 1.1 2001/03/29 06:30:35 marka Exp $"; +static const char rcsid[] = "$Id: readv.c,v 1.2 2005/04/27 04:56:11 sra Exp $"; #endif #include "port_before.h" @@ -36,3 +36,4 @@ __readv(fd, vp, vpcount) return (count); } #endif /* NEED_READV */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/setenv.c b/contrib/bind-9.5.2/lib/bind/bsd/setenv.c similarity index 85% rename from contrib/bind-9.3/lib/bind/bsd/setenv.c rename to contrib/bind-9.5.2/lib/bind/bsd/setenv.c index 6a11c9db82..baf00f6ff2 100644 --- a/contrib/bind-9.3/lib/bind/bsd/setenv.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/setenv.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)setenv.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: setenv.c,v 1.1 2001/03/29 06:30:35 marka Exp $"; +static const char rcsid[] = "$Id: setenv.c,v 1.2 2005/04/27 04:56:11 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -52,40 +52,40 @@ extern char **environ; static char *findenv(const char *name, int *offset); -/* +/*% * setenv -- * Set the value of the environmental variable "name" to be * "value". If rewrite is set, replace any current value. */ setenv(const char *name, const char *value, int rewrite) { extern char **environ; - static int alloced; /* if allocated space before */ + static int alloced; /*%< if allocated space before */ char *c; int l_value, offset; - if (*value == '=') /* no `=' in value */ + if (*value == '=') /*%< no `=' in value */ ++value; l_value = strlen(value); - if ((c = findenv(name, &offset))) { /* find if already exists */ + if ((c = findenv(name, &offset))) { /*%< find if already exists */ if (!rewrite) return (0); - if (strlen(c) >= l_value) { /* old larger; copy over */ + if (strlen(c) >= l_value) { /*%< old larger; copy over */ while (*c++ = *value++); return (0); } - } else { /* create new slot */ + } else { /*%< create new slot */ int cnt; char **p; for (p = environ, cnt = 0; *p; ++p, ++cnt); - if (alloced) { /* just increase size */ + if (alloced) { /*%< just increase size */ environ = (char **)realloc((char *)environ, (size_t)(sizeof(char *) * (cnt + 2))); if (!environ) return (-1); } - else { /* get new space */ - alloced = 1; /* copy old entries into it */ + else { /*%< get new space */ + alloced = 1; /*%< copy old entries into it */ p = malloc((size_t)(sizeof(char *) * (cnt + 2))); if (!p) return (-1); @@ -95,8 +95,8 @@ setenv(const char *name, const char *value, int rewrite) { environ[cnt + 1] = NULL; offset = cnt; } - for (c = (char *)name; *c && *c != '='; ++c); /* no `=' in name */ - if (!(environ[offset] = /* name + `=' + value */ + for (c = (char *)name; *c && *c != '='; ++c); /*%< no `=' in name */ + if (!(environ[offset] = /*%< name + `=' + value */ malloc((size_t)((int)(c - name) + l_value + 2)))) return (-1); for (c = environ[offset]; (*c = *name++) && *c != '='; ++c); @@ -104,7 +104,7 @@ setenv(const char *name, const char *value, int rewrite) { return (0); } -/* +/*% * unsetenv(name) -- * Delete environmental variable "name". */ @@ -113,13 +113,13 @@ unsetenv(const char *name) { char **p; int offset; - while (findenv(name, &offset)) /* if set multiple times */ + while (findenv(name, &offset)) /*%< if set multiple times */ for (p = &environ[offset];; ++p) if (!(*p = *(p + 1))) break; } -/* +/*% * findenv -- * Returns pointer to value associated with name, if any, else NULL. * Sets offset to be the offset of the name/value combination in the @@ -147,3 +147,5 @@ findenv(const char *name, int *offset) { return (NULL); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/setitimer.c b/contrib/bind-9.5.2/lib/bind/bsd/setitimer.c similarity index 78% rename from contrib/bind-9.3/lib/bind/bsd/setitimer.c rename to contrib/bind-9.5.2/lib/bind/bsd/setitimer.c index 791846a299..67881d7ca8 100644 --- a/contrib/bind-9.3/lib/bind/bsd/setitimer.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/setitimer.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Id: setitimer.c,v 1.1 2001/03/29 06:30:35 marka Exp $"; +static const char rcsid[] = "$Id: setitimer.c,v 1.2 2005/04/27 04:56:12 sra Exp $"; #endif #include "port_before.h" @@ -8,7 +8,7 @@ static const char rcsid[] = "$Id: setitimer.c,v 1.1 2001/03/29 06:30:35 marka Ex #include "port_after.h" -/* +/*% * Setitimer emulation routine. */ #ifndef NEED_SETITIMER @@ -25,3 +25,5 @@ __setitimer(int which, const struct itimerval *value, return (-1); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/strcasecmp.c b/contrib/bind-9.5.2/lib/bind/bsd/strcasecmp.c similarity index 97% rename from contrib/bind-9.3/lib/bind/bsd/strcasecmp.c rename to contrib/bind-9.5.2/lib/bind/bsd/strcasecmp.c index c8c9d056bb..0c9f0dccf0 100644 --- a/contrib/bind-9.3/lib/bind/bsd/strcasecmp.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/strcasecmp.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: strcasecmp.c,v 1.1 2001/03/29 06:30:35 marka Exp $"; +static const char rcsid[] = "$Id: strcasecmp.c,v 1.2 2005/04/27 04:56:12 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -50,7 +50,7 @@ static const char rcsid[] = "$Id: strcasecmp.c,v 1.1 2001/03/29 06:30:35 marka E int __strcasecmp_unneeded__; #else -/* +/*% * This array is designed for mapping upper and lower case letter * together for a case independent comparison. The mappings are * based upon ascii character sequences. @@ -120,3 +120,5 @@ strncasecmp(const char *s1, const char *s2, size_t n) { } #endif /*NEED_STRCASECMP*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/strdup.c b/contrib/bind-9.5.2/lib/bind/bsd/strdup.c similarity index 94% rename from contrib/bind-9.3/lib/bind/bsd/strdup.c rename to contrib/bind-9.5.2/lib/bind/bsd/strdup.c index 246bc1f49f..a8d31e9587 100644 --- a/contrib/bind-9.3/lib/bind/bsd/strdup.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/strdup.c @@ -16,3 +16,5 @@ strdup(const char *src) { return (dst); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/strerror.c b/contrib/bind-9.5.2/lib/bind/bsd/strerror.c similarity index 89% rename from contrib/bind-9.3/lib/bind/bsd/strerror.c rename to contrib/bind-9.5.2/lib/bind/bsd/strerror.c index d13adbb03b..7b12592948 100644 --- a/contrib/bind-9.3/lib/bind/bsd/strerror.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/strerror.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)strerror.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: strerror.c,v 1.3.2.1 2001/11/02 17:45:31 gson Exp $"; +static const char rcsid[] = "$Id: strerror.c,v 1.5.672.1 2008/02/18 04:10:16 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -57,19 +57,21 @@ extern char *sys_errlist[]; const char * isc_strerror(int num) { #define UPREFIX "Unknown error: " - static char ebuf[40] = UPREFIX; /* 64-bit number + slop */ + static char ebuf[40] = UPREFIX; /*%< 64-bit number + slop */ u_int errnum; char *p, *t; +#ifndef USE_SYSERROR_LIST const char *ret; +#endif char tmp[40]; - errnum = num; /* convert to unsigned */ + errnum = num; /*%< convert to unsigned */ #ifdef USE_SYSERROR_LIST - if (errnum < sys_nerr) + if (errnum < (u_int)sys_nerr) return (sys_errlist[errnum]); #else #undef strerror - ret = strerror(num); /* call strerror() in libc */ + ret = strerror(num); /*%< call strerror() in libc */ if (ret != NULL) return(ret); #endif @@ -88,3 +90,5 @@ isc_strerror(int num) { } #endif /*NEED_STRERROR*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/strpbrk.c b/contrib/bind-9.5.2/lib/bind/bsd/strpbrk.c similarity index 96% rename from contrib/bind-9.3/lib/bind/bsd/strpbrk.c rename to contrib/bind-9.5.2/lib/bind/bsd/strpbrk.c index ff039e1594..4c12d88e1c 100644 --- a/contrib/bind-9.3/lib/bind/bsd/strpbrk.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/strpbrk.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)strpbrk.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: strpbrk.c,v 1.1 2001/03/29 06:30:36 marka Exp $"; +static const char rcsid[] = "$Id: strpbrk.c,v 1.2 2005/04/27 04:56:12 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -49,7 +49,7 @@ static const char rcsid[] = "$Id: strpbrk.c,v 1.1 2001/03/29 06:30:36 marka Exp int __strpbrk_unneeded__; #else -/* +/*% * Find the first occurrence in s1 of a character in s2 (excluding NUL). */ char * @@ -66,3 +66,5 @@ strpbrk(const char *s1, const char *s2) { } #endif /*NEED_STRPBRK*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/strsep.c b/contrib/bind-9.5.2/lib/bind/bsd/strsep.c similarity index 96% rename from contrib/bind-9.3/lib/bind/bsd/strsep.c rename to contrib/bind-9.5.2/lib/bind/bsd/strsep.c index 3dcee4aab8..c7969f0028 100644 --- a/contrib/bind-9.3/lib/bind/bsd/strsep.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/strsep.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "strsep.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: strsep.c,v 1.1 2001/03/29 06:30:36 marka Exp $"; +static const char rcsid[] = "$Id: strsep.c,v 1.2 2005/04/27 04:56:12 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -46,7 +46,7 @@ static const char rcsid[] = "$Id: strsep.c,v 1.1 2001/03/29 06:30:36 marka Exp $ int __strsep_unneeded__; #else -/* +/*% * Get next token from string *stringp, where tokens are possibly-empty * strings separated by characters from delim. * @@ -84,3 +84,5 @@ strsep(char **stringp, const char *delim) { } #endif /*NEED_STRSEP*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/strtoul.c b/contrib/bind-9.5.2/lib/bind/bsd/strtoul.c similarity index 91% rename from contrib/bind-9.3/lib/bind/bsd/strtoul.c rename to contrib/bind-9.5.2/lib/bind/bsd/strtoul.c index d110f30943..d942df0720 100644 --- a/contrib/bind-9.3/lib/bind/bsd/strtoul.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/strtoul.c @@ -1,6 +1,6 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: strtoul.c,v 1.1.2.1 2003/06/27 03:51:35 marka Exp $"; +static const char rcsid[] = "$Id: strtoul.c,v 1.3.672.1 2008/02/18 04:10:16 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* @@ -52,7 +52,7 @@ static const char rcsid[] = "$Id: strtoul.c,v 1.1.2.1 2003/06/27 03:51:35 marka int __strtoul_unneeded__; #else -/* +/*% * Convert a string to an unsigned long integer. * * Ignores `locale' stuff. Assumes that the upper and lower case @@ -70,7 +70,7 @@ strtoul(const char *nptr, char **endptr, int base) { * See strtol for comments as to the logic used. */ do { - c = *(unsigned char *)s++; + c = *(const unsigned char *)s++; } while (isspace(c)); if (c == '-') { neg = 1; @@ -87,7 +87,7 @@ strtoul(const char *nptr, char **endptr, int base) { base = c == '0' ? 8 : 10; cutoff = (u_long)ULONG_MAX / (u_long)base; cutlim = (u_long)ULONG_MAX % (u_long)base; - for (acc = 0, any = 0;; c = *(unsigned char*)s++) { + for (acc = 0, any = 0;; c = *(const unsigned char*)s++) { if (isdigit(c)) c -= '0'; else if (isalpha(c)) @@ -96,7 +96,7 @@ strtoul(const char *nptr, char **endptr, int base) { break; if (c >= base) break; - if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim) + if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim)) any = -1; else { any = 1; @@ -110,8 +110,10 @@ strtoul(const char *nptr, char **endptr, int base) { } else if (neg) acc = -acc; if (endptr != 0) - *endptr = (char *)(any ? s - 1 : nptr); + DE_CONST((any ? s - 1 : nptr), *endptr); return (acc); } #endif /*NEED_STRTOUL*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/utimes.c b/contrib/bind-9.5.2/lib/bind/bsd/utimes.c similarity index 98% rename from contrib/bind-9.3/lib/bind/bsd/utimes.c rename to contrib/bind-9.5.2/lib/bind/bsd/utimes.c index 6a288f4956..2f65cffe25 100644 --- a/contrib/bind-9.3/lib/bind/bsd/utimes.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/utimes.c @@ -37,3 +37,4 @@ __utimes(char *filename, struct timeval *tvp) { } #endif /* NEED_UTIMES */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/bsd/writev.c b/contrib/bind-9.5.2/lib/bind/bsd/writev.c similarity index 93% rename from contrib/bind-9.3/lib/bind/bsd/writev.c rename to contrib/bind-9.5.2/lib/bind/bsd/writev.c index fe204a97ae..65baa71cfc 100644 --- a/contrib/bind-9.3/lib/bind/bsd/writev.c +++ b/contrib/bind-9.5.2/lib/bind/bsd/writev.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Id: writev.c,v 1.1.2.1 2003/06/27 03:51:35 marka Exp $"; +static const char rcsid[] = "$Id: writev.c,v 1.3 2005/04/27 04:56:13 sra Exp $"; #endif #include "port_before.h" @@ -85,3 +85,5 @@ __writev(fd, vp, vpcount) #endif /*_CRAY*/ #endif /*NEED_WRITEV*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/config.h.in b/contrib/bind-9.5.2/lib/bind/config.h.in similarity index 86% rename from contrib/bind-9.3/lib/bind/config.h.in rename to contrib/bind-9.5.2/lib/bind/config.h.in index c4d88d347e..5e2a83defb 100644 --- a/contrib/bind-9.3/lib/bind/config.h.in +++ b/contrib/bind-9.5.2/lib/bind/config.h.in @@ -5,12 +5,21 @@ #undef HAVE_STROPTS_H #undef HAVE_SYS_TIMERS_H #undef HAVE_SYS_SELECT_H +#undef HAVE_MEMORY_H #undef SYS_CDEFS_H #undef _POSIX_PTHREAD_SEMANTICS #undef POSIX_GETPWUID_R #undef POSIX_GETPWNAM_R #undef POSIX_GETGRGID_R #undef POSIX_GETGRNAM_R +#undef HAVE_MEMMOVE +#undef HAVE_MEMCHR +#undef SPRINTF_CHAR +#undef VSPRINTF_CHAR +#undef USE_SYSERROR_LIST +#undef NEED_STRTOUL +#undef NEED_SUN4PROTOS +#undef REENABLE_SEND #undef NEED_SETGROUPENT #undef NEED_GETGROUPLIST @@ -38,6 +47,7 @@ #undef HAS_PW_CLASS +#undef ssize_t #undef uintptr_t /* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */ diff --git a/contrib/bind-9.3/lib/bind/dst/dst_api.c b/contrib/bind-9.5.2/lib/bind/dst/dst_api.c similarity index 91% rename from contrib/bind-9.3/lib/bind/dst/dst_api.c rename to contrib/bind-9.5.2/lib/bind/dst/dst_api.c index 417c31f8cf..f11f57b2c3 100644 --- a/contrib/bind-9.3/lib/bind/dst/dst_api.c +++ b/contrib/bind-9.5.2/lib/bind/dst/dst_api.c @@ -1,5 +1,5 @@ #ifndef LINT -static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/dst_api.c,v 1.4.2.6.8.4 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/Attic/dst_api.c,v 1.17 2007/09/24 17:18:25 each Exp $"; #endif /* @@ -78,7 +78,7 @@ static DST_KEY *dst_s_get_key_struct(const char *name, const int alg, const int flags, const int protocol, const int bits); -/* +/*% * dst_init * This function initializes the Digital Signature Toolkit. * Right now, it just checks the DSTKEYPATH environment variable. @@ -124,7 +124,7 @@ dst_init() dst_hmac_md5_init(); } -/* +/*% * dst_check_algorithm * This function determines if the crypto system for the specified * algorithm is present. @@ -143,7 +143,7 @@ dst_check_algorithm(const int alg) return (dst_t_func[alg] != NULL); } -/* +/*% * dst_s_get_key_struct * This function allocates key structure and fills in some of the * fields of the structure. @@ -163,7 +163,7 @@ dst_s_get_key_struct(const char *name, const int alg, const int flags, { DST_KEY *new_key = NULL; - if (dst_check_algorithm(alg)) /* make sure alg is available */ + if (dst_check_algorithm(alg)) /*%< make sure alg is available */ new_key = (DST_KEY *) malloc(sizeof(*new_key)); if (new_key == NULL) return (NULL); @@ -183,7 +183,7 @@ dst_s_get_key_struct(const char *name, const int alg, const int flags, return (new_key); } -/* +/*% * dst_compare_keys * Compares two keys for equality. * Parameters @@ -209,8 +209,7 @@ dst_compare_keys(const DST_KEY *key1, const DST_KEY *key2) return (key1->dk_func->compare(key1, key2)); } - -/* +/*% * dst_sign_data * An incremental signing function. Data is signed in steps. * First the context must be initialized (SIG_MODE_INIT). @@ -236,8 +235,8 @@ dst_compare_keys(const DST_KEY *key1, const DST_KEY *key2) * sig_len Length of the signature field in bytes. * Return * 0 Successfull INIT or Update operation - * >0 success FINAL (sign) operation - * <0 failure + * >0 success FINAL (sign) operation + * <0 failure */ int @@ -257,8 +256,7 @@ dst_sign_data(const int mode, DST_KEY *in_key, void **context, return (UNKNOWN_KEYALG); } - -/* +/*% * dst_verify_data * An incremental verify function. Data is verified in steps. * First the context must be initialized (SIG_MODE_INIT). @@ -300,8 +298,7 @@ dst_verify_data(const int mode, DST_KEY *in_key, void **context, signature, sig_len)); } - -/* +/*% * dst_read_private_key * Access a private key. First the list of private keys that have * already been read in is searched, then the key accessed on disk. @@ -330,7 +327,7 @@ dst_read_key(const char *in_keyname, const u_int16_t in_id, char keyname[PATH_MAX]; DST_KEY *dg_key = NULL, *pubkey = NULL; - if (!dst_check_algorithm(in_alg)) { /* make sure alg is available */ + if (!dst_check_algorithm(in_alg)) { /*%< make sure alg is available */ EREPORT(("dst_read_private_key(): Algorithm %d not suppored\n", in_alg)); return (NULL); @@ -362,7 +359,7 @@ dst_read_key(const char *in_keyname, const u_int16_t in_id, pubkey->dk_alg) == 0) dg_key = dst_free_key(dg_key); - pubkey = dst_free_key(pubkey); + (void)dst_free_key(pubkey); return (dg_key); } @@ -373,7 +370,7 @@ dst_write_key(const DST_KEY *key, const int type) if (key == NULL) return (0); - if (!dst_check_algorithm(key->dk_alg)) { /* make sure alg is available */ + if (!dst_check_algorithm(key->dk_alg)) { /*%< make sure alg is available */ EREPORT(("dst_write_key(): Algorithm %d not suppored\n", key->dk_alg)); return (UNSUPPORTED_KEYALG); @@ -390,19 +387,19 @@ dst_write_key(const DST_KEY *key, const int type) return (priv+pub); } -/* +/*% * dst_write_private_key * Write a private key to disk. The filename will be of the form: - * Kdk_name>+dk_alg>+dk_id>.. + * K<key->dk_name>+<key->dk_alg+><key-d>k_id.><private key suffix>. * If there is already a file with this name, an error is returned. * * Parameters * key A DST managed key structure that contains * all information needed about a key. * Return - * >= 0 Correct behavior. Returns length of encoded key value + * >= 0 Correct behavior. Returns length of encoded key value * written to disk. - * < 0 error. + * < 0 error. */ static int @@ -417,8 +414,7 @@ dst_s_write_private_key(const DST_KEY *key) if (key == NULL) return (-1); if (key->dk_KEY_struct == NULL) - return (0); /* null key has no private key */ - + return (0); /*%< null key has no private key */ if (key->dk_func == NULL || key->dk_func->to_file_fmt == NULL) { EREPORT(("dst_write_private_key(): Unsupported operation %d\n", key->dk_alg)); @@ -438,6 +434,7 @@ dst_s_write_private_key(const DST_KEY *key) if ((nn = fwrite(encoded_block, 1, len, fp)) != len) { EREPORT(("dst_write_private_key(): Write failure on %s %d != %d errno=%d\n", file, len, nn, errno)); + fclose(fp); return (-5); } fclose(fp); @@ -450,12 +447,12 @@ dst_s_write_private_key(const DST_KEY *key) return (len); } -/* +/*% * * dst_read_public_key * Read a public key from disk and store in a DST key structure. * Parameters - * in_name K. is the + * in_name K<in_name><in_id>.<public key suffix> is the * filename of the key file to be read. * Returns * NULL If the key does not exist or no name is supplied. @@ -484,7 +481,7 @@ dst_s_read_public_key(const char *in_name, const u_int16_t in_id, int in_alg) /* * Open the file and read it's formatted contents up to key * File format: - * domain.name [ttl] [IN] KEY + * domain.name [ttl] [IN] KEY <flags> <protocol> <algorithm> <key> * flags, proto, alg stored as decimal (or hex numbers FIXME). * (FIXME: handle parentheses for line continuation.) */ @@ -531,7 +528,7 @@ dst_s_read_public_key(const char *in_name, const u_int16_t in_id, int in_alg) while ((c = getc(fp)) != EOF) if (!isspace(c)) break; - ungetc(c, fp); /* return the charcter to the input field */ + ungetc(c, fp); /*%< return the charcter to the input field */ /* Handle hex!! FIXME. */ if (fscanf(fp, "%d %d %d", &flags, &proto, &alg) != 3) { @@ -574,8 +571,7 @@ dst_s_read_public_key(const char *in_name, const u_int16_t in_id, int in_alg) return dst_buffer_to_key(in_name, alg, flags, proto, deckey, dlen); } - -/* +/*% * dst_write_public_key * Write a key to disk in DNS format. * Parameters @@ -629,8 +625,7 @@ dst_s_write_public_key(const DST_KEY *key) return (1); } - -/* +/*% * dst_dnskey_to_public_key * This function converts the contents of a DNS KEY RR into a DST * key structure. @@ -651,10 +646,10 @@ dst_dnskey_to_key(const char *in_name, const u_char *rdata, const int len) int alg ; int start = DST_KEY_START; - if (rdata == NULL || len <= DST_KEY_ALG) /* no data */ + if (rdata == NULL || len <= DST_KEY_ALG) /*%< no data */ return (NULL); alg = (u_int8_t) rdata[DST_KEY_ALG]; - if (!dst_check_algorithm(alg)) { /* make sure alg is available */ + if (!dst_check_algorithm(alg)) { /*%< make sure alg is available */ EREPORT(("dst_dnskey_to_key(): Algorithm %d not suppored\n", alg)); return (NULL); @@ -691,8 +686,7 @@ dst_dnskey_to_key(const char *in_name, const u_char *rdata, const int len) return (key_st); } - -/* +/*% * dst_public_key_to_dnskey * Function to encode a public key into DNS KEY wire format * Parameters @@ -714,7 +708,7 @@ dst_key_to_dnskey(const DST_KEY *key, u_char *out_storage, if (key == NULL) return (-1); - if (!dst_check_algorithm(key->dk_alg)) { /* make sure alg is available */ + if (!dst_check_algorithm(key->dk_alg)) { /*%< make sure alg is available */ EREPORT(("dst_key_to_dnskey(): Algorithm %d not suppored\n", key->dk_alg)); return (UNSUPPORTED_KEYALG); @@ -727,7 +721,7 @@ dst_key_to_dnskey(const DST_KEY *key, u_char *out_storage, out_storage[loc++] = (u_char) key->dk_proto; out_storage[loc++] = (u_char) key->dk_alg; - if (key->dk_flags > 0xffff) { /* Extended flags */ + if (key->dk_flags > 0xffff) { /*%< Extended flags */ val = (u_int16_t)((key->dk_flags >> 16) & 0xffff); dst_s_put_int16(&out_storage[loc], val); loc += 2; @@ -748,8 +742,7 @@ dst_key_to_dnskey(const DST_KEY *key, u_char *out_storage, return (-1); } - -/* +/*% * dst_buffer_to_key * Function to encode a string of raw data into a DST key * Parameters @@ -761,19 +754,19 @@ dst_key_to_dnskey(const DST_KEY *key, u_char *out_storage, * NON-NULL the DST key */ DST_KEY * -dst_buffer_to_key(const char *key_name, /* name of the key */ - const int alg, /* algorithm */ - const int flags, /* dns flags */ - const int protocol, /* dns protocol */ - const u_char *key_buf, /* key in dns wire fmt */ - const int key_len) /* size of key */ +dst_buffer_to_key(const char *key_name, /*!< name of the key */ + const int alg, /*!< algorithm */ + const int flags, /*!< dns flags */ + const int protocol, /*!< dns protocol */ + const u_char *key_buf, /*!< key in dns wire fmt */ + const int key_len) /*!< size of key */ { DST_KEY *dkey = NULL; int dnslen; u_char dns[2048]; - if (!dst_check_algorithm(alg)) { /* make sure alg is available */ + if (!dst_check_algorithm(alg)) { /*%< make sure alg is available */ EREPORT(("dst_buffer_to_key(): Algorithm %d not suppored\n", alg)); return (NULL); } @@ -810,8 +803,7 @@ dst_key_to_buffer(DST_KEY *key, u_char *out_buff, int buf_len) return (0); } - -/* +/*% * dst_s_read_private_key_file * Function reads in private key from a file. * Fills out the KEY structure. @@ -885,14 +877,14 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, u_int16_t in_id, "dst_s_read_private_key_file(): Keyfile %s version higher than mine %d.%d MAY FAIL\n", name, file_major, file_minor)); - while (*p++ != '\n') ; /* skip to end of line */ + while (*p++ != '\n') ; /*%< skip to end of line */ if (!dst_s_verify_str((const char **) (void *)&p, "Algorithm: ")) goto fail; if (sscanf((char *)p, "%d", &alg) != 1) goto fail; - while (*p++ != '\n') ; /* skip to end of line */ + while (*p++ != '\n') ; /*%< skip to end of line */ if (pk_key->dk_key_name && !strcmp(pk_key->dk_key_name, name)) SAFE_FREE2(pk_key->dk_key_name, strlen(pk_key->dk_key_name)); @@ -925,34 +917,34 @@ dst_s_read_private_key_file(char *name, DST_KEY *pk_key, u_int16_t in_id, return (0); } - -/* - * dst_generate_key +/*% * Generate and store a public/private keypair. * Keys will be stored in formatted files. + * * Parameters - * name Name of the new key. Used to create key files - * K++.public and K++.private. - * bits Size of the new key in bits. - * exp What exponent to use: - * 0 use exponent 3 - * non-zero use Fermant4 - * flags The default value of the DNS Key flags. - * The DNS Key RR Flag field is defined in RFC 2065, + & + *\par name Name of the new key. Used to create key files + *\li K<name>+<alg>+<id>.public and K<name>+<alg>+<id>.private. + *\par bits Size of the new key in bits. + *\par exp What exponent to use: + *\li 0 use exponent 3 + *\li non-zero use Fermant4 + *\par flags The default value of the DNS Key flags. + *\li The DNS Key RR Flag field is defined in RFC2065, * section 3.3. The field has 16 bits. - * protocol - * Default value of the DNS Key protocol field. - * The DNS Key protocol field is defined in RFC 2065, + *\par protocol + *\li Default value of the DNS Key protocol field. + *\li The DNS Key protocol field is defined in RFC2065, * section 3.4. The field has 8 bits. - * alg What algorithm to use. Currently defined: - * KEY_RSA 1 - * KEY_DSA 3 - * KEY_HMAC 157 - * out_id The key tag is returned. + *\par alg What algorithm to use. Currently defined: + *\li KEY_RSA 1 + *\li KEY_DSA 3 + *\li KEY_HMAC 157 + *\par out_id The key tag is returned. * * Return - * NULL Failure - * non-NULL the generated key pair + *\li NULL Failure + *\li non-NULL the generated key pair * Caller frees the result, and its dk_name pointer. */ DST_KEY * @@ -966,7 +958,7 @@ dst_generate_key(const char *name, const int bits, const int exp, if (name == NULL) return (NULL); - if (!dst_check_algorithm(alg)) { /* make sure alg is available */ + if (!dst_check_algorithm(alg)) { /*%< make sure alg is available */ EREPORT(("dst_generate_key(): Algorithm %d not suppored\n", alg)); return (NULL); } @@ -974,7 +966,7 @@ dst_generate_key(const char *name, const int bits, const int exp, new_key = dst_s_get_key_struct(name, alg, flags, protocol, bits); if (new_key == NULL) return (NULL); - if (bits == 0) /* null key we are done */ + if (bits == 0) /*%< null key we are done */ return (new_key); if (new_key->dk_func == NULL || new_key->dk_func->generate == NULL) { EREPORT(("dst_generate_key_pair():Unsupported algorithm %d\n", @@ -997,12 +989,11 @@ dst_generate_key(const char *name, const int bits, const int exp, return (new_key); } - -/* - * dst_free_key +/*% * Release all data structures pointed to by a key structure. + * * Parameters - * f_key Key structure to be freed. + *\li f_key Key structure to be freed. */ DST_KEY * @@ -1028,13 +1019,14 @@ dst_free_key(DST_KEY *f_key) return (NULL); } -/* - * dst_sig_size +/*% * Return the maximim size of signature from the key specified in bytes + * * Parameters - * key + *\li key + * * Returns - * bytes + * \li bytes */ int dst_sig_size(DST_KEY *key) { @@ -1052,3 +1044,5 @@ dst_sig_size(DST_KEY *key) { return -1; } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/dst/dst_internal.h b/contrib/bind-9.5.2/lib/bind/dst/dst_internal.h similarity index 86% rename from contrib/bind-9.3/lib/bind/dst/dst_internal.h rename to contrib/bind-9.5.2/lib/bind/dst/dst_internal.h index 928650a726..e9bc6fc08d 100644 --- a/contrib/bind-9.3/lib/bind/dst/dst_internal.h +++ b/contrib/bind-9.5.2/lib/bind/dst/dst_internal.h @@ -29,19 +29,19 @@ # ifdef POSIX_PATH_MAX # define PATH_MAX POSIX_PATH_MAX # else -# define PATH_MAX 255 /* this is the value of POSIX_PATH_MAX */ +# define PATH_MAX 255 /*%< this is the value of POSIX_PATH_MAX */ # endif #endif typedef struct dst_key { - char *dk_key_name; /* name of the key */ - int dk_key_size; /* this is the size of the key in bits */ - int dk_proto; /* what protocols this key can be used for */ - int dk_alg; /* algorithm number from key record */ - u_int32_t dk_flags; /* and the flags of the public key */ - u_int16_t dk_id; /* identifier of the key */ - void *dk_KEY_struct; /* pointer to key in crypto pkg fmt */ - struct dst_func *dk_func; /* point to cryptto pgk specific function table */ + char *dk_key_name; /*%< name of the key */ + int dk_key_size; /*%< this is the size of the key in bits */ + int dk_proto; /*%< what protocols this key can be used for */ + int dk_alg; /*%< algorithm number from key record */ + u_int32_t dk_flags; /*%< and the flags of the public key */ + u_int16_t dk_id; /*%< identifier of the key */ + void *dk_KEY_struct; /*%< pointer to key in crypto pkg fmt */ + struct dst_func *dk_func; /*%< point to cryptto pgk specific function table */ } DST_KEY; #define HAS_DST_KEY @@ -103,7 +103,7 @@ extern const char *key_file_fmt_str; extern const char *dst_path; #ifndef DST_HASH_SIZE -#define DST_HASH_SIZE 20 /* RIPEMD160 and SHA-1 are 20 bytes MD5 is 16 */ +#define DST_HASH_SIZE 20 /*%< RIPEMD160 and SHA-1 are 20 bytes MD5 is 16 */ #endif int dst_bsafe_init(void); @@ -129,7 +129,7 @@ int dst_s_build_filename( char *filename, const char *name, FILE *dst_s_fopen (const char *filename, const char *mode, int perm); -/* +/*% * read and write network byte order into u_int?_t * all of these should be retired */ @@ -152,3 +152,4 @@ dst_s_dump(const int mode, const u_char *data, const int size, #endif /* DST_INTERNAL_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/dst/hmac_link.c b/contrib/bind-9.5.2/lib/bind/dst/hmac_link.c similarity index 94% rename from contrib/bind-9.3/lib/bind/dst/hmac_link.c rename to contrib/bind-9.5.2/lib/bind/dst/hmac_link.c index 028f02e96a..c57ef2cfc0 100644 --- a/contrib/bind-9.3/lib/bind/dst/hmac_link.c +++ b/contrib/bind-9.5.2/lib/bind/dst/hmac_link.c @@ -1,6 +1,6 @@ #ifdef HMAC_MD5 #ifndef LINT -static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_link.c,v 1.2.2.1.4.2 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/Attic/hmac_link.c,v 1.8 2007/09/24 17:18:25 each Exp $"; #endif /* * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc. @@ -19,7 +19,7 @@ static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_lin * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. */ -/* +/*% * This file contains an implementation of the HMAC-MD5 algorithm. */ #include "port_before.h" @@ -46,7 +46,7 @@ static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_lin # endif # endif # ifndef _MD5_H_ -# define _MD5_H_ 1 /* make sure we do not include rsaref md5.h file */ +# define _MD5_H_ 1 /*%< make sure we do not include rsaref md5.h file */ # endif #endif @@ -223,6 +223,7 @@ dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const int keylen) HMAC_Key *hkey = NULL; MD5_CTX ctx; int local_keylen = keylen; + u_char tk[MD5_LEN]; if (dkey == NULL || key == NULL || keylen < 0) return (-1); @@ -235,7 +236,6 @@ dst_buffer_to_hmac_md5(DST_KEY *dkey, const u_char *key, const int keylen) /* if key is longer than HMAC_LEN bytes reset it to key=MD5(key) */ if (keylen > HMAC_LEN) { - u_char tk[MD5_LEN]; MD5Init(&ctx); MD5Update(&ctx, key, keylen); MD5Final(tk, &ctx); @@ -276,22 +276,25 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff, const int buff_len) { char *bp; - int len, b_len, i, key_len; + int len, i, key_len; u_char key[HMAC_LEN]; HMAC_Key *hkey; if (dkey == NULL || dkey->dk_KEY_struct == NULL) return (0); - if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str)) - return (-1); /* no OR not enough space in output area */ - + /* + * Using snprintf() would be so much simpler here. + */ + if (buff == NULL || + buff_len <= (int)(strlen(key_file_fmt_str) + + strlen(KEY_FILE_FORMAT) + 4)) + return (-1); /*%< no OR not enough space in output area */ hkey = (HMAC_Key *) dkey->dk_KEY_struct; - memset(buff, 0, buff_len); /* just in case */ + memset(buff, 0, buff_len); /*%< just in case */ /* write file header */ sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_HMAC_MD5, "HMAC"); bp = buff + strlen(buff); - b_len = buff_len - (bp - buff); memset(key, 0, HMAC_LEN); for (i = 0; i < HMAC_LEN; i++) @@ -301,19 +304,21 @@ dst_hmac_md5_key_to_file_format(const DST_KEY *dkey, char *buff, break; key_len = i + 1; + if (buff_len - (bp - buff) < 6) + return (-1); strcat(bp, "Key: "); bp += strlen("Key: "); - b_len = buff_len - (bp - buff); - len = b64_ntop(key, key_len, bp, b_len); + len = b64_ntop(key, key_len, bp, buff_len - (bp - buff)); if (len < 0) return (-1); bp += len; + if (buff_len - (bp - buff) < 2) + return (-1); *(bp++) = '\n'; *bp = '\0'; - b_len = buff_len - (bp - buff); - return (buff_len - b_len); + return (bp - buff); } @@ -360,7 +365,7 @@ dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff, return (-5); memcpy(tmp, p, len); *(tmp + len) = 0x0; - key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /* see above */ + key_len = b64_pton((char *)tmp, key, HMAC_LEN+1); /*%< see above */ SAFE_FREE2(tmp, len + 2); if (dst_buffer_to_hmac_md5(dkey, key, key_len) < 0) { @@ -369,7 +374,7 @@ dst_hmac_md5_key_from_file_format(DST_KEY *dkey, const char *buff, return (0); } -/* +/*% * dst_hmac_md5_to_dns_key() * function to extract hmac key from DST_KEY structure * intput: @@ -443,7 +448,7 @@ dst_hmac_md5_generate_key(DST_KEY *key, const int nothing) return (-1); } -/* +/*% * dst_hmac_md5_init() Function to answer set up function pointers for HMAC * related functions */ @@ -480,3 +485,5 @@ dst_hmac_md5_init(){ return (0); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/dst/md5.h b/contrib/bind-9.5.2/lib/bind/dst/md5.h similarity index 99% rename from contrib/bind-9.3/lib/bind/dst/md5.h rename to contrib/bind-9.5.2/lib/bind/dst/md5.h index 6525662b67..b1ed9e13fd 100644 --- a/contrib/bind-9.3/lib/bind/dst/md5.h +++ b/contrib/bind-9.5.2/lib/bind/dst/md5.h @@ -104,3 +104,5 @@ unsigned char *MD5(); #else #include #endif /* HAVE_MD5 */ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/dst/md5_dgst.c b/contrib/bind-9.5.2/lib/bind/dst/md5_dgst.c similarity index 97% rename from contrib/bind-9.3/lib/bind/dst/md5_dgst.c rename to contrib/bind-9.5.2/lib/bind/dst/md5_dgst.c index ba0a5a13db..76b0505760 100644 --- a/contrib/bind-9.3/lib/bind/dst/md5_dgst.c +++ b/contrib/bind-9.5.2/lib/bind/dst/md5_dgst.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#ifdef USE_MD5 /* Added by ogud@tis.com 1998/1/26 */ +#ifdef USE_MD5 /*%< Added by ogud@tis.com 1998/1/26 */ #include #ifndef HAVE_MD5 #include @@ -65,7 +65,9 @@ const char *MD5_version="MD5 part of SSLeay 0.8.1 19-Jul-1997"; -/* Implemented from RFC1321 The MD5 Message-Digest Algorithm +/*! \file + * \brief + * Implemented from RFC1321 The MD5 Message-Digest Algorithm */ #define INIT_DATA_A (unsigned long)0x67452301L @@ -105,7 +107,7 @@ unsigned long len; l=(c->Nl+(len<<3))&0xffffffffL; /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to * Wei Dai for pointing it out. */ - if (l < c->Nl) /* overflow */ + if (l < c->Nl) /*%< overflow */ c->Nh++; c->Nh+=(len>>29); c->Nl=l; @@ -137,7 +139,7 @@ unsigned long len; int ew,ec; c->num+=(int)len; - if ((sc+len) < 4U) /* ugly, add char's to a word */ + if ((sc+len) < 4U) /*%< ugly, add char's to a word */ { l= p[sw]; p_c2l_p(data,l,sc,len); @@ -196,7 +198,7 @@ unsigned long len; c->num=sc; if (sc) { - sw=sc>>2; /* words to copy */ + sw=sc>>2; /*%< words to copy */ #ifdef L_ENDIAN p[sw]=0; memcpy(p,data,sc); diff --git a/contrib/bind-9.3/lib/bind/dst/md5_locl.h b/contrib/bind-9.5.2/lib/bind/dst/md5_locl.h similarity index 99% rename from contrib/bind-9.3/lib/bind/dst/md5_locl.h rename to contrib/bind-9.5.2/lib/bind/dst/md5_locl.h index ce4c765c1b..657fe8c3de 100644 --- a/contrib/bind-9.3/lib/bind/dst/md5_locl.h +++ b/contrib/bind-9.5.2/lib/bind/dst/md5_locl.h @@ -147,7 +147,8 @@ (a)=ROTATE(l,16L); \ } #endif -/* + +/*% #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) */ @@ -188,3 +189,5 @@ a+=((k)+(t)+I((b),(c),(d))); \ a=ROTATE(a,s); \ a+=b; }; + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/dst/support.c b/contrib/bind-9.5.2/lib/bind/dst/support.c similarity index 93% rename from contrib/bind-9.3/lib/bind/dst/support.c rename to contrib/bind-9.5.2/lib/bind/dst/support.c index 8fe3cdb478..31d6d7a039 100644 --- a/contrib/bind-9.3/lib/bind/dst/support.c +++ b/contrib/bind-9.5.2/lib/bind/dst/support.c @@ -1,4 +1,4 @@ -static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/support.c,v 1.2.2.1.10.2 2005/10/11 00:48:14 marka Exp $"; +static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/Attic/support.c,v 1.6 2005/10/11 00:10:13 marka Exp $"; /* @@ -34,7 +34,7 @@ static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/support. #include "port_after.h" -/* +/*% * dst_s_verify_str() * Validate that the input string(*str) is at the head of the input * buffer(**buf). If so, move the buffer head pointer (*buf) to @@ -52,20 +52,20 @@ int dst_s_verify_str(const char **buf, const char *str) { int b, s; - if (*buf == NULL) /* error checks */ + if (*buf == NULL) /*%< error checks */ return (0); if (str == NULL || *str == '\0') return (1); - b = strlen(*buf); /* get length of strings */ + b = strlen(*buf); /*%< get length of strings */ s = strlen(str); - if (s > b || strncmp(*buf, str, s)) /* check if same */ - return (0); /* not a match */ - (*buf) += s; /* advance pointer */ + if (s > b || strncmp(*buf, str, s)) /*%< check if same */ + return (0); /*%< not a match */ + (*buf) += s; /*%< advance pointer */ return (1); } -/* +/*% * dst_s_calculate_bits * Given a binary number represented in a u_char[], determine * the number of significant bits used. @@ -89,8 +89,7 @@ dst_s_calculate_bits(const u_char *str, const int max_bits) return (bits); } - -/* +/*% * calculates a checksum used in dst for an id. * takes an array of bytes and a length. * returns a 16 bit checksum. @@ -115,7 +114,7 @@ dst_s_id_calc(const u_char *key, const int keysize) return (ac & 0xffff); } -/* +/*% * dst_s_dns_key_id() Function to calculate DNSSEC footprint from KEY record * rdata * Input: @@ -131,7 +130,7 @@ dst_s_dns_key_id(const u_char *dns_key_rdata, const int rdata_len) return 0; /* compute id */ - if (dns_key_rdata[3] == KEY_RSA) /* Algorithm RSA */ + if (dns_key_rdata[3] == KEY_RSA) /*%< Algorithm RSA */ return dst_s_get_int16((const u_char *) &dns_key_rdata[rdata_len - 3]); else if (dns_key_rdata[3] == KEY_HMAC_MD5) @@ -142,7 +141,7 @@ dst_s_dns_key_id(const u_char *dns_key_rdata, const int rdata_len) return dst_s_id_calc(dns_key_rdata, rdata_len); } -/* +/*% * dst_s_get_int16 * This routine extracts a 16 bit integer from a two byte character * string. The character string is assumed to be in network byte @@ -161,8 +160,7 @@ dst_s_get_int16(const u_char *buf) return (a); } - -/* +/*% * dst_s_get_int32 * This routine extracts a 32 bit integer from a four byte character * string. The character string is assumed to be in network byte @@ -182,8 +180,7 @@ dst_s_get_int32(const u_char *buf) return (a); } - -/* +/*% * dst_s_put_int16 * Take a 16 bit integer and store the value in a two byte * character string. The integer is assumed to be in network @@ -201,8 +198,7 @@ dst_s_put_int16(u_int8_t *buf, const u_int16_t val) buf[1] = (u_int8_t)(val); } - -/* +/*% * dst_s_put_int32 * Take a 32 bit integer and store the value in a four byte * character string. The integer is assumed to be in network @@ -222,13 +218,12 @@ dst_s_put_int32(u_int8_t *buf, const u_int32_t val) buf[3] = (u_int8_t)(val); } - -/* +/*% * dst_s_filename_length * * This function returns the number of bytes needed to hold the * filename for a key file. '/', '\' and ':' are not allowed. - * form: K++. + * form: K<keyname>+<alg>+<id>.<suffix> * * Returns 0 if the filename would contain either '\', '/' or ':' */ @@ -254,13 +249,12 @@ dst_s_filename_length(const char *name, const char *suffix) return (1 + strlen(name) + 6 + strlen(suffix)); } - -/* +/*% * dst_s_build_filename () * Builds a key filename from the key name, it's id, and a * suffix. '\', '/' and ':' are not allowed. fA filename is of the - * form: K. - * form: K++. + * form: K<keyname><id>.<suffix> + * form: K<keyname>+<alg>+<id>.<suffix> * * Returns -1 if the conversion fails: * if the filename would be too long for space allotted @@ -294,7 +288,7 @@ dst_s_build_filename(char *filename, const char *name, u_int16_t id, return (0); } -/* +/*% * dst_s_fopen () * Open a file in the dst_path directory. If perm is specified, the * file is checked for existence first, and not opened if it exists. @@ -344,3 +338,5 @@ dst_s_dump(const int mode, const u_char *data, const int size, #endif } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/arpa/inet.h b/contrib/bind-9.5.2/lib/bind/include/arpa/inet.h similarity index 98% copy from contrib/bind-9.3/lib/bind/include/arpa/inet.h copy to contrib/bind-9.5.2/lib/bind/include/arpa/inet.h index 46caa49f59..d40ccfce00 100644 --- a/contrib/bind-9.3/lib/bind/include/arpa/inet.h +++ b/contrib/bind-9.5.2/lib/bind/include/arpa/inet.h @@ -53,9 +53,9 @@ * --Copyright-- */ -/* +/*% * @(#)inet.h 8.1 (Berkeley) 6/2/93 - * $Id: inet.h,v 1.1.206.1 2004/03/09 08:33:30 marka Exp $ + * $Id: inet.h,v 1.3 2005/04/27 04:56:16 sra Exp $ */ #ifndef _INET_H_ @@ -122,3 +122,5 @@ __END_DECLS #endif #endif /* !_INET_H_ */ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/arpa/inet.h b/contrib/bind-9.5.2/lib/bind/include/arpa/inet.h_notneeded similarity index 98% rename from contrib/bind-9.3/lib/bind/include/arpa/inet.h rename to contrib/bind-9.5.2/lib/bind/include/arpa/inet.h_notneeded index 46caa49f59..d40ccfce00 100644 --- a/contrib/bind-9.3/lib/bind/include/arpa/inet.h +++ b/contrib/bind-9.5.2/lib/bind/include/arpa/inet.h_notneeded @@ -53,9 +53,9 @@ * --Copyright-- */ -/* +/*% * @(#)inet.h 8.1 (Berkeley) 6/2/93 - * $Id: inet.h,v 1.1.206.1 2004/03/09 08:33:30 marka Exp $ + * $Id: inet.h,v 1.3 2005/04/27 04:56:16 sra Exp $ */ #ifndef _INET_H_ @@ -122,3 +122,5 @@ __END_DECLS #endif #endif /* !_INET_H_ */ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/arpa/nameser.h b/contrib/bind-9.5.2/lib/bind/include/arpa/nameser.h similarity index 64% rename from contrib/bind-9.3/lib/bind/include/arpa/nameser.h rename to contrib/bind-9.5.2/lib/bind/include/arpa/nameser.h index 23db49871d..d1cbf4283a 100644 --- a/contrib/bind-9.3/lib/bind/include/arpa/nameser.h +++ b/contrib/bind-9.5.2/lib/bind/include/arpa/nameser.h @@ -49,12 +49,14 @@ */ /* - * $Id: nameser.h,v 1.2.2.4.4.1 2004/03/09 08:33:30 marka Exp $ + * $Id: nameser.h,v 1.8.672.1 2008/04/03 02:12:21 marka Exp $ */ #ifndef _ARPA_NAMESER_H_ #define _ARPA_NAMESER_H_ +/*! \file */ + #define BIND_4_COMPAT #include @@ -65,7 +67,7 @@ #endif #include -/* +/*% * Revision information. This is the release date in YYYYMMDD format. * It can change every day so the right thing to do with it is use it * in preprocessor commands such as "#if (__NAMESER > 19931104)". Do not @@ -73,43 +75,41 @@ * contains a new enough lib/nameser/ to support the feature you need. */ -#define __NAMESER 19991006 /* New interface version stamp. */ - +#define __NAMESER 19991006 /*%< New interface version stamp. */ /* - * Define constants based on RFC 883, RFC 1034, RFC 1035 + * Define constants based on RFC0883, RFC1034, RFC 1035 */ -#define NS_PACKETSZ 512 /* default UDP packet size */ -#define NS_MAXDNAME 1025 /* maximum domain name */ -#define NS_MAXMSG 65535 /* maximum message size */ -#define NS_MAXCDNAME 255 /* maximum compressed domain name */ -#define NS_MAXLABEL 63 /* maximum length of domain label */ -#define NS_HFIXEDSZ 12 /* #/bytes of fixed data in header */ -#define NS_QFIXEDSZ 4 /* #/bytes of fixed data in query */ -#define NS_RRFIXEDSZ 10 /* #/bytes of fixed data in r record */ -#define NS_INT32SZ 4 /* #/bytes of data in a u_int32_t */ -#define NS_INT16SZ 2 /* #/bytes of data in a u_int16_t */ -#define NS_INT8SZ 1 /* #/bytes of data in a u_int8_t */ -#define NS_INADDRSZ 4 /* IPv4 T_A */ -#define NS_IN6ADDRSZ 16 /* IPv6 T_AAAA */ -#define NS_CMPRSFLGS 0xc0 /* Flag bits indicating name compression. */ -#define NS_DEFAULTPORT 53 /* For both TCP and UDP. */ - +#define NS_PACKETSZ 512 /*%< default UDP packet size */ +#define NS_MAXDNAME 1025 /*%< maximum domain name */ +#define NS_MAXMSG 65535 /*%< maximum message size */ +#define NS_MAXCDNAME 255 /*%< maximum compressed domain name */ +#define NS_MAXLABEL 63 /*%< maximum length of domain label */ +#define NS_HFIXEDSZ 12 /*%< #/bytes of fixed data in header */ +#define NS_QFIXEDSZ 4 /*%< #/bytes of fixed data in query */ +#define NS_RRFIXEDSZ 10 /*%< #/bytes of fixed data in r record */ +#define NS_INT32SZ 4 /*%< #/bytes of data in a u_int32_t */ +#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */ +#define NS_INT8SZ 1 /*%< #/bytes of data in a u_int8_t */ +#define NS_INADDRSZ 4 /*%< IPv4 T_A */ +#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ +#define NS_CMPRSFLGS 0xc0 /*%< Flag bits indicating name compression. */ +#define NS_DEFAULTPORT 53 /*%< For both TCP and UDP. */ /* * These can be expanded with synonyms, just keep ns_parse.c:ns_parserecord() * in synch with it. */ typedef enum __ns_sect { - ns_s_qd = 0, /* Query: Question. */ - ns_s_zn = 0, /* Update: Zone. */ - ns_s_an = 1, /* Query: Answer. */ - ns_s_pr = 1, /* Update: Prerequisites. */ - ns_s_ns = 2, /* Query: Name servers. */ - ns_s_ud = 2, /* Update: Update. */ - ns_s_ar = 3, /* Query|Update: Additional records. */ + ns_s_qd = 0, /*%< Query: Question. */ + ns_s_zn = 0, /*%< Update: Zone. */ + ns_s_an = 1, /*%< Query: Answer. */ + ns_s_pr = 1, /*%< Update: Prerequisites. */ + ns_s_ns = 2, /*%< Query: Name servers. */ + ns_s_ud = 2, /*%< Update: Update. */ + ns_s_ar = 3, /*%< Query|Update: Additional records. */ ns_s_max = 4 } ns_sect; -/* +/*% * This is a message handle. It is caller allocated and has no dynamic data. * This structure is intended to be opaque to all but ns_parse.c, thus the * leading _'s on the member names. Use the accessor functions, not the _'s. @@ -135,7 +135,7 @@ extern struct _ns_flagdata _ns_flagdata[]; #define ns_msg_size(handle) ((handle)._eom - (handle)._msg) #define ns_msg_count(handle, section) ((handle)._counts[section] + 0) -/* +/*% * This is a parsed record. It is caller allocated and has no dynamic data. */ typedef struct __ns_rr { @@ -155,54 +155,54 @@ typedef struct __ns_rr { #define ns_rr_rdlen(rr) ((rr).rdlength + 0) #define ns_rr_rdata(rr) ((rr).rdata + 0) -/* +/*% * These don't have to be in the same order as in the packet flags word, * and they can even overlap in some cases, but they will need to be kept * in synch with ns_parse.c:ns_flagdata[]. */ typedef enum __ns_flag { - ns_f_qr, /* Question/Response. */ - ns_f_opcode, /* Operation code. */ - ns_f_aa, /* Authoritative Answer. */ - ns_f_tc, /* Truncation occurred. */ - ns_f_rd, /* Recursion Desired. */ - ns_f_ra, /* Recursion Available. */ - ns_f_z, /* MBZ. */ - ns_f_ad, /* Authentic Data (DNSSEC). */ - ns_f_cd, /* Checking Disabled (DNSSEC). */ - ns_f_rcode, /* Response code. */ + ns_f_qr, /*%< Question/Response. */ + ns_f_opcode, /*%< Operation code. */ + ns_f_aa, /*%< Authoritative Answer. */ + ns_f_tc, /*%< Truncation occurred. */ + ns_f_rd, /*%< Recursion Desired. */ + ns_f_ra, /*%< Recursion Available. */ + ns_f_z, /*%< MBZ. */ + ns_f_ad, /*%< Authentic Data (DNSSEC). */ + ns_f_cd, /*%< Checking Disabled (DNSSEC). */ + ns_f_rcode, /*%< Response code. */ ns_f_max } ns_flag; -/* +/*% * Currently defined opcodes. */ typedef enum __ns_opcode { - ns_o_query = 0, /* Standard query. */ - ns_o_iquery = 1, /* Inverse query (deprecated/unsupported). */ - ns_o_status = 2, /* Name server status query (unsupported). */ + ns_o_query = 0, /*%< Standard query. */ + ns_o_iquery = 1, /*%< Inverse query (deprecated/unsupported). */ + ns_o_status = 2, /*%< Name server status query (unsupported). */ /* Opcode 3 is undefined/reserved. */ - ns_o_notify = 4, /* Zone change notification. */ - ns_o_update = 5, /* Zone update message. */ + ns_o_notify = 4, /*%< Zone change notification. */ + ns_o_update = 5, /*%< Zone update message. */ ns_o_max = 6 } ns_opcode; -/* +/*% * Currently defined response codes. */ typedef enum __ns_rcode { - ns_r_noerror = 0, /* No error occurred. */ - ns_r_formerr = 1, /* Format error. */ - ns_r_servfail = 2, /* Server failure. */ - ns_r_nxdomain = 3, /* Name error. */ - ns_r_notimpl = 4, /* Unimplemented. */ - ns_r_refused = 5, /* Operation refused. */ + ns_r_noerror = 0, /*%< No error occurred. */ + ns_r_formerr = 1, /*%< Format error. */ + ns_r_servfail = 2, /*%< Server failure. */ + ns_r_nxdomain = 3, /*%< Name error. */ + ns_r_notimpl = 4, /*%< Unimplemented. */ + ns_r_refused = 5, /*%< Operation refused. */ /* these are for BIND_UPDATE */ - ns_r_yxdomain = 6, /* Name exists */ - ns_r_yxrrset = 7, /* RRset exists */ - ns_r_nxrrset = 8, /* RRset does not exist */ - ns_r_notauth = 9, /* Not authoritative for zone */ - ns_r_notzone = 10, /* Zone of record different from zone section */ + ns_r_yxdomain = 6, /*%< Name exists */ + ns_r_yxrrset = 7, /*%< RRset exists */ + ns_r_nxrrset = 8, /*%< RRset does not exist */ + ns_r_notauth = 9, /*%< Not authoritative for zone */ + ns_r_notzone = 10, /*%< Zone of record different from zone section */ ns_r_max = 11, /* The following are EDNS extended rcodes */ ns_r_badvers = 16, @@ -219,7 +219,7 @@ typedef enum __ns_update_operation { ns_uop_max = 2 } ns_update_operation; -/* +/*% * This structure is used for TSIG authenticated messages */ struct ns_tsig_key { @@ -229,7 +229,7 @@ struct ns_tsig_key { }; typedef struct ns_tsig_key ns_tsig_key; -/* +/*% * This structure is used for TSIG authenticated TCP messages */ struct ns_tcp_tsig_state { @@ -249,61 +249,61 @@ typedef struct ns_tcp_tsig_state ns_tcp_tsig_state; #define NS_TSIG_ERROR_NO_SPACE -11 #define NS_TSIG_ERROR_FORMERR -12 -/* +/*% * Currently defined type values for resources and queries. */ typedef enum __ns_type { - ns_t_invalid = 0, /* Cookie. */ - ns_t_a = 1, /* Host address. */ - ns_t_ns = 2, /* Authoritative server. */ - ns_t_md = 3, /* Mail destination. */ - ns_t_mf = 4, /* Mail forwarder. */ - ns_t_cname = 5, /* Canonical name. */ - ns_t_soa = 6, /* Start of authority zone. */ - ns_t_mb = 7, /* Mailbox domain name. */ - ns_t_mg = 8, /* Mail group member. */ - ns_t_mr = 9, /* Mail rename name. */ - ns_t_null = 10, /* Null resource record. */ - ns_t_wks = 11, /* Well known service. */ - ns_t_ptr = 12, /* Domain name pointer. */ - ns_t_hinfo = 13, /* Host information. */ - ns_t_minfo = 14, /* Mailbox information. */ - ns_t_mx = 15, /* Mail routing information. */ - ns_t_txt = 16, /* Text strings. */ - ns_t_rp = 17, /* Responsible person. */ - ns_t_afsdb = 18, /* AFS cell database. */ - ns_t_x25 = 19, /* X_25 calling address. */ - ns_t_isdn = 20, /* ISDN calling address. */ - ns_t_rt = 21, /* Router. */ - ns_t_nsap = 22, /* NSAP address. */ - ns_t_nsap_ptr = 23, /* Reverse NSAP lookup (deprecated). */ - ns_t_sig = 24, /* Security signature. */ - ns_t_key = 25, /* Security key. */ - ns_t_px = 26, /* X.400 mail mapping. */ - ns_t_gpos = 27, /* Geographical position (withdrawn). */ - ns_t_aaaa = 28, /* Ip6 Address. */ - ns_t_loc = 29, /* Location Information. */ - ns_t_nxt = 30, /* Next domain (security). */ - ns_t_eid = 31, /* Endpoint identifier. */ - ns_t_nimloc = 32, /* Nimrod Locator. */ - ns_t_srv = 33, /* Server Selection. */ - ns_t_atma = 34, /* ATM Address */ - ns_t_naptr = 35, /* Naming Authority PoinTeR */ - ns_t_kx = 36, /* Key Exchange */ - ns_t_cert = 37, /* Certification record */ - ns_t_a6 = 38, /* IPv6 address (deprecates AAAA) */ - ns_t_dname = 39, /* Non-terminal DNAME (for IPv6) */ - ns_t_sink = 40, /* Kitchen sink (experimentatl) */ - ns_t_opt = 41, /* EDNS0 option (meta-RR) */ - ns_t_apl = 42, /* Address prefix list (RFC 3123) */ - ns_t_tkey = 249, /* Transaction key */ - ns_t_tsig = 250, /* Transaction signature. */ - ns_t_ixfr = 251, /* Incremental zone transfer. */ - ns_t_axfr = 252, /* Transfer zone of authority. */ - ns_t_mailb = 253, /* Transfer mailbox records. */ - ns_t_maila = 254, /* Transfer mail agent records. */ - ns_t_any = 255, /* Wildcard match. */ - ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ + ns_t_invalid = 0, /*%< Cookie. */ + ns_t_a = 1, /*%< Host address. */ + ns_t_ns = 2, /*%< Authoritative server. */ + ns_t_md = 3, /*%< Mail destination. */ + ns_t_mf = 4, /*%< Mail forwarder. */ + ns_t_cname = 5, /*%< Canonical name. */ + ns_t_soa = 6, /*%< Start of authority zone. */ + ns_t_mb = 7, /*%< Mailbox domain name. */ + ns_t_mg = 8, /*%< Mail group member. */ + ns_t_mr = 9, /*%< Mail rename name. */ + ns_t_null = 10, /*%< Null resource record. */ + ns_t_wks = 11, /*%< Well known service. */ + ns_t_ptr = 12, /*%< Domain name pointer. */ + ns_t_hinfo = 13, /*%< Host information. */ + ns_t_minfo = 14, /*%< Mailbox information. */ + ns_t_mx = 15, /*%< Mail routing information. */ + ns_t_txt = 16, /*%< Text strings. */ + ns_t_rp = 17, /*%< Responsible person. */ + ns_t_afsdb = 18, /*%< AFS cell database. */ + ns_t_x25 = 19, /*%< X_25 calling address. */ + ns_t_isdn = 20, /*%< ISDN calling address. */ + ns_t_rt = 21, /*%< Router. */ + ns_t_nsap = 22, /*%< NSAP address. */ + ns_t_nsap_ptr = 23, /*%< Reverse NSAP lookup (deprecated). */ + ns_t_sig = 24, /*%< Security signature. */ + ns_t_key = 25, /*%< Security key. */ + ns_t_px = 26, /*%< X.400 mail mapping. */ + ns_t_gpos = 27, /*%< Geographical position (withdrawn). */ + ns_t_aaaa = 28, /*%< Ip6 Address. */ + ns_t_loc = 29, /*%< Location Information. */ + ns_t_nxt = 30, /*%< Next domain (security). */ + ns_t_eid = 31, /*%< Endpoint identifier. */ + ns_t_nimloc = 32, /*%< Nimrod Locator. */ + ns_t_srv = 33, /*%< Server Selection. */ + ns_t_atma = 34, /*%< ATM Address */ + ns_t_naptr = 35, /*%< Naming Authority PoinTeR */ + ns_t_kx = 36, /*%< Key Exchange */ + ns_t_cert = 37, /*%< Certification record */ + ns_t_a6 = 38, /*%< IPv6 address (deprecates AAAA) */ + ns_t_dname = 39, /*%< Non-terminal DNAME (for IPv6) */ + ns_t_sink = 40, /*%< Kitchen sink (experimentatl) */ + ns_t_opt = 41, /*%< EDNS0 option (meta-RR) */ + ns_t_apl = 42, /*%< Address prefix list (RFC3123) */ + ns_t_tkey = 249, /*%< Transaction key */ + ns_t_tsig = 250, /*%< Transaction signature. */ + ns_t_ixfr = 251, /*%< Incremental zone transfer. */ + ns_t_axfr = 252, /*%< Transfer zone of authority. */ + ns_t_mailb = 253, /*%< Transfer mailbox records. */ + ns_t_maila = 254, /*%< Transfer mail agent records. */ + ns_t_any = 255, /*%< Wildcard match. */ + ns_t_zxfr = 256, /*%< BIND-specific, nonstandard. */ ns_t_max = 65536 } ns_type; @@ -318,61 +318,61 @@ typedef enum __ns_type { #define ns_t_xfr_p(t) ((t) == ns_t_axfr || (t) == ns_t_ixfr || \ (t) == ns_t_zxfr) -/* +/*% * Values for class field */ typedef enum __ns_class { - ns_c_invalid = 0, /* Cookie. */ - ns_c_in = 1, /* Internet. */ - ns_c_2 = 2, /* unallocated/unsupported. */ - ns_c_chaos = 3, /* MIT Chaos-net. */ - ns_c_hs = 4, /* MIT Hesiod. */ + ns_c_invalid = 0, /*%< Cookie. */ + ns_c_in = 1, /*%< Internet. */ + ns_c_2 = 2, /*%< unallocated/unsupported. */ + ns_c_chaos = 3, /*%< MIT Chaos-net. */ + ns_c_hs = 4, /*%< MIT Hesiod. */ /* Query class values which do not appear in resource records */ - ns_c_none = 254, /* for prereq. sections in update requests */ - ns_c_any = 255, /* Wildcard match. */ + ns_c_none = 254, /*%< for prereq. sections in update requests */ + ns_c_any = 255, /*%< Wildcard match. */ ns_c_max = 65536 } ns_class; /* DNSSEC constants. */ typedef enum __ns_key_types { - ns_kt_rsa = 1, /* key type RSA/MD5 */ - ns_kt_dh = 2, /* Diffie Hellman */ - ns_kt_dsa = 3, /* Digital Signature Standard (MANDATORY) */ - ns_kt_private = 254 /* Private key type starts with OID */ + ns_kt_rsa = 1, /*%< key type RSA/MD5 */ + ns_kt_dh = 2, /*%< Diffie Hellman */ + ns_kt_dsa = 3, /*%< Digital Signature Standard (MANDATORY) */ + ns_kt_private = 254 /*%< Private key type starts with OID */ } ns_key_types; typedef enum __ns_cert_types { - cert_t_pkix = 1, /* PKIX (X.509v3) */ - cert_t_spki = 2, /* SPKI */ - cert_t_pgp = 3, /* PGP */ - cert_t_url = 253, /* URL private type */ - cert_t_oid = 254 /* OID private type */ + cert_t_pkix = 1, /*%< PKIX (X.509v3) */ + cert_t_spki = 2, /*%< SPKI */ + cert_t_pgp = 3, /*%< PGP */ + cert_t_url = 253, /*%< URL private type */ + cert_t_oid = 254 /*%< OID private type */ } ns_cert_types; /* Flags field of the KEY RR rdata. */ -#define NS_KEY_TYPEMASK 0xC000 /* Mask for "type" bits */ -#define NS_KEY_TYPE_AUTH_CONF 0x0000 /* Key usable for both */ -#define NS_KEY_TYPE_CONF_ONLY 0x8000 /* Key usable for confidentiality */ -#define NS_KEY_TYPE_AUTH_ONLY 0x4000 /* Key usable for authentication */ -#define NS_KEY_TYPE_NO_KEY 0xC000 /* No key usable for either; no key */ +#define NS_KEY_TYPEMASK 0xC000 /*%< Mask for "type" bits */ +#define NS_KEY_TYPE_AUTH_CONF 0x0000 /*%< Key usable for both */ +#define NS_KEY_TYPE_CONF_ONLY 0x8000 /*%< Key usable for confidentiality */ +#define NS_KEY_TYPE_AUTH_ONLY 0x4000 /*%< Key usable for authentication */ +#define NS_KEY_TYPE_NO_KEY 0xC000 /*%< No key usable for either; no key */ /* The type bits can also be interpreted independently, as single bits: */ -#define NS_KEY_NO_AUTH 0x8000 /* Key unusable for authentication */ -#define NS_KEY_NO_CONF 0x4000 /* Key unusable for confidentiality */ +#define NS_KEY_NO_AUTH 0x8000 /*%< Key unusable for authentication */ +#define NS_KEY_NO_CONF 0x4000 /*%< Key unusable for confidentiality */ #define NS_KEY_RESERVED2 0x2000 /* Security is *mandatory* if bit=0 */ -#define NS_KEY_EXTENDED_FLAGS 0x1000 /* reserved - must be zero */ -#define NS_KEY_RESERVED4 0x0800 /* reserved - must be zero */ -#define NS_KEY_RESERVED5 0x0400 /* reserved - must be zero */ -#define NS_KEY_NAME_TYPE 0x0300 /* these bits determine the type */ -#define NS_KEY_NAME_USER 0x0000 /* key is assoc. with user */ -#define NS_KEY_NAME_ENTITY 0x0200 /* key is assoc. with entity eg host */ -#define NS_KEY_NAME_ZONE 0x0100 /* key is zone key */ -#define NS_KEY_NAME_RESERVED 0x0300 /* reserved meaning */ -#define NS_KEY_RESERVED8 0x0080 /* reserved - must be zero */ -#define NS_KEY_RESERVED9 0x0040 /* reserved - must be zero */ -#define NS_KEY_RESERVED10 0x0020 /* reserved - must be zero */ -#define NS_KEY_RESERVED11 0x0010 /* reserved - must be zero */ -#define NS_KEY_SIGNATORYMASK 0x000F /* key can sign RR's of same name */ +#define NS_KEY_EXTENDED_FLAGS 0x1000 /*%< reserved - must be zero */ +#define NS_KEY_RESERVED4 0x0800 /*%< reserved - must be zero */ +#define NS_KEY_RESERVED5 0x0400 /*%< reserved - must be zero */ +#define NS_KEY_NAME_TYPE 0x0300 /*%< these bits determine the type */ +#define NS_KEY_NAME_USER 0x0000 /*%< key is assoc. with user */ +#define NS_KEY_NAME_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ +#define NS_KEY_NAME_ZONE 0x0100 /*%< key is zone key */ +#define NS_KEY_NAME_RESERVED 0x0300 /*%< reserved meaning */ +#define NS_KEY_RESERVED8 0x0080 /*%< reserved - must be zero */ +#define NS_KEY_RESERVED9 0x0040 /*%< reserved - must be zero */ +#define NS_KEY_RESERVED10 0x0020 /*%< reserved - must be zero */ +#define NS_KEY_RESERVED11 0x0010 /*%< reserved - must be zero */ +#define NS_KEY_SIGNATORYMASK 0x000F /*%< key can sign RR's of same name */ #define NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED2 | \ NS_KEY_RESERVED4 | \ NS_KEY_RESERVED5 | \ @@ -380,16 +380,14 @@ typedef enum __ns_cert_types { NS_KEY_RESERVED9 | \ NS_KEY_RESERVED10 | \ NS_KEY_RESERVED11 ) -#define NS_KEY_RESERVED_BITMASK2 0xFFFF /* no bits defined here */ - +#define NS_KEY_RESERVED_BITMASK2 0xFFFF /*%< no bits defined here */ /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ -#define NS_ALG_MD5RSA 1 /* MD5 with RSA */ -#define NS_ALG_DH 2 /* Diffie Hellman KEY */ -#define NS_ALG_DSA 3 /* DSA KEY */ +#define NS_ALG_MD5RSA 1 /*%< MD5 with RSA */ +#define NS_ALG_DH 2 /*%< Diffie Hellman KEY */ +#define NS_ALG_DSA 3 /*%< DSA KEY */ #define NS_ALG_DSS NS_ALG_DSA -#define NS_ALG_EXPIRE_ONLY 253 /* No alg, no security */ -#define NS_ALG_PRIVATE_OID 254 /* Key begins with OID giving alg */ - +#define NS_ALG_EXPIRE_ONLY 253 /*%< No alg, no security */ +#define NS_ALG_PRIVATE_OID 254 /*%< Key begins with OID giving alg */ /* Protocol values */ /* value 0 is reserved */ #define NS_KEY_PROT_TLS 1 @@ -399,7 +397,7 @@ typedef enum __ns_cert_types { #define NS_KEY_PROT_ANY 255 /* Signatures */ -#define NS_MD5RSA_MIN_BITS 512 /* Size of a mod or exp in bits */ +#define NS_MD5RSA_MIN_BITS 512 /*%< Size of a mod or exp in bits */ #define NS_MD5RSA_MAX_BITS 4096 /* Total of binary mod and exp */ #define NS_MD5RSA_MAX_BYTES ((NS_MD5RSA_MAX_BITS+7/8)*2+3) @@ -413,15 +411,14 @@ typedef enum __ns_cert_types { #define NS_DSA_MAX_BYTES 405 /* Offsets into SIG record rdata to find various values */ -#define NS_SIG_TYPE 0 /* Type flags */ -#define NS_SIG_ALG 2 /* Algorithm */ -#define NS_SIG_LABELS 3 /* How many labels in name */ -#define NS_SIG_OTTL 4 /* Original TTL */ -#define NS_SIG_EXPIR 8 /* Expiration time */ -#define NS_SIG_SIGNED 12 /* Signature time */ -#define NS_SIG_FOOT 16 /* Key footprint */ -#define NS_SIG_SIGNER 18 /* Domain name of who signed it */ - +#define NS_SIG_TYPE 0 /*%< Type flags */ +#define NS_SIG_ALG 2 /*%< Algorithm */ +#define NS_SIG_LABELS 3 /*%< How many labels in name */ +#define NS_SIG_OTTL 4 /*%< Original TTL */ +#define NS_SIG_EXPIR 8 /*%< Expiration time */ +#define NS_SIG_SIGNED 12 /*%< Signature time */ +#define NS_SIG_FOOT 16 /*%< Key footprint */ +#define NS_SIG_SIGNER 18 /*%< Domain name of who signed it */ /* How RR types are represented as bit-flags in NXT records */ #define NS_NXT_BITS 8 #define NS_NXT_BIT_SET( n,p) (p[(n)/NS_NXT_BITS] |= (0x80>>((n)%NS_NXT_BITS))) @@ -429,12 +426,13 @@ typedef enum __ns_cert_types { #define NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] & (0x80>>((n)%NS_NXT_BITS))) #define NS_NXT_MAX 127 -/* - * EDNS0 extended flags, host order. +/*% + * EDNS0 extended flags and option codes, host order. */ #define NS_OPT_DNSSEC_OK 0x8000U +#define NS_OPT_NSID 3 -/* +/*% * Inline versions of get/put short/long. Pointer is advanced. */ #define NS_GET16(s, cp) do { \ @@ -473,7 +471,7 @@ typedef enum __ns_cert_types { (cp) += NS_INT32SZ; \ } while (0) -/* +/*% * ANSI C identifier hiding for bind's lib/nameser. */ #define ns_msg_getflag __ns_msg_getflag @@ -574,3 +572,4 @@ __END_DECLS #endif #endif /* !_ARPA_NAMESER_H_ */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/arpa/nameser_compat.h b/contrib/bind-9.5.2/lib/bind/include/arpa/nameser_compat.h similarity index 80% rename from contrib/bind-9.3/lib/bind/include/arpa/nameser_compat.h rename to contrib/bind-9.5.2/lib/bind/include/arpa/nameser_compat.h index 4460261b7b..5c6988288b 100644 --- a/contrib/bind-9.3/lib/bind/include/arpa/nameser_compat.h +++ b/contrib/bind-9.5.2/lib/bind/include/arpa/nameser_compat.h @@ -30,16 +30,15 @@ * SUCH DAMAGE. */ -/* +/*% * from nameser.h 8.1 (Berkeley) 6/2/93 - * $Id: nameser_compat.h,v 1.1.2.3.4.3 2006/05/19 02:38:15 marka Exp $ + * $Id: nameser_compat.h,v 1.8 2006/05/19 02:33:40 marka Exp $ */ #ifndef _ARPA_NAMESER_COMPAT_ #define _ARPA_NAMESER_COMPAT_ -#define __BIND 19950621 /* (DEAD) interface version stamp. */ - +#define __BIND 19950621 /*%< (DEAD) interface version stamp. */ #ifndef BYTE_ORDER #if (BSD >= 199103) # include @@ -47,10 +46,9 @@ #ifdef __linux # include #else -#define LITTLE_ENDIAN 1234 /* least-significant byte first (vax, pc) */ -#define BIG_ENDIAN 4321 /* most-significant byte first (IBM, net) */ -#define PDP_ENDIAN 3412 /* LSB first in word, MSW first in long (pdp)*/ - +#define LITTLE_ENDIAN 1234 /*%< least-significant byte first (vax, pc) */ +#define BIG_ENDIAN 4321 /*%< most-significant byte first (IBM, net) */ +#define PDP_ENDIAN 3412 /*%< LSB first in word, MSW first in long (pdp) */ #if defined(vax) || defined(ns32000) || defined(sun386) || defined(i386) || \ defined(__i386__) || defined(__i386) || defined(__amd64__) || \ defined(__x86_64__) || defined(MIPSEL) || defined(_MIPSEL) || \ @@ -86,7 +84,7 @@ error "Undefined or invalid BYTE_ORDER"; #endif -/* +/*% * Structure for query header. The order of the fields is machine- and * compiler-dependent, depending on the byte/bit order and the layout * of bit fields. We use bit fields only in int variables, as this @@ -94,40 +92,40 @@ */ typedef struct { - unsigned id :16; /* query identification number */ + unsigned id :16; /*%< query identification number */ #if BYTE_ORDER == BIG_ENDIAN /* fields in third byte */ - unsigned qr: 1; /* response flag */ - unsigned opcode: 4; /* purpose of message */ - unsigned aa: 1; /* authoritive answer */ - unsigned tc: 1; /* truncated message */ - unsigned rd: 1; /* recursion desired */ + unsigned qr: 1; /*%< response flag */ + unsigned opcode: 4; /*%< purpose of message */ + unsigned aa: 1; /*%< authoritive answer */ + unsigned tc: 1; /*%< truncated message */ + unsigned rd: 1; /*%< recursion desired */ /* fields in fourth byte */ - unsigned ra: 1; /* recursion available */ - unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */ - unsigned ad: 1; /* authentic data from named */ - unsigned cd: 1; /* checking disabled by resolver */ - unsigned rcode :4; /* response code */ + unsigned ra: 1; /*%< recursion available */ + unsigned unused :1; /*%< unused bits (MBZ as of 4.9.3a3) */ + unsigned ad: 1; /*%< authentic data from named */ + unsigned cd: 1; /*%< checking disabled by resolver */ + unsigned rcode :4; /*%< response code */ #endif #if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN /* fields in third byte */ - unsigned rd :1; /* recursion desired */ - unsigned tc :1; /* truncated message */ - unsigned aa :1; /* authoritive answer */ - unsigned opcode :4; /* purpose of message */ - unsigned qr :1; /* response flag */ + unsigned rd :1; /*%< recursion desired */ + unsigned tc :1; /*%< truncated message */ + unsigned aa :1; /*%< authoritive answer */ + unsigned opcode :4; /*%< purpose of message */ + unsigned qr :1; /*%< response flag */ /* fields in fourth byte */ - unsigned rcode :4; /* response code */ - unsigned cd: 1; /* checking disabled by resolver */ - unsigned ad: 1; /* authentic data from named */ - unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */ - unsigned ra :1; /* recursion available */ + unsigned rcode :4; /*%< response code */ + unsigned cd: 1; /*%< checking disabled by resolver */ + unsigned ad: 1; /*%< authentic data from named */ + unsigned unused :1; /*%< unused bits (MBZ as of 4.9.3a3) */ + unsigned ra :1; /*%< recursion available */ #endif /* remaining bytes */ - unsigned qdcount :16; /* number of question entries */ - unsigned ancount :16; /* number of answer entries */ - unsigned nscount :16; /* number of authority entries */ - unsigned arcount :16; /* number of resource entries */ + unsigned qdcount :16; /*%< number of question entries */ + unsigned ancount :16; /*%< number of answer entries */ + unsigned nscount :16; /*%< number of authority entries */ + unsigned arcount :16; /*%< number of resource entries */ } HEADER; #define PACKETSZ NS_PACKETSZ @@ -231,3 +229,4 @@ typedef struct { #define PUTLONG NS_PUT32 #endif /* _ARPA_NAMESER_COMPAT_ */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/fd_setsize.h b/contrib/bind-9.5.2/lib/bind/include/fd_setsize.h similarity index 92% rename from contrib/bind-9.3/lib/bind/include/fd_setsize.h rename to contrib/bind-9.5.2/lib/bind/include/fd_setsize.h index 235b1ad1c2..0e21049742 100644 --- a/contrib/bind-9.3/lib/bind/include/fd_setsize.h +++ b/contrib/bind-9.5.2/lib/bind/include/fd_setsize.h @@ -1,9 +1,10 @@ #ifndef _FD_SETSIZE_H #define _FD_SETSIZE_H -/* +/*% * If you need a bigger FD_SETSIZE, this is NOT the place to set it. * This file is a fallback for BIND ports which don't specify their own. */ #endif /* _FD_SETSIZE_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/hesiod.h b/contrib/bind-9.5.2/lib/bind/include/hesiod.h similarity index 95% rename from contrib/bind-9.3/lib/bind/include/hesiod.h rename to contrib/bind-9.5.2/lib/bind/include/hesiod.h index 7165d48617..d64c0c5e80 100644 --- a/contrib/bind-9.3/lib/bind/include/hesiod.h +++ b/contrib/bind-9.5.2/lib/bind/include/hesiod.h @@ -15,12 +15,13 @@ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* +/*! \file + * \brief * This file is primarily maintained by and . */ /* - * $Id: hesiod.h,v 1.1.2.1.4.1 2004/03/09 08:33:29 marka Exp $ + * $Id: hesiod.h,v 1.4 2005/04/27 04:56:14 sra Exp $ */ #ifndef _HESIOD_H_INCLUDED diff --git a/contrib/bind-9.3/lib/bind/include/irp.h b/contrib/bind-9.5.2/lib/bind/include/irp.h similarity index 90% rename from contrib/bind-9.3/lib/bind/include/irp.h rename to contrib/bind-9.5.2/lib/bind/include/irp.h index 4462f208ac..1290bd068f 100644 --- a/contrib/bind-9.3/lib/bind/include/irp.h +++ b/contrib/bind-9.5.2/lib/bind/include/irp.h @@ -16,16 +16,18 @@ */ /* - * $Id: irp.h,v 1.1.2.1.4.1 2004/03/09 08:33:29 marka Exp $ + * $Id: irp.h,v 1.4 2005/04/27 04:56:15 sra Exp $ */ #ifndef _IRP_H_INCLUDED #define _IRP_H_INCLUDED -#define IRPD_TIMEOUT 30 /* seconds */ -#define IRPD_MAXSESS 50 /* number of simultaneous sessions. */ -#define IRPD_PORT 6660 /* 10 times the number of the beast. */ -#define IRPD_PATH "/var/run/irpd" /* af_unix socket path */ +/*! \file */ + +#define IRPD_TIMEOUT 30 /*%< seconds */ +#define IRPD_MAXSESS 50 /*%< number of simultaneous sessions. */ +#define IRPD_PORT 6660 /*%< 10 times the number of the beast. */ +#define IRPD_PATH "/var/run/irpd" /*%< af_unix socket path */ /* If sets the environment variable IRPDSERVER to an IP address (e.g. "192.5.5.1"), then that's the host the client expects irpd to be @@ -101,3 +103,5 @@ int irs_irp_get_full_response(struct irp_p *, int *, char *, size_t, int irs_irp_read_line(struct irp_p *, char *, int); #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/irs.h b/contrib/bind-9.5.2/lib/bind/include/irs.h similarity index 96% rename from contrib/bind-9.3/lib/bind/include/irs.h rename to contrib/bind-9.5.2/lib/bind/include/irs.h index a3b7903df7..42d4890dfd 100644 --- a/contrib/bind-9.3/lib/bind/include/irs.h +++ b/contrib/bind-9.5.2/lib/bind/include/irs.h @@ -16,12 +16,14 @@ */ /* - * $Id: irs.h,v 1.2.2.1.4.1 2004/03/09 08:33:29 marka Exp $ + * $Id: irs.h,v 1.5 2005/04/27 04:56:15 sra Exp $ */ #ifndef _IRS_H_INCLUDED #define _IRS_H_INCLUDED +/*! \file */ + #include #include @@ -31,7 +33,7 @@ #include #include -/* +/*% * This is the group map class. */ struct irs_gr { @@ -49,7 +51,7 @@ struct irs_gr { void (*)(void *))); }; -/* +/*% * This is the password map class. */ struct irs_pw { @@ -65,7 +67,7 @@ struct irs_pw { void (*)(void *))); }; -/* +/*% * This is the service map class. */ struct irs_sv { @@ -82,7 +84,7 @@ struct irs_sv { void (*)(void *))); }; -/* +/*% * This is the protocols map class. */ struct irs_pr { @@ -98,7 +100,7 @@ struct irs_pr { void (*)(void *))); }; -/* +/*% * This is the hosts map class. */ struct irs_ho { @@ -118,7 +120,7 @@ struct irs_ho { const struct addrinfo *)); }; -/* +/*% * This is the networks map class. */ struct irs_nw { @@ -134,7 +136,7 @@ struct irs_nw { void (*)(void *))); }; -/* +/*% * This is the netgroups map class. */ struct irs_ng { @@ -149,7 +151,7 @@ struct irs_ng { void (*minimize) __P((struct irs_ng *)); }; -/* +/*% * This is the generic map class, which copies the front of all others. */ struct irs_map { @@ -157,7 +159,7 @@ struct irs_map { void (*close) __P((void *)); }; -/* +/*% * This is the accessor class. It contains pointers to all of the * initializers for the map classes for a particular accessor. */ @@ -176,21 +178,21 @@ struct irs_acc { void (*)(void *))); }; -/* +/*% * This is because the official definition of "struct netent" has no * concept of CIDR even though it allows variant address families (on * output but not input). The compatibility stubs convert the structs * below into "struct netent"'s. */ struct nwent { - char *n_name; /* official name of net */ - char **n_aliases; /* alias list */ - int n_addrtype; /* net address type */ - void *n_addr; /* network address */ - int n_length; /* address length, in bits */ + char *n_name; /*%< official name of net */ + char **n_aliases; /*%< alias list */ + int n_addrtype; /*%< net address type */ + void *n_addr; /*%< network address */ + int n_length; /*%< address length, in bits */ }; -/* +/*% * Hide external function names from POSIX. */ #define irs_gen_acc __irs_gen_acc @@ -240,7 +242,7 @@ struct nwent { #define net_data_destroy __net_data_destroy #define net_data_minimize __net_data_minimize -/* +/*% * Externs. */ extern struct irs_acc * irs_gen_acc __P((const char *, const char *)); @@ -251,7 +253,7 @@ extern struct irs_acc * irs_irp_acc __P((const char *)); extern void irs_destroy __P((void)); -/* +/*% * These forward declarations are for the semi-private functions in * the get*.c files. Each of these funcs implements the real get* * functionality and the standard versions are just wrappers that @@ -260,8 +262,7 @@ extern void irs_destroy __P((void)); * the /usr/include replacements. */ -struct net_data; /* forward */ - +struct net_data; /*%< forward */ /* * net_data_create gets a singleton net_data object. net_data_init * creates as many net_data objects as times it is called. Clients using @@ -343,3 +344,5 @@ extern void setservent_p __P((int, struct net_data *)); extern void endservent_p __P((struct net_data *)); #endif /*_IRS_H_INCLUDED*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/assertions.h b/contrib/bind-9.5.2/lib/bind/include/isc/assertions.h similarity index 94% rename from contrib/bind-9.3/lib/bind/include/isc/assertions.h rename to contrib/bind-9.5.2/lib/bind/include/isc/assertions.h index 9a9b9dec98..3593a687e6 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/assertions.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/assertions.h @@ -16,7 +16,7 @@ */ /* - * $Id: assertions.h,v 1.1.206.1 2004/03/09 08:33:30 marka Exp $ + * $Id: assertions.h,v 1.3.672.1 2008/10/15 03:56:26 marka Exp $ */ #ifndef ASSERTIONS_H @@ -29,18 +29,19 @@ typedef enum { typedef void (*assertion_failure_callback)(const char *, int, assertion_type, const char *, int); +/* coverity[+kill] */ extern assertion_failure_callback __assertion_failed; void set_assertion_failure_callback(assertion_failure_callback f); const char *assertion_type_to_text(assertion_type type); -#ifdef CHECK_ALL +#if defined(CHECK_ALL) || defined(__COVERITY__) #define CHECK_REQUIRE 1 #define CHECK_ENSURE 1 #define CHECK_INSIST 1 #define CHECK_INVARIANT 1 #endif -#ifdef CHECK_NONE +#if defined(CHECK_NONE) && !defined(__COVERITY__) #define CHECK_REQUIRE 0 #define CHECK_ENSURE 0 #define CHECK_INSIST 0 @@ -118,5 +119,5 @@ const char *assertion_type_to_text(assertion_type type); #define INVARIANT(cond) ((void) (cond)) #define INVARIANT_ERR(cond) ((void) (cond)) #endif /* CHECK_INVARIANT */ - #endif /* ASSERTIONS_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/ctl.h b/contrib/bind-9.5.2/lib/bind/include/isc/ctl.h similarity index 92% rename from contrib/bind-9.3/lib/bind/include/isc/ctl.h rename to contrib/bind-9.5.2/lib/bind/include/isc/ctl.h index 74957bcb81..e2ba20201d 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/ctl.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/ctl.h @@ -19,9 +19,11 @@ */ /* - * $Id: ctl.h,v 1.1.2.2.4.1 2004/03/09 08:33:30 marka Exp $ + * $Id: ctl.h,v 1.5 2005/04/27 04:56:17 sra Exp $ */ +/*! \file */ + #include #include @@ -29,10 +31,9 @@ /* Macros. */ -#define CTL_MORE 0x0001 /* More will be / should be sent. */ -#define CTL_EXIT 0x0002 /* Close connection after this. */ -#define CTL_DATA 0x0004 /* Go into / this is DATA mode. */ - +#define CTL_MORE 0x0001 /*%< More will be / should be sent. */ +#define CTL_EXIT 0x0002 /*%< Close connection after this. */ +#define CTL_DATA 0x0004 /*%< Go into / this is DATA mode. */ /* Types. */ struct ctl_cctx; @@ -107,3 +108,5 @@ void * ctl_getcsctx(struct ctl_sess *); void * ctl_setcsctx(struct ctl_sess *, void *); #endif /*ISC_CTL_H*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/dst.h b/contrib/bind-9.5.2/lib/bind/include/isc/dst.h similarity index 58% rename from contrib/bind-9.3/lib/bind/include/isc/dst.h rename to contrib/bind-9.5.2/lib/bind/include/isc/dst.h index fe9229725a..90a9e67468 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/dst.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/dst.h @@ -3,15 +3,14 @@ #ifndef HAS_DST_KEY typedef struct dst_key { - char *dk_key_name; /* name of the key */ - int dk_key_size; /* this is the size of the key in bits */ - int dk_proto; /* what protocols this key can be used for */ - int dk_alg; /* algorithm number from key record */ - u_int32_t dk_flags; /* and the flags of the public key */ - u_int16_t dk_id; /* identifier of the key */ + char *dk_key_name; /*%< name of the key */ + int dk_key_size; /*%< this is the size of the key in bits */ + int dk_proto; /*%< what protocols this key can be used for */ + int dk_alg; /*%< algorithm number from key record */ + u_int32_t dk_flags; /*%< and the flags of the public key */ + u_int16_t dk_id; /*%< identifier of the key */ } DST_KEY; #endif /* HAS_DST_KEY */ - /* * do not taint namespace */ @@ -59,58 +58,47 @@ typedef struct dst_key { void dst_init(void); int dst_check_algorithm(const int); -int dst_sign_data(const int, /* specifies INIT/UPDATE/FINAL/ALL */ - DST_KEY *, /* the key to use */ - void **, /* pointer to state structure */ - const u_char *, /* data to be signed */ - const int, /* length of input data */ - u_char *, /* buffer to write signature to */ - const int); /* size of output buffer */ - -int dst_verify_data(const int, /* specifies INIT/UPDATE/FINAL/ALL */ - DST_KEY *, /* the key to use */ - void **, /* pointer to state structure */ - const u_char *, /* data to be verified */ - const int, /* length of input data */ - const u_char *, /* buffer containing signature */ - const int); /* length of signature */ - - -DST_KEY *dst_read_key(const char *, /* name of key */ - const u_int16_t, /* key tag identifier */ - const int, /* key algorithm */ - const int); /* Private/PublicKey wanted*/ - -int dst_write_key(const DST_KEY *, /* key to write out */ - const int); /* Public/Private */ - -DST_KEY *dst_dnskey_to_key(const char *, /* KEY record name */ - const u_char *, /* KEY RDATA */ - const int); /* size of input buffer*/ - - -int dst_key_to_dnskey(const DST_KEY *, /* key to translate */ - u_char *, /* output buffer */ - const int); /* size of out_storage*/ - - -DST_KEY *dst_buffer_to_key(const char *, /* name of the key */ - const int, /* algorithm */ - const int, /* dns flags */ - const int, /* dns protocol */ - const u_char *, /* key in dns wire fmt */ - const int); /* size of key */ - +int dst_sign_data(const int, /*!< specifies INIT/UPDATE/FINAL/ALL */ + DST_KEY *, /*!< the key to use */ + void **, /*!< pointer to state structure */ + const u_char *, /*!< data to be signed */ + const int, /*!< length of input data */ + u_char *, /*!< buffer to write signature to */ + const int); /*!< size of output buffer */ +int dst_verify_data(const int, /*!< specifies INIT/UPDATE/FINAL/ALL */ + DST_KEY *, /*!< the key to use */ + void **, /*!< pointer to state structure */ + const u_char *, /*!< data to be verified */ + const int, /*!< length of input data */ + const u_char *, /*!< buffer containing signature */ + const int); /*!< length of signature */ +DST_KEY *dst_read_key(const char *, /*!< name of key */ + const u_int16_t, /*!< key tag identifier */ + const int, /*!< key algorithm */ + const int); /*!< Private/PublicKey wanted */ +int dst_write_key(const DST_KEY *, /*!< key to write out */ + const int); /*!< Public/Private */ +DST_KEY *dst_dnskey_to_key(const char *, /*!< KEY record name */ + const u_char *, /*!< KEY RDATA */ + const int); /*!< size of input buffer */ +int dst_key_to_dnskey(const DST_KEY *, /*!< key to translate */ + u_char *, /*!< output buffer */ + const int); /*!< size of out_storage */ +DST_KEY *dst_buffer_to_key(const char *, /*!< name of the key */ + const int, /*!< algorithm */ + const int, /*!< dns flags */ + const int, /*!< dns protocol */ + const u_char *, /*!< key in dns wire fmt */ + const int); /*!< size of key */ int dst_key_to_buffer(DST_KEY *, u_char *, int); -DST_KEY *dst_generate_key(const char *, /* name of new key */ - const int, /* key algorithm to generate */ - const int, /* size of new key */ - const int, /* alg dependent parameter*/ - const int, /* key DNS flags */ - const int); /* key DNS protocol */ - +DST_KEY *dst_generate_key(const char *, /*!< name of new key */ + const int, /*!< key algorithm to generate */ + const int, /*!< size of new key */ + const int, /*!< alg dependent parameter */ + const int, /*!< key DNS flags */ + const int); /*!< key DNS protocol */ DST_KEY *dst_free_key(DST_KEY *); int dst_compare_keys(const DST_KEY *, const DST_KEY *); @@ -122,13 +110,12 @@ u_int16_t dst_s_dns_key_id(const u_char *, const int); u_int16_t dst_s_id_calc(const u_char *, const int); /* Used by callers as well as by the library. */ -#define RAW_KEY_SIZE 8192 /* large enough to store any key */ - +#define RAW_KEY_SIZE 8192 /*%< large enough to store any key */ /* DST_API control flags */ /* These are used used in functions dst_sign_data and dst_verify_data */ -#define SIG_MODE_INIT 1 /* initialize digest */ -#define SIG_MODE_UPDATE 2 /* add data to digest */ -#define SIG_MODE_FINAL 4 /* generate/verify signature */ +#define SIG_MODE_INIT 1 /*%< initialize digest */ +#define SIG_MODE_UPDATE 2 /*%< add data to digest */ +#define SIG_MODE_FINAL 4 /*%< generate/verify signature */ #define SIG_MODE_ALL (SIG_MODE_INIT|SIG_MODE_UPDATE|SIG_MODE_FINAL) /* Flags for dst_read_private_key() */ @@ -178,3 +165,4 @@ u_int16_t dst_s_id_calc(const u_char *, const int); #define UNSUPPORTED_KEYALG (-31) #endif /* DST_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/eventlib.h b/contrib/bind-9.5.2/lib/bind/include/isc/eventlib.h similarity index 98% rename from contrib/bind-9.3/lib/bind/include/isc/eventlib.h rename to contrib/bind-9.5.2/lib/bind/include/isc/eventlib.h index 033b3123d7..1a1ac89424 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/eventlib.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/eventlib.h @@ -18,7 +18,7 @@ /* eventlib.h - exported interfaces for eventlib * vix 09sep95 [initial] * - * $Id: eventlib.h,v 1.1.2.1.4.2 2005/07/28 07:43:18 marka Exp $ + * $Id: eventlib.h,v 1.5.574.1 2008/01/23 02:08:11 marka Exp $ */ #ifndef _EVENTLIB_H @@ -29,6 +29,8 @@ #include #include +#include + #ifndef __P # define __EVENTLIB_P_DEFINED # ifdef __STDC__ @@ -200,3 +202,5 @@ int evDefer __P((evContext, evWaitFunc, void *)); #endif #endif /*_EVENTLIB_H*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/heap.h b/contrib/bind-9.5.2/lib/bind/include/isc/heap.h similarity index 99% rename from contrib/bind-9.3/lib/bind/include/isc/heap.h rename to contrib/bind-9.5.2/lib/bind/include/isc/heap.h index 691c821d1e..384d507cf5 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/heap.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/heap.h @@ -45,3 +45,5 @@ int heap_increased(heap_context, int); int heap_decreased(heap_context, int); void * heap_element(heap_context, int); int heap_for_each(heap_context, heap_for_each_func, void *); + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/irpmarshall.h b/contrib/bind-9.5.2/lib/bind/include/isc/irpmarshall.h similarity index 96% rename from contrib/bind-9.3/lib/bind/include/isc/irpmarshall.h rename to contrib/bind-9.5.2/lib/bind/include/isc/irpmarshall.h index e672f97966..244b3e3460 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/irpmarshall.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/irpmarshall.h @@ -16,7 +16,7 @@ */ /* - * $Id: irpmarshall.h,v 1.1.2.1.4.1 2004/03/09 08:33:31 marka Exp $ + * $Id: irpmarshall.h,v 1.4 2005/04/27 04:56:17 sra Exp $ */ #ifndef _IRPMARSHALL_H_INCLUDED @@ -63,7 +63,8 @@ int irp_unmarshall_nw(struct nwent *, char *); int irp_marshall_ne(struct netent *, char **, size_t *); int irp_unmarshall_ne(struct netent *, char *); -/* +/*! \file + * \brief * Functions to marshall and unmarshall various system data structures. We * use a printable ascii format that is as close to various system config * files as reasonable (e.g. /etc/passwd format). @@ -79,9 +80,7 @@ int irp_unmarshall_ne(struct netent *, char *); * * The following description is true for all the marshalling functions: * - */ - -/* int irp_marshall_XX(struct yyyy *XX, char **buffer, size_t *len); + * int irp_marshall_XX(struct yyyy *XX, char **buffer, size_t *len); * * The argument XX (of type struct passwd for example) is marshalled in the * buffer pointed at by *BUFFER, which is of length *LEN. Returns 0 @@ -101,9 +100,7 @@ int irp_unmarshall_ne(struct netent *, char *); * to separate fields). Fields that have multiple subfields (like the * gr_mem field in struct group) have their subparts separated by * commas. - */ - -/* + * * int irp_unmarshall_XX(struct YYYYY *XX, char *buffer); * * The unmashalling functions break apart the buffer and store the diff --git a/contrib/bind-9.3/lib/bind/include/isc/list.h b/contrib/bind-9.5.2/lib/bind/include/isc/list.h similarity index 98% rename from contrib/bind-9.3/lib/bind/include/isc/list.h rename to contrib/bind-9.5.2/lib/bind/include/isc/list.h index f79617ae9e..32222409c7 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/list.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/list.h @@ -19,11 +19,10 @@ #define LIST_H 1 #ifdef _LIBC #include -#define INSIST(cond) assert(cond) +#define INSIST(cond) assert(cond) #else #include #endif - #define LIST(type) struct { type *head, *tail; } #define INIT_LIST(list) \ do { (list).head = NULL; (list).tail = NULL; } while (0) @@ -119,3 +118,4 @@ #define DEQUEUE(list, elt, link) UNLINK(list, elt, link) #endif /* LIST_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/logging.h b/contrib/bind-9.5.2/lib/bind/include/isc/logging.h similarity index 99% rename from contrib/bind-9.3/lib/bind/include/isc/logging.h rename to contrib/bind-9.5.2/lib/bind/include/isc/logging.h index 574fd8a257..c539443ff8 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/logging.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/logging.h @@ -110,3 +110,4 @@ int log_free_channel(log_channel); void log_close_debug_channels(log_context); #endif /* !LOGGING_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/memcluster.h b/contrib/bind-9.5.2/lib/bind/include/isc/memcluster.h similarity index 99% rename from contrib/bind-9.3/lib/bind/include/isc/memcluster.h rename to contrib/bind-9.5.2/lib/bind/include/isc/memcluster.h index 11e1fa381d..0923deb5e7 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/memcluster.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/memcluster.h @@ -47,3 +47,4 @@ void memstats(FILE *); int memactive(void); #endif /* MEMCLUSTER_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/isc/misc.h b/contrib/bind-9.5.2/lib/bind/include/isc/misc.h similarity index 92% rename from contrib/bind-9.3/lib/bind/include/isc/misc.h rename to contrib/bind-9.5.2/lib/bind/include/isc/misc.h index b08b02d289..8736bf91ed 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/misc.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/misc.h @@ -16,13 +16,16 @@ */ /* - * $Id: misc.h,v 1.2.2.1.4.1 2004/03/09 08:33:31 marka Exp $ + * $Id: misc.h,v 1.5.672.1 2008/02/18 04:10:16 marka Exp $ */ #ifndef _ISC_MISC_H #define _ISC_MISC_H +/*! \file */ + #include +#include #define bitncmp __bitncmp /*#define isc_movefile __isc_movefile */ @@ -37,3 +40,5 @@ extern void isc_puthexstring(FILE *, const unsigned char *, size_t, extern void isc_tohex(const unsigned char *, size_t, char *); #endif /*_ISC_MISC_H*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/stdlib.h b/contrib/bind-9.5.2/lib/bind/include/isc/platform.h.in similarity index 55% copy from contrib/bind-9.3/lib/lwres/include/lwres/stdlib.h copy to contrib/bind-9.5.2/lib/bind/include/isc/platform.h.in index f5d4db2818..6144a5353f 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/stdlib.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/platform.h.in @@ -1,8 +1,7 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2003 Internet Software Consortium. + * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,26 +14,23 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdlib.h,v 1.2.4.1 2005/06/08 02:08:32 marka Exp $ */ - -#ifndef LWRES_STDLIB_H -#define LWRES_STDLIB_H 1 +/* $Id: platform.h.in,v 1.2.2.2 2008/01/23 02:15:32 tbox Exp $ */ /*! \file */ -#include - -#include -#include +#ifndef ISC_PLATFORM_H +#define ISC_PLATFORM_H -#ifdef LWRES_PLATFORM_NEEDSTRTOUL -#define strtoul lwres_strtoul +/* + * Define if the OS does not define struct timespec. + */ +@ISC_PLATFORM_NEEDTIMESPEC@ +#ifdef ISC_PLATFORM_NEEDTIMESPEC +#include /* For time_t */ +struct timespec { + time_t tv_sec; /* seconds */ + long tv_nsec; /* nanoseconds */ +}; #endif -LWRES_LANG_BEGINDECLS - -unsigned long lwres_strtoul(const char *, char **, int); - -LWRES_LANG_ENDDECLS - #endif diff --git a/contrib/bind-9.3/lib/bind/include/isc/tree.h b/contrib/bind-9.5.2/lib/bind/include/isc/tree.h similarity index 94% rename from contrib/bind-9.3/lib/bind/include/isc/tree.h rename to contrib/bind-9.5.2/lib/bind/include/isc/tree.h index 0572c407c8..96feaca68d 100644 --- a/contrib/bind-9.3/lib/bind/include/isc/tree.h +++ b/contrib/bind-9.5.2/lib/bind/include/isc/tree.h @@ -3,7 +3,7 @@ * vix 22jan93 [revisited; uses RCS, ANSI, POSIX; has bug fixes] * vix 27jun86 [broken out of tree.c] * - * $Id: tree.h,v 1.1.2.1 2003/06/27 03:51:39 marka Exp $ + * $Id: tree.h,v 1.3 2005/04/27 04:56:18 sra Exp $ */ @@ -19,7 +19,7 @@ # endif #endif -/* +/*% * tree_t is our package-specific anonymous pointer. */ #if defined(__STDC__) || defined(__GNUC__) @@ -28,7 +28,7 @@ typedef void *tree_t; typedef char *tree_t; #endif -/* +/*% * Do not taint namespace */ #define tree_add __tree_add @@ -56,3 +56,4 @@ void tree_mung __P((tree **, void (*)())); #endif /* _TREE_H_INCLUDED */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/netdb.h b/contrib/bind-9.5.2/lib/bind/include/netdb.h similarity index 86% rename from contrib/bind-9.3/lib/bind/include/netdb.h rename to contrib/bind-9.5.2/lib/bind/include/netdb.h index 11ee8a548b..651cdd87db 100644 --- a/contrib/bind-9.3/lib/bind/include/netdb.h +++ b/contrib/bind-9.5.2/lib/bind/include/netdb.h @@ -86,7 +86,7 @@ /* * @(#)netdb.h 8.1 (Berkeley) 6/2/93 - * $Id: netdb.h,v 1.12.2.1.4.9 2006/10/02 01:20:30 marka Exp $ + * $Id: netdb.h,v 1.21.288.1 2008/02/28 05:46:12 marka Exp $ */ #ifndef _NETDB_H_ @@ -131,99 +131,98 @@ __END_DECLS extern int h_errno; #endif -/* +/*% * Structures returned by network data base library. All addresses are * supplied in host order, and returned in network order (suitable for * use in system calls). */ struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -#define h_addr h_addr_list[0] /* address, for backward compatiblity */ + char *h_name; /*%< official name of host */ + char **h_aliases; /*%< alias list */ + int h_addrtype; /*%< host address type */ + int h_length; /*%< length of address */ + char **h_addr_list; /*%< list of addresses from name server */ +#define h_addr h_addr_list[0] /*%< address, for backward compatiblity */ }; -/* +/*% * Assumption here is that a network number * fits in an unsigned long -- probably a poor one. */ struct netent { - char *n_name; /* official name of net */ - char **n_aliases; /* alias list */ - int n_addrtype; /* net address type */ - unsigned long n_net; /* network # */ + char *n_name; /*%< official name of net */ + char **n_aliases; /*%< alias list */ + int n_addrtype; /*%< net address type */ + unsigned long n_net; /*%< network # */ }; struct servent { - char *s_name; /* official service name */ - char **s_aliases; /* alias list */ - int s_port; /* port # */ - char *s_proto; /* protocol to use */ + char *s_name; /*%< official service name */ + char **s_aliases; /*%< alias list */ + int s_port; /*%< port # */ + char *s_proto; /*%< protocol to use */ }; struct protoent { - char *p_name; /* official protocol name */ - char **p_aliases; /* alias list */ - int p_proto; /* protocol # */ + char *p_name; /*%< official protocol name */ + char **p_aliases; /*%< alias list */ + int p_proto; /*%< protocol # */ }; struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + int ai_flags; /*%< AI_PASSIVE, AI_CANONNAME */ + int ai_family; /*%< PF_xxx */ + int ai_socktype; /*%< SOCK_xxx */ + int ai_protocol; /*%< 0 or IPPROTO_xxx for IPv4 and IPv6 */ #if defined(sun) && defined(_SOCKLEN_T) #ifdef __sparcv9 int _ai_pad; #endif socklen_t ai_addrlen; #else - size_t ai_addrlen; /* length of ai_addr */ + size_t ai_addrlen; /*%< length of ai_addr */ #endif #ifdef __linux - struct sockaddr *ai_addr; /* binary address */ - char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /*%< binary address */ + char *ai_canonname; /*%< canonical name for hostname */ #else - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ + char *ai_canonname; /*%< canonical name for hostname */ + struct sockaddr *ai_addr; /*%< binary address */ #endif - struct addrinfo *ai_next; /* next structure in linked list */ + struct addrinfo *ai_next; /*%< next structure in linked list */ }; -/* +/*% * Error return codes from gethostbyname() and gethostbyaddr() * (left in extern int h_errno). */ -#define NETDB_INTERNAL -1 /* see errno */ -#define NETDB_SUCCESS 0 /* no problem */ -#define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ -#define TRY_AGAIN 2 /* Non-Authoritive Host not found, or SERVERFAIL */ -#define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */ -#define NO_DATA 4 /* Valid name, no data record of requested type */ -#define NO_ADDRESS NO_DATA /* no address, look for MX record */ - +#define NETDB_INTERNAL -1 /*%< see errno */ +#define NETDB_SUCCESS 0 /*%< no problem */ +#define HOST_NOT_FOUND 1 /*%< Authoritative Answer Host not found */ +#define TRY_AGAIN 2 /*%< Non-Authoritive Host not found, or SERVERFAIL */ +#define NO_RECOVERY 3 /*%< Non recoverable errors, FORMERR, REFUSED, NOTIMP */ +#define NO_DATA 4 /*%< Valid name, no data record of requested type */ +#define NO_ADDRESS NO_DATA /*%< no address, look for MX record */ /* * Error return codes from getaddrinfo() */ -#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */ -#define EAI_AGAIN 2 /* temporary failure in name resolution */ -#define EAI_BADFLAGS 3 /* invalid value for ai_flags */ -#define EAI_FAIL 4 /* non-recoverable failure in name resolution */ -#define EAI_FAMILY 5 /* ai_family not supported */ -#define EAI_MEMORY 6 /* memory allocation failure */ -#define EAI_NODATA 7 /* no address associated with hostname */ -#define EAI_NONAME 8 /* hostname nor servname provided, or not known */ -#define EAI_SERVICE 9 /* servname not supported for ai_socktype */ -#define EAI_SOCKTYPE 10 /* ai_socktype not supported */ -#define EAI_SYSTEM 11 /* system error returned in errno */ +#define EAI_ADDRFAMILY 1 /*%< address family for hostname not supported */ +#define EAI_AGAIN 2 /*%< temporary failure in name resolution */ +#define EAI_BADFLAGS 3 /*%< invalid value for ai_flags */ +#define EAI_FAIL 4 /*%< non-recoverable failure in name resolution */ +#define EAI_FAMILY 5 /*%< ai_family not supported */ +#define EAI_MEMORY 6 /*%< memory allocation failure */ +#define EAI_NODATA 7 /*%< no address associated with hostname */ +#define EAI_NONAME 8 /*%< hostname nor servname provided, or not known */ +#define EAI_SERVICE 9 /*%< servname not supported for ai_socktype */ +#define EAI_SOCKTYPE 10 /*%< ai_socktype not supported */ +#define EAI_SYSTEM 11 /*%< system error returned in errno */ #define EAI_BADHINTS 12 #define EAI_PROTOCOL 13 #define EAI_MAX 14 -/* +/*% * Flag values for getaddrinfo() */ #define AI_PASSIVE 0x00000001 @@ -231,7 +230,7 @@ struct addrinfo { #define AI_NUMERICHOST 0x00000004 #define AI_MASK 0x00000007 -/* +/*% * Flag values for getipnodebyname() */ #define AI_V4MAPPED 0x00000008 @@ -239,13 +238,13 @@ struct addrinfo { #define AI_ADDRCONFIG 0x00000020 #define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG) -/* +/*% * Constants for getnameinfo() */ #define NI_MAXHOST 1025 #define NI_MAXSERV 32 -/* +/*% * Flag values for getnameinfo() */ #define NI_NOFQDN 0x00000001 @@ -256,7 +255,7 @@ struct addrinfo { #define NI_WITHSCOPEID 0x00000020 #define NI_NUMERICSCOPE 0x00000040 -/* +/*% * Scope delimit character */ #define SCOPE_DELIMITER '%' @@ -482,7 +481,7 @@ int endservent_r __P((struct servent_data *)); void endservent_r __P((struct servent_data *)); #endif #ifdef _AIX -int setnetgrent_r __P((const char *, void **)); +int setnetgrent_r __P((char *, void **)); void endnetgrent_r __P((void **)); /* * Note: AIX's netdb.h declares innetgr_r() as: @@ -572,12 +571,12 @@ __END_DECLS #include #else struct rpcent { - char *r_name; /* name of server for this rpc program */ - char **r_aliases; /* alias list */ - int r_number; /* rpc program number */ + char *r_name; /*%< name of server for this rpc program */ + char **r_aliases; /*%< alias list */ + int r_number; /*%< rpc program number */ }; struct rpcent *getrpcbyname(), *getrpcbynumber(), *getrpcent(); #endif /* __GNU_LIBRARY__ */ #endif /* sun */ - #endif /* !_NETDB_H_ */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/netgroup.h b/contrib/bind-9.5.2/lib/bind/include/netgroup.h similarity index 97% rename from contrib/bind-9.3/lib/bind/include/netgroup.h rename to contrib/bind-9.5.2/lib/bind/include/netgroup.h index 2296208c15..e4be459fdf 100644 --- a/contrib/bind-9.3/lib/bind/include/netgroup.h +++ b/contrib/bind-9.5.2/lib/bind/include/netgroup.h @@ -22,3 +22,5 @@ int innetgr __P((const char *, const char *, const char *, const char *)); #endif #endif #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/res_update.h b/contrib/bind-9.5.2/lib/bind/include/res_update.h similarity index 75% rename from contrib/bind-9.3/lib/bind/include/res_update.h rename to contrib/bind-9.5.2/lib/bind/include/res_update.h index 07a37f34c2..d6cbabc34c 100644 --- a/contrib/bind-9.3/lib/bind/include/res_update.h +++ b/contrib/bind-9.5.2/lib/bind/include/res_update.h @@ -16,34 +16,36 @@ */ /* - * $Id: res_update.h,v 1.1.206.1 2004/03/09 08:33:29 marka Exp $ + * $Id: res_update.h,v 1.3 2005/04/27 04:56:15 sra Exp $ */ #ifndef __RES_UPDATE_H #define __RES_UPDATE_H +/*! \file */ + #include #include #include #include -/* +/*% * This RR-like structure is particular to UPDATE. */ struct ns_updrec { LINK(struct ns_updrec) r_link, r_glink; - ns_sect r_section; /* ZONE/PREREQUISITE/UPDATE */ - char * r_dname; /* owner of the RR */ - ns_class r_class; /* class number */ - ns_type r_type; /* type number */ - u_int32_t r_ttl; /* time to live */ - u_char * r_data; /* rdata fields as text string */ - u_int r_size; /* size of r_data field */ - int r_opcode; /* type of operation */ + ns_sect r_section; /*%< ZONE/PREREQUISITE/UPDATE */ + char * r_dname; /*%< owner of the RR */ + ns_class r_class; /*%< class number */ + ns_type r_type; /*%< type number */ + u_int32_t r_ttl; /*%< time to live */ + u_char * r_data; /*%< rdata fields as text string */ + u_int r_size; /*%< size of r_data field */ + int r_opcode; /*%< type of operation */ /* following fields for private use by the resolver/server routines */ - struct databuf *r_dp; /* databuf to process */ - struct databuf *r_deldp; /* databuf's deleted/overwritten */ - u_int r_zone; /* zone number on server */ + struct databuf *r_dp; /*%< databuf to process */ + struct databuf *r_deldp; /*%< databuf's deleted/overwritten */ + u_int r_zone; /*%< zone number on server */ }; typedef struct ns_updrec ns_updrec; typedef LIST(ns_updrec) ns_updque; @@ -63,3 +65,5 @@ int res_nmkupdate __P((res_state, ns_updrec *, u_char *, int)); int res_nupdate __P((res_state, ns_updrec *, ns_tsig_key *)); #endif /*__RES_UPDATE_H*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/include/resolv_mt.h b/contrib/bind-9.5.2/lib/bind/include/resolv_mt.h similarity index 100% rename from contrib/bind-9.3/lib/bind/include/resolv_mt.h rename to contrib/bind-9.5.2/lib/bind/include/resolv_mt.h diff --git a/contrib/bind-9.3/lib/bind/inet/inet_addr.c b/contrib/bind-9.5.2/lib/bind/inet/inet_addr.c similarity index 96% rename from contrib/bind-9.3/lib/bind/inet/inet_addr.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_addr.c index 82bbe7ef54..b532873043 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_addr.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_addr.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static const char rcsid[] = "$Id: inet_addr.c,v 1.2.206.2 2004/03/17 00:29:45 marka Exp $"; +static const char rcsid[] = "$Id: inet_addr.c,v 1.5 2005/04/27 04:56:19 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -85,7 +85,7 @@ static const char rcsid[] = "$Id: inet_addr.c,v 1.2.206.2 2004/03/17 00:29:45 ma #include "port_after.h" -/* +/*% * Ascii internet address interpretation routine. * The value returned is in network order. */ @@ -98,7 +98,7 @@ inet_addr(const char *cp) { return (INADDR_NONE); } -/* +/*% * Check whether "cp" is a valid ascii representation * of an Internet address and convert to a binary address. * Returns 1 if the address is valid, 0 if not. @@ -179,22 +179,22 @@ inet_aton(const char *cp, struct in_addr *addr) { */ n = pp - parts + 1; switch (n) { - case 1: /* a -- 32 bits */ + case 1: /*%< a -- 32 bits */ break; - case 2: /* a.b -- 8.24 bits */ + case 2: /*%< a.b -- 8.24 bits */ if (val > 0xffffffU) return (0); val |= parts[0] << 24; break; - case 3: /* a.b.c -- 8.8.16 bits */ + case 3: /*%< a.b.c -- 8.8.16 bits */ if (val > 0xffffU) return (0); val |= (parts[0] << 24) | (parts[1] << 16); break; - case 4: /* a.b.c.d -- 8.8.8.8 bits */ + case 4: /*%< a.b.c.d -- 8.8.8.8 bits */ if (val > 0xffU) return (0); val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); @@ -215,3 +215,4 @@ __weak_reference(__inet_addr, inet_addr); #undef inet_aton __weak_reference(__inet_aton, inet_aton); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_cidr_ntop.c b/contrib/bind-9.5.2/lib/bind/inet/inet_cidr_ntop.c similarity index 98% rename from contrib/bind-9.3/lib/bind/inet/inet_cidr_ntop.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_cidr_ntop.c index b25dc8256f..bf960a8acc 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_cidr_ntop.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_cidr_ntop.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_cidr_ntop.c,v 1.1.2.1.8.4 2006/10/11 02:32:50 marka Exp $"; +static const char rcsid[] = "$Id: inet_cidr_ntop.c,v 1.7 2006/10/11 02:18:18 marka Exp $"; #endif #include "port_before.h" @@ -45,7 +45,7 @@ inet_cidr_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size); static char * inet_cidr_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size); -/* +/*% * char * * inet_cidr_ntop(af, src, bits, dst, size) * convert network address from network to presentation format. @@ -92,7 +92,7 @@ decoct(const u_char *src, int bytes, char *dst, size_t size) { return (dst - odst); } -/* +/*% * static char * * inet_cidr_ntop_ipv4(src, bits, dst, size) * convert IPv4 network address from network to presentation format. @@ -259,3 +259,5 @@ inet_cidr_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size) { strcpy(dst, tmp); return (dst); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_cidr_pton.c b/contrib/bind-9.5.2/lib/bind/inet/inet_cidr_pton.c similarity index 94% rename from contrib/bind-9.3/lib/bind/inet/inet_cidr_pton.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_cidr_pton.c index 0341c388b2..1d3ce8ee89 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_cidr_pton.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_cidr_pton.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_cidr_pton.c,v 1.2.2.1.8.2 2004/03/17 00:29:46 marka Exp $"; +static const char rcsid[] = "$Id: inet_cidr_pton.c,v 1.6 2005/04/27 04:56:19 sra Exp $"; #endif #include "port_before.h" @@ -29,7 +29,7 @@ static const char rcsid[] = "$Id: inet_cidr_pton.c,v 1.2.2.1.8.2 2004/03/17 00:2 #ifdef _LIBC #include -#define INSIST(x) assert(x) +#define INSIST(x) assert(x) #else #include #endif @@ -54,7 +54,7 @@ static int inet_cidr_pton_ipv6 __P((const char *src, u_char *dst, static int getbits(const char *, int ipv6); -/* +/*% * int * inet_cidr_pton(af, src, dst, *bits) * convert network address from presentation to network format. @@ -209,7 +209,7 @@ inet_cidr_pton_ipv6(const char *src, u_char *dst, int *pbits) { inet_cidr_pton_ipv4(curtok, tp, &bits, 1) == 0) { tp += NS_INADDRSZ; saw_xdigit = 0; - break; /* '\0' was seen by inet_pton4(). */ + break; /*%< '\\0' was seen by inet_pton4(). */ } if (ch == '/') { bits = getbits(src, 1); @@ -261,20 +261,22 @@ getbits(const char *src, int ipv6) { int bits = 0; char *cp, ch; - if (*src == '\0') /* syntax */ + if (*src == '\0') /*%< syntax */ return (-2); do { ch = *src++; cp = strchr(digits, ch); - if (cp == NULL) /* syntax */ + if (cp == NULL) /*%< syntax */ return (-2); bits *= 10; bits += cp - digits; - if (bits == 0 && *src != '\0') /* no leading zeros */ + if (bits == 0 && *src != '\0') /*%< no leading zeros */ return (-2); - if (bits > (ipv6 ? 128 : 32)) /* range error */ + if (bits > (ipv6 ? 128 : 32)) /*%< range error */ return (-2); } while (*src != '\0'); return (bits); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_data.c b/contrib/bind-9.5.2/lib/bind/inet/inet_data.c similarity index 93% rename from contrib/bind-9.3/lib/bind/inet/inet_data.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_data.c index e58629710a..4373a171a0 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_data.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_data.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$Id: inet_data.c,v 1.2.206.1 2004/03/09 08:33:32 marka Exp $"; +static char rcsid[] = "$Id: inet_data.c,v 1.4 2005/04/27 04:56:19 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -42,3 +42,5 @@ static char rcsid[] = "$Id: inet_data.c,v 1.2.206.1 2004/03/09 08:33:32 marka Ex const struct in6_addr isc_in6addr_any = IN6ADDR_ANY_INIT; const struct in6_addr isc_in6addr_loopback = IN6ADDR_LOOPBACK_INIT; + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_lnaof.c b/contrib/bind-9.5.2/lib/bind/inet/inet_lnaof.c similarity index 99% rename from contrib/bind-9.3/lib/bind/inet/inet_lnaof.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_lnaof.c index 5666be31f5..e4be6f72ee 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_lnaof.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_lnaof.c @@ -43,7 +43,7 @@ static const char sccsid[] = "@(#)inet_lnaof.c 8.1 (Berkeley) 6/4/93"; #include "port_after.h" -/* +/*% * Return the local network address portion of an * internet address; handles class a/b/c network * number formats. @@ -70,3 +70,4 @@ inet_lnaof(in) #undef inet_lnaof __weak_reference(__inet_lnaof, inet_lnaof); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_makeaddr.c b/contrib/bind-9.5.2/lib/bind/inet/inet_makeaddr.c similarity index 99% rename from contrib/bind-9.3/lib/bind/inet/inet_makeaddr.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_makeaddr.c index 1b013a85e8..f41b98df99 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_makeaddr.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_makeaddr.c @@ -43,7 +43,7 @@ static const char sccsid[] = "@(#)inet_makeaddr.c 8.1 (Berkeley) 6/4/93"; #include "port_after.h" -/* +/*% * Formulate an Internet address from network + host. Used in * building addresses stored in the ifnet structure. */ @@ -73,3 +73,4 @@ inet_makeaddr(net, host) #undef inet_makeaddr __weak_reference(__inet_makeaddr, inet_makeaddr); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_net_ntop.c b/contrib/bind-9.5.2/lib/bind/inet/inet_net_ntop.c similarity index 98% rename from contrib/bind-9.3/lib/bind/inet/inet_net_ntop.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_net_ntop.c index acf49b38e4..5d4cea65a8 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_net_ntop.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_net_ntop.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_net_ntop.c,v 1.1.2.1.8.2 2006/06/20 02:53:07 marka Exp $"; +static const char rcsid[] = "$Id: inet_net_ntop.c,v 1.5 2006/06/20 02:50:14 marka Exp $"; #endif #include "port_before.h" @@ -44,7 +44,7 @@ static char * inet_net_ntop_ipv4 __P((const u_char *src, int bits, static char * inet_net_ntop_ipv6 __P((const u_char *src, int bits, char *dst, size_t size)); -/* +/*% * char * * inet_net_ntop(af, src, bits, dst, size) * convert network number from network to presentation format. @@ -73,7 +73,7 @@ inet_net_ntop(af, src, bits, dst, size) } } -/* +/*% * static char * * inet_net_ntop_ipv4(src, bits, dst, size) * convert IPv4 network number from network to presentation format. @@ -148,7 +148,7 @@ inet_net_ntop_ipv4(src, bits, dst, size) return (NULL); } -/* +/*% * static char * * inet_net_ntop_ipv6(src, bits, fakebits, dst, size) * convert IPv6 network number from network to presentation format. @@ -284,3 +284,4 @@ emsgsize: #undef inet_net_ntop __weak_reference(__inet_net_ntop, inet_net_ntop); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_net_pton.c b/contrib/bind-9.5.2/lib/bind/inet/inet_net_pton.c similarity index 91% rename from contrib/bind-9.3/lib/bind/inet/inet_net_pton.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_net_pton.c index 06eb476ddf..a55cc11168 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_net_pton.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_net_pton.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_net_pton.c,v 1.4.2.1.8.2 2004/03/17 00:29:47 marka Exp $"; +static const char rcsid[] = "$Id: inet_net_pton.c,v 1.8.672.1 2008/08/26 04:42:38 marka Exp $"; #endif #include "port_before.h" @@ -29,7 +29,7 @@ static const char rcsid[] = "$Id: inet_net_pton.c,v 1.4.2.1.8.2 2004/03/17 00:29 #ifdef _LIBC #include -#define INSIST(cond) assert(cond) +#define INSIST(cond) assert(cond) #else #include #endif @@ -47,7 +47,7 @@ static const char rcsid[] = "$Id: inet_net_pton.c,v 1.4.2.1.8.2 2004/03/17 00:29 # define SPRINTF(x) ((size_t)sprintf x) #endif -/* +/*% * static int * inet_net_pton_ipv4(src, dst, size) * convert IPv4 network number from presentation to network format. @@ -78,7 +78,7 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) { if (size <= 0U) goto emsgsize; dirty = 0; - src++; /* skip x or X. */ + src++; /*%< skip x or X. */ while ((ch = *src++) != '\0' && isascii(ch) && isxdigit(ch)) { if (isupper(ch)) ch = tolower(ch); @@ -95,7 +95,7 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) { dirty = 0; } } - if (dirty) { /* Odd trailing nybble? */ + if (dirty) { /*%< Odd trailing nybble? */ if (size-- <= 0U) goto emsgsize; *dst++ = (u_char) (tmp << 4); @@ -131,18 +131,18 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) { if (ch == '/' && isascii((unsigned char)(src[0])) && isdigit((unsigned char)(src[0])) && dst > odst) { /* CIDR width specifier. Nothing can follow it. */ - ch = *src++; /* Skip over the /. */ + ch = *src++; /*%< Skip over the /. */ bits = 0; do { n = strchr(digits, ch) - digits; INSIST(n >= 0 && n <= 9); bits *= 10; bits += n; + if (bits > 32) + goto enoent; } while ((ch = *src++) != '\0' && isascii(ch) && isdigit(ch)); if (ch != '\0') goto enoent; - if (bits > 32) - goto emsgsize; } /* Firey death and destruction unless we prefetched EOS. */ @@ -154,15 +154,15 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) { goto enoent; /* If no CIDR spec was given, infer width from net class. */ if (bits == -1) { - if (*odst >= 240) /* Class E */ + if (*odst >= 240) /*%< Class E */ bits = 32; - else if (*odst >= 224) /* Class D */ + else if (*odst >= 224) /*%< Class D */ bits = 8; - else if (*odst >= 192) /* Class C */ + else if (*odst >= 192) /*%< Class C */ bits = 24; - else if (*odst >= 128) /* Class B */ + else if (*odst >= 128) /*%< Class B */ bits = 16; - else /* Class A */ + else /*%< Class A */ bits = 8; /* If imputed mask is narrower than specified octets, widen. */ if (bits < ((dst - odst) * 8)) @@ -205,11 +205,11 @@ getbits(const char *src, int *bitsp) { pch = strchr(digits, ch); if (pch != NULL) { - if (n++ != 0 && val == 0) /* no leading zeros */ + if (n++ != 0 && val == 0) /*%< no leading zeros */ return (0); val *= 10; val += (pch - digits); - if (val > 128) /* range */ + if (val > 128) /*%< range */ return (0); continue; } @@ -236,16 +236,16 @@ getv4(const char *src, u_char *dst, int *bitsp) { pch = strchr(digits, ch); if (pch != NULL) { - if (n++ != 0 && val == 0) /* no leading zeros */ + if (n++ != 0 && val == 0) /*%< no leading zeros */ return (0); val *= 10; val += (pch - digits); - if (val > 255) /* range */ + if (val > 255) /*%< range */ return (0); continue; } if (ch == '.' || ch == '/') { - if (dst - odst > 3) /* too many octets? */ + if (dst - odst > 3) /*%< too many octets? */ return (0); *dst++ = val; if (ch == '/') @@ -258,7 +258,7 @@ getv4(const char *src, u_char *dst, int *bitsp) { } if (n == 0) return (0); - if (dst - odst > 3) /* too many octets? */ + if (dst - odst > 3) /*%< too many octets? */ return (0); *dst++ = val; return (1); @@ -327,7 +327,7 @@ inet_net_pton_ipv6(const char *src, u_char *dst, size_t size) { tp += NS_INADDRSZ; saw_xdigit = 0; ipv4 = 1; - break; /* '\0' was seen by inet_pton4(). */ + break; /*%< '\\0' was seen by inet_pton4(). */ } if (ch == '/' && getbits(src, &bits) > 0) break; @@ -383,7 +383,7 @@ inet_net_pton_ipv6(const char *src, u_char *dst, size_t size) { return (-1); } -/* +/*% * int * inet_net_pton(af, src, dst, size) * convert network number from presentation to network format. @@ -417,3 +417,4 @@ inet_net_pton(int af, const char *src, void *dst, size_t size) { #undef inet_net_pton __weak_reference(__inet_net_pton, inet_net_pton); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_neta.c b/contrib/bind-9.5.2/lib/bind/inet/inet_neta.c similarity index 93% rename from contrib/bind-9.3/lib/bind/inet/inet_neta.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_neta.c index f394122299..95d6c88723 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_neta.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_neta.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_neta.c,v 1.1.206.1 2004/03/09 08:33:33 marka Exp $"; +static const char rcsid[] = "$Id: inet_neta.c,v 1.3 2005/04/27 04:56:20 sra Exp $"; #endif #include "port_before.h" @@ -38,10 +38,10 @@ static const char rcsid[] = "$Id: inet_neta.c,v 1.1.206.1 2004/03/09 08:33:33 ma # define SPRINTF(x) ((size_t)sprintf x) #endif -/* +/*% * char * * inet_neta(src, dst, size) - * format a in_addr_t network number into presentation format. + * format a u_long network number into presentation format. * return: * pointer to dst, or NULL if an error occurred (check errno). * note: @@ -94,3 +94,4 @@ inet_neta(src, dst, size) #undef inet_neta __weak_reference(__inet_neta, inet_neta); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_netof.c b/contrib/bind-9.5.2/lib/bind/inet/inet_netof.c similarity index 99% rename from contrib/bind-9.3/lib/bind/inet/inet_netof.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_netof.c index faf4524e5c..c4f11fa354 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_netof.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_netof.c @@ -43,7 +43,7 @@ static const char sccsid[] = "@(#)inet_netof.c 8.1 (Berkeley) 6/4/93"; #include "port_after.h" -/* +/*% * Return the network number from an internet * address; handles class a/b/c network #'s. */ @@ -52,7 +52,7 @@ inet_netof(in) struct in_addr in; { in_addr_t i = ntohl(in.s_addr); - + if (IN_CLASSA(i)) return (((i)&IN_CLASSA_NET) >> IN_CLASSA_NSHIFT); else if (IN_CLASSB(i)) @@ -69,3 +69,4 @@ inet_netof(in) #undef inet_netof __weak_reference(__inet_netof, inet_netof); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_network.c b/contrib/bind-9.5.2/lib/bind/inet/inet_network.c similarity index 97% rename from contrib/bind-9.3/lib/bind/inet/inet_network.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_network.c index f10558c33a..84e751901c 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_network.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_network.c @@ -44,7 +44,7 @@ static const char sccsid[] = "@(#)inet_network.c 8.1 (Berkeley) 6/4/93"; #include "port_after.h" -/* +/*% * Internet network address interpretation routine. * The library routines call this routine to interpret * network numbers. @@ -57,7 +57,6 @@ inet_network(cp) char c; in_addr_t parts[4], *pp = parts; int i, digit; - again: val = 0; base = 10; digit = 0; if (*cp == '0') @@ -84,9 +83,9 @@ again: } if (!digit) return (INADDR_NONE); + if (pp >= parts + 4 || val > 0xffU) + return (INADDR_NONE); if (*cp == '.') { - if (pp >= parts + 4 || val > 0xffU) - return (INADDR_NONE); *pp++ = val, cp++; goto again; } @@ -111,3 +110,4 @@ again: #undef inet_network __weak_reference(__inet_network, inet_network); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_ntoa.c b/contrib/bind-9.5.2/lib/bind/inet/inet_ntoa.c similarity index 96% rename from contrib/bind-9.3/lib/bind/inet/inet_ntoa.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_ntoa.c index 31d32a546b..67b04cb398 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_ntoa.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_ntoa.c @@ -33,7 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)inet_ntoa.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: inet_ntoa.c,v 1.1 2001/03/29 06:31:38 marka Exp $"; +static const char rcsid[] = "$Id: inet_ntoa.c,v 1.2 2005/04/27 04:56:21 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -48,7 +48,7 @@ static const char rcsid[] = "$Id: inet_ntoa.c,v 1.1 2001/03/29 06:31:38 marka Ex #include "port_after.h" -/* +/*% * Convert network-format internet address * to base 256 d.d.d.d representation. */ @@ -73,8 +73,9 @@ inet_ntoa_r(struct in_addr in, char *buf, socklen_t size) /* * Weak aliases for applications that use certain private entry points, * and fail to include . - */ +*/ #undef inet_ntoa __weak_reference(__inet_ntoa, inet_ntoa); __weak_reference(__inet_ntoa_r, inet_ntoa_r); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_ntop.c b/contrib/bind-9.5.2/lib/bind/inet/inet_ntop.c similarity index 90% rename from contrib/bind-9.3/lib/bind/inet/inet_ntop.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_ntop.c index ece29989d6..b1a49b5c60 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_ntop.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_ntop.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_ntop.c,v 1.1.2.1.8.2 2005/11/03 23:08:40 marka Exp $"; +static const char rcsid[] = "$Id: inet_ntop.c,v 1.5 2005/11/03 22:59:52 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -26,7 +26,7 @@ static const char rcsid[] = "$Id: inet_ntop.c,v 1.1.2.1.8.2 2005/11/03 23:08:40 #include #include -#include +#include "arpa/inet.h" #include #include @@ -35,13 +35,19 @@ static const char rcsid[] = "$Id: inet_ntop.c,v 1.1.2.1.8.2 2005/11/03 23:08:40 #include "port_after.h" -/* +#ifdef SPRINTF_CHAR +# define SPRINTF(x) strlen(sprintf/**/x) +#else +# define SPRINTF(x) ((size_t)sprintf x) +#endif + +/*% * WARNING: Don't even consider trying to compile this on a system where * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. */ -static const char *inet_ntop4 __P((const u_char *src, char *dst, socklen_t size)); -static const char *inet_ntop6 __P((const u_char *src, char *dst, socklen_t size)); +static const char *inet_ntop4 __P((const u_char *src, char *dst, size_t size)); +static const char *inet_ntop6 __P((const u_char *src, char *dst, size_t size)); /* char * * inet_ntop(af, src, dst, size) @@ -54,9 +60,9 @@ static const char *inet_ntop6 __P((const u_char *src, char *dst, socklen_t size) const char * inet_ntop(af, src, dst, size) int af; - const void * __restrict src; - char * __restrict dst; - socklen_t size; + const void *src; + char *dst; + size_t size; { switch (af) { case AF_INET: @@ -85,18 +91,16 @@ static const char * inet_ntop4(src, dst, size) const u_char *src; char *dst; - socklen_t size; + size_t size; { static const char fmt[] = "%u.%u.%u.%u"; char tmp[sizeof "255.255.255.255"]; - int l; - l = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]); - if (l <= 0 || (socklen_t) l >= size) { + if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) >= size) { errno = ENOSPC; return (NULL); } - strlcpy(dst, tmp, size); + strcpy(dst, tmp); return (dst); } @@ -110,7 +114,7 @@ static const char * inet_ntop6(src, dst, size) const u_char *src; char *dst; - socklen_t size; + size_t size; { /* * Note that int32_t and int16_t need only be "at least" large enough @@ -181,7 +185,7 @@ inet_ntop6(src, dst, size) tp += strlen(tp); break; } - tp += sprintf(tp, "%x", words[i]); + tp += SPRINTF((tp, "%x", words[i])); } /* Was it a trailing run of 0x00's? */ if (best.base != -1 && (best.base + best.len) == @@ -192,7 +196,7 @@ inet_ntop6(src, dst, size) /* * Check for overflow, copy, and we're done. */ - if ((socklen_t)(tp - tmp) > size) { + if ((size_t)(tp - tmp) > size) { errno = ENOSPC; return (NULL); } @@ -208,3 +212,4 @@ inet_ntop6(src, dst, size) #undef inet_ntop __weak_reference(__inet_ntop, inet_ntop); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/inet_pton.c b/contrib/bind-9.5.2/lib/bind/inet/inet_pton.c similarity index 96% rename from contrib/bind-9.3/lib/bind/inet/inet_pton.c rename to contrib/bind-9.5.2/lib/bind/inet/inet_pton.c index c1aa9b2cd7..6444bb593c 100644 --- a/contrib/bind-9.3/lib/bind/inet/inet_pton.c +++ b/contrib/bind-9.5.2/lib/bind/inet/inet_pton.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: inet_pton.c,v 1.2.206.2 2005/07/28 07:43:18 marka Exp $"; +static const char rcsid[] = "$Id: inet_pton.c,v 1.5 2005/07/28 06:51:47 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -30,7 +30,7 @@ static const char rcsid[] = "$Id: inet_pton.c,v 1.2.206.2 2005/07/28 07:43:18 ma #include #include "port_after.h" -/* +/*% * WARNING: Don't even consider trying to compile this on a system where * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. */ @@ -52,8 +52,8 @@ static int inet_pton6 __P((const char *src, u_char *dst)); int inet_pton(af, src, dst) int af; - const char * __restrict src; - void * __restrict dst; + const char *src; + void *dst; { switch (af) { case AF_INET: @@ -188,7 +188,7 @@ inet_pton6(src, dst) inet_pton4(curtok, tp) > 0) { tp += NS_INADDRSZ; seen_xdigits = 0; - break; /* '\0' was seen by inet_pton4(). */ + break; /*%< '\\0' was seen by inet_pton4(). */ } return (0); } @@ -228,3 +228,4 @@ inet_pton6(src, dst) #undef inet_pton __weak_reference(__inet_pton, inet_pton); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/inet/nsap_addr.c b/contrib/bind-9.5.2/lib/bind/inet/nsap_addr.c similarity index 96% rename from contrib/bind-9.3/lib/bind/inet/nsap_addr.c rename to contrib/bind-9.5.2/lib/bind/inet/nsap_addr.c index 5730fa4835..05cfabfbfc 100644 --- a/contrib/bind-9.3/lib/bind/inet/nsap_addr.c +++ b/contrib/bind-9.5.2/lib/bind/inet/nsap_addr.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nsap_addr.c,v 1.2.206.2 2005/07/28 07:43:18 marka Exp $"; +static const char rcsid[] = "$Id: nsap_addr.c,v 1.5 2005/07/28 06:51:48 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -118,3 +118,4 @@ __weak_reference(__inet_nsap_addr, inet_nsap_addr); #undef inet_nsap_ntoa __weak_reference(__inet_nsap_ntoa, inet_nsap_ntoa); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/dns.c b/contrib/bind-9.5.2/lib/bind/irs/dns.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/dns.c rename to contrib/bind-9.5.2/lib/bind/irs/dns.c index 27529b5650..cbea94680e 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns.c @@ -16,10 +16,11 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: dns.c,v 1.5 2006/03/09 23:57:56 marka Exp $"; #endif -/* +/*! \file + * \brief * dns.c --- this is the top-level accessor function for the dns */ diff --git a/contrib/bind-9.3/lib/bind/irs/dns_gr.c b/contrib/bind-9.5.2/lib/bind/irs/dns_gr.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/dns_gr.c rename to contrib/bind-9.5.2/lib/bind/irs/dns_gr.c index a35b10ca04..629d2fb173 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_gr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_gr.c @@ -16,10 +16,11 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_gr.c,v 1.1.2.1.4.1 2004/03/09 08:33:34 marka Exp $"; +static const char rcsid[] = "$Id: dns_gr.c,v 1.4 2005/04/27 04:56:21 sra Exp $"; #endif -/* +/*! \file + * \brief * dns_gr.c --- this file contains the functions for accessing * group information from Hesiod. */ @@ -69,7 +70,7 @@ struct pvt { * we keep one buffer and resize it as needed. */ struct group group; - size_t nmemb; /* Malloc'd max index of gr_mem[]. */ + size_t nmemb; /*%< Malloc'd max index of gr_mem[]. */ char * membuf; size_t membufsize; }; diff --git a/contrib/bind-9.3/lib/bind/irs/dns_ho.c b/contrib/bind-9.5.2/lib/bind/irs/dns_ho.c similarity index 93% rename from contrib/bind-9.3/lib/bind/irs/dns_ho.c rename to contrib/bind-9.5.2/lib/bind/irs/dns_ho.c index 192be042e0..eed8dd7698 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_ho.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_ho.c @@ -52,7 +52,7 @@ /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_ho.c,v 1.5.2.7.4.8 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: dns_ho.c,v 1.21.246.1 2008/09/24 05:41:39 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -95,8 +95,7 @@ static const char rcsid[] = "$Id: dns_ho.c,v 1.5.2.7.4.8 2006/03/10 00:17:21 mar #define MAXALIASES 35 #define MAXADDRS 35 -#define MAXPACKET (65535) /* Maximum TCP message size */ - +#define MAXPACKET (65535) /*%< Maximum TCP message size */ #define BOUNDS_CHECK(ptr, count) \ if ((ptr) + (count) > eom) { \ had_error++; \ @@ -110,14 +109,14 @@ typedef union { struct dns_res_target { struct dns_res_target *next; - querybuf qbuf; /* query buffer */ - u_char *answer; /* buffer to put answer */ - int anslen; /* size of answer buffer */ - int qclass, qtype; /* class and type of query */ - int action; /* condition whether query is really issued */ - char qname[MAXDNAME +1]; /* domain name */ + querybuf qbuf; /*%< query buffer */ + u_char *answer; /*%< buffer to put answer */ + int anslen; /*%< size of answer buffer */ + int qclass, qtype; /*%< class and type of query */ + int action; /*%< condition whether query is really issued */ + char qname[MAXDNAME +1]; /*%< domain name */ #if 0 - int n; /* result length */ + int n; /*%< result length */ #endif }; enum {RESTGT_DOALWAYS, RESTGT_AFTERFAILURE, RESTGT_IGNORE}; @@ -128,7 +127,7 @@ struct pvt { char * h_addr_ptrs[MAXADDRS + 1]; char * host_aliases[MAXALIASES]; char hostbuf[8*1024]; - u_char host_addr[16]; /* IPv4 or IPv6 */ + u_char host_addr[16]; /*%< IPv4 or IPv6 */ struct __res_state *res; void (*free_res)(void *); }; @@ -141,8 +140,7 @@ typedef union { static const u_char mapped[] = { 0,0, 0,0, 0,0, 0,0, 0,0, 0xff,0xff }; static const u_char tunnelled[] = { 0,0, 0,0, 0,0, 0,0, 0,0, 0,0 }; /* Note: the IPv6 loopback address is in the "tunnel" space */ -static const u_char v6local[] = { 0,0, 0,1 }; /* last 4 bytes of IPv6 addr */ - +static const u_char v6local[] = { 0,0, 0,1 }; /*%< last 4 bytes of IPv6 addr */ /* Forwards. */ static void ho_close(struct irs_ho *this); @@ -317,8 +315,7 @@ ho_byname2(struct irs_ho *this, const char *name, int af) if ((hp = gethostans(this, p->answer, n, name, p->qtype, af, size, NULL, (const struct addrinfo *)&ai)) != NULL) - goto cleanup; /* no more loop is necessary */ - + goto cleanup; /*%< no more loop is necessary */ querystate = RESQRY_FAIL; continue; } @@ -495,10 +492,9 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af) } RES_SET_H_ERRNO(pvt->res, NETDB_SUCCESS); - goto cleanup; /* no more loop is necessary. */ + goto cleanup; /*%< no more loop is necessary. */ } - hp = NULL; /* H_ERRNO was set by subroutines */ - + hp = NULL; /*%< H_ERRNO was set by subroutines */ cleanup: if (q != NULL) memput(q, sizeof(*q)); @@ -610,7 +606,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) q->action = RESTGT_DOALWAYS; break; default: - RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); /* better error? */ + RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); /*%< better error? */ goto cleanup; } @@ -643,7 +639,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) continue; } (void)gethostans(this, p->answer, n, name, p->qtype, - pai->ai_family, /* XXX: meaningless */ + pai->ai_family, /*%< XXX: meaningless */ 0, &ai, pai); if (ai) { querystate = RESQRY_SUCCESS; @@ -681,7 +677,7 @@ ho_res_set(struct irs_ho *this, struct __res_state *res, static struct hostent * gethostans(struct irs_ho *this, const u_char *ansbuf, int anslen, const char *qname, int qtype, - int af, int size, /* meaningless for addrinfo cases */ + int af, int size, /*!< meaningless for addrinfo cases */ struct addrinfo **ret_aip, const struct addrinfo *pai) { struct pvt *pvt = (struct pvt *)this->private; @@ -709,7 +705,7 @@ gethostans(struct irs_ho *this, switch (qtype) { case T_A: case T_AAAA: - case T_ANY: /* use T_ANY only for T_A/T_AAAA lookup */ + case T_ANY: /*%< use T_ANY only for T_A/T_AAAA lookup */ name_ok = res_hnok; break; case T_PTR: @@ -755,7 +751,7 @@ gethostans(struct irs_ho *this, * same as the one we sent; this just gets the expanded name * (i.e., with the succeeding search-domain tacked on). */ - n = strlen(bp) + 1; /* for the \0 */ + n = strlen(bp) + 1; /*%< for the \\0 */ if (n > MAXHOSTNAMELEN) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); @@ -780,14 +776,14 @@ gethostans(struct irs_ho *this, had_error++; continue; } - cp += n; /* name */ + cp += n; /*%< name */ BOUNDS_CHECK(cp, 3 * INT16SZ + INT32SZ); type = ns_get16(cp); - cp += INT16SZ; /* type */ + cp += INT16SZ; /*%< type */ class = ns_get16(cp); - cp += INT16SZ + INT32SZ; /* class, TTL */ + cp += INT16SZ + INT32SZ; /*%< class, TTL */ n = ns_get16(cp); - cp += INT16SZ; /* len */ + cp += INT16SZ; /*%< len */ BOUNDS_CHECK(cp, n); if (class != C_IN) { cp += n; @@ -815,10 +811,10 @@ gethostans(struct irs_ho *this, if (ap >= &pvt->host_aliases[MAXALIASES-1]) continue; *ap++ = bp; - n = strlen(bp) + 1; /* for the \0 */ + n = strlen(bp) + 1; /*%< for the \\0 */ bp += n; /* Get canonical name. */ - n = strlen(tbuf) + 1; /* for the \0 */ + n = strlen(tbuf) + 1; /*%< for the \\0 */ if (n > (ep - bp) || n > MAXHOSTNAMELEN) { had_error++; continue; @@ -850,7 +846,7 @@ gethostans(struct irs_ho *this, continue; } /* Get canonical name. */ - n = strlen(tbuf) + 1; /* for the \0 */ + n = strlen(tbuf) + 1; /*%< for the \\0 */ if (n > (ep - bp)) { had_error++; continue; @@ -896,7 +892,7 @@ gethostans(struct irs_ho *this, else n = -1; if (n != -1) { - n = strlen(bp) + 1; /* for the \0 */ + n = strlen(bp) + 1; /*%< for the \\0 */ bp += n; } break; @@ -927,7 +923,7 @@ gethostans(struct irs_ho *this, if (!haveanswer) { int nn; - nn = strlen(bp) + 1; /* for the \0 */ + nn = strlen(bp) + 1; /*%< for the \\0 */ if (nn >= MAXHOSTNAMELEN) { cp += n; had_error++; @@ -941,14 +937,14 @@ gethostans(struct irs_ho *this, bp = (char *)(((u_long)bp + (sizeof(align) - 1)) & ~(sizeof(align) - 1)); /* Avoid overflows. */ - if (bp + n >= &pvt->hostbuf[sizeof pvt->hostbuf]) { + if (bp + n > &pvt->hostbuf[sizeof(pvt->hostbuf) - 1]) { had_error++; continue; } - if (ret_aip) { /* need addrinfo. keep it. */ + if (ret_aip) { /*%< need addrinfo. keep it. */ while (cur->ai_next) cur = cur->ai_next; - } else if (cur->ai_next) { /* need hostent */ + } else if (cur->ai_next) { /*%< need hostent */ struct addrinfo *aip = cur->ai_next; for (aip = cur->ai_next; aip; @@ -962,7 +958,7 @@ gethostans(struct irs_ho *this, } if (m == 0) continue; - if (hap < &pvt->h_addr_ptrs[MAXADDRS-1]) + if (hap < &pvt->h_addr_ptrs[MAXADDRS]) hap++; *hap = NULL; bp += m; @@ -984,11 +980,12 @@ gethostans(struct irs_ho *this, *ap = NULL; *hap = NULL; - if (pvt->res->nsort && haveanswer > 1 && qtype == T_A) + if (pvt->res->nsort && hap != pvt->h_addr_ptrs && + qtype == T_A) addrsort(pvt->res, pvt->h_addr_ptrs, - haveanswer); + hap - pvt->h_addr_ptrs); if (pvt->host.h_name == NULL) { - n = strlen(qname) + 1; /* for the \0 */ + n = strlen(qname) + 1; /*%< for the \\0 */ if (n > (ep - bp) || n >= MAXHOSTNAMELEN) goto no_recovery; strcpy(bp, qname); /* (checked) */ @@ -1044,18 +1041,17 @@ add_hostent(struct pvt *pvt, char *bp, char **hap, struct addrinfo *ai) addrp = (char *)&((struct sockaddr_in *)ai->ai_addr)->sin_addr; break; default: - return(-1); /* abort? */ + return(-1); /*%< abort? */ } /* Ensure alignment. */ bp = (char *)(((u_long)bp + (sizeof(align) - 1)) & ~(sizeof(align) - 1)); /* Avoid overflows. */ - if (bp + addrlen >= &pvt->hostbuf[sizeof pvt->hostbuf]) + if (bp + addrlen > &pvt->hostbuf[sizeof(pvt->hostbuf) - 1]) return(-1); - if (hap >= &pvt->h_addr_ptrs[MAXADDRS-1]) - return(0); /* fail, but not treat it as an error. */ - + if (hap >= &pvt->h_addr_ptrs[MAXADDRS]) + return(0); /*%< fail, but not treat it as an error. */ /* Suppress duplicates. */ for (tap = (const char **)pvt->h_addr_ptrs; *tap != NULL; diff --git a/contrib/bind-9.3/lib/bind/irs/dns_nw.c b/contrib/bind-9.5.2/lib/bind/irs/dns_nw.c similarity index 96% rename from contrib/bind-9.3/lib/bind/irs/dns_nw.c rename to contrib/bind-9.5.2/lib/bind/irs/dns_nw.c index 8a5937dbb6..dc1e61739b 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_nw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_nw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_nw.c,v 1.3.2.4.4.4 2004/09/16 00:57:34 marka Exp $"; +static const char rcsid[] = "$Id: dns_nw.c,v 1.12 2005/04/27 04:56:22 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -377,16 +377,16 @@ get1101answer(struct irs_nw *this, while (--ancount >= 0 && cp < eom) { int n = dn_expand(ansbuf, eom, cp, bp, ep - bp); - cp += n; /* Owner */ + cp += n; /*%< Owner */ if (n < 0 || !maybe_dnok(pvt->res, bp) || cp + 3 * INT16SZ + INT32SZ > eom) { RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); return (NULL); } - GETSHORT(type, cp); /* Type */ - GETSHORT(class, cp); /* Class */ - cp += INT32SZ; /* TTL */ - GETSHORT(n, cp); /* RDLENGTH */ + GETSHORT(type, cp); /*%< Type */ + GETSHORT(class, cp); /*%< Class */ + cp += INT32SZ; /*%< TTL */ + GETSHORT(n, cp); /*%< RDLENGTH */ if (class == C_IN && type == T_PTR) { int nn; @@ -430,7 +430,7 @@ get1101answer(struct irs_nw *this, } } } - cp += n; /* RDATA */ + cp += n; /*%< RDATA */ } if (!haveanswer) { RES_SET_H_ERRNO(pvt->res, TRY_AGAIN); @@ -491,13 +491,13 @@ get1101mask(struct irs_nw *this, struct nwent *nwent) { if (n < 0 || !maybe_dnok(pvt->res, owner)) break; - cp += n; /* Owner */ + cp += n; /*%< Owner */ if (cp + 3 * INT16SZ + INT32SZ > eom) break; - GETSHORT(type, cp); /* Type */ - GETSHORT(class, cp); /* Class */ - cp += INT32SZ; /* TTL */ - GETSHORT(n, cp); /* RDLENGTH */ + GETSHORT(type, cp); /*%< Type */ + GETSHORT(class, cp); /*%< Class */ + cp += INT32SZ; /*%< TTL */ + GETSHORT(n, cp); /*%< RDLENGTH */ if (cp + n > eom) break; if (n == INADDRSZ && class == C_IN && type == T_A && @@ -513,7 +513,7 @@ get1101mask(struct irs_nw *this, struct nwent *nwent) { else break; } - cp += n; /* RDATA */ + cp += n; /*%< RDATA */ } memput(ansbuf, MAXPACKET); return (nwent); @@ -587,3 +587,5 @@ init(struct irs_nw *this) { return (-1); return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/dns_p.h b/contrib/bind-9.5.2/lib/bind/irs/dns_p.h similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/dns_p.h rename to contrib/bind-9.5.2/lib/bind/irs/dns_p.h index f984c1cd50..d85ae2a238 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_p.h @@ -16,7 +16,7 @@ */ /* - * $Id: dns_p.h,v 1.1.206.2 2004/03/17 00:29:48 marka Exp $ + * $Id: dns_p.h,v 1.4 2005/04/27 04:56:22 sra Exp $ */ #ifndef _DNS_P_H_INCLUDED @@ -27,7 +27,7 @@ #define maybe_hnok(res, hn) maybe_ok((res), (hn), res_hnok) #define maybe_dnok(res, dn) maybe_ok((res), (dn), res_dnok) -/* +/*% * Object state. */ struct dns_p { @@ -48,3 +48,5 @@ extern struct irs_ho * irs_dns_ho __P((struct irs_acc *)); extern struct irs_nw * irs_dns_nw __P((struct irs_acc *)); #endif /*_DNS_P_H_INCLUDED*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/dns_pr.c b/contrib/bind-9.5.2/lib/bind/irs/dns_pr.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/dns_pr.c rename to contrib/bind-9.5.2/lib/bind/irs/dns_pr.c index ffcca15239..137f306218 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_pr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_pr.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_pr.c,v 1.3.206.1 2004/03/09 08:33:34 marka Exp $"; +static const char rcsid[] = "$Id: dns_pr.c,v 1.5 2005/04/27 04:56:22 sra Exp $"; #endif /* Imports */ @@ -264,3 +264,5 @@ parse_hes_list(struct irs_pr *this, char **hes_list) { } return (NULL); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/dns_pw.c b/contrib/bind-9.5.2/lib/bind/irs/dns_pw.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/dns_pw.c rename to contrib/bind-9.5.2/lib/bind/irs/dns_pw.c index 41b3795f23..4ea97adfdb 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_pw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_pw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_pw.c,v 1.1.206.1 2004/03/09 08:33:34 marka Exp $"; +static const char rcsid[] = "$Id: dns_pw.c,v 1.3 2005/04/27 04:56:22 sra Exp $"; #endif #include "port_before.h" @@ -229,3 +229,4 @@ getpwcommon(struct irs_pw *this, const char *arg, const char *type) { } #endif /* WANT_IRS_PW */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/dns_sv.c b/contrib/bind-9.5.2/lib/bind/irs/dns_sv.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/dns_sv.c rename to contrib/bind-9.5.2/lib/bind/irs/dns_sv.c index a2aafde825..c3294255b8 100644 --- a/contrib/bind-9.3/lib/bind/irs/dns_sv.c +++ b/contrib/bind-9.5.2/lib/bind/irs/dns_sv.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: dns_sv.c,v 1.3.206.1 2004/03/09 08:33:34 marka Exp $"; +static const char rcsid[] = "$Id: dns_sv.c,v 1.5 2005/04/27 04:56:23 sra Exp $"; #endif /* Imports */ @@ -111,8 +111,8 @@ irs_dns_sv(struct irs_acc *this) { sv->res_get = sv_res_get; sv->res_set = sv_res_set; #else - sv->res_get = NULL; /* sv_res_get; */ - sv->res_set = NULL; /* sv_res_set; */ + sv->res_get = NULL; /*%< sv_res_get; */ + sv->res_set = NULL; /*%< sv_res_set; */ #endif return (sv); } @@ -296,3 +296,5 @@ sv_res_set(struct irs_sv *this, struct __res_state * res, __hesiod_res_set(dns->hes_ctx, res, free_res); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gai_strerror.c b/contrib/bind-9.5.2/lib/bind/irs/gai_strerror.c similarity index 77% rename from contrib/bind-9.3/lib/bind/irs/gai_strerror.c rename to contrib/bind-9.5.2/lib/bind/irs/gai_strerror.c index 0492f8f49a..9ca1c4bfe1 100644 --- a/contrib/bind-9.3/lib/bind/irs/gai_strerror.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gai_strerror.c @@ -26,21 +26,20 @@ static const char *gai_errlist[] = { "no error", - "address family not supported for name",/* EAI_ADDRFAMILY */ - "temporary failure", /* EAI_AGAIN */ - "invalid flags", /* EAI_BADFLAGS */ - "permanent failure", /* EAI_FAIL */ - "address family not supported", /* EAI_FAMILY */ - "memory failure", /* EAI_MEMORY */ - "no address", /* EAI_NODATA */ - "unknown name or service", /* EAI_NONAME */ - "service not supported for socktype", /* EAI_SERVICE */ - "socktype not supported", /* EAI_SOCKTYPE */ - "system failure", /* EAI_SYSTEM */ - "bad hints", /* EAI_BADHINTS */ - "bad protocol", /* EAI_PROTOCOL */ - - "unknown error" /* Must be last. */ + "address family not supported for name",/*%< EAI_ADDRFAMILY */ + "temporary failure", /*%< EAI_AGAIN */ + "invalid flags", /*%< EAI_BADFLAGS */ + "permanent failure", /*%< EAI_FAIL */ + "address family not supported", /*%< EAI_FAMILY */ + "memory failure", /*%< EAI_MEMORY */ + "no address", /*%< EAI_NODATA */ + "unknown name or service", /*%< EAI_NONAME */ + "service not supported for socktype", /*%< EAI_SERVICE */ + "socktype not supported", /*%< EAI_SOCKTYPE */ + "system failure", /*%< EAI_SYSTEM */ + "bad hints", /*%< EAI_BADHINTS */ + "bad protocol", /*%< EAI_PROTOCOL */ + "unknown error" /*%< Must be last. */ }; static const int gai_nerr = (sizeof(gai_errlist)/sizeof(*gai_errlist)); @@ -69,8 +68,10 @@ gai_strerror(int ecode) { if (pthread_mutex_lock(&lock) != 0) goto unknown; if (!once) { - if (pthread_key_create(&key, free) != 0) + if (pthread_key_create(&key, free) != 0) { + (void)pthread_mutex_unlock(&lock); goto unknown; + } once = 1; } if (pthread_mutex_unlock(&lock) != 0) @@ -100,3 +101,5 @@ gai_strerror(int ecode) { return ("unknown error"); #endif } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen.c b/contrib/bind-9.5.2/lib/bind/irs/gen.c similarity index 99% rename from contrib/bind-9.3/lib/bind/irs/gen.c rename to contrib/bind-9.5.2/lib/bind/irs/gen.c index e093db371e..04105b3025 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen.c @@ -16,10 +16,11 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen.c,v 1.3.206.3 2004/09/16 00:57:34 marka Exp $"; +static const char rcsid[] = "$Id: gen.c,v 1.7 2005/04/27 04:56:23 sra Exp $"; #endif -/* +/*! \file + * \brief * this is the top level dispatcher * * The dispatcher is implemented as an accessor class; it is an diff --git a/contrib/bind-9.3/lib/bind/irs/gen_gr.c b/contrib/bind-9.5.2/lib/bind/irs/gen_gr.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/gen_gr.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_gr.c index e0c6dba529..d689e19319 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_gr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_gr.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen_gr.c,v 1.4.2.1.4.2 2004/05/17 07:48:56 marka Exp $"; +static const char rcsid[] = "$Id: gen_gr.c,v 1.8 2005/04/27 04:56:23 sra Exp $"; #endif /* Imports */ @@ -61,7 +61,7 @@ struct pvt { * we keep one buffer and resize it as needed. */ struct group group; - size_t nmemb; /* Malloc'd max index of gr_mem[]. */ + size_t nmemb; /*%< Malloc'd max index of gr_mem[]. */ char * membuf; size_t membufsize; struct __res_state * res; @@ -490,3 +490,4 @@ newgid(int ngroups, gid_t *groups, gid_t group) { } #endif /* WANT_IRS_GR */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_ho.c b/contrib/bind-9.5.2/lib/bind/irs/gen_ho.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/gen_ho.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_ho.c index f17aa2238f..d38ea26b86 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_ho.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_ho.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: gen_ho.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: gen_ho.c,v 1.5 2006/03/09 23:57:56 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -348,7 +348,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) ho = rule->inst->ho; RES_SET_H_ERRNO(pvt->res, NETDB_INTERNAL); errno = 0; - if (ho->addrinfo == NULL) /* for safety */ + if (ho->addrinfo == NULL) /*%< for safety */ continue; rval = (*ho->addrinfo)(ho, name, pai); if (rval != NULL) @@ -387,3 +387,5 @@ init(struct irs_ho *this) { return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_ng.c b/contrib/bind-9.5.2/lib/bind/irs/gen_ng.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/gen_ng.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_ng.c index 9f3ecad99d..c617c7c9f5 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_ng.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_ng.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen_ng.c,v 1.1.206.1 2004/03/09 08:33:35 marka Exp $"; +static const char rcsid[] = "$Id: gen_ng.c,v 1.3 2005/04/27 04:56:23 sra Exp $"; #endif /* Imports */ @@ -170,3 +170,5 @@ ng_minimize(struct irs_ng *this) { (*ng->minimize)(ng); } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_nw.c b/contrib/bind-9.5.2/lib/bind/irs/gen_nw.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/gen_nw.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_nw.c index cb41f5dbc9..480a435478 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_nw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_nw.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen_nw.c,v 1.1.206.2 2004/03/17 01:49:40 marka Exp $"; +static const char rcsid[] = "$Id: gen_nw.c,v 1.4 2005/04/27 04:56:23 sra Exp $"; #endif /* Imports */ @@ -260,3 +260,5 @@ init(struct irs_nw *this) { return (-1); return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_p.h b/contrib/bind-9.5.2/lib/bind/irs/gen_p.h similarity index 84% rename from contrib/bind-9.3/lib/bind/irs/gen_p.h rename to contrib/bind-9.5.2/lib/bind/irs/gen_p.h index 0a7ea2b379..1adc5909bb 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_p.h @@ -16,10 +16,11 @@ */ /* - * $Id: gen_p.h,v 1.1.206.1 2004/03/09 08:33:35 marka Exp $ + * $Id: gen_p.h,v 1.3 2005/04/27 04:56:23 sra Exp $ */ -/* Notes: +/*! \file + * Notes: * We hope to create a complete set of thread-safe entry points someday, * which will mean a set of getXbyY() functions that take as an argument * a pointer to the map class, which will have a pointer to the private @@ -36,32 +37,32 @@ #ifndef _GEN_P_H_INCLUDED #define _GEN_P_H_INCLUDED -/* +/*% * These are the access methods. */ enum irs_acc_id { - irs_lcl, /* Local. */ - irs_dns, /* DNS or Hesiod. */ - irs_nis, /* Sun NIS ("YP"). */ - irs_irp, /* IR protocol. */ + irs_lcl, /*%< Local. */ + irs_dns, /*%< DNS or Hesiod. */ + irs_nis, /*%< Sun NIS ("YP"). */ + irs_irp, /*%< IR protocol. */ irs_nacc }; -/* +/*% * These are the map types. */ enum irs_map_id { - irs_gr, /* "group" */ - irs_pw, /* "passwd" */ - irs_sv, /* "services" */ - irs_pr, /* "protocols" */ - irs_ho, /* "hosts" */ - irs_nw, /* "networks" */ - irs_ng, /* "netgroup" */ + irs_gr, /*%< "group" */ + irs_pw, /*%< "passwd" */ + irs_sv, /*%< "services" */ + irs_pr, /*%< "protocols" */ + irs_ho, /*%< "hosts" */ + irs_nw, /*%< "networks" */ + irs_ng, /*%< "netgroup" */ irs_nmap }; -/* +/*% * This is an accessor instance. */ struct irs_inst { @@ -75,7 +76,7 @@ struct irs_inst { struct irs_ng * ng; }; -/* +/*% * This is a search rule for some map type. */ struct irs_rule { @@ -83,9 +84,8 @@ struct irs_rule { struct irs_inst * inst; int flags; }; -#define IRS_MERGE 0x0001 /* Don't stop if acc. has data? */ -#define IRS_CONTINUE 0x0002 /* Don't stop if acc. has no data? */ - +#define IRS_MERGE 0x0001 /*%< Don't stop if acc. has data? */ +#define IRS_CONTINUE 0x0002 /*%< Don't stop if acc. has no data? */ /* * This is the private data for a search access class. */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_pr.c b/contrib/bind-9.5.2/lib/bind/irs/gen_pr.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/gen_pr.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_pr.c index 465fee3c09..93c0426c78 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_pr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_pr.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen_pr.c,v 1.1.206.1 2004/03/09 08:33:35 marka Exp $"; +static const char rcsid[] = "$Id: gen_pr.c,v 1.3 2005/04/27 04:56:24 sra Exp $"; #endif /* Imports */ @@ -224,3 +224,5 @@ pr_res_set(struct irs_pr *this, struct __res_state *res, (*pr->res_set)(pr, pvt->res, NULL); } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_pw.c b/contrib/bind-9.5.2/lib/bind/irs/gen_pw.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/gen_pw.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_pw.c index ca313021df..512b011518 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_pw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_pw.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen_pw.c,v 1.1.206.1 2004/03/09 08:33:35 marka Exp $"; +static const char rcsid[] = "$Id: gen_pw.c,v 1.3 2005/04/27 04:56:24 sra Exp $"; #endif /* Imports */ @@ -231,3 +231,4 @@ pw_res_set(struct irs_pw *this, struct __res_state *res, } #endif /* WANT_IRS_PW */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gen_sv.c b/contrib/bind-9.5.2/lib/bind/irs/gen_sv.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/gen_sv.c rename to contrib/bind-9.5.2/lib/bind/irs/gen_sv.c index e8f6114206..4cad166d2f 100644 --- a/contrib/bind-9.3/lib/bind/irs/gen_sv.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gen_sv.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gen_sv.c,v 1.1.206.1 2004/03/09 08:33:35 marka Exp $"; +static const char rcsid[] = "$Id: gen_sv.c,v 1.3 2005/04/27 04:56:24 sra Exp $"; #endif /* Imports */ @@ -225,3 +225,5 @@ sv_res_set(struct irs_sv *this, struct __res_state *res, (*sv->res_set)(sv, pvt->res, NULL); } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getaddrinfo.c b/contrib/bind-9.5.2/lib/bind/irs/getaddrinfo.c similarity index 92% rename from contrib/bind-9.3/lib/bind/irs/getaddrinfo.c rename to contrib/bind-9.5.2/lib/bind/irs/getaddrinfo.c index c8d1ab3b79..1839ba48e1 100644 --- a/contrib/bind-9.3/lib/bind/irs/getaddrinfo.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getaddrinfo.c @@ -29,48 +29,52 @@ * SUCH DAMAGE. */ -/* +/*! \file * Issues to be discussed: - * - Thread safe-ness must be checked. - * - Return values. There are nonstandard return values defined and used + *\li Thread safe-ness must be checked. + *\li Return values. There are nonstandard return values defined and used * in the source code. This is because RFC2553 is silent about which error * code must be returned for which situation. - * - IPv4 classful (shortened) form. RFC2553 is silent about it. XNET 5.2 + *\li IPv4 classful (shortened) form. RFC2553 is silent about it. XNET 5.2 * says to use inet_aton() to convert IPv4 numeric to binary (allows * classful form as a result). * current code - disallow classful form for IPv4 (due to use of inet_pton). - * - freeaddrinfo(NULL). RFC2553 is silent about it. XNET 5.2 says it is + *\li freeaddrinfo(NULL). RFC2553 is silent about it. XNET 5.2 says it is * invalid. * current code - SEGV on freeaddrinfo(NULL) * Note: - * - We use getipnodebyname() just for thread-safeness. There's no intent + *\li We use getipnodebyname() just for thread-safeness. There's no intent * to let it do PF_UNSPEC (actually we never pass PF_UNSPEC to * getipnodebyname(). - * - The code filters out AFs that are not supported by the kernel, + *\li The code filters out AFs that are not supported by the kernel, * when globbing NULL hostname (to loopback, or wildcard). Is it the right * thing to do? What is the relationship with post-RFC2553 AI_ADDRCONFIG * in ai_flags? - * - (post-2553) semantics of AI_ADDRCONFIG itself is too vague. + *\li (post-2553) semantics of AI_ADDRCONFIG itself is too vague. * (1) what should we do against numeric hostname (2) what should we do * against NULL hostname (3) what is AI_ADDRCONFIG itself. AF not ready? * non-loopback address configured? global address configured? - * - To avoid search order issue, we have a big amount of code duplicate + * \par Additional Issue: + * To avoid search order issue, we have a big amount of code duplicate * from gethnamaddr.c and some other places. The issues that there's no * lower layer function to lookup "IPv4 or IPv6" record. Calling * gethostbyname2 from getaddrinfo will end up in wrong search order, as * follows: - * - The code makes use of following calls when asked to resolver with + * \li The code makes use of following calls when asked to resolver with * ai_family = PF_UNSPEC: - * getipnodebyname(host, AF_INET6); + *\code getipnodebyname(host, AF_INET6); * getipnodebyname(host, AF_INET); - * This will result in the following queries if the node is configure to + *\endcode + * \li This will result in the following queries if the node is configure to * prefer /etc/hosts than DNS: + *\code * lookup /etc/hosts for IPv6 address * lookup DNS for IPv6 address * lookup /etc/hosts for IPv4 address * lookup DNS for IPv4 address + *\endcode * which may not meet people's requirement. - * The right thing to happen is to have underlying layer which does + * \li The right thing to happen is to have underlying layer which does * PF_UNSPEC lookup (lookup both) and return chain of addrinfos. * This would result in a bit of code duplicate with _dns_ghbyname() and * friends. @@ -199,20 +203,20 @@ struct addrinfo *addr2addrinfo __P((const struct addrinfo *, #if 0 static const char *ai_errlist[] = { "Success", - "Address family for hostname not supported", /* EAI_ADDRFAMILY */ - "Temporary failure in name resolution", /* EAI_AGAIN */ - "Invalid value for ai_flags", /* EAI_BADFLAGS */ - "Non-recoverable failure in name resolution", /* EAI_FAIL */ - "ai_family not supported", /* EAI_FAMILY */ - "Memory allocation failure", /* EAI_MEMORY */ - "No address associated with hostname", /* EAI_NODATA */ - "hostname nor servname provided, or not known", /* EAI_NONAME */ - "servname not supported for ai_socktype", /* EAI_SERVICE */ - "ai_socktype not supported", /* EAI_SOCKTYPE */ - "System error returned in errno", /* EAI_SYSTEM */ - "Invalid value for hints", /* EAI_BADHINTS */ - "Resolved protocol is unknown", /* EAI_PROTOCOL */ - "Unknown error", /* EAI_MAX */ + "Address family for hostname not supported", /*%< EAI_ADDRFAMILY */ + "Temporary failure in name resolution", /*%< EAI_AGAIN */ + "Invalid value for ai_flags", /*%< EAI_BADFLAGS */ + "Non-recoverable failure in name resolution", /*%< EAI_FAIL */ + "ai_family not supported", /*%< EAI_FAMILY */ + "Memory allocation failure", /*%< EAI_MEMORY */ + "No address associated with hostname", /*%< EAI_NODATA */ + "hostname nor servname provided, or not known", /*%< EAI_NONAME */ + "servname not supported for ai_socktype", /*%< EAI_SERVICE */ + "ai_socktype not supported", /*%< EAI_SOCKTYPE */ + "System error returned in errno", /*%< EAI_SYSTEM */ + "Invalid value for hints", /*%< EAI_BADHINTS */ + "Resolved protocol is unknown", /*%< EAI_PROTOCOL */ + "Unknown error", /*%< EAI_MAX */ }; #endif @@ -268,7 +272,7 @@ do { \ #define MATCH(x, y, w) \ ((x) == (y) || (/*CONSTCOND*/(w) && ((x) == ANY || (y) == ANY))) -#if 0 /* bind8 has its own version */ +#if 0 /*%< bind8 has its own version */ char * gai_strerror(ecode) int ecode; @@ -352,7 +356,7 @@ getaddrinfo(hostname, servname, hints, res) /* error check for hints */ if (hints->ai_addrlen || hints->ai_canonname || hints->ai_addr || hints->ai_next) - SETERROR(EAI_BADHINTS); /* xxx */ + SETERROR(EAI_BADHINTS); /*%< xxx */ if (hints->ai_flags & ~AI_MASK) SETERROR(EAI_BADFLAGS); switch (hints->ai_family) { @@ -517,7 +521,7 @@ getaddrinfo(hostname, servname, hints, res) goto free; } if (afai == NULL) { - error = EAI_NONAME; /* we've had no errors. */ + error = EAI_NONAME; /*%< we've had no errors. */ goto free; } @@ -574,7 +578,7 @@ getaddrinfo(hostname, servname, hints, res) cur = cur->ai_next; } - freeaddrinfo(afai); /* afai must not be NULL at this point. */ + freeaddrinfo(afai); /*%< afai must not be NULL at this point. */ if (sentinel.ai_next) { good: @@ -597,7 +601,7 @@ bad: return(error); } -/* +/*% * FQDN hostname, DNS lookup */ static int @@ -625,7 +629,7 @@ explore_fqdn(pai, hostname, servname, res) if (!net_data || !(ho = net_data->ho)) return(0); -#if 0 /* XXX (notyet) */ +#if 0 /*%< XXX (notyet) */ if (net_data->ho_stayopen && net_data->ho_last && net_data->ho_last->h_addrtype == af) { if (ns_samename(name, net_data->ho_last->h_name) == 1) @@ -661,7 +665,7 @@ explore_fqdn(pai, hostname, servname, res) error = EAI_NONAME; break; default: - case NETDB_SUCCESS: /* should be impossible... */ + case NETDB_SUCCESS: /*%< should be impossible... */ error = EAI_NONAME; break; } @@ -669,7 +673,7 @@ explore_fqdn(pai, hostname, servname, res) } for (cur = result; cur; cur = cur->ai_next) { - GET_PORT(cur, servname); /* XXX: redundant lookups... */ + GET_PORT(cur, servname); /*%< XXX: redundant lookups... */ /* canonname should already be filled. */ } @@ -685,8 +689,8 @@ free: static int explore_copy(pai, src0, res) - const struct addrinfo *pai; /* seed */ - const struct addrinfo *src0; /* source */ + const struct addrinfo *pai; /*%< seed */ + const struct addrinfo *src0; /*%< source */ struct addrinfo **res; { int error; @@ -720,7 +724,7 @@ fail: return error; } -/* +/*% * hostname == NULL. * passive socket -> anyaddr (0.0.0.0 or ::) * non-passive socket -> localhost (127.0.0.1 or ::1) @@ -768,7 +772,7 @@ free: return error; } -/* +/*% * numeric hostname */ static int @@ -831,7 +835,7 @@ bad: return error; } -/* +/*% * numeric hostname with scope */ static int @@ -882,7 +886,7 @@ explore_numeric_scope(pai, hostname, servname, res) sin6 = (struct sockaddr_in6 *)(void *)cur->ai_addr; if (!ip6_str2scopeid(scope, sin6, &scopeid)) { free(hostname2); - return(EAI_NONAME); /* XXX: is return OK? */ + return(EAI_NONAME); /*%< XXX: is return OK? */ } #ifdef HAVE_SIN6_SCOPE_ID sin6->sin6_scope_id = scopeid; @@ -1078,7 +1082,7 @@ find_afd(af) return NULL; } -/* +/*% * post-2553: AI_ADDRCONFIG check. if we use getipnodeby* as backend, backend * will take care of it. * the semantics of AI_ADDRCONFIG is not defined well. we are not sure @@ -1136,8 +1140,7 @@ ip6_str2scopeid(char *scope, struct sockaddr_in6 *sin6, if (IN6_IS_ADDR_MC_ORGLOCAL(a6)) goto trynumeric; else - goto trynumeric; /* global */ - + goto trynumeric; /*%< global */ /* try to convert to a numeric id as a last resort */ trynumeric: errno = 0; @@ -1174,7 +1177,7 @@ hostent2addrinfo(hp, pai) cur = &sentinel; for (i = 0; (ap = aplist[i]) != NULL; i++) { -#if 0 /* the trick seems too much */ +#if 0 /*%< the trick seems too much */ af = hp->h_addr_list; if (af == AF_INET6 && IN6_IS_ADDR_V4MAPPED((struct in6_addr *)ap)) { @@ -1198,7 +1201,7 @@ hostent2addrinfo(hp, pai) */ GET_CANONNAME(cur->ai_next, hp->h_name); } - while (cur->ai_next) /* no need to loop, actually. */ + while (cur->ai_next) /*%< no need to loop, actually. */ cur = cur->ai_next; continue; diff --git a/contrib/bind-9.3/lib/bind/irs/getgrent.c b/contrib/bind-9.5.2/lib/bind/irs/getgrent.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getgrent.c rename to contrib/bind-9.5.2/lib/bind/irs/getgrent.c index 7c394f27c9..e6c6c42147 100644 --- a/contrib/bind-9.3/lib/bind/irs/getgrent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getgrent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: getgrent.c,v 1.3.206.1 2004/03/09 08:33:35 marka Exp $"; +static const char rcsid[] = "$Id: getgrent.c,v 1.5 2005/04/27 04:56:24 sra Exp $"; #endif /* Imports */ @@ -221,3 +221,4 @@ init() { } #endif /* WANT_IRS_GR */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getgrent_r.c b/contrib/bind-9.5.2/lib/bind/irs/getgrent_r.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getgrent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/getgrent_r.c index 1e8b1a639c..eb9c7947cd 100644 --- a/contrib/bind-9.3/lib/bind/irs/getgrent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getgrent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getgrent_r.c,v 1.5.206.1 2004/03/09 08:33:35 marka Exp $"; +static const char rcsid[] = "$Id: getgrent_r.c,v 1.7 2005/04/27 04:56:24 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -120,7 +120,7 @@ getgrgid_r(gid_t gid, struct group *gptr, } #endif -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. @@ -180,7 +180,7 @@ copy_group(struct group *ge, struct group *gptr, char *buf, int buflen) { int numptr, len; /* Find out the amount of space required to store the answer. */ - numptr = 1; /* NULL ptr */ + numptr = 1; /*%< NULL ptr */ len = (char *)ALIGN(buf) - buf; for (i = 0; ge->gr_mem[i]; i++, numptr++) { len += strlen(ge->gr_mem[i]) + 1; @@ -227,3 +227,4 @@ copy_group(struct group *ge, struct group *gptr, char *buf, int buflen) { static int getgrent_r_unknown_system = 0; #endif /* GROUP_R_RETURN */ #endif /* !def(_REENTRANT) || !def(DO_PTHREADS) || !def(WANT_IRS_PW) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gethostent.c b/contrib/bind-9.5.2/lib/bind/irs/gethostent.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/gethostent.c rename to contrib/bind-9.5.2/lib/bind/irs/gethostent.c index cfea501fd8..d8c9e24b1f 100644 --- a/contrib/bind-9.3/lib/bind/irs/gethostent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gethostent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: gethostent.c,v 1.1.2.2.4.3 2006/01/10 05:09:16 marka Exp $"; +static const char rcsid[] = "$Id: gethostent.c,v 1.8 2006/01/10 05:06:00 marka Exp $"; #endif /* Imports */ @@ -235,11 +235,11 @@ static const unsigned char in6addr_mapped[12] = { static int scan_interfaces(int *, int *); static struct hostent *copyandmerge(struct hostent *, struct hostent *, int, int *); -/* +/*% * Public functions */ -/* +/*% * AI_V4MAPPED + AF_INET6 * If no IPv6 address then a query for IPv4 and map returned values. * @@ -445,11 +445,11 @@ freehostent(struct hostent *he) { memput(he, sizeof *he); } -/* +/*% * Private */ -/* +/*% * Scan the interface table and set have_v4 and have_v6 depending * upon whether there are IPv4 and IPv6 interface addresses. * @@ -505,7 +505,7 @@ scan_interfaces6(int *have_v4, int *have_v6) { if (buf == NULL) goto cleanup; #ifdef SETFAMILYFLAGS - lifc.lifc_family = AF_UNSPEC; /* request all families */ + lifc.lifc_family = AF_UNSPEC; /*%< request all families */ lifc.lifc_flags = 0; #endif lifc.lifc_len = bufsiz; @@ -533,7 +533,7 @@ scan_interfaces6(int *have_v4, int *have_v6) { } /* Parse system's interface list. */ - cplim = buf + lifc.lifc_len; /* skip over if's with big ifr_addr's */ + cplim = buf + lifc.lifc_len; /*%< skip over if's with big ifr_addr's */ for (cp = buf; (*have_v4 == 0 || *have_v6 == 0) && cp < cplim; cp += cpsize) { @@ -639,7 +639,7 @@ static int scan_interfaces(int *have_v4, int *have_v6) { struct ifconf ifc; union { - char _pad[256]; /* leave space for IPv6 addresses */ + char _pad[256]; /*%< leave space for IPv6 addresses */ struct ifreq ifreq; } u; struct in_addr in4; @@ -712,7 +712,7 @@ scan_interfaces(int *have_v4, int *have_v6) { } /* Parse system's interface list. */ - cplim = buf + ifc.ifc_len; /* skip over if's with big ifr_addr's */ + cplim = buf + ifc.ifc_len; /*%< skip over if's with big ifr_addr's */ for (cp = buf; (*have_v4 == 0 || *have_v6 == 0) && cp < cplim; cp += cpsize) { @@ -792,8 +792,8 @@ scan_interfaces(int *have_v4, int *have_v6) { static struct hostent * copyandmerge(struct hostent *he1, struct hostent *he2, int af, int *error_num) { struct hostent *he = NULL; - int addresses = 1; /* NULL terminator */ - int names = 1; /* NULL terminator */ + int addresses = 1; /*%< NULL terminator */ + int names = 1; /*%< NULL terminator */ int len = 0; char **cpp, **npp; @@ -1034,7 +1034,7 @@ fakeaddr(const char *name, int af, struct net_data *net_data) { return (&pvt->host); } -#ifdef grot /* for future use in gethostbyaddr(), for "SUNSECURITY" */ +#ifdef grot /*%< for future use in gethostbyaddr(), for "SUNSECURITY" */ struct hostent *rhp; char **haddr; u_long old_options; @@ -1065,5 +1065,6 @@ fakeaddr(const char *name, int af, struct net_data *net_data) { } } #endif /* grot */ - #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/gethostent_r.c b/contrib/bind-9.5.2/lib/bind/irs/gethostent_r.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/gethostent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/gethostent_r.c index 8a7cff06fe..fdb7ee225c 100644 --- a/contrib/bind-9.3/lib/bind/irs/gethostent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/gethostent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: gethostent_r.c,v 1.4.206.4 2005/09/03 12:47:38 marka Exp $"; +static const char rcsid[] = "$Id: gethostent_r.c,v 1.9 2005/09/03 12:41:37 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -90,7 +90,7 @@ gethostbyaddr_r(const char *addr, int len, int type, #endif } -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. @@ -163,7 +163,7 @@ copy_hostent(struct hostent *he, struct hostent *hptr, HOST_R_COPY_ARGS) { int nptr, len; /* Find out the amount of space required to store the answer. */ - nptr = 2; /* NULL ptrs */ + nptr = 2; /*%< NULL ptrs */ len = (char *)ALIGN(buf) - buf; for (i = 0; he->h_addr_list[i]; i++, nptr++) { len += he->h_length; @@ -272,3 +272,4 @@ copy_hostent(struct hostent *he, struct hostent *hptr, HOST_R_COPY_ARGS) { static int gethostent_r_unknown_system = 0; #endif /* HOST_R_RETURN */ #endif /* !defined(_REENTRANT) || !defined(DO_PTHREADS) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getnameinfo.c b/contrib/bind-9.5.2/lib/bind/irs/getnameinfo.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getnameinfo.c rename to contrib/bind-9.5.2/lib/bind/irs/getnameinfo.c index d6d89f3efe..89c8230ef9 100644 --- a/contrib/bind-9.3/lib/bind/irs/getnameinfo.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getnameinfo.c @@ -63,7 +63,7 @@ #include -/* +/*% * Note that a_off will be dynamically adjusted so that to be consistent * with the definition of sockaddr_in{,6}. * The value presented below is just a guess. @@ -139,7 +139,7 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) found: if (salen != afd->a_socklen) return EAI_FAIL; - port = ((const struct sockinet *)sa)->si_port; /* network byte order */ + port = ((const struct sockinet *)sa)->si_port; /*%< network byte order */ addr = (const char *)sa + afd->a_off; if (serv == NULL || servlen == 0U) { @@ -251,13 +251,13 @@ ip6_parsenumeric(const struct sockaddr *sa, const char *addr, char *host, return EAI_SYSTEM; numaddrlen = strlen(numaddr); - if (numaddrlen + 1 > hostlen) /* don't forget terminator */ + if (numaddrlen + 1 > hostlen) /*%< don't forget terminator */ return EAI_MEMORY; strcpy(host, numaddr); #ifdef HAVE_SIN6_SCOPE_ID if (((const struct sockaddr_in6 *)sa)->sin6_scope_id) { - char scopebuf[MAXHOSTNAMELEN]; /* XXX */ + char scopebuf[MAXHOSTNAMELEN]; /*%< XXX */ int scopelen; /* ip6_sa2str never fails */ @@ -330,3 +330,5 @@ ip6_sa2str(const struct sockaddr_in6 *sa6, char *buf, return(strlen(tmp)); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getnetent.c b/contrib/bind-9.5.2/lib/bind/irs/getnetent.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/getnetent.c rename to contrib/bind-9.5.2/lib/bind/irs/getnetent.c index 4d1cd1e7ac..a6abe7175b 100644 --- a/contrib/bind-9.3/lib/bind/irs/getnetent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getnetent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: getnetent.c,v 1.4.206.2 2004/03/17 01:49:40 marka Exp $"; +static const char rcsid[] = "$Id: getnetent.c,v 1.7 2005/04/27 04:56:25 sra Exp $"; #endif /* Imports */ @@ -321,7 +321,7 @@ nw_to_net(struct nwent *nwent, struct net_data *net_data) { pvt->netent.n_aliases = nwent->n_aliases; pvt->netent.n_addrtype = nwent->n_addrtype; -/* +/*% * What this code does: Converts net addresses from network to host form. * * msbyte: the index of the most significant byte in the n_addr array. @@ -341,3 +341,5 @@ nw_to_net(struct nwent *nwent, struct net_data *net_data) { } #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getnetent_r.c b/contrib/bind-9.5.2/lib/bind/irs/getnetent_r.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getnetent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/getnetent_r.c index 1f8290d171..9fb52bc394 100644 --- a/contrib/bind-9.3/lib/bind/irs/getnetent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getnetent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getnetent_r.c,v 1.3.206.2 2005/09/03 12:47:38 marka Exp $"; +static const char rcsid[] = "$Id: getnetent_r.c,v 1.6 2005/09/03 12:41:38 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -83,7 +83,7 @@ getnetbyaddr_r(GETNETBYADDR_ADDR_T addr, int type, struct netent *nptr, NET_R_AR #endif } -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. @@ -151,7 +151,7 @@ copy_netent(struct netent *ne, struct netent *nptr, NET_R_COPY_ARGS) { int numptr, len; /* Find out the amount of space required to store the answer. */ - numptr = 1; /* NULL ptr */ + numptr = 1; /*%< NULL ptr */ len = (char *)ALIGN(buf) - buf; for (i = 0; ne->n_aliases[i]; i++, numptr++) { len += strlen(ne->n_aliases[i]) + 1; @@ -231,3 +231,4 @@ copy_netent(struct netent *ne, struct netent *nptr, NET_R_COPY_ARGS) { static int getnetent_r_unknown_system = 0; #endif /* NET_R_RETURN */ #endif /* !defined(_REENTRANT) || !defined(DO_PTHREADS) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getnetgrent.c b/contrib/bind-9.5.2/lib/bind/irs/getnetgrent.c similarity index 94% rename from contrib/bind-9.3/lib/bind/irs/getnetgrent.c rename to contrib/bind-9.5.2/lib/bind/irs/getnetgrent.c index b2751536f2..4400fd4aba 100644 --- a/contrib/bind-9.3/lib/bind/irs/getnetgrent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getnetgrent.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getnetgrent.c,v 1.1.2.1.4.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: getnetgrent.c,v 1.4.672.1 2008/02/27 00:05:45 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -76,7 +76,9 @@ innetgr(INNETGR_ARGS) { } int -getnetgrent(char **host, char **user, char **domain) { +getnetgrent(NGR_R_CONST char **host, NGR_R_CONST char **user, + NGR_R_CONST char **domain) +{ struct net_data *net_data = init(); const char *ch, *cu, *cd; int ret; @@ -154,3 +156,5 @@ init(void) { } #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getnetgrent_r.c b/contrib/bind-9.5.2/lib/bind/irs/getnetgrent_r.c similarity index 66% rename from contrib/bind-9.3/lib/bind/irs/getnetgrent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/getnetgrent_r.c index b5d9bb167d..331f7b360f 100644 --- a/contrib/bind-9.3/lib/bind/irs/getnetgrent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getnetgrent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getnetgrent_r.c,v 1.5.2.1.4.4 2005/09/03 12:47:38 marka Exp $"; +static const char rcsid[] = "$Id: getnetgrent_r.c,v 1.11.558.2 2008/02/28 05:46:12 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -33,10 +33,13 @@ static const char rcsid[] = "$Id: getnetgrent_r.c,v 1.5.2.1.4.4 2005/09/03 12:47 #include #ifdef NGR_R_RETURN +#ifndef NGR_R_PRIVATE +#define NGR_R_PRIVATE 0 +#endif static NGR_R_RETURN -copy_protoent(char **, char **, char **, const char *, const char *, - const char *, NGR_R_COPY_ARGS); +copy_protoent(NGR_R_CONST char **, NGR_R_CONST char **, NGR_R_CONST char **, + const char *, const char *, const char *, NGR_R_COPY_ARGS); NGR_R_RETURN innetgr_r(const char *netgroup, const char *host, const char *user, @@ -51,15 +54,17 @@ innetgr_r(const char *netgroup, const char *host, const char *user, return (innetgr(ng, ho, us, dom)); } -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. */ NGR_R_RETURN -getnetgrent_r(char **machinep, char **userp, char **domainp, NGR_R_ARGS) { - char *mp, *up, *dp; +getnetgrent_r(NGR_R_CONST char **machinep, NGR_R_CONST char **userp, + NGR_R_CONST char **domainp, NGR_R_ARGS) +{ + NGR_R_CONST char *mp, *up, *dp; int res = getnetgrent(&mp, &up, &dp); if (res != 1) @@ -69,15 +74,24 @@ getnetgrent_r(char **machinep, char **userp, char **domainp, NGR_R_ARGS) { mp, up, dp, NGR_R_COPY)); } +#if NGR_R_PRIVATE == 2 +struct private { + char *buf; +}; + +#endif NGR_R_SET_RETURN -#ifdef NGR_R_ENT_ARGS -setnetgrent_r(const char *netgroup, NGR_R_ENT_ARGS) +#ifdef NGR_R_SET_ARGS +setnetgrent_r(NGR_R_SET_CONST char *netgroup, NGR_R_SET_ARGS) #else -setnetgrent_r(const char *netgroup) +setnetgrent_r(NGR_R_SET_CONST char *netgroup) #endif { +#if NGR_R_PRIVATE == 2 + struct private *p; +#endif char *tmp; -#if defined(NGR_R_ENT_ARGS) && !defined(NGR_R_PRIVATE) +#if defined(NGR_R_SET_ARGS) && NGR_R_PRIVATE == 0 UNUSED(buf); UNUSED(buflen); #endif @@ -85,8 +99,17 @@ setnetgrent_r(const char *netgroup) DE_CONST(netgroup, tmp); setnetgrent(tmp); -#ifdef NGR_R_PRIVATE +#if NGR_R_PRIVATE == 1 *buf = NULL; +#elif NGR_R_PRIVATE == 2 + *buf = p = malloc(sizeof(struct private)); + if (p == NULL) +#ifdef NGR_R_SET_RESULT + return (NGR_R_BAD); +#else + return; +#endif + p->buf = NULL; #endif #ifdef NGR_R_SET_RESULT return (NGR_R_SET_RESULT); @@ -94,22 +117,29 @@ setnetgrent_r(const char *netgroup) } NGR_R_END_RETURN -#ifdef NGR_R_ENT_ARGS -endnetgrent_r(NGR_R_ENT_ARGS) +#ifdef NGR_R_END_ARGS +endnetgrent_r(NGR_R_END_ARGS) #else endnetgrent_r(void) #endif { -#if defined(NGR_R_ENT_ARGS) && !defined(NGR_R_PRIVATE) +#if NGR_R_PRIVATE == 2 + struct private *p = buf; +#endif +#if defined(NGR_R_SET_ARGS) && NGR_R_PRIVATE == 0 UNUSED(buf); UNUSED(buflen); #endif endnetgrent(); -#ifdef NGR_R_PRIVATE +#if NGR_R_PRIVATE == 1 if (*buf != NULL) free(*buf); *buf = NULL; +#elif NGR_R_PRIVATE == 2 + if (p->buf != NULL) + free(p->buf); + free(p); #endif NGR_R_END_RESULT(NGR_R_OK); } @@ -117,9 +147,13 @@ endnetgrent_r(void) /* Private */ static int -copy_protoent(char **machinep, char **userp, char **domainp, - const char *mp, const char *up, const char *dp, - NGR_R_COPY_ARGS) { +copy_protoent(NGR_R_CONST char **machinep, NGR_R_CONST char **userp, + NGR_R_CONST char **domainp, const char *mp, const char *up, + const char *dp, NGR_R_COPY_ARGS) +{ +#if NGR_R_PRIVATE == 2 + struct private *p = buf; +#endif char *cp; int n; int len; @@ -130,12 +164,20 @@ copy_protoent(char **machinep, char **userp, char **domainp, if (up != NULL) len += strlen(up) + 1; if (dp != NULL) len += strlen(dp) + 1; -#ifdef NGR_R_PRIVATE - free(*buf); +#if NGR_R_PRIVATE == 1 + if (*buf != NULL) + free(*buf); *buf = malloc(len); if (*buf == NULL) return(NGR_R_BAD); cp = *buf; +#elif NGR_R_PRIVATE == 2 + if (p->buf) + free(p->buf); + p->buf = malloc(len); + if (p->buf == NULL) + return(NGR_R_BAD); + cp = p->buf; #else if (len > (int)buflen) { errno = ERANGE; @@ -144,7 +186,6 @@ copy_protoent(char **machinep, char **userp, char **domainp, cp = buf; #endif - if (mp != NULL) { n = strlen(mp) + 1; strcpy(cp, mp); @@ -175,3 +216,4 @@ copy_protoent(char **machinep, char **userp, char **domainp, static int getnetgrent_r_unknown_system = 0; #endif /* NGR_R_RETURN */ #endif /* !defined(_REENTRANT) || !defined(DO_PTHREADS) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getprotoent.c b/contrib/bind-9.5.2/lib/bind/irs/getprotoent.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getprotoent.c rename to contrib/bind-9.5.2/lib/bind/irs/getprotoent.c index 145062fd77..1e109f9659 100644 --- a/contrib/bind-9.3/lib/bind/irs/getprotoent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getprotoent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: getprotoent.c,v 1.2.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: getprotoent.c,v 1.4 2005/04/27 04:56:26 sra Exp $"; #endif /* Imports */ @@ -172,3 +172,5 @@ init() { } #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getprotoent_r.c b/contrib/bind-9.5.2/lib/bind/irs/getprotoent_r.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getprotoent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/getprotoent_r.c index 58d0ec9e22..d5d9ae53b6 100644 --- a/contrib/bind-9.3/lib/bind/irs/getprotoent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getprotoent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getprotoent_r.c,v 1.3.206.2 2006/08/01 01:19:28 marka Exp $"; +static const char rcsid[] = "$Id: getprotoent_r.c,v 1.6 2006/08/01 01:14:16 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -76,7 +76,7 @@ getprotobynumber_r(int proto, struct protoent *pptr, PROTO_R_ARGS) { #endif } -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. @@ -142,7 +142,7 @@ copy_protoent(struct protoent *pe, struct protoent *pptr, PROTO_R_COPY_ARGS) { int numptr, len; /* Find out the amount of space required to store the answer. */ - numptr = 1; /* NULL ptr */ + numptr = 1; /*%< NULL ptr */ len = (char *)ALIGN(buf) - buf; for (i = 0; pe->p_aliases[i]; i++, numptr++) { len += strlen(pe->p_aliases[i]) + 1; @@ -220,3 +220,4 @@ copy_protoent(struct protoent *pe, struct protoent *pptr, PROTO_R_COPY_ARGS) { static int getprotoent_r_unknown_system = 0; #endif /* PROTO_R_RETURN */ #endif /* !defined(_REENTRANT) || !defined(DO_PTHREADS) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getpwent.c b/contrib/bind-9.5.2/lib/bind/irs/getpwent.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getpwent.c rename to contrib/bind-9.5.2/lib/bind/irs/getpwent.c index 10c237edc0..c70f99e64c 100644 --- a/contrib/bind-9.3/lib/bind/irs/getpwent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getpwent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: getpwent.c,v 1.1.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: getpwent.c,v 1.3 2005/04/27 04:56:26 sra Exp $"; #endif /* Imports */ @@ -198,3 +198,4 @@ init() { } #endif /* WANT_IRS_PW */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getpwent_r.c b/contrib/bind-9.5.2/lib/bind/irs/getpwent_r.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/getpwent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/getpwent_r.c index d28f184405..f754084317 100644 --- a/contrib/bind-9.3/lib/bind/irs/getpwent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getpwent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getpwent_r.c,v 1.5.206.2 2004/09/17 13:32:37 marka Exp $"; +static const char rcsid[] = "$Id: getpwent_r.c,v 1.8 2005/04/27 04:56:26 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -121,7 +121,7 @@ getpwuid_r(uid_t uid, struct passwd *pwptr, char *buf, int buflen) { } #endif -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. @@ -273,3 +273,4 @@ copy_passwd(struct passwd *pw, struct passwd *pwptr, char *buf, int buflen) { static int getpwent_r_unknown_system = 0; #endif /* PASS_R_RETURN */ #endif /* !def(_REENTRANT) || !def(DO_PTHREADS) || !def(WANT_IRS_PW) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getservent.c b/contrib/bind-9.5.2/lib/bind/irs/getservent.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getservent.c rename to contrib/bind-9.5.2/lib/bind/irs/getservent.c index a13e36fe9a..8de0db3058 100644 --- a/contrib/bind-9.3/lib/bind/irs/getservent.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getservent.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: getservent.c,v 1.2.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: getservent.c,v 1.4 2005/04/27 04:56:26 sra Exp $"; #endif /* Imports */ @@ -175,3 +175,5 @@ init() { } #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/getservent_r.c b/contrib/bind-9.5.2/lib/bind/irs/getservent_r.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/getservent_r.c rename to contrib/bind-9.5.2/lib/bind/irs/getservent_r.c index 6dd7034480..42d1e46163 100644 --- a/contrib/bind-9.3/lib/bind/irs/getservent_r.c +++ b/contrib/bind-9.5.2/lib/bind/irs/getservent_r.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: getservent_r.c,v 1.3.206.2 2006/08/01 01:19:28 marka Exp $"; +static const char rcsid[] = "$Id: getservent_r.c,v 1.6 2006/08/01 01:14:16 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -79,7 +79,7 @@ getservbyport_r(int port, const char *proto, #endif } -/* +/*% * These assume a single context is in operation per thread. * If this is not the case we will need to call irs directly * rather than through the base functions. @@ -145,7 +145,7 @@ copy_servent(struct servent *se, struct servent *sptr, SERV_R_COPY_ARGS) { int numptr, len; /* Find out the amount of space required to store the answer. */ - numptr = 1; /* NULL ptr */ + numptr = 1; /*%< NULL ptr */ len = (char *)ALIGN(buf) - buf; for (i = 0; se->s_aliases[i]; i++, numptr++) { len += strlen(se->s_aliases[i]) + 1; @@ -239,3 +239,4 @@ copy_servent(struct servent *se, struct servent *sptr, SERV_R_COPY_ARGS) { static int getservent_r_unknown_system = 0; #endif /*SERV_R_RETURN */ #endif /* !defined(_REENTRANT) || !defined(DO_PTHREADS) */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/hesiod.c b/contrib/bind-9.5.2/lib/bind/irs/hesiod.c similarity index 96% rename from contrib/bind-9.3/lib/bind/irs/hesiod.c rename to contrib/bind-9.5.2/lib/bind/irs/hesiod.c index 618c592249..80d669dbe0 100644 --- a/contrib/bind-9.3/lib/bind/irs/hesiod.c +++ b/contrib/bind-9.5.2/lib/bind/irs/hesiod.c @@ -1,5 +1,5 @@ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: hesiod.c,v 1.1.2.1.4.4 2005/07/28 07:43:19 marka Exp $"; +static const char rcsid[] = "$Id: hesiod.c,v 1.7 2005/07/28 06:51:48 marka Exp $"; #endif /* @@ -19,16 +19,16 @@ static const char rcsid[] = "$Id: hesiod.c,v 1.1.2.1.4.4 2005/07/28 07:43:19 mar * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* - * This file is primarily maintained by and . - */ -/* +/*! \file + * \brief * hesiod.c --- the core portion of the hesiod resolver. * * This file is derived from the hesiod library from Project Athena; * It has been extensively rewritten by Theodore Ts'o to have a more * thread-safe interface. + * \author + * This file is primarily maintained by <tytso@mit.edu> and <ghudson@mit.edu>. */ /* Imports */ @@ -69,7 +69,7 @@ static int init(struct hesiod_p *ctx); /* Public */ -/* +/*% * This function is called to initialize a hesiod_p. */ int @@ -145,7 +145,7 @@ hesiod_init(void **context) { return (-1); } -/* +/*% * This function deallocates the hesiod_p */ void @@ -165,7 +165,7 @@ hesiod_end(void *context) { errno = save_errno; } -/* +/*% * This function takes a hesiod (name, type) and returns a DNS * name which is to be resolved. */ @@ -224,7 +224,7 @@ hesiod_to_bind(void *context, const char *name, const char *type) { return (bindname); } -/* +/*% * This is the core function. Given a hesiod (name, type), it * returns an array of strings returned by the resolver. */ @@ -265,7 +265,7 @@ hesiod_free_list(void *context, char **list) { free(list); } -/* +/*% * This function parses the /etc/hesiod.conf file */ static int @@ -335,17 +335,17 @@ parse_config_file(struct hesiod_p *ctx, const char *filename) { return (-1); } -/* +/*% * Given a DNS class and a DNS name, do a lookup for TXT records, and * return a list of them. */ static char ** get_txt_records(struct hesiod_p *ctx, int class, const char *name) { struct { - int type; /* RR type */ - int class; /* RR class */ - int dlen; /* len of data section */ - u_char *data; /* pointer to data */ + int type; /*%< RR type */ + int class; /*%< RR class */ + int dlen; /*%< len of data section */ + u_char *data; /*%< pointer to data */ } rr; HEADER *hp; u_char qbuf[MAX_HESRESP], abuf[MAX_HESRESP]; @@ -412,7 +412,7 @@ get_txt_records(struct hesiod_p *ctx, int class, const char *name) { rr.type = ns_get16(cp); cp += INT16SZ; rr.class = ns_get16(cp); - cp += INT16SZ + INT32SZ; /* skip the ttl, too */ + cp += INT16SZ + INT32SZ; /*%< skip the ttl, too */ rr.dlen = ns_get16(cp); cp += INT16SZ; if (cp + rr.dlen > eom) { diff --git a/contrib/bind-9.3/lib/bind/irs/hesiod_p.h b/contrib/bind-9.5.2/lib/bind/irs/hesiod_p.h similarity index 69% rename from contrib/bind-9.3/lib/bind/irs/hesiod_p.h rename to contrib/bind-9.5.2/lib/bind/irs/hesiod_p.h index 5af70a792b..99da15d0cd 100644 --- a/contrib/bind-9.3/lib/bind/irs/hesiod_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/hesiod_p.h @@ -16,27 +16,27 @@ */ /* - * This file is primarily maintained by and . - */ - -/* - * $Id: hesiod_p.h,v 1.1.206.1 2004/03/09 08:33:36 marka Exp $ - */ - -/* - * hesiod_p.h -- private definitions for the hesiod library + * $Id: hesiod_p.h,v 1.3 2005/04/27 04:56:27 sra Exp $ */ #ifndef _HESIOD_P_H_INCLUDED #define _HESIOD_P_H_INCLUDED -#define DEF_RHS ".Athena.MIT.EDU" /* Defaults if HESIOD_CONF */ -#define DEF_LHS ".ns" /* file is not */ - /* present. */ +/** \file + * \brief + * hesiod_p.h -- private definitions for the hesiod library. + * + * \author + * This file is primarily maintained by tytso@mit.edu and ghudson@mit.edu. + */ + +#define DEF_RHS ".Athena.MIT.EDU" /*%< Defaults if HESIOD_CONF */ +#define DEF_LHS ".ns" /*%< file is not */ + /*%< present. */ struct hesiod_p { - char * LHS; /* normally ".ns" */ - char * RHS; /* AKA the default hesiod domain */ - struct __res_state * res; /* resolver context */ + char * LHS; /*%< normally ".ns" */ + char * RHS; /*%< AKA the default hesiod domain */ + struct __res_state * res; /*%< resolver context */ void (*free_res)(void *); void (*res_set)(struct hesiod_p *, struct __res_state *, void (*)(void *)); diff --git a/contrib/bind-9.3/lib/bind/irs/irp.c b/contrib/bind-9.5.2/lib/bind/irs/irp.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/irp.c rename to contrib/bind-9.5.2/lib/bind/irs/irp.c index 649079c31f..15e7dbdf36 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: irp.c,v 1.3.2.1.10.4 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: irp.c,v 1.9.394.2 2008/02/28 05:46:12 marka Exp $"; #endif /* Imports */ @@ -66,7 +66,7 @@ static void irp_close(struct irs_acc *); /* send errors to syslog if true. */ int irp_log_errors = 1; -/* +/*% * This module handles the irp module connection to irpd. * * The client expects a synchronous interface to functions like @@ -74,7 +74,7 @@ int irp_log_errors = 1; * the wire (it's used in the server). */ -/* +/*% * irs_acc *irs_irp_acc(const char *options); * * Initialize the irp module. @@ -137,8 +137,7 @@ irs_irp_connection_setup(struct irp_p *cxndata, int *warned) { return (0); } - -/* +/*% * int irs_irp_connect(void); * * Sets up the connection to the remote irpd server. @@ -245,9 +244,7 @@ irs_irp_connect(struct irp_p *pvt) { return (0); } - - -/* +/*% * int irs_irp_is_connected(struct irp_p *pvt); * * Returns: @@ -261,9 +258,7 @@ irs_irp_is_connected(struct irp_p *pvt) { return (pvt->fdCxn >= 0); } - - -/* +/*% * void * irs_irp_disconnect(struct irp_p *pvt); * @@ -355,11 +350,7 @@ irs_irp_read_line(struct irp_p *pvt, char *buffer, int len) { return (buffpos); } - - - - -/* +/*% * int irp_read_response(struct irp_p *pvt); * * Returns: @@ -399,9 +390,7 @@ irs_irp_read_response(struct irp_p *pvt, char *text, size_t textlen) { return (code); } - - -/* +/*% * char *irp_read_body(struct irp_p *pvt, size_t *size); * * Read in the body of a response. Terminated by a line with @@ -471,8 +460,7 @@ irs_irp_read_body(struct irp_p *pvt, size_t *size) { return (NULL); } - -/* +/*% * int irs_irp_get_full_response(struct irp_p *pvt, int *code, * char **body, size_t *bodylen); * @@ -515,8 +503,7 @@ irs_irp_get_full_response(struct irp_p *pvt, int *code, char *text, return (0); } - -/* +/*% * int irs_irp_send_command(struct irp_p *pvt, const char *fmt, ...); * * Sends command to remote connected via the PVT @@ -541,7 +528,8 @@ irs_irp_send_command(struct irp_p *pvt, const char *fmt, ...) { } va_start(ap, fmt); - todo = vsprintf(buffer, fmt, ap); + (void) vsprintf(buffer, fmt, ap); + todo = strlen(buffer); va_end(ap); if (todo > (int)sizeof(buffer) - 3) { syslog(LOG_CRIT, "memory overrun in irs_irp_send_command()"); @@ -572,9 +560,7 @@ irs_irp_send_command(struct irp_p *pvt, const char *fmt, ...) { /* Methods */ - - -/* +/*% * void irp_close(struct irs_acc *this) * */ @@ -593,3 +579,5 @@ irp_close(struct irs_acc *this) { + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_gr.c b/contrib/bind-9.5.2/lib/bind/irs/irp_gr.c similarity index 91% rename from contrib/bind-9.3/lib/bind/irs/irp_gr.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_gr.c index f7e3a2fa82..1f40e76022 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_gr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_gr.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_gr.c,v 1.2.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: irp_gr.c,v 1.4 2005/04/27 04:56:27 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* extern */ @@ -54,16 +54,17 @@ static int __bind_irs_gr_unneeded; /* Types. */ -/* +/*! \file + * \brief * Module for the getnetgrent(3) family to use when connected to a * remote irp daemon. - * + * \brief * See irpd.c for justification of caching done here. * */ struct pvt { - struct irp_p *girpdata; /* global IRP data */ + struct irp_p *girpdata; /*%< global IRP data */ int warned; struct group group; }; @@ -83,21 +84,9 @@ static void free_group(struct group *gr); /* Public. */ - - - - -/* - * struct irs_gr * irs_irp_gr(struct irs_acc *this) - * - * Notes: - * +/*% * Initialize the group sub-module. * - * Notes: - * - * Module data. - * */ struct irs_gr * @@ -132,13 +121,7 @@ irs_irp_gr(struct irs_acc *this) { /* Methods. */ - - -/* - * void gr_close(struct irs_gr *this) - * - * Notes: - * +/*% * Close the sub-module. * */ @@ -153,14 +136,7 @@ gr_close(struct irs_gr *this) { memput(this, sizeof *this); } - - - -/* - * struct group * gr_next(struct irs_gr *this) - * - * Notes: - * +/*% * Gets the next group out of the cached data and returns it. * */ @@ -207,15 +183,7 @@ gr_next(struct irs_gr *this) { return (gr); } - - - - -/* - * struct group * gr_byname(struct irs_gr *this, const char *name) - * - * Notes: - * +/*% * Gets a group by name from irpd and returns it. * */ @@ -263,15 +231,7 @@ gr_byname(struct irs_gr *this, const char *name) { return (gr); } - - - - -/* - * struct group * gr_bygid(struct irs_gr *this, gid_t gid) - * - * Notes: - * +/*% * Gets a group by gid from irpd and returns it. * */ @@ -318,10 +278,7 @@ gr_bygid(struct irs_gr *this, gid_t gid) { return (gr); } - - - -/* +/*% * void gr_rewind(struct irs_gr *this) * */ @@ -350,14 +307,7 @@ gr_rewind(struct irs_gr *this) { return; } - - - -/* - * void gr_minimize(struct irs_gr *this) - * - * Notes: - * +/*% * Frees up cached data and disconnects(if necessary) from the remote. * */ @@ -372,9 +322,7 @@ gr_minimize(struct irs_gr *this) { /* Private. */ - - -/* +/*% * static void free_group(struct group *gr); * * Deallocate all the memory irp_unmarshall_gr allocated. @@ -406,3 +354,4 @@ free_group(struct group *gr) { #endif /* WANT_IRS_GR */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_ho.c b/contrib/bind-9.5.2/lib/bind/irs/irp_ho.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/irp_ho.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_ho.c index 905661254b..d4ce5c3bbe 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_ho.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_ho.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_ho.c,v 1.1.206.1 2004/03/09 08:33:36 marka Exp $"; +static const char rcsid[] = "$Id: irp_ho.c,v 1.3 2005/04/27 04:56:28 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -84,9 +84,7 @@ static struct addrinfo * ho_addrinfo(struct irs_ho *this, const char *name, /* Public. */ - - -/* +/*% * struct irs_ho * irs_irp_ho(struct irs_acc *this) * * Notes: @@ -129,13 +127,7 @@ irs_irp_ho(struct irs_acc *this) { /* Methods. */ - - -/* - * void ho_close(struct irs_ho *this) - * - * Notes: - * +/*% * Closes down the module. * */ @@ -281,15 +273,7 @@ ho_byaddr(struct irs_ho *this, const void *addr, int len, int af) { return (ho); } - - - - -/* - * struct hostent * ho_next(struct irs_ho *this) - * - * Notes: - * +/*% * The implementation for gethostent(3). The first time it's * called all the data is pulled from the remote(i.e. what * the maximum number of gethostent(3) calls would return) @@ -336,11 +320,7 @@ ho_next(struct irs_ho *this) { return (ho); } - - - - -/* +/*% * void ho_rewind(struct irs_ho *this) * */ @@ -369,10 +349,7 @@ ho_rewind(struct irs_ho *this) { return; } - - - -/* +/*% * void ho_minimize(struct irs_ho *this) * */ @@ -386,10 +363,7 @@ ho_minimize(struct irs_ho *this) { irs_irp_disconnect(pvt->girpdata); } - - - -/* +/*% * void free_host(struct hostent *ho) * */ @@ -427,3 +401,5 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) UNUSED(pai); return(NULL); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_ng.c b/contrib/bind-9.5.2/lib/bind/irs/irp_ng.c similarity index 91% rename from contrib/bind-9.3/lib/bind/irs/irp_ng.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_ng.c index cf7bc7c31e..1af862cab4 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_ng.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_ng.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: irp_ng.c,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $"; +static const char rcsid[] = "$Id: irp_ng.c,v 1.4 2006/12/07 04:46:27 marka Exp $"; #endif /* Imports */ @@ -62,13 +62,7 @@ static void ng_minimize(struct irs_ng *); /* Public */ - - -/* - * struct irs_ng * irs_irp_ng(struct irs_acc *this) - * - * Notes: - * +/*% * Intialize the irp netgroup module. * */ @@ -155,15 +149,7 @@ ng_rewind(struct irs_ng *this, const char *group) { return; } - - - /* - * int ng_next(struct irs_ng *this, const char **host, const char **user, - * const char **domain) - * - * Notes: - * * Get the next netgroup item from the cache. * */ @@ -205,14 +191,7 @@ ng_next(struct irs_ng *this, const char **host, const char **user, return (rval); } - - /* - * int ng_test(struct irs_ng *this, const char *name, const char *host, - * const char *user, const char *domain) - * - * Notes: - * * Search for a match in a netgroup. * */ @@ -239,14 +218,14 @@ ng_test(struct irs_ng *this, const char *name, } if (irs_irp_send_command(pvt->girpdata, "innetgr %s", body) == 0) { - memput(body, bodylen); - code = irs_irp_read_response(pvt->girpdata, text, sizeof text); if (code == IRPD_GETNETGR_MATCHES) { rval = 1; } } + memput(body, bodylen); + return (rval); } @@ -270,3 +249,5 @@ ng_minimize(struct irs_ng *this) { /* Private */ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_nw.c b/contrib/bind-9.5.2/lib/bind/irs/irp_nw.c similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/irp_nw.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_nw.c index ea68612419..eb4654f9b9 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_nw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_nw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_nw.c,v 1.1.206.2 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: irp_nw.c,v 1.4 2006/03/09 23:57:56 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #if 0 @@ -79,9 +79,7 @@ static void free_nw(struct nwent *nw); /* Public */ - - -/* +/*% * struct irs_nw * irs_irp_nw(struct irs_acc *this) * */ @@ -117,9 +115,7 @@ irs_irp_nw(struct irs_acc *this) { /* Methods */ - - -/* +/*% * void nw_close(struct irs_nw *this) * */ @@ -136,10 +132,7 @@ nw_close(struct irs_nw *this) { memput(this, sizeof *this); } - - - -/* +/*% * struct nwent * nw_byaddr(struct irs_nw *this, void *net, * int length, int type) * @@ -152,7 +145,7 @@ nw_byaddr(struct irs_nw *this, void *net, int length, int type) { char *body = NULL; size_t bodylen; int code; - char paddr[24]; /* bigenough for ip4 w/ cidr spec. */ + char paddr[24]; /*%< bigenough for ip4 w/ cidr spec. */ char text[256]; if (inet_net_ntop(type, net, length, paddr, sizeof paddr) == NULL) { @@ -189,10 +182,7 @@ nw_byaddr(struct irs_nw *this, void *net, int length, int type) { return (nw); } - - - -/* +/*% * struct nwent * nw_byname(struct irs_nw *this, const char *name, int type) * */ @@ -241,10 +231,7 @@ nw_byname(struct irs_nw *this, const char *name, int type) { return (nw); } - - - -/* +/*% * void nw_rewind(struct irs_nw *this) * */ @@ -273,16 +260,7 @@ nw_rewind(struct irs_nw *this) { return; } - - - - - -/* - * struct nwent * nw_next(struct irs_nw *this) - * - * Notes: - * +/*% * Prepares the cache if necessary and returns the first, or * next item from it. */ @@ -324,12 +302,7 @@ nw_next(struct irs_nw *this) { return (nw); } - - - - - -/* +/*% * void nw_minimize(struct irs_nw *this) * */ @@ -346,11 +319,7 @@ nw_minimize(struct irs_nw *this) { /* private. */ - - -/* - * static void free_passwd(struct passwd *pw); - * +/*% * deallocate all the memory irp_unmarshall_pw allocated. * */ @@ -375,3 +344,5 @@ free_nw(struct nwent *nw) { if (nw->n_addr != NULL) free(nw->n_addr); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_p.h b/contrib/bind-9.5.2/lib/bind/irs/irp_p.h similarity index 90% rename from contrib/bind-9.3/lib/bind/irs/irp_p.h rename to contrib/bind-9.5.2/lib/bind/irs/irp_p.h index fa2858dba4..4f943f81bd 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_p.h @@ -16,7 +16,7 @@ */ /* - * $Id: irp_p.h,v 1.1.2.2.4.1 2004/03/09 08:33:37 marka Exp $ + * $Id: irp_p.h,v 1.5 2005/04/27 04:56:28 sra Exp $ */ #ifndef _IRP_P_H_INCLUDED @@ -26,9 +26,8 @@ struct irp_p { char inbuffer[1024]; - int inlast; /* index of one past the last char in buffer */ - int incurr; /* index of the next char to be read from buffer */ - + int inlast; /*%< index of one past the last char in buffer */ + int incurr; /*%< index of the next char to be read from buffer */ int fdCxn; }; @@ -57,3 +56,5 @@ int irs_irp_get_full_response(struct irp_p *pvt, int *code, extern int irp_log_errors; #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_pr.c b/contrib/bind-9.5.2/lib/bind/irs/irp_pr.c similarity index 96% rename from contrib/bind-9.3/lib/bind/irs/irp_pr.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_pr.c index 07d739d62b..ea876e8281 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_pr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_pr.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_pr.c,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $"; +static const char rcsid[] = "$Id: irp_pr.c,v 1.3 2005/04/27 04:56:29 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* extern */ @@ -69,9 +69,7 @@ static void free_proto(struct protoent *pr); /* Public */ - - -/* +/*% * struct irs_pr * irs_irp_pr(struct irs_acc *this) * */ @@ -107,9 +105,7 @@ irs_irp_pr(struct irs_acc *this) { /* Methods */ - - -/* +/*% * void pr_close(struct irs_pr *this) * */ @@ -126,9 +122,7 @@ pr_close(struct irs_pr *this) { memput(this, sizeof *this); } - - -/* +/*% * struct protoent * pr_byname(struct irs_pr *this, const char *name) * */ @@ -177,9 +171,7 @@ pr_byname(struct irs_pr *this, const char *name) { return (pr); } - - -/* +/*% * struct protoent * pr_bynumber(struct irs_pr *this, int proto) * */ @@ -228,10 +220,7 @@ pr_bynumber(struct irs_pr *this, int proto) { return (pr); } - - - -/* +/*% * void pr_rewind(struct irs_pr *this) * */ @@ -260,14 +249,7 @@ pr_rewind(struct irs_pr *this) { return; } - - - -/* - * struct protoent * pr_next(struct irs_pr *this) - * - * Notes: - * +/*% * Prepares the cache if necessary and returns the next item in it. * */ @@ -311,10 +293,7 @@ pr_next(struct irs_pr *this) { return (pr); } - - - -/* +/*% * void pr_minimize(struct irs_pr *this) * */ @@ -326,14 +305,7 @@ pr_minimize(struct irs_pr *this) { irs_irp_disconnect(pvt->girpdata); } - - - - - -/* - * static void free_proto(struct protoent *pw); - * +/*% * Deallocate all the memory irp_unmarshall_pr allocated. * */ @@ -351,3 +323,5 @@ free_proto(struct protoent *pr) { for (p = pr->p_aliases ; p != NULL && *p != NULL ; p++) free(*p); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_pw.c b/contrib/bind-9.5.2/lib/bind/irs/irp_pw.c similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/irp_pw.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_pw.c index 069f588749..3722e5974d 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_pw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_pw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_pw.c,v 1.2.206.1 2004/03/09 08:33:37 marka Exp $"; +static const char rcsid[] = "$Id: irp_pw.c,v 1.4 2005/04/27 04:56:29 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Extern */ @@ -55,9 +55,9 @@ static int __bind_irs_pw_unneeded; /* Types */ struct pvt { - struct irp_p *girpdata; /* global IRP data */ + struct irp_p *girpdata; /*%< global IRP data */ int warned; - struct passwd passwd; /* password structure */ + struct passwd passwd; /*%< password structure */ }; /* Forward */ @@ -104,9 +104,7 @@ irs_irp_pw(struct irs_acc *this) { /* Methods */ - - -/* +/*% * void pw_close(struct irs_pw *this) * */ @@ -123,10 +121,7 @@ pw_close(struct irs_pw *this) { memput(this, sizeof *this); } - - - -/* +/*% * struct passwd * pw_next(struct irs_pw *this) * */ @@ -170,10 +165,7 @@ pw_next(struct irs_pw *this) { return (pw); } - - - -/* +/*% * struct passwd * pw_byname(struct irs_pw *this, const char *name) * */ @@ -221,10 +213,7 @@ pw_byname(struct irs_pw *this, const char *name) { return (pw); } - - - -/* +/*% * struct passwd * pw_byuid(struct irs_pw *this, uid_t uid) * */ @@ -272,10 +261,7 @@ pw_byuid(struct irs_pw *this, uid_t uid) { return (pw); } - - - -/* +/*% * void pw_rewind(struct irs_pw *this) * */ @@ -304,8 +290,7 @@ pw_rewind(struct irs_pw *this) { return; } - -/* +/*% * void pw_minimize(struct irs_pw *this) * */ @@ -320,11 +305,7 @@ pw_minimize(struct irs_pw *this) { /* Private. */ - - -/* - * static void free_passwd(struct passwd *pw); - * +/*% * Deallocate all the memory irp_unmarshall_pw allocated. * */ @@ -356,3 +337,4 @@ free_passwd(struct passwd *pw) { } #endif /* WANT_IRS_PW */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irp_sv.c b/contrib/bind-9.5.2/lib/bind/irs/irp_sv.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/irp_sv.c rename to contrib/bind-9.5.2/lib/bind/irs/irp_sv.c index 0c4d6a182a..577e697fe6 100644 --- a/contrib/bind-9.3/lib/bind/irs/irp_sv.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irp_sv.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irp_sv.c,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $"; +static const char rcsid[] = "$Id: irp_sv.c,v 1.3 2005/04/27 04:56:29 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* extern */ @@ -73,9 +73,7 @@ static void free_service(struct servent *sv); /* Public */ - - -/* +/*% * struct irs_sv * irs_irp_sv(struct irs_acc *this) * */ @@ -112,9 +110,7 @@ irs_irp_sv(struct irs_acc *this) { /* Methods */ - - -/* +/*% * void sv_close(struct irs_sv *this) * */ @@ -131,14 +127,7 @@ sv_close(struct irs_sv *this) { memput(this, sizeof *this); } - - - -/* - * struct servent * sv_next(struct irs_sv *this) - * - * Notes: - * +/*% * Fills the cache if necessary and returns the next item from it. * */ @@ -182,10 +171,7 @@ sv_next(struct irs_sv *this) { return (sv); } - - - -/* +/*% * struct servent * sv_byname(struct irs_sv *this, const char *name, * const char *proto) * @@ -236,10 +222,7 @@ sv_byname(struct irs_sv *this, const char *name, const char *proto) { return (sv); } - - - -/* +/*% * struct servent * sv_byport(struct irs_sv *this, int port, * const char *proto) * @@ -291,11 +274,7 @@ sv_byport(struct irs_sv *this, int port, const char *proto) { return (sv); } - - - - -/* +/*% * void sv_rewind(struct irs_sv *this) * */ @@ -324,11 +303,7 @@ sv_rewind(struct irs_sv *this) { return; } - - - - -/* +/*% * void sv_minimize(struct irs_sv *this) * */ @@ -367,3 +342,5 @@ free_service(struct servent *sv) { } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irpmarshall.c b/contrib/bind-9.5.2/lib/bind/irs/irpmarshall.c similarity index 93% rename from contrib/bind-9.3/lib/bind/irs/irpmarshall.c rename to contrib/bind-9.5.2/lib/bind/irs/irpmarshall.c index 198e349d53..85ffff1866 100644 --- a/contrib/bind-9.3/lib/bind/irs/irpmarshall.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irpmarshall.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: irpmarshall.c,v 1.3.206.4 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: irpmarshall.c,v 1.7 2006/03/09 23:57:56 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #if 0 @@ -118,15 +118,14 @@ static const char *COLONSTR = ":"; #ifdef WANT_IRS_PW /* +++++++++++++++++++++++++ struct passwd +++++++++++++++++++++++++ */ - -/* +/*% * int irp_marshall_pw(const struct passwd *pw, char **buffer, size_t *len) * - * notes: + * notes: \li * - * See above + * See irpmarshall.h * - * return: + * return: \li * * 0 on sucess, -1 on failure. * @@ -134,7 +133,7 @@ static const char *COLONSTR = ":"; int irp_marshall_pw(const struct passwd *pw, char **buffer, size_t *len) { - size_t need = 1 ; /* for null byte */ + size_t need = 1 ; /*%< for null byte */ char pwUid[24]; char pwGid[24]; char pwChange[24]; @@ -170,7 +169,7 @@ irp_marshall_pw(const struct passwd *pw, char **buffer, size_t *len) { pwClass = ""; #endif - need += strlen(pw->pw_name) + 1; /* one for fieldsep */ + need += strlen(pw->pw_name) + 1; /*%< one for fieldsep */ need += strlen(pw->pw_passwd) + 1; need += strlen(pwUid) + 1; need += strlen(pwGid) + 1; @@ -192,7 +191,7 @@ irp_marshall_pw(const struct passwd *pw, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -216,18 +215,14 @@ irp_marshall_pw(const struct passwd *pw, char **buffer, size_t *len) { return (0); } - - - - -/* +/*% * int irp_unmarshall_pw(struct passwd *pw, char *buffer) * - * notes: + * notes: \li * - * see above + * See irpmarshall.h * - * return: + * return: \li * * 0 on success, -1 on failure * @@ -258,7 +253,7 @@ irp_unmarshall_pw(struct passwd *pw, char *buffer) { /* pw_passwd field */ pass = NULL; - if (getfield(&pass, 0, &p, fieldsep) == NULL) { /* field can be empty */ + if (getfield(&pass, 0, &p, fieldsep) == NULL) { /*%< field can be empty */ goto error; } @@ -271,10 +266,10 @@ irp_unmarshall_pw(struct passwd *pw, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } pwuid = (uid_t)t; - if ((long) pwuid != t) { /* value must have been too big. */ + if ((long) pwuid != t) { /*%< value must have been too big. */ goto error; } @@ -288,10 +283,10 @@ irp_unmarshall_pw(struct passwd *pw, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } pwgid = (gid_t)t; - if ((long)pwgid != t) { /* value must have been too big. */ + if ((long)pwgid != t) { /*%< value must have been too big. */ goto error; } @@ -313,10 +308,10 @@ irp_unmarshall_pw(struct passwd *pw, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } pwchange = (time_t)t; - if ((long)pwchange != t) { /* value must have been too big. */ + if ((long)pwchange != t) { /*%< value must have been too big. */ goto error; } @@ -330,10 +325,10 @@ irp_unmarshall_pw(struct passwd *pw, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } pwexpire = (time_t)t; - if ((long) pwexpire != t) { /* value must have been too big. */ + if ((long) pwexpire != t) { /*%< value must have been too big. */ goto error; } @@ -397,28 +392,23 @@ irp_unmarshall_pw(struct passwd *pw, char *buffer) { /* ------------------------- struct passwd ------------------------- */ #endif /* WANT_IRS_PW */ - - - /* +++++++++++++++++++++++++ struct group +++++++++++++++++++++++++ */ - - -/* +/*% * int irp_marshall_gr(const struct group *gr, char **buffer, size_t *len) * - * notes: + * notes: \li * - * see above. + * See irpmarshall.h. * - * return: + * return: \li * * 0 on success, -1 on failure */ int irp_marshall_gr(const struct group *gr, char **buffer, size_t *len) { - size_t need = 1; /* for null byte */ + size_t need = 1; /*%< for null byte */ char grGid[24]; const char *fieldsep = COLONSTR; @@ -449,7 +439,7 @@ irp_marshall_gr(const struct group *gr, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -470,17 +460,14 @@ irp_marshall_gr(const struct group *gr, char **buffer, size_t *len) { return (0); } - - - -/* +/*% * int irp_unmarshall_gr(struct group *gr, char *buffer) * - * notes: + * notes: \li * - * see above + * See irpmarshall.h * - * return: + * return: \li * * 0 on success and -1 on failure. * @@ -528,10 +515,10 @@ irp_unmarshall_gr(struct group *gr, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } grgid = (gid_t)t; - if ((long) grgid != t) { /* value must have been too big. */ + if ((long) grgid != t) { /*%< value must have been too big. */ goto error; } @@ -575,16 +562,14 @@ irp_unmarshall_gr(struct group *gr, char *buffer) { /* +++++++++++++++++++++++++ struct servent +++++++++++++++++++++++++ */ - - -/* +/*% * int irp_marshall_sv(const struct servent *sv, char **buffer, size_t *len) * - * notes: + * notes: \li * - * see above + * See irpmarshall.h * - * return: + * return: \li * * 0 on success, -1 on failure. * @@ -592,7 +577,7 @@ irp_unmarshall_gr(struct group *gr, char *buffer) { int irp_marshall_sv(const struct servent *sv, char **buffer, size_t *len) { - size_t need = 1; /* for null byte */ + size_t need = 1; /*%< for null byte */ char svPort[24]; const char *fieldsep = COLONSTR; short realport; @@ -623,7 +608,7 @@ irp_marshall_sv(const struct servent *sv, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -641,18 +626,14 @@ irp_marshall_sv(const struct servent *sv, char **buffer, size_t *len) { return (0); } - - - - -/* +/*% * int irp_unmarshall_sv(struct servent *sv, char *buffer) * - * notes: + * notes: \li * - * see above + * See irpmarshall.h * - * return: + * return: \li * * 0 on success, -1 on failure. * @@ -705,10 +686,10 @@ irp_unmarshall_sv(struct servent *sv, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } svport = (short)t; - if ((long) svport != t) { /* value must have been too big. */ + if ((long) svport != t) { /*%< value must have been too big. */ goto error; } svport = htons(svport); @@ -741,16 +722,14 @@ irp_unmarshall_sv(struct servent *sv, char *buffer) { /* +++++++++++++++++++++++++ struct protoent +++++++++++++++++++++++++ */ - - -/* +/*% * int irp_marshall_pr(struct protoent *pr, char **buffer, size_t *len) * - * notes: + * notes: \li * - * see above + * See irpmarshall.h * - * return: + * return: \li * * 0 on success and -1 on failure. * @@ -758,7 +737,7 @@ irp_unmarshall_sv(struct servent *sv, char *buffer) { int irp_marshall_pr(struct protoent *pr, char **buffer, size_t *len) { - size_t need = 1; /* for null byte */ + size_t need = 1; /*%< for null byte */ char prProto[24]; const char *fieldsep = COLONSTR; @@ -784,7 +763,7 @@ irp_marshall_pr(struct protoent *pr, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -802,16 +781,14 @@ irp_marshall_pr(struct protoent *pr, char **buffer, size_t *len) { } - - -/* +/*% * int irp_unmarshall_pr(struct protoent *pr, char *buffer) * - * notes: + * notes: \li * - * See above + * See irpmarshall.h * - * return: + * return: \li * * 0 on success, -1 on failure * @@ -863,10 +840,10 @@ int irp_unmarshall_pr(struct protoent *pr, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } prproto = (int)t; - if ((long) prproto != t) { /* value must have been too big. */ + if ((long) prproto != t) { /*%< value must have been too big. */ goto error; } @@ -891,15 +868,14 @@ int irp_unmarshall_pr(struct protoent *pr, char *buffer) { /* +++++++++++++++++++++++++ struct hostent +++++++++++++++++++++++++ */ - -/* +/*% * int irp_marshall_ho(struct hostent *ho, char **buffer, size_t *len) * - * notes: + * notes: \li * - * see above. + * See irpmarshall.h. * - * return: + * return: \li * * 0 on success, -1 on failure. * @@ -907,7 +883,7 @@ int irp_unmarshall_pr(struct protoent *pr, char *buffer) { int irp_marshall_ho(struct hostent *ho, char **buffer, size_t *len) { - size_t need = 1; /* for null byte */ + size_t need = 1; /*%< for null byte */ char hoaddrtype[24]; char holength[24]; char **av; @@ -945,7 +921,7 @@ irp_marshall_ho(struct hostent *ho, char **buffer, size_t *len) { /* we determine an upper bound on the string length needed, not an exact length. */ - addrlen = (ho->h_addrtype == AF_INET ? 16 : 46) ; /* XX other AF's?? */ + addrlen = (ho->h_addrtype == AF_INET ? 16 : 46) ; /*%< XX other AF's?? */ for (av = ho->h_addr_list; av != NULL && *av != NULL ; av++) need += addrlen; @@ -960,7 +936,7 @@ irp_marshall_ho(struct hostent *ho, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -999,16 +975,14 @@ irp_marshall_ho(struct hostent *ho, char **buffer, size_t *len) { return (-1); } - - -/* +/*% * int irp_unmarshall_ho(struct hostent *ho, char *buffer) * - * notes: + * notes: \li * - * See above. + * See irpmarshall.h. * - * return: + * return: \li * * 0 on success, -1 on failure. * @@ -1080,10 +1054,10 @@ irp_unmarshall_ho(struct hostent *ho, char *buffer) { } t = strtol(tmpbuf, &tb, 10); if (*tb) { - goto error; /* junk in value */ + goto error; /*%< junk in value */ } holength = (int)t; - if ((long) holength != t) { /* value must have been too big. */ + if ((long) holength != t) { /*%< value must have been too big. */ goto error; } @@ -1155,16 +1129,15 @@ irp_unmarshall_ho(struct hostent *ho, char *buffer) { /* +++++++++++++++++++++++++ struct netgrp +++++++++++++++++++++++++ */ - -/* +/*% * int irp_marshall_ng(const char *host, const char *user, * const char *domain, char *buffer, size_t *len) * - * notes: + * notes: \li * * See note for irp_marshall_ng_start * - * return: + * return: \li * * 0 on success, 0 on failure. * @@ -1173,7 +1146,7 @@ irp_unmarshall_ho(struct hostent *ho, char *buffer) { int irp_marshall_ng(const char *host, const char *user, const char *domain, char **buffer, size_t *len) { - size_t need = 1; /* for nul byte */ + size_t need = 1; /*%< for nul byte */ const char *fieldsep = ","; if (len == NULL) { @@ -1181,7 +1154,7 @@ irp_marshall_ng(const char *host, const char *user, const char *domain, return (-1); } - need += 4; /* two parens and two commas */ + need += 4; /*%< two parens and two commas */ need += (host == NULL ? 0 : strlen(host)); need += (user == NULL ? 0 : strlen(user)); need += (domain == NULL ? 0 : strlen(domain)); @@ -1195,7 +1168,7 @@ irp_marshall_ng(const char *host, const char *user, const char *domain, } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -1227,18 +1200,17 @@ irp_marshall_ng(const char *host, const char *user, const char *domain, /* ---------- */ - -/* +/*% * int irp_unmarshall_ng(const char **host, const char **user, * const char **domain, char *buffer) * - * notes: + * notes: \li * * Unpacks the BUFFER into 3 character arrays it allocates and assigns * to *HOST, *USER and *DOMAIN. If any field of the value is empty, * then the corresponding paramater value will be set to NULL. * - * return: + * return: \li * * 0 on success and -1 on failure. */ @@ -1325,15 +1297,14 @@ irp_unmarshall_ng(const char **hostp, const char **userp, const char **domainp, /* +++++++++++++++++++++++++ struct nwent +++++++++++++++++++++++++ */ - -/* +/*% * int irp_marshall_nw(struct nwent *ne, char **buffer, size_t *len) * - * notes: + * notes: \li * * See at top. * - * return: + * return: \li * * 0 on success and -1 on failure. * @@ -1341,7 +1312,7 @@ irp_unmarshall_ng(const char **hostp, const char **userp, const char **domainp, int irp_marshall_nw(struct nwent *ne, char **buffer, size_t *len) { - size_t need = 1; /* for null byte */ + size_t need = 1; /*%< for null byte */ char nAddrType[24]; char nNet[MAXPADDRSIZE]; const char *fieldsep = COLONSTR; @@ -1374,7 +1345,7 @@ irp_marshall_nw(struct nwent *ne, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -1392,16 +1363,14 @@ irp_marshall_nw(struct nwent *ne, char **buffer, size_t *len) { return (0); } - - -/* +/*% * int irp_unmarshall_nw(struct nwent *ne, char *buffer) * - * notes: + * notes: \li * * See note up top. * - * return: + * return: \li * * 0 on success and -1 on failure. * @@ -1502,15 +1471,14 @@ irp_unmarshall_nw(struct nwent *ne, char *buffer) { /* +++++++++++++++++++++++++ struct netent +++++++++++++++++++++++++ */ - -/* +/*% * int irp_marshall_ne(struct netent *ne, char **buffer, size_t *len) * - * notes: + * notes: \li * * See at top. * - * return: + * return: \li * * 0 on success and -1 on failure. * @@ -1518,7 +1486,7 @@ irp_unmarshall_nw(struct nwent *ne, char *buffer) { int irp_marshall_ne(struct netent *ne, char **buffer, size_t *len) { - size_t need = 1; /* for null byte */ + size_t need = 1; /*%< for null byte */ char nAddrType[24]; char nNet[MAXPADDRSIZE]; const char *fieldsep = COLONSTR; @@ -1551,7 +1519,7 @@ irp_marshall_ne(struct netent *ne, char **buffer, size_t *len) { } if (*buffer == NULL) { - need += 2; /* for CRLF */ + need += 2; /*%< for CRLF */ *buffer = memget(need); if (*buffer == NULL) { errno = ENOMEM; @@ -1569,16 +1537,14 @@ irp_marshall_ne(struct netent *ne, char **buffer, size_t *len) { return (0); } - - -/* +/*% * int irp_unmarshall_ne(struct netent *ne, char *buffer) * - * notes: + * notes: \li * * See note up top. * - * return: + * return: \li * * 0 on success and -1 on failure. * @@ -1671,11 +1637,10 @@ irp_unmarshall_ne(struct netent *ne, char *buffer) { /* =========================================================================== */ - -/* +/*% * static char ** splitarray(const char *buffer, const char *buffend, char delim) * - * notes: + * notes: \li * * Split a delim separated astring. Not allowed * to have two delims next to each other. BUFFER points to begining of @@ -1683,7 +1648,7 @@ irp_unmarshall_ne(struct netent *ne, char *buffer) { * (i.e. points at where the null byte would be if null * terminated). * - * return: + * return: \li * * Returns a malloced array of pointers, each pointer pointing to a * malloced string. If BUFEER is an empty string, then return values is @@ -1719,7 +1684,7 @@ splitarray(const char *buffer, const char *buffend, char delim) { } if (count > 0) { - count++ ; /* for NULL at end */ + count++ ; /*%< for NULL at end */ aptr = arr = malloc(count * sizeof (char *)); if (aptr == NULL) { errno = ENOMEM; @@ -1749,13 +1714,10 @@ splitarray(const char *buffer, const char *buffend, char delim) { return (arr); } - - - -/* +/*% * static size_t joinlength(char * const *argv) * - * return: + * return: \li * * the number of bytes in all the arrays pointed at * by argv, including their null bytes(which will usually be turned @@ -1776,18 +1738,16 @@ joinlength(char * const *argv) { return (len); } - - -/* +/*% * int joinarray(char * const *argv, char *buffer, char delim) * - * notes: + * notes: \li * * Copy all the ARGV strings into the end of BUFFER * separating them with DELIM. BUFFER is assumed to have * enough space to hold everything and to be already null-terminated. * - * return: + * return: \li * * 0 unless argv or buffer is NULL. * @@ -1817,11 +1777,10 @@ joinarray(char * const *argv, char *buffer, char delim) { return (0); } - -/* +/*% * static char * getfield(char **res, size_t reslen, char **ptr, char delim) * - * notes: + * notes: \li * * Stores in *RES, which is a buffer of length RESLEN, a * copy of the bytes from *PTR up to and including the first @@ -1829,7 +1788,7 @@ joinarray(char * const *argv, char *buffer, char delim) { * assigned a malloced buffer to hold the copy. *PTR is * modified to point at the found delimiter. * - * return: + * return: \li * * If there was no delimiter, then NULL is returned, * otherewise *RES is returned. @@ -1854,7 +1813,7 @@ getfield(char **res, size_t reslen, char **ptr, char delim) { if (*res == NULL) { *res = strndup(*ptr, q - *ptr); } else { - if ((size_t)(q - *ptr + 1) > reslen) { /* to big for res */ + if ((size_t)(q - *ptr + 1) > reslen) { /*%< to big for res */ errno = EINVAL; return (NULL); } else { @@ -1876,12 +1835,12 @@ getfield(char **res, size_t reslen, char **ptr, char delim) { /* * static char * strndup(const char *str, size_t len) * - * notes: + * notes: \li * * like strdup, except do len bytes instead of the whole string. Always * null-terminates. * - * return: + * return: \li * * The newly malloced string. * @@ -1901,14 +1860,14 @@ strndup(const char *str, size_t len) { #if WANT_MAIN -/* +/*% * static int strcmp_nws(const char *a, const char *b) * - * notes: + * notes: \li * * do a strcmp, except uneven lengths of whitespace compare the same * - * return: + * return: \li * */ @@ -1942,14 +1901,10 @@ strcmp_nws(const char *a, const char *b) { #endif - - - - -/* +/*% * static void free_array(char **argv, size_t entries) * - * notes: + * notes: \li * * Free argv and each of the pointers inside it. The end of * the array is when a NULL pointer is found inside. If @@ -1984,7 +1939,7 @@ free_array(char **argv, size_t entries) { #if WANT_MAIN -/* takes an option to indicate what sort of marshalling(read the code) and +/*% takes an option to indicate what sort of marshalling(read the code) and an argument. If the argument looks like a marshalled buffer(has a ':' embedded) then it's unmarshalled and the remarshalled and the new string is compared to the old one. @@ -2342,3 +2297,5 @@ main(int argc, char **argv) { } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irs_data.c b/contrib/bind-9.5.2/lib/bind/irs/irs_data.c similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/irs_data.c rename to contrib/bind-9.5.2/lib/bind/irs/irs_data.c index 7904286db8..cd8ba00c50 100644 --- a/contrib/bind-9.3/lib/bind/irs/irs_data.c +++ b/contrib/bind-9.5.2/lib/bind/irs/irs_data.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: irs_data.c,v 1.3.2.2.4.4 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: irs_data.c,v 1.12 2007/08/27 03:32:26 marka Exp $"; #endif #include "port_before.h" @@ -113,7 +113,8 @@ net_data_destroy(void *p) { memput(net_data, sizeof *net_data); } -/* applications that need a specific config file other than +/*% + * applications that need a specific config file other than * _PATH_IRS_CONF should call net_data_init directly rather than letting * the various wrapper functions make the first call. - brister */ @@ -131,8 +132,10 @@ net_data_init(const char *conf_file) { if (pthread_mutex_lock(&keylock) != 0) return (NULL); if (!once) { - if (pthread_key_create(&key, net_data_destroy) != 0) + if (pthread_key_create(&key, net_data_destroy) != 0) { + (void)pthread_mutex_unlock(&keylock); return (NULL); + } once = 1; } if (pthread_mutex_unlock(&keylock) != 0) @@ -239,3 +242,5 @@ __h_errno_set(struct __res_state *res, int err) { } #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irs_data.h b/contrib/bind-9.5.2/lib/bind/irs/irs_data.h similarity index 90% rename from contrib/bind-9.3/lib/bind/irs/irs_data.h rename to contrib/bind-9.5.2/lib/bind/irs/irs_data.h index 90eb78c5f2..cb814fd8b1 100644 --- a/contrib/bind-9.3/lib/bind/irs/irs_data.h +++ b/contrib/bind-9.5.2/lib/bind/irs/irs_data.h @@ -16,7 +16,7 @@ */ /* - * $Id: irs_data.h,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $ + * $Id: irs_data.h,v 1.3 2005/04/27 04:56:30 sra Exp $ */ #ifndef __BIND_NOSTATIC @@ -38,7 +38,7 @@ struct net_data { struct passwd * pw_last; struct servent * sv_last; struct protoent * pr_last; - struct netent * nw_last; /* should have been ne_last */ + struct netent * nw_last; /*%< should have been ne_last */ struct nwent * nww_last; struct hostent * ho_last; @@ -52,11 +52,12 @@ struct net_data { void * nw_data; void * ho_data; - struct __res_state * res; /* for gethostent.c */ - + struct __res_state * res; /*%< for gethostent.c */ }; extern struct net_data * net_data_init(const char *conf_file); extern void net_data_minimize(struct net_data *); #endif /*__BIND_NOSTATIC*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/irs_p.h b/contrib/bind-9.5.2/lib/bind/irs/irs_p.h similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/irs_p.h rename to contrib/bind-9.5.2/lib/bind/irs/irs_p.h index 6d340f21e7..2a0a933fce 100644 --- a/contrib/bind-9.3/lib/bind/irs/irs_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/irs_p.h @@ -16,7 +16,7 @@ */ /* - * $Id: irs_p.h,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $ + * $Id: irs_p.h,v 1.3 2005/04/27 04:56:30 sra Exp $ */ #ifndef _IRS_P_H_INCLUDED @@ -47,3 +47,5 @@ extern struct irs_ng * irs_nul_ng(struct irs_acc *); extern struct servent * irs_lclsv_fnxt(struct lcl_sv *); #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl.c b/contrib/bind-9.5.2/lib/bind/irs/lcl.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/lcl.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl.c index e02c90d1f6..ea78a258a6 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: lcl.c,v 1.1.206.2 2004/03/17 00:29:49 marka Exp $"; +static const char rcsid[] = "$Id: lcl.c,v 1.4 2005/04/27 04:56:30 sra Exp $"; #endif /* Imports */ @@ -138,3 +138,5 @@ lcl_close(struct irs_acc *this) { } memput(this, sizeof *this); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_gr.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_gr.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/lcl_gr.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_gr.c index ccf7b797e9..ce7e347b2d 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_gr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_gr.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_gr.c,v 1.1.206.1 2004/03/09 08:33:37 marka Exp $"; +static const char rcsid[] = "$Id: lcl_gr.c,v 1.3 2005/04/27 04:56:30 sra Exp $"; /* from getgrent.c 8.2 (Berkeley) 3/21/94"; */ /* from BSDI Id: getgrent.c,v 2.8 1996/05/28 18:15:14 bostic Exp $ */ #endif /* LIBC_SCCS and not lint */ @@ -90,7 +90,7 @@ static int __bind_irs_gr_unneeded; struct pvt { FILE * fp; - /* + /*%< * Need space to store the entries read from the group file. * The members list also needs space per member, and the * strings making up the user names must be allocated @@ -98,7 +98,7 @@ struct pvt { * we keep one buffer and resize it as needed. */ struct group group; - size_t nmemb; /* Malloc'd max index of gr_mem[]. */ + size_t nmemb; /*%< Malloc'd max index of gr_mem[]. */ char * membuf; size_t membufsize; }; @@ -227,9 +227,8 @@ grstart(struct pvt *pvt) { return (1); } -#define INITIAL_NMEMB 30 /* about 120 bytes */ -#define INITIAL_BUFSIZ (INITIAL_NMEMB * 8) /* about 240 bytes */ - +#define INITIAL_NMEMB 30 /*%< about 120 bytes */ +#define INITIAL_BUFSIZ (INITIAL_NMEMB * 8) /*%< about 240 bytes */ static char * grnext(struct pvt *pvt) { char *w, *e; @@ -352,3 +351,4 @@ grscan(struct irs_gr *this, int search, gid_t gid, const char *name) { } #endif /* WANT_IRS_GR */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_ho.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_ho.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/lcl_ho.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_ho.c index b59a10468f..6c5246a5c4 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_ho.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_ho.c @@ -52,7 +52,7 @@ /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_ho.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: lcl_ho.c,v 1.5 2006/03/09 23:57:56 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports. */ @@ -109,7 +109,7 @@ struct pvt { char * h_addr_ptrs[MAXADDRS + 1]; char * host_aliases[MAXALIASES]; char hostbuf[8*1024]; - u_char host_addr[16]; /* IPv4 or IPv6 */ + u_char host_addr[16]; /*%< IPv4 or IPv6 */ struct __res_state *res; void (*free_res)(void *); }; @@ -508,7 +508,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) cur = &sentinel; switch(pai->ai_family) { - case AF_UNSPEC: /* INET6 then INET4 */ + case AF_UNSPEC: /*%< INET6 then INET4 */ q.family = AF_INET6; q.next = &q2; q2.family = AF_INET; @@ -520,7 +520,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) q.family = AF_INET; break; default: - RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); /* ??? */ + RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); /*%< ??? */ return(NULL); } @@ -574,3 +574,5 @@ init(struct irs_ho *this) { return (-1); return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_ng.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_ng.c similarity index 92% rename from contrib/bind-9.3/lib/bind/irs/lcl_ng.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_ng.c index 3c678f273e..70e0b4563f 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_ng.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_ng.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: lcl_ng.c,v 1.1.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: lcl_ng.c,v 1.3 2005/04/27 04:56:31 sra Exp $"; #endif /* Imports */ @@ -43,11 +43,10 @@ static const char rcsid[] = "$Id: lcl_ng.c,v 1.1.206.1 2004/03/09 08:33:38 marka /* Definitions */ -#define NG_HOST 0 /* Host name */ -#define NG_USER 1 /* User name */ -#define NG_DOM 2 /* and Domain name */ -#define LINSIZ 1024 /* Length of netgroup file line */ - +#define NG_HOST 0 /*%< Host name */ +#define NG_USER 1 /*%< User name */ +#define NG_DOM 2 /*%< and Domain name */ +#define LINSIZ 1024 /*%< Length of netgroup file line */ /* * XXX Warning XXX * This code is a hack-and-slash special. It realy needs to be @@ -55,24 +54,25 @@ static const char rcsid[] = "$Id: lcl_ng.c,v 1.1.206.1 2004/03/09 08:33:38 marka * More reasonable data structures would not be a bad thing. */ -/* +/*% * Static Variables and functions used by setnetgrent(), getnetgrent() and * endnetgrent(). + * * There are two linked lists: - * - linelist is just used by setnetgrent() to parse the net group file via. + * \li linelist is just used by setnetgrent() to parse the net group file via. * parse_netgrp() - * - netgrp is the list of entries for the current netgroup + * \li netgrp is the list of entries for the current netgroup */ struct linelist { - struct linelist *l_next; /* Chain ptr. */ - int l_parsed; /* Flag for cycles */ - char * l_groupname; /* Name of netgroup */ - char * l_line; /* Netgroup entrie(s) to be parsed */ + struct linelist *l_next; /*%< Chain ptr. */ + int l_parsed; /*%< Flag for cycles */ + char * l_groupname; /*%< Name of netgroup */ + char * l_line; /*%< Netgroup entrie(s) to be parsed */ }; struct ng_old_struct { - struct ng_old_struct *ng_next; /* Chain ptr */ - char * ng_str[3]; /* Field pointers, see below */ + struct ng_old_struct *ng_next; /*%< Chain ptr */ + char * ng_str[3]; /*%< Field pointers, see below */ }; struct pvt { @@ -142,7 +142,7 @@ ng_close(struct irs_ng *this) { memput(this, sizeof *this); } -/* +/*% * Parse the netgroup file looking for the netgroup and build the list * of netgrp structures. Let parse_netgrp() and read_for_group() do * most of the work. @@ -174,7 +174,7 @@ ng_rewind(struct irs_ng *this, const char *group) { pvt->nextgrp = pvt->grouphead.gr; } -/* +/*% * Get the next netgroup off the list. */ static int @@ -193,7 +193,7 @@ ng_next(struct irs_ng *this, const char **host, const char **user, return (0); } -/* +/*% * Search for a match in a netgroup. */ static int @@ -229,7 +229,7 @@ ng_minimize(struct irs_ng *this) { /* Private */ -/* +/*% * endnetgrent() - cleanup */ static void @@ -266,7 +266,7 @@ freelists(struct irs_ng *this) { pvt->grouphead.gr = NULL; } -/* +/*% * Parse the netgroup file setting up the linked lists. */ static int @@ -349,7 +349,7 @@ parse_netgrp(struct irs_ng *this, const char *group) { return (1); } -/* +/*% * Read the netgroup file and save lines until the line for the netgroup * is found. Return 1 if eof is encountered. */ @@ -442,3 +442,5 @@ read_for_group(struct irs_ng *this, const char *group) { } return (NULL); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_nw.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_nw.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/lcl_nw.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_nw.c index 7d04672c94..79b55a0c04 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_nw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_nw.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_nw.c,v 1.1.206.2 2004/03/17 00:29:50 marka Exp $"; +static const char rcsid[] = "$Id: lcl_nw.c,v 1.4 2005/04/27 04:56:31 sra Exp $"; /* from getgrent.c 8.2 (Berkeley) 3/21/94"; */ /* from BSDI Id: getgrent.c,v 2.8 1996/05/28 18:15:14 bostic Exp $ */ #endif /* LIBC_SCCS and not lint */ @@ -369,3 +369,5 @@ init(struct irs_nw *this) { return (-1); return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_p.h b/contrib/bind-9.5.2/lib/bind/irs/lcl_p.h similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/lcl_p.h rename to contrib/bind-9.5.2/lib/bind/irs/lcl_p.h index 44dd621e44..e3f4f009cb 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_p.h @@ -16,17 +16,18 @@ */ /* - * $Id: lcl_p.h,v 1.1.206.1 2004/03/09 08:33:38 marka Exp $ + * $Id: lcl_p.h,v 1.3 2005/04/27 04:56:31 sra Exp $ */ -/* +/*! \file + * \brief * lcl_p.h - private include file for the local accessor functions. */ #ifndef _LCL_P_H_INCLUDED #define _LCL_P_H_INCLUDED -/* +/*% * Object state. */ struct lcl_p { diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_pr.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_pr.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/lcl_pr.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_pr.c index ddc92c89bd..622158eb17 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_pr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_pr.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_pr.c,v 1.1.206.2 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: lcl_pr.c,v 1.4 2006/03/09 23:57:56 marka Exp $"; #endif /* LIBC_SCCS and not lint */ /* extern */ @@ -290,3 +290,5 @@ pr_minimize(struct irs_pr *this) { pvt->fp = NULL; } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_pw.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_pw.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/lcl_pw.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_pw.c index dc31dd2296..ffca5541bb 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_pw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_pw.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_pw.c,v 1.1.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: lcl_pw.c,v 1.3 2005/04/27 04:56:31 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Extern */ @@ -85,7 +85,8 @@ static int __bind_irs_pw_unneeded; #include "irs_p.h" #include "lcl_p.h" -/* +/*! \file + * \brief * The lookup techniques and data extraction code here must be kept * in sync with that in `pwd_mkdb'. */ @@ -94,9 +95,9 @@ static int __bind_irs_pw_unneeded; /* Types */ struct pvt { - struct passwd passwd; /* password structure */ - DB *pw_db; /* password database */ - int pw_keynum; /* key counter */ + struct passwd passwd; /*%< password structure */ + DB *pw_db; /*%< password database */ + int pw_keynum; /*%< key counter */ int warned; u_int max; char * line; diff --git a/contrib/bind-9.3/lib/bind/irs/lcl_sv.c b/contrib/bind-9.5.2/lib/bind/irs/lcl_sv.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/lcl_sv.c rename to contrib/bind-9.5.2/lib/bind/irs/lcl_sv.c index b407d7f887..8d0049bb46 100644 --- a/contrib/bind-9.3/lib/bind/irs/lcl_sv.c +++ b/contrib/bind-9.5.2/lib/bind/irs/lcl_sv.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: lcl_sv.c,v 1.2.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: lcl_sv.c,v 1.4 2005/04/27 04:56:31 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* extern */ @@ -387,8 +387,7 @@ sv_db_rec(struct lcl_sv *sv, DBT *key, DBT *data) { int n; p = data->data; - p[data->size - 1] = '\0'; /* should be, but we depend on it */ - + p[data->size - 1] = '\0'; /*%< should be, but we depend on it */ if (((char *)key->data)[0] == '\0') { if (key->size < sizeof(u_short)*2 || data->size < 2) return (NULL); @@ -429,3 +428,5 @@ sv_db_rec(struct lcl_sv *sv, DBT *key, DBT *data) { return (&sv->serv); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis.c b/contrib/bind-9.5.2/lib/bind/irs/nis.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/nis.c rename to contrib/bind-9.5.2/lib/bind/irs/nis.c index 70eaaedb10..9abc47403a 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis.c,v 1.1.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis.c,v 1.3 2005/04/27 04:56:32 sra Exp $"; #endif /* Imports */ @@ -152,3 +152,5 @@ nis_close(struct irs_acc *this) { } #endif /*WANT_IRS_NIS*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_gr.c b/contrib/bind-9.5.2/lib/bind/irs/nis_gr.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/nis_gr.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_gr.c index e06861f097..c7c8d83043 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_gr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_gr.c @@ -49,7 +49,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_gr.c,v 1.1.2.1.4.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_gr.c,v 1.4 2005/04/27 04:56:32 sra Exp $"; /* from getgrent.c 8.2 (Berkeley) 3/21/94"; */ /* from BSDI Id: getgrent.c,v 2.8 1996/05/28 18:15:14 bostic Exp $ */ #endif /* LIBC_SCCS and not lint */ @@ -99,7 +99,7 @@ struct pvt { int curkey_len; char * curval_data; int curval_len; - /* + /*%< * Need space to store the entries read from the group file. * The members list also needs space per member, and the * strings making up the user names must be allocated @@ -107,7 +107,7 @@ struct pvt { * we keep one buffer and resize it as needed. */ struct group group; - size_t nmemb; /* Malloc'd max index of gr_mem[]. */ + size_t nmemb; /*%< Malloc'd max index of gr_mem[]. */ char * membuf; size_t membufsize; }; @@ -351,3 +351,4 @@ nisfree(struct pvt *pvt, enum do_what do_what) { } #endif /* WANT_IRS_GR && WANT_IRS_NIS */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_ho.c b/contrib/bind-9.5.2/lib/bind/irs/nis_ho.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/nis_ho.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_ho.c index 7f0b125b7b..0799613f49 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_ho.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_ho.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_ho.c,v 1.2.2.1.4.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_ho.c,v 1.5 2005/04/27 04:56:32 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -79,7 +79,7 @@ struct pvt { char * h_addr_ptrs[MAXADDRS + 1]; char * host_aliases[MAXALIASES + 1]; char hostbuf[8*1024]; - u_char host_addr[16]; /* IPv4 or IPv6 */ + u_char host_addr[16]; /*%< IPv4 or IPv6 */ struct __res_state *res; void (*free_res)(void *); }; @@ -369,7 +369,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) cur = &sentinel; switch(pai->ai_family) { - case AF_UNSPEC: /* INET6 then INET4 */ + case AF_UNSPEC: /*%< INET6 then INET4 */ q.family = AF_INET6; q.next = &q2; q2.family = AF_INET; @@ -381,7 +381,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) q.family = AF_INET; break; default: - RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); /* ??? */ + RES_SET_H_ERRNO(pvt->res, NO_RECOVERY); /*%< ??? */ return(NULL); } @@ -414,7 +414,7 @@ ho_addrinfo(struct irs_ho *this, const char *name, const struct addrinfo *pai) /* Private */ -/* +/*% ipnodes: ::1 localhost 127.0.0.1 localhost @@ -531,3 +531,5 @@ init(struct irs_ho *this) { return (0); } #endif /*WANT_IRS_NIS*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_ng.c b/contrib/bind-9.5.2/lib/bind/irs/nis_ng.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/nis_ng.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_ng.c index 4ee700c500..ac6330536a 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_ng.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_ng.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_ng.c,v 1.2.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_ng.c,v 1.4 2005/04/27 04:56:32 sra Exp $"; #endif /* Imports */ @@ -300,3 +300,5 @@ tmpfree(struct pvt *pvt) { } #endif /*WANT_IRS_NIS*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_nw.c b/contrib/bind-9.5.2/lib/bind/irs/nis_nw.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/nis_nw.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_nw.c index 669b29d49e..c61e871ea9 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_nw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_nw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_nw.c,v 1.2.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_nw.c,v 1.4 2005/04/27 04:56:33 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -381,3 +381,5 @@ init(struct irs_nw *this) { } #endif /*WANT_IRS_NIS*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_p.h b/contrib/bind-9.5.2/lib/bind/irs/nis_p.h similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/nis_p.h rename to contrib/bind-9.5.2/lib/bind/irs/nis_p.h index 95f5851a36..70e2948d67 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_p.h +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_p.h @@ -16,14 +16,15 @@ */ /* - * $Id: nis_p.h,v 1.1.206.1 2004/03/09 08:33:38 marka Exp $ + * $Id: nis_p.h,v 1.3 2005/04/27 04:56:33 sra Exp $ */ -/* +/*! \file + * \brief * nis_p.h - private include file for the NIS functions. */ -/* +/*% * Object state. */ struct nis_p { diff --git a/contrib/bind-9.3/lib/bind/irs/nis_pr.c b/contrib/bind-9.5.2/lib/bind/irs/nis_pr.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/nis_pr.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_pr.c index 8173f3efe1..4995550f82 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_pr.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_pr.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_pr.c,v 1.2.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_pr.c,v 1.4 2005/04/27 04:56:33 sra Exp $"; #endif /* Imports */ @@ -298,3 +298,5 @@ nisfree(struct pvt *pvt, enum do_what do_what) { } #endif /*WANT_IRS_NIS*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_pw.c b/contrib/bind-9.5.2/lib/bind/irs/nis_pw.c similarity index 97% rename from contrib/bind-9.3/lib/bind/irs/nis_pw.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_pw.c index 889d97ff77..8f27e4bd93 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_pw.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_pw.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_pw.c,v 1.2.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_pw.c,v 1.4 2005/04/27 04:56:33 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -230,7 +230,7 @@ makepasswdent(struct irs_pw *this) { if (!(cp = strchr(cp, ':'))) goto cleanup; #ifdef HAS_PW_CLASS - pvt->passwd.pw_class = cp; /* Needs to point at a \0. */ + pvt->passwd.pw_class = cp; /*%< Needs to point at a \0. */ #endif *cp++ = '\0'; @@ -285,3 +285,4 @@ nisfree(struct pvt *pvt, enum do_what do_what) { } #endif /* WANT_IRS_PW && WANT_IRS_NIS */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nis_sv.c b/contrib/bind-9.5.2/lib/bind/irs/nis_sv.c similarity index 98% rename from contrib/bind-9.3/lib/bind/irs/nis_sv.c rename to contrib/bind-9.5.2/lib/bind/irs/nis_sv.c index b8c1c6b38d..bb24600f0d 100644 --- a/contrib/bind-9.3/lib/bind/irs/nis_sv.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nis_sv.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nis_sv.c,v 1.2.206.1 2004/03/09 08:33:38 marka Exp $"; +static const char rcsid[] = "$Id: nis_sv.c,v 1.4 2005/04/27 04:56:34 sra Exp $"; #endif /* LIBC_SCCS and not lint */ /* Imports */ @@ -306,3 +306,5 @@ nisfree(struct pvt *pvt, enum do_what do_what) { } #endif /*WANT_IRS_NIS*/ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/nul_ng.c b/contrib/bind-9.5.2/lib/bind/irs/nul_ng.c similarity index 96% rename from contrib/bind-9.3/lib/bind/irs/nul_ng.c rename to contrib/bind-9.5.2/lib/bind/irs/nul_ng.c index 828bebe0af..e5811b563c 100644 --- a/contrib/bind-9.3/lib/bind/irs/nul_ng.c +++ b/contrib/bind-9.5.2/lib/bind/irs/nul_ng.c @@ -16,10 +16,11 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: nul_ng.c,v 1.1.206.1 2004/03/09 08:33:39 marka Exp $"; +static const char rcsid[] = "$Id: nul_ng.c,v 1.3 2005/04/27 04:56:34 sra Exp $"; #endif -/* +/*! \file + * \brief * nul_ng.c - the netgroup accessor null map */ diff --git a/contrib/bind-9.3/lib/bind/irs/pathnames.h b/contrib/bind-9.5.2/lib/bind/irs/pathnames.h similarity index 95% rename from contrib/bind-9.3/lib/bind/irs/pathnames.h rename to contrib/bind-9.5.2/lib/bind/irs/pathnames.h index 412dc76f4c..1646842155 100644 --- a/contrib/bind-9.3/lib/bind/irs/pathnames.h +++ b/contrib/bind-9.5.2/lib/bind/irs/pathnames.h @@ -16,7 +16,7 @@ */ /* - * $Id: pathnames.h,v 1.1.206.1 2004/03/09 08:33:39 marka Exp $ + * $Id: pathnames.h,v 1.3 2005/04/27 04:56:34 sra Exp $ */ #ifndef _PATH_IRS_CONF @@ -48,3 +48,5 @@ #ifndef _PATH_HESIOD_CONF #define _PATH_HESIOD_CONF "/etc/hesiod.conf" #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/irs/util.c b/contrib/bind-9.5.2/lib/bind/irs/util.c similarity index 96% rename from contrib/bind-9.3/lib/bind/irs/util.c rename to contrib/bind-9.5.2/lib/bind/irs/util.c index 095e7ad59a..794c10b107 100644 --- a/contrib/bind-9.3/lib/bind/irs/util.c +++ b/contrib/bind-9.5.2/lib/bind/irs/util.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: util.c,v 1.1.206.1 2004/03/09 08:33:39 marka Exp $"; +static const char rcsid[] = "$Id: util.c,v 1.3 2005/04/27 04:56:34 sra Exp $"; #endif #include "port_before.h" @@ -105,3 +105,5 @@ make_group_list(struct irs_gr *this, const char *name, *ngroups = ng; return (ret); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/assertions.c b/contrib/bind-9.5.2/lib/bind/isc/assertions.c similarity index 94% rename from contrib/bind-9.3/lib/bind/isc/assertions.c rename to contrib/bind-9.5.2/lib/bind/isc/assertions.c index f1fb2efe95..6ce0edaf04 100644 --- a/contrib/bind-9.3/lib/bind/isc/assertions.c +++ b/contrib/bind-9.5.2/lib/bind/isc/assertions.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: assertions.c,v 1.1.206.1 2004/03/09 08:33:39 marka Exp $"; +static const char rcsid[] = "$Id: assertions.c,v 1.3.672.1 2008/10/15 03:56:25 marka Exp $"; #endif #include "port_before.h" @@ -78,6 +78,7 @@ assertion_type_to_text(assertion_type type) { * Private. */ +/* coverity[+kill] */ static void default_assertion_failed(const char *file, int line, assertion_type type, const char *cond, int print_errno) @@ -89,3 +90,5 @@ default_assertion_failed(const char *file, int line, assertion_type type, abort(); /* NOTREACHED */ } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/assertions.mdoc b/contrib/bind-9.5.2/lib/bind/isc/assertions.mdoc similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/assertions.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/assertions.mdoc index c214453129..4b77e569e3 100644 --- a/contrib/bind-9.3/lib/bind/isc/assertions.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/assertions.mdoc @@ -1,4 +1,4 @@ -.\" $Id: assertions.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:39 marka Exp $ +.\" $Id: assertions.mdoc,v 1.3 2004/03/09 06:30:06 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1997,1999 by Internet Software Consortium. diff --git a/contrib/bind-9.3/lib/bind/isc/base64.c b/contrib/bind-9.5.2/lib/bind/isc/base64.c similarity index 93% rename from contrib/bind-9.3/lib/bind/isc/base64.c rename to contrib/bind-9.5.2/lib/bind/isc/base64.c index 51676f37fe..60b20bca5a 100644 --- a/contrib/bind-9.3/lib/bind/isc/base64.c +++ b/contrib/bind-9.5.2/lib/bind/isc/base64.c @@ -41,7 +41,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: base64.c,v 1.1.206.2 2004/03/17 00:29:50 marka Exp $"; +static const char rcsid[] = "$Id: base64.c,v 1.4 2005/04/27 04:56:34 sra Exp $"; #endif /* not lint */ #include "port_before.h" @@ -69,7 +69,7 @@ static const char Base64[] = static const char Pad64 = '='; /* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) - The following encoding technique is taken from RFC 1521 by Borenstein + The following encoding technique is taken from RFC1521 by Borenstein and Freed. It is reproduced here in a slightly edited form for convenience. @@ -187,7 +187,7 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) { } if (datalength >= targsize) return (-1); - target[datalength] = '\0'; /* Returned value doesn't count \0. */ + target[datalength] = '\0'; /*%< Returned value doesn't count \\0. */ return (datalength); } @@ -210,14 +210,14 @@ b64_pton(src, target, targsize) tarindex = 0; while ((ch = *src++) != '\0') { - if (isspace(ch)) /* Skip whitespace anywhere. */ + if (isspace(ch)) /*%< Skip whitespace anywhere. */ continue; if (ch == Pad64) break; pos = strchr(Base64, ch); - if (pos == 0) /* A non-base64 character. */ + if (pos == 0) /*%< A non-base64 character. */ return (-1); switch (state) { @@ -270,14 +270,14 @@ b64_pton(src, target, targsize) * on a byte boundary, and/or with erroneous trailing characters. */ - if (ch == Pad64) { /* We got a pad char. */ - ch = *src++; /* Skip it, get next. */ + if (ch == Pad64) { /*%< We got a pad char. */ + ch = *src++; /*%< Skip it, get next. */ switch (state) { - case 0: /* Invalid = in first position */ - case 1: /* Invalid = in second position */ + case 0: /*%< Invalid = in first position */ + case 1: /*%< Invalid = in second position */ return (-1); - case 2: /* Valid, means one byte of info */ + case 2: /*%< Valid, means one byte of info */ /* Skip any number of spaces. */ for ((void)NULL; ch != '\0'; ch = *src++) if (!isspace(ch)) @@ -285,11 +285,11 @@ b64_pton(src, target, targsize) /* Make sure there is another trailing = sign. */ if (ch != Pad64) return (-1); - ch = *src++; /* Skip the = */ + ch = *src++; /*%< Skip the = */ /* Fall through to "single trailing =" case. */ /* FALLTHROUGH */ - case 3: /* Valid, means two bytes of info */ + case 3: /*%< Valid, means two bytes of info */ /* * We know this char is an =. Is there anything but * whitespace after it? @@ -318,3 +318,5 @@ b64_pton(src, target, targsize) return (tarindex); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/bitncmp.c b/contrib/bind-9.5.2/lib/bind/isc/bitncmp.c similarity index 92% rename from contrib/bind-9.3/lib/bind/isc/bitncmp.c rename to contrib/bind-9.5.2/lib/bind/isc/bitncmp.c index fcff9f71ed..6addf1f6e4 100644 --- a/contrib/bind-9.3/lib/bind/isc/bitncmp.c +++ b/contrib/bind-9.5.2/lib/bind/isc/bitncmp.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: bitncmp.c,v 1.1.206.1 2004/03/09 08:33:39 marka Exp $"; +static const char rcsid[] = "$Id: bitncmp.c,v 1.3.672.1 2008/09/26 06:30:52 marka Exp $"; #endif #include "port_before.h" @@ -29,7 +29,7 @@ static const char rcsid[] = "$Id: bitncmp.c,v 1.1.206.1 2004/03/09 08:33:39 mark #include -/* +/*% * int * bitncmp(l, r, n) * compare bit masks l and r, for n bits. @@ -48,7 +48,7 @@ bitncmp(const void *l, const void *r, int n) { b = n / 8; x = memcmp(l, r, b); - if (x) + if (x || (n % 8) == 0) return (x); lb = ((const u_char *)l)[b]; @@ -64,3 +64,5 @@ bitncmp(const void *l, const void *r, int n) { } return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/bitncmp.mdoc b/contrib/bind-9.5.2/lib/bind/isc/bitncmp.mdoc similarity index 96% rename from contrib/bind-9.3/lib/bind/isc/bitncmp.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/bitncmp.mdoc index 5462c2fd9e..7d4646c3fc 100644 --- a/contrib/bind-9.3/lib/bind/isc/bitncmp.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/bitncmp.mdoc @@ -1,4 +1,4 @@ -.\" $Id: bitncmp.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:39 marka Exp $ +.\" $Id: bitncmp.mdoc,v 1.3 2004/03/09 06:30:07 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1996,1999 by Internet Software Consortium. diff --git a/contrib/bind-9.3/lib/bind/isc/ctl_clnt.c b/contrib/bind-9.5.2/lib/bind/isc/ctl_clnt.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/ctl_clnt.c rename to contrib/bind-9.5.2/lib/bind/isc/ctl_clnt.c index e1fa7e7980..cc8ee2f9d6 100644 --- a/contrib/bind-9.3/lib/bind/isc/ctl_clnt.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ctl_clnt.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ctl_clnt.c,v 1.4.2.1.4.3 2004/03/17 01:13:35 marka Exp $"; +static const char rcsid[] = "$Id: ctl_clnt.c,v 1.9.140.1 2008/02/18 04:10:16 marka Exp $"; #endif /* not lint */ /* @@ -38,6 +38,9 @@ static const char rcsid[] = "$Id: ctl_clnt.c,v 1.4.2.1.4.3 2004/03/17 01:13:35 m #include #include #include +#ifdef HAVE_MEMORY_H +#include +#endif #include #include @@ -114,6 +117,19 @@ static void touch_timer(struct ctl_cctx *); static void timer(evContext, void *, struct timespec, struct timespec); +#ifndef HAVE_MEMCHR +static void * +memchr(const void *b, int c, size_t len) { + const unsigned char *p = b; + size_t i; + + for (i = 0; i < len; i++, p++) + if (*p == (unsigned char)c) + return ((void *)p); + return (NULL); +} +#endif + /* Private data. */ static const char * const state_names[] = { @@ -122,7 +138,7 @@ static const char * const state_names[] = { /* Public. */ -/* +/*% * void * ctl_client() * create, condition, and connect to a listener on the control port. @@ -198,7 +214,7 @@ ctl_client(evContext lev, const struct sockaddr *cap, size_t cap_len, return (ctx); } -/* +/*% * void * ctl_endclient(ctx) * close a client and release all of its resources. @@ -210,7 +226,7 @@ ctl_endclient(struct ctl_cctx *ctx) { memput(ctx, sizeof *ctx); } -/* +/*% * int * ctl_command(ctx, cmd, len, donefunc, uap) * Queue a transaction, which will begin with sending cmd @@ -600,3 +616,5 @@ timer(evContext ev, void *uap, struct timespec due, struct timespec itv) { ctx->timeout.tv_sec, state_names[ctx->state]); error(ctx); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ctl_p.c b/contrib/bind-9.5.2/lib/bind/isc/ctl_p.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/ctl_p.c rename to contrib/bind-9.5.2/lib/bind/isc/ctl_p.c index bc45004c7b..7ab719a5e6 100644 --- a/contrib/bind-9.3/lib/bind/isc/ctl_p.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ctl_p.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ctl_p.c,v 1.1.206.2 2004/03/17 00:29:51 marka Exp $"; +static const char rcsid[] = "$Id: ctl_p.c,v 1.4 2005/04/27 04:56:35 sra Exp $"; #endif /* not lint */ /* @@ -56,7 +56,7 @@ const char * const ctl_sevnames[] = { /* Public. */ -/* +/*% * ctl_logger() * if ctl_startup()'s caller didn't specify a logger, this one * is used. this pollutes stderr with all kinds of trash so it will @@ -184,3 +184,5 @@ ctl_sa_copy(const struct sockaddr *src, struct sockaddr *dst) { break; } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ctl_p.h b/contrib/bind-9.5.2/lib/bind/isc/ctl_p.h similarity index 91% rename from contrib/bind-9.3/lib/bind/isc/ctl_p.h rename to contrib/bind-9.5.2/lib/bind/isc/ctl_p.h index 42aade7d66..18a52ae39c 100644 --- a/contrib/bind-9.3/lib/bind/isc/ctl_p.h +++ b/contrib/bind-9.5.2/lib/bind/isc/ctl_p.h @@ -3,7 +3,7 @@ struct ctl_buf { size_t used; }; -#define MAX_LINELEN 990 /* Like SMTP. */ +#define MAX_LINELEN 990 /*%< Like SMTP. */ #ifndef NO_SOCKADDR_UN #define MAX_NTOP PATH_MAX #else @@ -24,3 +24,5 @@ const char * ctl_sa_ntop(const struct sockaddr *, char *, size_t, ctl_logfunc); void ctl_sa_copy(const struct sockaddr *, struct sockaddr *); + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ctl_srvr.c b/contrib/bind-9.5.2/lib/bind/isc/ctl_srvr.c similarity index 99% rename from contrib/bind-9.3/lib/bind/isc/ctl_srvr.c rename to contrib/bind-9.5.2/lib/bind/isc/ctl_srvr.c index 56c7684866..919dec7c72 100644 --- a/contrib/bind-9.3/lib/bind/isc/ctl_srvr.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ctl_srvr.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ctl_srvr.c,v 1.3.2.1.4.3 2004/03/17 01:13:35 marka Exp $"; +static const char rcsid[] = "$Id: ctl_srvr.c,v 1.8.246.1 2008/02/18 04:10:16 marka Exp $"; #endif /* not lint */ /* @@ -40,6 +40,9 @@ static const char rcsid[] = "$Id: ctl_srvr.c,v 1.3.2.1.4.3 2004/03/17 01:13:35 m #include #include #include +#ifdef HAVE_MEMORY_H +#include +#endif #include #include @@ -158,7 +161,7 @@ static const struct ctl_verb fakehelpverb = { /* Public. */ -/* +/*% * void * ctl_server() * create, condition, and start a listener on the control port. @@ -263,7 +266,7 @@ ctl_server(evContext lev, const struct sockaddr *sap, size_t sap_len, return (ctx); } -/* +/*% * void * ctl_endserver(ctx) * if the control listener is open, close it. clean out all eventlib @@ -291,7 +294,7 @@ ctl_endserver(struct ctl_sctx *ctx) { memput(ctx, sizeof *ctx); } -/* +/*% * If body is non-NULL then it we add a "." line after it. * Caller must have escaped lines with leading ".". */ @@ -564,7 +567,7 @@ static void ctl_readable(evContext lev, void *uap, int fd, int evmask) { static const char me[] = "ctl_readable"; struct ctl_sess *sess = uap; - struct ctl_sctx *ctx = sess->ctx; + struct ctl_sctx *ctx; char *eos, tmp[MAX_NTOP]; ssize_t n; @@ -572,6 +575,8 @@ ctl_readable(evContext lev, void *uap, int fd, int evmask) { REQUIRE(fd >= 0); REQUIRE(evmask == EV_READ); REQUIRE(sess->state == reading || sess->state == reading_data); + + ctx = sess->ctx; evTouchIdleTimer(lev, sess->rdtiID); if (!allocated_p(sess->inbuf) && ctl_bufget(&sess->inbuf, ctx->logger) < 0) { @@ -778,3 +783,5 @@ ctl_signal_done(struct ctl_sctx *ctx, struct ctl_sess *sess) { sess->donefunc = NULL; } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ev_connects.c b/contrib/bind-9.5.2/lib/bind/isc/ev_connects.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/ev_connects.c rename to contrib/bind-9.5.2/lib/bind/isc/ev_connects.c index b3873b72e8..38dfdbe512 100644 --- a/contrib/bind-9.3/lib/bind/isc/ev_connects.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ev_connects.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: ev_connects.c,v 1.4.206.3 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: ev_connects.c,v 1.8 2006/03/09 23:57:56 marka Exp $"; #endif /* Import. */ @@ -69,7 +69,7 @@ evListen(evContext opaqueCtx, int fd, int maxconn, OKNEW(new); new->flags = EV_CONN_LISTEN; - OKFREE(mode = fcntl(fd, F_GETFL, NULL), new); /* side effect: validate fd. */ + OKFREE(mode = fcntl(fd, F_GETFL, NULL), new); /*%< side effect: validate fd. */ /* * Remember the nonblocking status. We assume that either evSelectFD * has not been done to this fd, or that if it has then the caller @@ -359,9 +359,11 @@ connector(evContext opaqueCtx, void *uap, int fd, int evmask) { GETXXXNAME(getpeername, fd, ra.sa, ralen) < 0) { int save = errno; - (void) close(fd); /* XXX closing caller's fd */ + (void) close(fd); /*%< XXX closing caller's fd */ errno = save; fd = -1; } (*conn_func)(opaqueCtx, conn_uap, fd, &la.sa, lalen, &ra.sa, ralen); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ev_files.c b/contrib/bind-9.5.2/lib/bind/isc/ev_files.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/ev_files.c rename to contrib/bind-9.5.2/lib/bind/isc/ev_files.c index 1f95ed04c9..b12baf1aaa 100644 --- a/contrib/bind-9.3/lib/bind/isc/ev_files.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ev_files.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: ev_files.c,v 1.3.2.1.4.3 2005/07/28 07:43:19 marka Exp $"; +static const char rcsid[] = "$Id: ev_files.c,v 1.8 2005/07/28 06:51:48 marka Exp $"; #endif #include "port_before.h" @@ -62,8 +62,7 @@ evSelectFD(evContext opaqueCtx, if (fd > ctx->highestFD) EV_ERR(EINVAL); #endif - OK(mode = fcntl(fd, F_GETFL, NULL)); /* side effect: validate fd. */ - + OK(mode = fcntl(fd, F_GETFL, NULL)); /*%< side effect: validate fd. */ /* * The first time we touch a file descriptor, we need to check to see * if the application already had it in O_NONBLOCK mode and if so, all @@ -274,3 +273,5 @@ FindFD(const evContext_p *ctx, int fd, int eventmask) { break; return (id); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ev_streams.c b/contrib/bind-9.5.2/lib/bind/isc/ev_streams.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/ev_streams.c rename to contrib/bind-9.5.2/lib/bind/isc/ev_streams.c index fdac9b8979..eefebf424c 100644 --- a/contrib/bind-9.3/lib/bind/isc/ev_streams.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ev_streams.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: ev_streams.c,v 1.2.206.2 2004/03/17 00:29:51 marka Exp $"; +static const char rcsid[] = "$Id: ev_streams.c,v 1.5 2005/04/27 04:56:36 sra Exp $"; #endif #include "port_before.h" @@ -312,3 +312,5 @@ readable(evContext opaqueCtx, void *uap, int fd, int evmask) { done(opaqueCtx, str); } #endif /* !_LIBC */ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ev_timers.c b/contrib/bind-9.5.2/lib/bind/isc/ev_timers.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/ev_timers.c rename to contrib/bind-9.5.2/lib/bind/isc/ev_timers.c index b6df4e3758..735e0e3044 100644 --- a/contrib/bind-9.3/lib/bind/isc/ev_timers.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ev_timers.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: ev_timers.c,v 1.2.2.1.4.5 2004/03/17 02:39:13 marka Exp $"; +static const char rcsid[] = "$Id: ev_timers.c,v 1.6 2005/04/27 04:56:36 sra Exp $"; #endif /* Import. */ @@ -46,9 +46,8 @@ static const char rcsid[] = "$Id: ev_timers.c,v 1.2.2.1.4.5 2004/03/17 02:39:13 #define BILLION 1000000000 /* Forward. */ - #ifdef _LIBC -static int __evOptMonoTime; +static int __evOptMonoTime; #else static int due_sooner(void *, void *); static void set_index(void *, int); @@ -145,7 +144,7 @@ evUTCTime() { return (evTimeSpec(now)); } -#ifndef _LIBC +#ifndef _LIBC struct timespec evLastEventTime(evContext opaqueCtx) { evContext_p *ctx = opaqueCtx.opaque; @@ -162,7 +161,6 @@ evTimeSpec(struct timeval tv) { ts.tv_nsec = tv.tv_usec * 1000; return (ts); } - #if !defined(USE_KQUEUE) || !defined(_LIBC) struct timeval evTimeVal(struct timespec ts) { @@ -508,3 +506,5 @@ idle_timeout(evContext opaqueCtx, } } #endif /* !_LIBC */ + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/ev_waits.c b/contrib/bind-9.5.2/lib/bind/isc/ev_waits.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/ev_waits.c rename to contrib/bind-9.5.2/lib/bind/isc/ev_waits.c index f30280d438..99da1526c7 100644 --- a/contrib/bind-9.3/lib/bind/isc/ev_waits.c +++ b/contrib/bind-9.5.2/lib/bind/isc/ev_waits.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: ev_waits.c,v 1.1.2.1.4.1 2004/03/09 08:33:43 marka Exp $"; +static const char rcsid[] = "$Id: ev_waits.c,v 1.4 2005/04/27 04:56:36 sra Exp $"; #endif #include "port_before.h" @@ -44,7 +44,7 @@ static evWaitList * evGetWaitList(evContext_p *, const void *, int); /* Public. */ -/* +/*% * Enter a new wait function on the queue. */ int @@ -72,7 +72,7 @@ evWaitFor(evContext opaqueCtx, const void *tag, return (0); } -/* +/*% * Mark runnable all waiting functions having a certain tag. */ int @@ -99,7 +99,7 @@ evDo(evContext opaqueCtx, const void *tag) { return (0); } -/* +/*% * Remove a waiting (or ready to run) function from the queue. */ int @@ -243,3 +243,5 @@ evGetWaitList(evContext_p *ctx, const void *tag, int should_create) { this = evNewWaitList(ctx); return (this); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/eventlib.c b/contrib/bind-9.5.2/lib/bind/isc/eventlib.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/eventlib.c rename to contrib/bind-9.5.2/lib/bind/isc/eventlib.c index 11120ecadd..be4a7848b9 100644 --- a/contrib/bind-9.3/lib/bind/isc/eventlib.c +++ b/contrib/bind-9.5.2/lib/bind/isc/eventlib.c @@ -20,7 +20,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: eventlib.c,v 1.2.2.1.4.6 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: eventlib.c,v 1.10 2006/03/09 23:57:56 marka Exp $"; #endif #include "port_before.h" @@ -29,9 +29,9 @@ static const char rcsid[] = "$Id: eventlib.c,v 1.2.2.1.4.6 2006/03/10 00:17:21 m #include #include #include -#ifdef SOLARIS2 +#ifdef SOLARIS2 #include -#endif /* SOLARIS2 */ +#endif /* SOLARIS2 */ #include #include @@ -48,7 +48,7 @@ static const char rcsid[] = "$Id: eventlib.c,v 1.2.2.1.4.6 2006/03/10 00:17:21 m int __evOptMonoTime; #ifdef USE_POLL -#define pselect Pselect +#define pselect Pselect #endif /* USE_POLL */ /* Forward. */ @@ -85,8 +85,9 @@ evCreate(evContext *opaqueCtx) { INIT_LIST(ctx->accepts); /* Files. */ + ctx->files = NULL; #ifdef USE_POLL - ctx->pollfds = NULL; + ctx->pollfds = NULL; ctx->maxnfds = 0; ctx->firstfd = 0; emulMaskInit(ctx, rdLast, EV_READ, 1); @@ -97,21 +98,20 @@ evCreate(evContext *opaqueCtx) { emulMaskInit(ctx, exNext, EV_EXCEPT, 0); emulMaskInit(ctx, nonblockBefore, EV_WASNONBLOCKING, 0); #endif /* USE_POLL */ - ctx->files = NULL; FD_ZERO(&ctx->rdNext); FD_ZERO(&ctx->wrNext); FD_ZERO(&ctx->exNext); FD_ZERO(&ctx->nonblockBefore); ctx->fdMax = -1; ctx->fdNext = NULL; - ctx->fdCount = 0; /* Invalidate {rd,wr,ex}Last. */ + ctx->fdCount = 0; /*%< Invalidate {rd,wr,ex}Last. */ #ifndef USE_POLL ctx->highestFD = FD_SETSIZE - 1; memset(ctx->fdTable, 0, sizeof ctx->fdTable); -#else +#else ctx->highestFD = INT_MAX / sizeof(struct pollfd); ctx->fdTable = NULL; -#endif +#endif /* USE_POLL */ #ifdef EVENTLIB_TIME_CHECKS ctx->lastFdCount = 0; #endif @@ -150,7 +150,7 @@ evSetDebug(evContext opaqueCtx, int level, FILE *output) { int evDestroy(evContext opaqueCtx) { evContext_p *ctx = opaqueCtx.opaque; - int revs = 424242; /* Doug Adams. */ + int revs = 424242; /*%< Doug Adams. */ evWaitList *this_wl, *next_wl; evWait *this_wait, *next_wait; @@ -266,8 +266,7 @@ evGetNext(evContext opaqueCtx, evEvent *opaqueEv, int options) { nextTime = nextTimer->due; timerPast = (evCmpTime(nextTime, ctx->lastEventTime) <= 0); } else - timerPast = 0; /* Make gcc happy. */ - + timerPast = 0; /*%< Make gcc happy. */ evPrintf(ctx, 9, "evGetNext: fdCount %d\n", ctx->fdCount); if (ctx->fdCount == 0) { static const struct timespec NoTime = {0, 0L}; @@ -309,10 +308,10 @@ evGetNext(evContext opaqueCtx, evEvent *opaqueEv, int options) { #endif do { #ifndef USE_POLL - /* XXX need to copy only the bits we are using. */ - ctx->rdLast = ctx->rdNext; - ctx->wrLast = ctx->wrNext; - ctx->exLast = ctx->exNext; + /* XXX need to copy only the bits we are using. */ + ctx->rdLast = ctx->rdNext; + ctx->wrLast = ctx->wrNext; + ctx->exLast = ctx->exNext; #else /* * The pollfd structure uses separate fields for @@ -742,10 +741,10 @@ pselect(int nfds, void *rfds, void *wfds, void *efds, sigset_t sigs; int n; #ifdef USE_POLL - int polltimeout = INFTIM; - evContext_p *ctx; - struct pollfd *fds; - nfds_t pnfds; + int polltimeout = INFTIM; + evContext_p *ctx; + struct pollfd *fds; + nfds_t pnfds; UNUSED(nfds); #endif /* USE_POLL */ @@ -761,9 +760,9 @@ pselect(int nfds, void *rfds, void *wfds, void *efds, if (sigmask) sigprocmask(SIG_SETMASK, sigmask, &sigs); #ifndef USE_POLL - n = select(nfds, rfds, wfds, efds, tvp); + n = select(nfds, rfds, wfds, efds, tvp); #else - /* + /* * rfds, wfds, and efds should all be from the same evContext_p, * so any of them will do. If they're all NULL, the caller is * presumably calling us to block. @@ -797,7 +796,7 @@ pselect(int nfds, void *rfds, void *wfds, void *efds, e++; if (FD_ISSET(i, &ctx->exLast)) e++; - } + } n = e; } #endif /* USE_POLL */ diff --git a/contrib/bind-9.3/lib/bind/isc/eventlib.mdoc b/contrib/bind-9.5.2/lib/bind/isc/eventlib.mdoc similarity index 99% rename from contrib/bind-9.3/lib/bind/isc/eventlib.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/eventlib.mdoc index 3bf6ffbc9d..5e9cd85b1b 100644 --- a/contrib/bind-9.3/lib/bind/isc/eventlib.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/eventlib.mdoc @@ -1,4 +1,4 @@ -.\" $Id: eventlib.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:43 marka Exp $ +.\" $Id: eventlib.mdoc,v 1.3 2004/03/09 06:30:08 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1995-1999 by Internet Software Consortium diff --git a/contrib/bind-9.3/lib/bind/isc/eventlib_p.h b/contrib/bind-9.5.2/lib/bind/isc/eventlib_p.h similarity index 94% rename from contrib/bind-9.3/lib/bind/isc/eventlib_p.h rename to contrib/bind-9.5.2/lib/bind/isc/eventlib_p.h index bf47784a6e..f060b0663e 100644 --- a/contrib/bind-9.3/lib/bind/isc/eventlib_p.h +++ b/contrib/bind-9.5.2/lib/bind/isc/eventlib_p.h @@ -15,10 +15,11 @@ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* eventlib_p.h - private interfaces for eventlib - * vix 09sep95 [initial] +/*! \file + * \brief private interfaces for eventlib + * \author vix 09sep95 [initial] * - * $Id: eventlib_p.h,v 1.3.2.1.4.4 2006/03/10 00:17:21 marka Exp $ + * $Id: eventlib_p.h,v 1.9 2006/03/09 23:57:56 marka Exp $ */ #ifndef _EVENTLIB_P_H @@ -79,9 +80,9 @@ typedef struct evConn { void * uap; int fd; int flags; -#define EV_CONN_LISTEN 0x0001 /* Connection is a listener. */ -#define EV_CONN_SELECTED 0x0002 /* evSelectFD(conn->file). */ -#define EV_CONN_BLOCK 0x0004 /* Listener fd was blocking. */ +#define EV_CONN_LISTEN 0x0001 /*%< Connection is a listener. */ +#define EV_CONN_SELECTED 0x0002 /*%< evSelectFD(conn->file). */ +#define EV_CONN_BLOCK 0x0004 /*%< Listener fd was blocking. */ evFileID file; struct evConn * prev; struct evConn * next; @@ -129,7 +130,7 @@ typedef struct evStream { evFileID file; evTimerID timer; int flags; -#define EV_STR_TIMEROK 0x0001 /* IFF timer valid. */ +#define EV_STR_TIMEROK 0x0001 /*%< IFF timer valid. */ int fd; struct iovec * iovOrig; int iovOrigCount; diff --git a/contrib/bind-9.3/lib/bind/isc/heap.c b/contrib/bind-9.5.2/lib/bind/isc/heap.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/heap.c rename to contrib/bind-9.5.2/lib/bind/isc/heap.c index 2faf6f5767..3d22b6fc71 100644 --- a/contrib/bind-9.3/lib/bind/isc/heap.c +++ b/contrib/bind-9.5.2/lib/bind/isc/heap.c @@ -15,7 +15,7 @@ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* +/*% * Heap implementation of priority queues adapted from the following: * * _Introduction to Algorithms_, Cormen, Leiserson, and Rivest, @@ -26,7 +26,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: heap.c,v 1.1.206.2 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: heap.c,v 1.4 2006/03/09 23:57:56 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -39,7 +39,7 @@ static const char rcsid[] = "$Id: heap.c,v 1.1.206.2 2006/03/10 00:17:21 marka E #include -/* +/*% * Note: to make heap_parent and heap_left easy to compute, the first * element of the heap array is not used; i.e. heap subscripts are 1-based, * not 0-based. @@ -232,3 +232,5 @@ heap_for_each(heap_context ctx, heap_for_each_func action, void *uap) { (action)(ctx->heap[i], uap); return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/heap.mdoc b/contrib/bind-9.5.2/lib/bind/isc/heap.mdoc similarity index 99% rename from contrib/bind-9.3/lib/bind/isc/heap.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/heap.mdoc index 95c9444ff3..332a6ec5d0 100644 --- a/contrib/bind-9.3/lib/bind/isc/heap.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/heap.mdoc @@ -1,4 +1,4 @@ -.\" $Id: heap.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:43 marka Exp $ +.\" $Id: heap.mdoc,v 1.3 2004/03/09 06:30:08 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1997,1999 by Internet Software Consortium. diff --git a/contrib/bind-9.3/lib/bind/isc/hex.c b/contrib/bind-9.5.2/lib/bind/isc/hex.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/hex.c rename to contrib/bind-9.5.2/lib/bind/isc/hex.c index 70312597c9..e43be4f3b5 100644 --- a/contrib/bind-9.3/lib/bind/isc/hex.c +++ b/contrib/bind-9.5.2/lib/bind/isc/hex.c @@ -33,7 +33,7 @@ isc_gethexstring(unsigned char *buf, size_t len, int count, FILE *fp, char *s; int result = count; - x = 0; /* silence compiler */ + x = 0; /*%< silence compiler */ n = 0; while (count > 0) { c = fgetc(fp); @@ -115,3 +115,5 @@ isc_tohex(const unsigned char *buf, size_t buflen, char *t) { } *t = '\0'; } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/logging.c b/contrib/bind-9.5.2/lib/bind/isc/logging.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/logging.c rename to contrib/bind-9.5.2/lib/bind/isc/logging.c index d4c7be2852..313a6c80e0 100644 --- a/contrib/bind-9.3/lib/bind/isc/logging.c +++ b/contrib/bind-9.5.2/lib/bind/isc/logging.c @@ -16,7 +16,7 @@ */ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: logging.c,v 1.3.2.1.4.2 2004/03/17 01:49:42 marka Exp $"; +static const char rcsid[] = "$Id: logging.c,v 1.7.672.1 2008/02/28 05:46:12 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -43,12 +43,6 @@ static const char rcsid[] = "$Id: logging.c,v 1.3.2.1.4.2 2004/03/17 01:49:42 ma #include "port_after.h" -#ifdef VSPRINTF_CHAR -# define VSPRINTF(x) strlen(vsprintf/**/x) -#else -# define VSPRINTF(x) ((size_t)vsprintf x) -#endif - #include "logging_p.h" static const int syslog_priority[] = { LOG_DEBUG, LOG_INFO, LOG_NOTICE, @@ -258,7 +252,7 @@ log_check(log_context lc, int category, int level) { return (0); if (category < 0 || category > lc->num_categories) - category = 0; /* use default */ + category = 0; /*%< use default */ lcl = lc->categories[category]; if (lcl == NULL) { category = 0; @@ -302,7 +296,7 @@ log_vwrite(log_context lc, int category, int level, const char *format, return; if (category < 0 || category > lc->num_categories) - category = 0; /* use default */ + category = 0; /*%< use default */ original_category = category; lcl = lc->categories[category]; if (lcl == NULL) { @@ -363,8 +357,8 @@ log_vwrite(log_context lc, int category, int level, const char *format, continue; if (!did_vsprintf) { - if (VSPRINTF((lc->buffer, format, args)) > - (size_t)LOG_BUFFER_SIZE) { + (void)vsprintf(lc->buffer, format, args); + if (strlen(lc->buffer) > (size_t)LOG_BUFFER_SIZE) { syslog(LOG_CRIT, "memory overrun in log_vwrite()"); exit(1); @@ -441,7 +435,7 @@ log_write(log_context lc, int category, int level, const char *format, ...) { va_end(args); } -/* +/*% * Functions to create, set, or destroy contexts */ @@ -718,3 +712,5 @@ log_free_channel(log_channel chan) { } return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/logging.mdoc b/contrib/bind-9.5.2/lib/bind/isc/logging.mdoc similarity index 99% rename from contrib/bind-9.3/lib/bind/isc/logging.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/logging.mdoc index fc6351fad2..98b2aed9c6 100644 --- a/contrib/bind-9.3/lib/bind/isc/logging.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/logging.mdoc @@ -1,4 +1,4 @@ -.\" $Id: logging.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:43 marka Exp $ +.\" $Id: logging.mdoc,v 1.3 2004/03/09 06:30:08 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1995-1999 by Internet Software Consortium diff --git a/contrib/bind-9.3/lib/bind/isc/logging_p.h b/contrib/bind-9.5.2/lib/bind/isc/logging_p.h similarity index 96% rename from contrib/bind-9.3/lib/bind/isc/logging_p.h rename to contrib/bind-9.5.2/lib/bind/isc/logging_p.h index 99f6976f6c..5e6314f190 100644 --- a/contrib/bind-9.3/lib/bind/isc/logging_p.h +++ b/contrib/bind-9.5.2/lib/bind/isc/logging_p.h @@ -34,7 +34,7 @@ typedef union log_output { } log_output; struct log_channel { - int level; /* don't log messages > level */ + int level; /*%< don't log messages > level */ log_channel_type type; log_output out; unsigned int flags; @@ -58,3 +58,4 @@ struct log_context { }; #endif /* !LOGGING_P_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/memcluster.c b/contrib/bind-9.5.2/lib/bind/isc/memcluster.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/memcluster.c rename to contrib/bind-9.5.2/lib/bind/isc/memcluster.c index 886f51601e..515793fd6a 100644 --- a/contrib/bind-9.3/lib/bind/isc/memcluster.c +++ b/contrib/bind-9.5.2/lib/bind/isc/memcluster.c @@ -24,7 +24,7 @@ #if !defined(LINT) && !defined(CODECENTER) -static const char rcsid[] = "$Id: memcluster.c,v 1.3.206.8 2006/08/30 23:35:06 marka Exp $"; +static const char rcsid[] = "$Id: memcluster.c,v 1.11 2006/08/30 23:34:38 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -355,7 +355,7 @@ __memget_record(size_t size, const char *file, int line) { #endif } -/* +/*% * This is a call from an external caller, * so we want to count this as a user "put". */ @@ -410,7 +410,7 @@ __memput_record(void *mem, size_t size, const char *file, int line) { prev = el; el = el->next; } - INSIST(el != NULL); /* double free */ + INSIST(el != NULL); /*%< double free */ if (prev == NULL) { if (size == max_size || new_size >= max_size) activelists[max_size] = el->next; @@ -437,8 +437,8 @@ __memput_record(void *mem, size_t size, const char *file, int line) { /* The free list uses the "rounded-up" size "new_size": */ #if defined(DEBUGGING_MEMCLUSTER) - memset(mem, 0xa5, new_size - sizeof *e); /* catch write after free */ - e->size = 0; /* catch double memput() */ + memset(mem, 0xa5, new_size - sizeof *e); /*%< catch write after free */ + e->size = 0; /*%< catch double memput() */ #ifdef MEMCLUSTER_RECORD e->file = file; e->line = line; @@ -489,7 +489,7 @@ __memput_debug(void *ptr, size_t size, const char *file, int line) { __memput_record(ptr, size, file, line); } -/* +/*% * Print the stats[] on the stream "out" with suitable formatting. */ void @@ -549,7 +549,7 @@ memactive(void) { /* Private. */ -/* +/*% * Round up size to a multiple of sizeof(void *). This guarantees that a * block is at least sizeof void *, and that we won't violate alignment * restrictions, both of which are needed to make lists of blocks. @@ -584,3 +584,5 @@ check(unsigned char *a, int value, size_t len) { INSIST(a[i] == value); } #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/memcluster.mdoc b/contrib/bind-9.5.2/lib/bind/isc/memcluster.mdoc similarity index 99% rename from contrib/bind-9.3/lib/bind/isc/memcluster.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/memcluster.mdoc index cd4e6fbf2f..20b39d0aee 100644 --- a/contrib/bind-9.3/lib/bind/isc/memcluster.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/memcluster.mdoc @@ -1,4 +1,4 @@ -.\" $Id: memcluster.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:43 marka Exp $ +.\" $Id: memcluster.mdoc,v 1.3 2004/03/09 06:30:08 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1995-1999 by Internet Software Consortium diff --git a/contrib/bind-9.3/lib/bind/isc/movefile.c b/contrib/bind-9.5.2/lib/bind/isc/movefile.c similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/movefile.c rename to contrib/bind-9.5.2/lib/bind/isc/movefile.c index 8582aa72bd..191c46ed4a 100644 --- a/contrib/bind-9.3/lib/bind/isc/movefile.c +++ b/contrib/bind-9.5.2/lib/bind/isc/movefile.c @@ -33,3 +33,5 @@ isc_movefile(const char *oldname, const char *newname) { #else static int os_port_has_isc_movefile = 1; #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/tree.c b/contrib/bind-9.5.2/lib/bind/isc/tree.c similarity index 97% rename from contrib/bind-9.3/lib/bind/isc/tree.c rename to contrib/bind-9.5.2/lib/bind/isc/tree.c index 9bdf6d62af..8ba675fbe8 100644 --- a/contrib/bind-9.3/lib/bind/isc/tree.c +++ b/contrib/bind-9.5.2/lib/bind/isc/tree.c @@ -1,8 +1,8 @@ #ifndef LINT -static const char rcsid[] = "$Id: tree.c,v 1.2.206.1 2004/03/09 08:33:43 marka Exp $"; +static const char rcsid[] = "$Id: tree.c,v 1.4 2005/04/27 04:56:39 sra Exp $"; #endif -/* +/*% * tree - balanced binary tree library * * vix 05apr94 [removed vixie.h dependencies; cleaned up formatting, names] @@ -14,7 +14,7 @@ static const char rcsid[] = "$Id: tree.c,v 1.2.206.1 2004/03/09 08:33:43 marka E * vix 14dec85 [written] */ -/* +/*% * This program text was created by Paul Vixie using examples from the book: * "Algorithms & Data Structures," Niklaus Wirth, Prentice-Hall, 1986, ISBN * 0-13-022005-1. Any errors in the conversion from Modula-2 to C are Paul @@ -215,7 +215,7 @@ sprout(tree **ppr, tree_t p_data, int *pi_balance, MSG("LESS. sprouting left.") sub = sprout(&(*ppr)->left, p_data, pi_balance, pfi_compare, pfv_delete); - if (sub && *pi_balance) { /* left branch has grown */ + if (sub && *pi_balance) { /*%< left branch has grown */ MSG("LESS: left branch has grown") switch ((*ppr)->bal) { case 1: @@ -233,13 +233,13 @@ sprout(tree **ppr, tree_t p_data, int *pi_balance, /* left branch was already too long. rebal */ MSG("LESS: case -1: rebalancing") p1 = (*ppr)->left; - if (p1->bal == -1) { /* LL */ + if (p1->bal == -1) { /*%< LL */ MSG("LESS: single LL") (*ppr)->left = p1->right; p1->right = *ppr; (*ppr)->bal = 0; *ppr = p1; - } else { /* double LR */ + } else { /*%< double LR */ MSG("LESS: double LR") p2 = p1->right; @@ -289,13 +289,13 @@ sprout(tree **ppr, tree_t p_data, int *pi_balance, case 1: MSG("MORE: balance was off, need to rebalance") p1 = (*ppr)->right; - if (p1->bal == 1) { /* RR */ + if (p1->bal == 1) { /*%< RR */ MSG("MORE: single RR") (*ppr)->right = p1->left; p1->left = *ppr; (*ppr)->bal = 0; *ppr = p1; - } else { /* double RL */ + } else { /*%< double RL */ MSG("MORE: double RL") p2 = p1->left; @@ -530,3 +530,5 @@ bal_R(tree **ppr_p, int *pi_balance) { } RETV } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/isc/tree.mdoc b/contrib/bind-9.5.2/lib/bind/isc/tree.mdoc similarity index 98% rename from contrib/bind-9.3/lib/bind/isc/tree.mdoc rename to contrib/bind-9.5.2/lib/bind/isc/tree.mdoc index c46fa7dc1d..2c24e1ff5c 100644 --- a/contrib/bind-9.3/lib/bind/isc/tree.mdoc +++ b/contrib/bind-9.5.2/lib/bind/isc/tree.mdoc @@ -1,4 +1,4 @@ -.\" $Id: tree.mdoc,v 1.1.2.1.10.1 2004/03/09 08:33:44 marka Exp $ +.\" $Id: tree.mdoc,v 1.3 2004/03/09 06:30:09 marka Exp $ .\" .\" Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") .\" Copyright (c) 1995-1999 by Internet Software Consortium diff --git a/contrib/bind-9.3/lib/bind/make/includes.in b/contrib/bind-9.5.2/lib/bind/make/includes.in similarity index 88% rename from contrib/bind-9.3/lib/bind/make/includes.in rename to contrib/bind-9.5.2/lib/bind/make/includes.in index f080202883..8f51b13a1c 100644 --- a/contrib/bind-9.3/lib/bind/make/includes.in +++ b/contrib/bind-9.5.2/lib/bind/make/includes.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: includes.in,v 1.1.206.1 2004/03/15 01:02:44 marka Exp $ +# $Id: includes.in,v 1.4 2007/06/19 23:47:13 tbox Exp $ # Search for machine-generated header files in the build tree, # and for normal headers in the source tree (${top_srcdir}). diff --git a/contrib/bind-9.3/lib/bind/make/mkdep.in b/contrib/bind-9.5.2/lib/bind/make/mkdep.in similarity index 100% rename from contrib/bind-9.3/lib/bind/make/mkdep.in rename to contrib/bind-9.5.2/lib/bind/make/mkdep.in diff --git a/contrib/bind-9.3/lib/bind/make/rules.in b/contrib/bind-9.5.2/lib/bind/make/rules.in similarity index 93% rename from contrib/bind-9.3/lib/bind/make/rules.in rename to contrib/bind-9.5.2/lib/bind/make/rules.in index 1a4e81d603..f37998035f 100644 --- a/contrib/bind-9.3/lib/bind/make/rules.in +++ b/contrib/bind-9.5.2/lib/bind/make/rules.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2001 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2001, 2002 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: rules.in,v 1.3.2.3.4.4 2004/10/20 00:14:47 marka Exp $ +# $Id: rules.in,v 1.13 2007/06/18 23:47:34 tbox Exp $ ### ### Common Makefile rules for BIND 9. diff --git a/contrib/bind-9.3/lib/bind/mkinstalldirs b/contrib/bind-9.5.2/lib/bind/mkinstalldirs old mode 100644 new mode 100755 similarity index 100% rename from contrib/bind-9.3/lib/bind/mkinstalldirs rename to contrib/bind-9.5.2/lib/bind/mkinstalldirs diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_date.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_date.c similarity index 80% rename from contrib/bind-9.3/lib/bind/nameser/ns_date.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_date.c index d6b347a905..292375af63 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_date.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_date.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_date.c,v 1.3.206.2 2004/03/16 12:34:16 marka Exp $"; +static const char rcsid[] = "$Id: ns_date.c,v 1.6 2005/04/27 04:56:39 sra Exp $"; #endif /* Import. */ @@ -45,9 +45,11 @@ static int datepart(const char *, int, int, int, int *); /* Public. */ -/* Convert a date in ASCII into the number of seconds since - 1 January 1970 (GMT assumed). Format is yyyymmddhhmmss, all - digits required, no spaces allowed. */ +/*% + * Convert a date in ASCII into the number of seconds since + * 1 January 1970 (GMT assumed). Format is yyyymmddhhmmss, all + * digits required, no spaces allowed. + */ u_int32_t ns_datetosecs(const char *cp, int *errp) { @@ -70,7 +72,7 @@ ns_datetosecs(const char *cp, int *errp) { time.tm_hour = datepart(cp + 8, 2, 00, 23, errp); time.tm_min = datepart(cp + 10, 2, 00, 59, errp); time.tm_sec = datepart(cp + 12, 2, 00, 59, errp); - if (*errp) /* Any parse errors? */ + if (*errp) /*%< Any parse errors? */ return (0); /* @@ -81,32 +83,29 @@ ns_datetosecs(const char *cp, int *errp) { #define SECS_PER_DAY ((u_int32_t)24*60*60) #define isleap(y) ((((y) % 4) == 0 && ((y) % 100) != 0) || ((y) % 400) == 0) - result = time.tm_sec; /* Seconds */ - result += time.tm_min * 60; /* Minutes */ - result += time.tm_hour * (60*60); /* Hours */ - result += (time.tm_mday - 1) * SECS_PER_DAY; /* Days */ - + result = time.tm_sec; /*%< Seconds */ + result += time.tm_min * 60; /*%< Minutes */ + result += time.tm_hour * (60*60); /*%< Hours */ + result += (time.tm_mday - 1) * SECS_PER_DAY; /*%< Days */ /* Months are trickier. Look without leaping, then leap */ mdays = 0; for (i = 0; i < time.tm_mon; i++) mdays += days_per_month[i]; - result += mdays * SECS_PER_DAY; /* Months */ + result += mdays * SECS_PER_DAY; /*%< Months */ if (time.tm_mon > 1 && isleap(1900+time.tm_year)) - result += SECS_PER_DAY; /* Add leapday for this year */ - + result += SECS_PER_DAY; /*%< Add leapday for this year */ /* First figure years without leapdays, then add them in. */ /* The loop is slow, FIXME, but simple and accurate. */ - result += (time.tm_year - 70) * (SECS_PER_DAY*365); /* Years */ + result += (time.tm_year - 70) * (SECS_PER_DAY*365); /*%< Years */ for (i = 70; i < time.tm_year; i++) if (isleap(1900+i)) - result += SECS_PER_DAY; /* Add leapday for prev year */ - + result += SECS_PER_DAY; /*%< Add leapday for prev year */ return (result); } /* Private. */ -/* +/*% * Parse part of a date. Set error flag if any error. * Don't reset the flag if there is no error. */ @@ -126,3 +125,5 @@ datepart(const char *buf, int size, int min, int max, int *errp) { *errp = 1; return (result); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_name.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_name.c similarity index 85% rename from contrib/bind-9.3/lib/bind/nameser/ns_name.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_name.c index 5ac91e3da9..9d409f3d95 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_name.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_name.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_name.c,v 1.3.2.4.4.2 2004/05/04 03:27:47 marka Exp $"; +static const char rcsid[] = "$Id: ns_name.c,v 1.10 2005/04/27 04:56:40 sra Exp $"; #endif #include "port_before.h" @@ -41,7 +41,7 @@ static const char rcsid[] = "$Id: ns_name.c,v 1.3.2.4.4.2 2004/05/04 03:27:47 ma # define SPRINTF(x) ((size_t)sprintf x) #endif -#define NS_TYPE_ELT 0x40 /* EDNS0 extended label type */ +#define NS_TYPE_ELT 0x40 /*%< EDNS0 extended label type */ #define DNS_LABELTYPE_BITSTRING 0x41 /* Data. */ @@ -83,14 +83,15 @@ static int decode_bitstring(const unsigned char **, /* Public. */ -/* - * ns_name_ntop(src, dst, dstsiz) +/*% * Convert an encoded domain name to printable ascii as per RFC1035. + * return: - * Number of bytes written to buffer, or -1 (with errno set) + *\li Number of bytes written to buffer, or -1 (with errno set) + * * notes: - * The root is returned as "." - * All other domains are returned in non absolute form + *\li The root is returned as "." + *\li All other domains are returned in non absolute form */ int ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) @@ -119,7 +120,7 @@ ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) *dn++ = '.'; } if ((l = labellen(cp - 1)) < 0) { - errno = EMSGSIZE; /* XXX */ + errno = EMSGSIZE; /*%< XXX */ return(-1); } if (dn + l >= eom) { @@ -184,15 +185,17 @@ ns_name_ntop(const u_char *src, char *dst, size_t dstsiz) return (dn - dst); } -/* - * ns_name_pton(src, dst, dstsiz) +/*% * Convert a ascii string into an encoded domain name as per RFC1035. + * * return: - * -1 if it fails - * 1 if string was fully qualified - * 0 is string was not fully qualified + * + *\li -1 if it fails + *\li 1 if string was fully qualified + *\li 0 is string was not fully qualified + * * notes: - * Enforces label and domain length limits. + *\li Enforces label and domain length limits. */ int @@ -209,9 +212,9 @@ ns_name_pton(const char *src, u_char *dst, size_t dstsiz) while ((c = *src++) != 0) { if (escaped) { - if (c == '[') { /* start a bit string label */ + if (c == '[') { /*%< start a bit string label */ if ((cp = strchr(src, ']')) == NULL) { - errno = EINVAL; /* ??? */ + errno = EINVAL; /*%< ??? */ return(-1); } if ((e = encode_bitsring(&src, cp + 2, @@ -256,7 +259,7 @@ ns_name_pton(const char *src, u_char *dst, size_t dstsiz) continue; } else if (c == '.') { c = (bp - label - 1); - if ((c & NS_CMPRSFLGS) != 0) { /* Label too big. */ + if ((c & NS_CMPRSFLGS) != 0) { /*%< Label too big. */ errno = EMSGSIZE; return (-1); } @@ -294,7 +297,7 @@ ns_name_pton(const char *src, u_char *dst, size_t dstsiz) *bp++ = (u_char)c; } c = (bp - label - 1); - if ((c & NS_CMPRSFLGS) != 0) { /* Label too big. */ + if ((c & NS_CMPRSFLGS) != 0) { /*%< Label too big. */ errno = EMSGSIZE; return (-1); } @@ -311,20 +314,21 @@ ns_name_pton(const char *src, u_char *dst, size_t dstsiz) } *bp++ = 0; } - if ((bp - dst) > MAXCDNAME) { /* src too big */ + if ((bp - dst) > MAXCDNAME) { /*%< src too big */ errno = EMSGSIZE; return (-1); } return (0); } -/* - * ns_name_ntol(src, dst, dstsiz) +/*% * Convert a network strings labels into all lowercase. + * * return: - * Number of bytes written to buffer, or -1 (with errno set) + *\li Number of bytes written to buffer, or -1 (with errno set) + * * notes: - * Enforces label and domain length limits. + *\li Enforces label and domain length limits. */ int @@ -371,11 +375,11 @@ ns_name_ntol(const u_char *src, u_char *dst, size_t dstsiz) return (dn - dst); } -/* - * ns_name_unpack(msg, eom, src, dst, dstsiz) +/*% * Unpack a domain name from a message, source may be compressed. + * * return: - * -1 if it fails, or consumed octets if it succeeds. + *\li -1 if it fails, or consumed octets if it succeeds. */ int ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, @@ -424,7 +428,7 @@ ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, if (len < 0) len = srcp - src + 1; srcp = msg + (((n & 0x3f) << 8) | (*srcp & 0xff)); - if (srcp < msg || srcp >= eom) { /* Out of range. */ + if (srcp < msg || srcp >= eom) { /*%< Out of range. */ errno = EMSGSIZE; return (-1); } @@ -442,7 +446,7 @@ ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, default: errno = EMSGSIZE; - return (-1); /* flag error */ + return (-1); /*%< flag error */ } } *dstp = '\0'; @@ -451,19 +455,21 @@ ns_name_unpack(const u_char *msg, const u_char *eom, const u_char *src, return (len); } -/* - * ns_name_pack(src, dst, dstsiz, dnptrs, lastdnptr) +/*% * Pack domain name 'domain' into 'comp_dn'. + * * return: - * Size of the compressed name, or -1. + *\li Size of the compressed name, or -1. + * * notes: - * 'dnptrs' is an array of pointers to previous compressed names. - * dnptrs[0] is a pointer to the beginning of the message. The array + *\li 'dnptrs' is an array of pointers to previous compressed names. + *\li dnptrs[0] is a pointer to the beginning of the message. The array * ends with NULL. - * 'lastdnptr' is a pointer to the end of the array pointed to + *\li 'lastdnptr' is a pointer to the end of the array pointed to * by 'dnptrs'. + * * Side effects: - * The list of pointers in dnptrs is updated for labels inserted into + *\li The list of pointers in dnptrs is updated for labels inserted into * the message as we compress the name. If 'dnptr' is NULL, we don't * try to compress names. If 'lastdnptr' is NULL, we don't update the * list. @@ -485,7 +491,7 @@ ns_name_pack(const u_char *src, u_char *dst, int dstsiz, if ((msg = *dnptrs++) != NULL) { for (cpp = dnptrs; *cpp != NULL; cpp++) (void)NULL; - lpp = cpp; /* end of list to search */ + lpp = cpp; /*%< end of list to search */ } } else msg = NULL; @@ -560,13 +566,14 @@ cleanup: return (dstp - dst); } -/* - * ns_name_uncompress(msg, eom, src, dst, dstsiz) +/*% * Expand compressed domain name to presentation format. + * * return: - * Number of bytes read out of `src', or -1 (with errno set). + *\li Number of bytes read out of `src', or -1 (with errno set). + * * note: - * Root domain returns as "." not "". + *\li Root domain returns as "." not "". */ int ns_name_uncompress(const u_char *msg, const u_char *eom, const u_char *src, @@ -582,18 +589,19 @@ ns_name_uncompress(const u_char *msg, const u_char *eom, const u_char *src, return (n); } -/* - * ns_name_compress(src, dst, dstsiz, dnptrs, lastdnptr) +/*% * Compress a domain name into wire format, using compression pointers. + * * return: - * Number of bytes consumed in `dst' or -1 (with errno set). + *\li Number of bytes consumed in `dst' or -1 (with errno set). + * * notes: - * 'dnptrs' is an array of pointers to previous compressed names. - * dnptrs[0] is a pointer to the beginning of the message. - * The list ends with NULL. 'lastdnptr' is a pointer to the end of the + *\li 'dnptrs' is an array of pointers to previous compressed names. + *\li dnptrs[0] is a pointer to the beginning of the message. + *\li The list ends with NULL. 'lastdnptr' is a pointer to the end of the * array pointed to by 'dnptrs'. Side effect is to update the list of * pointers for labels inserted into the message as we compress the name. - * If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr' + *\li If 'dnptr' is NULL, we don't try to compress names. If 'lastdnptr' * is NULL, we don't update the list. */ int @@ -607,7 +615,7 @@ ns_name_compress(const char *src, u_char *dst, size_t dstsiz, return (ns_name_pack(tmp, dst, dstsiz, dnptrs, lastdnptr)); } -/* +/*% * Reset dnptrs so that there are no active references to pointers at or * after src. */ @@ -624,11 +632,11 @@ ns_name_rollback(const u_char *src, const u_char **dnptrs, } } -/* - * ns_name_skip(ptrptr, eom) +/*% * Advance *ptrptr to skip over the compressed name it points at. + * * return: - * 0 on success, -1 (with errno set) on failure. + *\li 0 on success, -1 (with errno set) on failure. */ int ns_name_skip(const u_char **ptrptr, const u_char *eom) @@ -641,20 +649,20 @@ ns_name_skip(const u_char **ptrptr, const u_char *eom) while (cp < eom && (n = *cp++) != 0) { /* Check for indirection. */ switch (n & NS_CMPRSFLGS) { - case 0: /* normal case, n == len */ + case 0: /*%< normal case, n == len */ cp += n; continue; - case NS_TYPE_ELT: /* EDNS0 extended label */ + case NS_TYPE_ELT: /*%< EDNS0 extended label */ if ((l = labellen(cp - 1)) < 0) { - errno = EMSGSIZE; /* XXX */ + errno = EMSGSIZE; /*%< XXX */ return(-1); } cp += l; continue; - case NS_CMPRSFLGS: /* indirection */ + case NS_CMPRSFLGS: /*%< indirection */ cp++; break; - default: /* illegal type */ + default: /*%< illegal type */ errno = EMSGSIZE; return (-1); } @@ -670,44 +678,44 @@ ns_name_skip(const u_char **ptrptr, const u_char *eom) /* Private. */ -/* - * special(ch) +/*% * Thinking in noninternationalized USASCII (per the DNS spec), * is this characted special ("in need of quoting") ? + * * return: - * boolean. + *\li boolean. */ static int special(int ch) { switch (ch) { - case 0x22: /* '"' */ - case 0x2E: /* '.' */ - case 0x3B: /* ';' */ - case 0x5C: /* '\\' */ - case 0x28: /* '(' */ - case 0x29: /* ')' */ + case 0x22: /*%< '"' */ + case 0x2E: /*%< '.' */ + case 0x3B: /*%< ';' */ + case 0x5C: /*%< '\\' */ + case 0x28: /*%< '(' */ + case 0x29: /*%< ')' */ /* Special modifiers in zone files. */ - case 0x40: /* '@' */ - case 0x24: /* '$' */ + case 0x40: /*%< '@' */ + case 0x24: /*%< '$' */ return (1); default: return (0); } } -/* - * printable(ch) +/*% * Thinking in noninternationalized USASCII (per the DNS spec), * is this character visible and not a space when printed ? + * * return: - * boolean. + *\li boolean. */ static int printable(int ch) { return (ch > 0x20 && ch < 0x7f); } -/* +/*% * Thinking in noninternationalized USASCII (per the DNS spec), * convert this character to lower case if it's upper case. */ @@ -718,14 +726,15 @@ mklower(int ch) { return (ch); } -/* - * dn_find(domain, msg, dnptrs, lastdnptr) +/*% * Search for the counted-label name in an array of compressed names. + * * return: - * offset from msg if found, or -1. + *\li offset from msg if found, or -1. + * * notes: - * dnptrs is the pointer to the first name on the list, - * not the pointer to the start of the message. + *\li dnptrs is the pointer to the first name on the list, + *\li not the pointer to the start of the message. */ static int dn_find(const u_char *domain, const u_char *msg, @@ -753,9 +762,8 @@ dn_find(const u_char *domain, const u_char *msg, * check for indirection */ switch (n & NS_CMPRSFLGS) { - case 0: /* normal case, n == len */ - n = labellen(cp - 1); /* XXX */ - + case 0: /*%< normal case, n == len */ + n = labellen(cp - 1); /*%< XXX */ if (n != *dn++) goto next; @@ -769,11 +777,11 @@ dn_find(const u_char *domain, const u_char *msg, if (*dn) continue; goto next; - case NS_CMPRSFLGS: /* indirection */ + case NS_CMPRSFLGS: /*%< indirection */ cp = msg + (((n & 0x3f) << 8) | *cp); break; - default: /* illegal type */ + default: /*%< illegal type */ errno = EMSGSIZE; return (-1); } @@ -855,12 +863,12 @@ encode_bitsring(const char **bp, const char *end, unsigned char **labelp, /* XXX: currently, only hex strings are supported */ if (*cp++ != 'x') return(EINVAL); - if (!isxdigit((*cp) & 0xff)) /* reject '\[x/BLEN]' */ + if (!isxdigit((*cp) & 0xff)) /*%< reject '\[x/BLEN]' */ return(EINVAL); for (tp = *dst + 1; cp < end && tp < eom; cp++) { switch((c = *cp)) { - case ']': /* end of the bitstring */ + case ']': /*%< end of the bitstring */ if (afterslash) { if (beg_blen == NULL) return(EINVAL); @@ -870,7 +878,7 @@ encode_bitsring(const char **bp, const char *end, unsigned char **labelp, } if (count) *tp++ = ((value << 4) & 0xff); - cp++; /* skip ']' */ + cp++; /*%< skip ']' */ goto done; case '/': afterslash = 1; @@ -914,14 +922,14 @@ encode_bitsring(const char **bp, const char *end, unsigned char **labelp, * MUST be just sufficient to contain the number of bits specified * by the . If there are insignificant bits in a final * hexadecimal or octal digit, they MUST be zero. - * RFC 2673, Section 3.2. + * RFC2673, Section 3.2. */ if (blen > 0) { int traillen; if (((blen + 3) & ~3) != tbcount) return(EINVAL); - traillen = tbcount - blen; /* between 0 and 3 */ + traillen = tbcount - blen; /*%< between 0 and 3 */ if (((value << (8 - traillen)) & 0xff) != 0) return(EINVAL); } @@ -957,7 +965,9 @@ labellen(const u_char *lp) bitlen = 256; return((bitlen + 7 ) / 8 + 1); } - return(-1); /* unknwon ELT */ + return(-1); /*%< unknwon ELT */ } return(l); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_netint.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_netint.c similarity index 92% rename from contrib/bind-9.3/lib/bind/nameser/ns_netint.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_netint.c index 15fc93e40e..559c9d5bd5 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_netint.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_netint.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_netint.c,v 1.1.206.1 2004/03/09 08:33:44 marka Exp $"; +static const char rcsid[] = "$Id: ns_netint.c,v 1.3 2005/04/27 04:56:40 sra Exp $"; #endif /* Import. */ @@ -54,3 +54,5 @@ void ns_put32(u_long src, u_char *dst) { NS_PUT32(src, dst); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_parse.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_parse.c similarity index 87% rename from contrib/bind-9.3/lib/bind/nameser/ns_parse.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_parse.c index 19a6f51b2d..09b19f861c 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_parse.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_parse.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_parse.c,v 1.3.2.1.4.3 2005/10/11 00:48:16 marka Exp $"; +static const char rcsid[] = "$Id: ns_parse.c,v 1.9 2007/08/27 03:32:26 marka Exp $"; #endif /* Import. */ @@ -40,7 +40,7 @@ static void setsection(ns_msg *msg, ns_sect sect); /* Macros. */ -#ifndef SOLARIS2 +#if !defined(SOLARIS2) || defined(__COVERITY__) #define RETERR(err) do { errno = (err); return (-1); } while (0) #else #define RETERR(err) \ @@ -51,22 +51,22 @@ static void setsection(ns_msg *msg, ns_sect sect); /* These need to be in the same order as the nres.h:ns_flag enum. */ struct _ns_flagdata _ns_flagdata[16] = { - { 0x8000, 15 }, /* qr. */ - { 0x7800, 11 }, /* opcode. */ - { 0x0400, 10 }, /* aa. */ - { 0x0200, 9 }, /* tc. */ - { 0x0100, 8 }, /* rd. */ - { 0x0080, 7 }, /* ra. */ - { 0x0040, 6 }, /* z. */ - { 0x0020, 5 }, /* ad. */ - { 0x0010, 4 }, /* cd. */ - { 0x000f, 0 }, /* rcode. */ - { 0x0000, 0 }, /* expansion (1/6). */ - { 0x0000, 0 }, /* expansion (2/6). */ - { 0x0000, 0 }, /* expansion (3/6). */ - { 0x0000, 0 }, /* expansion (4/6). */ - { 0x0000, 0 }, /* expansion (5/6). */ - { 0x0000, 0 }, /* expansion (6/6). */ + { 0x8000, 15 }, /*%< qr. */ + { 0x7800, 11 }, /*%< opcode. */ + { 0x0400, 10 }, /*%< aa. */ + { 0x0200, 9 }, /*%< tc. */ + { 0x0100, 8 }, /*%< rd. */ + { 0x0080, 7 }, /*%< ra. */ + { 0x0040, 6 }, /*%< z. */ + { 0x0020, 5 }, /*%< ad. */ + { 0x0010, 4 }, /*%< cd. */ + { 0x000f, 0 }, /*%< rcode. */ + { 0x0000, 0 }, /*%< expansion (1/6). */ + { 0x0000, 0 }, /*%< expansion (2/6). */ + { 0x0000, 0 }, /*%< expansion (3/6). */ + { 0x0000, 0 }, /*%< expansion (4/6). */ + { 0x0000, 0 }, /*%< expansion (5/6). */ + { 0x0000, 0 }, /*%< expansion (6/6). */ }; int ns_msg_getflag(ns_msg handle, int flag) { @@ -207,3 +207,5 @@ setsection(ns_msg *msg, ns_sect sect) { msg->_msg_ptr = msg->_sections[(int)sect]; } } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_print.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_print.c similarity index 97% rename from contrib/bind-9.3/lib/bind/nameser/ns_print.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_print.c index 0ee3a2d70e..4dc20dcfc9 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_print.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_print.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_print.c,v 1.3.2.1.4.7 2004/09/16 07:01:12 marka Exp $"; +static const char rcsid[] = "$Id: ns_print.c,v 1.10 2005/04/27 04:56:40 sra Exp $"; #endif /* Import. */ @@ -32,7 +32,7 @@ static const char rcsid[] = "$Id: ns_print.c,v 1.3.2.1.4.7 2004/09/16 07:01:12 m #ifdef _LIBC #include -#define INSIST(cond) assert(cond) +#define INSIST(cond) assert(cond) #else #include #include @@ -74,12 +74,11 @@ static int addtab(size_t len, size_t target, int spaced, /* Public. */ -/* - * int - * ns_sprintrr(handle, rr, name_ctx, origin, buf, buflen) +/*% * Convert an RR to presentation format. + * * return: - * Number of characters written to buf, or -1 (check errno). + *\li Number of characters written to buf, or -1 (check errno). */ int ns_sprintrr(const ns_msg *handle, const ns_rr *rr, @@ -95,13 +94,11 @@ ns_sprintrr(const ns_msg *handle, const ns_rr *rr, return (n); } -/* - * int - * ns_sprintrrf(msg, msglen, name, class, type, ttl, rdata, rdlen, - * name_ctx, origin, buf, buflen) +/*% * Convert the fields of an RR into presentation format. + * * return: - * Number of characters written to buf, or -1 (check errno). + *\li Number of characters written to buf, or -1 (check errno). */ int ns_sprintrrf(const u_char *msg, size_t msglen, @@ -654,10 +651,10 @@ ns_sprintrrf(const u_char *msg, size_t msglen, T(len = addname(msg, msglen, &rdata, origin, &buf, &buflen)); T(addstr(" ", 1, &buf, &buflen)); - rdata += 8; /* time */ + rdata += 8; /*%< time */ n = ns_get16(rdata); rdata += INT16SZ; - rdata += n; /* sig */ - n = ns_get16(rdata); rdata += INT16SZ; /* original id */ + rdata += n; /*%< sig */ + n = ns_get16(rdata); rdata += INT16SZ; /*%< original id */ sprintf(buf, "%d", ns_get16(rdata)); rdata += INT16SZ; addlen(strlen(buf), &buf, &buflen); @@ -744,7 +741,7 @@ ns_sprintrrf(const u_char *msg, size_t msglen, /* Private. */ -/* +/*% * size_t * prune_origin(name, origin) * Find out if the name is at or under the current origin. @@ -777,7 +774,7 @@ prune_origin(const char *name, const char *origin) { return (name - oname); } -/* +/*% * int * charstr(rdata, edata, buf, buflen) * Format a into the presentation buffer. @@ -833,7 +830,7 @@ addname(const u_char *msg, size_t msglen, n = dn_expand(msg, msg + msglen, *pp, *buf, *buflen); if (n < 0) - goto enospc; /* Guess. */ + goto enospc; /*%< Guess. */ newlen = prune_origin(*buf, origin); if (**buf == '\0') { goto root; @@ -905,3 +902,5 @@ addtab(size_t len, size_t target, int spaced, char **buf, size_t *buflen) { } return (spaced); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_samedomain.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_samedomain.c similarity index 84% rename from contrib/bind-9.3/lib/bind/nameser/ns_samedomain.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_samedomain.c index a5d039eb2d..ee890090b8 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_samedomain.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_samedomain.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_samedomain.c,v 1.1.2.2.4.2 2004/03/16 12:34:17 marka Exp $"; +static const char rcsid[] = "$Id: ns_samedomain.c,v 1.6 2005/04/27 04:56:40 sra Exp $"; #endif #include "port_before.h" @@ -28,21 +28,22 @@ static const char rcsid[] = "$Id: ns_samedomain.c,v 1.1.2.2.4.2 2004/03/16 12:34 #include "port_after.h" -/* - * int - * ns_samedomain(a, b) +/*% * Check whether a name belongs to a domain. + * * Inputs: - * a - the domain whose ancestory is being verified - * b - the potential ancestor we're checking against + *\li a - the domain whose ancestory is being verified + *\li b - the potential ancestor we're checking against + * * Return: - * boolean - is a at or below b? + *\li boolean - is a at or below b? + * * Notes: - * Trailing dots are first removed from name and domain. + *\li Trailing dots are first removed from name and domain. * Always compare complete subdomains, not only whether the * domain name is the trailing string of the given name. * - * "host.foobar.top" lies in "foobar.top" and in "top" and in "" + *\li "host.foobar.top" lies in "foobar.top" and in "top" and in "" * but NOT in "bar.top" */ @@ -152,30 +153,31 @@ ns_subdomain(const char *a, const char *b) { } #endif -/* - * int - * ns_makecanon(src, dst, dstsize) +/*% * make a canonical copy of domain name "src" + * * notes: + * \code * foo -> foo. * foo. -> foo. * foo.. -> foo. * foo\. -> foo\.. * foo\\. -> foo\\. + * \endcode */ int ns_makecanon(const char *src, char *dst, size_t dstsize) { size_t n = strlen(src); - if (n + sizeof "." > dstsize) { /* Note: sizeof == 2 */ + if (n + sizeof "." > dstsize) { /*%< Note: sizeof == 2 */ errno = EMSGSIZE; return (-1); } strcpy(dst, src); - while (n >= 1U && dst[n - 1] == '.') /* Ends in "." */ - if (n >= 2U && dst[n - 2] == '\\' && /* Ends in "\." */ - (n < 3U || dst[n - 3] != '\\')) /* But not "\\." */ + while (n >= 1U && dst[n - 1] == '.') /*%< Ends in "." */ + if (n >= 2U && dst[n - 2] == '\\' && /*%< Ends in "\." */ + (n < 3U || dst[n - 3] != '\\')) /*%< But not "\\." */ break; else dst[--n] = '\0'; @@ -184,14 +186,13 @@ ns_makecanon(const char *src, char *dst, size_t dstsize) { return (0); } -/* - * int - * ns_samename(a, b) +/*% * determine whether domain name "a" is the same as domain name "b" + * * return: - * -1 on error - * 0 if names differ - * 1 if names are the same + *\li -1 on error + *\li 0 if names differ + *\li 1 if names are the same */ int @@ -206,3 +207,5 @@ ns_samename(const char *a, const char *b) { else return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_sign.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_sign.c similarity index 87% rename from contrib/bind-9.3/lib/bind/nameser/ns_sign.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_sign.c index 7b742f1f5f..5748a090d9 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_sign.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_sign.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_sign.c,v 1.1.2.2.4.2 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: ns_sign.c,v 1.6 2006/03/09 23:57:56 marka Exp $"; #endif /* Import. */ @@ -53,24 +53,26 @@ static const char rcsid[] = "$Id: ns_sign.c,v 1.1.2.2.4.2 2006/03/10 00:17:21 ma } \ } while (0) -/* ns_sign +/*% + * ns_sign + * * Parameters: - * msg message to be sent - * msglen input - length of message + *\li msg message to be sent + *\li msglen input - length of message * output - length of signed message - * msgsize length of buffer containing message - * error value to put in the error field - * key tsig key used for signing - * querysig (response), the signature in the query - * querysiglen (response), the length of the signature in the query - * sig a buffer to hold the generated signature - * siglen input - length of signature buffer + *\li msgsize length of buffer containing message + *\li error value to put in the error field + *\li key tsig key used for signing + *\li querysig (response), the signature in the query + *\li querysiglen (response), the length of the signature in the query + *\li sig a buffer to hold the generated signature + *\li siglen input - length of signature buffer * output - length of signature * * Errors: - * - bad input data (-1) - * - bad key / sign failed (-BADKEY) - * - not enough space (NS_TSIG_ERROR_NO_SPACE) + *\li - bad input data (-1) + *\li - bad key / sign failed (-BADKEY) + *\li - not enough space (NS_TSIG_ERROR_NO_SPACE) */ int ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k, @@ -124,7 +126,7 @@ ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k, BOUNDS_CHECK(cp, INT16SZ + INT16SZ + INT32SZ + INT16SZ); PUTSHORT(ns_t_tsig, cp); PUTSHORT(ns_c_any, cp); - PUTLONG(0, cp); /* TTL */ + PUTLONG(0, cp); /*%< TTL */ lenp = cp; cp += 2; @@ -191,18 +193,18 @@ ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k, /* Digest the time signed, fudge, error, and other data */ cp2 = buf; - PUTSHORT(0, cp2); /* Top 16 bits of time */ + PUTSHORT(0, cp2); /*%< Top 16 bits of time */ if (error != ns_r_badtime) PUTLONG(timesigned, cp2); else PUTLONG(in_timesigned, cp2); PUTSHORT(NS_TSIG_FUDGE, cp2); - PUTSHORT(error, cp2); /* Error */ + PUTSHORT(error, cp2); /*%< Error */ if (error != ns_r_badtime) - PUTSHORT(0, cp2); /* Other data length */ + PUTSHORT(0, cp2); /*%< Other data length */ else { - PUTSHORT(INT16SZ+INT32SZ, cp2); /* Other data length */ - PUTSHORT(0, cp2); /* Top 16 bits of time */ + PUTSHORT(INT16SZ+INT32SZ, cp2); /*%< Other data length */ + PUTSHORT(0, cp2); /*%< Top 16 bits of time */ PUTLONG(timesigned, cp2); } dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, cp2-buf, @@ -224,17 +226,17 @@ ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k, /* The original message ID & error. */ BOUNDS_CHECK(cp, INT16SZ + INT16SZ); - PUTSHORT(ntohs(hp->id), cp); /* already in network order */ + PUTSHORT(ntohs(hp->id), cp); /*%< already in network order */ PUTSHORT(error, cp); /* Other data. */ BOUNDS_CHECK(cp, INT16SZ); if (error != ns_r_badtime) - PUTSHORT(0, cp); /* Other data length */ + PUTSHORT(0, cp); /*%< Other data length */ else { - PUTSHORT(INT16SZ+INT32SZ, cp); /* Other data length */ + PUTSHORT(INT16SZ+INT32SZ, cp); /*%< Other data length */ BOUNDS_CHECK(cp, INT32SZ+INT16SZ); - PUTSHORT(0, cp); /* Top 16 bits of time */ + PUTSHORT(0, cp); /*%< Top 16 bits of time */ PUTLONG(timesigned, cp); } @@ -323,7 +325,7 @@ ns_sign_tcp2(u_char *msg, int *msglen, int msgsize, int error, BOUNDS_CHECK(cp, INT16SZ + INT16SZ + INT32SZ + INT16SZ); PUTSHORT(ns_t_tsig, cp); PUTSHORT(ns_c_any, cp); - PUTLONG(0, cp); /* TTL */ + PUTLONG(0, cp); /*%< TTL */ lenp = cp; cp += 2; @@ -346,7 +348,7 @@ ns_sign_tcp2(u_char *msg, int *msglen, int msgsize, int error, /* Digest the time signed and fudge. */ cp2 = buf; - PUTSHORT(0, cp2); /* Top 16 bits of time */ + PUTSHORT(0, cp2); /*%< Top 16 bits of time */ PUTLONG(timesigned, cp2); PUTSHORT(NS_TSIG_FUDGE, cp2); @@ -367,7 +369,7 @@ ns_sign_tcp2(u_char *msg, int *msglen, int msgsize, int error, /* The original message ID & error. */ BOUNDS_CHECK(cp, INT16SZ + INT16SZ); - PUTSHORT(ntohs(hp->id), cp); /* already in network order */ + PUTSHORT(ntohs(hp->id), cp); /*%< already in network order */ PUTSHORT(error, cp); /* Other data. */ @@ -381,3 +383,5 @@ ns_sign_tcp2(u_char *msg, int *msglen, int msgsize, int error, *msglen = (cp - msg); return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_ttl.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_ttl.c similarity index 96% rename from contrib/bind-9.3/lib/bind/nameser/ns_ttl.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_ttl.c index 4d18d3f281..69c2f83f57 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_ttl.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_ttl.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_ttl.c,v 1.1.206.2 2005/07/28 07:43:21 marka Exp $"; +static const char rcsid[] = "$Id: ns_ttl.c,v 1.4 2005/07/28 06:51:49 marka Exp $"; #endif /* Import. */ @@ -158,3 +158,5 @@ fmt1(int t, char s, char **buf, size_t *buflen) { *buflen -= len; return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/nameser/ns_verify.c b/contrib/bind-9.5.2/lib/bind/nameser/ns_verify.c similarity index 91% rename from contrib/bind-9.3/lib/bind/nameser/ns_verify.c rename to contrib/bind-9.5.2/lib/bind/nameser/ns_verify.c index c74a0a38b2..97c012db8f 100644 --- a/contrib/bind-9.3/lib/bind/nameser/ns_verify.c +++ b/contrib/bind-9.5.2/lib/bind/nameser/ns_verify.c @@ -16,7 +16,7 @@ */ #ifndef lint -static const char rcsid[] = "$Id: ns_verify.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $"; +static const char rcsid[] = "$Id: ns_verify.c,v 1.5 2006/03/09 23:57:56 marka Exp $"; #endif /* Import. */ @@ -107,28 +107,29 @@ ns_find_tsig(u_char *msg, u_char *eom) { } /* ns_verify + * * Parameters: - * statp res stuff - * msg received message - * msglen length of message - * key tsig key used for verifying. - * querysig (response), the signature in the query - * querysiglen (response), the length of the signature in the query - * sig (query), a buffer to hold the signature - * siglen (query), input - length of signature buffer + *\li statp res stuff + *\li msg received message + *\li msglen length of message + *\li key tsig key used for verifying. + *\li querysig (response), the signature in the query + *\li querysiglen (response), the length of the signature in the query + *\li sig (query), a buffer to hold the signature + *\li siglen (query), input - length of signature buffer * output - length of signature * * Errors: - * - bad input (-1) - * - invalid dns message (NS_TSIG_ERROR_FORMERR) - * - TSIG is not present (NS_TSIG_ERROR_NO_TSIG) - * - key doesn't match (-ns_r_badkey) - * - TSIG verification fails with BADKEY (-ns_r_badkey) - * - TSIG verification fails with BADSIG (-ns_r_badsig) - * - TSIG verification fails with BADTIME (-ns_r_badtime) - * - TSIG verification succeeds, error set to BAKEY (ns_r_badkey) - * - TSIG verification succeeds, error set to BADSIG (ns_r_badsig) - * - TSIG verification succeeds, error set to BADTIME (ns_r_badtime) + *\li - bad input (-1) + *\li - invalid dns message (NS_TSIG_ERROR_FORMERR) + *\li - TSIG is not present (NS_TSIG_ERROR_NO_TSIG) + *\li - key doesn't match (-ns_r_badkey) + *\li - TSIG verification fails with BADKEY (-ns_r_badkey) + *\li - TSIG verification fails with BADSIG (-ns_r_badsig) + *\li - TSIG verification fails with BADTIME (-ns_r_badtime) + *\li - TSIG verification succeeds, error set to BAKEY (ns_r_badkey) + *\li - TSIG verification succeeds, error set to BADSIG (ns_r_badsig) + *\li - TSIG verification succeeds, error set to BADTIME (ns_r_badtime) */ int ns_verify(u_char *msg, int *msglen, void *k, @@ -450,7 +451,7 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state, /* Digest the time signed and fudge. */ cp2 = buf; - PUTSHORT(0, cp2); /* Top 16 bits of time. */ + PUTSHORT(0, cp2); /*%< Top 16 bits of time. */ PUTLONG(timesigned, cp2); PUTSHORT(NS_TSIG_FUDGE, cp2); @@ -479,3 +480,5 @@ ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state, return (0); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/port/freebsd/include/sys/bitypes.h b/contrib/bind-9.5.2/lib/bind/port/freebsd/include/sys/bitypes.h similarity index 100% rename from contrib/bind-9.3/lib/bind/port/freebsd/include/sys/bitypes.h rename to contrib/bind-9.5.2/lib/bind/port/freebsd/include/sys/bitypes.h diff --git a/contrib/bind-9.3/lib/bind/port_after.h.in b/contrib/bind-9.5.2/lib/bind/port_after.h.in similarity index 61% rename from contrib/bind-9.3/lib/bind/port_after.h.in rename to contrib/bind-9.5.2/lib/bind/port_after.h.in index f248d23f56..b7496a2d46 100644 --- a/contrib/bind-9.3/lib/bind/port_after.h.in +++ b/contrib/bind-9.5.2/lib/bind/port_after.h.in @@ -1,3 +1,22 @@ +/* + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: port_after.h.in,v 1.53.128.7 2008/02/28 05:46:12 marka Exp $ */ + #ifndef port_after_h #define port_after_h @@ -16,12 +35,20 @@ #include #endif /* HAVE_SYS_SELECT_H */ +#ifdef REENABLE_SEND +#undef send +#endif + @NEED_PSELECT@ @HAVE_SA_LEN@ @HAVE_MINIMUM_IFREQ@ @NEED_DAEMON@ @NEED_STRSEP@ @NEED_STRERROR@ +#ifdef NEED_STRERROR +const char *isc_strerror(int); +#define strerror isc_strerror +#endif @HAS_INET6_STRUCTS@ @HAVE_SIN6_SCOPE_ID@ @NEED_IN6ADDR_ANY@ @@ -30,12 +57,18 @@ @NEED_GETTIMEOFDAY@ @HAVE_STRNDUP@ @USE_FIONBIO_IOCTL@ -@USE_SYSERROR_LIST@ @INNETGR_ARGS@ @SETNETGRENT_ARGS@ @USE_IFNAMELINKID@ @PORT_NONBLOCK@ +#ifndef _POSIX_PATH_MAX +#define _POSIX_PATH_MAX 255 +#endif +#ifndef PATH_MAX +#define PATH_MAX _POSIX_PATH_MAX +#endif + /* * We need to know the IPv6 address family number even on IPv4-only systems. * Note that this is NOT a protocol constant, and that if the system has its @@ -60,7 +93,7 @@ #ifndef HAS_INET6_STRUCTS /* Replace with structure from later rev of O/S if known. */ struct in6_addr { - u_int8_t s6_addr[16]; + u_int8_t s6_addr[16]; }; #define IN6ADDR_ANY_INIT \ @@ -74,15 +107,15 @@ struct in6_addr { /* Replace with structure from later rev of O/S if known. */ struct sockaddr_in6 { #ifdef HAVE_SA_LEN - u_int8_t sin6_len; /* length of this struct */ - u_int8_t sin6_family; /* AF_INET6 */ + u_int8_t sin6_len; /* length of this struct */ + u_int8_t sin6_family; /* AF_INET6 */ #else - u_int16_t sin6_family; /* AF_INET6 */ + u_int16_t sin6_family; /* AF_INET6 */ #endif - u_int16_t sin6_port; /* transport layer port # */ - u_int32_t sin6_flowinfo; /* IPv6 flow information */ - struct in6_addr sin6_addr; /* IPv6 address */ - u_int32_t sin6_scope_id; /* set of interfaces for a scope */ + u_int16_t sin6_port; /* transport layer port # */ + u_int32_t sin6_flowinfo; /* IPv6 flow information */ + struct in6_addr sin6_addr; /* IPv6 address */ + u_int32_t sin6_scope_id; /* set of interfaces for a scope */ }; #endif /* HAS_INET6_STRUCTS */ @@ -129,21 +162,21 @@ struct sockaddr_in6 { #endif #ifndef HAVE_SOCKADDR_STORAGE -#define __SS_MAXSIZE 128 -#define __SS_ALLIGSIZE (sizeof (long)) +#define __SS_MAXSIZE 128 +#define __SS_ALLIGSIZE (sizeof (long)) struct sockaddr_storage { #ifdef HAVE_SA_LEN - u_int8_t ss_len; /* address length */ - u_int8_t ss_family; /* address family */ - char __ss_pad1[__SS_ALLIGSIZE - 2 * sizeof(u_int8_t)]; - long __ss_align; - char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; -#else - u_int16_t ss_family; /* address family */ - char __ss_pad1[__SS_ALLIGSIZE - sizeof(u_int16_t)]; - long __ss_align; - char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; + u_int8_t ss_len; /* address length */ + u_int8_t ss_family; /* address family */ + char __ss_pad1[__SS_ALLIGSIZE - 2 * sizeof(u_int8_t)]; + long __ss_align; + char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; +#else + u_int16_t ss_family; /* address family */ + char __ss_pad1[__SS_ALLIGSIZE - sizeof(u_int16_t)]; + long __ss_align; + char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; #endif }; #endif @@ -254,7 +287,7 @@ extern const struct in6_addr isc_in6addr_loopback; #ifdef NEED_DAEMON int daemon(int nochdir, int noclose); #endif - + #ifdef NEED_STRSEP char * strsep(char **stringp, const char *delim); #endif @@ -309,16 +342,16 @@ innetgr_r(const char *, const char *, const char *, const char *); #endif #ifdef NEED_SETNETGRENT_R -#ifdef NGR_R_ENT_ARGS -NGR_R_SET_RETURN setnetgrent_r(const char *netgroup, NGR_R_ENT_ARGS); +#ifdef NGR_R_SET_ARGS +NGR_R_SET_RETURN setnetgrent_r(NGR_R_SET_CONST char *netgroup, NGR_R_SET_ARGS); #else -NGR_R_SET_RETURN setnetgrent_r(const char *netgroup); +NGR_R_SET_RETURN setnetgrent_r(NGR_R_SET_CONST char *netgroup); #endif #endif #ifdef NEED_ENDNETGRENT_R -#ifdef NGR_R_ENT_ARGS -NGR_R_END_RETURN endnetgrent_r(NGR_R_ENT_ARGS); +#ifdef NGR_R_END_ARGS +NGR_R_END_RETURN endnetgrent_r(NGR_R_END_ARGS); #else NGR_R_END_RETURN endnetgrent_r(void); #endif @@ -327,25 +360,25 @@ NGR_R_END_RETURN endnetgrent_r(void); #ifdef POSIX_GETPWNAM_R int __posix_getpwnam_r(const char *login, struct passwd *pwptr, - char *buf, size_t buflen, struct passwd **result); + char *buf, size_t buflen, struct passwd **result); #endif #ifdef NEED_GETPWNAM_R int getpwnam_r(const char *login, struct passwd *pwptr, - char *buf, size_t buflen, struct passwd **result); + char *buf, size_t buflen, struct passwd **result); #endif #ifdef POSIX_GETPWUID_R int __posix_getpwuid_r(uid_t uid, struct passwd *pwptr, - char *buf, int buflen, struct passwd **result); + char *buf, int buflen, struct passwd **result); #endif #ifdef NEED_GETPWUID_R int getpwuid_r(uid_t uid, struct passwd *pwptr, - char *buf, size_t buflen, struct passwd **result); + char *buf, size_t buflen, struct passwd **result); #endif #ifdef NEED_SETPWENT_R @@ -384,10 +417,12 @@ int isc__gettimeofday(struct timeval *tvp, struct _TIMEZONE *tzp); int isc__gettimeofday(struct timeval *tp, struct timezone *tzp); #endif -int getnetgrent(char **machinep, char **userp, char **domainp); +int getnetgrent(NGR_R_CONST char **machinep, NGR_R_CONST char **userp, + NGR_R_CONST char **domainp); #ifdef NGR_R_ARGS -int getnetgrent_r(char **machinep, char **userp, char **domainp, NGR_R_ARGS); +int getnetgrent_r(NGR_R_CONST char **machinep, NGR_R_CONST char **userp, + NGR_R_CONST char **domainp, NGR_R_ARGS); #endif #ifdef SETNETGRENT_ARGS @@ -405,11 +440,87 @@ int innetgr(const char *netgroup, const char *machine, const char *user, const char *domain); #endif -#ifdef NGR_R_ENT_ARGS +#ifdef NGR_R_SET_ARGS NGR_R_SET_RETURN -setnetgrent_r(const char *netgroup, NGR_R_ENT_ARGS); +setnetgrent_r(NGR_R_SET_CONST char *netgroup, NGR_R_SET_ARGS); #else NGR_R_SET_RETURN -setnetgrent_r(const char *netgroup); +setnetgrent_r(NGR_R_SET_CONST char *netgroup); +#endif + +#ifdef NEED_STRTOUL +unsigned long strtoul(const char *, char **, int); +#endif + +#ifdef NEED_SUN4PROTOS +#include +#ifndef __SIZE_TYPE__ +#define __SIZE_TYPE__ int +#endif +struct sockaddr; +struct iovec; +struct timeval; +struct timezone; +int fprintf(FILE *, const char *, ...); +int getsockname(int, struct sockaddr *, int *); +int getpeername(int, struct sockaddr *, int *); +int socket(int, int, int); +int connect(int, const struct sockaddr *, int); +int writev(int, struct iovec *, int); +int readv(int, struct iovec *, int); +int send(int, const char *, int, int); +void bzero(char *, int); +int recvfrom(int, char *, int, int, struct sockaddr *, int *); +int syslog(int, const char *, ... ); +int printf(const char *, ...); +__SIZE_TYPE__ fread(void *, __SIZE_TYPE__, __SIZE_TYPE__, FILE *); +__SIZE_TYPE__ fwrite(const void *, __SIZE_TYPE__, __SIZE_TYPE__, FILE *); +int fclose(FILE *); +int ungetc(int, FILE *); +int scanf(const char *, ...); +int sscanf(const char *, const char *, ... ); +int tolower(int); +int toupper(int); +int strcasecmp(const char *, const char *); +int strncasecmp(const char *, const char *, int); +int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); +#ifdef gettimeofday +#undef gettimeofday +int gettimeofday(struct timeval *, struct timezone *); +#define gettimeofday isc__gettimeofday +#else +int gettimeofday(struct timeval *, struct timezone *); +#endif +long strtol(const char*, char **, int); +int fseek(FILE *, long, int); +int setsockopt(int, int, int, const char *, int); +int bind(int, const struct sockaddr *, int); +void bcopy(char *, char *, int); +int fputc(char, FILE *); +int listen(int, int); +int accept(int, struct sockaddr *, int *); +int getsockopt(int, int, int, char *, int *); +int vfprintf(FILE *, const char *, va_list); +int fflush(FILE *); +int fgetc(FILE *); +int fputs(const char *, FILE *); +int fchown(int, int, int); +void setbuf(FILE *, char *); +int gethostname(char *, int); +int rename(const char *, const char *); +time_t time(time_t *); +int fscanf(FILE *, const char *, ...); +int sscanf(const char *, const char *, ...); +int ioctl(int, int, caddr_t); +void perror(const char *); + +#if !defined(__USE_FIXED_PROTOTYPES__) && !defined(__cplusplus) && !defined(__STRICT_ANSI__) +/* + * 'gcc -ansi' changes the prototype for vsprintf(). + * Use this prototype when 'gcc -ansi' is not in effect. + */ +char *vsprintf(char *, const char *, va_list); #endif #endif + +#endif diff --git a/contrib/bind-9.3/lib/bind/port_before.h.in b/contrib/bind-9.5.2/lib/bind/port_before.h.in similarity index 61% rename from contrib/bind-9.3/lib/bind/port_before.h.in rename to contrib/bind-9.5.2/lib/bind/port_before.h.in index 320fff1905..4910091221 100644 --- a/contrib/bind-9.3/lib/bind/port_before.h.in +++ b/contrib/bind-9.5.2/lib/bind/port_before.h.in @@ -1,7 +1,30 @@ +/* + * Copyright (C) 2005-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: port_before.h.in,v 1.27.128.3 2008/02/28 05:46:12 marka Exp $ */ + #ifndef port_before_h #define port_before_h #include +#ifdef NEED_SUN4PROTOS +#define _PARAMS(x) x +#endif + struct group; /* silence warning */ struct passwd; /* silence warning */ struct timeval; /* silence warning */ @@ -12,6 +35,16 @@ struct timezone; /* silence warning */ #endif #include +#ifdef ISC_PLATFORM_NEEDTIMESPEC +#include /* For time_t */ +struct timespec { + time_t tv_sec; /* seconds */ + long tv_nsec; /* nanoseconds */ +}; +#endif +#ifndef HAVE_MEMMOVE +#define memmove(a,b,c) bcopy(b,a,c) +#endif @WANT_IRS_GR@ @WANT_IRS_NIS@ @@ -71,15 +104,22 @@ struct timezone; /* silence warning */ @NGR_R_BAD@ @NGR_R_COPY@ @NGR_R_COPY_ARGS@ +@NGR_R_CONST@ @NGR_R_END_RESULT@ @NGR_R_END_RETURN@ -@NGR_R_ENT_ARGS@ +@NGR_R_END_ARGS@ @NGR_R_OK@ @NGR_R_RETURN@ +@NGR_R_SET_CONST@ @NGR_R_SET_RESULT@ @NGR_R_SET_RETURN@ +@NGR_R_SET_ARGS@ @NGR_R_PRIVATE@ +#if !defined(NGR_R_SET_ARGS) && defined(NGR_R_END_ARGS) +#define NGR_R_SET_ARGS NGR_R_END_ARGS +#endif + @PROTO_R_ARGS@ @PROTO_R_BAD@ @PROTO_R_COPY@ @@ -124,11 +164,11 @@ struct timezone; /* silence warning */ #define DE_CONST(konst, var) \ - do { \ - union { const void *k; void *v; } _u; \ - _u.k = konst; \ - var = _u.v; \ - } while (0) + do { \ + union { const void *k; void *v; } _u; \ + _u.k = konst; \ + var = _u.v; \ + } while (0) #define UNUSED(x) (x) = (x) @@ -148,3 +188,5 @@ struct timezone; /* silence warning */ #endif #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/herror.c b/contrib/bind-9.5.2/lib/bind/resolv/herror.c similarity index 93% rename from contrib/bind-9.3/lib/bind/resolv/herror.c rename to contrib/bind-9.5.2/lib/bind/resolv/herror.c index c5266b08cd..a3422379c6 100644 --- a/contrib/bind-9.3/lib/bind/resolv/herror.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/herror.c @@ -50,7 +50,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)herror.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: herror.c,v 1.2.206.1 2004/03/09 08:33:54 marka Exp $"; +static const char rcsid[] = "$Id: herror.c,v 1.4 2005/04/27 04:56:41 sra Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -80,10 +80,10 @@ static const char rcsid[] = "$Id: herror.c,v 1.2.206.1 2004/03/09 08:33:54 marka const char *h_errlist[] = { "Resolver Error 0 (no error)", - "Unknown host", /* 1 HOST_NOT_FOUND */ - "Host name lookup failure", /* 2 TRY_AGAIN */ - "Unknown server error", /* 3 NO_RECOVERY */ - "No address associated with name", /* 4 NO_ADDRESS */ + "Unknown host", /*%< 1 HOST_NOT_FOUND */ + "Host name lookup failure", /*%< 2 TRY_AGAIN */ + "Unknown server error", /*%< 3 NO_RECOVERY */ + "No address associated with name", /*%< 4 NO_ADDRESS */ }; int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; @@ -92,7 +92,7 @@ int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; int h_errno; #endif -/* +/*% * herror -- * print the error indicated by the h_errno value. */ @@ -125,7 +125,7 @@ herror(const char *s) { #endif } -/* +/*% * hstrerror -- * return the string associated with a given "host" errno value. */ @@ -137,3 +137,5 @@ hstrerror(int err) { return (h_errlist[err]); return ("Unknown resolver error"); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/mtctxres.c b/contrib/bind-9.5.2/lib/bind/resolv/mtctxres.c similarity index 99% rename from contrib/bind-9.3/lib/bind/resolv/mtctxres.c rename to contrib/bind-9.5.2/lib/bind/resolv/mtctxres.c index e9dd65d57a..6f9f586b4b 100644 --- a/contrib/bind-9.3/lib/bind/resolv/mtctxres.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/mtctxres.c @@ -111,6 +111,7 @@ ___mtctxres(void) { return (&sharedctx); #endif + /* * This if clause should only be executed if we are linking * statically. When linked dynamically _mtctxres_init() should diff --git a/contrib/bind-9.3/lib/bind/resolv/res_comp.c b/contrib/bind-9.5.2/lib/bind/resolv/res_comp.c similarity index 93% rename from contrib/bind-9.3/lib/bind/resolv/res_comp.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_comp.c index 9daed6f6e6..af182eec3c 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_comp.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_comp.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_comp.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_comp.c,v 1.1.2.1.4.2 2005/07/28 07:43:22 marka Exp $"; +static const char rcsid[] = "$Id: res_comp.c,v 1.5 2005/07/28 06:51:50 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -85,12 +85,13 @@ static const char rcsid[] = "$Id: res_comp.c,v 1.1.2.1.4.2 2005/07/28 07:43:22 m #include #include "port_after.h" -/* +/*% * Expand compressed domain name 'src' to full domain name. - * 'msg' is a pointer to the begining of the message, - * 'eom' points to the first location after the message, - * 'dst' is a pointer to a buffer of size 'dstsiz' for the result. - * Return size of compressed name or -1 if there was an error. + * + * \li 'msg' is a pointer to the begining of the message, + * \li 'eom' points to the first location after the message, + * \li 'dst' is a pointer to a buffer of size 'dstsiz' for the result. + * \li Return size of compressed name or -1 if there was an error. */ int dn_expand(const u_char *msg, const u_char *eom, const u_char *src, @@ -103,10 +104,11 @@ dn_expand(const u_char *msg, const u_char *eom, const u_char *src, return (n); } -/* +/*% * Pack domain name 'exp_dn' in presentation form into 'comp_dn'. - * Return the size of the compressed name or -1. - * 'length' is the size of the array pointed to by 'comp_dn'. + * + * \li Return the size of the compressed name or -1. + * \li 'length' is the size of the array pointed to by 'comp_dn'. */ int dn_comp(const char *src, u_char *dst, int dstsiz, @@ -117,7 +119,7 @@ dn_comp(const char *src, u_char *dst, int dstsiz, (const u_char **)lastdnptr)); } -/* +/*% * Skip over a compressed domain name. Return the size or -1. */ int @@ -129,11 +131,9 @@ dn_skipname(const u_char *ptr, const u_char *eom) { return (ptr - saveptr); } -/* +/*% * Verify that a domain name uses an acceptable character set. - */ - -/* + * * Note the conspicuous absence of ctype macros in these definitions. On * non-ASCII hosts, we can't depend on string literals or ctype macros to * tell us anything about network-format data. The rest of the BIND system @@ -176,7 +176,7 @@ res_hnok(const char *dn) { return (1); } -/* +/*% * hostname-like (A, MX, WKS) owners can have "*" as their first label * but must otherwise be as a host name. */ @@ -191,7 +191,7 @@ res_ownok(const char *dn) { return (res_hnok(dn)); } -/* +/*% * SOA RNAMEs and RP RNAMEs can have any printable character in their first * label, but the rest of the name has to look like a host name. */ @@ -219,8 +219,8 @@ res_mailok(const char *dn) { return (0); } -/* - * This function is quite liberal, since RFC 1034's character sets are only +/*% + * This function is quite liberal, since RFC1034's character sets are only * recommendations. */ int @@ -234,7 +234,7 @@ res_dnok(const char *dn) { } #ifdef BIND_4_COMPAT -/* +/*% * This module must export the following externally-visible symbols: * ___putlong * ___putshort @@ -272,3 +272,4 @@ __weak_reference(__dn_comp, dn_comp); #undef dn_expand __weak_reference(__dn_expand, dn_expand); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_data.c b/contrib/bind-9.5.2/lib/bind/resolv/res_data.c similarity index 78% rename from contrib/bind-9.3/lib/bind/resolv/res_data.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_data.c index 1917dd0c0d..7d4c9e5b81 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_data.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_data.c @@ -16,7 +16,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$Id: res_data.c,v 1.1.206.2 2004/03/16 12:34:18 marka Exp $"; +static const char rcsid[] = "$Id: res_data.c,v 1.5 2007/09/14 05:32:25 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -44,12 +44,13 @@ static const char rcsid[] = "$Id: res_data.c,v 1.1.206.2 2004/03/16 12:34:18 mar #undef _res #endif + const char *_res_opcodes[] = { "QUERY", "IQUERY", "CQUERYM", - "CQUERYU", /* experimental */ - "NOTIFY", /* experimental */ + "CQUERYU", /*%< experimental */ + "NOTIFY", /*%< experimental */ "UPDATE", "6", "7", @@ -72,15 +73,20 @@ const char *_res_sectioncodes[] = { }; #endif +#undef _res #ifndef __BIND_NOSTATIC #ifndef _LIBC struct __res_state _res # if defined(__BIND_RES_TEXT) - = { RES_TIMEOUT, } /* Motorola, et al. */ + = { RES_TIMEOUT, } /*%< Motorola, et al. */ # endif ; #endif /* !_LIBC */ +#if defined(DO_PTHREADS) || defined(__linux) +#define _res (*__res_state()) +#endif + /* Proto. */ int res_ourserver_p(const res_state, const struct sockaddr_in *); @@ -148,14 +154,14 @@ fp_nquery(const u_char *msg, int len, FILE *file) { } int -res_mkquery(int op, /* opcode of query */ - const char *dname, /* domain name */ - int class, int type, /* class and type of query */ - const u_char *data, /* resource record data */ - int datalen, /* length of data */ - const u_char *newrr_in, /* new rr for modify or append */ - u_char *buf, /* buffer to put query */ - int buflen) /* size of buffer */ +res_mkquery(int op, /*!< opcode of query */ + const char *dname, /*!< domain name */ + int class, int type, /*!< class and type of query */ + const u_char *data, /*!< resource record data */ + int datalen, /*!< length of data */ + const u_char *newrr_in, /*!< new rr for modify or append */ + u_char *buf, /*!< buffer to put query */ + int buflen) /*!< size of buffer */ { if ((_res.options & RES_INIT) == 0U && res_init() == -1) { RES_SET_H_ERRNO(&_res, NETDB_INTERNAL); @@ -177,10 +183,10 @@ res_mkupdate(ns_updrec *rrecp_in, u_char *buf, int buflen) { } int -res_query(const char *name, /* domain name */ - int class, int type, /* class and type of query */ - u_char *answer, /* buffer to put answer */ - int anslen) /* size of answer buffer */ +res_query(const char *name, /*!< domain name */ + int class, int type, /*!< class and type of query */ + u_char *answer, /*!< buffer to put answer */ + int anslen) /*!< size of answer buffer */ { if ((_res.options & RES_INIT) == 0U && res_init() == -1) { RES_SET_H_ERRNO(&_res, NETDB_INTERNAL); @@ -246,10 +252,10 @@ res_update(ns_updrec *rrecp_in) { } int -res_search(const char *name, /* domain name */ - int class, int type, /* class and type of query */ - u_char *answer, /* buffer to put answer */ - int anslen) /* size of answer */ +res_search(const char *name, /*!< domain name */ + int class, int type, /*!< class and type of query */ + u_char *answer, /*!< buffer to put answer */ + int anslen) /*!< size of answer */ { if ((_res.options & RES_INIT) == 0U && res_init() == -1) { RES_SET_H_ERRNO(&_res, NETDB_INTERNAL); @@ -262,9 +268,9 @@ res_search(const char *name, /* domain name */ int res_querydomain(const char *name, const char *domain, - int class, int type, /* class and type of query */ - u_char *answer, /* buffer to put answer */ - int anslen) /* size of answer */ + int class, int type, /*!< class and type of query */ + u_char *answer, /*!< buffer to put answer */ + int anslen) /*!< size of answer */ { if ((_res.options & RES_INIT) == 0U && res_init() == -1) { RES_SET_H_ERRNO(&_res, NETDB_INTERNAL); @@ -276,14 +282,6 @@ res_querydomain(const char *name, answer, anslen)); } -#ifdef _LIBC -int -res_opt(int n0, u_char *buf, int buflen, int anslen) -{ - return (res_nopt(&_res, n0, buf, buflen, anslen)); -} -#endif - const char * hostalias(const char *name) { static char abuf[MAXDNAME]; @@ -308,27 +306,6 @@ local_hostname_length(const char *hostname) { } #endif /*ultrix*/ -#ifdef _LIBC -/* - * Weak aliases for applications that use certain private entry points, - * and fail to include . - */ -#undef res_init -__weak_reference(__res_init, res_init); -#undef p_query -__weak_reference(__p_query, p_query); -#undef res_mkquery -__weak_reference(__res_mkquery, res_mkquery); -#undef res_query -__weak_reference(__res_query, res_query); -#undef res_send -__weak_reference(__res_send, res_send); -#undef res_close -__weak_reference(__res_close, _res_close); -#undef res_search -__weak_reference(__res_search, res_search); -#undef res_querydomain -__weak_reference(__res_querydomain, res_querydomain); #endif -#endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_debug.c b/contrib/bind-9.5.2/lib/bind/resolv/res_debug.c similarity index 88% rename from contrib/bind-9.3/lib/bind/resolv/res_debug.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_debug.c index eaae7a27d8..abe5726e8c 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_debug.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_debug.c @@ -95,7 +95,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_debug.c,v 1.3.2.5.4.6 2005/07/28 07:43:22 marka Exp $"; +static const char rcsid[] = "$Id: res_debug.c,v 1.15.574.1 2008/04/03 02:12:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -130,7 +130,7 @@ static const char rcsid[] = "$Id: res_debug.c,v 1.3.2.5.4.6 2005/07/28 07:43:22 extern const char *_res_opcodes[]; extern const char *_res_sectioncodes[]; -/* +/*% * Print the current options. */ void @@ -189,10 +189,56 @@ do_section(const res_state statp, p_type(ns_rr_type(rr)), p_class(ns_rr_class(rr))); else if (section == ns_s_ar && ns_rr_type(rr) == ns_t_opt) { + u_int16_t optcode, optlen, rdatalen = ns_rr_rdlen(rr); u_int32_t ttl = ns_rr_ttl(rr); + fprintf(file, "; EDNS: version: %u, udp=%u, flags=%04x\n", (ttl>>16)&0xff, ns_rr_class(rr), ttl&0xffff); + + while (rdatalen >= 4) { + const u_char *cp = ns_rr_rdata(rr); + int i; + + GETSHORT(optcode, cp); + GETSHORT(optlen, cp); + + if (optcode == NS_OPT_NSID) { + fputs("; NSID: ", file); + if (optlen == 0) { + fputs("; NSID\n", file); + } else { + fputs("; NSID: ", file); + for (i = 0; i < optlen; i++) + fprintf(file, "%02x ", + cp[i]); + fputs(" (",file); + for (i = 0; i < optlen; i++) + fprintf(file, "%c", + isprint(cp[i])? + cp[i] : '.'); + fputs(")\n", file); + } + } else { + if (optlen == 0) { + fprintf(file, "; OPT=%u\n", + optcode); + } else { + fprintf(file, "; OPT=%u: ", + optcode); + for (i = 0; i < optlen; i++) + fprintf(file, "%02x ", + cp[i]); + fputs(" (",file); + for (i = 0; i < optlen; i++) + fprintf(file, "%c", + isprint(cp[i]) ? + cp[i] : '.'); + fputs(")\n", file); + } + } + rdatalen -= 4 + optlen; + } } else { n = ns_sprintrr(handle, &rr, NULL, NULL, buf, buflen); @@ -204,7 +250,7 @@ do_section(const res_state statp, buf = malloc(buflen += 1024); if (buf == NULL) { fprintf(file, - ";; memory allocation failure\n"); + ";; memory allocation failure\n"); return; } continue; @@ -223,7 +269,7 @@ do_section(const res_state statp, free(buf); } -/* +/*% * Print the contents of a query. * This is intended to be primarily a debugging routine. */ @@ -318,7 +364,8 @@ p_cdname(const u_char *cp, const u_char *msg, FILE *file) { return (p_cdnname(cp, msg, PACKETSZ, file)); } -/* Return a fully-qualified domain name from a compressed name (with +/*% + * Return a fully-qualified domain name from a compressed name (with length supplied). */ const u_char * @@ -334,7 +381,7 @@ p_fqnname(cp, msg, msglen, name, namelen) return (NULL); newlen = strlen(name); if (newlen == 0 || name[newlen - 1] != '.') { - if (newlen + 1 >= namelen) /* Lack space for final dot */ + if (newlen + 1 >= namelen) /*%< Lack space for final dot */ return (NULL); else strcpy(name + newlen, "."); @@ -356,7 +403,7 @@ p_fqname(const u_char *cp, const u_char *msg, FILE *file) { return (n); } -/* +/*% * Names of RR classes and qclasses. Classes and qclasses are the same, except * that C_ANY is a qclass but not a class. (You can ask for records of class * C_ANY, but you can't have any records of that class in the database.) @@ -372,23 +419,23 @@ const struct res_sym __p_class_syms[] = { {C_IN, (char *)0, (char *)0} }; -/* +/*% * Names of message sections. */ -static const struct res_sym __p_default_section_syms[] = { +const struct res_sym __p_default_section_syms[] = { {ns_s_qd, "QUERY", (char *)0}, {ns_s_an, "ANSWER", (char *)0}, {ns_s_ns, "AUTHORITY", (char *)0}, {ns_s_ar, "ADDITIONAL", (char *)0}, - {0, (char *)0, (char *)0} + {0, (char *)0, (char *)0} }; -static const struct res_sym __p_update_section_syms[] = { +const struct res_sym __p_update_section_syms[] = { {S_ZONE, "ZONE", (char *)0}, {S_PREREQ, "PREREQUISITE", (char *)0}, {S_UPDATE, "UPDATE", (char *)0}, {S_ADDT, "ADDITIONAL", (char *)0}, - {0, (char *)0, (char *)0} + {0, (char *)0, (char *)0} }; const struct res_sym __p_key_syms[] = { @@ -409,7 +456,7 @@ const struct res_sym __p_cert_syms[] = { {0, NULL, NULL} }; -/* +/*% * Names of RR types and qtypes. Types and qtypes are the same, except * that T_ANY is a qtype but not a type. (You can ask for records of type * T_ANY, but you can't have any records of that type in the database.) @@ -467,7 +514,7 @@ const struct res_sym __p_type_syms[] = { {0, NULL, NULL} }; -/* +/*% * Names of DNS rcodes. */ const struct res_sym __p_rcode_syms[] = { @@ -500,7 +547,7 @@ sym_ston(const struct res_sym *syms, const char *name, int *success) { } if (success) *success = 0; - return (syms->number); /* The default value. */ + return (syms->number); /*%< The default value. */ } const char * @@ -515,7 +562,7 @@ sym_ntos(const struct res_sym *syms, int number, int *success) { } } - sprintf(unname, "%d", number); /* XXX nonreentrant */ + sprintf(unname, "%d", number); /*%< XXX nonreentrant */ if (success) *success = 0; return (unname); @@ -532,13 +579,13 @@ sym_ntop(const struct res_sym *syms, int number, int *success) { return (syms->humanname); } } - sprintf(unname, "%d", number); /* XXX nonreentrant */ + sprintf(unname, "%d", number); /*%< XXX nonreentrant */ if (success) *success = 0; return (unname); } -/* +/*% * Return a string for the type. */ const char * @@ -556,7 +603,7 @@ p_type(int type) { return (typebuf); } -/* +/*% * Return a string for the type. */ const char * @@ -574,7 +621,7 @@ p_section(int section, int opcode) { return (sym_ntos(symbols, section, (int *)0)); } -/* +/*% * Return a mnemonic for class. */ const char * @@ -592,7 +639,7 @@ p_class(int class) { return (classbuf); } -/* +/*% * Return a mnemonic for an option */ const char * @@ -614,8 +661,9 @@ p_option(u_long option) { case RES_INSECURE2: return "insecure2"; case RES_NOALIASES: return "noaliases"; case RES_USE_INET6: return "inet6"; -#ifdef RES_USE_EDNS0 /* KAME extension */ +#ifdef RES_USE_EDNS0 /*%< KAME extension */ case RES_USE_EDNS0: return "edns0"; + case RES_NSID: return "nsid"; #endif #ifdef RES_USE_DNAME case RES_USE_DNAME: return "dname"; @@ -635,7 +683,7 @@ p_option(u_long option) { } } -/* +/*% * Return a mnemonic for a time to live. */ const char * @@ -647,7 +695,7 @@ p_time(u_int32_t value) { return (nbuf); } -/* +/*% * Return a string for the rcode. */ const char * @@ -655,7 +703,7 @@ p_rcode(int rcode) { return (sym_ntos(__p_rcode_syms, rcode, (int *)0)); } -/* +/*% * Return a string for a res_sockaddr_union. */ const char * @@ -682,7 +730,7 @@ p_sockun(union res_sockaddr_union u, char *buf, size_t size) { return (buf); } -/* +/*% * routines to convert between on-the-wire RR format and zone file format. * Does not contain conversion to/from decimal degrees; divide or multiply * by 60*60*1000 for that. @@ -691,7 +739,7 @@ p_sockun(union res_sockaddr_union u, char *buf, size_t size) { static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000, 1000000,10000000,100000000,1000000000}; -/* takes an XeY precision/size value, returns a string representation. */ +/*% takes an XeY precision/size value, returns a string representation. */ static const char * precsize_ntoa(prec) u_int8_t prec; @@ -709,7 +757,7 @@ precsize_ntoa(prec) return (retbuf); } -/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer. */ +/*% converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer. */ static u_int8_t precsize_aton(const char **strptr) { unsigned int mval = 0, cmval = 0; @@ -723,7 +771,7 @@ precsize_aton(const char **strptr) { while (isdigit((unsigned char)*cp)) mval = mval * 10 + (*cp++ - '0'); - if (*cp == '.') { /* centimeters */ + if (*cp == '.') { /*%< centimeters */ cp++; if (isdigit((unsigned char)*cp)) { cmval = (*cp++ - '0') * 10; @@ -749,7 +797,7 @@ precsize_aton(const char **strptr) { return (retval); } -/* converts ascii lat/lon to unsigned encoded 32-bit number. moves pointer. */ +/*% converts ascii lat/lon to unsigned encoded 32-bit number. moves pointer. */ static u_int32_t latlon2ul(const char **latlonstrptr, int *which) { const char *cp; @@ -779,7 +827,7 @@ latlon2ul(const char **latlonstrptr, int *which) { while (isdigit((unsigned char)*cp)) secs = secs * 10 + (*cp++ - '0'); - if (*cp == '.') { /* decimal seconds */ + if (*cp == '.') { /*%< decimal seconds */ cp++; if (isdigit((unsigned char)*cp)) { secsfrac = (*cp++ - '0') * 100; @@ -792,7 +840,7 @@ latlon2ul(const char **latlonstrptr, int *which) { } } - while (!isspace((unsigned char)*cp)) /* if any trailing garbage */ + while (!isspace((unsigned char)*cp)) /*%< if any trailing garbage */ cp++; while (isspace((unsigned char)*cp)) @@ -813,30 +861,29 @@ latlon2ul(const char **latlonstrptr, int *which) { - secsfrac; break; default: - retval = 0; /* invalid value -- indicates error */ + retval = 0; /*%< invalid value -- indicates error */ break; } switch (*cp) { case 'N': case 'n': case 'S': case 's': - *which = 1; /* latitude */ + *which = 1; /*%< latitude */ break; case 'E': case 'e': case 'W': case 'w': - *which = 2; /* longitude */ + *which = 2; /*%< longitude */ break; default: - *which = 0; /* error */ + *which = 0; /*%< error */ break; } - cp++; /* skip the hemisphere */ - - while (!isspace((unsigned char)*cp)) /* if any trailing garbage */ + cp++; /*%< skip the hemisphere */ + while (!isspace((unsigned char)*cp)) /*%< if any trailing garbage */ cp++; - while (isspace((unsigned char)*cp)) /* move to next field */ + while (isspace((unsigned char)*cp)) /*%< move to next field */ cp++; *latlonstrptr = cp; @@ -844,7 +891,8 @@ latlon2ul(const char **latlonstrptr, int *which) { return (retval); } -/* converts a zone file representation in a string to an RDATA on-the-wire +/*% + * converts a zone file representation in a string to an RDATA on-the-wire * representation. */ int loc_aton(ascii, binary) @@ -857,9 +905,9 @@ loc_aton(ascii, binary) u_int32_t latit = 0, longit = 0, alt = 0; u_int32_t lltemp1 = 0, lltemp2 = 0; int altmeters = 0, altfrac = 0, altsign = 1; - u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */ - u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */ - u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */ + u_int8_t hp = 0x16; /*%< default = 1e6 cm = 10000.00m = 10km */ + u_int8_t vp = 0x13; /*%< default = 1e3 cm = 10.00m */ + u_int8_t siz = 0x12; /*%< default = 1e2 cm = 1.00m */ int which1 = 0, which2 = 0; cp = ascii; @@ -870,18 +918,18 @@ loc_aton(ascii, binary) lltemp2 = latlon2ul(&cp, &which2); switch (which1 + which2) { - case 3: /* 1 + 2, the only valid combination */ - if ((which1 == 1) && (which2 == 2)) { /* normal case */ + case 3: /*%< 1 + 2, the only valid combination */ + if ((which1 == 1) && (which2 == 2)) { /*%< normal case */ latit = lltemp1; longit = lltemp2; - } else if ((which1 == 2) && (which2 == 1)) { /* reversed */ + } else if ((which1 == 2) && (which2 == 1)) { /*%< reversed */ longit = lltemp1; latit = lltemp2; - } else { /* some kind of brokenness */ + } else { /*%< some kind of brokenness */ return (0); } break; - default: /* we didn't get one of each */ + default: /*%< we didn't get one of each */ return (0); } @@ -897,7 +945,7 @@ loc_aton(ascii, binary) while (isdigit((unsigned char)*cp)) altmeters = altmeters * 10 + (*cp++ - '0'); - if (*cp == '.') { /* decimal meters */ + if (*cp == '.') { /*%< decimal meters */ cp++; if (isdigit((unsigned char)*cp)) { altfrac = (*cp++ - '0') * 10; @@ -909,7 +957,7 @@ loc_aton(ascii, binary) alt = (10000000 + (altsign * (altmeters * 100 + altfrac))); - while (!isspace((unsigned char)*cp) && (cp < maxcp)) /* if trailing garbage or m */ + while (!isspace((unsigned char)*cp) && (cp < maxcp)) /*%< if trailing garbage or m */ cp++; while (isspace((unsigned char)*cp) && (cp < maxcp)) @@ -920,7 +968,7 @@ loc_aton(ascii, binary) siz = precsize_aton(&cp); - while (!isspace((unsigned char)*cp) && (cp < maxcp)) /* if trailing garbage or m */ + while (!isspace((unsigned char)*cp) && (cp < maxcp)) /*%< if trailing garbage or m */ cp++; while (isspace((unsigned char)*cp) && (cp < maxcp)) @@ -931,7 +979,7 @@ loc_aton(ascii, binary) hp = precsize_aton(&cp); - while (!isspace((unsigned char)*cp) && (cp < maxcp)) /* if trailing garbage or m */ + while (!isspace((unsigned char)*cp) && (cp < maxcp)) /*%< if trailing garbage or m */ cp++; while (isspace((unsigned char)*cp) && (cp < maxcp)) @@ -945,7 +993,7 @@ loc_aton(ascii, binary) defaults: bcp = binary; - *bcp++ = (u_int8_t) 0; /* version byte */ + *bcp++ = (u_int8_t) 0; /*%< version byte */ *bcp++ = siz; *bcp++ = hp; *bcp++ = vp; @@ -953,10 +1001,10 @@ loc_aton(ascii, binary) PUTLONG(longit,bcp); PUTLONG(alt,bcp); - return (16); /* size of RR in octets */ + return (16); /*%< size of RR in octets */ } -/* takes an on-the-wire LOC RR and formats it in a human readable format. */ +/*% takes an on-the-wire LOC RR and formats it in a human readable format. */ const char * loc_ntoa(binary, ascii) const u_char *binary; @@ -1003,7 +1051,7 @@ loc_ntoa(binary, ascii) longval = (templ - ((unsigned)1<<31)); GETLONG(templ, cp); - if (templ < referencealt) { /* below WGS 84 spheroid */ + if (templ < referencealt) { /*%< below WGS 84 spheroid */ altval = referencealt - templ; altsign = "-"; } else { @@ -1066,7 +1114,7 @@ loc_ntoa(binary, ascii) } -/* Return the number of DNS hierarchy levels in the name. */ +/*% Return the number of DNS hierarchy levels in the name. */ int dn_count_labels(const char *name) { int i, len, count; @@ -1091,8 +1139,7 @@ dn_count_labels(const char *name) { return (count); } - -/* +/*% * Make dates expressed in seconds-since-Jan-1-1970 easy to read. * SIG records are required to be printed like this, by the Secure DNS RFC. */ @@ -1182,3 +1229,4 @@ __weak_reference(__dn_count_labels, dn_count_labels); #undef p_secstodate __weak_reference(__p_secstodate, p_secstodate); #endif +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_debug.h b/contrib/bind-9.5.2/lib/bind/resolv/res_debug.h similarity index 99% rename from contrib/bind-9.3/lib/bind/resolv/res_debug.h rename to contrib/bind-9.5.2/lib/bind/resolv/res_debug.h index 2a9c0ae6f5..c28171d7c8 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_debug.h +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_debug.h @@ -32,3 +32,4 @@ #endif #endif /* _RES_DEBUG_H_ */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_findzonecut.c b/contrib/bind-9.5.2/lib/bind/resolv/res_findzonecut.c similarity index 93% rename from contrib/bind-9.3/lib/bind/resolv/res_findzonecut.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_findzonecut.c index e8c18f9a66..ea778dbb29 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_findzonecut.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_findzonecut.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: res_findzonecut.c,v 1.2.2.3.4.4 2005/10/11 00:48:16 marka Exp $"; +static const char rcsid[] = "$Id: res_findzonecut.c,v 1.10 2005/10/11 00:10:16 marka Exp $"; #endif /* not lint */ /* @@ -96,55 +96,56 @@ static void res_dprintf(const char *, ...) ISC_FORMAT_PRINTF(1, 2); /* Public. */ -/* - * int - * res_findzonecut(res, dname, class, zname, zsize, addrs, naddrs) +/*% * find enclosing zone for a , and some server addresses + * * parameters: - * res - resolver context to work within (is modified) - * dname - domain name whose enclosing zone is desired - * class - class of dname (and its enclosing zone) - * zname - found zone name - * zsize - allocated size of zname - * addrs - found server addresses - * naddrs - max number of addrs + *\li res - resolver context to work within (is modified) + *\li dname - domain name whose enclosing zone is desired + *\li class - class of dname (and its enclosing zone) + *\li zname - found zone name + *\li zsize - allocated size of zname + *\li addrs - found server addresses + *\li naddrs - max number of addrs + * * return values: - * < 0 - an error occurred (check errno) - * = 0 - zname is now valid, but addrs[] wasn't changed - * > 0 - zname is now valid, and return value is number of addrs[] found + *\li < 0 - an error occurred (check errno) + *\li = 0 - zname is now valid, but addrs[] wasn't changed + *\li > 0 - zname is now valid, and return value is number of addrs[] found + * * notes: - * this function calls res_nsend() which means it depends on correctly + *\li this function calls res_nsend() which means it depends on correctly * functioning recursive nameservers (usually defined in /etc/resolv.conf * or its local equivilent). * - * we start by asking for an SOA. if we get one as an + *\li we start by asking for an SOA. if we get one as an * answer, that just means is a zone top, which is fine. * more than likely we'll be told to go pound sand, in the form of a * negative answer. * - * note that we are not prepared to deal with referrals since that would + *\li note that we are not prepared to deal with referrals since that would * only come from authority servers and our correctly functioning local * recursive server would have followed the referral and got us something * more definite. * - * if the authority section contains an SOA, this SOA should also be the + *\li if the authority section contains an SOA, this SOA should also be the * closest enclosing zone, since any intermediary zone cuts would've been * returned as referrals and dealt with by our correctly functioning local * recursive name server. but an SOA in the authority section should NOT * match our dname (since that would have been returned in the answer * section). an authority section SOA has to be "above" our dname. * - * however, since authority section SOA's were once optional, it's + *\li however, since authority section SOA's were once optional, it's * possible that we'll have to go hunting for the enclosing SOA by * ripping labels off the front of our dname -- this is known as "doing * it the hard way." * - * ultimately we want some server addresses, which are ideally the ones + *\li ultimately we want some server addresses, which are ideally the ones * pertaining to the SOA.MNAME, but only if there is a matching NS RR. * so the second phase (after we find an SOA) is to go looking for the * NS RRset for that SOA's zone. * - * no answer section processed by this code is allowed to contain CNAME + *\li no answer section processed by this code is allowed to contain CNAME * or DNAME RR's. for the SOA query this means we strip a label and * keep going. for the NS and A queries this means we just give up. */ @@ -175,7 +176,6 @@ res_findzonecut(res_state statp, const char *dname, ns_class class, int opts, return (result); } #endif - int res_findzonecut2(res_state statp, const char *dname, ns_class class, int opts, char *zname, size_t zsize, union res_sockaddr_union *addrs, @@ -719,3 +719,5 @@ res_dprintf(const char *fmt, ...) { fputc('\n', stderr); va_end(ap); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_init.c b/contrib/bind-9.5.2/lib/bind/resolv/res_init.c similarity index 89% rename from contrib/bind-9.3/lib/bind/resolv/res_init.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_init.c index 004d459fbb..4f79115a52 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_init.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_init.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93"; -static const char rcsid[] = "$Id: res_init.c,v 1.9.2.5.4.6 2006/08/30 23:23:01 marka Exp $"; +static const char rcsid[] = "$Id: res_init.c,v 1.23 2007/07/09 01:43:23 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -96,6 +96,7 @@ static const char rcsid[] = "$Id: res_init.c,v 1.9.2.5.4.6 2006/08/30 23:23:01 m #ifdef _LIBC #include "un-namespace.h" #endif + #include "port_after.h" /* ensure that sockaddr_in6 and IN6ADDR_ANY_INIT are declared / defined */ @@ -103,7 +104,7 @@ static const char rcsid[] = "$Id: res_init.c,v 1.9.2.5.4.6 2006/08/30 23:23:01 m #include "res_private.h" -/* Options. Should all be left alone. */ +/*% Options. Should all be left alone. */ #define RESOLVSORT #define DEBUG @@ -119,7 +120,7 @@ static const char sort_mask[] = "/&"; static u_int32_t net_mask __P((struct in_addr)); #endif -#if !defined(isascii) /* XXX - could be a function */ +#if !defined(isascii) /*%< XXX - could be a function */ # define isascii(c) (!(c & 0200)) #endif @@ -127,7 +128,7 @@ static u_int32_t net_mask __P((struct in_addr)); * Resolver state default settings. */ -/* +/*% * Set up default settings. If the configuration file exist, the values * there will have precedence. Otherwise, the server address is set to * INADDR_ANY and the default domain name comes from the gethostname(). @@ -155,14 +156,14 @@ res_ninit(res_state statp) { return (__res_vinit(statp, 0)); } -/* This function has to be reachable by res_data.c but not publically. */ +/*% This function has to be reachable by res_data.c but not publically. */ int __res_vinit(res_state statp, int preinit) { register FILE *fp; register char *cp, **pp; register int n; char buf[BUFSIZ]; - int nserv = 0; /* number of nameserver records read from file */ + int nserv = 0; /*%< number of nameserver records read from file */ int haveenv = 0; int havesearch = 0; #ifdef RESOLVSORT @@ -171,7 +172,9 @@ __res_vinit(res_state statp, int preinit) { #endif int dots; union res_sockaddr_union u[2]; + int maxns = MAXNS; + RES_SET_H_ERRNO(statp, 0); if (statp->_u._ext.ext != NULL) res_ndestroy(statp); @@ -221,8 +224,22 @@ __res_vinit(res_state statp, int preinit) { statp->_u._ext.ext->nsaddrs[0].sin = statp->nsaddr; strcpy(statp->_u._ext.ext->nsuffix, "ip6.arpa"); strcpy(statp->_u._ext.ext->nsuffix2, "ip6.int"); - } else - return (-1); + } else { + /* + * Historically res_init() rarely, if at all, failed. + * Examples and applications exist which do not check + * our return code. Furthermore several applications + * simply call us to get the systems domainname. So + * rather then immediately fail here we store the + * failure, which is returned later, in h_errno. And + * prevent the collection of 'nameserver' information + * by setting maxns to 0. Thus applications that fail + * to check our return code wont be able to make + * queries anyhow. + */ + RES_SET_H_ERRNO(statp, NETDB_INTERNAL); + maxns = 0; + } #ifdef RESOLVSORT statp->nsort = 0; #endif @@ -243,15 +260,15 @@ __res_vinit(res_state statp, int preinit) { buf[0] = '.'; cp = strchr(buf, '.'); cp = (cp == NULL) ? buf : (cp + 1); - if (strlen(cp) >= sizeof(statp->defdname)) - goto freedata; - strcpy(statp->defdname, cp); + strncpy(statp->defdname, cp, + sizeof(statp->defdname) - 1); + statp->defdname[sizeof(statp->defdname) - 1] = '\0'; } } #endif /* SOLARIS2 */ /* Allow user to override the local domain definition */ - if (issetugid() == 0 && (cp = getenv("LOCALDOMAIN")) != NULL) { + if ((cp = getenv("LOCALDOMAIN")) != NULL) { (void)strncpy(statp->defdname, cp, sizeof(statp->defdname) - 1); statp->defdname[sizeof(statp->defdname) - 1] = '\0'; haveenv++; @@ -267,7 +284,7 @@ __res_vinit(res_state statp, int preinit) { pp = statp->dnsrch; *pp++ = cp; for (n = 0; *cp && pp < statp->dnsrch + MAXDNSRCH; cp++) { - if (*cp == '\n') /* silly backwards compat */ + if (*cp == '\n') /*%< silly backwards compat */ break; else if (*cp == ' ' || *cp == '\t') { *cp = 0; @@ -299,7 +316,7 @@ __res_vinit(res_state statp, int preinit) { continue; /* read default domain name */ if (MATCH(buf, "domain")) { - if (haveenv) /* skip if have from environ */ + if (haveenv) /*%< skip if have from environ */ continue; cp = buf + sizeof("domain") - 1; while (*cp == ' ' || *cp == '\t') @@ -315,7 +332,7 @@ __res_vinit(res_state statp, int preinit) { } /* set search list */ if (MATCH(buf, "search")) { - if (haveenv) /* skip if have from environ */ + if (haveenv) /*%< skip if have from environ */ continue; cp = buf + sizeof("search") - 1; while (*cp == ' ' || *cp == '\t') @@ -351,7 +368,7 @@ __res_vinit(res_state statp, int preinit) { continue; } /* read nameservers to query */ - if (MATCH(buf, "nameserver") && nserv < MAXNS) { + if (MATCH(buf, "nameserver") && nserv < maxns) { struct addrinfo hints, *ai; char sbuf[NI_MAXSERV]; const size_t minsiz = @@ -388,10 +405,6 @@ __res_vinit(res_state statp, int preinit) { #ifdef RESOLVSORT if (MATCH(buf, "sortlist")) { struct in_addr a; - struct in6_addr a6; - int m, i; - u_char *u; - struct __res_state_ext *ext = statp->_u._ext.ext; cp = buf + sizeof("sortlist") - 1; while (nsort < MAXRESOLVSORT) { @@ -426,57 +439,6 @@ __res_vinit(res_state statp, int preinit) { statp->sort_list[nsort].mask = net_mask(statp->sort_list[nsort].addr); } - ext->sort_list[nsort].af = AF_INET; - ext->sort_list[nsort].addr.ina = - statp->sort_list[nsort].addr; - ext->sort_list[nsort].mask.ina.s_addr = - statp->sort_list[nsort].mask; - nsort++; - } - else if (inet_pton(AF_INET6, net, &a6) == 1) { - - ext->sort_list[nsort].af = AF_INET6; - ext->sort_list[nsort].addr.in6a = a6; - u = (u_char *)&ext->sort_list[nsort].mask.in6a; - *cp++ = n; - net = cp; - while (*cp && *cp != ';' && - isascii(*cp) && !isspace(*cp)) - cp++; - m = n; - n = *cp; - *cp = 0; - switch (m) { - case '/': - m = atoi(net); - break; - case '&': - if (inet_pton(AF_INET6, net, u) == 1) { - m = -1; - break; - } - /*FALLTHROUGH*/ - default: - m = sizeof(struct in6_addr) * CHAR_BIT; - break; - } - if (m >= 0) { - for (i = 0; i < sizeof(struct in6_addr); i++) { - if (m <= 0) { - *u = 0; - } else { - m -= CHAR_BIT; - *u = (u_char)~0; - if (m < 0) - *u <<= -m; - } - u++; - } - } - statp->sort_list[nsort].addr.s_addr = - (u_int32_t)0xffffffff; - statp->sort_list[nsort].mask = - (u_int32_t)0xffffffff; nsort++; } *cp = n; @@ -524,7 +486,7 @@ __res_vinit(res_state statp, int preinit) { while (pp < statp->dnsrch + MAXDFLSRCH) { if (dots < LOCALDOMAINPARTS) break; - cp = strchr(cp, '.') + 1; /* we know there is one */ + cp = strchr(cp, '.') + 1; /*%< we know there is one */ *pp++ = cp; dots--; } @@ -539,21 +501,10 @@ __res_vinit(res_state statp, int preinit) { #endif } - if (issetugid()) - statp->options |= RES_NOALIASES; - else if ((cp = getenv("RES_OPTIONS")) != NULL) + if ((cp = getenv("RES_OPTIONS")) != NULL) res_setoptions(statp, cp, "env"); statp->options |= RES_INIT; - return (0); - -#ifdef SOLARIS2 - freedata: - if (statp->_u._ext.ext != NULL) { - free(statp->_u._ext.ext); - statp->_u._ext.ext = NULL; - } - return (-1); -#endif + return (statp->res_h_errno); } static void @@ -637,10 +588,6 @@ res_setoptions(res_state statp, const char *options, const char *source) statp->options |= RES_NOTLDQUERY; } else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) { statp->options |= RES_USE_INET6; - } else if (!strncmp(cp, "insecure1", sizeof("insecure1") - 1)) { - statp->options |= RES_INSECURE1; - } else if (!strncmp(cp, "insecure2", sizeof("insecure2") - 1)) { - statp->options |= RES_INSECURE2; } else if (!strncmp(cp, "rotate", sizeof("rotate") - 1)) { statp->options |= RES_ROTATE; } else if (!strncmp(cp, "no-check-names", @@ -698,7 +645,7 @@ res_setoptions(res_state statp, const char *options, const char *source) #ifdef RESOLVSORT /* XXX - should really support CIDR which means explicit masks always. */ static u_int32_t -net_mask(in) /* XXX - should really use system's version of this */ +net_mask(in) /*!< XXX - should really use system's version of this */ struct in_addr in; { register u_int32_t i = ntohl(in.s_addr); @@ -719,7 +666,7 @@ res_randomid(void) { return (0xffff & (now.tv_sec ^ now.tv_usec ^ getpid())); } -/* +/*% * This routine is for closing the socket if a virtual circuit is used and * the program wants to close it. This provides support for endhostent() * which expects to close the socket. @@ -730,7 +677,7 @@ void res_nclose(res_state statp) { int ns; - if (statp->_vcsock >= 0) { + if (statp->_vcsock >= 0) { #ifndef _LIBC (void) close(statp->_vcsock); #else @@ -872,3 +819,4 @@ res_getservers(res_state statp, union res_sockaddr_union *set, int cnt) { } return (statp->nscount); } +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_mkquery.c b/contrib/bind-9.5.2/lib/bind/resolv/res_mkquery.c similarity index 78% rename from contrib/bind-9.3/lib/bind/resolv/res_mkquery.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_mkquery.c index 8d888e7555..1392b6bbd2 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_mkquery.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_mkquery.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_mkquery.c,v 1.1.2.2.4.2 2004/03/16 12:34:18 marka Exp $"; +static const char rcsid[] = "$Id: res_mkquery.c,v 1.6.672.1 2008/04/03 02:12:21 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -89,20 +89,20 @@ static const char rcsid[] = "$Id: res_mkquery.c,v 1.1.2.2.4.2 2004/03/16 12:34:1 extern const char *_res_opcodes[]; -/* +/*% * Form all types of queries. * Returns the size of the result or -1. */ int res_nmkquery(res_state statp, - int op, /* opcode of query */ - const char *dname, /* domain name */ - int class, int type, /* class and type of query */ - const u_char *data, /* resource record data */ - int datalen, /* length of data */ - const u_char *newrr_in, /* new rr for modify or append */ - u_char *buf, /* buffer to put query */ - int buflen) /* size of buffer */ + int op, /*!< opcode of query */ + const char *dname, /*!< domain name */ + int class, int type, /*!< class and type of query */ + const u_char *data, /*!< resource record data */ + int datalen, /*!< length of data */ + const u_char *newrr_in, /*!< new rr for modify or append */ + u_char *buf, /*!< buffer to put query */ + int buflen) /*!< size of buffer */ { register HEADER *hp; register u_char *cp, *ep; @@ -179,7 +179,7 @@ res_nmkquery(res_state statp, */ if (ep - cp < 1 + RRFIXEDSZ + datalen) return (-1); - *cp++ = '\0'; /* no domain name */ + *cp++ = '\0'; /*%< no domain name */ ns_put16(type, cp); cp += INT16SZ; ns_put16(class, cp); @@ -203,16 +203,13 @@ res_nmkquery(res_state statp, #ifdef RES_USE_EDNS0 /* attach OPT pseudo-RR, as documented in RFC2671 (EDNS0). */ -#ifndef T_OPT -#define T_OPT 41 -#endif int res_nopt(res_state statp, - int n0, /* current offset in buffer */ - u_char *buf, /* buffer to put query */ - int buflen, /* size of buffer */ - int anslen) /* UDP answer buffer size */ + int n0, /*%< current offset in buffer */ + u_char *buf, /*%< buffer to put query */ + int buflen, /*%< size of buffer */ + int anslen) /*%< UDP answer buffer size */ { register HEADER *hp; register u_char *cp, *ep; @@ -230,16 +227,14 @@ res_nopt(res_state statp, if ((ep - cp) < 1 + RRFIXEDSZ) return (-1); - *cp++ = 0; /* "." */ - - ns_put16(T_OPT, cp); /* TYPE */ + *cp++ = 0; /*%< "." */ + ns_put16(ns_t_opt, cp); /*%< TYPE */ cp += INT16SZ; - if (anslen > 0xffff) - anslen = 0xffff; /* limit to 16bit value */ - ns_put16(anslen & 0xffff, cp); /* CLASS = UDP payload size */ + ns_put16(anslen & 0xffff, cp); /*%< CLASS = UDP payload size */ cp += INT16SZ; - *cp++ = NOERROR; /* extended RCODE */ - *cp++ = 0; /* EDNS version */ + *cp++ = NOERROR; /*%< extended RCODE */ + *cp++ = 0; /*%< EDNS version */ + if (statp->options & RES_USE_DNSSEC) { #ifdef DEBUG if (statp->options & RES_DEBUG) @@ -249,10 +244,60 @@ res_nopt(res_state statp, } ns_put16(flags, cp); cp += INT16SZ; - ns_put16(0, cp); /* RDLEN */ + + ns_put16(0U, cp); /*%< RDLEN */ cp += INT16SZ; + hp->arcount = htons(ntohs(hp->arcount) + 1); return (cp - buf); } + +/* + * Construct variable data (RDATA) block for OPT psuedo-RR, append it + * to the buffer, then update the RDLEN field (previously set to zero by + * res_nopt()) with the new RDATA length. + */ +int +res_nopt_rdata(res_state statp, + int n0, /*%< current offset in buffer */ + u_char *buf, /*%< buffer to put query */ + int buflen, /*%< size of buffer */ + u_char *rdata, /*%< ptr to start of opt rdata */ + u_short code, /*%< OPTION-CODE */ + u_short len, /*%< OPTION-LENGTH */ + u_char *data) /*%< OPTION_DATA */ +{ + register u_char *cp, *ep; + +#ifdef DEBUG + if ((statp->options & RES_DEBUG) != 0U) + printf(";; res_nopt_rdata()\n"); #endif + + cp = buf + n0; + ep = buf + buflen; + + if ((ep - cp) < (4 + len)) + return (-1); + + if (rdata < (buf + 2) || rdata >= ep) + return (-1); + + ns_put16(code, cp); + cp += INT16SZ; + + ns_put16(len, cp); + cp += INT16SZ; + + memcpy(cp, data, len); + cp += len; + + len = cp - rdata; + ns_put16(len, rdata - 2); /* Update RDLEN field */ + + return (cp - buf); +} +#endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_mkupdate.c b/contrib/bind-9.5.2/lib/bind/resolv/res_mkupdate.c similarity index 94% rename from contrib/bind-9.3/lib/bind/resolv/res_mkupdate.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_mkupdate.c index a135bf0547..e9b317ac5a 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_mkupdate.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_mkupdate.c @@ -15,13 +15,14 @@ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* +/*! \file + * \brief * Based on the Dynamic DNS reference implementation by Viraj Bais - * + * <viraj_bais@ccm.fm.intel.com> */ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: res_mkupdate.c,v 1.1.2.1.4.5 2005/10/14 05:43:47 marka Exp $"; +static const char rcsid[] = "$Id: res_mkupdate.c,v 1.8 2005/10/14 05:44:26 marka Exp $"; #endif /* not lint */ #include "port_before.h" @@ -70,17 +71,19 @@ static #endif int res_servicenumber(const char *); -/* +/*% * Form update packets. * Returns the size of the resulting packet if no error + * * On error, - * returns -1 if error in reading a word/number in rdata + * returns + *\li -1 if error in reading a word/number in rdata * portion for update packets - * -2 if length of buffer passed is insufficient - * -3 if zone section is not the first section in + *\li -2 if length of buffer passed is insufficient + *\li -3 if zone section is not the first section in * the linked list, or section order has a problem - * -4 on a number overflow - * -5 unknown operation or no records + *\li -4 on a number overflow + *\li -5 unknown operation or no records */ int res_nmkupdate(res_state statp, ns_updrec *rrecp_in, u_char *buf, int buflen) { @@ -200,7 +203,7 @@ res_nmkupdate(res_state statp, ns_updrec *rrecp_in, u_char *buf, int buflen) { } ShrinkBuffer(INT32SZ + INT16SZ); PUTLONG(rttl, cp); - sp2 = cp; /* save pointer to length byte */ + sp2 = cp; /*%< save pointer to length byte */ cp += INT16SZ; if (rrecp->r_size == 0) { if (section == S_UPDATE && rclass != C_ANY) @@ -406,7 +409,7 @@ res_nmkupdate(res_state statp, ns_updrec *rrecp_in, u_char *buf, int buflen) { } break; case T_X25: - /* RFC 1183 */ + /* RFC1183 */ if ((n = getstr_str(buf2, sizeof buf2, &startp, endp)) < 0) return (-1); @@ -418,7 +421,7 @@ res_nmkupdate(res_state statp, ns_updrec *rrecp_in, u_char *buf, int buflen) { cp += n; break; case T_ISDN: - /* RFC 1183 */ + /* RFC1183 */ if ((n = getstr_str(buf2, sizeof buf2, &startp, endp)) < 0) return (-1); @@ -723,7 +726,7 @@ res_nmkupdate(res_state statp, ns_updrec *rrecp_in, u_char *buf, int buflen) { return (cp - buf); } -/* +/*% * Get a whitespace delimited word from a string (not file) * into buf. modify the start pointer to point after the * word in the string. @@ -736,9 +739,9 @@ getword_str(char *buf, int size, u_char **startpp, u_char *endp) { for (cp = buf; *startpp <= endp; ) { c = **startpp; if (isspace(c) || c == '\0') { - if (cp != buf) /* trailing whitespace */ + if (cp != buf) /*%< trailing whitespace */ break; - else { /* leading whitespace */ + else { /*%< leading whitespace */ (*startpp)++; continue; } @@ -752,9 +755,9 @@ getword_str(char *buf, int size, u_char **startpp, u_char *endp) { return (cp != buf); } -/* +/*% * get a white spae delimited string from memory. Process quoted strings - * and \DDD escapes. Return length or -1 on error. Returned string may + * and \\DDD escapes. Return length or -1 on error. Returned string may * contain nulls. */ static char digits[] = "0123456789"; @@ -831,7 +834,8 @@ getstr_str(char *buf, int size, u_char **startpp, u_char *endp) { *cp = '\0'; return ((cp == buf)? (seen_quote? 0: -1): (cp - buf)); } -/* + +/*% * Get a whitespace delimited base 16 number from a string (not file) into buf * update the start pointer to point after the number in the string. */ @@ -847,9 +851,9 @@ gethexnum_str(u_char **startpp, u_char *endp) { for (n = 0; *startpp <= endp; ) { c = **startpp; if (isspace(c) || c == '\0') { - if (seendigit) /* trailing whitespace */ + if (seendigit) /*%< trailing whitespace */ break; - else { /* leading whitespace */ + else { /*%< leading whitespace */ (*startpp)++; continue; } @@ -879,7 +883,7 @@ gethexnum_str(u_char **startpp, u_char *endp) { return (n + m); } -/* +/*% * Get a whitespace delimited base 10 number from a string (not file) into buf * update the start pointer to point after the number in the string. */ @@ -892,9 +896,9 @@ getnum_str(u_char **startpp, u_char *endp) { for (n = 0; *startpp <= endp; ) { c = **startpp; if (isspace(c) || c == '\0') { - if (seendigit) /* trailing whitespace */ + if (seendigit) /*%< trailing whitespace */ break; - else { /* leading whitespace */ + else { /*%< leading whitespace */ (*startpp)++; continue; } @@ -921,7 +925,7 @@ getnum_str(u_char **startpp, u_char *endp) { return (n + m); } -/* +/*% * Allocate a resource record buffer & save rr info. */ ns_updrec * @@ -943,7 +947,7 @@ res_mkupdrec(int section, const char *dname, return (rrecp); } -/* +/*% * Free a resource record buffer created by res_mkupdrec. */ void @@ -985,7 +989,7 @@ res_buildservicelist() { free(slp); break; } - slp->port = ntohs((u_int16_t)sp->s_port); /* host byt order */ + slp->port = ntohs((u_int16_t)sp->s_port); /*%< host byt order */ slp->next = servicelist; slp->prev = NULL; if (servicelist) @@ -1029,7 +1033,7 @@ res_buildprotolist(void) { free(slp); break; } - slp->port = pp->p_proto; /* host byte order */ + slp->port = pp->p_proto; /*%< host byte order */ slp->next = protolist; slp->prev = NULL; if (protolist) @@ -1068,14 +1072,14 @@ findservice(const char *s, struct valuelist **list) { lp->next = *list; *list = lp; } - return (lp->port); /* host byte order */ + return (lp->port); /*%< host byte order */ } if (sscanf(s, "%d", &n) != 1 || n <= 0) n = -1; return (n); } -/* +/*% * Convert service name or (ascii) number to int. */ #ifdef _LIBC @@ -1088,7 +1092,7 @@ res_servicenumber(const char *p) { return (findservice(p, &servicelist)); } -/* +/*% * Convert protocol name or (ascii) number to int. */ #ifdef _LIBC @@ -1103,14 +1107,14 @@ res_protocolnumber(const char *p) { #ifndef _LIBC static struct servent * -cgetservbyport(u_int16_t port, const char *proto) { /* Host byte order. */ +cgetservbyport(u_int16_t port, const char *proto) { /*%< Host byte order. */ struct valuelist **list = &servicelist; struct valuelist *lp = *list; static struct servent serv; port = ntohs(port); for (; lp != NULL; lp = lp->next) { - if (port != (u_int16_t)lp->port) /* Host byte order. */ + if (port != (u_int16_t)lp->port) /*%< Host byte order. */ continue; if (strcasecmp(lp->proto, proto) == 0) { if (lp != *list) { @@ -1131,13 +1135,13 @@ cgetservbyport(u_int16_t port, const char *proto) { /* Host byte order. */ } static struct protoent * -cgetprotobynumber(int proto) { /* Host byte order. */ +cgetprotobynumber(int proto) { /*%< Host byte order. */ struct valuelist **list = &protolist; struct valuelist *lp = *list; static struct protoent prot; for (; lp != NULL; lp = lp->next) - if (lp->port == proto) { /* Host byte order. */ + if (lp->port == proto) { /*%< Host byte order. */ if (lp != *list) { lp->prev->next = lp->next; if (lp->next) @@ -1147,7 +1151,7 @@ cgetprotobynumber(int proto) { /* Host byte order. */ *list = lp; } prot.p_name = lp->name; - prot.p_proto = lp->port; /* Host byte order. */ + prot.p_proto = lp->port; /*%< Host byte order. */ return (&prot); } return (0); @@ -1169,7 +1173,7 @@ res_protocolname(int num) { } const char * -res_servicename(u_int16_t port, const char *proto) { /* Host byte order. */ +res_servicename(u_int16_t port, const char *proto) { /*%< Host byte order. */ static char number[8]; struct servent *ss; @@ -1182,4 +1186,4 @@ res_servicename(u_int16_t port, const char *proto) { /* Host byte order. */ } return (ss->s_name); } -#endif +#endif /* !_LIBC */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_mkupdate.h b/contrib/bind-9.5.2/lib/bind/resolv/res_mkupdate.h similarity index 98% rename from contrib/bind-9.3/lib/bind/resolv/res_mkupdate.h rename to contrib/bind-9.5.2/lib/bind/resolv/res_mkupdate.h index a8f1e7ce95..96c452d89e 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_mkupdate.h +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_mkupdate.h @@ -22,3 +22,4 @@ __BEGIN_DECLS __END_DECLS #endif /* _RES_MKUPDATE_H_ */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_private.h b/contrib/bind-9.5.2/lib/bind/resolv/res_private.h similarity index 96% rename from contrib/bind-9.3/lib/bind/resolv/res_private.h rename to contrib/bind-9.5.2/lib/bind/resolv/res_private.h index d7b66cd691..4e98157ced 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_private.h +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_private.h @@ -18,3 +18,5 @@ extern int res_ourserver_p(const res_state statp, const struct sockaddr *sa); #endif + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_query.c b/contrib/bind-9.5.2/lib/bind/resolv/res_query.c similarity index 86% rename from contrib/bind-9.3/lib/bind/resolv/res_query.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_query.c index 62e953e4ab..4a39c8bba3 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_query.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_query.c @@ -70,7 +70,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_query.c,v 1.2.2.3.4.2 2004/03/16 12:34:19 marka Exp $"; +static const char rcsid[] = "$Id: res_query.c,v 1.8.672.2 2008/04/03 10:49:22 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include "port_before.h" @@ -86,7 +86,6 @@ static const char rcsid[] = "$Id: res_query.c,v 1.2.2.3.4.2 2004/03/16 12:34:19 #include #include #include -#include #include "port_after.h" /* Options. Leave them on. */ @@ -98,7 +97,7 @@ static const char rcsid[] = "$Id: res_query.c,v 1.2.2.3.4.2 2004/03/16 12:34:19 #define MAXPACKET 1024 #endif -/* +/*% * Formulate a normal query, send, and await answer. * Returned answer is placed in supplied buffer "answer". * Perform preliminary check of answer, returning success only @@ -110,21 +109,21 @@ static const char rcsid[] = "$Id: res_query.c,v 1.2.2.3.4.2 2004/03/16 12:34:19 */ int res_nquery(res_state statp, - const char *name, /* domain name */ - int class, int type, /* class and type of query */ - u_char *answer, /* buffer to put answer */ - int anslen) /* size of answer buffer */ + const char *name, /*%< domain name */ + int class, int type, /*%< class and type of query */ + u_char *answer, /*%< buffer to put answer */ + int anslen) /*%< size of answer buffer */ { u_char buf[MAXPACKET]; HEADER *hp = (HEADER *) answer; - int n; u_int oflags; + u_char *rdata; + int n; oflags = statp->_flags; again: - hp->rcode = NOERROR; /* default */ - + hp->rcode = NOERROR; /*%< default */ #ifdef DEBUG if (statp->options & RES_DEBUG) printf(";; res_query(%s, %d, %d)\n", name, class, type); @@ -134,8 +133,14 @@ again: buf, sizeof(buf)); #ifdef RES_USE_EDNS0 if (n > 0 && (statp->_flags & RES_F_EDNS0ERR) == 0 && - (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC)) != 0U) + (statp->options & (RES_USE_EDNS0|RES_USE_DNSSEC|RES_NSID))) { n = res_nopt(statp, n, buf, sizeof(buf), anslen); + rdata = &buf[n]; + if (n > 0 && (statp->options & RES_NSID) != 0U) { + n = res_nopt_rdata(statp, n, buf, sizeof(buf), rdata, + NS_OPT_NSID, 0, NULL); + } + } #endif if (n <= 0) { #ifdef DEBUG @@ -145,6 +150,7 @@ again: RES_SET_H_ERRNO(statp, NO_RECOVERY); return (n); } + n = res_nsend(statp, buf, n, answer, anslen); if (n < 0) { #ifdef RES_USE_EDNS0 @@ -196,7 +202,7 @@ again: return (n); } -/* +/*% * Formulate a normal query, send, and retrieve answer in supplied buffer. * Return the size of the response on success, -1 on error. * If enabled, implement search rules until answer or unrecoverable failure @@ -204,10 +210,10 @@ again: */ int res_nsearch(res_state statp, - const char *name, /* domain name */ - int class, int type, /* class and type of query */ - u_char *answer, /* buffer to put answer */ - int anslen) /* size of answer */ + const char *name, /*%< domain name */ + int class, int type, /*%< class and type of query */ + u_char *answer, /*%< buffer to put answer */ + int anslen) /*%< size of answer */ { const char *cp, * const *domain; HEADER *hp = (HEADER *) answer; @@ -219,8 +225,7 @@ res_nsearch(res_state statp, int searched = 0; errno = 0; - RES_SET_H_ERRNO(statp, HOST_NOT_FOUND); /* True if we never query. */ - + RES_SET_H_ERRNO(statp, HOST_NOT_FOUND); /*%< True if we never query. */ dots = 0; for (cp = name; *cp != '\0'; cp++) dots += (*cp == '.'); @@ -243,21 +248,6 @@ res_nsearch(res_state statp, answer, anslen); if (ret > 0 || trailing_dot) return (ret); - if (errno == ECONNREFUSED) { - RES_SET_H_ERRNO(statp, TRY_AGAIN); - return (-1); - } - switch (statp->res_h_errno) { - case NO_DATA: - case HOST_NOT_FOUND: - break; - case TRY_AGAIN: - if (hp->rcode == SERVFAIL) - break; - /* FALLTHROUGH */ - default: - return (-1); - } saved_herrno = statp->res_h_errno; tried_as_is++; } @@ -281,9 +271,6 @@ res_nsearch(res_state statp, (domain[0][0] == '.' && domain[0][1] == '\0')) root_on_list++; - if (root_on_list && tried_as_is) - continue; - ret = res_nquerydomain(statp, name, *domain, class, type, answer, anslen); @@ -316,26 +303,9 @@ res_nsearch(res_state statp, /* keep trying */ break; case TRY_AGAIN: - /* - * This can occur due to a server failure - * (that is, all listed servers have failed), - * or all listed servers have timed out. - * ((HEADER *)answer)->rcode may not be set - * to SERVFAIL in the case of a timeout. - * - * Either way we must return TRY_AGAIN in - * order to avoid non-deterministic - * return codes. - * For example, loaded name servers or races - * against network startup/validation (dhcp, - * ppp, etc) can cause the search to timeout - * on one search element, e.g. 'fu.bar.com', - * and return a definitive failure on the - * next search element, e.g. 'fu.'. - */ - got_servfail++; if (hp->rcode == SERVFAIL) { /* try next search element, if any */ + got_servfail++; break; } /* FALLTHROUGH */ @@ -352,18 +322,6 @@ res_nsearch(res_state statp, } } - switch (statp->res_h_errno) { - case NO_DATA: - case HOST_NOT_FOUND: - break; - case TRY_AGAIN: - if (hp->rcode == SERVFAIL) - break; - /* FALLTHROUGH */ - default: - goto giveup; - } - /* * If the query has not already been tried as is then try it * unless RES_NOTLDQUERY is set and there were no dots. @@ -383,7 +341,6 @@ res_nsearch(res_state statp, * else send back meaningless H_ERRNO, that being the one from * the last DNSRCH we did. */ -giveup: if (saved_herrno != -1) RES_SET_H_ERRNO(statp, saved_herrno); else if (got_nodata) @@ -393,7 +350,7 @@ giveup: return (-1); } -/* +/*% * Perform a call on res_query on the concatenation of name and domain, * removing a trailing dot from name if domain is NULL. */ @@ -401,9 +358,9 @@ int res_nquerydomain(res_state statp, const char *name, const char *domain, - int class, int type, /* class and type of query */ - u_char *answer, /* buffer to put answer */ - int anslen) /* size of answer */ + int class, int type, /*%< class and type of query */ + u_char *answer, /*%< buffer to put answer */ + int anslen) /*%< size of answer */ { char nbuf[MAXDNAME]; const char *longname = nbuf; @@ -450,8 +407,6 @@ res_hostalias(const res_state statp, const char *name, char *dst, size_t siz) { if (statp->options & RES_NOALIASES) return (NULL); - if (issetugid()) - return (NULL); file = getenv("HOSTALIASES"); if (file == NULL || (fp = fopen(file, "r")) == NULL) return (NULL); @@ -481,3 +436,5 @@ res_hostalias(const res_state statp, const char *name, char *dst, size_t siz) { fclose(fp); return (NULL); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_send.c b/contrib/bind-9.5.2/lib/bind/resolv/res_send.c similarity index 93% rename from contrib/bind-9.3/lib/bind/resolv/res_send.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_send.c index 08abfe0cfe..9900dc6e36 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_send.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_send.c @@ -70,10 +70,11 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_send.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.9 2006/10/16 23:00:50 marka Exp $"; +static const char rcsid[] = "$Id: res_send.c,v 1.18.10.1 2008/01/27 02:06:46 marka Exp $"; #endif /* LIBC_SCCS and not lint */ -/* +/*! \file + * \brief * Send query to name server and wait for reply. */ @@ -110,6 +111,7 @@ static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.9 2006/10/16 23:00:50 m #ifdef USE_KQUEUE #include #else + #ifdef USE_POLL #ifdef HAVE_STROPTS_H #include @@ -131,6 +133,8 @@ static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.9 2006/10/16 23:00:50 m #if !defined(USE_POLL) && !defined(USE_KQUEUE) static const int highestFD = FD_SETSIZE - 1; +#else +static int highestFD = 0; #endif /* Forward. */ @@ -161,14 +165,15 @@ static const int niflags = NI_NUMERICHOST | NI_NUMERICSERV; /* Public. */ -/* int - * res_isourserver(ina) +/*% * looks up "ina" in _res.ns_addr_list[] + * * returns: - * 0 : not found - * >0 : found + *\li 0 : not found + *\li >0 : found + * * author: - * paul vixie, 29may94 + *\li paul vixie, 29may94 */ int res_ourserver_p(const res_state statp, const struct sockaddr *sa) { @@ -211,17 +216,19 @@ res_ourserver_p(const res_state statp, const struct sockaddr *sa) { return (0); } -/* int - * res_nameinquery(name, type, class, buf, eom) +/*% * look for (name,type,class) in the query section of packet (buf,eom) + * * requires: - * buf + HFIXEDSZ <= eom + *\li buf + HFIXEDSZ <= eom + * * returns: - * -1 : format error - * 0 : not found - * >0 : found + *\li -1 : format error + *\li 0 : not found + *\li >0 : found + * * author: - * paul vixie, 29may94 + *\li paul vixie, 29may94 */ int res_nameinquery(const char *name, int type, int class, @@ -249,16 +256,17 @@ res_nameinquery(const char *name, int type, int class, return (0); } -/* int - * res_queriesmatch(buf1, eom1, buf2, eom2) +/*% * is there a 1:1 mapping of (name,type,class) * in (buf1,eom1) and (buf2,eom2)? + * * returns: - * -1 : format error - * 0 : not a 1:1 mapping - * >0 : is a 1:1 mapping + *\li -1 : format error + *\li 0 : not a 1:1 mapping + *\li >0 : is a 1:1 mapping + * * author: - * paul vixie, 29may94 + *\li paul vixie, 29may94 */ int res_queriesmatch(const u_char *buf1, const u_char *eom1, @@ -302,12 +310,16 @@ int res_nsend(res_state statp, const u_char *buf, int buflen, u_char *ans, int anssiz) { - int gotsomewhere, terrno, try, v_circuit, resplen, ns, n; + int gotsomewhere, terrno, tries, v_circuit, resplen, ns, n; #ifdef USE_KQUEUE int kq; #endif char abuf[NI_MAXHOST]; +#ifdef USE_POLL + highestFD = sysconf(_SC_OPEN_MAX) - 1; +#endif + /* No name servers or res_init() failure */ if (statp->nscount == 0 || EXT(statp).ext == NULL) { errno = ESRCH; @@ -424,7 +436,7 @@ res_nsend(res_state statp, /* * Send request, RETRY times, or until successful. */ - for (try = 0; try < statp->retry; try++) { + for (tries = 0; tries < statp->retry; tries++) { for (ns = 0; ns < statp->nscount; ns++) { struct sockaddr *nsap; int nsaplen; @@ -475,7 +487,7 @@ res_nsend(res_state statp, if (v_circuit) { /* Use VC; at most one attempt per server. */ - try = statp->retry; + tries = statp->retry; n = send_vc(statp, buf, buflen, ans, anssiz, &terrno, ns); if (n < 0) @@ -487,10 +499,10 @@ res_nsend(res_state statp, /* Use datagrams. */ n = send_dg(statp, #ifdef USE_KQUEUE - kq, + kq, #endif - buf, buflen, ans, anssiz, &terrno, - ns, try, &v_circuit, &gotsomewhere); + buf, buflen, ans, anssiz, &terrno, + ns, tries, &v_circuit, &gotsomewhere); if (n < 0) goto fail; if (n == 0) @@ -561,9 +573,9 @@ res_nsend(res_state statp, #endif if (!v_circuit) { if (!gotsomewhere) - errno = ECONNREFUSED; /* no nameservers found */ + errno = ECONNREFUSED; /*%< no nameservers found */ else - errno = ETIMEDOUT; /* no answer obtained */ + errno = ETIMEDOUT; /*%< no answer obtained */ } else errno = terrno; return (-1); @@ -590,10 +602,10 @@ get_salen(sa) else if (sa->sa_family == AF_INET6) return (sizeof(struct sockaddr_in6)); else - return (0); /* unknown, die on connect */ + return (0); /*%< unknown, die on connect */ } -/* +/*% * pick appropriate nsaddr_list for use. see res_init() for initialization. */ static struct sockaddr * @@ -633,6 +645,9 @@ send_vc(res_state statp, u_short len; u_char *cp; void *tmp; +#ifdef SO_NOSIGPIPE + int on = 1; +#endif nsap = get_nsaddr(statp, ns); nsaplen = get_salen(nsap); @@ -645,7 +660,6 @@ send_vc(res_state statp, if (statp->_vcsock >= 0 && (statp->_flags & RES_F_VC) != 0) { struct sockaddr_storage peer; ISC_SOCKLEN_T size = sizeof peer; - #ifndef _LIBC if (getpeername(statp->_vcsock, #else @@ -661,7 +675,6 @@ send_vc(res_state statp, if (statp->_vcsock < 0 || (statp->_flags & RES_F_VC) == 0) { if (statp->_vcsock >= 0) res_nclose(statp); - #ifndef _LIBC statp->_vcsock = socket(nsap->sa_family, SOCK_STREAM, 0); #else @@ -688,6 +701,17 @@ send_vc(res_state statp, return (-1); } } +#ifdef SO_NOSIGPIPE + /* + * Disable generation of SIGPIPE when writing to a closed + * socket. Write should return -1 and set errno to EPIPE + * instead. + * + * Push on even if setsockopt(SO_NOSIGPIPE) fails. + */ + (void)setsockopt(statp->_vcsock, SOL_SOCKET, SO_NOSIGPIPE, &on, + sizeof(on)); +#endif errno = 0; #ifndef _LIBC if (connect(statp->_vcsock, nsap, nsaplen) < 0) { @@ -839,7 +863,7 @@ send_dg(res_state statp, int kq, #endif const u_char *buf, int buflen, u_char *ans, - int anssiz, int *terrno, int ns, int try, int *v_circuit, + int anssiz, int *terrno, int ns, int tries, int *v_circuit, int *gotsomewhere) { const HEADER *hp = (const HEADER *) buf; @@ -903,18 +927,18 @@ send_dg(res_state statp, * the absence of a nameserver without timing out. * * - * When the option "insecure1" is specified, we'd - * rather expect to see responses from an "unknown" - * address. In order to let the kernel accept such - * responses, do not connect the socket here. - * XXX: or do we need an explicit option to disable - * connecting? - */ + * When the option "insecure1" is specified, we'd + * rather expect to see responses from an "unknown" + * address. In order to let the kernel accept such + * responses, do not connect the socket here. + * XXX: or do we need an explicit option to disable + * connecting? + */ if (!(statp->options & RES_INSECURE1) && #ifndef _LIBC - connect(EXT(statp).nssocks[ns], nsap, nsaplen) < 0) { + connect(EXT(statp).nssocks[ns], nsap, nsaplen) < 0) { #else - _connect(EXT(statp).nssocks[ns], nsap, nsaplen) < 0) { + _connect(EXT(statp).nssocks[ns], nsap, nsaplen) < 0) { #endif Aerror(statp, stderr, "connect(dg)", errno, nsap, nsaplen); @@ -927,13 +951,13 @@ send_dg(res_state statp, } s = EXT(statp).nssocks[ns]; #ifndef CANNOT_CONNECT_DGRAM - if (statp->options & RES_INSECURE1) { + if (statp->options & RES_INSECURE1) { #ifndef _LIBC if (sendto(s, #else if (_sendto(s, #endif - (const char*)buf, buflen, 0, nsap, nsaplen) != buflen) { + (const char*)buf, buflen, 0, nsap, nsaplen) != buflen) { Aerror(statp, stderr, "sendto", errno, nsap, nsaplen); res_nclose(statp); return (0); @@ -959,7 +983,7 @@ send_dg(res_state statp, /* * Wait for reply. */ - seconds = (statp->retrans << try); + seconds = (statp->retrans << tries); if (ns > 0) seconds /= statp->nscount; if (seconds <= 0) diff --git a/contrib/bind-9.3/lib/bind/resolv/res_sendsigned.c b/contrib/bind-9.5.2/lib/bind/resolv/res_sendsigned.c similarity index 98% rename from contrib/bind-9.3/lib/bind/resolv/res_sendsigned.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_sendsigned.c index 93ad5c9795..63ae07ce3d 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_sendsigned.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_sendsigned.c @@ -24,7 +24,7 @@ #include "res_debug.h" -/* res_nsendsigned */ +/*% res_nsendsigned */ int res_nsendsigned(res_state statp, const u_char *msg, int msglen, ns_tsig_key *key, u_char *answer, int anslen) @@ -166,3 +166,5 @@ retry: dst_free_key(dstkey); return (len); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/bind/resolv/res_update.c b/contrib/bind-9.5.2/lib/bind/resolv/res_update.c similarity index 97% rename from contrib/bind-9.3/lib/bind/resolv/res_update.c rename to contrib/bind-9.5.2/lib/bind/resolv/res_update.c index d8ed05fe8a..63259e1c4d 100644 --- a/contrib/bind-9.3/lib/bind/resolv/res_update.c +++ b/contrib/bind-9.5.2/lib/bind/resolv/res_update.c @@ -1,5 +1,5 @@ #if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: res_update.c,v 1.6.2.4.4.2 2004/03/16 12:34:20 marka Exp $"; +static const char rcsid[] = "$Id: res_update.c,v 1.13 2005/04/27 04:56:43 sra Exp $"; #endif /* not lint */ /* @@ -19,9 +19,10 @@ static const char rcsid[] = "$Id: res_update.c,v 1.6.2.4.4.2 2004/03/16 12:34:20 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* +/*! \file + * \brief * Based on the Dynamic DNS reference implementation by Viraj Bais - * + * <viraj_bais@ccm.fm.intel.com> */ #include "port_before.h" @@ -49,7 +50,7 @@ static const char rcsid[] = "$Id: res_update.c,v 1.6.2.4.4.2 2004/03/16 12:34:20 #include "port_after.h" #include "res_private.h" -/* +/*% * Separate a linked list of records into groups so that all records * in a group will belong to a single zone on the nameserver. * Create a dynamic update packet for each zone and send it to the diff --git a/contrib/bind-9.3/lib/isccfg/api b/contrib/bind-9.5.2/lib/bind9/api similarity index 60% copy from contrib/bind-9.3/lib/isccfg/api copy to contrib/bind-9.5.2/lib/bind9/api index 59ed93b011..9758da41d8 100644 --- a/contrib/bind-9.3/lib/isccfg/api +++ b/contrib/bind-9.5.2/lib/bind9/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 1 +LIBINTERFACE = 40 LIBREVISION = 6 LIBAGE = 0 diff --git a/contrib/bind-9.3/lib/bind9/check.c b/contrib/bind-9.5.2/lib/bind9/check.c similarity index 56% rename from contrib/bind-9.3/lib/bind9/check.c rename to contrib/bind-9.5.2/lib/bind9/check.c index 2079a8477a..4dd7200b46 100644 --- a/contrib/bind-9.3/lib/bind9/check.c +++ b/contrib/bind-9.5.2/lib/bind9/check.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.c,v 1.37.6.34 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: check.c,v 1.86.10.11 2009/06/03 07:08:20 marka Exp $ */ + +/*! \file */ #include #include -#include #include #include @@ -30,14 +31,17 @@ #include #include #include +#include #include #include +#include #include #include #include #include +#include #include #include @@ -118,10 +122,12 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { "rrset-order: missing ordering"); result = ISC_R_FAILURE; } else if (strcasecmp(cfg_obj_asstring(obj), "fixed") == 0) { +#if !DNS_RDATASET_FIXED cfg_obj_log(obj, logctx, ISC_LOG_WARNING, - "rrset-order: order 'fixed' not fully implemented"); - } else if (/* strcasecmp(cfg_obj_asstring(obj), "fixed") != 0 && */ - strcasecmp(cfg_obj_asstring(obj), "random") != 0 && + "rrset-order: order 'fixed' was disabled at " + "compilation time"); +#endif + } else if (strcasecmp(cfg_obj_asstring(obj), "random") != 0 && strcasecmp(cfg_obj_asstring(obj), "cyclic") != 0) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "rrset-order: invalid order '%s'", @@ -213,13 +219,24 @@ check_dual_stack(const cfg_obj_t *options, isc_log_t *logctx) { } static isc_result_t -check_forward(const cfg_obj_t *options, isc_log_t *logctx) { +check_forward(const cfg_obj_t *options, const cfg_obj_t *global, + isc_log_t *logctx) +{ const cfg_obj_t *forward = NULL; const cfg_obj_t *forwarders = NULL; (void)cfg_map_get(options, "forward", &forward); (void)cfg_map_get(options, "forwarders", &forwarders); + if (forwarders != NULL && global != NULL) { + const char *file = cfg_obj_file(global); + unsigned int line = cfg_obj_line(global); + cfg_obj_log(forwarders, logctx, ISC_LOG_ERROR, + "forwarders declared in root zone and " + "in general configuration: %s:%u", + file, line); + return (ISC_R_FAILURE); + } if (forward != NULL && forwarders == NULL) { cfg_obj_log(forward, logctx, ISC_LOG_ERROR, "no matching 'forwarders' statement"); @@ -272,7 +289,8 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) { } if (tresult != ISC_R_SUCCESS) { cfg_obj_log(cfg_listelt_value(element), logctx, - ISC_LOG_ERROR, "invalid algorithm"); + ISC_LOG_ERROR, "invalid algorithm '%s'", + r.base); result = tresult; } } @@ -345,6 +363,133 @@ mustbesecure(const cfg_obj_t *secure, isc_symtab_t *symtab, isc_log_t *logctx, return (result); } +static isc_result_t +checkacl(const char *aclname, cfg_aclconfctx_t *actx, const cfg_obj_t *zconfig, + const cfg_obj_t *voptions, const cfg_obj_t *config, + isc_log_t *logctx, isc_mem_t *mctx) +{ + isc_result_t result; + const cfg_obj_t *aclobj = NULL; + const cfg_obj_t *options; + dns_acl_t *acl = NULL; + + if (zconfig != NULL) { + options = cfg_tuple_get(zconfig, "options"); + cfg_map_get(options, aclname, &aclobj); + } + if (voptions != NULL && aclobj == NULL) + cfg_map_get(voptions, aclname, &aclobj); + if (config != NULL && aclobj == NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, aclname, &aclobj); + } + if (aclobj == NULL) + return (ISC_R_SUCCESS); + result = cfg_acl_fromconfig(aclobj, config, logctx, + actx, mctx, 0, &acl); + if (acl != NULL) + dns_acl_detach(&acl); + return (result); +} + +static isc_result_t +check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, + const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) +{ + isc_result_t result = ISC_R_SUCCESS, tresult; + int i = 0; + + static const char *acls[] = { "allow-query", "allow-query-on", + "allow-query-cache", "allow-query-cache-on", + "blackhole", "match-clients", "match-destinations", + "sortlist", NULL }; + + while (acls[i] != NULL) { + tresult = checkacl(acls[i++], actx, NULL, voptions, config, + logctx, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + return (result); +} + +/* + * Check allow-recursion and allow-recursion-on acls, and also log a + * warning if they're inconsistent with the "recursion" option. + */ +static isc_result_t +check_recursionacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, + const char *viewname, const cfg_obj_t *config, + isc_log_t *logctx, isc_mem_t *mctx) +{ + const cfg_obj_t *options, *aclobj, *obj = NULL; + dns_acl_t *acl = NULL; + isc_result_t result = ISC_R_SUCCESS, tresult; + isc_boolean_t recursion; + const char *forview = " for view "; + int i = 0; + + static const char *acls[] = { "allow-recursion", "allow-recursion-on", + NULL }; + + if (voptions != NULL) + cfg_map_get(voptions, "recursion", &obj); + if (obj == NULL && config != NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, "recursion", &obj); + } + if (obj == NULL) + recursion = ISC_TRUE; + else + recursion = cfg_obj_asboolean(obj); + + if (viewname == NULL) { + viewname = ""; + forview = ""; + } + + for (i = 0; acls[i] != NULL; i++) { + aclobj = options = NULL; + acl = NULL; + + if (voptions != NULL) + cfg_map_get(voptions, acls[i], &aclobj); + if (config != NULL && aclobj == NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, acls[i], &aclobj); + } + if (aclobj == NULL) + continue; + + tresult = cfg_acl_fromconfig(aclobj, config, logctx, + actx, mctx, 0, &acl); + + if (tresult != ISC_R_SUCCESS) + result = tresult; + + if (acl == NULL) + continue; + + if (recursion == ISC_FALSE && !dns_acl_isnone(acl)) { + cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING, + "both \"recursion no;\" and " + "\"%s\" active%s%s", + acls[i], forview, viewname); + } + + if (acl != NULL) + dns_acl_detach(&acl); + } + + return (result); +} + typedef struct { const char *name; unsigned int scale; @@ -359,6 +504,10 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { const cfg_obj_t *obj = NULL; const cfg_listelt_t *element; isc_symtab_t *symtab = NULL; + dns_fixedname_t fixed; + const char *str; + dns_name_t *name; + isc_buffer_t b; static intervaltable intervals[] = { { "cleaning-interval", 60, 28 * 24 * 60 }, /* 28 days */ @@ -400,8 +549,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { (void)cfg_map_get(options, "preferred-glue", &obj); if (obj != NULL) { const char *str; - str = cfg_obj_asstring(obj); - if (strcasecmp(str, "a") != 0 && + str = cfg_obj_asstring(obj); + if (strcasecmp(str, "a") != 0 && strcasecmp(str, "aaaa") != 0 && strcasecmp(str, "none") != 0) cfg_obj_log(obj, logctx, ISC_LOG_ERROR, @@ -430,7 +579,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(name, &b, dns_rootname, - ISC_FALSE, NULL); + ISC_FALSE, NULL); if (tresult != ISC_R_SUCCESS) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "bad domain name '%s'", @@ -440,7 +589,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { } } } - + /* * Set supported DNSSEC algorithms. */ @@ -458,6 +607,9 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { } } + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + /* * Check the DLV zone name. */ @@ -465,23 +617,18 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { (void)cfg_map_get(options, "dnssec-lookaside", &obj); if (obj != NULL) { tresult = isc_symtab_create(mctx, 100, freekey, mctx, - ISC_TRUE, &symtab); + ISC_FALSE, &symtab); if (tresult != ISC_R_SUCCESS) result = tresult; for (element = cfg_list_first(obj); element != NULL; element = cfg_list_next(element)) { - dns_fixedname_t fixedname; - dns_name_t *name; const char *dlv; - isc_buffer_t b; obj = cfg_listelt_value(element); dlv = cfg_obj_asstring(cfg_tuple_get(obj, "domain")); - dns_fixedname_init(&fixedname); - name = dns_fixedname_name(&fixedname); isc_buffer_init(&b, dlv, strlen(dlv)); isc_buffer_add(&b, strlen(dlv)); tresult = dns_name_fromtext(name, &b, dns_rootname, @@ -490,6 +637,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "bad domain name '%s'", dlv); result = tresult; + continue; } if (symtab != NULL) { tresult = nameexist(obj, dlv, 1, symtab, @@ -514,7 +662,6 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { } dlv = cfg_obj_asstring(cfg_tuple_get(obj, "trust-anchor")); - dns_fixedname_init(&fixedname); isc_buffer_init(&b, dlv, strlen(dlv)); isc_buffer_add(&b, strlen(dlv)); tresult = dns_name_fromtext(name, &b, dns_rootname, @@ -554,6 +701,72 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { isc_symtab_destroy(&symtab); } + /* + * Check empty zone configuration. + */ + obj = NULL; + (void)cfg_map_get(options, "empty-server", &obj); + if (obj != NULL) { + str = cfg_obj_asstring(obj); + isc_buffer_init(&b, str, strlen(str)); + isc_buffer_add(&b, strlen(str)); + tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, + dns_rootname, ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "empty-server: invalid name '%s'", str); + result = ISC_R_FAILURE; + } + } + + obj = NULL; + (void)cfg_map_get(options, "empty-contact", &obj); + if (obj != NULL) { + str = cfg_obj_asstring(obj); + isc_buffer_init(&b, str, strlen(str)); + isc_buffer_add(&b, strlen(str)); + tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, + dns_rootname, ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "empty-contact: invalid name '%s'", str); + result = ISC_R_FAILURE; + } + } + + obj = NULL; + (void)cfg_map_get(options, "disable-empty-zone", &obj); + for (element = cfg_list_first(obj); + element != NULL; + element = cfg_list_next(element)) + { + obj = cfg_listelt_value(element); + str = cfg_obj_asstring(obj); + isc_buffer_init(&b, str, strlen(str)); + isc_buffer_add(&b, strlen(str)); + tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, + dns_rootname, ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "disable-empty-zone: invalid name '%s'", + str); + result = ISC_R_FAILURE; + } + } + + /* + * Check that server-id is not too long. + * 1024 bytes should be big enough. + */ + obj = NULL; + (void)cfg_map_get(options, "server-id", &obj); + if (obj != NULL && cfg_obj_isstring(obj) && + strlen(cfg_obj_asstring(obj)) > 1024U) { + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "'server-id' too big (>1024 bytes)"); + result = ISC_R_FAILURE; + } + return (result); } @@ -585,7 +798,7 @@ get_masters_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) static isc_result_t validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, - isc_uint32_t *countp, isc_log_t *logctx, isc_mem_t *mctx) + isc_uint32_t *countp, isc_log_t *logctx, isc_mem_t *mctx) { isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; @@ -607,7 +820,7 @@ validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, newlist: list = cfg_tuple_get(obj, "addresses"); element = cfg_list_first(list); - resume: + resume: for ( ; element != NULL; element = cfg_list_next(element)) @@ -658,8 +871,11 @@ validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, if (new == NULL) goto cleanup; if (stackcount != 0) { + void *ptr; + + DE_CONST(stack, ptr); memcpy(new, stack, oldsize); - isc_mem_put(mctx, stack, oldsize); + isc_mem_put(mctx, ptr, oldsize); } stack = new; stackcount = newlen; @@ -672,19 +888,98 @@ validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, goto resume; } cleanup: - if (stack != NULL) - isc_mem_put(mctx, stack, stackcount * sizeof(*stack)); + if (stack != NULL) { + void *ptr; + + DE_CONST(stack, ptr); + isc_mem_put(mctx, ptr, stackcount * sizeof(*stack)); + } isc_symtab_destroy(&symtab); *countp = count; return (result); } +static isc_result_t +check_update_policy(const cfg_obj_t *policy, isc_log_t *logctx) { + isc_result_t result = ISC_R_SUCCESS; + isc_result_t tresult; + const cfg_listelt_t *element; + const cfg_listelt_t *element2; + dns_fixedname_t fixed; + const char *str; + isc_buffer_t b; + + for (element = cfg_list_first(policy); + element != NULL; + element = cfg_list_next(element)) + { + const cfg_obj_t *stmt = cfg_listelt_value(element); + const cfg_obj_t *identity = cfg_tuple_get(stmt, "identity"); + const cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype"); + const cfg_obj_t *dname = cfg_tuple_get(stmt, "name"); + const cfg_obj_t *typelist = cfg_tuple_get(stmt, "types"); + + dns_fixedname_init(&fixed); + str = cfg_obj_asstring(identity); + isc_buffer_init(&b, str, strlen(str)); + isc_buffer_add(&b, strlen(str)); + tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, + dns_rootname, ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(identity, logctx, ISC_LOG_ERROR, + "'%s' is not a valid name", str); + result = tresult; + } + + dns_fixedname_init(&fixed); + str = cfg_obj_asstring(dname); + isc_buffer_init(&b, str, strlen(str)); + isc_buffer_add(&b, strlen(str)); + tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, + dns_rootname, ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(dname, logctx, ISC_LOG_ERROR, + "'%s' is not a valid name", str); + result = tresult; + } + if (tresult == ISC_R_SUCCESS && + strcasecmp(cfg_obj_asstring(matchtype), "wildcard") == 0 && + !dns_name_iswildcard(dns_fixedname_name(&fixed))) { + cfg_obj_log(identity, logctx, ISC_LOG_ERROR, + "'%s' is not a wildcard", str); + result = ISC_R_FAILURE; + } + + for (element2 = cfg_list_first(typelist); + element2 != NULL; + element2 = cfg_list_next(element2)) + { + const cfg_obj_t *typeobj; + isc_textregion_t r; + dns_rdatatype_t type; + + typeobj = cfg_listelt_value(element2); + DE_CONST(cfg_obj_asstring(typeobj), r.base); + r.length = strlen(r.base); + + tresult = dns_rdatatype_fromtext(&type, &r); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(typeobj, logctx, ISC_LOG_ERROR, + "'%s' is not a valid type", r.base); + result = tresult; + } + } + } + return (result); +} + #define MASTERZONE 1 #define SLAVEZONE 2 #define STUBZONE 4 #define HINTZONE 8 #define FORWARDZONE 16 #define DELEGATIONZONE 32 +#define CHECKACL 64 typedef struct { const char *name; @@ -692,8 +987,9 @@ typedef struct { } optionstable; static isc_result_t -check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, - isc_symtab_t *symtab, dns_rdataclass_t defclass, +check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, + const cfg_obj_t *config, isc_symtab_t *symtab, + dns_rdataclass_t defclass, cfg_aclconfctx_t *actx, isc_log_t *logctx, isc_mem_t *mctx) { const char *zname; @@ -707,17 +1003,18 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, dns_rdataclass_t zclass; dns_fixedname_t fixedname; isc_buffer_t b; + isc_boolean_t root = ISC_FALSE; static optionstable options[] = { - { "allow-query", MASTERZONE | SLAVEZONE | STUBZONE }, - { "allow-notify", SLAVEZONE }, - { "allow-transfer", MASTERZONE | SLAVEZONE }, + { "allow-query", MASTERZONE | SLAVEZONE | STUBZONE | CHECKACL }, + { "allow-notify", SLAVEZONE | CHECKACL }, + { "allow-transfer", MASTERZONE | SLAVEZONE | CHECKACL }, { "notify", MASTERZONE | SLAVEZONE }, { "also-notify", MASTERZONE | SLAVEZONE }, { "dialup", MASTERZONE | SLAVEZONE | STUBZONE }, - { "delegation-only", HINTZONE | STUBZONE }, - { "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE}, - { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE}, + { "delegation-only", HINTZONE | STUBZONE | DELEGATIONZONE }, + { "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE }, + { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE }, { "maintain-ixfr-base", MASTERZONE | SLAVEZONE }, { "max-ixfr-log-size", MASTERZONE | SLAVEZONE }, { "notify-source", MASTERZONE | SLAVEZONE }, @@ -734,9 +1031,10 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, { "min-refresh-time", SLAVEZONE | STUBZONE }, { "sig-validity-interval", MASTERZONE }, { "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE }, - { "allow-update", MASTERZONE }, - { "allow-update-forwarding", SLAVEZONE }, + { "allow-update", MASTERZONE | CHECKACL }, + { "allow-update-forwarding", SLAVEZONE | CHECKACL }, { "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE }, + { "journal", MASTERZONE | SLAVEZONE }, { "ixfr-base", MASTERZONE | SLAVEZONE }, { "ixfr-tmp-file", MASTERZONE | SLAVEZONE }, { "masters", SLAVEZONE | STUBZONE }, @@ -744,6 +1042,14 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, { "update-policy", MASTERZONE }, { "database", MASTERZONE | SLAVEZONE | STUBZONE }, { "key-directory", MASTERZONE }, + { "check-wildcard", MASTERZONE }, + { "check-mx", MASTERZONE }, + { "integrity-check", MASTERZONE }, + { "check-mx-cname", MASTERZONE }, + { "check-srv-cname", MASTERZONE }, + { "masterfile-format", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE }, + { "update-check-ksk", MASTERZONE }, + { "try-tcp-refresh", SLAVEZONE }, }; static optionstable dialups[] = { @@ -809,32 +1115,36 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, /* * Look for an already existing zone. - * We need to make this cannonical as isc_symtab_define() + * We need to make this canonical as isc_symtab_define() * deals with strings. */ dns_fixedname_init(&fixedname); isc_buffer_init(&b, zname, strlen(zname)); isc_buffer_add(&b, strlen(zname)); tresult = dns_name_fromtext(dns_fixedname_name(&fixedname), &b, - dns_rootname, ISC_TRUE, NULL); - if (result != ISC_R_SUCCESS) { + dns_rootname, ISC_TRUE, NULL); + if (tresult != ISC_R_SUCCESS) { cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR, "zone '%s': is not a valid name", zname); - tresult = ISC_R_FAILURE; + result = ISC_R_FAILURE; } else { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(dns_fixedname_name(&fixedname), namebuf, sizeof(namebuf)); tresult = nameexist(zconfig, namebuf, ztype == HINTZONE ? 1 : 2, - symtab, "zone '%s': already exists " - "previous definition: %s:%u", logctx, mctx); + symtab, "zone '%s': already exists " + "previous definition: %s:%u", logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; + if (dns_name_equal(dns_fixedname_name(&fixedname), + dns_rootname)) + root = ISC_TRUE; } /* * Look for inappropriate options for the given zone type. + * Check that ACLs expand correctly. */ for (i = 0; i < sizeof(options) / sizeof(options[0]); i++) { obj = NULL; @@ -855,6 +1165,16 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, "in '%s' zone '%s'", options[i].name, typestr, zname); } + obj = NULL; + if ((options[i].allowed & ztype) != 0 && + (options[i].allowed & CHECKACL) != 0) { + + tresult = checkacl(options[i].name, actx, zconfig, + voptions, config, logctx, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + } /* @@ -897,7 +1217,9 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, "when 'update-policy' is present", zname); result = ISC_R_FAILURE; - } + } else if (res2 == ISC_R_SUCCESS && + check_update_policy(obj, logctx) != ISC_R_SUCCESS) + result = ISC_R_FAILURE; } /* @@ -937,7 +1259,18 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, /* * Check that forwarding is reasonable. */ - if (check_forward(zoptions, logctx) != ISC_R_SUCCESS) + obj = NULL; + if (root) { + if (voptions != NULL) + (void)cfg_map_get(voptions, "forwarders", &obj); + if (obj == NULL) { + const cfg_obj_t *options = NULL; + (void)cfg_map_get(config, "options", &options); + if (options != NULL) + (void)cfg_map_get(options, "forwarders", &obj); + } + } + if (check_forward(zoptions, obj, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; /* @@ -967,16 +1300,36 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *config, result = tresult; } } - + return (result); } + +typedef struct keyalgorithms { + const char *name; + isc_uint16_t size; +} algorithmtable; + isc_result_t bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { const cfg_obj_t *algobj = NULL; const cfg_obj_t *secretobj = NULL; const char *keyname = cfg_obj_asstring(cfg_map_getname(key)); - + const char *algorithm; + int i; + size_t len = 0; + static const algorithmtable algorithms[] = { + { "hmac-md5", 128 }, + { "hmac-md5.sig-alg.reg.int", 0 }, + { "hmac-md5.sig-alg.reg.int.", 0 }, + { "hmac-sha1", 160 }, + { "hmac-sha224", 224 }, + { "hmac-sha256", 256 }, + { "hmac-sha384", 384 }, + { "hmac-sha512", 512 }, + { NULL, 0 } + }; + (void)cfg_map_get(key, "algorithm", &algobj); (void)cfg_map_get(key, "secret", &secretobj); if (secretobj == NULL || algobj == NULL) { @@ -986,26 +1339,109 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { keyname); return (ISC_R_FAILURE); } + + algorithm = cfg_obj_asstring(algobj); + for (i = 0; algorithms[i].name != NULL; i++) { + len = strlen(algorithms[i].name); + if (strncasecmp(algorithms[i].name, algorithm, len) == 0 && + (algorithm[len] == '\0' || + (algorithms[i].size != 0 && algorithm[len] == '-'))) + break; + } + if (algorithms[i].name == NULL) { + cfg_obj_log(algobj, logctx, ISC_LOG_ERROR, + "unknown algorithm '%s'", algorithm); + return (ISC_R_NOTFOUND); + } + if (algorithm[len] == '-') { + isc_uint16_t digestbits; + isc_result_t result; + result = isc_parse_uint16(&digestbits, algorithm + len + 1, 10); + if (result == ISC_R_SUCCESS || result == ISC_R_RANGE) { + if (result == ISC_R_RANGE || + digestbits > algorithms[i].size) { + cfg_obj_log(algobj, logctx, ISC_LOG_ERROR, + "key '%s' digest-bits too large " + "[%u..%u]", keyname, + algorithms[i].size / 2, + algorithms[i].size); + return (ISC_R_RANGE); + } + if ((digestbits % 8) != 0) { + cfg_obj_log(algobj, logctx, ISC_LOG_ERROR, + "key '%s' digest-bits not multiple" + " of 8", keyname); + return (ISC_R_RANGE); + } + /* + * Recommended minima for hmac algorithms. + */ + if ((digestbits < (algorithms[i].size / 2U) || + (digestbits < 80U))) + cfg_obj_log(algobj, logctx, ISC_LOG_WARNING, + "key '%s' digest-bits too small " + "[<%u]", keyname, + algorithms[i].size/2); + } else { + cfg_obj_log(algobj, logctx, ISC_LOG_ERROR, + "key '%s': unable to parse digest-bits", + keyname); + return (result); + } + } return (ISC_R_SUCCESS); } +/* + * Check key list for duplicates key names and that the key names + * are valid domain names as these keys are used for TSIG. + * + * Check the key contents for validity. + */ static isc_result_t -check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { +check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, + isc_mem_t *mctx, isc_log_t *logctx) +{ + char namebuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fname; + dns_name_t *name; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; const cfg_listelt_t *element; + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); for (element = cfg_list_first(keys); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *key = cfg_listelt_value(element); - const char *keyname = cfg_obj_asstring(cfg_map_getname(key)); + const char *keyid = cfg_obj_asstring(cfg_map_getname(key)); isc_symvalue_t symvalue; + isc_buffer_t b; + char *keyname; + isc_buffer_init(&b, keyid, strlen(keyid)); + isc_buffer_add(&b, strlen(keyid)); + tresult = dns_name_fromtext(name, &b, dns_rootname, + ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(key, logctx, ISC_LOG_ERROR, + "key '%s': bad key name", keyid); + result = tresult; + continue; + } + tresult = bind9_check_key(key, logctx); + if (tresult != ISC_R_SUCCESS) + return (tresult); + + dns_name_format(name, namebuf, sizeof(namebuf)); + keyname = isc_mem_strdup(mctx, namebuf); + if (keyname == NULL) + return (ISC_R_NOMEMORY); symvalue.as_cpointer = key; - tresult = isc_symtab_define(symtab, keyname, 1, - symvalue, isc_symexists_reject); + tresult = isc_symtab_define(symtab, keyname, 1, symvalue, + isc_symexists_reject); if (tresult == ISC_R_EXISTS) { const char *file; unsigned int line; @@ -1020,91 +1456,177 @@ check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, "key '%s': already exists " "previous definition: %s:%u", - keyname, file, line); + keyid, file, line); + isc_mem_free(mctx, keyname); result = tresult; - } else if (tresult != ISC_R_SUCCESS) - return (tresult); - - tresult = bind9_check_key(key, logctx); - if (tresult != ISC_R_SUCCESS) + } else if (tresult != ISC_R_SUCCESS) { + isc_mem_free(mctx, keyname); return (tresult); + } } return (result); } +static struct { + const char *v4; + const char *v6; +} sources[] = { + { "transfer-source", "transfer-source-v6" }, + { "notify-source", "notify-source-v6" }, + { "query-source", "query-source-v6" }, + { NULL, NULL } +}; + +/* + * RNDC keys are not normalised unlike TSIG keys. + * + * "foo." is different to "foo". + */ +static isc_boolean_t +rndckey_exists(const cfg_obj_t *keylist, const char *keyname) { + const cfg_listelt_t *element; + const cfg_obj_t *obj; + const char *str; + + if (keylist == NULL) + return (ISC_FALSE); + + for (element = cfg_list_first(keylist); + element != NULL; + element = cfg_list_next(element)) + { + obj = cfg_listelt_value(element); + str = cfg_obj_asstring(cfg_map_getname(obj)); + if (!strcasecmp(str, keyname)) + return (ISC_TRUE); + } + return (ISC_FALSE); +} + static isc_result_t -check_servers(const cfg_obj_t *servers, isc_log_t *logctx) { +check_servers(const cfg_obj_t *config, const cfg_obj_t *voptions, + isc_symtab_t *symtab, isc_log_t *logctx) +{ + dns_fixedname_t fname; isc_result_t result = ISC_R_SUCCESS; - const cfg_listelt_t *e1; - const cfg_listelt_t *e2; - const cfg_obj_t *v1; - const cfg_obj_t *v2; - const isc_sockaddr_t *s1; - const isc_sockaddr_t *s2; - isc_netaddr_t na; - const cfg_obj_t *ts; - char buf[128]; + isc_result_t tresult; + const cfg_listelt_t *e1, *e2; + const cfg_obj_t *v1, *v2, *keys; + const cfg_obj_t *servers; + isc_netaddr_t n1, n2; + unsigned int p1, p2; + const cfg_obj_t *obj; + char buf[ISC_NETADDR_FORMATSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; const char *xfr; - isc_buffer_t target; + const char *keyval; + isc_buffer_t b; + int source; + dns_name_t *keyname; + + servers = NULL; + if (voptions != NULL) + (void)cfg_map_get(voptions, "server", &servers); + if (servers == NULL) + (void)cfg_map_get(config, "server", &servers); + if (servers == NULL) + return (ISC_R_SUCCESS); for (e1 = cfg_list_first(servers); e1 != NULL; e1 = cfg_list_next(e1)) { v1 = cfg_listelt_value(e1); - s1 = cfg_obj_assockaddr(cfg_map_getname(v1)); - ts = NULL; - if (isc_sockaddr_pf(s1) == AF_INET) - xfr = "transfer-source-v6"; - else - xfr = "transfer-source"; - (void)cfg_map_get(v1, xfr, &ts); - if (ts != NULL) { - isc_netaddr_fromsockaddr(&na, s1); - isc_buffer_init(&target, buf, sizeof(buf) - 1); - RUNTIME_CHECK(isc_netaddr_totext(&na, &target) - == ISC_R_SUCCESS); - buf[isc_buffer_usedlength(&target)] = '\0'; + cfg_obj_asnetprefix(cfg_map_getname(v1), &n1, &p1); + /* + * Check that unused bits are zero. + */ + tresult = isc_netaddr_prefixok(&n1, p1); + if (tresult != ISC_R_SUCCESS) { + INSIST(tresult == ISC_R_FAILURE); + isc_netaddr_format(&n1, buf, sizeof(buf)); cfg_obj_log(v1, logctx, ISC_LOG_ERROR, - "server '%s': %s not valid", buf, xfr); - result = ISC_R_FAILURE; + "server '%s/%u': invalid prefix " + "(extra bits specified)", buf, p1); + result = tresult; } + source = 0; + do { + obj = NULL; + if (n1.family == AF_INET) + xfr = sources[source].v6; + else + xfr = sources[source].v4; + (void)cfg_map_get(v1, xfr, &obj); + if (obj != NULL) { + isc_netaddr_format(&n1, buf, sizeof(buf)); + cfg_obj_log(v1, logctx, ISC_LOG_ERROR, + "server '%s/%u': %s not legal", + buf, p1, xfr); + result = ISC_R_FAILURE; + } + } while (sources[++source].v4 != NULL); e2 = e1; while ((e2 = cfg_list_next(e2)) != NULL) { v2 = cfg_listelt_value(e2); - s2 = cfg_obj_assockaddr(cfg_map_getname(v2)); - if (isc_sockaddr_eqaddr(s1, s2)) { + cfg_obj_asnetprefix(cfg_map_getname(v2), &n2, &p2); + if (p1 == p2 && isc_netaddr_equal(&n1, &n2)) { const char *file = cfg_obj_file(v1); unsigned int line = cfg_obj_line(v1); if (file == NULL) file = ""; - isc_netaddr_fromsockaddr(&na, s2); - isc_buffer_init(&target, buf, sizeof(buf) - 1); - RUNTIME_CHECK(isc_netaddr_totext(&na, &target) - == ISC_R_SUCCESS); - buf[isc_buffer_usedlength(&target)] = '\0'; - + isc_netaddr_format(&n2, buf, sizeof(buf)); cfg_obj_log(v2, logctx, ISC_LOG_ERROR, - "server '%s': already exists " + "server '%s/%u': already exists " "previous definition: %s:%u", - buf, file, line); + buf, p2, file, line); + result = ISC_R_FAILURE; + } + } + keys = NULL; + cfg_map_get(v1, "keys", &keys); + if (keys != NULL) { + /* + * Normalize key name. + */ + keyval = cfg_obj_asstring(keys); + dns_fixedname_init(&fname); + isc_buffer_init(&b, keyval, strlen(keyval)); + isc_buffer_add(&b, strlen(keyval)); + keyname = dns_fixedname_name(&fname); + tresult = dns_name_fromtext(keyname, &b, dns_rootname, + ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(keys, logctx, ISC_LOG_ERROR, + "bad key name '%s'", keyval); + result = ISC_R_FAILURE; + continue; + } + dns_name_format(keyname, namebuf, sizeof(namebuf)); + tresult = isc_symtab_lookup(symtab, namebuf, 1, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(keys, logctx, ISC_LOG_ERROR, + "unknown key '%s'", keyval); result = ISC_R_FAILURE; } } } return (result); } - + static isc_result_t -check_viewconf(const cfg_obj_t *config, const cfg_obj_t *vconfig, - dns_rdataclass_t vclass, isc_log_t *logctx, isc_mem_t *mctx) +check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, + const char *viewname, dns_rdataclass_t vclass, + isc_log_t *logctx, isc_mem_t *mctx) { - const cfg_obj_t *servers = NULL; const cfg_obj_t *zones = NULL; const cfg_obj_t *keys = NULL; const cfg_listelt_t *element; isc_symtab_t *symtab = NULL; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult = ISC_R_SUCCESS; + cfg_aclconfctx_t actx; + const cfg_obj_t *obj; + isc_boolean_t enablednssec, enablevalidation; /* * Check that all zone statements are syntactically correct and @@ -1115,8 +1637,10 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *vconfig, if (tresult != ISC_R_SUCCESS) return (ISC_R_NOMEMORY); - if (vconfig != NULL) - (void)cfg_map_get(vconfig, "zone", &zones); + cfg_aclconfctx_init(&actx); + + if (voptions != NULL) + (void)cfg_map_get(voptions, "zone", &zones); else (void)cfg_map_get(config, "zone", &zones); @@ -1127,104 +1651,386 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *vconfig, isc_result_t tresult; const cfg_obj_t *zone = cfg_listelt_value(element); - tresult = check_zoneconf(zone, config, symtab, vclass, - logctx, mctx); + tresult = check_zoneconf(zone, voptions, config, symtab, + vclass, &actx, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = ISC_R_FAILURE; } isc_symtab_destroy(&symtab); - /* - * Check that all key statements are syntactically correct and - * there are no duplicate keys. - */ - tresult = isc_symtab_create(mctx, 100, NULL, NULL, ISC_TRUE, &symtab); - if (tresult != ISC_R_SUCCESS) - return (ISC_R_NOMEMORY); - - (void)cfg_map_get(config, "key", &keys); - tresult = check_keylist(keys, symtab, logctx); - if (tresult == ISC_R_EXISTS) - result = ISC_R_FAILURE; - else if (tresult != ISC_R_SUCCESS) { - isc_symtab_destroy(&symtab); - return (tresult); - } - - if (vconfig != NULL) { - keys = NULL; - (void)cfg_map_get(vconfig, "key", &keys); - tresult = check_keylist(keys, symtab, logctx); - if (tresult == ISC_R_EXISTS) - result = ISC_R_FAILURE; - else if (tresult != ISC_R_SUCCESS) { - isc_symtab_destroy(&symtab); - return (tresult); - } - } - - isc_symtab_destroy(&symtab); - /* * Check that forwarding is reasonable. */ - if (vconfig == NULL) { + if (voptions == NULL) { const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) - if (check_forward(options, logctx) != ISC_R_SUCCESS) + if (check_forward(options, NULL, + logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } else { - if (check_forward(vconfig, logctx) != ISC_R_SUCCESS) + if (check_forward(voptions, NULL, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } + /* * Check that dual-stack-servers is reasonable. */ - if (vconfig == NULL) { + if (voptions == NULL) { const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); if (options != NULL) if (check_dual_stack(options, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } else { - if (check_dual_stack(vconfig, logctx) != ISC_R_SUCCESS) + if (check_dual_stack(voptions, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } /* * Check that rrset-order is reasonable. */ - if (vconfig != NULL) { - if (check_order(vconfig, logctx) != ISC_R_SUCCESS) + if (voptions != NULL) { + if (check_order(voptions, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } - if (vconfig != NULL) { - (void)cfg_map_get(vconfig, "server", &servers); - if (servers != NULL && - check_servers(servers, logctx) != ISC_R_SUCCESS) + /* + * Check that all key statements are syntactically correct and + * there are no duplicate keys. + */ + tresult = isc_symtab_create(mctx, 100, freekey, mctx, + ISC_FALSE, &symtab); + if (tresult != ISC_R_SUCCESS) + return (ISC_R_NOMEMORY); + + (void)cfg_map_get(config, "key", &keys); + tresult = check_keylist(keys, symtab, mctx, logctx); + if (tresult == ISC_R_EXISTS) + result = ISC_R_FAILURE; + else if (tresult != ISC_R_SUCCESS) { + isc_symtab_destroy(&symtab); + return (tresult); + } + + if (voptions != NULL) { + keys = NULL; + (void)cfg_map_get(voptions, "key", &keys); + tresult = check_keylist(keys, symtab, mctx, logctx); + if (tresult == ISC_R_EXISTS) result = ISC_R_FAILURE; + else if (tresult != ISC_R_SUCCESS) { + isc_symtab_destroy(&symtab); + return (tresult); + } } - if (vconfig != NULL) - tresult = check_options(vconfig, logctx, mctx); + /* + * Global servers can refer to keys in views. + */ + if (check_servers(config, voptions, symtab, logctx) != ISC_R_SUCCESS) + result = ISC_R_FAILURE; + + isc_symtab_destroy(&symtab); + + /* + * Check that dnssec-enable/dnssec-validation are sensible. + */ + obj = NULL; + if (voptions != NULL) + (void)cfg_map_get(voptions, "dnssec-enable", &obj); + if (obj == NULL) + (void)cfg_map_get(config, "dnssec-enable", &obj); + if (obj == NULL) + enablednssec = ISC_TRUE; + else + enablednssec = cfg_obj_asboolean(obj); + + obj = NULL; + if (voptions != NULL) + (void)cfg_map_get(voptions, "dnssec-validation", &obj); + if (obj == NULL) + (void)cfg_map_get(config, "dnssec-validation", &obj); + if (obj == NULL) + enablevalidation = ISC_FALSE; /* XXXMPA Change for 9.5. */ + else + enablevalidation = cfg_obj_asboolean(obj); + + if (enablevalidation && !enablednssec) + cfg_obj_log(obj, logctx, ISC_LOG_WARNING, + "'dnssec-validation yes;' and 'dnssec-enable no;'"); + + if (voptions != NULL) + tresult = check_options(voptions, logctx, mctx); else tresult = check_options(config, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; + tresult = check_viewacls(&actx, voptions, config, logctx, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + + tresult = check_recursionacls(&actx, voptions, viewname, + config, logctx, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + + cfg_aclconfctx_destroy(&actx); + return (result); } +static const char * +default_channels[] = { + "default_syslog", + "default_stderr", + "default_debug", + "null", + NULL +}; + +static isc_result_t +bind9_check_logging(const cfg_obj_t *config, isc_log_t *logctx, + isc_mem_t *mctx) +{ + const cfg_obj_t *categories = NULL; + const cfg_obj_t *category; + const cfg_obj_t *channels = NULL; + const cfg_obj_t *channel; + const cfg_listelt_t *element; + const cfg_listelt_t *delement; + const char *channelname; + const char *catname; + const cfg_obj_t *fileobj = NULL; + const cfg_obj_t *syslogobj = NULL; + const cfg_obj_t *nullobj = NULL; + const cfg_obj_t *stderrobj = NULL; + const cfg_obj_t *logobj = NULL; + isc_result_t result = ISC_R_SUCCESS; + isc_result_t tresult; + isc_symtab_t *symtab = NULL; + isc_symvalue_t symvalue; + int i; + + (void)cfg_map_get(config, "logging", &logobj); + if (logobj == NULL) + return (ISC_R_SUCCESS); + + result = isc_symtab_create(mctx, 100, NULL, NULL, ISC_FALSE, &symtab); + if (result != ISC_R_SUCCESS) + return (result); + + symvalue.as_cpointer = NULL; + for (i = 0; default_channels[i] != NULL; i++) { + tresult = isc_symtab_define(symtab, default_channels[i], 1, + symvalue, isc_symexists_replace); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + + cfg_map_get(logobj, "channel", &channels); + + for (element = cfg_list_first(channels); + element != NULL; + element = cfg_list_next(element)) + { + channel = cfg_listelt_value(element); + channelname = cfg_obj_asstring(cfg_map_getname(channel)); + fileobj = syslogobj = nullobj = stderrobj = NULL; + (void)cfg_map_get(channel, "file", &fileobj); + (void)cfg_map_get(channel, "syslog", &syslogobj); + (void)cfg_map_get(channel, "null", &nullobj); + (void)cfg_map_get(channel, "stderr", &stderrobj); + i = 0; + if (fileobj != NULL) + i++; + if (syslogobj != NULL) + i++; + if (nullobj != NULL) + i++; + if (stderrobj != NULL) + i++; + if (i != 1) { + cfg_obj_log(channel, logctx, ISC_LOG_ERROR, + "channel '%s': exactly one of file, syslog, " + "null, and stderr must be present", + channelname); + result = ISC_R_FAILURE; + } + tresult = isc_symtab_define(symtab, channelname, 1, + symvalue, isc_symexists_replace); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + + cfg_map_get(logobj, "category", &categories); + + for (element = cfg_list_first(categories); + element != NULL; + element = cfg_list_next(element)) + { + category = cfg_listelt_value(element); + catname = cfg_obj_asstring(cfg_tuple_get(category, "name")); + if (isc_log_categorybyname(logctx, catname) == NULL) { + cfg_obj_log(category, logctx, ISC_LOG_ERROR, + "undefined category: '%s'", catname); + result = ISC_R_FAILURE; + } + channels = cfg_tuple_get(category, "destinations"); + for (delement = cfg_list_first(channels); + delement != NULL; + delement = cfg_list_next(delement)) + { + channel = cfg_listelt_value(delement); + channelname = cfg_obj_asstring(channel); + tresult = isc_symtab_lookup(symtab, channelname, 1, + &symvalue); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(channel, logctx, ISC_LOG_ERROR, + "undefined channel: '%s'", + channelname); + result = tresult; + } + } + } + isc_symtab_destroy(&symtab); + return (result); +} + +static isc_result_t +bind9_check_controlskeys(const cfg_obj_t *control, const cfg_obj_t *keylist, + isc_log_t *logctx) +{ + isc_result_t result = ISC_R_SUCCESS; + const cfg_obj_t *control_keylist; + const cfg_listelt_t *element; + const cfg_obj_t *key; + const char *keyval; + + control_keylist = cfg_tuple_get(control, "keys"); + if (cfg_obj_isvoid(control_keylist)) + return (ISC_R_SUCCESS); + + for (element = cfg_list_first(control_keylist); + element != NULL; + element = cfg_list_next(element)) + { + key = cfg_listelt_value(element); + keyval = cfg_obj_asstring(key); + + if (!rndckey_exists(keylist, keyval)) { + cfg_obj_log(key, logctx, ISC_LOG_ERROR, + "unknown key '%s'", keyval); + result = ISC_R_NOTFOUND; + } + } + return (result); +} + +static isc_result_t +bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx, + isc_mem_t *mctx) +{ + isc_result_t result = ISC_R_SUCCESS, tresult; + cfg_aclconfctx_t actx; + const cfg_listelt_t *element, *element2; + const cfg_obj_t *allow; + const cfg_obj_t *control; + const cfg_obj_t *controls; + const cfg_obj_t *controlslist = NULL; + const cfg_obj_t *inetcontrols; + const cfg_obj_t *unixcontrols; + const cfg_obj_t *keylist = NULL; + const char *path; + isc_uint32_t perm, mask; + dns_acl_t *acl = NULL; + isc_sockaddr_t addr; + int i; + + (void)cfg_map_get(config, "controls", &controlslist); + if (controlslist == NULL) + return (ISC_R_SUCCESS); + + (void)cfg_map_get(config, "key", &keylist); + + cfg_aclconfctx_init(&actx); + + /* + * INET: Check allow clause. + * UNIX: Check "perm" for sanity, check path length. + */ + for (element = cfg_list_first(controlslist); + element != NULL; + element = cfg_list_next(element)) { + controls = cfg_listelt_value(element); + unixcontrols = NULL; + inetcontrols = NULL; + (void)cfg_map_get(controls, "unix", &unixcontrols); + (void)cfg_map_get(controls, "inet", &inetcontrols); + for (element2 = cfg_list_first(inetcontrols); + element2 != NULL; + element2 = cfg_list_next(element2)) { + control = cfg_listelt_value(element2); + allow = cfg_tuple_get(control, "allow"); + tresult = cfg_acl_fromconfig(allow, config, logctx, + &actx, mctx, 0, &acl); + if (acl != NULL) + dns_acl_detach(&acl); + if (tresult != ISC_R_SUCCESS) + result = tresult; + tresult = bind9_check_controlskeys(control, keylist, + logctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + for (element2 = cfg_list_first(unixcontrols); + element2 != NULL; + element2 = cfg_list_next(element2)) { + control = cfg_listelt_value(element2); + path = cfg_obj_asstring(cfg_tuple_get(control, "path")); + tresult = isc_sockaddr_frompath(&addr, path); + if (tresult == ISC_R_NOSPACE) { + cfg_obj_log(control, logctx, ISC_LOG_ERROR, + "unix control '%s': path too long", + path); + result = ISC_R_NOSPACE; + } + perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm")); + for (i = 0; i < 3; i++) { +#ifdef NEED_SECURE_DIRECTORY + mask = (0x1 << (i*3)); /* SEARCH */ +#else + mask = (0x6 << (i*3)); /* READ + WRITE */ +#endif + if ((perm & mask) == mask) + break; + } + if (i == 0) { + cfg_obj_log(control, logctx, ISC_LOG_WARNING, + "unix control '%s' allows access " + "to everyone", path); + } else if (i == 3) { + cfg_obj_log(control, logctx, ISC_LOG_WARNING, + "unix control '%s' allows access " + "to nobody", path); + } + tresult = bind9_check_controlskeys(control, keylist, + logctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + } + } + cfg_aclconfctx_destroy(&actx); + return (result); +} isc_result_t bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { const cfg_obj_t *options = NULL; - const cfg_obj_t *servers = NULL; const cfg_obj_t *views = NULL; const cfg_obj_t *acls = NULL; const cfg_obj_t *kals = NULL; @@ -1243,12 +2049,13 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, check_options(options, logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; - (void)cfg_map_get(config, "server", &servers); - if (servers != NULL && - check_servers(servers, logctx) != ISC_R_SUCCESS) + if (bind9_check_logging(config, logctx, mctx) != ISC_R_SUCCESS) + result = ISC_R_FAILURE; + + if (bind9_check_controls(config, logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; - if (options != NULL && + if (options != NULL && check_order(options, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; @@ -1259,7 +2066,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, result = ISC_R_FAILURE; if (views == NULL) { - if (check_viewconf(config, NULL, dns_rdataclass_in, + if (check_viewconf(config, NULL, NULL, dns_rdataclass_in, logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } else { @@ -1310,7 +2117,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, const char *file; unsigned int line; RUNTIME_CHECK(isc_symtab_lookup(symtab, key, - vclass, &symvalue) == ISC_R_SUCCESS); + vclass, &symvalue) == ISC_R_SUCCESS); file = cfg_obj_file(symvalue.as_cpointer); line = cfg_obj_line(symvalue.as_cpointer); cfg_obj_log(view, logctx, ISC_LOG_ERROR, @@ -1318,7 +2125,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, "previous definition: %s:%u", key, file, line); result = tresult; - } else if (result != ISC_R_SUCCESS) { + } else if (tresult != ISC_R_SUCCESS) { result = tresult; } else if ((strcasecmp(key, "_bind") == 0 && vclass == dns_rdataclass_ch) || @@ -1331,7 +2138,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, } } if (tresult == ISC_R_SUCCESS) - tresult = check_viewconf(config, voptions, + tresult = check_viewconf(config, voptions, key, vclass, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = ISC_R_FAILURE; @@ -1350,8 +2157,9 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, } } - tresult = cfg_map_get(config, "acl", &acls); - if (tresult == ISC_R_SUCCESS) { + cfg_map_get(config, "acl", &acls); + + if (acls != NULL) { const cfg_listelt_t *elt; const cfg_listelt_t *elt2; const char *aclname; @@ -1360,6 +2168,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, elt != NULL; elt = cfg_list_next(elt)) { const cfg_obj_t *acl = cfg_listelt_value(elt); + unsigned int line = cfg_obj_line(acl); unsigned int i; aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); @@ -1370,7 +2179,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, cfg_obj_log(acl, logctx, ISC_LOG_ERROR, "attempt to redefine " "builtin acl '%s'", - aclname); + aclname); result = ISC_R_FAILURE; break; } @@ -1384,7 +2193,6 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, "name")); if (strcasecmp(aclname, name) == 0) { const char *file = cfg_obj_file(acl); - unsigned int line = cfg_obj_line(acl); if (file == NULL) file = ""; @@ -1400,8 +2208,8 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, } } - tresult = cfg_map_get(config, "kal", &kals); - if (tresult == ISC_R_SUCCESS) { + tresult = cfg_map_get(config, "kal", &kals); + if (tresult == ISC_R_SUCCESS) { const cfg_listelt_t *elt; const cfg_listelt_t *elt2; const char *aclname; diff --git a/contrib/bind-9.3/lib/bind9/getaddresses.c b/contrib/bind-9.5.2/lib/bind9/getaddresses.c similarity index 96% rename from contrib/bind-9.3/lib/bind9/getaddresses.c rename to contrib/bind-9.5.2/lib/bind9/getaddresses.c index 02d110478c..a75e14ef65 100644 --- a/contrib/bind-9.3/lib/bind9/getaddresses.c +++ b/contrib/bind-9.5.2/lib/bind9/getaddresses.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getaddresses.c,v 1.13.126.8 2005/10/14 02:13:06 marka Exp $ */ +/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include #include diff --git a/contrib/bind-9.3/lib/bind9/include/bind9/check.h b/contrib/bind-9.5.2/lib/bind9/include/bind9/check.h similarity index 73% rename from contrib/bind-9.3/lib/bind9/include/bind9/check.h rename to contrib/bind-9.5.2/lib/bind9/include/bind9/check.h index 09e8b2e1be..1647568c72 100644 --- a/contrib/bind-9.3/lib/bind9/include/bind9/check.h +++ b/contrib/bind-9.5.2/lib/bind9/include/bind9/check.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.h,v 1.1.200.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: check.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */ #ifndef BIND9_CHECK_H #define BIND9_CHECK_H 1 +/*! \file bind9/check.h */ + #include #include @@ -30,24 +32,24 @@ ISC_LANG_BEGINDECLS isc_result_t bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx); -/* +/*%< * Check the syntactic validity of a configuration parse tree generated from * a named.conf file. * * Requires: - * config is a valid parse tree + *\li config is a valid parse tree * - * logctx is a valid logging context. + *\li logctx is a valid logging context. * * Returns: - * ISC_R_SUCCESS - * ISC_R_FAILURE + * \li #ISC_R_SUCCESS + * \li #ISC_R_FAILURE */ isc_result_t bind9_check_key(const cfg_obj_t *config, isc_log_t *logctx); -/* - * As above, but for a single 'key' statement. +/*%< + * Same as bind9_check_namedconf(), but for a single 'key' statement. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/bind9/include/bind9/getaddresses.h b/contrib/bind-9.5.2/lib/bind9/include/bind9/getaddresses.h similarity index 73% rename from contrib/bind-9.3/lib/bind9/include/bind9/getaddresses.h rename to contrib/bind-9.5.2/lib/bind9/include/bind9/getaddresses.h index 4a3a5466ea..b1144afe2e 100644 --- a/contrib/bind-9.3/lib/bind9/include/bind9/getaddresses.h +++ b/contrib/bind-9.5.2/lib/bind9/include/bind9/getaddresses.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getaddresses.h,v 1.2.200.3 2004/03/08 09:04:28 marka Exp $ */ +/* $Id: getaddresses.h,v 1.9.128.2 2009/01/19 23:47:01 tbox Exp $ */ #ifndef BIND9_GETADDRESSES_H #define BIND9_GETADDRESSES_H 1 +/*! \file bind9/getaddresses.h */ + #include #include @@ -30,7 +32,7 @@ ISC_LANG_BEGINDECLS isc_result_t bind9_getaddresses(const char *hostname, in_port_t port, isc_sockaddr_t *addrs, int addrsize, int *addrcount); -/* +/*%< * Use the system resolver to get the addresses associated with a hostname. * If successful, the number of addresses found is returned in 'addrcount'. * If a hostname lookup is performed and addresses of an unknown family is @@ -38,19 +40,19 @@ bind9_getaddresses(const char *hostname, in_port_t port, * first 'addrsize' are returned and the remainder silently truncated. * * This routine may block. If called by a program using the isc_app - * framework, it should be surounded by isc_app_block()/isc_app_unblock(). + * framework, it should be surrounded by isc_app_block()/isc_app_unblock(). * * Requires: - * 'hostname' is not NULL. - * 'addrs' is not NULL. - * 'addrsize' > 0 - * 'addrcount' is not NULL. + *\li 'hostname' is not NULL. + *\li 'addrs' is not NULL. + *\li 'addrsize' > 0 + *\li 'addrcount' is not NULL. + * * - * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTFOUND - * ISC_R_NOFAMILYSUPPORT - 'hostname' is an IPv6 address, and IPv6 is + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOTFOUND + *\li #ISC_R_NOFAMILYSUPPORT - 'hostname' is an IPv6 address, and IPv6 is * not supported. */ diff --git a/contrib/bind-9.3/lib/bind9/include/bind9/version.h b/contrib/bind-9.5.2/lib/bind9/include/bind9/version.h similarity index 80% rename from contrib/bind-9.3/lib/bind9/include/bind9/version.h rename to contrib/bind-9.5.2/lib/bind9/include/bind9/version.h index a3b812ea8f..5b08b7c1fb 100644 --- a/contrib/bind-9.3/lib/bind9/include/bind9/version.h +++ b/contrib/bind-9.5.2/lib/bind9/include/bind9/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.2.208.3 2004/03/08 09:04:28 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file bind9/version.h */ #include diff --git a/contrib/bind-9.3/lib/bind9/version.c b/contrib/bind-9.5.2/lib/bind9/version.c similarity index 80% rename from contrib/bind-9.3/lib/bind9/version.c rename to contrib/bind-9.5.2/lib/bind9/version.c index 5fee2cf431..d5934cced8 100644 --- a/contrib/bind-9.3/lib/bind9/version.c +++ b/contrib/bind-9.5.2/lib/bind9/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.3.200.4 2004/03/08 09:04:27 marka Exp $ */ +/* $Id: version.c,v 1.8 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/dns/acache.c b/contrib/bind-9.5.2/lib/dns/acache.c new file mode 100644 index 0000000000..0836aca618 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/acache.c @@ -0,0 +1,1782 @@ +/* + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: acache.c,v 1.20.128.2 2008/02/07 23:46:25 tbox Exp $ */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define ACACHE_MAGIC ISC_MAGIC('A', 'C', 'H', 'E') +#define DNS_ACACHE_VALID(acache) ISC_MAGIC_VALID(acache, ACACHE_MAGIC) + +#define ACACHEENTRY_MAGIC ISC_MAGIC('A', 'C', 'E', 'T') +#define DNS_ACACHEENTRY_VALID(entry) ISC_MAGIC_VALID(entry, ACACHEENTRY_MAGIC) + +#define DBBUCKETS 67 + +#if 0 +#define ATRACE(m) isc_log_write(dns_lctx, \ + DNS_LOGCATEGORY_DATABASE, \ + DNS_LOGMODULE_ACACHE, \ + ISC_LOG_DEBUG(3), \ + "acache %p: %s", acache, (m)) +#define AATRACE(a,m) isc_log_write(dns_lctx, \ + DNS_LOGCATEGORY_DATABASE, \ + DNS_LOGMODULE_ACACHE, \ + ISC_LOG_DEBUG(3), \ + "acache %p: %s", (a), (m)) +#else +#define ATRACE(m) +#define AATRACE(a, m) +#endif + +/* + * The following variables control incremental cleaning. + * MINSIZE is how many bytes is the floor for dns_acache_setcachesize(). + * CLEANERINCREMENT is how many entries are examined in one pass. + * (XXX simply derived from definitions in cache.c There may be better + * constants here.) + */ +#define DNS_ACACHE_MINSIZE 2097152 /* Bytes. 2097152 = 2 MB */ +#define DNS_ACACHE_CLEANERINCREMENT 1000 /* Number of entries. */ + +#define DEFAULT_ACACHE_ENTRY_LOCK_COUNT 1009 /*%< Should be prime. */ + +#if defined(ISC_RWLOCK_USEATOMIC) && defined(ISC_PLATFORM_HAVEATOMICSTORE) +#define ACACHE_USE_RWLOCK 1 +#endif + +#ifdef ACACHE_USE_RWLOCK +#define ACACHE_INITLOCK(l) isc_rwlock_init((l), 0, 0) +#define ACACHE_DESTROYLOCK(l) isc_rwlock_destroy(l) +#define ACACHE_LOCK(l, t) RWLOCK((l), (t)) +#define ACACHE_UNLOCK(l, t) RWUNLOCK((l), (t)) + +#define acache_storetime(entry, t) \ + (isc_atomic_store((isc_int32_t *)&(entry)->lastused, (t))) +#else +#define ACACHE_INITLOCK(l) isc_mutex_init(l) +#define ACACHE_DESTROYLOCK(l) DESTROYLOCK(l) +#define ACACHE_LOCK(l, t) LOCK(l) +#define ACACHE_UNLOCK(l, t) UNLOCK(l) + +#define acache_storetime(entry, t) ((entry)->lastused = (t)) +#endif + +/* Locked by acache lock */ +typedef struct dbentry { + ISC_LINK(struct dbentry) link; + + dns_db_t *db; + ISC_LIST(dns_acacheentry_t) originlist; + ISC_LIST(dns_acacheentry_t) referlist; +} dbentry_t; + +typedef ISC_LIST(dbentry_t) dbentrylist_t; + +typedef struct acache_cleaner acache_cleaner_t; + +typedef enum { + cleaner_s_idle, /* Waiting for cleaning-interval to expire. */ + cleaner_s_busy, /* Currently cleaning. */ + cleaner_s_done /* Freed enough memory after being overmem. */ +} cleaner_state_t; + +/* + * Convenience macros for comprehensive assertion checking. + */ +#define CLEANER_IDLE(c) ((c)->state == cleaner_s_idle && \ + (c)->resched_event != NULL) +#define CLEANER_BUSY(c) ((c)->state == cleaner_s_busy && \ + (c)->resched_event == NULL) + +struct acache_cleaner { + isc_mutex_t lock; + /* + * Locks overmem_event, overmem. (See cache.c) + */ + + dns_acache_t *acache; + unsigned int cleaning_interval; /* The cleaning-interval + from named.conf, + in seconds. */ + + isc_stdtime_t last_cleanup_time; /* The time when the last + cleanup task completed */ + + isc_timer_t *cleaning_timer; + isc_event_t *resched_event; /* Sent by cleaner task to + itself to reschedule */ + isc_event_t *overmem_event; + + dns_acacheentry_t *current_entry; /* The bookmark entry to + restart the cleaning. + Locked by acache lock. */ + int increment; /* Number of entries to + clean in one increment */ + + unsigned long ncleaned; /* Number of entries cleaned + up (for logging purposes) */ + cleaner_state_t state; /* Idle/Busy/Done. */ + isc_boolean_t overmem; /* The acache is in an overmem + state. */ +}; + +struct dns_acachestats { + unsigned int hits; + unsigned int queries; + unsigned int misses; + unsigned int adds; + unsigned int deleted; + unsigned int cleaned; + unsigned int cleaner_runs; + unsigned int overmem; + unsigned int overmem_nocreates; + unsigned int nomem; +}; + +/* + * The actual acache object. + */ + +struct dns_acache { + unsigned int magic; + + isc_mem_t *mctx; + isc_refcount_t refs; + +#ifdef ACACHE_USE_RWLOCK + isc_rwlock_t *entrylocks; +#else + isc_mutex_t *entrylocks; +#endif + + isc_mutex_t lock; + + int live_cleaners; + acache_cleaner_t cleaner; + ISC_LIST(dns_acacheentry_t) entries; + unsigned int dbentries; + dbentrylist_t dbbucket[DBBUCKETS]; + + isc_boolean_t shutting_down; + + isc_task_t *task; + isc_event_t cevent; + isc_boolean_t cevent_sent; + + dns_acachestats_t stats; +}; + +struct dns_acacheentry { + unsigned int magic; + + unsigned int locknum; + isc_refcount_t references; + + dns_acache_t *acache; + + /* Data for Management of cache entries */ + ISC_LINK(dns_acacheentry_t) link; + ISC_LINK(dns_acacheentry_t) olink; + ISC_LINK(dns_acacheentry_t) rlink; + + dns_db_t *origdb; /* reference to the DB + holding this entry */ + + /* Cache data */ + dns_zone_t *zone; /* zone this entry + belongs to */ + dns_db_t *db; /* DB this entry belongs to */ + dns_dbversion_t *version; /* the version of the DB */ + dns_dbnode_t *node; /* node this entry + belongs to */ + dns_name_t *foundname; /* corresponding DNS name + and rdataset */ + + /* Callback function and its argument */ + void (*callback)(dns_acacheentry_t *, void **); + void *cbarg; + + /* Timestamp of the last time this entry is referred to */ + isc_stdtime32_t lastused; +}; + +/* + * Internal functions (and prototypes). + */ +static inline isc_boolean_t check_noentry(dns_acache_t *acache); +static void destroy(dns_acache_t *acache); +static void shutdown_entries(dns_acache_t *acache); +static void shutdown_buckets(dns_acache_t *acache); +static void destroy_entry(dns_acacheentry_t *ent); +static inline void unlink_dbentries(dns_acache_t *acache, + dns_acacheentry_t *ent); +static inline isc_result_t finddbent(dns_acache_t *acache, + dns_db_t *db, dbentry_t **dbentryp); +static inline void clear_entry(dns_acache_t *acache, dns_acacheentry_t *entry); +static isc_result_t acache_cleaner_init(dns_acache_t *acache, + isc_timermgr_t *timermgr, + acache_cleaner_t *cleaner); +static void acache_cleaning_timer_action(isc_task_t *task, isc_event_t *event); +static void acache_incremental_cleaning_action(isc_task_t *task, + isc_event_t *event); +static void acache_overmem_cleaning_action(isc_task_t *task, + isc_event_t *event); +static void acache_cleaner_shutdown_action(isc_task_t *task, + isc_event_t *event); + +/* + * acache should be locked. If it is not, the stats can get out of whack, + * which is not a big deal for us since this is for debugging / stats + */ +static void +reset_stats(dns_acache_t *acache) { + acache->stats.hits = 0; + acache->stats.queries = 0; + acache->stats.misses = 0; + acache->stats.adds = 0; + acache->stats.deleted = 0; + acache->stats.cleaned = 0; + acache->stats.overmem = 0; + acache->stats.overmem_nocreates = 0; + acache->stats.nomem = 0; +} + +/* + * The acache must be locked before calling. + */ +static inline isc_boolean_t +check_noentry(dns_acache_t *acache) { + if (ISC_LIST_EMPTY(acache->entries) && acache->dbentries == 0) { + return (ISC_TRUE); + } + + return (ISC_FALSE); +} + +/* + * The acache must be locked before calling. + */ +static void +shutdown_entries(dns_acache_t *acache) { + dns_acacheentry_t *entry, *entry_next; + + REQUIRE(DNS_ACACHE_VALID(acache)); + INSIST(acache->shutting_down); + + /* + * Release the dependency of all entries, and detach them. + */ + for (entry = ISC_LIST_HEAD(acache->entries); + entry != NULL; + entry = entry_next) { + entry_next = ISC_LIST_NEXT(entry, link); + + ACACHE_LOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + /* + * If the cleaner holds this entry, it will be unlinked and + * freed in the cleaner later. + */ + if (acache->cleaner.current_entry != entry) + ISC_LIST_UNLINK(acache->entries, entry, link); + unlink_dbentries(acache, entry); + if (entry->callback != NULL) { + (entry->callback)(entry, &entry->cbarg); + entry->callback = NULL; + } + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + if (acache->cleaner.current_entry != entry) + dns_acache_detachentry(&entry); + } +} + +/* + * The acache must be locked before calling. + */ +static void +shutdown_buckets(dns_acache_t *acache) { + int i; + dbentry_t *dbent; + + REQUIRE(DNS_ACACHE_VALID(acache)); + INSIST(acache->shutting_down); + + for (i = 0; i < DBBUCKETS; i++) { + while ((dbent = ISC_LIST_HEAD(acache->dbbucket[i])) != NULL) { + INSIST(ISC_LIST_EMPTY(dbent->originlist) && + ISC_LIST_EMPTY(dbent->referlist)); + ISC_LIST_UNLINK(acache->dbbucket[i], dbent, link); + + dns_db_detach(&dbent->db); + + isc_mem_put(acache->mctx, dbent, sizeof(*dbent)); + + acache->dbentries--; + } + } + + INSIST(acache->dbentries == 0); +} + +static void +shutdown_task(isc_task_t *task, isc_event_t *ev) { + dns_acache_t *acache; + + UNUSED(task); + + acache = ev->ev_arg; + INSIST(DNS_ACACHE_VALID(acache)); + + isc_event_free(&ev); + + LOCK(&acache->lock); + + shutdown_entries(acache); + shutdown_buckets(acache); + + UNLOCK(&acache->lock); + + dns_acache_detach(&acache); +} + +/* The acache and the entry must be locked before calling. */ +static inline void +unlink_dbentries(dns_acache_t *acache, dns_acacheentry_t *ent) { + isc_result_t result; + dbentry_t *dbent; + + if (ISC_LINK_LINKED(ent, olink)) { + INSIST(ent->origdb != NULL); + dbent = NULL; + result = finddbent(acache, ent->origdb, &dbent); + INSIST(result == ISC_R_SUCCESS); + + ISC_LIST_UNLINK(dbent->originlist, ent, olink); + } + if (ISC_LINK_LINKED(ent, rlink)) { + INSIST(ent->db != NULL); + dbent = NULL; + result = finddbent(acache, ent->db, &dbent); + INSIST(result == ISC_R_SUCCESS); + + ISC_LIST_UNLINK(dbent->referlist, ent, rlink); + } +} + +/* There must not be a reference to this entry. */ +static void +destroy_entry(dns_acacheentry_t *entry) { + dns_acache_t *acache; + + REQUIRE(DNS_ACACHEENTRY_VALID(entry)); + + acache = entry->acache; + REQUIRE(DNS_ACACHE_VALID(acache)); + + /* + * Since there is no reference to this entry, it is safe to call + * clear_entry() here. + */ + clear_entry(acache, entry); + + isc_mem_put(acache->mctx, entry, sizeof(*entry)); + + dns_acache_detach(&acache); +} + +static void +destroy(dns_acache_t *acache) { + int i; + + REQUIRE(DNS_ACACHE_VALID(acache)); + + ATRACE("destroy"); + + isc_mem_setwater(acache->mctx, NULL, NULL, 0, 0); + + if (acache->cleaner.overmem_event != NULL) + isc_event_free(&acache->cleaner.overmem_event); + + if (acache->cleaner.resched_event != NULL) + isc_event_free(&acache->cleaner.resched_event); + + if (acache->task != NULL) + isc_task_detach(&acache->task); + + for (i = 0; i < DEFAULT_ACACHE_ENTRY_LOCK_COUNT; i++) + ACACHE_DESTROYLOCK(&acache->entrylocks[i]); + isc_mem_put(acache->mctx, acache->entrylocks, + sizeof(*acache->entrylocks) * + DEFAULT_ACACHE_ENTRY_LOCK_COUNT); + + DESTROYLOCK(&acache->cleaner.lock); + + DESTROYLOCK(&acache->lock); + acache->magic = 0; + + isc_mem_putanddetach(&acache->mctx, acache, sizeof(*acache)); +} + +static inline isc_result_t +finddbent(dns_acache_t *acache, dns_db_t *db, dbentry_t **dbentryp) { + int bucket; + dbentry_t *dbentry; + + REQUIRE(DNS_ACACHE_VALID(acache)); + REQUIRE(db != NULL); + REQUIRE(dbentryp != NULL && *dbentryp == NULL); + + /* + * The caller must be holding the acache lock. + */ + + bucket = isc_hash_calc((const unsigned char *)&db, + sizeof(db), ISC_TRUE) % DBBUCKETS; + + for (dbentry = ISC_LIST_HEAD(acache->dbbucket[bucket]); + dbentry != NULL; + dbentry = ISC_LIST_NEXT(dbentry, link)) { + if (dbentry->db == db) + break; + } + + *dbentryp = dbentry; + + if (dbentry == NULL) + return (ISC_R_NOTFOUND); + else + return (ISC_R_SUCCESS); +} + +static inline void +clear_entry(dns_acache_t *acache, dns_acacheentry_t *entry) { + REQUIRE(DNS_ACACHE_VALID(acache)); + REQUIRE(DNS_ACACHEENTRY_VALID(entry)); + + /* + * The caller must be holing the entry lock. + */ + + if (entry->foundname) { + dns_rdataset_t *rdataset, *rdataset_next; + + for (rdataset = ISC_LIST_HEAD(entry->foundname->list); + rdataset != NULL; + rdataset = rdataset_next) { + rdataset_next = ISC_LIST_NEXT(rdataset, link); + ISC_LIST_UNLINK(entry->foundname->list, + rdataset, link); + dns_rdataset_disassociate(rdataset); + isc_mem_put(acache->mctx, rdataset, sizeof(*rdataset)); + } + if (dns_name_dynamic(entry->foundname)) + dns_name_free(entry->foundname, acache->mctx); + isc_mem_put(acache->mctx, entry->foundname, + sizeof(*entry->foundname)); + entry->foundname = NULL; + } + + if (entry->node != NULL) { + INSIST(entry->db != NULL); + dns_db_detachnode(entry->db, &entry->node); + } + if (entry->version != NULL) { + INSIST(entry->db != NULL); + dns_db_closeversion(entry->db, &entry->version, ISC_FALSE); + } + if (entry->db != NULL) + dns_db_detach(&entry->db); + if (entry->zone != NULL) + dns_zone_detach(&entry->zone); + + if (entry->origdb != NULL) + dns_db_detach(&entry->origdb); +} + +static isc_result_t +acache_cleaner_init(dns_acache_t *acache, isc_timermgr_t *timermgr, + acache_cleaner_t *cleaner) +{ + int result; + + ATRACE("acache cleaner init"); + + result = isc_mutex_init(&cleaner->lock); + if (result != ISC_R_SUCCESS) + goto fail; + + cleaner->increment = DNS_ACACHE_CLEANERINCREMENT; + cleaner->state = cleaner_s_idle; + cleaner->acache = acache; + cleaner->overmem = ISC_FALSE; + + cleaner->cleaning_timer = NULL; + cleaner->resched_event = NULL; + cleaner->overmem_event = NULL; + cleaner->current_entry = NULL; + + if (timermgr != NULL) { + cleaner->acache->live_cleaners++; + + result = isc_task_onshutdown(acache->task, + acache_cleaner_shutdown_action, + acache); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "acache cleaner: " + "isc_task_onshutdown() failed: %s", + dns_result_totext(result)); + goto cleanup; + } + + cleaner->cleaning_interval = 0; /* Initially turned off. */ + isc_stdtime_get(&cleaner->last_cleanup_time); + result = isc_timer_create(timermgr, isc_timertype_inactive, + NULL, NULL, + acache->task, + acache_cleaning_timer_action, + cleaner, &cleaner->cleaning_timer); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_timer_create() failed: %s", + dns_result_totext(result)); + result = ISC_R_UNEXPECTED; + goto cleanup; + } + + cleaner->resched_event = + isc_event_allocate(acache->mctx, cleaner, + DNS_EVENT_ACACHECLEAN, + acache_incremental_cleaning_action, + cleaner, sizeof(isc_event_t)); + if (cleaner->resched_event == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + + cleaner->overmem_event = + isc_event_allocate(acache->mctx, cleaner, + DNS_EVENT_ACACHEOVERMEM, + acache_overmem_cleaning_action, + cleaner, sizeof(isc_event_t)); + if (cleaner->overmem_event == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + } + + return (ISC_R_SUCCESS); + + cleanup: + if (cleaner->overmem_event != NULL) + isc_event_free(&cleaner->overmem_event); + if (cleaner->resched_event != NULL) + isc_event_free(&cleaner->resched_event); + if (cleaner->cleaning_timer != NULL) + isc_timer_detach(&cleaner->cleaning_timer); + cleaner->acache->live_cleaners--; + DESTROYLOCK(&cleaner->lock); + fail: + return (result); +} + +static void +begin_cleaning(acache_cleaner_t *cleaner) { + dns_acacheentry_t *head; + dns_acache_t *acache = cleaner->acache; + + /* + * This function does not have to lock the cleaner, since critical + * parameters (except current_entry, which is locked by acache lock,) + * are only used in a single task context. + */ + + REQUIRE(CLEANER_IDLE(cleaner)); + INSIST(DNS_ACACHE_VALID(acache)); + INSIST(cleaner->current_entry == NULL); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_ACACHE, ISC_LOG_DEBUG(1), + "begin acache cleaning, mem inuse %lu", + (unsigned long)isc_mem_inuse(cleaner->acache->mctx)); + + LOCK(&acache->lock); + + head = ISC_LIST_HEAD(acache->entries); + if (head != NULL) + dns_acache_attachentry(head, &cleaner->current_entry); + + UNLOCK(&acache->lock); + + if (cleaner->current_entry != NULL) { + cleaner->ncleaned = 0; + cleaner->state = cleaner_s_busy; + isc_task_send(acache->task, &cleaner->resched_event); + } + + return; +} + +static void +end_cleaning(acache_cleaner_t *cleaner, isc_event_t *event) { + dns_acache_t *acache = cleaner->acache; + + REQUIRE(CLEANER_BUSY(cleaner)); + REQUIRE(event != NULL); + REQUIRE(DNS_ACACHEENTRY_VALID(cleaner->current_entry)); + + /* No need to lock the cleaner (see begin_cleaning()). */ + + LOCK(&acache->lock); + + /* + * Even if the cleaner has the last reference to the entry, which means + * the entry has been unused, it may still be linked if unlinking the + * entry has been delayed due to the reference. + */ + if (isc_refcount_current(&cleaner->current_entry->references) == 1) { + INSIST(cleaner->current_entry->callback == NULL); + + if (ISC_LINK_LINKED(cleaner->current_entry, link)) { + ISC_LIST_UNLINK(acache->entries, + cleaner->current_entry, link); + } + } + dns_acache_detachentry(&cleaner->current_entry); + + if (cleaner->overmem) + acache->stats.overmem++; + acache->stats.cleaned += cleaner->ncleaned; + acache->stats.cleaner_runs++; + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ACACHE, + ISC_LOG_NOTICE, + "acache %p stats: hits=%d misses=%d queries=%d " + "adds=%d deleted=%d " + "cleaned=%d cleaner_runs=%d overmem=%d " + "overmem_nocreates=%d nomem=%d", + acache, + acache->stats.hits, acache->stats.misses, + acache->stats.queries, + acache->stats.adds, acache->stats.deleted, + acache->stats.cleaned, acache->stats.cleaner_runs, + acache->stats.overmem, acache->stats.overmem_nocreates, + acache->stats.nomem); + reset_stats(acache); + + isc_stdtime_get(&cleaner->last_cleanup_time); + + UNLOCK(&acache->lock); + + dns_acache_setcleaninginterval(cleaner->acache, + cleaner->cleaning_interval); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ACACHE, + ISC_LOG_DEBUG(1), "end acache cleaning, " + "%lu entries cleaned, mem inuse %lu", + cleaner->ncleaned, + (unsigned long)isc_mem_inuse(cleaner->acache->mctx)); + + if (cleaner->overmem) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_ACACHE, ISC_LOG_NOTICE, + "acache is still in overmem state " + "after cleaning"); + } + + cleaner->ncleaned = 0; + cleaner->state = cleaner_s_idle; + cleaner->resched_event = event; +} + +/* + * This is run once for every acache-cleaning-interval as defined + * in named.conf. + */ +static void +acache_cleaning_timer_action(isc_task_t *task, isc_event_t *event) { + acache_cleaner_t *cleaner = event->ev_arg; + + UNUSED(task); + + INSIST(event->ev_type == ISC_TIMEREVENT_TICK); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ACACHE, + ISC_LOG_DEBUG(1), "acache cleaning timer fired, " + "cleaner state = %d", cleaner->state); + + if (cleaner->state == cleaner_s_idle) + begin_cleaning(cleaner); + + isc_event_free(&event); +} + +/* The caller must hold entry lock. */ +static inline isc_boolean_t +entry_stale(acache_cleaner_t *cleaner, dns_acacheentry_t *entry, + isc_stdtime32_t now32, unsigned int interval) +{ + /* + * If the callback has been canceled, we definitely do not need the + * entry. + */ + if (entry->callback == NULL) + return (ISC_TRUE); + + if (interval > cleaner->cleaning_interval) + interval = cleaner->cleaning_interval; + + if (entry->lastused + interval < now32) + return (ISC_TRUE); + + /* + * If the acache is in the overmem state, probabilistically decide if + * the entry should be purged, based on the time passed from its last + * use and the cleaning interval. + */ + if (cleaner->overmem) { + unsigned int passed = + now32 - entry->lastused; /* <= interval */ + isc_uint32_t val; + + if (passed > interval / 2) + return (ISC_TRUE); + isc_random_get(&val); + if (passed > interval / 4) + return (ISC_TF(val % 4 == 0)); + return (ISC_TF(val % 8 == 0)); + } + + return (ISC_FALSE); +} + +/* + * Do incremental cleaning. + */ +static void +acache_incremental_cleaning_action(isc_task_t *task, isc_event_t *event) { + acache_cleaner_t *cleaner = event->ev_arg; + dns_acache_t *acache = cleaner->acache; + dns_acacheentry_t *entry, *next = NULL; + int n_entries; + isc_stdtime32_t now32, last32; + isc_stdtime_t now; + unsigned int interval; + + INSIST(DNS_ACACHE_VALID(acache)); + INSIST(task == acache->task); + INSIST(event->ev_type == DNS_EVENT_ACACHECLEAN); + + if (cleaner->state == cleaner_s_done) { + cleaner->state = cleaner_s_busy; + end_cleaning(cleaner, event); + return; + } + + INSIST(CLEANER_BUSY(cleaner)); + + n_entries = cleaner->increment; + + isc_stdtime_get(&now); + isc_stdtime_convert32(now, &now32); + + LOCK(&acache->lock); + + entry = cleaner->current_entry; + isc_stdtime_convert32(cleaner->last_cleanup_time, &last32); + INSIST(now32 > last32); + interval = now32 - last32; + + while (n_entries-- > 0) { + isc_boolean_t is_stale = ISC_FALSE; + + INSIST(entry != NULL); + + next = ISC_LIST_NEXT(entry, link); + + ACACHE_LOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + is_stale = entry_stale(cleaner, entry, now32, interval); + if (is_stale) { + ISC_LIST_UNLINK(acache->entries, entry, link); + unlink_dbentries(acache, entry); + if (entry->callback != NULL) + (entry->callback)(entry, &entry->cbarg); + entry->callback = NULL; + + cleaner->ncleaned++; + } + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + if (is_stale) + dns_acache_detachentry(&entry); + + if (next == NULL) { + if (cleaner->overmem) { + entry = ISC_LIST_HEAD(acache->entries); + if (entry != NULL) { + /* + * If we are still in the overmem + * state, keep cleaning. + */ + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_ACACHE, + ISC_LOG_DEBUG(1), + "acache cleaner: " + "still overmem, " + "reset and try again"); + continue; + } + } + + UNLOCK(&acache->lock); + end_cleaning(cleaner, event); + return; + } + + entry = next; + } + + /* + * We have successfully performed a cleaning increment but have + * not gone through the entire cache. Remember the entry that will + * be the starting point in the next clean-up, and reschedule another + * batch. If it fails, just try to continue anyway. + */ + INSIST(next != NULL && next != cleaner->current_entry); + dns_acache_detachentry(&cleaner->current_entry); + dns_acache_attachentry(next, &cleaner->current_entry); + + UNLOCK(&acache->lock); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ACACHE, + ISC_LOG_DEBUG(1), "acache cleaner: checked %d entries, " + "mem inuse %lu, sleeping", cleaner->increment, + (unsigned long)isc_mem_inuse(cleaner->acache->mctx)); + + isc_task_send(task, &event); + INSIST(CLEANER_BUSY(cleaner)); + + return; +} + +/* + * This is called when the acache either surpasses its upper limit + * or shrinks beyond its lower limit. + */ +static void +acache_overmem_cleaning_action(isc_task_t *task, isc_event_t *event) { + acache_cleaner_t *cleaner = event->ev_arg; + isc_boolean_t want_cleaning = ISC_FALSE; + + UNUSED(task); + + INSIST(event->ev_type == DNS_EVENT_ACACHEOVERMEM); + INSIST(cleaner->overmem_event == NULL); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ACACHE, + ISC_LOG_DEBUG(1), "overmem_cleaning_action called, " + "overmem = %d, state = %d", cleaner->overmem, + cleaner->state); + + LOCK(&cleaner->lock); + + if (cleaner->overmem) { + if (cleaner->state == cleaner_s_idle) + want_cleaning = ISC_TRUE; + } else { + if (cleaner->state == cleaner_s_busy) + /* + * end_cleaning() can't be called here because + * then both cleaner->overmem_event and + * cleaner->resched_event will point to this + * event. Set the state to done, and then + * when the acache_incremental_cleaning_action() event + * is posted, it will handle the end_cleaning. + */ + cleaner->state = cleaner_s_done; + } + + cleaner->overmem_event = event; + + UNLOCK(&cleaner->lock); + + if (want_cleaning) + begin_cleaning(cleaner); +} + +static void +water(void *arg, int mark) { + dns_acache_t *acache = arg; + isc_boolean_t overmem = ISC_TF(mark == ISC_MEM_HIWATER); + + REQUIRE(DNS_ACACHE_VALID(acache)); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_ACACHE, ISC_LOG_DEBUG(1), + "acache memory reaches %s watermark, mem inuse %lu", + overmem ? "high" : "low", + (unsigned long)isc_mem_inuse(acache->mctx)); + + LOCK(&acache->cleaner.lock); + + if (acache->cleaner.overmem != overmem) { + acache->cleaner.overmem = overmem; + + if (acache->cleaner.overmem_event != NULL) + isc_task_send(acache->task, + &acache->cleaner.overmem_event); + isc_mem_waterack(acache->mctx, mark); + } + + UNLOCK(&acache->cleaner.lock); +} + +/* + * The cleaner task is shutting down; do the necessary cleanup. + */ +static void +acache_cleaner_shutdown_action(isc_task_t *task, isc_event_t *event) { + dns_acache_t *acache = event->ev_arg; + isc_boolean_t should_free = ISC_FALSE; + + INSIST(task == acache->task); + INSIST(event->ev_type == ISC_TASKEVENT_SHUTDOWN); + INSIST(DNS_ACACHE_VALID(acache)); + + ATRACE("acache cleaner shutdown"); + + if (CLEANER_BUSY(&acache->cleaner)) + end_cleaning(&acache->cleaner, event); + else + isc_event_free(&event); + + LOCK(&acache->lock); + + acache->live_cleaners--; + INSIST(acache->live_cleaners == 0); + + if (isc_refcount_current(&acache->refs) == 0) { + INSIST(check_noentry(acache) == ISC_TRUE); + should_free = ISC_TRUE; + } + + /* + * By detaching the timer in the context of its task, + * we are guaranteed that there will be no further timer + * events. + */ + if (acache->cleaner.cleaning_timer != NULL) + isc_timer_detach(&acache->cleaner.cleaning_timer); + + /* Make sure we don't reschedule anymore. */ + (void)isc_task_purge(task, NULL, DNS_EVENT_ACACHECLEAN, NULL); + + UNLOCK(&acache->lock); + + if (should_free) + destroy(acache); +} + +/* + * Public functions. + */ + +isc_result_t +dns_acache_create(dns_acache_t **acachep, isc_mem_t *mctx, + isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr) +{ + int i; + isc_result_t result; + dns_acache_t *acache; + + REQUIRE(acachep != NULL && *acachep == NULL); + REQUIRE(mctx != NULL); + REQUIRE(taskmgr != NULL); + + acache = isc_mem_get(mctx, sizeof(*acache)); + if (acache == NULL) + return (ISC_R_NOMEMORY); + + ATRACE("create"); + + result = isc_refcount_init(&acache->refs, 1); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, acache, sizeof(*acache)); + return (result); + } + + result = isc_mutex_init(&acache->lock); + if (result != ISC_R_SUCCESS) { + isc_refcount_decrement(&acache->refs, NULL); + isc_refcount_destroy(&acache->refs); + isc_mem_put(mctx, acache, sizeof(*acache)); + return (result); + } + + acache->mctx = NULL; + isc_mem_attach(mctx, &acache->mctx); + ISC_LIST_INIT(acache->entries); + + acache->shutting_down = ISC_FALSE; + + acache->task = NULL; + acache->entrylocks = NULL; + + result = isc_task_create(taskmgr, 1, &acache->task); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_task_create() failed(): %s", + dns_result_totext(result)); + result = ISC_R_UNEXPECTED; + goto cleanup; + } + isc_task_setname(acache->task, "acachetask", acache); + ISC_EVENT_INIT(&acache->cevent, sizeof(acache->cevent), 0, NULL, + DNS_EVENT_ACACHECONTROL, shutdown_task, NULL, + NULL, NULL, NULL); + acache->cevent_sent = ISC_FALSE; + + acache->dbentries = 0; + for (i = 0; i < DBBUCKETS; i++) + ISC_LIST_INIT(acache->dbbucket[i]); + + acache->entrylocks = isc_mem_get(mctx, sizeof(*acache->entrylocks) * + DEFAULT_ACACHE_ENTRY_LOCK_COUNT); + if (acache->entrylocks == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + for (i = 0; i < DEFAULT_ACACHE_ENTRY_LOCK_COUNT; i++) { + result = ACACHE_INITLOCK(&acache->entrylocks[i]); + if (result != ISC_R_SUCCESS) { + while (i-- > 0) + ACACHE_DESTROYLOCK(&acache->entrylocks[i]); + isc_mem_put(mctx, acache->entrylocks, + sizeof(*acache->entrylocks) * + DEFAULT_ACACHE_ENTRY_LOCK_COUNT); + acache->entrylocks = NULL; + goto cleanup; + } + } + + acache->live_cleaners = 0; + result = acache_cleaner_init(acache, timermgr, &acache->cleaner); + if (result != ISC_R_SUCCESS) + goto cleanup; + + acache->stats.cleaner_runs = 0; + reset_stats(acache); + + acache->magic = ACACHE_MAGIC; + + *acachep = acache; + return (ISC_R_SUCCESS); + + cleanup: + if (acache->task != NULL) + isc_task_detach(&acache->task); + DESTROYLOCK(&acache->lock); + isc_refcount_decrement(&acache->refs, NULL); + isc_refcount_destroy(&acache->refs); + if (acache->entrylocks != NULL) { + for (i = 0; i < DEFAULT_ACACHE_ENTRY_LOCK_COUNT; i++) + ACACHE_DESTROYLOCK(&acache->entrylocks[i]); + isc_mem_put(mctx, acache->entrylocks, + sizeof(*acache->entrylocks) * + DEFAULT_ACACHE_ENTRY_LOCK_COUNT); + } + isc_mem_put(mctx, acache, sizeof(*acache)); + isc_mem_detach(&mctx); + + return (result); +} + +void +dns_acache_attach(dns_acache_t *source, dns_acache_t **targetp) { + REQUIRE(DNS_ACACHE_VALID(source)); + REQUIRE(targetp != NULL && *targetp == NULL); + + AATRACE(source, "attach"); + + isc_refcount_increment(&source->refs, NULL); + + *targetp = source; +} + +void +dns_acache_countquerymiss(dns_acache_t *acache) { + acache->stats.misses++; /* XXXSK danger: unlocked! */ + acache->stats.queries++; /* XXXSK danger: unlocked! */ +} + +void +dns_acache_detach(dns_acache_t **acachep) { + dns_acache_t *acache; + unsigned int refs; + isc_boolean_t should_free = ISC_FALSE; + + REQUIRE(acachep != NULL && DNS_ACACHE_VALID(*acachep)); + acache = *acachep; + + ATRACE("detach"); + + isc_refcount_decrement(&acache->refs, &refs); + if (refs == 0) { + INSIST(check_noentry(acache) == ISC_TRUE); + should_free = ISC_TRUE; + } + + *acachep = NULL; + + /* + * If we're exiting and the cleaner task exists, let it free the cache. + */ + if (should_free && acache->live_cleaners > 0) { + isc_task_shutdown(acache->task); + should_free = ISC_FALSE; + } + + if (should_free) + destroy(acache); +} + +void +dns_acache_shutdown(dns_acache_t *acache) { + REQUIRE(DNS_ACACHE_VALID(acache)); + + LOCK(&acache->lock); + + ATRACE("shutdown"); + + if (!acache->shutting_down) { + isc_event_t *event; + dns_acache_t *acache_evarg = NULL; + + INSIST(!acache->cevent_sent); + + acache->shutting_down = ISC_TRUE; + + isc_mem_setwater(acache->mctx, NULL, NULL, 0, 0); + + /* + * Self attach the object in order to prevent it from being + * destroyed while waiting for the event. + */ + dns_acache_attach(acache, &acache_evarg); + event = &acache->cevent; + event->ev_arg = acache_evarg; + isc_task_send(acache->task, &event); + acache->cevent_sent = ISC_TRUE; + } + + UNLOCK(&acache->lock); +} + +isc_result_t +dns_acache_setdb(dns_acache_t *acache, dns_db_t *db) { + int bucket; + dbentry_t *dbentry; + isc_result_t result = ISC_R_SUCCESS; + + REQUIRE(DNS_ACACHE_VALID(acache)); + REQUIRE(db != NULL); + + ATRACE("setdb"); + + LOCK(&acache->lock); + + dbentry = NULL; + result = finddbent(acache, db, &dbentry); + if (result == ISC_R_SUCCESS) { + result = ISC_R_EXISTS; + goto end; + } + result = ISC_R_SUCCESS; + + dbentry = isc_mem_get(acache->mctx, sizeof(*dbentry)); + if (dbentry == NULL) { + result = ISC_R_NOMEMORY; + goto end; + } + + ISC_LINK_INIT(dbentry, link); + ISC_LIST_INIT(dbentry->originlist); + ISC_LIST_INIT(dbentry->referlist); + + dbentry->db = NULL; + dns_db_attach(db, &dbentry->db); + + bucket = isc_hash_calc((const unsigned char *)&db, + sizeof(db), ISC_TRUE) % DBBUCKETS; + + ISC_LIST_APPEND(acache->dbbucket[bucket], dbentry, link); + + acache->dbentries++; + + end: + UNLOCK(&acache->lock); + + return (result); +} + +isc_result_t +dns_acache_putdb(dns_acache_t *acache, dns_db_t *db) { + int bucket; + isc_result_t result; + dbentry_t *dbentry; + dns_acacheentry_t *entry; + + REQUIRE(DNS_ACACHE_VALID(acache)); + REQUIRE(db != NULL); + + ATRACE("putdb"); + + LOCK(&acache->lock); + + dbentry = NULL; + result = finddbent(acache, db, &dbentry); + if (result != ISC_R_SUCCESS) { + /* + * The entry may have not been created due to memory shortage. + */ + UNLOCK(&acache->lock); + return (ISC_R_NOTFOUND); + } + + /* + * Release corresponding cache entries: for each entry, release all + * links the entry has, and then callback to the entry holder (if any). + * If no other external references exist (this can happen if the + * original holder has canceled callback,) destroy it here. + */ + while ((entry = ISC_LIST_HEAD(dbentry->originlist)) != NULL) { + ACACHE_LOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + /* + * Releasing olink first would avoid finddbent() in + * unlink_dbentries(). + */ + ISC_LIST_UNLINK(dbentry->originlist, entry, olink); + if (acache->cleaner.current_entry != entry) + ISC_LIST_UNLINK(acache->entries, entry, link); + unlink_dbentries(acache, entry); + + if (entry->callback != NULL) + (entry->callback)(entry, &entry->cbarg); + entry->callback = NULL; + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + if (acache->cleaner.current_entry != entry) + dns_acache_detachentry(&entry); + } + while ((entry = ISC_LIST_HEAD(dbentry->referlist)) != NULL) { + ACACHE_LOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + ISC_LIST_UNLINK(dbentry->referlist, entry, rlink); + if (acache->cleaner.current_entry != entry) + ISC_LIST_UNLINK(acache->entries, entry, link); + unlink_dbentries(acache, entry); + + if (entry->callback != NULL) + (entry->callback)(entry, &entry->cbarg); + entry->callback = NULL; + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + if (acache->cleaner.current_entry != entry) + dns_acache_detachentry(&entry); + } + + INSIST(ISC_LIST_EMPTY(dbentry->originlist) && + ISC_LIST_EMPTY(dbentry->referlist)); + + bucket = isc_hash_calc((const unsigned char *)&db, + sizeof(db), ISC_TRUE) % DBBUCKETS; + ISC_LIST_UNLINK(acache->dbbucket[bucket], dbentry, link); + dns_db_detach(&dbentry->db); + + isc_mem_put(acache->mctx, dbentry, sizeof(*dbentry)); + + acache->dbentries--; + + acache->stats.deleted++; + + UNLOCK(&acache->lock); + + return (ISC_R_SUCCESS); +} + +isc_result_t +dns_acache_createentry(dns_acache_t *acache, dns_db_t *origdb, + void (*callback)(dns_acacheentry_t *, void **), + void *cbarg, dns_acacheentry_t **entryp) +{ + dns_acacheentry_t *newentry; + isc_result_t result; + isc_uint32_t r; + + REQUIRE(DNS_ACACHE_VALID(acache)); + REQUIRE(entryp != NULL && *entryp == NULL); + REQUIRE(origdb != NULL); + + /* + * Should we exceed our memory limit for some reason (for + * example, if the cleaner does not run aggressively enough), + * then we will not create additional entries. + * + * XXXSK: It might be better to lock the acache->cleaner->lock, + * but locking may be an expensive bottleneck. If we misread + * the value, we will occasionally refuse to create a few + * cache entries, or create a few that we should not. I do not + * expect this to happen often, and it will not have very bad + * effects when it does. So no lock for now. + */ + if (acache->cleaner.overmem) { + acache->stats.overmem_nocreates++; /* XXXSK danger: unlocked! */ + return (ISC_R_NORESOURCES); + } + + newentry = isc_mem_get(acache->mctx, sizeof(*newentry)); + if (newentry == NULL) { + acache->stats.nomem++; /* XXXMLG danger: unlocked! */ + return (ISC_R_NOMEMORY); + } + + isc_random_get(&r); + newentry->locknum = r % DEFAULT_ACACHE_ENTRY_LOCK_COUNT; + + result = isc_refcount_init(&newentry->references, 1); + if (result != ISC_R_SUCCESS) { + isc_mem_put(acache->mctx, newentry, sizeof(*newentry)); + return (result); + }; + + ISC_LINK_INIT(newentry, link); + ISC_LINK_INIT(newentry, olink); + ISC_LINK_INIT(newentry, rlink); + + newentry->acache = NULL; + dns_acache_attach(acache, &newentry->acache); + + newentry->zone = NULL; + newentry->db = NULL; + newentry->version = NULL; + newentry->node = NULL; + newentry->foundname = NULL; + + newentry->callback = callback; + newentry->cbarg = cbarg; + newentry->origdb = NULL; + dns_db_attach(origdb, &newentry->origdb); + + isc_stdtime_get(&newentry->lastused); + + newentry->magic = ACACHEENTRY_MAGIC; + + *entryp = newentry; + + return (ISC_R_SUCCESS); +} + +isc_result_t +dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep, + dns_db_t **dbp, dns_dbversion_t **versionp, + dns_dbnode_t **nodep, dns_name_t *fname, + dns_message_t *msg, isc_stdtime_t now) +{ + isc_result_t result = ISC_R_SUCCESS; + dns_rdataset_t *erdataset; + isc_stdtime32_t now32; + dns_acache_t *acache; + int locknum; + + REQUIRE(DNS_ACACHEENTRY_VALID(entry)); + REQUIRE(zonep == NULL || *zonep == NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + REQUIRE(versionp != NULL && *versionp == NULL); + REQUIRE(nodep != NULL && *nodep == NULL); + REQUIRE(fname != NULL); + REQUIRE(msg != NULL); + acache = entry->acache; + REQUIRE(DNS_ACACHE_VALID(acache)); + + locknum = entry->locknum; + ACACHE_LOCK(&acache->entrylocks[locknum], isc_rwlocktype_read); + + isc_stdtime_convert32(now, &now32); + acache_storetime(entry, now32); + + if (entry->zone != NULL && zonep != NULL) + dns_zone_attach(entry->zone, zonep); + + if (entry->db == NULL) { + *dbp = NULL; + *versionp = NULL; + } else { + dns_db_attach(entry->db, dbp); + dns_db_attachversion(entry->db, entry->version, versionp); + } + if (entry->node == NULL) + *nodep = NULL; + else { + dns_db_attachnode(entry->db, entry->node, nodep); + + INSIST(entry->foundname != NULL); + dns_name_copy(entry->foundname, fname, NULL); + for (erdataset = ISC_LIST_HEAD(entry->foundname->list); + erdataset != NULL; + erdataset = ISC_LIST_NEXT(erdataset, link)) { + dns_rdataset_t *ardataset; + + ardataset = NULL; + result = dns_message_gettemprdataset(msg, &ardataset); + if (result != ISC_R_SUCCESS) { + ACACHE_UNLOCK(&acache->entrylocks[locknum], + isc_rwlocktype_read); + goto fail; + } + + /* + * XXXJT: if we simply clone the rdataset, we'll get + * lost wrt cyclic ordering. We'll need an additional + * trick to get the latest counter from the original + * header. + */ + dns_rdataset_init(ardataset); + dns_rdataset_clone(erdataset, ardataset); + ISC_LIST_APPEND(fname->list, ardataset, link); + } + } + + entry->acache->stats.hits++; /* XXXMLG danger: unlocked! */ + entry->acache->stats.queries++; + + ACACHE_UNLOCK(&acache->entrylocks[locknum], isc_rwlocktype_read); + + return (result); + + fail: + while ((erdataset = ISC_LIST_HEAD(fname->list)) != NULL) { + ISC_LIST_UNLINK(fname->list, erdataset, link); + dns_rdataset_disassociate(erdataset); + dns_message_puttemprdataset(msg, &erdataset); + } + if (*nodep != NULL) + dns_db_detachnode(*dbp, nodep); + if (*versionp != NULL) + dns_db_closeversion(*dbp, versionp, ISC_FALSE); + if (*dbp != NULL) + dns_db_detach(dbp); + if (zonep != NULL && *zonep != NULL) + dns_zone_detach(zonep); + + return (result); +} + +isc_result_t +dns_acache_setentry(dns_acache_t *acache, dns_acacheentry_t *entry, + dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version, + dns_dbnode_t *node, dns_name_t *fname) +{ + isc_result_t result; + dbentry_t *odbent; + dbentry_t *rdbent = NULL; + isc_boolean_t close_version = ISC_FALSE; + dns_acacheentry_t *dummy_entry = NULL; + + REQUIRE(DNS_ACACHE_VALID(acache)); + REQUIRE(DNS_ACACHEENTRY_VALID(entry)); + + LOCK(&acache->lock); /* XXX: need to lock it here for ordering */ + ACACHE_LOCK(&acache->entrylocks[entry->locknum], isc_rwlocktype_write); + + /* Set zone */ + if (zone != NULL) + dns_zone_attach(zone, &entry->zone); + /* Set DB */ + if (db != NULL) + dns_db_attach(db, &entry->db); + /* + * Set DB version. If the version is not given by the caller, + * which is the case for glue or cache DBs, use the current version. + */ + if (version == NULL) { + if (db != NULL) { + dns_db_currentversion(db, &version); + close_version = ISC_TRUE; + } + } + if (version != NULL) { + INSIST(db != NULL); + dns_db_attachversion(db, version, &entry->version); + } + if (close_version) + dns_db_closeversion(db, &version, ISC_FALSE); + /* Set DB node. */ + if (node != NULL) { + INSIST(db != NULL); + dns_db_attachnode(db, node, &entry->node); + } + + /* + * Set list of the corresponding rdatasets, if given. + * To minimize the overhead and memory consumption, we'll do this for + * positive cache only, in which case the DB node is non NULL. + * We do not want to cache incomplete information, so give up the + * entire entry when a memory shortage happen during the process. + */ + if (node != NULL) { + dns_rdataset_t *ardataset, *crdataset; + + entry->foundname = isc_mem_get(acache->mctx, + sizeof(*entry->foundname)); + + if (entry->foundname == NULL) { + result = ISC_R_NOMEMORY; + goto fail; + } + dns_name_init(entry->foundname, NULL); + result = dns_name_dup(fname, acache->mctx, + entry->foundname); + if (result != ISC_R_SUCCESS) + goto fail; + + for (ardataset = ISC_LIST_HEAD(fname->list); + ardataset != NULL; + ardataset = ISC_LIST_NEXT(ardataset, link)) { + crdataset = isc_mem_get(acache->mctx, + sizeof(*crdataset)); + if (crdataset == NULL) { + result = ISC_R_NOMEMORY; + goto fail; + } + + dns_rdataset_init(crdataset); + dns_rdataset_clone(ardataset, crdataset); + ISC_LIST_APPEND(entry->foundname->list, crdataset, + link); + } + } + + odbent = NULL; + result = finddbent(acache, entry->origdb, &odbent); + if (result != ISC_R_SUCCESS) + goto fail; + if (db != NULL) { + rdbent = NULL; + result = finddbent(acache, db, &rdbent); + if (result != ISC_R_SUCCESS) + goto fail; + } + + ISC_LIST_APPEND(acache->entries, entry, link); + ISC_LIST_APPEND(odbent->originlist, entry, olink); + if (rdbent != NULL) + ISC_LIST_APPEND(rdbent->referlist, entry, rlink); + + /* + * The additional cache needs an implicit reference to entries in its + * link. + */ + dns_acache_attachentry(entry, &dummy_entry); + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + + acache->stats.adds++; + UNLOCK(&acache->lock); + + return (ISC_R_SUCCESS); + + fail: + clear_entry(acache, entry); + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + UNLOCK(&acache->lock); + + return (result); +} + +void +dns_acache_cancelentry(dns_acacheentry_t *entry) { + dns_acache_t *acache = entry->acache; + + REQUIRE(DNS_ACACHEENTRY_VALID(entry)); + INSIST(DNS_ACACHE_VALID(acache)); + + LOCK(&acache->lock); + ACACHE_LOCK(&acache->entrylocks[entry->locknum], isc_rwlocktype_write); + + /* + * Release dependencies stored in this entry as much as possible. + * The main link cannot be released, since the acache object has + * a reference to this entry; the empty entry will be released in + * the next cleaning action. + */ + unlink_dbentries(acache, entry); + clear_entry(entry->acache, entry); + + entry->callback = NULL; + entry->cbarg = NULL; + + ACACHE_UNLOCK(&acache->entrylocks[entry->locknum], + isc_rwlocktype_write); + UNLOCK(&acache->lock); +} + +void +dns_acache_attachentry(dns_acacheentry_t *source, + dns_acacheentry_t **targetp) +{ + REQUIRE(DNS_ACACHEENTRY_VALID(source)); + REQUIRE(targetp != NULL && *targetp == NULL); + + isc_refcount_increment(&source->references, NULL); + + *targetp = source; +} + +void +dns_acache_detachentry(dns_acacheentry_t **entryp) { + dns_acacheentry_t *entry; + unsigned int refs; + + REQUIRE(entryp != NULL && DNS_ACACHEENTRY_VALID(*entryp)); + entry = *entryp; + + isc_refcount_decrement(&entry->references, &refs); + + /* + * If there are no references to the entry, the entry must have been + * unlinked and can be destroyed safely. + */ + if (refs == 0) { + INSIST(!ISC_LINK_LINKED(entry, link)); + (*entryp)->acache->stats.deleted++; + destroy_entry(entry); + } + + *entryp = NULL; +} + +void +dns_acache_setcleaninginterval(dns_acache_t *acache, unsigned int t) { + isc_interval_t interval; + isc_result_t result; + + REQUIRE(DNS_ACACHE_VALID(acache)); + + ATRACE("dns_acache_setcleaninginterval"); + + LOCK(&acache->lock); + + /* + * It may be the case that the acache has already shut down. + * If so, it has no timer. (Not sure if this can really happen.) + */ + if (acache->cleaner.cleaning_timer == NULL) + goto unlock; + + acache->cleaner.cleaning_interval = t; + + if (t == 0) { + result = isc_timer_reset(acache->cleaner.cleaning_timer, + isc_timertype_inactive, + NULL, NULL, ISC_TRUE); + } else { + isc_interval_set(&interval, acache->cleaner.cleaning_interval, + 0); + result = isc_timer_reset(acache->cleaner.cleaning_timer, + isc_timertype_ticker, + NULL, &interval, ISC_FALSE); + } + if (result != ISC_R_SUCCESS) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_ACACHE, ISC_LOG_WARNING, + "could not set acache cleaning interval: %s", + isc_result_totext(result)); + else + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_ACACHE, ISC_LOG_NOTICE, + "acache %p cleaning interval set to %d.", + acache, t); + + unlock: + UNLOCK(&acache->lock); +} + +/* + * This function was derived from cache.c:dns_cache_setcachesize(). See the + * function for more details about the logic. + */ +void +dns_acache_setcachesize(dns_acache_t *acache, isc_uint32_t size) { + isc_uint32_t lowater; + isc_uint32_t hiwater; + + REQUIRE(DNS_ACACHE_VALID(acache)); + + if (size != 0 && size < DNS_ACACHE_MINSIZE) + size = DNS_ACACHE_MINSIZE; + + hiwater = size - (size >> 3); + lowater = size - (size >> 2); + + if (size == 0 || hiwater == 0 || lowater == 0) + isc_mem_setwater(acache->mctx, water, acache, 0, 0); + else + isc_mem_setwater(acache->mctx, water, acache, + hiwater, lowater); +} diff --git a/contrib/bind-9.5.2/lib/dns/acl.c b/contrib/bind-9.5.2/lib/dns/acl.c new file mode 100644 index 0000000000..188886e173 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/acl.c @@ -0,0 +1,623 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: acl.c,v 1.37.2.14 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ + +#include + +#include +#include +#include +#include + +#include +#include + +/* + * Create a new ACL, including an IP table and an array with room + * for 'n' ACL elements. The elements are uninitialized and the + * length is 0. + */ +isc_result_t +dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target) { + isc_result_t result; + dns_acl_t *acl; + + /* + * Work around silly limitation of isc_mem_get(). + */ + if (n == 0) + n = 1; + + acl = isc_mem_get(mctx, sizeof(*acl)); + if (acl == NULL) + return (ISC_R_NOMEMORY); + acl->mctx = mctx; + acl->name = NULL; + + result = isc_refcount_init(&acl->refcount, 1); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, acl, sizeof(*acl)); + return (result); + } + + result = dns_iptable_create(mctx, &acl->iptable); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, acl, sizeof(*acl)); + return (result); + } + + acl->elements = NULL; + acl->alloc = 0; + acl->length = 0; + acl->has_negatives = ISC_FALSE; + + ISC_LINK_INIT(acl, nextincache); + /* + * Must set magic early because we use dns_acl_detach() to clean up. + */ + acl->magic = DNS_ACL_MAGIC; + + acl->elements = isc_mem_get(mctx, n * sizeof(dns_aclelement_t)); + if (acl->elements == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + acl->alloc = n; + memset(acl->elements, 0, n * sizeof(dns_aclelement_t)); + *target = acl; + return (ISC_R_SUCCESS); + + cleanup: + dns_acl_detach(&acl); + return (result); +} + +/* + * Create a new ACL and initialize it with the value "any" or "none", + * depending on the value of the "neg" parameter. + * "any" is a positive iptable entry with bit length 0. + * "none" is the same as "!any". + */ +static isc_result_t +dns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) { + isc_result_t result; + dns_acl_t *acl = NULL; + result = dns_acl_create(mctx, 0, &acl); + if (result != ISC_R_SUCCESS) + return (result); + + result = dns_iptable_addprefix(acl->iptable, NULL, 0, ISC_TF(!neg)); + if (result != ISC_R_SUCCESS) { + dns_acl_detach(&acl); + return (result); + } + + *target = acl; + return (result); +} + +/* + * Create a new ACL that matches everything. + */ +isc_result_t +dns_acl_any(isc_mem_t *mctx, dns_acl_t **target) { + return (dns_acl_anyornone(mctx, ISC_FALSE, target)); +} + +/* + * Create a new ACL that matches nothing. + */ +isc_result_t +dns_acl_none(isc_mem_t *mctx, dns_acl_t **target) { + return (dns_acl_anyornone(mctx, ISC_TRUE, target)); +} + +/* + * If pos is ISC_TRUE, test whether acl is set to "{ any; }" + * If pos is ISC_FALSE, test whether acl is set to "{ none; }" + */ +static isc_boolean_t +dns_acl_isanyornone(dns_acl_t *acl, isc_boolean_t pos) +{ + /* Should never happen but let's be safe */ + if (acl == NULL || + acl->iptable == NULL || + acl->iptable->radix == NULL || + acl->iptable->radix->head == NULL || + acl->iptable->radix->head->prefix == NULL) + return (ISC_FALSE); + + if (acl->length != 0 || acl->node_count != 1) + return (ISC_FALSE); + + if (acl->iptable->radix->head->prefix->bitlen == 0 && + acl->iptable->radix->head->data[0] != NULL && + acl->iptable->radix->head->data[0] == + acl->iptable->radix->head->data[1] && + *(isc_boolean_t *) (acl->iptable->radix->head->data[0]) == pos) + return (ISC_TRUE); + + return (ISC_FALSE); /* All others */ +} + +/* + * Test whether acl is set to "{ any; }" + */ +isc_boolean_t +dns_acl_isany(dns_acl_t *acl) +{ + return (dns_acl_isanyornone(acl, ISC_TRUE)); +} + +/* + * Test whether acl is set to "{ none; }" + */ +isc_boolean_t +dns_acl_isnone(dns_acl_t *acl) +{ + return (dns_acl_isanyornone(acl, ISC_FALSE)); +} + +/* + * Determine whether a given address or signer matches a given ACL. + * For a match with a positive ACL element or iptable radix entry, + * return with a positive value in match; for a match with a negated ACL + * element or radix entry, return with a negative value in match. + */ +isc_result_t +dns_acl_match(const isc_netaddr_t *reqaddr, + const dns_name_t *reqsigner, + const dns_acl_t *acl, + const dns_aclenv_t *env, + int *match, + const dns_aclelement_t **matchelt) +{ + isc_uint16_t bitlen, family; + isc_prefix_t pfx; + isc_radix_node_t *node = NULL; + const isc_netaddr_t *addr; + isc_netaddr_t v4addr; + isc_result_t result; + int match_num = -1; + unsigned int i; + + REQUIRE(reqaddr != NULL); + REQUIRE(matchelt == NULL || *matchelt == NULL); + + if (env == NULL || env->match_mapped == ISC_FALSE || + reqaddr->family != AF_INET6 || + !IN6_IS_ADDR_V4MAPPED(&reqaddr->type.in6)) + addr = reqaddr; + else { + isc_netaddr_fromv4mapped(&v4addr, reqaddr); + addr = &v4addr; + } + + /* Always match with host addresses. */ + family = addr->family; + bitlen = family == AF_INET6 ? 128 : 32; + NETADDR_TO_PREFIX_T(addr, pfx, bitlen); + + /* Assume no match. */ + *match = 0; + + /* Search radix. */ + result = isc_radix_search(acl->iptable->radix, &node, &pfx); + + /* Found a match. */ + if (result == ISC_R_SUCCESS && node != NULL) { + match_num = node->node_num[ISC_IS6(family)]; + if (*(isc_boolean_t *) node->data[ISC_IS6(family)] == ISC_TRUE) + *match = match_num; + else + *match = -match_num; + } + + /* Now search non-radix elements for a match with a lower node_num. */ + for (i = 0; i < acl->length; i++) { + dns_aclelement_t *e = &acl->elements[i]; + + /* Already found a better match? */ + if (match_num != -1 && match_num < e->node_num) { + isc_refcount_destroy(&pfx.refcount); + return (ISC_R_SUCCESS); + } + + if (dns_aclelement_match(reqaddr, reqsigner, + e, env, matchelt)) { + if (match_num == -1 || e->node_num < match_num) { + if (e->negative == ISC_TRUE) + *match = -e->node_num; + else + *match = e->node_num; + } + isc_refcount_destroy(&pfx.refcount); + return (ISC_R_SUCCESS); + } + } + + isc_refcount_destroy(&pfx.refcount); + return (ISC_R_SUCCESS); +} + +/* + * Merge the contents of one ACL into another. Call dns_iptable_merge() + * for the IP tables, then concatenate the element arrays. + * + * If pos is set to false, then the nested ACL is to be negated. This + * means reverse the sense of each *positive* element or IP table node, + * but leave negatives alone, so as to prevent a double-negative causing + * an unexpected positive match in the parent ACL. + */ +isc_result_t +dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos) +{ + isc_result_t result; + unsigned int newalloc, nelem, i; + int max_node = 0, nodes; + + /* Resize the element array if needed. */ + if (dest->length + source->length > dest->alloc) { + void *newmem; + + newalloc = dest->alloc + source->alloc; + if (newalloc < 4) + newalloc = 4; + + newmem = isc_mem_get(dest->mctx, + newalloc * sizeof(dns_aclelement_t)); + if (newmem == NULL) + return (ISC_R_NOMEMORY); + + /* Copy in the original elements */ + memcpy(newmem, dest->elements, + dest->length * sizeof(dns_aclelement_t)); + + /* Release the memory for the old elements array */ + isc_mem_put(dest->mctx, dest->elements, + dest->alloc * sizeof(dns_aclelement_t)); + dest->elements = newmem; + dest->alloc = newalloc; + } + + /* + * Now copy in the new elements, increasing their node_num + * values so as to keep the new ACL consistent. If we're + * negating, then negate positive elements, but keep negative + * elements the same for security reasons. + */ + nelem = dest->length; + dest->length += source->length; + for (i = 0; i < source->length; i++) { + if (source->elements[i].node_num > max_node) + max_node = source->elements[i].node_num; + + /* Copy type. */ + dest->elements[nelem + i].type = source->elements[i].type; + + /* Adjust node numbering. */ + dest->elements[nelem + i].node_num = + source->elements[i].node_num + dest->node_count; + + /* Duplicate nested acl. */ + if (source->elements[i].type == dns_aclelementtype_nestedacl && + source->elements[i].nestedacl != NULL) + dns_acl_attach(source->elements[i].nestedacl, + &dest->elements[nelem + i].nestedacl); + + /* Duplicate key name. */ + if (source->elements[i].type == dns_aclelementtype_keyname) { + dns_name_init(&dest->elements[nelem+i].keyname, NULL); + result = dns_name_dup(&source->elements[i].keyname, + dest->mctx, + &dest->elements[nelem+i].keyname); + if (result != ISC_R_SUCCESS) + return result; + } + + /* reverse sense of positives if this is a negative acl */ + if (!pos && source->elements[i].negative == ISC_FALSE) { + dest->elements[nelem + i].negative = ISC_TRUE; + } else { + dest->elements[nelem + i].negative = + source->elements[i].negative; + } + } + + + /* + * Merge the iptables. Make sure the destination ACL's + * node_count value is set correctly afterward. + */ + nodes = max_node + dest->node_count; + result = dns_iptable_merge(dest->iptable, source->iptable, pos); + if (result != ISC_R_SUCCESS) + return (result); + if (nodes > dest->node_count) + dest->node_count = nodes; + + return (ISC_R_SUCCESS); +} + +/* + * Like dns_acl_match, but matches against the single ACL element 'e' + * rather than a complete ACL, and returns ISC_TRUE iff it matched. + * + * To determine whether the match was positive or negative, the + * caller should examine e->negative. Since the element 'e' may be + * a reference to a named ACL or a nested ACL, a matching element + * returned through 'matchelt' is not necessarily 'e' itself. + */ +isc_boolean_t +dns_aclelement_match(const isc_netaddr_t *reqaddr, + const dns_name_t *reqsigner, + const dns_aclelement_t *e, + const dns_aclenv_t *env, + const dns_aclelement_t **matchelt) +{ + dns_acl_t *inner = NULL; + int indirectmatch; + isc_result_t result; + + switch (e->type) { + case dns_aclelementtype_keyname: + if (reqsigner != NULL && + dns_name_equal(reqsigner, &e->keyname)) { + if (matchelt != NULL) + *matchelt = e; + return (ISC_TRUE); + } else { + return (ISC_FALSE); + } + + case dns_aclelementtype_nestedacl: + inner = e->nestedacl; + break; + + case dns_aclelementtype_localhost: + if (env == NULL || env->localhost == NULL) + return (ISC_FALSE); + inner = env->localhost; + break; + + case dns_aclelementtype_localnets: + if (env == NULL || env->localnets == NULL) + return (ISC_FALSE); + inner = env->localnets; + break; + + default: + /* Should be impossible. */ + INSIST(0); + } + + result = dns_acl_match(reqaddr, reqsigner, inner, env, + &indirectmatch, matchelt); + INSIST(result == ISC_R_SUCCESS); + + /* + * Treat negative matches in indirect ACLs as "no match". + * That way, a negated indirect ACL will never become a + * surprise positive match through double negation. + * XXXDCL this should be documented. + */ + + if (indirectmatch > 0) { + if (matchelt != NULL) + *matchelt = e; + return (ISC_TRUE); + } + + /* + * A negative indirect match may have set *matchelt, but we don't + * want it set when we return. + */ + + if (matchelt != NULL) + *matchelt = NULL; + + return (ISC_FALSE); +} + +void +dns_acl_attach(dns_acl_t *source, dns_acl_t **target) { + REQUIRE(DNS_ACL_VALID(source)); + isc_refcount_increment(&source->refcount, NULL); + *target = source; +} + +static void +destroy(dns_acl_t *dacl) { + unsigned int i; + for (i = 0; i < dacl->length; i++) { + dns_aclelement_t *de = &dacl->elements[i]; + if (de->type == dns_aclelementtype_keyname) { + dns_name_free(&de->keyname, dacl->mctx); + } else if (de->type == dns_aclelementtype_nestedacl) { + dns_acl_detach(&de->nestedacl); + } + } + if (dacl->elements != NULL) + isc_mem_put(dacl->mctx, dacl->elements, + dacl->alloc * sizeof(dns_aclelement_t)); + if (dacl->name != NULL) + isc_mem_free(dacl->mctx, dacl->name); + if (dacl->iptable != NULL) + dns_iptable_detach(&dacl->iptable); + isc_refcount_destroy(&dacl->refcount); + dacl->magic = 0; + isc_mem_put(dacl->mctx, dacl, sizeof(*dacl)); +} + +void +dns_acl_detach(dns_acl_t **aclp) { + dns_acl_t *acl = *aclp; + unsigned int refs; + REQUIRE(DNS_ACL_VALID(acl)); + isc_refcount_decrement(&acl->refcount, &refs); + if (refs == 0) + destroy(acl); + *aclp = NULL; +} + + +static isc_once_t insecure_prefix_once = ISC_ONCE_INIT; +static isc_mutex_t insecure_prefix_lock; +static isc_boolean_t insecure_prefix_found; + +static void +initialize_action(void) { + RUNTIME_CHECK(isc_mutex_init(&insecure_prefix_lock) == ISC_R_SUCCESS); +} + +/* + * Called via isc_radix_walk() to find IP table nodes that are + * insecure. + */ +static void +is_insecure(isc_prefix_t *prefix, void **data) { + isc_boolean_t secure; + int bitlen, family; + + bitlen = prefix->bitlen; + family = prefix->family; + + /* Negated entries are always secure. */ + secure = * (isc_boolean_t *)data[ISC_IS6(family)]; + if (!secure) { + return; + } + + /* If loopback prefix found, return */ + switch (family) { + case AF_INET: + if (bitlen == 32 && + htonl(prefix->add.sin.s_addr) == INADDR_LOOPBACK) + return; + break; + case AF_INET6: + if (bitlen == 128 && IN6_IS_ADDR_LOOPBACK(&prefix->add.sin6)) + return; + break; + default: + break; + } + + /* Non-negated, non-loopback */ + insecure_prefix_found = ISC_TRUE; /* LOCKED */ + return; +} + +/* + * Return ISC_TRUE iff the acl 'a' is considered insecure, that is, + * if it contains IP addresses other than those of the local host. + * This is intended for applications such as printing warning + * messages for suspect ACLs; it is not intended for making access + * control decisions. We make no guarantee that an ACL for which + * this function returns ISC_FALSE is safe. + */ +isc_boolean_t +dns_acl_isinsecure(const dns_acl_t *a) { + unsigned int i; + isc_boolean_t insecure; + + RUNTIME_CHECK(isc_once_do(&insecure_prefix_once, + initialize_action) == ISC_R_SUCCESS); + + /* + * Walk radix tree to find out if there are any non-negated, + * non-loopback prefixes. + */ + LOCK(&insecure_prefix_lock); + insecure_prefix_found = ISC_FALSE; + isc_radix_process(a->iptable->radix, is_insecure); + insecure = insecure_prefix_found; + UNLOCK(&insecure_prefix_lock); + if (insecure) + return(ISC_TRUE); + + /* Now check non-radix elements */ + for (i = 0; i < a->length; i++) { + dns_aclelement_t *e = &a->elements[i]; + + /* A negated match can never be insecure. */ + if (e->negative) + continue; + + switch (e->type) { + case dns_aclelementtype_keyname: + case dns_aclelementtype_localhost: + continue; + + case dns_aclelementtype_nestedacl: + if (dns_acl_isinsecure(e->nestedacl)) + return (ISC_TRUE); + continue; + + case dns_aclelementtype_localnets: + return (ISC_TRUE); + + default: + INSIST(0); + return (ISC_TRUE); + } + } + + /* No insecure elements were found. */ + return (ISC_FALSE); +} + +/* + * Initialize ACL environment, setting up localhost and localnets ACLs + */ +isc_result_t +dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) { + isc_result_t result; + env->localhost = NULL; + env->localnets = NULL; + result = dns_acl_create(mctx, 0, &env->localhost); + if (result != ISC_R_SUCCESS) + goto cleanup_nothing; + result = dns_acl_create(mctx, 0, &env->localnets); + if (result != ISC_R_SUCCESS) + goto cleanup_localhost; + env->match_mapped = ISC_FALSE; + return (ISC_R_SUCCESS); + + cleanup_localhost: + dns_acl_detach(&env->localhost); + cleanup_nothing: + return (result); +} + +void +dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s) { + dns_acl_detach(&t->localhost); + dns_acl_attach(s->localhost, &t->localhost); + dns_acl_detach(&t->localnets); + dns_acl_attach(s->localnets, &t->localnets); + t->match_mapped = s->match_mapped; +} + +void +dns_aclenv_destroy(dns_aclenv_t *env) { + dns_acl_detach(&env->localhost); + dns_acl_detach(&env->localnets); +} diff --git a/contrib/bind-9.3/lib/dns/adb.c b/contrib/bind-9.5.2/lib/dns/adb.c similarity index 80% rename from contrib/bind-9.3/lib/dns/adb.c rename to contrib/bind-9.5.2/lib/dns/adb.c index 3fe436a2bb..cb45c82d01 100644 --- a/contrib/bind-9.3/lib/dns/adb.c +++ b/contrib/bind-9.5.2/lib/dns/adb.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,25 +15,17 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb.c,v 1.181.2.11.2.26 2006/01/04 23:50:20 marka Exp $ */ +/* $Id: adb.c,v 1.233.36.14 2009/02/03 22:35:00 jinmei Exp $ */ -/* - * Implementation notes - * -------------------- +/*! \file * + * \note * In finds, if task == NULL, no events will be generated, and no events * have been sent. If task != NULL but taskaction == NULL, an event has been * posted but not yet freed. If neither are NULL, no event was posted. * */ -/* - * After we have cleaned all buckets, dump the database contents. - */ -#if 0 -#define DUMP_ADB_AFTER_CLEANING -#endif - #include #include @@ -41,9 +33,9 @@ #include #include #include -#include /* Required for HP/UX (and others?) */ +#include +#include /* Required for HP/UX (and others?) */ #include -#include #include #include @@ -53,198 +45,207 @@ #include #include #include +#include #include #include +#include -#define DNS_ADB_MAGIC ISC_MAGIC('D', 'a', 'd', 'b') -#define DNS_ADB_VALID(x) ISC_MAGIC_VALID(x, DNS_ADB_MAGIC) -#define DNS_ADBNAME_MAGIC ISC_MAGIC('a', 'd', 'b', 'N') -#define DNS_ADBNAME_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBNAME_MAGIC) -#define DNS_ADBNAMEHOOK_MAGIC ISC_MAGIC('a', 'd', 'N', 'H') +#define DNS_ADB_MAGIC ISC_MAGIC('D', 'a', 'd', 'b') +#define DNS_ADB_VALID(x) ISC_MAGIC_VALID(x, DNS_ADB_MAGIC) +#define DNS_ADBNAME_MAGIC ISC_MAGIC('a', 'd', 'b', 'N') +#define DNS_ADBNAME_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBNAME_MAGIC) +#define DNS_ADBNAMEHOOK_MAGIC ISC_MAGIC('a', 'd', 'N', 'H') #define DNS_ADBNAMEHOOK_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBNAMEHOOK_MAGIC) -#define DNS_ADBZONEINFO_MAGIC ISC_MAGIC('a', 'd', 'b', 'Z') -#define DNS_ADBZONEINFO_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBZONEINFO_MAGIC) -#define DNS_ADBENTRY_MAGIC ISC_MAGIC('a', 'd', 'b', 'E') -#define DNS_ADBENTRY_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBENTRY_MAGIC) -#define DNS_ADBFETCH_MAGIC ISC_MAGIC('a', 'd', 'F', '4') -#define DNS_ADBFETCH_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBFETCH_MAGIC) -#define DNS_ADBFETCH6_MAGIC ISC_MAGIC('a', 'd', 'F', '6') -#define DNS_ADBFETCH6_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBFETCH6_MAGIC) - -/* +#define DNS_ADBLAMEINFO_MAGIC ISC_MAGIC('a', 'd', 'b', 'Z') +#define DNS_ADBLAMEINFO_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBLAMEINFO_MAGIC) +#define DNS_ADBENTRY_MAGIC ISC_MAGIC('a', 'd', 'b', 'E') +#define DNS_ADBENTRY_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBENTRY_MAGIC) +#define DNS_ADBFETCH_MAGIC ISC_MAGIC('a', 'd', 'F', '4') +#define DNS_ADBFETCH_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBFETCH_MAGIC) +#define DNS_ADBFETCH6_MAGIC ISC_MAGIC('a', 'd', 'F', '6') +#define DNS_ADBFETCH6_VALID(x) ISC_MAGIC_VALID(x, DNS_ADBFETCH6_MAGIC) + +/*! * The number of buckets needs to be a prime (for good hashing). * * XXXRTH How many buckets do we need? */ -#define NBUCKETS 1009 /* how many buckets for names/addrs */ +#define NBUCKETS 1009 /*%< how many buckets for names/addrs */ -/* +/*! * For type 3 negative cache entries, we will remember that the address is * broken for this long. XXXMLG This is also used for actual addresses, too. * The intent is to keep us from constantly asking about A/AAAA records * if the zone has extremely low TTLs. */ -#define ADB_CACHE_MINIMUM 10 /* seconds */ -#define ADB_CACHE_MAXIMUM 86400 /* seconds (86400 = 24 hours) */ -#define ADB_ENTRY_WINDOW 1800 /* seconds */ - -/* - * Wake up every CLEAN_SECONDS and clean CLEAN_BUCKETS buckets, so that all - * buckets are cleaned in CLEAN_PERIOD seconds. +#define ADB_CACHE_MINIMUM 10 /*%< seconds */ +#define ADB_CACHE_MAXIMUM 86400 /*%< seconds (86400 = 24 hours) */ +#define ADB_ENTRY_WINDOW 1800 /*%< seconds */ + +/*% + * The period in seconds after which an ADB name entry is regarded as stale + * and forced to be cleaned up. + * TODO: This should probably be configurable at run-time. */ -#define CLEAN_PERIOD 3600 -#define CLEAN_SECONDS 30 -#define CLEAN_BUCKETS ((NBUCKETS * CLEAN_SECONDS) / CLEAN_PERIOD) +#ifndef ADB_STALE_MARGIN +#define ADB_STALE_MARGIN 1800 +#endif -#define FREE_ITEMS 64 /* free count for memory pools */ -#define FILL_COUNT 16 /* fill count for memory pools */ +#define FREE_ITEMS 64 /*%< free count for memory pools */ +#define FILL_COUNT 16 /*%< fill count for memory pools */ -#define DNS_ADB_INVALIDBUCKET (-1) /* invalid bucket address */ +#define DNS_ADB_INVALIDBUCKET (-1) /*%< invalid bucket address */ -#define DNS_ADB_MINADBSIZE (1024*1024) /* 1 Megabyte */ +#define DNS_ADB_MINADBSIZE (1024*1024) /*%< 1 Megabyte */ typedef ISC_LIST(dns_adbname_t) dns_adbnamelist_t; typedef struct dns_adbnamehook dns_adbnamehook_t; typedef ISC_LIST(dns_adbnamehook_t) dns_adbnamehooklist_t; -typedef struct dns_adbzoneinfo dns_adbzoneinfo_t; +typedef struct dns_adblameinfo dns_adblameinfo_t; typedef ISC_LIST(dns_adbentry_t) dns_adbentrylist_t; typedef struct dns_adbfetch dns_adbfetch_t; typedef struct dns_adbfetch6 dns_adbfetch6_t; +/*% dns adb structure */ struct dns_adb { - unsigned int magic; - - isc_mutex_t lock; - isc_mutex_t reflock; /* Covers irefcnt, erefcnt */ - isc_mem_t *mctx; - dns_view_t *view; - isc_timermgr_t *timermgr; - isc_timer_t *timer; - isc_taskmgr_t *taskmgr; - isc_task_t *task; - isc_boolean_t overmem; - - isc_interval_t tick_interval; - int next_cleanbucket; - - unsigned int irefcnt; - unsigned int erefcnt; - - isc_mutex_t mplock; - isc_mempool_t *nmp; /* dns_adbname_t */ - isc_mempool_t *nhmp; /* dns_adbnamehook_t */ - isc_mempool_t *zimp; /* dns_adbzoneinfo_t */ - isc_mempool_t *emp; /* dns_adbentry_t */ - isc_mempool_t *ahmp; /* dns_adbfind_t */ - isc_mempool_t *aimp; /* dns_adbaddrinfo_t */ - isc_mempool_t *afmp; /* dns_adbfetch_t */ - - /* + unsigned int magic; + + isc_mutex_t lock; + isc_mutex_t reflock; /*%< Covers irefcnt, erefcnt */ + isc_mutex_t overmemlock; /*%< Covers overmem */ + isc_mem_t *mctx; + dns_view_t *view; + + isc_taskmgr_t *taskmgr; + isc_task_t *task; + isc_boolean_t overmem; + + isc_interval_t tick_interval; + int next_cleanbucket; + + unsigned int irefcnt; + unsigned int erefcnt; + + isc_mutex_t mplock; + isc_mempool_t *nmp; /*%< dns_adbname_t */ + isc_mempool_t *nhmp; /*%< dns_adbnamehook_t */ + isc_mempool_t *limp; /*%< dns_adblameinfo_t */ + isc_mempool_t *emp; /*%< dns_adbentry_t */ + isc_mempool_t *ahmp; /*%< dns_adbfind_t */ + isc_mempool_t *aimp; /*%< dns_adbaddrinfo_t */ + isc_mempool_t *afmp; /*%< dns_adbfetch_t */ + + /*! * Bucketized locks and lists for names. * * XXXRTH Have a per-bucket structure that contains all of these? */ - dns_adbnamelist_t names[NBUCKETS]; - isc_mutex_t namelocks[NBUCKETS]; - isc_boolean_t name_sd[NBUCKETS]; - unsigned int name_refcnt[NBUCKETS]; - - /* + dns_adbnamelist_t names[NBUCKETS]; + dns_adbnamelist_t deadnames[NBUCKETS]; + /*% See dns_adbnamelist_t */ + isc_mutex_t namelocks[NBUCKETS]; + /*% See dns_adbnamelist_t */ + isc_boolean_t name_sd[NBUCKETS]; + /*% See dns_adbnamelist_t */ + unsigned int name_refcnt[NBUCKETS]; + + /*! * Bucketized locks for entries. * * XXXRTH Have a per-bucket structure that contains all of these? */ - dns_adbentrylist_t entries[NBUCKETS]; - isc_mutex_t entrylocks[NBUCKETS]; - isc_boolean_t entry_sd[NBUCKETS]; /* shutting down */ - unsigned int entry_refcnt[NBUCKETS]; - - isc_event_t cevent; - isc_boolean_t cevent_sent; - isc_boolean_t shutting_down; - isc_eventlist_t whenshutdown; + dns_adbentrylist_t entries[NBUCKETS]; + dns_adbentrylist_t deadentries[NBUCKETS]; + isc_mutex_t entrylocks[NBUCKETS]; + isc_boolean_t entry_sd[NBUCKETS]; /*%< shutting down */ + unsigned int entry_refcnt[NBUCKETS]; + + isc_event_t cevent; + isc_boolean_t cevent_sent; + isc_boolean_t shutting_down; + isc_eventlist_t whenshutdown; }; /* * XXXMLG Document these structures. */ +/*% dns_adbname structure */ struct dns_adbname { - unsigned int magic; - dns_name_t name; - dns_adb_t *adb; - unsigned int partial_result; - unsigned int flags; - int lock_bucket; - dns_name_t target; - isc_stdtime_t expire_target; - isc_stdtime_t expire_v4; - isc_stdtime_t expire_v6; - unsigned int chains; - dns_adbnamehooklist_t v4; - dns_adbnamehooklist_t v6; - dns_adbfetch_t *fetch_a; - dns_adbfetch_t *fetch_aaaa; - unsigned int fetch_err; - unsigned int fetch6_err; - dns_adbfindlist_t finds; - ISC_LINK(dns_adbname_t) plink; + unsigned int magic; + dns_name_t name; + dns_adb_t *adb; + unsigned int partial_result; + unsigned int flags; + int lock_bucket; + dns_name_t target; + isc_stdtime_t expire_target; + isc_stdtime_t expire_v4; + isc_stdtime_t expire_v6; + unsigned int chains; + dns_adbnamehooklist_t v4; + dns_adbnamehooklist_t v6; + dns_adbfetch_t *fetch_a; + dns_adbfetch_t *fetch_aaaa; + unsigned int fetch_err; + unsigned int fetch6_err; + dns_adbfindlist_t finds; + /* for LRU-based management */ + isc_stdtime_t last_used; + + ISC_LINK(dns_adbname_t) plink; }; +/*% The adbfetch structure */ struct dns_adbfetch { - unsigned int magic; - dns_adbnamehook_t *namehook; - dns_adbentry_t *entry; - dns_fetch_t *fetch; - dns_rdataset_t rdataset; + unsigned int magic; + dns_fetch_t *fetch; + dns_rdataset_t rdataset; }; -/* - * dns_adbnamehook_t - * +/*% * This is a small widget that dangles off a dns_adbname_t. It contains a * pointer to the address information about this host, and a link to the next * namehook that will contain the next address this host has. */ struct dns_adbnamehook { - unsigned int magic; - dns_adbentry_t *entry; - ISC_LINK(dns_adbnamehook_t) plink; + unsigned int magic; + dns_adbentry_t *entry; + ISC_LINK(dns_adbnamehook_t) plink; }; -/* - * dns_adbzoneinfo_t - * - * This is a small widget that holds zone-specific information about an +/*% + * This is a small widget that holds qname-specific information about an * address. Currently limited to lameness, but could just as easily be * extended to other types of information about zones. */ -struct dns_adbzoneinfo { - unsigned int magic; +struct dns_adblameinfo { + unsigned int magic; - dns_name_t zone; - isc_stdtime_t lame_timer; + dns_name_t qname; + dns_rdatatype_t qtype; + isc_stdtime_t lame_timer; - ISC_LINK(dns_adbzoneinfo_t) plink; + ISC_LINK(dns_adblameinfo_t) plink; }; -/* +/*% * An address entry. It holds quite a bit of information about addresses, * including edns state (in "flags"), rtt, and of course the address of * the host. */ struct dns_adbentry { - unsigned int magic; + unsigned int magic; - int lock_bucket; - unsigned int refcnt; + int lock_bucket; + unsigned int refcnt; - unsigned int flags; - unsigned int srtt; - isc_sockaddr_t sockaddr; + unsigned int flags; + unsigned int srtt; + isc_sockaddr_t sockaddr; - isc_stdtime_t expires; - /* + isc_stdtime_t expires; + /*%< * A nonzero 'expires' field indicates that the entry should * persist until that time. This allows entries found * using dns_adb_findaddrinfo() to persist for a limited time @@ -252,8 +253,8 @@ struct dns_adbentry { * name. */ - ISC_LIST(dns_adbzoneinfo_t) zoneinfo; - ISC_LINK(dns_adbentry_t) plink; + ISC_LIST(dns_adblameinfo_t) lameinfo; + ISC_LINK(dns_adbentry_t) plink; }; /* @@ -264,8 +265,9 @@ static inline void free_adbname(dns_adb_t *, dns_adbname_t **); static inline dns_adbnamehook_t *new_adbnamehook(dns_adb_t *, dns_adbentry_t *); static inline void free_adbnamehook(dns_adb_t *, dns_adbnamehook_t **); -static inline dns_adbzoneinfo_t *new_adbzoneinfo(dns_adb_t *, dns_name_t *); -static inline void free_adbzoneinfo(dns_adb_t *, dns_adbzoneinfo_t **); +static inline dns_adblameinfo_t *new_adblameinfo(dns_adb_t *, dns_name_t *, + dns_rdatatype_t); +static inline void free_adblameinfo(dns_adb_t *, dns_adblameinfo_t **); static inline dns_adbentry_t *new_adbentry(dns_adb_t *); static inline void free_adbentry(dns_adb_t *, dns_adbentry_t **); static inline dns_adbfind_t *new_adbfind(dns_adb_t *); @@ -277,7 +279,8 @@ static inline void free_adbfetch(dns_adb_t *, dns_adbfetch_t **); static inline dns_adbname_t *find_name_and_lock(dns_adb_t *, dns_name_t *, unsigned int, int *); static inline dns_adbentry_t *find_entry_and_lock(dns_adb_t *, - isc_sockaddr_t *, int *); + isc_sockaddr_t *, int *, + isc_stdtime_t); static void dump_adb(dns_adb_t *, FILE *, isc_boolean_t debug, isc_stdtime_t); static void print_dns_name(FILE *, dns_name_t *); static void print_namehook_list(FILE *, const char *legend, @@ -298,15 +301,15 @@ static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *); static void clean_target(dns_adb_t *, dns_name_t *); static void clean_finds_at_name(dns_adbname_t *, isc_eventtype_t, unsigned int); -static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t, - isc_boolean_t); +static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t); +static isc_boolean_t check_expire_entry(dns_adb_t *, dns_adbentry_t **, + isc_stdtime_t); static void cancel_fetches_at_name(dns_adbname_t *); static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t, dns_rdatatype_t); static isc_result_t fetch_name(dns_adbname_t *, isc_boolean_t, dns_rdatatype_t); static inline void check_exit(dns_adb_t *); -static void timer_cleanup(isc_task_t *, isc_event_t *); static void destroy(dns_adb_t *); static isc_boolean_t shutdown_names(dns_adb_t *); static isc_boolean_t shutdown_entries(dns_adb_t *); @@ -321,28 +324,34 @@ static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t); /* * MUST NOT overlap DNS_ADBFIND_* flags! */ -#define FIND_EVENT_SENT 0x40000000 -#define FIND_EVENT_FREED 0x80000000 -#define FIND_EVENTSENT(h) (((h)->flags & FIND_EVENT_SENT) != 0) -#define FIND_EVENTFREED(h) (((h)->flags & FIND_EVENT_FREED) != 0) - -#define NAME_NEEDS_POKE 0x80000000 -#define NAME_IS_DEAD 0x40000000 -#define NAME_HINT_OK DNS_ADBFIND_HINTOK -#define NAME_GLUE_OK DNS_ADBFIND_GLUEOK -#define NAME_STARTATZONE DNS_ADBFIND_STARTATZONE -#define NAME_DEAD(n) (((n)->flags & NAME_IS_DEAD) != 0) -#define NAME_NEEDSPOKE(n) (((n)->flags & NAME_NEEDS_POKE) != 0) -#define NAME_GLUEOK(n) (((n)->flags & NAME_GLUE_OK) != 0) -#define NAME_HINTOK(n) (((n)->flags & NAME_HINT_OK) != 0) +#define FIND_EVENT_SENT 0x40000000 +#define FIND_EVENT_FREED 0x80000000 +#define FIND_EVENTSENT(h) (((h)->flags & FIND_EVENT_SENT) != 0) +#define FIND_EVENTFREED(h) (((h)->flags & FIND_EVENT_FREED) != 0) + +#define NAME_NEEDS_POKE 0x80000000 +#define NAME_IS_DEAD 0x40000000 +#define NAME_HINT_OK DNS_ADBFIND_HINTOK +#define NAME_GLUE_OK DNS_ADBFIND_GLUEOK +#define NAME_STARTATZONE DNS_ADBFIND_STARTATZONE +#define NAME_DEAD(n) (((n)->flags & NAME_IS_DEAD) != 0) +#define NAME_NEEDSPOKE(n) (((n)->flags & NAME_NEEDS_POKE) != 0) +#define NAME_GLUEOK(n) (((n)->flags & NAME_GLUE_OK) != 0) +#define NAME_HINTOK(n) (((n)->flags & NAME_HINT_OK) != 0) + +/* + * Private flag(s) for entries. + * MUST NOT overlap FCTX_ADDRINFO_xxx and DNS_FETCHOPT_NOEDNS0. + */ +#define ENTRY_IS_DEAD 0x80000000 /* * To the name, address classes are all that really exist. If it has a * V6 address it doesn't care if it came from a AAAA query. */ -#define NAME_HAS_V4(n) (!ISC_LIST_EMPTY((n)->v4)) -#define NAME_HAS_V6(n) (!ISC_LIST_EMPTY((n)->v6)) -#define NAME_HAS_ADDRS(n) (NAME_HAS_V4(n) || NAME_HAS_V6(n)) +#define NAME_HAS_V4(n) (!ISC_LIST_EMPTY((n)->v4)) +#define NAME_HAS_V6(n) (!ISC_LIST_EMPTY((n)->v6)) +#define NAME_HAS_ADDRS(n) (NAME_HAS_V4(n) || NAME_HAS_V6(n)) /* * Fetches are broken out into A and AAAA types. In some cases, @@ -351,34 +360,34 @@ static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t); * Note: since we have removed the support of A6 in adb, FETCH_A and FETCH_AAAA * are now equal to FETCH_V4 and FETCH_V6, respectively. */ -#define NAME_FETCH_A(n) ((n)->fetch_a != NULL) -#define NAME_FETCH_AAAA(n) ((n)->fetch_aaaa != NULL) -#define NAME_FETCH_V4(n) (NAME_FETCH_A(n)) -#define NAME_FETCH_V6(n) (NAME_FETCH_AAAA(n)) -#define NAME_FETCH(n) (NAME_FETCH_V4(n) || NAME_FETCH_V6(n)) +#define NAME_FETCH_A(n) ((n)->fetch_a != NULL) +#define NAME_FETCH_AAAA(n) ((n)->fetch_aaaa != NULL) +#define NAME_FETCH_V4(n) (NAME_FETCH_A(n)) +#define NAME_FETCH_V6(n) (NAME_FETCH_AAAA(n)) +#define NAME_FETCH(n) (NAME_FETCH_V4(n) || NAME_FETCH_V6(n)) /* * Find options and tests to see if there are addresses on the list. */ -#define FIND_WANTEVENT(fn) (((fn)->options & DNS_ADBFIND_WANTEVENT) != 0) -#define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0) -#define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \ +#define FIND_WANTEVENT(fn) (((fn)->options & DNS_ADBFIND_WANTEVENT) != 0) +#define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0) +#define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \ != 0) -#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) \ +#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) \ != 0) -#define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) -#define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) -#define FIND_HAS_ADDRS(fn) (!ISC_LIST_EMPTY((fn)->list)) -#define FIND_RETURNLAME(fn) (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0) +#define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) +#define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) +#define FIND_HAS_ADDRS(fn) (!ISC_LIST_EMPTY((fn)->list)) +#define FIND_RETURNLAME(fn) (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0) /* * These are currently used on simple unsigned ints, so they are * not really associated with any particular type. */ -#define WANT_INET(x) (((x) & DNS_ADBFIND_INET) != 0) -#define WANT_INET6(x) (((x) & DNS_ADBFIND_INET6) != 0) +#define WANT_INET(x) (((x) & DNS_ADBFIND_INET) != 0) +#define WANT_INET6(x) (((x) & DNS_ADBFIND_INET6) != 0) -#define EXPIRE_OK(exp, now) ((exp == INT_MAX) || (exp < now)) +#define EXPIRE_OK(exp, now) ((exp == INT_MAX) || (exp < now)) /* * Find out if the flags on a name (nf) indicate if it is a hint or @@ -391,19 +400,19 @@ static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t); #define STARTATZONE_MATCHES(nf, o) (((nf)->flags & NAME_STARTATZONE) == \ ((o) & DNS_ADBFIND_STARTATZONE)) -#define ENTER_LEVEL ISC_LOG_DEBUG(50) -#define EXIT_LEVEL ENTER_LEVEL -#define CLEAN_LEVEL ISC_LOG_DEBUG(100) -#define DEF_LEVEL ISC_LOG_DEBUG(5) -#define NCACHE_LEVEL ISC_LOG_DEBUG(20) +#define ENTER_LEVEL ISC_LOG_DEBUG(50) +#define EXIT_LEVEL ENTER_LEVEL +#define CLEAN_LEVEL ISC_LOG_DEBUG(100) +#define DEF_LEVEL ISC_LOG_DEBUG(5) +#define NCACHE_LEVEL ISC_LOG_DEBUG(20) -#define NCACHE_RESULT(r) ((r) == DNS_R_NCACHENXDOMAIN || \ +#define NCACHE_RESULT(r) ((r) == DNS_R_NCACHENXDOMAIN || \ (r) == DNS_R_NCACHENXRRSET) -#define AUTH_NX(r) ((r) == DNS_R_NXDOMAIN || \ +#define AUTH_NX(r) ((r) == DNS_R_NXDOMAIN || \ (r) == DNS_R_NXRRSET) -#define NXDOMAIN_RESULT(r) ((r) == DNS_R_NXDOMAIN || \ +#define NXDOMAIN_RESULT(r) ((r) == DNS_R_NXDOMAIN || \ (r) == DNS_R_NCACHENXDOMAIN) -#define NXRRSET_RESULT(r) ((r) == DNS_R_NCACHENXRRSET || \ +#define NXRRSET_RESULT(r) ((r) == DNS_R_NCACHENXRRSET || \ (r) == DNS_R_NXRRSET || \ (r) == DNS_R_HINTNXRRSET) @@ -411,14 +420,14 @@ static void dump_entry(FILE *, dns_adbentry_t *, isc_boolean_t, isc_stdtime_t); * Error state rankings. */ -#define FIND_ERR_SUCCESS 0 /* highest rank */ -#define FIND_ERR_CANCELED 1 -#define FIND_ERR_FAILURE 2 -#define FIND_ERR_NXDOMAIN 3 -#define FIND_ERR_NXRRSET 4 -#define FIND_ERR_UNEXPECTED 5 -#define FIND_ERR_NOTFOUND 6 -#define FIND_ERR_MAX 7 +#define FIND_ERR_SUCCESS 0 /* highest rank */ +#define FIND_ERR_CANCELED 1 +#define FIND_ERR_FAILURE 2 +#define FIND_ERR_NXDOMAIN 3 +#define FIND_ERR_NXRRSET 4 +#define FIND_ERR_UNEXPECTED 5 +#define FIND_ERR_NOTFOUND 6 +#define FIND_ERR_MAX 7 static const char *errnames[] = { "success", @@ -430,7 +439,7 @@ static const char *errnames[] = { "not_found" }; -#define NEWERR(old, new) (ISC_MIN((old), (new))) +#define NEWERR(old, new) (ISC_MIN((old), (new))) static isc_result_t find_err_map[FIND_ERR_MAX] = { ISC_R_SUCCESS, @@ -439,7 +448,7 @@ static isc_result_t find_err_map[FIND_ERR_MAX] = { DNS_R_NXDOMAIN, DNS_R_NXRRSET, ISC_R_UNEXPECTED, - ISC_R_NOTFOUND /* not YET found */ + ISC_R_NOTFOUND /* not YET found */ }; static void @@ -456,6 +465,15 @@ DP(int level, const char *format, ...) { va_end(args); } +/*% + * Increment resolver-related statistics counters. + */ +static inline void +inc_stats(dns_adb_t *adb, isc_statscounter_t counter) { + if (adb->view->resstats != NULL) + isc_stats_increment(adb->view->resstats, counter); +} + static inline dns_ttl_t ttlclamp(dns_ttl_t ttl) { if (ttl < ADB_CACHE_MINIMUM) @@ -488,6 +506,7 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, isc_boolean_t new_addresses_added; dns_rdatatype_t rdtype; unsigned int findoptions; + dns_adbnamehooklist_t *hookhead; INSIST(DNS_ADBNAME_VALID(adbname)); adb = adbname->adb; @@ -512,10 +531,12 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, INSIST(rdata.length == 4); memcpy(&ina.s_addr, rdata.data, 4); isc_sockaddr_fromin(&sockaddr, &ina, 0); + hookhead = &adbname->v4; } else { INSIST(rdata.length == 16); memcpy(in6a.s6_addr, rdata.data, 16); isc_sockaddr_fromin6(&sockaddr, &in6a, 0); + hookhead = &adbname->v6; } INSIST(nh == NULL); @@ -526,7 +547,8 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, goto fail; } - foundentry = find_entry_and_lock(adb, &sockaddr, &addr_bucket); + foundentry = find_entry_and_lock(adb, &sockaddr, &addr_bucket, + now); if (foundentry == NULL) { dns_adbentry_t *entry; @@ -544,7 +566,7 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, link_entry(adb, addr_bucket, entry); } else { - for (anh = ISC_LIST_HEAD(adbname->v4); + for (anh = ISC_LIST_HEAD(*hookhead); anh != NULL; anh = ISC_LIST_NEXT(anh, plink)) if (anh->entry == foundentry) @@ -557,12 +579,8 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, } new_addresses_added = ISC_TRUE; - if (nh != NULL) { - if (rdtype == dns_rdatatype_a) - ISC_LIST_APPEND(adbname->v4, nh, plink); - else - ISC_LIST_APPEND(adbname->v6, nh, plink); - } + if (nh != NULL) + ISC_LIST_APPEND(*hookhead, nh, plink); nh = NULL; result = dns_rdataset_next(rdataset); } @@ -611,6 +629,7 @@ kill_name(dns_adbname_t **n, isc_eventtype_t ev) { dns_adbname_t *name; isc_boolean_t result = ISC_FALSE; isc_boolean_t result4, result6; + int bucket; dns_adb_t *adb; INSIST(n != NULL); @@ -655,8 +674,13 @@ kill_name(dns_adbname_t **n, isc_eventtype_t ev) { if (result) result = dec_adb_irefcnt(adb); } else { - name->flags |= NAME_IS_DEAD; cancel_fetches_at_name(name); + if (!NAME_DEAD(name)) { + bucket = name->lock_bucket; + ISC_LIST_UNLINK(adb->names[bucket], name, plink); + ISC_LIST_APPEND(adb->deadnames[bucket], name, plink); + name->flags |= NAME_IS_DEAD; + } } return (result); } @@ -665,11 +689,8 @@ kill_name(dns_adbname_t **n, isc_eventtype_t ev) { * Requires the name's bucket be locked and no entry buckets be locked. */ static isc_boolean_t -check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now, - isc_boolean_t overmem) -{ +check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now) { dns_adb_t *adb; - isc_boolean_t expire; isc_boolean_t result4 = ISC_FALSE; isc_boolean_t result6 = ISC_FALSE; @@ -677,20 +698,10 @@ check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now, adb = name->adb; INSIST(DNS_ADB_VALID(adb)); - if (overmem) { - isc_uint32_t val; - - isc_random_get(&val); - - expire = ISC_TF((val % 4) == 0); - } else - expire = ISC_FALSE; - /* * Check to see if we need to remove the v4 addresses */ - if (!NAME_FETCH_V4(name) && - (expire || EXPIRE_OK(name->expire_v4, now))) { + if (!NAME_FETCH_V4(name) && EXPIRE_OK(name->expire_v4, now)) { if (NAME_HAS_V4(name)) { DP(DEF_LEVEL, "expiring v4 for name %p", name); result4 = clean_namehooks(adb, &name->v4); @@ -703,8 +714,7 @@ check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now, /* * Check to see if we need to remove the v6 addresses */ - if (!NAME_FETCH_V6(name) && - (expire || EXPIRE_OK(name->expire_v6, now))) { + if (!NAME_FETCH_V6(name) && EXPIRE_OK(name->expire_v6, now)) { if (NAME_HAS_V6(name)) { DP(DEF_LEVEL, "expiring v6 for name %p", name); result6 = clean_namehooks(adb, &name->v6); @@ -717,7 +727,7 @@ check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now, /* * Check to see if we need to remove the alias target. */ - if (expire || EXPIRE_OK(name->expire_target, now)) { + if (EXPIRE_OK(name->expire_target, now)) { clean_target(adb, &name->target); name->expire_target = INT_MAX; } @@ -747,7 +757,10 @@ unlink_name(dns_adb_t *adb, dns_adbname_t *name) { bucket = name->lock_bucket; INSIST(bucket != DNS_ADB_INVALIDBUCKET); - ISC_LIST_UNLINK(adb->names[bucket], name, plink); + if (NAME_DEAD(name)) + ISC_LIST_UNLINK(adb->deadnames[bucket], name, plink); + else + ISC_LIST_UNLINK(adb->names[bucket], name, plink); name->lock_bucket = DNS_ADB_INVALIDBUCKET; INSIST(adb->name_refcnt[bucket] > 0); adb->name_refcnt[bucket]--; @@ -761,6 +774,26 @@ unlink_name(dns_adb_t *adb, dns_adbname_t *name) { */ static inline void link_entry(dns_adb_t *adb, int bucket, dns_adbentry_t *entry) { + int i; + dns_adbentry_t *e; + + if (adb->overmem) { + for (i = 0; i < 2; i++) { + e = ISC_LIST_TAIL(adb->entries[bucket]); + if (e == NULL) + break; + if (e->refcnt == 0) { + unlink_entry(adb, e); + free_adbentry(adb, &e); + continue; + } + INSIST((e->flags & ENTRY_IS_DEAD) == 0); + e->flags |= ENTRY_IS_DEAD; + ISC_LIST_UNLINK(adb->entries[bucket], e, plink); + ISC_LIST_PREPEND(adb->deadentries[bucket], e, plink); + } + } + ISC_LIST_PREPEND(adb->entries[bucket], entry, plink); entry->lock_bucket = bucket; adb->entry_refcnt[bucket]++; @@ -777,7 +810,10 @@ unlink_entry(dns_adb_t *adb, dns_adbentry_t *entry) { bucket = entry->lock_bucket; INSIST(bucket != DNS_ADB_INVALIDBUCKET); - ISC_LIST_UNLINK(adb->entries[bucket], entry, plink); + if ((entry->flags & ENTRY_IS_DEAD) != 0) + ISC_LIST_UNLINK(adb->deadentries[bucket], entry, plink); + else + ISC_LIST_UNLINK(adb->entries[bucket], entry, plink); entry->lock_bucket = DNS_ADB_INVALIDBUCKET; INSIST(adb->entry_refcnt[bucket] > 0); adb->entry_refcnt[bucket]--; @@ -856,7 +892,7 @@ shutdown_entries(dns_adb_t *adb) { adb->entry_sd[bucket] = ISC_TRUE; entry = ISC_LIST_HEAD(adb->entries[bucket]); - if (entry == NULL) { + if (adb->entry_refcnt[bucket] == 0) { /* * This bucket has no entries. We must decrement the * irefcnt ourselves, since it will not be @@ -1134,7 +1170,7 @@ check_exit(dns_adb_t *adb) { * If there aren't any external references either, we're * done. Send the control event to initiate shutdown. */ - INSIST(!adb->cevent_sent); /* Sanity check. */ + INSIST(!adb->cevent_sent); /* Sanity check. */ event = &adb->cevent; isc_task_send(adb->task, &event); adb->cevent_sent = ISC_TRUE; @@ -1214,7 +1250,8 @@ dec_entry_refcnt(dns_adb_t *adb, dns_adbentry_t *entry, isc_boolean_t lock) { destroy_entry = ISC_FALSE; if (entry->refcnt == 0 && - (adb->entry_sd[bucket] || entry->expires == 0)) { + (adb->entry_sd[bucket] || entry->expires == 0 || adb->overmem || + (entry->flags & ENTRY_IS_DEAD) != 0)) { destroy_entry = ISC_TRUE; result = unlink_entry(adb, entry); } @@ -1229,7 +1266,7 @@ dec_entry_refcnt(dns_adb_t *adb, dns_adbentry_t *entry, isc_boolean_t lock) { free_adbentry(adb, &entry); if (result) - result =dec_adb_irefcnt(adb); + result = dec_adb_irefcnt(adb); return (result); } @@ -1321,42 +1358,42 @@ free_adbnamehook(dns_adb_t *adb, dns_adbnamehook_t **namehook) { isc_mempool_put(adb->nhmp, nh); } -static inline dns_adbzoneinfo_t * -new_adbzoneinfo(dns_adb_t *adb, dns_name_t *zone) { - dns_adbzoneinfo_t *zi; +static inline dns_adblameinfo_t * +new_adblameinfo(dns_adb_t *adb, dns_name_t *qname, dns_rdatatype_t qtype) { + dns_adblameinfo_t *li; - zi = isc_mempool_get(adb->zimp); - if (zi == NULL) + li = isc_mempool_get(adb->limp); + if (li == NULL) return (NULL); - dns_name_init(&zi->zone, NULL); - if (dns_name_dup(zone, adb->mctx, &zi->zone) != ISC_R_SUCCESS) { - isc_mempool_put(adb->zimp, zi); + dns_name_init(&li->qname, NULL); + if (dns_name_dup(qname, adb->mctx, &li->qname) != ISC_R_SUCCESS) { + isc_mempool_put(adb->limp, li); return (NULL); } + li->magic = DNS_ADBLAMEINFO_MAGIC; + li->lame_timer = 0; + li->qtype = qtype; + ISC_LINK_INIT(li, plink); - zi->magic = DNS_ADBZONEINFO_MAGIC; - zi->lame_timer = 0; - ISC_LINK_INIT(zi, plink); - - return (zi); + return (li); } static inline void -free_adbzoneinfo(dns_adb_t *adb, dns_adbzoneinfo_t **zoneinfo) { - dns_adbzoneinfo_t *zi; +free_adblameinfo(dns_adb_t *adb, dns_adblameinfo_t **lameinfo) { + dns_adblameinfo_t *li; - INSIST(zoneinfo != NULL && DNS_ADBZONEINFO_VALID(*zoneinfo)); - zi = *zoneinfo; - *zoneinfo = NULL; + INSIST(lameinfo != NULL && DNS_ADBLAMEINFO_VALID(*lameinfo)); + li = *lameinfo; + *lameinfo = NULL; - INSIST(!ISC_LINK_LINKED(zi, plink)); + INSIST(!ISC_LINK_LINKED(li, plink)); - dns_name_free(&zi->zone, adb->mctx); + dns_name_free(&li->qname, adb->mctx); - zi->magic = 0; + li->magic = 0; - isc_mempool_put(adb->zimp, zi); + isc_mempool_put(adb->limp, li); } static inline dns_adbentry_t * @@ -1375,7 +1412,7 @@ new_adbentry(dns_adb_t *adb) { isc_random_get(&r); e->srtt = (r & 0x1f) + 1; e->expires = 0; - ISC_LIST_INIT(e->zoneinfo); + ISC_LIST_INIT(e->lameinfo); ISC_LINK_INIT(e, plink); return (e); @@ -1384,7 +1421,7 @@ new_adbentry(dns_adb_t *adb) { static inline void free_adbentry(dns_adb_t *adb, dns_adbentry_t **entry) { dns_adbentry_t *e; - dns_adbzoneinfo_t *zi; + dns_adblameinfo_t *li; INSIST(entry != NULL && DNS_ADBENTRY_VALID(*entry)); e = *entry; @@ -1396,11 +1433,11 @@ free_adbentry(dns_adb_t *adb, dns_adbentry_t **entry) { e->magic = 0; - zi = ISC_LIST_HEAD(e->zoneinfo); - while (zi != NULL) { - ISC_LIST_UNLINK(e->zoneinfo, zi, plink); - free_adbzoneinfo(adb, &zi); - zi = ISC_LIST_HEAD(e->zoneinfo); + li = ISC_LIST_HEAD(e->lameinfo); + while (li != NULL) { + ISC_LIST_UNLINK(e->lameinfo, li, plink); + free_adblameinfo(adb, &li); + li = ISC_LIST_HEAD(e->lameinfo); } isc_mempool_put(adb->emp, e); @@ -1436,8 +1473,6 @@ new_adbfind(dns_adb_t *adb) { */ result = isc_mutex_init(&h->lock); if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init failed in new_adbfind()"); isc_mempool_put(adb->ahmp, h); return (NULL); } @@ -1459,31 +1494,13 @@ new_adbfetch(dns_adb_t *adb) { return (NULL); f->magic = 0; - f->namehook = NULL; - f->entry = NULL; f->fetch = NULL; - f->namehook = new_adbnamehook(adb, NULL); - if (f->namehook == NULL) - goto err; - - f->entry = new_adbentry(adb); - if (f->entry == NULL) - goto err; - dns_rdataset_init(&f->rdataset); f->magic = DNS_ADBFETCH_MAGIC; return (f); - - err: - if (f->namehook != NULL) - free_adbnamehook(adb, &f->namehook); - if (f->entry != NULL) - free_adbentry(adb, &f->entry); - isc_mempool_put(adb->afmp, f); - return (NULL); } static inline void @@ -1496,11 +1513,6 @@ free_adbfetch(dns_adb_t *adb, dns_adbfetch_t **fetch) { f->magic = 0; - if (f->namehook != NULL) - free_adbnamehook(adb, &f->namehook); - if (f->entry != NULL) - free_adbentry(adb, &f->entry); - if (dns_rdataset_isassociated(&f->rdataset)) dns_rdataset_disassociate(&f->rdataset); @@ -1618,8 +1630,10 @@ find_name_and_lock(dns_adb_t *adb, dns_name_t *name, * the bucket changes. */ static inline dns_adbentry_t * -find_entry_and_lock(dns_adb_t *adb, isc_sockaddr_t *addr, int *bucketp) { - dns_adbentry_t *entry; +find_entry_and_lock(dns_adb_t *adb, isc_sockaddr_t *addr, int *bucketp, + isc_stdtime_t now) +{ + dns_adbentry_t *entry, *entry_next; int bucket; bucket = isc_sockaddr_hash(addr, ISC_TRUE) % NBUCKETS; @@ -1633,11 +1647,18 @@ find_entry_and_lock(dns_adb_t *adb, isc_sockaddr_t *addr, int *bucketp) { *bucketp = bucket; } - entry = ISC_LIST_HEAD(adb->entries[bucket]); - while (entry != NULL) { - if (isc_sockaddr_equal(addr, &entry->sockaddr)) + /* Search the list, while cleaning up expired entries. */ + for (entry = ISC_LIST_HEAD(adb->entries[bucket]); + entry != NULL; + entry = entry_next) { + entry_next = ISC_LIST_NEXT(entry, plink); + (void)check_expire_entry(adb, &entry, now); + if (entry != NULL && + isc_sockaddr_equal(addr, &entry->sockaddr)) { + ISC_LIST_UNLINK(adb->entries[bucket], entry, plink); + ISC_LIST_PREPEND(adb->entries[bucket], entry, plink); return (entry); - entry = ISC_LIST_NEXT(entry, plink); + } } return (NULL); @@ -1647,45 +1668,48 @@ find_entry_and_lock(dns_adb_t *adb, isc_sockaddr_t *addr, int *bucketp) { * Entry bucket MUST be locked! */ static isc_boolean_t -entry_is_bad_for_zone(dns_adb_t *adb, dns_adbentry_t *entry, dns_name_t *zone, - isc_stdtime_t now) +entry_is_lame(dns_adb_t *adb, dns_adbentry_t *entry, dns_name_t *qname, + dns_rdatatype_t qtype, isc_stdtime_t now) { - dns_adbzoneinfo_t *zi, *next_zi; + dns_adblameinfo_t *li, *next_li; isc_boolean_t is_bad; is_bad = ISC_FALSE; - zi = ISC_LIST_HEAD(entry->zoneinfo); - if (zi == NULL) + li = ISC_LIST_HEAD(entry->lameinfo); + if (li == NULL) return (ISC_FALSE); - while (zi != NULL) { - next_zi = ISC_LIST_NEXT(zi, plink); + while (li != NULL) { + next_li = ISC_LIST_NEXT(li, plink); /* * Has the entry expired? */ - if (zi->lame_timer < now) { - ISC_LIST_UNLINK(entry->zoneinfo, zi, plink); - free_adbzoneinfo(adb, &zi); + if (li->lame_timer < now) { + ISC_LIST_UNLINK(entry->lameinfo, li, plink); + free_adblameinfo(adb, &li); } /* * Order tests from least to most expensive. + * + * We do not break out of the main loop here as + * we use the loop for house keeping. */ - if (zi != NULL && !is_bad) { - if (dns_name_equal(zone, &zi->zone)) - is_bad = ISC_TRUE; - } + if (li != NULL && !is_bad && li->qtype == qtype && + dns_name_equal(qname, &li->qname)) + is_bad = ISC_TRUE; - zi = next_zi; + li = next_li; } return (is_bad); } static void -copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *zone, - dns_adbname_t *name, isc_stdtime_t now) +copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *qname, + dns_rdatatype_t qtype, dns_adbname_t *name, + isc_stdtime_t now) { dns_adbnamehook_t *namehook; dns_adbaddrinfo_t *addrinfo; @@ -1702,7 +1726,7 @@ copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *zone, LOCK(&adb->entrylocks[bucket]); if (!FIND_RETURNLAME(find) - && entry_is_bad_for_zone(adb, entry, zone, now)) { + && entry_is_lame(adb, entry, qname, qtype, now)) { find->options |= DNS_ADBFIND_LAMEPRUNED; goto nextv4; } @@ -1731,8 +1755,11 @@ copy_namehook_lists(dns_adb_t *adb, dns_adbfind_t *find, dns_name_t *zone, bucket = entry->lock_bucket; LOCK(&adb->entrylocks[bucket]); - if (entry_is_bad_for_zone(adb, entry, zone, now)) + if (!FIND_RETURNLAME(find) + && entry_is_lame(adb, entry, qname, qtype, now)) { + find->options |= DNS_ADBFIND_LAMEPRUNED; goto nextv6; + } addrinfo = new_adbaddrinfo(adb, entry, find->port); if (addrinfo == NULL) { find->partial_result |= DNS_ADBFIND_INET6; @@ -1765,16 +1792,12 @@ shutdown_task(isc_task_t *task, isc_event_t *ev) { adb = ev->ev_arg; INSIST(DNS_ADB_VALID(adb)); + isc_event_free(&ev); /* - * Kill the timer, and then the ADB itself. Note that this implies - * that this task was the one scheduled to get timer events. If - * this is not true (and it is unfortunate there is no way to INSIST() - * this) badness will occur. + * Wait for lock around check_exit() call to be released. */ LOCK(&adb->lock); - isc_timer_detach(&adb->timer); UNLOCK(&adb->lock); - isc_event_free(&ev); destroy(adb); } @@ -1813,6 +1836,62 @@ check_expire_name(dns_adbname_t **namep, isc_stdtime_t now) { return (result); } +/*% + * Examine the tail entry of the LRU list to see if it expires or is stale + * (unused for some period); if so, the name entry will be freed. If the ADB + * is in the overmem condition, the tail and the next to tail entries + * will be unconditionally removed (unless they have an outstanding fetch). + * We don't care about a race on 'overmem' at the risk of causing some + * collateral damage or a small delay in starting cleanup, so we don't bother + * to lock ADB (if it's not locked). + * + * Name bucket must be locked; adb may be locked; no other locks held. + */ +static void +check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) { + int victims, max_victims; + isc_boolean_t result; + dns_adbname_t *victim, *next_victim; + isc_boolean_t overmem = adb->overmem; + int scans = 0; + + INSIST(bucket != DNS_ADB_INVALIDBUCKET); + + max_victims = overmem ? 2 : 1; + + /* + * We limit the number of scanned entries to 10 (arbitrary choice) + * in order to avoid examining too many entries when there are many + * tail entries that have fetches (this should be rare, but could + * happen). + */ + victim = ISC_LIST_TAIL(adb->names[bucket]); + for (victims = 0; + victim != NULL && victims < max_victims && scans < 10; + victim = next_victim) { + INSIST(!NAME_DEAD(victim)); + scans++; + next_victim = ISC_LIST_PREV(victim, plink); + result = check_expire_name(&victim, now); + if (victim == NULL) { + victims++; + goto next; + } + + if (!NAME_FETCH(victim) && + (overmem || victim->last_used + ADB_STALE_MARGIN <= now)) { + RUNTIME_CHECK(kill_name(&victim, + DNS_EVENT_ADBCANCELED) == + ISC_FALSE); + victims++; + } + + next: + if (!overmem) + break; + } +} + /* * Entry bucket must be locked; adb may be locked; no other locks held. */ @@ -1820,7 +1899,6 @@ static isc_boolean_t check_expire_entry(dns_adb_t *adb, dns_adbentry_t **entryp, isc_stdtime_t now) { dns_adbentry_t *entry; - isc_boolean_t expire; isc_boolean_t result = ISC_FALSE; INSIST(entryp != NULL && DNS_ADBENTRY_VALID(*entryp)); @@ -1829,16 +1907,7 @@ check_expire_entry(dns_adb_t *adb, dns_adbentry_t **entryp, isc_stdtime_t now) if (entry->refcnt != 0) return (result); - if (adb->overmem) { - isc_uint32_t val; - - isc_random_get(&val); - - expire = ISC_TF((val % 4) == 0); - } else - expire = ISC_FALSE; - - if (entry->expires == 0 || (! expire && entry->expires > now)) + if (entry->expires == 0 || entry->expires > now) return (result); /* @@ -1875,7 +1944,7 @@ cleanup_names(dns_adb_t *adb, int bucket, isc_stdtime_t now) { while (name != NULL) { next_name = ISC_LIST_NEXT(name, plink); INSIST(result == ISC_FALSE); - result = check_expire_namehooks(name, now, adb->overmem); + result = check_expire_namehooks(name, now); if (!result) result = check_expire_name(&name, now); name = next_name; @@ -1906,72 +1975,15 @@ cleanup_entries(dns_adb_t *adb, int bucket, isc_stdtime_t now) { return (result); } -static void -timer_cleanup(isc_task_t *task, isc_event_t *ev) { - dns_adb_t *adb; - isc_stdtime_t now; - unsigned int i; - isc_interval_t interval; - - UNUSED(task); - - adb = ev->ev_arg; - INSIST(DNS_ADB_VALID(adb)); - - LOCK(&adb->lock); - - isc_stdtime_get(&now); - - for (i = 0; i < CLEAN_BUCKETS; i++) { - /* - * Call our cleanup routines. - */ - RUNTIME_CHECK(cleanup_names(adb, adb->next_cleanbucket, now) == - ISC_FALSE); - RUNTIME_CHECK(cleanup_entries(adb, adb->next_cleanbucket, now) - == ISC_FALSE); - - /* - * Set the next bucket to be cleaned. - */ - adb->next_cleanbucket++; - if (adb->next_cleanbucket >= NBUCKETS) { - adb->next_cleanbucket = 0; -#ifdef DUMP_ADB_AFTER_CLEANING - dump_adb(adb, stdout, ISC_TRUE, now); -#endif - } - } - - /* - * Reset the timer. - * XXXDCL isc_timer_reset might return ISC_R_UNEXPECTED or - * ISC_R_NOMEMORY, but it isn't clear what could be done here - * if either one of those things happened. - */ - interval = adb->tick_interval; - if (adb->overmem) - isc_interval_set(&interval, 0, 1); - (void)isc_timer_reset(adb->timer, isc_timertype_once, NULL, - &interval, ISC_FALSE); - - UNLOCK(&adb->lock); - - isc_event_free(&ev); -} - static void destroy(dns_adb_t *adb) { adb->magic = 0; - /* - * The timer is already dead, from the task's shutdown callback. - */ isc_task_detach(&adb->task); isc_mempool_destroy(&adb->nmp); isc_mempool_destroy(&adb->nhmp); - isc_mempool_destroy(&adb->zimp); + isc_mempool_destroy(&adb->limp); isc_mempool_destroy(&adb->emp); isc_mempool_destroy(&adb->ahmp); isc_mempool_destroy(&adb->aimp); @@ -1983,6 +1995,7 @@ destroy(dns_adb_t *adb) { DESTROYLOCK(&adb->reflock); DESTROYLOCK(&adb->lock); DESTROYLOCK(&adb->mplock); + DESTROYLOCK(&adb->overmemlock); isc_mem_putanddetach(&adb->mctx, adb, sizeof(dns_adb_t)); } @@ -2002,10 +2015,12 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, REQUIRE(mem != NULL); REQUIRE(view != NULL); - REQUIRE(timermgr != NULL); + REQUIRE(timermgr != NULL); /* this is actually unused */ REQUIRE(taskmgr != NULL); REQUIRE(newadb != NULL && *newadb == NULL); + UNUSED(timermgr); + adb = isc_mem_get(mem, sizeof(dns_adb_t)); if (adb == NULL) return (ISC_R_NOMEMORY); @@ -2019,16 +2034,14 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, adb->irefcnt = 0; adb->nmp = NULL; adb->nhmp = NULL; - adb->zimp = NULL; + adb->limp = NULL; adb->emp = NULL; adb->ahmp = NULL; adb->aimp = NULL; adb->afmp = NULL; adb->task = NULL; - adb->timer = NULL; adb->mctx = NULL; adb->view = view; - adb->timermgr = timermgr; adb->taskmgr = taskmgr; adb->next_cleanbucket = 0; ISC_EVENT_INIT(&adb->cevent, sizeof(adb->cevent), 0, NULL, @@ -2053,6 +2066,10 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, if (result != ISC_R_SUCCESS) goto fail0d; + result = isc_mutex_init(&adb->overmemlock); + if (result != ISC_R_SUCCESS) + goto fail0e; + /* * Initialize the bucket locks for names and elements. * May as well initialize the list heads, too. @@ -2062,12 +2079,14 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, goto fail1; for (i = 0; i < NBUCKETS; i++) { ISC_LIST_INIT(adb->names[i]); + ISC_LIST_INIT(adb->deadnames[i]); adb->name_sd[i] = ISC_FALSE; adb->name_refcnt[i] = 0; adb->irefcnt++; } for (i = 0; i < NBUCKETS; i++) { ISC_LIST_INIT(adb->entries[i]); + ISC_LIST_INIT(adb->deadentries[i]); adb->entry_sd[i] = ISC_FALSE; adb->entry_refcnt[i] = 0; adb->irefcnt++; @@ -2091,7 +2110,7 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, MPINIT(dns_adbname_t, adb->nmp, "adbname"); MPINIT(dns_adbnamehook_t, adb->nhmp, "adbnamehook"); - MPINIT(dns_adbzoneinfo_t, adb->zimp, "adbzoneinfo"); + MPINIT(dns_adblameinfo_t, adb->limp, "adblameinfo"); MPINIT(dns_adbentry_t, adb->emp, "adbentry"); MPINIT(dns_adbfind_t, adb->ahmp, "adbfind"); MPINIT(dns_adbaddrinfo_t, adb->aimp, "adbaddrinfo"); @@ -2100,25 +2119,12 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, #undef MPINIT /* - * Allocate a timer and a task for our periodic cleanup. + * Allocate an internal task. */ result = isc_task_create(adb->taskmgr, 0, &adb->task); if (result != ISC_R_SUCCESS) goto fail3; isc_task_setname(adb->task, "ADB", adb); - /* - * XXXMLG When this is changed to be a config file option, - */ - isc_interval_set(&adb->tick_interval, CLEAN_SECONDS, 0); - result = isc_timer_create(adb->timermgr, isc_timertype_once, - NULL, &adb->tick_interval, adb->task, - timer_cleanup, adb, &adb->timer); - if (result != ISC_R_SUCCESS) - goto fail3; - - DP(ISC_LOG_DEBUG(5), "cleaning interval for adb: " - "%u buckets every %u seconds, %u buckets in system, %u cl.interval", - CLEAN_BUCKETS, CLEAN_SECONDS, NBUCKETS, CLEAN_PERIOD); /* * Normal return. @@ -2130,8 +2136,6 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, fail3: if (adb->task != NULL) isc_task_detach(&adb->task); - if (adb->timer != NULL) - isc_timer_detach(&adb->timer); /* clean up entrylocks */ DESTROYMUTEXBLOCK(adb->entrylocks, NBUCKETS); @@ -2144,8 +2148,8 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, isc_mempool_destroy(&adb->nmp); if (adb->nhmp != NULL) isc_mempool_destroy(&adb->nhmp); - if (adb->zimp != NULL) - isc_mempool_destroy(&adb->zimp); + if (adb->limp != NULL) + isc_mempool_destroy(&adb->limp); if (adb->emp != NULL) isc_mempool_destroy(&adb->emp); if (adb->ahmp != NULL) @@ -2155,6 +2159,8 @@ dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *timermgr, if (adb->afmp != NULL) isc_mempool_destroy(&adb->afmp); + DESTROYLOCK(&adb->overmemlock); + fail0e: DESTROYLOCK(&adb->reflock); fail0d: DESTROYLOCK(&adb->mplock); @@ -2265,8 +2271,9 @@ dns_adb_shutdown(dns_adb_t *adb) { isc_result_t dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, - void *arg, dns_name_t *name, dns_name_t *zone, - unsigned int options, isc_stdtime_t now, dns_name_t *target, + void *arg, dns_name_t *name, dns_name_t *qname, + dns_rdatatype_t qtype, unsigned int options, + isc_stdtime_t now, dns_name_t *target, in_port_t port, dns_adbfind_t **findp) { dns_adbfind_t *find; @@ -2283,7 +2290,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, REQUIRE(action != NULL); } REQUIRE(name != NULL); - REQUIRE(zone != NULL); + REQUIRE(qname != NULL); REQUIRE(findp != NULL && *findp == NULL); REQUIRE(target == NULL || dns_name_hasbuffer(target)); @@ -2307,18 +2314,18 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * * Possibilities: Note that these are not always exclusive. * - * No name found. In this case, allocate a new name header and - * an initial namehook or two. If any of these allocations - * fail, clean up and return ISC_R_NOMEMORY. + * No name found. In this case, allocate a new name header and + * an initial namehook or two. If any of these allocations + * fail, clean up and return ISC_R_NOMEMORY. * - * Name found, valid addresses present. Allocate one addrinfo - * structure for each found and append it to the linked list - * of addresses for this header. + * Name found, valid addresses present. Allocate one addrinfo + * structure for each found and append it to the linked list + * of addresses for this header. * - * Name found, queries pending. In this case, if a task was - * passed in, allocate a job id, attach it to the name's job - * list and remember to tell the caller that there will be - * more info coming later. + * Name found, queries pending. In this case, if a task was + * passed in, allocate a job id, attach it to the name's job + * list and remember to tell the caller that there will be + * more info coming later. */ find = new_adbfind(adb); @@ -2353,6 +2360,12 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * Nothing found. Allocate a new adbname structure for this name. */ if (adbname == NULL) { + /* + * See if there is any stale name at the end of list, and purge + * it if so. + */ + check_stale_name(adb, bucket, now); + adbname = new_adbname(adb, name); if (adbname == NULL) { RUNTIME_CHECK(free_adbfind(adb, &find) == ISC_FALSE); @@ -2366,13 +2379,17 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, adbname->flags |= NAME_GLUE_OK; if (FIND_STARTATZONE(find)) adbname->flags |= NAME_STARTATZONE; + } else { + /* Move this name forward in the LRU list */ + ISC_LIST_UNLINK(adb->names[bucket], adbname, plink); + ISC_LIST_PREPEND(adb->names[bucket], adbname, plink); } + adbname->last_used = now; /* * Expire old entries, etc. */ - RUNTIME_CHECK(check_expire_namehooks(adbname, now, adb->overmem) == - ISC_FALSE); + RUNTIME_CHECK(check_expire_namehooks(adbname, now) == ISC_FALSE); /* * Do we know that the name is an alias? @@ -2511,7 +2528,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * Run through the name and copy out the bits we are * interested in. */ - copy_namehook_lists(adb, find, zone, adbname, now); + copy_namehook_lists(adb, find, qname, qtype, adbname, now); post_copy: if (NAME_FETCH_V4(adbname)) @@ -2826,8 +2843,9 @@ dump_entry(FILE *f, dns_adbentry_t *entry, isc_boolean_t debug, isc_stdtime_t now) { char addrbuf[ISC_NETADDR_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; isc_netaddr_t netaddr; - dns_adbzoneinfo_t *zi; + dns_adblameinfo_t *li; isc_netaddr_fromsockaddr(&netaddr, &entry->sockaddr); isc_netaddr_format(&netaddr, addrbuf, sizeof(addrbuf)); @@ -2840,12 +2858,14 @@ dump_entry(FILE *f, dns_adbentry_t *entry, isc_boolean_t debug, if (entry->expires != 0) fprintf(f, " [ttl %d]", entry->expires - now); fprintf(f, "\n"); - for (zi = ISC_LIST_HEAD(entry->zoneinfo); - zi != NULL; - zi = ISC_LIST_NEXT(zi, plink)) { + for (li = ISC_LIST_HEAD(entry->lameinfo); + li != NULL; + li = ISC_LIST_NEXT(li, plink)) { fprintf(f, ";\t\t"); - print_dns_name(f, &zi->zone); - fprintf(f, " [lame TTL %d]\n", zi->lame_timer - now); + print_dns_name(f, &li->qname); + dns_rdatatype_format(li->qtype, typebuf, sizeof(typebuf)); + fprintf(f, " %s [lame TTL %d]\n", typebuf, + li->lame_timer - now); } } @@ -2929,8 +2949,8 @@ print_namehook_list(FILE *f, const char *legend, dns_adbnamehooklist_t *list, static inline void print_fetch(FILE *f, dns_adbfetch_t *ft, const char *type) { - fprintf(f, "\t\tFetch(%s): %p -> { nh %p, entry %p, fetch %p }\n", - type, ft, ft->namehook, ft->entry, ft->fetch); + fprintf(f, "\t\tFetch(%s): %p -> { fetch %p }\n", + type, ft, ft->fetch); } static void @@ -2967,7 +2987,7 @@ dbfind_name(dns_adbname_t *adbname, isc_stdtime_t now, dns_rdatatype_t rdtype) INSIST(rdtype == dns_rdatatype_a || rdtype == dns_rdatatype_aaaa); dns_fixedname_init(&foundname); - fname = dns_fixedname_name(&foundname); + fname = dns_fixedname_name(&foundname); dns_rdataset_init(&rdataset); if (rdtype == dns_rdatatype_a) @@ -2976,7 +2996,7 @@ dbfind_name(dns_adbname_t *adbname, isc_stdtime_t now, dns_rdatatype_t rdtype) adbname->fetch6_err = FIND_ERR_UNEXPECTED; result = dns_view_find(adb->view, &adbname->name, rdtype, now, - NAME_GLUEOK(adbname), + NAME_GLUEOK(adbname) ? DNS_DBFIND_GLUEOK : 0, ISC_TF(NAME_HINTOK(adbname)), NULL, NULL, fname, &rdataset, NULL); @@ -3122,8 +3142,10 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { address_type = DNS_ADBFIND_INET6; fetch = name->fetch_aaaa; name->fetch_aaaa = NULL; - } - INSIST(address_type != 0); + } else + fetch = NULL; + + INSIST(address_type != 0 && fetch != NULL); dns_resolver_destroyfetch(&fetch->fetch); dev->fetch = NULL; @@ -3176,6 +3198,7 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { name->fetch_err = FIND_ERR_NXDOMAIN; else name->fetch_err = FIND_ERR_NXRRSET; + inc_stats(adb, dns_resstatscounter_gluefetchv4fail); } else { DP(NCACHE_LEVEL, "adb fetch name %p: " "caching negative entry for AAAA (ttl %u)", @@ -3186,6 +3209,7 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { name->fetch6_err = FIND_ERR_NXDOMAIN; else name->fetch6_err = FIND_ERR_NXRRSET; + inc_stats(adb, dns_resstatscounter_gluefetchv6fail); } goto out; } @@ -3225,9 +3249,11 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) { if (address_type == DNS_ADBFIND_INET) { name->expire_v4 = ISC_MIN(name->expire_v4, now + 300); name->fetch_err = FIND_ERR_FAILURE; + inc_stats(adb, dns_resstatscounter_gluefetchv4fail); } else { name->expire_v6 = ISC_MIN(name->expire_v6, now + 300); name->fetch6_err = FIND_ERR_FAILURE; + inc_stats(adb, dns_resstatscounter_gluefetchv6fail); } goto out; } @@ -3312,10 +3338,13 @@ fetch_name(dns_adbname_t *adbname, if (result != ISC_R_SUCCESS) goto cleanup; - if (type == dns_rdatatype_a) + if (type == dns_rdatatype_a) { adbname->fetch_a = fetch; - else + inc_stats(adb, dns_resstatscounter_gluefetchv4); + } else { adbname->fetch_aaaa = fetch; + inc_stats(adb, dns_resstatscounter_gluefetchv6); + } fetch = NULL; /* Keep us from cleaning this up below. */ cleanup: @@ -3332,36 +3361,37 @@ fetch_name(dns_adbname_t *adbname, * since these can be extracted from the find itself. */ isc_result_t -dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *zone, - isc_stdtime_t expire_time) +dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *qname, + dns_rdatatype_t qtype, isc_stdtime_t expire_time) { - dns_adbzoneinfo_t *zi; + dns_adblameinfo_t *li; int bucket; isc_result_t result = ISC_R_SUCCESS; REQUIRE(DNS_ADB_VALID(adb)); REQUIRE(DNS_ADBADDRINFO_VALID(addr)); - REQUIRE(zone != NULL); + REQUIRE(qname != NULL); bucket = addr->entry->lock_bucket; LOCK(&adb->entrylocks[bucket]); - zi = ISC_LIST_HEAD(addr->entry->zoneinfo); - while (zi != NULL && !dns_name_equal(zone, &zi->zone)) - zi = ISC_LIST_NEXT(zi, plink); - if (zi != NULL) { - if (expire_time > zi->lame_timer) - zi->lame_timer = expire_time; + li = ISC_LIST_HEAD(addr->entry->lameinfo); + while (li != NULL && + (li->qtype != qtype || !dns_name_equal(qname, &li->qname))) + li = ISC_LIST_NEXT(li, plink); + if (li != NULL) { + if (expire_time > li->lame_timer) + li->lame_timer = expire_time; goto unlock; } - zi = new_adbzoneinfo(adb, zone); - if (zi == NULL) { + li = new_adblameinfo(adb, qname, qtype); + if (li == NULL) { result = ISC_R_NOMEMORY; goto unlock; } - zi->lame_timer = expire_time; + li->lame_timer = expire_time; - ISC_LIST_PREPEND(addr->entry->zoneinfo, zi, plink); + ISC_LIST_PREPEND(addr->entry->lameinfo, li, plink); unlock: UNLOCK(&adb->entrylocks[bucket]); @@ -3437,7 +3467,7 @@ dns_adb_findaddrinfo(dns_adb_t *adb, isc_sockaddr_t *sa, result = ISC_R_SUCCESS; bucket = DNS_ADB_INVALIDBUCKET; - entry = find_entry_and_lock(adb, sa, &bucket); + entry = find_entry_and_lock(adb, sa, &bucket, now); if (adb->entry_sd[bucket]) { result = ISC_R_SHUTTINGDOWN; goto unlock; @@ -3459,7 +3489,9 @@ dns_adb_findaddrinfo(dns_adb_t *adb, isc_sockaddr_t *sa, port = isc_sockaddr_getport(sa); addr = new_adbaddrinfo(adb, entry, port); - if (addr != NULL) { + if (addr == NULL) { + result = ISC_R_NOMEMORY; + } else { inc_entry_refcnt(adb, entry, ISC_FALSE); *addrp = addr; } @@ -3561,19 +3593,22 @@ static void water(void *arg, int mark) { dns_adb_t *adb = arg; isc_boolean_t overmem = ISC_TF(mark == ISC_MEM_HIWATER); - isc_interval_t interval; REQUIRE(DNS_ADB_VALID(adb)); DP(ISC_LOG_DEBUG(1), "adb reached %s water mark", overmem ? "high" : "low"); - adb->overmem = overmem; - if (overmem) { - isc_interval_set(&interval, 0, 1); - (void)isc_timer_reset(adb->timer, isc_timertype_once, NULL, - &interval, ISC_TRUE); + /* + * We can't use adb->lock as there is potential for water + * to be called when adb->lock is held. + */ + LOCK(&adb->overmemlock); + if (adb->overmem != overmem) { + adb->overmem = overmem; + isc_mem_waterack(adb->mctx, mark); } + UNLOCK(&adb->overmemlock); } void diff --git a/contrib/bind-9.3/lib/isc/api b/contrib/bind-9.5.2/lib/dns/api similarity index 60% copy from contrib/bind-9.3/lib/isc/api copy to contrib/bind-9.5.2/lib/dns/api index b4d017358a..9cc4a9c176 100644 --- a/contrib/bind-9.3/lib/isc/api +++ b/contrib/bind-9.5.2/lib/dns/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 12 +LIBINTERFACE = 46 LIBREVISION = 1 LIBAGE = 1 diff --git a/contrib/bind-9.3/lib/dns/byaddr.c b/contrib/bind-9.5.2/lib/dns/byaddr.c similarity index 97% rename from contrib/bind-9.3/lib/dns/byaddr.c rename to contrib/bind-9.5.2/lib/dns/byaddr.c index ace4fb0a7a..234d6b2cd0 100644 --- a/contrib/bind-9.3/lib/dns/byaddr.c +++ b/contrib/bind-9.5.2/lib/dns/byaddr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: byaddr.c,v 1.29.2.1.2.8 2004/08/28 06:25:18 marka Exp $ */ +/* $Id: byaddr.c,v 1.39 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/cache.c b/contrib/bind-9.5.2/lib/dns/cache.c similarity index 91% rename from contrib/bind-9.3/lib/dns/cache.c rename to contrib/bind-9.5.2/lib/dns/cache.c index f45af90d08..fdc48f05ba 100644 --- a/contrib/bind-9.3/lib/dns/cache.c +++ b/contrib/bind-9.5.2/lib/dns/cache.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.c,v 1.45.2.4.8.15 2006/08/01 01:07:05 marka Exp $ */ +/* $Id: cache.c,v 1.76.36.6 2009/05/06 23:34:47 jinmei Exp $ */ + +/*! \file */ #include #include +#include #include #include #include @@ -29,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -39,29 +43,34 @@ #define CACHE_MAGIC ISC_MAGIC('$', '$', '$', '$') #define VALID_CACHE(cache) ISC_MAGIC_VALID(cache, CACHE_MAGIC) -/* - * The following two variables control incremental cleaning. - * MINSIZE is how many bytes is the floor for dns_cache_setcachesize(). +/*! + * Control incremental cleaning. + * DNS_CACHE_MINSIZE is how many bytes is the floor for dns_cache_setcachesize(). + * See also DNS_CACHE_CLEANERINCREMENT + */ +#define DNS_CACHE_MINSIZE 2097152 /*%< Bytes. 2097152 = 2 MB */ +/*! + * Control incremental cleaning. * CLEANERINCREMENT is how many nodes are examined in one pass. + * See also DNS_CACHE_MINSIZE */ -#define DNS_CACHE_MINSIZE 2097152 /* Bytes. 2097152 = 2 MB */ -#define DNS_CACHE_CLEANERINCREMENT 1000 /* Number of nodes. */ +#define DNS_CACHE_CLEANERINCREMENT 1000U /*%< Number of nodes. */ /*** *** Types ***/ /* - * A cache_cleaner_t encapsulsates the state of the periodic + * A cache_cleaner_t encapsulates the state of the periodic * cache cleaning. */ typedef struct cache_cleaner cache_cleaner_t; typedef enum { - cleaner_s_idle, /* Waiting for cleaning-interval to expire. */ - cleaner_s_busy, /* Currently cleaning. */ - cleaner_s_done /* Freed enough memory after being overmem. */ + cleaner_s_idle, /*%< Waiting for cleaning-interval to expire. */ + cleaner_s_busy, /*%< Currently cleaning. */ + cleaner_s_done /*%< Freed enough memory after being overmem. */ } cleaner_state_t; /* @@ -73,13 +82,13 @@ typedef enum { (c)->iterator != NULL && \ (c)->resched_event == NULL) -/* +/*% * Accesses to a cache cleaner object are synchronized through * task/event serialization, or locked from the cache object. */ struct cache_cleaner { isc_mutex_t lock; - /* + /*%< * Locks overmem_event, overmem. Note: never allocate memory * while holding this lock - that could lead to deadlock since * the lock is take by water() which is called from the memory @@ -87,23 +96,23 @@ struct cache_cleaner { */ dns_cache_t *cache; - isc_task_t *task; - unsigned int cleaning_interval; /* The cleaning-interval from + isc_task_t *task; + unsigned int cleaning_interval; /*% The cleaning-interval from named.conf, in seconds. */ - isc_timer_t *cleaning_timer; - isc_event_t *resched_event; /* Sent by cleaner task to + isc_timer_t *cleaning_timer; + isc_event_t *resched_event; /*% Sent by cleaner task to itself to reschedule */ isc_event_t *overmem_event; dns_dbiterator_t *iterator; - int increment; /* Number of names to + unsigned int increment; /*% Number of names to clean in one increment */ - cleaner_state_t state; /* Idle/Busy. */ - isc_boolean_t overmem; /* The cache is in an overmem state. */ + cleaner_state_t state; /*% Idle/Busy. */ + isc_boolean_t overmem; /*% The cache is in an overmem state. */ isc_boolean_t replaceiterator; }; -/* +/*% * The actual cache object. */ @@ -125,7 +134,7 @@ struct dns_cache { char **db_argv; /* Locked by 'filelock'. */ - char * filename; + char *filename; /* Access to the on-disk cache file is also locked by 'filelock'. */ }; @@ -165,6 +174,7 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_result_t result; dns_cache_t *cache; int i; + isc_task_t *dbtask; REQUIRE(cachep != NULL); REQUIRE(*cachep == NULL); @@ -178,22 +188,12 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_mem_attach(mctx, &cache->mctx); result = isc_mutex_init(&cache->lock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - dns_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_mem; - } result = isc_mutex_init(&cache->filelock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - dns_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_lock; - } cache->references = 1; cache->live_tasks = 0; @@ -230,12 +230,29 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, result = cache_create_db(cache, &cache->db); if (result != ISC_R_SUCCESS) goto cleanup_dbargv; + if (taskmgr != NULL) { + dbtask = NULL; + result = isc_task_create(taskmgr, 1, &dbtask); + if (result != ISC_R_SUCCESS) + goto cleanup_db; + dns_db_settask(cache->db, dbtask); + isc_task_detach(&dbtask); + } cache->filename = NULL; cache->magic = CACHE_MAGIC; - result = cache_cleaner_init(cache, taskmgr, timermgr, &cache->cleaner); + /* + * RBT-type cache DB has its own mechanism of cache cleaning and doesn't + * need the control of the generic cleaner. + */ + if (strcmp(db_type, "rbt") == 0) + result = cache_cleaner_init(cache, NULL, NULL, &cache->cleaner); + else { + result = cache_cleaner_init(cache, taskmgr, timermgr, + &cache->cleaner); + } if (result != ISC_R_SUCCESS) goto cleanup_db; @@ -466,7 +483,7 @@ dns_cache_setcleaninginterval(dns_cache_t *cache, unsigned int t) { isc_timertype_ticker, NULL, &interval, ISC_FALSE); } - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, ISC_LOG_WARNING, "could not set cache cleaning interval: %s", @@ -488,13 +505,8 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, isc_result_t result; result = isc_mutex_init(&cleaner->lock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - dns_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto fail; - } cleaner->increment = DNS_CACHE_CLEANERINCREMENT; cleaner->state = cleaner_s_idle; @@ -537,8 +549,7 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, cleaner->cleaning_interval = 0; /* Initially turned off. */ result = isc_timer_create(timermgr, isc_timertype_inactive, - NULL, NULL, - cleaner->task, + NULL, NULL, cleaner->task, cleaning_timer_action, cleaner, &cleaner->cleaning_timer); if (result != ISC_R_SUCCESS) { @@ -558,7 +569,7 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, result = ISC_R_NOMEMORY; goto cleanup; } - + cleaner->overmem_event = isc_event_allocate(cache->mctx, cleaner, DNS_EVENT_CACHEOVERMEM, @@ -596,7 +607,7 @@ begin_cleaning(cache_cleaner_t *cleaner) { /* * Create an iterator, if it does not already exist, and - * position it at the beginning of the cache. + * position it at the beginning of the cache. */ if (cleaner->iterator == NULL) result = dns_db_createiterator(cleaner->cache->db, ISC_FALSE, @@ -635,7 +646,7 @@ begin_cleaning(cache_cleaner_t *cleaner) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1), "begin cache cleaning, mem inuse %lu", - (unsigned long)isc_mem_inuse(cleaner->cache->mctx)); + (unsigned long)isc_mem_inuse(cleaner->cache->mctx)); cleaner->state = cleaner_s_busy; isc_task_send(cleaner->task, &cleaner->resched_event); } @@ -695,7 +706,7 @@ static void overmem_cleaning_action(isc_task_t *task, isc_event_t *event) { cache_cleaner_t *cleaner = event->ev_arg; isc_boolean_t want_cleaning = ISC_FALSE; - + UNUSED(task); INSIST(task == cleaner->task); @@ -740,7 +751,8 @@ static void incremental_cleaning_action(isc_task_t *task, isc_event_t *event) { cache_cleaner_t *cleaner = event->ev_arg; isc_result_t result; - int n_names; + unsigned int n_names; + isc_time_t start; UNUSED(task); @@ -770,6 +782,7 @@ incremental_cleaning_action(isc_task_t *task, isc_event_t *event) { REQUIRE(DNS_DBITERATOR_VALID(cleaner->iterator)); + isc_time_now(&start); while (n_names-- > 0) { dns_dbnode_t *node = NULL; @@ -838,7 +851,7 @@ incremental_cleaning_action(isc_task_t *task, isc_event_t *event) { RUNTIME_CHECK(result == ISC_R_SUCCESS); isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, - ISC_LOG_DEBUG(1), "cache cleaner: checked %d nodes, " + ISC_LOG_DEBUG(1), "cache cleaner: checked %u nodes, " "mem inuse %lu, sleeping", cleaner->increment, (unsigned long)isc_mem_inuse(cleaner->cache->mctx)); @@ -908,9 +921,12 @@ water(void *arg, int mark) { REQUIRE(VALID_CACHE(cache)); LOCK(&cache->cleaner.lock); - - dns_db_overmem(cache->db, overmem); - cache->cleaner.overmem = overmem; + + if (overmem != cache->cleaner.overmem) { + dns_db_overmem(cache->db, overmem); + cache->cleaner.overmem = overmem; + isc_mem_waterack(cache->mctx, mark); + } if (cache->cleaner.overmem_event != NULL) isc_task_send(cache->cleaner.task, @@ -927,7 +943,7 @@ dns_cache_setcachesize(dns_cache_t *cache, isc_uint32_t size) { REQUIRE(VALID_CACHE(cache)); /* - * Impose a minumum cache size; pathological things happen if there + * Impose a minimum cache size; pathological things happen if there * is too little room. */ if (size != 0 && size < DNS_CACHE_MINSIZE) @@ -1034,7 +1050,7 @@ dns_cache_flushname(dns_cache_t *cache, dns_name_t *name) { dns_rdatasetiter_t *iter = NULL; dns_dbnode_t *node = NULL; dns_db_t *db = NULL; - + LOCK(&cache->lock); if (cache->db != NULL) dns_db_attach(cache->db, &db); diff --git a/contrib/bind-9.3/lib/dns/callbacks.c b/contrib/bind-9.5.2/lib/dns/callbacks.c similarity index 92% rename from contrib/bind-9.3/lib/dns/callbacks.c rename to contrib/bind-9.5.2/lib/dns/callbacks.c index 431c7ef4ec..928f37df78 100644 --- a/contrib/bind-9.3/lib/dns/callbacks.c +++ b/contrib/bind-9.5.2/lib/dns/callbacks.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: callbacks.c,v 1.12.206.1 2004/03/06 08:13:36 marka Exp $ */ +/* $Id: callbacks.c,v 1.17 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/compress.c b/contrib/bind-9.5.2/lib/dns/compress.c similarity index 88% rename from contrib/bind-9.3/lib/dns/compress.c rename to contrib/bind-9.5.2/lib/dns/compress.c index 2122436865..11473ee95f 100644 --- a/contrib/bind-9.3/lib/dns/compress.c +++ b/contrib/bind-9.5.2/lib/dns/compress.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: compress.c,v 1.50.206.4 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: compress.c,v 1.59 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #define DNS_NAME_USEINLINE 1 @@ -82,13 +84,31 @@ void dns_compress_setmethods(dns_compress_t *cctx, unsigned int allowed) { REQUIRE(VALID_CCTX(cctx)); - cctx->allowed = allowed; + cctx->allowed &= ~DNS_COMPRESS_ALL; + cctx->allowed |= (allowed & DNS_COMPRESS_ALL); } unsigned int dns_compress_getmethods(dns_compress_t *cctx) { REQUIRE(VALID_CCTX(cctx)); - return (cctx->allowed); + return (cctx->allowed & DNS_COMPRESS_ALL); +} + +void +dns_compress_setsensitive(dns_compress_t *cctx, isc_boolean_t sensitive) { + REQUIRE(VALID_CCTX(cctx)); + + if (sensitive) + cctx->allowed |= DNS_COMPRESS_CASESENSITIVE; + else + cctx->allowed &= ~DNS_COMPRESS_CASESENSITIVE; +} + +isc_boolean_t +dns_compress_getsensitive(dns_compress_t *cctx) { + REQUIRE(VALID_CCTX(cctx)); + + return (ISC_TF((cctx->allowed & DNS_COMPRESS_CASESENSITIVE) != 0)); } int @@ -138,8 +158,13 @@ dns_compress_findglobal(dns_compress_t *cctx, const dns_name_t *name, for (node = cctx->table[hash]; node != NULL; node = node->next) { NODENAME(node, &nname); - if (dns_name_equal(&nname, &tname)) - break; + if ((cctx->allowed & DNS_COMPRESS_CASESENSITIVE) != 0) { + if (dns_name_caseequal(&nname, &tname)) + break; + } else { + if (dns_name_equal(&nname, &tname)) + break; + } } if (node != NULL) break; diff --git a/contrib/bind-9.3/lib/dns/db.c b/contrib/bind-9.5.2/lib/dns/db.c similarity index 89% rename from contrib/bind-9.3/lib/dns/db.c rename to contrib/bind-9.5.2/lib/dns/db.c index 347ce1e4ab..dab2544d0d 100644 --- a/contrib/bind-9.3/lib/dns/db.c +++ b/contrib/bind-9.5.2/lib/dns/db.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: db.c,v 1.69.2.1.10.4 2004/03/08 02:07:52 marka Exp $ */ +/* $Id: db.c,v 1.83.128.4 2009/04/29 23:46:55 tbox Exp $ */ + +/*! \file */ /*** *** Imports @@ -93,7 +95,7 @@ static inline dns_dbimplementation_t * impfind(const char *name) { dns_dbimplementation_t *imp; - for (imp = ISC_LIST_HEAD(implementations); + for (imp = ISC_LIST_HEAD(implementations); imp != NULL; imp = ISC_LIST_NEXT(imp, link)) if (strcasecmp(name, imp->name) == 0) @@ -301,6 +303,11 @@ dns_db_endload(dns_db_t *db, dns_dbload_t **dbloadp) { isc_result_t dns_db_load(dns_db_t *db, const char *filename) { + return (dns_db_load2(db, filename, dns_masterformat_text)); +} + +isc_result_t +dns_db_load2(dns_db_t *db, const char *filename, dns_masterformat_t format) { isc_result_t result, eresult; dns_rdatacallbacks_t callbacks; unsigned int options = 0; @@ -319,9 +326,9 @@ dns_db_load(dns_db_t *db, const char *filename) { result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private); if (result != ISC_R_SUCCESS) return (result); - result = dns_master_loadfile(filename, &db->origin, &db->origin, - db->rdclass, options, - &callbacks, db->mctx); + result = dns_master_loadfile2(filename, &db->origin, &db->origin, + db->rdclass, options, + &callbacks, db->mctx, format); eresult = dns_db_endload(db, &callbacks.add_private); /* * We always call dns_db_endload(), but we only want to return its @@ -337,13 +344,22 @@ dns_db_load(dns_db_t *db, const char *filename) { isc_result_t dns_db_dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) { + return ((db->methods->dump)(db, version, filename, + dns_masterformat_text)); +} + +isc_result_t +dns_db_dump2(dns_db_t *db, dns_dbversion_t *version, const char *filename, + dns_masterformat_t masterformat) { /* - * Dump 'db' into master file 'filename'. + * Dump 'db' into master file 'filename' in the 'masterformat' format. + * XXXJT: is it okay to modify the interface to the existing "dump" + * method? */ REQUIRE(DNS_DB_VALID(db)); - return ((db->methods->dump)(db, version, filename)); + return ((db->methods->dump)(db, version, filename, masterformat)); } /*** @@ -511,6 +527,30 @@ dns_db_detachnode(dns_db_t *db, dns_dbnode_t **nodep) { ENSURE(*nodep == NULL); } +void +dns_db_transfernode(dns_db_t *db, dns_dbnode_t **sourcep, + dns_dbnode_t **targetp) +{ + REQUIRE(DNS_DB_VALID(db)); + REQUIRE(targetp != NULL && *targetp == NULL); + /* + * This doesn't check the implementation magic. If we find that + * we need such checks in future then this will be done in the + * method. + */ + REQUIRE(sourcep != NULL && *sourcep != NULL); + + UNUSED(db); + + if (db->methods->transfernode == NULL) { + *targetp = *sourcep; + *sourcep = NULL; + } else + (db->methods->transfernode)(db, sourcep, targetp); + + ENSURE(*sourcep == NULL); +} + isc_result_t dns_db_expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { @@ -671,7 +711,7 @@ dns_db_deleterdataset(dns_db_t *db, dns_dbnode_t *node, type, covers)); } -void +void dns_db_overmem(dns_db_t *db, isc_boolean_t overmem) { REQUIRE(DNS_DB_VALID(db)); @@ -697,11 +737,11 @@ dns_db_getsoaserial(dns_db_t *db, dns_dbversion_t *ver, isc_uint32_t *serialp) dns_rdataset_init(&rdataset); result = dns_db_findrdataset(db, node, ver, dns_rdatatype_soa, 0, (isc_stdtime_t)0, &rdataset, NULL); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) goto freenode; result = dns_rdataset_first(&rdataset); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) goto freerdataset; dns_rdataset_current(&rdataset, &rdata); result = dns_rdataset_next(&rdataset); @@ -754,7 +794,7 @@ dns_db_register(const char *name, dns_dbcreatefunc_t create, void *driverarg, RWUNLOCK(&implock, isc_rwlocktype_write); return (ISC_R_EXISTS); } - + imp = isc_mem_get(mctx, sizeof(dns_dbimplementation_t)); if (imp == NULL) { RWUNLOCK(&implock, isc_rwlocktype_write); @@ -784,10 +824,34 @@ dns_db_unregister(dns_dbimplementation_t **dbimp) { RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); imp = *dbimp; + *dbimp = NULL; RWLOCK(&implock, isc_rwlocktype_write); ISC_LIST_UNLINK(implementations, imp, link); mctx = imp->mctx; isc_mem_put(mctx, imp, sizeof(dns_dbimplementation_t)); isc_mem_detach(&mctx); RWUNLOCK(&implock, isc_rwlocktype_write); + ENSURE(*dbimp == NULL); +} + +dns_stats_t * +dns_db_getrrsetstats(dns_db_t *db) { + REQUIRE(DNS_DB_VALID(db)); + + if (db->methods->getrrsetstats != NULL) + return ((db->methods->getrrsetstats)(db)); + + return (NULL); +} + +isc_result_t +dns_db_getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) { + REQUIRE(DNS_DB_VALID(db)); + REQUIRE(dns_db_iszone(db) == ISC_TRUE); + REQUIRE(nodep != NULL && *nodep == NULL); + + if (db->methods->getoriginnode != NULL) + return ((db->methods->getoriginnode)(db, nodep)); + + return (ISC_R_NOTFOUND); } diff --git a/contrib/bind-9.3/lib/dns/dbiterator.c b/contrib/bind-9.5.2/lib/dns/dbiterator.c similarity index 93% rename from contrib/bind-9.3/lib/dns/dbiterator.c rename to contrib/bind-9.5.2/lib/dns/dbiterator.c index 0bf354bd94..8981e49c26 100644 --- a/contrib/bind-9.3/lib/dns/dbiterator.c +++ b/contrib/bind-9.5.2/lib/dns/dbiterator.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dbiterator.c,v 1.13.206.1 2004/03/06 08:13:37 marka Exp $ */ +/* $Id: dbiterator.c,v 1.18 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/dbtable.c b/contrib/bind-9.5.2/lib/dns/dbtable.c similarity index 96% rename from contrib/bind-9.3/lib/dns/dbtable.c rename to contrib/bind-9.5.2/lib/dns/dbtable.c index d027fa3fff..57bbfc1ef8 100644 --- a/contrib/bind-9.3/lib/dns/dbtable.c +++ b/contrib/bind-9.5.2/lib/dns/dbtable.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,10 +16,11 @@ */ /* - * $Id: dbtable.c,v 1.25.12.4 2004/03/09 05:21:08 marka Exp $ + * $Id: dbtable.c,v 1.33 2007/06/19 23:47:16 tbox Exp $ */ -/* +/*! \file + * \author * Principal Author: DCL */ @@ -86,7 +87,6 @@ dns_dbtable_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, result = isc_rwlock_init(&dbtable->tree_lock, 0, 0); if (result != ISC_R_SUCCESS) goto clean3; - dbtable->default_db = NULL; dbtable->mctx = mctx; diff --git a/contrib/bind-9.3/lib/dns/diff.c b/contrib/bind-9.5.2/lib/dns/diff.c similarity index 93% rename from contrib/bind-9.3/lib/dns/diff.c rename to contrib/bind-9.5.2/lib/dns/diff.c index 8cd5643695..6e41f0fa9a 100644 --- a/contrib/bind-9.3/lib/dns/diff.c +++ b/contrib/bind-9.5.2/lib/dns/diff.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: diff.c,v 1.4.2.1.8.4 2004/03/08 02:07:52 marka Exp $ */ +/* $Id: diff.c,v 1.14.128.3 2009/01/06 23:46:47 tbox Exp $ */ + +/*! \file */ #include @@ -30,8 +32,10 @@ #include #include #include +#include #include #include +#include #include #define CHECK(op) \ @@ -195,6 +199,9 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, dns_difftuple_t *t; dns_dbnode_t *node = NULL; isc_result_t result; + char namebuf[DNS_NAME_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; + char classbuf[DNS_RDATACLASS_FORMATSIZE]; REQUIRE(DNS_DIFF_VALID(diff)); REQUIRE(DNS_DB_VALID(db)); @@ -254,11 +261,19 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, t->rdata.type == type && rdata_covers(&t->rdata) == covers) { + dns_name_format(name, namebuf, sizeof(namebuf)); + dns_rdatatype_format(t->rdata.type, typebuf, + sizeof(typebuf)); + dns_rdataclass_format(t->rdata.rdclass, + classbuf, + sizeof(classbuf)); if (t->ttl != rdl.ttl && warn) isc_log_write(DIFF_COMMON_LOGARGS, - ISC_LOG_WARNING, - "TTL differs in rdataset, " - "adjusting %lu -> %lu", + ISC_LOG_WARNING, + "'%s/%s/%s': TTL differs in " + "rdataset, adjusting " + "%lu -> %lu", + namebuf, typebuf, classbuf, (unsigned long) t->ttl, (unsigned long) rdl.ttl); ISC_LIST_APPEND(rdl.rdata, &t->rdata, link); @@ -291,7 +306,7 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, INSIST(0); } if (result == DNS_R_UNCHANGED) { - /* + /* * This will not happen when executing a * dynamic update, because that code will * generate strictly minimal diffs. @@ -440,7 +455,7 @@ dns_diff_sort(dns_diff_t *diff, dns_diff_compare_func *compare) { /* * Create an rdataset containing the single RR of the given - * tuple. The caller must allocate the the rdata, rdataset and + * tuple. The caller must allocate the rdata, rdataset and * an rdatalist structure for it to refer to. */ diff --git a/contrib/bind-9.3/lib/dns/dispatch.c b/contrib/bind-9.5.2/lib/dns/dispatch.c similarity index 58% rename from contrib/bind-9.3/lib/dns/dispatch.c rename to contrib/bind-9.5.2/lib/dns/dispatch.c index dcb83721ba..f1557ec2cb 100644 --- a/contrib/bind-9.3/lib/dns/dispatch.c +++ b/contrib/bind-9.5.2/lib/dns/dispatch.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.c,v 1.101.2.6.2.13.6.4 2007/06/27 04:19:50 marka Exp $ */ +/* $Id: dispatch.c,v 1.137.128.24 2009/01/31 00:44:43 marka Exp $ */ + +/*! \file */ #include #include #include #include +#include #include #include #include +#include #include #include +#include #include #include #include @@ -39,18 +44,14 @@ #include #include #include +#include #include #include typedef ISC_LIST(dns_dispentry_t) dns_displist_t; -typedef struct dns_qid { - unsigned int magic; - unsigned int qid_nbuckets; /* hash table size */ - unsigned int qid_increment; /* id increment on collision */ - isc_mutex_t lock; - dns_displist_t *qid_table; /* the table itself */ -} dns_qid_t; +typedef struct dispsocket dispsocket_t; +typedef ISC_LIST(dispsocket_t) dispsocketlist_t; /* ARC4 Random generator state */ typedef struct arc4ctx { @@ -58,14 +59,27 @@ typedef struct arc4ctx { isc_uint8_t j; isc_uint8_t s[256]; int count; + isc_entropy_t *entropy; /*%< entropy source for ARC4 */ + isc_mutex_t *lock; } arc4ctx_t; +typedef struct dns_qid { + unsigned int magic; + unsigned int qid_nbuckets; /*%< hash table size */ + unsigned int qid_increment; /*%< id increment on collision */ + isc_mutex_t lock; + dns_displist_t *qid_table; /*%< the table itself */ + dispsocketlist_t *sock_table; /*%< socket table */ +} dns_qid_t; + struct dns_dispatchmgr { /* Unlocked. */ unsigned int magic; isc_mem_t *mctx; dns_acl_t *blackhole; dns_portlist_t *portlist; + isc_stats_t *stats; + isc_entropy_t *entropy; /*%< entropy source */ /* Locked by "lock". */ isc_mutex_t lock; @@ -79,18 +93,37 @@ struct dns_dispatchmgr { /* locked by buffer lock */ dns_qid_t *qid; isc_mutex_t buffer_lock; - unsigned int buffers; /* allocated buffers */ - unsigned int buffersize; /* size of each buffer */ - unsigned int maxbuffers; /* max buffers */ + unsigned int buffers; /*%< allocated buffers */ + unsigned int buffersize; /*%< size of each buffer */ + unsigned int maxbuffers; /*%< max buffers */ /* Locked internally. */ isc_mutex_t pool_lock; - isc_mempool_t *epool; /* memory pool for events */ - isc_mempool_t *rpool; /* memory pool for replies */ - isc_mempool_t *dpool; /* dispatch allocations */ - isc_mempool_t *bpool; /* memory pool for buffers */ - - isc_entropy_t *entropy; /* entropy source */ + isc_mempool_t *epool; /*%< memory pool for events */ + isc_mempool_t *rpool; /*%< memory pool for replies */ + isc_mempool_t *dpool; /*%< dispatch allocations */ + isc_mempool_t *bpool; /*%< memory pool for buffers */ + isc_mempool_t *spool; /*%< memory pool for dispsocs */ + + /*% + * Locked by qid->lock if qid exists; otherwise, can be used without + * being locked. + * Memory footprint considerations: this is a simple implementation of + * available ports, i.e., an ordered array of the actual port numbers. + * This will require about 256KB of memory in the worst case (128KB for + * each of IPv4 and IPv6). We could reduce it by representing it as a + * more sophisticated way such as a list (or array) of ranges that are + * searched to identify a specific port. Our decision here is the saved + * memory isn't worth the implementation complexity, considering the + * fact that the whole BIND9 process (which is mainly named) already + * requires a pretty large memory footprint. We may, however, have to + * revisit the decision when we want to use it as a separate module for + * an environment where memory requirement is severer. + */ + in_port_t *v4ports; /*%< available ports for IPv4 */ + unsigned int nv4ports; /*%< # of available ports for IPv4 */ + in_port_t *v6ports; /*%< available ports for IPv4 */ + unsigned int nv6ports; /*%< # of available ports for IPv4 */ }; #define MGR_SHUTTINGDOWN 0x00000001U @@ -109,42 +142,94 @@ struct dns_dispentry { isc_taskaction_t action; void *arg; isc_boolean_t item_out; + dispsocket_t *dispsocket; ISC_LIST(dns_dispatchevent_t) items; ISC_LINK(dns_dispentry_t) link; }; +/*% + * Maximum number of dispatch sockets that can be pooled for reuse. The + * appropriate value may vary, but experiments have shown a busy caching server + * may need more than 1000 sockets concurrently opened. The maximum allowable + * number of dispatch sockets (per manager) will be set to the double of this + * value. + */ +#ifndef DNS_DISPATCH_POOLSOCKS +#define DNS_DISPATCH_POOLSOCKS 2048 +#endif + +/*% + * Quota to control the number of dispatch sockets. If a dispatch has more + * than the quota of sockets, new queries will purge oldest ones, so that + * a massive number of outstanding queries won't prevent subsequent queries + * (especially if the older ones take longer time and result in timeout). + */ +#ifndef DNS_DISPATCH_SOCKSQUOTA +#define DNS_DISPATCH_SOCKSQUOTA 3072 +#endif + +struct dispsocket { + unsigned int magic; + isc_socket_t *socket; + dns_dispatch_t *disp; + isc_sockaddr_t host; + in_port_t localport; + dns_dispentry_t *resp; + isc_task_t *task; + ISC_LINK(dispsocket_t) link; + unsigned int bucket; + ISC_LINK(dispsocket_t) blink; +}; + #define INVALID_BUCKET (0xffffdead) +/*% + * Number of tasks for each dispatch that use separate sockets for different + * transactions. This must be a power of 2 as it will divide 32 bit numbers + * to get an uniformly random tasks selection. See get_dispsocket(). + */ +#define MAX_INTERNAL_TASKS 64 + struct dns_dispatch { /* Unlocked. */ - unsigned int magic; /* magic */ - dns_dispatchmgr_t *mgr; /* dispatch manager */ - isc_task_t *task; /* internal task */ - isc_socket_t *socket; /* isc socket attached to */ - isc_sockaddr_t local; /* local address */ - in_port_t localport; /* local UDP port */ - unsigned int maxrequests; /* max requests */ + unsigned int magic; /*%< magic */ + dns_dispatchmgr_t *mgr; /*%< dispatch manager */ + int ntasks; + /*% + * internal task buckets. We use multiple tasks to distribute various + * socket events well when using separate dispatch sockets. We use the + * 1st task (task[0]) for internal control events. + */ + isc_task_t *task[MAX_INTERNAL_TASKS]; + isc_socket_t *socket; /*%< isc socket attached to */ + isc_sockaddr_t local; /*%< local address */ + in_port_t localport; /*%< local UDP port */ + unsigned int maxrequests; /*%< max requests */ isc_event_t *ctlevent; - /* Locked by mgr->lock. */ + /*% Locked by mgr->lock. */ ISC_LINK(dns_dispatch_t) link; /* Locked by "lock". */ - isc_mutex_t lock; /* locks all below */ + isc_mutex_t lock; /*%< locks all below */ isc_sockettype_t socktype; unsigned int attributes; - unsigned int refcount; /* number of users */ - dns_dispatchevent_t *failsafe_ev; /* failsafe cancel event */ + unsigned int refcount; /*%< number of users */ + dns_dispatchevent_t *failsafe_ev; /*%< failsafe cancel event */ unsigned int shutting_down : 1, shutdown_out : 1, connected : 1, tcpmsg_valid : 1, - recv_pending : 1; /* is a recv() pending? */ + recv_pending : 1; /*%< is a recv() pending? */ isc_result_t shutdown_why; - unsigned int requests; /* how many requests we have */ - unsigned int tcpbuffers; /* allocated buffers */ - dns_tcpmsg_t tcpmsg; /* for tcp streams */ + ISC_LIST(dispsocket_t) activesockets; + ISC_LIST(dispsocket_t) inactivesockets; + unsigned int nsockets; + unsigned int requests; /*%< how many requests we have */ + unsigned int tcpbuffers; /*%< allocated buffers */ + dns_tcpmsg_t tcpmsg; /*%< for tcp streams */ dns_qid_t *qid; + arc4ctx_t arc4ctx; /*%< for QID/UDP port num */ }; #define QID_MAGIC ISC_MAGIC('Q', 'i', 'd', ' ') @@ -153,6 +238,9 @@ struct dns_dispatch { #define RESPONSE_MAGIC ISC_MAGIC('D', 'r', 's', 'p') #define VALID_RESPONSE(e) ISC_MAGIC_VALID((e), RESPONSE_MAGIC) +#define DISPSOCK_MAGIC ISC_MAGIC('D', 's', 'o', 'c') +#define VALID_DISPSOCK(e) ISC_MAGIC_VALID((e), DISPSOCK_MAGIC) + #define DISPATCH_MAGIC ISC_MAGIC('D', 'i', 's', 'p') #define VALID_DISPATCH(e) ISC_MAGIC_VALID((e), DISPATCH_MAGIC) @@ -161,16 +249,33 @@ struct dns_dispatch { #define DNS_QID(disp) ((disp)->socktype == isc_sockettype_tcp) ? \ (disp)->qid : (disp)->mgr->qid +#define DISP_ARC4CTX(disp) ((disp)->socktype == isc_sockettype_udp) ? \ + (&(disp)->arc4ctx) : (&(disp)->mgr->arc4ctx) + +/*% + * Locking a query port buffer is a bit tricky. We access the buffer without + * locking until qid is created. Technically, there is a possibility of race + * between the creation of qid and access to the port buffer; in practice, + * however, this should be safe because qid isn't created until the first + * dispatch is created and there should be no contending situation until then. + */ +#define PORTBUFLOCK(mgr) if ((mgr)->qid != NULL) LOCK(&((mgr)->qid->lock)) +#define PORTBUFUNLOCK(mgr) if ((mgr)->qid != NULL) UNLOCK((&(mgr)->qid->lock)) + /* * Statics. */ -static dns_dispentry_t *bucket_search(dns_qid_t *, isc_sockaddr_t *, - dns_messageid_t, in_port_t, unsigned int); +static dns_dispentry_t *entry_search(dns_qid_t *, isc_sockaddr_t *, + dns_messageid_t, in_port_t, unsigned int); static isc_boolean_t destroy_disp_ok(dns_dispatch_t *); static void destroy_disp(isc_task_t *task, isc_event_t *event); -static void udp_recv(isc_task_t *, isc_event_t *); +static void destroy_dispsocket(dns_dispatch_t *, dispsocket_t **); +static void deactivate_dispsocket(dns_dispatch_t *, dispsocket_t *); +static void udp_exrecv(isc_task_t *, isc_event_t *); +static void udp_shrecv(isc_task_t *, isc_event_t *); +static void udp_recv(isc_event_t *, dns_dispatch_t *, dispsocket_t *); static void tcp_recv(isc_task_t *, isc_event_t *); -static void startrecv(dns_dispatch_t *); +static isc_result_t startrecv(dns_dispatch_t *, dispsocket_t *); static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t, in_port_t); static void free_buffer(dns_dispatch_t *disp, void *buf, unsigned int len); @@ -182,6 +287,11 @@ static dns_dispentry_t *linear_first(dns_qid_t *disp); static dns_dispentry_t *linear_next(dns_qid_t *disp, dns_dispentry_t *resp); static void dispatch_free(dns_dispatch_t **dispp); +static isc_result_t get_udpsocket(dns_dispatchmgr_t *mgr, + dns_dispatch_t *disp, + isc_socketmgr_t *sockmgr, + isc_sockaddr_t *localaddr, + isc_socket_t **sockp); static isc_result_t dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_taskmgr_t *taskmgr, @@ -192,8 +302,13 @@ static isc_result_t dispatch_createudp(dns_dispatchmgr_t *mgr, static isc_boolean_t destroy_mgr_ok(dns_dispatchmgr_t *mgr); static void destroy_mgr(dns_dispatchmgr_t **mgrp); static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets, - unsigned int increment, dns_qid_t **qidp); + unsigned int increment, dns_qid_t **qidp, + isc_boolean_t needaddrtable); static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp); +static isc_result_t open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, + unsigned int options, isc_socket_t **sockp); +static isc_boolean_t portavailable(dns_dispatchmgr_t *mgr, isc_socket_t *sock, + isc_sockaddr_t *sockaddrp); #define LVL(x) ISC_LOG_DEBUG(x) @@ -218,6 +333,12 @@ mgr_log(dns_dispatchmgr_t *mgr, int level, const char *fmt, ...) { level, "dispatchmgr %p: %s", mgr, msgbuf); } +static inline void +inc_stats(dns_dispatchmgr_t *mgr, isc_statscounter_t counter) { + if (mgr->stats != NULL) + isc_stats_increment(mgr->stats, counter); +} + static void dispatch_log(dns_dispatch_t *disp, int level, const char *fmt, ...) ISC_FORMAT_PRINTF(3, 4); @@ -273,17 +394,38 @@ request_log(dns_dispatch_t *disp, dns_dispentry_t *resp, } } -/* - * ARC4 random number generator obtained from OpenBSD +/*% + * ARC4 random number generator derived from OpenBSD. + * Only dispatch_arc4random() and dispatch_arc4uniformrandom() are expected + * to be called from general dispatch routines; the rest of them are subroutines + * for these two. + * + * The original copyright follows: + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ static void -dispatch_arc4init(arc4ctx_t *actx) { +dispatch_arc4init(arc4ctx_t *actx, isc_entropy_t *entropy, isc_mutex_t *lock) { int n; for (n = 0; n < 256; n++) actx->s[n] = n; actx->i = 0; actx->j = 0; actx->count = 0; + actx->entropy = entropy; /* don't have to attach */ + actx->lock = lock; } static void @@ -327,7 +469,7 @@ dispatch_arc4get16(arc4ctx_t *actx) { } static void -dispatch_arc4stir(dns_dispatchmgr_t *mgr) { +dispatch_arc4stir(arc4ctx_t *actx) { int i; union { unsigned char rnd[128]; @@ -335,51 +477,55 @@ dispatch_arc4stir(dns_dispatchmgr_t *mgr) { } rnd; isc_result_t result; - if (mgr->entropy != NULL) { + if (actx->entropy != NULL) { /* * We accept any quality of random data to avoid blocking. */ - result = isc_entropy_getdata(mgr->entropy, rnd.rnd, + result = isc_entropy_getdata(actx->entropy, rnd.rnd, sizeof(rnd), NULL, 0); RUNTIME_CHECK(result == ISC_R_SUCCESS); } else { for (i = 0; i < 32; i++) isc_random_get(&rnd.rnd32[i]); } - dispatch_arc4addrandom(&mgr->arc4ctx, rnd.rnd, sizeof(rnd.rnd)); + dispatch_arc4addrandom(actx, rnd.rnd, sizeof(rnd.rnd)); /* * Discard early keystream, as per recommendations in: * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps */ for (i = 0; i < 256; i++) - (void)dispatch_arc4get8(&mgr->arc4ctx); + (void)dispatch_arc4get8(actx); /* * Derived from OpenBSD's implementation. The rationale is not clear, * but should be conservative enough in safety, and reasonably large * for efficiency. */ - mgr->arc4ctx.count = 1600000; + actx->count = 1600000; } static isc_uint16_t -dispatch_arc4random(dns_dispatchmgr_t *mgr) { +dispatch_arc4random(arc4ctx_t *actx) { isc_uint16_t result; - LOCK(&mgr->arc4_lock); - mgr->arc4ctx.count -= sizeof(isc_uint16_t); - if (mgr->arc4ctx.count <= 0) - dispatch_arc4stir(mgr); - result = dispatch_arc4get16(&mgr->arc4ctx); - UNLOCK(&mgr->arc4_lock); + if (actx->lock != NULL) + LOCK(actx->lock); + + actx->count -= sizeof(isc_uint16_t); + if (actx->count <= 0) + dispatch_arc4stir(actx); + result = dispatch_arc4get16(actx); + + if (actx->lock != NULL) + UNLOCK(actx->lock); + return (result); } static isc_uint16_t -dispatch_arc4uniformrandom(dns_dispatchmgr_t *mgr, isc_uint16_t upper_bound) { +dispatch_arc4uniformrandom(arc4ctx_t *actx, isc_uint16_t upper_bound) { isc_uint16_t min, r; - /* The caller must hold the manager lock. */ if (upper_bound < 2) return (0); @@ -401,7 +547,7 @@ dispatch_arc4uniformrandom(dns_dispatchmgr_t *mgr, isc_uint16_t upper_bound) { * to re-roll. */ for (;;) { - r = dispatch_arc4random(mgr); + r = dispatch_arc4random(actx); if (r >= min) break; } @@ -484,13 +630,15 @@ destroy_disp_ok(dns_dispatch_t *disp) if (disp->recv_pending != 0) return (ISC_FALSE); + if (!ISC_LIST_EMPTY(disp->activesockets)) + return (ISC_FALSE); + if (disp->shutting_down == 0) return (ISC_FALSE); return (ISC_TRUE); } - /* * Called when refcount reaches 0 (and safe to destroy). * @@ -502,6 +650,8 @@ destroy_disp(isc_task_t *task, isc_event_t *event) { dns_dispatch_t *disp; dns_dispatchmgr_t *mgr; isc_boolean_t killmgr; + dispsocket_t *dispsocket; + int i; INSIST(event->ev_type == DNS_EVENT_DISPATCHCONTROL); @@ -515,10 +665,16 @@ destroy_disp(isc_task_t *task, isc_event_t *event) { dispatch_log(disp, LVL(90), "shutting down; detaching from sock %p, task %p", - disp->socket, disp->task); + disp->socket, disp->task[0]); /* XXXX */ - isc_socket_detach(&disp->socket); - isc_task_detach(&disp->task); + if (disp->socket != NULL) + isc_socket_detach(&disp->socket); + while ((dispsocket = ISC_LIST_HEAD(disp->inactivesockets)) != NULL) { + ISC_LIST_UNLINK(disp->inactivesockets, dispsocket, link); + destroy_dispsocket(disp, &dispsocket); + } + for (i = 0; i < disp->ntasks; i++) + isc_task_detach(&disp->task[i]); isc_event_free(&event); dispatch_free(&disp); @@ -529,14 +685,210 @@ destroy_disp(isc_task_t *task, isc_event_t *event) { destroy_mgr(&mgr); } +/*% + * Find a dispsocket for socket address 'dest', and port number 'port'. + * Return NULL if no such entry exists. + */ +static dispsocket_t * +socket_search(dns_qid_t *qid, isc_sockaddr_t *dest, in_port_t port, + unsigned int bucket) +{ + dispsocket_t *dispsock; + + REQUIRE(bucket < qid->qid_nbuckets); + + dispsock = ISC_LIST_HEAD(qid->sock_table[bucket]); + + while (dispsock != NULL) { + if (isc_sockaddr_equal(dest, &dispsock->host) && + dispsock->localport == port) + return (dispsock); + dispsock = ISC_LIST_NEXT(dispsock, blink); + } + + return (NULL); +} + +/*% + * Make a new socket for a single dispatch with a random port number. + * The caller must hold the disp->lock and qid->lock. + */ +static isc_result_t +get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest, + isc_socketmgr_t *sockmgr, dns_qid_t *qid, + dispsocket_t **dispsockp, in_port_t *portp) +{ + int i; + isc_uint32_t r; + dns_dispatchmgr_t *mgr = disp->mgr; + isc_socket_t *sock = NULL; + isc_result_t result = ISC_R_FAILURE; + in_port_t port; + isc_sockaddr_t localaddr; + unsigned int bucket = 0; + dispsocket_t *dispsock; + unsigned int nports; + in_port_t *ports; + + if (isc_sockaddr_pf(&disp->local) == AF_INET) { + nports = disp->mgr->nv4ports; + ports = disp->mgr->v4ports; + } else { + nports = disp->mgr->nv6ports; + ports = disp->mgr->v6ports; + } + if (nports == 0) + return (ISC_R_ADDRNOTAVAIL); + + dispsock = ISC_LIST_HEAD(disp->inactivesockets); + if (dispsock != NULL) { + ISC_LIST_UNLINK(disp->inactivesockets, dispsock, link); + sock = dispsock->socket; + dispsock->socket = NULL; + } else { + dispsock = isc_mempool_get(mgr->spool); + if (dispsock == NULL) + return (ISC_R_NOMEMORY); + + disp->nsockets++; + dispsock->socket = NULL; + dispsock->disp = disp; + dispsock->resp = NULL; + isc_random_get(&r); + dispsock->task = NULL; + isc_task_attach(disp->task[r % disp->ntasks], &dispsock->task); + ISC_LINK_INIT(dispsock, link); + ISC_LINK_INIT(dispsock, blink); + dispsock->magic = DISPSOCK_MAGIC; + } + + /* + * Pick up a random UDP port and open a new socket with it. Avoid + * choosing ports that share the same destination because it will be + * very likely to fail in bind(2) or connect(2). + */ + localaddr = disp->local; + for (i = 0; i < 64; i++) { + port = ports[dispatch_arc4uniformrandom(DISP_ARC4CTX(disp), + nports)]; + isc_sockaddr_setport(&localaddr, port); + + bucket = dns_hash(qid, dest, 0, port); + if (socket_search(qid, dest, port, bucket) != NULL) + continue; + + result = open_socket(sockmgr, &localaddr, 0, &sock); + if (result == ISC_R_SUCCESS || result != ISC_R_ADDRINUSE) + break; + } + + if (result == ISC_R_SUCCESS) { + dispsock->socket = sock; + dispsock->host = *dest; + dispsock->localport = port; + dispsock->bucket = bucket; + ISC_LIST_APPEND(qid->sock_table[bucket], dispsock, blink); + *dispsockp = dispsock; + *portp = port; + } else { + /* + * We could keep it in the inactive list, but since this should + * be an exceptional case and might be resource shortage, we'd + * rather destroy it. + */ + if (sock != NULL) + isc_socket_detach(&sock); + destroy_dispsocket(disp, &dispsock); + } + + return (result); +} + +/*% + * Destroy a dedicated dispatch socket. + */ +static void +destroy_dispsocket(dns_dispatch_t *disp, dispsocket_t **dispsockp) { + dispsocket_t *dispsock; + dns_qid_t *qid; + + /* + * The dispatch must be locked. + */ + + REQUIRE(dispsockp != NULL && *dispsockp != NULL); + dispsock = *dispsockp; + REQUIRE(!ISC_LINK_LINKED(dispsock, link)); + + disp->nsockets--; + dispsock->magic = 0; + if (dispsock->socket != NULL) + isc_socket_detach(&dispsock->socket); + if (ISC_LINK_LINKED(dispsock, blink)) { + qid = DNS_QID(disp); + LOCK(&qid->lock); + ISC_LIST_UNLINK(qid->sock_table[dispsock->bucket], dispsock, + blink); + UNLOCK(&qid->lock); + } + if (dispsock->task != NULL) + isc_task_detach(&dispsock->task); + isc_mempool_put(disp->mgr->spool, dispsock); + + *dispsockp = NULL; +} + +/*% + * Deactivate a dedicated dispatch socket. Move it to the inactive list for + * future reuse unless the total number of sockets are exceeding the maximum. + */ +static void +deactivate_dispsocket(dns_dispatch_t *disp, dispsocket_t *dispsock) { + isc_result_t result; + dns_qid_t *qid; + + /* + * The dispatch must be locked. + */ + ISC_LIST_UNLINK(disp->activesockets, dispsock, link); + if (dispsock->resp != NULL) { + INSIST(dispsock->resp->dispsocket == dispsock); + dispsock->resp->dispsocket = NULL; + } + + if (disp->nsockets > DNS_DISPATCH_POOLSOCKS) + destroy_dispsocket(disp, &dispsock); + else { + result = isc_socket_close(dispsock->socket); + + qid = DNS_QID(disp); + LOCK(&qid->lock); + ISC_LIST_UNLINK(qid->sock_table[dispsock->bucket], dispsock, + blink); + UNLOCK(&qid->lock); + + if (result == ISC_R_SUCCESS) + ISC_LIST_APPEND(disp->inactivesockets, dispsock, link); + else { + /* + * If the underlying system does not allow this + * optimization, destroy this temporary structure (and + * create a new one for a new transaction). + */ + INSIST(result == ISC_R_NOTIMPLEMENTED); + destroy_dispsocket(disp, &dispsock); + } + } +} /* - * Find an entry for query ID 'id' and socket address 'dest' in 'qid'. + * Find an entry for query ID 'id', socket address 'dest', and port number + * 'port'. * Return NULL if no such entry exists. */ static dns_dispentry_t * -bucket_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id, - in_port_t port, unsigned int bucket) +entry_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id, + in_port_t port, unsigned int bucket) { dns_dispentry_t *res; @@ -545,7 +897,7 @@ bucket_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id, res = ISC_LIST_HEAD(qid->qid_table[bucket]); while (res != NULL) { - if ((res->id == id) && isc_sockaddr_equal(dest, &res->host) && + if (res->id == id && isc_sockaddr_equal(dest, &res->host) && res->port == port) { return (res); } @@ -619,6 +971,26 @@ allocate_event(dns_dispatch_t *disp) { return (ev); } +static void +udp_exrecv(isc_task_t *task, isc_event_t *ev) { + dispsocket_t *dispsock = ev->ev_arg; + + UNUSED(task); + + REQUIRE(VALID_DISPSOCK(dispsock)); + udp_recv(ev, dispsock->disp, dispsock); +} + +static void +udp_shrecv(isc_task_t *task, isc_event_t *ev) { + dns_dispatch_t *disp = ev->ev_arg; + + UNUSED(task); + + REQUIRE(VALID_DISPATCH(disp)); + udp_recv(ev, disp, NULL); +} + /* * General flow: * @@ -634,14 +1006,13 @@ allocate_event(dns_dispatch_t *disp) { * restart. */ static void -udp_recv(isc_task_t *task, isc_event_t *ev_in) { +udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) { isc_socketevent_t *ev = (isc_socketevent_t *)ev_in; - dns_dispatch_t *disp = ev_in->ev_arg; dns_messageid_t id; isc_result_t dres; isc_buffer_t source; unsigned int flags; - dns_dispentry_t *resp; + dns_dispentry_t *resp = NULL; dns_dispatchevent_t *rev; unsigned int bucket; isc_boolean_t killit; @@ -650,8 +1021,8 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { dns_qid_t *qid; isc_netaddr_t netaddr; int match; - - UNUSED(task); + int result; + isc_boolean_t qidlocked = ISC_FALSE; LOCK(&disp->lock); @@ -662,7 +1033,7 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { "got packet: requests %d, buffers %d, recvs %d", disp->requests, disp->mgr->buffers, disp->recv_pending); - if (ev->ev_type == ISC_SOCKEVENT_RECVDONE) { + if (dispsock == NULL && ev->ev_type == ISC_SOCKEVENT_RECVDONE) { /* * Unless the receive event was imported from a listening * interface, in which case the event type is @@ -672,6 +1043,19 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { disp->recv_pending = 0; } + if (dispsock != NULL && + (ev->result == ISC_R_CANCELED || dispsock->resp == NULL)) { + /* + * dispsock->resp can be NULL if this transaction was canceled + * just after receiving a response. Since this socket is + * exclusively used and there should be at most one receive + * event the canceled event should have been no effect. So + * we can (and should) deactivate the socket right now. + */ + deactivate_dispsocket(disp, dispsock); + dispsock = NULL; + } + if (disp->shutting_down) { /* * This dispatcher is shutting down. @@ -684,12 +1068,32 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { killit = destroy_disp_ok(disp); UNLOCK(&disp->lock); if (killit) - isc_task_send(disp->task, &disp->ctlevent); + isc_task_send(disp->task[0], &disp->ctlevent); return; } - if (ev->result != ISC_R_SUCCESS) { + if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) { + if (dispsock != NULL) { + resp = dispsock->resp; + id = resp->id; + if (ev->result != ISC_R_SUCCESS) { + /* + * This is most likely a network error on a + * connected socket. It makes no sense to + * check the address or parse the packet, but it + * will help to return the error to the caller. + */ + goto sendresponse; + } + } else { + free_buffer(disp, ev->region.base, ev->region.length); + + UNLOCK(&disp->lock); + isc_event_free(&ev_in); + return; + } + } else if (ev->result != ISC_R_SUCCESS) { free_buffer(disp, ev->region.base, ev->region.length); if (ev->result != ISC_R_CANCELED) @@ -708,7 +1112,7 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { isc_netaddr_fromsockaddr(&netaddr, &ev->address); if (disp->mgr->blackhole != NULL && dns_acl_match(&netaddr, NULL, disp->mgr->blackhole, - NULL, &match, NULL) == ISC_R_SUCCESS && + NULL, &match, NULL) == ISC_R_SUCCESS && match > 0) { if (isc_log_wouldlog(dns_lctx, LVL(10))) { @@ -750,18 +1154,34 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { goto restart; } - /* response */ - bucket = dns_hash(qid, &ev->address, id, disp->localport); - LOCK(&qid->lock); - resp = bucket_search(qid, &ev->address, id, disp->localport, bucket); - dispatch_log(disp, LVL(90), - "search for response in bucket %d: %s", - bucket, (resp == NULL ? "not found" : "found")); - + /* + * Search for the corresponding response. If we are using an exclusive + * socket, we've already identified it and we can skip the search; but + * the ID and the address must match the expected ones. + */ if (resp == NULL) { + bucket = dns_hash(qid, &ev->address, id, disp->localport); + LOCK(&qid->lock); + qidlocked = ISC_TRUE; + resp = entry_search(qid, &ev->address, id, disp->localport, + bucket); + dispatch_log(disp, LVL(90), + "search for response in bucket %d: %s", + bucket, (resp == NULL ? "not found" : "found")); + + if (resp == NULL) { + inc_stats(mgr, dns_resstatscounter_mismatch); + free_buffer(disp, ev->region.base, ev->region.length); + goto unlock; + } + } else if (resp->id != id || !isc_sockaddr_equal(&ev->address, + &resp->host)) { + dispatch_log(disp, LVL(90), + "response to an exclusive socket doesn't match"); + inc_stats(mgr, dns_resstatscounter_mismatch); free_buffer(disp, ev->region.base, ev->region.length); goto unlock; - } + } /* * Now that we have the original dispatch the query was sent @@ -771,7 +1191,7 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { if (disp != resp->disp) { isc_sockaddr_t a1; isc_sockaddr_t a2; - + /* * Check that the socket types and ports match. */ @@ -784,11 +1204,11 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { /* * If both dispatches are bound to an address then fail as - * the addresses can't be equal (enforced by the IP stack). + * the addresses can't be equal (enforced by the IP stack). * * Note under Linux a packet can be sent out via IPv4 socket * and the response be received via a IPv6 socket. - * + * * Requests sent out via IPv6 should always come back in * via IPv6. */ @@ -806,6 +1226,7 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { } } + sendresponse: queue_response = resp->item_out; rev = allocate_event(resp->disp); if (rev == NULL) { @@ -820,7 +1241,7 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { */ isc_buffer_init(&rev->buffer, ev->region.base, ev->region.length); isc_buffer_add(&rev->buffer, ev->n); - rev->result = ISC_R_SUCCESS; + rev->result = ev->result; rev->id = id; rev->addr = ev->address; rev->pktinfo = ev->pktinfo; @@ -839,14 +1260,23 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { isc_task_send(resp->task, ISC_EVENT_PTR(&rev)); } unlock: - UNLOCK(&qid->lock); + if (qidlocked) + UNLOCK(&qid->lock); /* * Restart recv() to get the next packet. */ restart: - startrecv(disp); - + result = startrecv(disp, dispsock); + if (result != ISC_R_SUCCESS && dispsock != NULL) { + /* + * XXX: wired. There seems to be no recovery process other than + * deactivate this socket anyway (since we cannot start + * receiving, we won't be able to receive a cancel event + * from the user). + */ + deactivate_dispsocket(disp, dispsock); + } UNLOCK(&disp->lock); isc_event_free(&ev_in); @@ -909,7 +1339,7 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { switch (tcpmsg->result) { case ISC_R_CANCELED: break; - + case ISC_R_EOF: dispatch_log(disp, LVL(90), "shutting down on EOF"); do_cancel(disp); @@ -946,7 +1376,7 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { killit = destroy_disp_ok(disp); UNLOCK(&disp->lock); if (killit) - isc_task_send(disp->task, &disp->ctlevent); + isc_task_send(disp->task[0], &disp->ctlevent); return; } @@ -989,8 +1419,7 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { */ bucket = dns_hash(qid, &tcpmsg->address, id, disp->localport); LOCK(&qid->lock); - resp = bucket_search(qid, &tcpmsg->address, id, disp->localport, - bucket); + resp = entry_search(qid, &tcpmsg->address, id, disp->localport, bucket); dispatch_log(disp, LVL(90), "search for response in bucket %d: %s", bucket, (resp == NULL ? "not found" : "found")); @@ -1031,7 +1460,7 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { * Restart recv() to get the next packet. */ restart: - startrecv(disp); + (void)startrecv(disp, NULL); UNLOCK(&disp->lock); @@ -1041,22 +1470,33 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { /* * disp must be locked. */ -static void -startrecv(dns_dispatch_t *disp) { +static isc_result_t +startrecv(dns_dispatch_t *disp, dispsocket_t *dispsock) { isc_result_t res; isc_region_t region; + isc_socket_t *socket; if (disp->shutting_down == 1) - return; + return (ISC_R_SUCCESS); if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) != 0) - return; + return (ISC_R_SUCCESS); - if (disp->recv_pending != 0) - return; + if (disp->recv_pending != 0 && dispsock == NULL) + return (ISC_R_SUCCESS); if (disp->mgr->buffers >= disp->mgr->maxbuffers) - return; + return (ISC_R_NOMEMORY); + + if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0 && + dispsock == NULL) + return (ISC_R_SUCCESS); + + if (dispsock != NULL) + socket = dispsock->socket; + else + socket = disp->socket; + INSIST(socket != NULL); switch (disp->socktype) { /* @@ -1066,33 +1506,48 @@ startrecv(dns_dispatch_t *disp) { region.length = disp->mgr->buffersize; region.base = allocate_udp_buffer(disp); if (region.base == NULL) - return; - res = isc_socket_recv(disp->socket, ®ion, 1, - disp->task, udp_recv, disp); - if (res != ISC_R_SUCCESS) { - free_buffer(disp, region.base, region.length); - disp->shutdown_why = res; - disp->shutting_down = 1; - do_cancel(disp); - return; + return (ISC_R_NOMEMORY); + if (dispsock != NULL) { + res = isc_socket_recv(socket, ®ion, 1, + dispsock->task, udp_exrecv, + dispsock); + if (res != ISC_R_SUCCESS) { + free_buffer(disp, region.base, region.length); + return (res); + } + } else { + res = isc_socket_recv(socket, ®ion, 1, + disp->task[0], udp_shrecv, disp); + if (res != ISC_R_SUCCESS) { + free_buffer(disp, region.base, region.length); + disp->shutdown_why = res; + disp->shutting_down = 1; + do_cancel(disp); + return (ISC_R_SUCCESS); /* recover by cancel */ + } + INSIST(disp->recv_pending == 0); + disp->recv_pending = 1; } - INSIST(disp->recv_pending == 0); - disp->recv_pending = 1; break; case isc_sockettype_tcp: - res = dns_tcpmsg_readmessage(&disp->tcpmsg, disp->task, + res = dns_tcpmsg_readmessage(&disp->tcpmsg, disp->task[0], tcp_recv, disp); if (res != ISC_R_SUCCESS) { disp->shutdown_why = res; disp->shutting_down = 1; do_cancel(disp); - return; + return (ISC_R_SUCCESS); /* recover by cancel */ } INSIST(disp->recv_pending == 0); disp->recv_pending = 1; break; + default: + INSIST(0); + break; } + + return (ISC_R_SUCCESS); } /* @@ -1145,6 +1600,7 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) { isc_mempool_destroy(&mgr->rpool); isc_mempool_destroy(&mgr->dpool); isc_mempool_destroy(&mgr->bpool); + isc_mempool_destroy(&mgr->spool); DESTROYLOCK(&mgr->pool_lock); @@ -1158,32 +1614,50 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) { if (mgr->blackhole != NULL) dns_acl_detach(&mgr->blackhole); - if (mgr->portlist != NULL) - dns_portlist_detach(&mgr->portlist); + if (mgr->stats != NULL) + isc_stats_detach(&mgr->stats); + if (mgr->v4ports != NULL) { + isc_mem_put(mctx, mgr->v4ports, + mgr->nv4ports * sizeof(in_port_t)); + } + if (mgr->v6ports != NULL) { + isc_mem_put(mctx, mgr->v6ports, + mgr->nv6ports * sizeof(in_port_t)); + } isc_mem_put(mctx, mgr, sizeof(dns_dispatchmgr_t)); isc_mem_detach(&mctx); } static isc_result_t -create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, - isc_socket_t **sockp) +open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, + unsigned int options, isc_socket_t **sockp) { isc_socket_t *sock; isc_result_t result; - sock = NULL; - result = isc_socket_create(mgr, isc_sockaddr_pf(local), - isc_sockettype_udp, &sock); - if (result != ISC_R_SUCCESS) - return (result); + sock = *sockp; + if (sock == NULL) { + result = isc_socket_create(mgr, isc_sockaddr_pf(local), + isc_sockettype_udp, &sock); + if (result != ISC_R_SUCCESS) + return (result); + isc_socket_setname(sock, "dispatcher", NULL); + } else { + result = isc_socket_open(sock); + if (result != ISC_R_SUCCESS) + return (result); + } #ifndef ISC_ALLOW_MAPPED isc_socket_ipv6only(sock, ISC_TRUE); #endif - result = isc_socket_bind(sock, local); + result = isc_socket_bind(sock, local, options); if (result != ISC_R_SUCCESS) { - isc_socket_detach(&sock); + if (*sockp == NULL) + isc_socket_detach(&sock); + else + isc_socket_close(sock); return (result); } @@ -1191,6 +1665,24 @@ create_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, return (ISC_R_SUCCESS); } +/*% + * Create a temporary port list to set the initial default set of dispatch + * ports: [1024, 65535]. This is almost meaningless as the application will + * normally set the ports explicitly, but is provided to fill some minor corner + * cases. + */ +static isc_result_t +create_default_portset(isc_mem_t *mctx, isc_portset_t **portsetp) { + isc_result_t result; + + result = isc_portset_create(mctx, portsetp); + if (result != ISC_R_SUCCESS) + return (result); + isc_portset_addrange(*portsetp, 1024, 65535); + + return (ISC_R_SUCCESS); +} + /* * Publics. */ @@ -1201,6 +1693,8 @@ dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy, { dns_dispatchmgr_t *mgr; isc_result_t result; + isc_portset_t *v4portset = NULL; + isc_portset_t *v6portset = NULL; REQUIRE(mctx != NULL); REQUIRE(mgrp != NULL && *mgrp == NULL); @@ -1213,7 +1707,7 @@ dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy, isc_mem_attach(mctx, &mgr->mctx); mgr->blackhole = NULL; - mgr->portlist = NULL; + mgr->stats = NULL; result = isc_mutex_init(&mgr->lock); if (result != ISC_R_SUCCESS) @@ -1268,20 +1762,43 @@ dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy, mgr->buffersize = 0; mgr->maxbuffers = 0; mgr->bpool = NULL; + mgr->spool = NULL; mgr->entropy = NULL; mgr->qid = NULL; mgr->state = 0; ISC_LIST_INIT(mgr->list); + mgr->v4ports = NULL; + mgr->v6ports = NULL; + mgr->nv4ports = 0; + mgr->nv6ports = 0; mgr->magic = DNS_DISPATCHMGR_MAGIC; + result = create_default_portset(mctx, &v4portset); + if (result == ISC_R_SUCCESS) { + result = create_default_portset(mctx, &v6portset); + if (result == ISC_R_SUCCESS) { + result = dns_dispatchmgr_setavailports(mgr, + v4portset, + v6portset); + } + } + if (v4portset != NULL) + isc_portset_destroy(mctx, &v4portset); + if (v6portset != NULL) + isc_portset_destroy(mctx, &v6portset); + if (result != ISC_R_SUCCESS) + goto kill_dpool; + if (entropy != NULL) isc_entropy_attach(entropy, &mgr->entropy); - dispatch_arc4init(&mgr->arc4ctx); + dispatch_arc4init(&mgr->arc4ctx, mgr->entropy, &mgr->arc4_lock); *mgrp = mgr; return (ISC_R_SUCCESS); + kill_dpool: + isc_mempool_destroy(&mgr->dpool); kill_rpool: isc_mempool_destroy(&mgr->rpool); kill_epool: @@ -1320,22 +1837,88 @@ dns_dispatchmgr_setblackportlist(dns_dispatchmgr_t *mgr, dns_portlist_t *portlist) { REQUIRE(VALID_DISPATCHMGR(mgr)); - if (mgr->portlist != NULL) - dns_portlist_detach(&mgr->portlist); - if (portlist != NULL) - dns_portlist_attach(portlist, &mgr->portlist); + UNUSED(portlist); + + /* This function is deprecated: use dns_dispatchmgr_setavailports(). */ + return; } dns_portlist_t * dns_dispatchmgr_getblackportlist(dns_dispatchmgr_t *mgr) { REQUIRE(VALID_DISPATCHMGR(mgr)); - return (mgr->portlist); + return (NULL); /* this function is deprecated */ +} + +isc_result_t +dns_dispatchmgr_setavailports(dns_dispatchmgr_t *mgr, isc_portset_t *v4portset, + isc_portset_t *v6portset) +{ + in_port_t *v4ports, *v6ports, p; + unsigned int nv4ports, nv6ports, i4, i6; + + REQUIRE(VALID_DISPATCHMGR(mgr)); + + nv4ports = isc_portset_nports(v4portset); + nv6ports = isc_portset_nports(v6portset); + + v4ports = NULL; + if (nv4ports != 0) { + v4ports = isc_mem_get(mgr->mctx, sizeof(in_port_t) * nv4ports); + if (v4ports == NULL) + return (ISC_R_NOMEMORY); + } + v6ports = NULL; + if (nv6ports != 0) { + v6ports = isc_mem_get(mgr->mctx, sizeof(in_port_t) * nv6ports); + if (v6ports == NULL) { + if (v4ports != NULL) { + isc_mem_put(mgr->mctx, v4ports, + sizeof(in_port_t) * + isc_portset_nports(v4portset)); + } + return (ISC_R_NOMEMORY); + } + } + + p = 0; + i4 = 0; + i6 = 0; + do { + if (isc_portset_isset(v4portset, p)) { + INSIST(i4 < nv4ports); + v4ports[i4++] = p; + } + if (isc_portset_isset(v6portset, p)) { + INSIST(i6 < nv6ports); + v6ports[i6++] = p; + } + } while (p++ < 65535); + INSIST(i4 == nv4ports && i6 == nv6ports); + + PORTBUFLOCK(mgr); + if (mgr->v4ports != NULL) { + isc_mem_put(mgr->mctx, mgr->v4ports, + mgr->nv4ports * sizeof(in_port_t)); + } + mgr->v4ports = v4ports; + mgr->nv4ports = nv4ports; + + if (mgr->v6ports != NULL) { + isc_mem_put(mgr->mctx, mgr->v6ports, + mgr->nv6ports * sizeof(in_port_t)); + } + mgr->v6ports = v6ports; + mgr->nv6ports = nv6ports; + PORTBUFUNLOCK(mgr); + + return (ISC_R_SUCCESS); } static isc_result_t dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr, - unsigned int buffersize, unsigned int maxbuffers, - unsigned int buckets, unsigned int increment) + unsigned int buffersize, unsigned int maxbuffers, + unsigned int maxrequests, unsigned int buckets, + unsigned int increment) { isc_result_t result; @@ -1362,23 +1945,39 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr, maxbuffers = 8; LOCK(&mgr->buffer_lock); + + /* Create or adjust buffer pool */ if (mgr->bpool != NULL) { isc_mempool_setmaxalloc(mgr->bpool, maxbuffers); mgr->maxbuffers = maxbuffers; + } else { + result = isc_mempool_create(mgr->mctx, buffersize, &mgr->bpool); + if (result != ISC_R_SUCCESS) { + UNLOCK(&mgr->buffer_lock); + return (result); + } + isc_mempool_setname(mgr->bpool, "dispmgr_bpool"); + isc_mempool_setmaxalloc(mgr->bpool, maxbuffers); + isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock); + } + + /* Create or adjust socket pool */ + if (mgr->spool != NULL) { + isc_mempool_setmaxalloc(mgr->spool, DNS_DISPATCH_POOLSOCKS * 2); UNLOCK(&mgr->buffer_lock); return (ISC_R_SUCCESS); } - - if (isc_mempool_create(mgr->mctx, buffersize, - &mgr->bpool) != ISC_R_SUCCESS) { - return (ISC_R_NOMEMORY); + result = isc_mempool_create(mgr->mctx, sizeof(dispsocket_t), + &mgr->spool); + if (result != ISC_R_SUCCESS) { + UNLOCK(&mgr->buffer_lock); + goto cleanup; } + isc_mempool_setname(mgr->spool, "dispmgr_spool"); + isc_mempool_setmaxalloc(mgr->spool, maxrequests); + isc_mempool_associatelock(mgr->spool, &mgr->pool_lock); - isc_mempool_setname(mgr->bpool, "dispmgr_bpool"); - isc_mempool_setmaxalloc(mgr->bpool, maxbuffers); - isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock); - - result = qid_allocate(mgr, buckets, increment, &mgr->qid); + result = qid_allocate(mgr, buckets, increment, &mgr->qid, ISC_TRUE); if (result != ISC_R_SUCCESS) goto cleanup; @@ -1389,8 +1988,10 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr, cleanup: isc_mempool_destroy(&mgr->bpool); + if (mgr->spool != NULL) + isc_mempool_destroy(&mgr->spool); UNLOCK(&mgr->buffer_lock); - return (ISC_R_NOMEMORY); + return (result); } void @@ -1416,30 +2017,65 @@ dns_dispatchmgr_destroy(dns_dispatchmgr_t **mgrp) { destroy_mgr(&mgr); } +void +dns_dispatchmgr_setstats(dns_dispatchmgr_t *mgr, isc_stats_t *stats) { + REQUIRE(VALID_DISPATCHMGR(mgr)); + REQUIRE(ISC_LIST_EMPTY(mgr->list)); + REQUIRE(mgr->stats == NULL); + + isc_stats_attach(stats, &mgr->stats); +} + +static int +port_cmp(const void *key, const void *ent) { + in_port_t p1 = *(const in_port_t *)key; + in_port_t p2 = *(const in_port_t *)ent; + + if (p1 < p2) + return (-1); + else if (p1 == p2) + return (0); + else + return (1); +} + static isc_boolean_t -blacklisted(dns_dispatchmgr_t *mgr, isc_socket_t *sock, - isc_sockaddr_t *sockaddrp) +portavailable(dns_dispatchmgr_t *mgr, isc_socket_t *sock, + isc_sockaddr_t *sockaddrp) { isc_sockaddr_t sockaddr; isc_result_t result; + in_port_t *ports, port; + unsigned int nports; + isc_boolean_t available = ISC_FALSE; REQUIRE(sock != NULL || sockaddrp != NULL); - if (mgr->portlist == NULL) - return (ISC_FALSE); - + PORTBUFLOCK(mgr); if (sock != NULL) { sockaddrp = &sockaddr; result = isc_socket_getsockname(sock, sockaddrp); if (result != ISC_R_SUCCESS) - return (ISC_FALSE); + goto unlock; } - if (mgr->portlist != NULL && - dns_portlist_match(mgr->portlist, isc_sockaddr_pf(sockaddrp), - isc_sockaddr_getport(sockaddrp))) - return (ISC_TRUE); - return (ISC_FALSE); + if (isc_sockaddr_pf(sockaddrp) == AF_INET) { + ports = mgr->v4ports; + nports = mgr->nv4ports; + } else { + ports = mgr->v6ports; + nports = mgr->nv6ports; + } + if (ports == NULL) + goto unlock; + + port = isc_sockaddr_getport(sockaddrp); + if (bsearch(&port, ports, nports, sizeof(in_port_t), port_cmp) != NULL) + available = ISC_TRUE; + +unlock: + PORTBUFUNLOCK(mgr); + return (available); } #define ATTRMATCH(_a1, _a2, _mask) (((_a1) & (_mask)) == ((_a2) & (_mask))) @@ -1449,17 +2085,20 @@ local_addr_match(dns_dispatch_t *disp, isc_sockaddr_t *addr) { isc_sockaddr_t sockaddr; isc_result_t result; + REQUIRE(disp->socket != NULL); + if (addr == NULL) return (ISC_TRUE); /* - * Don't match wildcard ports against newly blacklisted ports. + * Don't match wildcard ports unless the port is available in the + * current configuration. */ - if (disp->mgr->portlist != NULL && - isc_sockaddr_getport(addr) == 0 && + if (isc_sockaddr_getport(addr) == 0 && isc_sockaddr_getport(&disp->local) == 0 && - blacklisted(disp->mgr, disp->socket, NULL)) + !portavailable(disp->mgr, disp->socket, NULL)) { return (ISC_FALSE); + } /* * Check if we match the binding . @@ -1501,10 +2140,10 @@ dispatch_find(dns_dispatchmgr_t *mgr, isc_sockaddr_t *local, isc_result_t result; /* - * Make certain that we will not match a private dispatch. + * Make certain that we will not match a private or exclusive dispatch. */ - attributes &= ~DNS_DISPATCHATTR_PRIVATE; - mask |= DNS_DISPATCHATTR_PRIVATE; + attributes &= ~(DNS_DISPATCHATTR_PRIVATE|DNS_DISPATCHATTR_EXCLUSIVE); + mask |= (DNS_DISPATCHATTR_PRIVATE|DNS_DISPATCHATTR_EXCLUSIVE); disp = ISC_LIST_HEAD(mgr->list); while (disp != NULL) { @@ -1531,10 +2170,12 @@ dispatch_find(dns_dispatchmgr_t *mgr, isc_sockaddr_t *local, static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets, - unsigned int increment, dns_qid_t **qidp) + unsigned int increment, dns_qid_t **qidp, + isc_boolean_t needsocktable) { dns_qid_t *qid; unsigned int i; + isc_result_t result; REQUIRE(VALID_DISPATCHMGR(mgr)); REQUIRE(buckets < 2097169); /* next prime > 65536 * 32 */ @@ -1552,16 +2193,35 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets, return (ISC_R_NOMEMORY); } - if (isc_mutex_init(&qid->lock) != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_mutex_init failed"); + qid->sock_table = NULL; + if (needsocktable) { + qid->sock_table = isc_mem_get(mgr->mctx, buckets * + sizeof(dispsocketlist_t)); + if (qid->sock_table == NULL) { + isc_mem_put(mgr->mctx, qid, sizeof(*qid)); + isc_mem_put(mgr->mctx, qid->qid_table, + buckets * sizeof(dns_displist_t)); + return (ISC_R_NOMEMORY); + } + } + + result = isc_mutex_init(&qid->lock); + if (result != ISC_R_SUCCESS) { + if (qid->sock_table != NULL) { + isc_mem_put(mgr->mctx, qid->sock_table, + buckets * sizeof(dispsocketlist_t)); + } isc_mem_put(mgr->mctx, qid->qid_table, buckets * sizeof(dns_displist_t)); isc_mem_put(mgr->mctx, qid, sizeof(*qid)); - return (ISC_R_UNEXPECTED); + return (result); } - for (i = 0; i < buckets; i++) + for (i = 0; i < buckets; i++) { ISC_LIST_INIT(qid->qid_table[i]); + if (qid->sock_table != NULL) + ISC_LIST_INIT(qid->sock_table[i]); + } qid->qid_nbuckets = buckets; qid->qid_increment = increment; @@ -1583,6 +2243,10 @@ qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp) { qid->magic = 0; isc_mem_put(mctx, qid->qid_table, qid->qid_nbuckets * sizeof(dns_displist_t)); + if (qid->sock_table != NULL) { + isc_mem_put(mctx, qid->sock_table, + qid->qid_nbuckets * sizeof(dispsocketlist_t)); + } DESTROYLOCK(&qid->lock); isc_mem_put(mctx, qid, sizeof(*qid)); } @@ -1595,7 +2259,7 @@ dispatch_allocate(dns_dispatchmgr_t *mgr, unsigned int maxrequests, dns_dispatch_t **dispp) { dns_dispatch_t *disp; - isc_result_t res; + isc_result_t result; REQUIRE(VALID_DISPATCHMGR(mgr)); REQUIRE(dispp != NULL && *dispp == NULL); @@ -1626,16 +2290,18 @@ dispatch_allocate(dns_dispatchmgr_t *mgr, unsigned int maxrequests, disp->requests = 0; disp->tcpbuffers = 0; disp->qid = NULL; + ISC_LIST_INIT(disp->activesockets); + ISC_LIST_INIT(disp->inactivesockets); + disp->nsockets = 0; + dispatch_arc4init(&disp->arc4ctx, mgr->entropy, NULL); - if (isc_mutex_init(&disp->lock) != ISC_R_SUCCESS) { - res = ISC_R_UNEXPECTED; - UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_mutex_init failed"); + result = isc_mutex_init(&disp->lock); + if (result != ISC_R_SUCCESS) goto deallocate; - } disp->failsafe_ev = allocate_event(disp); if (disp->failsafe_ev == NULL) { - res = ISC_R_NOMEMORY; + result = ISC_R_NOMEMORY; goto kill_lock; } @@ -1652,12 +2318,12 @@ dispatch_allocate(dns_dispatchmgr_t *mgr, unsigned int maxrequests, deallocate: isc_mempool_put(mgr->dpool, disp); - return (res); + return (result); } /* - * MUST be unlocked, and not used by anthing. + * MUST be unlocked, and not used by anything. */ static void dispatch_free(dns_dispatch_t **dispp) @@ -1680,6 +2346,8 @@ dispatch_free(dns_dispatch_t **dispp) INSIST(disp->tcpbuffers == 0); INSIST(disp->requests == 0); INSIST(disp->recv_pending == 0); + INSIST(ISC_LIST_EMPTY(disp->activesockets)); + INSIST(ISC_LIST_EMPTY(disp->inactivesockets)); isc_mempool_put(mgr->epool, disp->failsafe_ev); disp->failsafe_ev = NULL; @@ -1725,7 +2393,7 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, return (result); } - result = qid_allocate(mgr, buckets, increment, &disp->qid); + result = qid_allocate(mgr, buckets, increment, &disp->qid, ISC_FALSE); if (result != ISC_R_SUCCESS) goto deallocate_dispatch; @@ -1733,8 +2401,9 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, disp->socket = NULL; isc_socket_attach(sock, &disp->socket); - disp->task = NULL; - result = isc_task_create(taskmgr, 0, &disp->task); + disp->ntasks = 1; + disp->task[0] = NULL; + result = isc_task_create(taskmgr, 0, &disp->task[0]); if (result != ISC_R_SUCCESS) goto kill_socket; @@ -1742,10 +2411,12 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, DNS_EVENT_DISPATCHCONTROL, destroy_disp, disp, sizeof(isc_event_t)); - if (disp->ctlevent == NULL) + if (disp->ctlevent == NULL) { + result = ISC_R_NOMEMORY; goto kill_task; + } - isc_task_setname(disp->task, "tcpdispatch", disp); + isc_task_setname(disp->task[0], "tcpdispatch", disp); dns_tcpmsg_init(mgr->mctx, disp->socket, &disp->tcpmsg); disp->tcpmsg_valid = 1; @@ -1759,7 +2430,7 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, UNLOCK(&mgr->lock); mgr_log(mgr, LVL(90), "created TCP dispatcher %p", disp); - dispatch_log(disp, LVL(90), "created task %p", disp->task); + dispatch_log(disp, LVL(90), "created task %p", disp->task[0]); *dispp = disp; @@ -1769,7 +2440,7 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, * Error returns. */ kill_task: - isc_task_detach(&disp->task); + isc_task_detach(&disp->task[0]); kill_socket: isc_socket_detach(&disp->socket); deallocate_dispatch: @@ -1804,21 +2475,20 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, REQUIRE((attributes & DNS_DISPATCHATTR_TCP) == 0); result = dns_dispatchmgr_setudp(mgr, buffersize, maxbuffers, - buckets, increment); + maxrequests, buckets, increment); if (result != ISC_R_SUCCESS) return (result); LOCK(&mgr->lock); - if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) != 0) { + if ((attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) { REQUIRE(isc_sockaddr_getport(localaddr) == 0); goto createudp; } /* - * First, see if we have a dispatcher that matches. + * See if we have a dispatcher that matches. */ - disp = NULL; result = dispatch_find(mgr, localaddr, attributes, mask, &disp); if (result == ISC_R_SUCCESS) { disp->refcount++; @@ -1831,7 +2501,7 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, { disp->attributes |= DNS_DISPATCHATTR_NOLISTEN; if (disp->recv_pending != 0) - isc_socket_cancel(disp->socket, disp->task, + isc_socket_cancel(disp->socket, disp->task[0], ISC_SOCKCANCEL_RECV); } @@ -1867,6 +2537,110 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, #define DNS_DISPATCH_HELD 20U #endif +static isc_result_t +get_udpsocket(dns_dispatchmgr_t *mgr, dns_dispatch_t *disp, + isc_socketmgr_t *sockmgr, isc_sockaddr_t *localaddr, + isc_socket_t **sockp) +{ + unsigned int i, j; + isc_socket_t *held[DNS_DISPATCH_HELD]; + isc_sockaddr_t localaddr_bound; + isc_socket_t *sock = NULL; + isc_result_t result = ISC_R_SUCCESS; + isc_boolean_t anyport; + + INSIST(sockp != NULL && *sockp == NULL); + + localaddr_bound = *localaddr; + anyport = ISC_TF(isc_sockaddr_getport(localaddr) == 0); + + if (anyport) { + unsigned int nports; + in_port_t *ports; + + /* + * If no port is specified, we first try to pick up a random + * port by ourselves. + */ + if (isc_sockaddr_pf(&disp->local) == AF_INET) { + nports = disp->mgr->nv4ports; + ports = disp->mgr->v4ports; + } else { + nports = disp->mgr->nv6ports; + ports = disp->mgr->v6ports; + } + if (nports == 0) + return (ISC_R_ADDRNOTAVAIL); + + for (i = 0; i < 1024; i++) { + in_port_t prt; + + prt = ports[dispatch_arc4uniformrandom( + DISP_ARC4CTX(disp), + nports)]; + isc_sockaddr_setport(&localaddr_bound, prt); + result = open_socket(sockmgr, &localaddr_bound, + 0, &sock); + if (result == ISC_R_SUCCESS || + result != ISC_R_ADDRINUSE) { + disp->localport = prt; + *sockp = sock; + return (result); + } + } + + /* + * If this fails 1024 times, we then ask the kernel for + * choosing one. + */ + } else { + /* Allow to reuse address for non-random ports. */ + result = open_socket(sockmgr, localaddr, + ISC_SOCKET_REUSEADDRESS, &sock); + + if (result == ISC_R_SUCCESS) + *sockp = sock; + + return (result); + } + + memset(held, 0, sizeof(held)); + i = 0; + + for (j = 0; j < 0xffffU; j++) { + result = open_socket(sockmgr, localaddr, 0, &sock); + if (result != ISC_R_SUCCESS) + goto end; + else if (!anyport) + break; + else if (portavailable(mgr, sock, NULL)) + break; + if (held[i] != NULL) + isc_socket_detach(&held[i]); + held[i++] = sock; + sock = NULL; + if (i == DNS_DISPATCH_HELD) + i = 0; + } + if (j == 0xffffU) { + mgr_log(mgr, ISC_LOG_ERROR, + "avoid-v%s-udp-ports: unable to allocate " + "an available port", + isc_sockaddr_pf(localaddr) == AF_INET ? "4" : "6"); + result = ISC_R_FAILURE; + goto end; + } + *sockp = sock; + +end: + for (i = 0; i < DNS_DISPATCH_HELD; i++) { + if (held[i] != NULL) + isc_socket_detach(&held[i]); + } + + return (result); +} + static isc_result_t dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_taskmgr_t *taskmgr, @@ -1878,10 +2652,7 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_result_t result; dns_dispatch_t *disp; isc_socket_t *sock = NULL; - isc_socket_t *held[DNS_DISPATCH_HELD]; - unsigned int i = 0, j = 0, k = 0; - isc_sockaddr_t localaddr_bound; - in_port_t localport = 0; + int i = 0; /* * dispatch_allocate() checks mgr for us. @@ -1891,75 +2662,55 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, if (result != ISC_R_SUCCESS) return (result); - /* - * Try to allocate a socket that is not on the blacklist. - * Hold up to DNS_DISPATCH_HELD sockets to prevent the OS - * from returning the same port to us too quickly. - */ - memset(held, 0, sizeof(held)); - localaddr_bound = *localaddr; - getsocket: - if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) != 0) { - in_port_t prt; - - /* XXX: should the range be configurable? */ - prt = 1024 + dispatch_arc4uniformrandom(mgr, 65535 - 1023); - isc_sockaddr_setport(&localaddr_bound, prt); - if (blacklisted(mgr, NULL, &localaddr_bound)) { - if (++k == 1024) - attributes &= ~DNS_DISPATCHATTR_RANDOMPORT; - goto getsocket; - } - result = create_socket(sockmgr, &localaddr_bound, &sock); - if (result == ISC_R_ADDRINUSE) { - if (++k == 1024) - attributes &= ~DNS_DISPATCHATTR_RANDOMPORT; - goto getsocket; - } - localport = prt; - } else - result = create_socket(sockmgr, localaddr, &sock); - if (result != ISC_R_SUCCESS) - goto deallocate_dispatch; - if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) == 0 && - isc_sockaddr_getport(localaddr) == 0 && - blacklisted(mgr, sock, NULL)) - { - if (held[i] != NULL) - isc_socket_detach(&held[i]); - held[i++] = sock; - sock = NULL; - if (i == DNS_DISPATCH_HELD) - i = 0; - if (j++ == 0xffffU) { - mgr_log(mgr, ISC_LOG_ERROR, "avoid-v%s-udp-ports: " - "unable to allocate a non-blacklisted port", - isc_sockaddr_pf(localaddr) == AF_INET ? - "4" : "6"); - result = ISC_R_FAILURE; + if ((attributes & DNS_DISPATCHATTR_EXCLUSIVE) == 0) { + result = get_udpsocket(mgr, disp, sockmgr, localaddr, &sock); + if (result != ISC_R_SUCCESS) goto deallocate_dispatch; + } else { + isc_sockaddr_t sa_any; + + /* + * For dispatches using exclusive sockets with a specific + * source address, we only check if the specified address is + * available on the system. Query sockets will be created later + * on demand. + */ + isc_sockaddr_anyofpf(&sa_any, isc_sockaddr_pf(localaddr)); + if (!isc_sockaddr_eqaddr(&sa_any, localaddr)) { + result = open_socket(sockmgr, localaddr, 0, &sock); + if (sock != NULL) + isc_socket_detach(&sock); + if (result != ISC_R_SUCCESS) + goto deallocate_dispatch; } - goto getsocket; } - disp->socktype = isc_sockettype_udp; disp->socket = sock; disp->local = *localaddr; - disp->localport = localport; - disp->task = NULL; - result = isc_task_create(taskmgr, 0, &disp->task); - if (result != ISC_R_SUCCESS) - goto kill_socket; + if ((attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) + disp->ntasks = MAX_INTERNAL_TASKS; + else + disp->ntasks = 1; + for (i = 0; i < disp->ntasks; i++) { + disp->task[i] = NULL; + result = isc_task_create(taskmgr, 0, &disp->task[i]); + if (result != ISC_R_SUCCESS) { + while (--i >= 0) + isc_task_destroy(&disp->task[i]); + goto kill_socket; + } + isc_task_setname(disp->task[i], "udpdispatch", disp); + } disp->ctlevent = isc_event_allocate(mgr->mctx, disp, DNS_EVENT_DISPATCHCONTROL, destroy_disp, disp, sizeof(isc_event_t)); - if (disp->ctlevent == NULL) + if (disp->ctlevent == NULL) { + result = ISC_R_NOMEMORY; goto kill_task; - - isc_task_setname(disp->task, "udpdispatch", disp); + } attributes &= ~DNS_DISPATCHATTR_TCP; attributes |= DNS_DISPATCHATTR_UDP; @@ -1971,26 +2722,25 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, ISC_LIST_APPEND(mgr->list, disp, link); mgr_log(mgr, LVL(90), "created UDP dispatcher %p", disp); - dispatch_log(disp, LVL(90), "created task %p", disp->task); - dispatch_log(disp, LVL(90), "created socket %p", disp->socket); + dispatch_log(disp, LVL(90), "created task %p", disp->task[0]); /* XXX */ + if (disp->socket != NULL) + dispatch_log(disp, LVL(90), "created socket %p", disp->socket); *dispp = disp; - - goto cleanheld; + return (result); /* * Error returns. */ kill_task: - isc_task_detach(&disp->task); + for (i = 0; i < disp->ntasks; i++) + isc_task_detach(&disp->task[i]); kill_socket: - isc_socket_detach(&disp->socket); + if (disp->socket != NULL) + isc_socket_detach(&disp->socket); deallocate_dispatch: dispatch_free(&disp); - cleanheld: - for (i = 0; i < DNS_DISPATCH_HELD; i++) - if (held[i] != NULL) - isc_socket_detach(&held[i]); + return (result); } @@ -2016,6 +2766,7 @@ dns_dispatch_attach(dns_dispatch_t *disp, dns_dispatch_t **dispp) { void dns_dispatch_detach(dns_dispatch_t **dispp) { dns_dispatch_t *disp; + dispsocket_t *dispsock; isc_boolean_t killit; REQUIRE(dispp != NULL && VALID_DISPATCH(*dispp)); @@ -2030,8 +2781,14 @@ dns_dispatch_detach(dns_dispatch_t **dispp) { killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) - isc_socket_cancel(disp->socket, disp->task, + isc_socket_cancel(disp->socket, disp->task[0], + ISC_SOCKCANCEL_RECV); + for (dispsock = ISC_LIST_HEAD(disp->activesockets); + dispsock != NULL; + dispsock = ISC_LIST_NEXT(dispsock, link)) { + isc_socket_cancel(dispsock->socket, dispsock->task, ISC_SOCKCANCEL_RECV); + } disp->shutting_down = 1; } @@ -2040,26 +2797,32 @@ dns_dispatch_detach(dns_dispatch_t **dispp) { killit = destroy_disp_ok(disp); UNLOCK(&disp->lock); if (killit) - isc_task_send(disp->task, &disp->ctlevent); + isc_task_send(disp->task[0], &disp->ctlevent); } isc_result_t -dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, - isc_task_t *task, isc_taskaction_t action, void *arg, - dns_messageid_t *idp, dns_dispentry_t **resp) +dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest, + isc_task_t *task, isc_taskaction_t action, void *arg, + dns_messageid_t *idp, dns_dispentry_t **resp, + isc_socketmgr_t *sockmgr) { dns_dispentry_t *res; unsigned int bucket; + in_port_t localport = 0; dns_messageid_t id; int i; isc_boolean_t ok; dns_qid_t *qid; + dispsocket_t *dispsocket = NULL; + isc_result_t result; REQUIRE(VALID_DISPATCH(disp)); REQUIRE(task != NULL); REQUIRE(dest != NULL); REQUIRE(resp != NULL && *resp == NULL); REQUIRE(idp != NULL); + if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) + REQUIRE(sockmgr != NULL); LOCK(&disp->lock); @@ -2073,23 +2836,78 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, return (ISC_R_QUOTA); } + if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0 && + disp->nsockets > DNS_DISPATCH_SOCKSQUOTA) { + dispsocket_t *oldestsocket; + dns_dispentry_t *oldestresp; + dns_dispatchevent_t *rev; + + /* + * Kill oldest outstanding query if the number of sockets + * exceeds the quota to keep the room for new queries. + */ + oldestsocket = ISC_LIST_HEAD(disp->activesockets); + oldestresp = oldestsocket->resp; + if (oldestresp != NULL && !oldestresp->item_out) { + rev = allocate_event(oldestresp->disp); + if (rev != NULL) { + rev->buffer.base = NULL; + rev->result = ISC_R_CANCELED; + rev->id = oldestresp->id; + ISC_EVENT_INIT(rev, sizeof(*rev), 0, + NULL, DNS_EVENT_DISPATCH, + oldestresp->action, + oldestresp->arg, oldestresp, + NULL, NULL); + oldestresp->item_out = ISC_TRUE; + isc_task_send(oldestresp->task, + ISC_EVENT_PTR(&rev)); + inc_stats(disp->mgr, + dns_resstatscounter_dispabort); + } + } + + /* + * Move this entry to the tail so that it won't (easily) be + * examined before actually being canceled. + */ + ISC_LIST_UNLINK(disp->activesockets, oldestsocket, link); + ISC_LIST_APPEND(disp->activesockets, oldestsocket, link); + } + + qid = DNS_QID(disp); + LOCK(&qid->lock); + + if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) { + /* + * Get a separate UDP socket with a random port number. + */ + result = get_dispsocket(disp, dest, sockmgr, qid, &dispsocket, + &localport); + if (result != ISC_R_SUCCESS) { + UNLOCK(&qid->lock); + UNLOCK(&disp->lock); + inc_stats(disp->mgr, dns_resstatscounter_dispsockfail); + return (result); + } + } else { + localport = disp->localport; + } + /* * Try somewhat hard to find an unique ID. */ - id = (dns_messageid_t)dispatch_arc4random(disp->mgr); - qid = DNS_QID(disp); - LOCK(&qid->lock); - bucket = dns_hash(qid, dest, id, disp->localport); + id = (dns_messageid_t)dispatch_arc4random(DISP_ARC4CTX(disp)); + bucket = dns_hash(qid, dest, id, localport); ok = ISC_FALSE; for (i = 0; i < 64; i++) { - if (bucket_search(qid, dest, id, disp->localport, bucket) == - NULL) { + if (entry_search(qid, dest, id, localport, bucket) == NULL) { ok = ISC_TRUE; break; } id += qid->qid_increment; id &= 0x0000ffff; - bucket = dns_hash(qid, dest, id, disp->localport); + bucket = dns_hash(qid, dest, id, localport); } if (!ok) { @@ -2102,6 +2920,8 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, if (res == NULL) { UNLOCK(&qid->lock); UNLOCK(&disp->lock); + if (dispsocket != NULL) + destroy_dispsocket(disp, &dispsocket); return (ISC_R_NOMEMORY); } @@ -2111,11 +2931,14 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, isc_task_attach(task, &res->task); res->disp = disp; res->id = id; - res->port = disp->localport; + res->port = localport; res->bucket = bucket; res->host = *dest; res->action = action; res->arg = arg; + res->dispsocket = dispsocket; + if (dispsocket != NULL) + dispsocket->resp = res; res->item_out = ISC_FALSE; ISC_LIST_INIT(res->items); ISC_LINK_INIT(res, link); @@ -2127,27 +2950,62 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, "attached to task %p", res->task); if (((disp->attributes & DNS_DISPATCHATTR_UDP) != 0) || - ((disp->attributes & DNS_DISPATCHATTR_CONNECTED) != 0)) - startrecv(disp); + ((disp->attributes & DNS_DISPATCHATTR_CONNECTED) != 0)) { + result = startrecv(disp, dispsocket); + if (result != ISC_R_SUCCESS) { + LOCK(&qid->lock); + ISC_LIST_UNLINK(qid->qid_table[bucket], res, link); + UNLOCK(&qid->lock); + + if (dispsocket != NULL) + destroy_dispsocket(disp, &dispsocket); + + disp->refcount--; + disp->requests--; + + UNLOCK(&disp->lock); + isc_task_detach(&res->task); + isc_mempool_put(disp->mgr->rpool, res); + return (result); + } + } + + if (dispsocket != NULL) + ISC_LIST_APPEND(disp->activesockets, dispsocket, link); UNLOCK(&disp->lock); *idp = id; *resp = res; + if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) + INSIST(res->dispsocket != NULL); + return (ISC_R_SUCCESS); } +isc_result_t +dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, + isc_task_t *task, isc_taskaction_t action, void *arg, + dns_messageid_t *idp, dns_dispentry_t **resp) +{ + REQUIRE(VALID_DISPATCH(disp)); + REQUIRE((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) == 0); + + return (dns_dispatch_addresponse2(disp, dest, task, action, arg, + idp, resp, NULL)); +} + void dns_dispatch_starttcp(dns_dispatch_t *disp) { REQUIRE(VALID_DISPATCH(disp)); - dispatch_log(disp, LVL(90), "starttcp %p", disp->task); + dispatch_log(disp, LVL(90), "starttcp %p", disp->task[0]); LOCK(&disp->lock); disp->attributes |= DNS_DISPATCHATTR_CONNECTED; - startrecv(disp); + (void)startrecv(disp, NULL); UNLOCK(&disp->lock); } @@ -2158,6 +3016,7 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, dns_dispatchmgr_t *mgr; dns_dispatch_t *disp; dns_dispentry_t *res; + dispsocket_t *dispsock; dns_dispatchevent_t *ev; unsigned int bucket; isc_boolean_t killit; @@ -2195,8 +3054,14 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) - isc_socket_cancel(disp->socket, disp->task, + isc_socket_cancel(disp->socket, disp->task[0], ISC_SOCKCANCEL_RECV); + for (dispsock = ISC_LIST_HEAD(disp->activesockets); + dispsock != NULL; + dispsock = ISC_LIST_NEXT(dispsock, link)) { + isc_socket_cancel(dispsock->socket, dispsock->task, + ISC_SOCKCANCEL_RECV); + } disp->shutting_down = 1; } @@ -2232,6 +3097,12 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, request_log(disp, res, LVL(90), "detaching from task %p", res->task); isc_task_detach(&res->task); + if (res->dispsocket != NULL) { + isc_socket_cancel(res->dispsocket->socket, + res->dispsocket->task, ISC_SOCKCANCEL_RECV); + res->dispsocket->resp = NULL; + } + /* * Free any buffered requests as well */ @@ -2248,12 +3119,12 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, if (disp->shutting_down == 1) do_cancel(disp); else - startrecv(disp); + (void)startrecv(disp, NULL); killit = destroy_disp_ok(disp); UNLOCK(&disp->lock); if (killit) - isc_task_send(disp->task, &disp->ctlevent); + isc_task_send(disp->task[0], &disp->ctlevent); } static void @@ -2268,13 +3139,15 @@ do_cancel(dns_dispatch_t *disp) { qid = DNS_QID(disp); /* - * Search for the first response handler without packets outstanding. + * Search for the first response handler without packets outstanding + * unless a specific hander is given. */ LOCK(&qid->lock); for (resp = linear_first(qid); - resp != NULL && resp->item_out != ISC_FALSE; + resp != NULL && resp->item_out; /* Empty. */) resp = linear_next(qid, resp); + /* * No one to send the cancel event to, so nothing to do. */ @@ -2307,6 +3180,16 @@ dns_dispatch_getsocket(dns_dispatch_t *disp) { return (disp->socket); } +isc_socket_t * +dns_dispatch_getentrysocket(dns_dispentry_t *resp) { + REQUIRE(VALID_RESPONSE(resp)); + + if (resp->dispsocket != NULL) + return (resp->dispsocket->socket); + else + return (NULL); +} + isc_result_t dns_dispatch_getlocaladdress(dns_dispatch_t *disp, isc_sockaddr_t *addrp) { @@ -2340,11 +3223,27 @@ dns_dispatch_cancel(dns_dispatch_t *disp) { return; } +unsigned int +dns_dispatch_getattributes(dns_dispatch_t *disp) { + REQUIRE(VALID_DISPATCH(disp)); + + /* + * We don't bother locking disp here; it's the caller's responsibility + * to use only non volatile flags. + */ + return (disp->attributes); +} + void dns_dispatch_changeattributes(dns_dispatch_t *disp, unsigned int attributes, unsigned int mask) { REQUIRE(VALID_DISPATCH(disp)); + /* Exclusive attribute can only be set on creation */ + REQUIRE((attributes & DNS_DISPATCHATTR_EXCLUSIVE) == 0); + /* Also, a dispatch with randomport specified cannot start listening */ + REQUIRE((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) == 0 || + (attributes & DNS_DISPATCHATTR_NOLISTEN) == 0); /* XXXMLG * Should check for valid attributes here! @@ -2356,13 +3255,13 @@ dns_dispatch_changeattributes(dns_dispatch_t *disp, if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) != 0 && (attributes & DNS_DISPATCHATTR_NOLISTEN) == 0) { disp->attributes &= ~DNS_DISPATCHATTR_NOLISTEN; - startrecv(disp); + (void)startrecv(disp, NULL); } else if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) == 0 && (attributes & DNS_DISPATCHATTR_NOLISTEN) != 0) { disp->attributes |= DNS_DISPATCHATTR_NOLISTEN; if (disp->recv_pending != 0) - isc_socket_cancel(disp->socket, disp->task, + isc_socket_cancel(disp->socket, disp->task[0], ISC_SOCKCANCEL_RECV); } } @@ -2386,7 +3285,7 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event) { INSIST(sevent->n <= disp->mgr->buffersize); newsevent = (isc_socketevent_t *) isc_event_allocate(disp->mgr->mctx, NULL, - DNS_EVENT_IMPORTRECVDONE, udp_recv, + DNS_EVENT_IMPORTRECVDONE, udp_shrecv, disp, sizeof(isc_socketevent_t)); if (newsevent == NULL) return; @@ -2405,8 +3304,8 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event) { newsevent->timestamp = sevent->timestamp; newsevent->pktinfo = sevent->pktinfo; newsevent->attributes = sevent->attributes; - - isc_task_send(disp->task, ISC_EVENT_PTR(&newsevent)); + + isc_task_send(disp->task[0], ISC_EVENT_PTR(&newsevent)); } #if 0 diff --git a/contrib/bind-9.5.2/lib/dns/dlz.c b/contrib/bind-9.5.2/lib/dns/dlz.c new file mode 100644 index 0000000000..528cf02faa --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/dlz.c @@ -0,0 +1,510 @@ +/* + * Portions Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlz.c,v 1.5.128.2 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ + +/*** + *** Imports + ***/ + +#include + +#include +#include +#include +#include + + +#include +#include +#include +#include +#include +#include +#include + +/*** + *** Supported DLZ DB Implementations Registry + ***/ + +static ISC_LIST(dns_dlzimplementation_t) dlz_implementations; +static isc_rwlock_t dlz_implock; +static isc_once_t once = ISC_ONCE_INIT; + +static void +dlz_initialize(void) { + RUNTIME_CHECK(isc_rwlock_init(&dlz_implock, 0, 0) == ISC_R_SUCCESS); + ISC_LIST_INIT(dlz_implementations); +} + +/*% + * Searches the dlz_implementations list for a driver matching name. + */ +static inline dns_dlzimplementation_t * +dlz_impfind(const char *name) { + dns_dlzimplementation_t *imp; + + for (imp = ISC_LIST_HEAD(dlz_implementations); + imp != NULL; + imp = ISC_LIST_NEXT(imp, link)) + if (strcasecmp(name, imp->name) == 0) + return (imp); + return (NULL); +} + +/*** + *** Basic DLZ Methods + ***/ + +isc_result_t +dns_dlzallowzonexfr(dns_view_t *view, dns_name_t *name, + isc_sockaddr_t *clientaddr, dns_db_t **dbp) +{ + isc_result_t result; + dns_dlzallowzonexfr_t allowzonexfr; + dns_dlzdb_t *dlzdatabase; + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(DNS_DLZ_VALID(view->dlzdatabase)); + REQUIRE(name != NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + + /* ask driver if the zone is supported */ + dlzdatabase = view->dlzdatabase; + allowzonexfr = dlzdatabase->implementation->methods->allowzonexfr; + result = (*allowzonexfr)(dlzdatabase->implementation->driverarg, + dlzdatabase->dbdata, dlzdatabase->mctx, + view->rdclass, name, clientaddr, dbp); + + if (result == ISC_R_NOTIMPLEMENTED) + return (ISC_R_NOTFOUND); + return (result); +} + +isc_result_t +dns_dlzcreate(isc_mem_t *mctx, const char *dlzname, const char *drivername, + unsigned int argc, char *argv[], dns_dlzdb_t **dbp) +{ + dns_dlzimplementation_t *impinfo; + isc_result_t result; + + /* + * initialize the dlz_implementations list, this is guaranteed + * to only really happen once. + */ + RUNTIME_CHECK(isc_once_do(&once, dlz_initialize) == ISC_R_SUCCESS); + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(dbp != NULL && *dbp == NULL); + REQUIRE(dlzname != NULL); + REQUIRE(drivername != NULL); + REQUIRE(mctx != NULL); + + /* write log message */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_INFO, + "Loading '%s' using driver %s", dlzname, drivername); + + /* lock the dlz_implementations list so we can search it. */ + RWLOCK(&dlz_implock, isc_rwlocktype_read); + + /* search for the driver implementation */ + impinfo = dlz_impfind(drivername); + if (impinfo == NULL) { + RWUNLOCK(&dlz_implock, isc_rwlocktype_read); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_ERROR, + "unsupported DLZ database driver '%s'." + " %s not loaded.", + drivername, dlzname); + + return (ISC_R_NOTFOUND); + } + + /* Allocate memory to hold the DLZ database driver */ + (*dbp) = isc_mem_get(mctx, sizeof(dns_dlzdb_t)); + if ((*dbp) == NULL) { + RWUNLOCK(&dlz_implock, isc_rwlocktype_read); + return (ISC_R_NOMEMORY); + } + + /* Make sure memory region is set to all 0's */ + memset((*dbp), 0, sizeof(dns_dlzdb_t)); + + (*dbp)->implementation = impinfo; + + /* Create a new database using implementation 'drivername'. */ + result = ((impinfo->methods->create)(mctx, dlzname, argc, argv, + impinfo->driverarg, + &(*dbp)->dbdata)); + + /* mark the DLZ driver as valid */ + if (result == ISC_R_SUCCESS) { + RWUNLOCK(&dlz_implock, isc_rwlocktype_read); + (*dbp)->magic = DNS_DLZ_MAGIC; + isc_mem_attach(mctx, &(*dbp)->mctx); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "DLZ driver loaded successfully."); + return (ISC_R_SUCCESS); + } else { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_ERROR, + "DLZ driver failed to load."); + } + + /* impinfo->methods->create failed. */ + RWUNLOCK(&dlz_implock, isc_rwlocktype_read); + isc_mem_put(mctx, (*dbp), sizeof(dns_dlzdb_t)); + return (result); +} + +void +dns_dlzdestroy(dns_dlzdb_t **dbp) { + isc_mem_t *mctx; + dns_dlzdestroy_t destroy; + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Unloading DLZ driver."); + + /* + * Perform checks to make sure data is as we expect it to be. + */ + REQUIRE(dbp != NULL && DNS_DLZ_VALID(*dbp)); + + /* call the drivers destroy method */ + if ((*dbp) != NULL) { + mctx = (*dbp)->mctx; + destroy = (*dbp)->implementation->methods->destroy; + (*destroy)((*dbp)->implementation->driverarg,(*dbp)->dbdata); + /* return memory */ + isc_mem_put(mctx, (*dbp), sizeof(dns_dlzdb_t)); + isc_mem_detach(&mctx); + } + + *dbp = NULL; +} + + +isc_result_t +dns_dlzfindzone(dns_view_t *view, dns_name_t *name, unsigned int minlabels, + dns_db_t **dbp) +{ + dns_fixedname_t fname; + dns_name_t *zonename; + unsigned int namelabels; + unsigned int i; + isc_result_t result; + dns_dlzfindzone_t findzone; + dns_dlzdb_t *dlzdatabase; + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(DNS_DLZ_VALID(view->dlzdatabase)); + REQUIRE(name != NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + + /* setup a "fixed" dns name */ + dns_fixedname_init(&fname); + zonename = dns_fixedname_name(&fname); + + /* count the number of labels in the name */ + namelabels = dns_name_countlabels(name); + + /* + * loop through starting with the longest domain name and + * trying shorter names portions of the name until we find a + * match, have an error, or are below the 'minlabels' + * threshold. minlabels is 0, if the standard database didn't + * have a zone name match. Otherwise minlabels is the number + * of labels in that name. We need to beat that for a + * "better" match for the DLZ database to be authoritative + * instead of the standard database. + */ + for (i = namelabels; i > minlabels && i > 1; i--) { + if (i == namelabels) { + result = dns_name_copy(name, zonename, NULL); + if (result != ISC_R_SUCCESS) + return (result); + } else + dns_name_split(name, i, NULL, zonename); + + /* ask SDLZ driver if the zone is supported */ + dlzdatabase = view->dlzdatabase; + findzone = dlzdatabase->implementation->methods->findzone; + result = (*findzone)(dlzdatabase->implementation->driverarg, + dlzdatabase->dbdata, dlzdatabase->mctx, + view->rdclass, zonename, dbp); + if (result != ISC_R_NOTFOUND) + return (result); + } + return (ISC_R_NOTFOUND); +} + +/*% + * Registers a DLZ driver. This basically just adds the dlz + * driver to the list of available drivers in the dlz_implementations list. + */ +isc_result_t +dns_dlzregister(const char *drivername, const dns_dlzmethods_t *methods, + void *driverarg, isc_mem_t *mctx, + dns_dlzimplementation_t **dlzimp) +{ + + dns_dlzimplementation_t *dlz_imp; + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Registering DLZ driver '%s'", drivername); + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(drivername != NULL); + REQUIRE(methods != NULL); + REQUIRE(methods->create != NULL); + REQUIRE(methods->destroy != NULL); + REQUIRE(methods->findzone != NULL); + REQUIRE(mctx != NULL); + REQUIRE(dlzimp != NULL && *dlzimp == NULL); + + /* + * initialize the dlz_implementations list, this is guaranteed + * to only really happen once. + */ + RUNTIME_CHECK(isc_once_do(&once, dlz_initialize) == ISC_R_SUCCESS); + + /* lock the dlz_implementations list so we can modify it. */ + RWLOCK(&dlz_implock, isc_rwlocktype_write); + + /* + * check that another already registered driver isn't using + * the same name + */ + dlz_imp = dlz_impfind(drivername); + if (dlz_imp != NULL) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "DLZ Driver '%s' already registered", + drivername); + RWUNLOCK(&dlz_implock, isc_rwlocktype_write); + return (ISC_R_EXISTS); + } + + /* + * Allocate memory for a dlz_implementation object. Error if + * we cannot. + */ + dlz_imp = isc_mem_get(mctx, sizeof(dns_dlzimplementation_t)); + if (dlz_imp == NULL) { + RWUNLOCK(&dlz_implock, isc_rwlocktype_write); + return (ISC_R_NOMEMORY); + } + + /* Make sure memory region is set to all 0's */ + memset(dlz_imp, 0, sizeof(dns_dlzimplementation_t)); + + /* Store the data passed into this method */ + dlz_imp->name = drivername; + dlz_imp->methods = methods; + dlz_imp->mctx = NULL; + dlz_imp->driverarg = driverarg; + + /* attach the new dlz_implementation object to a memory context */ + isc_mem_attach(mctx, &dlz_imp->mctx); + + /* + * prepare the dlz_implementation object to be put in a list, + * and append it to the list + */ + ISC_LINK_INIT(dlz_imp, link); + ISC_LIST_APPEND(dlz_implementations, dlz_imp, link); + + /* Unlock the dlz_implementations list. */ + RWUNLOCK(&dlz_implock, isc_rwlocktype_write); + + /* Pass back the dlz_implementation that we created. */ + *dlzimp = dlz_imp; + + return (ISC_R_SUCCESS); +} + +/*% + * Helper function for dns_dlzstrtoargv(). + * Pardon the gratuitous recursion. + */ +static isc_result_t +dns_dlzstrtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, + char ***argvp, unsigned int n) +{ + isc_result_t result; + + restart: + /* Discard leading whitespace. */ + while (*s == ' ' || *s == '\t') + s++; + + if (*s == '\0') { + /* We have reached the end of the string. */ + *argcp = n; + *argvp = isc_mem_get(mctx, n * sizeof(char *)); + if (*argvp == NULL) + return (ISC_R_NOMEMORY); + } else { + char *p = s; + while (*p != ' ' && *p != '\t' && *p != '\0' && *p != '{') { + if (*p == '\n') { + *p = ' '; + goto restart; + } + p++; + } + + /* do "grouping", items between { and } are one arg */ + if (*p == '{') { + char *t = p; + /* + * shift all characters to left by 1 to get rid of '{' + */ + while (*t != '\0') { + t++; + *(t-1) = *t; + } + while (*p != '\0' && *p != '}') { + p++; + } + /* get rid of '}' character */ + if (*p == '}') { + *p = '\0'; + p++; + } + /* normal case, no "grouping" */ + } else if (*p != '\0') + *p++ = '\0'; + + result = dns_dlzstrtoargvsub(mctx, p, argcp, argvp, n + 1); + if (result != ISC_R_SUCCESS) + return (result); + (*argvp)[n] = s; + } + return (ISC_R_SUCCESS); +} + +/*% + * Tokenize the string "s" into whitespace-separated words, + * return the number of words in '*argcp' and an array + * of pointers to the words in '*argvp'. The caller + * must free the array using isc_mem_put(). The string + * is modified in-place. + */ +isc_result_t +dns_dlzstrtoargv(isc_mem_t *mctx, char *s, + unsigned int *argcp, char ***argvp) +{ + return(dns_dlzstrtoargvsub(mctx, s, argcp, argvp, 0)); +} + +/*% + * Unregisters a DLZ driver. This basically just removes the dlz + * driver from the list of available drivers in the dlz_implementations list. + */ +void +dns_dlzunregister(dns_dlzimplementation_t **dlzimp) { + dns_dlzimplementation_t *dlz_imp; + isc_mem_t *mctx; + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Unregistering DLZ driver."); + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(dlzimp != NULL && *dlzimp != NULL); + + /* + * initialize the dlz_implementations list, this is guaranteed + * to only really happen once. + */ + RUNTIME_CHECK(isc_once_do(&once, dlz_initialize) == ISC_R_SUCCESS); + + dlz_imp = *dlzimp; + + /* lock the dlz_implementations list so we can modify it. */ + RWLOCK(&dlz_implock, isc_rwlocktype_write); + + /* remove the dlz_implementation object from the list */ + ISC_LIST_UNLINK(dlz_implementations, dlz_imp, link); + mctx = dlz_imp->mctx; + + /* + * return the memory back to the available memory pool and + * remove it from the memory context. + */ + isc_mem_put(mctx, dlz_imp, sizeof(dns_dlzimplementation_t)); + isc_mem_detach(&mctx); + + /* Unlock the dlz_implementations list. */ + RWUNLOCK(&dlz_implock, isc_rwlocktype_write); +} diff --git a/contrib/bind-9.3/lib/dns/dnssec.c b/contrib/bind-9.5.2/lib/dns/dnssec.c similarity index 92% rename from contrib/bind-9.3/lib/dns/dnssec.c rename to contrib/bind-9.5.2/lib/dns/dnssec.c index 91f7a99fe9..a18df93942 100644 --- a/contrib/bind-9.3/lib/dns/dnssec.c +++ b/contrib/bind-9.5.2/lib/dns/dnssec.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,9 +16,10 @@ */ /* - * $Id: dnssec.c,v 1.69.2.5.2.9 2006/01/04 23:50:20 marka Exp $ + * $Id: dnssec.c,v 1.91.58.2 2008/11/14 23:46:41 tbox Exp $ */ +/*! \file */ #include @@ -365,6 +366,9 @@ dns_dnssec_verify2(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, if (ret != ISC_R_SUCCESS) return (ret); + if (set->type != sig.covered) + return (DNS_R_SIGINVALID); + if (isc_serial_lt(sig.timeexpire, sig.timesigned)) return (DNS_R_SIGINVALID); @@ -380,6 +384,27 @@ dns_dnssec_verify2(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, return (DNS_R_SIGEXPIRED); } + /* + * NS, SOA and DNSSKEY records are signed by their owner. + * DS records are signed by the parent. + */ + switch (set->type) { + case dns_rdatatype_ns: + case dns_rdatatype_soa: + case dns_rdatatype_dnskey: + if (!dns_name_equal(name, &sig.signer)) + return (DNS_R_SIGINVALID); + break; + case dns_rdatatype_ds: + if (dns_name_equal(name, &sig.signer)) + return (DNS_R_SIGINVALID); + /* FALLTHROUGH */ + default: + if (!dns_name_issubdomain(name, &sig.signer)) + return (DNS_R_SIGINVALID); + break; + } + /* * Is the key allowed to sign data? */ @@ -405,16 +430,11 @@ dns_dnssec_verify2(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, */ dns_fixedname_init(&fnewname); labels = dns_name_countlabels(name) - 1; - if (labels - sig.labels > 0) { - dns_name_split(name, sig.labels + 1, NULL, - dns_fixedname_name(&fnewname)); - RUNTIME_CHECK(dns_name_downcase(dns_fixedname_name(&fnewname), - dns_fixedname_name(&fnewname), - NULL) - == ISC_R_SUCCESS); - } - else - dns_name_downcase(name, dns_fixedname_name(&fnewname), NULL); + RUNTIME_CHECK(dns_name_downcase(name, dns_fixedname_name(&fnewname), + NULL) == ISC_R_SUCCESS); + if (labels - sig.labels > 0) + dns_name_split(dns_fixedname_name(&fnewname), sig.labels + 1, + NULL, dns_fixedname_name(&fnewname)); dns_name_toregion(dns_fixedname_name(&fnewname), &r); @@ -491,9 +511,9 @@ cleanup_struct: dns_rdata_freestruct(&sig); if (ret == ISC_R_SUCCESS && labels - sig.labels > 0) { - if (wild != NULL) + if (wild != NULL) RUNTIME_CHECK(dns_name_concatenate(dns_wildcardname, - dns_fixedname_name(&fnewname), + dns_fixedname_name(&fnewname), wild, NULL) == ISC_R_SUCCESS); ret = DNS_R_FROMWILDCARD; } @@ -519,10 +539,10 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, isc_result_t dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, - dns_dbnode_t *node, dns_name_t *name, - const char *directory, isc_mem_t *mctx, - unsigned int maxkeys, dst_key_t **keys, - unsigned int *nkeys) + dns_dbnode_t *node, dns_name_t *name, + const char *directory, isc_mem_t *mctx, + unsigned int maxkeys, dst_key_t **keys, + unsigned int *nkeys) { dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; @@ -530,6 +550,9 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, dst_key_t *pubkey = NULL; unsigned int count = 0; + REQUIRE(nkeys != NULL); + REQUIRE(keys != NULL); + *nkeys = 0; dns_rdataset_init(&rdataset); RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0, @@ -539,7 +562,11 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, pubkey = NULL; dns_rdataset_current(&rdataset, &rdata); RETERR(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey)); - if (!is_zone_key(pubkey)) + if (!is_zone_key(pubkey) || + (dst_key_flags(pubkey) & DNS_KEYTYPE_NOAUTH) != 0) + goto next; + /* Corrupted .key file? */ + if (!dns_name_equal(name, dst_key_name(pubkey))) goto next; keys[count] = NULL; result = dst_key_fromfile(dst_key_name(pubkey), @@ -548,17 +575,23 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, directory, mctx, &keys[count]); - if (result == ISC_R_FILENOTFOUND) + if (result == ISC_R_FILENOTFOUND) { + keys[count] = pubkey; + pubkey = NULL; + count++; goto next; + } if (result != ISC_R_SUCCESS) goto failure; if ((dst_key_flags(keys[count]) & DNS_KEYTYPE_NOAUTH) != 0) { + /* We should never get here. */ dst_key_free(&keys[count]); goto next; } count++; next: - dst_key_free(&pubkey); + if (pubkey != NULL) + dst_key_free(&pubkey); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rdataset); } @@ -574,6 +607,9 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, dns_rdataset_disassociate(&rdataset); if (pubkey != NULL) dst_key_free(&pubkey); + if (result != ISC_R_SUCCESS) + while (count > 0) + dst_key_free(&keys[--count]); *nkeys = count; return (result); } @@ -793,7 +829,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, RETERR(dst_context_create(key, mctx, &ctx)); /* - * Digest the SIG(0) record, except for the signature. + * Digest the SIG(0) record, except for the signature. */ dns_rdata_toregion(&rdata, &r); r.length -= sig.siglen; diff --git a/contrib/bind-9.3/lib/dns/ds.c b/contrib/bind-9.5.2/lib/dns/ds.c similarity index 60% rename from contrib/bind-9.3/lib/dns/ds.c rename to contrib/bind-9.5.2/lib/dns/ds.c index b0ca523407..e994cc560c 100644 --- a/contrib/bind-9.3/lib/dns/ds.c +++ b/contrib/bind-9.5.2/lib/dns/ds.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ds.c,v 1.4.2.1 2004/03/08 02:07:53 marka Exp $ */ +/* $Id: ds.c,v 1.11 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -24,6 +26,7 @@ #include #include #include +#include #include #include @@ -40,10 +43,9 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, unsigned int digest_type, unsigned char *buffer, dns_rdata_t *rdata) { - isc_sha1_t sha1; dns_fixedname_t fname; dns_name_t *name; - unsigned char digest[ISC_SHA1_DIGESTLENGTH]; + unsigned char digest[ISC_SHA256_DIGESTLENGTH]; isc_region_t r; isc_buffer_t b; dns_rdata_ds_t ds; @@ -51,7 +53,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, REQUIRE(key != NULL); REQUIRE(key->type == dns_rdatatype_dnskey); - if (digest_type != DNS_DSDIGEST_SHA1) + if (!dns_ds_digest_supported(digest_type)) return (ISC_R_NOTIMPLEMENTED); dns_fixedname_init(&fname); @@ -61,23 +63,42 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, memset(buffer, 0, DNS_DS_BUFFERSIZE); isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE); - isc_sha1_init(&sha1); - dns_name_toregion(name, &r); - isc_sha1_update(&sha1, r.base, r.length); - dns_rdata_toregion(key, &r); - INSIST(r.length >= 4); - isc_sha1_update(&sha1, r.base, r.length); - isc_sha1_final(&sha1, digest); + if (digest_type == DNS_DSDIGEST_SHA1) { + isc_sha1_t sha1; + isc_sha1_init(&sha1); + dns_name_toregion(name, &r); + isc_sha1_update(&sha1, r.base, r.length); + dns_rdata_toregion(key, &r); + INSIST(r.length >= 4); + isc_sha1_update(&sha1, r.base, r.length); + isc_sha1_final(&sha1, digest); + } else { + isc_sha256_t sha256; + isc_sha256_init(&sha256); + dns_name_toregion(name, &r); + isc_sha256_update(&sha256, r.base, r.length); + dns_rdata_toregion(key, &r); + INSIST(r.length >= 4); + isc_sha256_update(&sha256, r.base, r.length); + isc_sha256_final(digest, &sha256); + } ds.mctx = NULL; ds.common.rdclass = key->rdclass; ds.common.rdtype = dns_rdatatype_ds; ds.algorithm = r.base[3]; ds.key_tag = dst_region_computeid(&r, ds.algorithm); - ds.digest_type = DNS_DSDIGEST_SHA1; - ds.length = ISC_SHA1_DIGESTLENGTH; + ds.digest_type = digest_type; + ds.length = (digest_type == DNS_DSDIGEST_SHA1) ? + ISC_SHA1_DIGESTLENGTH : ISC_SHA256_DIGESTLENGTH; ds.digest = digest; return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds, &ds, &b)); } + +isc_boolean_t +dns_ds_digest_supported(unsigned int digest_type) { + return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 || + digest_type == DNS_DSDIGEST_SHA256)); +} diff --git a/contrib/bind-9.3/lib/dns/dst_api.c b/contrib/bind-9.5.2/lib/dns/dst_api.c similarity index 88% rename from contrib/bind-9.3/lib/dns/dst_api.c rename to contrib/bind-9.5.2/lib/dns/dst_api.c index b7b03e6ef2..31bac79361 100644 --- a/contrib/bind-9.3/lib/dns/dst_api.c +++ b/contrib/bind-9.5.2/lib/dns/dst_api.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +31,11 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.1.4.3 2006/01/04 23:50:20 marka Exp $ + * $Id: dst_api.c,v 1.11.92.7 2009/07/29 23:55:00 each Exp $ */ +/*! \file */ + #include #include @@ -29,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -57,6 +73,8 @@ static isc_entropy_t *dst_entropy_pool = NULL; static unsigned int dst_entropy_flags = 0; static isc_boolean_t dst_initialized = ISC_FALSE; +void gss_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3); + isc_mem_t *dst__memory_pool = NULL; /* @@ -69,10 +87,6 @@ static dst_key_t * get_key_struct(dns_name_t *name, unsigned int bits, dns_rdataclass_t rdclass, isc_mem_t *mctx); -static isc_result_t read_public_key(const char *filename, - int type, - isc_mem_t *mctx, - dst_key_t **keyp); static isc_result_t write_public_key(const dst_key_t *key, int type, const char *directory); static isc_result_t buildfilename(dns_name_t *name, @@ -111,6 +125,22 @@ static isc_result_t addsuffix(char *filename, unsigned int len, return (_r); \ } while (0); \ +#ifdef OPENSSL +static void * +default_memalloc(void *arg, size_t size) { + UNUSED(arg); + if (size == 0U) + size = 1; + return (malloc(size)); +} + +static void +default_memfree(void *arg, void *ptr) { + UNUSED(arg); + free(ptr); +} +#endif + isc_result_t dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) { isc_result_t result; @@ -126,11 +156,15 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) { * When using --with-openssl, there seems to be no good way of not * leaking memory due to the openssl error handling mechanism. * Avoid assertions by using a local memory context and not checking - * for leaks on exit. + * for leaks on exit. Note: as there are leaks we cannot use + * ISC_MEMFLAG_INTERNAL as it will free up memory still being used + * by libcrypto. */ - result = isc_mem_create(0, 0, &dst__memory_pool); + result = isc_mem_createx2(0, 0, default_memalloc, default_memfree, + NULL, &dst__memory_pool, 0); if (result != ISC_R_SUCCESS) return (result); + isc_mem_setname(dst__memory_pool, "dst", NULL); isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE); #else isc_mem_attach(mctx, &dst__memory_pool); @@ -142,6 +176,11 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) { memset(dst_t_func, 0, sizeof(dst_t_func)); RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5])); + RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1])); + RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224])); + RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256])); + RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384])); + RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512])); #ifdef OPENSSL RETERR(dst__openssl_init()); RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5])); @@ -202,7 +241,7 @@ dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) { if (key->func->createctx == NULL) return (DST_R_UNSUPPORTEDALG); - if (key->opaque == NULL) + if (key->keydata.generic == NULL) return (DST_R_NULLKEY); dctx = isc_mem_get(mctx, sizeof(dst_context_t)); @@ -252,7 +291,7 @@ dst_context_sign(dst_context_t *dctx, isc_buffer_t *sig) { key = dctx->key; CHECKALG(key->key_alg); - if (key->opaque == NULL) + if (key->keydata.generic == NULL) return (DST_R_NULLKEY); if (key->func->sign == NULL) return (DST_R_NOTPRIVATEKEY); @@ -269,7 +308,7 @@ dst_context_verify(dst_context_t *dctx, isc_region_t *sig) { REQUIRE(sig != NULL); CHECKALG(dctx->key->key_alg); - if (dctx->key->opaque == NULL) + if (dctx->key->keydata.generic == NULL) return (DST_R_NULLKEY); if (dctx->key->func->verify == NULL) return (DST_R_NOTPUBLICKEY); @@ -288,7 +327,7 @@ dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, CHECKALG(pub->key_alg); CHECKALG(priv->key_alg); - if (pub->opaque == NULL || priv->opaque == NULL) + if (pub->keydata.generic == NULL || priv->keydata.generic == NULL) return (DST_R_NULLKEY); if (pub->key_alg != priv->key_alg || @@ -362,10 +401,8 @@ dst_key_fromfile(dns_name_t *name, dns_keytag_t id, return (result); } - if (!dns_name_equal(name, key->key_name) || - id != key->key_id || - alg != key->key_alg) - { + if (!dns_name_equal(name, key->key_name) || id != key->key_id || + alg != key->key_alg) { dst_key_free(&key); return (DST_R_INVALIDPRIVATEKEY); } @@ -392,13 +429,21 @@ dst_key_fromnamedfile(const char *filename, int type, isc_mem_t *mctx, REQUIRE(mctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); - result = read_public_key(filename, type, mctx, &pubkey); + newfilenamelen = strlen(filename) + 5; + newfilename = isc_mem_get(mctx, newfilenamelen); + if (newfilename == NULL) + return (ISC_R_NOMEMORY); + result = addsuffix(newfilename, newfilenamelen, filename, ".key"); + INSIST(result == ISC_R_SUCCESS); + + result = dst_key_read_public(newfilename, type, mctx, &pubkey); + isc_mem_put(mctx, newfilename, newfilenamelen); + newfilename = NULL; if (result != ISC_R_SUCCESS) return (result); if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC || - (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) - { + (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { result = computeid(pubkey); if (result != ISC_R_SUCCESS) { dst_key_free(&pubkey); @@ -482,7 +527,7 @@ dst_key_todns(const dst_key_t *key, isc_buffer_t *target) { & 0xffff)); } - if (key->opaque == NULL) /* NULL KEY */ + if (key->keydata.generic == NULL) /*%< NULL KEY */ return (ISC_R_SUCCESS); return (key->func->todns(key, target)); @@ -590,20 +635,29 @@ dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) { return (result); } +gss_ctx_id_t +dst_key_getgssctx(const dst_key_t *key) +{ + REQUIRE(key != NULL); + + return (key->keydata.gssctx); +} + isc_result_t -dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx, +dst_key_fromgssapi(dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx, dst_key_t **keyp) { dst_key_t *key; - REQUIRE(opaque != NULL); + REQUIRE(gssctx != NULL); REQUIRE(keyp != NULL && *keyp == NULL); key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC, 0, dns_rdataclass_in, mctx); if (key == NULL) return (ISC_R_NOMEMORY); - key->opaque = opaque; + + key->keydata.gssctx = gssctx; *keyp = key; return (ISC_R_SUCCESS); } @@ -629,7 +683,7 @@ dst_key_generate(dns_name_t *name, unsigned int alg, if (key == NULL) return (ISC_R_NOMEMORY); - if (bits == 0) { /* NULL KEY */ + if (bits == 0) { /*%< NULL KEY */ key->key_flags |= DNS_KEYTYPE_NOKEY; *keyp = key; return (ISC_R_SUCCESS); @@ -704,7 +758,7 @@ dst_key_free(dst_key_t **keyp) { key = *keyp; mctx = key->mctx; - if (key->opaque != NULL) { + if (key->keydata.generic != NULL) { INSIST(key->func->destroy != NULL); key->func->destroy(key); } @@ -753,8 +807,23 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) { case DST_ALG_HMACMD5: *n = 16; break; + case DST_ALG_HMACSHA1: + *n = ISC_SHA1_DIGESTLENGTH; + break; + case DST_ALG_HMACSHA224: + *n = ISC_SHA224_DIGESTLENGTH; + break; + case DST_ALG_HMACSHA256: + *n = ISC_SHA256_DIGESTLENGTH; + break; + case DST_ALG_HMACSHA384: + *n = ISC_SHA384_DIGESTLENGTH; + break; + case DST_ALG_HMACSHA512: + *n = ISC_SHA512_DIGESTLENGTH; + break; case DST_ALG_GSSAPI: - *n = 128; /* XXX */ + *n = 128; /*%< XXX */ break; case DST_ALG_DH: default: @@ -780,7 +849,7 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) { *** Static methods ***/ -/* +/*% * Allocates a key structure and fills in some of the fields. */ static dst_key_t * @@ -815,19 +884,19 @@ get_key_struct(dns_name_t *name, unsigned int alg, key->key_flags = flags; key->key_proto = protocol; key->mctx = mctx; - key->opaque = NULL; + key->keydata.generic = NULL; key->key_size = bits; key->key_class = rdclass; key->func = dst_t_func[alg]; return (key); } -/* +/*% * Reads a public key from disk */ -static isc_result_t -read_public_key(const char *filename, int type, - isc_mem_t *mctx, dst_key_t **keyp) +isc_result_t +dst_key_read_public(const char *filename, int type, + isc_mem_t *mctx, dst_key_t **keyp) { u_char rdatabuf[DST_KEY_MAXSIZE]; isc_buffer_t b; @@ -837,25 +906,16 @@ read_public_key(const char *filename, int type, isc_result_t ret; dns_rdata_t rdata = DNS_RDATA_INIT; unsigned int opt = ISC_LEXOPT_DNSMULTILINE; - char *newfilename; - unsigned int newfilenamelen; dns_rdataclass_t rdclass = dns_rdataclass_in; isc_lexspecials_t specials; isc_uint32_t ttl; isc_result_t result; dns_rdatatype_t keytype; - newfilenamelen = strlen(filename) + 5; - newfilename = isc_mem_get(mctx, newfilenamelen); - if (newfilename == NULL) - return (ISC_R_NOMEMORY); - ret = addsuffix(newfilename, newfilenamelen, filename, ".key"); - INSIST(ret == ISC_R_SUCCESS); - /* * Open the file and read its formatted contents * File format: - * domain.name [ttl] [class] KEY + * domain.name [ttl] [class] [KEY|DNSKEY] */ /* 1500 should be large enough for any key */ @@ -870,7 +930,7 @@ read_public_key(const char *filename, int type, isc_lex_setspecials(lex, specials); isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); - ret = isc_lex_openfile(lex, newfilename); + ret = isc_lex_openfile(lex, filename); if (ret != ISC_R_SUCCESS) goto cleanup; @@ -889,6 +949,13 @@ read_public_key(const char *filename, int type, NEXTTOKEN(lex, opt, &token); if (token.type != isc_tokentype_string) BADTOKEN(); + + /* + * We don't support "@" in .key files. + */ + if (!strcmp(DST_AS_STR(token), "@")) + BADTOKEN(); + dns_fixedname_init(&name); isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token))); isc_buffer_add(&b, strlen(DST_AS_STR(token))); @@ -900,6 +967,9 @@ read_public_key(const char *filename, int type, /* Read the next word: either TTL, class, or 'KEY' */ NEXTTOKEN(lex, opt, &token); + if (token.type != isc_tokentype_string) + BADTOKEN(); + /* If it's a TTL, read the next one */ result = dns_ttl_fromtext(&token.value.as_textregion, &ttl); if (result == ISC_R_SUCCESS) @@ -918,7 +988,7 @@ read_public_key(const char *filename, int type, if (strcasecmp(DST_AS_STR(token), "DNSKEY") == 0) keytype = dns_rdatatype_dnskey; else if (strcasecmp(DST_AS_STR(token), "KEY") == 0) - keytype = dns_rdatatype_key; /* SIG(0), TKEY */ + keytype = dns_rdatatype_key; /*%< SIG(0), TKEY */ else BADTOKEN(); @@ -942,8 +1012,6 @@ read_public_key(const char *filename, int type, cleanup: if (lex != NULL) isc_lex_destroy(&lex); - isc_mem_put(mctx, newfilename, newfilenamelen); - return (ret); } @@ -967,7 +1035,7 @@ issymmetric(const dst_key_t *key) { } } -/* +/*% * Writes a public key to disk in DNS format. */ static isc_result_t @@ -1046,9 +1114,12 @@ write_public_key(const dst_key_t *key, int type, const char *directory) { fwrite(r.base, 1, r.length, fp); fputc('\n', fp); + fflush(fp); + if (ferror(fp)) + ret = DST_R_WRITEERROR; fclose(fp); - return (ISC_R_SUCCESS); + return (ret); } static isc_result_t @@ -1082,8 +1153,10 @@ buildfilename(dns_name_t *name, dns_keytag_t id, len = 1 + 3 + 1 + 5 + strlen(suffix) + 1; if (isc_buffer_availablelength(out) < len) return (ISC_R_NOSPACE); - sprintf((char *) isc_buffer_used(out), "+%03d+%05d%s", alg, id, suffix); + sprintf((char *) isc_buffer_used(out), "+%03d+%05d%s", alg, id, + suffix); isc_buffer_add(out, len); + return (ISC_R_SUCCESS); } @@ -1185,3 +1258,8 @@ dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) { flags &= ~ISC_ENTROPY_GOODONLY; return (isc_entropy_getdata(dst_entropy_pool, buf, len, NULL, flags)); } + +unsigned int +dst__entropy_status(void) { + return (isc_entropy_status(dst_entropy_pool)); +} diff --git a/contrib/bind-9.3/lib/dns/dst_internal.h b/contrib/bind-9.5.2/lib/dns/dst_internal.h similarity index 51% rename from contrib/bind-9.3/lib/dns/dst_internal.h rename to contrib/bind-9.5.2/lib/dns/dst_internal.h index 982eb6d229..ecbcedaff2 100644 --- a/contrib/bind-9.3/lib/dns/dst_internal.h +++ b/contrib/bind-9.5.2/lib/dns/dst_internal.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2000-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_internal.h,v 1.1.4.1 2004/12/09 04:07:16 marka Exp $ */ +/* $Id: dst_internal.h,v 1.9 2007/08/28 07:20:42 tbox Exp $ */ #ifndef DST_DST_INTERNAL_H #define DST_DST_INTERNAL_H 1 @@ -27,9 +40,21 @@ #include #include #include +#include +#include +#include +#include #include +#ifdef OPENSSL +#include +#include +#include +#include +#include +#endif + ISC_LANG_BEGINDECLS #define KEY_MAGIC ISC_MAGIC('D','S','T','K') @@ -46,25 +71,60 @@ extern isc_mem_t *dst__memory_pool; typedef struct dst_func dst_func_t; +typedef struct dst_hmacmd5_key dst_hmacmd5_key_t; +typedef struct dst_hmacsha1_key dst_hmacsha1_key_t; +typedef struct dst_hmacsha224_key dst_hmacsha224_key_t; +typedef struct dst_hmacsha256_key dst_hmacsha256_key_t; +typedef struct dst_hmacsha384_key dst_hmacsha384_key_t; +typedef struct dst_hmacsha512_key dst_hmacsha512_key_t; + +/*% DST Key Structure */ struct dst_key { unsigned int magic; - dns_name_t * key_name; /* name of the key */ - unsigned int key_size; /* size of the key in bits */ - unsigned int key_proto; /* protocols this key is used for */ - unsigned int key_alg; /* algorithm of the key */ - isc_uint32_t key_flags; /* flags of the public key */ - isc_uint16_t key_id; /* identifier of the key */ - dns_rdataclass_t key_class; /* class of the key record */ - isc_mem_t *mctx; /* memory context */ - void * opaque; /* pointer to key in crypto pkg fmt */ - dst_func_t * func; /* crypto package specific functions */ + dns_name_t * key_name; /*%< name of the key */ + unsigned int key_size; /*%< size of the key in bits */ + unsigned int key_proto; /*%< protocols this key is used for */ + unsigned int key_alg; /*%< algorithm of the key */ + isc_uint32_t key_flags; /*%< flags of the public key */ + isc_uint16_t key_id; /*%< identifier of the key */ + isc_uint16_t key_bits; /*%< hmac digest bits */ + dns_rdataclass_t key_class; /*%< class of the key record */ + isc_mem_t *mctx; /*%< memory context */ + union { + void *generic; + gss_ctx_id_t gssctx; +#ifdef OPENSSL + RSA *rsa; + DSA *dsa; + DH *dh; +#endif + dst_hmacmd5_key_t *hmacmd5; + dst_hmacsha1_key_t *hmacsha1; + dst_hmacsha224_key_t *hmacsha224; + dst_hmacsha256_key_t *hmacsha256; + dst_hmacsha384_key_t *hmacsha384; + dst_hmacsha512_key_t *hmacsha512; + + } keydata; /*%< pointer to key in crypto pkg fmt */ + dst_func_t * func; /*%< crypto package specific functions */ }; struct dst_context { unsigned int magic; dst_key_t *key; isc_mem_t *mctx; - void *opaque; + union { + void *generic; + dst_gssapi_signverifyctx_t *gssctx; + isc_md5_t *md5ctx; + isc_sha1_t *sha1ctx; + isc_hmacmd5_t *hmacmd5ctx; + isc_hmacsha1_t *hmacsha1ctx; + isc_hmacsha224_t *hmacsha224ctx; + isc_hmacsha256_t *hmacsha256ctx; + isc_hmacsha384_t *hmacsha384ctx; + isc_hmacsha512_t *hmacsha512ctx; + } ctxdata; }; struct dst_func { @@ -100,35 +160,46 @@ struct dst_func { void (*cleanup)(void); }; -/* +/*% * Initializers */ isc_result_t dst__openssl_init(void); isc_result_t dst__hmacmd5_init(struct dst_func **funcp); +isc_result_t dst__hmacsha1_init(struct dst_func **funcp); +isc_result_t dst__hmacsha224_init(struct dst_func **funcp); +isc_result_t dst__hmacsha256_init(struct dst_func **funcp); +isc_result_t dst__hmacsha384_init(struct dst_func **funcp); +isc_result_t dst__hmacsha512_init(struct dst_func **funcp); isc_result_t dst__opensslrsa_init(struct dst_func **funcp); isc_result_t dst__openssldsa_init(struct dst_func **funcp); isc_result_t dst__openssldh_init(struct dst_func **funcp); isc_result_t dst__gssapi_init(struct dst_func **funcp); -/* +/*% * Destructors */ void dst__openssl_destroy(void); -/* +/*% * Memory allocators using the DST memory pool. */ void * dst__mem_alloc(size_t size); void dst__mem_free(void *ptr); void * dst__mem_realloc(void *ptr, size_t size); -/* +/*% * Entropy retriever using the DST entropy pool. */ isc_result_t dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo); +/* + * Entropy status hook. + */ +unsigned int dst__entropy_status(void); + ISC_LANG_ENDDECLS #endif /* DST_DST_INTERNAL_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/dst_lib.c b/contrib/bind-9.5.2/lib/dns/dst_lib.c similarity index 86% rename from contrib/bind-9.3/lib/dns/dst_lib.c rename to contrib/bind-9.5.2/lib/dns/dst_lib.c index 8046110435..f1021d338d 100644 --- a/contrib/bind-9.3/lib/dns/dst_lib.c +++ b/contrib/bind-9.5.2/lib/dns/dst_lib.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -17,9 +17,11 @@ /* * Principal Author: Brian Wellington - * $Id: dst_lib.c,v 1.1.4.1 2004/12/09 04:07:16 marka Exp $ + * $Id: dst_lib.c,v 1.5 2007/06/19 23:47:16 tbox Exp $ */ +/*! \file */ + #include #include diff --git a/contrib/bind-9.3/lib/dns/dst_openssl.h b/contrib/bind-9.5.2/lib/dns/dst_openssl.h similarity index 80% copy from contrib/bind-9.3/lib/dns/dst_openssl.h copy to contrib/bind-9.5.2/lib/dns/dst_openssl.h index 8dbc35073b..d0e595a153 100644 --- a/contrib/bind-9.3/lib/dns/dst_openssl.h +++ b/contrib/bind-9.5.2/lib/dns/dst_openssl.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_openssl.h,v 1.1.2.1 2004/12/09 04:07:17 marka Exp $ */ +/* $Id: dst_openssl.h,v 1.5 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DST_OPENSSL_H #define DST_OPENSSL_H 1 @@ -31,3 +31,4 @@ dst__openssl_toresult(isc_result_t fallback); ISC_LANG_ENDDECLS #endif /* DST_OPENSSL_H */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/dst_parse.c b/contrib/bind-9.5.2/lib/dns/dst_parse.c similarity index 72% rename from contrib/bind-9.3/lib/dns/dst_parse.c rename to contrib/bind-9.5.2/lib/dns/dst_parse.c index d34aeca9b5..83910aa648 100644 --- a/contrib/bind-9.3/lib/dns/dst_parse.c +++ b/contrib/bind-9.5.2/lib/dns/dst_parse.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,9 +29,9 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* +/*% * Principal Author: Brian Wellington - * $Id: dst_parse.c,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $ + * $Id: dst_parse.c,v 1.10.92.4 2009/03/02 23:46:31 tbox Exp $ */ #include @@ -67,6 +80,23 @@ static struct parse_map map[] = { {TAG_DSA_PUBLIC, "Public_value(y):"}, {TAG_HMACMD5_KEY, "Key:"}, + {TAG_HMACMD5_BITS, "Bits:"}, + + {TAG_HMACSHA1_KEY, "Key:"}, + {TAG_HMACSHA1_BITS, "Bits:"}, + + {TAG_HMACSHA224_KEY, "Key:"}, + {TAG_HMACSHA224_BITS, "Bits:"}, + + {TAG_HMACSHA256_KEY, "Key:"}, + {TAG_HMACSHA256_BITS, "Bits:"}, + + {TAG_HMACSHA384_KEY, "Key:"}, + {TAG_HMACSHA384_BITS, "Bits:"}, + + {TAG_HMACSHA512_KEY, "Key:"}, + {TAG_HMACSHA512_BITS, "Bits:"}, + {0, NULL} }; @@ -141,16 +171,53 @@ check_dsa(const dst_private_t *priv) { } static int -check_hmac_md5(const dst_private_t *priv) { - if (priv->nelements != HMACMD5_NTAGS) +check_hmac_md5(const dst_private_t *priv, isc_boolean_t old) { + int i, j; + + if (priv->nelements != HMACMD5_NTAGS) { + /* + * If this is a good old format and we are accepting + * the old format return success. + */ + if (old && priv->nelements == OLD_HMACMD5_NTAGS && + priv->elements[0].tag == TAG_HMACMD5_KEY) + return (0); return (-1); - if (priv->elements[0].tag != TAG_HMACMD5_KEY) + } + /* + * We must be new format at this point. + */ + for (i = 0; i < HMACMD5_NTAGS; i++) { + for (j = 0; j < priv->nelements; j++) + if (priv->elements[j].tag == TAG(DST_ALG_HMACMD5, i)) + break; + if (j == priv->nelements) + return (-1); + } + return (0); +} + +static int +check_hmac_sha(const dst_private_t *priv, unsigned int ntags, + unsigned int alg) +{ + unsigned int i, j; + if (priv->nelements != ntags) return (-1); + for (i = 0; i < ntags; i++) { + for (j = 0; j < priv->nelements; j++) + if (priv->elements[j].tag == TAG(alg, i)) + break; + if (j == priv->nelements) + return (-1); + } return (0); } static int -check_data(const dst_private_t *priv, const unsigned int alg) { +check_data(const dst_private_t *priv, const unsigned int alg, + isc_boolean_t old) +{ /* XXXVIX this switch statement is too sparse to gen a jump table. */ switch (alg) { case DST_ALG_RSAMD5: @@ -161,7 +228,17 @@ check_data(const dst_private_t *priv, const unsigned int alg) { case DST_ALG_DSA: return (check_dsa(priv)); case DST_ALG_HMACMD5: - return (check_hmac_md5(priv)); + return (check_hmac_md5(priv, old)); + case DST_ALG_HMACSHA1: + return (check_hmac_sha(priv, HMACSHA1_NTAGS, alg)); + case DST_ALG_HMACSHA224: + return (check_hmac_sha(priv, HMACSHA224_NTAGS, alg)); + case DST_ALG_HMACSHA256: + return (check_hmac_sha(priv, HMACSHA256_NTAGS, alg)); + case DST_ALG_HMACSHA384: + return (check_hmac_sha(priv, HMACSHA384_NTAGS, alg)); + case DST_ALG_HMACSHA512: + return (check_hmac_sha(priv, HMACSHA512_NTAGS, alg)); default: return (DST_R_UNSUPPORTEDALG); } @@ -196,6 +273,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, REQUIRE(priv != NULL); priv->nelements = 0; + memset(priv->elements, 0, sizeof(priv->elements)); #define NEXTTOKEN(lex, opt, token) \ do { \ @@ -287,7 +365,6 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, goto fail; } - memset(&priv->elements[n], 0, sizeof(dst_private_element_t)); tag = find_value(DST_AS_STR(token), alg); if (tag < 0 || TAG_ALG(tag) != alg) { ret = DST_R_INVALIDPRIVATEKEY; @@ -313,7 +390,7 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex, done: priv->nelements = n; - if (check_data(priv, alg) < 0) + if (check_data(priv, alg, ISC_TRUE) < 0) goto fail; return (ISC_R_SUCCESS); @@ -341,7 +418,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, REQUIRE(priv != NULL); - if (check_data(priv, dst_key_alg(key)) < 0) + if (check_data(priv, dst_key_alg(key), ISC_FALSE) < 0) return (DST_R_INVALIDPRIVATEKEY); isc_buffer_init(&b, filename, sizeof(filename)); @@ -380,6 +457,21 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, case DST_ALG_HMACMD5: fprintf(fp, "(HMAC_MD5)\n"); break; + case DST_ALG_HMACSHA1: + fprintf(fp, "(HMAC_SHA1)\n"); + break; + case DST_ALG_HMACSHA224: + fprintf(fp, "(HMAC_SHA224)\n"); + break; + case DST_ALG_HMACSHA256: + fprintf(fp, "(HMAC_SHA256)\n"); + break; + case DST_ALG_HMACSHA384: + fprintf(fp, "(HMAC_SHA384)\n"); + break; + case DST_ALG_HMACSHA512: + fprintf(fp, "(HMAC_SHA512)\n"); + break; default: fprintf(fp, "(?)\n"); break; @@ -407,6 +499,10 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv, fprintf(fp, "\n"); } + fflush(fp); + iret = ferror(fp) ? DST_R_WRITEERROR : ISC_R_SUCCESS; fclose(fp); - return (ISC_R_SUCCESS); + return (iret); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/dst_parse.h b/contrib/bind-9.5.2/lib/dns/dst_parse.h similarity index 61% rename from contrib/bind-9.3/lib/dns/dst_parse.h rename to contrib/bind-9.5.2/lib/dns/dst_parse.h index 9ecef4f7b6..9809685b87 100644 --- a/contrib/bind-9.3/lib/dns/dst_parse.h +++ b/contrib/bind-9.5.2/lib/dns/dst_parse.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2000-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,8 +29,9 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_parse.h,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $ */ +/* $Id: dst_parse.h,v 1.8.92.2 2008/05/15 23:46:37 tbox Exp $ */ +/*! \file */ #ifndef DST_DST_PARSE_H #define DST_DST_PARSE_H 1 @@ -59,8 +73,30 @@ #define TAG_DSA_PRIVATE ((DST_ALG_DSA << TAG_SHIFT) + 3) #define TAG_DSA_PUBLIC ((DST_ALG_DSA << TAG_SHIFT) + 4) -#define HMACMD5_NTAGS 1 +#define OLD_HMACMD5_NTAGS 1 +#define HMACMD5_NTAGS 2 #define TAG_HMACMD5_KEY ((DST_ALG_HMACMD5 << TAG_SHIFT) + 0) +#define TAG_HMACMD5_BITS ((DST_ALG_HMACMD5 << TAG_SHIFT) + 1) + +#define HMACSHA1_NTAGS 2 +#define TAG_HMACSHA1_KEY ((DST_ALG_HMACSHA1 << TAG_SHIFT) + 0) +#define TAG_HMACSHA1_BITS ((DST_ALG_HMACSHA1 << TAG_SHIFT) + 1) + +#define HMACSHA224_NTAGS 2 +#define TAG_HMACSHA224_KEY ((DST_ALG_HMACSHA224 << TAG_SHIFT) + 0) +#define TAG_HMACSHA224_BITS ((DST_ALG_HMACSHA224 << TAG_SHIFT) + 1) + +#define HMACSHA256_NTAGS 2 +#define TAG_HMACSHA256_KEY ((DST_ALG_HMACSHA256 << TAG_SHIFT) + 0) +#define TAG_HMACSHA256_BITS ((DST_ALG_HMACSHA256 << TAG_SHIFT) + 1) + +#define HMACSHA384_NTAGS 2 +#define TAG_HMACSHA384_KEY ((DST_ALG_HMACSHA384 << TAG_SHIFT) + 0) +#define TAG_HMACSHA384_BITS ((DST_ALG_HMACSHA384 << TAG_SHIFT) + 1) + +#define HMACSHA512_NTAGS 2 +#define TAG_HMACSHA512_KEY ((DST_ALG_HMACSHA512 << TAG_SHIFT) + 0) +#define TAG_HMACSHA512_BITS ((DST_ALG_HMACSHA512 << TAG_SHIFT) + 1) struct dst_private_element { unsigned short tag; diff --git a/contrib/bind-9.3/lib/dns/dst_result.c b/contrib/bind-9.5.2/lib/dns/dst_result.c similarity index 61% rename from contrib/bind-9.3/lib/dns/dst_result.c rename to contrib/bind-9.5.2/lib/dns/dst_result.c index 9b1536c3cc..797ec3f060 100644 --- a/contrib/bind-9.3/lib/dns/dst_result.c +++ b/contrib/bind-9.5.2/lib/dns/dst_result.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* +/*% * Principal Author: Brian Wellington - * $Id: dst_result.c,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $ + * $Id: dst_result.c,v 1.5 2007/06/19 23:47:16 tbox Exp $ */ #include @@ -29,27 +29,27 @@ #include static const char *text[DST_R_NRESULTS] = { - "algorithm is unsupported", /* 0 */ - "openssl failure", /* 1 */ - "built with no crypto support", /* 2 */ - "illegal operation for a null key", /* 3 */ - "public key is invalid", /* 4 */ - "private key is invalid", /* 5 */ - "UNUSED6", /* 6 */ - "error occurred writing key to disk", /* 7 */ - "invalid algorithm specific parameter", /* 8 */ - "UNUSED9", /* 9 */ - "UNUSED10", /* 10 */ - "sign failure", /* 11 */ - "UNUSED12", /* 12 */ - "UNUSED13", /* 13 */ - "verify failure", /* 14 */ - "not a public key", /* 15 */ - "not a private key", /* 16 */ - "not a key that can compute a secret", /* 17 */ - "failure computing a shared secret", /* 18 */ - "no randomness available", /* 19 */ - "bad key type" /* 20 */ + "algorithm is unsupported", /*%< 0 */ + "openssl failure", /*%< 1 */ + "built with no crypto support", /*%< 2 */ + "illegal operation for a null key", /*%< 3 */ + "public key is invalid", /*%< 4 */ + "private key is invalid", /*%< 5 */ + "UNUSED6", /*%< 6 */ + "error occurred writing key to disk", /*%< 7 */ + "invalid algorithm specific parameter", /*%< 8 */ + "UNUSED9", /*%< 9 */ + "UNUSED10", /*%< 10 */ + "sign failure", /*%< 11 */ + "UNUSED12", /*%< 12 */ + "UNUSED13", /*%< 13 */ + "verify failure", /*%< 14 */ + "not a public key", /*%< 15 */ + "not a private key", /*%< 16 */ + "not a key that can compute a secret", /*%< 17 */ + "failure computing a shared secret", /*%< 18 */ + "no randomness available", /*%< 19 */ + "bad key type" /*%< 20 */ }; #define DST_RESULT_RESULTSET 2 @@ -84,3 +84,5 @@ void dst_result_register(void) { initialize(); } + +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/forward.c b/contrib/bind-9.5.2/lib/dns/forward.c similarity index 92% rename from contrib/bind-9.3/lib/dns/forward.c rename to contrib/bind-9.5.2/lib/dns/forward.c index 1455fbad43..39e2ef5df0 100644 --- a/contrib/bind-9.3/lib/dns/forward.c +++ b/contrib/bind-9.5.2/lib/dns/forward.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: forward.c,v 1.5.206.3 2005/03/17 03:58:30 marka Exp $ */ +/* $Id: forward.c,v 1.12 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -62,13 +64,8 @@ dns_fwdtable_create(isc_mem_t *mctx, dns_fwdtable_t **fwdtablep) { goto cleanup_fwdtable; result = isc_rwlock_init(&fwdtable->rwlock, 0, 0); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_rwlock_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_rbt; - } fwdtable->mctx = NULL; isc_mem_attach(mctx, &fwdtable->mctx); diff --git a/contrib/bind-9.3/lib/dns/gen-unix.h b/contrib/bind-9.5.2/lib/dns/gen-unix.h similarity index 87% rename from contrib/bind-9.3/lib/dns/gen-unix.h rename to contrib/bind-9.5.2/lib/dns/gen-unix.h index bd007c4541..25dcadc070 100644 --- a/contrib/bind-9.3/lib/dns/gen-unix.h +++ b/contrib/bind-9.5.2/lib/dns/gen-unix.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,14 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gen-unix.h,v 1.12.12.5 2005/06/09 23:54:29 marka Exp $ */ +/* $Id: gen-unix.h,v 1.19.128.2 2009/01/19 23:47:02 tbox Exp $ */ -/* +/*! \file + * \brief * This file is responsible for defining two operations that are not * directly portable between Unix-like systems and Windows NT, option * parsing and directory scanning. It is here because it was decided * that the "gen" build utility was not to depend on libisc.a, so - * the functions delcared in isc/commandline.h and isc/dir.h could not + * the functions declared in isc/commandline.h and isc/dir.h could not * be used. * * The commandline stuff is really just a wrapper around getopt(). diff --git a/contrib/bind-9.3/lib/dns/gen-win32.h b/contrib/bind-9.5.2/lib/dns/gen-win32.h similarity index 94% rename from contrib/bind-9.3/lib/dns/gen-win32.h rename to contrib/bind-9.5.2/lib/dns/gen-win32.h index cff33b34cf..9302056ce0 100644 --- a/contrib/bind-9.3/lib/dns/gen-win32.h +++ b/contrib/bind-9.5.2/lib/dns/gen-win32.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -48,15 +48,15 @@ * SUCH DAMAGE. */ -/* $Id: gen-win32.h,v 1.14.12.6 2006/10/03 23:50:50 marka Exp $ */ +/* $Id: gen-win32.h,v 1.23.128.2 2009/01/19 23:47:02 tbox Exp $ */ -/* - * Principal Authors: Computer Systems Research Group at UC Berkeley - * Principal ISC caretaker: DCL +/*! \file + * \author Principal Authors: Computer Systems Research Group at UC Berkeley + * \author Principal ISC caretaker: DCL */ /* - * This file was adapted from the NetBSD project's source tree, RCS ID: + * \note This file was adapted from the NetBSD project's source tree, RCS ID: * NetBSD: getopt.c,v 1.15 1999/09/20 04:39:37 lukem Exp * * The primary change has been to rename items to the ISC namespace @@ -66,7 +66,7 @@ * directly portable between Unix-like systems and Windows NT, option * parsing and directory scanning. It is here because it was decided * that the "gen" build utility was not to depend on libisc.a, so - * the functions delcared in isc/commandline.h and isc/dir.h could not + * the functions declared in isc/commandline.h and isc/dir.h could not * be used. * * The commandline stuff is pretty much a straight copy from the initial diff --git a/contrib/bind-9.3/lib/dns/gen.c b/contrib/bind-9.5.2/lib/dns/gen.c similarity index 98% rename from contrib/bind-9.3/lib/dns/gen.c rename to contrib/bind-9.5.2/lib/dns/gen.c index 1d83023259..157dbfcaf7 100644 --- a/contrib/bind-9.3/lib/dns/gen.c +++ b/contrib/bind-9.5.2/lib/dns/gen.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gen.c,v 1.65.2.5.2.9 2006/10/02 06:31:26 marka Exp $ */ +/* $Id: gen.c,v 1.81 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #ifdef WIN32 /* @@ -123,6 +125,8 @@ const char copyright[] = " *************** DO NOT EDIT!\n" " ***************\n" " ***************/\n" +"\n" +"/*! \\file */\n" "\n"; #define TYPENAMES 256 @@ -168,7 +172,7 @@ sd(int, const char *, const char *, char); void insert_into_typenames(int, const char *, const char *); -/* +/*% * If you use more than 10 of these in, say, a printf(), you'll have problems. */ char * @@ -832,13 +836,10 @@ main(int argc, char **argv) { } while (0) for (cc = classes; cc != NULL; cc = cc->next) { - if (cc->rdclass == 4) { - PRINTCLASS("ch", 3); + if (cc->rdclass == 3) PRINTCLASS("chaos", 3); - - } else if (cc->rdclass == 255) { + else if (cc->rdclass == 255) PRINTCLASS("none", 254); - } PRINTCLASS(cc->classname, cc->rdclass); } diff --git a/contrib/bind-9.5.2/lib/dns/gssapi_link.c b/contrib/bind-9.5.2/lib/dns/gssapi_link.c new file mode 100644 index 0000000000..6b4a90ab71 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/gssapi_link.c @@ -0,0 +1,309 @@ +/* + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * $Id: gssapi_link.c,v 1.7.128.5 2008/07/23 10:33:26 marka Exp $ + */ + +#include + +#ifdef GSSAPI + +#include +#include +#include +#include + +#include + +#include "dst_internal.h" +#include "dst_parse.h" + +#include + +#define INITIAL_BUFFER_SIZE 1024 +#define BUFFER_EXTRA 1024 + +#define REGION_TO_GBUFFER(r, gb) \ + do { \ + (gb).length = (r).length; \ + (gb).value = (r).base; \ + } while (0) + + +struct dst_gssapi_signverifyctx { + isc_buffer_t *buffer; +}; + +/*% + * Allocate a temporary "context" for use in gathering data for signing + * or verifying. + */ +static isc_result_t +gssapi_create_signverify_ctx(dst_key_t *key, dst_context_t *dctx) { + dst_gssapi_signverifyctx_t *ctx; + isc_result_t result; + + UNUSED(key); + + ctx = isc_mem_get(dctx->mctx, sizeof(dst_gssapi_signverifyctx_t)); + if (ctx == NULL) + return (ISC_R_NOMEMORY); + ctx->buffer = NULL; + result = isc_buffer_allocate(dctx->mctx, &ctx->buffer, + INITIAL_BUFFER_SIZE); + if (result != ISC_R_SUCCESS) { + isc_mem_put(dctx->mctx, ctx, sizeof(dst_gssapi_signverifyctx_t)); + return (result); + } + + dctx->ctxdata.gssctx = ctx; + + return (ISC_R_SUCCESS); +} + +/*% + * Destroy the temporary sign/verify context. + */ +static void +gssapi_destroy_signverify_ctx(dst_context_t *dctx) { + dst_gssapi_signverifyctx_t *ctx = dctx->ctxdata.gssctx; + + if (ctx != NULL) { + if (ctx->buffer != NULL) + isc_buffer_free(&ctx->buffer); + isc_mem_put(dctx->mctx, ctx, sizeof(dst_gssapi_signverifyctx_t)); + dctx->ctxdata.gssctx = NULL; + } +} + +/*% + * Add data to our running buffer of data we will be signing or verifying. + * This code will see if the new data will fit in our existing buffer, and + * copy it in if it will. If not, it will attempt to allocate a larger + * buffer and copy old+new into it, and free the old buffer. + */ +static isc_result_t +gssapi_adddata(dst_context_t *dctx, const isc_region_t *data) { + dst_gssapi_signverifyctx_t *ctx = dctx->ctxdata.gssctx; + isc_buffer_t *newbuffer = NULL; + isc_region_t r; + unsigned int length; + isc_result_t result; + + result = isc_buffer_copyregion(ctx->buffer, data); + if (result == ISC_R_SUCCESS) + return (ISC_R_SUCCESS); + + length = isc_buffer_length(ctx->buffer) + data->length + BUFFER_EXTRA; + + result = isc_buffer_allocate(dctx->mctx, &newbuffer, length); + if (result != ISC_R_SUCCESS) + return (result); + + isc_buffer_usedregion(ctx->buffer, &r); + (void)isc_buffer_copyregion(newbuffer, &r); + (void)isc_buffer_copyregion(newbuffer, data); + + isc_buffer_free(&ctx->buffer); + ctx->buffer = newbuffer; + + return (ISC_R_SUCCESS); +} + +/*% + * Sign. + */ +static isc_result_t +gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) { + dst_gssapi_signverifyctx_t *ctx = dctx->ctxdata.gssctx; + isc_region_t message; + gss_buffer_desc gmessage, gsig; + OM_uint32 minor, gret; + gss_ctx_id_t gssctx = dctx->key->keydata.gssctx; + char buf[1024]; + + /* + * Convert the data we wish to sign into a structure gssapi can + * understand. + */ + isc_buffer_usedregion(ctx->buffer, &message); + REGION_TO_GBUFFER(message, gmessage); + + /* + * Generate the signature. + */ + gret = gss_get_mic(&minor, gssctx, GSS_C_QOP_DEFAULT, &gmessage, + &gsig); + + /* + * If it did not complete, we log the result and return a generic + * failure code. + */ + if (gret != GSS_S_COMPLETE) { + gss_log(3, "GSS sign error: %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); + return (ISC_R_FAILURE); + } + + /* + * If it will not fit in our allocated buffer, return that we need + * more space. + */ + if (gsig.length > isc_buffer_availablelength(sig)) { + gss_release_buffer(&minor, &gsig); + return (ISC_R_NOSPACE); + } + + /* + * Copy the output into our buffer space, and release the gssapi + * allocated space. + */ + isc_buffer_putmem(sig, gsig.value, gsig.length); + if (gsig.length != 0) + gss_release_buffer(&minor, &gsig); + + return (ISC_R_SUCCESS); +} + +/*% + * Verify. + */ +static isc_result_t +gssapi_verify(dst_context_t *dctx, const isc_region_t *sig) { + dst_gssapi_signverifyctx_t *ctx = dctx->ctxdata.gssctx; + isc_region_t message, r; + gss_buffer_desc gmessage, gsig; + OM_uint32 minor, gret; + gss_ctx_id_t gssctx = dctx->key->keydata.gssctx; + unsigned char *buf; + char err[1024]; + + /* + * Convert the data we wish to sign into a structure gssapi can + * understand. + */ + isc_buffer_usedregion(ctx->buffer, &message); + REGION_TO_GBUFFER(message, gmessage); + + /* + * XXXMLG + * It seem that gss_verify_mic() modifies the signature buffer, + * at least on Heimdal's implementation. Copy it here to an allocated + * buffer. + */ + buf = isc_mem_allocate(dst__memory_pool, sig->length); + if (buf == NULL) + return (ISC_R_FAILURE); + memcpy(buf, sig->base, sig->length); + r.base = buf; + r.length = sig->length; + REGION_TO_GBUFFER(r, gsig); + + /* + * Verify the data. + */ + gret = gss_verify_mic(&minor, gssctx, &gmessage, &gsig, NULL); + + isc_mem_free(dst__memory_pool, buf); + + /* + * Convert return codes into something useful to us. + */ + if (gret != GSS_S_COMPLETE) { + gss_log(3, "GSS verify error: %s", + gss_error_tostring(gret, minor, err, sizeof(err))); + if (gret == GSS_S_DEFECTIVE_TOKEN || + gret == GSS_S_BAD_SIG || + gret == GSS_S_DUPLICATE_TOKEN || + gret == GSS_S_OLD_TOKEN || + gret == GSS_S_UNSEQ_TOKEN || + gret == GSS_S_GAP_TOKEN || + gret == GSS_S_CONTEXT_EXPIRED || + gret == GSS_S_NO_CONTEXT || + gret == GSS_S_FAILURE) + return(DST_R_VERIFYFAILURE); + else + return (ISC_R_FAILURE); + } + + return (ISC_R_SUCCESS); +} + +static isc_boolean_t +gssapi_compare(const dst_key_t *key1, const dst_key_t *key2) { + gss_ctx_id_t gsskey1 = key1->keydata.gssctx; + gss_ctx_id_t gsskey2 = key2->keydata.gssctx; + + /* No idea */ + return (ISC_TF(gsskey1 == gsskey2)); +} + +static isc_result_t +gssapi_generate(dst_key_t *key, int unused) { + UNUSED(key); + UNUSED(unused); + + /* No idea */ + return (ISC_R_FAILURE); +} + +static isc_boolean_t +gssapi_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +gssapi_destroy(dst_key_t *key) { + REQUIRE(key != NULL); + dst_gssapi_deletectx(key->mctx, &key->keydata.gssctx); + key->keydata.gssctx = NULL; +} + +static dst_func_t gssapi_functions = { + gssapi_create_signverify_ctx, + gssapi_destroy_signverify_ctx, + gssapi_adddata, + gssapi_sign, + gssapi_verify, + NULL, /*%< computesecret */ + gssapi_compare, + NULL, /*%< paramcompare */ + gssapi_generate, + gssapi_isprivate, + gssapi_destroy, + NULL, /*%< todns */ + NULL, /*%< fromdns */ + NULL, /*%< tofile */ + NULL, /*%< parse */ + NULL /*%< cleanup */ +}; + +isc_result_t +dst__gssapi_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &gssapi_functions; + return (ISC_R_SUCCESS); +} + +#else +int gssapi_link_unneeded = 1; +#endif + +/*! \file */ diff --git a/contrib/bind-9.5.2/lib/dns/gssapictx.c b/contrib/bind-9.5.2/lib/dns/gssapictx.c new file mode 100644 index 0000000000..614d88f710 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/gssapictx.c @@ -0,0 +1,738 @@ +/* + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: gssapictx.c,v 1.8.128.4 2008/04/03 06:08:26 tbox Exp $ */ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "dst_internal.h" + +/* + * If we're using our own SPNEGO implementation (see configure.in), + * pull it in now. Otherwise, we just use whatever GSSAPI supplies. + */ +#if defined(GSSAPI) && defined(USE_ISC_SPNEGO) +#include "spnego.h" +#define gss_accept_sec_context gss_accept_sec_context_spnego +#define gss_init_sec_context gss_init_sec_context_spnego +#endif + +/* + * Solaris8 apparently needs an explicit OID set, and Solaris10 needs + * one for anything but Kerberos. Supplying an explicit OID set + * doesn't appear to hurt anything in other implementations, so we + * always use one. If we're not using our own SPNEGO implementation, + * we include SPNEGO's OID. + */ +#if defined(GSSAPI) + +static unsigned char krb5_mech_oid_bytes[] = { + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 +}; + +#ifndef USE_ISC_SPNEGO +static unsigned char spnego_mech_oid_bytes[] = { + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 +}; +#endif + +static gss_OID_desc mech_oid_set_array[] = { + { sizeof(krb5_mech_oid_bytes), krb5_mech_oid_bytes }, +#ifndef USE_ISC_SPNEGO + { sizeof(spnego_mech_oid_bytes), spnego_mech_oid_bytes }, +#endif +}; + +static gss_OID_set_desc mech_oid_set = { + sizeof(mech_oid_set_array) / sizeof(*mech_oid_set_array), + mech_oid_set_array +}; + +#endif + +#define REGION_TO_GBUFFER(r, gb) \ + do { \ + (gb).length = (r).length; \ + (gb).value = (r).base; \ + } while (0) + +#define GBUFFER_TO_REGION(gb, r) \ + do { \ + (r).length = (gb).length; \ + (r).base = (gb).value; \ + } while (0) + + +#define RETERR(x) do { \ + result = (x); \ + if (result != ISC_R_SUCCESS) \ + goto out; \ + } while (0) + +#ifdef GSSAPI +static inline void +name_to_gbuffer(dns_name_t *name, isc_buffer_t *buffer, + gss_buffer_desc *gbuffer) +{ + dns_name_t tname, *namep; + isc_region_t r; + isc_result_t result; + + if (!dns_name_isabsolute(name)) + namep = name; + else + { + unsigned int labels; + dns_name_init(&tname, NULL); + labels = dns_name_countlabels(name); + dns_name_getlabelsequence(name, 0, labels - 1, &tname); + namep = &tname; + } + + result = dns_name_totext(namep, ISC_FALSE, buffer); + isc_buffer_putuint8(buffer, 0); + isc_buffer_usedregion(buffer, &r); + REGION_TO_GBUFFER(r, *gbuffer); +} + +static void +log_cred(const gss_cred_id_t cred) { + OM_uint32 gret, minor, lifetime; + gss_name_t gname; + gss_buffer_desc gbuffer; + gss_cred_usage_t usage; + const char *usage_text; + char buf[1024]; + + gret = gss_inquire_cred(&minor, cred, &gname, &lifetime, &usage, NULL); + if (gret != GSS_S_COMPLETE) { + gss_log(3, "failed gss_inquire_cred: %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); + return; + } + + gret = gss_display_name(&minor, gname, &gbuffer, NULL); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_display_name: %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); + else { + switch (usage) { + case GSS_C_BOTH: + usage_text = "GSS_C_BOTH"; + break; + case GSS_C_INITIATE: + usage_text = "GSS_C_INITIATE"; + break; + case GSS_C_ACCEPT: + usage_text = "GSS_C_ACCEPT"; + break; + default: + usage_text = "???"; + } + gss_log(3, "gss cred: \"%s\", %s, %lu", (char *)gbuffer.value, + usage_text, (unsigned long)lifetime); + } + + if (gret == GSS_S_COMPLETE) { + if (gbuffer.length != 0) { + gret = gss_release_buffer(&minor, &gbuffer); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_buffer: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + } + } + + gret = gss_release_name(&minor, &gname); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_name: %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); +} +#endif + +isc_result_t +dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, + gss_cred_id_t *cred) +{ +#ifdef GSSAPI + isc_buffer_t namebuf; + gss_name_t gname; + gss_buffer_desc gnamebuf; + unsigned char array[DNS_NAME_MAXTEXT + 1]; + OM_uint32 gret, minor; + gss_OID_set mechs; + OM_uint32 lifetime; + gss_cred_usage_t usage; + char buf[1024]; + + REQUIRE(cred != NULL && *cred == NULL); + + /* + * XXXSRA In theory we could use GSS_C_NT_HOSTBASED_SERVICE + * here when we're in the acceptor role, which would let us + * default the hostname and use a compiled in default service + * name of "DNS", giving one less thing to configure in + * named.conf. Unfortunately, this creates a circular + * dependency due to DNS-based realm lookup in at least one + * GSSAPI implementation (Heimdal). Oh well. + */ + if (name != NULL) { + isc_buffer_init(&namebuf, array, sizeof(array)); + name_to_gbuffer(name, &namebuf, &gnamebuf); + gret = gss_import_name(&minor, &gnamebuf, + GSS_C_NO_OID, &gname); + if (gret != GSS_S_COMPLETE) { + gss_log(3, "failed gss_import_name: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + return (ISC_R_FAILURE); + } + } else + gname = NULL; + + /* Get the credentials. */ + if (gname != NULL) + gss_log(3, "acquiring credentials for %s", + (char *)gnamebuf.value); + else { + /* XXXDCL does this even make any sense? */ + gss_log(3, "acquiring credentials for ?"); + } + + if (initiate) + usage = GSS_C_INITIATE; + else + usage = GSS_C_ACCEPT; + + gret = gss_acquire_cred(&minor, gname, GSS_C_INDEFINITE, + &mech_oid_set, + usage, cred, &mechs, &lifetime); + + if (gret != GSS_S_COMPLETE) { + gss_log(3, "failed to acquire %s credentials for %s: %s", + initiate ? "initiate" : "accept", + (char *)gnamebuf.value, + gss_error_tostring(gret, minor, buf, sizeof(buf))); + return (ISC_R_FAILURE); + } + + gss_log(4, "acquired %s credentials for %s", + initiate ? "initiate" : "accept", + (char *)gnamebuf.value); + + log_cred(*cred); + + return (ISC_R_SUCCESS); +#else + UNUSED(name); + UNUSED(initiate); + UNUSED(cred); + + return (ISC_R_NOTIMPLEMENTED); +#endif +} + +isc_boolean_t +dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name, + dns_name_t *realm) +{ +#ifdef GSSAPI + char sbuf[DNS_NAME_FORMATSIZE]; + char nbuf[DNS_NAME_FORMATSIZE]; + char rbuf[DNS_NAME_FORMATSIZE]; + char *sname; + char *rname; + + /* + * It is far, far easier to write the names we are looking at into + * a string, and do string operations on them. + */ + dns_name_format(signer, sbuf, sizeof(sbuf)); + if (name != NULL) + dns_name_format(name, nbuf, sizeof(nbuf)); + dns_name_format(realm, rbuf, sizeof(rbuf)); + + /* + * Find the realm portion. This is the part after the @. If it + * does not exist, we don't have something we like, so we fail our + * compare. + */ + rname = strstr(sbuf, "\\@"); + if (rname == NULL) + return (isc_boolean_false); + *rname = '\0'; + rname += 2; + + /* + * Find the host portion of the signer's name. We do this by + * searching for the first / character. We then check to make + * certain the instance name is "host" + * + * This will work for + * host/example.com@EXAMPLE.COM + */ + sname = strchr(sbuf, '/'); + if (sname == NULL) + return (isc_boolean_false); + *sname = '\0'; + sname++; + if (strcmp(sbuf, "host") != 0) + return (isc_boolean_false); + + /* + * Now, we do a simple comparison between the name and the realm. + */ + if (name != NULL) { + if ((strcasecmp(sname, nbuf) == 0) + && (strcmp(rname, rbuf) == 0)) + return (isc_boolean_true); + } else { + if (strcmp(rname, rbuf) == 0) + return (isc_boolean_true); + } + + return (isc_boolean_false); +#else + UNUSED(signer); + UNUSED(name); + UNUSED(realm); + return (isc_boolean_false); +#endif +} + +isc_boolean_t +dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name, + dns_name_t *realm) +{ +#ifdef GSSAPI + char sbuf[DNS_NAME_FORMATSIZE]; + char nbuf[DNS_NAME_FORMATSIZE]; + char rbuf[DNS_NAME_FORMATSIZE]; + char *sname; + char *nname; + char *rname; + + /* + * It is far, far easier to write the names we are looking at into + * a string, and do string operations on them. + */ + dns_name_format(signer, sbuf, sizeof(sbuf)); + if (name != NULL) + dns_name_format(name, nbuf, sizeof(nbuf)); + dns_name_format(realm, rbuf, sizeof(rbuf)); + + /* + * Find the realm portion. This is the part after the @. If it + * does not exist, we don't have something we like, so we fail our + * compare. + */ + rname = strstr(sbuf, "\\@"); + if (rname == NULL) + return (isc_boolean_false); + sname = strstr(sbuf, "\\$"); + if (sname == NULL) + return (isc_boolean_false); + + /* + * Verify that the $ and @ follow one another. + */ + if (rname - sname != 2) + return (isc_boolean_false); + + /* + * Find the host portion of the signer's name. Zero out the $ so + * it terminates the signer's name, and skip past the @ for + * the realm. + * + * All service principals in Microsoft format seem to be in + * machinename$@EXAMPLE.COM + * format. + */ + *rname = '\0'; + rname += 2; + *sname = '\0'; + sname = sbuf; + + /* + * Find the first . in the target name, and make it the end of + * the string. The rest of the name has to match the realm. + */ + if (name != NULL) { + nname = strchr(nbuf, '.'); + if (nname == NULL) + return (isc_boolean_false); + *nname++ = '\0'; + } + + /* + * Now, we do a simple comparison between the name and the realm. + */ + if (name != NULL) { + if ((strcasecmp(sname, nbuf) == 0) + && (strcmp(rname, rbuf) == 0) + && (strcasecmp(nname, rbuf) == 0)) + return (isc_boolean_true); + } else { + if (strcmp(rname, rbuf) == 0) + return (isc_boolean_true); + } + + + return (isc_boolean_false); +#else + UNUSED(signer); + UNUSED(name); + UNUSED(realm); + return (isc_boolean_false); +#endif +} + +isc_result_t +dst_gssapi_releasecred(gss_cred_id_t *cred) { +#ifdef GSSAPI + OM_uint32 gret, minor; + char buf[1024]; + + REQUIRE(cred != NULL && *cred != NULL); + + gret = gss_release_cred(&minor, cred); + if (gret != GSS_S_COMPLETE) { + /* Log the error, but still free the credential's memory */ + gss_log(3, "failed releasing credential: %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); + } + *cred = NULL; + + return(ISC_R_SUCCESS); +#else + UNUSED(cred); + + return (ISC_R_NOTIMPLEMENTED); +#endif +} + +isc_result_t +dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, + isc_buffer_t *outtoken, gss_ctx_id_t *gssctx) +{ +#ifdef GSSAPI + isc_region_t r; + isc_buffer_t namebuf; + gss_name_t gname; + OM_uint32 gret, minor, ret_flags, flags; + gss_buffer_desc gintoken, *gintokenp, gouttoken = GSS_C_EMPTY_BUFFER; + isc_result_t result; + gss_buffer_desc gnamebuf; + unsigned char array[DNS_NAME_MAXTEXT + 1]; + char buf[1024]; + + /* Client must pass us a valid gss_ctx_id_t here */ + REQUIRE(gssctx != NULL); + + isc_buffer_init(&namebuf, array, sizeof(array)); + name_to_gbuffer(name, &namebuf, &gnamebuf); + + /* Get the name as a GSS name */ + gret = gss_import_name(&minor, &gnamebuf, GSS_C_NO_OID, &gname); + if (gret != GSS_S_COMPLETE) { + result = ISC_R_FAILURE; + goto out; + } + + if (intoken != NULL) { + /* Don't call gss_release_buffer for gintoken! */ + REGION_TO_GBUFFER(*intoken, gintoken); + gintokenp = &gintoken; + } else { + gintokenp = NULL; + } + + flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG | + GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG; + + gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx, + gname, GSS_SPNEGO_MECHANISM, flags, + 0, NULL, gintokenp, + NULL, &gouttoken, &ret_flags, NULL); + + if (gret != GSS_S_COMPLETE && gret != GSS_S_CONTINUE_NEEDED) { + gss_log(3, "Failure initiating security context"); + gss_log(3, "%s", gss_error_tostring(gret, minor, + buf, sizeof(buf))); + result = ISC_R_FAILURE; + goto out; + } + + /* + * XXXSRA Not handled yet: RFC 3645 3.1.1: check ret_flags + * MUTUAL and INTEG flags, fail if either not set. + */ + + /* + * RFC 2744 states the a valid output token has a non-zero length. + */ + if (gouttoken.length != 0) { + GBUFFER_TO_REGION(gouttoken, r); + RETERR(isc_buffer_copyregion(outtoken, &r)); + (void)gss_release_buffer(&minor, &gouttoken); + } + (void)gss_release_name(&minor, &gname); + + if (gret == GSS_S_COMPLETE) + result = ISC_R_SUCCESS; + else + result = DNS_R_CONTINUE; + + out: + return (result); +#else + UNUSED(name); + UNUSED(intoken); + UNUSED(outtoken); + UNUSED(gssctx); + + return (ISC_R_NOTIMPLEMENTED); +#endif +} + +isc_result_t +dst_gssapi_acceptctx(gss_cred_id_t cred, + isc_region_t *intoken, isc_buffer_t **outtoken, + gss_ctx_id_t *ctxout, dns_name_t *principal, + isc_mem_t *mctx) +{ +#ifdef GSSAPI + isc_region_t r; + isc_buffer_t namebuf; + gss_buffer_desc gnamebuf = GSS_C_EMPTY_BUFFER, gintoken, + gouttoken = GSS_C_EMPTY_BUFFER; + OM_uint32 gret, minor; + gss_ctx_id_t context = GSS_C_NO_CONTEXT; + gss_name_t gname = NULL; + isc_result_t result; + char buf[1024]; + + REQUIRE(outtoken != NULL && *outtoken == NULL); + + log_cred(cred); + + REGION_TO_GBUFFER(*intoken, gintoken); + + if (*ctxout == NULL) + context = GSS_C_NO_CONTEXT; + else + context = *ctxout; + + gret = gss_accept_sec_context(&minor, &context, cred, &gintoken, + GSS_C_NO_CHANNEL_BINDINGS, &gname, + NULL, &gouttoken, NULL, NULL, NULL); + + result = ISC_R_FAILURE; + + switch (gret) { + case GSS_S_COMPLETE: + result = ISC_R_SUCCESS; + break; + case GSS_S_CONTINUE_NEEDED: + result = DNS_R_CONTINUE; + break; + case GSS_S_DEFECTIVE_TOKEN: + case GSS_S_DEFECTIVE_CREDENTIAL: + case GSS_S_BAD_SIG: + case GSS_S_DUPLICATE_TOKEN: + case GSS_S_OLD_TOKEN: + case GSS_S_NO_CRED: + case GSS_S_CREDENTIALS_EXPIRED: + case GSS_S_BAD_BINDINGS: + case GSS_S_NO_CONTEXT: + case GSS_S_BAD_MECH: + case GSS_S_FAILURE: + result = DNS_R_INVALIDTKEY; + /* fall through */ + default: + gss_log(3, "failed gss_accept_sec_context: %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); + return (result); + } + + if (gouttoken.length > 0) { + RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length)); + GBUFFER_TO_REGION(gouttoken, r); + RETERR(isc_buffer_copyregion(*outtoken, &r)); + (void)gss_release_buffer(&minor, &gouttoken); + } + + if (gret == GSS_S_COMPLETE) { + gret = gss_display_name(&minor, gname, &gnamebuf, NULL); + if (gret != GSS_S_COMPLETE) { + gss_log(3, "failed gss_display_name: %s", + gss_error_tostring(gret, minor, + buf, sizeof(buf))); + RETERR(ISC_R_FAILURE); + } + + /* + * Compensate for a bug in Solaris8's implementation + * of gss_display_name(). Should be harmless in any + * case, since principal names really should not + * contain null characters. + */ + if (gnamebuf.length > 0 && + ((char *)gnamebuf.value)[gnamebuf.length - 1] == '\0') + gnamebuf.length--; + + gss_log(3, "gss-api source name (accept) is %.*s", + (int)gnamebuf.length, (char *)gnamebuf.value); + + GBUFFER_TO_REGION(gnamebuf, r); + isc_buffer_init(&namebuf, r.base, r.length); + isc_buffer_add(&namebuf, r.length); + + RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, + ISC_FALSE, NULL)); + + if (gnamebuf.length != 0) { + gret = gss_release_buffer(&minor, &gnamebuf); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_buffer: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + } + } + + *ctxout = context; + + out: + if (gname != NULL) { + gret = gss_release_name(&minor, &gname); + if (gret != GSS_S_COMPLETE) + gss_log(3, "failed gss_release_name: %s", + gss_error_tostring(gret, minor, buf, + sizeof(buf))); + } + + return (result); +#else + UNUSED(cred); + UNUSED(intoken); + UNUSED(outtoken); + UNUSED(ctxout); + UNUSED(principal); + UNUSED(mctx); + + return (ISC_R_NOTIMPLEMENTED); +#endif +} + +isc_result_t +dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx) +{ +#ifdef GSSAPI + OM_uint32 gret, minor; + char buf[1024]; + + UNUSED(mctx); + + REQUIRE(gssctx != NULL && *gssctx != NULL); + + /* Delete the context from the GSS provider */ + gret = gss_delete_sec_context(&minor, gssctx, GSS_C_NO_BUFFER); + if (gret != GSS_S_COMPLETE) { + /* Log the error, but still free the context's memory */ + gss_log(3, "Failure deleting security context %s", + gss_error_tostring(gret, minor, buf, sizeof(buf))); + } + return(ISC_R_SUCCESS); +#else + UNUSED(mctx); + UNUSED(gssctx); + return (ISC_R_NOTIMPLEMENTED); +#endif +} + +char * +gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, + char *buf, size_t buflen) { +#ifdef GSSAPI + gss_buffer_desc msg_minor = GSS_C_EMPTY_BUFFER, + msg_major = GSS_C_EMPTY_BUFFER; + OM_uint32 msg_ctx, minor_stat; + + /* Handle major status */ + msg_ctx = 0; + (void)gss_display_status(&minor_stat, major, GSS_C_GSS_CODE, + GSS_C_NULL_OID, &msg_ctx, &msg_major); + + /* Handle minor status */ + msg_ctx = 0; + (void)gss_display_status(&minor_stat, minor, GSS_C_MECH_CODE, + GSS_C_NULL_OID, &msg_ctx, &msg_minor); + + snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.", + (char *)msg_major.value, (char *)msg_minor.value); + + if (msg_major.length != 0) + (void)gss_release_buffer(&minor_stat, &msg_major); + if (msg_minor.length != 0) + (void)gss_release_buffer(&minor_stat, &msg_minor); + return(buf); +#else + snprintf(buf, buflen, "GSSAPI error: Major = %u, Minor = %u.", + major, minor); + + return (buf); +#endif +} + +void +gss_log(int level, const char *fmt, ...) { + va_list ap; + + va_start(ap, fmt); + isc_log_vwrite(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_TKEY, ISC_LOG_DEBUG(level), fmt, ap); + va_end(ap); +} + +/*! \file */ diff --git a/contrib/bind-9.5.2/lib/dns/hmac_link.c b/contrib/bind-9.5.2/lib/dns/hmac_link.c new file mode 100644 index 0000000000..18b3dfad34 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/hmac_link.c @@ -0,0 +1,1681 @@ +/* + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Portions Copyright (C) 1995-2000 by Network Associates, Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Principal Author: Brian Wellington + * $Id: hmac_link.c,v 1.9 2007/08/28 07:20:42 tbox Exp $ + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "dst_internal.h" +#include "dst_parse.h" + +#define HMAC_LEN 64 +#define HMAC_IPAD 0x36 +#define HMAC_OPAD 0x5c + +static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data); + +struct dst_hmacmd5_key { + unsigned char key[HMAC_LEN]; +}; + +static isc_result_t +getkeybits(dst_key_t *key, struct dst_private_element *element) { + + if (element->length != 2) + return (DST_R_INVALIDPRIVATEKEY); + + key->key_bits = (element->data[0] << 8) + element->data[1]; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacmd5_createctx(dst_key_t *key, dst_context_t *dctx) { + isc_hmacmd5_t *hmacmd5ctx; + dst_hmacmd5_key_t *hkey = key->keydata.hmacmd5; + + hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t)); + if (hmacmd5ctx == NULL) + return (ISC_R_NOMEMORY); + isc_hmacmd5_init(hmacmd5ctx, hkey->key, HMAC_LEN); + dctx->ctxdata.hmacmd5ctx = hmacmd5ctx; + return (ISC_R_SUCCESS); +} + +static void +hmacmd5_destroyctx(dst_context_t *dctx) { + isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx; + + if (hmacmd5ctx != NULL) { + isc_hmacmd5_invalidate(hmacmd5ctx); + isc_mem_put(dctx->mctx, hmacmd5ctx, sizeof(isc_hmacmd5_t)); + dctx->ctxdata.hmacmd5ctx = NULL; + } +} + +static isc_result_t +hmacmd5_adddata(dst_context_t *dctx, const isc_region_t *data) { + isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx; + + isc_hmacmd5_update(hmacmd5ctx, data->base, data->length); + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacmd5_sign(dst_context_t *dctx, isc_buffer_t *sig) { + isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx; + unsigned char *digest; + + if (isc_buffer_availablelength(sig) < ISC_MD5_DIGESTLENGTH) + return (ISC_R_NOSPACE); + digest = isc_buffer_used(sig); + isc_hmacmd5_sign(hmacmd5ctx, digest); + isc_buffer_add(sig, ISC_MD5_DIGESTLENGTH); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacmd5_verify(dst_context_t *dctx, const isc_region_t *sig) { + isc_hmacmd5_t *hmacmd5ctx = dctx->ctxdata.hmacmd5ctx; + + if (sig->length > ISC_MD5_DIGESTLENGTH) + return (DST_R_VERIFYFAILURE); + + if (isc_hmacmd5_verify2(hmacmd5ctx, sig->base, sig->length)) + return (ISC_R_SUCCESS); + else + return (DST_R_VERIFYFAILURE); +} + +static isc_boolean_t +hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) { + dst_hmacmd5_key_t *hkey1, *hkey2; + + hkey1 = key1->keydata.hmacmd5; + hkey2 = key2->keydata.hmacmd5; + + if (hkey1 == NULL && hkey2 == NULL) + return (ISC_TRUE); + else if (hkey1 == NULL || hkey2 == NULL) + return (ISC_FALSE); + + if (memcmp(hkey1->key, hkey2->key, HMAC_LEN) == 0) + return (ISC_TRUE); + else + return (ISC_FALSE); +} + +static isc_result_t +hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) { + isc_buffer_t b; + isc_result_t ret; + int bytes; + unsigned char data[HMAC_LEN]; + + bytes = (key->key_size + 7) / 8; + if (bytes > HMAC_LEN) { + bytes = HMAC_LEN; + key->key_size = HMAC_LEN * 8; + } + + memset(data, 0, HMAC_LEN); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); + + if (ret != ISC_R_SUCCESS) + return (ret); + + isc_buffer_init(&b, data, bytes); + isc_buffer_add(&b, bytes); + ret = hmacmd5_fromdns(key, &b); + memset(data, 0, HMAC_LEN); + + return (ret); +} + +static isc_boolean_t +hmacmd5_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +hmacmd5_destroy(dst_key_t *key) { + dst_hmacmd5_key_t *hkey = key->keydata.hmacmd5; + memset(hkey, 0, sizeof(dst_hmacmd5_key_t)); + isc_mem_put(key->mctx, hkey, sizeof(dst_hmacmd5_key_t)); + key->keydata.hmacmd5 = NULL; +} + +static isc_result_t +hmacmd5_todns(const dst_key_t *key, isc_buffer_t *data) { + dst_hmacmd5_key_t *hkey; + unsigned int bytes; + + REQUIRE(key->keydata.hmacmd5 != NULL); + + hkey = key->keydata.hmacmd5; + + bytes = (key->key_size + 7) / 8; + if (isc_buffer_availablelength(data) < bytes) + return (ISC_R_NOSPACE); + isc_buffer_putmem(data, hkey->key, bytes); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data) { + dst_hmacmd5_key_t *hkey; + int keylen; + isc_region_t r; + isc_md5_t md5ctx; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) + return (ISC_R_SUCCESS); + + hkey = isc_mem_get(key->mctx, sizeof(dst_hmacmd5_key_t)); + if (hkey == NULL) + return (ISC_R_NOMEMORY); + + memset(hkey->key, 0, sizeof(hkey->key)); + + if (r.length > HMAC_LEN) { + isc_md5_init(&md5ctx); + isc_md5_update(&md5ctx, r.base, r.length); + isc_md5_final(&md5ctx, hkey->key); + keylen = ISC_MD5_DIGESTLENGTH; + } + else { + memcpy(hkey->key, r.base, r.length); + keylen = r.length; + } + + key->key_size = keylen * 8; + key->keydata.hmacmd5 = hkey; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacmd5_tofile(const dst_key_t *key, const char *directory) { + int cnt = 0; + dst_hmacmd5_key_t *hkey; + dst_private_t priv; + int bytes = (key->key_size + 7) / 8; + unsigned char buf[2]; + + if (key->keydata.hmacmd5 == NULL) + return (DST_R_NULLKEY); + + hkey = key->keydata.hmacmd5; + + priv.elements[cnt].tag = TAG_HMACMD5_KEY; + priv.elements[cnt].length = bytes; + priv.elements[cnt++].data = hkey->key; + + buf[0] = (key->key_bits >> 8) & 0xffU; + buf[1] = key->key_bits & 0xffU; + priv.elements[cnt].tag = TAG_HMACMD5_BITS; + priv.elements[cnt].data = buf; + priv.elements[cnt++].length = 2; + + priv.nelements = cnt; + return (dst__privstruct_writefile(key, &priv, directory)); +} + +static isc_result_t +hmacmd5_parse(dst_key_t *key, isc_lex_t *lexer) { + dst_private_t priv; + isc_result_t result, tresult; + isc_buffer_t b; + isc_mem_t *mctx = key->mctx; + unsigned int i; + + /* read private key file */ + result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, &priv); + if (result != ISC_R_SUCCESS) + return (result); + + key->key_bits = 0; + for (i = 0; i < priv.nelements && result == ISC_R_SUCCESS; i++) { + switch (priv.elements[i].tag) { + case TAG_HMACMD5_KEY: + isc_buffer_init(&b, priv.elements[i].data, + priv.elements[i].length); + isc_buffer_add(&b, priv.elements[i].length); + tresult = hmacmd5_fromdns(key, &b); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + case TAG_HMACMD5_BITS: + tresult = getkeybits(key, &priv.elements[i]); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + default: + result = DST_R_INVALIDPRIVATEKEY; + break; + } + } + dst__privstruct_free(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (result); +} + +static dst_func_t hmacmd5_functions = { + hmacmd5_createctx, + hmacmd5_destroyctx, + hmacmd5_adddata, + hmacmd5_sign, + hmacmd5_verify, + NULL, /*%< computesecret */ + hmacmd5_compare, + NULL, /*%< paramcompare */ + hmacmd5_generate, + hmacmd5_isprivate, + hmacmd5_destroy, + hmacmd5_todns, + hmacmd5_fromdns, + hmacmd5_tofile, + hmacmd5_parse, + NULL, /*%< cleanup */ +}; + +isc_result_t +dst__hmacmd5_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &hmacmd5_functions; + return (ISC_R_SUCCESS); +} + +static isc_result_t hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data); + +struct dst_hmacsha1_key { + unsigned char key[ISC_SHA1_DIGESTLENGTH]; +}; + +static isc_result_t +hmacsha1_createctx(dst_key_t *key, dst_context_t *dctx) { + isc_hmacsha1_t *hmacsha1ctx; + dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1; + + hmacsha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha1_t)); + if (hmacsha1ctx == NULL) + return (ISC_R_NOMEMORY); + isc_hmacsha1_init(hmacsha1ctx, hkey->key, ISC_SHA1_DIGESTLENGTH); + dctx->ctxdata.hmacsha1ctx = hmacsha1ctx; + return (ISC_R_SUCCESS); +} + +static void +hmacsha1_destroyctx(dst_context_t *dctx) { + isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx; + + if (hmacsha1ctx != NULL) { + isc_hmacsha1_invalidate(hmacsha1ctx); + isc_mem_put(dctx->mctx, hmacsha1ctx, sizeof(isc_hmacsha1_t)); + dctx->ctxdata.hmacsha1ctx = NULL; + } +} + +static isc_result_t +hmacsha1_adddata(dst_context_t *dctx, const isc_region_t *data) { + isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx; + + isc_hmacsha1_update(hmacsha1ctx, data->base, data->length); + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha1_sign(dst_context_t *dctx, isc_buffer_t *sig) { + isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx; + unsigned char *digest; + + if (isc_buffer_availablelength(sig) < ISC_SHA1_DIGESTLENGTH) + return (ISC_R_NOSPACE); + digest = isc_buffer_used(sig); + isc_hmacsha1_sign(hmacsha1ctx, digest, ISC_SHA1_DIGESTLENGTH); + isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha1_verify(dst_context_t *dctx, const isc_region_t *sig) { + isc_hmacsha1_t *hmacsha1ctx = dctx->ctxdata.hmacsha1ctx; + + if (sig->length > ISC_SHA1_DIGESTLENGTH || sig->length == 0) + return (DST_R_VERIFYFAILURE); + + if (isc_hmacsha1_verify(hmacsha1ctx, sig->base, sig->length)) + return (ISC_R_SUCCESS); + else + return (DST_R_VERIFYFAILURE); +} + +static isc_boolean_t +hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) { + dst_hmacsha1_key_t *hkey1, *hkey2; + + hkey1 = key1->keydata.hmacsha1; + hkey2 = key2->keydata.hmacsha1; + + if (hkey1 == NULL && hkey2 == NULL) + return (ISC_TRUE); + else if (hkey1 == NULL || hkey2 == NULL) + return (ISC_FALSE); + + if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_DIGESTLENGTH) == 0) + return (ISC_TRUE); + else + return (ISC_FALSE); +} + +static isc_result_t +hmacsha1_generate(dst_key_t *key, int pseudorandom_ok) { + isc_buffer_t b; + isc_result_t ret; + int bytes; + unsigned char data[HMAC_LEN]; + + bytes = (key->key_size + 7) / 8; + if (bytes > HMAC_LEN) { + bytes = HMAC_LEN; + key->key_size = HMAC_LEN * 8; + } + + memset(data, 0, HMAC_LEN); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); + + if (ret != ISC_R_SUCCESS) + return (ret); + + isc_buffer_init(&b, data, bytes); + isc_buffer_add(&b, bytes); + ret = hmacsha1_fromdns(key, &b); + memset(data, 0, ISC_SHA1_DIGESTLENGTH); + + return (ret); +} + +static isc_boolean_t +hmacsha1_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +hmacsha1_destroy(dst_key_t *key) { + dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1; + memset(hkey, 0, sizeof(dst_hmacsha1_key_t)); + isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha1_key_t)); + key->keydata.hmacsha1 = NULL; +} + +static isc_result_t +hmacsha1_todns(const dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha1_key_t *hkey; + unsigned int bytes; + + REQUIRE(key->keydata.hmacsha1 != NULL); + + hkey = key->keydata.hmacsha1; + + bytes = (key->key_size + 7) / 8; + if (isc_buffer_availablelength(data) < bytes) + return (ISC_R_NOSPACE); + isc_buffer_putmem(data, hkey->key, bytes); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha1_key_t *hkey; + int keylen; + isc_region_t r; + isc_sha1_t sha1ctx; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) + return (ISC_R_SUCCESS); + + hkey = isc_mem_get(key->mctx, sizeof(dst_hmacsha1_key_t)); + if (hkey == NULL) + return (ISC_R_NOMEMORY); + + memset(hkey->key, 0, sizeof(hkey->key)); + + if (r.length > ISC_SHA1_DIGESTLENGTH) { + isc_sha1_init(&sha1ctx); + isc_sha1_update(&sha1ctx, r.base, r.length); + isc_sha1_final(&sha1ctx, hkey->key); + keylen = ISC_SHA1_DIGESTLENGTH; + } + else { + memcpy(hkey->key, r.base, r.length); + keylen = r.length; + } + + key->key_size = keylen * 8; + key->keydata.hmacsha1 = hkey; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha1_tofile(const dst_key_t *key, const char *directory) { + int cnt = 0; + dst_hmacsha1_key_t *hkey; + dst_private_t priv; + int bytes = (key->key_size + 7) / 8; + unsigned char buf[2]; + + if (key->keydata.hmacsha1 == NULL) + return (DST_R_NULLKEY); + + hkey = key->keydata.hmacsha1; + + priv.elements[cnt].tag = TAG_HMACSHA1_KEY; + priv.elements[cnt].length = bytes; + priv.elements[cnt++].data = hkey->key; + + buf[0] = (key->key_bits >> 8) & 0xffU; + buf[1] = key->key_bits & 0xffU; + priv.elements[cnt].tag = TAG_HMACSHA1_BITS; + priv.elements[cnt].data = buf; + priv.elements[cnt++].length = 2; + + priv.nelements = cnt; + return (dst__privstruct_writefile(key, &priv, directory)); +} + +static isc_result_t +hmacsha1_parse(dst_key_t *key, isc_lex_t *lexer) { + dst_private_t priv; + isc_result_t result, tresult; + isc_buffer_t b; + isc_mem_t *mctx = key->mctx; + unsigned int i; + + /* read private key file */ + result = dst__privstruct_parse(key, DST_ALG_HMACSHA1, lexer, mctx, + &priv); + if (result != ISC_R_SUCCESS) + return (result); + + key->key_bits = 0; + for (i = 0; i < priv.nelements; i++) { + switch (priv.elements[i].tag) { + case TAG_HMACSHA1_KEY: + isc_buffer_init(&b, priv.elements[i].data, + priv.elements[i].length); + isc_buffer_add(&b, priv.elements[i].length); + tresult = hmacsha1_fromdns(key, &b); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + case TAG_HMACSHA1_BITS: + tresult = getkeybits(key, &priv.elements[i]); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + default: + result = DST_R_INVALIDPRIVATEKEY; + break; + } + } + dst__privstruct_free(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (result); +} + +static dst_func_t hmacsha1_functions = { + hmacsha1_createctx, + hmacsha1_destroyctx, + hmacsha1_adddata, + hmacsha1_sign, + hmacsha1_verify, + NULL, /* computesecret */ + hmacsha1_compare, + NULL, /* paramcompare */ + hmacsha1_generate, + hmacsha1_isprivate, + hmacsha1_destroy, + hmacsha1_todns, + hmacsha1_fromdns, + hmacsha1_tofile, + hmacsha1_parse, + NULL, /* cleanup */ +}; + +isc_result_t +dst__hmacsha1_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &hmacsha1_functions; + return (ISC_R_SUCCESS); +} + +static isc_result_t hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data); + +struct dst_hmacsha224_key { + unsigned char key[ISC_SHA224_DIGESTLENGTH]; +}; + +static isc_result_t +hmacsha224_createctx(dst_key_t *key, dst_context_t *dctx) { + isc_hmacsha224_t *hmacsha224ctx; + dst_hmacsha224_key_t *hkey = key->keydata.hmacsha224; + + hmacsha224ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha224_t)); + if (hmacsha224ctx == NULL) + return (ISC_R_NOMEMORY); + isc_hmacsha224_init(hmacsha224ctx, hkey->key, ISC_SHA224_DIGESTLENGTH); + dctx->ctxdata.hmacsha224ctx = hmacsha224ctx; + return (ISC_R_SUCCESS); +} + +static void +hmacsha224_destroyctx(dst_context_t *dctx) { + isc_hmacsha224_t *hmacsha224ctx = dctx->ctxdata.hmacsha224ctx; + + if (hmacsha224ctx != NULL) { + isc_hmacsha224_invalidate(hmacsha224ctx); + isc_mem_put(dctx->mctx, hmacsha224ctx, sizeof(isc_hmacsha224_t)); + dctx->ctxdata.hmacsha224ctx = NULL; + } +} + +static isc_result_t +hmacsha224_adddata(dst_context_t *dctx, const isc_region_t *data) { + isc_hmacsha224_t *hmacsha224ctx = dctx->ctxdata.hmacsha224ctx; + + isc_hmacsha224_update(hmacsha224ctx, data->base, data->length); + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha224_sign(dst_context_t *dctx, isc_buffer_t *sig) { + isc_hmacsha224_t *hmacsha224ctx = dctx->ctxdata.hmacsha224ctx; + unsigned char *digest; + + if (isc_buffer_availablelength(sig) < ISC_SHA224_DIGESTLENGTH) + return (ISC_R_NOSPACE); + digest = isc_buffer_used(sig); + isc_hmacsha224_sign(hmacsha224ctx, digest, ISC_SHA224_DIGESTLENGTH); + isc_buffer_add(sig, ISC_SHA224_DIGESTLENGTH); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha224_verify(dst_context_t *dctx, const isc_region_t *sig) { + isc_hmacsha224_t *hmacsha224ctx = dctx->ctxdata.hmacsha224ctx; + + if (sig->length > ISC_SHA224_DIGESTLENGTH || sig->length == 0) + return (DST_R_VERIFYFAILURE); + + if (isc_hmacsha224_verify(hmacsha224ctx, sig->base, sig->length)) + return (ISC_R_SUCCESS); + else + return (DST_R_VERIFYFAILURE); +} + +static isc_boolean_t +hmacsha224_compare(const dst_key_t *key1, const dst_key_t *key2) { + dst_hmacsha224_key_t *hkey1, *hkey2; + + hkey1 = key1->keydata.hmacsha224; + hkey2 = key2->keydata.hmacsha224; + + if (hkey1 == NULL && hkey2 == NULL) + return (ISC_TRUE); + else if (hkey1 == NULL || hkey2 == NULL) + return (ISC_FALSE); + + if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_DIGESTLENGTH) == 0) + return (ISC_TRUE); + else + return (ISC_FALSE); +} + +static isc_result_t +hmacsha224_generate(dst_key_t *key, int pseudorandom_ok) { + isc_buffer_t b; + isc_result_t ret; + int bytes; + unsigned char data[HMAC_LEN]; + + bytes = (key->key_size + 7) / 8; + if (bytes > HMAC_LEN) { + bytes = HMAC_LEN; + key->key_size = HMAC_LEN * 8; + } + + memset(data, 0, HMAC_LEN); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); + + if (ret != ISC_R_SUCCESS) + return (ret); + + isc_buffer_init(&b, data, bytes); + isc_buffer_add(&b, bytes); + ret = hmacsha224_fromdns(key, &b); + memset(data, 0, ISC_SHA224_DIGESTLENGTH); + + return (ret); +} + +static isc_boolean_t +hmacsha224_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +hmacsha224_destroy(dst_key_t *key) { + dst_hmacsha224_key_t *hkey = key->keydata.hmacsha224; + memset(hkey, 0, sizeof(dst_hmacsha224_key_t)); + isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha224_key_t)); + key->keydata.hmacsha224 = NULL; +} + +static isc_result_t +hmacsha224_todns(const dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha224_key_t *hkey; + unsigned int bytes; + + REQUIRE(key->keydata.hmacsha224 != NULL); + + hkey = key->keydata.hmacsha224; + + bytes = (key->key_size + 7) / 8; + if (isc_buffer_availablelength(data) < bytes) + return (ISC_R_NOSPACE); + isc_buffer_putmem(data, hkey->key, bytes); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha224_key_t *hkey; + int keylen; + isc_region_t r; + isc_sha224_t sha224ctx; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) + return (ISC_R_SUCCESS); + + hkey = isc_mem_get(key->mctx, sizeof(dst_hmacsha224_key_t)); + if (hkey == NULL) + return (ISC_R_NOMEMORY); + + memset(hkey->key, 0, sizeof(hkey->key)); + + if (r.length > ISC_SHA224_DIGESTLENGTH) { + isc_sha224_init(&sha224ctx); + isc_sha224_update(&sha224ctx, r.base, r.length); + isc_sha224_final(hkey->key, &sha224ctx); + keylen = ISC_SHA224_DIGESTLENGTH; + } + else { + memcpy(hkey->key, r.base, r.length); + keylen = r.length; + } + + key->key_size = keylen * 8; + key->keydata.hmacsha224 = hkey; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha224_tofile(const dst_key_t *key, const char *directory) { + int cnt = 0; + dst_hmacsha224_key_t *hkey; + dst_private_t priv; + int bytes = (key->key_size + 7) / 8; + unsigned char buf[2]; + + if (key->keydata.hmacsha224 == NULL) + return (DST_R_NULLKEY); + + hkey = key->keydata.hmacsha224; + + priv.elements[cnt].tag = TAG_HMACSHA224_KEY; + priv.elements[cnt].length = bytes; + priv.elements[cnt++].data = hkey->key; + + buf[0] = (key->key_bits >> 8) & 0xffU; + buf[1] = key->key_bits & 0xffU; + priv.elements[cnt].tag = TAG_HMACSHA224_BITS; + priv.elements[cnt].data = buf; + priv.elements[cnt++].length = 2; + + priv.nelements = cnt; + return (dst__privstruct_writefile(key, &priv, directory)); +} + +static isc_result_t +hmacsha224_parse(dst_key_t *key, isc_lex_t *lexer) { + dst_private_t priv; + isc_result_t result, tresult; + isc_buffer_t b; + isc_mem_t *mctx = key->mctx; + unsigned int i; + + /* read private key file */ + result = dst__privstruct_parse(key, DST_ALG_HMACSHA224, lexer, mctx, + &priv); + if (result != ISC_R_SUCCESS) + return (result); + + key->key_bits = 0; + for (i = 0; i < priv.nelements; i++) { + switch (priv.elements[i].tag) { + case TAG_HMACSHA224_KEY: + isc_buffer_init(&b, priv.elements[i].data, + priv.elements[i].length); + isc_buffer_add(&b, priv.elements[i].length); + tresult = hmacsha224_fromdns(key, &b); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + case TAG_HMACSHA224_BITS: + tresult = getkeybits(key, &priv.elements[i]); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + default: + result = DST_R_INVALIDPRIVATEKEY; + break; + } + } + dst__privstruct_free(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (result); +} + +static dst_func_t hmacsha224_functions = { + hmacsha224_createctx, + hmacsha224_destroyctx, + hmacsha224_adddata, + hmacsha224_sign, + hmacsha224_verify, + NULL, /* computesecret */ + hmacsha224_compare, + NULL, /* paramcompare */ + hmacsha224_generate, + hmacsha224_isprivate, + hmacsha224_destroy, + hmacsha224_todns, + hmacsha224_fromdns, + hmacsha224_tofile, + hmacsha224_parse, + NULL, /* cleanup */ +}; + +isc_result_t +dst__hmacsha224_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &hmacsha224_functions; + return (ISC_R_SUCCESS); +} + +static isc_result_t hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data); + +struct dst_hmacsha256_key { + unsigned char key[ISC_SHA256_DIGESTLENGTH]; +}; + +static isc_result_t +hmacsha256_createctx(dst_key_t *key, dst_context_t *dctx) { + isc_hmacsha256_t *hmacsha256ctx; + dst_hmacsha256_key_t *hkey = key->keydata.hmacsha256; + + hmacsha256ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha256_t)); + if (hmacsha256ctx == NULL) + return (ISC_R_NOMEMORY); + isc_hmacsha256_init(hmacsha256ctx, hkey->key, ISC_SHA256_DIGESTLENGTH); + dctx->ctxdata.hmacsha256ctx = hmacsha256ctx; + return (ISC_R_SUCCESS); +} + +static void +hmacsha256_destroyctx(dst_context_t *dctx) { + isc_hmacsha256_t *hmacsha256ctx = dctx->ctxdata.hmacsha256ctx; + + if (hmacsha256ctx != NULL) { + isc_hmacsha256_invalidate(hmacsha256ctx); + isc_mem_put(dctx->mctx, hmacsha256ctx, sizeof(isc_hmacsha256_t)); + dctx->ctxdata.hmacsha256ctx = NULL; + } +} + +static isc_result_t +hmacsha256_adddata(dst_context_t *dctx, const isc_region_t *data) { + isc_hmacsha256_t *hmacsha256ctx = dctx->ctxdata.hmacsha256ctx; + + isc_hmacsha256_update(hmacsha256ctx, data->base, data->length); + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha256_sign(dst_context_t *dctx, isc_buffer_t *sig) { + isc_hmacsha256_t *hmacsha256ctx = dctx->ctxdata.hmacsha256ctx; + unsigned char *digest; + + if (isc_buffer_availablelength(sig) < ISC_SHA256_DIGESTLENGTH) + return (ISC_R_NOSPACE); + digest = isc_buffer_used(sig); + isc_hmacsha256_sign(hmacsha256ctx, digest, ISC_SHA256_DIGESTLENGTH); + isc_buffer_add(sig, ISC_SHA256_DIGESTLENGTH); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha256_verify(dst_context_t *dctx, const isc_region_t *sig) { + isc_hmacsha256_t *hmacsha256ctx = dctx->ctxdata.hmacsha256ctx; + + if (sig->length > ISC_SHA256_DIGESTLENGTH || sig->length == 0) + return (DST_R_VERIFYFAILURE); + + if (isc_hmacsha256_verify(hmacsha256ctx, sig->base, sig->length)) + return (ISC_R_SUCCESS); + else + return (DST_R_VERIFYFAILURE); +} + +static isc_boolean_t +hmacsha256_compare(const dst_key_t *key1, const dst_key_t *key2) { + dst_hmacsha256_key_t *hkey1, *hkey2; + + hkey1 = key1->keydata.hmacsha256; + hkey2 = key2->keydata.hmacsha256; + + if (hkey1 == NULL && hkey2 == NULL) + return (ISC_TRUE); + else if (hkey1 == NULL || hkey2 == NULL) + return (ISC_FALSE); + + if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_DIGESTLENGTH) == 0) + return (ISC_TRUE); + else + return (ISC_FALSE); +} + +static isc_result_t +hmacsha256_generate(dst_key_t *key, int pseudorandom_ok) { + isc_buffer_t b; + isc_result_t ret; + int bytes; + unsigned char data[HMAC_LEN]; + + bytes = (key->key_size + 7) / 8; + if (bytes > HMAC_LEN) { + bytes = HMAC_LEN; + key->key_size = HMAC_LEN * 8; + } + + memset(data, 0, HMAC_LEN); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); + + if (ret != ISC_R_SUCCESS) + return (ret); + + isc_buffer_init(&b, data, bytes); + isc_buffer_add(&b, bytes); + ret = hmacsha256_fromdns(key, &b); + memset(data, 0, ISC_SHA256_DIGESTLENGTH); + + return (ret); +} + +static isc_boolean_t +hmacsha256_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +hmacsha256_destroy(dst_key_t *key) { + dst_hmacsha256_key_t *hkey = key->keydata.hmacsha256; + memset(hkey, 0, sizeof(dst_hmacsha256_key_t)); + isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha256_key_t)); + key->keydata.hmacsha256 = NULL; +} + +static isc_result_t +hmacsha256_todns(const dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha256_key_t *hkey; + unsigned int bytes; + + REQUIRE(key->keydata.hmacsha256 != NULL); + + hkey = key->keydata.hmacsha256; + + bytes = (key->key_size + 7) / 8; + if (isc_buffer_availablelength(data) < bytes) + return (ISC_R_NOSPACE); + isc_buffer_putmem(data, hkey->key, bytes); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha256_key_t *hkey; + int keylen; + isc_region_t r; + isc_sha256_t sha256ctx; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) + return (ISC_R_SUCCESS); + + hkey = isc_mem_get(key->mctx, sizeof(dst_hmacsha256_key_t)); + if (hkey == NULL) + return (ISC_R_NOMEMORY); + + memset(hkey->key, 0, sizeof(hkey->key)); + + if (r.length > ISC_SHA256_DIGESTLENGTH) { + isc_sha256_init(&sha256ctx); + isc_sha256_update(&sha256ctx, r.base, r.length); + isc_sha256_final(hkey->key, &sha256ctx); + keylen = ISC_SHA256_DIGESTLENGTH; + } + else { + memcpy(hkey->key, r.base, r.length); + keylen = r.length; + } + + key->key_size = keylen * 8; + key->keydata.hmacsha256 = hkey; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha256_tofile(const dst_key_t *key, const char *directory) { + int cnt = 0; + dst_hmacsha256_key_t *hkey; + dst_private_t priv; + int bytes = (key->key_size + 7) / 8; + unsigned char buf[2]; + + if (key->keydata.hmacsha256 == NULL) + return (DST_R_NULLKEY); + + hkey = key->keydata.hmacsha256; + + priv.elements[cnt].tag = TAG_HMACSHA256_KEY; + priv.elements[cnt].length = bytes; + priv.elements[cnt++].data = hkey->key; + + buf[0] = (key->key_bits >> 8) & 0xffU; + buf[1] = key->key_bits & 0xffU; + priv.elements[cnt].tag = TAG_HMACSHA256_BITS; + priv.elements[cnt].data = buf; + priv.elements[cnt++].length = 2; + + priv.nelements = cnt; + return (dst__privstruct_writefile(key, &priv, directory)); +} + +static isc_result_t +hmacsha256_parse(dst_key_t *key, isc_lex_t *lexer) { + dst_private_t priv; + isc_result_t result, tresult; + isc_buffer_t b; + isc_mem_t *mctx = key->mctx; + unsigned int i; + + /* read private key file */ + result = dst__privstruct_parse(key, DST_ALG_HMACSHA256, lexer, mctx, + &priv); + if (result != ISC_R_SUCCESS) + return (result); + + key->key_bits = 0; + for (i = 0; i < priv.nelements; i++) { + switch (priv.elements[i].tag) { + case TAG_HMACSHA256_KEY: + isc_buffer_init(&b, priv.elements[i].data, + priv.elements[i].length); + isc_buffer_add(&b, priv.elements[i].length); + tresult = hmacsha256_fromdns(key, &b); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + case TAG_HMACSHA256_BITS: + tresult = getkeybits(key, &priv.elements[i]); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + default: + result = DST_R_INVALIDPRIVATEKEY; + break; + } + } + dst__privstruct_free(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (result); +} + +static dst_func_t hmacsha256_functions = { + hmacsha256_createctx, + hmacsha256_destroyctx, + hmacsha256_adddata, + hmacsha256_sign, + hmacsha256_verify, + NULL, /* computesecret */ + hmacsha256_compare, + NULL, /* paramcompare */ + hmacsha256_generate, + hmacsha256_isprivate, + hmacsha256_destroy, + hmacsha256_todns, + hmacsha256_fromdns, + hmacsha256_tofile, + hmacsha256_parse, + NULL, /* cleanup */ +}; + +isc_result_t +dst__hmacsha256_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &hmacsha256_functions; + return (ISC_R_SUCCESS); +} + +static isc_result_t hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data); + +struct dst_hmacsha384_key { + unsigned char key[ISC_SHA384_DIGESTLENGTH]; +}; + +static isc_result_t +hmacsha384_createctx(dst_key_t *key, dst_context_t *dctx) { + isc_hmacsha384_t *hmacsha384ctx; + dst_hmacsha384_key_t *hkey = key->keydata.hmacsha384; + + hmacsha384ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha384_t)); + if (hmacsha384ctx == NULL) + return (ISC_R_NOMEMORY); + isc_hmacsha384_init(hmacsha384ctx, hkey->key, ISC_SHA384_DIGESTLENGTH); + dctx->ctxdata.hmacsha384ctx = hmacsha384ctx; + return (ISC_R_SUCCESS); +} + +static void +hmacsha384_destroyctx(dst_context_t *dctx) { + isc_hmacsha384_t *hmacsha384ctx = dctx->ctxdata.hmacsha384ctx; + + if (hmacsha384ctx != NULL) { + isc_hmacsha384_invalidate(hmacsha384ctx); + isc_mem_put(dctx->mctx, hmacsha384ctx, sizeof(isc_hmacsha384_t)); + dctx->ctxdata.hmacsha384ctx = NULL; + } +} + +static isc_result_t +hmacsha384_adddata(dst_context_t *dctx, const isc_region_t *data) { + isc_hmacsha384_t *hmacsha384ctx = dctx->ctxdata.hmacsha384ctx; + + isc_hmacsha384_update(hmacsha384ctx, data->base, data->length); + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha384_sign(dst_context_t *dctx, isc_buffer_t *sig) { + isc_hmacsha384_t *hmacsha384ctx = dctx->ctxdata.hmacsha384ctx; + unsigned char *digest; + + if (isc_buffer_availablelength(sig) < ISC_SHA384_DIGESTLENGTH) + return (ISC_R_NOSPACE); + digest = isc_buffer_used(sig); + isc_hmacsha384_sign(hmacsha384ctx, digest, ISC_SHA384_DIGESTLENGTH); + isc_buffer_add(sig, ISC_SHA384_DIGESTLENGTH); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha384_verify(dst_context_t *dctx, const isc_region_t *sig) { + isc_hmacsha384_t *hmacsha384ctx = dctx->ctxdata.hmacsha384ctx; + + if (sig->length > ISC_SHA384_DIGESTLENGTH || sig->length == 0) + return (DST_R_VERIFYFAILURE); + + if (isc_hmacsha384_verify(hmacsha384ctx, sig->base, sig->length)) + return (ISC_R_SUCCESS); + else + return (DST_R_VERIFYFAILURE); +} + +static isc_boolean_t +hmacsha384_compare(const dst_key_t *key1, const dst_key_t *key2) { + dst_hmacsha384_key_t *hkey1, *hkey2; + + hkey1 = key1->keydata.hmacsha384; + hkey2 = key2->keydata.hmacsha384; + + if (hkey1 == NULL && hkey2 == NULL) + return (ISC_TRUE); + else if (hkey1 == NULL || hkey2 == NULL) + return (ISC_FALSE); + + if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_DIGESTLENGTH) == 0) + return (ISC_TRUE); + else + return (ISC_FALSE); +} + +static isc_result_t +hmacsha384_generate(dst_key_t *key, int pseudorandom_ok) { + isc_buffer_t b; + isc_result_t ret; + int bytes; + unsigned char data[HMAC_LEN]; + + bytes = (key->key_size + 7) / 8; + if (bytes > HMAC_LEN) { + bytes = HMAC_LEN; + key->key_size = HMAC_LEN * 8; + } + + memset(data, 0, HMAC_LEN); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); + + if (ret != ISC_R_SUCCESS) + return (ret); + + isc_buffer_init(&b, data, bytes); + isc_buffer_add(&b, bytes); + ret = hmacsha384_fromdns(key, &b); + memset(data, 0, ISC_SHA384_DIGESTLENGTH); + + return (ret); +} + +static isc_boolean_t +hmacsha384_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +hmacsha384_destroy(dst_key_t *key) { + dst_hmacsha384_key_t *hkey = key->keydata.hmacsha384; + memset(hkey, 0, sizeof(dst_hmacsha384_key_t)); + isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha384_key_t)); + key->keydata.hmacsha384 = NULL; +} + +static isc_result_t +hmacsha384_todns(const dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha384_key_t *hkey; + unsigned int bytes; + + REQUIRE(key->keydata.hmacsha384 != NULL); + + hkey = key->keydata.hmacsha384; + + bytes = (key->key_size + 7) / 8; + if (isc_buffer_availablelength(data) < bytes) + return (ISC_R_NOSPACE); + isc_buffer_putmem(data, hkey->key, bytes); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha384_key_t *hkey; + int keylen; + isc_region_t r; + isc_sha384_t sha384ctx; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) + return (ISC_R_SUCCESS); + + hkey = isc_mem_get(key->mctx, sizeof(dst_hmacsha384_key_t)); + if (hkey == NULL) + return (ISC_R_NOMEMORY); + + memset(hkey->key, 0, sizeof(hkey->key)); + + if (r.length > ISC_SHA384_DIGESTLENGTH) { + isc_sha384_init(&sha384ctx); + isc_sha384_update(&sha384ctx, r.base, r.length); + isc_sha384_final(hkey->key, &sha384ctx); + keylen = ISC_SHA384_DIGESTLENGTH; + } + else { + memcpy(hkey->key, r.base, r.length); + keylen = r.length; + } + + key->key_size = keylen * 8; + key->keydata.hmacsha384 = hkey; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha384_tofile(const dst_key_t *key, const char *directory) { + int cnt = 0; + dst_hmacsha384_key_t *hkey; + dst_private_t priv; + int bytes = (key->key_size + 7) / 8; + unsigned char buf[2]; + + if (key->keydata.hmacsha384 == NULL) + return (DST_R_NULLKEY); + + hkey = key->keydata.hmacsha384; + + priv.elements[cnt].tag = TAG_HMACSHA384_KEY; + priv.elements[cnt].length = bytes; + priv.elements[cnt++].data = hkey->key; + + buf[0] = (key->key_bits >> 8) & 0xffU; + buf[1] = key->key_bits & 0xffU; + priv.elements[cnt].tag = TAG_HMACSHA384_BITS; + priv.elements[cnt].data = buf; + priv.elements[cnt++].length = 2; + + priv.nelements = cnt; + return (dst__privstruct_writefile(key, &priv, directory)); +} + +static isc_result_t +hmacsha384_parse(dst_key_t *key, isc_lex_t *lexer) { + dst_private_t priv; + isc_result_t result, tresult; + isc_buffer_t b; + isc_mem_t *mctx = key->mctx; + unsigned int i; + + /* read private key file */ + result = dst__privstruct_parse(key, DST_ALG_HMACSHA384, lexer, mctx, + &priv); + if (result != ISC_R_SUCCESS) + return (result); + + key->key_bits = 0; + for (i = 0; i < priv.nelements; i++) { + switch (priv.elements[i].tag) { + case TAG_HMACSHA384_KEY: + isc_buffer_init(&b, priv.elements[i].data, + priv.elements[i].length); + isc_buffer_add(&b, priv.elements[i].length); + tresult = hmacsha384_fromdns(key, &b); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + case TAG_HMACSHA384_BITS: + tresult = getkeybits(key, &priv.elements[i]); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + default: + result = DST_R_INVALIDPRIVATEKEY; + break; + } + } + dst__privstruct_free(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (result); +} + +static dst_func_t hmacsha384_functions = { + hmacsha384_createctx, + hmacsha384_destroyctx, + hmacsha384_adddata, + hmacsha384_sign, + hmacsha384_verify, + NULL, /* computesecret */ + hmacsha384_compare, + NULL, /* paramcompare */ + hmacsha384_generate, + hmacsha384_isprivate, + hmacsha384_destroy, + hmacsha384_todns, + hmacsha384_fromdns, + hmacsha384_tofile, + hmacsha384_parse, + NULL, /* cleanup */ +}; + +isc_result_t +dst__hmacsha384_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &hmacsha384_functions; + return (ISC_R_SUCCESS); +} + +static isc_result_t hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data); + +struct dst_hmacsha512_key { + unsigned char key[ISC_SHA512_DIGESTLENGTH]; +}; + +static isc_result_t +hmacsha512_createctx(dst_key_t *key, dst_context_t *dctx) { + isc_hmacsha512_t *hmacsha512ctx; + dst_hmacsha512_key_t *hkey = key->keydata.hmacsha512; + + hmacsha512ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha512_t)); + if (hmacsha512ctx == NULL) + return (ISC_R_NOMEMORY); + isc_hmacsha512_init(hmacsha512ctx, hkey->key, ISC_SHA512_DIGESTLENGTH); + dctx->ctxdata.hmacsha512ctx = hmacsha512ctx; + return (ISC_R_SUCCESS); +} + +static void +hmacsha512_destroyctx(dst_context_t *dctx) { + isc_hmacsha512_t *hmacsha512ctx = dctx->ctxdata.hmacsha512ctx; + + if (hmacsha512ctx != NULL) { + isc_hmacsha512_invalidate(hmacsha512ctx); + isc_mem_put(dctx->mctx, hmacsha512ctx, sizeof(isc_hmacsha512_t)); + dctx->ctxdata.hmacsha512ctx = NULL; + } +} + +static isc_result_t +hmacsha512_adddata(dst_context_t *dctx, const isc_region_t *data) { + isc_hmacsha512_t *hmacsha512ctx = dctx->ctxdata.hmacsha512ctx; + + isc_hmacsha512_update(hmacsha512ctx, data->base, data->length); + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha512_sign(dst_context_t *dctx, isc_buffer_t *sig) { + isc_hmacsha512_t *hmacsha512ctx = dctx->ctxdata.hmacsha512ctx; + unsigned char *digest; + + if (isc_buffer_availablelength(sig) < ISC_SHA512_DIGESTLENGTH) + return (ISC_R_NOSPACE); + digest = isc_buffer_used(sig); + isc_hmacsha512_sign(hmacsha512ctx, digest, ISC_SHA512_DIGESTLENGTH); + isc_buffer_add(sig, ISC_SHA512_DIGESTLENGTH); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha512_verify(dst_context_t *dctx, const isc_region_t *sig) { + isc_hmacsha512_t *hmacsha512ctx = dctx->ctxdata.hmacsha512ctx; + + if (sig->length > ISC_SHA512_DIGESTLENGTH || sig->length == 0) + return (DST_R_VERIFYFAILURE); + + if (isc_hmacsha512_verify(hmacsha512ctx, sig->base, sig->length)) + return (ISC_R_SUCCESS); + else + return (DST_R_VERIFYFAILURE); +} + +static isc_boolean_t +hmacsha512_compare(const dst_key_t *key1, const dst_key_t *key2) { + dst_hmacsha512_key_t *hkey1, *hkey2; + + hkey1 = key1->keydata.hmacsha512; + hkey2 = key2->keydata.hmacsha512; + + if (hkey1 == NULL && hkey2 == NULL) + return (ISC_TRUE); + else if (hkey1 == NULL || hkey2 == NULL) + return (ISC_FALSE); + + if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_DIGESTLENGTH) == 0) + return (ISC_TRUE); + else + return (ISC_FALSE); +} + +static isc_result_t +hmacsha512_generate(dst_key_t *key, int pseudorandom_ok) { + isc_buffer_t b; + isc_result_t ret; + int bytes; + unsigned char data[HMAC_LEN]; + + bytes = (key->key_size + 7) / 8; + if (bytes > HMAC_LEN) { + bytes = HMAC_LEN; + key->key_size = HMAC_LEN * 8; + } + + memset(data, 0, HMAC_LEN); + ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); + + if (ret != ISC_R_SUCCESS) + return (ret); + + isc_buffer_init(&b, data, bytes); + isc_buffer_add(&b, bytes); + ret = hmacsha512_fromdns(key, &b); + memset(data, 0, ISC_SHA512_DIGESTLENGTH); + + return (ret); +} + +static isc_boolean_t +hmacsha512_isprivate(const dst_key_t *key) { + UNUSED(key); + return (ISC_TRUE); +} + +static void +hmacsha512_destroy(dst_key_t *key) { + dst_hmacsha512_key_t *hkey = key->keydata.hmacsha512; + memset(hkey, 0, sizeof(dst_hmacsha512_key_t)); + isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha512_key_t)); + key->keydata.hmacsha512 = NULL; +} + +static isc_result_t +hmacsha512_todns(const dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha512_key_t *hkey; + unsigned int bytes; + + REQUIRE(key->keydata.hmacsha512 != NULL); + + hkey = key->keydata.hmacsha512; + + bytes = (key->key_size + 7) / 8; + if (isc_buffer_availablelength(data) < bytes) + return (ISC_R_NOSPACE); + isc_buffer_putmem(data, hkey->key, bytes); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data) { + dst_hmacsha512_key_t *hkey; + int keylen; + isc_region_t r; + isc_sha512_t sha512ctx; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) + return (ISC_R_SUCCESS); + + hkey = isc_mem_get(key->mctx, sizeof(dst_hmacsha512_key_t)); + if (hkey == NULL) + return (ISC_R_NOMEMORY); + + memset(hkey->key, 0, sizeof(hkey->key)); + + if (r.length > ISC_SHA512_DIGESTLENGTH) { + isc_sha512_init(&sha512ctx); + isc_sha512_update(&sha512ctx, r.base, r.length); + isc_sha512_final(hkey->key, &sha512ctx); + keylen = ISC_SHA512_DIGESTLENGTH; + } + else { + memcpy(hkey->key, r.base, r.length); + keylen = r.length; + } + + key->key_size = keylen * 8; + key->keydata.hmacsha512 = hkey; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +hmacsha512_tofile(const dst_key_t *key, const char *directory) { + int cnt = 0; + dst_hmacsha512_key_t *hkey; + dst_private_t priv; + int bytes = (key->key_size + 7) / 8; + unsigned char buf[2]; + + if (key->keydata.hmacsha512 == NULL) + return (DST_R_NULLKEY); + + hkey = key->keydata.hmacsha512; + + priv.elements[cnt].tag = TAG_HMACSHA512_KEY; + priv.elements[cnt].length = bytes; + priv.elements[cnt++].data = hkey->key; + + buf[0] = (key->key_bits >> 8) & 0xffU; + buf[1] = key->key_bits & 0xffU; + priv.elements[cnt].tag = TAG_HMACSHA512_BITS; + priv.elements[cnt].data = buf; + priv.elements[cnt++].length = 2; + + priv.nelements = cnt; + return (dst__privstruct_writefile(key, &priv, directory)); +} + +static isc_result_t +hmacsha512_parse(dst_key_t *key, isc_lex_t *lexer) { + dst_private_t priv; + isc_result_t result, tresult; + isc_buffer_t b; + isc_mem_t *mctx = key->mctx; + unsigned int i; + + /* read private key file */ + result = dst__privstruct_parse(key, DST_ALG_HMACSHA512, lexer, mctx, + &priv); + if (result != ISC_R_SUCCESS) + return (result); + + key->key_bits = 0; + for (i = 0; i < priv.nelements; i++) { + switch (priv.elements[i].tag) { + case TAG_HMACSHA512_KEY: + isc_buffer_init(&b, priv.elements[i].data, + priv.elements[i].length); + isc_buffer_add(&b, priv.elements[i].length); + tresult = hmacsha512_fromdns(key, &b); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + case TAG_HMACSHA512_BITS: + tresult = getkeybits(key, &priv.elements[i]); + if (tresult != ISC_R_SUCCESS) + result = tresult; + break; + default: + result = DST_R_INVALIDPRIVATEKEY; + break; + } + } + dst__privstruct_free(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (result); +} + +static dst_func_t hmacsha512_functions = { + hmacsha512_createctx, + hmacsha512_destroyctx, + hmacsha512_adddata, + hmacsha512_sign, + hmacsha512_verify, + NULL, /* computesecret */ + hmacsha512_compare, + NULL, /* paramcompare */ + hmacsha512_generate, + hmacsha512_isprivate, + hmacsha512_destroy, + hmacsha512_todns, + hmacsha512_fromdns, + hmacsha512_tofile, + hmacsha512_parse, + NULL, /* cleanup */ +}; + +isc_result_t +dst__hmacsha512_init(dst_func_t **funcp) { + REQUIRE(funcp != NULL); + if (*funcp == NULL) + *funcp = &hmacsha512_functions; + return (ISC_R_SUCCESS); +} + +/*! \file */ diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/acache.h b/contrib/bind-9.5.2/lib/dns/include/dns/acache.h new file mode 100644 index 0000000000..28990c2aab --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/acache.h @@ -0,0 +1,445 @@ +/* + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: acache.h,v 1.8 2007/06/19 23:47:16 tbox Exp $ */ + +#ifndef DNS_ACACHE_H +#define DNS_ACACHE_H 1 + +/***** + ***** Module Info + *****/ + +/* + * Acache + * + * The Additional Cache Object + * + * This module manages internal caching entries that correspond to + * the additional section data of a DNS DB node (an RRset header, more + * accurately). An additional cache entry is expected to be (somehow) + * attached to a particular RR in a particular DB node, and contains a set + * of information of an additional data for the DB node. + * + * An additional cache object is intended to be created as a per-view + * object, and manages all cache entries within the view. + * + * The intended usage of the additional caching is to provide a short cut + * to additional glue RRs of an NS RR. For each NS RR, it is often + * necessary to look for glue RRs to make a proper response. Once the + * glue RRs are known, the additional caching allows the client to + * associate the information to the original NS RR so that further + * expensive lookups can be avoided for the NS RR. + * + * Each additional cache entry contains information to identify a + * particular DB node and (optionally) an associated RRset. The + * information consists of its zone, database, the version of the + * database, database node, and RRset. + * + * A "negative" information can also be cached. For example, if a glue + * RR does not exist as an authoritative data in the same zone as that + * of the NS RR, this fact can be cached by specifying a NULL pointer + * for the database, version, and node. (See the description for + * dns_acache_getentry() below for more details.) + * + * Since each member stored in an additional cache entry holds a reference + * to a corresponding object, a stale cache entry may cause unnecessary + * memory consumption. For instance, when a zone is reloaded, additional + * cache entries that have a reference to the zone (and its DB and/or + * DB nodes) can delay the cleanup of the referred objects. In order to + * minimize such a bad effect, this module provides several cleanup + * mechanisms. + * + * The first one is a shutdown procedure called when the associated view + * is shut down. In this case, dns_acache_shutdown() will be called and + * all cache entries will be purged. This mechanism will help the + * situation when the configuration is reloaded or the main server is + * stopped. + * + * Per-DB cleanup mechanism is also provided. Each additional cache entry + * is associated with related DB, which is expected to have been + * registered when the DB was created by dns_acache_setdb(). If a + * particular DB is going to be destroyed, the primary holder of the DB, + * a typical example of which is a zone, will call dns_acache_putdb(). + * Then this module will clean-up all cache entries associated with the + * DB. This mechanism is effective when a secondary zone DB is going to + * be stale after a zone transfer. + * + * Finally, this module supports for periodic clean-up of stale entries. + * Each cache entry has a timestamp field, which is updated every time + * the entry is referred. A periodically invoked cleaner checks the + * timestamp of each entry, and purge entries that have not been referred + * for a certain period. The cleaner interval can be specified by + * dns_acache_setcleaninginterval(). If the periodic clean-up is not + * enough, it is also possible to specify the upper limit of entries + * in terms of the memory consumption. If the maximum value is + * specified, the cleaner is invoked when the memory consumption reaches + * the high watermark inferred from the maximum value. In this case, + * the cleaner will use more aggressive algorithm to decide the "victim" + * entries. The maximum value can be specified by + * dns_acache_setcachesize(). + * + * When a cache entry is going to be purged within this module, the + * callback function specified at the creation time will be called. + * The callback function is expected to release all internal resources + * related to the entry, which will typically be specific to DB + * implementation, and to call dns_acache_detachentry(). The callback + * mechanism is very important, since the holder of an additional cache + * entry may not be able to initiate the clean-up of the entry, due to + * the reference ordering. For example, as long as an additional cache + * entry has a reference to a DB object, the DB cannot be freed, in which + * a DB node may have a reference to the cache entry. + * + * Credits: + * The basic idea of this kind of short-cut for frequently used + * information is similar to the "pre-compiled answer" approach adopted + * in nsd by NLnet LABS with RIPE NCC. Our work here is an independent + * effort, but the success of nsd encouraged us to pursue this path. + * + * The design and implementation of the periodic memory management and + * the upper limitation of memory consumption was derived from the cache + * DB implementation of BIND9. + * + * MP: + * There are two main locks in this module. One is for each entry, and + * the other is for the additional cache object. + * + * Reliability: + * The callback function for a cache entry is called with holding the + * entry lock. Thus, it implicitly assumes the callback function does not + * call a function that can require the lock. Typically, the only + * function that can be called from the callback function safely is + * dns_acache_detachentry(). The breakage of this implicit assumption + * may cause a deadlock. + * + * Resources: + * In a 32-bit architecture (such as i386), the following additional + * memory is required comparing to the case that disables this module. + * - 76 bytes for each additional cache entry + * - if the entry has a DNS name and associated RRset, + * * 44 bytes + size of the name (1-255 bytes) + * * 52 bytes x number_of_RRs + * - 28 bytes for each DB related to this module + * + * Using the additional cache also requires extra memory consumption in + * the DB implementation. In the current implementation for rbtdb, we + * need: + * - two additional pointers for each DB node (8 bytes for a 32-bit + * architecture + * - for each RR associated to an RR in a DB node, we also need + * a pointer and management objects to support the additional cache + * function. These are allocated on-demand. The total size is + * 32 bytes for a 32-bit architecture. + * + * Security: + * Since this module does not handle any low-level data directly, + * no security issue specific to this module is anticipated. + * + * Standards: + * None. + */ + +/*** + *** Imports + ***/ + +#include +#include +#include +#include + +#include + +/*** + *** Functions + ***/ +ISC_LANG_BEGINDECLS + +isc_result_t +dns_acache_create(dns_acache_t **acachep, isc_mem_t *mctx, + isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr); +/* + * Create a new DNS additional cache object. + * + * Requires: + * + * 'mctx' is a valid memory context + * + * 'taskmgr' is a valid task manager + * + * 'timermgr' is a valid timer or NULL. If NULL, no periodic cleaning of + * the cache will take place. + * + * 'acachep' is a valid pointer, and *acachep == NULL + * + * Ensures: + * + * '*acachep' is attached to the newly created cache + * + * Returns: + * + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + * ISC_R_UNEXPECTED + */ + +void +dns_acache_attach(dns_acache_t *source, dns_acache_t **targetp); +/* + * Attach *targetp to cache. + * + * Requires: + * + * 'acache' is a valid additional cache. + * + * 'targetp' points to a NULL dns_acache_t *. + * + * Ensures: + * + * *targetp is attached to the 'source' additional cache. + */ + +void +dns_acache_detach(dns_acache_t **acachep); +/* + * Detach *acachep from its cache. + * + * Requires: + * + * '*acachep' points to a valid additional cache. + * + * Ensures: + * + * *acachep is NULL. + * + * If '*acachep' is the last reference to the cache and the additional + * cache does not have an outstanding task, all resources used by the + * cache will be freed. + */ + +void +dns_acache_setcleaninginterval(dns_acache_t *acache, unsigned int t); +/* + * Set the periodic cleaning interval of an additional cache to 'interval' + * seconds. + */ + +void +dns_acache_setcachesize(dns_acache_t *acache, isc_uint32_t size); +/* + * Set the maximum additional cache size. 0 means unlimited. + */ + +isc_result_t +dns_acache_setdb(dns_acache_t *acache, dns_db_t *db); +/* + * Set 'db' in 'acache' when the db can be referred from acache, in order + * to provide a hint for resolving the back reference. + * + * Requires: + * 'acache' is a valid acache pointer. + * 'db' is a valid DNS DB pointer. + * + * Ensures: + * 'acache' will have a reference to 'db'. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_EXISTS (which means the specified 'db' is already set) + * ISC_R_NOMEMORY + */ + +isc_result_t +dns_acache_putdb(dns_acache_t *acache, dns_db_t *db); +/* + * Release 'db' from 'acache' if it has been set by dns_acache_setdb(). + * + * Requires: + * 'acache' is a valid acache pointer. + * 'db' is a valid DNS DB pointer. + * + * Ensures: + * 'acache' will release the reference to 'db'. Additionally, the content + * of each cache entry that is related to the 'db' will be released via + * the callback function. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOTFOUND (which means the specified 'db' is not set in 'acache') + * ISC_R_NOMEMORY + */ + +void +dns_acache_shutdown(dns_acache_t *acache); +/* + * Shutdown 'acache'. + * + * Requires: + * + * '*acache' is a valid additional cache. + */ + +isc_result_t +dns_acache_createentry(dns_acache_t *acache, dns_db_t *origdb, + void (*callback)(dns_acacheentry_t *, void **), + void *cbarg, dns_acacheentry_t **entryp); +/* + * Create an additional cache entry. A new entry is created and attached to + * the given additional cache object. A callback function is also associated + * with the created entry, which will be called when the cache entry is purged + * for some reason. + * + * Requires: + * + * 'acache' is a valid additional cache. + * 'entryp' is a valid pointer, and *entryp == NULL + * 'origdb' is a valid DNS DB pointer. + * 'callback' and 'cbarg' can be NULL. In this case, however, the entry + * is meaningless (and will be cleaned-up in the next periodical + * cleaning). + * + * Ensures: + * '*entryp' will point to a new additional cache entry. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + */ + +isc_result_t +dns_acache_getentry(dns_acacheentry_t *entry, dns_zone_t **zonep, + dns_db_t **dbp, dns_dbversion_t **versionp, + dns_dbnode_t **nodep, dns_name_t *fname, + dns_message_t *msg, isc_stdtime_t now); +/* + * Get content from a particular additional cache entry. + * + * Requires: + * + * 'entry' is a valid additional cache entry. + * 'zonep' is a NULL pointer or '*zonep' == NULL (this is the only + * optional parameter.) + * 'dbp' is a valid pointer, and '*dbp' == NULL + * 'versionp' is a valid pointer, and '*versionp' == NULL + * 'nodep' is a valid pointer, and '*nodep' == NULL + * 'fname' is a valid DNS name. + * 'msg' is a valid DNS message. + * + * Ensures: + * Several possible cases can happen according to the content. + * 1. For a positive cache entry, + * '*zonep' will point to the corresponding zone (if zonep is a valid + * pointer), + * '*dbp' will point to a DB for the zone, + * '*versionp' will point to its version, and + * '*nodep' will point to the corresponding DB node. + * 'fname' will have the DNS name of the DB node and contain a list of + * rdataset for the node (which can be an empty list). + * + * 2. For a negative cache entry that means no corresponding zone exists, + * '*zonep' == NULL (if zonep is a valid pointer) + * '*dbp', '*versionp', and '*nodep' will be NULL. + * + * 3. For a negative cache entry that means no corresponding DB node + * exists, '*zonep' will point to the corresponding zone (if zonep is a + * valid pointer), + * '*dbp' will point to a corresponding DB for zone, + * '*versionp' will point to its version. + * '*nodep' will be kept as NULL. + * 'fname' will not change. + * + * On failure, no new references will be created. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + */ + +isc_result_t +dns_acache_setentry(dns_acache_t *acache, dns_acacheentry_t *entry, + dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *version, + dns_dbnode_t *node, dns_name_t *fname); +/* + * Set content to a particular additional cache entry. + * + * Requires: + * 'acache' is a valid additional cache. + * 'entry' is a valid additional cache entry. + * All the others pointers are NULL or a valid pointer of the + * corresponding type. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + * ISC_R_NOTFOUND + */ + +void +dns_acache_cancelentry(dns_acacheentry_t *entry); +/* + * Cancel the use of the cache entry 'entry'. This function is supposed to + * be called when the node that holds the entry finds the content is not + * correct any more. This function will try to release as much dependency as + * possible, and will be ready to be cleaned-up. The registered callback + * function will be canceled and will never called. + * + * Requires: + * 'entry' is a valid additional cache entry. + */ + +void +dns_acache_attachentry(dns_acacheentry_t *source, dns_acacheentry_t **targetp); +/* + * Attach *targetp to the cache entry 'source'. + * + * Requires: + * + * 'source' is a valid additional cache entry. + * + * 'targetp' points to a NULL dns_acacheentry_t *. + * + * Ensures: + * + * *targetp is attached to 'source'. + */ + +void +dns_acache_detachentry(dns_acacheentry_t **entryp); +/* + * Detach *entryp from its cache. + * + * Requires: + * + * '*entryp' points to a valid additional cache entry. + * + * Ensures: + * + * *entryp is NULL. + * + * If '*entryp' is the last reference to the entry, + * cache does not have an outstanding task, all resources used by the + * entry (including the entry object itself) will be freed. + */ + +void +dns_acache_countquerymiss(dns_acache_t *acache); +/* + * Count up a missed acache query. XXXMLG need more docs. + */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_ACACHE_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/acl.h b/contrib/bind-9.5.2/lib/dns/include/dns/acl.h similarity index 59% rename from contrib/bind-9.3/lib/dns/include/dns/acl.h rename to contrib/bind-9.5.2/lib/dns/include/dns/acl.h index ce4c8b6a86..e72be3e72a 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/acl.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/acl.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.h,v 1.20.52.5 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: acl.h,v 1.31.2.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_ACL_H #define DNS_ACL_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/acl.h + * \brief * Address match list handling. */ @@ -39,6 +40,7 @@ #include #include +#include /*** *** Types @@ -61,24 +63,25 @@ struct dns_aclipprefix { }; struct dns_aclelement { - dns_aclelemettype_t type; - isc_boolean_t negative; - union { - dns_aclipprefix_t ip_prefix; - dns_name_t keyname; - dns_acl_t *nestedacl; - } u; + dns_aclelemettype_t type; + isc_boolean_t negative; + dns_name_t keyname; + dns_acl_t *nestedacl; + int node_num; }; struct dns_acl { unsigned int magic; isc_mem_t *mctx; isc_refcount_t refcount; + dns_iptable_t *iptable; +#define node_count iptable->radix->num_added_node dns_aclelement_t *elements; - unsigned int alloc; /* Elements allocated */ - unsigned int length; /* Elements initialized */ - char *name; /* Temporary use only */ - ISC_LINK(dns_acl_t) nextincache; /* Ditto */ + isc_boolean_t has_negatives; + unsigned int alloc; /*%< Elements allocated */ + unsigned int length; /*%< Elements initialized */ + char *name; /*%< Temporary use only */ + ISC_LINK(dns_acl_t) nextincache; /*%< Ditto */ }; struct dns_aclenv { @@ -98,54 +101,70 @@ ISC_LANG_BEGINDECLS isc_result_t dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target); -/* - * Create a new ACL with room for 'n' elements. - * The elements are uninitialized and the length is 0. - */ - -isc_result_t -dns_acl_appendelement(dns_acl_t *acl, const dns_aclelement_t *elt); -/* - * Append an element to an existing ACL. +/*%< + * Create a new ACL, including an IP table and an array with room + * for 'n' ACL elements. The elements are uninitialized and the + * length is 0. */ isc_result_t dns_acl_any(isc_mem_t *mctx, dns_acl_t **target); -/* +/*%< * Create a new ACL that matches everything. */ isc_result_t dns_acl_none(isc_mem_t *mctx, dns_acl_t **target); -/* +/*%< * Create a new ACL that matches nothing. */ +isc_boolean_t +dns_acl_isany(dns_acl_t *acl); +/*%< + * Test whether ACL is set to "{ any; }" + */ + +isc_boolean_t +dns_acl_isnone(dns_acl_t *acl); +/*%< + * Test whether ACL is set to "{ none; }" + */ + +isc_result_t +dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos); +/*%< + * Merge the contents of one ACL into another. Call dns_iptable_merge() + * for the IP tables, then concatenate the element arrays. + * + * If pos is set to false, then the nested ACL is to be negated. This + * means reverse the sense of each *positive* element or IP table node, + * but leave negatives alone, so as to prevent a double-negative causing + * an unexpected positive match in the parent ACL. + */ + void dns_acl_attach(dns_acl_t *source, dns_acl_t **target); void dns_acl_detach(dns_acl_t **aclp); -isc_boolean_t -dns_aclelement_equal(const dns_aclelement_t *ea, const dns_aclelement_t *eb); - -isc_boolean_t -dns_acl_equal(const dns_acl_t *a, const dns_acl_t *b); - isc_boolean_t dns_acl_isinsecure(const dns_acl_t *a); -/* - * Return ISC_TRUE iff the acl 'a' is considered insecure, that is, +/*%< + * Return #ISC_TRUE iff the acl 'a' is considered insecure, that is, * if it contains IP addresses other than those of the local host. - * This is intended for applications such as printing warning + * This is intended for applications such as printing warning * messages for suspect ACLs; it is not intended for making access * control decisions. We make no guarantee that an ACL for which - * this function returns ISC_FALSE is safe. + * this function returns #ISC_FALSE is safe. */ isc_result_t dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env); +/*%< + * Initialize ACL environment, setting up localhost and localnets ACLs + */ void dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s); @@ -160,62 +179,44 @@ dns_acl_match(const isc_netaddr_t *reqaddr, const dns_aclenv_t *env, int *match, const dns_aclelement_t **matchelt); -/* +/*%< * General, low-level ACL matching. This is expected to * be useful even for weird stuff like the topology and sortlist statements. * * Match the address 'reqaddr', and optionally the key name 'reqsigner', * against 'acl'. 'reqsigner' may be NULL. * - * If there is a positive match, '*match' will be set to a positive value - * indicating the distance from the beginning of the list. - * - * If there is a negative match, '*match' will be set to a negative value - * whose absolute value indicates the distance from the beginning of - * the list. - * - * If there is a match (either positive or negative) and 'matchelt' is - * non-NULL, *matchelt will be attached to the primitive - * (non-indirect) address match list element that matched. + * If there is a match, '*match' will be set to an integer whose absolute + * value corresponds to the order in which the matching value was inserted + * into the ACL. For a positive match, this value will be positive; for a + * negative match, it will be negative. * * If there is no match, *match will be set to zero. * + * If there is a match in the element list (either positive or negative) + * and 'matchelt' is non-NULL, *matchelt will be pointed to the matching + * element. + * * Returns: - * ISC_R_SUCCESS Always succeeds. + *\li #ISC_R_SUCCESS Always succeeds. */ isc_boolean_t dns_aclelement_match(const isc_netaddr_t *reqaddr, const dns_name_t *reqsigner, const dns_aclelement_t *e, - const dns_aclenv_t *env, + const dns_aclenv_t *env, const dns_aclelement_t **matchelt); -/* +/*%< * Like dns_acl_match, but matches against the single ACL element 'e' - * rather than a complete list and returns ISC_TRUE iff it matched. - * To determine whether the match was prositive or negative, the + * rather than a complete ACL, and returns ISC_TRUE iff it matched. + * + * To determine whether the match was positive or negative, the * caller should examine e->negative. Since the element 'e' may be - * a reference to a named ACL or a nested ACL, the matching element + * a reference to a named ACL or a nested ACL, a matching element * returned through 'matchelt' is not necessarily 'e' itself. */ -isc_result_t -dns_acl_elementmatch(const dns_acl_t *acl, - const dns_aclelement_t *elt, - const dns_aclelement_t **matchelt); -/* - * Search for an ACL element in 'acl' which is exactly the same as 'elt'. - * If there is one, and 'matchelt' is non NULL, then '*matchelt' will point - * to the entry. - * - * This function is intended to be used for avoiding duplicated ACL entries - * before adding an entry. - * - * Returns: - * ISC_R_SUCCESS Match succeeds. - * ISC_R_NOTFOUND Match fails. - */ - ISC_LANG_ENDDECLS #endif /* DNS_ACL_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/adb.h b/contrib/bind-9.5.2/lib/dns/include/dns/adb.h similarity index 65% rename from contrib/bind-9.3/lib/dns/include/dns/adb.h rename to contrib/bind-9.5.2/lib/dns/include/dns/adb.h index 7a17eff086..eaf2e3783a 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/adb.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/adb.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb.h,v 1.66.2.5.2.4 2004/03/06 08:13:50 marka Exp $ */ +/* $Id: adb.h,v 1.83.128.2 2008/04/03 06:20:34 tbox Exp $ */ #ifndef DNS_ADB_H #define DNS_ADB_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/adb.h + *\brief * DNS Address Database * * This module implements an address database (ADB) for mapping a name @@ -49,21 +50,21 @@ * Records are stored internally until a timer expires. The timer is the * smaller of the TTL or signature validity period. * - * Lameness is stored per-zone, and this data hangs off each address field. - * When an address is marked lame for a given zone the address will not - * be returned to a caller. + * Lameness is stored per tuple, and this data hangs off each + * address field. When an address is marked lame for a given tuple the address + * will not be returned to a caller. * * * MP: * - * The ADB takes care of all necessary locking. + *\li The ADB takes care of all necessary locking. * - * Only the task which initiated the name lookup can cancel the lookup. + *\li Only the task which initiated the name lookup can cancel the lookup. * * * Security: * - * None, since all data stored is required to be pre-filtered. + *\li None, since all data stored is required to be pre-filtered. * (Cache needs to be sane, fetches return bounds-checked and sanity- * checked data, caller passes a good dns_name_t for the zone, etc) */ @@ -98,8 +99,8 @@ ISC_LANG_BEGINDECLS typedef struct dns_adbname dns_adbname_t; -/* dns_adbfind_t - * +/*! + *\brief * Represents a lookup for a single name. * * On return, the client can safely use "list", and can reorder the list. @@ -108,14 +109,14 @@ typedef struct dns_adbname dns_adbname_t; */ struct dns_adbfind { /* Public */ - unsigned int magic; /* RO: magic */ - dns_adbaddrinfolist_t list; /* RO: list of addrs */ - unsigned int query_pending; /* RO: partial list */ - unsigned int partial_result; /* RO: addrs missing */ - unsigned int options; /* RO: options */ - isc_result_t result_v4; /* RO: v4 result */ - isc_result_t result_v6; /* RO: v6 result */ - ISC_LINK(dns_adbfind_t) publink; /* RW: client use */ + unsigned int magic; /*%< RO: magic */ + dns_adbaddrinfolist_t list; /*%< RO: list of addrs */ + unsigned int query_pending; /*%< RO: partial list */ + unsigned int partial_result; /*%< RO: addrs missing */ + unsigned int options; /*%< RO: options */ + isc_result_t result_v4; /*%< RO: v4 result */ + isc_result_t result_v6; /*%< RO: v6 result */ + ISC_LINK(dns_adbfind_t) publink; /*%< RW: client use */ /* Private */ isc_mutex_t lock; /* locks all below */ @@ -161,34 +162,65 @@ struct dns_adbfind { * At least one address was omitted from the list because it was lame. * This bit will NEVER be set if _RETURNLAME is set in the createfind(). */ +/*% Return addresses of type INET. */ #define DNS_ADBFIND_INET 0x00000001 +/*% Return addresses of type INET6. */ #define DNS_ADBFIND_INET6 0x00000002 #define DNS_ADBFIND_ADDRESSMASK 0x00000003 - +/*% + * Only schedule an event if no addresses are known. + * Must set _WANTEVENT for this to be meaningful. + */ #define DNS_ADBFIND_EMPTYEVENT 0x00000004 +/*% + * An event is desired. Check this bit in the returned find to see + * if one will actually be generated. + */ #define DNS_ADBFIND_WANTEVENT 0x00000008 +/*% + * If set, fetches will not be generated unless no addresses are + * available in any of the address families requested. + */ #define DNS_ADBFIND_AVOIDFETCHES 0x00000010 +/*% + * Fetches will start using the closest zone data or use the root servers. + * This is useful for reestablishing glue that has expired. + */ #define DNS_ADBFIND_STARTATZONE 0x00000020 +/*% + * Glue or hints are ok. These are used when matching names already + * in the adb, and when dns databases are searched. + */ #define DNS_ADBFIND_GLUEOK 0x00000040 +/*% + * Glue or hints are ok. These are used when matching names already + * in the adb, and when dns databases are searched. + */ #define DNS_ADBFIND_HINTOK 0x00000080 +/*% + * Return lame servers in a find, so that all addresses are returned. + */ #define DNS_ADBFIND_RETURNLAME 0x00000100 +/*% + * Only schedule an event if no addresses are known. + * Must set _WANTEVENT for this to be meaningful. + */ #define DNS_ADBFIND_LAMEPRUNED 0x00000200 -/* dns_adbaddrinfo_t - * +/*% * The answers to queries come back as a list of these. */ struct dns_adbaddrinfo { - unsigned int magic; /* private */ + unsigned int magic; /*%< private */ - isc_sockaddr_t sockaddr; /* [rw] */ - unsigned int srtt; /* [rw] microseconds */ - unsigned int flags; /* [rw] */ - dns_adbentry_t *entry; /* private */ + isc_sockaddr_t sockaddr; /*%< [rw] */ + unsigned int srtt; /*%< [rw] microseconds */ + unsigned int flags; /*%< [rw] */ + dns_adbentry_t *entry; /*%< private */ ISC_LINK(dns_adbaddrinfo_t) publink; }; -/* +/*!< * The event sent to the caller task is just a plain old isc_event_t. It * contains no data other than a simple status, passed in the "type" field * to indicate that another address resolved, or all partially resolved @@ -198,13 +230,13 @@ struct dns_adbaddrinfo { * * This is simply a standard event, with the "type" set to: * - * DNS_EVENT_ADBMOREADDRESSES -- another address resolved. - * DNS_EVENT_ADBNOMOREADDRESSES -- all pending addresses failed, + *\li #DNS_EVENT_ADBMOREADDRESSES -- another address resolved. + *\li #DNS_EVENT_ADBNOMOREADDRESSES -- all pending addresses failed, * were canceled, or otherwise will * not be usable. - * DNS_EVENT_ADBCANCELED -- The request was canceled by a + *\li #DNS_EVENT_ADBCANCELED -- The request was canceled by a * 3rd party. - * DNS_EVENT_ADBNAMEDELETED -- The name was deleted, so this request + *\li #DNS_EVENT_ADBNAMEDELETED -- The name was deleted, so this request * was canceled. * * In each of these cases, the addresses returned by the initial call @@ -219,89 +251,90 @@ struct dns_adbaddrinfo { isc_result_t dns_adb_create(isc_mem_t *mem, dns_view_t *view, isc_timermgr_t *tmgr, isc_taskmgr_t *taskmgr, dns_adb_t **newadb); -/* +/*%< * Create a new ADB. * * Notes: * - * Generally, applications should not create an ADB directly, but + *\li Generally, applications should not create an ADB directly, but * should instead call dns_view_createresolver(). * * Requires: * - * 'mem' must be a valid memory context. + *\li 'mem' must be a valid memory context. * - * 'view' be a pointer to a valid view. + *\li 'view' be a pointer to a valid view. * - * 'tmgr' be a pointer to a valid timer manager. + *\li 'tmgr' be a pointer to a valid timer manager. * - * 'taskmgr' be a pointer to a valid task manager. + *\li 'taskmgr' be a pointer to a valid task manager. * - * 'newadb' != NULL && '*newadb' == NULL. + *\li 'newadb' != NULL && '*newadb' == NULL. * * Returns: * - * ISC_R_SUCCESS after happiness. - * ISC_R_NOMEMORY after resource allocation failure. + *\li #ISC_R_SUCCESS after happiness. + *\li #ISC_R_NOMEMORY after resource allocation failure. */ void dns_adb_attach(dns_adb_t *adb, dns_adb_t **adbp); -/* +/*% * Attach to an 'adb' to 'adbp'. * * Requires: - * 'adb' to be a valid dns_adb_t, created via dns_adb_create(). - * 'adbp' to be a valid pointer to a *dns_adb_t which is initialized + *\li 'adb' to be a valid dns_adb_t, created via dns_adb_create(). + *\li 'adbp' to be a valid pointer to a *dns_adb_t which is initialized * to NULL. */ void dns_adb_detach(dns_adb_t **adb); -/* +/*% * Delete the ADB. Sets *ADB to NULL. Cancels any outstanding requests. * * Requires: * - * 'adb' be non-NULL and '*adb' be a valid dns_adb_t, created via + *\li 'adb' be non-NULL and '*adb' be a valid dns_adb_t, created via * dns_adb_create(). */ void dns_adb_whenshutdown(dns_adb_t *adb, isc_task_t *task, isc_event_t **eventp); -/* +/*% * Send '*eventp' to 'task' when 'adb' has shutdown. * * Requires: * - * '*adb' is a valid dns_adb_t. + *\li '*adb' is a valid dns_adb_t. * - * eventp != NULL && *eventp is a valid event. + *\li eventp != NULL && *eventp is a valid event. * * Ensures: * - * *eventp == NULL + *\li *eventp == NULL * - * The event's sender field is set to the value of adb when the event + *\li The event's sender field is set to the value of adb when the event * is sent. */ void dns_adb_shutdown(dns_adb_t *adb); -/* +/*%< * Shutdown 'adb'. * * Requires: * - * '*adb' is a valid dns_adb_t. + * \li '*adb' is a valid dns_adb_t. */ isc_result_t dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, - void *arg, dns_name_t *name, dns_name_t *zone, - unsigned int options, isc_stdtime_t now, dns_name_t *target, + void *arg, dns_name_t *name, dns_name_t *qname, + dns_rdatatype_t qtype, unsigned int options, + isc_stdtime_t now, dns_name_t *target, in_port_t port, dns_adbfind_t **find); -/* +/*%< * Main interface for clients. The adb will look up the name given in * "name" and will build up a list of found addresses, and perhaps start * internal fetches to resolve names that are unknown currently. @@ -311,9 +344,9 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * set to a pointer to the dns_adbfind_t returned by this function. * * If no events will be generated, the *find->result_v4 and/or result_v6 - * members may be examined for address lookup status. The usual ISC_R_SUCCESS, - * ISC_R_FAILURE, and DNS_R_NX{DOMAIN,RRSET} are returned, along with - * ISC_R_NOTFOUND meaning the ADB has not _yet_ found the values. In this + * members may be examined for address lookup status. The usual #ISC_R_SUCCESS, + * #ISC_R_FAILURE, #DNS_R_NXDOMAIN, and #DNS_R_NXRRSET are returned, along with + * #ISC_R_NOTFOUND meaning the ADB has not _yet_ found the values. In this * latter case, retrying may produce more addresses. * * If events will be returned, the result_v[46] members are only valid @@ -346,42 +379,42 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * * Requires: * - * *adb be a valid isc_adb_t object. + *\li *adb be a valid isc_adb_t object. * - * If events are to be sent, *task be a valid task, + *\li If events are to be sent, *task be a valid task, * and isc_taskaction_t != NULL. * - * *name is a valid dns_name_t. + *\li *name is a valid dns_name_t. * - * zone != NULL and *zone be a valid dns_name_t. + *\li qname != NULL and *qname be a valid dns_name_t. * - * target == NULL or target is a valid name with a buffer. + *\li target == NULL or target is a valid name with a buffer. * - * find != NULL && *find == NULL. + *\li find != NULL && *find == NULL. * * Returns: * - * ISC_R_SUCCESS Addresses might have been returned, and events will be + *\li #ISC_R_SUCCESS Addresses might have been returned, and events will be * delivered for unresolved addresses. - * ISC_R_NOMORE Addresses might have been returned, but no events + *\li #ISC_R_NOMORE Addresses might have been returned, but no events * will ever be posted for this context. This is only * returned if task != NULL. - * ISC_R_NOMEMORY insufficient resources - * DNS_R_ALIAS 'name' is an alias for another name. + *\li #ISC_R_NOMEMORY insufficient resources + *\li #DNS_R_ALIAS 'name' is an alias for another name. * * Calls, and returns error codes from: * - * isc_stdtime_get() + *\li isc_stdtime_get() * * Notes: * - * No internal reference to "name" exists after this function + *\li No internal reference to "name" exists after this function * returns. */ void dns_adb_cancelfind(dns_adbfind_t *find); -/* +/*%< * Cancels the find, and sends the event off to the caller. * * It is an error to call dns_adb_cancelfind() on a find where @@ -389,7 +422,7 @@ dns_adb_cancelfind(dns_adbfind_t *find); * * Note: * - * It is possible that the real completion event was posted just + *\li It is possible that the real completion event was posted just * before the dns_adb_cancelfind() call was made. In this case, * dns_adb_cancelfind() will do nothing. The event callback needs * to be prepared to find this situation (i.e. result is valid but @@ -397,101 +430,105 @@ dns_adb_cancelfind(dns_adbfind_t *find); * * Requires: * - * 'find' be a valid dns_adbfind_t pointer. + *\li 'find' be a valid dns_adbfind_t pointer. * - * events would have been posted to the task. This can be checked + *\li events would have been posted to the task. This can be checked * with (find->options & DNS_ADBFIND_WANTEVENT). * * Ensures: * - * The event was posted to the task. + *\li The event was posted to the task. */ void dns_adb_destroyfind(dns_adbfind_t **find); -/* +/*%< * Destroys the find reference. * * Note: * - * This can only be called after the event was delivered for a + *\li This can only be called after the event was delivered for a * find. Additionally, the event MUST have been freed via * isc_event_free() BEFORE this function is called. * * Requires: * - * 'find' != NULL and *find be valid dns_adbfind_t pointer. + *\li 'find' != NULL and *find be valid dns_adbfind_t pointer. * * Ensures: * - * No "address found" events will be posted to the originating task + *\li No "address found" events will be posted to the originating task * after this function returns. */ void dns_adb_dump(dns_adb_t *adb, FILE *f); -/* +/*%< * This function is only used for debugging. It will dump as much of the * state of the running system as possible. * * Requires: * - * adb be valid. + *\li adb be valid. * - * f != NULL, and is a file open for writing. + *\li f != NULL, and is a file open for writing. */ void dns_adb_dumpfind(dns_adbfind_t *find, FILE *f); -/* +/*%< * This function is only used for debugging. Dump the data associated * with a find. * * Requires: * - * find is valid. + *\li find is valid. * - * f != NULL, and is a file open for writing. + * \li f != NULL, and is a file open for writing. */ isc_result_t -dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *zone, - isc_stdtime_t expire_time); -/* - * Mark the given address as lame for the zone "zone". expire_time should +dns_adb_marklame(dns_adb_t *adb, dns_adbaddrinfo_t *addr, dns_name_t *qname, + dns_rdatatype_t type, isc_stdtime_t expire_time); +/*%< + * Mark the given address as lame for the . expire_time should * be set to the time when the entry should expire. That is, if it is to * expire 10 minutes in the future, it should set it to (now + 10 * 60). * * Requires: * - * adb be valid. + *\li adb be valid. * - * addr be valid. + *\li addr be valid. * - * zone be the zone used in the dns_adb_createfind() call. + *\li qname be the qname used in the dns_adb_createfind() call. * * Returns: * - * ISC_R_SUCCESS -- all is well. - * ISC_R_NOMEMORY -- could not mark address as lame. + *\li #ISC_R_SUCCESS -- all is well. + *\li #ISC_R_NOMEMORY -- could not mark address as lame. */ /* * A reasonable default for RTT adjustments */ -#define DNS_ADB_RTTADJDEFAULT 7 /* default scale */ -#define DNS_ADB_RTTADJREPLACE 0 /* replace with our rtt */ -#define DNS_ADB_RTTADJAGE 10 /* age this rtt */ +#define DNS_ADB_RTTADJDEFAULT 7 /*%< default scale */ +#define DNS_ADB_RTTADJREPLACE 0 /*%< replace with our rtt */ +#define DNS_ADB_RTTADJAGE 10 /*%< age this rtt */ void dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int rtt, unsigned int factor); -/* - * Mix the round trip time into the existing smoothed rtt. The formula used +/*%< + * Mix the round trip time into the existing smoothed rtt. + + * The formula used * (where srtt is the existing rtt value, and rtt and factor are arguments to * this function): * + *\code * new_srtt = (old_srtt / 10 * factor) + (rtt / 10 * (10 - factor)); + *\endcode * * XXXRTH Do we want to publish the formula? What if we want to change how * this works later on? Recommend/require that the units are @@ -499,77 +536,79 @@ dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, * * Requires: * - * adb be valid. + *\li adb be valid. * - * addr be valid. + *\li addr be valid. * - * 0 <= factor <= 10 + *\li 0 <= factor <= 10 * * Note: * - * The srtt in addr will be updated to reflect the new global + *\li The srtt in addr will be updated to reflect the new global * srtt value. This may include changes made by others. */ void dns_adb_changeflags(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int bits, unsigned int mask); -/* +/*% + * Change Flags. + * * Set the flags as given by: * - * newflags = (oldflags & ~mask) | (bits & mask); + *\li newflags = (oldflags & ~mask) | (bits & mask); * * Requires: * - * adb be valid. + *\li adb be valid. * - * addr be valid. + *\li addr be valid. */ isc_result_t dns_adb_findaddrinfo(dns_adb_t *adb, isc_sockaddr_t *sa, dns_adbaddrinfo_t **addrp, isc_stdtime_t now); -/* +/*%< * Return a dns_adbaddrinfo_t that is associated with address 'sa'. * * Requires: * - * adb is valid. + *\li adb is valid. * - * sa is valid. + *\li sa is valid. * - * addrp != NULL && *addrp == NULL + *\li addrp != NULL && *addrp == NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_SHUTTINGDOWN + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_SHUTTINGDOWN */ void dns_adb_freeaddrinfo(dns_adb_t *adb, dns_adbaddrinfo_t **addrp); -/* +/*%< * Free a dns_adbaddrinfo_t allocated by dns_adb_findaddrinfo(). * * Requires: * - * adb is valid. + *\li adb is valid. * - * *addrp is a valid dns_adbaddrinfo_t *. + *\li *addrp is a valid dns_adbaddrinfo_t *. */ void dns_adb_flush(dns_adb_t *adb); -/* +/*%< * Flushes all cached data from the adb. * * Requires: - * adb is valid. + *\li adb is valid. */ void dns_adb_setadbsize(dns_adb_t *adb, isc_uint32_t size); -/* +/*%< * Set a target memory size. If memory usage exceeds the target * size entries will be removed before they would have expired on * a random basis. @@ -577,20 +616,19 @@ dns_adb_setadbsize(dns_adb_t *adb, isc_uint32_t size); * If 'size' is 0 then memory usage is unlimited. * * Requires: - * 'adb' is valid. + *\li 'adb' is valid. */ void dns_adb_flushname(dns_adb_t *adb, dns_name_t *name); -/* +/*%< * Flush 'name' from the adb cache. - * + * * Requires: - * 'adb' is valid. - * 'name' is valid. + *\li 'adb' is valid. + *\li 'name' is valid. */ - ISC_LANG_ENDDECLS #endif /* DNS_ADB_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/bit.h b/contrib/bind-9.5.2/lib/dns/include/dns/bit.h similarity index 83% rename from contrib/bind-9.3/lib/dns/include/dns/bit.h rename to contrib/bind-9.5.2/lib/dns/include/dns/bit.h index e4a7d20a89..28c733d486 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/bit.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/bit.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: bit.h,v 1.7.206.1 2004/03/06 08:13:51 marka Exp $ */ +/* $Id: bit.h,v 1.14 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_BIT_H #define DNS_BIT_H 1 +/*! \file dns/bit.h */ + #include #include diff --git a/contrib/bind-9.3/lib/dns/include/dns/byaddr.h b/contrib/bind-9.5.2/lib/dns/include/dns/byaddr.h similarity index 66% rename from contrib/bind-9.3/lib/dns/include/dns/byaddr.h rename to contrib/bind-9.5.2/lib/dns/include/dns/byaddr.h index 8f69cd9e27..edf843083a 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/byaddr.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/byaddr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: byaddr.h,v 1.12.2.1.2.4 2004/03/08 09:04:34 marka Exp $ */ +/* $Id: byaddr.h,v 1.22 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_BYADDR_H #define DNS_BYADDR_H 1 @@ -24,28 +24,27 @@ ***** Module Info *****/ -/* - * DNS ByAddr - * +/*! \file dns/byaddr.h + * \brief * The byaddr module provides reverse lookup services for IPv4 and IPv6 * addresses. * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * RFCs: 1034, 1035, 2181, - * Drafts: + *\li RFCs: 1034, 1035, 2181, TBS + *\li Drafts: TBS */ #include @@ -55,7 +54,7 @@ ISC_LANG_BEGINDECLS -/* +/*% * A 'dns_byaddrevent_t' is returned when a byaddr completes. * The sender field will be set to the byaddr that completed. If 'result' * is ISC_R_SUCCESS, then 'names' will contain a list of names associated @@ -72,76 +71,79 @@ typedef struct dns_byaddrevent { * This option is deprecated since we now only consider nibbles. #define DNS_BYADDROPT_IPV6NIBBLE 0x0001 */ +/*% Note DNS_BYADDROPT_IPV6NIBBLE is now deprecated. */ #define DNS_BYADDROPT_IPV6INT 0x0002 isc_result_t dns_byaddr_create(isc_mem_t *mctx, isc_netaddr_t *address, dns_view_t *view, unsigned int options, isc_task_t *task, isc_taskaction_t action, void *arg, dns_byaddr_t **byaddrp); -/* +/*%< * Find the domain name of 'address'. * * Notes: * - * There is a reverse lookup format for IPv6 addresses, 'nibble' + *\li There is a reverse lookup format for IPv6 addresses, 'nibble' * - * The 'nibble' format for that address is + *\li The 'nibble' format for that address is * + * \code * 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. + * \endcode * - * DNS_BYADDROPT_IPV6INT can be used to get nibble lookups under ip6.int. + *\li #DNS_BYADDROPT_IPV6INT can be used to get nibble lookups under ip6.int. * * Requires: * - * 'mctx' is a valid mctx. + *\li 'mctx' is a valid mctx. * - * 'address' is a valid IPv4 or IPv6 address. + *\li 'address' is a valid IPv4 or IPv6 address. * - * 'view' is a valid view which has a resolver. + *\li 'view' is a valid view which has a resolver. * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * byaddrp != NULL && *byaddrp == NULL + *\li byaddrp != NULL && *byaddrp == NULL * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY * - * Any resolver-related error (e.g. ISC_R_SHUTTINGDOWN) may also be + *\li Any resolver-related error (e.g. #ISC_R_SHUTTINGDOWN) may also be * returned. */ void dns_byaddr_cancel(dns_byaddr_t *byaddr); -/* +/*%< * Cancel 'byaddr'. * * Notes: * - * If 'byaddr' has not completed, post its BYADDRDONE event with a - * result code of ISC_R_CANCELED. + *\li If 'byaddr' has not completed, post its #DNS_EVENT_BYADDRDONE + * event with a result code of #ISC_R_CANCELED. * * Requires: * - * 'byaddr' is a valid byaddr. + *\li 'byaddr' is a valid byaddr. */ void dns_byaddr_destroy(dns_byaddr_t **byaddrp); -/* +/*%< * Destroy 'byaddr'. * * Requires: * - * '*byaddrp' is a valid byaddr. + *\li '*byaddrp' is a valid byaddr. * - * The caller has received the BYADDRDONE event (either because the - * byaddr completed or because dns_byaddr_cancel() was called). + *\li The caller has received the #DNS_EVENT_BYADDRDONE event (either because + * the byaddr completed or because dns_byaddr_cancel() was called). * * Ensures: * - * *byaddrp == NULL. + *\li *byaddrp == NULL. */ isc_result_t @@ -151,7 +153,7 @@ dns_byaddr_createptrname(isc_netaddr_t *address, isc_boolean_t nibble, isc_result_t dns_byaddr_createptrname2(isc_netaddr_t *address, unsigned int options, dns_name_t *name); -/* +/*%< * Creates a name that would be used in a PTR query for this address. The * nibble flag indicates that the 'nibble' format is to be used if an IPv6 * address is provided, instead of the 'bitstring' format. Since we dropped @@ -160,8 +162,8 @@ dns_byaddr_createptrname2(isc_netaddr_t *address, unsigned int options, * * Requires: * - * 'address' is a valid address. - * 'name' is a valid name with a dedicated buffer. + * \li 'address' is a valid address. + * \li 'name' is a valid name with a dedicated buffer. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/cache.h b/contrib/bind-9.5.2/lib/dns/include/dns/cache.h similarity index 71% rename from contrib/bind-9.3/lib/dns/include/dns/cache.h rename to contrib/bind-9.5.2/lib/dns/include/dns/cache.h index 4b775c9c14..7b372357d7 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/cache.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/cache.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.h,v 1.17.12.5 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: cache.h,v 1.26 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_CACHE_H #define DNS_CACHE_H 1 @@ -24,18 +24,17 @@ ***** Module Info *****/ -/* - * cache - * +/*! \file dns/cache.h + * \brief * Defines dns_cache_t, the cache object. * * Notes: - * A cache object contains DNS data of a single class. + *\li A cache object contains DNS data of a single class. * Multiple classes will be handled by creating multiple * views, each with a different class and its own cache. * * MP: - * See notes at the individual functions. + *\li See notes at the individual functions. * * Reliability: * @@ -66,71 +65,70 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep); -/* +/*%< * Create a new DNS cache. * * Requires: * - * 'mctx' is a valid memory context + *\li 'mctx' is a valid memory context * - * 'taskmgr' is a valid task manager and 'timermgr' is a valid timer + *\li 'taskmgr' is a valid task manager and 'timermgr' is a valid timer * manager, or both are NULL. If NULL, no periodic cleaning of the * cache will take place. * - * 'cachep' is a valid pointer, and *cachep == NULL + *\li 'cachep' is a valid pointer, and *cachep == NULL * * Ensures: * - * '*cachep' is attached to the newly created cache + *\li '*cachep' is attached to the newly created cache * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ void dns_cache_attach(dns_cache_t *cache, dns_cache_t **targetp); -/* +/*%< * Attach *targetp to cache. * * Requires: * - * 'cache' is a valid cache. + *\li 'cache' is a valid cache. * - * 'targetp' points to a NULL dns_cache_t *. + *\li 'targetp' points to a NULL dns_cache_t *. * * Ensures: * - * *targetp is attached to cache. + *\li *targetp is attached to cache. */ void dns_cache_detach(dns_cache_t **cachep); -/* +/*%< * Detach *cachep from its cache. * * Requires: * - * 'cachep' points to a valid cache. + *\li 'cachep' points to a valid cache. * * Ensures: * - * *cachep is NULL. - * - * If '*cachep' is the last reference to the cache, + *\li *cachep is NULL. * - * All resources used by the cache will be freed + *\li If '*cachep' is the last reference to the cache, + * all resources used by the cache will be freed */ void dns_cache_attachdb(dns_cache_t *cache, dns_db_t **dbp); -/* +/*%< * Attach *dbp to the cache's database. * * Notes: * - * This may be used to get a reference to the database for + *\li This may be used to get a reference to the database for * the purpose of cache lookups (XXX currently it is also * the way to add data to the cache, but having a * separate dns_cache_add() interface instead would allow @@ -140,39 +138,39 @@ dns_cache_attachdb(dns_cache_t *cache, dns_db_t **dbp); * * Requires: * - * 'cache' is a valid cache. + *\li 'cache' is a valid cache. * - * 'dbp' points to a NULL dns_db *. + *\li 'dbp' points to a NULL dns_db *. * * Ensures: * - * *dbp is attached to the database. + *\li *dbp is attached to the database. */ isc_result_t -dns_cache_setfilename(dns_cache_t *cahce, const char *filename); -/* +dns_cache_setfilename(dns_cache_t *cache, const char *filename); +/*%< * If 'filename' is non-NULL, make the cache persistent. * The cache's data will be stored in the given file. * If 'filename' is NULL, make the cache non-persistent. * Files that are no longer used are not unlinked automatically. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * Various file-related failures + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li Various file-related failures */ isc_result_t dns_cache_load(dns_cache_t *cache); -/* +/*%< * If the cache has a file name, load the cache contents from the file. * Previous cache contents are not discarded. * If no file name has been set, do nothing and return success. * * MT: - * Multiple simultaneous attempts to load or dump the cache + *\li Multiple simultaneous attempts to load or dump the cache * will be serialized with respect to one another, but * the cache may be read and updated while the dump is * in progress. Updates performed during loading @@ -181,19 +179,19 @@ dns_cache_load(dns_cache_t *cache); * * Returns: * - * ISC_R_SUCCESS - * Various failures depending on the database implementation type + *\li #ISC_R_SUCCESS + * \li Various failures depending on the database implementation type */ isc_result_t dns_cache_dump(dns_cache_t *cache); -/* +/*%< * If the cache has a file name, write the cache contents to disk, * overwriting any preexisting file. If no file name has been set, * do nothing and return success. * * MT: - * Multiple simultaneous attempts to load or dump the cache + *\li Multiple simultaneous attempts to load or dump the cache * will be serialized with respect to one another, but * the cache may be read and updated while the dump is * in progress. Updates performed during the dump may @@ -201,13 +199,13 @@ dns_cache_dump(dns_cache_t *cache); * * Returns: * - * ISC_R_SUCCESS - * Various failures depending on the database implementation type + *\li #ISC_R_SUCCESS + * \li Various failures depending on the database implementation type */ isc_result_t dns_cache_clean(dns_cache_t *cache, isc_stdtime_t now); -/* +/*%< * Force immediate cleaning of the cache, freeing all rdatasets * whose TTL has expired as of 'now' and that have no pending * references. @@ -215,24 +213,24 @@ dns_cache_clean(dns_cache_t *cache, isc_stdtime_t now); void dns_cache_setcleaninginterval(dns_cache_t *cache, unsigned int interval); -/* +/*%< * Set the periodic cache cleaning interval to 'interval' seconds. */ void dns_cache_setcachesize(dns_cache_t *cache, isc_uint32_t size); -/* +/*%< * Set the maximum cache size. 0 means unlimited. */ isc_result_t dns_cache_flush(dns_cache_t *cache); -/* +/*%< * Flushes all data from the cache. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ isc_result_t @@ -241,13 +239,13 @@ dns_cache_flushname(dns_cache_t *cache, dns_name_t *name); * Flushes a given name from the cache. * * Requires: - * 'cache' to be valid. - * 'name' to be valid. + *\li 'cache' to be valid. + *\li 'name' to be valid. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * other error returns. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li other error returns. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/callbacks.h b/contrib/bind-9.5.2/lib/dns/include/dns/callbacks.h similarity index 80% rename from contrib/bind-9.3/lib/dns/include/dns/callbacks.h rename to contrib/bind-9.5.2/lib/dns/include/dns/callbacks.h index 9c2710a57c..8a8385a995 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/callbacks.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/callbacks.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: callbacks.h,v 1.15.2.2.8.1 2004/03/06 08:13:51 marka Exp $ */ +/* $Id: callbacks.h,v 1.24 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_CALLBACKS_H #define DNS_CALLBACKS_H 1 +/*! \file dns/callbacks.h */ + /*** *** Imports ***/ @@ -35,19 +37,19 @@ ISC_LANG_BEGINDECLS ***/ struct dns_rdatacallbacks { - /* + /*% * dns_load_master calls this when it has rdatasets to commit. */ dns_addrdatasetfunc_t add; - /* + /*% * dns_load_master / dns_rdata_fromtext call this to issue a error. */ void (*error)(struct dns_rdatacallbacks *, const char *, ...); - /* + /*% * dns_load_master / dns_rdata_fromtext call this to issue a warning. */ void (*warn)(struct dns_rdatacallbacks *, const char *, ...); - /* + /*% * Private data handles for use by the above callback functions. */ void *add_private; @@ -61,20 +63,22 @@ struct dns_rdatacallbacks { void dns_rdatacallbacks_init(dns_rdatacallbacks_t *callbacks); -/* +/*%< * Initialize 'callbacks'. - * 'error' and 'warn' are set to default callbacks that print the + * + * + * \li 'error' and 'warn' are set to default callbacks that print the * error message through the DNS library log context. * - * All other elements are initialized to NULL. + *\li All other elements are initialized to NULL. * * Requires: - * 'callbacks' is a valid dns_rdatacallbacks_t, + * \li 'callbacks' is a valid dns_rdatacallbacks_t, */ void dns_rdatacallbacks_init_stdio(dns_rdatacallbacks_t *callbacks); -/* +/*%< * Like dns_rdatacallbacks_init, but logs to stdio. */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/cert.h b/contrib/bind-9.5.2/lib/dns/include/dns/cert.h similarity index 68% rename from contrib/bind-9.3/lib/dns/include/dns/cert.h rename to contrib/bind-9.5.2/lib/dns/include/dns/cert.h index 28a3d4c452..1cda84875c 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/cert.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/cert.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cert.h,v 1.12.206.1 2004/03/06 08:13:51 marka Exp $ */ +/* $Id: cert.h,v 1.19 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_CERT_H #define DNS_CERT_H 1 +/*! \file dns/cert.h */ + #include #include @@ -28,38 +30,38 @@ ISC_LANG_BEGINDECLS isc_result_t dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a certificate type. * The text may contain either a mnemonic type name or a decimal type number. * * Requires: - * 'certp' is a valid pointer. + *\li 'certp' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_RANGE numeric type is out of range - * DNS_R_UNKNOWN mnemonic type is unknown + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_RANGE numeric type is out of range + *\li #DNS_R_UNKNOWN mnemonic type is unknown */ isc_result_t dns_cert_totext(dns_cert_t cert, isc_buffer_t *target); -/* +/*%< * Put a textual representation of certificate type 'cert' into 'target'. * * Requires: - * 'cert' is a valid cert. + *\li 'cert' is a valid cert. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * * Ensures: - * If the result is success: + *\li If the result is success: * The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/compress.h b/contrib/bind-9.5.2/lib/dns/include/dns/compress.h similarity index 58% rename from contrib/bind-9.3/lib/dns/include/dns/compress.h rename to contrib/bind-9.5.2/lib/dns/include/dns/compress.h index 042a4ea51a..6bc8ce59b9 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/compress.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/compress.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: compress.h,v 1.29.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: compress.h,v 1.40.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_COMPRESS_H #define DNS_COMPRESS_H 1 @@ -27,11 +27,12 @@ ISC_LANG_BEGINDECLS -#define DNS_COMPRESS_NONE 0x00 /* no compression */ -#define DNS_COMPRESS_GLOBAL14 0x01 /* "normal" compression. */ -#define DNS_COMPRESS_ALL 0x01 /* all compression. */ +#define DNS_COMPRESS_NONE 0x00 /*%< no compression */ +#define DNS_COMPRESS_GLOBAL14 0x01 /*%< "normal" compression. */ +#define DNS_COMPRESS_ALL 0x01 /*%< all compression. */ +#define DNS_COMPRESS_CASESENSITIVE 0x02 /*%< case sensitive compression. */ -/* +/*! \file dns/compress.h * Direct manipulation of the structures is strongly discouraged. */ @@ -49,198 +50,218 @@ struct dns_compressnode { }; struct dns_compress { - unsigned int magic; /* Magic number. */ - unsigned int allowed; /* Allowed methods. */ - int edns; /* Edns version or -1. */ - /* Global compression table. */ + unsigned int magic; /*%< Magic number. */ + unsigned int allowed; /*%< Allowed methods. */ + int edns; /*%< Edns version or -1. */ + /*% Global compression table. */ dns_compressnode_t *table[DNS_COMPRESS_TABLESIZE]; - /* Preallocated nodes for the table. */ + /*% Preallocated nodes for the table. */ dns_compressnode_t initialnodes[DNS_COMPRESS_INITIALNODES]; - isc_uint16_t count; /* Number of nodes. */ - isc_mem_t *mctx; /* Memory context. */ + isc_uint16_t count; /*%< Number of nodes. */ + isc_mem_t *mctx; /*%< Memory context. */ }; typedef enum { - DNS_DECOMPRESS_ANY, /* Any compression */ - DNS_DECOMPRESS_STRICT, /* Allowed compression */ - DNS_DECOMPRESS_NONE /* No compression */ + DNS_DECOMPRESS_ANY, /*%< Any compression */ + DNS_DECOMPRESS_STRICT, /*%< Allowed compression */ + DNS_DECOMPRESS_NONE /*%< No compression */ } dns_decompresstype_t; struct dns_decompress { - unsigned int magic; /* Magic number. */ - unsigned int allowed; /* Allowed methods. */ - int edns; /* Edns version or -1. */ - dns_decompresstype_t type; /* Strict checking */ + unsigned int magic; /*%< Magic number. */ + unsigned int allowed; /*%< Allowed methods. */ + int edns; /*%< Edns version or -1. */ + dns_decompresstype_t type; /*%< Strict checking */ }; isc_result_t dns_compress_init(dns_compress_t *cctx, int edns, isc_mem_t *mctx); -/* - * Inialise the compression context structure pointed to by 'cctx'. +/*%< + * Initialise the compression context structure pointed to by 'cctx'. * * Requires: - * 'cctx' is a valid dns_compress_t structure. - * 'mctx' is an initialized memory context. + * \li 'cctx' is a valid dns_compress_t structure. + * \li 'mctx' is an initialized memory context. * Ensures: - * cctx->global is initialized. + * \li cctx->global is initialized. * * Returns: - * ISC_R_SUCCESS - * failures from dns_rbt_create() + * \li #ISC_R_SUCCESS + * \li failures from dns_rbt_create() */ void dns_compress_invalidate(dns_compress_t *cctx); -/* +/*%< * Invalidate the compression structure pointed to by cctx. * * Requires: - * 'cctx' to be initialized. + *\li 'cctx' to be initialized. */ void dns_compress_setmethods(dns_compress_t *cctx, unsigned int allowed); -/* +/*%< * Sets allowed compression methods. * * Requires: - * 'cctx' to be initialized. + *\li 'cctx' to be initialized. */ unsigned int dns_compress_getmethods(dns_compress_t *cctx); -/* +/*%< * Gets allowed compression methods. * * Requires: - * 'cctx' to be initialized. + *\li 'cctx' to be initialized. * * Returns: - * allowed compression bitmap. + *\li allowed compression bitmap. + */ + +void +dns_compress_setsensitive(dns_compress_t *cctx, isc_boolean_t sensitive); + +/* + * Preserve the case of compressed domain names. + * + * Requires: + * 'cctx' to be initialized. + */ + +isc_boolean_t +dns_compress_getsensitive(dns_compress_t *cctx); +/* + * Return whether case is to be preserved when compressing + * domain names. + * + * Requires: + * 'cctx' to be initialized. */ int dns_compress_getedns(dns_compress_t *cctx); -/* +/*%< * Gets edns value. * * Requires: - * 'cctx' to be initialized. + *\li 'cctx' to be initialized. * * Returns: - * -1 .. 255 + *\li -1 .. 255 */ isc_boolean_t dns_compress_findglobal(dns_compress_t *cctx, const dns_name_t *name, dns_name_t *prefix, isc_uint16_t *offset); -/* +/*%< * Finds longest possible match of 'name' in the global compression table. * * Requires: - * 'cctx' to be initialized. - * 'name' to be a absolute name. - * 'prefix' to be initialized. - * 'offset' to point to an isc_uint16_t. + *\li 'cctx' to be initialized. + *\li 'name' to be a absolute name. + *\li 'prefix' to be initialized. + *\li 'offset' to point to an isc_uint16_t. * * Ensures: - * 'prefix' and 'offset' are valid if ISC_TRUE is returned. + *\li 'prefix' and 'offset' are valid if ISC_TRUE is returned. * * Returns: - * ISC_TRUE / ISC_FALSE + *\li #ISC_TRUE / #ISC_FALSE */ void dns_compress_add(dns_compress_t *cctx, const dns_name_t *name, const dns_name_t *prefix, isc_uint16_t offset); -/* +/*%< * Add compression pointers for 'name' to the compression table, * not replacing existing pointers. * * Requires: - * 'cctx' initialized + *\li 'cctx' initialized * - * 'name' must be initialized and absolute, and must remain + *\li 'name' must be initialized and absolute, and must remain * valid until the message compression is complete. * - * 'prefix' must be a prefix returned by + *\li 'prefix' must be a prefix returned by * dns_compress_findglobal(), or the same as 'name'. */ void dns_compress_rollback(dns_compress_t *cctx, isc_uint16_t offset); -/* +/*%< * Remove any compression pointers from global table >= offset. * * Requires: - * 'cctx' is initialized. + *\li 'cctx' is initialized. */ void dns_decompress_init(dns_decompress_t *dctx, int edns, dns_decompresstype_t type); -/* +/*%< * Initializes 'dctx'. * Records 'edns' and 'type' into the structure. * * Requires: - * 'dctx' to be a valid pointer. + *\li 'dctx' to be a valid pointer. */ void dns_decompress_invalidate(dns_decompress_t *dctx); -/* +/*%< * Invalidates 'dctx'. * * Requires: - * 'dctx' to be initialized + *\li 'dctx' to be initialized */ void dns_decompress_setmethods(dns_decompress_t *dctx, unsigned int allowed); -/* +/*%< * Sets 'dctx->allowed' to 'allowed'. * * Requires: - * 'dctx' to be initialized + *\li 'dctx' to be initialized */ unsigned int dns_decompress_getmethods(dns_decompress_t *dctx); -/* +/*%< * Returns 'dctx->allowed' * * Requires: - * 'dctx' to be initialized + *\li 'dctx' to be initialized */ int dns_decompress_edns(dns_decompress_t *dctx); -/* +/*%< * Returns 'dctx->edns' * * Requires: - * 'dctx' to be initialized + *\li 'dctx' to be initialized */ dns_decompresstype_t dns_decompress_type(dns_decompress_t *dctx); -/* +/*%< * Returns 'dctx->type' * * Requires: - * 'dctx' to be initialized + *\li 'dctx' to be initialized */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/db.h b/contrib/bind-9.5.2/lib/dns/include/dns/db.h similarity index 59% rename from contrib/bind-9.3/lib/dns/include/dns/db.h rename to contrib/bind-9.5.2/lib/dns/include/dns/db.h index 8e088823ac..32fa836b5f 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/db.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/db.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: db.h,v 1.67.12.8 2004/05/14 05:06:41 marka Exp $ */ +/* $Id: db.h,v 1.89.128.5 2009/01/19 00:01:11 marka Exp $ */ #ifndef DNS_DB_H #define DNS_DB_H 1 @@ -24,31 +24,30 @@ ***** Module Info *****/ -/* - * DNS DB - * +/*! \file dns/db.h + * \brief * The DNS DB interface allows named rdatasets to be stored and retrieved. * * The dns_db_t type is like a "virtual class". To actually use * DBs, an implementation of the class is required. * - * XXX XXX + * XXX more XXX * * MP: - * The module ensures appropriate synchronization of data structures it + * \li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Reliability: - * No anticipated impact. + * \li No anticipated impact. * * Resources: - * + * \li TBS * * Security: - * No anticipated impact. + * \li No anticipated impact. * * Standards: - * None. + * \li None. */ /***** @@ -76,7 +75,8 @@ typedef struct dns_dbmethods { dns_dbload_t **dbloadp); isc_result_t (*endload)(dns_db_t *db, dns_dbload_t **dbloadp); isc_result_t (*dump)(dns_db_t *db, dns_dbversion_t *version, - const char *filename); + const char *filename, + dns_masterformat_t masterformat); void (*currentversion)(dns_db_t *db, dns_dbversion_t **versionp); isc_result_t (*newversion)(dns_db_t *db, @@ -145,6 +145,10 @@ typedef struct dns_dbmethods { isc_boolean_t (*ispersistent)(dns_db_t *db); void (*overmem)(dns_db_t *db, isc_boolean_t overmem); void (*settask)(dns_db_t *db, isc_task_t *); + isc_result_t (*getoriginnode)(dns_db_t *db, dns_dbnode_t **nodep); + void (*transfernode)(dns_db_t *db, dns_dbnode_t **sourcep, + dns_dbnode_t **targetp); + dns_stats_t *(*getrrsetstats)(dns_db_t *db); } dns_dbmethods_t; typedef isc_result_t @@ -152,14 +156,14 @@ typedef isc_result_t dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp); - + #define DNS_DB_MAGIC ISC_MAGIC('D','N','S','D') #define DNS_DB_VALID(db) ISC_MAGIC_VALID(db, DNS_DB_MAGIC) -/* +/*% * This structure is actually just the common prefix of a DNS db * implementation's version of a dns_db_t. - * + * \brief * Direct use of this structure by clients is forbidden. DB implementations * may change the structure. 'magic' must be DNS_DB_MAGIC for any of the * dns_db_ routines to work. DB implementations must maintain all DB @@ -179,7 +183,8 @@ struct dns_db { #define DNS_DBATTR_CACHE 0x01 #define DNS_DBATTR_STUB 0x02 -/* +/*@{*/ +/*% * Options that can be specified for dns_db_find(). */ #define DNS_DBFIND_GLUEOK 0x01 @@ -189,16 +194,19 @@ struct dns_db { #define DNS_DBFIND_NOEXACT 0x10 #define DNS_DBFIND_FORCENSEC 0x20 #define DNS_DBFIND_COVERINGNSEC 0x40 +/*@}*/ -/* +/*@{*/ +/*% * Options that can be specified for dns_db_addrdataset(). */ #define DNS_DBADD_MERGE 0x01 #define DNS_DBADD_FORCE 0x02 #define DNS_DBADD_EXACT 0x04 #define DNS_DBADD_EXACTTTL 0x08 +/*@}*/ -/* +/*% * Options that can be specified for dns_db_subtractrdataset(). */ #define DNS_DBSUB_EXACT 0x01 @@ -215,78 +223,77 @@ isc_result_t dns_db_create(isc_mem_t *mctx, const char *db_type, dns_name_t *origin, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], dns_db_t **dbp); -/* +/*%< * Create a new database using implementation 'db_type'. * * Notes: - * All names in the database must be subdomains of 'origin' and in class + * \li All names in the database must be subdomains of 'origin' and in class * 'rdclass'. The database makes its own copy of the origin, so the * caller may do whatever they like with 'origin' and its storage once the * call returns. * - * DB implementation-specific parameters are passed using argc and argv. + * \li DB implementation-specific parameters are passed using argc and argv. * * Requires: * - * dbp != NULL and *dbp == NULL + * \li dbp != NULL and *dbp == NULL * - * 'origin' is a valid absolute domain name. + * \li 'origin' is a valid absolute domain name. * - * mctx is a valid memory context + * \li mctx is a valid memory context * * Ensures: * - * A copy of 'origin' has been made for the databases use, and the + * \li A copy of 'origin' has been made for the databases use, and the * caller is free to do whatever they want with the name and storage * associated with 'origin'. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NOTFOUND db_type not found + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY + * \li #ISC_R_NOTFOUND db_type not found * - * Many other errors are possible, depending on what db_type was + * \li Many other errors are possible, depending on what db_type was * specified. */ void dns_db_attach(dns_db_t *source, dns_db_t **targetp); -/* +/*%< * Attach *targetp to source. * * Requires: * - * 'source' is a valid database. + * \li 'source' is a valid database. * - * 'targetp' points to a NULL dns_db_t *. + * \li 'targetp' points to a NULL dns_db_t *. * * Ensures: * - * *targetp is attached to source. + * \li *targetp is attached to source. */ void dns_db_detach(dns_db_t **dbp); -/* +/*%< * Detach *dbp from its database. * * Requires: * - * 'dbp' points to a valid database. + * \li 'dbp' points to a valid database. * * Ensures: * - * *dbp is NULL. - * - * If '*dbp' is the last reference to the database, + * \li *dbp is NULL. * - * All resources used by the database will be freed + * \li If '*dbp' is the last reference to the database, + * all resources used by the database will be freed */ isc_result_t dns_db_ondestroy(dns_db_t *db, isc_task_t *task, isc_event_t **eventp); -/* +/*%< * Causes 'eventp' to be sent to be sent to 'task' when the database is * destroyed. * @@ -297,189 +304,198 @@ dns_db_ondestroy(dns_db_t *db, isc_task_t *task, isc_event_t **eventp); isc_boolean_t dns_db_iscache(dns_db_t *db); -/* +/*%< * Does 'db' have cache semantics? * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: - * ISC_TRUE 'db' has cache semantics - * ISC_FALSE otherwise + * \li #ISC_TRUE 'db' has cache semantics + * \li #ISC_FALSE otherwise */ isc_boolean_t dns_db_iszone(dns_db_t *db); -/* +/*%< * Does 'db' have zone semantics? * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: - * ISC_TRUE 'db' has zone semantics - * ISC_FALSE otherwise + * \li #ISC_TRUE 'db' has zone semantics + * \li #ISC_FALSE otherwise */ isc_boolean_t dns_db_isstub(dns_db_t *db); -/* +/*%< * Does 'db' have stub semantics? * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: - * ISC_TRUE 'db' has zone semantics - * ISC_FALSE otherwise + * \li #ISC_TRUE 'db' has zone semantics + * \li #ISC_FALSE otherwise */ isc_boolean_t dns_db_issecure(dns_db_t *db); -/* +/*%< * Is 'db' secure? * * Requires: * - * 'db' is a valid database with zone semantics. + * \li 'db' is a valid database with zone semantics. * * Returns: - * ISC_TRUE 'db' is secure. - * ISC_FALSE 'db' is not secure. + * \li #ISC_TRUE 'db' is secure. + * \li #ISC_FALSE 'db' is not secure. */ dns_name_t * dns_db_origin(dns_db_t *db); -/* +/*%< * The origin of the database. * * Note: caller must not try to change this name. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: * - * The origin of the database. + * \li The origin of the database. */ dns_rdataclass_t dns_db_class(dns_db_t *db); -/* +/*%< * The class of the database. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: * - * The class of the database. + * \li The class of the database. */ isc_result_t dns_db_beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp); -/* +/*%< * Begin loading 'db'. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * This is the first attempt to load 'db'. + * \li This is the first attempt to load 'db'. * - * addp != NULL && *addp == NULL + * \li addp != NULL && *addp == NULL * - * dbloadp != NULL && *dbloadp == NULL + * \li dbloadp != NULL && *dbloadp == NULL * * Ensures: * - * On success, *addp will be a valid dns_addrdatasetfunc_t suitable + * \li On success, *addp will be a valid dns_addrdatasetfunc_t suitable * for loading 'db'. *dbloadp will be a valid DB load context which * should be used as 'arg' when *addp is called. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used, syntax errors in the master file, etc. */ isc_result_t dns_db_endload(dns_db_t *db, dns_dbload_t **dbloadp); -/* +/*%< * Finish loading 'db'. * * Requires: * - * 'db' is a valid database that is being loaded. + * \li 'db' is a valid database that is being loaded. * - * dbloadp != NULL and *dbloadp is a valid database load context. + * \li dbloadp != NULL and *dbloadp is a valid database load context. * * Ensures: * - * *dbloadp == NULL + * \li *dbloadp == NULL * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used, syntax errors in the master file, etc. */ isc_result_t dns_db_load(dns_db_t *db, const char *filename); -/* + +isc_result_t +dns_db_load2(dns_db_t *db, const char *filename, dns_masterformat_t format); +/*%< * Load master file 'filename' into 'db'. * * Notes: - * This routine is equivalent to calling + * \li This routine is equivalent to calling * + *\code * dns_db_beginload(); * dns_master_loadfile(); * dns_db_endload(); + *\endcode * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * This is the first attempt to load 'db'. + * \li This is the first attempt to load 'db'. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used, syntax errors in the master file, etc. */ isc_result_t dns_db_dump(dns_db_t *db, dns_dbversion_t *version, const char *filename); -/* + +isc_result_t +dns_db_dump2(dns_db_t *db, dns_dbversion_t *version, const char *filename, + dns_masterformat_t masterformat); +/*%< * Dump version 'version' of 'db' to master file 'filename'. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'version' is a valid version. + * \li 'version' is a valid version. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used, OS file errors, etc. */ @@ -489,68 +505,68 @@ dns_db_dump(dns_db_t *db, dns_dbversion_t *version, const char *filename); void dns_db_currentversion(dns_db_t *db, dns_dbversion_t **versionp); -/* +/*%< * Open the current version for reading. * * Requires: * - * 'db' is a valid database with zone semantics. + * \li 'db' is a valid database with zone semantics. * - * versionp != NULL && *verisonp == NULL + * \li versionp != NULL && *verisonp == NULL * * Ensures: * - * On success, '*versionp' is attached to the current version. + * \li On success, '*versionp' is attached to the current version. * */ isc_result_t dns_db_newversion(dns_db_t *db, dns_dbversion_t **versionp); -/* +/*%< * Open a new version for reading and writing. * * Requires: * - * 'db' is a valid database with zone semantics. + * \li 'db' is a valid database with zone semantics. * - * versionp != NULL && *verisonp == NULL + * \li versionp != NULL && *verisonp == NULL * * Ensures: * - * On success, '*versionp' is attached to the current version. + * \li On success, '*versionp' is attached to the current version. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ void dns_db_attachversion(dns_db_t *db, dns_dbversion_t *source, dns_dbversion_t **targetp); -/* +/*%< * Attach '*targetp' to 'source'. * * Requires: * - * 'db' is a valid database with zone semantics. + * \li 'db' is a valid database with zone semantics. * - * source is a valid open version + * \li source is a valid open version * - * targetp != NULL && *targetp == NULL + * \li targetp != NULL && *targetp == NULL * * Ensures: * - * '*targetp' is attached to source. + * \li '*targetp' is attached to source. */ void dns_db_closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit); -/* +/*%< * Close version '*versionp'. * * Note: if '*versionp' is a read-write version and 'commit' is ISC_TRUE, @@ -560,19 +576,19 @@ dns_db_closeversion(dns_db_t *db, dns_dbversion_t **versionp, * * Requires: * - * 'db' is a valid database with zone semantics. + * \li 'db' is a valid database with zone semantics. * - * '*versionp' refers to a valid version. + * \li '*versionp' refers to a valid version. * - * If committing a writable version, then there must be no other + * \li If committing a writable version, then there must be no other * outstanding references to the version (e.g. an active rdataset * iterator). * * Ensures: * - * *versionp == NULL + * \li *versionp == NULL * - * If *versionp is a read-write version, and commit is ISC_TRUE, then + * \li If *versionp is a read-write version, and commit is ISC_TRUE, then * the version will become the current version. If !commit, then all * changes made in the version will be undone, and the version will * not become the current version. @@ -585,37 +601,37 @@ dns_db_closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_result_t dns_db_findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, dns_dbnode_t **nodep); -/* +/*%< * Find the node with name 'name'. * * Notes: - * If 'create' is ISC_TRUE and no node with name 'name' exists, then + * \li If 'create' is ISC_TRUE and no node with name 'name' exists, then * such a node will be created. * - * This routine is for finding or creating a node with the specified + * \li This routine is for finding or creating a node with the specified * name. There are no partial matches. It is not suitable for use * in building responses to ordinary DNS queries; clients which wish * to do that should use dns_db_find() instead. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'name' is a valid, non-empty, absolute name. + * \li 'name' is a valid, non-empty, absolute name. * - * nodep != NULL && *nodep == NULL + * \li nodep != NULL && *nodep == NULL * * Ensures: * - * On success, *nodep is attached to the node with name 'name'. + * \li On success, *nodep is attached to the node with name 'name'. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOTFOUND If !create and name not found. - * ISC_R_NOMEMORY Can only happen if create is ISC_TRUE. + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND If !create and name not found. + * \li #ISC_R_NOMEMORY Can only happen if create is ISC_TRUE. * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ @@ -624,44 +640,44 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, dns_rdatatype_t type, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); -/* +/*%< * Find the best match for 'name' and 'type' in version 'version' of 'db'. * * Notes: * - * If type == dns_rdataset_any, then rdataset will not be bound. + * \li If type == dns_rdataset_any, then rdataset will not be bound. * - * If 'options' does not have DNS_DBFIND_GLUEOK set, then no glue will - * be returned. For zone databases, glue is as defined in RFC 2181. + * \li If 'options' does not have #DNS_DBFIND_GLUEOK set, then no glue will + * be returned. For zone databases, glue is as defined in RFC2181. * For cache databases, glue is any rdataset with a trust of * dns_trust_glue. * - * If 'options' does not have DNS_DBFIND_PENDINGOK set, then no + * \li If 'options' does not have #DNS_DBFIND_PENDINGOK set, then no * pending data will be returned. This option is only meaningful for * cache databases. * - * If the DNS_DBFIND_NOWILD option is set, then wildcard matching will + * \li If the #DNS_DBFIND_NOWILD option is set, then wildcard matching will * be disabled. This option is only meaningful for zone databases. * - * If the DNS_DBFIND_FORCENSEC option is set, the database is assumed to + * \li If the #DNS_DBFIND_FORCENSEC option is set, the database is assumed to * have NSEC records, and these will be returned when appropriate. This * is only necessary when querying a database that was not secure * when created. * - * If the DNS_DBFIND_COVERINGNSEC option is set, then look for a + * \li If the DNS_DBFIND_COVERINGNSEC option is set, then look for a * NSEC record that potentially covers 'name' if a answer cannot * be found. Note the returned NSEC needs to be checked to ensure * that it is correct. This only affects answers returned from the * cache. * - * To respond to a query for SIG records, the caller should create a + * \li To respond to a query for SIG records, the caller should create a * rdataset iterator and extract the signatures from each rdataset. * - * Making queries of type ANY with DNS_DBFIND_GLUEOK is not recommended, + * \li Making queries of type ANY with #DNS_DBFIND_GLUEOK is not recommended, * because the burden of determining whether a given rdataset is valid * glue or not falls upon the caller. * - * The 'now' field is ignored if 'db' is a zone database. If 'db' is a + * \li The 'now' field is ignored if 'db' is a zone database. If 'db' is a * cache database, an rdataset will not be found unless it expires after * 'now'. Any ANY query will not match unless at least one rdataset at * the node expires after 'now'. If 'now' is zero, then the current time @@ -669,43 +685,41 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'type' is not SIG, or a meta-RR type other than 'ANY' (e.g. 'OPT'). + * \li 'type' is not SIG, or a meta-RR type other than 'ANY' (e.g. 'OPT'). * - * 'nodep' is NULL, or nodep is a valid pointer and *nodep == NULL. + * \li 'nodep' is NULL, or nodep is a valid pointer and *nodep == NULL. * - * 'foundname' is a valid name with a dedicated buffer. + * \li 'foundname' is a valid name with a dedicated buffer. * - * 'rdataset' is NULL, or is a valid unassociated rdataset. + * \li 'rdataset' is NULL, or is a valid unassociated rdataset. * - * Ensures: - * On a non-error completion: + * Ensures, + * on a non-error completion: * - * If nodep != NULL, then it is bound to the found node. + * \li If nodep != NULL, then it is bound to the found node. * - * If foundname != NULL, then it contains the full name of the + * \li If foundname != NULL, then it contains the full name of the * found node. * - * If rdataset != NULL and type != dns_rdatatype_any, then + * \li If rdataset != NULL and type != dns_rdatatype_any, then * rdataset is bound to the found rdataset. * - * Returns: - * * Non-error results are: * - * ISC_R_SUCCESS The desired node and type were + * \li #ISC_R_SUCCESS The desired node and type were * found. * - * DNS_R_WILDCARD The desired node and type were + * \li #DNS_R_WILDCARD The desired node and type were * found after performing * wildcard matching. This is * only returned if the - * DNS_DBFIND_INDICATEWILD + * #DNS_DBFIND_INDICATEWILD * option is set; otherwise - * ISC_R_SUCCESS is returned. + * #ISC_R_SUCCESS is returned. * - * DNS_R_GLUE The desired node and type were + * \li #DNS_R_GLUE The desired node and type were * found, but are glue. This * result can only occur if * the DNS_DBFIND_GLUEOK option @@ -720,7 +734,7 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * take care not to return invalid * glue to a client. * - * DNS_R_DELEGATION The data requested is beneath + * \li #DNS_R_DELEGATION The data requested is beneath * a zone cut. node, foundname, * and rdataset reference the * NS RRset of the zone cut. @@ -728,7 +742,7 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * then this is the deepest known * delegation. * - * DNS_R_ZONECUT type == dns_rdatatype_any, and + * \li #DNS_R_ZONECUT type == dns_rdatatype_any, and * the desired node is a zonecut. * The caller must take care not * to return inappropriate glue @@ -737,24 +751,24 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * database and DNS_DBFIND_GLUEOK * is set. * - * DNS_R_DNAME The data requested is beneath + * \li #DNS_R_DNAME The data requested is beneath * a DNAME. node, foundname, * and rdataset reference the * DNAME RRset. * - * DNS_R_CNAME The rdataset requested was not + * \li #DNS_R_CNAME The rdataset requested was not * found, but there is a CNAME * at the desired name. node, * foundname, and rdataset * reference the CNAME RRset. * - * DNS_R_NXDOMAIN The desired name does not + * \li #DNS_R_NXDOMAIN The desired name does not * exist. * - * DNS_R_NXRRSET The desired name exists, but + * \li #DNS_R_NXRRSET The desired name exists, but * the desired type does not. * - * ISC_R_NOTFOUND The desired name does not + * \li #ISC_R_NOTFOUND The desired name does not * exist, and no delegation could * be found. This result can only * occur if 'db' is a cache @@ -762,34 +776,34 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * use its nameserver(s) of last * resort (e.g. root hints). * - * DNS_R_NCACHENXDOMAIN The desired name does not + * \li #DNS_R_NCACHENXDOMAIN The desired name does not * exist. 'node' is bound to the * cache node with the desired * name, and 'rdataset' contains * the negative caching proof. * - * DNS_R_NCACHENXRRSET The desired type does not + * \li #DNS_R_NCACHENXRRSET The desired type does not * exist. 'node' is bound to the * cache node with the desired * name, and 'rdataset' contains * the negative caching proof. * - * DNS_R_EMPTYNAME The name exists but there is - * no data at the name. + * \li #DNS_R_EMPTYNAME The name exists but there is + * no data at the name. * - * DNS_R_COVERINGNSEC The returned data is a NSEC + * \li #DNS_R_COVERINGNSEC The returned data is a NSEC * that potentially covers 'name'. * * Error results: * - * ISC_R_NOMEMORY + * \li #ISC_R_NOMEMORY * - * DNS_R_BADDB Data that is required to be + * \li #DNS_R_BADDB Data that is required to be * present in the DB, e.g. an NSEC * record in a secure zone, is not * present. * - * Other results are possible, and should all be treated as + * \li Other results are possible, and should all be treated as * errors. */ @@ -798,100 +812,118 @@ dns_db_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); -/* +/*%< * Find the deepest known zonecut which encloses 'name' in 'db'. * * Notes: * - * If the DNS_DBFIND_NOEXACT option is set, then the zonecut returned + * \li If the #DNS_DBFIND_NOEXACT option is set, then the zonecut returned * (if any) will be the deepest known ancestor of 'name'. * - * If 'now' is zero, then the current time will be used. + * \li If 'now' is zero, then the current time will be used. * * Requires: * - * 'db' is a valid database with cache semantics. + * \li 'db' is a valid database with cache semantics. * - * 'nodep' is NULL, or nodep is a valid pointer and *nodep == NULL. + * \li 'nodep' is NULL, or nodep is a valid pointer and *nodep == NULL. * - * 'foundname' is a valid name with a dedicated buffer. + * \li 'foundname' is a valid name with a dedicated buffer. * - * 'rdataset' is NULL, or is a valid unassociated rdataset. + * \li 'rdataset' is NULL, or is a valid unassociated rdataset. * - * Ensures: - * On a non-error completion: + * Ensures, on a non-error completion: * - * If nodep != NULL, then it is bound to the found node. + * \li If nodep != NULL, then it is bound to the found node. * - * If foundname != NULL, then it contains the full name of the - * found node. + * \li If foundname != NULL, then it contains the full name of the + * found node. * - * If rdataset != NULL and type != dns_rdatatype_any, then - * rdataset is bound to the found rdataset. + * \li If rdataset != NULL and type != dns_rdatatype_any, then + * rdataset is bound to the found rdataset. * - * Returns: - * - * Non-error results are: + * Non-error results are: * - * ISC_R_SUCCESS + * \li #ISC_R_SUCCESS * - * ISC_R_NOTFOUND + * \li #ISC_R_NOTFOUND * - * Other results are possible, and should all be treated as - * errors. + * \li Other results are possible, and should all be treated as + * errors. */ void dns_db_attachnode(dns_db_t *db, dns_dbnode_t *source, dns_dbnode_t **targetp); -/* +/*%< * Attach *targetp to source. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'source' is a valid node. + * \li 'source' is a valid node. * - * 'targetp' points to a NULL dns_node_t *. + * \li 'targetp' points to a NULL dns_dbnode_t *. * * Ensures: * - * *targetp is attached to source. + * \li *targetp is attached to source. */ void dns_db_detachnode(dns_db_t *db, dns_dbnode_t **nodep); -/* +/*%< * Detach *nodep from its node. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'nodep' points to a valid node. + * \li 'nodep' points to a valid node. * * Ensures: * - * *nodep is NULL. + * \li *nodep is NULL. + */ + +void +dns_db_transfernode(dns_db_t *db, dns_dbnode_t **sourcep, + dns_dbnode_t **targetp); +/*%< + * Transfer a node between pointer. + * + * This is equivalent to calling dns_db_attachnode() then dns_db_detachnode(). + * + * Requires: + * + * \li 'db' is a valid database. + * + * \li '*sourcep' is a valid node. + * + * \li 'targetp' points to a NULL dns_dbnode_t *. + * + * Ensures: + * + * \li '*sourcep' is NULL. */ isc_result_t dns_db_expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now); -/* +/*%< * Mark as stale all records at 'node' which expire at or before 'now'. * * Note: if 'now' is zero, then the current time will be used. * * Requires: * - * 'db' is a valid cache database. + * \li 'db' is a valid cache database. * - * 'node' is a valid node. + * \li 'node' is a valid node. */ void dns_db_printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out); -/* +/*%< * Print a textual representation of the contents of the node to * 'out'. * @@ -899,9 +931,9 @@ dns_db_printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out); * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'node' is a valid node. + * \li 'node' is a valid node. */ /*** @@ -911,29 +943,29 @@ dns_db_printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out); isc_result_t dns_db_createiterator(dns_db_t *db, isc_boolean_t relative_names, dns_dbiterator_t **iteratorp); -/* +/*%< * Create an iterator for version 'version' of 'db'. * * Notes: * - * If 'relative_names' is ISC_TRUE, then node names returned by the + * \li If 'relative_names' is ISC_TRUE, then node names returned by the * iterator will be relative to the iterator's current origin. If - * ISC_FALSE, then the node names will be absolute. + * #ISC_FALSE, then the node names will be absolute. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * iteratorp != NULL && *iteratorp == NULL + * \li iteratorp != NULL && *iteratorp == NULL * * Ensures: * - * On success, *iteratorp will be a valid database iterator. + * \li On success, *iteratorp will be a valid database iterator. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY */ /*** @@ -949,62 +981,62 @@ dns_db_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, dns_rdatatype_t type, dns_rdatatype_t covers, isc_stdtime_t now, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); -/* +/*%< * Search for an rdataset of type 'type' at 'node' that are in version * 'version' of 'db'. If found, make 'rdataset' refer to it. * * Notes: * - * If 'version' is NULL, then the current version will be used. + * \li If 'version' is NULL, then the current version will be used. * - * Care must be used when using this routine to build a DNS response: + * \li Care must be used when using this routine to build a DNS response: * 'node' should have been found with dns_db_find(), not * dns_db_findnode(). No glue checking is done. No checking for * pending data is done. * - * The 'now' field is ignored if 'db' is a zone database. If 'db' is a + * \li The 'now' field is ignored if 'db' is a zone database. If 'db' is a * cache database, an rdataset will not be found unless it expires after * 'now'. If 'now' is zero, then the current time will be used. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'node' is a valid node. + * \li 'node' is a valid node. * - * 'rdataset' is a valid, disassociated rdataset. + * \li 'rdataset' is a valid, disassociated rdataset. * - * 'sigrdataset' is a valid, disassociated rdataset, or it is NULL. + * \li 'sigrdataset' is a valid, disassociated rdataset, or it is NULL. * - * If 'covers' != 0, 'type' must be SIG. + * \li If 'covers' != 0, 'type' must be SIG. * - * 'type' is not a meta-RR type such as 'ANY' or 'OPT'. + * \li 'type' is not a meta-RR type such as 'ANY' or 'OPT'. * * Ensures: * - * On success, 'rdataset' is associated with the found rdataset. + * \li On success, 'rdataset' is associated with the found rdataset. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ isc_result_t dns_db_allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, isc_stdtime_t now, dns_rdatasetiter_t **iteratorp); -/* - * Make '*iteratorp' an rdataset iteratator for all rdatasets at 'node' in +/*%< + * Make '*iteratorp' an rdataset iterator for all rdatasets at 'node' in * version 'version' of 'db'. * * Notes: * - * If 'version' is NULL, then the current version will be used. + * \li If 'version' is NULL, then the current version will be used. * - * The 'now' field is ignored if 'db' is a zone database. If 'db' is a + * \li The 'now' field is ignored if 'db' is a zone database. If 'db' is a * cache database, an rdataset will not be found unless it expires after * 'now'. Any ANY query will not match unless at least one rdataset at * the node expires after 'now'. If 'now' is zero, then the current time @@ -1012,22 +1044,22 @@ dns_db_allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'node' is a valid node. + * \li 'node' is a valid node. * - * iteratorp != NULL && *iteratorp == NULL + * \li iteratorp != NULL && *iteratorp == NULL * * Ensures: * - * On success, '*iteratorp' is a valid rdataset iterator. + * \li On success, '*iteratorp' is a valid rdataset iterator. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ @@ -1035,58 +1067,58 @@ isc_result_t dns_db_addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, isc_stdtime_t now, dns_rdataset_t *rdataset, unsigned int options, dns_rdataset_t *addedrdataset); -/* +/*%< * Add 'rdataset' to 'node' in version 'version' of 'db'. * * Notes: * - * If the database has zone semantics, the DNS_DBADD_MERGE option is set, + * \li If the database has zone semantics, the #DNS_DBADD_MERGE option is set, * and an rdataset of the same type as 'rdataset' already exists at * 'node' then the contents of 'rdataset' will be merged with the existing * rdataset. If the option is not set, then rdataset will replace any * existing rdataset of the same type. If not merging and the - * DNS_DBADD_FORCE option is set, then the data will update the database + * #DNS_DBADD_FORCE option is set, then the data will update the database * without regard to trust levels. If not forcing the data, then the * rdataset will only be added if its trust level is >= the trust level of * any existing rdataset. Forcing is only meaningful for cache databases. - * If DNS_DBADD_EXACT is set then there must be no rdata in common between - * the old and new rdata sets. If DNS_DBADD_EXACTTTL is set then both + * If #DNS_DBADD_EXACT is set then there must be no rdata in common between + * the old and new rdata sets. If #DNS_DBADD_EXACTTTL is set then both * the old and new rdata sets must have the same ttl. * - * The 'now' field is ignored if 'db' is a zone database. If 'db' is + * \li The 'now' field is ignored if 'db' is a zone database. If 'db' is * a cache database, then the added rdataset will expire no later than * now + rdataset->ttl. * - * If 'addedrdataset' is not NULL, then it will be attached to the + * \li If 'addedrdataset' is not NULL, then it will be attached to the * resulting new rdataset in the database, or to the existing data if * the existing data was better. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'node' is a valid node. + * \li 'node' is a valid node. * - * 'rdataset' is a valid, associated rdataset with the same class + * \li 'rdataset' is a valid, associated rdataset with the same class * as 'db'. * - * 'addedrdataset' is NULL, or a valid, unassociated rdataset. + * \li 'addedrdataset' is NULL, or a valid, unassociated rdataset. * - * The database has zone semantics and 'version' is a valid + * \li The database has zone semantics and 'version' is a valid * read-write version, or the database has cache semantics * and version is NULL. * - * If the database has cache semantics, the DNS_DBADD_MERGE option must + * \li If the database has cache semantics, the #DNS_DBADD_MERGE option must * not be set. * * Returns: * - * ISC_R_SUCCESS - * DNS_R_UNCHANGED The operation did not change anything. - * ISC_R_NOMEMORY - * DNS_R_NOTEXACT + * \li #ISC_R_SUCCESS + * \li #DNS_R_UNCHANGED The operation did not change anything. + * \li #ISC_R_NOMEMORY + * \li #DNS_R_NOTEXACT * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ @@ -1094,41 +1126,41 @@ isc_result_t dns_db_subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, dns_rdataset_t *rdataset, unsigned int options, dns_rdataset_t *newrdataset); -/* +/*%< * Remove any rdata in 'rdataset' from 'node' in version 'version' of * 'db'. * * Notes: * - * If 'newrdataset' is not NULL, then it will be attached to the + * \li If 'newrdataset' is not NULL, then it will be attached to the * resulting new rdataset in the database, unless the rdataset has * become nonexistent. If DNS_DBSUB_EXACT is set then all elements * of 'rdataset' must exist at 'node'. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'node' is a valid node. + * \li 'node' is a valid node. * - * 'rdataset' is a valid, associated rdataset with the same class + * \li 'rdataset' is a valid, associated rdataset with the same class * as 'db'. * - * 'newrdataset' is NULL, or a valid, unassociated rdataset. + * \li 'newrdataset' is NULL, or a valid, unassociated rdataset. * - * The database has zone semantics and 'version' is a valid + * \li The database has zone semantics and 'version' is a valid * read-write version. * * Returns: * - * ISC_R_SUCCESS - * DNS_R_UNCHANGED The operation did not change anything. - * DNS_R_NXRRSET All rdata of the same type as those + * \li #ISC_R_SUCCESS + * \li #DNS_R_UNCHANGED The operation did not change anything. + * \li #DNS_R_NXRRSET All rdata of the same type as those * in 'rdataset' have been deleted. - * DNS_R_NOTEXACT Some part of 'rdataset' did not + * \li #DNS_R_NOTEXACT Some part of 'rdataset' did not * exist and DNS_DBSUB_EXACT was set. * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ @@ -1136,134 +1168,169 @@ isc_result_t dns_db_deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, dns_rdatatype_t type, dns_rdatatype_t covers); -/* +/*%< * Make it so that no rdataset of type 'type' exists at 'node' in version * version 'version' of 'db'. * * Notes: * - * If 'type' is dns_rdatatype_any, then no rdatasets will exist in + * \li If 'type' is dns_rdatatype_any, then no rdatasets will exist in * 'version' (provided that the dns_db_deleterdataset() isn't followed * by one or more dns_db_addrdataset() calls). * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * - * 'node' is a valid node. + * \li 'node' is a valid node. * - * The database has zone semantics and 'version' is a valid + * \li The database has zone semantics and 'version' is a valid * read-write version, or the database has cache semantics * and version is NULL. * - * 'type' is not a meta-RR type, except for dns_rdatatype_any, which is + * \li 'type' is not a meta-RR type, except for dns_rdatatype_any, which is * allowed. * - * If 'covers' != 0, 'type' must be SIG. + * \li If 'covers' != 0, 'type' must be SIG. * * Returns: * - * ISC_R_SUCCESS - * DNS_R_UNCHANGED No rdatasets of 'type' existed before + * \li #ISC_R_SUCCESS + * \li #DNS_R_UNCHANGED No rdatasets of 'type' existed before * the operation was attempted. * - * Other results are possible, depending upon the database + * \li Other results are possible, depending upon the database * implementation used. */ isc_result_t dns_db_getsoaserial(dns_db_t *db, dns_dbversion_t *ver, isc_uint32_t *serialp); -/* +/*%< * Get the current SOA serial number from a zone database. * * Requires: - * 'db' is a valid database with zone semantics. - * 'ver' is a valid version. + * \li 'db' is a valid database with zone semantics. + * \li 'ver' is a valid version. */ void dns_db_overmem(dns_db_t *db, isc_boolean_t overmem); -/* - * Enable / disable agressive cache cleaning. +/*%< + * Enable / disable aggressive cache cleaning. */ unsigned int dns_db_nodecount(dns_db_t *db); -/* +/*%< * Count the number of nodes in 'db'. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: - * The number of nodes in the database + * \li The number of nodes in the database */ void dns_db_settask(dns_db_t *db, isc_task_t *task); -/* +/*%< * If task is set then the final detach maybe performed asynchronously. * * Requires: - * 'db' is a valid database. - * 'task' to be valid or NULL. + * \li 'db' is a valid database. + * \li 'task' to be valid or NULL. */ isc_boolean_t dns_db_ispersistent(dns_db_t *db); -/* +/*%< * Is 'db' persistent? A persistent database does not need to be loaded * from disk or written to disk. * * Requires: * - * 'db' is a valid database. + * \li 'db' is a valid database. * * Returns: - * ISC_TRUE 'db' is persistent. - * ISC_FALSE 'db' is not persistent. + * \li #ISC_TRUE 'db' is persistent. + * \li #ISC_FALSE 'db' is not persistent. */ isc_result_t dns_db_register(const char *name, dns_dbcreatefunc_t create, void *driverarg, isc_mem_t *mctx, dns_dbimplementation_t **dbimp); -/* +/*%< * Register a new database implementation and add it to the list of * supported implementations. * * Requires: * - * 'name' is not NULL - * 'order' is a valid function pointer - * 'mctx' is a valid memory context - * dbimp != NULL && *dbimp == NULL + * \li 'name' is not NULL + * \li 'order' is a valid function pointer + * \li 'mctx' is a valid memory context + * \li dbimp != NULL && *dbimp == NULL * * Returns: - * ISC_R_SUCCESS The registration succeeded - * ISC_R_NOMEMORY Out of memory - * ISC_R_EXISTS A database implementation with the same name exists + * \li #ISC_R_SUCCESS The registration succeeded + * \li #ISC_R_NOMEMORY Out of memory + * \li #ISC_R_EXISTS A database implementation with the same name exists * * Ensures: * - * *dbimp points to an opaque structure which must be passed to + * \li *dbimp points to an opaque structure which must be passed to * dns_db_unregister(). */ void dns_db_unregister(dns_dbimplementation_t **dbimp); -/* - * Remove a database implementation from the the list of supported +/*%< + * Remove a database implementation from the list of supported * implementations. No databases of this type can be active when this * is called. * * Requires: - * dbimp != NULL && *dbimp == NULL + * \li dbimp != NULL && *dbimp == NULL + * + * Ensures: + * + * \li Any memory allocated in *dbimp will be freed. + */ + +isc_result_t +dns_db_getoriginnode(dns_db_t *db, dns_dbnode_t **nodep); +/*%< + * Get the origin DB node corresponding to the DB's zone. This function + * should typically succeed unless the underlying DB implementation doesn't + * support the feature. + * + * Requires: + * + * \li 'db' is a valid zone database. + * \li 'nodep' != NULL && '*nodep' == NULL * * Ensures: + * \li On success, '*nodep' will point to the DB node of the zone's origin. * - * Any memory allocated in *dbimp will be freed. + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND - the DB implementation does not support this feature. + */ + +dns_stats_t * +dns_db_getrrsetstats(dns_db_t *db); +/*%< + * Get statistics information counting RRsets stored in the DB, when available. + * The statistics may not be available depending on the DB implementation. + * + * Requires: + * + * \li 'db' is a valid database (zone or cache). + * + * Returns: + * \li when available, a pointer to a statistics object created by + * dns_rdatasetstats_create(); otherwise NULL. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/dbiterator.h b/contrib/bind-9.5.2/lib/dns/include/dns/dbiterator.h similarity index 67% rename from contrib/bind-9.3/lib/dns/include/dns/dbiterator.h rename to contrib/bind-9.5.2/lib/dns/include/dns/dbiterator.h index 8b8cb1b37d..366d6767a7 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/dbiterator.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/dbiterator.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dbiterator.h,v 1.18.206.1 2004/03/06 08:13:54 marka Exp $ */ +/* $Id: dbiterator.h,v 1.25 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DBITERATOR_H #define DNS_DBITERATOR_H 1 @@ -24,9 +24,8 @@ ***** Module Info *****/ -/* - * DNS DB Iterator - * +/*! \file dns/dbiterator.h + * \brief * The DNS DB Iterator interface allows iteration of all of the nodes in a * database. * @@ -37,25 +36,25 @@ * It is the client's responsibility to call dns_db_detachnode() on all * nodes returned. * - * XXX XXX + * XXX <more> XXX * * MP: - * The iterator itself is not locked. The caller must ensure + *\li The iterator itself is not locked. The caller must ensure * synchronization. * - * The iterator methods ensure appropriate database locking. + *\li The iterator methods ensure appropriate database locking. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ /***** @@ -89,7 +88,7 @@ typedef struct dns_dbiteratormethods { #define DNS_DBITERATOR_MAGIC ISC_MAGIC('D','N','S','I') #define DNS_DBITERATOR_VALID(dbi) ISC_MAGIC_VALID(dbi, DNS_DBITERATOR_MAGIC) -/* +/*% * This structure is actually just the common prefix of a DNS db * implementation's version of a dns_dbiterator_t. * @@ -110,136 +109,136 @@ struct dns_dbiterator { void dns_dbiterator_destroy(dns_dbiterator_t **iteratorp); -/* +/*%< * Destroy '*iteratorp'. * * Requires: * - * '*iteratorp' is a valid iterator. + *\li '*iteratorp' is a valid iterator. * * Ensures: * - * All resources used by the iterator are freed. + *\li All resources used by the iterator are freed. * - * *iteratorp == NULL. + *\li *iteratorp == NULL. */ isc_result_t dns_dbiterator_first(dns_dbiterator_t *iterator); -/* +/*%< * Move the node cursor to the first node in the database (if any). * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no nodes in the database. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE There are no nodes in the database. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_last(dns_dbiterator_t *iterator); -/* +/*%< * Move the node cursor to the last node in the database (if any). * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no nodes in the database. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE There are no nodes in the database. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name); -/* +/*%< * Move the node cursor to the node with name 'name'. * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * - * 'name' is a valid name. + *\li 'name' is a valid name. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOTFOUND * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_prev(dns_dbiterator_t *iterator); -/* +/*%< * Move the node cursor to the previous node in the database (if any). * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no more nodes in the + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE There are no more nodes in the * database. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_next(dns_dbiterator_t *iterator); -/* +/*%< * Move the node cursor to the next node in the database (if any). * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no more nodes in the + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE There are no more nodes in the * database. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep, dns_name_t *name); -/* +/*%< * Return the current node. * * Notes: - * If 'name' is not NULL, it will be set to the name of the node. + *\li If 'name' is not NULL, it will be set to the name of the node. * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * - * nodep != NULL && *nodep == NULL + *\li nodep != NULL && *nodep == NULL * - * The node cursor of 'iterator' is at a valid location (i.e. the + *\li The node cursor of 'iterator' is at a valid location (i.e. the * result of last call to a cursor movement command was ISC_R_SUCCESS). * - * 'name' is NULL, or is a valid name with a dedicated buffer. + *\li 'name' is NULL, or is a valid name with a dedicated buffer. * * Returns: * - * ISC_R_SUCCESS - * DNS_R_NEWORIGIN If this iterator was created with + *\li #ISC_R_SUCCESS + *\li #DNS_R_NEWORIGIN If this iterator was created with * 'relative_names' set to ISC_TRUE, - * then DNS_R_NEWORIGIN will be returned + * then #DNS_R_NEWORIGIN will be returned * when the origin the names are * relative to changes. This result * can occur only when 'name' is not * NULL. This is also a successful * result. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_pause(dns_dbiterator_t *iterator); -/* +/*%< * Pause iteration. * * Calling a cursor movement method or dns_dbiterator_current() may cause @@ -250,47 +249,47 @@ dns_dbiterator_pause(dns_dbiterator_t *iterator); * iterator method in the immediate future. * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Ensures: - * Any database locks being held for efficiency of iterator access are + *\li Any database locks being held for efficiency of iterator access are * released. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_dbiterator_origin(dns_dbiterator_t *iterator, dns_name_t *name); -/* +/*%< * Return the origin to which returned node names are relative. * * Requires: * - * 'iterator' is a valid relative_names iterator. + *\li 'iterator' is a valid relative_names iterator. * - * 'name' is a valid name with a dedicated buffer. + *\li 'name' is a valid name with a dedicated buffer. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOSPACE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ void dns_dbiterator_setcleanmode(dns_dbiterator_t *iterator, isc_boolean_t mode); -/* +/*%< * Indicate that the given iterator is/is not cleaning the DB. * * Notes: - * When 'mode' is ISC_TRUE, + *\li When 'mode' is ISC_TRUE, * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/dbtable.h b/contrib/bind-9.5.2/lib/dns/include/dns/dbtable.h similarity index 66% rename from contrib/bind-9.3/lib/dns/include/dns/dbtable.h rename to contrib/bind-9.5.2/lib/dns/include/dns/dbtable.h index 3874b46c58..503de95107 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/dbtable.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/dbtable.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dbtable.h,v 1.16.206.1 2004/03/06 08:13:55 marka Exp $ */ +/* $Id: dbtable.h,v 1.23 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DBTABLE_H #define DNS_DBTABLE_H 1 @@ -24,26 +24,27 @@ ***** Module Info *****/ -/* +/*! \file dns/dbtable.h + * \brief * DNS DB Tables * - * XXX XXX + * XXX TBS XXX * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * None. + *\li None. * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ #include @@ -57,106 +58,106 @@ ISC_LANG_BEGINDECLS isc_result_t dns_dbtable_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_dbtable_t **dbtablep); -/* +/*%< * Make a new dbtable of class 'rdclass' * * Requires: - * mctx != NULL - * dbtablep != NULL && *dptablep == NULL - * 'rdclass' is a valid class + *\li mctx != NULL + * \li dbtablep != NULL && *dptablep == NULL + *\li 'rdclass' is a valid class * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED */ void dns_dbtable_attach(dns_dbtable_t *source, dns_dbtable_t **targetp); -/* +/*%< * Attach '*targetp' to 'source'. * * Requires: * - * 'source' is a valid dbtable. + *\li 'source' is a valid dbtable. * - * 'targetp' points to a NULL dns_dbtable_t *. + *\li 'targetp' points to a NULL dns_dbtable_t *. * * Ensures: * - * *targetp is attached to source. + *\li *targetp is attached to source. */ void dns_dbtable_detach(dns_dbtable_t **dbtablep); -/* +/*%< * Detach *dbtablep from its dbtable. * * Requires: * - * '*dbtablep' points to a valid dbtable. + *\li '*dbtablep' points to a valid dbtable. * * Ensures: * - * *dbtablep is NULL. - * - * If '*dbtablep' is the last reference to the dbtable, + *\li *dbtablep is NULL. * - * All resources used by the dbtable will be freed + *\li If '*dbtablep' is the last reference to the dbtable, + * all resources used by the dbtable will be freed */ isc_result_t dns_dbtable_add(dns_dbtable_t *dbtable, dns_db_t *db); -/* +/*%< * Add 'db' to 'dbtable'. * * Requires: - * 'dbtable' is a valid dbtable. + *\li 'dbtable' is a valid dbtable. * - * 'db' is a valid database with the same class as 'dbtable' + *\li 'db' is a valid database with the same class as 'dbtable' */ void dns_dbtable_remove(dns_dbtable_t *dbtable, dns_db_t *db); -/* +/*%< * Remove 'db' from 'dbtable'. * * Requires: - * 'db' was previously added to 'dbtable'. + *\li 'db' was previously added to 'dbtable'. */ void dns_dbtable_adddefault(dns_dbtable_t *dbtable, dns_db_t *db); -/* +/*%< * Use 'db' as the result of a dns_dbtable_find() if no better match is * available. */ void dns_dbtable_getdefault(dns_dbtable_t *dbtable, dns_db_t **db); -/* +/*%< * Get the 'db' used as the result of a dns_dbtable_find() * if no better match is available. */ void dns_dbtable_removedefault(dns_dbtable_t *dbtable); -/* +/*%< * Remove the default db from 'dbtable'. */ isc_result_t dns_dbtable_find(dns_dbtable_t *dbtable, dns_name_t *name, unsigned int options, dns_db_t **dbp); -/* +/*%< * Find the deepest match to 'name' in the dbtable, and return it * * Notes: - * If the DNS_DBTABLEFIND_NOEXACT option is set, the best partial + *\li If the DNS_DBTABLEFIND_NOEXACT option is set, the best partial * match (if any) to 'name' will be returned. * - * Returns: ISC_R_SUCCESS on success - * no default and match + * Returns: + * \li #ISC_R_SUCCESS on success + *\li something else: no default and match */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/diff.h b/contrib/bind-9.5.2/lib/dns/include/dns/diff.h similarity index 73% rename from contrib/bind-9.3/lib/dns/include/dns/diff.h rename to contrib/bind-9.5.2/lib/dns/include/dns/diff.h index 604f702c11..36e1bf743e 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/diff.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/diff.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: diff.h,v 1.4.12.3 2004/03/08 09:04:35 marka Exp $ */ +/* $Id: diff.h,v 1.12.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_DIFF_H #define DNS_DIFF_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/diff.h + * \brief * A diff is a convenience type representing a list of changes to be * made to a database. */ @@ -44,7 +45,7 @@ *** Types ***/ -/* +/*% * A dns_difftuple_t represents a single RR being added or deleted. * The RR type and class are in the 'rdata' member; the class is always * the real one, not a DynDNS meta-class, so that the rdatas can be @@ -61,9 +62,9 @@ */ typedef enum { - DNS_DIFFOP_ADD, /* Add an RR. */ - DNS_DIFFOP_DEL, /* Delete an RR. */ - DNS_DIFFOP_EXISTS /* Assert RR existence. */ + DNS_DIFFOP_ADD, /*%< Add an RR. */ + DNS_DIFFOP_DEL, /*%< Delete an RR. */ + DNS_DIFFOP_EXISTS /*%< Assert RR existence. */ } dns_diffop_t; typedef struct dns_difftuple dns_difftuple_t; @@ -72,7 +73,7 @@ typedef struct dns_difftuple dns_difftuple_t; #define DNS_DIFFTUPLE_VALID(t) ISC_MAGIC_VALID(t, DNS_DIFFTUPLE_MAGIC) struct dns_difftuple { - unsigned int magic; + unsigned int magic; isc_mem_t *mctx; dns_diffop_t op; dns_name_t name; @@ -82,7 +83,7 @@ struct dns_difftuple { /* Variable-size name data and rdata follows. */ }; -/* +/*% * A dns_diff_t represents a set of changes being applied to * a zone. Diffs are also used to represent "RRset exists * (value dependent)" prerequisites. @@ -98,7 +99,7 @@ struct dns_diff { ISC_LIST(dns_difftuple_t) tuples; }; -/* Type of comparision function for sorting diffs. */ +/* Type of comparison function for sorting diffs. */ typedef int dns_diff_compare_func(const void *, const void *); /*** @@ -109,113 +110,113 @@ ISC_LANG_BEGINDECLS /**************************************************************************/ /* - * Maniuplation of diffs and tuples. + * Manipulation of diffs and tuples. */ isc_result_t dns_difftuple_create(isc_mem_t *mctx, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata, dns_difftuple_t **tp); -/* +/*%< * Create a tuple. Deep copies are made of the name and rdata, so * they need not remain valid after the call. * * Requires: - * *tp != NULL && *tp == NULL. + *\li *tp != NULL && *tp == NULL. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li ISC_R_SUCCESS + * \li ISC_R_NOMEMORY */ void dns_difftuple_free(dns_difftuple_t **tp); -/* +/*%< * Free a tuple. * * Requires: - * **tp is a valid tuple. + * \li **tp is a valid tuple. * * Ensures: - * *tp == NULL - * All memory used by the tuple is freed. + * \li *tp == NULL + * \li All memory used by the tuple is freed. */ isc_result_t dns_difftuple_copy(dns_difftuple_t *orig, dns_difftuple_t **copyp); -/* +/*%< * Copy a tuple. * * Requires: - * 'orig' points to a valid tuple - * copyp != NULL && *copyp == NULL + * \li 'orig' points to a valid tuple + *\li copyp != NULL && *copyp == NULL */ void dns_diff_init(isc_mem_t *mctx, dns_diff_t *diff); -/* +/*%< * Initialize a diff. * * Requires: - * 'diff' points to an uninitialized dns_diff_t - * allocated by the caller. + * \li 'diff' points to an uninitialized dns_diff_t + * \li allocated by the caller. * * Ensures: - * '*diff' is a valid, empty diff. + * \li '*diff' is a valid, empty diff. */ void dns_diff_clear(dns_diff_t *diff); -/* +/*%< * Clear a diff, destroying all its tuples. * * Requires: - * 'diff' points to a valid dns_diff_t. + * \li 'diff' points to a valid dns_diff_t. * * Ensures: - * Any tuples in the diff are destroyed. + * \li Any tuples in the diff are destroyed. * The diff now empty, but it is still valid * and may be reused without calling dns_diff_init * again. The only memory used is that of the * dns_diff_t structure itself. * * Notes: - * Managing the memory of the dns_diff_t structure itself + * \li Managing the memory of the dns_diff_t structure itself * is the caller's responsibility. */ void dns_diff_append(dns_diff_t *diff, dns_difftuple_t **tuple); -/* +/*%< * Append a single tuple to a diff. * - * 'diff' is a valid diff. - * '*tuple' is a valid tuple. + *\li 'diff' is a valid diff. + * \li '*tuple' is a valid tuple. * * Ensures: - * *tuple is NULL. - * The tuple has been freed, or will be freed when the diff is cleared. + *\li *tuple is NULL. + *\li The tuple has been freed, or will be freed when the diff is cleared. */ void dns_diff_appendminimal(dns_diff_t *diff, dns_difftuple_t **tuple); -/* +/*%< * Append 'tuple' to 'diff', removing any duplicate * or conflicting updates as needed to create a minimal diff. * * Requires: - * 'diff' is a minimal diff. + *\li 'diff' is a minimal diff. * * Ensures: - * 'diff' is still a minimal diff. - * *tuple is NULL. - * The tuple has been freed, or will be freed when the diff is cleared. + *\li 'diff' is still a minimal diff. + * \li *tuple is NULL. + * \li The tuple has been freed, or will be freed when the diff is cleared. * */ isc_result_t dns_diff_sort(dns_diff_t *diff, dns_diff_compare_func *compare); -/* +/*%< * Sort 'diff' in-place according to the comparison function 'compare'. */ @@ -223,7 +224,7 @@ isc_result_t dns_diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver); isc_result_t dns_diff_applysilently(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver); -/* +/*%< * Apply 'diff' to the database 'db'. * * dns_diff_apply() logs warnings about updates with no effect or @@ -234,44 +235,44 @@ dns_diff_applysilently(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver); * but less efficient. * * Requires: - * *diff is a valid diff (possibly empty), containing - * tuples of type DNS_DIFFOP_ADD and/or - * For DNS_DIFFOP_DEL tuples, the TTL is ignored. + *\li *diff is a valid diff (possibly empty), containing + * tuples of type #DNS_DIFFOP_ADD and/or + * For #DNS_DIFFOP_DEL tuples, the TTL is ignored. * */ isc_result_t dns_diff_load(dns_diff_t *diff, dns_addrdatasetfunc_t addfunc, void *add_private); -/* +/*%< * Like dns_diff_apply, but for use when loading a new database * instead of modifying an existing one. This bypasses the * database transaction mechanisms. * * Requires: - * 'addfunc' is a valid dns_addradatasetfunc_t obtained from + *\li 'addfunc' is a valid dns_addradatasetfunc_t obtained from * dns_db_beginload() * - * 'add_private' points to a corresponding dns_dbload_t * + *\li 'add_private' points to a corresponding dns_dbload_t * * (XXX why is it a void pointer, then?) */ isc_result_t dns_diff_print(dns_diff_t *diff, FILE *file); -/* +/*%< * Print the differences to 'file' or if 'file' is NULL via the * logging system. * * Require: - * 'diff' to be valid. - * 'file' to refer to a open file or NULL. + *\li 'diff' to be valid. + *\li 'file' to refer to a open file or NULL. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - * any error from dns_rdataset_totext() + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED + *\li any error from dns_rdataset_totext() */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/dispatch.h b/contrib/bind-9.5.2/lib/dns/include/dns/dispatch.h similarity index 59% rename from contrib/bind-9.3/lib/dns/include/dns/dispatch.h rename to contrib/bind-9.5.2/lib/dns/include/dns/dispatch.h index f7d844c0de..7d0f361f9b 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/dispatch.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/dispatch.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.h,v 1.45.2.2.4.2.26.1 2007/06/26 04:14:56 marka Exp $ */ +/* $Id: dispatch.h,v 1.56.128.7 2009/01/29 23:47:13 tbox Exp $ */ #ifndef DNS_DISPATCH_H #define DNS_DISPATCH_H 1 @@ -24,14 +24,14 @@ ***** Module Info *****/ -/* +/*! \file dns/dispatch.h + * \brief * DNS Dispatch Management - * * Shared UDP and single-use TCP dispatches for queries and responses. * * MP: * - * All locking is performed internally to each dispatch. + *\li All locking is performed internally to each dispatch. * Restrictions apply to dns_dispatch_removeresponse(). * * Reliability: @@ -40,12 +40,12 @@ * * Security: * - * Depends on the isc_socket_t and dns_message_t for prevention of + *\li Depends on the isc_socket_t and dns_message_t for prevention of * buffer overruns. * * Standards: * - * None. + *\li None. */ /*** @@ -55,13 +55,13 @@ #include #include #include -#include +#include #include ISC_LANG_BEGINDECLS -/* +/*% * This event is sent to a task when a response comes in. * No part of this structure should ever be modified by the caller, * other than parts of the buffer. The holy parts of the buffer are @@ -79,16 +79,17 @@ ISC_LANG_BEGINDECLS */ struct dns_dispatchevent { - ISC_EVENT_COMMON(dns_dispatchevent_t); /* standard event common */ - isc_result_t result; /* result code */ - isc_int32_t id; /* message id */ - isc_sockaddr_t addr; /* address recv'd from */ - struct in6_pktinfo pktinfo; /* reply info for v6 */ - isc_buffer_t buffer; /* data buffer */ - isc_uint32_t attributes; /* mirrored from socket.h */ + ISC_EVENT_COMMON(dns_dispatchevent_t); /*%< standard event common */ + isc_result_t result; /*%< result code */ + isc_int32_t id; /*%< message id */ + isc_sockaddr_t addr; /*%< address recv'd from */ + struct in6_pktinfo pktinfo; /*%< reply info for v6 */ + isc_buffer_t buffer; /*%< data buffer */ + isc_uint32_t attributes; /*%< mirrored from socket.h */ }; -/* +/*@{*/ +/*% * Attributes for added dispatchers. * * Values with the mask 0xffff0000 are application defined. @@ -104,7 +105,7 @@ struct dns_dispatchevent { * The dispatcher is a TCP or UDP socket. * * _IPV4, _IPV6 - * The dispatcher uses an ipv4 or ipv6 socket. + * The dispatcher uses an IPv4 or IPv6 socket. * * _NOLISTEN * The dispatcher should not listen on the socket. @@ -114,7 +115,12 @@ struct dns_dispatchevent { * accept replies from them. * * _RANDOMPORT - * Allocate UDP port randomly. + * Previously used to indicate that the port of a dispatch UDP must be + * chosen randomly. This behavior now always applies and the attribute + * is obsoleted. + * + * _EXCLUSIVE + * A separate socket will be used on-demand for each transaction. */ #define DNS_DISPATCHATTR_PRIVATE 0x00000001U #define DNS_DISPATCHATTR_TCP 0x00000002U @@ -124,87 +130,112 @@ struct dns_dispatchevent { #define DNS_DISPATCHATTR_NOLISTEN 0x00000020U #define DNS_DISPATCHATTR_MAKEQUERY 0x00000040U #define DNS_DISPATCHATTR_CONNECTED 0x00000080U -#define DNS_DISPATCHATTR_RANDOMPORT 0x00000100U +/*#define DNS_DISPATCHATTR_RANDOMPORT 0x00000100U*/ +#define DNS_DISPATCHATTR_EXCLUSIVE 0x00000200U +/*@}*/ isc_result_t dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy, dns_dispatchmgr_t **mgrp); -/* +/*%< * Creates a new dispatchmgr object. * * Requires: - * "mctx" be a valid memory context. + *\li "mctx" be a valid memory context. * - * mgrp != NULL && *mgrp == NULL + *\li mgrp != NULL && *mgrp == NULL * - * "entropy" may be NULL, in which case an insecure random generator + *\li "entropy" may be NULL, in which case an insecure random generator * will be used. If it is non-NULL, it must be a valid entropy * source. * * Returns: - * ISC_R_SUCCESS -- all ok + *\li ISC_R_SUCCESS -- all ok * - * anything else -- failure + *\li anything else -- failure */ void dns_dispatchmgr_destroy(dns_dispatchmgr_t **mgrp); -/* +/*%< * Destroys the dispatchmgr when it becomes empty. This could be * immediately. * * Requires: - * mgrp != NULL && *mgrp is a valid dispatchmgr. + *\li mgrp != NULL && *mgrp is a valid dispatchmgr. */ void dns_dispatchmgr_setblackhole(dns_dispatchmgr_t *mgr, dns_acl_t *blackhole); -/* +/*%< * Sets the dispatcher's "blackhole list," a list of addresses that will * be ignored by all dispatchers created by the dispatchmgr. * * Requires: - * mgrp is a valid dispatchmgr - * blackhole is a valid acl + * \li mgrp is a valid dispatchmgr + * \li blackhole is a valid acl */ dns_acl_t * dns_dispatchmgr_getblackhole(dns_dispatchmgr_t *mgr); -/* +/*%< * Gets a pointer to the dispatcher's current blackhole list, * without incrementing its reference count. * * Requires: - * mgr is a valid dispatchmgr + *\li mgr is a valid dispatchmgr * Returns: - * A pointer to the current blackhole list, or NULL. + *\li A pointer to the current blackhole list, or NULL. */ void dns_dispatchmgr_setblackportlist(dns_dispatchmgr_t *mgr, - dns_portlist_t *portlist); -/* - * Sets a list of UDP ports that won't be used when creating a udp - * dispatch with a wildcard port. + dns_portlist_t *portlist); +/*%< + * This function is deprecated. Use dns_dispatchmgr_setavailports() instead. * * Requires: - * mgr is a valid dispatchmgr - * portlist to be NULL or a valid port list. + *\li mgr is a valid dispatchmgr */ dns_portlist_t * dns_dispatchmgr_getblackportlist(dns_dispatchmgr_t *mgr); -/* - * Return the current port list. +/*%< + * This function is deprecated and always returns NULL. * * Requires: - * mgr is a valid dispatchmgr + *\li mgr is a valid dispatchmgr */ +isc_result_t +dns_dispatchmgr_setavailports(dns_dispatchmgr_t *mgr, isc_portset_t *v4portset, + isc_portset_t *v6portset); +/*%< + * Sets a list of UDP ports that can be used for outgoing UDP messages. + * + * Requires: + *\li mgr is a valid dispatchmgr + *\li v4portset is NULL or a valid port set + *\li v6portset is NULL or a valid port set + */ +void +dns_dispatchmgr_setstats(dns_dispatchmgr_t *mgr, isc_stats_t *stats); +/*%< + * Sets statistics counter for the dispatchmgr. This function is expected to + * be called only on zone creation (when necessary). + * Once installed, it cannot be removed or replaced. Also, there is no + * interface to get the installed stats from the zone; the caller must keep the + * stats to reference (e.g. dump) it later. + * + * Requires: + *\li mgr is a valid dispatchmgr with no managed dispatch. + *\li stats is a valid statistics supporting resolver statistics counters + * (see dns/stats.h). + */ isc_result_t dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, @@ -214,29 +245,29 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, unsigned int buckets, unsigned int increment, unsigned int attributes, unsigned int mask, dns_dispatch_t **dispp); -/* +/*%< * Attach to existing dns_dispatch_t if one is found with dns_dispatchmgr_find, * otherwise create a new UDP dispatch. * * Requires: - * All pointer parameters be valid for their respective types. + *\li All pointer parameters be valid for their respective types. * - * dispp != NULL && *disp == NULL + *\li dispp != NULL && *disp == NULL * - * 512 <= buffersize <= 64k + *\li 512 <= buffersize <= 64k * - * maxbuffers > 0 + *\li maxbuffers > 0 * - * buckets < 2097169 + *\li buckets < 2097169 * - * increment > buckets + *\li increment > buckets * - * (attributes & DNS_DISPATCHATTR_TCP) == 0 + *\li (attributes & DNS_DISPATCHATTR_TCP) == 0 * * Returns: - * ISC_R_SUCCESS -- success. + *\li ISC_R_SUCCESS -- success. * - * Anything else -- failure. + *\li Anything else -- failure. */ isc_result_t @@ -245,7 +276,7 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, unsigned int maxbuffers, unsigned int maxrequests, unsigned int buckets, unsigned int increment, unsigned int attributes, dns_dispatch_t **dispp); -/* +/*%< * Create a new dns_dispatch and attach it to the provided isc_socket_t. * * For all dispatches, "buffersize" is the maximum packet size we will @@ -262,65 +293,71 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock, * * Requires: * - * mgr is a valid dispatch manager. + *\li mgr is a valid dispatch manager. * - * sock is a valid. + *\li sock is a valid. * - * task is a valid task that can be used internally to this dispatcher. + *\li task is a valid task that can be used internally to this dispatcher. * - * 512 <= buffersize <= 64k + * \li 512 <= buffersize <= 64k * - * maxbuffers > 0. + *\li maxbuffers > 0. * - * maxrequests <= maxbuffers. + *\li maxrequests <= maxbuffers. * - * buckets < 2097169 (the next prime after 65536 * 32) + *\li buckets < 2097169 (the next prime after 65536 * 32) * - * increment > buckets (and prime). + *\li increment > buckets (and prime). * - * attributes includes DNS_DISPATCHATTR_TCP and does not include - * DNS_DISPATCHATTR_UDP. + *\li attributes includes #DNS_DISPATCHATTR_TCP and does not include + * #DNS_DISPATCHATTR_UDP. * * Returns: - * ISC_R_SUCCESS -- success. + *\li ISC_R_SUCCESS -- success. * - * Anything else -- failure. + *\li Anything else -- failure. */ void dns_dispatch_attach(dns_dispatch_t *disp, dns_dispatch_t **dispp); -/* +/*%< * Attach to a dispatch handle. * * Requires: - * disp is valid. + *\li disp is valid. * - * dispp != NULL && *dispp == NULL + *\li dispp != NULL && *dispp == NULL */ void dns_dispatch_detach(dns_dispatch_t **dispp); -/* +/*%< * Detaches from the dispatch. * * Requires: - * dispp != NULL and *dispp be a valid dispatch. + *\li dispp != NULL and *dispp be a valid dispatch. */ void dns_dispatch_starttcp(dns_dispatch_t *disp); -/* +/*%< * Start processing of a TCP dispatch once the socket connects. * * Requires: - * 'disp' is valid. + *\li 'disp' is valid. */ +isc_result_t +dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest, + isc_task_t *task, isc_taskaction_t action, void *arg, + isc_uint16_t *idp, dns_dispentry_t **resp, + isc_socketmgr_t *sockmgr); + isc_result_t dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, isc_task_t *task, isc_taskaction_t action, void *arg, isc_uint16_t *idp, dns_dispentry_t **resp); -/* +/*%< * Add a response entry for this dispatch. * * "*idp" is filled in with the assigned message ID, and *resp is filled in @@ -331,24 +368,28 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, * or through dns_dispatch_removeresponse() for another to be delivered. * * Requires: - * "idp" be non-NULL. + *\li "idp" be non-NULL. + * + *\li "task" "action" and "arg" be set as appropriate. * - * "task" "action" and "arg" be set as appropriate. + *\li "dest" be non-NULL and valid. * - * "dest" be non-NULL and valid. + *\li "resp" be non-NULL and *resp be NULL * - * "resp" be non-NULL and *resp be NULL + *\li "sockmgr" be NULL or a valid socket manager. If 'disp' has + * the DNS_DISPATCHATTR_EXCLUSIVE attribute, this must not be NULL, + * which also means dns_dispatch_addresponse() cannot be used. * * Ensures: * - * is a unique tuple. That means incoming messages + *\li <id, dest> is a unique tuple. That means incoming messages * are identifiable. * * Returns: * - * ISC_R_SUCCESS -- all is well. - * ISC_R_NOMEMORY -- memory could not be allocated. - * ISC_R_NOMORE -- no more message ids can be allocated + *\li ISC_R_SUCCESS -- all is well. + *\li ISC_R_NOMEMORY -- memory could not be allocated. + *\li ISC_R_NOMORE -- no more message ids can be allocated * for this destination. */ @@ -356,88 +397,102 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest, void dns_dispatch_removeresponse(dns_dispentry_t **resp, dns_dispatchevent_t **sockevent); -/* +/*%< * Stops the flow of responses for the provided id and destination. * If "sockevent" is non-NULL, the dispatch event and associated buffer is * also returned to the system. * * Requires: - * "resp" != NULL and "*resp" contain a value previously allocated + *\li "resp" != NULL and "*resp" contain a value previously allocated * by dns_dispatch_addresponse(); * - * May only be called from within the task given as the 'task' + *\li May only be called from within the task given as the 'task' * argument to dns_dispatch_addresponse() when allocating '*resp'. */ +isc_socket_t * +dns_dispatch_getentrysocket(dns_dispentry_t *resp); isc_socket_t * dns_dispatch_getsocket(dns_dispatch_t *disp); -/* +/*%< * Return the socket associated with this dispatcher. * * Requires: - * disp is valid. + *\li disp is valid. * * Returns: - * The socket the dispatcher is using. + *\li The socket the dispatcher is using. */ -isc_result_t +isc_result_t dns_dispatch_getlocaladdress(dns_dispatch_t *disp, isc_sockaddr_t *addrp); -/* +/*%< * Return the local address for this dispatch. * This currently only works for dispatches using UDP sockets. * * Requires: - * disp is valid. - * addrp to be non null. + *\li disp is valid. + *\li addrp to be non null. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTIMPLEMENTED + *\li ISC_R_SUCCESS + *\li ISC_R_NOTIMPLEMENTED */ void dns_dispatch_cancel(dns_dispatch_t *disp); -/* +/*%< * cancel outstanding clients * * Requires: - * disp is valid. + *\li disp is valid. + */ + +unsigned int +dns_dispatch_getattributes(dns_dispatch_t *disp); +/*%< + * Return the attributes (DNS_DISPATCHATTR_xxx) of this dispatch. Only the + * non-changeable attributes are expected to be referenced by the caller. + * + * Requires: + *\li disp is valid. */ void dns_dispatch_changeattributes(dns_dispatch_t *disp, unsigned int attributes, unsigned int mask); -/* +/*%< * Set the bits described by "mask" to the corresponding values in * "attributes". * * That is: * + * \code * new = (old & ~mask) | (attributes & mask) + * \endcode * - * This function has a side effect when DNS_DISPATCHATTR_NOLISTEN changes. + * This function has a side effect when #DNS_DISPATCHATTR_NOLISTEN changes. * When the flag becomes off, the dispatch will start receiving on the * corresponding socket. When the flag becomes on, receive events on the * corresponding socket will be canceled. * * Requires: - * disp is valid. + *\li disp is valid. * - * attributes are reasonable for the dispatch. That is, setting the UDP + *\li attributes are reasonable for the dispatch. That is, setting the UDP * attribute on a TCP socket isn't reasonable. */ void dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event); -/* +/*%< * Inform the dispatcher of a socket receive. This is used for sockets * shared between dispatchers and clients. If the dispatcher fails to copy * or send the event, nothing happens. * * Requires: - * disp is valid, and the attribute DNS_DISPATCHATTR_NOLISTEN is set. + *\li disp is valid, and the attribute DNS_DISPATCHATTR_NOLISTEN is set. * event != NULL */ diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/dlz.h b/contrib/bind-9.5.2/lib/dns/include/dns/dlz.h new file mode 100644 index 0000000000..8efa0142b5 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/dlz.h @@ -0,0 +1,290 @@ +/* + * Portions Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlz.h,v 1.7.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +/*! \file dns/dlz.h */ + +#ifndef DLZ_H +#define DLZ_H 1 + +/***** + ***** Module Info + *****/ + +/* + * DLZ Interface + * + * The DLZ interface allows zones to be looked up using a driver instead of + * Bind's default in memory zone table. + * + * + * Reliability: + * No anticipated impact. + * + * Resources: + * + * Security: + * No anticipated impact. + * + * Standards: + * None. + */ + +/***** + ***** Imports + *****/ + +#include +#include +#include + +#include + +ISC_LANG_BEGINDECLS + +/*** + *** Types + ***/ + +#define DNS_DLZ_MAGIC ISC_MAGIC('D','L','Z','D') +#define DNS_DLZ_VALID(dlz) ISC_MAGIC_VALID(dlz, DNS_DLZ_MAGIC) + +typedef isc_result_t +(*dns_dlzallowzonexfr_t)(void *driverarg, void *dbdata, isc_mem_t *mctx, + dns_rdataclass_t rdclass, dns_name_t *name, + isc_sockaddr_t *clientaddr, + dns_db_t **dbp); + +/*%< + * Method prototype. Drivers implementing the DLZ interface MUST + * supply an allow zone transfer method. This method is called when + * the DNS server is performing a zone transfer query. The driver's + * method should return ISC_R_SUCCESS and a database pointer to the + * name server if the zone is supported by the database, and zone + * transfer is allowed. Otherwise it will return ISC_R_NOTFOUND if + * the zone is not supported by the database, or ISC_R_NOPERM if zone + * transfers are not allowed. If an error occurs it should return a + * result code indicating the type of error. + */ + +typedef isc_result_t +(*dns_dlzcreate_t)(isc_mem_t *mctx, const char *dlzname, unsigned int argc, + char *argv[], void *driverarg, void **dbdata); + +/*%< + * Method prototype. Drivers implementing the DLZ interface MUST + * supply a create method. This method is called when the DNS server + * is starting up and creating drivers for use later. + */ + +typedef void +(*dns_dlzdestroy_t)(void *driverarg, void **dbdata); + +/*%< + * Method prototype. Drivers implementing the DLZ interface MUST + * supply a destroy method. This method is called when the DNS server + * is shutting down and no longer needs the driver. + */ + +typedef isc_result_t +(*dns_dlzfindzone_t)(void *driverarg, void *dbdata, isc_mem_t *mctx, + dns_rdataclass_t rdclass, dns_name_t *name, + dns_db_t **dbp); + +/*%< + + * Method prototype. Drivers implementing the DLZ interface MUST + * supply a find zone method. This method is called when the DNS + * server is performing a query. The find zone method will be called + * with the longest possible name first, and continue to be called + * with successively shorter domain names, until any of the following + * occur: + * + * \li 1) a match is found, and the function returns (ISC_R_SUCCESS) + * + * \li 2) a problem occurs, and the functions returns anything other + * than (ISC_R_NOTFOUND) + * \li 3) we run out of domain name labels. I.E. we have tried the + * shortest domain name + * \li 4) the number of labels in the domain name is less than + * min_labels for dns_dlzfindzone + * + * The driver's find zone method should return ISC_R_SUCCESS and a + * database pointer to the name server if the zone is supported by the + * database. Otherwise it will return ISC_R_NOTFOUND, and a null + * pointer if the zone is not supported. If an error occurs it should + * return a result code indicating the type of error. + */ + +/*% the methods supplied by a DLZ driver */ +typedef struct dns_dlzmethods { + dns_dlzcreate_t create; + dns_dlzdestroy_t destroy; + dns_dlzfindzone_t findzone; + dns_dlzallowzonexfr_t allowzonexfr; +} dns_dlzmethods_t; + +/*% information about a DLZ driver */ +struct dns_dlzimplementation { + const char *name; + const dns_dlzmethods_t *methods; + isc_mem_t *mctx; + void *driverarg; + ISC_LINK(dns_dlzimplementation_t) link; +}; + +/*% an instance of a DLZ driver */ +struct dns_dlzdb { + unsigned int magic; + isc_mem_t *mctx; + dns_dlzimplementation_t *implementation; + void *dbdata; +}; + + +/*** + *** Method declarations + ***/ + +isc_result_t +dns_dlzallowzonexfr(dns_view_t *view, dns_name_t *name, + isc_sockaddr_t *clientaddr, dns_db_t **dbp); + +/*%< + * This method is called when the DNS server is performing a zone + * transfer query. It will call the DLZ driver's allow zone transfer + * method. + */ + +isc_result_t +dns_dlzcreate(isc_mem_t *mctx, const char *dlzname, + const char *drivername, unsigned int argc, + char *argv[], dns_dlzdb_t **dbp); + +/*%< + * This method is called when the DNS server is starting up and + * creating drivers for use later. It will search the DLZ driver list + * for 'drivername' and return a DLZ driver via dbp if a match is + * found. If the DLZ driver supplies a create method, this function + * will call it. + */ + +void +dns_dlzdestroy(dns_dlzdb_t **dbp); + +/*%< + * This method is called when the DNS server is shutting down and no + * longer needs the driver. If the DLZ driver supplies a destroy + * methods, this function will call it. + */ + +isc_result_t +dns_dlzfindzone(dns_view_t *view, dns_name_t *name, + unsigned int minlabels, dns_db_t **dbp); + +/*%< + * This method is called when the DNS server is performing a query. + * It will call the DLZ driver's find zone method. + */ + +isc_result_t +dns_dlzregister(const char *drivername, const dns_dlzmethods_t *methods, + void *driverarg, isc_mem_t *mctx, + dns_dlzimplementation_t **dlzimp); + +/*%< + * Register a dynamically loadable zones (DLZ) driver for the database + * type 'drivername', implemented by the functions in '*methods'. + * + * dlzimp must point to a NULL dlz_implementation_t pointer. That is, + * dlzimp != NULL && *dlzimp == NULL. It will be assigned a value that + * will later be used to identify the driver when deregistering it. + */ + +isc_result_t +dns_dlzstrtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp); + +/*%< + * This method is called when the name server is starting up to parse + * the DLZ driver command line from named.conf. Basically it splits + * up a string into and argc / argv. The primary difference of this + * method is items between braces { } are considered only 1 word. for + * example the command line "this is { one grouped phrase } and this + * isn't" would be parsed into: + * + * \li argv[0]: "this" + * \li argv[1]: "is" + * \li argv{2]: " one grouped phrase " + * \li argv[3]: "and" + * \li argv[4]: "this" + * \li argv{5}: "isn't" + * + * braces should NOT be nested, more than one grouping in the command + * line is allowed. Notice, argv[2] has an extra space at the + * beginning and end. Extra spaces are not stripped between a + * grouping. You can do so in your driver if needed, or be sure not + * to put extra spaces before / after the braces. + */ + +void +dns_dlzunregister(dns_dlzimplementation_t **dlzimp); + +/*%< + * Removes the dlz driver from the list of registered dlz drivers. + * There must be no active dlz drivers of this type when this function + * is called. + */ + +ISC_LANG_ENDDECLS + +#endif /* DLZ_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/dnssec.h b/contrib/bind-9.5.2/lib/dns/include/dns/dnssec.h similarity index 62% rename from contrib/bind-9.3/lib/dns/include/dns/dnssec.h rename to contrib/bind-9.5.2/lib/dns/include/dns/dnssec.h index 5f86178a84..f8a59d05f8 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/dnssec.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/dnssec.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.h,v 1.21.12.5 2004/03/08 09:04:35 marka Exp $ */ +/* $Id: dnssec.h,v 1.32 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DNSSEC_H #define DNS_DNSSEC_H 1 +/*! \file dns/dnssec.h */ + #include #include @@ -32,51 +34,51 @@ ISC_LANG_BEGINDECLS isc_result_t dns_dnssec_keyfromrdata(dns_name_t *name, dns_rdata_t *rdata, isc_mem_t *mctx, dst_key_t **key); -/* +/*%< * Creates a DST key from a DNS record. Basically a wrapper around * dst_key_fromdns(). * * Requires: - * 'name' is not NULL - * 'rdata' is not NULL - * 'mctx' is not NULL - * 'key' is not NULL - * '*key' is NULL + *\li 'name' is not NULL + *\li 'rdata' is not NULL + *\li 'mctx' is not NULL + *\li 'key' is not NULL + *\li '*key' is NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * DST_R_INVALIDPUBLICKEY - * various errors from dns_name_totext + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li DST_R_INVALIDPUBLICKEY + *\li various errors from dns_name_totext */ isc_result_t dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, isc_stdtime_t *inception, isc_stdtime_t *expire, isc_mem_t *mctx, isc_buffer_t *buffer, dns_rdata_t *sigrdata); -/* +/*%< * Generates a SIG record covering this rdataset. This has no effect * on existing SIG records. * * Requires: - * 'name' (the owner name of the record) is a valid name - * 'set' is a valid rdataset - * 'key' is a valid key - * 'inception' is not NULL - * 'expire' is not NULL - * 'mctx' is not NULL - * 'buffer' is not NULL - * 'sigrdata' is not NULL + *\li 'name' (the owner name of the record) is a valid name + *\li 'set' is a valid rdataset + *\li 'key' is a valid key + *\li 'inception' is not NULL + *\li 'expire' is not NULL + *\li 'mctx' is not NULL + *\li 'buffer' is not NULL + *\li 'sigrdata' is not NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NOSPACE - * DNS_R_INVALIDTIME - the expiration is before the inception - * DNS_R_KEYUNAUTHORIZED - the key cannot sign this data (either + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_NOSPACE + *\li #DNS_R_INVALIDTIME - the expiration is before the inception + *\li #DNS_R_KEYUNAUTHORIZED - the key cannot sign this data (either * it is not a zone key or its flags prevent * authentication) - * DST_R_* + *\li DST_R_* */ isc_result_t @@ -88,35 +90,36 @@ isc_result_t dns_dnssec_verify2(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, isc_boolean_t ignoretime, isc_mem_t *mctx, dns_rdata_t *sigrdata, dns_name_t *wild); -/* +/*%< * Verifies the SIG record covering this rdataset signed by a specific * key. This does not determine if the key's owner is authorized to * sign this record, as this requires a resolver or database. * If 'ignoretime' is ISC_TRUE, temporal validity will not be checked. * * Requires: - * 'name' (the owner name of the record) is a valid name - * 'set' is a valid rdataset - * 'key' is a valid key - * 'mctx' is not NULL - * 'sigrdata' is a valid rdata containing a SIG record - * 'wild' if non-NULL then is a valid and has a buffer. + *\li 'name' (the owner name of the record) is a valid name + *\li 'set' is a valid rdataset + *\li 'key' is a valid key + *\li 'mctx' is not NULL + *\li 'sigrdata' is a valid rdata containing a SIG record + *\li 'wild' if non-NULL then is a valid and has a buffer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * DNS_R_FROMWILDCARD - the signature is valid and is from + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #DNS_R_FROMWILDCARD - the signature is valid and is from * a wildcard expansion. dns_dnssec_verify2() only. * 'wild' contains the name of the wildcard if non-NULL. - * DNS_R_SIGINVALID - the signature fails to verify - * DNS_R_SIGEXPIRED - the signature has expired - * DNS_R_SIGFUTURE - the signature's validity period has not begun - * DNS_R_KEYUNAUTHORIZED - the key cannot sign this data (either + *\li #DNS_R_SIGINVALID - the signature fails to verify + *\li #DNS_R_SIGEXPIRED - the signature has expired + *\li #DNS_R_SIGFUTURE - the signature's validity period has not begun + *\li #DNS_R_KEYUNAUTHORIZED - the key cannot sign this data (either * it is not a zone key or its flags prevent * authentication) - * DST_R_* + *\li DST_R_* */ +/*@{*/ isc_result_t dns_dnssec_findzonekeys(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, dns_name_t *name, isc_mem_t *mctx, @@ -128,50 +131,51 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, const char *directory, isc_mem_t *mctx, unsigned int maxkeys, dst_key_t **keys, unsigned int *nkeys); -/* +/*%< * Finds a set of zone keys. * XXX temporary - this should be handled in dns_zone_t. */ +/*@}*/ isc_result_t dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key); -/* +/*%< * Signs a message with a SIG(0) record. This is implicitly called by * dns_message_renderend() if msg->sig0key is not NULL. * * Requires: - * 'msg' is a valid message - * 'key' is a valid key that can be used for signing + *\li 'msg' is a valid message + *\li 'key' is a valid key that can be used for signing * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * DST_R_* + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li DST_R_* */ isc_result_t dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, dst_key_t *key); -/* +/*%< * Verifies a message signed by a SIG(0) record. This is not * called implicitly by dns_message_parse(). If dns_message_signer() * is called before dns_dnssec_verifymessage(), it will return - * DNS_R_NOTVERIFIEDYET. dns_dnssec_verifymessage() will set + * #DNS_R_NOTVERIFIEDYET. dns_dnssec_verifymessage() will set * the verified_sig0 flag in msg if the verify succeeds, and * the sig0status field otherwise. * * Requires: - * 'source' is a valid buffer containing the unparsed message - * 'msg' is a valid message - * 'key' is a valid key + *\li 'source' is a valid buffer containing the unparsed message + *\li 'msg' is a valid message + *\li 'key' is a valid key * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NOTFOUND - no SIG(0) was found - * DNS_R_SIGINVALID - the SIG record is not well-formed or + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_NOTFOUND - no SIG(0) was found + *\li #DNS_R_SIGINVALID - the SIG record is not well-formed or * was not generated by the key. - * DST_R_* + *\li DST_R_* */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/ds.h b/contrib/bind-9.5.2/lib/dns/include/dns/ds.h similarity index 62% rename from contrib/bind-9.3/lib/dns/include/dns/ds.h rename to contrib/bind-9.5.2/lib/dns/include/dns/ds.h index 979ac9f673..b59fb83902 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/ds.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/ds.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ds.h,v 1.3.2.1 2004/03/08 02:08:00 marka Exp $ */ +/* $Id: ds.h,v 1.10 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DS_H #define DNS_DS_H 1 @@ -25,11 +25,12 @@ #include #define DNS_DSDIGEST_SHA1 (1) +#define DNS_DSDIGEST_SHA256 (2) /* - * Assuming SHA-1 digest type. + * Assuming SHA-256 digest type. */ -#define DNS_DS_BUFFERSIZE (24) +#define DNS_DS_BUFFERSIZE (36) ISC_LANG_BEGINDECLS @@ -37,20 +38,26 @@ isc_result_t dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key, unsigned int digest_type, unsigned char *buffer, dns_rdata_t *rdata); -/* +/*%< * Build the rdata of a DS record. * * Requires: - * key Points to a valid DNS KEY record. - * buffer Points to a temporary buffer of at least - * DNS_DS_BUFFERSIZE bytes. - * rdata Points to an initialized dns_rdata_t. + *\li key Points to a valid DNS KEY record. + *\li buffer Points to a temporary buffer of at least + * #DNS_DS_BUFFERSIZE bytes. + *\li rdata Points to an initialized dns_rdata_t. * * Ensures: - * *rdata Contains a valid DS rdata. The 'data' member refers + * \li *rdata Contains a valid DS rdata. The 'data' member refers * to 'buffer'. */ +isc_boolean_t +dns_ds_digest_supported(unsigned int digest_type); +/*%< + * Is this digest algorithm supported by dns_ds_buildrdata()? + */ + ISC_LANG_ENDDECLS #endif /* DNS_DS_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/events.h b/contrib/bind-9.5.2/lib/dns/include/dns/events.h similarity index 85% rename from contrib/bind-9.3/lib/dns/include/dns/events.h rename to contrib/bind-9.5.2/lib/dns/include/dns/events.h index 1e66139efb..6008ebf5bd 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/events.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/events.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,14 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: events.h,v 1.37.2.1.4.4 2004/03/08 09:04:36 marka Exp $ */ +/* $Id: events.h,v 1.49.128.2 2009/05/07 23:46:32 tbox Exp $ */ #ifndef DNS_EVENTS_H #define DNS_EVENTS_H 1 #include -/* +/*! \file dns/events.h + * \brief * Registry of DNS event numbers. */ @@ -63,6 +64,11 @@ #define DNS_EVENT_DUMPQUANTUM (ISC_EVENTCLASS_DNS + 34) #define DNS_EVENT_IMPORTRECVDONE (ISC_EVENTCLASS_DNS + 35) #define DNS_EVENT_FREESTORAGE (ISC_EVENTCLASS_DNS + 36) +#define DNS_EVENT_VIEWACACHESHUTDOWN (ISC_EVENTCLASS_DNS + 37) +#define DNS_EVENT_ACACHECONTROL (ISC_EVENTCLASS_DNS + 38) +#define DNS_EVENT_ACACHECLEAN (ISC_EVENTCLASS_DNS + 39) +#define DNS_EVENT_ACACHEOVERMEM (ISC_EVENTCLASS_DNS + 40) +#define DNS_EVENT_RBTPRUNE (ISC_EVENTCLASS_DNS + 41) #define DNS_EVENT_FIRSTEVENT (ISC_EVENTCLASS_DNS + 0) #define DNS_EVENT_LASTEVENT (ISC_EVENTCLASS_DNS + 65535) diff --git a/contrib/bind-9.3/lib/dns/include/dns/fixedname.h b/contrib/bind-9.5.2/lib/dns/include/dns/fixedname.h similarity index 81% rename from contrib/bind-9.3/lib/dns/include/dns/fixedname.h rename to contrib/bind-9.5.2/lib/dns/include/dns/fixedname.h index 3ee306fcfc..5a2aaf333e 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/fixedname.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/fixedname.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: fixedname.h,v 1.12.206.1 2004/03/06 08:13:55 marka Exp $ */ +/* $Id: fixedname.h,v 1.19 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_FIXEDNAME_H #define DNS_FIXEDNAME_H 1 @@ -24,28 +24,31 @@ ***** Module Info *****/ -/* +/*! \file dns/fixedname.h + * \brief * Fixed-size Names * * dns_fixedname_t is a convenience type containing a name, an offsets table, * and a dedicated buffer big enough for the longest possible name. * * MP: - * The caller must ensure any required synchronization. + *\li The caller must ensure any required synchronization. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * Per dns_fixedname_t: + *\li Per dns_fixedname_t: + *\code * sizeof(dns_name_t) + sizeof(dns_offsets_t) + * sizeof(isc_buffer_t) + 255 bytes + structure padding + *\endcode * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ /***** diff --git a/contrib/bind-9.3/lib/dns/include/dns/forward.h b/contrib/bind-9.5.2/lib/dns/include/dns/forward.h similarity index 62% rename from contrib/bind-9.3/lib/dns/include/dns/forward.h rename to contrib/bind-9.5.2/lib/dns/include/dns/forward.h index 1eb62d2a99..512c5e3c6e 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/forward.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/forward.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: forward.h,v 1.2.206.3 2005/03/17 03:58:31 marka Exp $ */ +/* $Id: forward.h,v 1.11 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_FORWARD_H #define DNS_FORWARD_H 1 +/*! \file dns/forward.h */ + #include #include @@ -34,68 +36,81 @@ struct dns_forwarders { isc_result_t dns_fwdtable_create(isc_mem_t *mctx, dns_fwdtable_t **fwdtablep); -/* +/*%< * Creates a new forwarding table. * * Requires: - * mctx is a valid memory context. - * fwdtablep != NULL && *fwdtablep == NULL + * \li mctx is a valid memory context. + * \li fwdtablep != NULL && *fwdtablep == NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY */ isc_result_t dns_fwdtable_add(dns_fwdtable_t *fwdtable, dns_name_t *name, isc_sockaddrlist_t *addrs, dns_fwdpolicy_t policy); -/* +/*%< * Adds an entry to the forwarding table. The entry associates * a domain with a list of forwarders and a forwarding policy. The * addrs list is copied if not empty, so the caller should free its copy. * * Requires: - * fwdtable is a valid forwarding table. - * name is a valid name - * addrs is a valid list of sockaddrs, which may be empty. + * \li fwdtable is a valid forwarding table. + * \li name is a valid name + * \li addrs is a valid list of sockaddrs, which may be empty. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY */ isc_result_t dns_fwdtable_find(dns_fwdtable_t *fwdtable, dns_name_t *name, dns_forwarders_t **forwardersp); +/*%< + * Finds a domain in the forwarding table. The closest matching parent + * domain is returned. + * + * Requires: + * \li fwdtable is a valid forwarding table. + * \li name is a valid name + * \li forwardersp != NULL && *forwardersp == NULL + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND + */ isc_result_t dns_fwdtable_find2(dns_fwdtable_t *fwdtable, dns_name_t *name, dns_name_t *foundname, dns_forwarders_t **forwardersp); -/* +/*%< * Finds a domain in the forwarding table. The closest matching parent * domain is returned. * * Requires: - * fwdtable is a valid forwarding table. - * name is a valid name - * forwardersp != NULL && *forwardersp == NULL - * foundname to be NULL or a valid name with buffer. + * \li fwdtable is a valid forwarding table. + * \li name is a valid name + * \li forwardersp != NULL && *forwardersp == NULL + * \li foundname to be NULL or a valid name with buffer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND */ void dns_fwdtable_destroy(dns_fwdtable_t **fwdtablep); -/* +/*%< * Destroys a forwarding table. * * Requires: - * fwtablep != NULL && *fwtablep != NULL + * \li fwtablep != NULL && *fwtablep != NULL * * Ensures: - * all memory associated with the forwarding table is freed. + * \li all memory associated with the forwarding table is freed. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/iptable.h b/contrib/bind-9.5.2/lib/dns/include/dns/iptable.h new file mode 100644 index 0000000000..d7eb140dc0 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/iptable.h @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: iptable.h,v 1.4 2007/09/14 01:46:05 marka Exp $ */ + +#ifndef DNS_IPTABLE_H +#define DNS_IPTABLE_H 1 + +#include +#include +#include + +struct dns_iptable { + unsigned int magic; + isc_mem_t *mctx; + isc_refcount_t refcount; + isc_radix_tree_t *radix; + ISC_LINK(dns_iptable_t) nextincache; +}; + +#define DNS_IPTABLE_MAGIC ISC_MAGIC('T','a','b','l') +#define DNS_IPTABLE_VALID(a) ISC_MAGIC_VALID(a, DNS_IPTABLE_MAGIC) + +/*** + *** Functions + ***/ + +ISC_LANG_BEGINDECLS + +isc_result_t +dns_iptable_create(isc_mem_t *mctx, dns_iptable_t **target); +/* + * Create a new IP table and the underlying radix structure + */ + +isc_result_t +dns_iptable_addprefix(dns_iptable_t *tab, isc_netaddr_t *addr, + isc_uint16_t bitlen, isc_boolean_t pos); +/* + * Add an IP prefix to an existing IP table + */ + +isc_result_t +dns_iptable_merge(dns_iptable_t *tab, dns_iptable_t *source, isc_boolean_t pos); +/* + * Merge one IP table into another one. + */ + +void +dns_iptable_attach(dns_iptable_t *source, dns_iptable_t **target); + +void +dns_iptable_detach(dns_iptable_t **tabp); + +ISC_LANG_ENDDECLS + +#endif /* DNS_IPTABLE_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/journal.h b/contrib/bind-9.5.2/lib/dns/include/dns/journal.h similarity index 80% rename from contrib/bind-9.3/lib/dns/include/dns/journal.h rename to contrib/bind-9.5.2/lib/dns/include/dns/journal.h index fdf609404e..f044143118 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/journal.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/journal.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.h,v 1.23.12.3 2004/03/08 09:04:36 marka Exp $ */ +/* $Id: journal.h,v 1.31.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_JOURNAL_H #define DNS_JOURNAL_H 1 @@ -24,8 +24,9 @@ ***** Module Info *****/ -/* - * Database journalling. +/*! \file dns/journal.h + * \brief + * Database journaling. */ /*** @@ -44,7 +45,7 @@ *** Types ***/ -/* +/*% * A dns_journal_t represents an open journal file. This is an opaque type. * * A particular dns_journal_t object may be opened for writing, in which case @@ -67,19 +68,21 @@ ISC_LANG_BEGINDECLS isc_result_t dns_db_createsoatuple(dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, dns_diffop_t op, dns_difftuple_t **tp); -/* +/*!< brief * Create a diff tuple for the current database SOA. * XXX this probably belongs somewhere else. */ +/*@{*/ #define DNS_SERIAL_GT(a, b) ((int)(((a) - (b)) & 0xFFFFFFFF) > 0) #define DNS_SERIAL_GE(a, b) ((int)(((a) - (b)) & 0xFFFFFFFF) >= 0) -/* +/*!< brief * Compare SOA serial numbers. DNS_SERIAL_GT(a, b) returns true iff * a is "greater than" b where "greater than" is as defined in RFC1982. * DNS_SERIAL_GE(a, b) returns true iff a is "greater than or equal to" b. */ +/*@}*/ /**************************************************************************/ /* @@ -89,7 +92,7 @@ dns_db_createsoatuple(dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, isc_result_t dns_journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, dns_journal_t **journalp); -/* +/*%< * Open the journal file 'filename' and create a dns_journal_t object for it. * * If 'write' is ISC_TRUE, the journal is open for writing. If it does @@ -101,7 +104,7 @@ dns_journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, void dns_journal_destroy(dns_journal_t **journalp); -/* +/*%< * Destroy a dns_journal_t, closing any open files and freeing its memory. */ @@ -112,52 +115,52 @@ dns_journal_destroy(dns_journal_t **journalp); isc_result_t dns_journal_begin_transaction(dns_journal_t *j); -/* +/*%< * Prepare to write a new transaction to the open journal file 'j'. * * Requires: - * 'j' is open for writing. + * \li 'j' is open for writing. */ isc_result_t dns_journal_writediff(dns_journal_t *j, dns_diff_t *diff); -/* +/*%< * Write 'diff' to the current transaction of journal file 'j'. * * Requires: - * 'j' is open for writing and dns_journal_begin_transaction() + * \li 'j' is open for writing and dns_journal_begin_transaction() * has been called. * - * 'diff' is a full or partial, correctly ordered IXFR + *\li 'diff' is a full or partial, correctly ordered IXFR * difference sequence. */ isc_result_t dns_journal_commit(dns_journal_t *j); -/* +/*%< * Commit the current transaction of journal file 'j'. * * Requires: - * 'j' is open for writing and dns_journal_begin_transaction() + * \li 'j' is open for writing and dns_journal_begin_transaction() * has been called. * - * dns_journal_writediff() has been called one or more times + * \li dns_journal_writediff() has been called one or more times * to form a complete, correctly ordered IXFR difference * sequence. */ isc_result_t dns_journal_write_transaction(dns_journal_t *j, dns_diff_t *diff); -/* +/*% * Write a complete transaction at once to a journal file, * sorting it if necessary, and commit it. Equivalent to calling * dns_diff_sort(), dns_journal_begin_transaction(), * dns_journal_writediff(), and dns_journal_commit(). * * Requires: - * 'j' is open for writing. + *\li 'j' is open for writing. * - * 'diff' contains exactly one SOA deletion, one SOA addition + * \li 'diff' contains exactly one SOA deletion, one SOA addition * with a greater serial number, and possibly other changes, * in arbitrary order. */ @@ -171,46 +174,48 @@ isc_uint32_t dns_journal_first_serial(dns_journal_t *j); isc_uint32_t dns_journal_last_serial(dns_journal_t *j); -/* +/*%< * Get the first and last addressable serial number in the journal. */ isc_result_t dns_journal_iter_init(dns_journal_t *j, isc_uint32_t begin_serial, isc_uint32_t end_serial); -/* +/*%< * Prepare to iterate over the transactions that will bring the database * from SOA serial number 'begin_serial' to 'end_serial'. * * Returns: - * ISC_R_SUCCESS - * ISC_R_RANGE begin_serial is outside the addressable range. - * ISC_R_NOTFOUND begin_serial is within the range of adressable + *\li ISC_R_SUCCESS + *\li ISC_R_RANGE begin_serial is outside the addressable range. + *\li ISC_R_NOTFOUND begin_serial is within the range of addressable * serial numbers covered by the journal, but * this particular serial number does not exist. */ +/*@{*/ isc_result_t dns_journal_first_rr(dns_journal_t *j); isc_result_t dns_journal_next_rr(dns_journal_t *j); -/* +/*%< * Position the iterator at the first/next RR in a journal * transaction sequence established using dns_journal_iter_init(). * * Requires: - * dns_journal_iter_init() has been called. + * \li dns_journal_iter_init() has been called. * */ +/*@}*/ void dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl, dns_rdata_t **rdata); -/* +/*%< * Get the name, ttl, and rdata of the current journal RR. * * Requires: - * The last call to dns_journal_first_rr() or dns_journal_next_rr() + * \li The last call to dns_journal_first_rr() or dns_journal_next_rr() * returned ISC_R_SUCCESS. */ @@ -221,22 +226,22 @@ dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl, isc_result_t dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, const char *filename); -/* +/*%< * Roll forward (play back) the journal file "filename" into the * database "db". This should be called when the server starts * after a shutdown or crash. * * Requires: - * 'mctx' is a valid memory context. - * 'db' is a valid database which does not have a version + *\li 'mctx' is a valid memory context. + *\li 'db' is a valid database which does not have a version * open for writing. - * 'filename' is the name of the journal file belonging to 'db'. + * \li 'filename' is the name of the journal file belonging to 'db'. * * Returns: - * DNS_R_NOJOURNAL when journal does not exist. - * ISC_R_NOTFOUND when current serial in not in journal. - * ISC_R_RANGE when current serial in not in journals range. - * ISC_R_SUCCESS journal has been applied successfully to database. + *\li DNS_R_NOJOURNAL when journal does not exist. + *\li ISC_R_NOTFOUND when current serial in not in journal. + *\li ISC_R_RANGE when current serial in not in journals range. + *\li ISC_R_SUCCESS journal has been applied successfully to database. * others */ @@ -249,7 +254,7 @@ dns_db_diff(isc_mem_t *mctx, dns_db_t *dba, dns_dbversion_t *dbvera, dns_db_t *dbb, dns_dbversion_t *dbverb, const char *journal_filename); -/* +/*%< * Compare the databases 'dba' and 'dbb' and generate a journal * entry containing the changes to make 'dba' from 'dbb' (note * the order). This journal entry will consist of a single, @@ -259,8 +264,8 @@ dns_db_diff(isc_mem_t *mctx, isc_result_t dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, - isc_uint32_t target_size); -/* + isc_uint32_t target_size); +/*%< * Attempt to compact the journal if it is greater that 'target_size'. * Changes from 'serial' onwards will be preserved. If the journal * exists and is non-empty 'serial' must exist in the journal. diff --git a/contrib/bind-9.3/lib/dns/include/dns/keyflags.h b/contrib/bind-9.5.2/lib/dns/include/dns/keyflags.h similarity index 75% rename from contrib/bind-9.3/lib/dns/include/dns/keyflags.h rename to contrib/bind-9.5.2/lib/dns/include/dns/keyflags.h index 025b137ec2..74a1740bd1 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/keyflags.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/keyflags.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keyflags.h,v 1.9.206.1 2004/03/06 08:13:56 marka Exp $ */ +/* $Id: keyflags.h,v 1.16 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_KEYFLAGS_H #define DNS_KEYFLAGS_H 1 +/*! \file dns/keyflags.h */ + #include #include @@ -28,7 +30,7 @@ ISC_LANG_BEGINDECLS isc_result_t dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNSSEC KEY flags value. * The text may contain either a set of flag mnemonics separated by * vertical bars or a decimal flags value. For compatibility with @@ -37,14 +39,14 @@ dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source); * are also accepted. * * Requires: - * 'flagsp' is a valid pointer. + *\li 'flagsp' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_RANGE numeric flag value is out of range - * DNS_R_UNKNOWN mnemonic flag is unknown + *\li ISC_R_SUCCESS on success + *\li ISC_R_RANGE numeric flag value is out of range + *\li DNS_R_UNKNOWN mnemonic flag is unknown */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/keytable.h b/contrib/bind-9.5.2/lib/dns/include/dns/keytable.h similarity index 60% rename from contrib/bind-9.3/lib/dns/include/dns/keytable.h rename to contrib/bind-9.5.2/lib/dns/include/dns/keytable.h index f3a21a68b3..553aa990b6 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/keytable.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/keytable.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keytable.h,v 1.10.206.3 2006/01/06 00:01:42 marka Exp $ */ +/* $Id: keytable.h,v 1.16 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_KEYTABLE_H #define DNS_KEYTABLE_H 1 @@ -24,22 +24,21 @@ ***** Module Info *****/ -/* - * Key Tables - * +/*! \file + * \brief * The keytable module provides services for storing and retrieving DNSSEC * trusted keys, as well as the ability to find the deepest matching key * for a given domain name. * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. */ #include @@ -52,203 +51,202 @@ ISC_LANG_BEGINDECLS isc_result_t dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep); -/* +/*%< * Create a keytable. * * Requires: * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * - * keytablep != NULL && *keytablep == NULL + *\li keytablep != NULL && *keytablep == NULL * * Ensures: * - * On success, *keytablep is a valid, empty key table. + *\li On success, *keytablep is a valid, empty key table. * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Any other result indicates failure. + *\li Any other result indicates failure. */ void dns_keytable_attach(dns_keytable_t *source, dns_keytable_t **targetp); -/* +/*%< * Attach *targetp to source. * * Requires: * - * 'source' is a valid keytable. + *\li 'source' is a valid keytable. * - * 'targetp' points to a NULL dns_keytable_t *. + *\li 'targetp' points to a NULL dns_keytable_t *. * * Ensures: * - * *targetp is attached to source. + *\li *targetp is attached to source. */ void dns_keytable_detach(dns_keytable_t **keytablep); -/* +/*%< * Detach *keytablep from its keytable. * * Requires: * - * 'keytablep' points to a valid keytable. + *\li 'keytablep' points to a valid keytable. * * Ensures: * - * *keytablep is NULL. - * - * If '*keytablep' is the last reference to the keytable, + *\li *keytablep is NULL. * - * All resources used by the keytable will be freed + *\li If '*keytablep' is the last reference to the keytable, + * all resources used by the keytable will be freed */ isc_result_t dns_keytable_add(dns_keytable_t *keytable, dst_key_t **keyp); -/* +/*%< * Add '*keyp' to 'keytable'. * * Notes: * - * Ownership of *keyp is transferred to the keytable. + *\li Ownership of *keyp is transferred to the keytable. * * Requires: * - * keyp != NULL && *keyp is a valid dst_key_t *. + *\li keyp != NULL && *keyp is a valid dst_key_t *. * * Ensures: * - * On success, *keyp == NULL + *\li On success, *keyp == NULL * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Any other result indicates failure. + *\li Any other result indicates failure. */ isc_result_t dns_keytable_findkeynode(dns_keytable_t *keytable, dns_name_t *name, dns_secalg_t algorithm, dns_keytag_t tag, dns_keynode_t **keynodep); -/* +/*%< * Search for a key named 'name', matching 'algorithm' and 'tag' in * 'keytable'. This finds the first instance which matches. Use * dns_keytable_findnextkeynode() to find other instances. * * Requires: * - * 'keytable' is a valid keytable. + *\li 'keytable' is a valid keytable. * - * 'name' is a valid absolute name. + *\li 'name' is a valid absolute name. * - * keynodep != NULL && *keynodep == NULL + *\li keynodep != NULL && *keynodep == NULL * * Returns: * - * ISC_R_SUCCESS - * DNS_R_PARTIALMATCH the name existed in the keytable. - * ISC_R_NOTFOUND + *\li ISC_R_SUCCESS + *\li DNS_R_PARTIALMATCH the name existed in the keytable. + *\li ISC_R_NOTFOUND * - * Any other result indicates an error. + *\li Any other result indicates an error. */ isc_result_t dns_keytable_findnextkeynode(dns_keytable_t *keytable, dns_keynode_t *keynode, dns_keynode_t **nextnodep); -/* +/*%< * Search for the next key with the same properties as 'keynode' in * 'keytable' as found by dns_keytable_findkeynode(). * * Requires: * - * 'keytable' is a valid keytable. + *\li 'keytable' is a valid keytable. * - * 'keynode' is a valid keynode. + *\li 'keynode' is a valid keynode. * - * nextnodep != NULL && *nextnodep == NULL + *\li nextnodep != NULL && *nextnodep == NULL * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + *\li ISC_R_SUCCESS + *\li ISC_R_NOTFOUND * - * Any other result indicates an error. + *\li Any other result indicates an error. */ isc_result_t dns_keytable_finddeepestmatch(dns_keytable_t *keytable, dns_name_t *name, dns_name_t *foundname); -/* +/*%< * Search for the deepest match of 'name' in 'keytable'. * * Requires: * - * 'keytable' is a valid keytable. + *\li 'keytable' is a valid keytable. * - * 'name' is a valid absolute name. + *\li 'name' is a valid absolute name. * - * 'foundname' is a name with a dedicated buffer. + *\li 'foundname' is a name with a dedicated buffer. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + *\li ISC_R_SUCCESS + *\li ISC_R_NOTFOUND * - * Any other result indicates an error. + *\li Any other result indicates an error. */ void dns_keytable_detachkeynode(dns_keytable_t *keytable, dns_keynode_t **keynodep); -/* +/*%< * Give back a keynode found via dns_keytable_findkeynode(). * * Requires: * - * 'keytable' is a valid keytable. + *\li 'keytable' is a valid keytable. * - * *keynodep is a valid keynode returned by a call to + *\li *keynodep is a valid keynode returned by a call to * dns_keytable_findkeynode(). * * Ensures: * - * *keynodep == NULL + *\li *keynodep == NULL */ isc_result_t dns_keytable_issecuredomain(dns_keytable_t *keytable, dns_name_t *name, isc_boolean_t *wantdnssecp); -/* +/*%< * Is 'name' at or beneath a trusted key? * * Requires: * - * 'keytable' is a valid keytable. + *\li 'keytable' is a valid keytable. * - * 'name' is a valid absolute name. + *\li 'name' is a valid absolute name. * - * '*wantsdnssecp' is a valid isc_boolean_t. + *\li '*wantsdnssecp' is a valid isc_boolean_t. * * Ensures: * - * On success, *wantsdnssecp will be ISC_TRUE if and only if 'name' + *\li On success, *wantsdnssecp will be ISC_TRUE if and only if 'name' * is at or beneath a trusted key. * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Any other result is an error. + *\li Any other result is an error. */ dst_key_t * dns_keynode_key(dns_keynode_t *keynode); -/* +/*%< * Get the DST key associated with keynode. */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/keyvalues.h b/contrib/bind-9.5.2/lib/dns/include/dns/keyvalues.h similarity index 51% rename from contrib/bind-9.3/lib/dns/include/dns/keyvalues.h rename to contrib/bind-9.5.2/lib/dns/include/dns/keyvalues.h index ef9e82107e..dec466f177 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/keyvalues.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/keyvalues.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,36 +15,38 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keyvalues.h,v 1.11.12.3 2004/03/06 08:13:56 marka Exp $ */ +/* $Id: keyvalues.h,v 1.21 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_KEYVALUES_H #define DNS_KEYVALUES_H 1 +/*! \file dns/keyvalues.h */ + /* * Flags field of the KEY RR rdata */ -#define DNS_KEYFLAG_TYPEMASK 0xC000 /* Mask for "type" bits */ -#define DNS_KEYTYPE_AUTHCONF 0x0000 /* Key usable for both */ -#define DNS_KEYTYPE_CONFONLY 0x8000 /* Key usable for confidentiality */ -#define DNS_KEYTYPE_AUTHONLY 0x4000 /* Key usable for authentication */ -#define DNS_KEYTYPE_NOKEY 0xC000 /* No key usable for either; no key */ +#define DNS_KEYFLAG_TYPEMASK 0xC000 /*%< Mask for "type" bits */ +#define DNS_KEYTYPE_AUTHCONF 0x0000 /*%< Key usable for both */ +#define DNS_KEYTYPE_CONFONLY 0x8000 /*%< Key usable for confidentiality */ +#define DNS_KEYTYPE_AUTHONLY 0x4000 /*%< Key usable for authentication */ +#define DNS_KEYTYPE_NOKEY 0xC000 /*%< No key usable for either; no key */ #define DNS_KEYTYPE_NOAUTH DNS_KEYTYPE_CONFONLY #define DNS_KEYTYPE_NOCONF DNS_KEYTYPE_AUTHONLY -#define DNS_KEYFLAG_RESERVED2 0x2000 /* reserved - must be zero */ -#define DNS_KEYFLAG_EXTENDED 0x1000 /* key has extended flags */ -#define DNS_KEYFLAG_RESERVED4 0x0800 /* reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED5 0x0400 /* reserved - must be zero */ -#define DNS_KEYFLAG_OWNERMASK 0x0300 /* these bits determine the type */ -#define DNS_KEYOWNER_USER 0x0000 /* key is assoc. with user */ -#define DNS_KEYOWNER_ENTITY 0x0200 /* key is assoc. with entity eg host */ -#define DNS_KEYOWNER_ZONE 0x0100 /* key is zone key */ -#define DNS_KEYOWNER_RESERVED 0x0300 /* reserved meaning */ -#define DNS_KEYFLAG_RESERVED8 0x0080 /* reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED9 0x0040 /* reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED10 0x0020 /* reserved - must be zero */ -#define DNS_KEYFLAG_RESERVED11 0x0010 /* reserved - must be zero */ -#define DNS_KEYFLAG_SIGNATORYMASK 0x000F /* key can sign RR's of same name */ +#define DNS_KEYFLAG_RESERVED2 0x2000 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_EXTENDED 0x1000 /*%< key has extended flags */ +#define DNS_KEYFLAG_RESERVED4 0x0800 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_RESERVED5 0x0400 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_OWNERMASK 0x0300 /*%< these bits determine the type */ +#define DNS_KEYOWNER_USER 0x0000 /*%< key is assoc. with user */ +#define DNS_KEYOWNER_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ +#define DNS_KEYOWNER_ZONE 0x0100 /*%< key is zone key */ +#define DNS_KEYOWNER_RESERVED 0x0300 /*%< reserved meaning */ +#define DNS_KEYFLAG_RESERVED8 0x0080 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_RESERVED9 0x0040 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_RESERVED10 0x0020 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_RESERVED11 0x0010 /*%< reserved - must be zero */ +#define DNS_KEYFLAG_SIGNATORYMASK 0x000F /*%< key can sign RR's of same name */ #define DNS_KEYFLAG_RESERVEDMASK (DNS_KEYFLAG_RESERVED2 | \ DNS_KEYFLAG_RESERVED4 | \ @@ -53,21 +55,21 @@ DNS_KEYFLAG_RESERVED9 | \ DNS_KEYFLAG_RESERVED10 | \ DNS_KEYFLAG_RESERVED11 ) -#define DNS_KEYFLAG_KSK 0x0001 /* key signing key */ +#define DNS_KEYFLAG_KSK 0x0001 /*%< key signing key */ -#define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /* no bits defined here */ +#define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /*%< no bits defined here */ /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ -#define DNS_KEYALG_RSAMD5 1 /* RSA with MD5 */ +#define DNS_KEYALG_RSAMD5 1 /*%< RSA with MD5 */ #define DNS_KEYALG_RSA DNS_KEYALG_RSAMD5 -#define DNS_KEYALG_DH 2 /* Diffie Hellman KEY */ -#define DNS_KEYALG_DSA 3 /* DSA KEY */ +#define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ +#define DNS_KEYALG_DSA 3 /*%< DSA KEY */ #define DNS_KEYALG_DSS NS_ALG_DSA #define DNS_KEYALG_ECC 4 #define DNS_KEYALG_RSASHA1 5 #define DNS_KEYALG_INDIRECT 252 #define DNS_KEYALG_PRIVATEDNS 253 -#define DNS_KEYALG_PRIVATEOID 254 /* Key begins with OID giving alg */ +#define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ /* Protocol values */ #define DNS_KEYPROTO_RESERVED 0 @@ -78,11 +80,11 @@ #define DNS_KEYPROTO_ANY 255 /* Signatures */ -#define DNS_SIG_RSAMINBITS 512 /* Size of a mod or exp in bits */ +#define DNS_SIG_RSAMINBITS 512 /*%< Size of a mod or exp in bits */ #define DNS_SIG_RSAMAXBITS 2552 /* Total of binary mod and exp */ #define DNS_SIG_RSAMAXBYTES ((DNS_SIG_RSAMAXBITS+7/8)*2+3) - /* Max length of text sig block */ + /*%< Max length of text sig block */ #define DNS_SIG_RSAMAXBASE64 (((DNS_SIG_RSAMAXBYTES+2)/3)*4) #define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS+7)/8) #define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS+7)/8) diff --git a/contrib/bind-9.3/lib/dns/include/dns/lib.h b/contrib/bind-9.5.2/lib/dns/include/dns/lib.h similarity index 75% rename from contrib/bind-9.3/lib/dns/include/dns/lib.h rename to contrib/bind-9.5.2/lib/dns/include/dns/lib.h index e53dd2b7e0..fd3325b940 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/lib.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/lib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,21 +15,27 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.h,v 1.6.12.3 2004/03/08 09:04:36 marka Exp $ */ +/* $Id: lib.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_LIB_H #define DNS_LIB_H 1 +/*! \file dns/lib.h */ + #include #include ISC_LANG_BEGINDECLS +/*% + * Tuning: external query load in packets per seconds. + */ +LIBDNS_EXTERNAL_DATA extern unsigned int dns_pps; LIBDNS_EXTERNAL_DATA extern isc_msgcat_t *dns_msgcat; void dns_lib_initmsgcat(void); -/* +/*%< * Initialize the DNS library's message catalog, dns_msgcat, if it * has not already been initialized. */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/log.h b/contrib/bind-9.5.2/lib/dns/include/dns/log.h similarity index 84% rename from contrib/bind-9.3/lib/dns/include/dns/log.h rename to contrib/bind-9.5.2/lib/dns/include/dns/log.h index 9901fc9b21..308818f98f 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/log.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/log.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.30.2.1.10.2 2004/03/06 08:13:57 marka Exp $ */ +/* $Id: log.h,v 1.42.128.2 2009/01/19 23:47:03 tbox Exp $ */ -/* Principal Authors: DCL */ +/*! \file dns/log.h + * \author Principal Authors: DCL */ #ifndef DNS_LOG_H #define DNS_LOG_H 1 @@ -40,6 +41,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[]; #define DNS_LOGCATEGORY_DISPATCH (&dns_categories[8]) #define DNS_LOGCATEGORY_LAME_SERVERS (&dns_categories[9]) #define DNS_LOGCATEGORY_DELEGATION_ONLY (&dns_categories[10]) +#define DNS_LOGCATEGORY_EDNS_DISABLED (&dns_categories[11]) /* Backwards compatibility. */ #define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL @@ -69,33 +71,35 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[]; #define DNS_LOGMODULE_SDB (&dns_modules[22]) #define DNS_LOGMODULE_DIFF (&dns_modules[23]) #define DNS_LOGMODULE_HINTS (&dns_modules[24]) +#define DNS_LOGMODULE_ACACHE (&dns_modules[25]) +#define DNS_LOGMODULE_DLZ (&dns_modules[26]) ISC_LANG_BEGINDECLS void dns_log_init(isc_log_t *lctx); -/* +/*% * Make the libdns categories and modules available for use with the * ISC logging library. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * - * dns_log_init() is called only once. + *\li dns_log_init() is called only once. * * Ensures: - * The catgories and modules defined above are available for + * \li The categories and modules defined above are available for * use by isc_log_usechannnel() and isc_log_write(). */ void dns_log_setcontext(isc_log_t *lctx); -/* +/*% * Make the libdns library use the provided context for logging internal * messages. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/lookup.h b/contrib/bind-9.5.2/lib/dns/include/dns/lookup.h similarity index 68% rename from contrib/bind-9.3/lib/dns/include/dns/lookup.h rename to contrib/bind-9.5.2/lib/dns/include/dns/lookup.h index 2be254c71b..0dab7bc753 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/lookup.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/lookup.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lookup.h,v 1.5.206.1 2004/03/06 08:13:57 marka Exp $ */ +/* $Id: lookup.h,v 1.12.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_LOOKUP_H #define DNS_LOOKUP_H 1 @@ -24,29 +24,28 @@ ***** Module Info *****/ -/* - * DNS Lookup - * +/*! \file dns/lookup.h + * \brief * The lookup module performs simple DNS lookups. It implements - * the full resolver algorithm, both looking for local data and - * resoving external names as necessary. + * the full resolver algorithm, both looking for local data and + * resolving external names as necessary. * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * RFCs: 1034, 1035, 2181, - * Drafts: + *\li RFCs: 1034, 1035, 2181, TBS + *\li Drafts: TBS */ #include @@ -56,7 +55,7 @@ ISC_LANG_BEGINDECLS -/* +/*% * A 'dns_lookupevent_t' is returned when a lookup completes. * The sender field will be set to the lookup that completed. If 'result' * is ISC_R_SUCCESS, then 'names' will contain a list of names associated @@ -77,60 +76,60 @@ isc_result_t dns_lookup_create(isc_mem_t *mctx, dns_name_t *name, dns_rdatatype_t type, dns_view_t *view, unsigned int options, isc_task_t *task, isc_taskaction_t action, void *arg, dns_lookup_t **lookupp); -/* +/*%< * Finds the rrsets matching 'name' and 'type'. * * Requires: * - * 'mctx' is a valid mctx. + *\li 'mctx' is a valid mctx. * - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'view' is a valid view which has a resolver. + *\li 'view' is a valid view which has a resolver. * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * lookupp != NULL && *lookupp == NULL + *\li lookupp != NULL && *lookupp == NULL * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li ISC_R_SUCCESS + *\li ISC_R_NOMEMORY * - * Any resolver-related error (e.g. ISC_R_SHUTTINGDOWN) may also be + *\li Any resolver-related error (e.g. ISC_R_SHUTTINGDOWN) may also be * returned. */ void dns_lookup_cancel(dns_lookup_t *lookup); -/* +/*%< * Cancel 'lookup'. * * Notes: * - * If 'lookup' has not completed, post its LOOKUPDONE event with a + *\li If 'lookup' has not completed, post its LOOKUPDONE event with a * result code of ISC_R_CANCELED. * * Requires: * - * 'lookup' is a valid lookup. + *\li 'lookup' is a valid lookup. */ void dns_lookup_destroy(dns_lookup_t **lookupp); -/* +/*%< * Destroy 'lookup'. * * Requires: * - * '*lookupp' is a valid lookup. + *\li '*lookupp' is a valid lookup. * - * The caller has received the LOOKUPDONE event (either because the + *\li The caller has received the LOOKUPDONE event (either because the * lookup completed or because dns_lookup_cancel() was called). * * Ensures: * - * *lookupp == NULL. + *\li *lookupp == NULL. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/master.h b/contrib/bind-9.5.2/lib/dns/include/dns/master.h similarity index 52% rename from contrib/bind-9.3/lib/dns/include/dns/master.h rename to contrib/bind-9.5.2/lib/dns/include/dns/master.h index 0b861c6710..481e3fe1d2 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/master.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/master.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: master.h,v 1.31.2.3.2.7 2004/03/08 09:04:36 marka Exp $ */ +/* $Id: master.h,v 1.48 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_MASTER_H #define DNS_MASTER_H 1 +/*! \file dns/master.h */ + /*** *** Imports ***/ @@ -33,21 +35,60 @@ /* * Flags to be passed in the 'options' argument in the functions below. */ -#define DNS_MASTER_AGETTL 0x00000001 /* Age the ttl based on $DATE. */ -#define DNS_MASTER_MANYERRORS 0x00000002 /* Continue processing on errors. */ -#define DNS_MASTER_NOINCLUDE 0x00000004 /* Disallow $INCLUDE directives. */ -#define DNS_MASTER_ZONE 0x00000008 /* Loading a zone master file. */ -#define DNS_MASTER_HINT 0x00000010 /* Loading a hint master file. */ -#define DNS_MASTER_SLAVE 0x00000020 /* Loading a slave master file. */ -#define DNS_MASTER_CHECKNS 0x00000040 /* Check NS records to see if - * they are an address */ -#define DNS_MASTER_FATALNS 0x00000080 /* Treat DNS_MASTER_CHECKNS - * matches as fatal */ +#define DNS_MASTER_AGETTL 0x00000001 /*%< Age the ttl based on $DATE. */ +#define DNS_MASTER_MANYERRORS 0x00000002 /*%< Continue processing on errors. */ +#define DNS_MASTER_NOINCLUDE 0x00000004 /*%< Disallow $INCLUDE directives. */ +#define DNS_MASTER_ZONE 0x00000008 /*%< Loading a zone master file. */ +#define DNS_MASTER_HINT 0x00000010 /*%< Loading a hint master file. */ +#define DNS_MASTER_SLAVE 0x00000020 /*%< Loading a slave master file. */ +#define DNS_MASTER_CHECKNS 0x00000040 /*%< + * Check NS records to see + * if they are an address + */ +#define DNS_MASTER_FATALNS 0x00000080 /*%< + * Treat DNS_MASTER_CHECKNS + * matches as fatal + */ #define DNS_MASTER_CHECKNAMES 0x00000100 #define DNS_MASTER_CHECKNAMESFAIL 0x00000200 +#define DNS_MASTER_CHECKWILDCARD 0x00000400 /* Check for internal wildcards. */ +#define DNS_MASTER_CHECKMX 0x00000800 +#define DNS_MASTER_CHECKMXFAIL 0x00001000 ISC_LANG_BEGINDECLS +/* + * Structures that implement the "raw" format for master dump. + * These are provided for a reference purpose only; in the actual + * encoding, we directly read/write each field so that the encoded data + * is always "packed", regardless of the hardware architecture. + */ +#define DNS_RAWFORMAT_VERSION 0 + +/* Common header */ +typedef struct { + isc_uint32_t format; /* must be + * dns_masterformat_raw */ + isc_uint32_t version; /* compatibility for future + * extensions */ + isc_uint32_t dumptime; /* timestamp on creation + * (currently unused) + */ +} dns_masterrawheader_t; + +/* The structure for each RRset */ +typedef struct { + isc_uint32_t totallen; /* length of the data for this + * RRset, including the + * "header" part */ + dns_rdataclass_t rdclass; /* 16-bit class */ + dns_rdatatype_t type; /* 16-bit type */ + dns_rdatatype_t covers; /* same as type */ + dns_ttl_t ttl; /* 32-bit TTL */ + isc_uint32_t nrdata; /* number of RRs in this set */ + /* followed by encoded owner name, and then rdata */ +} dns_masterrawrdataset_t; + /*** *** Function ***/ @@ -61,6 +102,16 @@ dns_master_loadfile(const char *master_file, dns_rdatacallbacks_t *callbacks, isc_mem_t *mctx); +isc_result_t +dns_master_loadfile2(const char *master_file, + dns_name_t *top, + dns_name_t *origin, + dns_rdataclass_t zclass, + unsigned int options, + dns_rdatacallbacks_t *callbacks, + isc_mem_t *mctx, + dns_masterformat_t format); + isc_result_t dns_master_loadstream(FILE *stream, dns_name_t *top, @@ -99,6 +150,18 @@ dns_master_loadfileinc(const char *master_file, dns_loaddonefunc_t done, void *done_arg, dns_loadctx_t **ctxp, isc_mem_t *mctx); +isc_result_t +dns_master_loadfileinc2(const char *master_file, + dns_name_t *top, + dns_name_t *origin, + dns_rdataclass_t zclass, + unsigned int options, + dns_rdatacallbacks_t *callbacks, + isc_task_t *task, + dns_loaddonefunc_t done, void *done_arg, + dns_loadctx_t **ctxp, isc_mem_t *mctx, + dns_masterformat_t format); + isc_result_t dns_master_loadstreaminc(FILE *stream, dns_name_t *top, @@ -132,8 +195,8 @@ dns_master_loadlexerinc(isc_lex_t *lex, dns_loaddonefunc_t done, void *done_arg, dns_loadctx_t **ctxp, isc_mem_t *mctx); -/* - * Loads a RFC 1305 master file from a file, stream, buffer, or existing +/*%< + * Loads a RFC1305 master file from a file, stream, buffer, or existing * lexer into rdatasets and then calls 'callbacks->commit' to commit the * rdatasets. Rdata memory belongs to dns_master_load and will be * reused / released when the callback completes. dns_load_master will @@ -150,63 +213,63 @@ dns_master_loadlexerinc(isc_lex_t *lex, * not called. * * Requires: - * 'master_file' points to a valid string. - * 'lexer' points to a valid lexer. - * 'top' points to a valid name. - * 'origin' points to a valid name. - * 'callbacks->commit' points to a valid function. - * 'callbacks->error' points to a valid function. - * 'callbacks->warn' points to a valid function. - * 'mctx' points to a valid memory context. - * 'task' and 'done' to be valid. - * 'lmgr' to be valid. - * 'ctxp != NULL && ctxp == NULL'. + *\li 'master_file' points to a valid string. + *\li 'lexer' points to a valid lexer. + *\li 'top' points to a valid name. + *\li 'origin' points to a valid name. + *\li 'callbacks->commit' points to a valid function. + *\li 'callbacks->error' points to a valid function. + *\li 'callbacks->warn' points to a valid function. + *\li 'mctx' points to a valid memory context. + *\li 'task' and 'done' to be valid. + *\li 'lmgr' to be valid. + *\li 'ctxp != NULL && ctxp == NULL'. * * Returns: - * ISC_R_SUCCESS upon successfully loading the master file. - * ISC_R_SEENINCLUDE upon successfully loading the master file with + *\li ISC_R_SUCCESS upon successfully loading the master file. + *\li ISC_R_SEENINCLUDE upon successfully loading the master file with * a $INCLUDE statement. - * ISC_R_NOMEMORY out of memory. - * ISC_R_UNEXPECTEDEND expected to be able to read a input token and + *\li ISC_R_NOMEMORY out of memory. + *\li ISC_R_UNEXPECTEDEND expected to be able to read a input token and * there was not one. - * ISC_R_UNEXPECTED - * DNS_R_NOOWNER failed to specify a ownername. - * DNS_R_NOTTL failed to specify a ttl. - * DNS_R_BADCLASS record class did not match zone class. - * DNS_R_CONTINUE load still in progress (dns_master_load*inc() only). - * Any dns_rdata_fromtext() error code. - * Any error code from callbacks->commit(). + *\li ISC_R_UNEXPECTED + *\li DNS_R_NOOWNER failed to specify a ownername. + *\li DNS_R_NOTTL failed to specify a ttl. + *\li DNS_R_BADCLASS record class did not match zone class. + *\li DNS_R_CONTINUE load still in progress (dns_master_load*inc() only). + *\li Any dns_rdata_fromtext() error code. + *\li Any error code from callbacks->commit(). */ void dns_loadctx_detach(dns_loadctx_t **ctxp); -/* +/*%< * Detach from the load context. * * Requires: - * '*ctxp' to be valid. + *\li '*ctxp' to be valid. * * Ensures: - * '*ctxp == NULL' + *\li '*ctxp == NULL' */ void dns_loadctx_attach(dns_loadctx_t *source, dns_loadctx_t **target); -/* +/*%< * Attach to the load context. * * Requires: - * 'source' to be valid. - * 'target != NULL && *target == NULL'. + *\li 'source' to be valid. + *\li 'target != NULL && *target == NULL'. */ void dns_loadctx_cancel(dns_loadctx_t *ctx); -/* +/*%< * Cancel loading the zone file associated with this load context. * * Requires: - * 'ctx' to be valid + *\li 'ctx' to be valid */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/masterdump.h b/contrib/bind-9.5.2/lib/dns/include/dns/masterdump.h similarity index 70% rename from contrib/bind-9.3/lib/dns/include/dns/masterdump.h rename to contrib/bind-9.5.2/lib/dns/include/dns/masterdump.h index 888c588f3b..4ffa2197e7 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/masterdump.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/masterdump.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.22.12.10 2005/09/06 02:12:41 marka Exp $ */ +/* $Id: masterdump.h,v 1.39 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 +/*! \file dns/masterdump.h */ + /*** *** Imports ***/ @@ -46,10 +48,10 @@ typedef struct dns_master_style dns_master_style_t; * rdata.h. */ -/* Omit the owner name when possible. */ +/*% Omit the owner name when possible. */ #define DNS_STYLEFLAG_OMIT_OWNER 0x00010000U -/* +/*% * Omit the TTL when possible. If DNS_STYLEFLAG_TTL is * also set, this means no TTLs are ever printed * because $TTL directives are generated before every @@ -67,32 +69,32 @@ typedef struct dns_master_style dns_master_style_t; */ #define DNS_STYLEFLAG_OMIT_TTL 0x00020000U -/* Omit the class when possible. */ +/*% Omit the class when possible. */ #define DNS_STYLEFLAG_OMIT_CLASS 0x00040000U -/* Output $TTL directives. */ +/*% Output $TTL directives. */ #define DNS_STYLEFLAG_TTL 0x00080000U -/* +/*% * Output $ORIGIN directives and print owner names relative to * the origin when possible. */ #define DNS_STYLEFLAG_REL_OWNER 0x00100000U -/* Print domain names in RR data in relative form when possible. +/*% Print domain names in RR data in relative form when possible. For this to take effect, DNS_STYLEFLAG_REL_OWNER must also be set. */ #define DNS_STYLEFLAG_REL_DATA 0x00200000U -/* Print the trust level of each rdataset. */ +/*% Print the trust level of each rdataset. */ #define DNS_STYLEFLAG_TRUST 0x00400000U -/* Print negative caching entries. */ +/*% Print negative caching entries. */ #define DNS_STYLEFLAG_NCACHE 0x00800000U -/* Never print the TTL */ +/*% Never print the TTL */ #define DNS_STYLEFLAG_NO_TTL 0x01000000U -/* Never print the CLASS */ +/*% Never print the CLASS */ #define DNS_STYLEFLAG_NO_CLASS 0x02000000U ISC_LANG_BEGINDECLS @@ -101,7 +103,7 @@ ISC_LANG_BEGINDECLS *** Constants ***/ -/* +/*% * The default master file style. * * This uses $TTL directives to avoid the need to dedicate a @@ -110,13 +112,13 @@ ISC_LANG_BEGINDECLS */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_default; -/* +/*% * A master file style that dumps zones to a very generic format easily * imported/checked with external tools. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_full; -/* +/*% * A master file style that prints explicit TTL values on each * record line, never using $TTL statements. The TTL has a tab * stop of its own, but the class and type share one. @@ -124,13 +126,13 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_full; LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_explicitttl; -/* +/*% * A master style format designed for cache files. It prints explicit TTL * values on each record line and never uses $ORIGIN or relative names. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_cache; -/* +/*% * A master style that prints name, ttl, class, type, and value on * every line. Similar to explicitttl above, but more verbose. * Intended for generating master files which can be easily parsed @@ -138,7 +140,7 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_cache; */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_simple; -/* +/*% * The style used for debugging, "dig" output, etc. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_debug; @@ -149,54 +151,55 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_debug; void dns_dumpctx_attach(dns_dumpctx_t *source, dns_dumpctx_t **target); -/* +/*%< * Attach to a dump context. * * Require: - * 'source' to be valid. - * 'target' to be non NULL and '*target' to be NULL. + *\li 'source' to be valid. + *\li 'target' to be non NULL and '*target' to be NULL. */ void dns_dumpctx_detach(dns_dumpctx_t **dctxp); -/* +/*%< * Detach from a dump context. * * Require: - * 'dctxp' to point to a valid dump context. + *\li 'dctxp' to point to a valid dump context. * * Ensures: - * '*dctxp' is NULL. + *\li '*dctxp' is NULL. */ void dns_dumpctx_cancel(dns_dumpctx_t *dctx); -/* +/*%< * Cancel a in progress dump. * * Require: - * 'dctx' to be valid. + *\li 'dctx' to be valid. */ dns_dbversion_t * dns_dumpctx_version(dns_dumpctx_t *dctx); -/* +/*%< * Return the version handle (if any) of the database being dumped. * * Require: - * 'dctx' to be valid. + *\li 'dctx' to be valid. */ dns_db_t * dns_dumpctx_db(dns_dumpctx_t *dctx); -/* +/*%< * Return the database being dumped. * * Require: - * 'dctx' to be valid. + *\li 'dctx' to be valid. */ +/*@{*/ isc_result_t dns_master_dumptostreaminc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, @@ -208,66 +211,94 @@ isc_result_t dns_master_dumptostream(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, const dns_master_style_t *style, FILE *f); -/* - * Dump the database 'db' to the steam 'f' in RFC1035 master - * file format, in the style defined by 'style' - * (e.g., &dns_default_master_style_default) + +isc_result_t +dns_master_dumptostream2(isc_mem_t *mctx, dns_db_t *db, + dns_dbversion_t *version, + const dns_master_style_t *style, + dns_masterformat_t format, FILE *f); +/*%< + * Dump the database 'db' to the steam 'f' in the specified format by + * 'format'. If the format is dns_masterformat_text (the RFC1035 format), + * 'style' specifies the file style (e.g., &dns_master_style_default). + * + * dns_master_dumptostream() is an old form of dns_master_dumptostream2(), + * which always specifies the dns_masterformat_text format. * * Temporary dynamic memory may be allocated from 'mctx'. * * Require: - * 'task' to be valid. - * 'done' to be non NULL. - * 'dctxp' to be non NULL && '*dctxp' to be NULL. + *\li 'task' to be valid. + *\li 'done' to be non NULL. + *\li 'dctxp' to be non NULL && '*dctxp' to be NULL. * * Returns: - * ISC_R_SUCCESS - * DNS_R_CONTINUE dns_master_dumptostreaminc() only. - * ISC_R_NOMEMORY - * Any database or rrset iterator error. - * Any dns_rdata_totext() error code. + *\li ISC_R_SUCCESS + *\li ISC_R_CONTINUE dns_master_dumptostreaminc() only. + *\li ISC_R_NOMEMORY + *\li Any database or rrset iterator error. + *\li Any dns_rdata_totext() error code. */ +/*@}*/ +/*@{*/ isc_result_t dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, const dns_master_style_t *style, const char *filename, isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg, dns_dumpctx_t **dctxp); +isc_result_t +dns_master_dumpinc2(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, + const dns_master_style_t *style, const char *filename, + isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg, dns_dumpctx_t **dctxp, dns_masterformat_t format); + isc_result_t dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, const dns_master_style_t *style, const char *filename); -/* - * Dump the database 'db' to the file 'filename' in RFC1035 master - * file format, in the style defined by 'style' - * (e.g., &dns_default_master_style_default) + +isc_result_t +dns_master_dump2(isc_mem_t *mctx, dns_db_t *db, + dns_dbversion_t *version, + const dns_master_style_t *style, const char *filename, + dns_masterformat_t format); + +/*%< + * Dump the database 'db' to the file 'filename' in the specified format by + * 'format'. If the format is dns_masterformat_text (the RFC1035 format), + * 'style' specifies the file style (e.g., &dns_master_style_default). + * + * dns_master_dumpinc() and dns_master_dump() are old forms of _dumpinc2() + * and _dump2(), respectively, which always specify the dns_masterformat_text + * format. * * Temporary dynamic memory may be allocated from 'mctx'. * * Returns: - * ISC_R_SUCCESS - * DNS_R_CONTINUE dns_master_dumpinc() only. - * ISC_R_NOMEMORY - * Any database or rrset iterator error. - * Any dns_rdata_totext() error code. + *\li ISC_R_SUCCESS + *\li ISC_R_CONTINUE dns_master_dumpinc() only. + *\li ISC_R_NOMEMORY + *\li Any database or rrset iterator error. + *\li Any dns_rdata_totext() error code. */ +/*@}*/ isc_result_t dns_master_rdatasettotext(dns_name_t *owner_name, dns_rdataset_t *rdataset, const dns_master_style_t *style, isc_buffer_t *target); -/* +/*%< * Convert 'rdataset' to text format, storing the result in 'target'. * * Notes: - * The rdata cursor position will be changed. + *\li The rdata cursor position will be changed. * * Requires: - * 'rdataset' is a valid non-question rdataset. + *\li 'rdataset' is a valid non-question rdataset. * - * 'rdataset' is not empty. + *\li 'rdataset' is not empty. */ isc_result_t diff --git a/contrib/bind-9.3/lib/dns/include/dns/message.h b/contrib/bind-9.5.2/lib/dns/include/dns/message.h similarity index 67% rename from contrib/bind-9.3/lib/dns/include/dns/message.h rename to contrib/bind-9.5.2/lib/dns/include/dns/message.h index 960c11aa12..ee483a7275 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/message.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/message.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.h,v 1.100.2.3.8.10 2006/02/28 06:32:54 marka Exp $ */ +/* $Id: message.h,v 1.123.128.4 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_MESSAGE_H #define DNS_MESSAGE_H 1 @@ -33,7 +33,9 @@ #include -/* +/*! \file dns/message.h + * \brief Message Handling Module + * * How this beast works: * * When a dns message is received in a buffer, dns_message_fromwire() is called @@ -54,9 +56,9 @@ * one of two ways. Assume a name was allocated via * dns_message_gettempname(): * - * (1) insert it into a section, using dns_message_addname(). + *\li (1) insert it into a section, using dns_message_addname(). * - * (2) return it to the message using dns_message_puttempname(). + *\li (2) return it to the message using dns_message_puttempname(). * * The same applies to rdatasets. * @@ -74,6 +76,7 @@ * Since the buffer itself exists until the message is destroyed, this sort * of code can be written: * + * \code * buffer = isc_buffer_allocate(mctx, 512); * name = NULL; * name = dns_message_gettempname(message, &name); @@ -81,6 +84,7 @@ * result = dns_name_fromtext(name, &source, dns_rootname, ISC_FALSE, * buffer); * dns_message_takebuffer(message, &buffer); + * \endcode * * * TODO: @@ -97,12 +101,16 @@ #define DNS_MESSAGEFLAG_AD 0x0020U #define DNS_MESSAGEFLAG_CD 0x0010U +/*%< EDNS0 extended message flags */ #define DNS_MESSAGEEXTFLAG_DO 0x8000U +/*%< EDNS0 extended OPT codes */ +#define DNS_OPT_NSID 0x0003 /*%< NSID opt code */ + #define DNS_MESSAGE_REPLYPRESERVE (DNS_MESSAGEFLAG_RD|DNS_MESSAGEFLAG_CD) #define DNS_MESSAGEEXTFLAG_REPLYPRESERVE (DNS_MESSAGEEXTFLAG_DO) -#define DNS_MESSAGE_HEADERLEN 12 /* 6 isc_uint16_t's */ +#define DNS_MESSAGE_HEADERLEN 12 /*%< 6 isc_uint16_t's */ #define DNS_MESSAGE_MAGIC ISC_MAGIC('M','S','G','@') #define DNS_MESSAGE_VALID(msg) ISC_MAGIC_VALID(msg, DNS_MESSAGE_MAGIC) @@ -140,32 +148,32 @@ typedef int dns_messagetextflag_t; /* * These tell the message library how the created dns_message_t will be used. */ -#define DNS_MESSAGE_INTENTUNKNOWN 0 /* internal use only */ -#define DNS_MESSAGE_INTENTPARSE 1 /* parsing messages */ -#define DNS_MESSAGE_INTENTRENDER 2 /* rendering */ +#define DNS_MESSAGE_INTENTUNKNOWN 0 /*%< internal use only */ +#define DNS_MESSAGE_INTENTPARSE 1 /*%< parsing messages */ +#define DNS_MESSAGE_INTENTRENDER 2 /*%< rendering */ /* * Control behavior of parsing */ -#define DNS_MESSAGEPARSE_PRESERVEORDER 0x0001 /* preserve rdata order */ -#define DNS_MESSAGEPARSE_BESTEFFORT 0x0002 /* return a message if a +#define DNS_MESSAGEPARSE_PRESERVEORDER 0x0001 /*%< preserve rdata order */ +#define DNS_MESSAGEPARSE_BESTEFFORT 0x0002 /*%< return a message if a recoverable parse error occurs */ -#define DNS_MESSAGEPARSE_CLONEBUFFER 0x0004 /* save a copy of the +#define DNS_MESSAGEPARSE_CLONEBUFFER 0x0004 /*%< save a copy of the source buffer */ -#define DNS_MESSAGEPARSE_IGNORETRUNCATION 0x0008 /* trucation errors are +#define DNS_MESSAGEPARSE_IGNORETRUNCATION 0x0008 /*%< truncation errors are * not fatal. */ /* * Control behavior of rendering */ -#define DNS_MESSAGERENDER_ORDERED 0x0001 /* don't change order */ -#define DNS_MESSAGERENDER_PARTIAL 0x0002 /* allow a partial rdataset */ -#define DNS_MESSAGERENDER_OMITDNSSEC 0x0004 /* omit DNSSEC records */ -#define DNS_MESSAGERENDER_PREFER_A 0x0008 /* prefer A records in - * additional section. */ -#define DNS_MESSAGERENDER_PREFER_AAAA 0x0010 /* prefer AAAA records in - * additional section. */ +#define DNS_MESSAGERENDER_ORDERED 0x0001 /*%< don't change order */ +#define DNS_MESSAGERENDER_PARTIAL 0x0002 /*%< allow a partial rdataset */ +#define DNS_MESSAGERENDER_OMITDNSSEC 0x0004 /*%< omit DNSSEC records */ +#define DNS_MESSAGERENDER_PREFER_A 0x0008 /*%< prefer A records in + additional section. */ +#define DNS_MESSAGERENDER_PREFER_AAAA 0x0010 /*%< prefer AAAA records in + additional section. */ typedef struct dns_msgblock dns_msgblock_t; @@ -248,32 +256,32 @@ ISC_LANG_BEGINDECLS isc_result_t dns_message_create(isc_mem_t *mctx, unsigned int intent, dns_message_t **msgp); -/* +/*%< * Create msg structure. * * This function will allocate some internal blocks of memory that are * expected to be needed for parsing or rendering nearly any type of message. * * Requires: - * 'mctx' be a valid memory context. + *\li 'mctx' be a valid memory context. * - * 'msgp' be non-null and '*msg' be NULL. + *\li 'msgp' be non-null and '*msg' be NULL. * - * 'intent' must be one of DNS_MESSAGE_INTENTPARSE or - * DNS_MESSAGE_INTENTRENDER. + *\li 'intent' must be one of DNS_MESSAGE_INTENTPARSE or + * #DNS_MESSAGE_INTENTRENDER. * * Ensures: - * The data in "*msg" is set to indicate an unused and empty msg + *\li The data in "*msg" is set to indicate an unused and empty msg * structure. * * Returns: - * ISC_R_NOMEMORY -- out of memory - * ISC_R_SUCCESS -- success + *\li #ISC_R_NOMEMORY -- out of memory + *\li #ISC_R_SUCCESS -- success */ void dns_message_reset(dns_message_t *msg, unsigned int intent); -/* +/*%< * Reset a message structure to default state. All internal lists are freed * or reset to a default state as well. This is simply a more efficient * way to call dns_message_destroy() followed by dns_message_allocate(), @@ -286,22 +294,22 @@ dns_message_reset(dns_message_t *msg, unsigned int intent); * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * 'intent' is DNS_MESSAGE_INTENTPARSE or DNS_MESSAGE_INTENTRENDER + *\li 'intent' is DNS_MESSAGE_INTENTPARSE or DNS_MESSAGE_INTENTRENDER */ void dns_message_destroy(dns_message_t **msgp); -/* +/*%< * Destroy all state in the message. * * Requires: * - * 'msgp' be valid. + *\li 'msgp' be valid. * * Ensures: - * '*msgp' == NULL + *\li '*msgp' == NULL */ isc_result_t @@ -316,85 +324,83 @@ dns_message_pseudosectiontotext(dns_message_t *msg, const dns_master_style_t *style, dns_messagetextflag_t flags, isc_buffer_t *target); -/* +/*%< * Convert section 'section' or 'pseudosection' of message 'msg' to * a cleartext representation * * Notes: - * See dns_message_totext for meanings of flags. + * \li See dns_message_totext for meanings of flags. * * Requires: * - * 'msg' is a valid message. + *\li 'msg' is a valid message. * - * 'style' is a valid master dump style. + *\li 'style' is a valid master dump style. * - * 'target' is a valid buffer. + *\li 'target' is a valid buffer. * - * 'section' is a valid section label. + *\li 'section' is a valid section label. * * Ensures: * - * If the result is success: - * + *\li If the result is success: * The used space in 'target' is updated. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOSPACE - * ISC_R_NOMORE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE + *\li #ISC_R_NOMORE * - * Note: On error return, *target may be partially filled with data. + *\li Note: On error return, *target may be partially filled with data. */ isc_result_t dns_message_totext(dns_message_t *msg, const dns_master_style_t *style, dns_messagetextflag_t flags, isc_buffer_t *target); -/* +/*%< * Convert all sections of message 'msg' to a cleartext representation * * Notes: - * In flags, If DNS_MESSAGETEXTFLAG_OMITDOT is set, then the + * \li In flags, If #DNS_MESSAGETEXTFLAG_OMITDOT is set, then the * final '.' in absolute names will not be emitted. If - * DNS_MESSAGETEXTFLAG_NOCOMMENTS is cleared, lines beginning + * #DNS_MESSAGETEXTFLAG_NOCOMMENTS is cleared, lines beginning * with ";;" will be emitted indicating section name. If - * DNS_MESSAGETEXTFLAG_NOHEADERS is cleared, header lines will + * #DNS_MESSAGETEXTFLAG_NOHEADERS is cleared, header lines will * be emitted. * * Requires: * - * 'msg' is a valid message. + *\li 'msg' is a valid message. * - * 'style' is a valid master dump style. + *\li 'style' is a valid master dump style. * - * 'target' is a valid buffer. + *\li 'target' is a valid buffer. * * Ensures: * - * If the result is success: - * + *\li If the result is success: * The used space in 'target' is updated. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOSPACE - * ISC_R_NOMORE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE + *\li #ISC_R_NOMORE * - * Note: On error return, *target may be partially filled with data. + *\li Note: On error return, *target may be partially filled with data. */ isc_result_t dns_message_parse(dns_message_t *msg, isc_buffer_t *source, unsigned int options); -/* +/*%< * Parse raw wire data in 'source' as a DNS message. * * OPT records are detected and stored in the pseudo-section "opt". * TSIGs are detected and stored in the pseudo-section "tsig". * - * If DNS_MESSAGEPARSE_PRESERVEORDER is set, or if the opcode of the message + * If #DNS_MESSAGEPARSE_PRESERVEORDER is set, or if the opcode of the message * is UPDATE, a separate dns_name_t object will be created for each RR in the * message. Each such dns_name_t will have a single rdataset containing the * single RR, and the order of the RRs in the message is preserved. @@ -403,39 +409,39 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source, * of rdatasets. To access the names and their data, use * dns_message_firstname() and dns_message_nextname(). * - * If DNS_MESSAGEPARSE_BESTEFFORT is set, errors in message content will + * If #DNS_MESSAGEPARSE_BESTEFFORT is set, errors in message content will * not be considered FORMERRs. If the entire message can be parsed, it * will be returned and DNS_R_RECOVERABLE will be returned. * - * If DNS_MESSAGEPARSE_IGNORETRUNCATION is set then return as many complete + * If #DNS_MESSAGEPARSE_IGNORETRUNCATION is set then return as many complete * RR's as possible, DNS_R_RECOVERABLE will be returned. * * OPT and TSIG records are always handled specially, regardless of the * 'preserve_order' setting. * * Requires: - * "msg" be valid. + *\li "msg" be valid. * - * "buffer" be a wire format buffer. + *\li "buffer" be a wire format buffer. * * Ensures: - * The buffer's data format is correct. + *\li The buffer's data format is correct. * - * The buffer's contents verify as correct regarding header bits, buffer + *\li The buffer's contents verify as correct regarding header bits, buffer * and rdata sizes, etc. * * Returns: - * ISC_R_SUCCESS -- all is well - * ISC_R_NOMEMORY -- no memory - * DNS_R_RECOVERABLE -- the message parsed properly, but contained + *\li #ISC_R_SUCCESS -- all is well + *\li #ISC_R_NOMEMORY -- no memory + *\li #DNS_R_RECOVERABLE -- the message parsed properly, but contained * errors. - * Many other errors possible XXXMLG + *\li Many other errors possible XXXMLG */ isc_result_t dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx, isc_buffer_t *buffer); -/* +/*%< * Begin rendering on a message. Only one call can be made to this function * per message. * @@ -447,24 +453,24 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx, * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * 'cctx' be valid. + *\li 'cctx' be valid. * - * 'buffer' is a valid buffer. + *\li 'buffer' is a valid buffer. * * Side Effects: * - * The buffer is cleared before it is used. + *\li The buffer is cleared before it is used. * * Returns: - * ISC_R_SUCCESS -- all is well - * ISC_R_NOSPACE -- output buffer is too small + *\li #ISC_R_SUCCESS -- all is well + *\li #ISC_R_NOSPACE -- output buffer is too small */ isc_result_t dns_message_renderchangebuffer(dns_message_t *msg, isc_buffer_t *buffer); -/* +/*%< * Reset the buffer. This can be used after growing the old buffer * on a ISC_R_NOSPACE return from most of the render functions. * @@ -474,20 +480,20 @@ dns_message_renderchangebuffer(dns_message_t *msg, isc_buffer_t *buffer); * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * dns_message_renderbegin() was called. + *\li dns_message_renderbegin() was called. * - * buffer != NULL. + *\li buffer != NULL. * * Returns: - * ISC_R_NOSPACE -- new buffer is too small - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_NOSPACE -- new buffer is too small + *\li #ISC_R_SUCCESS -- all is well. */ isc_result_t dns_message_renderreserve(dns_message_t *msg, unsigned int space); -/* +/*%< * XXXMLG should use size_t rather than unsigned int once the buffer * API is cleaned up * @@ -495,18 +501,18 @@ dns_message_renderreserve(dns_message_t *msg, unsigned int space); * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * dns_message_renderbegin() was called. + *\li dns_message_renderbegin() was called. * * Returns: - * ISC_R_SUCCESS -- all is well. - * ISC_R_NOSPACE -- not enough free space in the buffer. + *\li #ISC_R_SUCCESS -- all is well. + *\li #ISC_R_NOSPACE -- not enough free space in the buffer. */ void dns_message_renderrelease(dns_message_t *msg, unsigned int space); -/* +/*%< * XXXMLG should use size_t rather than unsigned int once the buffer * API is cleaned up * @@ -514,87 +520,87 @@ dns_message_renderrelease(dns_message_t *msg, unsigned int space); * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * 'space' is less than or equal to the total amount of space reserved + *\li 'space' is less than or equal to the total amount of space reserved * via prior calls to dns_message_renderreserve(). * - * dns_message_renderbegin() was called. + *\li dns_message_renderbegin() was called. */ isc_result_t dns_message_rendersection(dns_message_t *msg, dns_section_t section, unsigned int options); -/* +/*%< * Render all names, rdatalists, etc from the given section at the * specified priority or higher. * * Requires: - * 'msg' be valid. + *\li 'msg' be valid. * - * 'section' be a valid section. + *\li 'section' be a valid section. * - * dns_message_renderbegin() was called. + *\li dns_message_renderbegin() was called. * * Returns: - * ISC_R_SUCCESS -- all records were written, and there are + *\li #ISC_R_SUCCESS -- all records were written, and there are * no more records for this section. - * ISC_R_NOSPACE -- Not enough room in the buffer to write + *\li #ISC_R_NOSPACE -- Not enough room in the buffer to write * all records requested. - * DNS_R_MOREDATA -- All requested records written, and there + *\li #DNS_R_MOREDATA -- All requested records written, and there * are records remaining for this section. */ void dns_message_renderheader(dns_message_t *msg, isc_buffer_t *target); -/* +/*%< * Render the message header. This is implicitly called by * dns_message_renderend(). * * Requires: * - * 'msg' be a valid message. + *\li 'msg' be a valid message. * - * dns_message_renderbegin() was called. + *\li dns_message_renderbegin() was called. * - * 'target' is a valid buffer with enough space to hold a message header + *\li 'target' is a valid buffer with enough space to hold a message header */ isc_result_t dns_message_renderend(dns_message_t *msg); -/* +/*%< * Finish rendering to the buffer. Note that more data can be in the * 'msg' structure. Destroying the structure will free this, or in a multi- * part EDNS1 message this data can be rendered to another buffer later. * * Requires: * - * 'msg' be a valid message. + *\li 'msg' be a valid message. * - * dns_message_renderbegin() was called. + *\li dns_message_renderbegin() was called. * * Returns: - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_SUCCESS -- all is well. */ void dns_message_renderreset(dns_message_t *msg); -/* +/*%< * Reset the message so that it may be rendered again. * * Notes: * - * If dns_message_renderbegin() has been called, dns_message_renderend() + *\li If dns_message_renderbegin() has been called, dns_message_renderend() * must be called before calling this function. * * Requires: * - * 'msg' be a valid message with rendering intent. + *\li 'msg' be a valid message with rendering intent. */ isc_result_t dns_message_firstname(dns_message_t *msg, dns_section_t section); -/* +/*%< * Set internal per-section name pointer to the beginning of the section. * * The functions dns_message_firstname() and dns_message_nextname() may @@ -602,39 +608,39 @@ dns_message_firstname(dns_message_t *msg, dns_section_t section); * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * 'section' be a valid section. + *\li 'section' be a valid section. * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMORE -- No names on given section. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMORE -- No names on given section. */ isc_result_t dns_message_nextname(dns_message_t *msg, dns_section_t section); -/* +/*%< * Sets the internal per-section name pointer to point to the next name * in that section. * * Requires: * - * 'msg' be valid. + * \li 'msg' be valid. * - * 'section' be a valid section. + *\li 'section' be a valid section. * - * dns_message_firstname() must have been called on this section, + *\li dns_message_firstname() must have been called on this section, * and the result was ISC_R_SUCCESS. * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMORE -- No more names in given section. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMORE -- No more names in given section. */ void dns_message_currentname(dns_message_t *msg, dns_section_t section, dns_name_t **name); -/* +/*%< * Sets 'name' to point to the name where the per-section internal name * pointer is currently set. * @@ -643,15 +649,15 @@ dns_message_currentname(dns_message_t *msg, dns_section_t section, * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * 'name' be non-NULL, and *name be NULL. + *\li 'name' be non-NULL, and *name be NULL. * - * 'section' be a valid section. + *\li 'section' be a valid section. * - * dns_message_firstname() must have been called on this section, + *\li dns_message_firstname() must have been called on this section, * and the result of it and any dns_message_nextname() calls was - * ISC_R_SUCCESS. + * #ISC_R_SUCCESS. */ isc_result_t @@ -659,55 +665,55 @@ dns_message_findname(dns_message_t *msg, dns_section_t section, dns_name_t *target, dns_rdatatype_t type, dns_rdatatype_t covers, dns_name_t **foundname, dns_rdataset_t **rdataset); -/* +/*%< * Search for a name in the specified section. If it is found, *name is * set to point to the name, and *rdataset is set to point to the found * rdataset (if type is specified as other than dns_rdatatype_any). * * Requires: - * 'msg' be valid. + *\li 'msg' be valid. * - * 'section' be a valid section. + *\li 'section' be a valid section. * - * If a pointer to the name is desired, 'foundname' should be non-NULL. + *\li If a pointer to the name is desired, 'foundname' should be non-NULL. * If it is non-NULL, '*foundname' MUST be NULL. * - * If a type other than dns_datatype_any is searched for, 'rdataset' + *\li If a type other than dns_datatype_any is searched for, 'rdataset' * may be non-NULL, '*rdataset' be NULL, and will point at the found * rdataset. If the type is dns_datatype_any, 'rdataset' must be NULL. * - * 'target' be a valid name. + *\li 'target' be a valid name. * - * 'type' be a valid type. + *\li 'type' be a valid type. * - * If 'type' is dns_rdatatype_rrsig, 'covers' must be a valid type. + *\li If 'type' is dns_rdatatype_rrsig, 'covers' must be a valid type. * Otherwise it should be 0. * * Returns: - * ISC_R_SUCCESS -- all is well. - * DNS_R_NXDOMAIN -- name does not exist in that section. - * DNS_R_NXRRSET -- The name does exist, but the desired + *\li #ISC_R_SUCCESS -- all is well. + *\li #DNS_R_NXDOMAIN -- name does not exist in that section. + *\li #DNS_R_NXRRSET -- The name does exist, but the desired * type does not. */ isc_result_t dns_message_findtype(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, dns_rdataset_t **rdataset); -/* +/*%< * Search the name for the specified type. If it is found, *rdataset is * filled in with a pointer to that rdataset. * * Requires: - * if '**rdataset' is non-NULL, *rdataset needs to be NULL. + *\li if '**rdataset' is non-NULL, *rdataset needs to be NULL. * - * 'type' be a valid type, and NOT dns_rdatatype_any. + *\li 'type' be a valid type, and NOT dns_rdatatype_any. * - * If 'type' is dns_rdatatype_rrsig, 'covers' must be a valid type. + *\li If 'type' is dns_rdatatype_rrsig, 'covers' must be a valid type. * Otherwise it should be 0. * * Returns: - * ISC_R_SUCCESS -- all is well. - * ISC_R_NOTFOUND -- the desired type does not exist. + *\li #ISC_R_SUCCESS -- all is well. + *\li #ISC_R_NOTFOUND -- the desired type does not exist. */ isc_result_t @@ -735,24 +741,24 @@ void dns_message_movename(dns_message_t *msg, dns_name_t *name, dns_section_t fromsection, dns_section_t tosection); -/* +/*%< * Move a name from one section to another. * * Requires: * - * 'msg' be valid. + *\li 'msg' be valid. * - * 'name' must be a name already in 'fromsection'. + *\li 'name' must be a name already in 'fromsection'. * - * 'fromsection' must be a valid section. + *\li 'fromsection' must be a valid section. * - * 'tosection' must be a valid section. + *\li 'tosection' must be a valid section. */ void dns_message_addname(dns_message_t *msg, dns_name_t *name, dns_section_t section); -/* +/*%< * Adds the name to the given section. * * It is the caller's responsibility to enforce any unique name requirements @@ -760,13 +766,32 @@ dns_message_addname(dns_message_t *msg, dns_name_t *name, * * Requires: * - * 'msg' be valid, and be a renderable message. + *\li 'msg' be valid, and be a renderable message. + * + *\li 'name' be a valid absolute name. + * + *\li 'section' be a named section. + */ + +void +dns_message_removename(dns_message_t *msg, dns_name_t *name, + dns_section_t section); +/*%< + * Remove a existing name from a given section. + * + * It is the caller's responsibility to ensure the name is part of the + * given section. + * + * Requires: + * + *\li 'msg' be valid, and be a renderable message. * - * 'name' be a valid absolute name. + *\li 'name' be a valid absolute name. * - * 'section' be a named section. + *\li 'section' be a named section. */ + /* * LOANOUT FUNCTIONS * @@ -777,7 +802,7 @@ dns_message_addname(dns_message_t *msg, dns_name_t *name, isc_result_t dns_message_gettempname(dns_message_t *msg, dns_name_t **item); -/* +/*%< * Return a name that can be used for any temporary purpose, including * inserting into the message's linked lists. The name must be returned * to the message code using dns_message_puttempname() or inserted into @@ -786,180 +811,180 @@ dns_message_gettempname(dns_message_t *msg, dns_name_t **item); * It is the caller's responsibility to initialize this name. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item == NULL + *\li item != NULL && *item == NULL * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMEMORY -- No item can be allocated. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMEMORY -- No item can be allocated. */ isc_result_t dns_message_gettempoffsets(dns_message_t *msg, dns_offsets_t **item); -/* +/*%< * Return an offsets array that can be used for any temporary purpose, * such as attaching to a temporary name. The offsets will be freed * when the message is destroyed or reset. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item == NULL + *\li item != NULL && *item == NULL * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMEMORY -- No item can be allocated. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMEMORY -- No item can be allocated. */ isc_result_t dns_message_gettemprdata(dns_message_t *msg, dns_rdata_t **item); -/* +/*%< * Return a rdata that can be used for any temporary purpose, including * inserting into the message's linked lists. The rdata will be freed * when the message is destroyed or reset. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item == NULL + *\li item != NULL && *item == NULL * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMEMORY -- No item can be allocated. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMEMORY -- No item can be allocated. */ isc_result_t dns_message_gettemprdataset(dns_message_t *msg, dns_rdataset_t **item); -/* +/*%< * Return a rdataset that can be used for any temporary purpose, including * inserting into the message's linked lists. The name must be returned * to the message code using dns_message_puttempname() or inserted into * one of the message's sections before the message is destroyed. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item == NULL + *\li item != NULL && *item == NULL * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMEMORY -- No item can be allocated. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMEMORY -- No item can be allocated. */ isc_result_t dns_message_gettemprdatalist(dns_message_t *msg, dns_rdatalist_t **item); -/* +/*%< * Return a rdatalist that can be used for any temporary purpose, including * inserting into the message's linked lists. The rdatalist will be * destroyed when the message is destroyed or reset. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item == NULL + *\li item != NULL && *item == NULL * * Returns: - * ISC_R_SUCCESS -- All is well. - * ISC_R_NOMEMORY -- No item can be allocated. + *\li #ISC_R_SUCCESS -- All is well. + *\li #ISC_R_NOMEMORY -- No item can be allocated. */ void dns_message_puttempname(dns_message_t *msg, dns_name_t **item); -/* +/*%< * Return a borrowed name to the message's name free list. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item point to a name returned by + *\li item != NULL && *item point to a name returned by * dns_message_gettempname() * * Ensures: - * *item == NULL + *\li *item == NULL */ void dns_message_puttemprdata(dns_message_t *msg, dns_rdata_t **item); -/* +/*%< * Return a borrowed rdata to the message's rdata free list. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item point to a rdata returned by + *\li item != NULL && *item point to a rdata returned by * dns_message_gettemprdata() * * Ensures: - * *item == NULL + *\li *item == NULL */ void dns_message_puttemprdataset(dns_message_t *msg, dns_rdataset_t **item); -/* +/*%< * Return a borrowed rdataset to the message's rdataset free list. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item point to a rdataset returned by + *\li item != NULL && *item point to a rdataset returned by * dns_message_gettemprdataset() * * Ensures: - * *item == NULL + *\li *item == NULL */ void dns_message_puttemprdatalist(dns_message_t *msg, dns_rdatalist_t **item); -/* +/*%< * Return a borrowed rdatalist to the message's rdatalist free list. * * Requires: - * msg be a valid message + *\li msg be a valid message * - * item != NULL && *item point to a rdatalist returned by + *\li item != NULL && *item point to a rdatalist returned by * dns_message_gettemprdatalist() * * Ensures: - * *item == NULL + *\li *item == NULL */ isc_result_t dns_message_peekheader(isc_buffer_t *source, dns_messageid_t *idp, unsigned int *flagsp); -/* +/*%< * Assume the remaining region of "source" is a DNS message. Peek into * it and fill in "*idp" with the message id, and "*flagsp" with the flags. * * Requires: * - * source != NULL + *\li source != NULL * * Ensures: * - * if (idp != NULL) *idp == message id. + *\li if (idp != NULL) *idp == message id. * - * if (flagsp != NULL) *flagsp == message flags. + *\li if (flagsp != NULL) *flagsp == message flags. * * Returns: * - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_SUCCESS -- all is well. * - * ISC_R_UNEXPECTEDEND -- buffer doesn't contain enough for a header. + *\li #ISC_R_UNEXPECTEDEND -- buffer doesn't contain enough for a header. */ isc_result_t dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section); -/* +/*%< * Start formatting a reply to the query in 'msg'. * * Requires: * - * 'msg' is a valid message with parsing intent, and contains a query. + *\li 'msg' is a valid message with parsing intent, and contains a query. * * Ensures: * - * The message will have a rendering intent. If 'want_question_section' + *\li The message will have a rendering intent. If 'want_question_section' * is true, the message opcode is query or notify, and the question * section is present and properly formatted, then the question section * will be included in the reply. All other sections will be cleared. @@ -968,9 +993,9 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section); * * Returns: * - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_SUCCESS -- all is well. * - * DNS_R_FORMERR -- the header or question section of the + *\li #DNS_R_FORMERR -- the header or question section of the * message is invalid, replying is impossible. * If DNS_R_FORMERR is returned when * want_question_section is ISC_FALSE, then @@ -981,308 +1006,308 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section); dns_rdataset_t * dns_message_getopt(dns_message_t *msg); -/* +/*%< * Get the OPT record for 'msg'. * * Requires: * - * 'msg' is a valid message. + *\li 'msg' is a valid message. * * Returns: * - * The OPT rdataset of 'msg', or NULL if there isn't one. + *\li The OPT rdataset of 'msg', or NULL if there isn't one. */ isc_result_t dns_message_setopt(dns_message_t *msg, dns_rdataset_t *opt); -/* +/*%< * Set the OPT record for 'msg'. * * Requires: * - * 'msg' is a valid message with rendering intent + *\li 'msg' is a valid message with rendering intent * and no sections have been rendered. * - * 'opt' is a valid OPT record. + *\li 'opt' is a valid OPT record. * * Ensures: * - * The OPT record has either been freed or ownership of it has + *\li The OPT record has either been freed or ownership of it has * been transferred to the message. * - * If ISC_R_SUCCESS was returned, the OPT record will be rendered + *\li If ISC_R_SUCCESS was returned, the OPT record will be rendered * when dns_message_renderend() is called. * * Returns: * - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_SUCCESS -- all is well. * - * ISC_R_NOSPACE -- there is no space for the OPT record. + *\li #ISC_R_NOSPACE -- there is no space for the OPT record. */ dns_rdataset_t * dns_message_gettsig(dns_message_t *msg, dns_name_t **owner); -/* +/*%< * Get the TSIG record and owner for 'msg'. * * Requires: * - * 'msg' is a valid message. - * 'owner' is NULL or *owner is NULL. + *\li 'msg' is a valid message. + *\li 'owner' is NULL or *owner is NULL. * * Returns: * - * The TSIG rdataset of 'msg', or NULL if there isn't one. + *\li The TSIG rdataset of 'msg', or NULL if there isn't one. * * Ensures: * - * If 'owner' is not NULL, it will point to the owner name. + * \li If 'owner' is not NULL, it will point to the owner name. */ isc_result_t dns_message_settsigkey(dns_message_t *msg, dns_tsigkey_t *key); -/* +/*%< * Set the tsig key for 'msg'. This is only necessary for when rendering a * query or parsing a response. The key (if non-NULL) is attached to, and * will be detached when the message is destroyed. * * Requires: * - * 'msg' is a valid message with rendering intent, + *\li 'msg' is a valid message with rendering intent, * dns_message_renderbegin() has been called, and no sections have been * rendered. - * 'key' is a valid tsig key or NULL. + *\li 'key' is a valid tsig key or NULL. * * Returns: * - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_SUCCESS -- all is well. * - * ISC_R_NOSPACE -- there is no space for the TSIG record. + *\li #ISC_R_NOSPACE -- there is no space for the TSIG record. */ dns_tsigkey_t * dns_message_gettsigkey(dns_message_t *msg); -/* +/*%< * Gets the tsig key for 'msg'. * * Requires: * - * 'msg' is a valid message + *\li 'msg' is a valid message */ isc_result_t dns_message_setquerytsig(dns_message_t *msg, isc_buffer_t *querytsig); -/* +/*%< * Indicates that 'querytsig' is the TSIG from the signed query for which * 'msg' is the response. This is also used for chained TSIGs in TCP * responses. * * Requires: * - * 'querytsig' is a valid buffer as returned by dns_message_getquerytsig() + *\li 'querytsig' is a valid buffer as returned by dns_message_getquerytsig() * or NULL * - * 'msg' is a valid message + *\li 'msg' is a valid message * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ isc_result_t dns_message_getquerytsig(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t **querytsig); -/* +/*%< * Gets the tsig from the TSIG from the signed query 'msg'. This is also used * for chained TSIGs in TCP responses. Unlike dns_message_gettsig, this makes * a copy of the data, so can be used if the message is destroyed. * * Requires: * - * 'msg' is a valid signed message - * 'mctx' is a valid memory context - * querytsig != NULL && *querytsig == NULL + *\li 'msg' is a valid signed message + *\li 'mctx' is a valid memory context + *\li querytsig != NULL && *querytsig == NULL * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY * * Ensures: - * 'tsig' points to NULL or an allocated buffer which must be freed + *\li 'tsig' points to NULL or an allocated buffer which must be freed * by the caller. */ dns_rdataset_t * dns_message_getsig0(dns_message_t *msg, dns_name_t **owner); -/* +/*%< * Get the SIG(0) record and owner for 'msg'. * * Requires: * - * 'msg' is a valid message. - * 'owner' is NULL or *owner is NULL. + *\li 'msg' is a valid message. + *\li 'owner' is NULL or *owner is NULL. * * Returns: * - * The SIG(0) rdataset of 'msg', or NULL if there isn't one. + *\li The SIG(0) rdataset of 'msg', or NULL if there isn't one. * * Ensures: * - * If 'owner' is not NULL, it will point to the owner name. + * \li If 'owner' is not NULL, it will point to the owner name. */ isc_result_t dns_message_setsig0key(dns_message_t *msg, dst_key_t *key); -/* +/*%< * Set the SIG(0) key for 'msg'. * * Requires: * - * 'msg' is a valid message with rendering intent, + *\li 'msg' is a valid message with rendering intent, * dns_message_renderbegin() has been called, and no sections have been * rendered. - * 'key' is a valid sig key or NULL. + *\li 'key' is a valid sig key or NULL. * * Returns: * - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_SUCCESS -- all is well. * - * ISC_R_NOSPACE -- there is no space for the SIG(0) record. + *\li #ISC_R_NOSPACE -- there is no space for the SIG(0) record. */ dst_key_t * dns_message_getsig0key(dns_message_t *msg); -/* +/*%< * Gets the SIG(0) key for 'msg'. * * Requires: * - * 'msg' is a valid message + *\li 'msg' is a valid message */ void dns_message_takebuffer(dns_message_t *msg, isc_buffer_t **buffer); -/* +/*%< * Give the *buffer to the message code to clean up when it is no * longer needed. This is usually when the message is reset or * destroyed. * * Requires: * - * msg be a valid message. + *\li msg be a valid message. * - * buffer != NULL && *buffer is a valid isc_buffer_t, which was - * dynamincally allocated via isc_buffer_allocate(). + *\li buffer != NULL && *buffer is a valid isc_buffer_t, which was + * dynamically allocated via isc_buffer_allocate(). */ isc_result_t dns_message_signer(dns_message_t *msg, dns_name_t *signer); -/* +/*%< * If this message was signed, return the identity of the signer. * Unless ISC_R_NOTFOUND is returned, signer will reflect the name of the * key that signed the message. * * Requires: * - * msg is a valid parsed message. - * signer is a valid name + *\li msg is a valid parsed message. + *\li signer is a valid name * * Returns: * - * ISC_R_SUCCESS - the message was signed, and *signer + *\li #ISC_R_SUCCESS - the message was signed, and *signer * contains the signing identity * - * ISC_R_NOTFOUND - no TSIG or SIG(0) record is present in the + *\li #ISC_R_NOTFOUND - no TSIG or SIG(0) record is present in the * message * - * DNS_R_TSIGVERIFYFAILURE - the message was signed by a TSIG, but the + *\li #DNS_R_TSIGVERIFYFAILURE - the message was signed by a TSIG, but the * signature failed to verify * - * DNS_R_TSIGERRORSET - the message was signed by a TSIG and + *\li #DNS_R_TSIGERRORSET - the message was signed by a TSIG and * verified, but the query was rejected by * the server * - * DNS_R_NOIDENTITY - the message was signed by a TSIG and + *\li #DNS_R_NOIDENTITY - the message was signed by a TSIG and * verified, but the key has no identity since * it was generated by an unsigned TKEY process * - * DNS_R_SIGINVALID - the message was signed by a SIG(0), but + *\li #DNS_R_SIGINVALID - the message was signed by a SIG(0), but * the signature failed to verify * - * DNS_R_NOTVERIFIEDYET - the message was signed by a TSIG or SIG(0), + *\li #DNS_R_NOTVERIFIEDYET - the message was signed by a TSIG or SIG(0), * but the signature has not been verified yet */ isc_result_t dns_message_checksig(dns_message_t *msg, dns_view_t *view); -/* +/*%< * If this message was signed, verify the signature. * * Requires: * - * msg is a valid parsed message. - * view is a valid view or NULL + *\li msg is a valid parsed message. + *\li view is a valid view or NULL * * Returns: * - * ISC_R_SUCCESS - the message was unsigned, or the message + *\li #ISC_R_SUCCESS - the message was unsigned, or the message * was signed correctly. * - * DNS_R_EXPECTEDTSIG - A TSIG was expected, but not seen - * DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected - * DNS_R_TSIGVERIFYFAILURE - The TSIG failed to verify + *\li #DNS_R_EXPECTEDTSIG - A TSIG was expected, but not seen + *\li #DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected + *\li #DNS_R_TSIGVERIFYFAILURE - The TSIG failed to verify */ isc_result_t dns_message_rechecksig(dns_message_t *msg, dns_view_t *view); -/* +/*%< * Reset the signature state and then if the message was signed, * verify the message. * * Requires: * - * msg is a valid parsed message. - * view is a valid view or NULL + *\li msg is a valid parsed message. + *\li view is a valid view or NULL * * Returns: * - * ISC_R_SUCCESS - the message was unsigned, or the message + *\li #ISC_R_SUCCESS - the message was unsigned, or the message * was signed correctly. * - * DNS_R_EXPECTEDTSIG - A TSIG was expected, but not seen - * DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected - * DNS_R_TSIGVERIFYFAILURE - The TSIG failed to verify + *\li #DNS_R_EXPECTEDTSIG - A TSIG was expected, but not seen + *\li #DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected + *\li #DNS_R_TSIGVERIFYFAILURE - The TSIG failed to verify */ void dns_message_resetsig(dns_message_t *msg); -/* +/*%< * Reset the signature state. * * Requires: - * 'msg' is a valid parsed message. + *\li 'msg' is a valid parsed message. */ isc_region_t * dns_message_getrawmessage(dns_message_t *msg); -/* +/*%< * Retrieve the raw message in compressed wire format. The message must * have been successfully parsed for it to have been saved. * * Requires: - * msg is a valid parsed message. + *\li msg is a valid parsed message. * * Returns: - * NULL if there is no saved message. + *\li NULL if there is no saved message. * a pointer to a region which refers the dns message. */ void dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order, const void *order_arg); -/* +/*%< * Define the order in which RR sets get rendered by * dns_message_rendersection() to be the ascending order * defined by the integer value returned by 'order' when @@ -1290,27 +1315,27 @@ dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order, * 'order_arg' are NULL, a default order is used. * * Requires: - * msg be a valid message. - * order_arg is NULL if and only if order is NULL. + *\li msg be a valid message. + *\li order_arg is NULL if and only if order is NULL. */ -void +void dns_message_settimeadjust(dns_message_t *msg, int timeadjust); -/* +/*%< * Adjust the time used to sign/verify a message by timeadjust. * Currently only TSIG. * * Requires: - * msg be a valid message. + *\li msg be a valid message. */ -int +int dns_message_gettimeadjust(dns_message_t *msg); -/* +/*%< * Return the current time adjustment. * * Requires: - * msg be a valid message. + *\li msg be a valid message. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/name.h b/contrib/bind-9.5.2/lib/dns/include/dns/name.h similarity index 58% rename from contrib/bind-9.3/lib/dns/include/dns/name.h rename to contrib/bind-9.5.2/lib/dns/include/dns/name.h index ce9e1f1531..57c2cfc84d 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/name.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/name.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.h,v 1.95.2.3.2.14 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: name.h,v 1.126.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_NAME_H #define DNS_NAME_H 1 @@ -24,9 +24,8 @@ ***** Module Info *****/ -/* - * DNS Names and Labels - * +/*! \file dns/name.h + * \brief * Provides facilities for manipulating DNS names and labels, including * conversions to and from wire format and text format. * @@ -45,26 +44,26 @@ * handles. * * MP: - * Clients of this module must impose any required synchronization. + *\li Clients of this module must impose any required synchronization. * * Reliability: - * This module deals with low-level byte streams. Errors in any of + *\li This module deals with low-level byte streams. Errors in any of * the functions are likely to crash the server or corrupt memory. * * Resources: - * None. + *\li None. * * Security: * - * *** WARNING *** + *\li *** WARNING *** * - * dns_name_fromwire() deals with raw network data. An error in + *\li dns_name_fromwire() deals with raw network data. An error in * this routine could result in the failure or hijacking of the server. * * Standards: - * RFC 1035 - * Draft EDNS0 (0) - * Draft Binary Labels (2) + *\li RFC1035 + *\li Draft EDNS0 (0) + *\li Draft Binary Labels (2) * */ @@ -109,7 +108,7 @@ ISC_LANG_BEGINDECLS *** Types ***/ -/* +/*% * Clients are strongly discouraged from using this type directly, with * the exception of the 'link' and 'list' fields which may be used directly * for whatever purpose the client desires. @@ -132,92 +131,104 @@ struct dns_name { #define DNS_NAMEATTR_READONLY 0x0002 #define DNS_NAMEATTR_DYNAMIC 0x0004 #define DNS_NAMEATTR_DYNOFFSETS 0x0008 +#define DNS_NAMEATTR_NOCOMPRESS 0x0010 /* * Attributes below 0x0100 reserved for name.c usage. */ -#define DNS_NAMEATTR_CACHE 0x0100 /* Used by resolver. */ -#define DNS_NAMEATTR_ANSWER 0x0200 /* Used by resolver. */ -#define DNS_NAMEATTR_NCACHE 0x0400 /* Used by resolver. */ -#define DNS_NAMEATTR_CHAINING 0x0800 /* Used by resolver. */ -#define DNS_NAMEATTR_CHASE 0x1000 /* Used by resolver. */ -#define DNS_NAMEATTR_WILDCARD 0x2000 /* Used by server. */ +#define DNS_NAMEATTR_CACHE 0x0100 /*%< Used by resolver. */ +#define DNS_NAMEATTR_ANSWER 0x0200 /*%< Used by resolver. */ +#define DNS_NAMEATTR_NCACHE 0x0400 /*%< Used by resolver. */ +#define DNS_NAMEATTR_CHAINING 0x0800 /*%< Used by resolver. */ +#define DNS_NAMEATTR_CHASE 0x1000 /*%< Used by resolver. */ +#define DNS_NAMEATTR_WILDCARD 0x2000 /*%< Used by server. */ #define DNS_NAME_DOWNCASE 0x0001 -#define DNS_NAME_CHECKNAMES 0x0002 /* Used by rdata. */ -#define DNS_NAME_CHECKNAMESFAIL 0x0004 /* Used by rdata. */ -#define DNS_NAME_CHECKREVERSE 0x0008 /* Used by rdata. */ +#define DNS_NAME_CHECKNAMES 0x0002 /*%< Used by rdata. */ +#define DNS_NAME_CHECKNAMESFAIL 0x0004 /*%< Used by rdata. */ +#define DNS_NAME_CHECKREVERSE 0x0008 /*%< Used by rdata. */ +#define DNS_NAME_CHECKMX 0x0010 /*%< Used by rdata. */ +#define DNS_NAME_CHECKMXFAIL 0x0020 /*%< Used by rdata. */ LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_rootname; LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_wildcardname; -/* +/*% * Standard size of a wire format name */ #define DNS_NAME_MAXWIRE 255 +/* + * Text output filter procedure. + * 'target' is the buffer to be converted. The region to be converted + * is from 'buffer'->base + 'used_org' to the end of the used region. + */ +typedef isc_result_t (*dns_name_totextfilter_t)(isc_buffer_t *target, + unsigned int used_org, + isc_boolean_t absolute); + /*** *** Initialization ***/ void dns_name_init(dns_name_t *name, unsigned char *offsets); -/* +/*%< * Initialize 'name'. * * Notes: - * 'offsets' is never required to be non-NULL, but specifying a + * \li 'offsets' is never required to be non-NULL, but specifying a * dns_offsets_t for 'offsets' will improve the performance of most * name operations if the name is used more than once. * * Requires: - * 'name' is not NULL and points to a struct dns_name. + * \li 'name' is not NULL and points to a struct dns_name. * - * offsets == NULL or offsets is a dns_offsets_t. + * \li offsets == NULL or offsets is a dns_offsets_t. * * Ensures: - * 'name' is a valid name. - * dns_name_countlabels(name) == 0 - * dns_name_isabsolute(name) == ISC_FALSE + * \li 'name' is a valid name. + * \li dns_name_countlabels(name) == 0 + * \li dns_name_isabsolute(name) == ISC_FALSE */ void dns_name_reset(dns_name_t *name); -/* +/*%< * Reinitialize 'name'. * * Notes: - * This function distinguishes itself from dns_name_init() in two + * \li This function distinguishes itself from dns_name_init() in two * key ways: * - * + If any buffer is associated with 'name' (via dns_name_setbuffer() + * \li + If any buffer is associated with 'name' (via dns_name_setbuffer() * or by being part of a dns_fixedname_t) the link to the buffer * is retained but the buffer itself is cleared. * - * + Of the attributes associated with 'name', all are retained except + * \li + Of the attributes associated with 'name', all are retained except * DNS_NAMEATTR_ABSOLUTE. * * Requires: - * 'name' is a valid name. + * \li 'name' is a valid name. * * Ensures: - * 'name' is a valid name. - * dns_name_countlabels(name) == 0 - * dns_name_isabsolute(name) == ISC_FALSE + * \li 'name' is a valid name. + * \li dns_name_countlabels(name) == 0 + * \li dns_name_isabsolute(name) == ISC_FALSE */ void dns_name_invalidate(dns_name_t *name); -/* +/*%< * Make 'name' invalid. * * Requires: - * 'name' is a valid name. + * \li 'name' is a valid name. * * Ensures: - * If assertion checking is enabled, future attempts to use 'name' + * \li If assertion checking is enabled, future attempts to use 'name' * without initializing it will cause an assertion failure. * - * If the name had a dedicated buffer, that association is ended. + * \li If the name had a dedicated buffer, that association is ended. */ @@ -227,93 +238,92 @@ dns_name_invalidate(dns_name_t *name); void dns_name_setbuffer(dns_name_t *name, isc_buffer_t *buffer); -/* +/*%< * Dedicate a buffer for use with 'name'. * * Notes: - * Specification of a target buffer in dns_name_fromwire(), - * dns_name_fromtext(), and dns_name_concatentate() is optional if + * \li Specification of a target buffer in dns_name_fromwire(), + * dns_name_fromtext(), and dns_name_concatenate() is optional if * 'name' has a dedicated buffer. * - * The caller must not write to buffer until the name has been + * \li The caller must not write to buffer until the name has been * invalidated or is otherwise known not to be in use. * - * If buffer is NULL and the name previously had a dedicated buffer, + * \li If buffer is NULL and the name previously had a dedicated buffer, * than that buffer is no longer dedicated to use with this name. * The caller is responsible for ensuring that the storage used by * the name remains valid. * * Requires: - * 'name' is a valid name. + * \li 'name' is a valid name. * - * 'buffer' is a valid binary buffer and 'name' doesn't have a + * \li 'buffer' is a valid binary buffer and 'name' doesn't have a * dedicated buffer already, or 'buffer' is NULL. */ isc_boolean_t dns_name_hasbuffer(const dns_name_t *name); -/* +/*%< * Does 'name' have a dedicated buffer? * * Requires: - * 'name' is a valid name. + * \li 'name' is a valid name. * * Returns: - * ISC_TRUE 'name' has a dedicated buffer. - * ISC_FALSE 'name' does not have a dedicated buffer. + * \li ISC_TRUE 'name' has a dedicated buffer. + * \li ISC_FALSE 'name' does not have a dedicated buffer. */ - /*** *** Properties ***/ isc_boolean_t dns_name_isabsolute(const dns_name_t *name); -/* +/*%< * Does 'name' end in the root label? * * Requires: - * 'name' is a valid name + * \li 'name' is a valid name * * Returns: - * TRUE The last label in 'name' is the root label. - * FALSE The last label in 'name' is not the root label. + * \li TRUE The last label in 'name' is the root label. + * \li FALSE The last label in 'name' is not the root label. */ isc_boolean_t dns_name_iswildcard(const dns_name_t *name); -/* +/*%< * Is 'name' a wildcard name? * * Requires: - * 'name' is a valid name + * \li 'name' is a valid name * - * dns_name_countlabels(name) > 0 + * \li dns_name_countlabels(name) > 0 * * Returns: - * TRUE The least significant label of 'name' is '*'. - * FALSE The least significant label of 'name' is not '*'. + * \li TRUE The least significant label of 'name' is '*'. + * \li FALSE The least significant label of 'name' is not '*'. */ unsigned int dns_name_hash(dns_name_t *name, isc_boolean_t case_sensitive); -/* +/*%< * Provide a hash value for 'name'. * * Note: if 'case_sensitive' is ISC_FALSE, then names which differ only in * case will have the same hash value. * * Requires: - * 'name' is a valid name + * \li 'name' is a valid name * * Returns: - * A hash value + * \li A hash value */ unsigned int dns_name_fullhash(dns_name_t *name, isc_boolean_t case_sensitive); -/* +/*%< * Provide a hash value for 'name'. Unlike dns_name_hash(), this function * always takes into account of the entire name to calculate the hash value. * @@ -321,15 +331,15 @@ dns_name_fullhash(dns_name_t *name, isc_boolean_t case_sensitive); * case will have the same hash value. * * Requires: - * 'name' is a valid name + *\li 'name' is a valid name * * Returns: - * A hash value + *\li A hash value */ unsigned int dns_name_hashbylabel(dns_name_t *name, isc_boolean_t case_sensitive); -/* +/*%< * Provide a hash value for 'name', where the hash value is the sum * of the hash values of each label. * @@ -337,20 +347,20 @@ dns_name_hashbylabel(dns_name_t *name, isc_boolean_t case_sensitive); * case will have the same hash value. * * Requires: - * 'name' is a valid name + *\li 'name' is a valid name * * Returns: - * A hash value + *\li A hash value */ -/*** +/* *** Comparisons ***/ dns_namereln_t dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2, int *orderp, unsigned int *nlabelsp); -/* +/*%< * Determine the relative ordering under the DNSSEC order relation of * 'name1' and 'name2', and also determine the hierarchical * relationship of the names. @@ -361,39 +371,39 @@ dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2, * same domain. * * Requires: - * 'name1' is a valid name + *\li 'name1' is a valid name * - * dns_name_countlabels(name1) > 0 + *\li dns_name_countlabels(name1) > 0 * - * 'name2' is a valid name + *\li 'name2' is a valid name * - * dns_name_countlabels(name2) > 0 + *\li dns_name_countlabels(name2) > 0 * - * orderp and nlabelsp are valid pointers. + *\li orderp and nlabelsp are valid pointers. * - * Either name1 is absolute and name2 is absolute, or neither is. + *\li Either name1 is absolute and name2 is absolute, or neither is. * * Ensures: * - * *orderp is < 0 if name1 < name2, 0 if name1 = name2, > 0 if + *\li *orderp is < 0 if name1 < name2, 0 if name1 = name2, > 0 if * name1 > name2. * - * *nlabelsp is the number of common significant labels. + *\li *nlabelsp is the number of common significant labels. * * Returns: - * dns_namereln_none There's no hierarchical relationship + *\li dns_namereln_none There's no hierarchical relationship * between name1 and name2. - * dns_namereln_contains name1 properly contains name2; i.e. + *\li dns_namereln_contains name1 properly contains name2; i.e. * name2 is a proper subdomain of name1. - * dns_namereln_subdomain name1 is a proper subdomain of name2. - * dns_namereln_equal name1 and name2 are equal. - * dns_namereln_commonancestor name1 and name2 share a common + *\li dns_namereln_subdomain name1 is a proper subdomain of name2. + *\li dns_namereln_equal name1 and name2 are equal. + *\li dns_namereln_commonancestor name1 and name2 share a common * ancestor. */ int dns_name_compare(const dns_name_t *name1, const dns_name_t *name2); -/* +/*%< * Determine the relative ordering under the DNSSEC order relation of * 'name1' and 'name2'. * @@ -403,124 +413,130 @@ dns_name_compare(const dns_name_t *name1, const dns_name_t *name2); * same domain. * * Requires: - * 'name1' is a valid name + * \li 'name1' is a valid name * - * 'name2' is a valid name + * \li 'name2' is a valid name * - * Either name1 is absolute and name2 is absolute, or neither is. + * \li Either name1 is absolute and name2 is absolute, or neither is. * * Returns: - * < 0 'name1' is less than 'name2' - * 0 'name1' is equal to 'name2' - * > 0 'name1' is greater than 'name2' + * \li < 0 'name1' is less than 'name2' + * \li 0 'name1' is equal to 'name2' + * \li > 0 'name1' is greater than 'name2' */ isc_boolean_t dns_name_equal(const dns_name_t *name1, const dns_name_t *name2); -/* +/*%< * Are 'name1' and 'name2' equal? * * Notes: - * Because it only needs to test for equality, dns_name_equal() can be + * \li Because it only needs to test for equality, dns_name_equal() can be * significantly faster than dns_name_fullcompare() or dns_name_compare(). * - * Offsets tables are not used in the comparision. + * \li Offsets tables are not used in the comparision. * - * It makes no sense for one of the names to be relative and the + * \li It makes no sense for one of the names to be relative and the * other absolute. If both names are relative, then to be meaningfully * compared the caller must ensure that they are both relative to the * same domain. * * Requires: - * 'name1' is a valid name + * \li 'name1' is a valid name * - * 'name2' is a valid name + * \li 'name2' is a valid name * - * Either name1 is absolute and name2 is absolute, or neither is. + * \li Either name1 is absolute and name2 is absolute, or neither is. * * Returns: - * ISC_TRUE 'name1' and 'name2' are equal - * ISC_FALSE 'name1' and 'name2' are not equal + * \li ISC_TRUE 'name1' and 'name2' are equal + * \li ISC_FALSE 'name1' and 'name2' are not equal + */ + +isc_boolean_t +dns_name_caseequal(const dns_name_t *name1, const dns_name_t *name2); +/*%< + * Case sensitive version of dns_name_equal(). */ int dns_name_rdatacompare(const dns_name_t *name1, const dns_name_t *name2); -/* +/*%< * Compare two names as if they are part of rdata in DNSSEC canonical * form. * * Requires: - * 'name1' is a valid absolute name + * \li 'name1' is a valid absolute name * - * dns_name_countlabels(name1) > 0 + * \li dns_name_countlabels(name1) > 0 * - * 'name2' is a valid absolute name + * \li 'name2' is a valid absolute name * - * dns_name_countlabels(name2) > 0 + * \li dns_name_countlabels(name2) > 0 * * Returns: - * < 0 'name1' is less than 'name2' - * 0 'name1' is equal to 'name2' - * > 0 'name1' is greater than 'name2' + * \li < 0 'name1' is less than 'name2' + * \li 0 'name1' is equal to 'name2' + * \li > 0 'name1' is greater than 'name2' */ isc_boolean_t dns_name_issubdomain(const dns_name_t *name1, const dns_name_t *name2); -/* +/*%< * Is 'name1' a subdomain of 'name2'? * * Notes: - * name1 is a subdomain of name2 if name1 is contained in name2, or + * \li name1 is a subdomain of name2 if name1 is contained in name2, or * name1 equals name2. * - * It makes no sense for one of the names to be relative and the + * \li It makes no sense for one of the names to be relative and the * other absolute. If both names are relative, then to be meaningfully * compared the caller must ensure that they are both relative to the * same domain. * * Requires: - * 'name1' is a valid name + * \li 'name1' is a valid name * - * 'name2' is a valid name + * \li 'name2' is a valid name * - * Either name1 is absolute and name2 is absolute, or neither is. + * \li Either name1 is absolute and name2 is absolute, or neither is. * * Returns: - * TRUE 'name1' is a subdomain of 'name2' - * FALSE 'name1' is not a subdomain of 'name2' + * \li TRUE 'name1' is a subdomain of 'name2' + * \li FALSE 'name1' is not a subdomain of 'name2' */ isc_boolean_t dns_name_matcheswildcard(const dns_name_t *name, const dns_name_t *wname); -/* +/*%< * Does 'name' match the wildcard specified in 'wname'? * * Notes: - * name matches the wildcard specified in wname if all labels + * \li name matches the wildcard specified in wname if all labels * following the wildcard in wname are identical to the same number * of labels at the end of name. * - * It makes no sense for one of the names to be relative and the + * \li It makes no sense for one of the names to be relative and the * other absolute. If both names are relative, then to be meaningfully * compared the caller must ensure that they are both relative to the * same domain. * * Requires: - * 'name' is a valid name + * \li 'name' is a valid name * - * dns_name_countlabels(name) > 0 + * \li dns_name_countlabels(name) > 0 * - * 'wname' is a valid name + * \li 'wname' is a valid name * - * dns_name_countlabels(wname) > 0 + * \li dns_name_countlabels(wname) > 0 * - * dns_name_iswildcard(wname) is true + * \li dns_name_iswildcard(wname) is true * - * Either name is absolute and wname is absolute, or neither is. + * \li Either name is absolute and wname is absolute, or neither is. * * Returns: - * TRUE 'name' matches the wildcard specified in 'wname' - * FALSE 'name' does not match the wildcard specified in 'wname' + * \li TRUE 'name' matches the wildcard specified in 'wname' + * \li FALSE 'name' does not match the wildcard specified in 'wname' */ /*** @@ -529,89 +545,91 @@ dns_name_matcheswildcard(const dns_name_t *name, const dns_name_t *wname); unsigned int dns_name_countlabels(const dns_name_t *name); -/* +/*%< * How many labels does 'name' have? * * Notes: - * In this case, as in other places, a 'label' is an ordinary label. + * \li In this case, as in other places, a 'label' is an ordinary label. * * Requires: - * 'name' is a valid name + * \li 'name' is a valid name * * Ensures: - * The result is <= 128. + * \li The result is <= 128. * * Returns: - * The number of labels in 'name'. + * \li The number of labels in 'name'. */ void dns_name_getlabel(const dns_name_t *name, unsigned int n, dns_label_t *label); -/* +/*%< * Make 'label' refer to the 'n'th least significant label of 'name'. * * Notes: - * Numbering starts at 0. + * \li Numbering starts at 0. * - * Given "rc.vix.com.", the label 0 is "rc", and label 3 is the + * \li Given "rc.vix.com.", the label 0 is "rc", and label 3 is the * root label. * - * 'label' refers to the same memory as 'name', so 'name' must not + * \li 'label' refers to the same memory as 'name', so 'name' must not * be changed while 'label' is still in use. * * Requires: - * n < dns_name_countlabels(name) + * \li n < dns_name_countlabels(name) */ void dns_name_getlabelsequence(const dns_name_t *source, unsigned int first, unsigned int n, dns_name_t *target); -/* +/*%< * Make 'target' refer to the 'n' labels including and following 'first' * in 'source'. * * Notes: - * Numbering starts at 0. + * \li Numbering starts at 0. * - * Given "rc.vix.com.", the label 0 is "rc", and label 3 is the + * \li Given "rc.vix.com.", the label 0 is "rc", and label 3 is the * root label. * - * 'target' refers to the same memory as 'source', so 'source' + * \li 'target' refers to the same memory as 'source', so 'source' * must not be changed while 'target' is still in use. * * Requires: - * 'source' and 'target' are valid names. + * \li 'source' and 'target' are valid names. * - * first < dns_name_countlabels(name) + * \li first < dns_name_countlabels(name) * - * first + n <= dns_name_countlabels(name) + * \li first + n <= dns_name_countlabels(name) */ void dns_name_clone(const dns_name_t *source, dns_name_t *target); -/* +/*%< * Make 'target' refer to the same name as 'source'. * * Notes: * - * 'target' refers to the same memory as 'source', so 'source' + * \li 'target' refers to the same memory as 'source', so 'source' * must not be changed while 'target' is still in use. * - * This call is functionally equivalent to: + * \li This call is functionally equivalent to: * + * \code * dns_name_getlabelsequence(source, 0, * dns_name_countlabels(source), * target); + * \endcode * * but is more efficient. Also, dns_name_clone() works even if 'source' * is empty. * * Requires: * - * 'source' is a valid name. + * \li 'source' is a valid name. * - * 'target' is a valid name that is not read-only. + * \li 'target' is a valid name that is not read-only. */ /*** @@ -620,211 +638,210 @@ dns_name_clone(const dns_name_t *source, dns_name_t *target); void dns_name_fromregion(dns_name_t *name, const isc_region_t *r); -/* +/*%< * Make 'name' refer to region 'r'. * * Note: - * If the conversion encounters a root label before the end of the + * \li If the conversion encounters a root label before the end of the * region the conversion stops and the length is set to the length * so far converted. A maximum of 255 bytes is converted. * * Requires: - * The data in 'r' is a sequence of one or more type 00 or type 01000001 + * \li The data in 'r' is a sequence of one or more type 00 or type 01000001 * labels. */ void dns_name_toregion(dns_name_t *name, isc_region_t *r); -/* +/*%< * Make 'r' refer to 'name'. * * Requires: * - * 'name' is a valid name. + * \li 'name' is a valid name. * - * 'r' is a valid region. + * \li 'r' is a valid region. */ isc_result_t dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, dns_decompress_t *dctx, unsigned int options, isc_buffer_t *target); -/* +/*%< * Copy the possibly-compressed name at source (active region) into target, * decompressing it. * * Notes: - * Decompression policy is controlled by 'dctx'. + * \li Decompression policy is controlled by 'dctx'. * - * If DNS_NAME_DOWNCASE is set, any uppercase letters in 'source' will be + * \li If DNS_NAME_DOWNCASE is set, any uppercase letters in 'source' will be * downcased when they are copied into 'target'. * * Security: * - * *** WARNING *** + * \li *** WARNING *** * - * This routine will often be used when 'source' contains raw network + * \li This routine will often be used when 'source' contains raw network * data. A programming error in this routine could result in a denial * of service, or in the hijacking of the server. * * Requires: * - * 'name' is a valid name. + * \li 'name' is a valid name. * - * 'source' is a valid buffer and the first byte of the active + * \li 'source' is a valid buffer and the first byte of the active * region should be the first byte of a DNS wire format domain name. * - * 'target' is a valid buffer or 'target' is NULL and 'name' has + * \li 'target' is a valid buffer or 'target' is NULL and 'name' has * a dedicated buffer. * - * 'dctx' is a valid decompression context. + * \li 'dctx' is a valid decompression context. * * Ensures: * * If result is success: - * If 'target' is not NULL, 'name' is attached to it. + * \li If 'target' is not NULL, 'name' is attached to it. * - * Uppercase letters are downcased in the copy iff + * \li Uppercase letters are downcased in the copy iff * DNS_NAME_DOWNCASE is set in options. * - * The current location in source is advanced, and the used space + * \li The current location in source is advanced, and the used space * in target is updated. * * Result: - * Success - * Bad Form: Label Length - * Bad Form: Unknown Label Type - * Bad Form: Name Length - * Bad Form: Compression type not allowed - * Bad Form: Bad compression pointer - * Bad Form: Input too short - * Resource Limit: Too many compression pointers - * Resource Limit: Not enough space in buffer + * \li Success + * \li Bad Form: Label Length + * \li Bad Form: Unknown Label Type + * \li Bad Form: Name Length + * \li Bad Form: Compression type not allowed + * \li Bad Form: Bad compression pointer + * \li Bad Form: Input too short + * \li Resource Limit: Too many compression pointers + * \li Resource Limit: Not enough space in buffer */ isc_result_t dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, isc_buffer_t *target); -/* +/*%< * Convert 'name' into wire format, compressing it as specified by the * compression context 'cctx', and storing the result in 'target'. * * Notes: - * If the compression context allows global compression, then the + * \li If the compression context allows global compression, then the * global compression table may be updated. * * Requires: - * 'name' is a valid name + * \li 'name' is a valid name * - * dns_name_countlabels(name) > 0 + * \li dns_name_countlabels(name) > 0 * - * dns_name_isabsolute(name) == TRUE + * \li dns_name_isabsolute(name) == TRUE * - * target is a valid buffer. + * \li target is a valid buffer. * - * Any offsets specified in a global compression table are valid + * \li Any offsets specified in a global compression table are valid * for buffer. * * Ensures: * * If the result is success: * - * The used space in target is updated. + * \li The used space in target is updated. * * Returns: - * Success - * Resource Limit: Not enough space in buffer + * \li Success + * \li Resource Limit: Not enough space in buffer */ isc_result_t dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, dns_name_t *origin, unsigned int options, isc_buffer_t *target); -/* +/*%< * Convert the textual representation of a DNS name at source * into uncompressed wire form stored in target. * * Notes: - * Relative domain names will have 'origin' appended to them + * \li Relative domain names will have 'origin' appended to them * unless 'origin' is NULL, in which case relative domain names * will remain relative. * - * If DNS_NAME_DOWNCASE is set in 'options', any uppercase letters + * \li If DNS_NAME_DOWNCASE is set in 'options', any uppercase letters * in 'source' will be downcased when they are copied into 'target'. * * Requires: * - * 'name' is a valid name. + * \li 'name' is a valid name. * - * 'source' is a valid buffer. + * \li 'source' is a valid buffer. * - * 'target' is a valid buffer or 'target' is NULL and 'name' has + * \li 'target' is a valid buffer or 'target' is NULL and 'name' has * a dedicated buffer. * * Ensures: * * If result is success: - * If 'target' is not NULL, 'name' is attached to it. + * \li If 'target' is not NULL, 'name' is attached to it. * - * Uppercase letters are downcased in the copy iff + * \li Uppercase letters are downcased in the copy iff * DNS_NAME_DOWNCASE is set in 'options'. * - * The current location in source is advanced, and the used space + * \li The current location in source is advanced, and the used space * in target is updated. * * Result: - * ISC_R_SUCCESS - * DNS_R_EMPTYLABEL - * DNS_R_LABELTOOLONG - * DNS_R_BADESCAPE - * (DNS_R_BADBITSTRING: should not be returned) - * (DNS_R_BITSTRINGTOOLONG: should not be returned) - * DNS_R_BADDOTTEDQUAD - * ISC_R_NOSPACE - * ISC_R_UNEXPECTEDEND + *\li #ISC_R_SUCCESS + *\li #DNS_R_EMPTYLABEL + *\li #DNS_R_LABELTOOLONG + *\li #DNS_R_BADESCAPE + *\li (#DNS_R_BADBITSTRING: should not be returned) + *\li (#DNS_R_BITSTRINGTOOLONG: should not be returned) + *\li #DNS_R_BADDOTTEDQUAD + *\li #ISC_R_NOSPACE + *\li #ISC_R_UNEXPECTEDEND */ isc_result_t dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, isc_buffer_t *target); -/* +/*%< * Convert 'name' into text format, storing the result in 'target'. * * Notes: - * If 'omit_final_dot' is true, then the final '.' in absolute + *\li If 'omit_final_dot' is true, then the final '.' in absolute * names other than the root name will be omitted. * - * If dns_name_countlabels == 0, the name will be "@", representing the - * current origin as described by RFC 1035. + *\li If dns_name_countlabels == 0, the name will be "@", representing the + * current origin as described by RFC1035. * - * The name is not NUL terminated. + *\li The name is not NUL terminated. * * Requires: * - * 'name' is a valid name + *\li 'name' is a valid name * - * 'target' is a valid buffer. + *\li 'target' is a valid buffer. * - * if dns_name_isabsolute == FALSE, then omit_final_dot == FALSE + *\li if dns_name_isabsolute == FALSE, then omit_final_dot == FALSE * * Ensures: * - * If the result is success: - * - * The used space in target is updated. + *\li If the result is success: + * the used space in target is updated. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE */ #define DNS_NAME_MAXTEXT 1023 -/* +/*%< * The maximum length of the text representation of a domain * name as generated by dns_name_totext(). This does not * include space for a terminating NULL. * - * This definition is conservative - the actual maximum + * This definition is conservative - the actual maximum * is 1004, derived as follows: * * A backslash-decimal escaped character takes 4 bytes. @@ -844,56 +861,53 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, isc_result_t dns_name_tofilenametext(dns_name_t *name, isc_boolean_t omit_final_dot, isc_buffer_t *target); -/* +/*%< * Convert 'name' into an alternate text format appropriate for filenames, * storing the result in 'target'. The name data is downcased, guaranteeing * that the filename does not depend on the case of the converted name. * * Notes: - * If 'omit_final_dot' is true, then the final '.' in absolute + *\li If 'omit_final_dot' is true, then the final '.' in absolute * names other than the root name will be omitted. * - * The name is not NUL terminated. + *\li The name is not NUL terminated. * * Requires: * - * 'name' is a valid absolute name + *\li 'name' is a valid absolute name * - * 'target' is a valid buffer. + *\li 'target' is a valid buffer. * * Ensures: * - * If the result is success: - * - * The used space in target is updated. + *\li If the result is success: + * the used space in target is updated. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE */ isc_result_t dns_name_downcase(dns_name_t *source, dns_name_t *name, isc_buffer_t *target); -/* +/*%< * Downcase 'source'. * * Requires: * - * 'source' and 'name' are valid names. - * - * If source == name, then + *\li 'source' and 'name' are valid names. * + *\li If source == name, then * 'source' must not be read-only * - * Otherwise, - * + *\li Otherwise, * 'target' is a valid buffer or 'target' is NULL and * 'name' has a dedicated buffer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE * * Note: if source == name, then the result will always be ISC_R_SUCCESS. */ @@ -901,199 +915,198 @@ dns_name_downcase(dns_name_t *source, dns_name_t *name, isc_result_t dns_name_concatenate(dns_name_t *prefix, dns_name_t *suffix, dns_name_t *name, isc_buffer_t *target); -/* +/*%< * Concatenate 'prefix' and 'suffix'. * * Requires: * - * 'prefix' is a valid name or NULL. + *\li 'prefix' is a valid name or NULL. * - * 'suffix' is a valid name or NULL. + *\li 'suffix' is a valid name or NULL. * - * 'name' is a valid name or NULL. + *\li 'name' is a valid name or NULL. * - * 'target' is a valid buffer or 'target' is NULL and 'name' has + *\li 'target' is a valid buffer or 'target' is NULL and 'name' has * a dedicated buffer. * - * If 'prefix' is absolute, 'suffix' must be NULL or the empty name. + *\li If 'prefix' is absolute, 'suffix' must be NULL or the empty name. * * Ensures: * - * On success, + *\li On success, * If 'target' is not NULL and 'name' is not NULL, then 'name' * is attached to it. - * * The used space in target is updated. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE - * DNS_R_NAMETOOLONG + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE + *\li #DNS_R_NAMETOOLONG */ void dns_name_split(dns_name_t *name, unsigned int suffixlabels, dns_name_t *prefix, dns_name_t *suffix); -/* +/*%< * * Split 'name' into two pieces on a label boundary. * * Notes: - * 'name' is split such that 'suffix' holds the most significant - * 'suffixlabels' labels. All other labels are stored in 'prefix'. + * \li 'name' is split such that 'suffix' holds the most significant + * 'suffixlabels' labels. All other labels are stored in 'prefix'. * - * Copying name data is avoided as much as possible, so 'prefix' + *\li Copying name data is avoided as much as possible, so 'prefix' * and 'suffix' will end up pointing at the data for 'name'. * - * It is legitimate to pass a 'prefix' or 'suffix' that has + *\li It is legitimate to pass a 'prefix' or 'suffix' that has * its name data stored someplace other than the dedicated buffer. * This is useful to avoid name copying in the calling function. * - * It is also legitimate to pass a 'prefix' or 'suffix' that is + *\li It is also legitimate to pass a 'prefix' or 'suffix' that is * the same dns_name_t as 'name'. * * Requires: - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'suffixlabels' cannot exceed the number of labels in 'name'. + *\li 'suffixlabels' cannot exceed the number of labels in 'name'. * - * 'prefix' is a valid name or NULL, and cannot be read-only. + * \li 'prefix' is a valid name or NULL, and cannot be read-only. * - * 'suffix' is a valid name or NULL, and cannot be read-only. + *\li 'suffix' is a valid name or NULL, and cannot be read-only. * - * If non-NULL, 'prefix' and 'suffix' must have dedicated buffers. + *\li If non-NULL, 'prefix' and 'suffix' must have dedicated buffers. * - * 'prefix' and 'suffix' cannot point to the same buffer. + *\li 'prefix' and 'suffix' cannot point to the same buffer. * * Ensures: * - * On success: + *\li On success: * If 'prefix' is not NULL it will contain the least significant * labels. - * * If 'suffix' is not NULL it will contain the most significant * labels. dns_name_countlabels(suffix) will be equal to * suffixlabels. * - * On failure: + *\li On failure: * Either 'prefix' or 'suffix' is invalidated (depending * on which one the problem was encountered with). * * Returns: - * ISC_R_SUCCESS No worries. (This function should always success). + *\li #ISC_R_SUCCESS No worries. (This function should always success). */ isc_result_t -dns_name_dup(const dns_name_t *source, isc_mem_t *mctx, dns_name_t *target); -/* +dns_name_dup(const dns_name_t *source, isc_mem_t *mctx, + dns_name_t *target); +/*%< * Make 'target' a dynamically allocated copy of 'source'. * * Requires: * - * 'source' is a valid non-empty name. + *\li 'source' is a valid non-empty name. * - * 'target' is a valid name that is not read-only. + *\li 'target' is a valid name that is not read-only. * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. */ isc_result_t dns_name_dupwithoffsets(dns_name_t *source, isc_mem_t *mctx, dns_name_t *target); -/* +/*%< * Make 'target' a read-only dynamically allocated copy of 'source'. * 'target' will also have a dynamically allocated offsets table. * * Requires: * - * 'source' is a valid non-empty name. + *\li 'source' is a valid non-empty name. * - * 'target' is a valid name that is not read-only. + *\li 'target' is a valid name that is not read-only. * - * 'target' has no offsets table. + *\li 'target' has no offsets table. * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. */ void dns_name_free(dns_name_t *name, isc_mem_t *mctx); -/* +/*%< * Free 'name'. * * Requires: * - * 'name' is a valid name created previously in 'mctx' by dns_name_dup(). + *\li 'name' is a valid name created previously in 'mctx' by dns_name_dup(). * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * * Ensures: * - * All dynamic resources used by 'name' are freed and the name is + *\li All dynamic resources used by 'name' are freed and the name is * invalidated. */ isc_result_t dns_name_digest(dns_name_t *name, dns_digestfunc_t digest, void *arg); -/* +/*%< * Send 'name' in DNSSEC canonical form to 'digest'. * * Requires: * - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'digest' is a valid dns_digestfunc_t. + *\li 'digest' is a valid dns_digestfunc_t. * * Ensures: * - * If successful, the DNSSEC canonical form of 'name' will have been + *\li If successful, the DNSSEC canonical form of 'name' will have been * sent to 'digest'. * - * If digest() returns something other than ISC_R_SUCCESS, that result + *\li If digest() returns something other than ISC_R_SUCCESS, that result * will be returned as the result of dns_name_digest(). * * Returns: * - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * - * Many other results are possible if not successful. + *\li Many other results are possible if not successful. * */ isc_boolean_t dns_name_dynamic(dns_name_t *name); -/* +/*%< * Returns whether there is dynamic memory associated with this name. * * Requires: * - * 'name' is a valid name. + *\li 'name' is a valid name. * * Returns: * - * 'ISC_TRUE' if the name is dynamic othewise 'ISC_FALSE'. + *\li 'ISC_TRUE' if the name is dynamic otherwise 'ISC_FALSE'. */ isc_result_t dns_name_print(dns_name_t *name, FILE *stream); -/* +/*%< * Print 'name' on 'stream'. * * Requires: * - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'stream' is a valid stream. + *\li 'stream' is a valid stream. * * Returns: * - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * - * Any error that dns_name_totext() can return. + *\li Any error that dns_name_totext() can return. */ void dns_name_format(dns_name_t *name, char *cp, unsigned int size); -/* +/*%< * Format 'name' as text appropriate for use in log messages. * * Store the formatted name at 'cp', writing no more than @@ -1108,47 +1121,63 @@ dns_name_format(dns_name_t *name, char *cp, unsigned int size); * * Requires: * - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'cp' points a valid character array of size 'size'. + *\li 'cp' points a valid character array of size 'size'. * - * 'size' > 0. + *\li 'size' > 0. * */ +isc_result_t +dns_name_settotextfilter(dns_name_totextfilter_t proc); +/*%< + * Set / clear a thread specific function 'proc' to be called at the + * end of dns_name_totext(). + * + * Note: Under Windows you need to call "dns_name_settotextfilter(NULL);" + * prior to exiting the thread otherwise memory will be leaked. + * For other platforms, which are pthreads based, this is still a good + * idea but not required. + * + * Returns + *\li #ISC_R_SUCCESS + *\li #ISC_R_UNEXPECTED + */ + #define DNS_NAME_FORMATSIZE (DNS_NAME_MAXTEXT + 1) -/* +/*%< * Suggested size of buffer passed to dns_name_format(). * Includes space for the terminating NULL. */ isc_result_t dns_name_copy(dns_name_t *source, dns_name_t *dest, isc_buffer_t *target); -/* +/*%< * Makes 'dest' refer to a copy of the name in 'source'. The data are * either copied to 'target' or the dedicated buffer in 'dest'. * * Requires: - * 'source' is a valid name. + * \li 'source' is a valid name. * - * 'dest' is an initialized name with a dedicated buffer. + * \li 'dest' is an initialized name with a dedicated buffer. * - * 'target' is NULL or an initialized buffer. + * \li 'target' is NULL or an initialized buffer. * - * Either dest has a dedicated buffer or target != NULL. + * \li Either dest has a dedicated buffer or target != NULL. * * Ensures: * - * On success, the used space in target is updated. + *\li On success, the used space in target is updated. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE */ isc_boolean_t dns_name_ishostname(const dns_name_t *name, isc_boolean_t wildcard); -/* +/*%< * Return if 'name' is a valid hostname. RFC 952 / RFC 1123. * If 'wildcard' is ISC_TRUE then allow the first label of name to * be a wildcard. @@ -1157,21 +1186,42 @@ dns_name_ishostname(const dns_name_t *name, isc_boolean_t wildcard); * Requires: * 'name' to be valid. */ - + isc_boolean_t dns_name_ismailbox(const dns_name_t *name); -/* +/*%< * Return if 'name' is a valid mailbox. RFC 821. * * Requires: - * 'name' to be valid. + * \li 'name' to be valid. + */ + +isc_boolean_t +dns_name_internalwildcard(const dns_name_t *name); +/*%< + * Return if 'name' contains a internal wildcard name. + * + * Requires: + * \li 'name' to be valid. + */ + +void +dns_name_destroy(void); +/*%< + * Cleanup dns_name_settotextfilter() / dns_name_totext() state. + * + * This should be called as part of the final cleanup process. + * + * Note: dns_name_settotextfilter(NULL); should be called for all + * threads which have called dns_name_settotextfilter() with a + * non-NULL argument prior to calling dns_name_destroy(); */ ISC_LANG_ENDDECLS -/*** - *** High Peformance Macros +/* + *** High Performance Macros ***/ /* diff --git a/contrib/bind-9.3/lib/dns/include/dns/ncache.h b/contrib/bind-9.5.2/lib/dns/include/dns/ncache.h similarity index 62% rename from contrib/bind-9.3/lib/dns/include/dns/ncache.h rename to contrib/bind-9.5.2/lib/dns/include/dns/ncache.h index 6bf6003718..db55ed68a5 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/ncache.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/ncache.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.h,v 1.12.12.5 2004/03/08 09:04:37 marka Exp $ */ +/* $Id: ncache.h,v 1.23 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_NCACHE_H #define DNS_NCACHE_H 1 @@ -24,25 +24,26 @@ ***** Module Info *****/ -/* +/*! \file dns/ncache.h + *\brief * DNS Ncache * - * XXX XXX + * XXX TBS XXX * * MP: - * The caller must ensure any required synchronization. + *\li The caller must ensure any required synchronization. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * RFC 2308 + *\li RFC2308 */ #include @@ -52,7 +53,7 @@ ISC_LANG_BEGINDECLS -/* +/*% * _OMITDNSSEC: * Omit DNSSEC records when rendering. */ @@ -62,7 +63,7 @@ isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, dns_rdataset_t *addedrdataset); -/* +/*%< * Convert the authority data from 'message' into a negative cache * rdataset, and store it in 'cache' at 'node' with a TTL limited to * 'maxttl'. @@ -71,21 +72,21 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, * or dns_rdatatype_any when caching a NXDOMAIN response. * * Note: - * If 'addedrdataset' is not NULL, then it will be attached to the added + *\li If 'addedrdataset' is not NULL, then it will be attached to the added * rdataset. See dns_db_addrdataset() for more details. * * Requires: - * 'message' is a valid message with a properly formatting negative cache + *\li 'message' is a valid message with a properly formatting negative cache * authority section. * - * The requirements of dns_db_addrdataset() apply to 'cache', 'node', + *\li The requirements of dns_db_addrdataset() apply to 'cache', 'node', * 'now', and 'addedrdataset'. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE * - * Any result code of dns_db_addrdataset() is a possible result code + *\li Any result code of dns_db_addrdataset() is a possible result code * of dns_ncache_add(). */ @@ -93,63 +94,63 @@ isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, isc_buffer_t *target, unsigned int options, unsigned int *countp); -/* +/*%< * Convert the negative caching rdataset 'rdataset' to wire format, * compressing names as specified in 'cctx', and storing the result in * 'target'. If 'omit_dnssec' is set, DNSSEC records will not * be added to 'target'. * * Notes: - * The number of RRs added to target will be added to *countp. + *\li The number of RRs added to target will be added to *countp. * * Requires: - * 'rdataset' is a valid negative caching rdataset. + *\li 'rdataset' is a valid negative caching rdataset. * - * 'rdataset' is not empty. + *\li 'rdataset' is not empty. * - * 'countp' is a valid pointer. + *\li 'countp' is a valid pointer. * * Ensures: - * On a return of ISC_R_SUCCESS, 'target' contains a wire format + *\li On a return of ISC_R_SUCCESS, 'target' contains a wire format * for the data contained in 'rdataset'. Any error return leaves * the buffer unchanged. * - * *countp has been incremented by the number of RRs added to + *\li *countp has been incremented by the number of RRs added to * target. * * Returns: - * ISC_R_SUCCESS - all ok - * ISC_R_NOSPACE - 'target' doesn't have enough room + *\li #ISC_R_SUCCESS - all ok + *\li #ISC_R_NOSPACE - 'target' doesn't have enough room * - * Any error returned by dns_rdata_towire(), dns_rdataset_next(), + *\li Any error returned by dns_rdata_towire(), dns_rdataset_next(), * dns_name_towire(). */ isc_result_t dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, dns_rdatatype_t type, dns_rdataset_t *rdataset); -/* +/*%< * Search the negative caching rdataset for an rdataset with the * specified name and type. * * Requires: - * 'ncacherdataset' is a valid negative caching rdataset. + *\li 'ncacherdataset' is a valid negative caching rdataset. * - * 'ncacherdataset' is not empty. + *\li 'ncacherdataset' is not empty. * - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'type' is not SIG, or a meta-RR type. + *\li 'type' is not SIG, or a meta-RR type. * - * 'rdataset' is a valid disassociated rdataset. + *\li 'rdataset' is a valid disassociated rdataset. * * Ensures: - * On a return of ISC_R_SUCCESS, 'rdataset' is bound to the found + *\li On a return of ISC_R_SUCCESS, 'rdataset' is bound to the found * rdataset. * * Returns: - * ISC_R_SUCCESS - the rdataset was found. - * ISC_R_NOTFOUND - the rdataset was not found. + *\li #ISC_R_SUCCESS - the rdataset was found. + *\li #ISC_R_NOTFOUND - the rdataset was not found. * */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/nsec.h b/contrib/bind-9.5.2/lib/dns/include/dns/nsec.h similarity index 77% rename from contrib/bind-9.3/lib/dns/include/dns/nsec.h rename to contrib/bind-9.5.2/lib/dns/include/dns/nsec.h index 68a5833699..e6d7973e9a 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/nsec.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/nsec.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec.h,v 1.4.2.1 2004/03/08 02:08:00 marka Exp $ */ +/* $Id: nsec.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_NSEC_H #define DNS_NSEC_H 1 +/*! \file dns/nsec.h */ + #include #include @@ -33,33 +35,33 @@ isc_result_t dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_name_t *target, unsigned char *buffer, dns_rdata_t *rdata); -/* +/*%< * Build the rdata of a NSEC record. * * Requires: - * buffer Points to a temporary buffer of at least + *\li buffer Points to a temporary buffer of at least * DNS_NSEC_BUFFERSIZE bytes. - * rdata Points to an initialized dns_rdata_t. + *\li rdata Points to an initialized dns_rdata_t. * * Ensures: - * *rdata Contains a valid NSEC rdata. The 'data' member refers + * \li *rdata Contains a valid NSEC rdata. The 'data' member refers * to 'buffer'. */ isc_result_t dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, dns_name_t *target, dns_ttl_t ttl); -/* +/*%< * Build a NSEC record and add it to a database. */ isc_boolean_t dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type); -/* +/*%< * Determine if a type is marked as present in an NSEC record. * * Requires: - * 'nsec' points to a valid rdataset of type NSEC + *\li 'nsec' points to a valid rdataset of type NSEC */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/opcode.h b/contrib/bind-9.5.2/lib/dns/include/dns/opcode.h similarity index 72% rename from contrib/bind-9.3/lib/dns/include/dns/opcode.h rename to contrib/bind-9.5.2/lib/dns/include/dns/opcode.h index 4d656b8250..368b2b2c24 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/opcode.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/opcode.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: opcode.h,v 1.1.200.3 2004/03/08 09:04:37 marka Exp $ */ +/* $Id: opcode.h,v 1.8 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_OPCODE_H #define DNS_OPCODE_H 1 +/*! \file dns/opcode.h */ + #include #include @@ -27,21 +29,21 @@ ISC_LANG_BEGINDECLS isc_result_t dns_opcode_totext(dns_opcode_t opcode, isc_buffer_t *target); -/* +/*%< * Put a textual representation of error 'opcode' into 'target'. * * Requires: - * 'opcode' is a valid opcode. + *\li 'opcode' is a valid opcode. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * * Ensures: - * If the result is success: + *\li If the result is success: * The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/order.h b/contrib/bind-9.5.2/lib/dns/include/dns/order.h similarity index 69% rename from contrib/bind-9.3/lib/dns/include/dns/order.h rename to contrib/bind-9.5.2/lib/dns/include/dns/order.h index e28e3ca6ed..85663c37cb 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/order.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/order.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: order.h,v 1.2.202.3 2004/03/08 09:04:37 marka Exp $ */ +/* $Id: order.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ORDER_H #define DNS_ORDER_H 1 +/*! \file dns/order.h */ + #include #include @@ -29,67 +31,67 @@ ISC_LANG_BEGINDECLS isc_result_t dns_order_create(isc_mem_t *mctx, dns_order_t **orderp); -/* +/*%< * Create a order object. * * Requires: - * 'orderp' to be non NULL and '*orderp == NULL'. - * 'mctx' to be valid. + * \li 'orderp' to be non NULL and '*orderp == NULL'. + *\li 'mctx' to be valid. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li ISC_R_SUCCESS + *\li ISC_R_NOMEMORY */ isc_result_t dns_order_add(dns_order_t *order, dns_name_t *name, dns_rdatatype_t rdtype, dns_rdataclass_t rdclass, unsigned int mode); -/* +/*%< * Add a entry to the end of the order list. * * Requires: - * 'order' to be valid. - * 'name' to be valid. - * 'mode' to be one of DNS_RDATASERATTR_RANDOMIZE, - * DNS_RDATASERATTR_RANDOMIZE or zero (DNS_RDATASERATTR_CYCLIC). + * \li 'order' to be valid. + *\li 'name' to be valid. + *\li 'mode' to be one of #DNS_RDATASERATTR_RANDOMIZE, + * #DNS_RDATASERATTR_RANDOMIZE or zero (#DNS_RDATASERATTR_CYCLIC). * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ unsigned int dns_order_find(dns_order_t *order, dns_name_t *name, dns_rdatatype_t rdtype, dns_rdataclass_t rdclass); -/* +/*%< * Find the first matching entry on the list. * * Requires: - * 'order' to be valid. - * 'name' to be valid. + *\li 'order' to be valid. + *\li 'name' to be valid. * * Returns the mode set by dns_order_add() or zero. */ void dns_order_attach(dns_order_t *source, dns_order_t **target); -/* +/*%< * Attach to the 'source' object. * * Requires: - * 'source' to be valid. - * 'target' to be non NULL and '*target == NULL'. + * \li 'source' to be valid. + *\li 'target' to be non NULL and '*target == NULL'. */ void dns_order_detach(dns_order_t **orderp); -/* +/*%< * Detach from the object. Clean up if last this was the last * reference. * * Requires: - * '*orderp' to be valid. + *\li '*orderp' to be valid. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/peer.h b/contrib/bind-9.5.2/lib/dns/include/dns/peer.h similarity index 74% rename from contrib/bind-9.3/lib/dns/include/dns/peer.h rename to contrib/bind-9.5.2/lib/dns/include/dns/peer.h index 90329646c7..27d67c37b8 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/peer.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/peer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: peer.h,v 1.16.2.1.10.5 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: peer.h,v 1.31.128.4 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_PEER_H #define DNS_PEER_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/peer.h + * \brief * Data structures for peers (e.g. a 'server' config file statement) */ @@ -64,6 +65,7 @@ struct dns_peer { isc_mem_t *mem; isc_netaddr_t address; + unsigned int prefixlen; isc_boolean_t bogus; dns_transfer_format_t transfer_format; isc_uint32_t transfers; @@ -71,8 +73,13 @@ struct dns_peer { isc_boolean_t provide_ixfr; isc_boolean_t request_ixfr; isc_boolean_t support_edns; + isc_boolean_t request_nsid; dns_name_t *key; isc_sockaddr_t *transfer_source; + isc_sockaddr_t *notify_source; + isc_sockaddr_t *query_source; + isc_uint16_t udpsize; /* receive size */ + isc_uint16_t maxudp; /* transmit size */ isc_uint32_t bitflags; @@ -115,6 +122,10 @@ dns_peerlist_currpeer(dns_peerlist_t *peers, dns_peer_t **retval); isc_result_t dns_peer_new(isc_mem_t *mem, isc_netaddr_t *ipaddr, dns_peer_t **peer); +isc_result_t +dns_peer_newprefix(isc_mem_t *mem, isc_netaddr_t *ipaddr, + unsigned int prefixlen, dns_peer_t **peer); + void dns_peer_attach(dns_peer_t *source, dns_peer_t **target); @@ -139,6 +150,12 @@ dns_peer_setprovideixfr(dns_peer_t *peer, isc_boolean_t newval); isc_result_t dns_peer_getprovideixfr(dns_peer_t *peer, isc_boolean_t *retval); +isc_result_t +dns_peer_setrequestnsid(dns_peer_t *peer, isc_boolean_t newval); + +isc_result_t +dns_peer_getrequestnsid(dns_peer_t *peer, isc_boolean_t *retval); + isc_result_t dns_peer_setsupportedns(dns_peer_t *peer, isc_boolean_t newval); @@ -173,6 +190,30 @@ dns_peer_settransfersource(dns_peer_t *peer, isc_result_t dns_peer_gettransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source); +isc_result_t +dns_peer_setudpsize(dns_peer_t *peer, isc_uint16_t udpsize); + +isc_result_t +dns_peer_getudpsize(dns_peer_t *peer, isc_uint16_t *udpsize); + +isc_result_t +dns_peer_setmaxudp(dns_peer_t *peer, isc_uint16_t maxudp); + +isc_result_t +dns_peer_getmaxudp(dns_peer_t *peer, isc_uint16_t *maxudp); + +isc_result_t +dns_peer_setnotifysource(dns_peer_t *peer, const isc_sockaddr_t *notify_source); + +isc_result_t +dns_peer_getnotifysource(dns_peer_t *peer, isc_sockaddr_t *notify_source); + +isc_result_t +dns_peer_setquerysource(dns_peer_t *peer, const isc_sockaddr_t *query_source); + +isc_result_t +dns_peer_getquerysource(dns_peer_t *peer, isc_sockaddr_t *query_source); + ISC_LANG_ENDDECLS #endif /* DNS_PEER_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/portlist.h b/contrib/bind-9.5.2/lib/dns/include/dns/portlist.h similarity index 66% rename from contrib/bind-9.3/lib/dns/include/dns/portlist.h rename to contrib/bind-9.5.2/lib/dns/include/dns/portlist.h index ea672a918b..f76731aa76 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/portlist.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/portlist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: portlist.h,v 1.2.84.2 2004/03/06 08:13:58 marka Exp $ */ +/* $Id: portlist.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file dns/portlist.h */ #include #include @@ -27,73 +29,73 @@ ISC_LANG_BEGINDECLS isc_result_t dns_portlist_create(isc_mem_t *mctx, dns_portlist_t **portlistp); -/* +/*%< * Create a port list. * * Requires: - * 'mctx' to be valid. - * 'portlistp' to be non NULL and '*portlistp' to be NULL; + *\li 'mctx' to be valid. + *\li 'portlistp' to be non NULL and '*portlistp' to be NULL; * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED */ isc_result_t dns_portlist_add(dns_portlist_t *portlist, int af, in_port_t port); -/* +/*%< * Add the given tuple to the portlist. * * Requires: - * 'portlist' to be valid. - * 'af' to be AF_INET or AF_INET6 + *\li 'portlist' to be valid. + *\li 'af' to be AF_INET or AF_INET6 * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ void dns_portlist_remove(dns_portlist_t *portlist, int af, in_port_t port); -/* +/*%< * Remove the given tuple to the portlist. * * Requires: - * 'portlist' to be valid. - * 'af' to be AF_INET or AF_INET6 + *\li 'portlist' to be valid. + *\li 'af' to be AF_INET or AF_INET6 */ isc_boolean_t dns_portlist_match(dns_portlist_t *portlist, int af, in_port_t port); -/* +/*%< * Find the given tuple to the portlist. * * Requires: - * 'portlist' to be valid. - * 'af' to be AF_INET or AF_INET6 + *\li 'portlist' to be valid. + *\li 'af' to be AF_INET or AF_INET6 * * Returns - * ISC_TRUE if the tuple is found, ISC_FALSE otherwise. + * \li #ISC_TRUE if the tuple is found, ISC_FALSE otherwise. */ void dns_portlist_attach(dns_portlist_t *portlist, dns_portlist_t **portlistp); -/* +/*%< * Attach to a port list. * * Requires: - * 'portlist' to be valid. - * 'portlistp' to be non NULL and '*portlistp' to be NULL; + *\li 'portlist' to be valid. + *\li 'portlistp' to be non NULL and '*portlistp' to be NULL; */ void dns_portlist_detach(dns_portlist_t **portlistp); -/* +/*%< * Detach from a port list. * * Requires: - * '*portlistp' to be valid. + *\li '*portlistp' to be valid. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/rbt.h b/contrib/bind-9.5.2/lib/dns/include/dns/rbt.h new file mode 100644 index 0000000000..e9e6c4dd2d --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rbt.h @@ -0,0 +1,925 @@ +/* + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: rbt.h,v 1.69.36.2 2009/01/19 23:47:03 tbox Exp $ */ + +#ifndef DNS_RBT_H +#define DNS_RBT_H 1 + +/*! \file dns/rbt.h */ + +#include +#include +#include + +#include + +ISC_LANG_BEGINDECLS + +#define DNS_RBT_USEHASH 1 + +/*@{*/ +/*% + * Option values for dns_rbt_findnode() and dns_rbt_findname(). + * These are used to form a bitmask. + */ +#define DNS_RBTFIND_NOOPTIONS 0x00 +#define DNS_RBTFIND_EMPTYDATA 0x01 +#define DNS_RBTFIND_NOEXACT 0x02 +#define DNS_RBTFIND_NOPREDECESSOR 0x04 +/*@}*/ + +#ifndef DNS_RBT_USEISCREFCOUNT +#ifdef ISC_REFCOUNT_HAVEATOMIC +#define DNS_RBT_USEISCREFCOUNT 1 +#endif +#endif + +/* + * These should add up to 30. + */ +#define DNS_RBT_LOCKLENGTH 10 +#define DNS_RBT_REFLENGTH 20 + +#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O') +#if DNS_RBT_USEMAGIC +#define DNS_RBTNODE_VALID(n) ISC_MAGIC_VALID(n, DNS_RBTNODE_MAGIC) +#else +#define DNS_RBTNODE_VALID(n) ISC_TRUE +#endif + +/*% + * This is the structure that is used for each node in the red/black + * tree of trees. NOTE WELL: the implementation manages this as a variable + * length structure, with the actual wire-format name and other data + * appended to this structure. Allocating a contiguous block of memory for + * multiple dns_rbtnode structures will not work. + */ +typedef struct dns_rbtnode dns_rbtnode_t; +struct dns_rbtnode { +#if DNS_RBT_USEMAGIC + unsigned int magic; +#endif + dns_rbtnode_t *parent; + dns_rbtnode_t *left; + dns_rbtnode_t *right; + dns_rbtnode_t *down; +#ifdef DNS_RBT_USEHASH + dns_rbtnode_t *hashnext; +#endif + + /*% + * Used for LRU cache. This linked list is used to mark nodes which + * have no data any longer, but we cannot unlink at that exact moment + * because we did not or could not obtain a write lock on the tree. + */ + ISC_LINK(dns_rbtnode_t) deadlink; + + /*@{*/ + /*! + * The following bitfields add up to a total bitwidth of 32. + * The range of values necessary for each item is indicated, + * but in the case of "attributes" the field is wider to accommodate + * possible future expansion. "offsetlen" could be one bit + * narrower by always adjusting its value by 1 to find the real + * offsetlen, but doing so does not gain anything (except perhaps + * another bit for "attributes", which doesn't yet need any more). + * + * In each case below the "range" indicated is what's _necessary_ for + * the bitfield to hold, not what it actually _can_ hold. + */ + unsigned int is_root : 1; /*%< range is 0..1 */ + unsigned int color : 1; /*%< range is 0..1 */ + unsigned int find_callback : 1; /*%< range is 0..1 */ + unsigned int attributes : 4; /*%< range is 0..2 */ + unsigned int namelen : 8; /*%< range is 1..255 */ + unsigned int offsetlen : 8; /*%< range is 1..128 */ + unsigned int padbytes : 9; /*%< range is 0..380 */ + /*@}*/ + +#ifdef DNS_RBT_USEHASH + unsigned int hashval; +#endif + + /*@{*/ + /*! + * These values are used in the RBT DB implementation. The appropriate + * node lock must be held before accessing them. + */ + void *data; + unsigned int dirty:1; + unsigned int wild:1; + unsigned int locknum:DNS_RBT_LOCKLENGTH; +#ifndef DNS_RBT_USEISCREFCOUNT + unsigned int references:DNS_RBT_REFLENGTH; +#else + isc_refcount_t references; /* note that this is not in the bitfield */ +#endif + /*@}*/ +}; + +typedef isc_result_t (*dns_rbtfindcallback_t)(dns_rbtnode_t *node, + dns_name_t *name, + void *callback_arg); + +/***** + ***** Chain Info + *****/ + +/*! + * A chain is used to keep track of the sequence of nodes to reach any given + * node from the root of the tree. Originally nodes did not have parent + * pointers in them (for memory usage reasons) so there was no way to find + * the path back to the root from any given node. Now that nodes have parent + * pointers, chains might be going away in a future release, though the + * movement functionality would remain. + * + * In any event, parent information, whether via parent pointers or chains, is + * necessary information for iterating through the tree or for basic internal + * tree maintenance issues (ie, the rotations that are done to rebalance the + * tree when a node is added). The obvious implication of this is that for a + * chain to remain valid, the tree has to be locked down against writes for the + * duration of the useful life of the chain, because additions or removals can + * change the path from the root to the node the chain has targeted. + * + * The dns_rbtnodechain_ functions _first, _last, _prev and _next all take + * dns_name_t parameters for the name and the origin, which can be NULL. If + * non-NULL, 'name' will end up pointing to the name data and offsets that are + * stored at the node (and thus it will be read-only), so it should be a + * regular dns_name_t that has been initialized with dns_name_init. When + * 'origin' is non-NULL, it will get the name of the origin stored in it, so it + * needs to have its own buffer space and offsets, which is most easily + * accomplished with a dns_fixedname_t. It is _not_ necessary to reinitialize + * either 'name' or 'origin' between calls to the chain functions. + * + * NOTE WELL: even though the name data at the root of the tree of trees will + * be absolute (typically just "."), it will will be made into a relative name + * with an origin of "." -- an empty name when the node is ".". This is + * because a common on operation on 'name' and 'origin' is to use + * dns_name_concatenate() on them to generate the complete name. An empty name + * can be detected when dns_name_countlabels == 0, and is printed by + * dns_name_totext()/dns_name_format() as "@", consistent with RFC1035's + * definition of "@" as the current origin. + * + * dns_rbtnodechain_current is similar to the _first, _last, _prev and _next + * functions but additionally can provide the node to which the chain points. + */ + +/*% + * The number of level blocks to allocate at a time. Currently the maximum + * number of levels is allocated directly in the structure, but future + * revisions of this code might have a static initial block with dynamic + * growth. Allocating space for 256 levels when the tree is almost never that + * deep is wasteful, but it's not clear that it matters, since the waste is + * only 2MB for 1000 concurrently active chains on a system with 64-bit + * pointers. + */ +#define DNS_RBT_LEVELBLOCK 254 + +typedef struct dns_rbtnodechain { + unsigned int magic; + isc_mem_t * mctx; + /*% + * The terminal node of the chain. It is not in levels[]. + * This is ostensibly private ... but in a pinch it could be + * used tell that the chain points nowhere without needing to + * call dns_rbtnodechain_current(). + */ + dns_rbtnode_t * end; + /*% + * The maximum number of labels in a name is 128; bitstrings mean + * a conceptually very large number (which I have not bothered to + * compute) of logical levels because splitting can potentially occur + * at each bit. However, DNSSEC restricts the number of "logical" + * labels in a name to 255, meaning only 254 pointers are needed + * in the worst case. + */ + dns_rbtnode_t * levels[DNS_RBT_LEVELBLOCK]; + /*% + * level_count indicates how deep the chain points into the + * tree of trees, and is the index into the levels[] array. + * Thus, levels[level_count - 1] is the last level node stored. + * A chain that points to the top level of the tree of trees has + * a level_count of 0, the first level has a level_count of 1, and + * so on. + */ + unsigned int level_count; + /*% + * level_matches tells how many levels matched above the node + * returned by dns_rbt_findnode(). A match (partial or exact) found + * in the first level thus results in level_matches being set to 1. + * This is used by the rbtdb to set the start point for a recursive + * search of superdomains until the RR it is looking for is found. + */ + unsigned int level_matches; +} dns_rbtnodechain_t; + +/***** + ***** Public interfaces. + *****/ +isc_result_t +dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *), + void *deleter_arg, dns_rbt_t **rbtp); +/*%< + * Initialize a red-black tree of trees. + * + * Notes: + *\li The deleter argument, if non-null, points to a function that is + * responsible for cleaning up any memory associated with the data + * pointer of a node when the node is deleted. It is passed the + * deleted node's data pointer as its first argument and deleter_arg + * as its second argument. + * + * Requires: + * \li mctx is a pointer to a valid memory context. + *\li rbtp != NULL && *rbtp == NULL + *\li arg == NULL iff deleter == NULL + * + * Ensures: + *\li If result is ISC_R_SUCCESS: + * *rbtp points to a valid red-black tree manager + * + *\li If result is failure: + * *rbtp does not point to a valid red-black tree manager. + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of Memory + */ + +isc_result_t +dns_rbt_addname(dns_rbt_t *rbt, dns_name_t *name, void *data); +/*%< + * Add 'name' to the tree of trees, associated with 'data'. + * + * Notes: + *\li 'data' is never required to be non-NULL, but specifying it + * when the name is added is faster than searching for 'name' + * again and then setting the data pointer. The lack of a data pointer + * for a node also has other ramifications regarding whether + * dns_rbt_findname considers a node to exist, or dns_rbt_deletename + * joins nodes. + * + * Requires: + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE + * + * Ensures: + *\li 'name' is not altered in any way. + * + *\li Any external references to nodes in the tree are unaffected by + * node splits that are necessary to insert the new name. + * + *\li If result is #ISC_R_SUCCESS: + * 'name' is findable in the red/black tree of trees in O(log N). + * The data pointer of the node for 'name' is set to 'data'. + * + *\li If result is #ISC_R_EXISTS or #ISC_R_NOSPACE: + * The tree of trees is unaltered. + * + *\li If result is #ISC_R_NOMEMORY: + * No guarantees. + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_EXISTS The name already exists with associated data. + *\li #ISC_R_NOSPACE The name had more logical labels than are allowed. + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory + */ + +isc_result_t +dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep); + +/*%< + * Just like dns_rbt_addname, but returns the address of the node. + * + * Requires: + *\li rbt is a valid rbt structure. + *\li dns_name_isabsolute(name) == TRUE + *\li nodep != NULL && *nodep == NULL + * + * Ensures: + *\li 'name' is not altered in any way. + * + *\li Any external references to nodes in the tree are unaffected by + * node splits that are necessary to insert the new name. + * + *\li If result is ISC_R_SUCCESS: + * 'name' is findable in the red/black tree of trees in O(log N). + * *nodep is the node that was added for 'name'. + * + *\li If result is ISC_R_EXISTS: + * The tree of trees is unaltered. + * *nodep is the existing node for 'name'. + * + *\li If result is ISC_R_NOMEMORY: + * No guarantees. + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_EXISTS The name already exists, possibly without data. + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory + */ + +isc_result_t +dns_rbt_findname(dns_rbt_t *rbt, dns_name_t *name, unsigned int options, + dns_name_t *foundname, void **data); +/*%< + * Get the data pointer associated with 'name'. + * + * Notes: + *\li When #DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is + * returned (also subject to #DNS_RBTFIND_EMPTYDATA), even when there is + * an exact match in the tree. + * + *\li A node that has no data is considered not to exist for this function, + * unless the #DNS_RBTFIND_EMPTYDATA option is set. + * + * Requires: + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE + *\li data != NULL && *data == NULL + * + * Ensures: + *\li 'name' and the tree are not altered in any way. + * + *\li If result is ISC_R_SUCCESS: + * *data is the data associated with 'name'. + * + *\li If result is DNS_R_PARTIALMATCH: + * *data is the data associated with the deepest superdomain + * of 'name' which has data. + * + *\li If result is ISC_R_NOTFOUND: + * Neither the name nor a superdomain was found with data. + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #DNS_R_PARTIALMATCH Superdomain found with data + *\li #ISC_R_NOTFOUND No match + *\li #ISC_R_NOSPACE Concatenating nodes to form foundname failed + */ + +isc_result_t +dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, + dns_rbtnode_t **node, dns_rbtnodechain_t *chain, + unsigned int options, dns_rbtfindcallback_t callback, + void *callback_arg); +/*%< + * Find the node for 'name'. + * + * Notes: + *\li A node that has no data is considered not to exist for this function, + * unless the DNS_RBTFIND_EMPTYDATA option is set. This applies to both + * exact matches and partial matches. + * + *\li If the chain parameter is non-NULL, then the path through the tree + * to the DNSSEC predecessor of the searched for name is maintained, + * unless the DNS_RBTFIND_NOPREDECESSOR or DNS_RBTFIND_NOEXACT option + * is used. (For more details on those options, see below.) + * + *\li If there is no predecessor, then the chain will point to nowhere, as + * indicated by chain->end being NULL or dns_rbtnodechain_current + * returning ISC_R_NOTFOUND. Note that in a normal Internet DNS RBT + * there will always be a predecessor for all names except the root + * name, because '.' will exist and '.' is the predecessor of + * everything. But you can certainly construct a trivial tree and a + * search for it that has no predecessor. + * + *\li Within the chain structure, the 'levels' member of the structure holds + * the root node of each level except the first. + * + *\li The 'level_count' of the chain indicates how deep the chain to the + * predecessor name is, as an index into the 'levels[]' array. It does + * not count name elements, per se, but only levels of the tree of trees, + * the distinction arising because multiple labels from a name can be + * stored on only one level. It is also does not include the level + * that has the node, since that level is not stored in levels[]. + * + *\li The chain's 'level_matches' is not directly related to the predecessor. + * It is the number of levels above the level of the found 'node', + * regardless of whether it was a partial match or exact match. When + * the node is found in the top level tree, or no node is found at all, + * level_matches is 0. + * + *\li When DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is + * returned (also subject to DNS_RBTFIND_EMPTYDATA), even when + * there is an exact match in the tree. In this case, the chain + * will not point to the DNSSEC predecessor, but will instead point + * to the exact match, if there was any. Thus the preceding paragraphs + * should have "exact match" substituted for "predecessor" to describe + * how the various elements of the chain are set. This was done to + * ensure that the chain's state was sane, and to prevent problems that + * occurred when running the predecessor location code under conditions + * it was not designed for. It is not clear *where* the chain should + * point when DNS_RBTFIND_NOEXACT is set, so if you end up using a chain + * with this option because you want a particular node, let us know + * where you want the chain pointed, so this can be made more firm. + * + * Requires: + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE. + *\li node != NULL && *node == NULL. + *\li #DNS_RBTFIND_NOEXACT and DNS_RBTFIND_NOPREDECESSOR are mutually + * exclusive. + * + * Ensures: + *\li 'name' and the tree are not altered in any way. + * + *\li If result is ISC_R_SUCCESS: + *\verbatim + * *node is the terminal node for 'name'. + + * 'foundname' and 'name' represent the same name (though not + * the same memory). + + * 'chain' points to the DNSSEC predecessor, if any, of 'name'. + * + * chain->level_matches and chain->level_count are equal. + *\endverbatim + * + * If result is DNS_R_PARTIALMATCH: + *\verbatim + * *node is the data associated with the deepest superdomain + * of 'name' which has data. + * + * 'foundname' is the name of deepest superdomain (which has + * data, unless the DNS_RBTFIND_EMPTYDATA option is set). + * + * 'chain' points to the DNSSEC predecessor, if any, of 'name'. + *\endverbatim + * + *\li If result is ISC_R_NOTFOUND: + *\verbatim + * Neither the name nor a superdomain was found. *node is NULL. + * + * 'chain' points to the DNSSEC predecessor, if any, of 'name'. + * + * chain->level_matches is 0. + *\endverbatim + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #DNS_R_PARTIALMATCH Superdomain found with data + *\li #ISC_R_NOTFOUND No match, or superdomain with no data + *\li #ISC_R_NOSPACE Concatenating nodes to form foundname failed + */ + +isc_result_t +dns_rbt_deletename(dns_rbt_t *rbt, dns_name_t *name, isc_boolean_t recurse); +/*%< + * Delete 'name' from the tree of trees. + * + * Notes: + *\li When 'name' is removed, if recurse is ISC_TRUE then all of its + * subnames are removed too. + * + * Requires: + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE + * + * Ensures: + *\li 'name' is not altered in any way. + * + *\li Does NOT ensure that any external references to nodes in the tree + * are unaffected by node joins. + * + *\li If result is ISC_R_SUCCESS: + * 'name' does not appear in the tree with data; however, + * the node for the name might still exist which can be + * found with dns_rbt_findnode (but not dns_rbt_findname). + * + *\li If result is ISC_R_NOTFOUND: + * 'name' does not appear in the tree with data, because + * it did not appear in the tree before the function was called. + * + *\li If result is something else: + * See result codes for dns_rbt_findnode (if it fails, the + * node is not deleted) or dns_rbt_deletenode (if it fails, + * the node is deleted, but the tree is not optimized when + * it could have been). + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOTFOUND No match + *\li something_else Any return code from dns_rbt_findnode except + * DNS_R_PARTIALMATCH (which causes ISC_R_NOTFOUND + * to be returned instead), and any code from + * dns_rbt_deletenode. + */ + +isc_result_t +dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse); +/*%< + * Delete 'node' from the tree of trees. + * + * Notes: + *\li When 'node' is removed, if recurse is ISC_TRUE then all nodes + * in levels down from it are removed too. + * + * Requires: + *\li rbt is a valid rbt manager. + *\li node != NULL. + * + * Ensures: + *\li Does NOT ensure that any external references to nodes in the tree + * are unaffected by node joins. + * + *\li If result is ISC_R_SUCCESS: + * 'node' does not appear in the tree with data; however, + * the node might still exist if it serves as a pointer to + * a lower tree level as long as 'recurse' was false, hence + * the node could can be found with dns_rbt_findnode when + * that function's empty_data_ok parameter is true. + * + *\li If result is ISC_R_NOMEMORY or ISC_R_NOSPACE: + * The node was deleted, but the tree structure was not + * optimized. + * + * Returns: + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory when joining nodes. + *\li #ISC_R_NOSPACE dns_name_concatenate failed when joining nodes. + */ + +void +dns_rbt_namefromnode(dns_rbtnode_t *node, dns_name_t *name); +/*%< + * Convert the sequence of labels stored at 'node' into a 'name'. + * + * Notes: + *\li This function does not return the full name, from the root, but + * just the labels at the indicated node. + * + *\li The name data pointed to by 'name' is the information stored + * in the node, not a copy. Altering the data at this pointer + * will likely cause grief. + * + * Requires: + * \li name->offsets == NULL + * + * Ensures: + * \li 'name' is DNS_NAMEATTR_READONLY. + * + * \li 'name' will point directly to the labels stored after the + * dns_rbtnode_t struct. + * + * \li 'name' will have offsets that also point to the information stored + * as part of the node. + */ + +isc_result_t +dns_rbt_fullnamefromnode(dns_rbtnode_t *node, dns_name_t *name); +/*%< + * Like dns_rbt_namefromnode, but returns the full name from the root. + * + * Notes: + * \li Unlike dns_rbt_namefromnode, the name will not point directly + * to node data. Rather, dns_name_concatenate will be used to copy + * the name data from each node into the 'name' argument. + * + * Requires: + * \li name != NULL + * \li name has a dedicated buffer. + * + * Returns: + * \li ISC_R_SUCCESS + * \li ISC_R_NOSPACE (possible via dns_name_concatenate) + * \li DNS_R_NAMETOOLONG (possible via dns_name_concatenate) + */ + +char * +dns_rbt_formatnodename(dns_rbtnode_t *node, char *printname, + unsigned int size); +/*%< + * Format the full name of a node for printing, using dns_name_format(). + * + * Notes: + * \li 'size' is the length of the printname buffer. This should be + * DNS_NAME_FORMATSIZE or larger. + * + * Requires: + * \li node and printname are not NULL. + * + * Returns: + * \li The 'printname' pointer. + */ + +unsigned int +dns_rbt_nodecount(dns_rbt_t *rbt); +/*%< + * Obtain the number of nodes in the tree of trees. + * + * Requires: + * \li rbt is a valid rbt manager. + */ + +void +dns_rbt_destroy(dns_rbt_t **rbtp); +isc_result_t +dns_rbt_destroy2(dns_rbt_t **rbtp, unsigned int quantum); +/*%< + * Stop working with a red-black tree of trees. + * If 'quantum' is zero then the entire tree will be destroyed. + * If 'quantum' is non zero then up to 'quantum' nodes will be destroyed + * allowing the rbt to be incrementally destroyed by repeated calls to + * dns_rbt_destroy2(). Once dns_rbt_destroy2() has been called no other + * operations than dns_rbt_destroy()/dns_rbt_destroy2() should be + * performed on the tree of trees. + * + * Requires: + * \li *rbt is a valid rbt manager. + * + * Ensures on ISC_R_SUCCESS: + * \li All space allocated by the RBT library has been returned. + * + * \li *rbt is invalidated as an rbt manager. + * + * Returns: + * \li ISC_R_SUCCESS + * \li ISC_R_QUOTA if 'quantum' nodes have been destroyed. + */ + +void +dns_rbt_printall(dns_rbt_t *rbt); +/*%< + * Print an ASCII representation of the internal structure of the red-black + * tree of trees. + * + * Notes: + * \li The name stored at each node, along with the node's color, is printed. + * Then the down pointer, left and right pointers are displayed + * recursively in turn. NULL down pointers are silently omitted; + * NULL left and right pointers are printed. + */ + +/***** + ***** Chain Functions + *****/ + +void +dns_rbtnodechain_init(dns_rbtnodechain_t *chain, isc_mem_t *mctx); +/*%< + * Initialize 'chain'. + * + * Requires: + *\li 'chain' is a valid pointer. + * + *\li 'mctx' is a valid memory context. + * + * Ensures: + *\li 'chain' is suitable for use. + */ + +void +dns_rbtnodechain_reset(dns_rbtnodechain_t *chain); +/*%< + * Free any dynamic storage associated with 'chain', and then reinitialize + * 'chain'. + * + * Requires: + *\li 'chain' is a valid pointer. + * + * Ensures: + *\li 'chain' is suitable for use, and uses no dynamic storage. + */ + +void +dns_rbtnodechain_invalidate(dns_rbtnodechain_t *chain); +/*%< + * Free any dynamic storage associated with 'chain', and then invalidates it. + * + * Notes: + *\li Future calls to any dns_rbtnodechain_ function will need to call + * dns_rbtnodechain_init on the chain first (except, of course, + * dns_rbtnodechain_init itself). + * + * Requires: + *\li 'chain' is a valid chain. + * + * Ensures: + *\li 'chain' is no longer suitable for use, and uses no dynamic storage. + */ + +isc_result_t +dns_rbtnodechain_current(dns_rbtnodechain_t *chain, dns_name_t *name, + dns_name_t *origin, dns_rbtnode_t **node); +/*%< + * Provide the name, origin and node to which the chain is currently pointed. + * + * Notes: + *\li The tree need not have be locked against additions for the chain + * to remain valid, however there are no guarantees if any deletion + * has been made since the chain was established. + * + * Requires: + *\li 'chain' is a valid chain. + * + * Ensures: + *\li 'node', if non-NULL, is the node to which the chain was pointed + * by dns_rbt_findnode, dns_rbtnodechain_first or dns_rbtnodechain_last. + * If none were called for the chain since it was initialized or reset, + * or if the was no predecessor to the name searched for with + * dns_rbt_findnode, then '*node' is NULL and ISC_R_NOTFOUND is returned. + * + *\li 'name', if non-NULL, is the name stored at the terminal level of + * the chain. This is typically a single label, like the "www" of + * "www.isc.org", but need not be so. At the root of the tree of trees, + * if the node is "." then 'name' is ".", otherwise it is relative to ".". + * (Minimalist and atypical case: if the tree has just the name + * "isc.org." then the root node's stored name is "isc.org." but 'name' + * will be "isc.org".) + * + *\li 'origin', if non-NULL, is the sequence of labels in the levels + * above the terminal level, such as "isc.org." in the above example. + * 'origin' is always "." for the root node. + * + * + * Returns: + *\li #ISC_R_SUCCESS name, origin & node were successfully set. + *\li #ISC_R_NOTFOUND The chain does not point to any node. + *\li <something_else> Any error return from dns_name_concatenate. + */ + +isc_result_t +dns_rbtnodechain_first(dns_rbtnodechain_t *chain, dns_rbt_t *rbt, + dns_name_t *name, dns_name_t *origin); +/*%< + * Set the chain to the lexically first node in the tree of trees. + * + * Notes: + *\li By the definition of ordering for DNS names, the root of the tree of + * trees is the very first node, since everything else in the megatree + * uses it as a common suffix. + * + * Requires: + *\li 'chain' is a valid chain. + *\li 'rbt' is a valid rbt manager. + * + * Ensures: + *\li The chain points to the very first node of the tree. + * + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. Thus 'origin' will always be ".". + * + * Returns: + *\li #DNS_R_NEWORIGIN The name & origin were successfully set. + *\li <something_else> Any error result from dns_rbtnodechain_current. + */ + +isc_result_t +dns_rbtnodechain_last(dns_rbtnodechain_t *chain, dns_rbt_t *rbt, + dns_name_t *name, dns_name_t *origin); +/*%< + * Set the chain to the lexically last node in the tree of trees. + * + * Requires: + *\li 'chain' is a valid chain. + *\li 'rbt' is a valid rbt manager. + * + * Ensures: + *\li The chain points to the very last node of the tree. + * + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. + * + * Returns: + *\li #DNS_R_NEWORIGIN The name & origin were successfully set. + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory building chain. + *\li <something_else> Any error result from dns_name_concatenate. + */ + +isc_result_t +dns_rbtnodechain_prev(dns_rbtnodechain_t *chain, dns_name_t *name, + dns_name_t *origin); +/*%< + * Adjusts chain to point the DNSSEC predecessor of the name to which it + * is currently pointed. + * + * Requires: + *\li 'chain' is a valid chain. + *\li 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, + * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that + * dns_rbt_findnode is not guaranteed to point the chain somewhere, + * since there may have been no predecessor to the searched for name. + * + * Ensures: + *\li The chain is pointed to the predecessor of its current target. + * + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. + * + *\li 'origin' is only if a new origin was found. + * + * Returns: + *\li #ISC_R_SUCCESS The predecessor was found and 'name' was set. + *\li #DNS_R_NEWORIGIN The predecessor was found with a different + * origin and 'name' and 'origin' were set. + *\li #ISC_R_NOMORE There was no predecessor. + *\li <something_else> Any error result from dns_rbtnodechain_current. + */ + +isc_result_t +dns_rbtnodechain_next(dns_rbtnodechain_t *chain, dns_name_t *name, + dns_name_t *origin); +/*%< + * Adjusts chain to point the DNSSEC successor of the name to which it + * is currently pointed. + * + * Requires: + *\li 'chain' is a valid chain. + *\li 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, + * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that + * dns_rbt_findnode is not guaranteed to point the chain somewhere, + * since there may have been no predecessor to the searched for name. + * + * Ensures: + *\li The chain is pointed to the successor of its current target. + * + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. + * + *\li 'origin' is only if a new origin was found. + * + * Returns: + *\li #ISC_R_SUCCESS The successor was found and 'name' was set. + *\li #DNS_R_NEWORIGIN The successor was found with a different + * origin and 'name' and 'origin' were set. + *\li #ISC_R_NOMORE There was no successor. + *\li <something_else> Any error result from dns_name_concatenate. + */ + +/* + * Wrapper macros for manipulating the rbtnode reference counter: + * Since we selectively use isc_refcount_t for the reference counter of + * a rbtnode, operations on the counter depend on the actual type of it. + * The following macros provide a common interface to these operations, + * hiding the back-end. The usage is the same as that of isc_refcount_xxx(). + */ +#ifdef DNS_RBT_USEISCREFCOUNT +#define dns_rbtnode_refinit(node, n) \ + do { \ + isc_refcount_init(&(node)->references, (n)); \ + } while (0) +#define dns_rbtnode_refdestroy(node) \ + do { \ + isc_refcount_destroy(&(node)->references); \ + } while (0) +#define dns_rbtnode_refcurrent(node) \ + isc_refcount_current(&(node)->references) +#define dns_rbtnode_refincrement0(node, refs) \ + do { \ + isc_refcount_increment0(&(node)->references, (refs)); \ + } while (0) +#define dns_rbtnode_refincrement(node, refs) \ + do { \ + isc_refcount_increment(&(node)->references, (refs)); \ + } while (0) +#define dns_rbtnode_refdecrement(node, refs) \ + do { \ + isc_refcount_decrement(&(node)->references, (refs)); \ + } while (0) +#else /* DNS_RBT_USEISCREFCOUNT */ +#define dns_rbtnode_refinit(node, n) ((node)->references = (n)) +#define dns_rbtnode_refdestroy(node) (REQUIRE((node)->references == 0)) +#define dns_rbtnode_refcurrent(node) ((node)->references) +#define dns_rbtnode_refincrement0(node, refs) \ + do { \ + unsigned int *_tmp = (unsigned int *)(refs); \ + (node)->references++; \ + if ((_tmp) != NULL) \ + (*_tmp) = (node)->references; \ + } while (0) +#define dns_rbtnode_refincrement(node, refs) \ + do { \ + REQUIRE((node)->references > 0); \ + (node)->references++; \ + if ((refs) != NULL) \ + (*refs) = (node)->references; \ + } while (0) +#define dns_rbtnode_refdecrement(node, refs) \ + do { \ + REQUIRE((node)->references > 0); \ + (node)->references--; \ + if ((refs) != NULL) \ + (*refs) = (node)->references; \ + } while (0) +#endif /* DNS_RBT_USEISCREFCOUNT */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_RBT_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/rcode.h b/contrib/bind-9.5.2/lib/dns/include/dns/rcode.h similarity index 64% rename from contrib/bind-9.3/lib/dns/include/dns/rcode.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rcode.h index b2494f733f..57299d90a2 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rcode.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rcode.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rcode.h,v 1.12.206.1 2004/03/06 08:13:59 marka Exp $ */ +/* $Id: rcode.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RCODE_H #define DNS_RCODE_H 1 +/*! \file dns/rcode.h */ + #include #include @@ -27,68 +29,68 @@ ISC_LANG_BEGINDECLS isc_result_t dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNS error value. * * Requires: - * 'rcodep' is a valid pointer. + *\li 'rcodep' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * DNS_R_UNKNOWN type is unknown + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN type is unknown */ isc_result_t dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target); -/* +/*%< * Put a textual representation of error 'rcode' into 'target'. * * Requires: - * 'rcode' is a valid rcode. + *\li 'rcode' is a valid rcode. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * * Ensures: - * If the result is success: + *\li If the result is success: * The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ isc_result_t dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a TSIG/TKEY error value. * * Requires: - * 'rcodep' is a valid pointer. + *\li 'rcodep' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * DNS_R_UNKNOWN type is unknown + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN type is unknown */ isc_result_t dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target); -/* +/*%< * Put a textual representation of TSIG/TKEY error 'rcode' into 'target'. * * Requires: - * 'rcode' is a valid TSIG/TKEY error code. + *\li 'rcode' is a valid TSIG/TKEY error code. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * * Ensures: - * If the result is success: + *\li If the result is success: * The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdata.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdata.h similarity index 64% rename from contrib/bind-9.3/lib/dns/include/dns/rdata.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdata.h index b006b1780f..58fe865999 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdata.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdata.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.h,v 1.51.2.3.2.4 2004/03/08 02:08:01 marka Exp $ */ +/* $Id: rdata.h,v 1.67.128.4 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_RDATA_H #define DNS_RDATA_H 1 @@ -24,9 +24,8 @@ ***** Module Info *****/ -/* - * DNS Rdata - * +/*! \file dns/rdata.h + * \brief * Provides facilities for manipulating DNS rdata, including conversions to * and from wire format and text format. * @@ -46,46 +45,45 @@ * * Implementation Notes: * - * The routines in this module are expected to be synthesized by the + *\li The routines in this module are expected to be synthesized by the * build process from a set of source files, one per rdata type. For * portability, it's probably best that the building be done by a C * program. Adding a new rdata type will be a simple matter of adding - * a file to a directory and rebuilding the server. *All* knowlege of + * a file to a directory and rebuilding the server. *All* knowledge of * the format of a particular rdata type is in this file. * * MP: - * Clients of this module must impose any required synchronization. + *\li Clients of this module must impose any required synchronization. * * Reliability: - * This module deals with low-level byte streams. Errors in any of + *\li This module deals with low-level byte streams. Errors in any of * the functions are likely to crash the server or corrupt memory. * - * Rdata is typed, and the caller must know what type of rdata it has. + *\li Rdata is typed, and the caller must know what type of rdata it has. * A caller that gets this wrong could crash the server. * - * The fromstruct() and tostruct() routines use a void * pointer to + *\li The fromstruct() and tostruct() routines use a void * pointer to * represent the structure. The caller must ensure that it passes a * pointer to the appropriate type, or the server could crash or memory * could be corrupted. * * Resources: - * None. + *\li None. * * Security: * - * *** WARNING *** - * + *\li *** WARNING *** * dns_rdata_fromwire() deals with raw network data. An error in * this routine could result in the failure or hijacking of the server. * * Standards: - * RFC 1035 - * Draft EDNS0 (0) - * Draft EDNS1 (0) - * Draft Binary Labels (2) - * Draft Local Compression (1) - * + *\li RFC1035 + *\li Draft EDNS0 (0) + *\li Draft EDNS1 (0) + *\li Draft Binary Labels (2) + *\li Draft Local Compression (1) + *\li Various RFCs for particular types; these will be documented in the + * sources files of the types. * */ @@ -100,19 +98,17 @@ ISC_LANG_BEGINDECLS -/***** - ***** RData - ***** - ***** An 'rdata' is a handle to a binary region. The handle has an RR - ***** class and type, and the data in the binary region is in the format - ***** of the given class and type. - *****/ /*** *** Types ***/ -/* +/*% + ***** An 'rdata' is a handle to a binary region. The handle has an RR + ***** class and type, and the data in the binary region is in the format + ***** of the given class and type. + *****/ +/*% * Clients are strongly discouraged from using this type directly, with * the exception of the 'link' field which may be used directly for whatever * purpose the client desires. @@ -128,7 +124,7 @@ struct dns_rdata { #define DNS_RDATA_INIT { NULL, 0, 0, 0, 0, {(void*)(-1), (void *)(-1)}} -#define DNS_RDATA_UPDATE 0x0001 /* update pseudo record */ +#define DNS_RDATA_UPDATE 0x0001 /*%< update pseudo record */ /* * Flags affecting rdata formatting style. Flags 0xFFFF0000 @@ -136,17 +132,19 @@ struct dns_rdata { * See additional comments at dns_rdata_tofmttext(). */ -/* Split the rdata into multiple lines to try to keep it +/*% Split the rdata into multiple lines to try to keep it within the "width". */ #define DNS_STYLEFLAG_MULTILINE 0x00000001U -/* Output explanatory comments. */ +/*% Output explanatory comments. */ #define DNS_STYLEFLAG_COMMENT 0x00000002U #define DNS_RDATA_DOWNCASE DNS_NAME_DOWNCASE #define DNS_RDATA_CHECKNAMES DNS_NAME_CHECKNAMES #define DNS_RDATA_CHECKNAMESFAIL DNS_NAME_CHECKNAMESFAIL #define DNS_RDATA_CHECKREVERSE DNS_NAME_CHECKREVERSE +#define DNS_RDATA_CHECKMX DNS_NAME_CHECKMX +#define DNS_RDATA_CHECKMXFAIL DNS_NAME_CHECKMXFAIL /*** *** Initialization @@ -154,7 +152,7 @@ struct dns_rdata { void dns_rdata_init(dns_rdata_t *rdata); -/* +/*%< * Make 'rdata' empty. * * Requires: @@ -163,21 +161,21 @@ dns_rdata_init(dns_rdata_t *rdata); void dns_rdata_reset(dns_rdata_t *rdata); -/* +/*%< * Make 'rdata' empty. * * Requires: - * 'rdata' is a previously initialized rdata and is not linked. + *\li 'rdata' is a previously initialized rdata and is not linked. */ void dns_rdata_clone(const dns_rdata_t *src, dns_rdata_t *target); -/* +/*%< * Clone 'target' from 'src'. * * Requires: - * 'src' to be initialized. - * 'target' to be initialized. + *\li 'src' to be initialized. + *\li 'target' to be initialized. */ /*** @@ -186,20 +184,20 @@ dns_rdata_clone(const dns_rdata_t *src, dns_rdata_t *target); int dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2); -/* +/*%< * Determine the relative ordering under the DNSSEC order relation of * 'rdata1' and 'rdata2'. * * Requires: * - * 'rdata1' is a valid, non-empty rdata + *\li 'rdata1' is a valid, non-empty rdata * - * 'rdata2' is a valid, non-empty rdata + *\li 'rdata2' is a valid, non-empty rdata * * Returns: - * < 0 'rdata1' is less than 'rdata2' - * 0 'rdata1' is equal to 'rdata2' - * > 0 'rdata1' is greater than 'rdata2' + *\li < 0 'rdata1' is less than 'rdata2' + *\li 0 'rdata1' is equal to 'rdata2' + *\li > 0 'rdata1' is greater than 'rdata2' */ /*** @@ -209,17 +207,17 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2); void dns_rdata_fromregion(dns_rdata_t *rdata, dns_rdataclass_t rdclass, dns_rdatatype_t type, isc_region_t *r); -/* +/*%< * Make 'rdata' refer to region 'r'. * * Requires: * - * The data in 'r' is properly formatted for whatever type it is. + *\li The data in 'r' is properly formatted for whatever type it is. */ void dns_rdata_toregion(const dns_rdata_t *rdata, isc_region_t *r); -/* +/*%< * Make 'r' refer to 'rdata'. */ @@ -228,73 +226,70 @@ dns_rdata_fromwire(dns_rdata_t *rdata, dns_rdataclass_t rdclass, dns_rdatatype_t type, isc_buffer_t *source, dns_decompress_t *dctx, unsigned int options, isc_buffer_t *target); -/* +/*%< * Copy the possibly-compressed rdata at source into the target region. * * Notes: - * Name decompression policy is controlled by 'dctx'. + *\li Name decompression policy is controlled by 'dctx'. * * 'options' - * DNS_RDATA_DOWNCASE downcase domain names when they are copied + *\li DNS_RDATA_DOWNCASE downcase domain names when they are copied * into target. * * Requires: * - * 'rdclass' and 'type' are valid. + *\li 'rdclass' and 'type' are valid. * - * 'source' is a valid buffer, and the active region of 'source' + *\li 'source' is a valid buffer, and the active region of 'source' * references the rdata to be processed. * - * 'target' is a valid buffer. + *\li 'target' is a valid buffer. * - * 'dctx' is a valid decompression context. + *\li 'dctx' is a valid decompression context. * - * Ensures: - * - * If result is success: - * If 'rdata' is not NULL, it is attached to the target. - * - * The conditions dns_name_fromwire() ensures for names hold + * Ensures, + * if result is success: + * \li If 'rdata' is not NULL, it is attached to the target. + * \li The conditions dns_name_fromwire() ensures for names hold * for all names in the rdata. - * - * The current location in source is advanced, and the used space + * \li The current location in source is advanced, and the used space * in target is updated. * * Result: - * Success - * - * - * Bad Form: Input too short - * Resource Limit: Not enough space + *\li Success + *\li Any non-success status from dns_name_fromwire() + *\li Various 'Bad Form' class failures depending on class and type + *\li Bad Form: Input too short + *\li Resource Limit: Not enough space */ isc_result_t dns_rdata_towire(dns_rdata_t *rdata, dns_compress_t *cctx, isc_buffer_t *target); -/* +/*%< * Convert 'rdata' into wire format, compressing it as specified by the * compression context 'cctx', and storing the result in 'target'. * * Notes: - * If the compression context allows global compression, then the + *\li If the compression context allows global compression, then the * global compression table may be updated. * * Requires: - * 'rdata' is a valid, non-empty rdata + *\li 'rdata' is a valid, non-empty rdata * - * target is a valid buffer + *\li target is a valid buffer * - * Any offsets specified in a global compression table are valid + *\li Any offsets specified in a global compression table are valid * for target. * - * Ensures: - * If the result is success: - * The used space in target is updated. + * Ensures, + * if the result is success: + * \li The used space in target is updated. * * Returns: - * Success - * - * Resource Limit: Not enough space + *\li Success + *\li Any non-success status from dns_name_towire() + *\li Resource Limit: Not enough space */ isc_result_t @@ -302,100 +297,101 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass, dns_rdatatype_t type, isc_lex_t *lexer, dns_name_t *origin, unsigned int options, isc_mem_t *mctx, isc_buffer_t *target, dns_rdatacallbacks_t *callbacks); -/* +/*%< * Convert the textual representation of a DNS rdata into uncompressed wire * form stored in the target region. Tokens constituting the text of the rdata * are taken from 'lexer'. * * Notes: - * Relative domain names in the rdata will have 'origin' appended to them. + *\li Relative domain names in the rdata will have 'origin' appended to them. * A NULL origin implies "origin == dns_rootname". * * * 'options' - * DNS_RDATA_DOWNCASE downcase domain names when they are copied + *\li DNS_RDATA_DOWNCASE downcase domain names when they are copied * into target. - * DNS_RDATA_CHECKNAMES perform checknames checks. - * DNS_RDATA_CHECKNAMESFAIL fail if the checknames check fail. If + *\li DNS_RDATA_CHECKNAMES perform checknames checks. + *\li DNS_RDATA_CHECKNAMESFAIL fail if the checknames check fail. If * not set a warning will be issued. - * DNS_RDATA_CHECKREVERSE this should set if the owner name ends + *\li DNS_RDATA_CHECKREVERSE this should set if the owner name ends * in IP6.ARPA, IP6.INT or IN-ADDR.ARPA. * * Requires: * - * 'rdclass' and 'type' are valid. + *\li 'rdclass' and 'type' are valid. * - * 'lexer' is a valid isc_lex_t. + *\li 'lexer' is a valid isc_lex_t. * - * 'mctx' is a valid isc_mem_t. + *\li 'mctx' is a valid isc_mem_t. * - * 'target' is a valid region. + *\li 'target' is a valid region. * - * 'origin' if non NULL it must be absolute. - * - * 'callbacks' to be NULL or callbacks->warn and callbacks->error be - * initialized. + *\li 'origin' if non NULL it must be absolute. * - * Ensures: - * If result is success: - * If 'rdata' is not NULL, it is attached to the target. + *\li 'callbacks' to be NULL or callbacks->warn and callbacks->error be + * initialized. * - * The conditions dns_name_fromtext() ensures for names hold + * Ensures, + * if result is success: + *\li If 'rdata' is not NULL, it is attached to the target. + + *\li The conditions dns_name_fromtext() ensures for names hold * for all names in the rdata. - * - * The used space in target is updated. + + *\li The used space in target is updated. * * Result: - * Success - * - * - * Bad Form: Input too short - * Resource Limit: Not enough space - * Resource Limit: Not enough memory + *\li Success + *\li Translated result codes from isc_lex_gettoken + *\li Various 'Bad Form' class failures depending on class and type + *\li Bad Form: Input too short + *\li Resource Limit: Not enough space + *\li Resource Limit: Not enough memory */ isc_result_t dns_rdata_totext(dns_rdata_t *rdata, dns_name_t *origin, isc_buffer_t *target); -/* +/*%< * Convert 'rdata' into text format, storing the result in 'target'. * The text will consist of a single line, with fields separated by * single spaces. * * Notes: - * If 'origin' is not NULL, then any names in the rdata that are + *\li If 'origin' is not NULL, then any names in the rdata that are * subdomains of 'origin' will be made relative it. * - * XXX Do we *really* want to support 'origin'? I'm inclined towards "no" + *\li XXX Do we *really* want to support 'origin'? I'm inclined towards "no" * at the moment. * * Requires: * - * 'rdata' is a valid, non-empty rdata + *\li 'rdata' is a valid, non-empty rdata * - * 'origin' is NULL, or is a valid name + *\li 'origin' is NULL, or is a valid name * - * 'target' is a valid text buffer + *\li 'target' is a valid text buffer * - * Ensures: - * If the result is success: + * Ensures, + * if the result is success: * - * The used space in target is updated. + * \li The used space in target is updated. * * Returns: - * Success - * - * Resource Limit: Not enough space + *\li Success + *\li Any non-success status from dns_name_totext() + *\li Resource Limit: Not enough space */ isc_result_t dns_rdata_tofmttext(dns_rdata_t *rdata, dns_name_t *origin, unsigned int flags, - unsigned int width, char *linebreak, isc_buffer_t *target); -/* + unsigned int width, const char *linebreak, + isc_buffer_t *target); +/*%< * Like dns_rdata_totext, but do formatted output suitable for * database dumps. This is intended for use by dns_db_dump(); * library users are discouraged from calling it directly. * - * If (flags & DNS_STYLEFLAG_MULTILINE) != 0, attempt to stay + * If (flags & #DNS_STYLEFLAG_MULTILINE) != 0, attempt to stay * within 'width' by breaking the text into multiple lines. * The string 'linebreak' is inserted between lines, and parentheses * are added when necessary. Because RRs contain unbreakable elements @@ -403,11 +399,11 @@ dns_rdata_tofmttext(dns_rdata_t *rdata, dns_name_t *origin, unsigned int flags, * potentially large, there is no guarantee that the lines will * not exceed 'width' anyway. * - * If (flags & DNS_STYLEFLAG_MULTILINE) == 0, the rdata is always + * If (flags & #DNS_STYLEFLAG_MULTILINE) == 0, the rdata is always * printed as a single line, and no parentheses are used. * The 'width' and 'linebreak' arguments are ignored. * - * If (flags & DNS_STYLEFLAG_COMMENT) != 0, output explanatory + * If (flags & #DNS_STYLEFLAG_COMMENT) != 0, output explanatory * comments next to things like the SOA timer fields. Some * comments (e.g., the SOA ones) are only printed when multiline * output is selected. @@ -416,7 +412,7 @@ dns_rdata_tofmttext(dns_rdata_t *rdata, dns_name_t *origin, unsigned int flags, isc_result_t dns_rdata_fromstruct(dns_rdata_t *rdata, dns_rdataclass_t rdclass, dns_rdatatype_t type, void *source, isc_buffer_t *target); -/* +/*%< * Convert the C structure representation of an rdata into uncompressed wire * format in 'target'. * @@ -424,30 +420,30 @@ dns_rdata_fromstruct(dns_rdata_t *rdata, dns_rdataclass_t rdclass, * * Requires: * - * 'rdclass' and 'type' are valid. + *\li 'rdclass' and 'type' are valid. * - * 'source' points to a valid C struct for the class and type. + *\li 'source' points to a valid C struct for the class and type. * - * 'target' is a valid buffer. + *\li 'target' is a valid buffer. * - * All structure pointers to memory blocks should be NULL if their + *\li All structure pointers to memory blocks should be NULL if their * corresponding length values are zero. * - * Ensures: - * If result is success: - * If 'rdata' is not NULL, it is attached to the target. + * Ensures, + * if result is success: + * \li If 'rdata' is not NULL, it is attached to the target. * - * The used space in 'target' is updated. + * \li The used space in 'target' is updated. * * Result: - * Success - * - * Resource Limit: Not enough space + *\li Success + *\li Various 'Bad Form' class failures depending on class and type + *\li Resource Limit: Not enough space */ isc_result_t dns_rdata_tostruct(dns_rdata_t *rdata, void *target, isc_mem_t *mctx); -/* +/*%< * Convert an rdata into its C structure representation. * * If 'mctx' is NULL then 'rdata' must persist while 'target' is being used. @@ -456,80 +452,80 @@ dns_rdata_tostruct(dns_rdata_t *rdata, void *target, isc_mem_t *mctx); * * Requires: * - * 'rdata' is a valid, non-empty rdata. + *\li 'rdata' is a valid, non-empty rdata. * - * 'target' to point to a valid pointer for the type and class. + *\li 'target' to point to a valid pointer for the type and class. * * Result: - * Success - * Resource Limit: Not enough memory + *\li Success + *\li Resource Limit: Not enough memory */ void dns_rdata_freestruct(void *source); -/* +/*%< * Free dynamic memory attached to 'source' (if any). * * Requires: * - * 'source' to point to the structure previously filled in by + *\li 'source' to point to the structure previously filled in by * dns_rdata_tostruct(). */ isc_boolean_t dns_rdatatype_ismeta(dns_rdatatype_t type); -/* +/*%< * Return true iff the rdata type 'type' is a meta-type * like ANY or AXFR. */ isc_boolean_t dns_rdatatype_issingleton(dns_rdatatype_t type); -/* +/*%< * Return true iff the rdata type 'type' is a singleton type, * like CNAME or SOA. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. * */ isc_boolean_t dns_rdataclass_ismeta(dns_rdataclass_t rdclass); -/* +/*%< * Return true iff the rdata class 'rdclass' is a meta-class * like ANY or NONE. */ isc_boolean_t dns_rdatatype_isdnssec(dns_rdatatype_t type); -/* +/*%< * Return true iff 'type' is one of the DNSSEC * rdata types that may exist alongside a CNAME record. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. */ isc_boolean_t dns_rdatatype_iszonecutauth(dns_rdatatype_t type); -/* +/*%< * Return true iff rdata of type 'type' is considered authoritative * data (not glue) in the NSEC chain when it occurs in the parent zone * at a zone cut. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. * */ isc_boolean_t dns_rdatatype_isknown(dns_rdatatype_t type); -/* +/*%< * Return true iff the rdata type 'type' is known. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. * */ @@ -537,140 +533,140 @@ dns_rdatatype_isknown(dns_rdatatype_t type); isc_result_t dns_rdata_additionaldata(dns_rdata_t *rdata, dns_additionaldatafunc_t add, void *arg); -/* +/*%< * Call 'add' for each name and type from 'rdata' which is subject to * additional section processing. * * Requires: * - * 'rdata' is a valid, non-empty rdata. + *\li 'rdata' is a valid, non-empty rdata. * - * 'add' is a valid dns_additionalfunc_t. + *\li 'add' is a valid dns_additionalfunc_t. * * Ensures: * - * If successful, then add() will have been called for each name + *\li If successful, then add() will have been called for each name * and type subject to additional section processing. * - * If add() returns something other than ISC_R_SUCCESS, that result + *\li If add() returns something other than #ISC_R_SUCCESS, that result * will be returned as the result of dns_rdata_additionaldata(). * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Many other results are possible if not successful. + *\li Many other results are possible if not successful. */ isc_result_t dns_rdata_digest(dns_rdata_t *rdata, dns_digestfunc_t digest, void *arg); -/* +/*%< * Send 'rdata' in DNSSEC canonical form to 'digest'. * * Note: - * 'digest' may be called more than once by dns_rdata_digest(). The + *\li 'digest' may be called more than once by dns_rdata_digest(). The * concatenation of all the regions, in the order they were given * to 'digest', will be the DNSSEC canonical form of 'rdata'. * * Requires: * - * 'rdata' is a valid, non-empty rdata. + *\li 'rdata' is a valid, non-empty rdata. * - * 'digest' is a valid dns_digestfunc_t. + *\li 'digest' is a valid dns_digestfunc_t. * * Ensures: * - * If successful, then all of the rdata's data has been sent, in + *\li If successful, then all of the rdata's data has been sent, in * DNSSEC canonical form, to 'digest'. * - * If digest() returns something other than ISC_R_SUCCESS, that result + *\li If digest() returns something other than ISC_R_SUCCESS, that result * will be returned as the result of dns_rdata_digest(). * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Many other results are possible if not successful. + *\li Many other results are possible if not successful. */ isc_boolean_t dns_rdatatype_questiononly(dns_rdatatype_t type); -/* +/*%< * Return true iff rdata of type 'type' can only appear in the question * section of a properly formatted message. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. * */ isc_boolean_t dns_rdatatype_notquestion(dns_rdatatype_t type); -/* +/*%< * Return true iff rdata of type 'type' can not appear in the question * section of a properly formatted message. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. * */ isc_boolean_t dns_rdatatype_atparent(dns_rdatatype_t type); -/* +/*%< * Return true iff rdata of type 'type' should appear at the parent of * a zone cut. * * Requires: - * 'type' is a valid rdata type. + * \li 'type' is a valid rdata type. * */ unsigned int dns_rdatatype_attributes(dns_rdatatype_t rdtype); -/* +/*%< * Return attributes for the given type. * * Requires: - * 'rdtype' are known. + *\li 'rdtype' are known. * * Returns: - * a bitmask consisting of the following flags. + *\li a bitmask consisting of the following flags. */ -/* only one may exist for a name */ +/*% only one may exist for a name */ #define DNS_RDATATYPEATTR_SINGLETON 0x00000001U -/* requires no other data be present */ +/*% requires no other data be present */ #define DNS_RDATATYPEATTR_EXCLUSIVE 0x00000002U -/* Is a meta type */ +/*% Is a meta type */ #define DNS_RDATATYPEATTR_META 0x00000004U -/* Is a DNSSEC type, like RRSIG or NSEC */ +/*% Is a DNSSEC type, like RRSIG or NSEC */ #define DNS_RDATATYPEATTR_DNSSEC 0x00000008U -/* Is a zone cut authority type */ +/*% Is a zone cut authority type */ #define DNS_RDATATYPEATTR_ZONECUTAUTH 0x00000010U -/* Is reserved (unusable) */ +/*% Is reserved (unusable) */ #define DNS_RDATATYPEATTR_RESERVED 0x00000020U -/* Is an unknown type */ +/*% Is an unknown type */ #define DNS_RDATATYPEATTR_UNKNOWN 0x00000040U -/* Is META, and can only be in a question section */ +/*% Is META, and can only be in a question section */ #define DNS_RDATATYPEATTR_QUESTIONONLY 0x00000080U -/* is META, and can NOT be in a question section */ +/*% is META, and can NOT be in a question section */ #define DNS_RDATATYPEATTR_NOTQUESTION 0x00000100U -/* Is present at zone cuts in the parent, not the child */ +/*% Is present at zone cuts in the parent, not the child */ #define DNS_RDATATYPEATTR_ATPARENT 0x00000200U dns_rdatatype_t dns_rdata_covers(dns_rdata_t *rdata); -/* +/*%< * Return the rdatatype that this type covers. * * Requires: - * 'rdata' is a valid, non-empty rdata. + *\li 'rdata' is a valid, non-empty rdata. * - * 'rdata' is a type that covers other rdata types. + *\li 'rdata' is a type that covers other rdata types. * * Returns: - * The type covered. + *\li The type covered. */ isc_boolean_t diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdataclass.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdataclass.h similarity index 71% rename from contrib/bind-9.3/lib/dns/include/dns/rdataclass.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdataclass.h index 359a2be6d2..786eb6af73 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdataclass.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdataclass.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataclass.h,v 1.17.206.1 2004/03/06 08:13:59 marka Exp $ */ +/* $Id: rdataclass.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATACLASS_H #define DNS_RDATACLASS_H 1 +/*! \file dns/rdataclass.h */ + #include #include @@ -28,49 +30,49 @@ ISC_LANG_BEGINDECLS isc_result_t dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNS class. * * Requires: - * 'classp' is a valid pointer. + *\li 'classp' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * DNS_R_UNKNOWN class is unknown + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN class is unknown */ isc_result_t dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target); -/* +/*%< * Put a textual representation of class 'rdclass' into 'target'. * * Requires: - * 'rdclass' is a valid class. + *\li 'rdclass' is a valid class. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * - * Ensures: - * If the result is success: - * The used space in 'target' is updated. + * Ensures, + * if the result is success: + *\li The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ void dns_rdataclass_format(dns_rdataclass_t rdclass, char *array, unsigned int size); -/* +/*%< * Format a human-readable representation of the class 'rdclass' * into the character array 'array', which is of size 'size'. * The resulting string is guaranteed to be null-terminated. */ #define DNS_RDATACLASS_FORMATSIZE sizeof("CLASS65535") -/* +/*%< * Minimum size of array to pass to dns_rdataclass_format(). */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdatalist.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdatalist.h similarity index 57% rename from contrib/bind-9.3/lib/dns/include/dns/rdatalist.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdatalist.h index a846c8987b..b4ff817de3 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdatalist.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdatalist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatalist.h,v 1.13.206.1 2004/03/06 08:13:59 marka Exp $ */ +/* $Id: rdatalist.h,v 1.20.128.2 2008/04/03 06:08:27 tbox Exp $ */ #ifndef DNS_RDATALIST_H #define DNS_RDATALIST_H 1 @@ -24,32 +24,31 @@ ***** Module Info *****/ -/* - * DNS Rdatalist - * +/*! \file dns/rdatalist.h + * \brief * A DNS rdatalist is a list of rdata of a common type and class. * * MP: - * Clients of this module must impose any required synchronization. + *\li Clients of this module must impose any required synchronization. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ #include #include -/* +/*% * Clients may use this type directly. */ struct dns_rdatalist { @@ -65,38 +64,59 @@ ISC_LANG_BEGINDECLS void dns_rdatalist_init(dns_rdatalist_t *rdatalist); -/* +/*%< * Initialize rdatalist. * * Ensures: - * All fields of rdatalist have been initialized to their default + *\li All fields of rdatalist have been initialized to their default * values. */ isc_result_t dns_rdatalist_tordataset(dns_rdatalist_t *rdatalist, dns_rdataset_t *rdataset); -/* +/*%< * Make 'rdataset' refer to the rdata in 'rdatalist'. * * Note: - * The caller must ensure that 'rdatalist' remains valid and unchanged + *\li The caller must ensure that 'rdatalist' remains valid and unchanged * while 'rdataset' is associated with it. * * Requires: * - * 'rdatalist' is a valid rdatalist. + *\li 'rdatalist' is a valid rdatalist. * - * 'rdataset' is a valid rdataset that is not currently associated with + *\li 'rdataset' is a valid rdataset that is not currently associated with * any rdata. * - * Ensures: - * On success, + * Ensures, + * on success, + * + *\li 'rdataset' is associated with the rdata in rdatalist. + * + * Returns: + *\li #ISC_R_SUCCESS + */ + +isc_result_t +dns_rdatalist_fromrdataset(dns_rdataset_t *rdataset, + dns_rdatalist_t **rdatalist); +/*%< + * Point 'rdatalist' to the rdatalist in 'rdataset'. + * + * Requires: + * + *\li 'rdatalist' is a pointer to a NULL dns_rdatalist_t pointer. + * + *\li 'rdataset' is a valid rdataset associated with an rdatalist. + * + * Ensures, + * on success, * - * 'rdataset' is associated with the rdata in rdatalist. + *\li 'rdatalist' is pointed to the rdatalist in rdataset. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdataset.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdataset.h similarity index 50% rename from contrib/bind-9.3/lib/dns/include/dns/rdataset.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdataset.h index 12cfbdeacc..8a557b5cc2 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdataset.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdataset.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.41.2.5.2.10 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: rdataset.h,v 1.62.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -24,9 +24,8 @@ ***** Module Info *****/ -/* - * DNS Rdataset - * +/*! \file dns/rdataset.h + * \brief * A DNS rdataset is a handle that can be associated with a collection of * rdata all having a common owner name, class, and type. * @@ -34,31 +33,38 @@ * rdatasets, an implementation of the method suite (e.g. "slabbed rdata") is * required. * - * XXX XXX + * XXX <more> XXX * * MP: - * Clients of this module must impose any required synchronization. + *\li Clients of this module must impose any required synchronization. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ #include #include +#include #include ISC_LANG_BEGINDECLS +typedef enum { + dns_rdatasetadditional_fromauth, + dns_rdatasetadditional_fromcache, + dns_rdatasetadditional_fromglue +} dns_rdatasetadditional_t; + typedef struct dns_rdatasetmethods { void (*disassociate)(dns_rdataset_t *rdataset); isc_result_t (*first)(dns_rdataset_t *rdataset); @@ -74,12 +80,36 @@ typedef struct dns_rdatasetmethods { dns_name_t *name, dns_rdataset_t *nsec, dns_rdataset_t *nsecsig); + isc_result_t (*getadditional)(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t **zonep, + dns_db_t **dbp, + dns_dbversion_t **versionp, + dns_dbnode_t **nodep, + dns_name_t *fname, + dns_message_t *msg, + isc_stdtime_t now); + isc_result_t (*setadditional)(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t *zone, + dns_db_t *db, + dns_dbversion_t *version, + dns_dbnode_t *node, + dns_name_t *fname); + isc_result_t (*putadditional)(dns_acache_t *acache, + dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype); } dns_rdatasetmethods_t; #define DNS_RDATASET_MAGIC ISC_MAGIC('D','N','S','R') #define DNS_RDATASET_VALID(set) ISC_MAGIC_VALID(set, DNS_RDATASET_MAGIC) -/* +/*% * Direct use of this structure by clients is strongly discouraged, except * for the 'link' field which may be used however the client wishes. The * 'private', 'current', and 'index' fields MUST NOT be changed by clients. @@ -103,14 +133,15 @@ struct dns_rdataset { * attributes */ unsigned int attributes; - /* + /*% * the counter provides the starting point in the "cyclic" order. * The value ISC_UINT32_MAX has a special meaning of "picking up a * random value." in order to take care of databases that do not * increment the counter. */ isc_uint32_t count; - /* + /*@{*/ + /*% * These are for use by the rdataset implementation, and MUST NOT * be changed by clients. */ @@ -120,35 +151,41 @@ struct dns_rdataset { unsigned int privateuint4; void * private5; void * private6; + /*@}*/ }; -/* - * _RENDERED: +/*! + * \def DNS_RDATASETATTR_RENDERED * Used by message.c to indicate that the rdataset was rendered. * - * _TTLADJUSTED: + * \def DNS_RDATASETATTR_TTLADJUSTED * Used by message.c to indicate that the rdataset's rdata had differing * TTL values, and the rdataset->ttl holds the smallest. + * + * \def DNS_RDATASETATTR_LOADORDER + * Output the RRset in load order. */ + #define DNS_RDATASETATTR_QUESTION 0x00000001 -#define DNS_RDATASETATTR_RENDERED 0x00000002 /* Used by message.c */ -#define DNS_RDATASETATTR_ANSWERED 0x00000004 /* Used by server. */ -#define DNS_RDATASETATTR_CACHE 0x00000008 /* Used by resolver. */ -#define DNS_RDATASETATTR_ANSWER 0x00000010 /* Used by resolver. */ -#define DNS_RDATASETATTR_ANSWERSIG 0x00000020 /* Used by resolver. */ -#define DNS_RDATASETATTR_EXTERNAL 0x00000040 /* Used by resolver. */ -#define DNS_RDATASETATTR_NCACHE 0x00000080 /* Used by resolver. */ -#define DNS_RDATASETATTR_CHAINING 0x00000100 /* Used by resolver. */ -#define DNS_RDATASETATTR_TTLADJUSTED 0x00000200 /* Used by message.c */ +#define DNS_RDATASETATTR_RENDERED 0x00000002 /*%< Used by message.c */ +#define DNS_RDATASETATTR_ANSWERED 0x00000004 /*%< Used by server. */ +#define DNS_RDATASETATTR_CACHE 0x00000008 /*%< Used by resolver. */ +#define DNS_RDATASETATTR_ANSWER 0x00000010 /*%< Used by resolver. */ +#define DNS_RDATASETATTR_ANSWERSIG 0x00000020 /*%< Used by resolver. */ +#define DNS_RDATASETATTR_EXTERNAL 0x00000040 /*%< Used by resolver. */ +#define DNS_RDATASETATTR_NCACHE 0x00000080 /*%< Used by resolver. */ +#define DNS_RDATASETATTR_CHAINING 0x00000100 /*%< Used by resolver. */ +#define DNS_RDATASETATTR_TTLADJUSTED 0x00000200 /*%< Used by message.c */ #define DNS_RDATASETATTR_FIXEDORDER 0x00000400 #define DNS_RDATASETATTR_RANDOMIZE 0x00000800 -#define DNS_RDATASETATTR_CHASE 0x00001000 /* Used by resolver. */ +#define DNS_RDATASETATTR_CHASE 0x00001000 /*%< Used by resolver. */ #define DNS_RDATASETATTR_NXDOMAIN 0x00002000 #define DNS_RDATASETATTR_NOQNAME 0x00004000 -#define DNS_RDATASETATTR_CHECKNAMES 0x00008000 /* Used by resolver. */ +#define DNS_RDATASETATTR_CHECKNAMES 0x00008000 /*%< Used by resolver. */ #define DNS_RDATASETATTR_REQUIREDGLUE 0x00010000 +#define DNS_RDATASETATTR_LOADORDER 0x00020000 -/* +/*% * _OMITDNSSEC: * Omit DNSSEC records when rendering ncache records. */ @@ -156,147 +193,147 @@ struct dns_rdataset { void dns_rdataset_init(dns_rdataset_t *rdataset); -/* +/*%< * Make 'rdataset' a valid, disassociated rdataset. * * Requires: - * 'rdataset' is not NULL. + *\li 'rdataset' is not NULL. * * Ensures: - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. */ void dns_rdataset_invalidate(dns_rdataset_t *rdataset); -/* +/*%< * Invalidate 'rdataset'. * * Requires: - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * * Ensures: - * If assertion checking is enabled, future attempts to use 'rdataset' + *\li If assertion checking is enabled, future attempts to use 'rdataset' * without initializing it will cause an assertion failure. */ void dns_rdataset_disassociate(dns_rdataset_t *rdataset); -/* +/*%< * Disassociate 'rdataset' from its rdata, allowing it to be reused. * * Notes: - * The client must ensure it has no references to rdata in the rdataset + *\li The client must ensure it has no references to rdata in the rdataset * before disassociating. * * Requires: - * 'rdataset' is a valid, associated rdataset. + *\li 'rdataset' is a valid, associated rdataset. * * Ensures: - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. */ isc_boolean_t dns_rdataset_isassociated(dns_rdataset_t *rdataset); -/* +/*%< * Is 'rdataset' associated? * * Requires: - * 'rdataset' is a valid rdataset. + *\li 'rdataset' is a valid rdataset. * * Returns: - * ISC_TRUE 'rdataset' is associated. - * ISC_FALSE 'rdataset' is not associated. + *\li #ISC_TRUE 'rdataset' is associated. + *\li #ISC_FALSE 'rdataset' is not associated. */ void dns_rdataset_makequestion(dns_rdataset_t *rdataset, dns_rdataclass_t rdclass, dns_rdatatype_t type); -/* +/*%< * Make 'rdataset' a valid, associated, question rdataset, with a * question class of 'rdclass' and type 'type'. * * Notes: - * Question rdatasets have a class and type, but no rdata. + *\li Question rdatasets have a class and type, but no rdata. * * Requires: - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * * Ensures: - * 'rdataset' is a valid, associated, question rdataset. + *\li 'rdataset' is a valid, associated, question rdataset. */ void dns_rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target); -/* +/*%< * Make 'target' refer to the same rdataset as 'source'. * * Requires: - * 'source' is a valid, associated rdataset. + *\li 'source' is a valid, associated rdataset. * - * 'target' is a valid, dissociated rdataset. + *\li 'target' is a valid, dissociated rdataset. * * Ensures: - * 'target' references the same rdataset as 'source'. + *\li 'target' references the same rdataset as 'source'. */ unsigned int dns_rdataset_count(dns_rdataset_t *rdataset); -/* +/*%< * Return the number of records in 'rdataset'. * * Requires: - * 'rdataset' is a valid, associated rdataset. + *\li 'rdataset' is a valid, associated rdataset. * * Returns: - * The number of records in 'rdataset'. + *\li The number of records in 'rdataset'. */ isc_result_t dns_rdataset_first(dns_rdataset_t *rdataset); -/* +/*%< * Move the rdata cursor to the first rdata in the rdataset (if any). * * Requires: - * 'rdataset' is a valid, associated rdataset. + *\li 'rdataset' is a valid, associated rdataset. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no rdata in the set. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE There are no rdata in the set. */ isc_result_t dns_rdataset_next(dns_rdataset_t *rdataset); -/* +/*%< * Move the rdata cursor to the next rdata in the rdataset (if any). * * Requires: - * 'rdataset' is a valid, associated rdataset. + *\li 'rdataset' is a valid, associated rdataset. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no more rdata in the set. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE There are no more rdata in the set. */ void dns_rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata); -/* +/*%< * Make 'rdata' refer to the current rdata. * * Notes: * - * The data returned in 'rdata' is valid for the life of the + *\li The data returned in 'rdata' is valid for the life of the * rdataset; in particular, subsequent changes in the cursor position * do not invalidate 'rdata'. * * Requires: - * 'rdataset' is a valid, associated rdataset. + *\li 'rdataset' is a valid, associated rdataset. * - * The rdata cursor of 'rdataset' is at a valid location (i.e. the + *\li The rdata cursor of 'rdataset' is at a valid location (i.e. the * result of last call to a cursor movement command was ISC_R_SUCCESS). * * Ensures: - * 'rdata' refers to the rdata at the rdata cursor location of - * 'rdataset'. + *\li 'rdata' refers to the rdata at the rdata cursor location of + *\li 'rdataset'. */ isc_result_t @@ -305,23 +342,23 @@ dns_rdataset_totext(dns_rdataset_t *rdataset, isc_boolean_t omit_final_dot, isc_boolean_t question, isc_buffer_t *target); -/* +/*%< * Convert 'rdataset' to text format, storing the result in 'target'. * * Notes: - * The rdata cursor position will be changed. + *\li The rdata cursor position will be changed. * - * The 'question' flag should normally be ISC_FALSE. If it is - * ISC_TRUE, the TTL and rdata fields are not printed. This is + *\li The 'question' flag should normally be #ISC_FALSE. If it is + * #ISC_TRUE, the TTL and rdata fields are not printed. This is * for use when printing an rdata representing a question section. * - * This interface is deprecated; use dns_master_rdatasettottext() + *\li This interface is deprecated; use dns_master_rdatasettottext() * and/or dns_master_questiontotext() instead. * * Requires: - * 'rdataset' is a valid rdataset. + *\li 'rdataset' is a valid rdataset. * - * 'rdataset' is not empty. + *\li 'rdataset' is not empty. */ isc_result_t @@ -331,35 +368,35 @@ dns_rdataset_towire(dns_rdataset_t *rdataset, isc_buffer_t *target, unsigned int options, unsigned int *countp); -/* +/*%< * Convert 'rdataset' to wire format, compressing names as specified * in 'cctx', and storing the result in 'target'. * * Notes: - * The rdata cursor position will be changed. + *\li The rdata cursor position will be changed. * - * The number of RRs added to target will be added to *countp. + *\li The number of RRs added to target will be added to *countp. * * Requires: - * 'rdataset' is a valid rdataset. + *\li 'rdataset' is a valid rdataset. * - * 'rdataset' is not empty. + *\li 'rdataset' is not empty. * - * 'countp' is a valid pointer. + *\li 'countp' is a valid pointer. * * Ensures: - * On a return of ISC_R_SUCCESS, 'target' contains a wire format + *\li On a return of ISC_R_SUCCESS, 'target' contains a wire format * for the data contained in 'rdataset'. Any error return leaves * the buffer unchanged. * - * *countp has been incremented by the number of RRs added to + *\li *countp has been incremented by the number of RRs added to * target. * * Returns: - * ISC_R_SUCCESS - all ok - * ISC_R_NOSPACE - 'target' doesn't have enough room + *\li #ISC_R_SUCCESS - all ok + *\li #ISC_R_NOSPACE - 'target' doesn't have enough room * - * Any error returned by dns_rdata_towire(), dns_rdataset_next(), + *\li Any error returned by dns_rdata_towire(), dns_rdataset_next(), * dns_name_towire(). */ @@ -372,13 +409,13 @@ dns_rdataset_towiresorted(dns_rdataset_t *rdataset, const void *order_arg, unsigned int options, unsigned int *countp); -/* +/*%< * Like dns_rdataset_towire(), but sorting the rdatasets according to - * the integer value returned by 'order' when called witih the rdataset + * the integer value returned by 'order' when called with the rdataset * and 'order_arg' as arguments. * * Requires: - * All the requirements of dns_rdataset_towire(), and + *\li All the requirements of dns_rdataset_towire(), and * that order_arg is NULL if and only if order is NULL. */ @@ -392,76 +429,167 @@ dns_rdataset_towirepartial(dns_rdataset_t *rdataset, unsigned int options, unsigned int *countp, void **state); -/* +/*%< * Like dns_rdataset_towiresorted() except that a partial rdataset * may be written. * * Requires: - * All the requirements of dns_rdataset_towiresorted(). + *\li All the requirements of dns_rdataset_towiresorted(). * If 'state' is non NULL then the current position in the * rdataset will be remembered if the rdataset in not * completely written and should be passed on on subsequent * calls (NOT CURRENTLY IMPLEMENTED). * * Returns: - * ISC_R_SUCCESS if all of the records were written. - * ISC_R_NOSPACE if unable to fit in all of the records. *countp + *\li #ISC_R_SUCCESS if all of the records were written. + *\li #ISC_R_NOSPACE if unable to fit in all of the records. *countp * will be updated to reflect the number of records * written. */ - isc_result_t dns_rdataset_additionaldata(dns_rdataset_t *rdataset, dns_additionaldatafunc_t add, void *arg); -/* +/*%< * For each rdata in rdataset, call 'add' for each name and type in the * rdata which is subject to additional section processing. * * Requires: * - * 'rdataset' is a valid, non-question rdataset. + *\li 'rdataset' is a valid, non-question rdataset. * - * 'add' is a valid dns_additionaldatafunc_t + *\li 'add' is a valid dns_additionaldatafunc_t * * Ensures: * - * If successful, dns_rdata_additionaldata() will have been called for + *\li If successful, dns_rdata_additionaldata() will have been called for * each rdata in 'rdataset'. * - * If a call to dns_rdata_additionaldata() is not successful, the + *\li If a call to dns_rdata_additionaldata() is not successful, the * result returned will be the result of dns_rdataset_additionaldata(). * * Returns: * - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * - * Any error that dns_rdata_additionaldata() can return. + *\li Any error that dns_rdata_additionaldata() can return. */ isc_result_t dns_rdataset_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name, dns_rdataset_t *nsec, dns_rdataset_t *nsecsig); -/* +/*%< * Return the noqname proof for this record. * * Requires: - * 'rdataset' to be valid and DNS_RDATASETATTR_NOQNAME to be set. - * 'name' to be valid. - * 'nsec' and 'nsecsig' to be valid and not associated. + *\li 'rdataset' to be valid and #DNS_RDATASETATTR_NOQNAME to be set. + *\li 'name' to be valid. + *\li 'nsec' and 'nsecsig' to be valid and not associated. */ isc_result_t dns_rdataset_addnoqname(dns_rdataset_t *rdataset, dns_name_t *name); -/* +/*%< * Associate a noqname proof with this record. - * Sets DNS_RDATASETATTR_NOQNAME if successful. + * Sets #DNS_RDATASETATTR_NOQNAME if successful. * Adjusts the 'rdataset->ttl' to minimum of the 'rdataset->ttl' and * the 'nsec' and 'rrsig(nsec)' ttl. * * Requires: - * 'rdataset' to be valid and DNS_RDATASETATTR_NOQNAME to be set. - * 'name' to be valid and have NSEC and RRSIG(NSEC) rdatasets. + *\li 'rdataset' to be valid and #DNS_RDATASETATTR_NOQNAME to be set. + *\li 'name' to be valid and have NSEC and RRSIG(NSEC) rdatasets. + */ + +isc_result_t +dns_rdataset_getadditional(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t **zonep, + dns_db_t **dbp, + dns_dbversion_t **versionp, + dns_dbnode_t **nodep, + dns_name_t *fname, + dns_message_t *msg, + isc_stdtime_t now); +/*%< + * Get cached additional information from the DB node for a particular + * 'rdataset.' 'type' is one of dns_rdatasetadditional_fromauth, + * dns_rdatasetadditional_fromcache, and dns_rdatasetadditional_fromglue, + * which specifies the origin of the information. 'qtype' is intended to + * be used for specifying a particular rdata type in the cached information. + * + * Requires: + * \li 'rdataset' is a valid rdataset. + * \li 'acache' can be NULL, in which case this function will simply return + * ISC_R_FAILURE. + * \li For the other pointers, see dns_acache_getentry(). + * + * Ensures: + * \li See dns_acache_getentry(). + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_FAILURE - additional information caching is not supported. + * \li #ISC_R_NOTFOUND - the corresponding DB node has not cached additional + * information for 'rdataset.' + * \li Any error that dns_acache_getentry() can return. + */ + +isc_result_t +dns_rdataset_setadditional(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t *zone, + dns_db_t *db, + dns_dbversion_t *version, + dns_dbnode_t *node, + dns_name_t *fname); +/*%< + * Set cached additional information to the DB node for a particular + * 'rdataset.' See dns_rdataset_getadditional for the semantics of 'type' + * and 'qtype'. + * + * Requires: + * \li 'rdataset' is a valid rdataset. + * \li 'acache' can be NULL, in which case this function will simply return + * ISC_R_FAILURE. + * \li For the other pointers, see dns_acache_setentry(). + * + * Ensures: + * \li See dns_acache_setentry(). + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_FAILURE - additional information caching is not supported. + * \li #ISC_R_NOMEMORY + * \li Any error that dns_acache_setentry() can return. + */ + +isc_result_t +dns_rdataset_putadditional(dns_acache_t *acache, + dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype); +/*%< + * Discard cached additional information stored in the DB node for a particular + * 'rdataset.' See dns_rdataset_getadditional for the semantics of 'type' + * and 'qtype'. + * + * Requires: + * \li 'rdataset' is a valid rdataset. + * \li 'acache' can be NULL, in which case this function will simply return + * ISC_R_FAILURE. + * + * Ensures: + * \li See dns_acache_cancelentry(). + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_FAILURE - additional information caching is not supported. + * \li #ISC_R_NOTFOUND - the corresponding DB node has not cached additional + * information for 'rdataset.' */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdatasetiter.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdatasetiter.h similarity index 70% rename from contrib/bind-9.3/lib/dns/include/dns/rdatasetiter.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdatasetiter.h index 198aebb3df..dcde367f1c 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdatasetiter.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdatasetiter.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatasetiter.h,v 1.14.206.1 2004/03/06 08:13:59 marka Exp $ */ +/* $Id: rdatasetiter.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATASETITER_H #define DNS_RDATASETITER_H 1 @@ -24,9 +24,8 @@ ***** Module Info *****/ -/* - * DNS Rdataset Iterator - * +/*! \file dns/rdatasetiter.h + * \brief * The DNS Rdataset Iterator interface allows iteration of all of the * rdatasets at a node. * @@ -37,25 +36,25 @@ * It is the client's responsibility to call dns_rdataset_disassociate() * on all rdatasets returned. * - * XXX XXX + * XXX more XXX * * MP: - * The iterator itself is not locked. The caller must ensure + *\li The iterator itself is not locked. The caller must ensure * synchronization. * - * The iterator methods ensure appropriate database locking. + *\li The iterator methods ensure appropriate database locking. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ /***** @@ -85,12 +84,12 @@ typedef struct dns_rdatasetitermethods { #define DNS_RDATASETITER_MAGIC ISC_MAGIC('D','N','S','i') #define DNS_RDATASETITER_VALID(i) ISC_MAGIC_VALID(i, DNS_RDATASETITER_MAGIC) -/* +/*% * This structure is actually just the common prefix of a DNS db * implementation's version of a dns_rdatasetiter_t. - * + * \brief * Direct use of this structure by clients is forbidden. DB implementations - * may change the structure. 'magic' must be DNS_RDATASETITER_MAGIC for + * may change the structure. 'magic' must be #DNS_RDATASETITER_MAGIC for * any of the dns_rdatasetiter routines to work. DB implementations must * maintain all DB rdataset iterator invariants. */ @@ -106,64 +105,64 @@ struct dns_rdatasetiter { void dns_rdatasetiter_destroy(dns_rdatasetiter_t **iteratorp); -/* +/*%< * Destroy '*iteratorp'. * * Requires: * - * '*iteratorp' is a valid iterator. + *\li '*iteratorp' is a valid iterator. * * Ensures: * - * All resources used by the iterator are freed. + *\li All resources used by the iterator are freed. * - * *iteratorp == NULL. + *\li *iteratorp == NULL. */ isc_result_t dns_rdatasetiter_first(dns_rdatasetiter_t *iterator); -/* +/*%< * Move the rdataset cursor to the first rdataset at the node (if any). * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no rdatasets at the node. + *\li ISC_R_SUCCESS + *\li ISC_R_NOMORE There are no rdatasets at the node. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ isc_result_t dns_rdatasetiter_next(dns_rdatasetiter_t *iterator); -/* +/*%< * Move the rdataset cursor to the next rdataset at the node (if any). * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE There are no more rdatasets at the + *\li ISC_R_SUCCESS + *\li ISC_R_NOMORE There are no more rdatasets at the * node. * - * Other results are possible, depending on the DB implementation. + *\li Other results are possible, depending on the DB implementation. */ void dns_rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset); -/* +/*%< * Return the current rdataset. * * Requires: - * 'iterator' is a valid iterator. + *\li 'iterator' is a valid iterator. * - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * - * The rdataset cursor of 'iterator' is at a valid location (i.e. the - * result of last call to a cursor movement command was ISC_R_SUCCESS). + *\li The rdataset cursor of 'iterator' is at a valid location (i.e. the + * result of last call to a cursor movement command was #ISC_R_SUCCESS). */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdataslab.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdataslab.h similarity index 73% rename from contrib/bind-9.3/lib/dns/include/dns/rdataslab.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdataslab.h index a0912db320..9308073842 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdataslab.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdataslab.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,34 +15,33 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataslab.h,v 1.20.2.2.2.4 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: rdataslab.h,v 1.31 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATASLAB_H #define DNS_RDATASLAB_H 1 -/* - * DNS Rdata Slab - * +/*! \file dns/rdataslab.h + * \brief * Implements storage of rdatasets into slabs of memory. * * MP: - * Clients of this module must impose any required synchronization. + *\li Clients of this module must impose any required synchronization. * * Reliability: - * This module deals with low-level byte streams. Errors in any of + *\li This module deals with low-level byte streams. Errors in any of * the functions are likely to crash the server or corrupt memory. * - * If the caller passes invalid memory references, these functions are + *\li If the caller passes invalid memory references, these functions are * likely to crash the server or corrupt memory. * * Resources: - * None. + *\li None. * * Security: - * None. + *\li None. * * Standards: - * None. + *\li None. */ /*** @@ -65,22 +64,22 @@ ISC_LANG_BEGINDECLS isc_result_t dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, isc_region_t *region, unsigned int reservelen); -/* +/*%< * Slabify a rdataset. The slab area will be allocated and returned * in 'region'. * * Requires: - * 'rdataset' is valid. + *\li 'rdataset' is valid. * * Ensures: - * 'region' will have base pointing to the start of allocated memory, + *\li 'region' will have base pointing to the start of allocated memory, * with the slabified region beginning at region->base + reservelen. * region->length contains the total length allocated. * * Returns: - * ISC_R_SUCCESS - successful completion - * ISC_R_NOMEMORY - no memory. - * + *\li ISC_R_SUCCESS - successful completion + *\li ISC_R_NOMEMORY - no memory. + *\li XXX others */ void @@ -88,27 +87,26 @@ dns_rdataslab_tordataset(unsigned char *slab, unsigned int reservelen, dns_rdataclass_t rdclass, dns_rdatatype_t rdtype, dns_rdatatype_t covers, dns_ttl_t ttl, dns_rdataset_t *rdataset); -/* +/*%< * Construct an rdataset from a slab. * * Requires: - * 'slab' points to a slab. - * 'rdataset' is disassociated. + *\li 'slab' points to a slab. + *\li 'rdataset' is disassociated. * * Ensures: - * 'rdataset' is associated and points to a valid rdataest. + *\li 'rdataset' is associated and points to a valid rdataest. */ - unsigned int dns_rdataslab_size(unsigned char *slab, unsigned int reservelen); -/* +/*%< * Return the total size of an rdataslab. * * Requires: - * 'slab' points to a slab. + *\li 'slab' points to a slab. * * Returns: - * The number of bytes in the slab, including the reservelen. + *\li The number of bytes in the slab, including the reservelen. */ isc_result_t @@ -116,7 +114,7 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, unsigned int reservelen, isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_rdatatype_t type, unsigned int flags, unsigned char **tslabp); -/* +/*%< * Merge 'oslab' and 'nslab'. */ @@ -125,7 +123,7 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, unsigned int reservelen, isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_rdatatype_t type, unsigned int flags, unsigned char **tslabp); -/* +/*%< * Subtract 'sslab' from 'mslab'. If 'exact' is true then all elements * of 'sslab' must exist in 'mslab'. * @@ -136,30 +134,28 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, isc_boolean_t dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, unsigned int reservelen); - -/* +/*%< * Compare two rdataslabs for equality. This does _not_ do a full * DNSSEC comparison. * * Requires: - * 'slab1' and 'slab2' point to slabs. + *\li 'slab1' and 'slab2' point to slabs. * * Returns: - * ISC_TRUE if the slabs are equal, ISC_FALSE otherwise. + *\li ISC_TRUE if the slabs are equal, ISC_FALSE otherwise. */ - isc_boolean_t dns_rdataslab_equalx(unsigned char *slab1, unsigned char *slab2, unsigned int reservelen, dns_rdataclass_t rdclass, dns_rdatatype_t type); -/* +/*%< * Compare two rdataslabs for DNSSEC equality. * * Requires: - * 'slab1' and 'slab2' point to slabs. + *\li 'slab1' and 'slab2' point to slabs. * * Returns: - * ISC_TRUE if the slabs are equal, ISC_FALSE otherwise. + *\li ISC_TRUE if the slabs are equal, #ISC_FALSE otherwise. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/rdatatype.h b/contrib/bind-9.5.2/lib/dns/include/dns/rdatatype.h similarity index 72% rename from contrib/bind-9.3/lib/dns/include/dns/rdatatype.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rdatatype.h index 0fa865dc62..e4c0621a24 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rdatatype.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rdatatype.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatatype.h,v 1.17.206.1 2004/03/06 08:13:59 marka Exp $ */ +/* $Id: rdatatype.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATATYPE_H #define DNS_RDATATYPE_H 1 +/*! \file dns/rdatatype.h */ + #include #include @@ -28,49 +30,49 @@ ISC_LANG_BEGINDECLS isc_result_t dns_rdatatype_fromtext(dns_rdatatype_t *typep, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNS rdata type. * * Requires: - * 'typep' is a valid pointer. + *\li 'typep' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * DNS_R_UNKNOWN type is unknown + *\li ISC_R_SUCCESS on success + *\li DNS_R_UNKNOWN type is unknown */ isc_result_t dns_rdatatype_totext(dns_rdatatype_t type, isc_buffer_t *target); -/* +/*%< * Put a textual representation of type 'type' into 'target'. * * Requires: - * 'type' is a valid type. + *\li 'type' is a valid type. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * - * Ensures: - * If the result is success: - * The used space in 'target' is updated. + * Ensures, + * if the result is success: + *\li The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ void dns_rdatatype_format(dns_rdatatype_t rdtype, char *array, unsigned int size); -/* +/*%< * Format a human-readable representation of the type 'rdtype' * into the character array 'array', which is of size 'size'. * The resulting string is guaranteed to be null-terminated. */ #define DNS_RDATATYPE_FORMATSIZE sizeof("TYPE65535") -/* +/*%< * Minimum size of array to pass to dns_rdatatype_format(). * May need to be adjusted if a new RR type with a very long * name is defined. diff --git a/contrib/bind-9.3/lib/dns/include/dns/request.h b/contrib/bind-9.5.2/lib/dns/include/dns/request.h similarity index 64% rename from contrib/bind-9.3/lib/dns/include/dns/request.h rename to contrib/bind-9.5.2/lib/dns/include/dns/request.h index b3e7bcd7c2..0825540a47 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/request.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/request.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.h,v 1.17.12.5 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: request.h,v 1.27.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_REQUEST_H #define DNS_REQUEST_H 1 @@ -24,21 +24,21 @@ ***** Module Info *****/ -/* - * DNS Request +/*! \file dns/request.h * + * \brief * The request module provides simple request/response services useful for * sending SOA queries, DNS Notify messages, and dynamic update requests. * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. */ #include @@ -49,7 +49,7 @@ #define DNS_REQUESTOPT_TCP 0x00000001U typedef struct dns_requestevent { - ISC_EVENT_COMMON(struct dns_requestevent); + ISC_EVENT_COMMON(struct dns_requestevent); isc_result_t result; dns_request_t *request; } dns_requestevent_t; @@ -62,102 +62,101 @@ dns_requestmgr_create(isc_mem_t *mctx, isc_timermgr_t *timermgr, dns_dispatchmgr_t *dispatchmgr, dns_dispatch_t *dispatchv4, dns_dispatch_t *dispatchv6, dns_requestmgr_t **requestmgrp); -/* +/*%< * Create a request manager. * * Requires: * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * - * 'timermgr' is a valid timer manager. + *\li 'timermgr' is a valid timer manager. * - * 'socketmgr' is a valid socket manager. + *\li 'socketmgr' is a valid socket manager. * - * 'taskmgr' is a valid task manager. + *\li 'taskmgr' is a valid task manager. * - * 'dispatchv4' is a valid dispatcher with an IPv4 UDP socket, or is NULL. + *\li 'dispatchv4' is a valid dispatcher with an IPv4 UDP socket, or is NULL. * - * 'dispatchv6' is a valid dispatcher with an IPv6 UDP socket, or is NULL. + *\li 'dispatchv6' is a valid dispatcher with an IPv6 UDP socket, or is NULL. * - * requestmgrp != NULL && *requestmgrp == NULL + *\li requestmgrp != NULL && *requestmgrp == NULL * * Ensures: * - * On success, *requestmgrp is a valid request manager. + *\li On success, *requestmgrp is a valid request manager. * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Any other result indicates failure. + *\li Any other result indicates failure. */ void dns_requestmgr_whenshutdown(dns_requestmgr_t *requestmgr, isc_task_t *task, isc_event_t **eventp); -/* +/*%< * Send '*eventp' to 'task' when 'requestmgr' has completed shutdown. * * Notes: * - * It is not safe to detach the last reference to 'requestmgr' until + *\li It is not safe to detach the last reference to 'requestmgr' until * shutdown is complete. * * Requires: * - * 'requestmgr' is a valid request manager. + *\li 'requestmgr' is a valid request manager. * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * *eventp is a valid event. + *\li *eventp is a valid event. * * Ensures: * - * *eventp == NULL. + *\li *eventp == NULL. */ void dns_requestmgr_shutdown(dns_requestmgr_t *requestmgr); -/* +/*%< * Start the shutdown process for 'requestmgr'. * * Notes: * - * This call has no effect if the request manager is already shutting + *\li This call has no effect if the request manager is already shutting * down. * * Requires: * - * 'requestmgr' is a valid requestmgr. + *\li 'requestmgr' is a valid requestmgr. */ void dns_requestmgr_attach(dns_requestmgr_t *source, dns_requestmgr_t **targetp); -/* +/*%< * Attach to the request manager. dns_requestmgr_shutdown() must not * have been called on 'source' prior to calling dns_requestmgr_attach(). * * Requires: * - * 'source' is a valid requestmgr. + *\li 'source' is a valid requestmgr. * - * 'targetp' to be non NULL and '*targetp' to be NULL. + *\li 'targetp' to be non NULL and '*targetp' to be NULL. */ void dns_requestmgr_detach(dns_requestmgr_t **requestmgrp); -/* - * +/*%< * Detach from the given requestmgr. If this is the final detach * requestmgr will be destroyed. dns_requestmgr_shutdown() must * be called before the final detach. * * Requires: * - * '*requestmgrp' is a valid requestmgr. + *\li '*requestmgrp' is a valid requestmgr. * * Ensures: - * '*requestmgrp' is NULL. + *\li '*requestmgrp' is NULL. */ isc_result_t @@ -167,31 +166,32 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message, unsigned int timeout, isc_task_t *task, isc_taskaction_t action, void *arg, dns_request_t **requestp); -/* +/*%< * Create and send a request. * * Notes: * - * 'message' will be rendered and sent to 'address'. If the - * DNS_REQUESTOPT_TCP option is set, TCP will be used. The request + *\li 'message' will be rendered and sent to 'address'. If the + * #DNS_REQUESTOPT_TCP option is set, TCP will be used. The request * will timeout after 'timeout' seconds. * - * When the request completes, successfully, due to a timeout, or + *\li When the request completes, successfully, due to a timeout, or * because it was canceled, a completion event will be sent to 'task'. * * Requires: * - * 'message' is a valid DNS message. + *\li 'message' is a valid DNS message. * - * 'address' is a valid sockaddr. + *\li 'address' is a valid sockaddr. * - * 'timeout' > 0 + *\li 'timeout' > 0 * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * requestp != NULL && *requestp == NULL + *\li requestp != NULL && *requestp == NULL */ +/*% See dns_request_createvia3() */ isc_result_t dns_request_createvia(dns_requestmgr_t *requestmgr, dns_message_t *message, isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, @@ -200,6 +200,7 @@ dns_request_createvia(dns_requestmgr_t *requestmgr, dns_message_t *message, isc_taskaction_t action, void *arg, dns_request_t **requestp); +/*% See dns_request_createvia3() */ isc_result_t dns_request_createvia2(dns_requestmgr_t *requestmgr, dns_message_t *message, isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, @@ -216,36 +217,37 @@ dns_request_createvia3(dns_requestmgr_t *requestmgr, dns_message_t *message, unsigned int udpretries, isc_task_t *task, isc_taskaction_t action, void *arg, dns_request_t **requestp); -/* +/*%< * Create and send a request. * * Notes: * - * 'message' will be rendered and sent to 'address'. If the - * DNS_REQUESTOPT_TCP option is set, TCP will be used. The request + *\li 'message' will be rendered and sent to 'address'. If the + * #DNS_REQUESTOPT_TCP option is set, TCP will be used. The request * will timeout after 'timeout' seconds. UDP requests will be resent * at 'udptimeout' intervals if non-zero or 'udpretries' is non-zero. * - * When the request completes, successfully, due to a timeout, or + *\li When the request completes, successfully, due to a timeout, or * because it was canceled, a completion event will be sent to 'task'. * * Requires: * - * 'message' is a valid DNS message. + *\li 'message' is a valid DNS message. * - * 'dstaddr' is a valid sockaddr. + *\li 'dstaddr' is a valid sockaddr. * - * 'srcaddr' is a valid sockaddr or NULL. + *\li 'srcaddr' is a valid sockaddr or NULL. * - * 'srcaddr' and 'dstaddr' are the same protocol family. + *\li 'srcaddr' and 'dstaddr' are the same protocol family. * - * 'timeout' > 0 + *\li 'timeout' > 0 * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * requestp != NULL && *requestp == NULL + *\li requestp != NULL && *requestp == NULL */ +/*% See dns_request_createraw3() */ isc_result_t dns_request_createraw(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, @@ -253,6 +255,7 @@ dns_request_createraw(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, isc_task_t *task, isc_taskaction_t action, void *arg, dns_request_t **requestp); +/*% See dns_request_createraw3() */ isc_result_t dns_request_createraw2(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, @@ -268,55 +271,55 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, unsigned int udptimeout, unsigned int udpretries, isc_task_t *task, isc_taskaction_t action, void *arg, dns_request_t **requestp); -/* - * Create and send a request. +/*!< + * \brief Create and send a request. * * Notes: * - * 'msgbuf' will be sent to 'destaddr' after setting the id. If the - * DNS_REQUESTOPT_TCP option is set, TCP will be used. The request + *\li 'msgbuf' will be sent to 'destaddr' after setting the id. If the + * #DNS_REQUESTOPT_TCP option is set, TCP will be used. The request * will timeout after 'timeout' seconds. UDP requests will be resent * at 'udptimeout' intervals if non-zero or if 'udpretries' is not zero. - * - * When the request completes, successfully, due to a timeout, or + * + *\li When the request completes, successfully, due to a timeout, or * because it was canceled, a completion event will be sent to 'task'. * * Requires: * - * 'msgbuf' is a valid DNS message in compressed wire format. + *\li 'msgbuf' is a valid DNS message in compressed wire format. * - * 'destaddr' is a valid sockaddr. + *\li 'destaddr' is a valid sockaddr. * - * 'srcaddr' is a valid sockaddr or NULL. + *\li 'srcaddr' is a valid sockaddr or NULL. * - * 'srcaddr' and 'dstaddr' are the same protocol family. + *\li 'srcaddr' and 'dstaddr' are the same protocol family. * - * 'timeout' > 0 + *\li 'timeout' > 0 * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * requestp != NULL && *requestp == NULL + *\li requestp != NULL && *requestp == NULL */ void dns_request_cancel(dns_request_t *request); -/* +/*%< * Cancel 'request'. * * Requires: * - * 'request' is a valid request. + *\li 'request' is a valid request. * * Ensures: * - * If the completion event for 'request' has not yet been sent, it + *\li If the completion event for 'request' has not yet been sent, it * will be sent, and the result code will be ISC_R_CANCELED. */ isc_result_t dns_request_getresponse(dns_request_t *request, dns_message_t *message, unsigned int options); -/* +/*%< * Get the response to 'request' by filling in 'message'. * * 'options' is passed to dns_message_parse(). See dns_message_parse() @@ -324,46 +327,46 @@ dns_request_getresponse(dns_request_t *request, dns_message_t *message, * * Requires: * - * 'request' is a valid request for which the caller has received the + *\li 'request' is a valid request for which the caller has received the * completion event. * - * The result code of the completion event was ISC_R_SUCCESS. + *\li The result code of the completion event was #ISC_R_SUCCESS. * * Returns: * - * ISC_R_SUCCESS + *\li ISC_R_SUCCESS * - * Any result that dns_message_parse() can return. + *\li Any result that dns_message_parse() can return. */ isc_boolean_t dns_request_usedtcp(dns_request_t *request); -/* - * Return whether this query used TCP or not. Setting DNS_REQUESTOPT_TCP +/*%< + * Return whether this query used TCP or not. Setting #DNS_REQUESTOPT_TCP * in the call to dns_request_create() will cause the function to return - * ISC_TRUE, othewise the result is based on the query message size. + * #ISC_TRUE, otherwise the result is based on the query message size. * * Requires: - * 'request' is a valid request. + *\li 'request' is a valid request. * * Returns: - * ISC_TRUE if TCP was used. - * ISC_FALSE if UDP was used. + *\li ISC_TRUE if TCP was used. + *\li ISC_FALSE if UDP was used. */ void dns_request_destroy(dns_request_t **requestp); -/* +/*%< * Destroy 'request'. * * Requires: * - * 'request' is a valid request for which the caller has received the + *\li 'request' is a valid request for which the caller has received the * completion event. * * Ensures: * - * *requestp == NULL + *\li *requestp == NULL */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/resolver.h b/contrib/bind-9.5.2/lib/dns/include/dns/resolver.h similarity index 53% rename from contrib/bind-9.3/lib/dns/include/dns/resolver.h rename to contrib/bind-9.5.2/lib/dns/include/dns/resolver.h index 8e3e63232b..a1c51a0cbe 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/resolver.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/resolver.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.h,v 1.34.12.9 2006/02/01 23:48:51 marka Exp $ */ +/* $Id: resolver.h,v 1.56.128.7 2009/01/29 22:41:45 jinmei Exp $ */ #ifndef DNS_RESOLVER_H #define DNS_RESOLVER_H 1 @@ -24,9 +24,9 @@ ***** Module Info *****/ -/* - * DNS Resolver +/*! \file dns/resolver.h * + * \brief * This is the BIND 9 resolver, the module responsible for resolving DNS * requests by iteratively querying authoritative servers and following * referrals. This is a "full resolver", not to be confused with @@ -35,21 +35,21 @@ * daemon the stub resolver talks to. * * MP: - * The module ensures appropriate synchronization of data structures it + *\li The module ensures appropriate synchronization of data structures it * creates and manipulates. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * RFCs: 1034, 1035, 2181, - * Drafts: + *\li RFCs: 1034, 1035, 2181, TBS + *\li Drafts: TBS */ #include @@ -60,14 +60,14 @@ ISC_LANG_BEGINDECLS -/* +/*% * A dns_fetchevent_t is sent when a 'fetch' completes. Any of 'db', * 'node', 'rdataset', and 'sigrdataset' may be bound. It is the * receiver's responsibility to detach before freeing the event. - * - * 'rdataset' and 'sigrdataset' are the values that were supplied when - * dns_resolver_createfetch() was called. They are returned to the - * caller so that they may be freed. + * \brief + * 'rdataset', 'sigrdataset', 'client' and 'id' are the values that were + * supplied when dns_resolver_createfetch() was called. They are returned + * to the caller so that they may be freed. */ typedef struct dns_fetchevent { ISC_EVENT_COMMON(struct dns_fetchevent); @@ -79,17 +79,41 @@ typedef struct dns_fetchevent { dns_rdataset_t * rdataset; dns_rdataset_t * sigrdataset; dns_fixedname_t foundname; + isc_sockaddr_t * client; + dns_messageid_t id; } dns_fetchevent_t; /* * Options that modify how a 'fetch' is done. */ -#define DNS_FETCHOPT_TCP 0x01 /* Use TCP. */ -#define DNS_FETCHOPT_UNSHARED 0x02 /* See below. */ -#define DNS_FETCHOPT_RECURSIVE 0x04 /* Set RD? */ -#define DNS_FETCHOPT_NOEDNS0 0x08 /* Do not use EDNS. */ -#define DNS_FETCHOPT_FORWARDONLY 0x10 /* Only use forwarders. */ -#define DNS_FETCHOPT_NOVALIDATE 0x20 /* Disable validation. */ +#define DNS_FETCHOPT_TCP 0x01 /*%< Use TCP. */ +#define DNS_FETCHOPT_UNSHARED 0x02 /*%< See below. */ +#define DNS_FETCHOPT_RECURSIVE 0x04 /*%< Set RD? */ +#define DNS_FETCHOPT_NOEDNS0 0x08 /*%< Do not use EDNS. */ +#define DNS_FETCHOPT_FORWARDONLY 0x10 /*%< Only use forwarders. */ +#define DNS_FETCHOPT_NOVALIDATE 0x20 /*%< Disable validation. */ +#define DNS_FETCHOPT_EDNS512 0x40 /*%< Advertise a 512 byte + UDP buffer. */ +#define DNS_FETCHOPT_WANTNSID 0x80 /*%< Request NSID */ + +#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000 +#define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000 +#define DNS_FETCHOPT_EDNSVERSIONSHIFT 24 + +/* + * Upper bounds of class of query RTT (ms). Corresponds to + * dns_resstatscounter_queryrttX statistics counters. + */ +#define DNS_RESOLVER_QRYRTTCLASS0 10 +#define DNS_RESOLVER_QRYRTTCLASS0STR "10" +#define DNS_RESOLVER_QRYRTTCLASS1 100 +#define DNS_RESOLVER_QRYRTTCLASS1STR "100" +#define DNS_RESOLVER_QRYRTTCLASS2 500 +#define DNS_RESOLVER_QRYRTTCLASS2STR "500" +#define DNS_RESOLVER_QRYRTTCLASS3 800 +#define DNS_RESOLVER_QRYRTTCLASS3STR "800" +#define DNS_RESOLVER_QRYRTTCLASS4 1600 +#define DNS_RESOLVER_QRYRTTCLASS4STR "1600" /* * XXXRTH Should this API be made semi-private? (I.e. @@ -110,114 +134,112 @@ dns_resolver_create(dns_view_t *view, dns_dispatch_t *dispatchv6, dns_resolver_t **resp); -/* +/*%< * Create a resolver. * * Notes: * - * Generally, applications should not create a resolver directly, but + *\li Generally, applications should not create a resolver directly, but * should instead call dns_view_createresolver(). * - * No options are currently defined. - * * Requires: * - * 'view' is a valid view. + *\li 'view' is a valid view. * - * 'taskmgr' is a valid task manager. + *\li 'taskmgr' is a valid task manager. * - * 'ntasks' > 0. + *\li 'ntasks' > 0. * - * 'socketmgr' is a valid socket manager. + *\li 'socketmgr' is a valid socket manager. * - * 'timermgr' is a valid timer manager. + *\li 'timermgr' is a valid timer manager. * - * 'dispatchv4' is a valid dispatcher with an IPv4 UDP socket, or is NULL. + *\li 'dispatchv4' is a valid dispatcher with an IPv4 UDP socket, or is NULL. * - * 'dispatchv6' is a valid dispatcher with an IPv6 UDP socket, or is NULL. + *\li 'dispatchv6' is a valid dispatcher with an IPv6 UDP socket, or is NULL. * - * resp != NULL && *resp == NULL. + *\li resp != NULL && *resp == NULL. * * Returns: * - * ISC_R_SUCCESS On success. + *\li #ISC_R_SUCCESS On success. * - * Anything else Failure. + *\li Anything else Failure. */ void dns_resolver_freeze(dns_resolver_t *res); -/* +/*%< * Freeze resolver. * * Notes: * - * Certain configuration changes cannot be made after the resolver + *\li Certain configuration changes cannot be made after the resolver * is frozen. Fetches cannot be created until the resolver is frozen. * * Requires: * - * 'res' is a valid, unfrozen resolver. + *\li 'res' is a valid, unfrozen resolver. * * Ensures: * - * 'res' is frozen. + *\li 'res' is frozen. */ void dns_resolver_prime(dns_resolver_t *res); -/* +/*%< * Prime resolver. * * Notes: * - * Resolvers which have a forwarding policy other than dns_fwdpolicy_only + *\li Resolvers which have a forwarding policy other than dns_fwdpolicy_only * need to be primed with the root nameservers, otherwise the root * nameserver hints data may be used indefinitely. This function requests * that the resolver start a priming fetch, if it isn't already priming. * * Requires: * - * 'res' is a valid, frozen resolver. + *\li 'res' is a valid, frozen resolver. */ void dns_resolver_whenshutdown(dns_resolver_t *res, isc_task_t *task, isc_event_t **eventp); -/* +/*%< * Send '*eventp' to 'task' when 'res' has completed shutdown. * * Notes: * - * It is not safe to detach the last reference to 'res' until + *\li It is not safe to detach the last reference to 'res' until * shutdown is complete. * * Requires: * - * 'res' is a valid resolver. + *\li 'res' is a valid resolver. * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * *eventp is a valid event. + *\li *eventp is a valid event. * * Ensures: * - * *eventp == NULL. + *\li *eventp == NULL. */ void dns_resolver_shutdown(dns_resolver_t *res); -/* +/*%< * Start the shutdown process for 'res'. * * Notes: * - * This call has no effect if the resolver is already shutting down. + *\li This call has no effect if the resolver is already shutting down. * * Requires: * - * 'res' is a valid resolver. + *\li 'res' is a valid resolver. */ void @@ -236,88 +258,125 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, dns_fetch_t **fetchp); -/* + +isc_result_t +dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, + dns_rdatatype_t type, + dns_name_t *domain, dns_rdataset_t *nameservers, + dns_forwarders_t *forwarders, + isc_sockaddr_t *client, isc_uint16_t id, + unsigned int options, isc_task_t *task, + isc_taskaction_t action, void *arg, + dns_rdataset_t *rdataset, + dns_rdataset_t *sigrdataset, + dns_fetch_t **fetchp); +/*%< * Recurse to answer a question. * * Notes: * - * This call starts a query for 'name', type 'type'. + *\li This call starts a query for 'name', type 'type'. * - * The 'domain' is a parent domain of 'name' for which + *\li The 'domain' is a parent domain of 'name' for which * a set of name servers 'nameservers' is known. If no * such name server information is available, set * 'domain' and 'nameservers' to NULL. * - * 'forwarders' is unimplemented, and subject to change when + *\li 'forwarders' is unimplemented, and subject to change when * we figure out how selective forwarding will work. * - * When the fetch completes (successfully or otherwise), a - * DNS_EVENT_FETCHDONE event with action 'action' and arg 'arg' will be + *\li When the fetch completes (successfully or otherwise), a + * #DNS_EVENT_FETCHDONE event with action 'action' and arg 'arg' will be * posted to 'task'. * - * The values of 'rdataset' and 'sigrdataset' will be returned in + *\li The values of 'rdataset' and 'sigrdataset' will be returned in * the FETCHDONE event. * + *\li 'client' and 'id' are used for duplicate query detection. '*client' + * must remain stable until after 'action' has been called or + * dns_resolver_cancelfetch() is called. + * * Requires: * - * 'res' is a valid resolver that has been frozen. + *\li 'res' is a valid resolver that has been frozen. * - * 'name' is a valid name. + *\li 'name' is a valid name. * - * 'type' is not a meta type other than ANY. + *\li 'type' is not a meta type other than ANY. * - * 'domain' is a valid name or NULL. + *\li 'domain' is a valid name or NULL. * - * 'nameservers' is a valid NS rdataset (whose owner name is 'domain') + *\li 'nameservers' is a valid NS rdataset (whose owner name is 'domain') * iff. 'domain' is not NULL. * - * 'forwarders' is NULL. + *\li 'forwarders' is NULL. + * + *\li 'client' is a valid sockaddr or NULL. * - * 'options' contains valid options. + *\li 'options' contains valid options. * - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * - * 'sigrdataset' is NULL, or is a valid, disassociated rdataset. + *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset. * - * fetchp != NULL && *fetchp == NULL. + *\li fetchp != NULL && *fetchp == NULL. * * Returns: * - * ISC_R_SUCCESS Success + *\li #ISC_R_SUCCESS Success + *\li #DNS_R_DUPLICATE + *\li #DNS_R_DROP * - * Many other values are possible, all of which indicate failure. + *\li Many other values are possible, all of which indicate failure. */ void dns_resolver_cancelfetch(dns_fetch_t *fetch); -/* +/*%< * Cancel 'fetch'. * * Notes: * - * If 'fetch' has not completed, post its FETCHDONE event with a - * result code of ISC_R_CANCELED. + *\li If 'fetch' has not completed, post its FETCHDONE event with a + * result code of #ISC_R_CANCELED. * * Requires: * - * 'fetch' is a valid fetch. + *\li 'fetch' is a valid fetch. */ void dns_resolver_destroyfetch(dns_fetch_t **fetchp); -/* +/*%< * Destroy 'fetch'. * * Requires: * - * '*fetchp' is a valid fetch. + *\li '*fetchp' is a valid fetch. * - * The caller has received the FETCHDONE event (either because the + *\li The caller has received the FETCHDONE event (either because the * fetch completed or because dns_resolver_cancelfetch() was called). * * Ensures: * - * *fetchp == NULL. + *\li *fetchp == NULL. + */ + +void +dns_resolver_logfetch(dns_fetch_t *fetch, isc_log_t *lctx, + isc_logcategory_t *category, isc_logmodule_t *module, + int level, isc_boolean_t duplicateok); +/*%< + * Dump a log message on internal state at the completion of given 'fetch'. + * 'lctx', 'category', 'module', and 'level' are used to write the log message. + * By default, only one log message is written even if the corresponding fetch + * context serves multiple clients; if 'duplicateok' is true the suppression + * is disabled and the message can be written every time this function is + * called. + * + * Requires: + * + *\li 'fetch' is a valid fetch, and has completed. */ dns_dispatchmgr_t * @@ -337,25 +396,25 @@ dns_resolver_taskmgr(dns_resolver_t *resolver); isc_uint32_t dns_resolver_getlamettl(dns_resolver_t *resolver); -/* +/*%< * Get the resolver's lame-ttl. zero => no lame processing. * * Requires: - * 'resolver' to be valid. + *\li 'resolver' to be valid. */ void dns_resolver_setlamettl(dns_resolver_t *resolver, isc_uint32_t lame_ttl); -/* +/*%< * Set the resolver's lame-ttl. zero => no lame processing. * * Requires: - * 'resolver' to be valid. + *\li 'resolver' to be valid. */ unsigned int dns_resolver_nrunning(dns_resolver_t *resolver); -/* +/*%< * Return the number of currently running resolutions in this * resolver. This is may be less than the number of outstanding * fetches due to multiple identical fetches, or more than the @@ -366,56 +425,62 @@ dns_resolver_nrunning(dns_resolver_t *resolver); isc_result_t dns_resolver_addalternate(dns_resolver_t *resolver, isc_sockaddr_t *alt, dns_name_t *name, in_port_t port); -/* +/*%< * Add alternate addresses to be tried in the event that the nameservers * for a zone are not available in the address families supported by the * operating system. * * Require: - * only one of 'name' or 'alt' to be valid. + * \li only one of 'name' or 'alt' to be valid. */ void dns_resolver_setudpsize(dns_resolver_t *resolver, isc_uint16_t udpsize); -/* +/*%< * Set the EDNS UDP buffer size advertised by the server. */ isc_uint16_t dns_resolver_getudpsize(dns_resolver_t *resolver); -/* +/*%< * Get the current EDNS UDP buffer size. */ void dns_resolver_reset_algorithms(dns_resolver_t *resolver); -/* +/*%< * Clear the disabled DNSSEC algorithms. */ isc_result_t dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name, unsigned int alg); -/* +/*%< * Mark the give DNSSEC algorithm as disabled and below 'name'. * Valid algorithms are less than 256. * * Returns: - * ISC_R_SUCCESS - * ISC_R_RANGE - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_RANGE + *\li #ISC_R_NOMEMORY */ isc_boolean_t dns_resolver_algorithm_supported(dns_resolver_t *resolver, dns_name_t *name, unsigned int alg); -/* +/*%< * Check if the given algorithm is supported by this resolver. * This checks if the algorithm has been disabled via * dns_resolver_disable_algorithm() then the underlying * crypto libraries if not specifically disabled. */ +isc_boolean_t +dns_resolver_digest_supported(dns_resolver_t *resolver, unsigned int digest_type); +/*%< + * Is this digest type supported. + */ + void dns_resolver_resetmustbesecure(dns_resolver_t *resolver); @@ -426,6 +491,23 @@ dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name, isc_boolean_t dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name); +void +dns_resolver_setclientsperquery(dns_resolver_t *resolver, + isc_uint32_t min, isc_uint32_t max); + +void +dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur, + isc_uint32_t *min, isc_uint32_t *max); + +isc_boolean_t +dns_resolver_getzeronosoattl(dns_resolver_t *resolver); + +void +dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state); + +unsigned int +dns_resolver_getoptions(dns_resolver_t *resolver); + ISC_LANG_ENDDECLS #endif /* DNS_RESOLVER_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/result.h b/contrib/bind-9.5.2/lib/dns/include/dns/result.h similarity index 94% rename from contrib/bind-9.3/lib/dns/include/dns/result.h rename to contrib/bind-9.5.2/lib/dns/include/dns/result.h index f1a71d9821..37d61b5c6e 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/result.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/result.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.81.2.7.2.13 2004/05/14 05:06:41 marka Exp $ */ +/* $Id: result.h,v 1.114 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RESULT_H #define DNS_RESULT_H 1 +/*! \file dns/result.h */ + #include #include @@ -143,8 +145,10 @@ #define DNS_R_UNKNOWNCOMMAND (ISC_RESULTCLASS_DNS + 99) #define DNS_R_MUSTBESECURE (ISC_RESULTCLASS_DNS + 100) #define DNS_R_COVERINGNSEC (ISC_RESULTCLASS_DNS + 101) +#define DNS_R_MXISADDRESS (ISC_RESULTCLASS_DNS + 102) +#define DNS_R_DUPLICATE (ISC_RESULTCLASS_DNS + 103) -#define DNS_R_NRESULTS 102 /* Number of results */ +#define DNS_R_NRESULTS 104 /*%< Number of results */ /* * DNS wire format rcodes. @@ -165,7 +169,7 @@ #define DNS_R_NOTZONE (ISC_RESULTCLASS_DNSRCODE + 10) #define DNS_R_BADVERS (ISC_RESULTCLASS_DNSRCODE + 16) -#define DNS_R_NRCODERESULTS 17 /* Number of rcode results */ +#define DNS_R_NRCODERESULTS 17 /*%< Number of rcode results */ #define DNS_RESULT_ISRCODE(result) \ (ISC_RESULTCLASS_INCLASS(ISC_RESULTCLASS_DNSRCODE, (result))) diff --git a/contrib/bind-9.3/lib/dns/include/dns/rootns.h b/contrib/bind-9.5.2/lib/dns/include/dns/rootns.h similarity index 70% rename from contrib/bind-9.3/lib/dns/include/dns/rootns.h rename to contrib/bind-9.5.2/lib/dns/include/dns/rootns.h index 02da556cdb..6da3f79d8b 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/rootns.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/rootns.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rootns.h,v 1.8.206.1 2004/03/06 08:14:00 marka Exp $ */ +/* $Id: rootns.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ROOTNS_H #define DNS_ROOTNS_H 1 +/*! \file dns/rootns.h */ + #include #include @@ -30,6 +32,14 @@ isc_result_t dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, const char *filename, dns_db_t **target); +void +dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db); +/* + * Reports differences between hints and the real roots. + * + * Requires view, hints and (cache) db to be valid. + */ + ISC_LANG_ENDDECLS #endif /* DNS_ROOTNS_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/sdb.h b/contrib/bind-9.5.2/lib/dns/include/dns/sdb.h similarity index 93% rename from contrib/bind-9.3/lib/dns/include/dns/sdb.h rename to contrib/bind-9.5.2/lib/dns/include/dns/sdb.h index 5fdeace147..c341248bf9 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/sdb.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/sdb.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdb.h,v 1.12.12.3 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: sdb.h,v 1.21.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_SDB_H #define DNS_SDB_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/sdb.h + * \brief * Simple database API. */ @@ -40,17 +41,17 @@ *** Types ***/ -/* +/*% * A simple database. This is an opaque type. */ typedef struct dns_sdb dns_sdb_t; -/* +/*% * A simple database lookup in progress. This is an opaque type. */ typedef struct dns_sdblookup dns_sdblookup_t; -/* +/*% * A simple database traversal in progress. This is an opaque type. */ typedef struct dns_sdballnodes dns_sdballnodes_t; @@ -96,7 +97,7 @@ isc_result_t dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods, void *driverdata, unsigned int flags, isc_mem_t *mctx, dns_sdbimplementation_t **sdbimp); -/* +/*%< * Register a simple database driver for the database type 'drivername', * implemented by the functions in '*methods'. * @@ -126,12 +127,12 @@ dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods, * The allnodes function, if non-NULL, fills in an opaque structure to be * used by a database iterator. This allows the zone to be transferred. * This may use a considerable amount of memory for large zones, and the - * zone transfer may not be fully RFC 1035 compliant if the zone is + * zone transfer may not be fully RFC1035 compliant if the zone is * frequently changed. * * The create function will be called for each zone configured * into the name server using this database type. It can be used - * to create a "database object" containg zone specific data, + * to create a "database object" containing zone specific data, * which can make use of the database arguments specified in the * name server configuration. * @@ -156,19 +157,20 @@ dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods, void dns_sdb_unregister(dns_sdbimplementation_t **sdbimp); -/* +/*%< * Removes the simple database driver from the list of registered database * types. There must be no active databases of this type when this function * is called. */ +/*% See dns_sdb_putradata() */ isc_result_t dns_sdb_putrr(dns_sdblookup_t *lookup, const char *type, dns_ttl_t ttl, const char *data); isc_result_t dns_sdb_putrdata(dns_sdblookup_t *lookup, dns_rdatatype_t type, dns_ttl_t ttl, const unsigned char *rdata, unsigned int rdlen); -/* +/*%< * Add a single resource record to the lookup structure to be * returned in the query response. dns_sdb_putrr() takes the * resource record in master file text format as a null-terminated @@ -176,6 +178,7 @@ dns_sdb_putrdata(dns_sdblookup_t *lookup, dns_rdatatype_t type, dns_ttl_t ttl, * uncompressed wire format. */ +/*% See dns_sdb_putnamerdata() */ isc_result_t dns_sdb_putnamedrr(dns_sdballnodes_t *allnodes, const char *name, const char *type, dns_ttl_t ttl, const char *data); @@ -183,7 +186,7 @@ isc_result_t dns_sdb_putnamedrdata(dns_sdballnodes_t *allnodes, const char *name, dns_rdatatype_t type, dns_ttl_t ttl, const void *rdata, unsigned int rdlen); -/* +/*%< * Add a single resource record to the allnodes structure to be * included in a zone transfer response, in text or wire * format as above. @@ -192,7 +195,7 @@ dns_sdb_putnamedrdata(dns_sdballnodes_t *allnodes, const char *name, isc_result_t dns_sdb_putsoa(dns_sdblookup_t *lookup, const char *mname, const char *rname, isc_uint32_t serial); -/* +/*%< * This function may optionally be called from the 'authority' callback * to simplify construction of the SOA record for 'zone'. It will * provide a SOA listing 'mname' as as the master server and 'rname' as diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/sdlz.h b/contrib/bind-9.5.2/lib/dns/include/dns/sdlz.h new file mode 100644 index 0000000000..270f40d311 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/sdlz.h @@ -0,0 +1,266 @@ +/* + * Portions Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: sdlz.h,v 1.7.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +/*! \file dns/sdlz.h */ + +#ifndef SDLZ_H +#define SDLZ_H 1 + +#include + +ISC_LANG_BEGINDECLS + +#define DNS_SDLZFLAG_THREADSAFE 0x00000001U +#define DNS_SDLZFLAG_RELATIVEOWNER 0x00000002U +#define DNS_SDLZFLAG_RELATIVERDATA 0x00000004U + + /* A simple DLZ database. */ +typedef struct dns_sdlz_db dns_sdlz_db_t; + + /* A simple DLZ database lookup in progress. */ +typedef struct dns_sdlzlookup dns_sdlzlookup_t; + + /* A simple DLZ database traversal in progress. */ +typedef struct dns_sdlzallnodes dns_sdlzallnodes_t; + + +typedef isc_result_t +(*dns_sdlzallnodesfunc_t)(const char *zone, void *driverarg, void *dbdata, + dns_sdlzallnodes_t *allnodes); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface may + * supply an all nodes method. This method is called when the DNS + * server is performing a zone transfer query, after the allow zone + * transfer method has been called. This method is only called if the + * allow zone transfer method returned ISC_R_SUCCESS. This method and + * the allow zone transfer method are both required for zone transfers + * to be supported. If the driver generates data dynamically (instead + * of searching in a database for it) it should not implement this + * function as a zone transfer would be meaningless. A SDLZ driver + * does not have to implement an all nodes method. + */ + +typedef isc_result_t +(*dns_sdlzallowzonexfr_t)(void *driverarg, void *dbdata, const char *name, + const char *client); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface may + * supply an allow zone transfer method. This method is called when + * the DNS server is performing a zone transfer query, before the all + * nodes method can be called. This method and the all node method + * are both required for zone transfers to be supported. If the + * driver generates data dynamically (instead of searching in a + * database for it) it should not implement this function as a zone + * transfer would be meaningless. A SDLZ driver does not have to + * implement an allow zone transfer method. + * + * This method should return ISC_R_SUCCESS if the zone is supported by + * the database and a zone transfer is allowed for the specified + * client. If the zone is supported by the database, but zone + * transfers are not allowed for the specified client this method + * should return ISC_R_NOPERM.. Lastly the method should return + * ISC_R_NOTFOUND if the zone is not supported by the database. If an + * error occurs it should return a result code indicating the type of + * error. + */ + +typedef isc_result_t +(*dns_sdlzauthorityfunc_t)(const char *zone, void *driverarg, void *dbdata, + dns_sdlzlookup_t *lookup); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface may + * supply an authority method. This method is called when the DNS + * server is performing a query, after both the find zone and lookup + * methods have been called. This method is required if the lookup + * function does not supply authority information for the dns + * record. A SDLZ driver does not have to implement an authority + * method. + */ + +typedef isc_result_t +(*dns_sdlzcreate_t)(const char *dlzname, unsigned int argc, char *argv[], + void *driverarg, void **dbdata); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface may + * supply a create method. This method is called when the DNS server + * is starting up and creating drivers for use later. A SDLZ driver + * does not have to implement a create method. + */ + +typedef void +(*dns_sdlzdestroy_t)(void *driverarg, void *dbdata); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface may + * supply a destroy method. This method is called when the DNS server + * is shutting down and no longer needs the driver. A SDLZ driver does + * not have to implement a destroy method. + */ + +typedef isc_result_t +(*dns_sdlzfindzone_t)(void *driverarg, void *dbdata, const char *name); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface MUST + * supply a find zone method. This method is called when the DNS + * server is performing a query to to determine if 'name' is a + * supported dns zone. The find zone method will be called with the + * longest possible name first, and continue to be called with + * successively shorter domain names, until any of the following + * occur: + * + * \li 1) the function returns (ISC_R_SUCCESS) indicating a zone name + * match. + * + * \li 2) a problem occurs, and the functions returns anything other than + * (ISC_R_NOTFOUND) + * + * \li 3) we run out of domain name labels. I.E. we have tried the + * shortest domain name + * + * \li 4) the number of labels in the domain name is less than min_labels + * for dns_dlzfindzone + * + * The driver's find zone method should return ISC_R_SUCCESS if the + * zone is supported by the database. Otherwise it should return + * ISC_R_NOTFOUND, if the zone is not supported. If an error occurs + * it should return a result code indicating the type of error. + */ + +typedef isc_result_t +(*dns_sdlzlookupfunc_t)(const char *zone, const char *name, void *driverarg, + void *dbdata, dns_sdlzlookup_t *lookup); + +/*%< + * Method prototype. Drivers implementing the SDLZ interface MUST + * supply a lookup method. This method is called when the DNS server + * is performing a query, after the find zone and before any other + * methods have been called. This function returns record DNS record + * information using the dns_sdlz_putrr and dns_sdlz_putsoa functions. + * If this function supplies authority information for the DNS record + * the authority method is not required. If it does not, the + * authority function is required. A SDLZ driver must implement a + * lookup method. + */ + +typedef struct dns_sdlzmethods { + dns_sdlzcreate_t create; + dns_sdlzdestroy_t destroy; + dns_sdlzfindzone_t findzone; + dns_sdlzlookupfunc_t lookup; + dns_sdlzauthorityfunc_t authority; + dns_sdlzallnodesfunc_t allnodes; + dns_sdlzallowzonexfr_t allowzonexfr; +} dns_sdlzmethods_t; + +isc_result_t +dns_sdlzregister(const char *drivername, const dns_sdlzmethods_t *methods, + void *driverarg, unsigned int flags, isc_mem_t *mctx, + dns_sdlzimplementation_t **sdlzimp); +/*%< + * Register a dynamically loadable zones (dlz) driver for the database + * type 'drivername', implemented by the functions in '*methods'. + * + * sdlzimp must point to a NULL dns_sdlzimplementation_t pointer. + * That is, sdlzimp != NULL && *sdlzimp == NULL. It will be assigned + * a value that will later be used to identify the driver when + * deregistering it. + */ + +void +dns_sdlzunregister(dns_sdlzimplementation_t **sdlzimp); + +/*%< + * Removes the sdlz driver from the list of registered sdlz drivers. + * There must be no active sdlz drivers of this type when this + * function is called. + */ + +isc_result_t +dns_sdlz_putnamedrr(dns_sdlzallnodes_t *allnodes, const char *name, + const char *type, dns_ttl_t ttl, const char *data); +/*%< + * Add a single resource record to the allnodes structure to be later + * parsed into a zone transfer response. + */ + +isc_result_t +dns_sdlz_putrr(dns_sdlzlookup_t *lookup, const char *type, dns_ttl_t ttl, + const char *data); +/*%< + * Add a single resource record to the lookup structure to be later + * parsed into a query response. + */ + +isc_result_t +dns_sdlz_putsoa(dns_sdlzlookup_t *lookup, const char *mname, const char *rname, + isc_uint32_t serial); +/*%< + * This function may optionally be called from the 'authority' + * callback to simplify construction of the SOA record for 'zone'. It + * will provide a SOA listing 'mname' as as the master server and + * 'rname' as the responsible person mailbox. It is the + * responsibility of the driver to increment the serial number between + * responses if necessary. All other SOA fields will have reasonable + * default values. + */ + + +ISC_LANG_ENDDECLS + +#endif /* SDLZ_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/secalg.h b/contrib/bind-9.5.2/lib/dns/include/dns/secalg.h similarity index 66% rename from contrib/bind-9.3/lib/dns/include/dns/secalg.h rename to contrib/bind-9.5.2/lib/dns/include/dns/secalg.h index 3f7a16f09b..2e4fe3ee0c 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/secalg.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/secalg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: secalg.h,v 1.12.206.1 2004/03/06 08:14:00 marka Exp $ */ +/* $Id: secalg.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SECALG_H #define DNS_SECALG_H 1 +/*! \file dns/secalg.h */ + #include #include @@ -28,40 +30,40 @@ ISC_LANG_BEGINDECLS isc_result_t dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNSSEC security algorithm value. * The text may contain either a mnemonic algorithm name or a decimal algorithm * number. * * Requires: - * 'secalgp' is a valid pointer. + *\li 'secalgp' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_RANGE numeric type is out of range - * DNS_R_UNKNOWN mnemonic type is unknown + *\li ISC_R_SUCCESS on success + *\li ISC_R_RANGE numeric type is out of range + *\li DNS_R_UNKNOWN mnemonic type is unknown */ isc_result_t dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target); -/* +/*%< * Put a textual representation of the DNSSEC security algorithm 'secalg' * into 'target'. * * Requires: - * 'secalg' is a valid secalg. + *\li 'secalg' is a valid secalg. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * - * Ensures: - * If the result is success: - * The used space in 'target' is updated. + * Ensures, + * if the result is success: + *\li The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li ISC_R_SUCCESS on success + *\li ISC_R_NOSPACE target buffer is too small */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/secproto.h b/contrib/bind-9.5.2/lib/dns/include/dns/secproto.h similarity index 66% rename from contrib/bind-9.3/lib/dns/include/dns/secproto.h rename to contrib/bind-9.5.2/lib/dns/include/dns/secproto.h index da8c1dd009..b9179c0509 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/secproto.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/secproto.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: secproto.h,v 1.9.206.1 2004/03/06 08:14:00 marka Exp $ */ +/* $Id: secproto.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SECPROTO_H #define DNS_SECPROTO_H 1 +/*! \file dns/secproto.h */ + #include #include @@ -28,40 +30,40 @@ ISC_LANG_BEGINDECLS isc_result_t dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNSSEC security protocol value. * The text may contain either a mnemonic protocol name or a decimal protocol * number. * * Requires: - * 'secprotop' is a valid pointer. + *\li 'secprotop' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_RANGE numeric type is out of range - * DNS_R_UNKNOWN mnemonic type is unknown + *\li ISC_R_SUCCESS on success + *\li ISC_R_RANGE numeric type is out of range + *\li DNS_R_UNKNOWN mnemonic type is unknown */ isc_result_t dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target); -/* +/*%< * Put a textual representation of the DNSSEC security protocol 'secproto' * into 'target'. * * Requires: - * 'secproto' is a valid secproto. + *\li 'secproto' is a valid secproto. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * - * Ensures: - * If the result is success: - * The used space in 'target' is updated. + * Ensures, + * if the result is success: + * \li The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li ISC_R_SUCCESS on success + *\li ISC_R_NOSPACE target buffer is too small */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/soa.h b/contrib/bind-9.5.2/lib/dns/include/dns/soa.h similarity index 88% rename from contrib/bind-9.3/lib/dns/include/dns/soa.h rename to contrib/bind-9.5.2/lib/dns/include/dns/soa.h index 304ae15e90..bb563655ce 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/soa.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/soa.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: soa.h,v 1.2.206.1 2004/03/06 08:14:00 marka Exp $ */ +/* $Id: soa.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SOA_H #define DNS_SOA_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/soa.h + * \brief * SOA utilities. */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/ssu.h b/contrib/bind-9.5.2/lib/dns/include/dns/ssu.h similarity index 59% rename from contrib/bind-9.3/lib/dns/include/dns/ssu.h rename to contrib/bind-9.5.2/lib/dns/include/dns/ssu.h index f26a039ac5..2f1a04d1aa 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/ssu.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/ssu.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,61 +15,70 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ssu.h,v 1.11.206.3 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: ssu.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SSU_H #define DNS_SSU_H 1 +/*! \file dns/ssu.h */ + #include #include ISC_LANG_BEGINDECLS -#define DNS_SSUMATCHTYPE_NAME 0 -#define DNS_SSUMATCHTYPE_SUBDOMAIN 1 -#define DNS_SSUMATCHTYPE_WILDCARD 2 -#define DNS_SSUMATCHTYPE_SELF 3 +#define DNS_SSUMATCHTYPE_NAME 0 +#define DNS_SSUMATCHTYPE_SUBDOMAIN 1 +#define DNS_SSUMATCHTYPE_WILDCARD 2 +#define DNS_SSUMATCHTYPE_SELF 3 +#define DNS_SSUMATCHTYPE_SELFSUB 4 +#define DNS_SSUMATCHTYPE_SELFWILD 5 +#define DNS_SSUMATCHTYPE_SELFKRB5 6 +#define DNS_SSUMATCHTYPE_SELFMS 7 +#define DNS_SSUMATCHTYPE_SUBDOMAINMS 8 +#define DNS_SSUMATCHTYPE_SUBDOMAINKRB5 9 +#define DNS_SSUMATCHTYPE_MAX 9 /* max value */ isc_result_t dns_ssutable_create(isc_mem_t *mctx, dns_ssutable_t **table); -/* +/*%< * Creates a table that will be used to store simple-secure-update rules. * Note: all locking must be provided by the client. * * Requires: - * 'mctx' is a valid memory context - * 'table' is not NULL, and '*table' is NULL + *\li 'mctx' is a valid memory context + *\li 'table' is not NULL, and '*table' is NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li ISC_R_SUCCESS + *\li ISC_R_NOMEMORY */ void dns_ssutable_attach(dns_ssutable_t *source, dns_ssutable_t **targetp); -/* +/*%< * Attach '*targetp' to 'source'. * * Requires: - * 'source' is a valid SSU table - * 'targetp' points to a NULL dns_ssutable_t *. + *\li 'source' is a valid SSU table + *\li 'targetp' points to a NULL dns_ssutable_t *. * * Ensures: - * *targetp is attached to source. + *\li *targetp is attached to source. */ void dns_ssutable_detach(dns_ssutable_t **tablep); -/* +/*%< * Detach '*tablep' from its simple-secure-update rule table. * * Requires: - * 'tablep' points to a valid dns_ssutable_t + *\li 'tablep' points to a valid dns_ssutable_t * * Ensures: - * *tablep is NULL - * If '*tablep' is the last reference to the SSU table, all + *\li *tablep is NULL + *\li If '*tablep' is the last reference to the SSU table, all * resources used by the table will be freed. */ @@ -78,78 +87,80 @@ dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, dns_name_t *identity, unsigned int matchtype, dns_name_t *name, unsigned int ntypes, dns_rdatatype_t *types); -/* +/*%< * Adds a new rule to a simple-secure-update rule table. The rule * either grants or denies update privileges of an identity (or set of * identities) to modify a name (or set of names) or certain types present * at that name. * * Notes: - * If 'matchtype' is SELF, this rule only matches if the name - * to be updated matches the signing identity. + *\li If 'matchtype' is of SELF type, this rule only matches if the + * name to be updated matches the signing identity. * - * If 'ntypes' is 0, this rule applies to all types except + *\li If 'ntypes' is 0, this rule applies to all types except * NS, SOA, RRSIG, and NSEC. * - * If 'types' includes ANY, this rule applies to all types + *\li If 'types' includes ANY, this rule applies to all types * except NSEC. * * Requires: - * 'table' is a valid SSU table - * 'identity' is a valid absolute name - * 'matchtype' must be one of the defined constants. - * 'name' is a valid absolute name - * If 'ntypes' > 0, 'types' must not be NULL + *\li 'table' is a valid SSU table + *\li 'identity' is a valid absolute name + *\li 'matchtype' must be one of the defined constants. + *\li 'name' is a valid absolute name + *\li If 'ntypes' > 0, 'types' must not be NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li ISC_R_SUCCESS + *\li ISC_R_NOMEMORY */ isc_boolean_t dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer, dns_name_t *name, dns_rdatatype_t type); -/* +/*%< * Checks that the attempted update of (name, type) is allowed according * to the rules specified in the simple-secure-update rule table. If * no rules are matched, access is denied. If signer is NULL, access * is denied. * * Requires: - * 'table' is a valid SSU table - * 'signer' is NULL or a valid absolute name - * 'name' is a valid absolute name + *\li 'table' is a valid SSU table + *\li 'signer' is NULL or a valid absolute name + *\li 'name' is a valid absolute name */ +/*% Accessor functions to extract rule components */ isc_boolean_t dns_ssurule_isgrant(const dns_ssurule_t *rule); +/*% Accessor functions to extract rule components */ dns_name_t * dns_ssurule_identity(const dns_ssurule_t *rule); +/*% Accessor functions to extract rule components */ unsigned int dns_ssurule_matchtype(const dns_ssurule_t *rule); +/*% Accessor functions to extract rule components */ dns_name_t * dns_ssurule_name(const dns_ssurule_t *rule); +/*% Accessor functions to extract rule components */ unsigned int dns_ssurule_types(const dns_ssurule_t *rule, dns_rdatatype_t **types); -/* - * Accessor functions to extract rule components - */ isc_result_t dns_ssutable_firstrule(const dns_ssutable_t *table, dns_ssurule_t **rule); -/* +/*%< * Initiates a rule iterator. There is no need to maintain any state. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE */ isc_result_t dns_ssutable_nextrule(dns_ssurule_t *rule, dns_ssurule_t **nextrule); -/* +/*%< * Returns the next rule in the table. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/stats.h b/contrib/bind-9.5.2/lib/dns/include/dns/stats.h new file mode 100644 index 0000000000..d43a18229c --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/stats.h @@ -0,0 +1,364 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: stats.h,v 1.13.128.7 2009/01/29 23:47:13 tbox Exp $ */ + +#ifndef DNS_STATS_H +#define DNS_STATS_H 1 + +/*! \file dns/stats.h */ + +#include + +/*% + * Statistics counters. Used as isc_statscounter_t values. + */ +enum { + /*% + * Resolver statistics counters. + */ + dns_resstatscounter_queryv4 = 0, + dns_resstatscounter_queryv6 = 1, + dns_resstatscounter_responsev4 = 2, + dns_resstatscounter_responsev6 = 3, + dns_resstatscounter_nxdomain = 4, + dns_resstatscounter_servfail = 5, + dns_resstatscounter_formerr = 6, + dns_resstatscounter_othererror = 7, + dns_resstatscounter_edns0fail = 8, + dns_resstatscounter_mismatch = 9, + dns_resstatscounter_truncated = 10, + dns_resstatscounter_lame = 11, + dns_resstatscounter_retry = 12, + dns_resstatscounter_gluefetchv4 = 13, + dns_resstatscounter_gluefetchv6 = 14, + dns_resstatscounter_gluefetchv4fail = 15, + dns_resstatscounter_gluefetchv6fail = 16, + dns_resstatscounter_val = 17, + dns_resstatscounter_valsuccess = 18, + dns_resstatscounter_valnegsuccess = 19, + dns_resstatscounter_valfail = 20, + dns_resstatscounter_dispabort = 21, + dns_resstatscounter_dispsockfail = 22, + dns_resstatscounter_querytimeout = 23, + dns_resstatscounter_queryrtt0 = 24, + dns_resstatscounter_queryrtt1 = 25, + dns_resstatscounter_queryrtt2 = 26, + dns_resstatscounter_queryrtt3 = 27, + dns_resstatscounter_queryrtt4 = 28, + dns_resstatscounter_queryrtt5 = 29, + + dns_resstatscounter_max = 30, + + /*% + * Zone statistics counters. + */ + dns_zonestatscounter_notifyoutv4 = 0, + dns_zonestatscounter_notifyoutv6 = 1, + dns_zonestatscounter_notifyinv4 = 2, + dns_zonestatscounter_notifyinv6 = 3, + dns_zonestatscounter_notifyrej = 4, + dns_zonestatscounter_soaoutv4 = 5, + dns_zonestatscounter_soaoutv6 = 6, + dns_zonestatscounter_axfrreqv4 = 7, + dns_zonestatscounter_axfrreqv6 = 8, + dns_zonestatscounter_ixfrreqv4 = 9, + dns_zonestatscounter_ixfrreqv6 = 10, + dns_zonestatscounter_xfrsuccess = 11, + dns_zonestatscounter_xfrfail = 12, + + dns_zonestatscounter_max = 13, + + /*% + * Query statistics counters (obsolete). + */ + dns_statscounter_success = 0, /*%< Successful lookup */ + dns_statscounter_referral = 1, /*%< Referral result */ + dns_statscounter_nxrrset = 2, /*%< NXRRSET result */ + dns_statscounter_nxdomain = 3, /*%< NXDOMAIN result */ + dns_statscounter_recursion = 4, /*%< Recursion was used */ + dns_statscounter_failure = 5, /*%< Some other failure */ + dns_statscounter_duplicate = 6, /*%< Duplicate query */ + dns_statscounter_dropped = 7 /*%< Duplicate query (dropped) */ +}; + +#define DNS_STATS_NCOUNTERS 8 + +#if 0 +/*%< + * Flag(s) for dns_xxxstats_dump(). DNS_STATSDUMP_VERBOSE is obsolete. + * ISC_STATSDUMP_VERBOSE should be used instead. These two values are + * intentionally defined to be the same value to ensure binary compatibility. + */ +#define DNS_STATSDUMP_VERBOSE 0x00000001 /*%< dump 0-value counters */ +#endif + +/*%< + * (Obsoleted) + */ +LIBDNS_EXTERNAL_DATA extern const char *dns_statscounter_names[]; + +/*% + * Attributes for statistics counters of RRset and Rdatatype types. + * + * _OTHERTYPE + * The rdata type is not explicitly supported and the corresponding counter + * is counted for other such types, too. When this attribute is set, + * the base type is of no use. + * + * _NXRRSET + * RRset type counters only. Indicates the RRset is non existent. + * + * _NXDOMAIN + * RRset type counters only. Indicates a non existent name. When this + * attribute is set, the base type is of no use. + */ +#define DNS_RDATASTATSTYPE_ATTR_OTHERTYPE 0x0001 +#define DNS_RDATASTATSTYPE_ATTR_NXRRSET 0x0002 +#define DNS_RDATASTATSTYPE_ATTR_NXDOMAIN 0x0004 + +/*%< + * Conversion macros among dns_rdatatype_t, attributes and isc_statscounter_t. + */ +#define DNS_RDATASTATSTYPE_BASE(type) ((dns_rdatatype_t)((type) & 0xFFFF)) +#define DNS_RDATASTATSTYPE_ATTR(type) ((type) >> 16) +#define DNS_RDATASTATSTYPE_VALUE(b, a) (((a) << 16) | (b)) + +/*%< + * Types of dump callbacks. + */ +typedef void (*dns_generalstats_dumper_t)(isc_statscounter_t, isc_uint64_t, + void *); +typedef void (*dns_rdatatypestats_dumper_t)(dns_rdatastatstype_t, isc_uint64_t, + void *); +typedef void (*dns_opcodestats_dumper_t)(dns_opcode_t, isc_uint64_t, void *); + +isc_result_t +dns_generalstats_create(isc_mem_t *mctx, dns_stats_t **statsp, int ncounters); +/*%< + * Create a statistics counter structure of general type. It counts a general + * set of counters indexed by an ID between 0 and ncounters -1. + * This function is obsolete. A more general function, isc_stats_create(), + * should be used. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +isc_result_t +dns_rdatatypestats_create(isc_mem_t *mctx, dns_stats_t **statsp); +/*%< + * Create a statistics counter structure per rdatatype. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +isc_result_t +dns_rdatasetstats_create(isc_mem_t *mctx, dns_stats_t **statsp); +/*%< + * Create a statistics counter structure per RRset. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +isc_result_t +dns_opcodestats_create(isc_mem_t *mctx, dns_stats_t **statsp); +/*%< + * Create a statistics counter structure per opcode. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +void +dns_stats_attach(dns_stats_t *stats, dns_stats_t **statsp); +/*%< + * Attach to a statistics set. + * + * Requires: + *\li 'stats' is a valid dns_stats_t. + * + *\li 'statsp' != NULL && '*statsp' == NULL + */ + +void +dns_stats_detach(dns_stats_t **statsp); +/*%< + * Detaches from the statistics set. + * + * Requires: + *\li 'statsp' != NULL and '*statsp' is a valid dns_stats_t. + */ + +void +dns_generalstats_increment(dns_stats_t *stats, isc_statscounter_t counter); +/*%< + * Increment the counter-th counter of stats. This function is obsolete. + * A more general function, isc_stats_increment(), should be used. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + * + *\li counter is less than the maximum available ID for the stats specified + * on creation. + */ + +void +dns_rdatatypestats_increment(dns_stats_t *stats, dns_rdatatype_t type); +/*%< + * Increment the statistics counter for 'type'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_rdatatypestats_create(). + */ + +void +dns_rdatasetstats_increment(dns_stats_t *stats, dns_rdatastatstype_t rrsettype); +/*%< + * Increment the statistics counter for 'rrsettype'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_rdatasetstats_create(). + */ + +void +dns_rdatasetstats_decrement(dns_stats_t *stats, dns_rdatastatstype_t rrsettype); +/*%< + * Decrement the statistics counter for 'rrsettype'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_rdatasetstats_create(). + */ + +void +dns_opcodestats_increment(dns_stats_t *stats, dns_opcode_t code); +/*%< + * Increment the statistics counter for 'code'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_opcodestats_create(). + */ + +void +dns_generalstats_dump(dns_stats_t *stats, dns_generalstats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with its current value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * This function is obsolete. A more general function, isc_stats_dump(), + * should be used. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +void +dns_rdatatypestats_dump(dns_stats_t *stats, dns_rdatatypestats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with the corresponding type in the form of + * dns_rdatastatstype_t, the current counter value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +void +dns_rdatasetstats_dump(dns_stats_t *stats, dns_rdatatypestats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with the corresponding type in the form of + * dns_rdatastatstype_t, the current counter value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +void +dns_opcodestats_dump(dns_stats_t *stats, dns_opcodestats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with the corresponding opcode, the current + * counter value and the given argument arg. By default counters that have a + * value of 0 is skipped; if options has the ISC_STATSDUMP_VERBOSE flag, even + * such counters are dumped. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +isc_result_t +dns_stats_alloccounters(isc_mem_t *mctx, isc_uint64_t **ctrp); +/*%< + * Allocate an array of query statistics counters from the memory + * context 'mctx'. + * + * This function is obsoleted. Use dns_xxxstats_create() instead. + */ + +void +dns_stats_freecounters(isc_mem_t *mctx, isc_uint64_t **ctrp); +/*%< + * Free an array of query statistics counters allocated from the memory + * context 'mctx'. + * + * This function is obsoleted. Use dns_stats_destroy() instead. + */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_STATS_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/tcpmsg.h b/contrib/bind-9.5.2/lib/dns/include/dns/tcpmsg.h similarity index 74% rename from contrib/bind-9.3/lib/dns/include/dns/tcpmsg.h rename to contrib/bind-9.5.2/lib/dns/include/dns/tcpmsg.h index ae1d704847..fe83c532c8 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/tcpmsg.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/tcpmsg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tcpmsg.h,v 1.15.206.1 2004/03/06 08:14:00 marka Exp $ */ +/* $Id: tcpmsg.h,v 1.22 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TCPMSG_H #define DNS_TCPMSG_H 1 +/*! \file dns/tcpmsg.h */ + #include #include #include @@ -45,56 +47,56 @@ ISC_LANG_BEGINDECLS void dns_tcpmsg_init(isc_mem_t *mctx, isc_socket_t *sock, dns_tcpmsg_t *tcpmsg); -/* +/*%< * Associate a tcp message state with a given memory context and * TCP socket. * * Requires: * - * "mctx" and "sock" be non-NULL and valid types. + *\li "mctx" and "sock" be non-NULL and valid types. * - * "sock" be a read/write TCP socket. + *\li "sock" be a read/write TCP socket. * - * "tcpmsg" be non-NULL and an uninitialized or invalidated structure. + *\li "tcpmsg" be non-NULL and an uninitialized or invalidated structure. * * Ensures: * - * "tcpmsg" is a valid structure. + *\li "tcpmsg" is a valid structure. */ void dns_tcpmsg_setmaxsize(dns_tcpmsg_t *tcpmsg, unsigned int maxsize); -/* +/*%< * Set the maximum packet size to "maxsize" * * Requires: * - * "tcpmsg" be valid. + *\li "tcpmsg" be valid. * - * 512 <= "maxsize" <= 65536 + *\li 512 <= "maxsize" <= 65536 */ isc_result_t dns_tcpmsg_readmessage(dns_tcpmsg_t *tcpmsg, isc_task_t *task, isc_taskaction_t action, void *arg); -/* +/*%< * Schedule an event to be delivered when a DNS message is readable, or * when an error occurs on the socket. * * Requires: * - * "tcpmsg" be valid. + *\li "tcpmsg" be valid. * - * "task", "taskaction", and "arg" be valid. + *\li "task", "taskaction", and "arg" be valid. * * Returns: * - * ISC_R_SUCCESS -- no error - * Anything that the isc_socket_recv() call can return. XXXMLG + *\li ISC_R_SUCCESS -- no error + *\li Anything that the isc_socket_recv() call can return. XXXMLG * * Notes: * - * The event delivered is a fully generic event. It will contain no + *\li The event delivered is a fully generic event. It will contain no * actual data. The sender will be a pointer to the dns_tcpmsg_t. * The result code inside that structure should be checked to see * what the final result was. @@ -102,41 +104,41 @@ dns_tcpmsg_readmessage(dns_tcpmsg_t *tcpmsg, void dns_tcpmsg_cancelread(dns_tcpmsg_t *tcpmsg); -/* +/*%< * Cancel a readmessage() call. The event will still be posted with a * CANCELED result code. * * Requires: * - * "tcpmsg" be valid. + *\li "tcpmsg" be valid. */ void dns_tcpmsg_keepbuffer(dns_tcpmsg_t *tcpmsg, isc_buffer_t *buffer); -/* +/*%< * If a dns buffer is to be kept between calls, this function marks the * internal state-machine buffer as invalid, and copies all the contents * of the state into "buffer". * * Requires: * - * "tcpmsg" be valid. + *\li "tcpmsg" be valid. * - * "buffer" be non-NULL. + *\li "buffer" be non-NULL. */ void dns_tcpmsg_invalidate(dns_tcpmsg_t *tcpmsg); -/* +/*%< * Clean up all allocated state, and invalidate the structure. * * Requires: * - * "tcpmsg" be valid. + *\li "tcpmsg" be valid. * * Ensures: * - * "tcpmsg" is invalidated and disassociated with all memory contexts, + *\li "tcpmsg" is invalidated and disassociated with all memory contexts, * sockets, etc. */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/time.h b/contrib/bind-9.5.2/lib/dns/include/dns/time.h similarity index 88% rename from contrib/bind-9.3/lib/dns/include/dns/time.h rename to contrib/bind-9.5.2/lib/dns/include/dns/time.h index 0b82443a68..5b47d11c13 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/time.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/time.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.h,v 1.9.12.3 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: time.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TIME_H #define DNS_TIME_H 1 +/*! \file dns/time.h */ + /*** *** Imports ***/ @@ -35,7 +37,7 @@ ISC_LANG_BEGINDECLS isc_result_t dns_time64_fromtext(const char *source, isc_int64_t *target); -/* +/*%< * Convert a date and time in YYYYMMDDHHMMSS text format at 'source' * into to a 64-bit count of seconds since Jan 1 1970 0:00 GMT. * Store the count at 'target'. @@ -43,7 +45,7 @@ dns_time64_fromtext(const char *source, isc_int64_t *target); isc_result_t dns_time32_fromtext(const char *source, isc_uint32_t *target); -/* +/*%< * Like dns_time64_fromtext, but returns the second count modulo 2^32 * as per RFC2535. */ @@ -51,14 +53,14 @@ dns_time32_fromtext(const char *source, isc_uint32_t *target); isc_result_t dns_time64_totext(isc_int64_t value, isc_buffer_t *target); -/* +/*%< * Convert a 64-bit count of seconds since Jan 1 1970 0:00 GMT into * a YYYYMMDDHHMMSS text representation and append it to 'target'. */ isc_result_t dns_time32_totext(isc_uint32_t value, isc_buffer_t *target); -/* +/*%< * Like dns_time64_totext, but for a 32-bit cyclic time value. * Of those dates whose counts of seconds since Jan 1 1970 0:00 GMT * are congruent with 'value' modulo 2^32, the one closest to the diff --git a/contrib/bind-9.3/lib/dns/include/dns/timer.h b/contrib/bind-9.5.2/lib/dns/include/dns/timer.h similarity index 84% rename from contrib/bind-9.3/lib/dns/include/dns/timer.h rename to contrib/bind-9.5.2/lib/dns/include/dns/timer.h index 36e2ac3cc4..48d6d569cb 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/timer.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/timer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.h,v 1.2.206.1 2004/03/06 08:14:00 marka Exp $ */ +/* $Id: timer.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TIMER_H #define DNS_TIMER_H 1 +/*! \file dns/timer.h */ + /*** *** Imports ***/ @@ -36,10 +38,10 @@ ISC_LANG_BEGINDECLS isc_result_t dns_timer_setidle(isc_timer_t *timer, unsigned int maxtime, unsigned int idletime, isc_boolean_t purge); -/* +/*%< * Convenience function for setting up simple, one-second-granularity * idle timers as used by zone transfers. - * + * \brief * Set the timer 'timer' to go off after 'idletime' seconds of inactivity, * or after 'maxtime' at the very latest. Events are purged iff * 'purge' is ISC_TRUE. diff --git a/contrib/bind-9.5.2/lib/dns/include/dns/tkey.h b/contrib/bind-9.5.2/lib/dns/include/dns/tkey.h new file mode 100644 index 0000000000..d2821bbb61 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dns/tkey.h @@ -0,0 +1,250 @@ +/* + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: tkey.h,v 1.26.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +#ifndef DNS_TKEY_H +#define DNS_TKEY_H 1 + +/*! \file dns/tkey.h */ + +#include + +#include + +#include +#include + +ISC_LANG_BEGINDECLS + +/* Key agreement modes */ +#define DNS_TKEYMODE_SERVERASSIGNED 1 +#define DNS_TKEYMODE_DIFFIEHELLMAN 2 +#define DNS_TKEYMODE_GSSAPI 3 +#define DNS_TKEYMODE_RESOLVERASSIGNED 4 +#define DNS_TKEYMODE_DELETE 5 + +struct dns_tkeyctx { + dst_key_t *dhkey; + dns_name_t *domain; + gss_cred_id_t gsscred; + isc_mem_t *mctx; + isc_entropy_t *ectx; +}; + +isc_result_t +dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, + dns_tkeyctx_t **tctxp); +/*%< + * Create an empty TKEY context. + * + * Requires: + *\li 'mctx' is not NULL + *\li 'tctx' is not NULL + *\li '*tctx' is NULL + * + * Returns + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li return codes from dns_name_fromtext() + */ + +void +dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp); +/*%< + * Frees all data associated with the TKEY context + * + * Requires: + *\li 'tctx' is not NULL + *\li '*tctx' is not NULL + */ + +isc_result_t +dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, + dns_tsig_keyring_t *ring); +/*%< + * Processes a query containing a TKEY record, adding or deleting TSIG + * keys if necessary, and modifies the message to contain the response. + * + * Requires: + *\li 'msg' is a valid message + *\li 'tctx' is a valid TKEY context + *\li 'ring' is a valid TSIG keyring + * + * Returns + *\li #ISC_R_SUCCESS msg was updated (the TKEY operation succeeded, + * or msg now includes a TKEY with an error set) + * DNS_R_FORMERR the packet was malformed (missing a TKEY + * or KEY). + *\li other An error occurred while processing the message + */ + +isc_result_t +dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, + dns_name_t *algorithm, isc_buffer_t *nonce, + isc_uint32_t lifetime); +/*%< + * Builds a query containing a TKEY that will generate a shared + * secret using a Diffie-Hellman key exchange. The shared key + * will be of the specified algorithm (only DNS_TSIG_HMACMD5_NAME + * is supported), and will be named either 'name', + * 'name' + server chosen domain, or random data + server chosen domain + * if 'name' == dns_rootname. If nonce is not NULL, it supplies + * random data used in the shared secret computation. The key is + * requested to have the specified lifetime (in seconds) + * + * + * Requires: + *\li 'msg' is a valid message + *\li 'key' is a valid Diffie Hellman dst key + *\li 'name' is a valid name + *\li 'algorithm' is a valid name + * + * Returns: + *\li #ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + *\li other an error occurred while building the message + */ + +isc_result_t +dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname, + isc_buffer_t *intoken, isc_uint32_t lifetime, + gss_ctx_id_t *context, isc_boolean_t win2k); +/*%< + * Builds a query containing a TKEY that will generate a GSSAPI context. + * The key is requested to have the specified lifetime (in seconds). + * + * Requires: + *\li 'msg' is a valid message + *\li 'name' is a valid name + *\li 'gname' is a valid name + *\li 'context' is a pointer to a valid gss_ctx_id_t + * (which may have the value GSS_C_NO_CONTEXT) + *\li 'win2k' when true says to turn on some hacks to work + * with the non-standard GSS-TSIG of Windows 2000 + * + * Returns: + *\li ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + *\li other an error occurred while building the message + */ + + +isc_result_t +dns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key); +/*%< + * Builds a query containing a TKEY record that will delete the + * specified shared secret from the server. + * + * Requires: + *\li 'msg' is a valid message + *\li 'key' is a valid TSIG key + * + * Returns: + *\li #ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + *\li other an error occurred while building the message + */ + +isc_result_t +dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, + dst_key_t *key, isc_buffer_t *nonce, + dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring); +/*%< + * Processes a response to a query containing a TKEY that was + * designed to generate a shared secret using a Diffie-Hellman key + * exchange. If the query was successful, a new shared key + * is created and added to the list of shared keys. + * + * Requires: + *\li 'qmsg' is a valid message (the query) + *\li 'rmsg' is a valid message (the response) + *\li 'key' is a valid Diffie Hellman dst key + *\li 'outkey' is either NULL or a pointer to NULL + *\li 'ring' is a valid keyring or NULL + * + * Returns: + *\li #ISC_R_SUCCESS the shared key was successfully added + *\li #ISC_R_NOTFOUND an error occurred while looking for a + * component of the query or response + */ + +isc_result_t +dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, + dns_name_t *gname, gss_ctx_id_t *context, + isc_buffer_t *outtoken, dns_tsigkey_t **outkey, + dns_tsig_keyring_t *ring); +/*%< + * XXX + */ + +isc_result_t +dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, + dns_tsig_keyring_t *ring); +/*%< + * Processes a response to a query containing a TKEY that was + * designed to delete a shared secret. If the query was successful, + * the shared key is deleted from the list of shared keys. + * + * Requires: + *\li 'qmsg' is a valid message (the query) + *\li 'rmsg' is a valid message (the response) + *\li 'ring' is not NULL + * + * Returns: + *\li #ISC_R_SUCCESS the shared key was successfully deleted + *\li #ISC_R_NOTFOUND an error occurred while looking for a + * component of the query or response + */ + + +isc_result_t +dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, + dns_name_t *server, gss_ctx_id_t *context, + dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, + isc_boolean_t win2k); + +/* + * Client side negotiation of GSS-TSIG. Process the response + * to a TKEY, and establish a TSIG key if negotiation was successful. + * Build a response to the input TKEY message. Can take multiple + * calls to successfully establish the context. + * + * Requires: + * 'qmsg' is a valid message, the original TKEY request; + * it will be filled with the new message to send + * 'rmsg' is a valid message, the incoming TKEY message + * 'server' is the server name + * 'context' is the input context handle + * 'outkey' receives the established key, if non-NULL; + * if non-NULL must point to NULL + * 'ring' is the keyring in which to establish the key, + * or NULL + * 'win2k' when true says to turn on some hacks to work + * with the non-standard GSS-TSIG of Windows 2000 + * + * Returns: + * ISC_R_SUCCESS context was successfully established + * ISC_R_NOTFOUND couldn't find a needed part of the query + * or response + * DNS_R_CONTINUE additional context negotiation is required; + * send the new qmsg to the server + */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_TKEY_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/tsig.h b/contrib/bind-9.5.2/lib/dns/include/dns/tsig.h similarity index 54% rename from contrib/bind-9.3/lib/dns/include/dns/tsig.h rename to contrib/bind-9.5.2/lib/dns/include/dns/tsig.h index 7b5b4585b6..e8c0e2caff 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/tsig.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/tsig.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsig.h,v 1.40.2.2.8.3 2004/03/08 09:04:39 marka Exp $ */ +/* $Id: tsig.h,v 1.51 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TSIG_H #define DNS_TSIG_H 1 +/*! \file dns/tsig.h */ + #include #include #include @@ -39,35 +41,48 @@ LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_gssapi_name; #define DNS_TSIG_GSSAPI_NAME dns_tsig_gssapi_name LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_gssapims_name; #define DNS_TSIG_GSSAPIMS_NAME dns_tsig_gssapims_name +LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha1_name; +#define DNS_TSIG_HMACSHA1_NAME dns_tsig_hmacsha1_name +LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha224_name; +#define DNS_TSIG_HMACSHA224_NAME dns_tsig_hmacsha224_name +LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha256_name; +#define DNS_TSIG_HMACSHA256_NAME dns_tsig_hmacsha256_name +LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha384_name; +#define DNS_TSIG_HMACSHA384_NAME dns_tsig_hmacsha384_name +LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha512_name; +#define DNS_TSIG_HMACSHA512_NAME dns_tsig_hmacsha512_name -/* +/*% * Default fudge value. */ #define DNS_TSIG_FUDGE 300 struct dns_tsig_keyring { dns_rbt_t *keys; + unsigned int writecount; isc_rwlock_t lock; isc_mem_t *mctx; }; struct dns_tsigkey { /* Unlocked */ - unsigned int magic; /* Magic number. */ + unsigned int magic; /*%< Magic number. */ isc_mem_t *mctx; - dst_key_t *key; /* Key */ - dns_name_t name; /* Key name */ - dns_name_t *algorithm; /* Algorithm name */ - dns_name_t *creator; /* name that created secret */ - isc_boolean_t generated; /* was this generated? */ - isc_stdtime_t inception; /* start of validity period */ - isc_stdtime_t expire; /* end of validity period */ - dns_tsig_keyring_t *ring; /* the enclosing keyring */ - isc_refcount_t refs; /* reference counter */ + dst_key_t *key; /*%< Key */ + dns_name_t name; /*%< Key name */ + dns_name_t *algorithm; /*%< Algorithm name */ + dns_name_t *creator; /*%< name that created secret */ + isc_boolean_t generated; /*%< was this generated? */ + isc_stdtime_t inception; /*%< start of validity period */ + isc_stdtime_t expire; /*%< end of validity period */ + dns_tsig_keyring_t *ring; /*%< the enclosing keyring */ + isc_refcount_t refs; /*%< reference counter */ }; #define dns_tsigkey_identity(tsigkey) \ - ((tsigkey)->generated ? ((tsigkey)->creator) : (&((tsigkey)->name))) + ((tsigkey) == NULL ? NULL : \ + (tsigkey)->generated ? ((tsigkey)->creator) : \ + (&((tsigkey)->name))) ISC_LANG_BEGINDECLS @@ -84,7 +99,7 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, dns_name_t *creator, isc_stdtime_t inception, isc_stdtime_t expire, isc_mem_t *mctx, dns_tsig_keyring_t *ring, dns_tsigkey_t **key); -/* +/*%< * Creates a tsig key structure and saves it in the keyring. If key is * not NULL, *key will contain a copy of the key. The keys validity * period is specified by (inception, expire), and will not expire if @@ -95,100 +110,100 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, * to generate a BADKEY response. * * Requires: - * 'name' is a valid dns_name_t - * 'algorithm' is a valid dns_name_t - * 'secret' is a valid pointer - * 'length' is an integer >= 0 - * 'key' is a valid dst key or NULL - * 'creator' points to a valid dns_name_t or is NULL - * 'mctx' is a valid memory context - * 'ring' is a valid TSIG keyring or NULL - * 'key' or '*key' must be NULL + *\li 'name' is a valid dns_name_t + *\li 'algorithm' is a valid dns_name_t + *\li 'secret' is a valid pointer + *\li 'length' is an integer >= 0 + *\li 'key' is a valid dst key or NULL + *\li 'creator' points to a valid dns_name_t or is NULL + *\li 'mctx' is a valid memory context + *\li 'ring' is a valid TSIG keyring or NULL + *\li 'key' or '*key' must be NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_EXISTS - a key with this name already exists - * ISC_R_NOTIMPLEMENTED - algorithm is not implemented - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_EXISTS - a key with this name already exists + *\li #ISC_R_NOTIMPLEMENTED - algorithm is not implemented + *\li #ISC_R_NOMEMORY */ void dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp); -/* +/*%< * Attach '*targetp' to 'source'. * * Requires: - * 'key' is a valid TSIG key + *\li 'key' is a valid TSIG key * * Ensures: - * *targetp is attached to source. + *\li *targetp is attached to source. */ void dns_tsigkey_detach(dns_tsigkey_t **keyp); -/* +/*%< * Detaches from the tsig key structure pointed to by '*key'. * * Requires: - * 'keyp' is not NULL and '*keyp' is a valid TSIG key + *\li 'keyp' is not NULL and '*keyp' is a valid TSIG key * * Ensures: - * 'keyp' points to NULL + *\li 'keyp' points to NULL */ void dns_tsigkey_setdeleted(dns_tsigkey_t *key); -/* +/*%< * Prevents this key from being used again. It will be deleted when * no references exist. * * Requires: - * 'key' is a valid TSIG key on a keyring + *\li 'key' is a valid TSIG key on a keyring */ isc_result_t dns_tsig_sign(dns_message_t *msg); -/* +/*%< * Generates a TSIG record for this message * * Requires: - * 'msg' is a valid message - * 'msg->tsigkey' is a valid TSIG key - * 'msg->tsig' is NULL + *\li 'msg' is a valid message + *\li 'msg->tsigkey' is a valid TSIG key + *\li 'msg->tsig' is NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NOSPACE - * DNS_R_EXPECTEDTSIG + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_NOSPACE + *\li #DNS_R_EXPECTEDTSIG * - this is a response & msg->querytsig is NULL */ isc_result_t dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2); -/* +/*%< * Verifies the TSIG record in this message * * Requires: - * 'source' is a valid buffer containing the unparsed message - * 'msg' is a valid message - * 'msg->tsigkey' is a valid TSIG key if this is a response - * 'msg->tsig' is NULL - * 'msg->querytsig' is not NULL if this is a response - * 'ring1' and 'ring2' are each either a valid keyring or NULL + *\li 'source' is a valid buffer containing the unparsed message + *\li 'msg' is a valid message + *\li 'msg->tsigkey' is a valid TSIG key if this is a response + *\li 'msg->tsig' is NULL + *\li 'msg->querytsig' is not NULL if this is a response + *\li 'ring1' and 'ring2' are each either a valid keyring or NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * DNS_R_EXPECTEDTSIG - A TSIG was expected but not seen - * DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected - * DNS_R_TSIGERRORSET - the TSIG verified but ->error was set + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #DNS_R_EXPECTEDTSIG - A TSIG was expected but not seen + *\li #DNS_R_UNEXPECTEDTSIG - A TSIG was seen but not expected + *\li #DNS_R_TSIGERRORSET - the TSIG verified but ->error was set * and this is a query - * DNS_R_CLOCKSKEW - the TSIG failed to verify because of + *\li #DNS_R_CLOCKSKEW - the TSIG failed to verify because of * the time was out of the allowed range. - * DNS_R_TSIGVERIFYFAILURE - the TSIG failed to verify - * DNS_R_EXPECTEDRESPONSE - the message was set over TCP and + *\li #DNS_R_TSIGVERIFYFAILURE - the TSIG failed to verify + *\li #DNS_R_EXPECTEDRESPONSE - the message was set over TCP and * should have been a response, * but was not. */ @@ -196,45 +211,45 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, isc_result_t dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name, dns_name_t *algorithm, dns_tsig_keyring_t *ring); -/* +/*%< * Returns the TSIG key corresponding to this name and (possibly) * algorithm. Also increments the key's reference counter. * * Requires: - * 'tsigkey' is not NULL - * '*tsigkey' is NULL - * 'name' is a valid dns_name_t - * 'algorithm' is a valid dns_name_t or NULL - * 'ring' is a valid keyring + *\li 'tsigkey' is not NULL + *\li '*tsigkey' is NULL + *\li 'name' is a valid dns_name_t + *\li 'algorithm' is a valid dns_name_t or NULL + *\li 'ring' is a valid keyring * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOTFOUND */ isc_result_t dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp); -/* +/*%< * Create an empty TSIG key ring. * * Requires: - * 'mctx' is not NULL - * 'ringp' is not NULL, and '*ringp' is NULL + *\li 'mctx' is not NULL + *\li 'ringp' is not NULL, and '*ringp' is NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ void dns_tsigkeyring_destroy(dns_tsig_keyring_t **ringp); -/* +/*%< * Destroy a TSIG key ring. * * Requires: - * 'ringp' is not NULL + *\li 'ringp' is not NULL */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/ttl.h b/contrib/bind-9.5.2/lib/dns/include/dns/ttl.h similarity index 83% rename from contrib/bind-9.3/lib/dns/include/dns/ttl.h rename to contrib/bind-9.5.2/lib/dns/include/dns/ttl.h index dc7167d6ca..c2525183b7 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/ttl.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/ttl.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ttl.h,v 1.12.206.1 2004/03/06 08:14:01 marka Exp $ */ +/* $Id: ttl.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TTL_H #define DNS_TTL_H 1 +/*! \file dns/ttl.h */ + /*** *** Imports ***/ @@ -36,7 +38,7 @@ ISC_LANG_BEGINDECLS isc_result_t dns_ttl_totext(isc_uint32_t src, isc_boolean_t verbose, isc_buffer_t *target); -/* +/*%< * Output a TTL or other time interval in a human-readable form. * The time interval is given as a count of seconds in 'src'. * The text representation is appended to 'target'. @@ -47,28 +49,28 @@ dns_ttl_totext(isc_uint32_t src, isc_boolean_t verbose, * in "dig", like "1 week 2 days 3 hours 4 minutes 5 seconds". * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE + * \li ISC_R_SUCCESS + * \li ISC_R_NOSPACE */ isc_result_t dns_counter_fromtext(isc_textregion_t *source, isc_uint32_t *ttl); -/* +/*%< * Converts a counter from either a plain number or a BIND 8 style value. * * Returns: - * ISC_R_SUCCESS - * DNS_R_SYNTAX + *\li ISC_R_SUCCESS + *\li DNS_R_SYNTAX */ isc_result_t dns_ttl_fromtext(isc_textregion_t *source, isc_uint32_t *ttl); -/* +/*%< * Converts a ttl from either a plain number or a BIND 8 style value. * * Returns: - * ISC_R_SUCCESS - * DNS_R_BADTTL + *\li ISC_R_SUCCESS + *\li DNS_R_BADTTL */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/include/dns/types.h b/contrib/bind-9.5.2/lib/dns/include/dns/types.h similarity index 81% rename from contrib/bind-9.3/lib/dns/include/dns/types.h rename to contrib/bind-9.5.2/lib/dns/include/dns/types.h index 27995deb27..2ad332f9de 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/types.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/types.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,21 +15,25 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.103.12.9 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: types.h,v 1.126.62.6 2009/01/29 22:41:45 jinmei Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 -/* +/*! \file dns/types.h + * \brief * Including this file gives you type declarations suitable for use in * .h files, which lets us avoid circular type reference problems. - * + * \brief * To actually use a type or get declarations of its methods, you must * include the appropriate .h file too. */ #include +typedef struct dns_acache dns_acache_t; +typedef struct dns_acacheentry dns_acacheentry_t; +typedef struct dns_acachestats dns_acachestats_t; typedef struct dns_acl dns_acl_t; typedef struct dns_aclelement dns_aclelement_t; typedef struct dns_aclenv dns_aclenv_t; @@ -50,6 +54,9 @@ typedef void dns_dbload_t; typedef void dns_dbnode_t; typedef struct dns_dbtable dns_dbtable_t; typedef void dns_dbversion_t; +typedef struct dns_dlzimplementation dns_dlzimplementation_t; +typedef struct dns_dlzdb dns_dlzdb_t; +typedef struct dns_sdlzimplementation dns_sdlzimplementation_t; typedef struct dns_decompress dns_decompress_t; typedef struct dns_dispatch dns_dispatch_t; typedef struct dns_dispatchevent dns_dispatchevent_t; @@ -61,6 +68,7 @@ typedef struct dns_fetch dns_fetch_t; typedef struct dns_fixedname dns_fixedname_t; typedef struct dns_forwarders dns_forwarders_t; typedef struct dns_fwdtable dns_fwdtable_t; +typedef struct dns_iptable dns_iptable_t; typedef isc_uint16_t dns_keyflags_t; typedef struct dns_keynode dns_keynode_t; typedef struct dns_keytable dns_keytable_t; @@ -98,6 +106,8 @@ typedef isc_uint8_t dns_secproto_t; typedef struct dns_signature dns_signature_t; typedef struct dns_ssurule dns_ssurule_t; typedef struct dns_ssutable dns_ssutable_t; +typedef struct dns_stats dns_stats_t; +typedef isc_uint32_t dns_rdatastatstype_t; typedef struct dns_tkeyctx dns_tkeyctx_t; typedef isc_uint16_t dns_trust_t; typedef struct dns_tsig_keyring dns_tsig_keyring_t; @@ -111,6 +121,15 @@ typedef ISC_LIST(dns_zone_t) dns_zonelist_t; typedef struct dns_zonemgr dns_zonemgr_t; typedef struct dns_zt dns_zt_t; +/* + * If we are not using GSSAPI, define the types we use as opaque types here. + */ +#ifndef GSSAPI +typedef struct not_defined_gss_cred_id *gss_cred_id_t; +typedef struct not_defined_gss_ctx *gss_ctx_id_t; +#endif +typedef struct dst_gssapi_signverifyctx dst_gssapi_signverifyctx_t; + typedef enum { dns_fwdpolicy_none = 0, dns_fwdpolicy_first = 1, @@ -136,7 +155,8 @@ typedef enum { typedef enum { dns_notifytype_no = 0, dns_notifytype_yes = 1, - dns_notifytype_explicit = 2 + dns_notifytype_explicit = 2, + dns_notifytype_masteronly = 3 } dns_notifytype_t; typedef enum { @@ -148,13 +168,19 @@ typedef enum { dns_dialuptype_passive = 5 } dns_dialuptype_t; +typedef enum { + dns_masterformat_none = 0, + dns_masterformat_text = 1, + dns_masterformat_raw = 2 +} dns_masterformat_t; + /* * These are generated by gen.c. */ #include /* Provides dns_rdatatype_t. */ #include /* Provides dns_rdataclass_t. */ -/* +/*% * rcodes. */ enum { @@ -190,7 +216,7 @@ enum { #define dns_rcode_badvers ((dns_rcode_t)dns_rcode_badvers) }; -/* +/*% * TSIG errors. */ enum { @@ -199,10 +225,11 @@ enum { dns_tsigerror_badtime = 18, dns_tsigerror_badmode = 19, dns_tsigerror_badname = 20, - dns_tsigerror_badalg = 21 + dns_tsigerror_badalg = 21, + dns_tsigerror_badtrunc = 22 }; -/* +/*% * Opcodes. */ enum { @@ -218,7 +245,7 @@ enum { #define dns_opcode_update ((dns_opcode_t)dns_opcode_update) }; -/* +/*% * Trust levels. Must be kept in sync with trustnames[] in masterdump.c. */ enum { @@ -226,19 +253,19 @@ enum { dns_trust_none = 0, #define dns_trust_none ((dns_trust_t)dns_trust_none) - /* Subject to DNSSEC validation but has not yet been validated */ + /*% Subject to DNSSEC validation but has not yet been validated */ dns_trust_pending = 1, #define dns_trust_pending ((dns_trust_t)dns_trust_pending) - /* Received in the additional section of a response. */ + /*% Received in the additional section of a response. */ dns_trust_additional = 2, #define dns_trust_additional ((dns_trust_t)dns_trust_additional) - /* Received in a referral response. */ + /* Received in a referral response. */ dns_trust_glue = 3, #define dns_trust_glue ((dns_trust_t)dns_trust_glue) - /* Answser from a non-authoritative server */ + /* Answer from a non-authoritative server */ dns_trust_answer = 4, #define dns_trust_answer ((dns_trust_t)dns_trust_answer) @@ -247,11 +274,11 @@ enum { dns_trust_authauthority = 5, #define dns_trust_authauthority ((dns_trust_t)dns_trust_authauthority) - /* Answser from an authoritative server */ + /* Answer from an authoritative server */ dns_trust_authanswer = 6, #define dns_trust_authanswer ((dns_trust_t)dns_trust_authanswer) - /* Successfully DNSSEC validated */ + /* Successfully DNSSEC validated */ dns_trust_secure = 7, #define dns_trust_secure ((dns_trust_t)dns_trust_secure) @@ -260,8 +287,8 @@ enum { #define dns_trust_ultimate ((dns_trust_t)dns_trust_ultimate) }; -/* - * Name checking severites. +/*% + * Name checking severities. */ typedef enum { dns_severity_ignore, @@ -293,7 +320,21 @@ typedef void typedef void (*dns_updatecallback_t)(void *, isc_result_t, dns_message_t *); -typedef int -(*dns_rdatasetorderfunc_t)(const dns_rdata_t *rdata, const void *arg); +typedef int +(*dns_rdatasetorderfunc_t)(const dns_rdata_t *, const void *); + +typedef isc_boolean_t +(*dns_checkmxfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *); + +typedef isc_boolean_t +(*dns_checksrvfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *); + +typedef isc_boolean_t +(*dns_checknsfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *, + dns_rdataset_t *, dns_rdataset_t *); + +typedef isc_boolean_t +(*dns_isselffunc_t)(dns_view_t *, dns_tsigkey_t *, isc_sockaddr_t *, + isc_sockaddr_t *, dns_rdataclass_t, void *); #endif /* DNS_TYPES_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/validator.h b/contrib/bind-9.5.2/lib/dns/include/dns/validator.h similarity index 91% rename from contrib/bind-9.3/lib/dns/include/dns/validator.h rename to contrib/bind-9.5.2/lib/dns/include/dns/validator.h index a0d6acb68c..746bee156f 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/validator.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/validator.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.h,v 1.18.12.11.6.1 2007/01/11 04:51:39 marka Exp $ */ +/* $Id: validator.h,v 1.39.52.3 2009/01/19 00:01:11 marka Exp $ */ #ifndef DNS_VALIDATOR_H #define DNS_VALIDATOR_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/validator.h * * \brief * DNS Validator @@ -74,18 +74,31 @@ * caller so that they may be freed. * * If the RESULT is ISC_R_SUCCESS and the answer is secure then - * proofs[] will contain the the names of the NSEC records that hold the + * proofs[] will contain the names of the NSEC records that hold the * various proofs. Note the same name may appear multiple times. */ typedef struct dns_validatorevent { ISC_EVENT_COMMON(struct dns_validatorevent); dns_validator_t * validator; isc_result_t result; + /* + * Name and type of the response to be validated. + */ dns_name_t * name; dns_rdatatype_t type; + /* + * Rdata and RRSIG (if any) for positive responses. + */ dns_rdataset_t * rdataset; dns_rdataset_t * sigrdataset; + /* + * The full response. Required for negative responses. + * Also required for positive wildcard responses. + */ dns_message_t * message; + /* + * Proofs to be cached. + */ dns_name_t * proofs[3]; } dns_validatorevent_t; @@ -189,7 +202,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, * options: * If DNS_VALIDATOR_DLV is set the caller knows there is not a * trusted key and the validator should immediately attempt to validate - * the answer by looking for a appopriate DLV RRset. + * the answer by looking for an appropriate DLV RRset. */ void diff --git a/contrib/bind-9.3/lib/dns/include/dns/version.h b/contrib/bind-9.5.2/lib/dns/include/dns/version.h similarity index 80% rename from contrib/bind-9.3/lib/dns/include/dns/version.h rename to contrib/bind-9.5.2/lib/dns/include/dns/version.h index 28c83be195..2a33dcf286 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/version.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.2.224.3 2004/03/08 09:04:40 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file dns/version.h */ #include diff --git a/contrib/bind-9.3/lib/dns/include/dns/view.h b/contrib/bind-9.5.2/lib/dns/include/dns/view.h similarity index 57% rename from contrib/bind-9.3/lib/dns/include/dns/view.h rename to contrib/bind-9.5.2/lib/dns/include/dns/view.h index a3cd935ce4..218d9d5739 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/view.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/view.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.h,v 1.73.2.4.2.12 2004/03/10 02:55:58 marka Exp $ */ +/* $Id: view.h,v 1.107.128.9 2009/01/29 22:41:45 jinmei Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/view.h + * \brief * DNS View * * A "view" is a DNS namespace, together with an optional resolver and a @@ -41,22 +42,22 @@ * to be accessed without locking. * * MP: - * Before the view is frozen, the caller must ensure synchronization. + *\li Before the view is frozen, the caller must ensure synchronization. * - * After the view is frozen, the module guarantees appropriate + *\li After the view is frozen, the module guarantees appropriate * synchronization of any data structures it creates and manipulates. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * None. + *\li None. */ #include @@ -83,9 +84,11 @@ struct dns_view { dns_rdataclass_t rdclass; char * name; dns_zt_t * zonetable; + dns_dlzdb_t * dlzdatabase; dns_resolver_t * resolver; dns_adb_t * adb; dns_requestmgr_t * requestmgr; + dns_acache_t * acache; dns_cache_t * cache; dns_db_t * cachedb; dns_db_t * hints; @@ -97,6 +100,9 @@ struct dns_view { isc_event_t resevent; isc_event_t adbevent; isc_event_t reqevent; + isc_stats_t * resstats; + dns_stats_t * resquerystats; + /* Configurable data. */ dns_tsig_keyring_t * statickeys; dns_tsig_keyring_t * dynamickeys; @@ -109,12 +115,21 @@ struct dns_view { isc_boolean_t additionalfromauth; isc_boolean_t minimalresponses; isc_boolean_t enablednssec; + isc_boolean_t enablevalidation; + isc_boolean_t acceptexpired; dns_transfer_format_t transfer_format; dns_acl_t * queryacl; + dns_acl_t * queryonacl; dns_acl_t * recursionacl; + dns_acl_t * recursiononacl; dns_acl_t * sortlist; + dns_acl_t * notifyacl; + dns_acl_t * transferacl; + dns_acl_t * updateacl; + dns_acl_t * upfwdacl; isc_boolean_t requestixfr; isc_boolean_t provideixfr; + isc_boolean_t requestnsid; dns_ttl_t maxcachettl; dns_ttl_t maxncachettl; in_port_t dstport; @@ -127,6 +142,7 @@ struct dns_view { isc_boolean_t checknames; dns_name_t * dlv; dns_fixedname_t dlv_fixed; + isc_uint16_t maxudp; /* * Configurable data for server use only, @@ -156,109 +172,109 @@ struct dns_view { isc_result_t dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, const char *name, dns_view_t **viewp); -/* +/*%< * Create a view. * * Notes: * - * The newly created view has no cache, no resolver, and an empty + *\li The newly created view has no cache, no resolver, and an empty * zone table. The view is not frozen. * * Requires: * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * - * 'rdclass' is a valid class. + *\li 'rdclass' is a valid class. * - * 'name' is a valid C string. + *\li 'name' is a valid C string. * - * viewp != NULL && *viewp == NULL + *\li viewp != NULL && *viewp == NULL * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY * - * Other errors are possible. + *\li Other errors are possible. */ void dns_view_attach(dns_view_t *source, dns_view_t **targetp); -/* +/*%< * Attach '*targetp' to 'source'. * * Requires: * - * 'source' is a valid, frozen view. + *\li 'source' is a valid, frozen view. * - * 'targetp' points to a NULL dns_view_t *. + *\li 'targetp' points to a NULL dns_view_t *. * * Ensures: * - * *targetp is attached to source. + *\li *targetp is attached to source. * - * While *targetp is attached, the view will not shut down. + *\li While *targetp is attached, the view will not shut down. */ void dns_view_detach(dns_view_t **viewp); -/* +/*%< * Detach '*viewp' from its view. * * Requires: * - * 'viewp' points to a valid dns_view_t * + *\li 'viewp' points to a valid dns_view_t * * * Ensures: * - * *viewp is NULL. + *\li *viewp is NULL. */ void dns_view_flushanddetach(dns_view_t **viewp); -/* +/*%< * Detach '*viewp' from its view. If this was the last reference - * uncommited changed in zones will be flushed to disk. + * uncommitted changed in zones will be flushed to disk. * * Requires: * - * 'viewp' points to a valid dns_view_t * + *\li 'viewp' points to a valid dns_view_t * * * Ensures: * - * *viewp is NULL. + *\li *viewp is NULL. */ void dns_view_weakattach(dns_view_t *source, dns_view_t **targetp); -/* +/*%< * Weakly attach '*targetp' to 'source'. * * Requires: * - * 'source' is a valid, frozen view. + *\li 'source' is a valid, frozen view. * - * 'targetp' points to a NULL dns_view_t *. + *\li 'targetp' points to a NULL dns_view_t *. * * Ensures: * - * *targetp is attached to source. + *\li *targetp is attached to source. * - * While *targetp is attached, the view will not be freed. + * \li While *targetp is attached, the view will not be freed. */ void dns_view_weakdetach(dns_view_t **targetp); -/* +/*%< * Detach '*viewp' from its view. * * Requires: * - * 'viewp' points to a valid dns_view_t *. + *\li 'viewp' points to a valid dns_view_t *. * * Ensures: * - * *viewp is NULL. + *\li *viewp is NULL. */ isc_result_t @@ -270,94 +286,94 @@ dns_view_createresolver(dns_view_t *view, dns_dispatchmgr_t *dispatchmgr, dns_dispatch_t *dispatchv4, dns_dispatch_t *dispatchv6); -/* +/*%< * Create a resolver and address database for the view. * * Requires: * - * 'view' is a valid, unfrozen view. + *\li 'view' is a valid, unfrozen view. * - * 'view' does not have a resolver already. + *\li 'view' does not have a resolver already. * - * The requirements of dns_resolver_create() apply to 'taskmgr', + *\li The requirements of dns_resolver_create() apply to 'taskmgr', * 'ntasks', 'socketmgr', 'timermgr', 'options', 'dispatchv4', and * 'dispatchv6'. * * Returns: * - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * - * Any error that dns_resolver_create() can return. + *\li Any error that dns_resolver_create() can return. */ void dns_view_setcache(dns_view_t *view, dns_cache_t *cache); -/* +/*%< * Set the view's cache database. * * Requires: * - * 'view' is a valid, unfrozen view. + *\li 'view' is a valid, unfrozen view. * - * 'cache' is a valid cache. + *\li 'cache' is a valid cache. * * Ensures: * - * The cache of 'view' is 'cached. + * \li The cache of 'view' is 'cached. * - * If this is not the first call to dns_view_setcache() for this + *\li If this is not the first call to dns_view_setcache() for this * view, then previously set cache is detached. */ void dns_view_sethints(dns_view_t *view, dns_db_t *hints); -/* +/*%< * Set the view's hints database. * * Requires: * - * 'view' is a valid, unfrozen view, whose hints database has not been + *\li 'view' is a valid, unfrozen view, whose hints database has not been * set. * - * 'hints' is a valid zone database. + *\li 'hints' is a valid zone database. * * Ensures: * - * The hints database of 'view' is 'hints'. + * \li The hints database of 'view' is 'hints'. */ void dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring); -/* +/*%< * Set the view's static TSIG keys * * Requires: * - * 'view' is a valid, unfrozen view, whose static TSIG keyring has not + * \li 'view' is a valid, unfrozen view, whose static TSIG keyring has not * been set. * - * 'ring' is a valid TSIG keyring + *\li 'ring' is a valid TSIG keyring * * Ensures: * - * The static TSIG keyring of 'view' is 'ring'. + *\li The static TSIG keyring of 'view' is 'ring'. */ void dns_view_setdstport(dns_view_t *view, in_port_t dstport); -/* +/*%< * Set the view's destination port. This is the port to * which outgoing queries are sent. The default is 53, * the standard DNS port. * * Requires: * - * 'view' is a valid view. + *\li 'view' is a valid view. * - * 'dstport' is a valid TCP/UDP port number. + *\li 'dstport' is a valid TCP/UDP port number. * * Ensures: - * External name servers will be assumed to be listning + *\li External name servers will be assumed to be listening * on 'dstport'. For servers whose address has already * obtained obtained at the time of the call, the view may * continue to use the previously set port until the address @@ -367,28 +383,28 @@ dns_view_setdstport(dns_view_t *view, in_port_t dstport); isc_result_t dns_view_addzone(dns_view_t *view, dns_zone_t *zone); -/* +/*%< * Add zone 'zone' to 'view'. * * Requires: * - * 'view' is a valid, unfrozen view. + *\li 'view' is a valid, unfrozen view. * - * 'zone' is a valid zone. + *\li 'zone' is a valid zone. */ void dns_view_freeze(dns_view_t *view); -/* +/*%< * Freeze view. * * Requires: * - * 'view' is a valid, unfrozen view. + *\li 'view' is a valid, unfrozen view. * * Ensures: * - * 'view' is frozen. + *\li 'view' is frozen. */ isc_result_t @@ -396,63 +412,63 @@ dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints, dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); -/* +/*%< * Find an rdataset whose owner name is 'name', and whose type is * 'type'. * * Notes: * - * See the description of dns_db_find() for information about 'options'. - * If the caller sets DNS_DBFIND_GLUEOK, it must ensure that 'name' + *\li See the description of dns_db_find() for information about 'options'. + * If the caller sets #DNS_DBFIND_GLUEOK, it must ensure that 'name' * and 'type' are appropriate for glue retrieval. * - * If 'now' is zero, then the current time will be used. + *\li If 'now' is zero, then the current time will be used. * - * If 'use_hints' is ISC_TRUE, and the view has a hints database, then + *\li If 'use_hints' is ISC_TRUE, and the view has a hints database, then * it will be searched last. If the answer is found in the hints * database, the result code will be DNS_R_HINT. If the name is found * in the hints database but not the type, the result code will be - * DNS_R_HINTNXRRSET. + * #DNS_R_HINTNXRRSET. * - * 'foundname' must meet the requirements of dns_db_find(). + *\li 'foundname' must meet the requirements of dns_db_find(). * - * If 'sigrdataset' is not NULL, and there is a SIG rdataset which + *\li If 'sigrdataset' is not NULL, and there is a SIG rdataset which * covers 'type', then 'sigrdataset' will be bound to it. * * Requires: * - * 'view' is a valid, frozen view. + *\li 'view' is a valid, frozen view. * - * 'name' is valid name. + *\li 'name' is valid name. * - * 'type' is a valid dns_rdatatype_t, and is not a meta query type + *\li 'type' is a valid dns_rdatatype_t, and is not a meta query type * except dns_rdatatype_any. * - * dbp == NULL || *dbp == NULL + *\li dbp == NULL || *dbp == NULL * - * nodep == NULL || *nodep == NULL. If nodep != NULL, dbp != NULL. + *\li nodep == NULL || *nodep == NULL. If nodep != NULL, dbp != NULL. * - * 'foundname' is a valid name with a dedicated buffer or NULL. + *\li 'foundname' is a valid name with a dedicated buffer or NULL. * - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * - * 'sigrdataset' is NULL, or is a valid, disassociated rdataset. + *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset. * * Ensures: * - * In successful cases, 'rdataset', and possibly 'sigrdataset', are + *\li In successful cases, 'rdataset', and possibly 'sigrdataset', are * bound to the found data. * - * If dbp != NULL, it points to the database containing the data. + *\li If dbp != NULL, it points to the database containing the data. * - * If nodep != NULL, it points to the database node containing the data. + *\li If nodep != NULL, it points to the database node containing the data. * - * If foundname != NULL, it contains the full name of the found data. + *\li If foundname != NULL, it contains the full name of the found data. * * Returns: * - * Any result that dns_db_find() can return, with the exception of - * DNS_R_DELEGATION. + *\li Any result that dns_db_find() can return, with the exception of + * #DNS_R_DELEGATION. */ isc_result_t @@ -460,62 +476,63 @@ dns_view_simplefind(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); -/* +/*%< * Find an rdataset whose owner name is 'name', and whose type is * 'type'. * * Notes: * - * This routine is appropriate for simple, exact-match queries of the + *\li This routine is appropriate for simple, exact-match queries of the * view. 'name' must be a canonical name; there is no DNAME or CNAME * processing. * - * See the description of dns_db_find() for information about 'options'. + *\li See the description of dns_db_find() for information about 'options'. * If the caller sets DNS_DBFIND_GLUEOK, it must ensure that 'name' * and 'type' are appropriate for glue retrieval. * - * If 'now' is zero, then the current time will be used. + *\li If 'now' is zero, then the current time will be used. * - * If 'use_hints' is ISC_TRUE, and the view has a hints database, then + *\li If 'use_hints' is ISC_TRUE, and the view has a hints database, then * it will be searched last. If the answer is found in the hints * database, the result code will be DNS_R_HINT. If the name is found * in the hints database but not the type, the result code will be * DNS_R_HINTNXRRSET. * - * If 'sigrdataset' is not NULL, and there is a SIG rdataset which + *\li If 'sigrdataset' is not NULL, and there is a SIG rdataset which * covers 'type', then 'sigrdataset' will be bound to it. * * Requires: * - * 'view' is a valid, frozen view. + *\li 'view' is a valid, frozen view. * - * 'name' is valid name. + *\li 'name' is valid name. * - * 'type' is a valid dns_rdatatype_t, and is not a meta query type + *\li 'type' is a valid dns_rdatatype_t, and is not a meta query type * (e.g. dns_rdatatype_any), or dns_rdatatype_rrsig. * - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * - * 'sigrdataset' is NULL, or is a valid, disassociated rdataset. + *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset. * * Ensures: * - * In successful cases, 'rdataset', and possibly 'sigrdataset', are + *\li In successful cases, 'rdataset', and possibly 'sigrdataset', are * bound to the found data. * * Returns: * - * ISC_R_SUCCESS Success; result is desired type. - * DNS_R_GLUE Success; result is glue. - * DNS_R_HINT Success; result is a hint. - * DNS_R_NCACHENXDOMAIN Success; result is a ncache entry. - * DNS_R_NCACHENXRRSET Success; result is a ncache entry. - * DNS_R_NXDOMAIN The name does not exist. - * DNS_R_NXRRSET The rrset does not exist. - * ISC_R_NOTFOUND No matching data found, + *\li #ISC_R_SUCCESS Success; result is desired type. + *\li DNS_R_GLUE Success; result is glue. + *\li DNS_R_HINT Success; result is a hint. + *\li DNS_R_NCACHENXDOMAIN Success; result is a ncache entry. + *\li DNS_R_NCACHENXRRSET Success; result is a ncache entry. + *\li DNS_R_NXDOMAIN The name does not exist. + *\li DNS_R_NXRRSET The rrset does not exist. + *\li #ISC_R_NOTFOUND No matching data found, * or an error occurred. */ +/*% See dns_view_findzonecut2() */ isc_result_t dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, isc_stdtime_t now, unsigned int options, @@ -527,7 +544,7 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints, isc_boolean_t use_cache, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); -/* +/*%< * Find the best known zonecut containing 'name'. * * This uses local authority, cache, and optionally hints data. @@ -535,69 +552,82 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, * * Notes: * - * If 'now' is zero, then the current time will be used. + *\li If 'now' is zero, then the current time will be used. * - * If 'use_hints' is ISC_TRUE, and the view has a hints database, then + *\li If 'use_hints' is ISC_TRUE, and the view has a hints database, then * it will be searched last. * - * If 'use_cache' is ISC_TRUE, and the view has a cache, then it will be + *\li If 'use_cache' is ISC_TRUE, and the view has a cache, then it will be * searched. * - * If 'sigrdataset' is not NULL, and there is a SIG rdataset which + *\li If 'sigrdataset' is not NULL, and there is a SIG rdataset which * covers 'type', then 'sigrdataset' will be bound to it. * - * If the DNS_DBFIND_NOEXACT option is set, then the zonecut returned + *\li If the DNS_DBFIND_NOEXACT option is set, then the zonecut returned * (if any) will be the deepest known ancestor of 'name'. * * Requires: * - * 'view' is a valid, frozen view. + *\li 'view' is a valid, frozen view. * - * 'name' is valid name. + *\li 'name' is valid name. * - * 'rdataset' is a valid, disassociated rdataset. + *\li 'rdataset' is a valid, disassociated rdataset. * - * 'sigrdataset' is NULL, or is a valid, disassociated rdataset. + *\li 'sigrdataset' is NULL, or is a valid, disassociated rdataset. * * Returns: * - * ISC_R_SUCCESS Success. + *\li #ISC_R_SUCCESS Success. * - * Many other results are possible. + *\li Many other results are possible. */ isc_result_t dns_viewlist_find(dns_viewlist_t *list, const char *name, dns_rdataclass_t rdclass, dns_view_t **viewp); -/* +/*%< * Search for a view with name 'name' and class 'rdclass' in 'list'. * If found, '*viewp' is (strongly) attached to it. * * Requires: * - * 'viewp' points to a NULL dns_view_t *. + *\li 'viewp' points to a NULL dns_view_t *. * * Returns: * - * ISC_R_SUCCESS A matching view was found. - * ISC_R_NOTFOUND No matching view was found. + *\li #ISC_R_SUCCESS A matching view was found. + *\li #ISC_R_NOTFOUND No matching view was found. + */ + +isc_result_t +dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name, isc_boolean_t allclasses, + dns_rdataclass_t rdclass, dns_zone_t **zonep); + +/*%< + * Search zone with 'name' in view with 'rdclass' in viewlist 'list' + * If found, zone is returned in *zonep. If allclasses is set rdclass is ignored + * + * Returns: + *\li #ISC_R_SUCCESS A matching zone was found. + *\li #ISC_R_NOTFOUND No matching zone was found. */ isc_result_t dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep); -/* +/*%< * Search for the zone 'name' in the zone table of 'view'. * If found, 'zonep' is (strongly) attached to it. There * are no partial matches. * * Requires: * - * 'zonep' points to a NULL dns_zone_t *. + *\li 'zonep' points to a NULL dns_zone_t *. * * Returns: - * ISC_R_SUCCESS A matching zone was found. - * ISC_R_NOTFOUND No matching zone was found. - * others An error occurred. + *\li #ISC_R_SUCCESS A matching zone was found. + *\li #ISC_R_NOTFOUND No matching zone was found. + *\li others An error occurred. */ isc_result_t @@ -605,10 +635,10 @@ dns_view_load(dns_view_t *view, isc_boolean_t stop); isc_result_t dns_view_loadnew(dns_view_t *view, isc_boolean_t stop); -/* +/*%< * Load zones attached to this view. dns_view_load() loads * all zones whose master file has changed since the last - * load; dns_view_loadnew() loads only zones that have never + * load; dns_view_loadnew() loads only zones that have never * been loaded. * * If 'stop' is ISC_TRUE, stop on the first error and return it. @@ -616,65 +646,65 @@ dns_view_loadnew(dns_view_t *view, isc_boolean_t stop); * * Requires: * - * 'view' is valid. + *\li 'view' is valid. */ isc_result_t dns_view_gettsig(dns_view_t *view, dns_name_t *keyname, dns_tsigkey_t **keyp); -/* +/*%< * Find the TSIG key configured in 'view' with name 'keyname', * if any. * - * Reqires: - * keyp points to a NULL dns_tsigkey_t *. + * Requires: + *\li keyp points to a NULL dns_tsigkey_t *. * * Returns: - * ISC_R_SUCCESS A key was found and '*keyp' now points to it. - * ISC_R_NOTFOUND No key was found. - * others An error occurred. + *\li #ISC_R_SUCCESS A key was found and '*keyp' now points to it. + *\li #ISC_R_NOTFOUND No key was found. + *\li others An error occurred. */ isc_result_t dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr, dns_tsigkey_t **keyp); -/* +/*%< * Find the TSIG key configured in 'view' for the server whose * address is 'peeraddr', if any. * - * Reqires: + * Requires: * keyp points to a NULL dns_tsigkey_t *. * * Returns: - * ISC_R_SUCCESS A key was found and '*keyp' now points to it. - * ISC_R_NOTFOUND No key was found. - * others An error occurred. + *\li #ISC_R_SUCCESS A key was found and '*keyp' now points to it. + *\li #ISC_R_NOTFOUND No key was found. + *\li others An error occurred. */ isc_result_t dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg); -/* +/*%< * Verifies the signature of a message. * * Requires: * - * 'view' is a valid view. - * 'source' is a valid buffer containing the message - * 'msg' is a valid message + *\li 'view' is a valid view. + *\li 'source' is a valid buffer containing the message + *\li 'msg' is a valid message * * Returns: - * see dns_tsig_verify() + *\li see dns_tsig_verify() */ void dns_view_dialup(dns_view_t *view); -/* +/*%< * Perform dialup-time maintenance on the zones of 'view'. */ isc_result_t dns_view_dumpdbtostream(dns_view_t *view, FILE *fp); -/* +/*%< * Dump the current state of the view 'view' to the stream 'fp' * for purposes of analysis or debugging. * @@ -684,19 +714,19 @@ dns_view_dumpdbtostream(dns_view_t *view, FILE *fp); * easily obtainable by other means. * * Requires: - * - * 'view' is valid. * - * 'fp' refers to a file open for writing. + *\li 'view' is valid. + * + *\li 'fp' refers to a file open for writing. * * Returns: - * ISC_R_SUCCESS The cache was successfully dumped. - * others An error occurred (see dns_master_dump) + * \li ISC_R_SUCCESS The cache was successfully dumped. + * \li others An error occurred (see dns_master_dump) */ isc_result_t dns_view_flushcache(dns_view_t *view); -/* +/*%< * Flush the view's cache (and ADB). * * Requires: @@ -705,85 +735,145 @@ dns_view_flushcache(dns_view_t *view); * No other tasks are executing. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ isc_result_t dns_view_flushname(dns_view_t *view, dns_name_t *); -/* +/*%< * Flush the given name from the view's cache (and ADB). * * Requires: - * 'view' is valid. - * 'name' is valid. + *\li 'view' is valid. + *\li 'name' is valid. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * other returns are failures. */ isc_result_t dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name); -/* +/*%< * Add the given name to the delegation only table. - * + * * * Requires: - * 'view' is valid. - * 'name' is valid. + *\li 'view' is valid. + *\li 'name' is valid. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ isc_result_t dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name); -/* +/*%< * Add the given name to be excluded from the root-delegation-only. - * + * * * Requires: - * 'view' is valid. - * 'name' is valid. + *\li 'view' is valid. + *\li 'name' is valid. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ isc_boolean_t dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name); -/* +/*%< * Check if 'name' is in the delegation only table or if * rootdelonly is set that name is not being excluded. * * Requires: - * 'view' is valid. - * 'name' is valid. + *\li 'view' is valid. + *\li 'name' is valid. * * Returns: - * ISC_TRUE if the name is is the table. - * ISC_FALSE othewise. + *\li #ISC_TRUE if the name is the table. + *\li #ISC_FALSE otherwise. */ void dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value); -/* +/*%< * Set the root delegation only flag. * * Requires: - * 'view' is valid. + *\li 'view' is valid. */ isc_boolean_t dns_view_getrootdelonly(dns_view_t *view); -/* +/*%< * Get the root delegation only flag. * * Requires: - * 'view' is valid. + *\li 'view' is valid. + */ + +isc_result_t +dns_view_freezezones(dns_view_t *view, isc_boolean_t freeze); +/*%< + * Freeze/thaw updates to master zones. + * + * Requires: + * \li 'view' is valid. + */ + +void +dns_view_setresstats(dns_view_t *view, isc_stats_t *stats); +/*%< + * Set a general resolver statistics counter set 'stats' for 'view'. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li stats is a valid statistics supporting resolver statistics counters + * (see dns/stats.h). + */ + +void +dns_view_getresstats(dns_view_t *view, isc_stats_t **statsp); +/*%< + * Get the general statistics counter set for 'view'. If a statistics set is + * set '*statsp' will be attached to the set; otherwise, '*statsp' will be + * untouched. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li 'statsp' != NULL && '*statsp' != NULL + */ + +void +dns_view_setresquerystats(dns_view_t *view, dns_stats_t *stats); +/*%< + * Set a statistics counter set of rdata type, 'stats', for 'view'. Once the + * statistic set is installed, view's resolver will count outgoing queries + * per rdata type. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li stats is a valid statistics created by dns_rdatatypestats_create(). + */ + +void +dns_view_getresquerystats(dns_view_t *view, dns_stats_t **statsp); +/*%< + * Get the rdatatype statistics counter set for 'view'. If a statistics set is + * set '*statsp' will be attached to the set; otherwise, '*statsp' will be + * untouched. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li 'statsp' != NULL && '*statsp' != NULL */ #endif /* DNS_VIEW_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/xfrin.h b/contrib/bind-9.5.2/lib/dns/include/dns/xfrin.h similarity index 84% rename from contrib/bind-9.3/lib/dns/include/dns/xfrin.h rename to contrib/bind-9.5.2/lib/dns/include/dns/xfrin.h index 0f5e086b21..af97ad3f6b 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/xfrin.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/xfrin.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.h,v 1.18.136.4 2006/07/20 01:10:29 marka Exp $ */ +/* $Id: xfrin.h,v 1.28.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef DNS_XFRIN_H #define DNS_XFRIN_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file dns/xfrin.h + * \brief * Incoming zone transfers (AXFR + IXFR). */ @@ -40,7 +41,7 @@ *** Types ***/ -/* +/*% * A transfer in progress. This is an opaque type. */ typedef struct dns_xfrin_ctx dns_xfrin_ctx_t; @@ -51,6 +52,7 @@ typedef struct dns_xfrin_ctx dns_xfrin_ctx_t; ISC_LANG_BEGINDECLS +/*% see dns_xfrin_create2() */ isc_result_t dns_xfrin_create(dns_zone_t *zone, dns_rdatatype_t xfrtype, isc_sockaddr_t *masteraddr, dns_tsigkey_t *tsigkey, @@ -65,7 +67,7 @@ dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype, isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr, isc_task_t *task, dns_xfrindone_t done, dns_xfrin_ctx_t **xfrp); -/* +/*%< * Attempt to start an incoming zone transfer of 'zone' * from 'masteraddr', creating a dns_xfrin_ctx_t object to * manage it. Attach '*xfrp' to the newly created object. @@ -75,32 +77,32 @@ dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype, * code as arguments when the transfer finishes. * * Requires: - * 'xfrtype' is dns_rdatatype_axfr, dns_rdatatype_ixfr + *\li 'xfrtype' is dns_rdatatype_axfr, dns_rdatatype_ixfr * or dns_rdatatype_soa (soa query followed by axfr if * serial is greater than current serial). * - * If 'xfrtype' is dns_rdatatype_ixfr or dns_rdatatype_soa, + *\li If 'xfrtype' is dns_rdatatype_ixfr or dns_rdatatype_soa, * the zone has a database. */ void dns_xfrin_shutdown(dns_xfrin_ctx_t *xfr); -/* +/*%< * If the zone transfer 'xfr' has already finished, * do nothing. Otherwise, abort it and cause it to call - * its done callback with a status of ISC_R_CANCELLED. + * its done callback with a status of ISC_R_CANCELED. */ void dns_xfrin_detach(dns_xfrin_ctx_t **xfrp); -/* +/*%< * Detach a reference to a zone transfer object. * Caller to maintain external locking if required. */ void dns_xfrin_attach(dns_xfrin_ctx_t *source, dns_xfrin_ctx_t **target); -/* +/*%< * Caller to maintain external locking if required. */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/zone.h b/contrib/bind-9.5.2/lib/dns/include/dns/zone.h similarity index 55% rename from contrib/bind-9.3/lib/dns/include/dns/zone.h rename to contrib/bind-9.5.2/lib/dns/include/dns/zone.h index 4baf36ab36..94953bcdea 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/zone.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/zone.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.106.2.7.4.18 2006/08/01 03:44:00 marka Exp $ */ +/* $Id: zone.h,v 1.153.56.8 2009/07/11 04:28:14 marka Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 +/*! \file dns/zone.h */ + /*** *** Imports ***/ @@ -30,6 +32,7 @@ #include #include +#include #include typedef enum { @@ -39,19 +42,32 @@ typedef enum { dns_zone_stub } dns_zonetype_t; -#define DNS_ZONEOPT_SERVERS 0x00000001U /* perform server checks */ -#define DNS_ZONEOPT_PARENTS 0x00000002U /* perform parent checks */ -#define DNS_ZONEOPT_CHILDREN 0x00000004U /* perform child checks */ -#define DNS_ZONEOPT_NOTIFY 0x00000008U /* perform NOTIFY */ -#define DNS_ZONEOPT_MANYERRORS 0x00000010U /* return many errors on load */ -#define DNS_ZONEOPT_IXFRFROMDIFFS 0x00000020U /* calculate differences */ -#define DNS_ZONEOPT_NOMERGE 0x00000040U /* don't merge journal */ -#define DNS_ZONEOPT_CHECKNS 0x00000080U /* check if NS's are addresses */ -#define DNS_ZONEOPT_FATALNS 0x00000100U /* DNS_ZONEOPT_CHECKNS is fatal */ -#define DNS_ZONEOPT_MULTIMASTER 0x00000200U /* this zone has multiple masters */ -#define DNS_ZONEOPT_USEALTXFRSRC 0x00000400U /* use alternate transfer sources */ -#define DNS_ZONEOPT_CHECKNAMES 0x00000800U /* check-names */ -#define DNS_ZONEOPT_CHECKNAMESFAIL 0x00001000U /* fatal check-name failures */ +#define DNS_ZONEOPT_SERVERS 0x00000001U /*%< perform server checks */ +#define DNS_ZONEOPT_PARENTS 0x00000002U /*%< perform parent checks */ +#define DNS_ZONEOPT_CHILDREN 0x00000004U /*%< perform child checks */ +#define DNS_ZONEOPT_NOTIFY 0x00000008U /*%< perform NOTIFY */ +#define DNS_ZONEOPT_MANYERRORS 0x00000010U /*%< return many errors on load */ +#define DNS_ZONEOPT_IXFRFROMDIFFS 0x00000020U /*%< calculate differences */ +#define DNS_ZONEOPT_NOMERGE 0x00000040U /*%< don't merge journal */ +#define DNS_ZONEOPT_CHECKNS 0x00000080U /*%< check if NS's are addresses */ +#define DNS_ZONEOPT_FATALNS 0x00000100U /*%< DNS_ZONEOPT_CHECKNS is fatal */ +#define DNS_ZONEOPT_MULTIMASTER 0x00000200U /*%< this zone has multiple masters */ +#define DNS_ZONEOPT_USEALTXFRSRC 0x00000400U /*%< use alternate transfer sources */ +#define DNS_ZONEOPT_CHECKNAMES 0x00000800U /*%< check-names */ +#define DNS_ZONEOPT_CHECKNAMESFAIL 0x00001000U /*%< fatal check-name failures */ +#define DNS_ZONEOPT_CHECKWILDCARD 0x00002000U /*%< check for internal wildcards */ +#define DNS_ZONEOPT_CHECKMX 0x00004000U /*%< check-mx */ +#define DNS_ZONEOPT_CHECKMXFAIL 0x00008000U /*%< fatal check-mx failures */ +#define DNS_ZONEOPT_CHECKINTEGRITY 0x00010000U /*%< perform integrity checks */ +#define DNS_ZONEOPT_CHECKSIBLING 0x00020000U /*%< perform sibling glue checks */ +#define DNS_ZONEOPT_NOCHECKNS 0x00040000U /*%< disable IN NS address checks */ +#define DNS_ZONEOPT_WARNMXCNAME 0x00080000U /*%< warn on MX CNAME check */ +#define DNS_ZONEOPT_IGNOREMXCNAME 0x00100000U /*%< ignore MX CNAME check */ +#define DNS_ZONEOPT_WARNSRVCNAME 0x00200000U /*%< warn on SRV CNAME check */ +#define DNS_ZONEOPT_IGNORESRVCNAME 0x00400000U /*%< ignore SRV CNAME check */ +#define DNS_ZONEOPT_UPDATECHECKKSK 0x00800000U /*%< check dnskey KSK flag */ +#define DNS_ZONEOPT_TRYTCPREFRESH 0x01000000U /*%< try tcp refresh on udp failure */ +#define DNS_ZONEOPT_NOTIFYTOSOA 0x02000000U /*%< Notify the SOA MNAME */ #ifndef NOMINUM_PUBLIC /* @@ -61,22 +77,22 @@ typedef enum { #endif /* NOMINUM_PUBLIC */ #ifndef DNS_ZONE_MINREFRESH -#define DNS_ZONE_MINREFRESH 300 /* 5 minutes */ +#define DNS_ZONE_MINREFRESH 300 /*%< 5 minutes */ #endif #ifndef DNS_ZONE_MAXREFRESH -#define DNS_ZONE_MAXREFRESH 2419200 /* 4 weeks */ +#define DNS_ZONE_MAXREFRESH 2419200 /*%< 4 weeks */ #endif #ifndef DNS_ZONE_DEFAULTREFRESH -#define DNS_ZONE_DEFAULTREFRESH 3600 /* 1 hour */ +#define DNS_ZONE_DEFAULTREFRESH 3600 /*%< 1 hour */ #endif #ifndef DNS_ZONE_MINRETRY -#define DNS_ZONE_MINRETRY 300 /* 5 minutes */ +#define DNS_ZONE_MINRETRY 300 /*%< 5 minutes */ #endif #ifndef DNS_ZONE_MAXRETRY -#define DNS_ZONE_MAXRETRY 1209600 /* 2 weeks */ +#define DNS_ZONE_MAXRETRY 1209600 /*%< 2 weeks */ #endif #ifndef DNS_ZONE_DEFAULTRETRY -#define DNS_ZONE_DEFAULTRETRY 60 /* 1 minute, subject to +#define DNS_ZONE_DEFAULTRETRY 60 /*%< 1 minute, subject to exponential backoff */ #endif @@ -93,126 +109,144 @@ ISC_LANG_BEGINDECLS isc_result_t dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx); -/* +/*%< * Creates a new empty zone and attach '*zonep' to it. * * Requires: - * 'zonep' to point to a NULL pointer. - * 'mctx' to be a valid memory context. + *\li 'zonep' to point to a NULL pointer. + *\li 'mctx' to be a valid memory context. * * Ensures: - * '*zonep' refers to a valid zone. + *\li '*zonep' refers to a valid zone. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED */ void dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass); -/* +/*%< * Sets the class of a zone. This operation can only be performed * once on a zone. * * Require: - * 'zone' to be a valid zone. - * dns_zone_setclass() not to have been called since the zone was + *\li 'zone' to be a valid zone. + *\li dns_zone_setclass() not to have been called since the zone was * created. - * 'rdclass' != dns_rdataclass_none. + *\li 'rdclass' != dns_rdataclass_none. */ dns_rdataclass_t dns_zone_getclass(dns_zone_t *zone); -/* +/*%< * Returns the current zone class. * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. + */ + +isc_uint32_t +dns_zone_getserial(dns_zone_t *zone); +/*%< + * Returns the current serial number of the zone. + * + * Requires: + *\li 'zone' to be a valid zone. */ void dns_zone_settype(dns_zone_t *zone, dns_zonetype_t type); -/* +/*%< * Sets the zone type. This operation can only be performed once on * a zone. * * Requires: - * 'zone' to be a valid zone. - * dns_zone_settype() not to have been called since the zone was + *\li 'zone' to be a valid zone. + *\li dns_zone_settype() not to have been called since the zone was * created. - * 'type' != dns_zone_none + *\li 'type' != dns_zone_none */ void dns_zone_setview(dns_zone_t *zone, dns_view_t *view); -/* +/*%< * Associate the zone with a view. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ dns_view_t * dns_zone_getview(dns_zone_t *zone); -/* +/*%< * Returns the zone's associated view. * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin); -/* +/*%< * Sets the zones origin to 'origin'. * * Require: - * 'zone' to be a valid zone. - * 'origin' to be non NULL. + *\li 'zone' to be a valid zone. + *\li 'origin' to be non NULL. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ dns_name_t * dns_zone_getorigin(dns_zone_t *zone); -/* +/*%< * Returns the value of the origin. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_setfile(dns_zone_t *zone, const char *file); -/* - * Sets the name of the master file from which the zone - * loads its database to 'file'. For zones that have - * no associated master file, 'file' will be NULL. + +isc_result_t +dns_zone_setfile2(dns_zone_t *zone, const char *file, + dns_masterformat_t format); +/*%< + * Sets the name of the master file in the format of 'format' from which + * the zone loads its database to 'file'. + * + * For zones that have no associated master file, 'file' will be NULL. * * For zones with persistent databases, the file name * setting is ignored. * + * dns_zone_setfile() is a backward-compatible form of + * dns_zone_setfile2(), which always specifies the + * dns_masterformat_text (RFC1035) format. + * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * ISC_R_NOMEMORY - * ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS */ const char * dns_zone_getfile(dns_zone_t *zone); -/* +/*%< * Gets the name of the zone's master file, if any. * * Requires: - * 'zone' to be valid initialised zone. + *\li 'zone' to be valid initialised zone. * * Returns: - * Pointer to null-terminated file name, or NULL. + *\li Pointer to null-terminated file name, or NULL. */ isc_result_t @@ -220,7 +254,10 @@ dns_zone_load(dns_zone_t *zone); isc_result_t dns_zone_loadnew(dns_zone_t *zone); -/* + +isc_result_t +dns_zone_loadandthaw(dns_zone_t *zone); +/*%< * Cause the database to be loaded from its backing store. * Confirm that the minimum requirements for the zone type are * met, otherwise DNS_R_BADZONE is returned. @@ -228,189 +265,220 @@ dns_zone_loadnew(dns_zone_t *zone); * dns_zone_loadnew() only loads zones that are not yet loaded. * dns_zone_load() also loads zones that are already loaded and * and whose master file has changed since the last load. + * dns_zone_loadandthaw() is similar to dns_zone_load() but will + * also re-enable DNS UPDATEs when the load completes. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * ISC_R_UNEXPECTED - * ISC_R_SUCCESS - * DNS_R_CONTINUE Incremental load has been queued. - * DNS_R_UPTODATE The zone has already been loaded based on + *\li #ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS + *\li DNS_R_CONTINUE Incremental load has been queued. + *\li DNS_R_UPTODATE The zone has already been loaded based on * file system timestamps. - * DNS_R_BADZONE - * Any result value from dns_db_load(). + *\li DNS_R_BADZONE + *\li Any result value from dns_db_load(). */ void dns_zone_attach(dns_zone_t *source, dns_zone_t **target); -/* +/*%< * Attach '*target' to 'source' incrementing its external * reference count. * * Require: - * 'zone' to be a valid zone. - * 'target' to be non NULL and '*target' to be NULL. + *\li 'zone' to be a valid zone. + *\li 'target' to be non NULL and '*target' to be NULL. */ void dns_zone_detach(dns_zone_t **zonep); -/* +/*%< * Detach from a zone decrementing its external reference count. * If this was the last external reference to the zone it will be * shut down and eventually freed. * * Require: - * 'zonep' to point to a valid zone. + *\li 'zonep' to point to a valid zone. */ void dns_zone_iattach(dns_zone_t *source, dns_zone_t **target); -/* +/*%< * Attach '*target' to 'source' incrementing its internal * reference count. This is intended for use by operations * such as zone transfers that need to prevent the zone * object from being freed but not from shutting down. * * Require: - * The caller is running in the context of the zone's task. - * 'zone' to be a valid zone. - * 'target' to be non NULL and '*target' to be NULL. + *\li The caller is running in the context of the zone's task. + *\li 'zone' to be a valid zone. + *\li 'target' to be non NULL and '*target' to be NULL. */ void dns_zone_idetach(dns_zone_t **zonep); -/* +/*%< * Detach from a zone decrementing its internal reference count. * If there are no more internal or external references to the * zone, it will be freed. * * Require: - * The caller is running in the context of the zone's task. - * 'zonep' to point to a valid zone. + *\li The caller is running in the context of the zone's task. + *\li 'zonep' to point to a valid zone. */ void dns_zone_setflag(dns_zone_t *zone, unsigned int flags, isc_boolean_t value); -/* +/*%< * Sets ('value' == 'ISC_TRUE') / clears ('value' == 'IS_FALSE') * zone flags. Valid flag bits are DNS_ZONE_F_*. * * Requires - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_getdb(dns_zone_t *zone, dns_db_t **dbp); -/* +/*%< * Attach '*dbp' to the database to if it exists otherwise * return DNS_R_NOTLOADED. * * Require: - * 'zone' to be a valid zone. - * 'dbp' to be != NULL && '*dbp' == NULL. + *\li 'zone' to be a valid zone. + *\li 'dbp' to be != NULL && '*dbp' == NULL. * * Returns: - * ISC_R_SUCCESS - * DNS_R_NOTLOADED + *\li #ISC_R_SUCCESS + *\li DNS_R_NOTLOADED */ isc_result_t dns_zone_setdbtype(dns_zone_t *zone, unsigned int dbargc, const char * const *dbargv); -/* +/*%< * Sets the database type to dbargv[0] and database arguments * to subsequent dbargv elements. * 'db_type' is not checked to see if it is a valid database type. * * Require: - * 'zone' to be a valid zone. - * 'database' to be non NULL. - * 'dbargc' to be >= 1 - * 'dbargv' to point to dbargc NULL-terminated strings + *\li 'zone' to be a valid zone. + *\li 'database' to be non NULL. + *\li 'dbargc' to be >= 1 + *\li 'dbargv' to point to dbargc NULL-terminated strings + * + * Returns: + *\li #ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + */ + +isc_result_t +dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx); +/*%< + * Returns the current dbtype. isc_mem_free() should be used + * to free 'argv' after use. + * + * Require: + *\li 'zone' to be a valid zone. + *\li 'argv' to be non NULL and *argv to be NULL. + *\li 'mctx' to be valid. * * Returns: - * ISC_R_NOMEMORY - * ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS */ void dns_zone_markdirty(dns_zone_t *zone); -/* +/*%< * Mark a zone as 'dirty'. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_expire(dns_zone_t *zone); -/* +/*%< * Mark the zone as expired. If the zone requires dumping cause it to * be initiated. Set the refresh and retry intervals to there default * values and unload the zone. * * Require - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_refresh(dns_zone_t *zone); -/* +/*%< * Initiate zone up to date checks. The zone must already be being * managed. * * Require - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_flush(dns_zone_t *zone); -/* - * Write the zone to database if there are uncommited changes. +/*%< + * Write the zone to database if there are uncommitted changes. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_dump(dns_zone_t *zone); -/* +/*%< * Write the zone to database. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_dumptostream(dns_zone_t *zone, FILE *fd); -/* - * Write the zone to stream 'fd'. + +isc_result_t +dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format, + const dns_master_style_t *style); +/*%< + * Write the zone to stream 'fd' in the specified 'format'. + * If the 'format' is dns_masterformat_text (RFC1035), 'style' also + * specifies the file style (e.g., &dns_master_style_default). + * + * dns_zone_dumptostream() is a backward-compatible form of + * dns_zone_dumptostream2(), which always uses the dns_masterformat_text + * format and the dns_master_style_default style. + * + * Note that dns_zone_dumptostream2() is the most flexible form. It + * can also provide the functionality of dns_zone_fulldumptostream(). * * Require: - * 'zone' to be a valid zone. - * 'fd' to be a stream open for writing. + *\li 'zone' to be a valid zone. + *\li 'fd' to be a stream open for writing. */ isc_result_t dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd); -/* +/*%< * The same as dns_zone_dumptostream, but dumps the zone with * different dump settings (dns_master_style_full). * * Require: - * 'zone' to be a valid zone. - * 'fd' to be a stream open for writing. + *\li 'zone' to be a valid zone. + *\li 'fd' to be a stream open for writing. */ void dns_zone_maintenance(dns_zone_t *zone); -/* - * Perform regular maintenace on the zone. This is called as a +/*%< + * Perform regular maintenance on the zone. This is called as a * result of a zone being managed. * * Require - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t @@ -421,108 +489,108 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, const isc_sockaddr_t *masters, dns_name_t **keynames, isc_uint32_t count); -/* +/*%< * Set the list of master servers for the zone. * * Require: - * 'zone' to be a valid zone. - * 'masters' array of isc_sockaddr_t with port set or NULL. - * 'count' the number of masters. - * 'keynames' array of dns_name_t's for tsig keys or NULL. + *\li 'zone' to be a valid zone. + *\li 'masters' array of isc_sockaddr_t with port set or NULL. + *\li 'count' the number of masters. + *\li 'keynames' array of dns_name_t's for tsig keys or NULL. * - * dns_zone_setmasters() is just a wrapper to setmasterswithkeys(), + * \li dns_zone_setmasters() is just a wrapper to setmasterswithkeys(), * passing NULL in the keynames field. * - * If 'masters' is NULL then 'count' must be zero. + * \li If 'masters' is NULL then 'count' must be zero. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * Any result dns_name_dup() can return, if keynames!=NULL + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li Any result dns_name_dup() can return, if keynames!=NULL */ isc_result_t dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify, isc_uint32_t count); -/* +/*%< * Set the list of additional servers to be notified when * a zone changes. To clear the list use 'count = 0'. * * Require: - * 'zone' to be a valid zone. - * 'notify' to be non-NULL if count != 0. - * 'count' to be the number of notifyees. + *\li 'zone' to be a valid zone. + *\li 'notify' to be non-NULL if count != 0. + *\li 'count' to be the number of notifiees. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ void dns_zone_unload(dns_zone_t *zone); -/* +/*%< * detach the database from the zone structure. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_setoption(dns_zone_t *zone, unsigned int option, isc_boolean_t value); -/* +/*%< * Set given options on ('value' == ISC_TRUE) or off ('value' == - * ISC_FALSE). + * #ISC_FALSE). * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ unsigned int dns_zone_getoptions(dns_zone_t *zone); -/* +/*%< * Returns the current zone options. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_setminrefreshtime(dns_zone_t *zone, isc_uint32_t val); -/* +/*%< * Set the minimum refresh time. * * Requires: - * 'zone' is valid. - * val > 0. + *\li 'zone' is valid. + *\li val > 0. */ void dns_zone_setmaxrefreshtime(dns_zone_t *zone, isc_uint32_t val); -/* +/*%< * Set the maximum refresh time. * * Requires: - * 'zone' is valid. - * val > 0. + *\li 'zone' is valid. + *\li val > 0. */ void dns_zone_setminretrytime(dns_zone_t *zone, isc_uint32_t val); -/* +/*%< * Set the minimum retry time. * * Requires: - * 'zone' is valid. - * val > 0. + *\li 'zone' is valid. + *\li val > 0. */ void dns_zone_setmaxretrytime(dns_zone_t *zone, isc_uint32_t val); -/* +/*%< * Set the maximum retry time. * * Requires: - * 'zone' is valid. + *\li 'zone' is valid. * val > 0. */ @@ -531,442 +599,492 @@ dns_zone_setxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); isc_result_t dns_zone_setaltxfrsource4(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); -/* +/*%< * Set the source address to be used in IPv4 zone transfers. * * Require: - * 'zone' to be a valid zone. - * 'xfrsource' to contain the address. + *\li 'zone' to be a valid zone. + *\li 'xfrsource' to contain the address. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS */ isc_sockaddr_t * dns_zone_getxfrsource4(dns_zone_t *zone); isc_sockaddr_t * dns_zone_getaltxfrsource4(dns_zone_t *zone); -/* +/*%< * Returns the source address set by a previous dns_zone_setxfrsource4 * call, or the default of inaddr_any, port 0. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_setxfrsource6(dns_zone_t *zone, const isc_sockaddr_t *xfrsource); isc_result_t dns_zone_setaltxfrsource6(dns_zone_t *zone, - const isc_sockaddr_t *xfrsource); -/* + const isc_sockaddr_t *xfrsource); +/*%< * Set the source address to be used in IPv6 zone transfers. * * Require: - * 'zone' to be a valid zone. - * 'xfrsource' to contain the address. + *\li 'zone' to be a valid zone. + *\li 'xfrsource' to contain the address. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS */ isc_sockaddr_t * dns_zone_getxfrsource6(dns_zone_t *zone); isc_sockaddr_t * dns_zone_getaltxfrsource6(dns_zone_t *zone); -/* +/*%< * Returns the source address set by a previous dns_zone_setxfrsource6 * call, or the default of in6addr_any, port 0. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_setnotifysrc4(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); -/* +/*%< * Set the source address to be used with IPv4 NOTIFY messages. * * Require: - * 'zone' to be a valid zone. - * 'notifysrc' to contain the address. + *\li 'zone' to be a valid zone. + *\li 'notifysrc' to contain the address. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS */ isc_sockaddr_t * dns_zone_getnotifysrc4(dns_zone_t *zone); -/* +/*%< * Returns the source address set by a previous dns_zone_setnotifysrc4 * call, or the default of inaddr_any, port 0. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_setnotifysrc6(dns_zone_t *zone, const isc_sockaddr_t *notifysrc); -/* +/*%< * Set the source address to be used with IPv6 NOTIFY messages. * * Require: - * 'zone' to be a valid zone. - * 'notifysrc' to contain the address. + *\li 'zone' to be a valid zone. + *\li 'notifysrc' to contain the address. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS */ isc_sockaddr_t * dns_zone_getnotifysrc6(dns_zone_t *zone); -/* +/*%< * Returns the source address set by a previous dns_zone_setnotifysrc6 * call, or the default of in6addr_any, port 0. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_setnotifyacl(dns_zone_t *zone, dns_acl_t *acl); -/* +/*%< * Sets the notify acl list for the zone. * * Require: - * 'zone' to be a valid zone. - * 'acl' to be a valid acl. + *\li 'zone' to be a valid zone. + *\li 'acl' to be a valid acl. */ void dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl); -/* +/*%< * Sets the query acl list for the zone. * * Require: - * 'zone' to be a valid zone. - * 'acl' to be a valid acl. + *\li 'zone' to be a valid zone. + *\li 'acl' to be a valid acl. + */ + +void +dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl); +/*%< + * Sets the query-on acl list for the zone. + * + * Require: + *\li 'zone' to be a valid zone. + *\li 'acl' to be a valid acl. */ void dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl); -/* +/*%< * Sets the update acl list for the zone. * * Require: - * 'zone' to be a valid zone. - * 'acl' to be valid acl. + *\li 'zone' to be a valid zone. + *\li 'acl' to be valid acl. */ void dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl); -/* +/*%< * Sets the forward unsigned updates acl list for the zone. * * Require: - * 'zone' to be a valid zone. - * 'acl' to be valid acl. + *\li 'zone' to be a valid zone. + *\li 'acl' to be valid acl. */ void dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl); -/* +/*%< * Sets the transfer acl list for the zone. * * Require: - * 'zone' to be a valid zone. - * 'acl' to be valid acl. + *\li 'zone' to be a valid zone. + *\li 'acl' to be valid acl. */ dns_acl_t * dns_zone_getnotifyacl(dns_zone_t *zone); -/* +/*%< * Returns the current notify acl or NULL. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * acl a pointer to the acl. - * NULL + *\li acl a pointer to the acl. + *\li NULL */ dns_acl_t * dns_zone_getqueryacl(dns_zone_t *zone); -/* +/*%< * Returns the current query acl or NULL. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. + * + * Returns: + *\li acl a pointer to the acl. + *\li NULL + */ + +dns_acl_t * +dns_zone_getqueryonacl(dns_zone_t *zone); +/*%< + * Returns the current query-on acl or NULL. + * + * Require: + *\li 'zone' to be a valid zone. * * Returns: - * acl a pointer to the acl. - * NULL + *\li acl a pointer to the acl. + *\li NULL */ dns_acl_t * dns_zone_getupdateacl(dns_zone_t *zone); -/* +/*%< * Returns the current update acl or NULL. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * acl a pointer to the acl. - * NULL + *\li acl a pointer to the acl. + *\li NULL */ dns_acl_t * dns_zone_getforwardacl(dns_zone_t *zone); -/* +/*%< * Returns the current forward unsigned updates acl or NULL. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * acl a pointer to the acl. - * NULL + *\li acl a pointer to the acl. + *\li NULL */ dns_acl_t * dns_zone_getxfracl(dns_zone_t *zone); -/* +/*%< * Returns the current transfer acl or NULL. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * acl a pointer to the acl. - * NULL + *\li acl a pointer to the acl. + *\li NULL */ void dns_zone_clearupdateacl(dns_zone_t *zone); -/* +/*%< * Clear the current update acl. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_clearforwardacl(dns_zone_t *zone); -/* +/*%< * Clear the current forward unsigned updates acl. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_clearnotifyacl(dns_zone_t *zone); -/* +/*%< * Clear the current notify acl. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_clearqueryacl(dns_zone_t *zone); -/* +/*%< * Clear the current query acl. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. + */ + +void +dns_zone_clearqueryonacl(dns_zone_t *zone); +/*%< + * Clear the current query-on acl. + * + * Require: + *\li 'zone' to be a valid zone. */ void dns_zone_clearxfracl(dns_zone_t *zone); -/* +/*%< * Clear the current transfer acl. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_boolean_t dns_zone_getupdatedisabled(dns_zone_t *zone); +/*%< + * Return update disabled. + */ void dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state); +/*%< + * Set update disabled. + */ + +isc_boolean_t +dns_zone_getzeronosoattl(dns_zone_t *zone); +/*%< + * Return zero-no-soa-ttl status. + */ + +void +dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state); +/*%< + * Set zero-no-soa-ttl status. + */ void dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity); -/* +/*%< * Set the severity of name checking when loading a zone. * * Require: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ dns_severity_t dns_zone_getchecknames(dns_zone_t *zone); -/* +/*%< * Return the current severity of name checking. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ void dns_zone_setjournalsize(dns_zone_t *zone, isc_int32_t size); -/* +/*%< * Sets the journal size for the zone. * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_int32_t dns_zone_getjournalsize(dns_zone_t *zone); -/* +/*%< * Return the journal size as set with a previous call to * dns_zone_setjournalsize(). * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, dns_message_t *msg); -/* - * Tell the zone that it has recieved a NOTIFY message from another - * server. This may cause some zone maintainence activity to occur. +/*%< + * Tell the zone that it has received a NOTIFY message from another + * server. This may cause some zone maintenance activity to occur. * * Requires: - * 'zone' to be a valid zone. - * '*from' to contain the address of the server from which 'msg' - * was recieved. - * 'msg' a message with opcode NOTIFY and qr clear. + *\li 'zone' to be a valid zone. + *\li '*from' to contain the address of the server from which 'msg' + * was received. + *\li 'msg' a message with opcode NOTIFY and qr clear. * * Returns: - * DNS_R_REFUSED - * DNS_R_NOTIMP - * DNS_R_FORMERR - * DNS_R_SUCCESS + *\li DNS_R_REFUSED + *\li DNS_R_NOTIMP + *\li DNS_R_FORMERR + *\li DNS_R_SUCCESS */ void dns_zone_setmaxxfrin(dns_zone_t *zone, isc_uint32_t maxxfrin); -/* +/*%< * Set the maximum time (in seconds) that a zone transfer in (AXFR/IXFR) * of this zone will use before being aborted. * * Requires: - * 'zone' to be valid initialised zone. + * \li 'zone' to be valid initialised zone. */ isc_uint32_t dns_zone_getmaxxfrin(dns_zone_t *zone); -/* +/*%< * Returns the maximum transfer time for this zone. This will be * either the value set by the last call to dns_zone_setmaxxfrin() or * the default value of 1 hour. * * Requires: - * 'zone' to be valid initialised zone. + *\li 'zone' to be valid initialised zone. */ void dns_zone_setmaxxfrout(dns_zone_t *zone, isc_uint32_t maxxfrout); -/* +/*%< * Set the maximum time (in seconds) that a zone transfer out (AXFR/IXFR) * of this zone will use before being aborted. * * Requires: - * 'zone' to be valid initialised zone. + * \li 'zone' to be valid initialised zone. */ isc_uint32_t dns_zone_getmaxxfrout(dns_zone_t *zone); -/* +/*%< * Returns the maximum transfer time for this zone. This will be * either the value set by the last call to dns_zone_setmaxxfrout() or * the default value of 1 hour. * * Requires: - * 'zone' to be valid initialised zone. + *\li 'zone' to be valid initialised zone. */ isc_result_t dns_zone_setjournal(dns_zone_t *zone, const char *journal); -/* +/*%< * Sets the filename used for journaling updates / IXFR transfers. * The default journal name is set by dns_zone_setfile() to be * "file.jnl". If 'journal' is NULL, the zone will have no * journal name. * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ char * dns_zone_getjournal(dns_zone_t *zone); -/* +/*%< * Returns the journal name associated with this zone. * If no journal has been set this will be NULL. * * Requires: - * 'zone' to be valid initialised zone. + *\li 'zone' to be valid initialised zone. */ dns_zonetype_t dns_zone_gettype(dns_zone_t *zone); -/* +/*%< * Returns the type of the zone (master/slave/etc.) * * Requires: - * 'zone' to be valid initialised zone. + *\li 'zone' to be valid initialised zone. */ void dns_zone_settask(dns_zone_t *zone, isc_task_t *task); -/* +/*%< * Give a zone a task to work with. Any current task will be detached. * * Requires: - * 'zone' to be valid. - * 'task' to be valid. + *\li 'zone' to be valid. + *\li 'task' to be valid. */ void dns_zone_gettask(dns_zone_t *zone, isc_task_t **target); -/* +/*%< * Attach '*target' to the zone's task. * * Requires: - * 'zone' to be valid initialised zone. - * 'zone' to have a task. - * 'target' to be != NULL && '*target' == NULL. + *\li 'zone' to be valid initialised zone. + *\li 'zone' to have a task. + *\li 'target' to be != NULL && '*target' == NULL. */ void dns_zone_notify(dns_zone_t *zone); -/* +/*%< * Generate notify events for this zone. * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump); -/* +/*%< * Replace the database of "zone" with a new database "db". * * If "dump" is ISC_TRUE, then the new zone contents are dumped * into to the zone's master file for persistence. When replacing * a zone database by one just loaded from a master file, set - * "dump" to ISC_FALSE to avoid a redunant redump of the data just + * "dump" to ISC_FALSE to avoid a redundant redump of the data just * loaded. Otherwise, it should be set to ISC_TRUE. * * If the "diff-on-reload" option is enabled in the configuration file, @@ -974,11 +1092,11 @@ dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump); * journal file, and the master file dump is postponed. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. * * Returns: - * DNS_R_SUCCESS - * DNS_R_BADZONE zone failed basic consistancy checks: + * \li DNS_R_SUCCESS + * \li DNS_R_BADZONE zone failed basic consistency checks: * * a single SOA must exist * * some NS records must exist. * Others @@ -986,113 +1104,113 @@ dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump); isc_uint32_t dns_zone_getidlein(dns_zone_t *zone); -/* +/*%< * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. * * Returns: - * number of seconds of idle time before we abort the transfer in. + * \li number of seconds of idle time before we abort the transfer in. */ void dns_zone_setidlein(dns_zone_t *zone, isc_uint32_t idlein); -/* - * Set the idle timeout for transfer the. - * Zero set the default value, 1 hour. +/*%< + * \li Set the idle timeout for transfer the. + * \li Zero set the default value, 1 hour. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ isc_uint32_t dns_zone_getidleout(dns_zone_t *zone); -/* +/*%< * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. * * Returns: - * number of seconds of idle time before we abort a transfer out. + * \li number of seconds of idle time before we abort a transfer out. */ void dns_zone_setidleout(dns_zone_t *zone, isc_uint32_t idleout); -/* - * Set the idle timeout for transfers out. - * Zero set the default value, 1 hour. +/*%< + * \li Set the idle timeout for transfers out. + * \li Zero set the default value, 1 hour. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ void dns_zone_getssutable(dns_zone_t *zone, dns_ssutable_t **table); -/* +/*%< * Get the simple-secure-update policy table. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ void dns_zone_setssutable(dns_zone_t *zone, dns_ssutable_t *table); -/* +/*%< * Set / clear the simple-secure-update policy table. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ isc_mem_t * dns_zone_getmctx(dns_zone_t *zone); -/* +/*%< * Get the memory context of a zone. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ dns_zonemgr_t * dns_zone_getmgr(dns_zone_t *zone); -/* +/*%< * If 'zone' is managed return the zone manager otherwise NULL. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ void dns_zone_setsigvalidityinterval(dns_zone_t *zone, isc_uint32_t interval); -/* +/*%< * Set the zone's SIG validity interval. This is the length of time * for which DNSSEC signatures created as a result of dynamic updates * to secure zones will remain valid, in seconds. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ isc_uint32_t dns_zone_getsigvalidityinterval(dns_zone_t *zone); -/* +/*%< * Get the zone's SIG validity interval. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ void dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype); -/* +/*%< * Sets zone notify method to "notifytype" */ isc_result_t dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg, - dns_updatecallback_t callback, void *callback_arg); -/* + dns_updatecallback_t callback, void *callback_arg); +/*%< * Forward 'msg' to each master in turn until we get an answer or we - * have exausted the list of masters. 'callback' will be called with + * have exhausted the list of masters. 'callback' will be called with * ISC_R_SUCCESS if we get an answer and the returned message will be * passed as 'answer_message', otherwise a non ISC_R_SUCCESS result code * will be passed and answer_message will be NULL. The callback function @@ -1100,69 +1218,71 @@ dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg, * (callback)(callback_arg, result, answer_message); * * Require: - * 'zone' to be valid - * 'msg' to be valid. - * 'callback' to be non NULL. + *\li 'zone' to be valid + *\li 'msg' to be valid. + *\li 'callback' to be non NULL. * Returns: - * ISC_R_SUCCESS if the message has been forwarded, - * ISC_R_NOMEMORY - * Others + *\li #ISC_R_SUCCESS if the message has been forwarded, + *\li #ISC_R_NOMEMORY + *\li Others */ isc_result_t dns_zone_next(dns_zone_t *zone, dns_zone_t **next); -/* +/*%< * Find the next zone in the list of managed zones. * * Requires: - * 'zone' to be valid - * The zone manager for the indicated zone MUST be locked + *\li 'zone' to be valid + *\li The zone manager for the indicated zone MUST be locked * by the caller. This is not checked. - * 'next' be non-NULL, and '*next' be NULL. + *\li 'next' be non-NULL, and '*next' be NULL. * * Ensures: - * 'next' points to a valid zone (result ISC_R_SUCCESS) or to NULL + *\li 'next' points to a valid zone (result ISC_R_SUCCESS) or to NULL * (result ISC_R_NOMORE). */ + + isc_result_t dns_zone_first(dns_zonemgr_t *zmgr, dns_zone_t **first); -/* +/*%< * Find the first zone in the list of managed zones. * * Requires: - * 'zonemgr' to be valid - * The zone manager for the indicated zone MUST be locked + *\li 'zonemgr' to be valid + *\li The zone manager for the indicated zone MUST be locked * by the caller. This is not checked. - * 'first' be non-NULL, and '*first' be NULL + *\li 'first' be non-NULL, and '*first' be NULL * * Ensures: - * 'first' points to a valid zone (result ISC_R_SUCCESS) or to NULL + *\li 'first' points to a valid zone (result ISC_R_SUCCESS) or to NULL * (result ISC_R_NOMORE). */ isc_result_t dns_zone_setkeydirectory(dns_zone_t *zone, const char *directory); -/* +/*%< * Sets the name of the directory where private keys used for * online signing of dynamic zones are found. * * Require: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. * * Returns: - * ISC_R_NOMEMORY - * ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS */ const char * dns_zone_getkeydirectory(dns_zone_t *zone); -/* +/*%< * Gets the name of the directory where private keys used for * online signing of dynamic zones are found. * * Requires: - * 'zone' to be valid initialised zone. + *\li 'zone' to be valid initialised zone. * * Returns: * Pointer to null-terminated file name, or NULL. @@ -1173,231 +1293,276 @@ isc_result_t dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr, dns_zonemgr_t **zmgrp); -/* +/*%< * Create a zone manager. * * Requires: - * 'mctx' to be a valid memory context. - * 'taskmgr' to be a valid task manager. - * 'timermgr' to be a valid timer manager. - * 'zmgrp' to point to a NULL pointer. + *\li 'mctx' to be a valid memory context. + *\li 'taskmgr' to be a valid task manager. + *\li 'timermgr' to be a valid timer manager. + *\li 'zmgrp' to point to a NULL pointer. */ isc_result_t dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone); -/* +/*%< * Bring the zone under control of a zone manager. * * Require: - * 'zmgr' to be a valid zone manager. - * 'zone' to be a valid zone. + *\li 'zmgr' to be a valid zone manager. + *\li 'zone' to be a valid zone. */ isc_result_t dns_zonemgr_forcemaint(dns_zonemgr_t *zmgr); -/* +/*%< * Force zone maintenance of all zones managed by 'zmgr' at its - * earliest conveniene. + * earliest convenience. */ void dns_zonemgr_resumexfrs(dns_zonemgr_t *zmgr); -/* +/*%< * Attempt to start any stalled zone transfers. */ void dns_zonemgr_shutdown(dns_zonemgr_t *zmgr); -/* +/*%< * Shut down the zone manager. * * Requires: - * 'zmgr' to be a valid zone manager. + *\li 'zmgr' to be a valid zone manager. */ void dns_zonemgr_attach(dns_zonemgr_t *source, dns_zonemgr_t **target); -/* +/*%< * Attach '*target' to 'source' incrementing its external * reference count. * * Require: - * 'zone' to be a valid zone. - * 'target' to be non NULL and '*target' to be NULL. + *\li 'zone' to be a valid zone. + *\li 'target' to be non NULL and '*target' to be NULL. */ void dns_zonemgr_detach(dns_zonemgr_t **zmgrp); -/* +/*%< * Detach from a zone manager. * * Requires: - * '*zmgrp' is a valid, non-NULL zone manager pointer. + *\li '*zmgrp' is a valid, non-NULL zone manager pointer. * * Ensures: - * '*zmgrp' is NULL. + *\li '*zmgrp' is NULL. */ void dns_zonemgr_releasezone(dns_zonemgr_t *zmgr, dns_zone_t *zone); -/* +/*%< * Release 'zone' from the managed by 'zmgr'. 'zmgr' is implicitly * detached from 'zone'. * * Requires: - * 'zmgr' to be a valid zone manager. - * 'zone' to be a valid zone. - * 'zmgr' == 'zone->zmgr' + *\li 'zmgr' to be a valid zone manager. + *\li 'zone' to be a valid zone. + *\li 'zmgr' == 'zone->zmgr' * * Ensures: - * 'zone->zmgr' == NULL; + *\li 'zone->zmgr' == NULL; */ void dns_zonemgr_settransfersin(dns_zonemgr_t *zmgr, isc_uint32_t value); -/* +/*%< * Set the maximum number of simultaneous transfers in allowed by * the zone manager. * * Requires: - * 'zmgr' to be a valid zone manager. + *\li 'zmgr' to be a valid zone manager. */ isc_uint32_t dns_zonemgr_getttransfersin(dns_zonemgr_t *zmgr); -/* - * Return the the maximum number of simultaneous transfers in allowed. +/*%< + * Return the maximum number of simultaneous transfers in allowed. * * Requires: - * 'zmgr' to be a valid zone manager. + *\li 'zmgr' to be a valid zone manager. */ void dns_zonemgr_settransfersperns(dns_zonemgr_t *zmgr, isc_uint32_t value); -/* +/*%< * Set the number of zone transfers allowed per nameserver. * * Requires: - * 'zmgr' to be a valid zone manager + *\li 'zmgr' to be a valid zone manager */ isc_uint32_t dns_zonemgr_getttransfersperns(dns_zonemgr_t *zmgr); -/* +/*%< * Return the number of transfers allowed per nameserver. * * Requires: - * 'zmgr' to be a valid zone manager. + *\li 'zmgr' to be a valid zone manager. */ void dns_zonemgr_setiolimit(dns_zonemgr_t *zmgr, isc_uint32_t iolimit); -/* - * Set the number of simultaneous file descriptors available for +/*%< + * Set the number of simultaneous file descriptors available for * reading and writing masterfiles. * * Requires: - * 'zmgr' to be a valid zone manager. - * 'iolimit' to be positive. + *\li 'zmgr' to be a valid zone manager. + *\li 'iolimit' to be positive. */ isc_uint32_t dns_zonemgr_getiolimit(dns_zonemgr_t *zmgr); -/* - * Get the number of simultaneous file descriptors available for +/*%< + * Get the number of simultaneous file descriptors available for * reading and writing masterfiles. * * Requires: - * 'zmgr' to be a valid zone manager. + *\li 'zmgr' to be a valid zone manager. */ void dns_zonemgr_setserialqueryrate(dns_zonemgr_t *zmgr, unsigned int value); -/* +/*%< * Set the number of SOA queries sent per second. * * Requires: - * 'zmgr' to be a valid zone manager + *\li 'zmgr' to be a valid zone manager */ unsigned int dns_zonemgr_getserialqueryrate(dns_zonemgr_t *zmgr); -/* +/*%< * Return the number of SOA queries sent per second. * * Requires: - * 'zmgr' to be a valid zone manager. + *\li 'zmgr' to be a valid zone manager. */ unsigned int dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state); -/* +/*%< * Returns the number of zones in the specified state. * * Requires: - * 'zmgr' to be a valid zone manager. - * 'state' to be a valid DNS_ZONESTATE_ constant. + *\li 'zmgr' to be a valid zone manager. + *\li 'state' to be a valid DNS_ZONESTATE_ constant. + */ + +void +dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, + isc_sockaddr_t *local, isc_time_t *now); +/*%< + * Add the pair of addresses to the unreachable cache. + * + * Requires: + *\li 'zmgr' to be a valid zone manager. + *\li 'remote' to be a valid sockaddr. + *\li 'local' to be a valid sockaddr. */ void dns_zone_forcereload(dns_zone_t *zone); -/* +/*%< * Force a reload of specified zone. * * Requires: - * 'zone' to be a valid zone. + *\li 'zone' to be a valid zone. */ isc_boolean_t dns_zone_isforced(dns_zone_t *zone); -/* +/*%< * Check if the zone is waiting a forced reload. * * Requires: - * 'zone' to be a valid zone. + * \li 'zone' to be a valid zone. */ isc_result_t dns_zone_setstatistics(dns_zone_t *zone, isc_boolean_t on); -/* - * Make the zone keep or not keep an array of statistics - * counter. - * - * Requires: - * zone be a valid zone. +/*%< + * This function is obsoleted by dns_zone_setrequeststats(). */ isc_uint64_t * dns_zone_getstatscounters(dns_zone_t *zone); -/* +/*%< + * This function is obsoleted by dns_zone_getrequeststats(). + */ + +void +dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats); +/*%< + * Set a general zone-maintenance statistics set 'stats' for 'zone'. This + * function is expected to be called only on zone creation (when necessary). + * Once installed, it cannot be removed or replaced. Also, there is no + * interface to get the installed stats from the zone; the caller must keep the + * stats to reference (e.g. dump) it later. + * + * Requires: + * \li 'zone' to be a valid zone and does not have a statistics set already + * installed. + * + *\li stats is a valid statistics supporting zone statistics counters + * (see dns/stats.h). + */ + +void +dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats); +/*%< + * Set an additional statistics set to zone. It is attached in the zone + * but is not counted in the zone module; only the caller updates the counters. + * + * Requires: + * \li 'zone' to be a valid zone. + * + *\li stats is a valid statistics. + */ + +isc_stats_t * +dns_zone_getrequeststats(dns_zone_t *zone); +/*%< + * Get the additional statistics for zone, if one is installed. + * * Requires: - * zone be a valid zone. + * \li 'zone' to be a valid zone. * * Returns: - * A pointer to the zone's array of statistics counters, - * or NULL if it has none. + * \li when available, a pointer to the statistics set installed in zone; + * otherwise NULL. */ void dns_zone_dialup(dns_zone_t *zone); -/* +/*%< * Perform dialup-time maintenance on 'zone'. */ void dns_zone_setdialup(dns_zone_t *zone, dns_dialuptype_t dialup); -/* +/*%< * Set the dialup type of 'zone' to 'dialup'. * * Requires: - * 'zone' to be valid initialised zone. - * 'dialup' to be a valid dialup type. + * \li 'zone' to be valid initialised zone. + *\li 'dialup' to be a valid dialup type. */ void dns_zone_log(dns_zone_t *zone, int level, const char *msg, ...) ISC_FORMAT_PRINTF(3, 4); -/* +/*%< * Log the message 'msg...' at 'level', including text that identifies * the message as applying to 'zone'. */ @@ -1405,19 +1570,19 @@ dns_zone_log(dns_zone_t *zone, int level, const char *msg, ...) void dns_zone_logc(dns_zone_t *zone, isc_logcategory_t *category, int level, const char *msg, ...) ISC_FORMAT_PRINTF(4, 5); -/* +/*%< * Log the message 'msg...' at 'level', including text that identifies * the message as applying to 'zone'. */ void dns_zone_name(dns_zone_t *zone, char *buf, size_t len); -/* +/*%< * Return the name of the zone with class and view. - * + * * Requires: - * 'zone' to be valid. - * 'buf' to be non NULL. + *\li 'zone' to be valid. + *\li 'buf' to be non NULL. */ isc_result_t @@ -1436,6 +1601,81 @@ dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata); * DNS_R_BADNAME failed rdata checks. */ +void +dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache); +/* + * Associate the zone with an additional cache. + * + * Require: + * 'zone' to be a valid zone. + * 'acache' to be a non NULL pointer. + * + * Ensures: + * 'zone' will have a reference to 'acache' + */ + +void +dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx); +/* + * Set the post load integrity callback function 'checkmx'. + * 'checkmx' will be called if the MX is not within the zone. + * + * Require: + * 'zone' to be a valid zone. + */ + +void +dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv); +/* + * Set the post load integrity callback function 'checksrv'. + * 'checksrv' will be called if the SRV TARGET is not within the zone. + * + * Require: + * 'zone' to be a valid zone. + */ + +void +dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns); +/* + * Set the post load integrity callback function 'checkmx'. + * 'checkmx' will be called if the MX is not within the zone. + * + * Require: + * 'zone' to be a valid zone. + */ + +void +dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay); +/* + * Set the minimum delay between sets of notify messages. + * + * Requires: + * 'zone' to be valid. + */ + +isc_uint32_t +dns_zone_getnotifydelay(dns_zone_t *zone); +/* + * Get the minimum delay between sets of notify messages. + * + * Requires: + * 'zone' to be valid. + */ + +void +dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg); +/* + * Set the isself callback function and argument. + * + * isc_boolean_t + * isself(dns_view_t *myview, dns_tsigkey_t *mykey, isc_netaddr_t *srcaddr, + * isc_netaddr_t *destaddr, dns_rdataclass_t rdclass, void *arg); + * + * 'isself' returns ISC_TRUE if a non-recursive query from 'srcaddr' to + * 'destaddr' with optional key 'mykey' for class 'rdclass' would be + * delivered to 'myview'. + */ + ISC_LANG_ENDDECLS #endif /* DNS_ZONE_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dns/zonekey.h b/contrib/bind-9.5.2/lib/dns/include/dns/zonekey.h similarity index 81% rename from contrib/bind-9.3/lib/dns/include/dns/zonekey.h rename to contrib/bind-9.5.2/lib/dns/include/dns/zonekey.h index 1ac906647f..d9ba86259f 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/zonekey.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/zonekey.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zonekey.h,v 1.3.206.1 2004/03/06 08:14:01 marka Exp $ */ +/* $Id: zonekey.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ZONEKEY_H #define DNS_ZONEKEY_H 1 +/*! \file dns/zonekey.h */ + #include #include @@ -28,7 +30,7 @@ ISC_LANG_BEGINDECLS isc_boolean_t dns_zonekey_iszonekey(dns_rdata_t *keyrdata); -/* +/*%< * Determines if the key record contained in the rdata is a zone key. * * Requires: diff --git a/contrib/bind-9.3/lib/dns/include/dns/zt.h b/contrib/bind-9.5.2/lib/dns/include/dns/zt.h similarity index 64% rename from contrib/bind-9.3/lib/dns/include/dns/zt.h rename to contrib/bind-9.5.2/lib/dns/include/dns/zt.h index fb435905cd..6cfe3d3fb1 100644 --- a/contrib/bind-9.3/lib/dns/include/dns/zt.h +++ b/contrib/bind-9.5.2/lib/dns/include/dns/zt.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zt.h,v 1.27.2.2.8.1 2004/03/06 08:14:01 marka Exp $ */ +/* $Id: zt.h,v 1.38 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ZT_H #define DNS_ZT_H 1 +/*! \file dns/zt.h */ + #include #include @@ -30,101 +32,101 @@ ISC_LANG_BEGINDECLS isc_result_t dns_zt_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_zt_t **zt); -/* +/*%< * Creates a new zone table. * * Requires: - * 'mctx' to be initialized. + * \li 'mctx' to be initialized. * * Returns: - * ISC_R_SUCCESS on success. - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS on success. + * \li #ISC_R_NOMEMORY */ isc_result_t dns_zt_mount(dns_zt_t *zt, dns_zone_t *zone); -/* +/*%< * Mounts the zone on the zone table. * * Requires: - * 'zt' to be valid - * 'zone' to be valid + * \li 'zt' to be valid + * \li 'zone' to be valid * * Returns: - * ISC_R_SUCCESS - * ISC_R_EXISTS - * ISC_R_NOSPACE - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_EXISTS + * \li #ISC_R_NOSPACE + * \li #ISC_R_NOMEMORY */ isc_result_t dns_zt_unmount(dns_zt_t *zt, dns_zone_t *zone); -/* +/*%< * Unmount the given zone from the table. * * Requires: * 'zt' to be valid - * 'zone' to be valid + * \li 'zone' to be valid * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTFOUND - * ISC_R_NOMEMORY + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND + * \li #ISC_R_NOMEMORY */ isc_result_t dns_zt_find(dns_zt_t *zt, dns_name_t *name, unsigned int options, dns_name_t *foundname, dns_zone_t **zone); -/* +/*%< * Find the best match for 'name' in 'zt'. If foundname is non NULL * then the name of the zone found is returned. * * Notes: - * If the DNS_ZTFIND_NOEXACT is set, the best partial match (if any) + * \li If the DNS_ZTFIND_NOEXACT is set, the best partial match (if any) * to 'name' will be returned. * * Requires: - * 'zt' to be valid - * 'name' to be valid - * 'foundname' to be initialized and associated with a fixedname or NULL - * 'zone' to be non NULL and '*zone' to be NULL + * \li 'zt' to be valid + * \li 'name' to be valid + * \li 'foundname' to be initialized and associated with a fixedname or NULL + * \li 'zone' to be non NULL and '*zone' to be NULL * * Returns: - * ISC_R_SUCCESS - * DNS_R_PARTIALMATCH - * ISC_R_NOTFOUND - * ISC_R_NOSPACE + * \li #ISC_R_SUCCESS + * \li #DNS_R_PARTIALMATCH + * \li #ISC_R_NOTFOUND + * \li #ISC_R_NOSPACE */ void dns_zt_detach(dns_zt_t **ztp); -/* +/*%< * Detach the given zonetable, if the reference count goes to zero the * zonetable will be freed. In either case 'ztp' is set to NULL. * * Requires: - * '*ztp' to be valid + * \li '*ztp' to be valid */ void dns_zt_flushanddetach(dns_zt_t **ztp); -/* +/*%< * Detach the given zonetable, if the reference count goes to zero the * zonetable will be flushed and then freed. In either case 'ztp' is * set to NULL. * * Requires: - * '*ztp' to be valid + * \li '*ztp' to be valid */ void dns_zt_attach(dns_zt_t *zt, dns_zt_t **ztp); -/* +/*%< * Attach 'zt' to '*ztp'. * * Requires: - * 'zt' to be valid - * '*ztp' to be NULL + * \li 'zt' to be valid + * \li '*ztp' to be NULL */ isc_result_t @@ -132,7 +134,7 @@ dns_zt_load(dns_zt_t *zt, isc_boolean_t stop); isc_result_t dns_zt_loadnew(dns_zt_t *zt, isc_boolean_t stop); -/* +/*%< * Load all zones in the table. If 'stop' is ISC_TRUE, * stop on the first error and return it. If 'stop' * is ISC_FALSE, ignore errors. @@ -142,23 +144,37 @@ dns_zt_loadnew(dns_zt_t *zt, isc_boolean_t stop); * and whose master file has changed since the last load. * * Requires: - * 'zt' to be valid + * \li 'zt' to be valid + */ + +isc_result_t +dns_zt_freezezones(dns_zt_t *zt, isc_boolean_t freeze); +/*%< + * Freeze/thaw updates to master zones. + * Any pending updates will be flushed. + * Zones will be reloaded on thaw. */ isc_result_t dns_zt_apply(dns_zt_t *zt, isc_boolean_t stop, isc_result_t (*action)(dns_zone_t *, void *), void *uap); -/* + +isc_result_t +dns_zt_apply2(dns_zt_t *zt, isc_boolean_t stop, isc_result_t *sub, + isc_result_t (*action)(dns_zone_t *, void *), void *uap); +/*%< * Apply a given 'action' to all zone zones in the table. * If 'stop' is 'ISC_TRUE' then walking the zone tree will stop if * 'action' does not return ISC_R_SUCCESS. * * Requires: - * 'zt' to be valid. - * 'action' to be non NULL. + * \li 'zt' to be valid. + * \li 'action' to be non NULL. * * Returns: - * ISC_R_SUCCESS if action was applied to all nodes. + * \li ISC_R_SUCCESS if action was applied to all nodes. If 'stop' is + * ISC_FALSE and 'sub' is non NULL then the first error (if any) + * reported by 'action' is returned in '*sub'; * any error code from 'action'. */ diff --git a/contrib/bind-9.3/lib/dns/include/dst/dst.h b/contrib/bind-9.5.2/lib/dns/include/dst/dst.h similarity index 56% rename from contrib/bind-9.3/lib/dns/include/dst/dst.h rename to contrib/bind-9.5.2/lib/dns/include/dst/dst.h index 1629da592a..2473bf6dee 100644 --- a/contrib/bind-9.3/lib/dns/include/dst/dst.h +++ b/contrib/bind-9.5.2/lib/dns/include/dst/dst.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,22 +15,26 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst.h,v 1.1.4.1 2004/12/09 04:07:19 marka Exp $ */ +/* $Id: dst.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DST_DST_H #define DST_DST_H 1 +/*! \file dst/dst.h */ + #include #include +#include + ISC_LANG_BEGINDECLS /*** *** Types ***/ -/* +/*% * The dst_key structure is opaque. Applications should use the accessor * functions provided to retrieve key attributes. If an application needs * to set attributes, new accessor functions will be written. @@ -42,27 +46,32 @@ typedef struct dst_context dst_context_t; /* DST algorithm codes */ #define DST_ALG_UNKNOWN 0 #define DST_ALG_RSAMD5 1 -#define DST_ALG_RSA DST_ALG_RSAMD5 /* backwards compatibility */ +#define DST_ALG_RSA DST_ALG_RSAMD5 /*%< backwards compatibility */ #define DST_ALG_DH 2 #define DST_ALG_DSA 3 #define DST_ALG_ECC 4 #define DST_ALG_RSASHA1 5 #define DST_ALG_HMACMD5 157 #define DST_ALG_GSSAPI 160 +#define DST_ALG_HMACSHA1 161 /* XXXMPA */ +#define DST_ALG_HMACSHA224 162 /* XXXMPA */ +#define DST_ALG_HMACSHA256 163 /* XXXMPA */ +#define DST_ALG_HMACSHA384 164 /* XXXMPA */ +#define DST_ALG_HMACSHA512 165 /* XXXMPA */ #define DST_ALG_PRIVATE 254 #define DST_ALG_EXPAND 255 #define DST_MAX_ALGS 255 -/* A buffer of this size is large enough to hold any key */ +/*% A buffer of this size is large enough to hold any key */ #define DST_KEY_MAXSIZE 1280 -/* +/*% * A buffer of this size is large enough to hold the textual representation * of any key */ #define DST_KEY_MAXTEXTSIZE 2048 -/* 'Type' for dst_read_key() */ +/*% 'Type' for dst_read_key() */ #define DST_TYPE_KEY 0x1000000 /* KEY key */ #define DST_TYPE_PRIVATE 0x2000000 #define DST_TYPE_PUBLIC 0x4000000 @@ -73,239 +82,262 @@ typedef struct dst_context dst_context_t; isc_result_t dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags); -/* +/*%< * Initializes the DST subsystem. * * Requires: - * "mctx" is a valid memory context - * "ectx" is a valid entropy context + * \li "mctx" is a valid memory context + * \li "ectx" is a valid entropy context * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li ISC_R_SUCCESS + * \li ISC_R_NOMEMORY * * Ensures: - * DST is properly initialized. + * \li DST is properly initialized. */ void dst_lib_destroy(void); -/* +/*%< * Releases all resources allocated by DST. */ isc_boolean_t dst_algorithm_supported(unsigned int alg); -/* +/*%< * Checks that a given algorithm is supported by DST. * * Returns: - * ISC_TRUE - * ISC_FALSE + * \li ISC_TRUE + * \li ISC_FALSE */ isc_result_t dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp); -/* +/*%< * Creates a context to be used for a sign or verify operation. * * Requires: - * "key" is a valid key. - * "mctx" is a valid memory context. - * dctxp != NULL && *dctxp == NULL + * \li "key" is a valid key. + * \li "mctx" is a valid memory context. + * \li dctxp != NULL && *dctxp == NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + * \li ISC_R_SUCCESS + * \li ISC_R_NOMEMORY * * Ensures: - * *dctxp will contain a usable context. + * \li *dctxp will contain a usable context. */ void dst_context_destroy(dst_context_t **dctxp); -/* +/*%< * Destroys all memory associated with a context. * * Requires: - * *dctxp != NULL && *dctxp == NULL + * \li *dctxp != NULL && *dctxp == NULL * * Ensures: - * *dctxp == NULL + * \li *dctxp == NULL */ isc_result_t dst_context_adddata(dst_context_t *dctx, const isc_region_t *data); -/* +/*%< * Incrementally adds data to the context to be used in a sign or verify * operation. * * Requires: - * "dctx" is a valid context - * "data" is a valid region + * \li "dctx" is a valid context + * \li "data" is a valid region * * Returns: - * ISC_R_SUCCESS - * DST_R_SIGNFAILURE - * all other errors indicate failure + * \li ISC_R_SUCCESS + * \li DST_R_SIGNFAILURE + * \li all other errors indicate failure */ isc_result_t dst_context_sign(dst_context_t *dctx, isc_buffer_t *sig); -/* +/*%< * Computes a signature using the data and key stored in the context. * * Requires: - * "dctx" is a valid context. - * "sig" is a valid buffer. + * \li "dctx" is a valid context. + * \li "sig" is a valid buffer. * * Returns: - * ISC_R_SUCCESS - * DST_R_VERIFYFAILURE - * all other errors indicate failure + * \li ISC_R_SUCCESS + * \li DST_R_VERIFYFAILURE + * \li all other errors indicate failure * * Ensures: - * "sig" will contain the signature + * \li "sig" will contain the signature */ isc_result_t dst_context_verify(dst_context_t *dctx, isc_region_t *sig); -/* +/*%< * Verifies the signature using the data and key stored in the context. * * Requires: - * "dctx" is a valid context. - * "sig" is a valid region. + * \li "dctx" is a valid context. + * \li "sig" is a valid region. * * Returns: - * ISC_R_SUCCESS - * all other errors indicate failure + * \li ISC_R_SUCCESS + * \li all other errors indicate failure * * Ensures: - * "sig" will contain the signature + * \li "sig" will contain the signature */ isc_result_t dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret); -/* +/*%< * Computes a shared secret from two (Diffie-Hellman) keys. * * Requires: - * "pub" is a valid key that can be used to derive a shared secret - * "priv" is a valid private key that can be used to derive a shared secret - * "secret" is a valid buffer + * \li "pub" is a valid key that can be used to derive a shared secret + * \li "priv" is a valid private key that can be used to derive a shared secret + * \li "secret" is a valid buffer * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + * \li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, secret will contain the derived shared secret. + * \li If successful, secret will contain the derived shared secret. */ isc_result_t dst_key_fromfile(dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, dst_key_t **keyp); -/* +/*%< * Reads a key from permanent storage. The key can either be a public or * private key, and is specified by name, algorithm, and id. If a private key * is specified, the public key must also be present. If directory is NULL, * the current directory is assumed. * * Requires: - * "name" is a valid absolute dns name. - * "id" is a valid key tag identifier. - * "alg" is a supported key algorithm. - * "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union. + * \li "name" is a valid absolute dns name. + * \li "id" is a valid key tag identifier. + * \li "alg" is a supported key algorithm. + * \li "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union. * DST_TYPE_KEY look for a KEY record otherwise DNSKEY - * "mctx" is a valid memory context. - * "keyp" is not NULL and "*keyp" is NULL. + * \li "mctx" is a valid memory context. + * \li "keyp" is not NULL and "*keyp" is NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + * \li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, *keyp will contain a valid key. + * \li If successful, *keyp will contain a valid key. */ isc_result_t dst_key_fromnamedfile(const char *filename, int type, isc_mem_t *mctx, dst_key_t **keyp); -/* +/*%< * Reads a key from permanent storage. The key can either be a public or * key, and is specified by filename. If a private key is specified, the * public key must also be present. * * Requires: - * "filename" is not NULL - * "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union + * \li "filename" is not NULL + * \li "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union * DST_TYPE_KEY look for a KEY record otherwise DNSKEY - * "mctx" is a valid memory context - * "keyp" is not NULL and "*keyp" is NULL. + * \li "mctx" is a valid memory context + * \li "keyp" is not NULL and "*keyp" is NULL. + * + * Returns: + * \li ISC_R_SUCCESS + * \li any other result indicates failure + * + * Ensures: + * \li If successful, *keyp will contain a valid key. + */ + + +isc_result_t +dst_key_read_public(const char *filename, int type, + isc_mem_t *mctx, dst_key_t **keyp); +/*%< + * Reads a public key from permanent storage. The key must be a public key. + * + * Requires: + * \li "filename" is not NULL + * \li "type" is DST_TYPE_KEY look for a KEY record otherwise DNSKEY + * \li "mctx" is a valid memory context + * \li "keyp" is not NULL and "*keyp" is NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + * \li ISC_R_SUCCESS + * \li DST_R_BADKEYTYPE if the key type is not the expected one + * \li ISC_R_UNEXPECTEDTOKEN if the file can not be parsed as a public key + * \li any other result indicates failure * * Ensures: - * If successful, *keyp will contain a valid key. + * \li If successful, *keyp will contain a valid key. */ isc_result_t dst_key_tofile(const dst_key_t *key, int type, const char *directory); -/* +/*%< * Writes a key to permanent storage. The key can either be a public or * private key. Public keys are written in DNS format and private keys * are written as a set of base64 encoded values. If directory is NULL, * the current directory is assumed. * * Requires: - * "key" is a valid key. - * "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union + * \li "key" is a valid key. + * \li "type" is DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or the bitwise union * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + * \li ISC_R_SUCCESS + * \li any other result indicates failure */ isc_result_t dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp); -/* +/*%< * Converts a DNS KEY record into a DST key. * * Requires: - * "name" is a valid absolute dns name. - * "source" is a valid buffer. There must be at least 4 bytes available. - * "mctx" is a valid memory context. - * "keyp" is not NULL and "*keyp" is NULL. + * \li "name" is a valid absolute dns name. + * \li "source" is a valid buffer. There must be at least 4 bytes available. + * \li "mctx" is a valid memory context. + * \li "keyp" is not NULL and "*keyp" is NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + * \li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, *keyp will contain a valid key, and the consumed + * \li If successful, *keyp will contain a valid key, and the consumed * pointer in data will be advanced. */ isc_result_t dst_key_todns(const dst_key_t *key, isc_buffer_t *target); -/* +/*%< * Converts a DST key into a DNS KEY record. * * Requires: - * "key" is a valid key. - * "target" is a valid buffer. There must be at least 4 bytes unused. + * \li "key" is a valid key. + * \li "target" is a valid buffer. There must be at least 4 bytes unused. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + * \li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, the used pointer in 'target' is advanced by at least 4. + * \li If successful, the used pointer in 'target' is advanced by at least 4. */ isc_result_t @@ -313,80 +345,92 @@ dst_key_frombuffer(dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp); -/* +/*%< * Converts a buffer containing DNS KEY RDATA into a DST key. * * Requires: - * "name" is a valid absolute dns name. - * "alg" is a supported key algorithm. - * "source" is a valid buffer. - * "mctx" is a valid memory context. - * "keyp" is not NULL and "*keyp" is NULL. + *\li "name" is a valid absolute dns name. + *\li "alg" is a supported key algorithm. + *\li "source" is a valid buffer. + *\li "mctx" is a valid memory context. + *\li "keyp" is not NULL and "*keyp" is NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + *\li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, *keyp will contain a valid key, and the consumed + *\li If successful, *keyp will contain a valid key, and the consumed * pointer in source will be advanced. */ isc_result_t dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target); -/* +/*%< * Converts a DST key into DNS KEY RDATA format. * * Requires: - * "key" is a valid key. - * "target" is a valid buffer. + *\li "key" is a valid key. + *\li "target" is a valid buffer. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + *\li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, the used pointer in 'target' is advanced. + *\li If successful, the used pointer in 'target' is advanced. */ isc_result_t dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer); -/* +/*%< * Converts a public key into a private key, reading the private key * information from the buffer. The buffer should contain the same data * as the .private key file would. * * Requires: - * "key" is a valid public key. - * "buffer" is not NULL. + *\li "key" is a valid public key. + *\li "buffer" is not NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + *\li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, key will contain a valid private key. + *\li If successful, key will contain a valid private key. */ +gss_ctx_id_t +dst_key_getgssctx(const dst_key_t *key); +/*%< + * Returns the opaque key data. + * Be cautions when using this value unless you know what you are doing. + * + * Requires: + *\li "key" is not NULL. + * + * Returns: + *\li gssctx key data, possibly NULL. + */ isc_result_t -dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx, - dst_key_t **keyp); -/* +dst_key_fromgssapi(dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx, + dst_key_t **keyp); +/*%< * Converts a GSSAPI opaque context id into a DST key. * * Requires: - * "name" is a valid absolute dns name. - * "opaque" is a GSSAPI context id. - * "mctx" is a valid memory context. - * "keyp" is not NULL and "*keyp" is NULL. + *\li "name" is a valid absolute dns name. + *\li "gssctx" is a GSSAPI context id. + *\li "mctx" is a valid memory context. + *\li "keyp" is not NULL and "*keyp" is NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + *\li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, *keyp will contain a valid key and be responsible for + *\li If successful, *keyp will contain a valid key and be responsible for * the context id. */ @@ -396,9 +440,10 @@ dst_key_generate(dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp); -/* +/*%< * Generate a DST key (or keypair) with the supplied parameters. The * interpretation of the "param" field depends on the algorithm: + * \code * RSA: exponent * 0 use exponent 3 * !0 use Fermat4 (2^16 + 1) @@ -410,66 +455,67 @@ dst_key_generate(dns_name_t *name, unsigned int alg, * HMACMD5: entropy * 0 default - require good entropy * !0 lack of good entropy is ok + *\endcode * * Requires: - * "name" is a valid absolute dns name. - * "keyp" is not NULL and "*keyp" is NULL. + *\li "name" is a valid absolute dns name. + *\li "keyp" is not NULL and "*keyp" is NULL. * * Returns: - * ISC_R_SUCCESS - * any other result indicates failure + *\li ISC_R_SUCCESS + * \li any other result indicates failure * * Ensures: - * If successful, *keyp will contain a valid key. + *\li If successful, *keyp will contain a valid key. */ isc_boolean_t dst_key_compare(const dst_key_t *key1, const dst_key_t *key2); -/* +/*%< * Compares two DST keys. * * Requires: - * "key1" is a valid key. - * "key2" is a valid key. + *\li "key1" is a valid key. + *\li "key2" is a valid key. * * Returns: - * ISC_TRUE - * ISC_FALSE + *\li ISC_TRUE + * \li ISC_FALSE */ isc_boolean_t dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2); -/* +/*%< * Compares the parameters of two DST keys. This is used to determine if * two (Diffie-Hellman) keys can be used to derive a shared secret. * * Requires: - * "key1" is a valid key. - * "key2" is a valid key. + *\li "key1" is a valid key. + *\li "key2" is a valid key. * * Returns: - * ISC_TRUE - * ISC_FALSE + *\li ISC_TRUE + * \li ISC_FALSE */ void dst_key_free(dst_key_t **keyp); -/* +/*%< * Release all memory associated with the key. * * Requires: - * "keyp" is not NULL and "*keyp" is a valid key. + *\li "keyp" is not NULL and "*keyp" is a valid key. * * Ensures: - * All memory associated with "*keyp" will be freed. - * *keyp == NULL + *\li All memory associated with "*keyp" will be freed. + *\li *keyp == NULL */ -/* +/*%< * Accessor functions to obtain key fields. * * Require: - * "key" is a valid key. + *\li "key" is a valid key. */ dns_name_t * dst_key_name(const dst_key_t *key); @@ -504,65 +550,83 @@ dst_key_isnullkey(const dst_key_t *key); isc_result_t dst_key_buildfilename(const dst_key_t *key, int type, const char *directory, isc_buffer_t *out); -/* +/*%< * Generates the filename used by dst to store the specified key. * If directory is NULL, the current directory is assumed. * * Requires: - * "key" is a valid key - * "type" is either DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or 0 for no suffix. - * "out" is a valid buffer + *\li "key" is a valid key + *\li "type" is either DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or 0 for no suffix. + *\li "out" is a valid buffer * * Ensures: - * the file name will be written to "out", and the used pointer will + *\li the file name will be written to "out", and the used pointer will * be advanced. */ isc_result_t dst_key_sigsize(const dst_key_t *key, unsigned int *n); -/* +/*%< * Computes the size of a signature generated by the given key. * * Requires: - * "key" is a valid key. - * "n" is not NULL + *\li "key" is a valid key. + *\li "n" is not NULL * * Returns: - * ISC_R_SUCCESS - * DST_R_UNSUPPORTEDALG + *\li #ISC_R_SUCCESS + *\li DST_R_UNSUPPORTEDALG * * Ensures: - * "n" stores the size of a generated signature + *\li "n" stores the size of a generated signature */ isc_result_t dst_key_secretsize(const dst_key_t *key, unsigned int *n); -/* +/*%< * Computes the size of a shared secret generated by the given key. * * Requires: - * "key" is a valid key. - * "n" is not NULL + *\li "key" is a valid key. + *\li "n" is not NULL * * Returns: - * ISC_R_SUCCESS - * DST_R_UNSUPPORTEDALG + *\li #ISC_R_SUCCESS + *\li DST_R_UNSUPPORTEDALG * * Ensures: - * "n" stores the size of a generated shared secret + *\li "n" stores the size of a generated shared secret */ isc_uint16_t dst_region_computeid(const isc_region_t *source, unsigned int alg); -/* +/*%< * Computes the key id of the key stored in the provided region with the * given algorithm. * * Requires: - * "source" contains a valid, non-NULL region. + *\li "source" contains a valid, non-NULL region. * * Returns: - * the key id + *\li the key id + */ + +isc_uint16_t +dst_key_getbits(const dst_key_t *key); +/* + * Get the number of digest bits required (0 == MAX). + * + * Requires: + * "key" is a valid key. + */ + +void +dst_key_setbits(dst_key_t *key, isc_uint16_t bits); +/* + * Set the number of digest bits required (0 == MAX). + * + * Requires: + * "key" is a valid key. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.5.2/lib/dns/include/dst/gssapi.h b/contrib/bind-9.5.2/lib/dns/include/dst/gssapi.h new file mode 100644 index 0000000000..a89e98fc05 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/include/dst/gssapi.h @@ -0,0 +1,207 @@ +/* + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: gssapi.h,v 1.9.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +#ifndef DST_GSSAPI_H +#define DST_GSSAPI_H 1 + +/*! \file dst/gssapi.h */ + +#include +#include +#include +#include +#include + +#ifdef GSSAPI +#ifdef _WINDOWS +/* + * MSVC does not like macros in #include lines. + */ +#include +#else +#include ISC_PLATFORM_GSSAPIHEADER +#endif +#ifndef GSS_SPNEGO_MECHANISM +#define GSS_SPNEGO_MECHANISM ((void*)0) +#endif +#endif + +ISC_LANG_BEGINDECLS + +/*** + *** Types + ***/ + +/*** + *** Functions + ***/ + +isc_result_t +dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, + gss_cred_id_t *cred); +/* + * Acquires GSS credentials. + * + * Requires: + * 'name' is a valid name, preferably one known by the GSS provider + * 'initiate' indicates whether the credentials are for initiating or + * accepting contexts + * 'cred' is a pointer to NULL, which will be allocated with the + * credential handle. Call dst_gssapi_releasecred to free + * the memory. + * + * Returns: + * ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + * other an error occurred while building the message + */ + +isc_result_t +dst_gssapi_releasecred(gss_cred_id_t *cred); +/* + * Releases GSS credentials. Calling this function does release the + * memory allocated for the credential in dst_gssapi_acquirecred() + * + * Requires: + * 'mctx' is a valid memory context + * 'cred' is a pointer to the credential to be released + * + * Returns: + * ISC_R_SUCCESS credential was released successfully + * other an error occurred while releaseing + * the credential + */ + +isc_result_t +dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, + isc_buffer_t *outtoken, gss_ctx_id_t *gssctx); +/* + * Initiates a GSS context. + * + * Requires: + * 'name' is a valid name, preferably one known by the GSS + * provider + * 'intoken' is a token received from the acceptor, or NULL if + * there isn't one + * 'outtoken' is a buffer to receive the token generated by + * gss_init_sec_context() to be sent to the acceptor + * 'context' is a pointer to a valid gss_ctx_id_t + * (which may have the value GSS_C_NO_CONTEXT) + * + * Returns: + * ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + * other an error occurred while building the message + */ + +isc_result_t +dst_gssapi_acceptctx(gss_cred_id_t cred, + isc_region_t *intoken, isc_buffer_t **outtoken, + gss_ctx_id_t *context, dns_name_t *principal, + isc_mem_t *mctx); +/* + * Accepts a GSS context. + * + * Requires: + * 'mctx' is a valid memory context + * 'cred' is the acceptor's valid GSS credential handle + * 'intoken' is a token received from the initiator + * 'outtoken' is a pointer a buffer pointer used to return the token + * generated by gss_accept_sec_context() to be sent to the + * initiator + * 'context' is a valid pointer to receive the generated context handle. + * On the initial call, it should be a pointer to NULL, which + * will be allocated as a gss_ctx_id_t. Subsequent calls + * should pass in the handle generated on the first call. + * Call dst_gssapi_releasecred to delete the context and free + * the memory. + * + * Requires: + * 'outtoken' to != NULL && *outtoken == NULL. + * + * Returns: + * ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + * other an error occurred while building the message + */ + +isc_result_t +dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx); +/* + * Destroys a GSS context. This function deletes the context from the GSS + * provider and then frees the memory used by the context pointer. + * + * Requires: + * 'mctx' is a valid memory context + * 'context' is a valid GSS context + * + * Returns: + * ISC_R_SUCCESS + */ + + +void +gss_log(int level, const char *fmt, ...) +ISC_FORMAT_PRINTF(2, 3); +/* + * Logging function for GSS. + * + * Requires + * 'level' is the log level to be used, as an integer + * 'fmt' is a printf format specifier + */ + +char * +gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, + char *buf, size_t buflen); +/* + * Render a GSS major status/minor status pair into a string + * + * Requires: + * 'major' is a GSS major status code + * 'minor' is a GSS minor status code + * + * Returns: + * A string containing the text representation of the error codes. + * Users should copy the string if they wish to keep it. + */ + +isc_boolean_t +dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name, + dns_name_t *realm); +/* + * Compare a "signer" (in the format of a Kerberos-format Kerberos5 + * principal: host/example.com@EXAMPLE.COM) to the realm name stored + * in "name" (which represents the realm name). + * + */ + +isc_boolean_t +dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name, + dns_name_t *realm); +/* + * Compare a "signer" (in the format of a Kerberos-format Kerberos5 + * principal: host/example.com@EXAMPLE.COM) to the realm name stored + * in "name" (which represents the realm name). + * + */ + +ISC_LANG_ENDDECLS + +#endif /* DST_GSSAPI_H */ diff --git a/contrib/bind-9.3/lib/dns/include/dst/lib.h b/contrib/bind-9.5.2/lib/dns/include/dst/lib.h similarity index 82% rename from contrib/bind-9.3/lib/dns/include/dst/lib.h rename to contrib/bind-9.5.2/lib/dns/include/dst/lib.h index 7a8e73e4dc..886575e9cb 100644 --- a/contrib/bind-9.3/lib/dns/include/dst/lib.h +++ b/contrib/bind-9.5.2/lib/dns/include/dst/lib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.h,v 1.1.4.1 2004/12/09 04:07:20 marka Exp $ */ +/* $Id: lib.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DST_LIB_H #define DST_LIB_H 1 +/*! \file dst/lib.h */ + #include #include diff --git a/contrib/bind-9.3/lib/dns/include/dst/result.h b/contrib/bind-9.5.2/lib/dns/include/dst/result.h similarity index 90% rename from contrib/bind-9.3/lib/dns/include/dst/result.h rename to contrib/bind-9.5.2/lib/dns/include/dst/result.h index 015e0863c4..52e409b8fa 100644 --- a/contrib/bind-9.3/lib/dns/include/dst/result.h +++ b/contrib/bind-9.5.2/lib/dns/include/dst/result.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.1.4.1 2004/12/09 04:07:20 marka Exp $ */ +/* $Id: result.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DST_RESULT_H #define DST_RESULT_H 1 +/*! \file dst/result.h */ + #include #include diff --git a/contrib/bind-9.5.2/lib/dns/iptable.c b/contrib/bind-9.5.2/lib/dns/iptable.c new file mode 100644 index 0000000000..6fe9c116f4 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/iptable.c @@ -0,0 +1,188 @@ +/* + * Copyright (C) 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: iptable.c,v 1.5.46.9 2009/02/18 23:46:34 tbox Exp $ */ + +#include + +#include +#include + +#include + +static void destroy_iptable(dns_iptable_t *dtab); + +/* + * Create a new IP table and the underlying radix structure + */ +isc_result_t +dns_iptable_create(isc_mem_t *mctx, dns_iptable_t **target) { + isc_result_t result; + dns_iptable_t *tab; + + tab = isc_mem_get(mctx, sizeof(*tab)); + if (tab == NULL) + return (ISC_R_NOMEMORY); + tab->mctx = mctx; + isc_refcount_init(&tab->refcount, 1); + tab->radix = NULL; + tab->magic = DNS_IPTABLE_MAGIC; + + result = isc_radix_create(mctx, &tab->radix, RADIX_MAXBITS); + if (result != ISC_R_SUCCESS) + goto cleanup; + + *target = tab; + return (ISC_R_SUCCESS); + + cleanup: + dns_iptable_detach(&tab); + return (result); +} + +isc_boolean_t dns_iptable_neg = ISC_FALSE; +isc_boolean_t dns_iptable_pos = ISC_TRUE; + +/* + * Add an IP prefix to an existing IP table + */ +isc_result_t +dns_iptable_addprefix(dns_iptable_t *tab, isc_netaddr_t *addr, + isc_uint16_t bitlen, isc_boolean_t pos) +{ + isc_result_t result; + isc_prefix_t pfx; + isc_radix_node_t *node = NULL; + int family; + + INSIST(DNS_IPTABLE_VALID(tab)); + INSIST(tab->radix); + + NETADDR_TO_PREFIX_T(addr, pfx, bitlen); + + result = isc_radix_insert(tab->radix, &node, NULL, &pfx); + if (result != ISC_R_SUCCESS) { + isc_refcount_destroy(&pfx.refcount); + return(result); + } + + /* If a node already contains data, don't overwrite it */ + family = pfx.family; + if (family == AF_UNSPEC) { + /* "any" or "none" */ + INSIST(pfx.bitlen == 0); + if (pos) { + if (node->data[0] == NULL) + node->data[0] = &dns_iptable_pos; + if (node->data[1] == NULL) + node->data[1] = &dns_iptable_pos; + } else { + if (node->data[0] == NULL) + node->data[0] = &dns_iptable_neg; + if (node->data[1] == NULL) + node->data[1] = &dns_iptable_neg; + } + } else { + /* any other prefix */ + if (node->data[ISC_IS6(family)] == NULL) { + if (pos) + node->data[ISC_IS6(family)] = &dns_iptable_pos; + else + node->data[ISC_IS6(family)] = &dns_iptable_neg; + } + } + + isc_refcount_destroy(&pfx.refcount); + return (ISC_R_SUCCESS); +} + +/* + * Merge one IP table into another one. + */ +isc_result_t +dns_iptable_merge(dns_iptable_t *tab, dns_iptable_t *source, isc_boolean_t pos) +{ + isc_result_t result; + isc_radix_node_t *node, *new_node; + int max_node = 0; + + RADIX_WALK (source->radix->head, node) { + new_node = NULL; + result = isc_radix_insert (tab->radix, &new_node, node, NULL); + + if (result != ISC_R_SUCCESS) + return(result); + + /* + * If we're negating a nested ACL, then we should + * reverse the sense of every node. However, this + * could lead to a negative node in a nested ACL + * becoming a positive match in the parent, which + * could be a security risk. To prevent this, we + * just leave the negative nodes negative. + */ + if (!pos) { + if (node->data[0] && + *(isc_boolean_t *) node->data[0] == ISC_TRUE) + new_node->data[0] = &dns_iptable_neg; + + if (node->data[1] && + *(isc_boolean_t *) node->data[1] == ISC_TRUE) + new_node->data[1] = &dns_iptable_neg; + } + + if (node->node_num[0] > max_node) + max_node = node->node_num[0]; + if (node->node_num[1] > max_node) + max_node = node->node_num[1]; + } RADIX_WALK_END; + + tab->radix->num_added_node += max_node; + return (ISC_R_SUCCESS); +} + +void +dns_iptable_attach(dns_iptable_t *source, dns_iptable_t **target) { + REQUIRE(DNS_IPTABLE_VALID(source)); + isc_refcount_increment(&source->refcount, NULL); + *target = source; +} + +void +dns_iptable_detach(dns_iptable_t **tabp) { + dns_iptable_t *tab = *tabp; + unsigned int refs; + REQUIRE(DNS_IPTABLE_VALID(tab)); + isc_refcount_decrement(&tab->refcount, &refs); + if (refs == 0) + destroy_iptable(tab); + *tabp = NULL; +} + +static void +destroy_iptable(dns_iptable_t *dtab) { + + REQUIRE(DNS_IPTABLE_VALID(dtab)); + + if (dtab->radix != NULL) { + isc_radix_destroy(dtab->radix, NULL); + dtab->radix = NULL; + } + + isc_refcount_destroy(&dtab->refcount); + dtab->magic = 0; + isc_mem_put(dtab->mctx, dtab, sizeof(*dtab)); +} diff --git a/contrib/bind-9.3/lib/dns/journal.c b/contrib/bind-9.5.2/lib/dns/journal.c similarity index 89% rename from contrib/bind-9.3/lib/dns/journal.c rename to contrib/bind-9.5.2/lib/dns/journal.c index 536416d931..8e8b3d4212 100644 --- a/contrib/bind-9.3/lib/dns/journal.c +++ b/contrib/bind-9.5.2/lib/dns/journal.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.77.2.1.10.13 2005/11/03 23:08:41 marka Exp $ */ +/* $Id: journal.c,v 1.99.70.4 2009/01/19 23:47:02 tbox Exp $ */ #include #include #include +#include #include #include @@ -40,7 +41,44 @@ #include #include -/* +/*! \file + * \brief Journaling. + * + * A journal file consists of + * + * \li A fixed-size header of type journal_rawheader_t. + * + * \li The index. This is an unordered array of index entries + * of type journal_rawpos_t giving the locations + * of some arbitrary subset of the journal's addressable + * transactions. The index entries are used as hints to + * speed up the process of locating a transaction with a given + * serial number. Unused index entries have an "offset" + * field of zero. The size of the index can vary between + * journal files, but does not change during the lifetime + * of a file. The size can be zero. + * + * \li The journal data. This consists of one or more transactions. + * Each transaction begins with a transaction header of type + * journal_rawxhdr_t. The transaction header is followed by a + * sequence of RRs, similar in structure to an IXFR difference + * sequence (RFC1995). That is, the pre-transaction SOA, + * zero or more other deleted RRs, the post-transaction SOA, + * and zero or more other added RRs. Unlike in IXFR, each RR + * is prefixed with a 32-bit length. + * + * The journal data part grows as new transactions are + * appended to the file. Only those transactions + * whose serial number is current-(2^31-1) to current + * are considered "addressable" and may be pointed + * to from the header or index. They may be preceded + * by old transactions that are no longer addressable, + * and they may be followed by transactions that were + * appended to the journal but never committed by updating + * the "end" position in the header. The latter will + * be overwritten when new transactions are added. + */ +/*% * When true, accept IXFR difference sequences where the * SOA serial number does not change (BIND 8 sends such * sequences). @@ -58,7 +96,7 @@ static isc_boolean_t bind8_compat = ISC_TRUE; /* XXX config */ #define JOURNAL_DEBUG_LOGARGS(n) \ JOURNAL_COMMON_LOGARGS, ISC_LOG_DEBUG(n) -/* +/*% * It would be non-sensical (or at least obtuse) to use FAIL() with an * ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". @@ -69,7 +107,7 @@ static isc_boolean_t bind8_compat = ISC_TRUE; /* XXX config */ } while (0) #define CHECK(op) \ - do { result = (op); \ + do { result = (op); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) @@ -111,11 +149,11 @@ dns_db_createsoatuple(dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, dns_rdataset_init(&rdataset); result = dns_db_findrdataset(db, node, ver, dns_rdatatype_soa, 0, (isc_stdtime_t)0, &rdataset, NULL); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) goto freenode; result = dns_rdataset_first(&rdataset); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) goto freenode; dns_rdataset_current(&rdataset, &rdata); @@ -134,55 +172,16 @@ dns_db_createsoatuple(dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, return (result); } -/**************************************************************************/ -/* - * Journalling. - */ +/* Journaling */ -/* - * A journal file consists of - * - * - A fixed-size header of type journal_rawheader_t. - * - * - The index. This is an unordered array of index entries - * of type journal_rawpos_t giving the locations - * of some arbitrary subset of the journal's addressable - * transactions. The index entries are used as hints to - * speed up the process of locating a transaction with a given - * serial number. Unused index entries have an "offset" - * field of zero. The size of the index can vary between - * journal files, but does not change during the lifetime - * of a file. The size can be zero. - * - * - The journal data. This consists of one or more transactions. - * Each transaction begins with a transaction header of type - * journal_rawxhdr_t. The transaction header is followed by a - * sequence of RRs, similar in structure to an IXFR difference - * sequence (RFC1995). That is, the pre-transaction SOA, - * zero or more other deleted RRs, the post-transaction SOA, - * and zero or more other added RRs. Unlike in IXFR, each RR - * is prefixed with a 32-bit length. - * - * The journal data part grows as new transactions are - * appended to the file. Only those transactions - * whose serial number is current-(2^31-1) to current - * are considered "addressable" and may be pointed - * to from the header or index. They may be preceded - * by old transactions that are no longer addressable, - * and they may be followed by transactions that were - * appended to the journal but never committed by updating - * the "end" position in the header. The latter will - * be overwritten when new transactions are added. - */ - -/* +/*% * On-disk representation of a "pointer" to a journal entry. * These are used in the journal header to locate the beginning * and end of the journal, and in the journal index to locate * other transactions. */ typedef struct { - unsigned char serial[4]; /* SOA serial before update. */ + unsigned char serial[4]; /*%< SOA serial before update. */ /* * XXXRTH Should offset be 8 bytes? * XXXDCL ... probably, since isc_offset_t is 8 bytes on many OSs. @@ -190,54 +189,54 @@ typedef struct { * platforms as long as we are using fseek() rather * than lseek(). */ - unsigned char offset[4]; /* Offset from beginning of file. */ + unsigned char offset[4]; /*%< Offset from beginning of file. */ } journal_rawpos_t; -/* - * The on-disk representation of the journal header. - * All numbers are stored in big-endian order. - */ -/* +/*% * The header is of a fixed size, with some spare room for future * extensions. */ #define JOURNAL_HEADER_SIZE 64 /* Bytes. */ +/*% + * The on-disk representation of the journal header. + * All numbers are stored in big-endian order. + */ typedef union { struct { - /* File format version ID. */ + /*% File format version ID. */ unsigned char format[16]; - /* Position of the first addressable transaction */ + /*% Position of the first addressable transaction */ journal_rawpos_t begin; - /* Position of the next (yet nonexistent) transaction. */ + /*% Position of the next (yet nonexistent) transaction. */ journal_rawpos_t end; - /* Number of index entries following the header. */ + /*% Number of index entries following the header. */ unsigned char index_size[4]; } h; /* Pad the header to a fixed size. */ unsigned char pad[JOURNAL_HEADER_SIZE]; } journal_rawheader_t; -/* +/*% * The on-disk representation of the transaction header. * There is one of these at the beginning of each transaction. */ typedef struct { - unsigned char size[4]; /* In bytes, excluding header. */ - unsigned char serial0[4]; /* SOA serial before update. */ - unsigned char serial1[4]; /* SOA serial after update. */ + unsigned char size[4]; /*%< In bytes, excluding header. */ + unsigned char serial0[4]; /*%< SOA serial before update. */ + unsigned char serial1[4]; /*%< SOA serial after update. */ } journal_rawxhdr_t; -/* +/*% * The on-disk representation of the RR header. * There is one of these at the beginning of each RR. */ typedef struct { - unsigned char size[4]; /* In bytes, excluding header. */ + unsigned char size[4]; /*%< In bytes, excluding header. */ } journal_rawrrhdr_t; -/* +/*% * The in-core representation of the journal header. */ typedef struct { @@ -255,7 +254,7 @@ typedef struct { isc_uint32_t index_size; } journal_header_t; -/* +/*% * The in-core representation of the transaction header. */ @@ -265,7 +264,7 @@ typedef struct { isc_uint32_t serial1; } journal_xhdr_t; -/* +/*% * The in-core representation of the RR header. */ typedef struct { @@ -273,7 +272,7 @@ typedef struct { } journal_rrhdr_t; -/* +/*% * Initial contents to store in the header of a newly created * journal file. * @@ -297,40 +296,38 @@ typedef enum { } journal_state_t; struct dns_journal { - unsigned int magic; /* JOUR */ - isc_mem_t *mctx; /* Memory context */ + unsigned int magic; /*%< JOUR */ + isc_mem_t *mctx; /*%< Memory context */ journal_state_t state; - const char *filename; /* Journal file name */ - FILE * fp; /* File handle */ - isc_offset_t offset; /* Current file offset */ - journal_header_t header; /* In-core journal header */ - unsigned char *rawindex; /* In-core buffer for journal - index in on-disk format */ - journal_pos_t *index; /* In-core journal index */ - - /* Current transaction state (when writing). */ + const char *filename; /*%< Journal file name */ + FILE * fp; /*%< File handle */ + isc_offset_t offset; /*%< Current file offset */ + journal_header_t header; /*%< In-core journal header */ + unsigned char *rawindex; /*%< In-core buffer for journal index in on-disk format */ + journal_pos_t *index; /*%< In-core journal index */ + + /*% Current transaction state (when writing). */ struct { - unsigned int n_soa; /* Number of SOAs seen */ - journal_pos_t pos[2]; /* Begin/end position */ + unsigned int n_soa; /*%< Number of SOAs seen */ + journal_pos_t pos[2]; /*%< Begin/end position */ } x; - /* Iteration state (when reading). */ + /*% Iteration state (when reading). */ struct { /* These define the part of the journal we iterate over. */ - journal_pos_t bpos; /* Position before first, */ - journal_pos_t epos; /* and after last - transaction */ + journal_pos_t bpos; /*%< Position before first, */ + journal_pos_t epos; /*%< and after last transaction */ /* The rest is iterator state. */ - isc_uint32_t current_serial; /* Current SOA serial */ - isc_buffer_t source; /* Data from disk */ - isc_buffer_t target; /* Data from _fromwire check */ - dns_decompress_t dctx; /* Dummy decompression ctx */ - dns_name_t name; /* Current domain name */ - dns_rdata_t rdata; /* Current rdata */ - isc_uint32_t ttl; /* Current TTL */ - unsigned int xsize; /* Size of transaction data */ - unsigned int xpos; /* Current position in it */ - isc_result_t result; /* Result of last call */ + isc_uint32_t current_serial; /*%< Current SOA serial */ + isc_buffer_t source; /*%< Data from disk */ + isc_buffer_t target; /*%< Data from _fromwire check */ + dns_decompress_t dctx; /*%< Dummy decompression ctx */ + dns_name_t name; /*%< Current domain name */ + dns_rdata_t rdata; /*%< Current rdata */ + isc_uint32_t ttl; /*%< Current TTL */ + unsigned int xsize; /*%< Size of transaction data */ + unsigned int xpos; /*%< Current position in it */ + isc_result_t result; /*%< Result of last call */ } it; }; @@ -644,7 +641,7 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, dns_rdata_init(&j->it.rdata); /* - * Set up empty initial buffers for uncheched and checked + * Set up empty initial buffers for unchecked and checked * wire format RR data. They will be reallocated * later. */ @@ -674,7 +671,23 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, isc_result_t dns_journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t write, dns_journal_t **journalp) { - return (journal_open(mctx, filename, write, write, journalp)); + isc_result_t result; + int namelen; + char backup[1024]; + + result = journal_open(mctx, filename, write, write, journalp); + if (result == ISC_R_NOTFOUND) { + namelen = strlen(filename); + if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0) + namelen -= 4; + + result = isc_string_printf(backup, sizeof(backup), "%.*s.jbk", + namelen, filename); + if (result != ISC_R_SUCCESS) + return (result); + result = journal_open(mctx, backup, write, write, journalp); + } + return (result); } /* @@ -1196,7 +1209,7 @@ roll_forward(dns_journal_t *j, dns_db_t *db) { dns_diff_init(j->mctx, &diff); /* - * Set up empty initial buffers for uncheched and checked + * Set up empty initial buffers for unchecked and checked * wire format transaction data. They will be reallocated * later. */ @@ -1354,14 +1367,14 @@ dns_journal_print(isc_mem_t *mctx, const char *filename, FILE *file) { if (result != ISC_R_SUCCESS) { isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, "journal open failure: %s: %s", - isc_result_totext(result), j->filename); + isc_result_totext(result), filename); return (result); } dns_diff_init(j->mctx, &diff); /* - * Set up empty initial buffers for uncheched and checked + * Set up empty initial buffers for unchecked and checked * wire format transaction data. They will be reallocated * later. */ @@ -1392,9 +1405,9 @@ dns_journal_print(isc_mem_t *mctx, const char *filename, FILE *file) { if (n_soa == 3) n_soa = 1; if (n_soa == 0) { - isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, - "%s: journal file corrupt: missing " - "initial SOA", j->filename); + isc_log_write(JOURNAL_COMMON_LOGARGS, ISC_LOG_ERROR, + "%s: journal file corrupt: missing " + "initial SOA", j->filename); FAIL(ISC_R_UNEXPECTED); } CHECK(dns_difftuple_create(diff.mctx, n_soa == 1 ? @@ -1616,6 +1629,8 @@ read_one_rr(dns_journal_t *j) { /* * Parse the rdata. */ + if (isc_buffer_remaininglength(&j->it.source) != rdlen) + FAIL(DNS_R_FORMERR); isc_buffer_setactive(&j->it.source, rdlen); dns_rdata_reset(&j->it.rdata); CHECK(dns_rdata_fromwire(&j->it.rdata, rdclass, @@ -1931,21 +1946,45 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, journal_pos_t best_guess; journal_pos_t current_pos; dns_journal_t *j = NULL; + dns_journal_t *new = NULL; journal_rawheader_t rawheader; unsigned int copy_length; - unsigned int len; + int namelen; char *buf = NULL; unsigned int size = 0; isc_result_t result; unsigned int indexend; + char newname[1024]; + char backup[1024]; + isc_boolean_t is_backup = ISC_FALSE; - CHECK(journal_open(mctx, filename, ISC_TRUE, ISC_FALSE, &j)); + namelen = strlen(filename); + if (namelen > 4 && strcmp(filename + namelen - 4, ".jnl") == 0) + namelen -= 4; + + result = isc_string_printf(newname, sizeof(newname), "%.*s.jnw", + namelen, filename); + if (result != ISC_R_SUCCESS) + return (result); + + result = isc_string_printf(backup, sizeof(backup), "%.*s.jbk", + namelen, filename); + if (result != ISC_R_SUCCESS) + return (result); + + result = journal_open(mctx, filename, ISC_FALSE, ISC_FALSE, &j); + if (result == ISC_R_NOTFOUND) { + is_backup = ISC_TRUE; + result = journal_open(mctx, backup, ISC_FALSE, ISC_FALSE, &j); + } + if (result != ISC_R_SUCCESS) + return (result); if (JOURNAL_EMPTY(&j->header)) { dns_journal_destroy(&j); return (ISC_R_SUCCESS); } - + if (DNS_SERIAL_GT(j->header.begin.serial, serial) || DNS_SERIAL_GT(serial, j->header.end.serial)) { dns_journal_destroy(&j); @@ -1967,7 +2006,9 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, dns_journal_destroy(&j); return (ISC_R_SUCCESS); } - + + CHECK(journal_open(mctx, newname, ISC_TRUE, ISC_TRUE, &new)); + /* * Remove overhead so space test below can succeed. */ @@ -2007,47 +2048,12 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, CHECK(journal_next(j, &best_guess)); /* - * Enough space to proceed? + * We should now be roughly half target_size provided + * we did not reach 'serial'. If not we will just copy + * all uncommitted deltas regardless of the size. */ - if ((isc_uint32_t) (j->header.end.offset - best_guess.offset) > - (isc_uint32_t) (best_guess.offset - indexend)) { - dns_journal_destroy(&j); - return (ISC_R_NOSPACE); - } - copy_length = j->header.end.offset - best_guess.offset; - /* - * Invalidate entire index, will be rebuilt at end. - */ - for (i = 0; i < j->header.index_size; i++) { - if (POS_VALID(j->index[i])) - POS_INVALIDATE(j->index[i]); - } - - /* - * Convert the index into on-disk format and write - * it to disk. - */ - CHECK(index_to_disk(j)); - CHECK(journal_fsync(j)); - - /* - * Update the journal header. - */ - if (copy_length == 0) { - j->header.begin.serial = 0; - j->header.end.serial = 0; - j->header.begin.offset = 0; - j->header.end.offset = 0; - } else { - j->header.begin = best_guess; - } - journal_header_encode(&j->header, &rawheader); - CHECK(journal_seek(j, 0)); - CHECK(journal_write(j, &rawheader, sizeof(rawheader))); - CHECK(journal_fsync(j)); - if (copy_length != 0) { /* * Copy best_guess to end into space just freed. @@ -2060,57 +2066,91 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, result = ISC_R_NOMEMORY; goto failure; } - + + CHECK(journal_seek(j, best_guess.offset)); + CHECK(journal_seek(new, indexend)); for (i = 0; i < copy_length; i += size) { - len = (copy_length - i) > size ? size : + unsigned int len = (copy_length - i) > size ? size : (copy_length - i); - CHECK(journal_seek(j, best_guess.offset + i)); CHECK(journal_read(j, buf, len)); - CHECK(journal_seek(j, indexend + i)); - CHECK(journal_write(j, buf, len)); + CHECK(journal_write(new, buf, len)); } - CHECK(journal_fsync(j)); + CHECK(journal_fsync(new)); /* * Compute new header. */ - j->header.begin.offset = indexend; - j->header.end.offset = indexend + copy_length; + new->header.begin.serial = best_guess.serial; + new->header.begin.offset = indexend; + new->header.end.serial = j->header.end.serial; + new->header.end.offset = indexend + copy_length; + /* * Update the journal header. */ - journal_header_encode(&j->header, &rawheader); - CHECK(journal_seek(j, 0)); - CHECK(journal_write(j, &rawheader, sizeof(rawheader))); - CHECK(journal_fsync(j)); + journal_header_encode(&new->header, &rawheader); + CHECK(journal_seek(new, 0)); + CHECK(journal_write(new, &rawheader, sizeof(rawheader))); + CHECK(journal_fsync(new)); /* * Build new index. */ - current_pos = j->header.begin; - while (current_pos.serial != j->header.end.serial) { - index_add(j, ¤t_pos); - CHECK(journal_next(j, ¤t_pos)); + current_pos = new->header.begin; + while (current_pos.serial != new->header.end.serial) { + index_add(new, ¤t_pos); + CHECK(journal_next(new, ¤t_pos)); } /* * Write index. */ - CHECK(index_to_disk(j)); - CHECK(journal_fsync(j)); + CHECK(index_to_disk(new)); + CHECK(journal_fsync(new)); - indexend = j->header.end.offset; + indexend = new->header.end.offset; } + dns_journal_destroy(&new); + + /* + * With a UFS file system this should just succeed and be atomic. + * Any IXFR outs will just continue and the old journal will be + * removed on final close. + * + * With MSDOS / NTFS we need to do a two stage rename triggered + * bu EEXISTS. Hopefully all IXFR's that were active at the last + * rename are now complete. + */ + if (rename(newname, filename) == -1) { + if (errno == EACCES && !is_backup) { + result = isc_file_remove(backup); + if (result != ISC_R_SUCCESS && + result != ISC_R_FILENOTFOUND) + goto failure; + if (rename(filename, backup) == -1) + goto maperrno; + if (rename(newname, filename) == -1) + goto maperrno; + (void)isc_file_remove(backup); + } else { + maperrno: + result = ISC_R_FAILURE; + goto failure; + } + } + dns_journal_destroy(&j); - (void)isc_file_truncate(filename, (isc_offset_t)indexend); result = ISC_R_SUCCESS; failure: + (void)isc_file_remove(newname); if (buf != NULL) isc_mem_put(mctx, buf, size); if (j != NULL) dns_journal_destroy(&j); + if (new != NULL) + dns_journal_destroy(&new); return (result); } diff --git a/contrib/bind-9.3/lib/dns/key.c b/contrib/bind-9.5.2/lib/dns/key.c similarity index 83% rename from contrib/bind-9.3/lib/dns/key.c rename to contrib/bind-9.5.2/lib/dns/key.c index 97d970ed5e..5cf4442915 100644 --- a/contrib/bind-9.3/lib/dns/key.c +++ b/contrib/bind-9.5.2/lib/dns/key.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: key.c,v 1.1.4.3 2005/06/09 23:54:29 marka Exp $ */ +/* $Id: key.c,v 1.8 2007/06/19 23:47:16 tbox Exp $ */ #include @@ -125,3 +125,23 @@ dst_key_isnullkey(const dst_key_t *key) { return (ISC_FALSE); return (ISC_TRUE); } + +void +dst_key_setbits(dst_key_t *key, isc_uint16_t bits) { + unsigned int maxbits; + REQUIRE(VALID_KEY(key)); + if (bits != 0) { + RUNTIME_CHECK(dst_key_sigsize(key, &maxbits) == ISC_R_SUCCESS); + maxbits *= 8; + REQUIRE(bits <= maxbits); + } + key->key_bits = bits; +} + +isc_uint16_t +dst_key_getbits(const dst_key_t *key) { + REQUIRE(VALID_KEY(key)); + return (key->key_bits); +} + +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/keytable.c b/contrib/bind-9.5.2/lib/dns/keytable.c similarity index 94% rename from contrib/bind-9.3/lib/dns/keytable.c rename to contrib/bind-9.5.2/lib/dns/keytable.c index 7f3e3cff2b..bffd2d3ac7 100644 --- a/contrib/bind-9.3/lib/dns/keytable.c +++ b/contrib/bind-9.5.2/lib/dns/keytable.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keytable.c,v 1.26.12.5 2006/01/06 00:01:42 marka Exp $ */ +/* $Id: keytable.c,v 1.34 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -87,22 +89,12 @@ dns_keytable_create(isc_mem_t *mctx, dns_keytable_t **keytablep) { goto cleanup_keytable; result = isc_mutex_init(&keytable->lock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_rbt; - } result = isc_rwlock_init(&keytable->rwlock, 0, 0); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_rwlock_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_lock; - } keytable->mctx = mctx; keytable->active_nodes = 0; diff --git a/contrib/bind-9.3/lib/dns/lib.c b/contrib/bind-9.5.2/lib/dns/lib.c similarity index 83% rename from contrib/bind-9.3/lib/dns/lib.c rename to contrib/bind-9.5.2/lib/dns/lib.c index 44490675a8..6f98b5374e 100644 --- a/contrib/bind-9.3/lib/dns/lib.c +++ b/contrib/bind-9.5.2/lib/dns/lib.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.c,v 1.9.12.3 2004/03/08 09:04:30 marka Exp $ */ +/* $Id: lib.c,v 1.16 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -31,6 +33,7 @@ *** Globals ***/ +LIBDNS_EXTERNAL_DATA unsigned int dns_pps = 0U; LIBDNS_EXTERNAL_DATA isc_msgcat_t * dns_msgcat = NULL; diff --git a/contrib/bind-9.3/lib/dns/log.c b/contrib/bind-9.5.2/lib/dns/log.c similarity index 86% rename from contrib/bind-9.3/lib/dns/log.c rename to contrib/bind-9.5.2/lib/dns/log.c index d240767cbf..7551e15f25 100644 --- a/contrib/bind-9.3/lib/dns/log.c +++ b/contrib/bind-9.5.2/lib/dns/log.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.33.2.2.10.3 2004/03/06 08:13:39 marka Exp $ */ +/* $Id: log.c,v 1.45 2007/06/18 23:47:40 tbox Exp $ */ + +/*! \file */ /* Principal Authors: DCL */ @@ -25,9 +27,9 @@ #include -/* +/*% * When adding a new category, be sure to add the appropriate - * #define to . + * \#define to . */ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = { { "notify", 0 }, @@ -41,12 +43,13 @@ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = { { "dispatch", 0 }, { "lame-servers", 0 }, { "delegation-only", 0 }, + { "edns-disabled", 0 }, { NULL, 0 } }; -/* +/*% * When adding a new module, be sure to add the appropriate - * #define to . + * \#define to . */ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns_modules[] = { { "dns/db", 0 }, @@ -74,6 +77,8 @@ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns_modules[] = { { "dns/sdb", 0 }, { "dns/diff", 0 }, { "dns/hints", 0 }, + { "dns/acache", 0 }, + { "dns/dlz", 0 }, { NULL, 0 } }; diff --git a/contrib/bind-9.3/lib/dns/lookup.c b/contrib/bind-9.5.2/lib/dns/lookup.c similarity index 94% rename from contrib/bind-9.3/lib/dns/lookup.c rename to contrib/bind-9.5.2/lib/dns/lookup.c index 1cf572145d..d5fc7aae47 100644 --- a/contrib/bind-9.3/lib/dns/lookup.c +++ b/contrib/bind-9.5.2/lib/dns/lookup.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lookup.c,v 1.9.12.7 2006/01/04 23:50:20 marka Exp $ */ +/* $Id: lookup.c,v 1.21 2007/06/18 23:47:40 tbox Exp $ */ + +/*! \file */ #include @@ -179,7 +181,7 @@ static void lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { isc_result_t result; isc_boolean_t want_restart; - isc_boolean_t send_event = ISC_FALSE; + isc_boolean_t send_event; dns_name_t *name, *fname, *prefix; dns_fixedname_t foundname, fixed; dns_rdata_t rdata = DNS_RDATA_INIT; @@ -199,6 +201,7 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { do { lookup->restarts++; want_restart = ISC_FALSE; + send_event = ISC_TRUE; if (event == NULL && !lookup->canceled) { dns_fixedname_init(&foundname); @@ -206,6 +209,15 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { INSIST(!dns_rdataset_isassociated(&lookup->rdataset)); INSIST(!dns_rdataset_isassociated (&lookup->sigrdataset)); + /* + * If we have restarted then clear the old node. */ + if (lookup->event->node != NULL) { + INSIST(lookup->event->db != NULL); + dns_db_detachnode(lookup->event->db, + &lookup->event->node); + } + if (lookup->event->db != NULL) + dns_db_detach(&lookup->event->db); result = view_find(lookup, fname); if (result == ISC_R_NOTFOUND) { /* @@ -220,8 +232,8 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { if (lookup->event->db != NULL) dns_db_detach(&lookup->event->db); result = start_fetch(lookup); - if (result != ISC_R_SUCCESS) - send_event = ISC_TRUE; + if (result == ISC_R_SUCCESS) + send_event = ISC_FALSE; goto done; } } else if (event != NULL) { @@ -242,7 +254,6 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { switch (result) { case ISC_R_SUCCESS: result = build_event(lookup); - send_event = ISC_TRUE; if (event == NULL) break; if (event->db != NULL) @@ -267,8 +278,10 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { break; result = dns_name_copy(&cname.cname, name, NULL); dns_rdata_freestruct(&cname); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { want_restart = ISC_TRUE; + send_event = ISC_FALSE; + } break; case DNS_R_DNAME: namereln = dns_name_fullcompare(name, fname, &order, @@ -294,8 +307,10 @@ lookup_find(dns_lookup_t *lookup, dns_fetchevent_t *event) { result = dns_name_concatenate(prefix, &dname.dname, name, NULL); dns_rdata_freestruct(&dname); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { want_restart = ISC_TRUE; + send_event = ISC_FALSE; + } break; default: send_event = ISC_TRUE; @@ -366,7 +381,6 @@ levent_destroy(isc_event_t *event) { isc_mem_put(mctx, event, event->ev_size); } - isc_result_t dns_lookup_create(isc_mem_t *mctx, dns_name_t *name, dns_rdatatype_t type, dns_view_t *view, unsigned int options, isc_task_t *task, diff --git a/contrib/bind-9.3/lib/dns/master.c b/contrib/bind-9.5.2/lib/dns/master.c similarity index 79% rename from contrib/bind-9.3/lib/dns/master.c rename to contrib/bind-9.5.2/lib/dns/master.c index 7a2dab3ade..cc19b16ed8 100644 --- a/contrib/bind-9.3/lib/dns/master.c +++ b/contrib/bind-9.5.2/lib/dns/master.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: master.c,v 1.122.2.8.2.14 2004/05/05 01:32:16 marka Exp $ */ +/* $Id: master.c,v 1.166.94.5 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ #include @@ -25,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -46,33 +49,34 @@ #include #include -/* - * Grow the number of dns_rdatalist_t (RDLSZ) and dns_rdata_t (RDSZ) structures +/*! + * Grow the number of dns_rdatalist_t (#RDLSZ) and dns_rdata_t (#RDSZ) structures * by these sizes when we need to. * - * RDLSZ reflects the number of different types with the same name expected. + */ +/*% RDLSZ reflects the number of different types with the same name expected. */ +#define RDLSZ 32 +/*% * RDSZ reflects the number of rdata expected at a give name that can fit into * 64k. */ - -#define RDLSZ 32 #define RDSZ 512 #define NBUFS 4 #define MAXWIRESZ 255 -/* +/*% * Target buffer size and minimum target size. * MINTSIZ must be big enough to hold the largest rdata record. - * + * \brief * TSIZ >= MINTSIZ */ #define TSIZ (128*1024) -/* +/*% * max message size - header - root - type - class - ttl - rdlen */ #define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2) -/* +/*% * Size for tokens in the presentation format, * The largest tokens are the base64 blocks in KEY and CERT records, * Largest key allowed is about 1372 bytes but @@ -87,19 +91,28 @@ typedef ISC_LIST(dns_rdatalist_t) rdatalist_head_t; typedef struct dns_incctx dns_incctx_t; -/* +/*% * Master file load state. */ struct dns_loadctx { unsigned int magic; isc_mem_t *mctx; - isc_lex_t *lex; - isc_boolean_t keep_lex; + dns_masterformat_t format; + dns_rdatacallbacks_t *callbacks; isc_task_t *task; dns_loaddonefunc_t done; void *done_arg; + + /* Common methods */ + isc_result_t (*openfile)(dns_loadctx_t *lctx, + const char *filename); + isc_result_t (*load)(dns_loadctx_t *lctx); + + /* Members specific to the text format: */ + isc_lex_t *lex; + isc_boolean_t keep_lex; unsigned int options; isc_boolean_t ttl_known; isc_boolean_t default_ttl_known; @@ -111,9 +124,14 @@ struct dns_loadctx { isc_uint32_t default_ttl; dns_rdataclass_t zclass; dns_fixedname_t fixed_top; - dns_name_t *top; /* top of zone */ + dns_name_t *top; /*%< top of zone */ + + /* Members specific to the raw format: */ + FILE *f; + isc_boolean_t first; + /* Which fixed buffers we are using? */ - unsigned int loop_cnt; /* records per quantum, + unsigned int loop_cnt; /*% records per quantum, * 0 => all. */ isc_boolean_t canceled; isc_mutex_t lock; @@ -143,6 +161,18 @@ struct dns_incctx { #define DNS_AS_STR(t) ((t).value.as_textregion.base) +static isc_result_t +openfile_text(dns_loadctx_t *lctx, const char *master_file); + +static isc_result_t +openfile_raw(dns_loadctx_t *lctx, const char *master_file); + +static isc_result_t +load_text(dns_loadctx_t *lctx); + +static isc_result_t +load_raw(dns_loadctx_t *lctx); + static isc_result_t pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx); @@ -246,7 +276,8 @@ loadctx_destroy(dns_loadctx_t *lctx); #define MANYERRS(lctx, result) \ ((result != ISC_R_SUCCESS) && \ - ((lctx)->options & DNS_MASTER_MANYERRORS) != 0) + (result != ISC_R_IOERROR) && \ + ((lctx)->options & DNS_MASTER_MANYERRORS) != 0) #define SETRESULT(lctx, r) \ do { \ @@ -405,6 +436,7 @@ incctx_destroy(isc_mem_t *mctx, dns_incctx_t *ictx) { static void loadctx_destroy(dns_loadctx_t *lctx) { isc_mem_t *mctx; + isc_result_t result; REQUIRE(DNS_LCTX_VALID(lctx)); @@ -412,6 +444,15 @@ loadctx_destroy(dns_loadctx_t *lctx) { if (lctx->inc != NULL) incctx_destroy(lctx->mctx, lctx->inc); + if (lctx->f != NULL) { + result = isc_stdio_close(lctx->f); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_stdio_close() failed: %s", + isc_result_totext(result)); + } + } + /* isc_lex_destroy() will close all open streams */ if (lctx->lex != NULL && !lctx->keep_lex) isc_lex_destroy(&lctx->lex); @@ -461,7 +502,8 @@ incctx_create(isc_mem_t *mctx, dns_name_t *origin, dns_incctx_t **ictxp) { } static isc_result_t -loadctx_create(isc_mem_t *mctx, unsigned int options, dns_name_t *top, +loadctx_create(dns_masterformat_t format, isc_mem_t *mctx, + unsigned int options, dns_name_t *top, dns_rdataclass_t zclass, dns_name_t *origin, dns_rdatacallbacks_t *callbacks, isc_task_t *task, dns_loaddonefunc_t done, void *done_arg, isc_lex_t *lex, @@ -489,17 +531,28 @@ loadctx_create(isc_mem_t *mctx, unsigned int options, dns_name_t *top, result = isc_mutex_init(&lctx->lock); if (result != ISC_R_SUCCESS) { isc_mem_put(mctx, lctx, sizeof(*lctx)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); + return (result); } lctx->inc = NULL; result = incctx_create(mctx, origin, &lctx->inc); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) goto cleanup_ctx; + lctx->format = format; + switch (format) { + default: + INSIST(0); + case dns_masterformat_text: + lctx->openfile = openfile_text; + lctx->load = load_text; + break; + case dns_masterformat_raw: + lctx->openfile = openfile_raw; + lctx->load = load_raw; + break; + } + if (lex != NULL) { lctx->lex = lex; lctx->keep_lex = ISC_TRUE; @@ -534,6 +587,9 @@ loadctx_create(isc_mem_t *mctx, unsigned int options, dns_name_t *top, dns_name_toregion(top, &r); dns_name_fromregion(lctx->top, &r); + lctx->f = NULL; + lctx->first = ISC_TRUE; + lctx->loop_cnt = (done != NULL) ? 100 : 0; lctx->callbacks = callbacks; lctx->task = NULL; @@ -639,6 +695,25 @@ genname(char *name, int it, char *buffer, size_t length) { return (ISC_R_SUCCESS); } +static isc_result_t +openfile_text(dns_loadctx_t *lctx, const char *master_file) { + return (isc_lex_openfile(lctx->lex, master_file)); +} + +static isc_result_t +openfile_raw(dns_loadctx_t *lctx, const char *master_file) { + isc_result_t result; + + result = isc_stdio_open(master_file, "r", &lctx->f); + if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_stdio_open() failed: %s", + isc_result_totext(result)); + } + + return (result); +} + static isc_result_t generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs, const char *source, unsigned int line) @@ -711,6 +786,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs, case dns_rdatatype_a: case dns_rdatatype_aaaa: if (lctx->zclass == dns_rdataclass_in || + lctx->zclass == dns_rdataclass_ch || lctx->zclass == dns_rdataclass_hs) break; /* FALLTHROUGH */ @@ -836,7 +912,7 @@ check_ns(dns_loadctx_t *lctx, isc_token_t *token, const char *source, callback = lctx->callbacks->error; else callback = lctx->callbacks->warn; - + if (token->type == isc_tokentype_string) { struct in_addr addr; struct in6_addr addr6; @@ -862,8 +938,25 @@ check_ns(dns_loadctx_t *lctx, isc_token_t *token, const char *source, return (result); } +static void +check_wildcard(dns_incctx_t *ictx, const char *source, unsigned long line, + dns_rdatacallbacks_t *callbacks) +{ + dns_name_t *name; + + name = (ictx->glue != NULL) ? ictx->glue : ictx->current; + if (dns_name_internalwildcard(name)) { + char namebuf[DNS_NAME_FORMATSIZE]; + + dns_name_format(name, namebuf, sizeof(namebuf)); + (*callbacks->warn)(callbacks, "%s:%lu: warning: ownername " + "'%s' contains an non-terminal wildcard", + source, line, namebuf); + } +} + static isc_result_t -load(dns_loadctx_t *lctx) { +load_text(dns_loadctx_t *lctx) { dns_rdataclass_t rdclass; dns_rdatatype_t type, covers; isc_uint32_t ttl_offset = 0; @@ -939,11 +1032,16 @@ load(dns_loadctx_t *lctx) { options |= DNS_RDATA_CHECKNAMES; if ((lctx->options & DNS_MASTER_CHECKNAMESFAIL) != 0) options |= DNS_RDATA_CHECKNAMESFAIL; + if ((lctx->options & DNS_MASTER_CHECKMX) != 0) + options |= DNS_RDATA_CHECKMX; + if ((lctx->options & DNS_MASTER_CHECKMXFAIL) != 0) + options |= DNS_RDATA_CHECKMXFAIL; source = isc_lex_getsourcename(lctx->lex); do { initialws = ISC_FALSE; line = isc_lex_getsourceline(lctx->lex); - GETTOKEN(lctx->lex, ISC_LEXOPT_INITIALWS, &token, ISC_TRUE); + GETTOKEN(lctx->lex, ISC_LEXOPT_INITIALWS | ISC_LEXOPT_QSTRING, + &token, ISC_TRUE); line = isc_lex_getsourceline(lctx->lex); if (token.type == isc_tokentype_eof) { @@ -979,7 +1077,8 @@ load(dns_loadctx_t *lctx) { * Still working on the same name. */ initialws = ISC_TRUE; - } else if (token.type == isc_tokentype_string) { + } else if (token.type == isc_tokentype_string || + token.type == isc_tokentype_qstring) { /* * "$" Support. @@ -1117,6 +1216,7 @@ load(dns_loadctx_t *lctx) { isc_mem_free(mctx, gtype); if (rhs != NULL) isc_mem_free(mctx, rhs); + range = lhs = gtype = rhs = NULL; /* RANGE */ GETTOKEN(lctx->lex, 0, &token, ISC_FALSE); range = isc_mem_strdup(mctx, @@ -1137,7 +1237,7 @@ load(dns_loadctx_t *lctx) { /* CLASS? */ GETTOKEN(lctx->lex, 0, &token, ISC_FALSE); if (dns_rdataclass_fromtext(&rdclass, - &token.value.as_textregion) + &token.value.as_textregion) == ISC_R_SUCCESS) { GETTOKEN(lctx->lex, 0, &token, ISC_FALSE); @@ -1321,7 +1421,7 @@ load(dns_loadctx_t *lctx) { target_save = target; ictx->glue = new_name; ictx->glue_in_use = new_in_use; - ictx->in_use[ictx->glue_in_use] = + ictx->in_use[ictx->glue_in_use] = ISC_TRUE; } else { result = commit(callbacks, lctx, @@ -1346,6 +1446,14 @@ load(dns_loadctx_t *lctx) { isc_buffer_init(&target, target_mem, target_size); } + /* + * Check for internal wildcards. + */ + if ((lctx->options & DNS_MASTER_CHECKWILDCARD) + != 0) + check_wildcard(ictx, source, line, + callbacks); + } if ((lctx->options & DNS_MASTER_ZONE) != 0 && (lctx->options & DNS_MASTER_SLAVE) == 0 && @@ -1367,7 +1475,7 @@ load(dns_loadctx_t *lctx) { } else { UNEXPECTED_ERROR(__FILE__, __LINE__, "%s:%lu: isc_lex_gettoken() returned " - "unexpeced token type (%d)", + "unexpected token type (%d)", source, line, token.type); result = ISC_R_UNEXPECTED; if (MANYERRS(lctx, result)) { @@ -1508,7 +1616,7 @@ load(dns_loadctx_t *lctx) { current_has_delegation = ISC_TRUE; /* - * RFC 1123: MD and MF are not allowed to be loaded from + * RFC1123: MD and MF are not allowed to be loaded from * master files. */ if ((lctx->options & DNS_MASTER_ZONE) != 0 && @@ -1571,7 +1679,7 @@ load(dns_loadctx_t *lctx) { isc_boolean_t ok; dns_name_t *name; - name = (ictx->glue != NULL) ? ictx-> glue : + name = (ictx->glue != NULL) ? ictx->glue : ictx->current; ok = dns_rdata_checkowner(name, lctx->zclass, type, ISC_TRUE); @@ -1581,7 +1689,7 @@ load(dns_loadctx_t *lctx) { dns_name_format(name, namebuf, sizeof(namebuf)); result = DNS_R_BADOWNERNAME; desc = dns_result_totext(result); - if ((lctx->options & DNS_MASTER_CHECKNAMESFAIL) != 0) { + if ((lctx->options & DNS_MASTER_CHECKNAMESFAIL) != 0) { (*callbacks->error)(callbacks, "%s:%lu: %s: %s", source, line, @@ -1631,9 +1739,9 @@ load(dns_loadctx_t *lctx) { dns_name_format(ictx->current, namebuf, sizeof(namebuf)); (*callbacks->error)(callbacks, - "%s:%lu: SOA " - "record not at top of zone (%s)", - source, line, namebuf); + "%s:%lu: SOA " + "record not at top of zone (%s)", + source, line, namebuf); result = DNS_R_NOTZONETOP; if (MANYERRS(lctx, result)) { SETRESULT(lctx, result); @@ -1686,14 +1794,16 @@ load(dns_loadctx_t *lctx) { } else if (!explicit_ttl && lctx->warn_1035) { (*callbacks->warn)(callbacks, "%s:%lu: " - "using RFC 1035 TTL semantics", + "using RFC1035 TTL semantics", source, line); lctx->warn_1035 = ISC_FALSE; } if (type == dns_rdatatype_rrsig && lctx->warn_sigexpired) { dns_rdata_rrsig_t sig; - (void)dns_rdata_tostruct(&rdata[rdcount], &sig, NULL); + result = dns_rdata_tostruct(&rdata[rdcount], &sig, + NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (isc_serial_lt(sig.timeexpire, now)) { (*callbacks->warn)(callbacks, "%s:%lu: " @@ -1705,7 +1815,7 @@ load(dns_loadctx_t *lctx) { if ((type == dns_rdatatype_sig || type == dns_rdatatype_nxt) && lctx->warn_tcr && (lctx->options & DNS_MASTER_ZONE) != 0 && - (lctx->options & DNS_MASTER_SLAVE) == 0) { + (lctx->options & DNS_MASTER_SLAVE) == 0) { (*callbacks->warn)(callbacks, "%s:%lu: old style DNSSEC " " zone detected", source, line); lctx->warn_tcr = ISC_FALSE; @@ -1724,7 +1834,7 @@ load(dns_loadctx_t *lctx) { /* * Find type in rdatalist. * If it does not exist create new one and prepend to list - * as this will mimimise list traversal. + * as this will minimise list traversal. */ if (ictx->glue != NULL) this = ISC_LIST_HEAD(glue_list); @@ -1763,7 +1873,7 @@ load(dns_loadctx_t *lctx) { ISC_LIST_INITANDPREPEND(glue_list, this, link); else ISC_LIST_INITANDPREPEND(current_list, this, - link); + link); } else if (this->ttl != lctx->ttl) { (*callbacks->warn)(callbacks, "%s:%lu: " @@ -1773,7 +1883,7 @@ load(dns_loadctx_t *lctx) { } ISC_LIST_APPEND(this->rdata, &rdata[rdcount], link); - if (ictx->glue != NULL) + if (ictx->glue != NULL) ictx->glue_line = line; else ictx->current_line = line; @@ -1879,7 +1989,7 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) { new->drop = ictx->drop; } - result = isc_lex_openfile(lctx->lex, master_file); + result = (lctx->openfile)(lctx, master_file); if (result != ISC_R_SUCCESS) goto cleanup; new->parent = ictx; @@ -1892,30 +2002,356 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) { return (result); } +static inline isc_result_t +read_and_check(isc_boolean_t do_read, isc_buffer_t *buffer, + size_t len, FILE *f) +{ + isc_result_t result; + + if (do_read) { + INSIST(isc_buffer_availablelength(buffer) >= len); + result = isc_stdio_read(isc_buffer_used(buffer), 1, len, + f, NULL); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_add(buffer, len); + } else if (isc_buffer_remaininglength(buffer) < len) + return (ISC_R_RANGE); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +load_raw(dns_loadctx_t *lctx) { + isc_result_t result = ISC_R_SUCCESS; + isc_boolean_t done = ISC_FALSE; + unsigned int loop_cnt = 0; + dns_rdatacallbacks_t *callbacks; + unsigned char namebuf[DNS_NAME_MAXWIRE]; + isc_region_t r; + dns_name_t name; + rdatalist_head_t head, dummy; + dns_rdatalist_t rdatalist; + isc_mem_t *mctx = lctx->mctx; + dns_rdata_t *rdata = NULL; + unsigned int rdata_size = 0; + int target_size = TSIZ; + isc_buffer_t target; + unsigned char *target_mem = NULL; + + REQUIRE(DNS_LCTX_VALID(lctx)); + callbacks = lctx->callbacks; + + if (lctx->first) { + dns_masterrawheader_t header; + isc_uint32_t format, version, dumptime; + size_t hdrlen = sizeof(format) + sizeof(version) + + sizeof(dumptime); + + INSIST(hdrlen <= sizeof(header)); + isc_buffer_init(&target, &header, sizeof(header)); + + result = isc_stdio_read(&header, 1, hdrlen, lctx->f, NULL); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_stdio_read failed: %s", + isc_result_totext(result)); + return (result); + } + isc_buffer_add(&target, hdrlen); + format = isc_buffer_getuint32(&target); + if (format != dns_masterformat_raw) { + (*callbacks->error)(callbacks, + "dns_master_load: " + "file format mismatch"); + return (ISC_R_NOTIMPLEMENTED); + } + + version = isc_buffer_getuint32(&target); + if (version > DNS_RAWFORMAT_VERSION) { + (*callbacks->error)(callbacks, + "dns_master_load: " + "unsupported file format version"); + return (ISC_R_NOTIMPLEMENTED); + } + + /* Empty read: currently, we do not use dumptime */ + dumptime = isc_buffer_getuint32(&target); + + lctx->first = ISC_FALSE; + } + + ISC_LIST_INIT(head); + ISC_LIST_INIT(dummy); + dns_rdatalist_init(&rdatalist); + + /* + * Allocate target_size of buffer space. This is greater than twice + * the maximum individual RR data size. + */ + target_mem = isc_mem_get(mctx, target_size); + if (target_mem == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + isc_buffer_init(&target, target_mem, target_size); + + /* + * In the following loop, we regard any error fatal regardless of + * whether "MANYERRORS" is set in the context option. This is because + * normal errors should already have been checked at creation time. + * Besides, it is very unlikely that we can recover from an error + * in this format, and so trying to continue parsing erroneous data + * does not really make sense. + */ + for (loop_cnt = 0; + (lctx->loop_cnt == 0 || loop_cnt < lctx->loop_cnt); + loop_cnt++) { + unsigned int i, rdcount, consumed_name; + isc_uint16_t namelen; + isc_uint32_t totallen; + size_t minlen, readlen; + isc_boolean_t sequential_read = ISC_FALSE; + + /* Read the data length */ + isc_buffer_clear(&target); + INSIST(isc_buffer_availablelength(&target) >= + sizeof(totallen)); + result = isc_stdio_read(target.base, 1, sizeof(totallen), + lctx->f, NULL); + if (result == ISC_R_EOF) { + result = ISC_R_SUCCESS; + done = ISC_TRUE; + break; + } + if (result != ISC_R_SUCCESS) + goto cleanup; + isc_buffer_add(&target, sizeof(totallen)); + totallen = isc_buffer_getuint32(&target); + /* + * Validation: the input data must at least contain the common + * header. + */ + minlen = sizeof(totallen) + sizeof(isc_uint16_t) + + sizeof(isc_uint16_t) + sizeof(isc_uint16_t) + + sizeof(isc_uint32_t) + sizeof(isc_uint32_t); + if (totallen < minlen) { + result = ISC_R_RANGE; + goto cleanup; + } + totallen -= sizeof(totallen); + + isc_buffer_clear(&target); + if (totallen > isc_buffer_availablelength(&target)) { + /* + * The default buffer size should typically be large + * enough to store the entire RRset. We could try to + * allocate enough space if this is not the case, but + * it might cause a hazardous result when "totallen" + * is forged. Thus, we'd rather take an inefficient + * but robust approach in this atypical case: read + * data step by step, and commit partial data when + * necessary. Note that the buffer must be large + * enough to store the "header part", owner name, and + * at least one rdata (however large it is). + */ + sequential_read = ISC_TRUE; + readlen = minlen - sizeof(totallen); + } else { + /* + * Typical case. We can read the whole RRset at once + * with the default buffer. + */ + readlen = totallen; + } + result = isc_stdio_read(target.base, 1, readlen, + lctx->f, NULL); + if (result != ISC_R_SUCCESS) + goto cleanup; + isc_buffer_add(&target, readlen); + + /* Construct RRset headers */ + rdatalist.rdclass = isc_buffer_getuint16(&target); + rdatalist.type = isc_buffer_getuint16(&target); + rdatalist.covers = isc_buffer_getuint16(&target); + rdatalist.ttl = isc_buffer_getuint32(&target); + rdcount = isc_buffer_getuint32(&target); + if (rdcount == 0) { + result = ISC_R_RANGE; + goto cleanup; + } + INSIST(isc_buffer_consumedlength(&target) <= readlen); + + /* Owner name: length followed by name */ + result = read_and_check(sequential_read, &target, + sizeof(namelen), lctx->f); + if (result != ISC_R_SUCCESS) + goto cleanup; + namelen = isc_buffer_getuint16(&target); + if (namelen > sizeof(namebuf)) { + result = ISC_R_RANGE; + goto cleanup; + } + + result = read_and_check(sequential_read, &target, namelen, + lctx->f); + if (result != ISC_R_SUCCESS) + goto cleanup; + isc_buffer_setactive(&target, (unsigned int)namelen); + isc_buffer_activeregion(&target, &r); + dns_name_init(&name, NULL); + dns_name_fromregion(&name, &r); + isc_buffer_forward(&target, (unsigned int)namelen); + consumed_name = isc_buffer_consumedlength(&target); + + /* Rdata contents. */ + if (rdcount > rdata_size) { + dns_rdata_t *new_rdata = NULL; + + new_rdata = grow_rdata(rdata_size + RDSZ, rdata, + rdata_size, &head, + &dummy, mctx); + if (new_rdata == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + rdata_size += RDSZ; + rdata = new_rdata; + } + + continue_read: + for (i = 0; i < rdcount; i++) { + isc_uint16_t rdlen; + + dns_rdata_init(&rdata[i]); + + if (sequential_read && + isc_buffer_availablelength(&target) < MINTSIZ) { + unsigned int j; + + INSIST(i > 0); /* detect an infinite loop */ + + /* Partial Commit. */ + ISC_LIST_APPEND(head, &rdatalist, link); + result = commit(callbacks, lctx, &head, &name, + NULL, 0); + for (j = 0; j < i; j++) { + ISC_LIST_UNLINK(rdatalist.rdata, + &rdata[j], link); + dns_rdata_reset(&rdata[j]); + } + if (result != ISC_R_SUCCESS) + goto cleanup; + + /* Rewind the buffer and continue */ + isc_buffer_clear(&target); + isc_buffer_add(&target, consumed_name); + isc_buffer_forward(&target, consumed_name); + + rdcount -= i; + i = 0; + + goto continue_read; + } + + /* rdata length */ + result = read_and_check(sequential_read, &target, + sizeof(rdlen), lctx->f); + if (result != ISC_R_SUCCESS) + goto cleanup; + rdlen = isc_buffer_getuint16(&target); + + /* rdata */ + result = read_and_check(sequential_read, &target, + rdlen, lctx->f); + if (result != ISC_R_SUCCESS) + goto cleanup; + isc_buffer_setactive(&target, (unsigned int)rdlen); + isc_buffer_activeregion(&target, &r); + isc_buffer_forward(&target, (unsigned int)rdlen); + dns_rdata_fromregion(&rdata[i], rdatalist.rdclass, + rdatalist.type, &r); + + ISC_LIST_APPEND(rdatalist.rdata, &rdata[i], link); + } + + /* + * Sanity check. Still having remaining space is not + * necessarily critical, but it very likely indicates broken + * or malformed data. + */ + if (isc_buffer_remaininglength(&target) != 0) { + result = ISC_R_RANGE; + goto cleanup; + } + + ISC_LIST_APPEND(head, &rdatalist, link); + + /* Commit this RRset. rdatalist will be unlinked. */ + result = commit(callbacks, lctx, &head, &name, NULL, 0); + + for (i = 0; i < rdcount; i++) { + ISC_LIST_UNLINK(rdatalist.rdata, &rdata[i], link); + dns_rdata_reset(&rdata[i]); + } + + if (result != ISC_R_SUCCESS) + goto cleanup; + } + + if (!done) { + INSIST(lctx->done != NULL && lctx->task != NULL); + result = DNS_R_CONTINUE; + } else if (result == ISC_R_SUCCESS && lctx->result != ISC_R_SUCCESS) + result = lctx->result; + + cleanup: + if (rdata != NULL) + isc_mem_put(mctx, rdata, rdata_size * sizeof(*rdata)); + if (target_mem != NULL) + isc_mem_put(mctx, target_mem, target_size); + if (result != ISC_R_SUCCESS && result != DNS_R_CONTINUE) { + (*callbacks->error)(callbacks, "dns_master_load: %s", + dns_result_totext(result)); + } + + return (result); +} + isc_result_t dns_master_loadfile(const char *master_file, dns_name_t *top, dns_name_t *origin, dns_rdataclass_t zclass, unsigned int options, dns_rdatacallbacks_t *callbacks, isc_mem_t *mctx) +{ + return (dns_master_loadfile2(master_file, top, origin, zclass, options, + callbacks, mctx, dns_masterformat_text)); +} + +isc_result_t +dns_master_loadfile2(const char *master_file, dns_name_t *top, + dns_name_t *origin, + dns_rdataclass_t zclass, unsigned int options, + dns_rdatacallbacks_t *callbacks, isc_mem_t *mctx, + dns_masterformat_t format) { dns_loadctx_t *lctx = NULL; isc_result_t result; - result = loadctx_create(mctx, options, top, zclass, origin, + result = loadctx_create(format, mctx, options, top, zclass, origin, callbacks, NULL, NULL, NULL, NULL, &lctx); if (result != ISC_R_SUCCESS) return (result); - result = isc_lex_openfile(lctx->lex, master_file); + result = (lctx->openfile)(lctx, master_file); if (result != ISC_R_SUCCESS) goto cleanup; - result = load(lctx); + result = (lctx->load)(lctx); INSIST(result != DNS_R_CONTINUE); cleanup: - if (lctx != NULL) - dns_loadctx_detach(&lctx); + dns_loadctx_detach(&lctx); return (result); } @@ -1925,19 +2361,33 @@ dns_master_loadfileinc(const char *master_file, dns_name_t *top, unsigned int options, dns_rdatacallbacks_t *callbacks, isc_task_t *task, dns_loaddonefunc_t done, void *done_arg, dns_loadctx_t **lctxp, isc_mem_t *mctx) +{ + return (dns_master_loadfileinc2(master_file, top, origin, zclass, + options, callbacks, task, done, + done_arg, lctxp, mctx, + dns_masterformat_text)); +} + +isc_result_t +dns_master_loadfileinc2(const char *master_file, dns_name_t *top, + dns_name_t *origin, dns_rdataclass_t zclass, + unsigned int options, dns_rdatacallbacks_t *callbacks, + isc_task_t *task, dns_loaddonefunc_t done, + void *done_arg, dns_loadctx_t **lctxp, isc_mem_t *mctx, + dns_masterformat_t format) { dns_loadctx_t *lctx = NULL; isc_result_t result; - + REQUIRE(task != NULL); REQUIRE(done != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, + result = loadctx_create(format, mctx, options, top, zclass, origin, callbacks, task, done, done_arg, NULL, &lctx); if (result != ISC_R_SUCCESS) return (result); - result = isc_lex_openfile(lctx->lex, master_file); + result = (lctx->openfile)(lctx, master_file); if (result != ISC_R_SUCCESS) goto cleanup; @@ -1948,8 +2398,7 @@ dns_master_loadfileinc(const char *master_file, dns_name_t *top, } cleanup: - if (lctx != NULL) - dns_loadctx_detach(&lctx); + dns_loadctx_detach(&lctx); return (result); } @@ -1963,8 +2412,9 @@ dns_master_loadstream(FILE *stream, dns_name_t *top, dns_name_t *origin, REQUIRE(stream != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, - callbacks, NULL, NULL, NULL, NULL, &lctx); + result = loadctx_create(dns_masterformat_text, mctx, options, top, + zclass, origin, callbacks, NULL, NULL, NULL, + NULL, &lctx); if (result != ISC_R_SUCCESS) goto cleanup; @@ -1972,7 +2422,7 @@ dns_master_loadstream(FILE *stream, dns_name_t *top, dns_name_t *origin, if (result != ISC_R_SUCCESS) goto cleanup; - result = load(lctx); + result = (lctx->load)(lctx); INSIST(result != DNS_R_CONTINUE); cleanup: @@ -1995,8 +2445,9 @@ dns_master_loadstreaminc(FILE *stream, dns_name_t *top, dns_name_t *origin, REQUIRE(task != NULL); REQUIRE(done != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, - callbacks, task, done, done_arg, NULL, &lctx); + result = loadctx_create(dns_masterformat_text, mctx, options, top, + zclass, origin, callbacks, task, done, + done_arg, NULL, &lctx); if (result != ISC_R_SUCCESS) goto cleanup; @@ -2027,8 +2478,9 @@ dns_master_loadbuffer(isc_buffer_t *buffer, dns_name_t *top, REQUIRE(buffer != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, - callbacks, NULL, NULL, NULL, NULL, &lctx); + result = loadctx_create(dns_masterformat_text, mctx, options, top, + zclass, origin, callbacks, NULL, NULL, NULL, + NULL, &lctx); if (result != ISC_R_SUCCESS) return (result); @@ -2036,12 +2488,11 @@ dns_master_loadbuffer(isc_buffer_t *buffer, dns_name_t *top, if (result != ISC_R_SUCCESS) goto cleanup; - result = load(lctx); + result = (lctx->load)(lctx); INSIST(result != DNS_R_CONTINUE); cleanup: - if (lctx != NULL) - dns_loadctx_detach(&lctx); + dns_loadctx_detach(&lctx); return (result); } @@ -2060,8 +2511,9 @@ dns_master_loadbufferinc(isc_buffer_t *buffer, dns_name_t *top, REQUIRE(task != NULL); REQUIRE(done != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, - callbacks, task, done, done_arg, NULL, &lctx); + result = loadctx_create(dns_masterformat_text, mctx, options, top, + zclass, origin, callbacks, task, done, + done_arg, NULL, &lctx); if (result != ISC_R_SUCCESS) return (result); @@ -2076,8 +2528,7 @@ dns_master_loadbufferinc(isc_buffer_t *buffer, dns_name_t *top, } cleanup: - if (lctx != NULL) - dns_loadctx_detach(&lctx); + dns_loadctx_detach(&lctx); return (result); } @@ -2092,12 +2543,13 @@ dns_master_loadlexer(isc_lex_t *lex, dns_name_t *top, REQUIRE(lex != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, - callbacks, NULL, NULL, NULL, lex, &lctx); + result = loadctx_create(dns_masterformat_text, mctx, options, top, + zclass, origin, callbacks, NULL, NULL, NULL, + lex, &lctx); if (result != ISC_R_SUCCESS) return (result); - result = load(lctx); + result = (lctx->load)(lctx); INSIST(result != DNS_R_CONTINUE); dns_loadctx_detach(&lctx); @@ -2119,8 +2571,9 @@ dns_master_loadlexerinc(isc_lex_t *lex, dns_name_t *top, REQUIRE(task != NULL); REQUIRE(done != NULL); - result = loadctx_create(mctx, options, top, zclass, origin, - callbacks, task, done, done_arg, lex, &lctx); + result = loadctx_create(dns_masterformat_text, mctx, options, top, + zclass, origin, callbacks, task, done, + done_arg, lex, &lctx); if (result != ISC_R_SUCCESS) return (result); @@ -2281,9 +2734,15 @@ commit(dns_rdatacallbacks_t *callbacks, dns_loadctx_t *lctx, } else if (result != ISC_R_SUCCESS) { dns_name_format(owner, namebuf, sizeof(namebuf)); - (*error)(callbacks, "%s: %s:%lu: %s: %s", - "dns_master_load", source, line, - namebuf, dns_result_totext(result)); + if (source != NULL) { + (*error)(callbacks, "%s: %s:%lu: %s: %s", + "dns_master_load", source, line, + namebuf, dns_result_totext(result)); + } else { + (*error)(callbacks, "%s: %s: %s", + "dns_master_load", namebuf, + dns_result_totext(result)); + } } if (MANYERRS(lctx, result)) SETRESULT(lctx, result); @@ -2342,7 +2801,7 @@ load_quantum(isc_task_t *task, isc_event_t *event) { if (lctx->canceled) result = ISC_R_CANCELED; else - result = load(lctx); + result = (lctx->load)(lctx); if (result == DNS_R_CONTINUE) { event->ev_arg = lctx; isc_task_send(task, &event); diff --git a/contrib/bind-9.3/lib/dns/masterdump.c b/contrib/bind-9.5.2/lib/dns/masterdump.c similarity index 77% rename from contrib/bind-9.3/lib/dns/masterdump.c rename to contrib/bind-9.5.2/lib/dns/masterdump.c index 0f4716d583..8cf7c4fa50 100644 --- a/contrib/bind-9.3/lib/dns/masterdump.c +++ b/contrib/bind-9.5.2/lib/dns/masterdump.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.56.2.5.2.15 2006/03/10 00:17:21 marka Exp $ */ +/* $Id: masterdump.c,v 1.89.128.5 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ #include @@ -29,13 +31,16 @@ #include #include #include +#include #include #include #include #include #include +#include #include +#include #include #include #include @@ -65,7 +70,7 @@ struct dns_master_style { unsigned int tab_width; }; -/* +/*% * The maximum length of the newline+indentation that is output * when inserting a line break in an RR. This effectively puts an * upper limits on the value of "rdata_column", because if it is @@ -73,7 +78,7 @@ struct dns_master_style { */ #define DNS_TOTEXT_LINEBREAK_MAXLEN 100 -/* +/*% * Context structure for a masterfile dump in progress. */ typedef struct dns_totext_ctx { @@ -134,7 +139,7 @@ dns_master_style_simple = { 24, 32, 32, 40, 80, 8 }; -/* +/*% * A style suitable for dns_rdataset_totext(). */ LIBDNS_EXTERNAL_DATA const dns_master_style_t @@ -171,11 +176,16 @@ struct dns_dumpctx { /* dns_master_dumpinc() */ char *file; char *tmpfile; + dns_masterformat_t format; + isc_result_t (*dumpsets)(isc_mem_t *mctx, dns_name_t *name, + dns_rdatasetiter_t *rdsiter, + dns_totext_ctx_t *ctx, + isc_buffer_t *buffer, FILE *f); }; -#define NXDOMAIN(x) (((x)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) +#define NXDOMAIN(x) (((x)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) -/* +/*% * Output tabs and spaces to go from column '*current' to * column 'to', and update '*current' to reflect the new * current column. @@ -273,7 +283,7 @@ totext_ctx_init(const dns_master_style_t *style, dns_totext_ctx_t *ctx) { /* * Do not return ISC_R_NOSPACE if the line break string * buffer is too small, because that would just make - * dump_rdataset() retry indenfinitely with ever + * dump_rdataset() retry indefinitely with ever * bigger target buffers. That's a different buffer, * so it won't help. Use DNS_R_TEXTTOOLONG as a substitute. */ @@ -348,6 +358,7 @@ rdataset_totext(dns_rdataset_t *rdataset, REQUIRE(DNS_RDATASET_VALID(rdataset)); + rdataset->attributes |= DNS_RDATASETATTR_LOADORDER; result = dns_rdataset_first(rdataset); REQUIRE(result == ISC_R_SUCCESS); @@ -774,9 +785,9 @@ static const char *trustnames[] = { }; static isc_result_t -dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter, - dns_totext_ctx_t *ctx, - isc_buffer_t *buffer, FILE *f) +dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name, + dns_rdatasetiter_t *rdsiter, dns_totext_ctx_t *ctx, + isc_buffer_t *buffer, FILE *f) { isc_result_t itresult, dumpresult; isc_region_t r; @@ -848,6 +859,146 @@ dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter, return (itresult); } +/* + * Dump given RRsets in the "raw" format. + */ +static isc_result_t +dump_rdataset_raw(isc_mem_t *mctx, dns_name_t *name, dns_rdataset_t *rdataset, + isc_buffer_t *buffer, FILE *f) +{ + isc_result_t result; + isc_uint32_t totallen; + isc_uint16_t dlen; + isc_region_t r, r_hdr; + + REQUIRE(buffer->length > 0); + REQUIRE(DNS_RDATASET_VALID(rdataset)); + + restart: + totallen = 0; + result = dns_rdataset_first(rdataset); + REQUIRE(result == ISC_R_SUCCESS); + + isc_buffer_clear(buffer); + + /* + * Common header and owner name (length followed by name) + * These fields should be in a moderate length, so we assume we + * can store all of them in the initial buffer. + */ + isc_buffer_availableregion(buffer, &r_hdr); + INSIST(r_hdr.length >= sizeof(dns_masterrawrdataset_t)); + isc_buffer_putuint32(buffer, totallen); /* XXX: leave space */ + isc_buffer_putuint16(buffer, rdataset->rdclass); /* 16-bit class */ + isc_buffer_putuint16(buffer, rdataset->type); /* 16-bit type */ + isc_buffer_putuint16(buffer, rdataset->covers); /* same as type */ + isc_buffer_putuint32(buffer, rdataset->ttl); /* 32-bit TTL */ + isc_buffer_putuint32(buffer, dns_rdataset_count(rdataset)); + totallen = isc_buffer_usedlength(buffer); + INSIST(totallen <= sizeof(dns_masterrawrdataset_t)); + + dns_name_toregion(name, &r); + INSIST(isc_buffer_availablelength(buffer) >= + (sizeof(dlen) + r.length)); + dlen = (isc_uint16_t)r.length; + isc_buffer_putuint16(buffer, dlen); + isc_buffer_copyregion(buffer, &r); + totallen += sizeof(dlen) + r.length; + + do { + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_region_t r; + + dns_rdataset_current(rdataset, &rdata); + dns_rdata_toregion(&rdata, &r); + INSIST(r.length <= 0xffffU); + dlen = (isc_uint16_t)r.length; + + /* + * Copy the rdata into the buffer. If the buffer is too small, + * grow it. This should be rare, so we'll simply restart the + * entire procedure (or should we copy the old data and + * continue?). + */ + if (isc_buffer_availablelength(buffer) < + sizeof(dlen) + r.length) { + int newlength; + void *newmem; + + newlength = buffer->length * 2; + newmem = isc_mem_get(mctx, newlength); + if (newmem == NULL) + return (ISC_R_NOMEMORY); + isc_mem_put(mctx, buffer->base, buffer->length); + isc_buffer_init(buffer, newmem, newlength); + goto restart; + } + isc_buffer_putuint16(buffer, dlen); + isc_buffer_copyregion(buffer, &r); + totallen += sizeof(dlen) + r.length; + + result = dns_rdataset_next(rdataset); + } while (result == ISC_R_SUCCESS); + + if (result != ISC_R_NOMORE) + return (result); + + /* + * Fill in the total length field. + * XXX: this is a bit tricky. Since we have already "used" the space + * for the total length in the buffer, we first remember the entire + * buffer length in the region, "rewind", and then write the value. + */ + isc_buffer_usedregion(buffer, &r); + isc_buffer_clear(buffer); + isc_buffer_putuint32(buffer, totallen); + INSIST(isc_buffer_usedlength(buffer) < totallen); + + /* + * Write the buffer contents to the raw master file. + */ + result = isc_stdio_write(r.base, 1, (size_t)r.length, f, NULL); + + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "raw master file write failed: %s", + isc_result_totext(result)); + return (result); + } + + return (result); +} + +static isc_result_t +dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name, + dns_rdatasetiter_t *rdsiter, dns_totext_ctx_t *ctx, + isc_buffer_t *buffer, FILE *f) +{ + isc_result_t result; + dns_rdataset_t rdataset; + + for (result = dns_rdatasetiter_first(rdsiter); + result == ISC_R_SUCCESS; + result = dns_rdatasetiter_next(rdsiter)) { + + dns_rdataset_init(&rdataset); + dns_rdatasetiter_current(rdsiter, &rdataset); + + if (rdataset.type == 0 && + (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { + /* Omit negative cache entries */ + } else { + result = dump_rdataset_raw(mctx, name, &rdataset, + buffer, f); + } + dns_rdataset_disassociate(&rdataset); + } + + if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + + return (result); +} /* * Initial size of text conversion buffer. The buffer is used @@ -856,7 +1007,7 @@ dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter, * * When converting rdatasets, it is dynamically resized, but * when converting origins, timestamps, etc it is not. Therefore, - * the initial size must large enough to hold the longest possible + * the initial size must large enough to hold the longest possible * text representation of any domain name (for $ORIGIN). */ static const int initial_buffer_length = 1200; @@ -869,9 +1020,9 @@ dumpctx_destroy(dns_dumpctx_t *dctx) { dctx->magic = 0; DESTROYLOCK(&dctx->lock); + dns_dbiterator_destroy(&dctx->dbiter); if (dctx->version != NULL) dns_db_closeversion(dctx->db, &dctx->version, ISC_FALSE); - dns_dbiterator_destroy(&dctx->dbiter); dns_db_detach(&dctx->db); if (dctx->task != NULL) isc_task_detach(&dctx->task); @@ -920,13 +1071,13 @@ dns_dumpctx_detach(dns_dumpctx_t **dctxp) { dns_dbversion_t * dns_dumpctx_version(dns_dumpctx_t *dctx) { - REQUIRE(DNS_DCTX_VALID(dctx)); + REQUIRE(DNS_DCTX_VALID(dctx)); return (dctx->version); } dns_db_t * dns_dumpctx_db(dns_dumpctx_t *dctx) { - REQUIRE(DNS_DCTX_VALID(dctx)); + REQUIRE(DNS_DCTX_VALID(dctx)); return (dctx->db); } @@ -1021,7 +1172,8 @@ task_send(dns_dumpctx_t *dctx) { static isc_result_t dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, - const dns_master_style_t *style, FILE *f, dns_dumpctx_t **dctxp) + const dns_master_style_t *style, FILE *f, dns_dumpctx_t **dctxp, + dns_masterformat_t format) { dns_dumpctx_t *dctx; isc_result_t result; @@ -1044,6 +1196,19 @@ dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, dctx->canceled = ISC_FALSE; dctx->file = NULL; dctx->tmpfile = NULL; + dctx->format = format; + + switch (format) { + case dns_masterformat_text: + dctx->dumpsets = dump_rdatasets_text; + break; + case dns_masterformat_raw: + dctx->dumpsets = dump_rdatasets_raw; + break; + default: + INSIST(0); + break; + } result = totext_ctx_init(style, &dctx->tctx); if (result != ISC_R_SUCCESS) { @@ -1057,8 +1222,11 @@ dumpctx_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, dctx->do_date = dns_db_iscache(dctx->db); - relative = ((dctx->tctx.style.flags & DNS_STYLEFLAG_REL_OWNER) != 0) ? - ISC_TRUE : ISC_FALSE; + if (dctx->format == dns_masterformat_text && + (dctx->tctx.style.flags & DNS_STYLEFLAG_REL_OWNER) != 0) { + relative = ISC_TRUE; + } else + relative = ISC_FALSE; result = dns_db_createiterator(dctx->db, relative, &dctx->dbiter); if (result != ISC_R_SUCCESS) goto cleanup; @@ -1095,6 +1263,9 @@ dumptostreaminc(dns_dumpctx_t *dctx) { dns_name_t *name; dns_fixedname_t fixname; unsigned int nodes; + dns_masterrawheader_t rawheader; + isc_uint32_t now32; + isc_time_t start; bufmem = isc_mem_get(dctx->mctx, initial_buffer_length); if (bufmem == NULL) @@ -1106,26 +1277,68 @@ dumptostreaminc(dns_dumpctx_t *dctx) { name = dns_fixedname_name(&fixname); if (dctx->first) { - /* - * If the database has cache semantics, output an RFC2540 - * $DATE directive so that the TTLs can be adjusted when - * it is reloaded. For zones it is not really needed, and - * it would make the file incompatible with pre-RFC2540 - * software, so we omit it in the zone case. - */ - if (dctx->do_date) { - result = dns_time32_totext(dctx->now, &buffer); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - isc_buffer_usedregion(&buffer, &r); - fprintf(dctx->f, "$DATE %.*s\n", - (int) r.length, (char *) r.base); + switch (dctx->format) { + case dns_masterformat_text: + /* + * If the database has cache semantics, output an + * RFC2540 $DATE directive so that the TTLs can be + * adjusted when it is reloaded. For zones it is not + * really needed, and it would make the file + * incompatible with pre-RFC2540 software, so we omit + * it in the zone case. + */ + if (dctx->do_date) { + result = dns_time32_totext(dctx->now, &buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + isc_buffer_usedregion(&buffer, &r); + fprintf(dctx->f, "$DATE %.*s\n", + (int) r.length, (char *) r.base); + } + break; + case dns_masterformat_raw: + r.base = (unsigned char *)&rawheader; + r.length = sizeof(rawheader); + isc_buffer_region(&buffer, &r); + isc_buffer_putuint32(&buffer, dns_masterformat_raw); + isc_buffer_putuint32(&buffer, DNS_RAWFORMAT_VERSION); + if (sizeof(now32) != sizeof(dctx->now)) { + /* + * We assume isc_stdtime_t is a 32-bit integer, + * which should be the case on most cases. + * If it turns out to be uncommon, we'll need + * to bump the version number and revise the + * header format. + */ + isc_log_write(dns_lctx, + ISC_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTERDUMP, + ISC_LOG_INFO, + "dumping master file in raw " + "format: stdtime is not 32bits"); + now32 = 0; + } else + now32 = dctx->now; + isc_buffer_putuint32(&buffer, now32); + INSIST(isc_buffer_usedlength(&buffer) <= + sizeof(rawheader)); + result = isc_stdio_write(buffer.base, 1, + isc_buffer_usedlength(&buffer), + dctx->f, NULL); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_clear(&buffer); + break; + default: + INSIST(0); } + result = dns_dbiterator_first(dctx->dbiter); dctx->first = ISC_FALSE; } else result = ISC_R_SUCCESS; nodes = dctx->nodes; + isc_time_now(&start); while (result == ISC_R_SUCCESS && (dctx->nodes == 0 || nodes--)) { dns_rdatasetiter_t *rdsiter = NULL; dns_dbnode_t *node = NULL; @@ -1148,8 +1361,8 @@ dumptostreaminc(dns_dumpctx_t *dctx) { dns_db_detachnode(dctx->db, &node); goto fail; } - result = dump_rdatasets(dctx->mctx, name, rdsiter, &dctx->tctx, - &buffer, dctx->f); + result = (dctx->dumpsets)(dctx->mctx, name, rdsiter, + &dctx->tctx, &buffer, dctx->f); dns_rdatasetiter_destroy(&rdsiter); if (result != ISC_R_SUCCESS) { dns_db_detachnode(dctx->db, &node); @@ -1159,13 +1372,51 @@ dumptostreaminc(dns_dumpctx_t *dctx) { result = dns_dbiterator_next(dctx->dbiter); } + /* + * Work out how many nodes can be written in the time between + * two requests to the nameserver. Smooth the resulting number and + * use it as a estimate for the number of nodes to be written in the + * next iteration. + */ if (dctx->nodes != 0 && result == ISC_R_SUCCESS) { - result = dns_dbiterator_pause(dctx->dbiter); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + unsigned int pps = dns_pps; /* packets per second */ + unsigned int interval; + isc_uint64_t usecs; + isc_time_t end; + + isc_time_now(&end); + if (pps < 100) + pps = 100; + interval = 1000000 / pps; /* interval in usecs */ + if (interval == 0) + interval = 1; + usecs = isc_time_microdiff(&end, &start); + if (usecs == 0) { + dctx->nodes = dctx->nodes * 2; + if (dctx->nodes > 1000) + dctx->nodes = 1000; + } else { + nodes = dctx->nodes * interval; + nodes /= (unsigned int)usecs; + if (nodes == 0) + nodes = 1; + else if (nodes > 1000) + nodes = 1000; + + /* Smooth and assign. */ + dctx->nodes = (nodes + dctx->nodes * 7) / 8; + + isc_log_write(dns_lctx, ISC_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTERDUMP, + ISC_LOG_DEBUG(1), + "dumptostreaminc(%p) new nodes -> %d\n", + dctx, dctx->nodes); + } result = DNS_R_CONTINUE; } else if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; fail: + RUNTIME_CHECK(dns_dbiterator_pause(dctx->dbiter) == ISC_R_SUCCESS); isc_mem_put(dctx->mctx, buffer.base, buffer.length); return (result); } @@ -1185,7 +1436,8 @@ dns_master_dumptostreaminc(isc_mem_t *mctx, dns_db_t *db, REQUIRE(f != NULL); REQUIRE(done != NULL); - result = dumpctx_create(mctx, db, version, style, f, &dctx); + result = dumpctx_create(mctx, db, version, style, f, &dctx, + dns_masterformat_text); if (result != ISC_R_SUCCESS) return (result); isc_task_attach(task, &dctx->task); @@ -1211,11 +1463,21 @@ dns_master_dumptostream(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, const dns_master_style_t *style, FILE *f) +{ + return (dns_master_dumptostream2(mctx, db, version, style, + dns_masterformat_text, f)); +} + +isc_result_t +dns_master_dumptostream2(isc_mem_t *mctx, dns_db_t *db, + dns_dbversion_t *version, + const dns_master_style_t *style, + dns_masterformat_t format, FILE *f) { dns_dumpctx_t *dctx = NULL; isc_result_t result; - result = dumpctx_create(mctx, db, version, style, f, &dctx); + result = dumpctx_create(mctx, db, version, style, f, &dctx, format); if (result != ISC_R_SUCCESS) return (result); @@ -1263,6 +1525,17 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, const dns_master_style_t *style, const char *filename, isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg, dns_dumpctx_t **dctxp) +{ + return (dns_master_dumpinc2(mctx, db, version, style, filename, task, + done, done_arg, dctxp, + dns_masterformat_text)); +} + +isc_result_t +dns_master_dumpinc2(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, + const dns_master_style_t *style, const char *filename, + isc_task_t *task, dns_dumpdonefunc_t done, void *done_arg, + dns_dumpctx_t **dctxp, dns_masterformat_t format) { FILE *f = NULL; isc_result_t result; @@ -1278,7 +1551,7 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, if (result != ISC_R_SUCCESS) goto cleanup; - result = dumpctx_create(mctx, db, version, style, f, &dctx); + result = dumpctx_create(mctx, db, version, style, f, &dctx, format); if (result != ISC_R_SUCCESS) { (void)isc_stdio_close(f); (void)isc_file_remove(tempname); @@ -1313,6 +1586,15 @@ dns_master_dumpinc(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, isc_result_t dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, const dns_master_style_t *style, const char *filename) +{ + return (dns_master_dump2(mctx, db, version, style, filename, + dns_masterformat_text)); +} + +isc_result_t +dns_master_dump2(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, + const dns_master_style_t *style, const char *filename, + dns_masterformat_t format) { FILE *f = NULL; isc_result_t result; @@ -1323,7 +1605,7 @@ dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, if (result != ISC_R_SUCCESS) return (result); - result = dumpctx_create(mctx, db, version, style, f, &dctx); + result = dumpctx_create(mctx, db, version, style, f, &dctx, format); if (result != ISC_R_SUCCESS) goto cleanup; @@ -1340,6 +1622,7 @@ dns_master_dump(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, /* * Dump a database node into a master file. + * XXX: this function assumes the text format. */ isc_result_t dns_master_dumpnodetostream(isc_mem_t *mctx, dns_db_t *db, @@ -1373,7 +1656,7 @@ dns_master_dumpnodetostream(isc_mem_t *mctx, dns_db_t *db, result = dns_db_allrdatasets(db, node, version, now, &rdsiter); if (result != ISC_R_SUCCESS) goto failure; - result = dump_rdatasets(mctx, name, rdsiter, &ctx, &buffer, f); + result = dump_rdatasets_text(mctx, name, rdsiter, &ctx, &buffer, f); if (result != ISC_R_SUCCESS) goto failure; dns_rdatasetiter_destroy(&rdsiter); @@ -1419,10 +1702,10 @@ dns_master_dumpnode(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, isc_result_t dns_master_stylecreate(dns_master_style_t **stylep, unsigned int flags, - unsigned int ttl_column, unsigned int class_column, - unsigned int type_column, unsigned int rdata_column, - unsigned int line_length, unsigned int tab_width, - isc_mem_t *mctx) + unsigned int ttl_column, unsigned int class_column, + unsigned int type_column, unsigned int rdata_column, + unsigned int line_length, unsigned int tab_width, + isc_mem_t *mctx) { dns_master_style_t *style; @@ -1452,4 +1735,3 @@ dns_master_styledestroy(dns_master_style_t **stylep, isc_mem_t *mctx) { *stylep = NULL; isc_mem_put(mctx, style, sizeof(*style)); } - diff --git a/contrib/bind-9.3/lib/dns/message.c b/contrib/bind-9.5.2/lib/dns/message.c similarity index 95% rename from contrib/bind-9.3/lib/dns/message.c rename to contrib/bind-9.5.2/lib/dns/message.c index 33875433f6..7c2ab35948 100644 --- a/contrib/bind-9.3/lib/dns/message.c +++ b/contrib/bind-9.5.2/lib/dns/message.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,16 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.194.2.10.2.24 2006/02/28 06:32:54 marka Exp $ */ +/* $Id: message.c,v 1.237.110.8 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ /*** *** Imports ***/ #include +#include #include #include @@ -43,6 +46,35 @@ #include #include +#ifdef SKAN_MSG_DEBUG +static void +hexdump(const char *msg, const char *msg2, void *base, size_t len) { + unsigned char *p; + unsigned int cnt; + + p = base; + cnt = 0; + + printf("*** %s [%s] (%u bytes @ %p)\n", msg, msg2, len, base); + + while (cnt < len) { + if (cnt % 16 == 0) + printf("%p: ", p); + else if (cnt % 8 == 0) + printf(" |"); + printf(" %02x %c", *p, (isprint(*p) ? *p : ' ')); + p++; + cnt++; + + if (cnt % 16 == 0) + printf("\n"); + } + + if (cnt % 16 != 0) + printf("\n"); +} +#endif + #define DNS_MESSAGE_OPCODE_MASK 0x7800U #define DNS_MESSAGE_OPCODE_SHIFT 11 #define DNS_MESSAGE_RCODE_MASK 0x000fU @@ -63,7 +95,7 @@ #define VALID_PSEUDOSECTION(s) (((s) >= DNS_PSEUDOSECTION_ANY) \ && ((s) < DNS_PSEUDOSECTION_MAX)) -/* +/*% * This is the size of each individual scratchpad buffer, and the numbers * of various block allocations used within the server. * XXXMLG These should come from a config setting. @@ -75,7 +107,7 @@ #define RDATALIST_COUNT 8 #define RDATASET_COUNT RDATALIST_COUNT -/* +/*% * Text representation of the different items, for message_totext * functions. */ @@ -133,10 +165,10 @@ static const char *rcodetext[] = { }; -/* +/*% * "helper" type, which consists of a block of some type, and is linkable. * For it to work, sizeof(dns_msgblock_t) must be a multiple of the pointer - * size, or the allocated elements will not be alligned correctly. + * size, or the allocated elements will not be aligned correctly. */ struct dns_msgblock { unsigned int count; @@ -590,6 +622,9 @@ msgreset(dns_message_t *msg, isc_boolean_t everything) { msg->tsigkey = NULL; } + if (msg->tsigctx != NULL) + dst_context_destroy(&msg->tsigctx); + if (msg->query.base != NULL) { if (msg->free_query != 0) isc_mem_put(msg->mctx, msg->query.base, @@ -985,7 +1020,7 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, if (name == NULL) return (ISC_R_NOMEMORY); free_name = ISC_TRUE; - + offsets = newoffsets(msg); if (offsets == NULL) { result = ISC_R_NOMEMORY; @@ -1295,7 +1330,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, } /* * When the rdata is empty, the data pointer is - * never dereferenced, but it must still be non-NULL. + * never dereferenced, but it must still be non-NULL. * Casting 1 rather than "" avoids warnings about * discarding the const attribute of a string, * for compilers that would warn about such things. @@ -1306,6 +1341,11 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, rdata->type = rdtype; rdata->flags = DNS_RDATA_UPDATE; result = ISC_R_SUCCESS; + } else if (rdclass == dns_rdataclass_none && + msg->opcode == dns_opcode_update && + sectionid == DNS_SECTION_UPDATE) { + result = getrdata(source, msg, dctx, msg->rdclass, + rdtype, rdatalen, rdata); } else result = getrdata(source, msg, dctx, rdclass, rdtype, rdatalen, rdata); @@ -1429,7 +1469,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, rdataset) == ISC_R_SUCCESS); - if (rdtype != dns_rdatatype_opt && + if (rdtype != dns_rdatatype_opt && rdtype != dns_rdatatype_tsig && !issigzero) { @@ -1441,7 +1481,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, /* * Minimize TTLs. * - * Section 5.2 of RFC 2181 says we should drop + * Section 5.2 of RFC2181 says we should drop * nonauthoritative rrsets where the TTLs differ, but we * currently treat them the as if they were authoritative and * minimize them. @@ -1452,14 +1492,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, rdataset->ttl = ttl; } - /* - * XXXMLG Perform a totally ugly hack here to pull - * the rdatalist out of the private field in the rdataset, - * and append this rdata to the rdatalist's linked list - * of rdata. - */ - rdatalist = (dns_rdatalist_t *)(rdataset->private1); - + /* Append this rdata to the rdataset. */ + dns_rdatalist_fromrdataset(rdataset, &rdatalist); ISC_LIST_APPEND(rdatalist->rdata, rdata, link); /* @@ -1924,7 +1958,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, * * XXXMLG Need to change this when * dns_rdataset_towire() can render partial - * sets starting at some arbitary point in the + * sets starting at some arbitrary point in the * set. This will include setting a bit in the * rdataset to indicate that a partial * rendering was done, and some state saved @@ -2282,6 +2316,18 @@ dns_message_addname(dns_message_t *msg, dns_name_t *name, ISC_LIST_APPEND(msg->sections[section], name, link); } +void +dns_message_removename(dns_message_t *msg, dns_name_t *name, + dns_section_t section) +{ + REQUIRE(msg != NULL); + REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTRENDER); + REQUIRE(name != NULL); + REQUIRE(VALID_NAMED_SECTION(section)); + + ISC_LIST_UNLINK(msg->sections[section], name, link); +} + isc_result_t dns_message_gettempname(dns_message_t *msg, dns_name_t **item) { REQUIRE(DNS_MESSAGE_VALID(msg)); @@ -2877,6 +2923,35 @@ dns_message_rechecksig(dns_message_t *msg, dns_view_t *view) { return (dns_message_checksig(msg, view)); } +#ifdef SKAN_MSG_DEBUG +void +dns_message_dumpsig(dns_message_t *msg, char *txt1) { + dns_rdata_t querytsigrdata = DNS_RDATA_INIT; + dns_rdata_any_tsig_t querytsig; + isc_result_t result; + + if (msg->tsig != NULL) { + result = dns_rdataset_first(msg->tsig); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_rdataset_current(msg->tsig, &querytsigrdata); + result = dns_rdata_tostruct(&querytsigrdata, &querytsig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + hexdump(txt1, "TSIG", querytsig.signature, + querytsig.siglen); + } + + if (msg->querytsig != NULL) { + result = dns_rdataset_first(msg->querytsig); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_rdataset_current(msg->querytsig, &querytsigrdata); + result = dns_rdata_tostruct(&querytsigrdata, &querytsig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + hexdump(txt1, "QUERYTSIG", querytsig.signature, + querytsig.siglen); + } +} +#endif + isc_result_t dns_message_checksig(dns_message_t *msg, dns_view_t *view) { isc_buffer_t b, msgb; @@ -2885,10 +2960,14 @@ dns_message_checksig(dns_message_t *msg, dns_view_t *view) { if (msg->tsigkey == NULL && msg->tsig == NULL && msg->sig0 == NULL) return (ISC_R_SUCCESS); + INSIST(msg->saved.base != NULL); isc_buffer_init(&msgb, msg->saved.base, msg->saved.length); isc_buffer_add(&msgb, msg->saved.length); if (msg->tsigkey != NULL || msg->tsig != NULL) { +#ifdef SKAN_MSG_DEBUG + dns_message_dumpsig(msg, "dns_message_checksig#1"); +#endif if (view != NULL) return (dns_view_checksig(view, &msgb, msg)); else @@ -2993,8 +3072,7 @@ dns_message_sectiontotext(dns_message_t *msg, dns_section_t section, ADD_STRING(target, ";; "); if (msg->opcode != dns_opcode_update) { ADD_STRING(target, sectiontext[section]); - } - else { + } else { ADD_STRING(target, updsectiontext[section]); } ADD_STRING(target, " SECTION:\n"); @@ -3047,6 +3125,10 @@ dns_message_pseudosectiontotext(dns_message_t *msg, isc_result_t result; char buf[sizeof("1234567890")]; isc_uint32_t mbz; + dns_rdata_t rdata; + isc_buffer_t optbuf; + isc_uint16_t optcode, optlen; + unsigned char *optdata; REQUIRE(DNS_MESSAGE_VALID(msg)); REQUIRE(target != NULL); @@ -3076,6 +3158,50 @@ dns_message_pseudosectiontotext(dns_message_t *msg, ADD_STRING(target, "; udp: "); snprintf(buf, sizeof(buf), "%u\n", (unsigned int)ps->rdclass); ADD_STRING(target, buf); + + result = dns_rdataset_first(ps); + if (result != ISC_R_SUCCESS) + return (ISC_R_SUCCESS); + + /* Print EDNS info, if any */ + dns_rdata_init(&rdata); + dns_rdataset_current(ps, &rdata); + if (rdata.length < 4) + return (ISC_R_SUCCESS); + + isc_buffer_init(&optbuf, rdata.data, rdata.length); + isc_buffer_add(&optbuf, rdata.length); + optcode = isc_buffer_getuint16(&optbuf); + optlen = isc_buffer_getuint16(&optbuf); + + if (optcode == DNS_OPT_NSID) { + ADD_STRING(target, "; NSID"); + } else { + ADD_STRING(target, "; OPT="); + sprintf(buf, "%u", optcode); + ADD_STRING(target, buf); + } + + if (optlen != 0) { + int i; + ADD_STRING(target, ": "); + + optdata = rdata.data + 4; + for (i = 0; i < optlen; i++) { + sprintf(buf, "%02x ", optdata[i]); + ADD_STRING(target, buf); + } + for (i = 0; i < optlen; i++) { + ADD_STRING(target, " ("); + if (isprint(optdata[i])) + isc_buffer_putmem(target, &optdata[i], + 1); + else + isc_buffer_putstr(target, "."); + ADD_STRING(target, ")"); + } + } + ADD_STRING(target, "\n"); return (ISC_R_SUCCESS); case DNS_PSEUDOSECTION_TSIG: ps = dns_message_gettsig(msg, &name); @@ -3116,7 +3242,12 @@ dns_message_totext(dns_message_t *msg, const dns_master_style_t *style, ADD_STRING(target, ";; ->>HEADER<<- opcode: "); ADD_STRING(target, opcodetext[msg->opcode]); ADD_STRING(target, ", status: "); - ADD_STRING(target, rcodetext[msg->rcode]); + if (msg->rcode < (sizeof(rcodetext)/sizeof(rcodetext[0]))) { + ADD_STRING(target, rcodetext[msg->rcode]); + } else { + snprintf(buf, sizeof(buf), "%4u", msg->rcode); + ADD_STRING(target, buf); + } ADD_STRING(target, ", id: "); snprintf(buf, sizeof(buf), "%6u", msg->id); ADD_STRING(target, buf); diff --git a/contrib/bind-9.3/lib/dns/name.c b/contrib/bind-9.5.2/lib/dns/name.c similarity index 89% rename from contrib/bind-9.3/lib/dns/name.c rename to contrib/bind-9.5.2/lib/dns/name.c index 1a257de8e1..638cdc86d0 100644 --- a/contrib/bind-9.3/lib/dns/name.c +++ b/contrib/bind-9.5.2/lib/dns/name.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.c,v 1.127.2.7.2.16 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: name.c,v 1.163.128.2 2008/03/31 23:46:42 tbox Exp $ */ + +/*! \file */ #include #include +#include #include #include #include +#include #include #include +#include #include #include @@ -122,7 +127,7 @@ static unsigned char maptolower[] = { set_offsets(name, var, NULL); \ } -/* +/*% * Note: If additional attributes are added that should not be set for * empty names, MAKE_EMPTY() must be changed so it clears them. */ @@ -134,7 +139,7 @@ do { \ name->attributes &= ~DNS_NAMEATTR_ABSOLUTE; \ } while (0); -/* +/*% * A name is "bindable" if it can be set to point to a new value, i.e. * name->ndata and name->length may be changed. */ @@ -142,7 +147,7 @@ do { \ ((name->attributes & (DNS_NAMEATTR_READONLY|DNS_NAMEATTR_DYNAMIC)) \ == 0) -/* +/*% * Note that the name data must be a char array, not a string * literal, to avoid compiler warnings about discarding * the const attribute of a string. @@ -150,7 +155,7 @@ do { \ static unsigned char root_ndata[] = { '\0' }; static unsigned char root_offsets[] = { 0 }; -static dns_name_t root = +static dns_name_t root = { DNS_NAME_MAGIC, root_ndata, 1, 1, @@ -182,6 +187,19 @@ LIBDNS_EXTERNAL_DATA dns_name_t *dns_wildcardname = &wild; unsigned int dns_fullname_hash(dns_name_t *name, isc_boolean_t case_sensitive); +/* + * dns_name_t to text post-conversion procedure. + */ +#ifdef ISC_PLATFORM_USETHREADS +static int thread_key_initialized = 0; +static isc_mutex_t thread_key_mutex; +static isc_mem_t *thread_key_mctx = NULL; +static isc_thread_key_t totext_filter_proc_key; +static isc_once_t once = ISC_ONCE_INIT; +#else +static dns_name_totextfilter_t totext_filter_proc = NULL; +#endif + static void set_offsets(const dns_name_t *name, unsigned char *offsets, dns_name_t *set_name); @@ -280,7 +298,7 @@ dns_name_ismailbox(const dns_name_t *name) { REQUIRE(name->labels > 0); REQUIRE(name->attributes & DNS_NAMEATTR_ABSOLUTE); - /* + /* * Root label. */ if (name->length == 1) @@ -294,7 +312,7 @@ dns_name_ismailbox(const dns_name_t *name) { if (!domainchar(ch)) return (ISC_FALSE); } - + if (ndata == name->ndata + name->length) return (ISC_FALSE); @@ -329,8 +347,8 @@ dns_name_ishostname(const dns_name_t *name, isc_boolean_t wildcard) { REQUIRE(VALID_NAME(name)); REQUIRE(name->labels > 0); REQUIRE(name->attributes & DNS_NAMEATTR_ABSOLUTE); - - /* + + /* * Root label. */ if (name->length == 1) @@ -385,6 +403,41 @@ dns_name_iswildcard(const dns_name_t *name) { return (ISC_FALSE); } +isc_boolean_t +dns_name_internalwildcard(const dns_name_t *name) { + unsigned char *ndata; + unsigned int count; + unsigned int label; + + /* + * Does 'name' contain a internal wildcard? + */ + + REQUIRE(VALID_NAME(name)); + REQUIRE(name->labels > 0); + + /* + * Skip first label. + */ + ndata = name->ndata; + count = *ndata++; + INSIST(count <= 63); + ndata += count; + label = 1; + /* + * Check all but the last of the remaining labels. + */ + while (label + 1 < name->labels) { + count = *ndata++; + INSIST(count <= 63); + if (count == 1 && *ndata == '*') + return (ISC_TRUE); + ndata += count; + label++; + } + return (ISC_FALSE); +} + static inline unsigned int name_hash(dns_name_t *name, isc_boolean_t case_sensitive) { unsigned int length; @@ -664,6 +717,35 @@ dns_name_equal(const dns_name_t *name1, const dns_name_t *name2) { return (ISC_TRUE); } +isc_boolean_t +dns_name_caseequal(const dns_name_t *name1, const dns_name_t *name2) { + + /* + * Are 'name1' and 'name2' equal? + * + * Note: It makes no sense for one of the names to be relative and the + * other absolute. If both names are relative, then to be meaningfully + * compared the caller must ensure that they are both relative to the + * same domain. + */ + + REQUIRE(VALID_NAME(name1)); + REQUIRE(VALID_NAME(name2)); + /* + * Either name1 is absolute and name2 is absolute, or neither is. + */ + REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) == + (name2->attributes & DNS_NAMEATTR_ABSOLUTE)); + + if (name1->length != name2->length) + return (ISC_FALSE); + + if (memcmp(name1->ndata, name2->ndata, name1->length) != 0) + return (ISC_FALSE); + + return (ISC_TRUE); +} + int dns_name_rdatacompare(const dns_name_t *name1, const dns_name_t *name2) { unsigned int l1, l2, l, count1, count2, count; @@ -836,7 +918,7 @@ dns_name_getlabelsequence(const dns_name_t *source, target->ndata = &source->ndata[firstoffset]; target->length = endoffset - firstoffset; - + if (first + n == source->labels && n > 0 && (source->attributes & DNS_NAMEATTR_ABSOLUTE) != 0) target->attributes |= DNS_NAMEATTR_ABSOLUTE; @@ -909,7 +991,7 @@ dns_name_fromregion(dns_name_t *name, const isc_region_t *r) { name->length = len; } else { name->ndata = r->base; - name->length = (r->length <= DNS_NAME_MAXWIRE) ? + name->length = (r->length <= DNS_NAME_MAXWIRE) ? r->length : DNS_NAME_MAXWIRE; } @@ -967,7 +1049,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, REQUIRE(ISC_BUFFER_VALID(source)); REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) || (target == NULL && ISC_BUFFER_VALID(name->buffer))); - + downcase = ISC_TF((options & DNS_NAME_DOWNCASE) != 0); if (target == NULL && name->buffer != NULL) { @@ -1189,6 +1271,55 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, return (ISC_R_SUCCESS); } +#ifdef ISC_PLATFORM_USETHREADS +static void +free_specific(void *arg) { + dns_name_totextfilter_t *mem = arg; + isc_mem_put(thread_key_mctx, mem, sizeof(*mem)); + /* Stop use being called again. */ + (void)isc_thread_key_setspecific(totext_filter_proc_key, NULL); +} + +static void +thread_key_mutex_init(void) { + RUNTIME_CHECK(isc_mutex_init(&thread_key_mutex) == ISC_R_SUCCESS); +} + +static isc_result_t +totext_filter_proc_key_init(void) { + isc_result_t result; + + /* + * We need the call to isc_once_do() to support profiled mutex + * otherwise thread_key_mutex could be initialized at compile time. + */ + result = isc_once_do(&once, thread_key_mutex_init); + if (result != ISC_R_SUCCESS) + return (result); + + if (!thread_key_initialized) { + LOCK(&thread_key_mutex); + if (thread_key_mctx == NULL) + result = isc_mem_create2(0, 0, &thread_key_mctx, 0); + if (result != ISC_R_SUCCESS) + goto unlock; + isc_mem_setname(thread_key_mctx, "threadkey", NULL); + isc_mem_setdestroycheck(thread_key_mctx, ISC_FALSE); + + if (!thread_key_initialized && + isc_thread_key_create(&totext_filter_proc_key, + free_specific) != 0) { + result = ISC_R_FAILURE; + isc_mem_detach(&thread_key_mctx); + } else + thread_key_initialized = 1; + unlock: + UNLOCK(&thread_key_mutex); + } + return (result); +} +#endif + isc_result_t dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, isc_buffer_t *target) @@ -1200,6 +1331,12 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, unsigned int trem, count; unsigned int labels; isc_boolean_t saw_root = ISC_FALSE; + unsigned int oused = target->used; +#ifdef ISC_PLATFORM_USETHREADS + dns_name_totextfilter_t *mem; + dns_name_totextfilter_t totext_filter_proc = NULL; + isc_result_t result; +#endif /* * This function assumes the name is in proper uncompressed @@ -1208,6 +1345,11 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, REQUIRE(VALID_NAME(name)); REQUIRE(ISC_BUFFER_VALID(target)); +#ifdef ISC_PLATFORM_USETHREADS + result = totext_filter_proc_key_init(); + if (result != ISC_R_SUCCESS) + return (result); +#endif ndata = name->ndata; nlen = name->length; labels = name->labels; @@ -1339,6 +1481,14 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, isc_buffer_add(target, tlen - trem); +#ifdef ISC_PLATFORM_USETHREADS + mem = isc_thread_key_getspecific(totext_filter_proc_key); + if (mem != NULL) + totext_filter_proc = *mem; +#endif + if (totext_filter_proc != NULL) + return ((*totext_filter_proc)(target, oused, saw_root)); + return (ISC_R_SUCCESS); } @@ -1573,7 +1723,7 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, { unsigned char *cdata, *ndata; unsigned int cused; /* Bytes of compressed name data used */ - unsigned int hops, nused, labels, n, nmax; + unsigned int nused, labels, n, nmax; unsigned int current, new_current, biggest_pointer; isc_boolean_t done; fw_state state = fw_start; @@ -1581,10 +1731,12 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, unsigned char *offsets; dns_offsets_t odata; isc_boolean_t downcase; + isc_boolean_t seen_pointer; /* * Copy the possibly-compressed name at source into target, - * decompressing it. + * decompressing it. Loop prevention is performed by checking + * the new pointer against biggest_pointer. */ REQUIRE(VALID_NAME(name)); @@ -1618,11 +1770,11 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, * Set up. */ labels = 0; - hops = 0; done = ISC_FALSE; ndata = isc_buffer_used(target); nused = 0; + seen_pointer = ISC_FALSE; /* * Find the maximum number of uncompressed target name @@ -1648,7 +1800,7 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, while (current < source->active && !done) { c = *cdata++; current++; - if (hops == 0) + if (!seen_pointer) cused++; switch (state) { @@ -1704,11 +1856,8 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, return (DNS_R_BADPOINTER); biggest_pointer = new_current; current = new_current; - cdata = (unsigned char *)source->base + - current; - hops++; - if (hops > DNS_POINTER_MAXHOPS) - return (DNS_R_TOOMANYHOPS); + cdata = (unsigned char *)source->base + current; + seen_pointer = ISC_TRUE; state = fw_start; break; default: @@ -1744,7 +1893,6 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, * big enough buffer. */ return (ISC_R_NOSPACE); - } isc_result_t @@ -1783,7 +1931,8 @@ dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, methods = dns_compress_getmethods(cctx); - if ((methods & DNS_COMPRESS_GLOBAL14) != 0) + if ((name->attributes & DNS_NAMEATTR_NOCOMPRESS) == 0 && + (methods & DNS_COMPRESS_GLOBAL14) != 0) gf = dns_compress_findglobal(cctx, name, &gp, &go); else gf = ISC_FALSE; @@ -2124,6 +2273,49 @@ dns_name_print(dns_name_t *name, FILE *stream) { return (ISC_R_SUCCESS); } +isc_result_t +dns_name_settotextfilter(dns_name_totextfilter_t proc) { +#ifdef ISC_PLATFORM_USETHREADS + isc_result_t result; + dns_name_totextfilter_t *mem; + int res; + + result = totext_filter_proc_key_init(); + if (result != ISC_R_SUCCESS) + return (result); + + /* + * If we already have been here set / clear as appropriate. + * Otherwise allocate memory. + */ + mem = isc_thread_key_getspecific(totext_filter_proc_key); + if (mem != NULL && proc != NULL) { + *mem = proc; + return (ISC_R_SUCCESS); + } + if (proc == NULL) { + isc_mem_put(thread_key_mctx, mem, sizeof(*mem)); + res = isc_thread_key_setspecific(totext_filter_proc_key, NULL); + if (res != 0) + result = ISC_R_UNEXPECTED; + return (result); + } + + mem = isc_mem_get(thread_key_mctx, sizeof(*mem)); + if (mem == NULL) + return (ISC_R_NOMEMORY); + *mem = proc; + if (isc_thread_key_setspecific(totext_filter_proc_key, mem) != 0) { + isc_mem_put(thread_key_mctx, mem, sizeof(*mem)); + result = ISC_R_UNEXPECTED; + } + return (result); +#else + totext_filter_proc = proc; + return (ISC_R_SUCCESS); +#endif +} + void dns_name_format(dns_name_t *name, char *cp, unsigned int size) { isc_result_t result; @@ -2198,3 +2390,19 @@ dns_name_copy(dns_name_t *source, dns_name_t *dest, isc_buffer_t *target) { return (ISC_R_SUCCESS); } +void +dns_name_destroy(void) { +#ifdef ISC_PLATFORM_USETHREADS + RUNTIME_CHECK(isc_once_do(&once, thread_key_mutex_init) + == ISC_R_SUCCESS); + + LOCK(&thread_key_mutex); + if (thread_key_initialized) { + isc_mem_detach(&thread_key_mctx); + isc_thread_key_delete(totext_filter_proc_key); + thread_key_initialized = 0; + } + UNLOCK(&thread_key_mutex); + +#endif +} diff --git a/contrib/bind-9.3/lib/dns/ncache.c b/contrib/bind-9.5.2/lib/dns/ncache.c similarity index 97% rename from contrib/bind-9.3/lib/dns/ncache.c rename to contrib/bind-9.5.2/lib/dns/ncache.c index dddde60ee1..a779e01cac 100644 --- a/contrib/bind-9.3/lib/dns/ncache.c +++ b/contrib/bind-9.5.2/lib/dns/ncache.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.24.2.4.2.7 2004/03/08 02:07:54 marka Exp $ */ +/* $Id: ncache.c,v 1.41 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -184,7 +186,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, * * We trust that the caller wants negative caching, so this * means we have a "type 3 nxdomain" or "type 3 nodata" - * response (see RFC 2308 for details). + * response (see RFC2308 for details). * * We will now build a suitable negative cache rdataset that * will cause zero bytes to be emitted when converted to @@ -208,7 +210,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, isc_buffer_putuint16(&buffer, 0); isc_buffer_putuint16(&buffer, 0); /* - * RFC 2308, section 5, says that negative answers without + * RFC2308, section 5, says that negative answers without * SOAs should not be cached. */ ttl = 0; @@ -473,6 +475,9 @@ static dns_rdatasetmethods_t rdataset_methods = { rdataset_clone, rdataset_count, NULL, + NULL, + NULL, + NULL, NULL }; diff --git a/contrib/bind-9.3/lib/dns/nsec.c b/contrib/bind-9.5.2/lib/dns/nsec.c similarity index 95% rename from contrib/bind-9.3/lib/dns/nsec.c rename to contrib/bind-9.5.2/lib/dns/nsec.c index c259706a64..440ec41f82 100644 --- a/contrib/bind-9.3/lib/dns/nsec.c +++ b/contrib/bind-9.5.2/lib/dns/nsec.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec.c,v 1.5.2.1 2004/03/08 02:07:55 marka Exp $ */ +/* $Id: nsec.c,v 1.9.128.2 2009/01/06 23:46:47 tbox Exp $ */ + +/*! \file */ #include @@ -195,7 +197,7 @@ dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type) { /* This should never fail */ result = dns_rdata_tostruct(nsec, &nsecstruct, NULL); INSIST(result == ISC_R_SUCCESS); - + present = ISC_FALSE; for (i = 0; i < nsecstruct.len; i += len) { INSIST(i + 2 <= nsecstruct.len); @@ -213,6 +215,6 @@ dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type) { type % 256)); break; } - dns_rdata_freestruct(&nsec); + dns_rdata_freestruct(&nsecstruct); return (present); } diff --git a/contrib/bind-9.3/lib/dns/openssl_link.c b/contrib/bind-9.5.2/lib/dns/openssl_link.c similarity index 67% rename from contrib/bind-9.3/lib/dns/openssl_link.c rename to contrib/bind-9.5.2/lib/dns/openssl_link.c index 525905c188..6fe8618f4a 100644 --- a/contrib/bind-9.3/lib/dns/openssl_link.c +++ b/contrib/bind-9.5.2/lib/dns/openssl_link.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.1.4.3 2006/05/23 23:51:03 marka Exp $ + * $Id: openssl_link.c,v 1.16.92.2 2009/02/11 23:46:41 tbox Exp $ */ #ifdef OPENSSL @@ -37,6 +50,8 @@ #include #include +#include +#include #include #if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER != 0x00907000L) @@ -48,6 +63,7 @@ #endif static RAND_METHOD *rm = NULL; + static isc_mutex_t *locks = NULL; static int nlocks; @@ -55,7 +71,6 @@ static int nlocks; static ENGINE *e; #endif - static int entropy_get(unsigned char *buf, int num) { isc_result_t result; @@ -65,6 +80,11 @@ entropy_get(unsigned char *buf, int num) { return (result == ISC_R_SUCCESS ? num : -1); } +static int +entropy_status(void) { + return (dst__entropy_status() > 32); +} + static int entropy_getpseudo(unsigned char *buf, int num) { isc_result_t result; @@ -114,24 +134,19 @@ mem_free(void *ptr) { static void * mem_realloc(void *ptr, size_t size) { - void *p; - INSIST(dst__memory_pool != NULL); - p = NULL; - if (size > 0U) { - p = mem_alloc(size); - if (p != NULL && ptr != NULL) - memcpy(p, ptr, size); - } - if (ptr != NULL) - mem_free(ptr); - return (p); + return (isc_mem_reallocate(dst__memory_pool, ptr, size)); } isc_result_t dst__openssl_init() { isc_result_t result; +#ifdef DNS_CRYPTO_LEAKS + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); +#endif CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free); nlocks = CRYPTO_num_locks(); locks = mem_alloc(sizeof(isc_mutex_t) * nlocks); @@ -142,6 +157,7 @@ dst__openssl_init() { goto cleanup_mutexalloc; CRYPTO_set_locking_callback(lock_callback); CRYPTO_set_id_callback(id_callback); + rm = mem_alloc(sizeof(RAND_METHOD)); if (rm == NULL) { result = ISC_R_NOMEMORY; @@ -152,7 +168,7 @@ dst__openssl_init() { rm->cleanup = NULL; rm->add = entropy_add; rm->pseudorand = entropy_getpseudo; - rm->status = NULL; + rm->status = entropy_status; #ifdef USE_ENGINE e = ENGINE_new(); if (e == NULL) { @@ -163,7 +179,7 @@ dst__openssl_init() { RAND_set_rand_method(rm); #else RAND_set_rand_method(rm); -#endif +#endif /* USE_ENGINE */ return (ISC_R_SUCCESS); #ifdef USE_ENGINE @@ -171,6 +187,7 @@ dst__openssl_init() { mem_free(rm); #endif cleanup_mutexinit: + CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); cleanup_mutexalloc: mem_free(locks); @@ -179,6 +196,33 @@ dst__openssl_init() { void dst__openssl_destroy() { + + /* + * Sequence taken from apps_shutdown() in . + */ +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) + CONF_modules_unload(1); +#endif + EVP_cleanup(); +#if defined(USE_ENGINE) && OPENSSL_VERSION_NUMBER >= 0x00907000L + ENGINE_cleanup(); +#endif +#if (OPENSSL_VERSION_NUMBER >= 0x00907000L) + CRYPTO_cleanup_all_ex_data(); +#endif + ERR_clear_error(); + ERR_free_strings(); + ERR_remove_state(0); + +#ifdef DNS_CRYPTO_LEAKS + CRYPTO_mem_leaks_fp(stderr); +#endif + +#if 0 + /* + * The old error sequence that leaked. Remove for 9.4.1 if + * there are no issues by then. + */ ERR_clear_error(); #ifdef USE_ENGINE if (e != NULL) { @@ -186,12 +230,18 @@ dst__openssl_destroy() { e = NULL; } #endif +#endif + if (rm != NULL) { +#if OPENSSL_VERSION_NUMBER >= 0x00907000L + RAND_cleanup(); +#endif + mem_free(rm); + } if (locks != NULL) { + CRYPTO_set_locking_callback(NULL); DESTROYMUTEXBLOCK(locks, nlocks); mem_free(locks); } - if (rm != NULL) - mem_free(rm); } isc_result_t @@ -217,3 +267,4 @@ dst__openssl_toresult(isc_result_t fallback) { EMPTY_TRANSLATION_UNIT #endif /* OPENSSL */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/openssldh_link.c b/contrib/bind-9.5.2/lib/dns/openssldh_link.c similarity index 76% rename from contrib/bind-9.3/lib/dns/openssldh_link.c rename to contrib/bind-9.5.2/lib/dns/openssldh_link.c index 74ba39af36..c76441f806 100644 --- a/contrib/bind-9.3/lib/dns/openssldh_link.c +++ b/contrib/bind-9.5.2/lib/dns/openssldh_link.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.1.4.3 2006/03/02 00:37:20 marka Exp $ + * $Id: openssldh_link.c,v 1.12 2007/08/28 07:20:42 tbox Exp $ */ #ifdef OPENSSL @@ -37,8 +50,6 @@ #include "dst_openssl.h" #include "dst_parse.h" -#include - #define PRIME768 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088" \ "A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25" \ "F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF" @@ -71,11 +82,11 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, isc_region_t r; unsigned int len; - REQUIRE(pub->opaque != NULL); - REQUIRE(priv->opaque != NULL); + REQUIRE(pub->keydata.dh != NULL); + REQUIRE(priv->keydata.dh != NULL); - dhpub = (DH *) pub->opaque; - dhpriv = (DH *) priv->opaque; + dhpub = pub->keydata.dh; + dhpriv = priv->keydata.dh; len = DH_size(dhpriv); isc_buffer_availableregion(secret, &r); @@ -93,8 +104,8 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) { int status; DH *dh1, *dh2; - dh1 = (DH *) key1->opaque; - dh2 = (DH *) key2->opaque; + dh1 = key1->keydata.dh; + dh2 = key2->keydata.dh; if (dh1 == NULL && dh2 == NULL) return (ISC_TRUE); @@ -122,8 +133,8 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { int status; DH *dh1, *dh2; - dh1 = (DH *) key1->opaque; - dh2 = (DH *) key2->opaque; + dh1 = key1->keydata.dh; + dh2 = key2->keydata.dh; if (dh1 == NULL && dh2 == NULL) return (ISC_TRUE); @@ -138,81 +149,11 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { return (ISC_TRUE); } -#ifndef HAVE_DH_GENERATE_PARAMETERS -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -static DH * -DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) -{ - BN_GENCB cb; - DH *dh = NULL; - - dh = DH_new(); - if (dh != NULL) { - BN_GENCB_set_old(&cb, callback, cb_arg); - - if (DH_generate_parameters_ex(dh, prime_len, generator, &cb)) - return (dh); - DH_free(dh); - } - return (NULL); -} -#endif - static isc_result_t openssldh_generate(dst_key_t *key, int generator) { +#if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB cb; +#endif DH *dh = NULL; if (generator == 0) { @@ -222,7 +163,7 @@ openssldh_generate(dst_key_t *key, int generator) { { dh = DH_new(); if (dh == NULL) - return (ISC_R_NOMEMORY); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); if (key->key_size == 768) dh->p = &bn768; else if (key->key_size == 1024) @@ -230,14 +171,28 @@ openssldh_generate(dst_key_t *key, int generator) { else dh->p = &bn1536; dh->g = &bn2; - } - else + } else generator = 2; } - if (generator != 0) + if (generator != 0) { +#if OPENSSL_VERSION_NUMBER > 0x00908000L + dh = DH_new(); + if (dh == NULL) + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + + BN_GENCB_set_old(&cb, NULL, NULL); + + if (!DH_generate_parameters_ex(dh, key->key_size, generator, + &cb)) { + DH_free(dh); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + } +#else dh = DH_generate_parameters(key->key_size, generator, NULL, NULL); +#endif + } if (dh == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); @@ -248,20 +203,20 @@ openssldh_generate(dst_key_t *key, int generator) { } dh->flags &= ~DH_FLAG_CACHE_MONT_P; - key->opaque = dh; + key->keydata.dh = dh; return (ISC_R_SUCCESS); } static isc_boolean_t openssldh_isprivate(const dst_key_t *key) { - DH *dh = (DH *) key->opaque; + DH *dh = key->keydata.dh; return (ISC_TF(dh != NULL && dh->priv_key != NULL)); } static void openssldh_destroy(dst_key_t *key) { - DH *dh = key->opaque; + DH *dh = key->keydata.dh; if (dh == NULL) return; @@ -271,7 +226,7 @@ openssldh_destroy(dst_key_t *key) { if (dh->g == &bn2) dh->g = NULL; DH_free(dh); - key->opaque = NULL; + key->keydata.dh = NULL; } static void @@ -298,9 +253,9 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) { isc_region_t r; isc_uint16_t dnslen, plen, glen, publen; - REQUIRE(key->opaque != NULL); + REQUIRE(key->keydata.dh != NULL); - dh = (DH *) key->opaque; + dh = key->keydata.dh; isc_buffer_availableregion(data, &r); @@ -358,7 +313,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { dh = DH_new(); if (dh == NULL) - return (ISC_R_NOMEMORY); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); dh->flags &= ~DH_FLAG_CACHE_MONT_P; /* @@ -457,7 +412,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_buffer_forward(data, plen + glen + publen + 6); - key->opaque = (void *) dh; + key->keydata.dh = dh; return (ISC_R_SUCCESS); } @@ -470,10 +425,10 @@ openssldh_tofile(const dst_key_t *key, const char *directory) { unsigned char *bufs[4]; isc_result_t result; - if (key->opaque == NULL) + if (key->keydata.dh == NULL) return (DST_R_NULLKEY); - dh = (DH *) key->opaque; + dh = key->keydata.dh; for (i = 0; i < 4; i++) { bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(dh->p)); @@ -540,7 +495,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer) { if (dh == NULL) DST_RET(ISC_R_NOMEMORY); dh->flags &= ~DH_FLAG_CACHE_MONT_P; - key->opaque = dh; + key->keydata.dh = dh; for (i = 0; i < priv.nelements; i++) { BIGNUM *bn; @@ -637,11 +592,11 @@ openssldh_cleanup(void) { } static dst_func_t openssldh_functions = { - NULL, /* createctx */ - NULL, /* destroyctx */ - NULL, /* adddata */ - NULL, /* openssldh_sign */ - NULL, /* openssldh_verify */ + NULL, /*%< createctx */ + NULL, /*%< destroyctx */ + NULL, /*%< adddata */ + NULL, /*%< openssldh_sign */ + NULL, /*%< openssldh_verify */ openssldh_computesecret, openssldh_compare, openssldh_paramcompare, @@ -679,3 +634,4 @@ dst__openssldh_init(dst_func_t **funcp) { EMPTY_TRANSLATION_UNIT #endif /* OPENSSL */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/openssldsa_link.c b/contrib/bind-9.5.2/lib/dns/openssldsa_link.c similarity index 70% rename from contrib/bind-9.3/lib/dns/openssldsa_link.c rename to contrib/bind-9.5.2/lib/dns/openssldsa_link.c index 267bfe8d13..3991182b3a 100644 --- a/contrib/bind-9.3/lib/dns/openssldsa_link.c +++ b/contrib/bind-9.5.2/lib/dns/openssldsa_link.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR + * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: openssldsa_link.c,v 1.1.4.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: openssldsa_link.c,v 1.11.92.2 2009/01/14 23:46:33 tbox Exp $ */ #ifdef OPENSSL @@ -47,24 +60,24 @@ openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) { sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t)); isc_sha1_init(sha1ctx); - dctx->opaque = sha1ctx; + dctx->ctxdata.sha1ctx = sha1ctx; return (ISC_R_SUCCESS); } static void openssldsa_destroyctx(dst_context_t *dctx) { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; if (sha1ctx != NULL) { isc_sha1_invalidate(sha1ctx); isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t)); - dctx->opaque = NULL; + dctx->ctxdata.sha1ctx = NULL; } } static isc_result_t openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_update(sha1ctx, data->base, data->length); return (ISC_R_SUCCESS); @@ -81,9 +94,9 @@ BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) { static isc_result_t openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; dst_key_t *key = dctx->key; - DSA *dsa = key->opaque; + DSA *dsa = key->keydata.dsa; DSA_SIG *dsasig; isc_region_t r; unsigned char digest[ISC_SHA1_DIGESTLENGTH]; @@ -111,9 +124,9 @@ openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { static isc_result_t openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; dst_key_t *key = dctx->key; - DSA *dsa = key->opaque; + DSA *dsa = key->keydata.dsa; DSA_SIG *dsasig; int status = 0; unsigned char digest[ISC_SHA1_DIGESTLENGTH]; @@ -124,7 +137,7 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { if (sig->length < 2 * ISC_SHA1_DIGESTLENGTH + 1) return (DST_R_VERIFYFAILURE); - cp++; /* Skip T */ + cp++; /*%< Skip T */ dsasig = DSA_SIG_new(); dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); cp += ISC_SHA1_DIGESTLENGTH; @@ -133,7 +146,7 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa); DSA_SIG_free(dsasig); - if (status == 0) + if (status != 1) return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); return (ISC_R_SUCCESS); @@ -144,8 +157,8 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { int status; DSA *dsa1, *dsa2; - dsa1 = (DSA *) key1->opaque; - dsa2 = (DSA *) key2->opaque; + dsa1 = key1->keydata.dsa; + dsa2 = key2->keydata.dsa; if (dsa1 == NULL && dsa2 == NULL) return (ISC_TRUE); @@ -169,85 +182,11 @@ openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) { return (ISC_TRUE); } -#ifndef HAVE_DSA_GENERATE_PARAMETERS -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -static DSA * -DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) -{ - BN_GENCB cb; - DSA *dsa; - - dsa = DSA_new(); - if (dsa != NULL) { - - BN_GENCB_set_old(&cb, callback, cb_arg); - - if (DSA_generate_parameters_ex(dsa, bits, seed_in, seed_len, - counter_ret, h_ret, &cb)) - return (dsa); - DSA_free(dsa); - } - return (NULL); -} -#endif - static isc_result_t openssldsa_generate(dst_key_t *key, int unused) { +#if OPENSSL_VERSION_NUMBER > 0x00908000L + BN_GENCB cb; +#endif DSA *dsa; unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; isc_result_t result; @@ -259,12 +198,27 @@ openssldsa_generate(dst_key_t *key, int unused) { if (result != ISC_R_SUCCESS) return (result); +#if OPENSSL_VERSION_NUMBER > 0x00908000L + dsa = DSA_new(); + if (dsa == NULL) + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + + BN_GENCB_set_old(&cb, NULL, NULL); + + if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array, + ISC_SHA1_DIGESTLENGTH, NULL, NULL, + &cb)) + { + DSA_free(dsa); + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); + } +#else dsa = DSA_generate_parameters(key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, NULL, NULL); - if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); +#endif if (DSA_generate_key(dsa) == 0) { DSA_free(dsa); @@ -272,22 +226,22 @@ openssldsa_generate(dst_key_t *key, int unused) { } dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; - key->opaque = dsa; + key->keydata.dsa = dsa; return (ISC_R_SUCCESS); } static isc_boolean_t openssldsa_isprivate(const dst_key_t *key) { - DSA *dsa = (DSA *) key->opaque; + DSA *dsa = key->keydata.dsa; return (ISC_TF(dsa != NULL && dsa->priv_key != NULL)); } static void openssldsa_destroy(dst_key_t *key) { - DSA *dsa = key->opaque; + DSA *dsa = key->keydata.dsa; DSA_free(dsa); - key->opaque = NULL; + key->keydata.dsa = NULL; } @@ -298,9 +252,9 @@ openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) { int dnslen; unsigned int t, p_bytes; - REQUIRE(key->opaque != NULL); + REQUIRE(key->keydata.dsa != NULL); - dsa = (DSA *) key->opaque; + dsa = key->keydata.dsa; isc_buffer_availableregion(data, &r); @@ -374,7 +328,7 @@ openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes); - key->opaque = (void *) dsa; + key->keydata.dsa = dsa; return (ISC_R_SUCCESS); } @@ -387,10 +341,10 @@ openssldsa_tofile(const dst_key_t *key, const char *directory) { dst_private_t priv; unsigned char bufs[5][128]; - if (key->opaque == NULL) + if (key->keydata.dsa == NULL) return (DST_R_NULLKEY); - dsa = (DSA *) key->opaque; + dsa = key->keydata.dsa; priv.elements[cnt].tag = TAG_DSA_PRIME; priv.elements[cnt].length = BN_num_bytes(dsa->p); @@ -444,7 +398,7 @@ openssldsa_parse(dst_key_t *key, isc_lex_t *lexer) { if (dsa == NULL) DST_RET(ISC_R_NOMEMORY); dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; - key->opaque = dsa; + key->keydata.dsa = dsa; for (i=0; i < priv.nelements; i++) { BIGNUM *bn; @@ -490,9 +444,9 @@ static dst_func_t openssldsa_functions = { openssldsa_adddata, openssldsa_sign, openssldsa_verify, - NULL, /* computesecret */ + NULL, /*%< computesecret */ openssldsa_compare, - NULL, /* paramcompare */ + NULL, /*%< paramcompare */ openssldsa_generate, openssldsa_isprivate, openssldsa_destroy, @@ -500,7 +454,7 @@ static dst_func_t openssldsa_functions = { openssldsa_fromdns, openssldsa_tofile, openssldsa_parse, - NULL, /* cleanup */ + NULL, /*%< cleanup */ }; isc_result_t @@ -518,3 +472,4 @@ dst__openssldsa_init(dst_func_t **funcp) { EMPTY_TRANSLATION_UNIT #endif /* OPENSSL */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/opensslrsa_link.c b/contrib/bind-9.5.2/lib/dns/opensslrsa_link.c similarity index 89% rename from contrib/bind-9.3/lib/dns/opensslrsa_link.c rename to contrib/bind-9.5.2/lib/dns/opensslrsa_link.c index c33913ce3d..a3544a9800 100644 --- a/contrib/bind-9.3/lib/dns/opensslrsa_link.c +++ b/contrib/bind-9.5.2/lib/dns/opensslrsa_link.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: opensslrsa_link.c,v 1.1.4.9 2006/11/07 21:28:40 marka Exp $ + * $Id: opensslrsa_link.c,v 1.16.128.3 2009/01/19 00:01:10 marka Exp $ */ #ifdef OPENSSL @@ -50,15 +50,15 @@ #ifdef WIN32 #if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \ OPENSSL_VERSION_NUMBER < 0x00908000L) || \ - OPENSSL_VERSION_NUMBER >= 0x0090804fL) + OPENSSL_VERSION_NUMBER >= 0x0090804fL) #error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater. #endif #endif /* - * XXXMPA Temporarially disable RSA_BLINDING as it requires - * good quality random data that cannot currently be guarenteed. + * XXXMPA Temporarily disable RSA_BLINDING as it requires + * good quality random data that cannot currently be guaranteed. * XXXMPA Find which versions of openssl use pseudo random data * and set RSA_FLAG_BLINDING for those. */ @@ -112,7 +112,7 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { if (md5ctx == NULL) return (ISC_R_NOMEMORY); isc_md5_init(md5ctx); - dctx->opaque = md5ctx; + dctx->ctxdata.md5ctx = md5ctx; } else { isc_sha1_t *sha1ctx; @@ -120,7 +120,7 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { if (sha1ctx == NULL) return (ISC_R_NOMEMORY); isc_sha1_init(sha1ctx); - dctx->opaque = sha1ctx; + dctx->ctxdata.sha1ctx = sha1ctx; } return (ISC_R_SUCCESS); @@ -132,21 +132,22 @@ opensslrsa_destroyctx(dst_context_t *dctx) { dctx->key->key_alg == DST_ALG_RSASHA1); if (dctx->key->key_alg == DST_ALG_RSAMD5) { - isc_md5_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; if (md5ctx != NULL) { isc_md5_invalidate(md5ctx); isc_mem_put(dctx->mctx, md5ctx, sizeof(isc_md5_t)); + dctx->ctxdata.md5ctx = NULL; } } else { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; if (sha1ctx != NULL) { isc_sha1_invalidate(sha1ctx); isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t)); + dctx->ctxdata.sha1ctx = NULL; } } - dctx->opaque = NULL; } static isc_result_t @@ -155,10 +156,10 @@ opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) { dctx->key->key_alg == DST_ALG_RSASHA1); if (dctx->key->key_alg == DST_ALG_RSAMD5) { - isc_md5_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; isc_md5_update(md5ctx, data->base, data->length); } else { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_update(sha1ctx, data->base, data->length); } return (ISC_R_SUCCESS); @@ -167,7 +168,7 @@ opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) { static isc_result_t opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { dst_key_t *key = dctx->key; - RSA *rsa = key->opaque; + RSA *rsa = key->keydata.rsa; isc_region_t r; /* note: ISC_SHA1_DIGESTLENGTH > ISC_MD5_DIGESTLENGTH */ unsigned char digest[ISC_SHA1_DIGESTLENGTH]; @@ -189,12 +190,12 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { return (ISC_R_NOSPACE); if (dctx->key->key_alg == DST_ALG_RSAMD5) { - isc_md5_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } else { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; @@ -219,7 +220,7 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { static isc_result_t opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { dst_key_t *key = dctx->key; - RSA *rsa = key->opaque; + RSA *rsa = key->keydata.rsa; /* note: ISC_SHA1_DIGESTLENGTH > ISC_MD5_DIGESTLENGTH */ unsigned char digest[ISC_SHA1_DIGESTLENGTH]; int status = 0; @@ -230,12 +231,12 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { dctx->key->key_alg == DST_ALG_RSASHA1); if (dctx->key->key_alg == DST_ALG_RSAMD5) { - isc_md5_t *md5ctx = dctx->opaque; + isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } else { - isc_sha1_t *sha1ctx = dctx->opaque; + isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; @@ -246,7 +247,7 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { status = RSA_verify(type, digest, digestlen, sig->base, RSA_size(rsa), rsa); - if (status == 0) + if (status != 1) return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); return (ISC_R_SUCCESS); @@ -257,8 +258,8 @@ opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) { int status; RSA *rsa1, *rsa2; - rsa1 = (RSA *) key1->opaque; - rsa2 = (RSA *) key2->opaque; + rsa1 = key1->keydata.rsa; + rsa2 = key2->keydata.rsa; if (rsa1 == NULL && rsa2 == NULL) return (ISC_TRUE); @@ -309,7 +310,7 @@ opensslrsa_generate(dst_key_t *key, int exp) { if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) { BN_free(e); SET_FLAGS(rsa); - key->opaque = rsa; + key->keydata.rsa = rsa; return (ISC_R_SUCCESS); } @@ -331,7 +332,7 @@ err: if (rsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); SET_FLAGS(rsa); - key->opaque = rsa; + key->keydata.rsa = rsa; return (ISC_R_SUCCESS); #endif @@ -339,15 +340,15 @@ err: static isc_boolean_t opensslrsa_isprivate(const dst_key_t *key) { - RSA *rsa = (RSA *) key->opaque; + RSA *rsa = (RSA *) key->keydata.rsa; return (ISC_TF(rsa != NULL && rsa->d != NULL)); } static void opensslrsa_destroy(dst_key_t *key) { - RSA *rsa = key->opaque; + RSA *rsa = key->keydata.rsa; RSA_free(rsa); - key->opaque = NULL; + key->keydata.rsa = NULL; } @@ -358,16 +359,16 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { unsigned int e_bytes; unsigned int mod_bytes; - REQUIRE(key->opaque != NULL); + REQUIRE(key->keydata.rsa != NULL); - rsa = (RSA *) key->opaque; + rsa = key->keydata.rsa; isc_buffer_availableregion(data, &r); e_bytes = BN_num_bytes(rsa->e); mod_bytes = BN_num_bytes(rsa->n); - if (e_bytes < 256) { /* key exponent is <= 2040 bits */ + if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */ if (r.length < 1) return (ISC_R_NOSPACE); isc_buffer_putuint8(data, (isc_uint8_t) e_bytes); @@ -403,7 +404,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { rsa = RSA_new(); if (rsa == NULL) - return (ISC_R_NOMEMORY); + return (dst__openssl_toresult(ISC_R_NOMEMORY)); SET_FLAGS(rsa); if (r.length < 1) { @@ -437,7 +438,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_buffer_forward(data, r.length); - key->opaque = (void *) rsa; + key->keydata.rsa = rsa; return (ISC_R_SUCCESS); } @@ -451,10 +452,10 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) { unsigned char *bufs[8]; isc_result_t result; - if (key->opaque == NULL) + if (key->keydata.rsa == NULL) return (DST_R_NULLKEY); - rsa = (RSA *) key->opaque; + rsa = key->keydata.rsa; for (i = 0; i < 8; i++) { bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n)); @@ -543,7 +544,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) { if (rsa == NULL) DST_RET(ISC_R_NOMEMORY); SET_FLAGS(rsa); - key->opaque = rsa; + key->keydata.rsa = rsa; for (i = 0; i < priv.nelements; i++) { BIGNUM *bn; @@ -598,9 +599,9 @@ static dst_func_t opensslrsa_functions = { opensslrsa_adddata, opensslrsa_sign, opensslrsa_verify, - NULL, /* computesecret */ + NULL, /*%< computesecret */ opensslrsa_compare, - NULL, /* paramcompare */ + NULL, /*%< paramcompare */ opensslrsa_generate, opensslrsa_isprivate, opensslrsa_destroy, @@ -608,7 +609,7 @@ static dst_func_t opensslrsa_functions = { opensslrsa_fromdns, opensslrsa_tofile, opensslrsa_parse, - NULL, /* cleanup */ + NULL, /*%< cleanup */ }; isc_result_t @@ -626,3 +627,4 @@ dst__opensslrsa_init(dst_func_t **funcp) { EMPTY_TRANSLATION_UNIT #endif /* OPENSSL */ +/*! \file */ diff --git a/contrib/bind-9.3/lib/dns/order.c b/contrib/bind-9.5.2/lib/dns/order.c similarity index 90% rename from contrib/bind-9.3/lib/dns/order.c rename to contrib/bind-9.5.2/lib/dns/order.c index f09afedf6d..853b00196d 100644 --- a/contrib/bind-9.3/lib/dns/order.c +++ b/contrib/bind-9.5.2/lib/dns/order.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: order.c,v 1.4.202.4 2004/03/08 09:04:30 marka Exp $ */ +/* $Id: order.c,v 1.10 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -53,6 +55,8 @@ struct dns_order { isc_result_t dns_order_create(isc_mem_t *mctx, dns_order_t **orderp) { dns_order_t *order; + isc_result_t result; + REQUIRE(orderp != NULL && *orderp == NULL); order = isc_mem_get(mctx, sizeof(*order)); @@ -60,7 +64,13 @@ dns_order_create(isc_mem_t *mctx, dns_order_t **orderp) { return (ISC_R_NOMEMORY); ISC_LIST_INIT(order->ents); - isc_refcount_init(&order->references, 1); /* Implicit attach. */ + + /* Implicit attach. */ + result = isc_refcount_init(&order->references, 1); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, order, sizeof(*order)); + return (result); + } order->mctx = NULL; isc_mem_attach(mctx, &order->mctx); diff --git a/contrib/bind-9.3/lib/dns/peer.c b/contrib/bind-9.5.2/lib/dns/peer.c similarity index 70% rename from contrib/bind-9.3/lib/dns/peer.c rename to contrib/bind-9.5.2/lib/dns/peer.c index 8b6ccdb2be..c5aad7dcbb 100644 --- a/contrib/bind-9.3/lib/dns/peer.c +++ b/contrib/bind-9.5.2/lib/dns/peer.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: peer.c,v 1.14.2.1.10.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: peer.c,v 1.29.128.2 2008/04/03 06:08:27 tbox Exp $ */ + +/*! \file */ #include @@ -29,7 +31,7 @@ #include #include -/* +/*% * Bit positions in the dns_peer_t structure flags field */ #define BOGUS_BIT 0 @@ -38,6 +40,9 @@ #define PROVIDE_IXFR_BIT 3 #define REQUEST_IXFR_BIT 4 #define SUPPORT_EDNS_BIT 5 +#define SERVER_UDPSIZE_BIT 6 +#define SERVER_MAXUDP_BIT 7 +#define REQUEST_NSID_BIT 8 static void peerlist_delete(dns_peerlist_t **list); @@ -65,7 +70,6 @@ dns_peerlist_new(isc_mem_t *mem, dns_peerlist_t **list) { return (ISC_R_SUCCESS); } - void dns_peerlist_attach(dns_peerlist_t *source, dns_peerlist_t **target) { REQUIRE(DNS_PEERLIST_VALID(source)); @@ -130,7 +134,20 @@ dns_peerlist_addpeer(dns_peerlist_t *peers, dns_peer_t *peer) { dns_peer_attach(peer, &p); - ISC_LIST_APPEND(peers->elements, peer, next); + /* + * More specifics to front of list. + */ + for (p = ISC_LIST_HEAD(peers->elements); + p != NULL; + p = ISC_LIST_NEXT(p, next)) + if (p->prefixlen < peer->prefixlen) + break; + + if (p != NULL) + ISC_LIST_INSERTBEFORE(peers->elements, p, peer, next); + else + ISC_LIST_APPEND(peers->elements, peer, next); + } isc_result_t @@ -145,7 +162,8 @@ dns_peerlist_peerbyaddr(dns_peerlist_t *servers, server = ISC_LIST_HEAD(servers->elements); while (server != NULL) { - if (isc_netaddr_equal(addr, &server->address)) + if (isc_netaddr_eqprefix(addr, &server->address, + server->prefixlen)) break; server = ISC_LIST_NEXT(server, next); @@ -176,6 +194,27 @@ dns_peerlist_currpeer(dns_peerlist_t *peers, dns_peer_t **retval) { isc_result_t dns_peer_new(isc_mem_t *mem, isc_netaddr_t *addr, dns_peer_t **peerptr) { + unsigned int prefixlen = 0; + + REQUIRE(peerptr != NULL); + switch(addr->family) { + case AF_INET: + prefixlen = 32; + break; + case AF_INET6: + prefixlen = 128; + break; + default: + INSIST(0); + } + + return (dns_peer_newprefix(mem, addr, prefixlen, peerptr)); +} + +isc_result_t +dns_peer_newprefix(isc_mem_t *mem, isc_netaddr_t *addr, unsigned int prefixlen, + dns_peer_t **peerptr) +{ dns_peer_t *peer; REQUIRE(peerptr != NULL); @@ -186,6 +225,7 @@ dns_peer_new(isc_mem_t *mem, isc_netaddr_t *addr, dns_peer_t **peerptr) { peer->magic = DNS_PEER_MAGIC; peer->address = *addr; + peer->prefixlen = prefixlen; peer->mem = mem; peer->bogus = ISC_FALSE; peer->transfer_format = dns_one_answer; @@ -195,6 +235,8 @@ dns_peer_new(isc_mem_t *mem, isc_netaddr_t *addr, dns_peer_t **peerptr) { peer->key = NULL; peer->refs = 1; peer->transfer_source = NULL; + peer->notify_source = NULL; + peer->query_source = NULL; memset(&peer->bitflags, 0x0, sizeof(peer->bitflags)); @@ -374,6 +416,32 @@ dns_peer_getsupportedns(dns_peer_t *peer, isc_boolean_t *retval) { return (ISC_R_NOTFOUND); } +isc_result_t +dns_peer_setrequestnsid(dns_peer_t *peer, isc_boolean_t newval) { + isc_boolean_t existed; + + REQUIRE(DNS_PEER_VALID(peer)); + + existed = DNS_BIT_CHECK(REQUEST_NSID_BIT, &peer->bitflags); + + peer->request_nsid = newval; + DNS_BIT_SET(REQUEST_NSID_BIT, &peer->bitflags); + + return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_getrequestnsid(dns_peer_t *peer, isc_boolean_t *retval) { + REQUIRE(DNS_PEER_VALID(peer)); + REQUIRE(retval != NULL); + + if (DNS_BIT_CHECK(REQUEST_NSID_BIT, &peer->bitflags)) { + *retval = peer->request_nsid; + return (ISC_R_SUCCESS); + } else + return (ISC_R_NOTFOUND); +} + isc_result_t dns_peer_settransfers(dns_peer_t *peer, isc_uint32_t newval) { isc_boolean_t existed; @@ -503,7 +571,7 @@ dns_peer_settransfersource(dns_peer_t *peer, } if (transfer_source != NULL) { peer->transfer_source = isc_mem_get(peer->mem, - sizeof(*peer->transfer_source)); + sizeof(*peer->transfer_source)); if (peer->transfer_source == NULL) return (ISC_R_NOMEMORY); @@ -522,3 +590,123 @@ dns_peer_gettransfersource(dns_peer_t *peer, isc_sockaddr_t *transfer_source) { *transfer_source = *peer->transfer_source; return (ISC_R_SUCCESS); } + +isc_result_t +dns_peer_setnotifysource(dns_peer_t *peer, + const isc_sockaddr_t *notify_source) +{ + REQUIRE(DNS_PEER_VALID(peer)); + + if (peer->notify_source != NULL) { + isc_mem_put(peer->mem, peer->notify_source, + sizeof(*peer->notify_source)); + peer->notify_source = NULL; + } + if (notify_source != NULL) { + peer->notify_source = isc_mem_get(peer->mem, + sizeof(*peer->notify_source)); + if (peer->notify_source == NULL) + return (ISC_R_NOMEMORY); + + *peer->notify_source = *notify_source; + } + return (ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_getnotifysource(dns_peer_t *peer, isc_sockaddr_t *notify_source) { + REQUIRE(DNS_PEER_VALID(peer)); + REQUIRE(notify_source != NULL); + + if (peer->notify_source == NULL) + return (ISC_R_NOTFOUND); + *notify_source = *peer->notify_source; + return (ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_setquerysource(dns_peer_t *peer, const isc_sockaddr_t *query_source) { + REQUIRE(DNS_PEER_VALID(peer)); + + if (peer->query_source != NULL) { + isc_mem_put(peer->mem, peer->query_source, + sizeof(*peer->query_source)); + peer->query_source = NULL; + } + if (query_source != NULL) { + peer->query_source = isc_mem_get(peer->mem, + sizeof(*peer->query_source)); + if (peer->query_source == NULL) + return (ISC_R_NOMEMORY); + + *peer->query_source = *query_source; + } + return (ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_getquerysource(dns_peer_t *peer, isc_sockaddr_t *query_source) { + REQUIRE(DNS_PEER_VALID(peer)); + REQUIRE(query_source != NULL); + + if (peer->query_source == NULL) + return (ISC_R_NOTFOUND); + *query_source = *peer->query_source; + return (ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_setudpsize(dns_peer_t *peer, isc_uint16_t udpsize) { + isc_boolean_t existed; + + REQUIRE(DNS_PEER_VALID(peer)); + + existed = DNS_BIT_CHECK(SERVER_UDPSIZE_BIT, &peer->bitflags); + + peer->udpsize = udpsize; + DNS_BIT_SET(SERVER_UDPSIZE_BIT, &peer->bitflags); + + return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_getudpsize(dns_peer_t *peer, isc_uint16_t *udpsize) { + + REQUIRE(DNS_PEER_VALID(peer)); + REQUIRE(udpsize != NULL); + + if (DNS_BIT_CHECK(SERVER_UDPSIZE_BIT, &peer->bitflags)) { + *udpsize = peer->udpsize; + return (ISC_R_SUCCESS); + } else { + return (ISC_R_NOTFOUND); + } +} + +isc_result_t +dns_peer_setmaxudp(dns_peer_t *peer, isc_uint16_t maxudp) { + isc_boolean_t existed; + + REQUIRE(DNS_PEER_VALID(peer)); + + existed = DNS_BIT_CHECK(SERVER_MAXUDP_BIT, &peer->bitflags); + + peer->maxudp = maxudp; + DNS_BIT_SET(SERVER_MAXUDP_BIT, &peer->bitflags); + + return (existed ? ISC_R_EXISTS : ISC_R_SUCCESS); +} + +isc_result_t +dns_peer_getmaxudp(dns_peer_t *peer, isc_uint16_t *maxudp) { + + REQUIRE(DNS_PEER_VALID(peer)); + REQUIRE(maxudp != NULL); + + if (DNS_BIT_CHECK(SERVER_MAXUDP_BIT, &peer->bitflags)) { + *maxudp = peer->maxudp; + return (ISC_R_SUCCESS); + } else { + return (ISC_R_NOTFOUND); + } +} diff --git a/contrib/bind-9.3/lib/dns/portlist.c b/contrib/bind-9.5.2/lib/dns/portlist.c similarity index 93% rename from contrib/bind-9.3/lib/dns/portlist.c rename to contrib/bind-9.5.2/lib/dns/portlist.c index f65910bbea..5bc89f4829 100644 --- a/contrib/bind-9.3/lib/dns/portlist.c +++ b/contrib/bind-9.5.2/lib/dns/portlist.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: portlist.c,v 1.3.72.6 2006/08/25 05:25:50 marka Exp $ */ +/* $Id: portlist.c,v 1.13 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include @@ -81,12 +83,14 @@ dns_portlist_create(isc_mem_t *mctx, dns_portlist_t **portlistp) { result = isc_mutex_init(&portlist->lock); if (result != ISC_R_SUCCESS) { isc_mem_put(mctx, portlist, sizeof(*portlist)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); + return (result); + } + result = isc_refcount_init(&portlist->refcount, 1); + if (result != ISC_R_SUCCESS) { + DESTROYLOCK(&portlist->lock); + isc_mem_put(mctx, portlist, sizeof(*portlist)); + return (result); } - isc_refcount_init(&portlist->refcount, 1); portlist->list = NULL; portlist->allocated = 0; portlist->active = 0; diff --git a/contrib/bind-9.3/lib/dns/rbt.c b/contrib/bind-9.5.2/lib/dns/rbt.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rbt.c rename to contrib/bind-9.5.2/lib/dns/rbt.c index ecff783724..155e253f9a 100644 --- a/contrib/bind-9.3/lib/dns/rbt.c +++ b/contrib/bind-9.5.2/lib/dns/rbt.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbt.c,v 1.115.2.2.2.13 2005/06/18 01:03:24 marka Exp $ */ +/* $Id: rbt.c,v 1.138.36.5 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ /* Principal Authors: DCL */ @@ -24,106 +26,107 @@ #include #include #include +#include #include #include -/* +/*% * This define is so dns/name.h (included by dns/fixedname.h) uses more * efficient macro calls instead of functions for a few operations. */ #define DNS_NAME_USEINLINE 1 #include +#include #include #include -#define RBT_MAGIC ISC_MAGIC('R', 'B', 'T', '+') -#define VALID_RBT(rbt) ISC_MAGIC_VALID(rbt, RBT_MAGIC) +#define RBT_MAGIC ISC_MAGIC('R', 'B', 'T', '+') +#define VALID_RBT(rbt) ISC_MAGIC_VALID(rbt, RBT_MAGIC) /* * XXXDCL Since parent pointers were added in again, I could remove all of the * chain junk, and replace with dns_rbt_firstnode, _previousnode, _nextnode, * _lastnode. This would involve pretty major change to the API. */ -#define CHAIN_MAGIC ISC_MAGIC('0', '-', '0', '-') -#define VALID_CHAIN(chain) ISC_MAGIC_VALID(chain, CHAIN_MAGIC) +#define CHAIN_MAGIC ISC_MAGIC('0', '-', '0', '-') +#define VALID_CHAIN(chain) ISC_MAGIC_VALID(chain, CHAIN_MAGIC) -#define RBT_HASH_SIZE 64 +#define RBT_HASH_SIZE 64 #ifdef RBT_MEM_TEST #undef RBT_HASH_SIZE -#define RBT_HASH_SIZE 2 /* To give the reallocation code a workout. */ +#define RBT_HASH_SIZE 2 /*%< To give the reallocation code a workout. */ #endif struct dns_rbt { - unsigned int magic; - isc_mem_t * mctx; - dns_rbtnode_t * root; - void (*data_deleter)(void *, void *); - void * deleter_arg; - unsigned int nodecount; - unsigned int hashsize; - dns_rbtnode_t ** hashtable; + unsigned int magic; + isc_mem_t * mctx; + dns_rbtnode_t * root; + void (*data_deleter)(void *, void *); + void * deleter_arg; + unsigned int nodecount; + unsigned int hashsize; + dns_rbtnode_t ** hashtable; }; #define RED 0 #define BLACK 1 -/* +/*% * Elements of the rbtnode structure. */ -#define PARENT(node) ((node)->parent) -#define LEFT(node) ((node)->left) -#define RIGHT(node) ((node)->right) -#define DOWN(node) ((node)->down) -#define DATA(node) ((node)->data) -#define HASHNEXT(node) ((node)->hashnext) -#define HASHVAL(node) ((node)->hashval) -#define COLOR(node) ((node)->color) -#define NAMELEN(node) ((node)->namelen) -#define OFFSETLEN(node) ((node)->offsetlen) -#define ATTRS(node) ((node)->attributes) -#define PADBYTES(node) ((node)->padbytes) -#define IS_ROOT(node) ISC_TF((node)->is_root == 1) -#define FINDCALLBACK(node) ISC_TF((node)->find_callback == 1) - -/* +#define PARENT(node) ((node)->parent) +#define LEFT(node) ((node)->left) +#define RIGHT(node) ((node)->right) +#define DOWN(node) ((node)->down) +#define DATA(node) ((node)->data) +#define HASHNEXT(node) ((node)->hashnext) +#define HASHVAL(node) ((node)->hashval) +#define COLOR(node) ((node)->color) +#define NAMELEN(node) ((node)->namelen) +#define OFFSETLEN(node) ((node)->offsetlen) +#define ATTRS(node) ((node)->attributes) +#define PADBYTES(node) ((node)->padbytes) +#define IS_ROOT(node) ISC_TF((node)->is_root == 1) +#define FINDCALLBACK(node) ISC_TF((node)->find_callback == 1) + +/*% * Structure elements from the rbtdb.c, not * used as part of the rbt.c algorithms. */ -#define DIRTY(node) ((node)->dirty) -#define WILD(node) ((node)->wild) -#define LOCKNUM(node) ((node)->locknum) -#define REFS(node) ((node)->references) +#define DIRTY(node) ((node)->dirty) +#define WILD(node) ((node)->wild) +#define LOCKNUM(node) ((node)->locknum) -/* +/*% * The variable length stuff stored after the node. */ -#define NAME(node) ((unsigned char *)((node) + 1)) -#define OFFSETS(node) (NAME(node) + NAMELEN(node)) +#define NAME(node) ((unsigned char *)((node) + 1)) +#define OFFSETS(node) (NAME(node) + NAMELEN(node)) -#define NODE_SIZE(node) (sizeof(*node) + \ +#define NODE_SIZE(node) (sizeof(*node) + \ NAMELEN(node) + OFFSETLEN(node) + PADBYTES(node)) -/* +/*% * Color management. */ -#define IS_RED(node) ((node) != NULL && (node)->color == RED) -#define IS_BLACK(node) ((node) == NULL || (node)->color == BLACK) -#define MAKE_RED(node) ((node)->color = RED) -#define MAKE_BLACK(node) ((node)->color = BLACK) +#define IS_RED(node) ((node) != NULL && (node)->color == RED) +#define IS_BLACK(node) ((node) == NULL || (node)->color == BLACK) +#define MAKE_RED(node) ((node)->color = RED) +#define MAKE_BLACK(node) ((node)->color = BLACK) -/* +/*% * Chain management. * * The "ancestors" member of chains were removed, with their job now - * being wholy handled by parent pointers (which didn't exist, because + * being wholly handled by parent pointers (which didn't exist, because * of memory concerns, when chains were first implemented). */ #define ADD_LEVEL(chain, node) \ (chain)->levels[(chain)->level_count++] = (node) -/* +/*% * The following macros directly access normally private name variables. * These macros are used to avoid a lot of function calls in the critical * path of the tree traversal code. @@ -201,7 +204,7 @@ static inline void rotate_right(dns_rbtnode_t *node, dns_rbtnode_t **rootp); static void -dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order, +dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order, dns_rbtnode_t **rootp); static void @@ -225,7 +228,7 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *), isc_result_t result; #endif dns_rbt_t *rbt; - + REQUIRE(mctx != NULL); REQUIRE(rbtp != NULL && *rbtp == NULL); @@ -242,6 +245,7 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *), rbt->nodecount = 0; rbt->hashtable = NULL; rbt->hashsize = 0; + #ifdef DNS_RBT_USEHASH result = inithash(rbt); if (result != ISC_R_SUCCESS) { @@ -249,6 +253,7 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *), return (result); } #endif + rbt->magic = RBT_MAGIC; *rbtp = rbt; @@ -574,7 +579,7 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) { rbt->nodecount++; dns_name_getlabelsequence(name, nlabels - hlabels, - hlabels, new_name); + hlabels, new_name); hash_node(rbt, new_current, new_name); if (common_labels == @@ -770,7 +775,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, dns_name_init(&hash_name, NULL); hashagain: - /* + /* * Hash includes tail. */ dns_name_getlabelsequence(name, @@ -830,7 +835,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, */ current = NULL; continue; - + nohash: #endif /* DNS_RBT_USEHASH */ /* @@ -1140,7 +1145,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, NULL); if (result2 == ISC_R_SUCCESS || result2 == DNS_R_NEWORIGIN) - ; /* Nothing. */ + ; /* Nothing. */ else if (result2 == ISC_R_NOMORE) /* * There is no predecessor. @@ -1272,8 +1277,7 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse) == ISC_R_SUCCESS); else { if (DATA(node) != NULL && rbt->data_deleter != NULL) - rbt->data_deleter(DATA(node), - rbt->deleter_arg); + rbt->data_deleter(DATA(node), rbt->deleter_arg); DATA(node) = NULL; /* @@ -1310,6 +1314,7 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse) #if DNS_RBT_USEMAGIC node->magic = 0; #endif + dns_rbtnode_refdestroy(node); isc_mem_put(rbt->mctx, node, NODE_SIZE(node)); rbt->nodecount--; @@ -1372,7 +1377,7 @@ dns_rbt_fullnamefromnode(dns_rbtnode_t *node, dns_name_t *name) { result = dns_name_concatenate(name, ¤t, name, NULL); if (result != ISC_R_SUCCESS) break; - + node = find_up(node); } while (! dns_name_isabsolute(name)); @@ -1433,10 +1438,12 @@ create_node(isc_mem_t *mctx, dns_name_t *name, dns_rbtnode_t **nodep) { HASHVAL(node) = 0; #endif + ISC_LINK_INIT(node, deadlink); + LOCKNUM(node) = 0; - REFS(node) = 0; WILD(node) = 0; DIRTY(node) = 0; + dns_rbtnode_refinit(node, 0); node->find_callback = 0; MAKE_BLACK(node); @@ -1448,9 +1455,9 @@ create_node(isc_mem_t *mctx, dns_name_t *name, dns_rbtnode_t **nodep) { * and the name's offsets table. * * XXX RTH - * The offsets table could be made smaller by eliminating the - * first offset, which is always 0. This requires changes to - * lib/dns/name.c. + * The offsets table could be made smaller by eliminating the + * first offset, which is always 0. This requires changes to + * lib/dns/name.c. */ NAMELEN(node) = region.length; PADBYTES(node) = 0; @@ -1639,7 +1646,7 @@ rotate_right(dns_rbtnode_t *node, dns_rbtnode_t **rootp) { * true red/black tree on a single level. */ static void -dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order, +dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order, dns_rbtnode_t **rootp) { dns_rbtnode_t *child, *root, *parent, *grandparent; @@ -1931,7 +1938,7 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) { } else { /* * Child is parent's right child. - * Everything is doen the same as above, + * Everything is done the same as above, * except mirrored. */ sibling = LEFT(parent); @@ -2024,6 +2031,7 @@ dns_rbt_deletetree(dns_rbt_t *rbt, dns_rbtnode_t *node) { #if DNS_RBT_USEMAGIC node->magic = 0; #endif + isc_mem_put(rbt->mctx, node, NODE_SIZE(node)); rbt->nodecount--; return (result); @@ -2048,10 +2056,6 @@ dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum, node = LEFT(node); goto traverse; } - if (RIGHT(node) != NULL) { - node = RIGHT(node); - goto traverse; - } if (DOWN(node) != NULL) { node = DOWN(node); goto traverse; @@ -2062,20 +2066,22 @@ dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum, /* * Note: we don't call unhash_node() here as we are destroying - * the complete rbt tree. - */ + * the complete rbt tree. + */ #if DNS_RBT_USEMAGIC node->magic = 0; #endif parent = PARENT(node); + if (RIGHT(node) != NULL) + PARENT(RIGHT(node)) = parent; if (parent != NULL) { if (LEFT(parent) == node) - LEFT(parent) = NULL; + LEFT(parent) = RIGHT(node); else if (DOWN(parent) == node) - DOWN(parent) = NULL; - else if (RIGHT(parent) == node) - RIGHT(parent) = NULL; - } + DOWN(parent) = RIGHT(node); + } else + parent = RIGHT(node); + isc_mem_put(rbt->mctx, node, NODE_SIZE(node)); rbt->nodecount--; node = parent; @@ -2188,6 +2194,7 @@ dns_rbtnodechain_init(dns_rbtnodechain_t *chain, isc_mem_t *mctx) { chain->end = NULL; chain->level_count = 0; chain->level_matches = 0; + memset(chain->levels, 0, sizeof(chain->levels)); chain->magic = CHAIN_MAGIC; } @@ -2397,7 +2404,7 @@ dns_rbtnodechain_next(dns_rbtnodechain_t *chain, dns_name_t *name, * reached without having traversed any left links, ascend one * level and look for either a right link off the point of * ascent, or search for a left link upward again, repeating - * ascents until either case is true. + * ascends until either case is true. */ do { while (! IS_ROOT(current)) { diff --git a/contrib/bind-9.3/lib/dns/rbtdb.c b/contrib/bind-9.5.2/lib/dns/rbtdb.c similarity index 61% rename from contrib/bind-9.3/lib/dns/rbtdb.c rename to contrib/bind-9.5.2/lib/dns/rbtdb.c index 8930d355fd..ad931bdff7 100644 --- a/contrib/bind-9.3/lib/dns/rbtdb.c +++ b/contrib/bind-9.5.2/lib/dns/rbtdb.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.168.2.11.2.26 2006/03/02 23:18:20 marka Exp $ */ +/* $Id: rbtdb.c,v 1.248.12.18 2009/05/06 23:34:47 jinmei Exp $ */ + +/*! \file */ /* * Principal Author: Bob Halley @@ -23,8 +25,10 @@ #include +#include #include #include +#include #include #include #include @@ -32,12 +36,15 @@ #include #include #include +#include #include +#include #include #include #include #include +#include #include #include #include @@ -46,6 +53,9 @@ #include #include #include +#include +#include +#include #include #ifdef DNS_RBTDB_VERSION64 @@ -55,21 +65,21 @@ #endif #ifdef DNS_RBTDB_VERSION64 -#define RBTDB_MAGIC ISC_MAGIC('R', 'B', 'D', '8') +#define RBTDB_MAGIC ISC_MAGIC('R', 'B', 'D', '8') #else -#define RBTDB_MAGIC ISC_MAGIC('R', 'B', 'D', '4') +#define RBTDB_MAGIC ISC_MAGIC('R', 'B', 'D', '4') #endif -/* +/*% * Note that "impmagic" is not the first four bytes of the struct, so * ISC_MAGIC_VALID cannot be used. */ -#define VALID_RBTDB(rbtdb) ((rbtdb) != NULL && \ +#define VALID_RBTDB(rbtdb) ((rbtdb) != NULL && \ (rbtdb)->common.impmagic == RBTDB_MAGIC) #ifdef DNS_RBTDB_VERSION64 -typedef isc_uint64_t rbtdb_serial_t; -/* +typedef isc_uint64_t rbtdb_serial_t; +/*% * Make casting easier in symbolic debuggers by using different names * for the 64 bit version. */ @@ -77,14 +87,14 @@ typedef isc_uint64_t rbtdb_serial_t; #define rdatasetheader_t rdatasetheader64_t #define rbtdb_version_t rbtdb_version64_t #else -typedef isc_uint32_t rbtdb_serial_t; +typedef isc_uint32_t rbtdb_serial_t; #endif -typedef isc_uint32_t rbtdb_rdatatype_t; +typedef isc_uint32_t rbtdb_rdatatype_t; -#define RBTDB_RDATATYPE_BASE(type) ((dns_rdatatype_t)((type) & 0xFFFF)) -#define RBTDB_RDATATYPE_EXT(type) ((dns_rdatatype_t)((type) >> 16)) -#define RBTDB_RDATATYPE_VALUE(b, e) (((e) << 16) | (b)) +#define RBTDB_RDATATYPE_BASE(type) ((dns_rdatatype_t)((type) & 0xFFFF)) +#define RBTDB_RDATATYPE_EXT(type) ((dns_rdatatype_t)((type) >> 16)) +#define RBTDB_RDATATYPE_VALUE(b, e) (((e) << 16) | (b)) #define RBTDB_RDATATYPE_SIGNSEC \ RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_nsec) @@ -98,61 +108,190 @@ typedef isc_uint32_t rbtdb_rdatatype_t; RBTDB_RDATATYPE_VALUE(0, dns_rdatatype_any) /* - * Allow clients with a virtual time of upto 5 minutes in the past to see + * We use rwlock for DB lock only when ISC_RWLOCK_USEATOMIC is non 0. + * Using rwlock is effective with regard to lookup performance only when + * it is implemented in an efficient way. + * Otherwise, it is generally wise to stick to the simple locking since rwlock + * would require more memory or can even make lookups slower due to its own + * overhead (when it internally calls mutex locks). + */ +#ifdef ISC_RWLOCK_USEATOMIC +#define DNS_RBTDB_USERWLOCK 1 +#else +#define DNS_RBTDB_USERWLOCK 0 +#endif + +#if DNS_RBTDB_USERWLOCK +#define RBTDB_INITLOCK(l) isc_rwlock_init((l), 0, 0) +#define RBTDB_DESTROYLOCK(l) isc_rwlock_destroy(l) +#define RBTDB_LOCK(l, t) RWLOCK((l), (t)) +#define RBTDB_UNLOCK(l, t) RWUNLOCK((l), (t)) +#else +#define RBTDB_INITLOCK(l) isc_mutex_init(l) +#define RBTDB_DESTROYLOCK(l) DESTROYLOCK(l) +#define RBTDB_LOCK(l, t) LOCK(l) +#define RBTDB_UNLOCK(l, t) UNLOCK(l) +#endif + +/* + * Since node locking is sensitive to both performance and memory footprint, + * we need some trick here. If we have both high-performance rwlock and + * high performance and small-memory reference counters, we use rwlock for + * node lock and isc_refcount for node references. In this case, we don't have + * to protect the access to the counters by locks. + * Otherwise, we simply use ordinary mutex lock for node locking, and use + * simple integers as reference counters which is protected by the lock. + * In most cases, we can simply use wrapper macros such as NODE_LOCK and + * NODE_UNLOCK. In some other cases, however, we need to protect reference + * counters first and then protect other parts of a node as read-only data. + * Special additional macros, NODE_STRONGLOCK(), NODE_WEAKLOCK(), etc, are also + * provided for these special cases. When we can use the efficient backend + * routines, we should only protect the "other members" by NODE_WEAKLOCK(read). + * Otherwise, we should use NODE_STRONGLOCK() to protect the entire critical + * section including the access to the reference counter. + * Note that we cannot use NODE_LOCK()/NODE_UNLOCK() wherever the protected + * section is also protected by NODE_STRONGLOCK(). + */ +#if defined(ISC_RWLOCK_USEATOMIC) && defined(DNS_RBT_USEISCREFCOUNT) +typedef isc_rwlock_t nodelock_t; + +#define NODE_INITLOCK(l) isc_rwlock_init((l), 0, 0) +#define NODE_DESTROYLOCK(l) isc_rwlock_destroy(l) +#define NODE_LOCK(l, t) RWLOCK((l), (t)) +#define NODE_UNLOCK(l, t) RWUNLOCK((l), (t)) +#define NODE_TRYUPGRADE(l) isc_rwlock_tryupgrade(l) + +#define NODE_STRONGLOCK(l) ((void)0) +#define NODE_STRONGUNLOCK(l) ((void)0) +#define NODE_WEAKLOCK(l, t) NODE_LOCK(l, t) +#define NODE_WEAKUNLOCK(l, t) NODE_UNLOCK(l, t) +#define NODE_WEAKDOWNGRADE(l) isc_rwlock_downgrade(l) +#else +typedef isc_mutex_t nodelock_t; + +#define NODE_INITLOCK(l) isc_mutex_init(l) +#define NODE_DESTROYLOCK(l) DESTROYLOCK(l) +#define NODE_LOCK(l, t) LOCK(l) +#define NODE_UNLOCK(l, t) UNLOCK(l) +#define NODE_TRYUPGRADE(l) ISC_R_SUCCESS + +#define NODE_STRONGLOCK(l) LOCK(l) +#define NODE_STRONGUNLOCK(l) UNLOCK(l) +#define NODE_WEAKLOCK(l, t) ((void)0) +#define NODE_WEAKUNLOCK(l, t) ((void)0) +#define NODE_WEAKDOWNGRADE(l) ((void)0) +#endif + +/*% + * Whether to rate-limit updating the LRU to avoid possible thread contention. + * Our performance measurement has shown the cost is marginal, so it's defined + * to be 0 by default either with or without threads. + */ +#ifndef DNS_RBTDB_LIMITLRUUPDATE +#define DNS_RBTDB_LIMITLRUUPDATE 0 +#endif + +/* + * Allow clients with a virtual time of up to 5 minutes in the past to see * records that would have otherwise have expired. */ #define RBTDB_VIRTUAL 300 struct noqname { dns_name_t name; - void * nsec; - void * nsecsig; + void * nsec; + void * nsecsig; }; +typedef struct acachectl acachectl_t; + typedef struct rdatasetheader { - /* + /*% * Locked by the owning node's lock. */ - rbtdb_serial_t serial; - dns_ttl_t ttl; - rbtdb_rdatatype_t type; - isc_uint16_t attributes; - dns_trust_t trust; - struct noqname *noqname; - /* + rbtdb_serial_t serial; + dns_ttl_t rdh_ttl; + rbtdb_rdatatype_t type; + isc_uint16_t attributes; + dns_trust_t trust; + struct noqname *noqname; + /*%< * We don't use the LIST macros, because the LIST structure has * both head and tail pointers, and is doubly linked. */ - struct rdatasetheader *next; - /* + struct rdatasetheader *next; + /*%< * If this is the top header for an rdataset, 'next' points * to the top header for the next rdataset (i.e., the next type). * Otherwise, it points up to the header whose down pointer points * at this header. */ - - struct rdatasetheader *down; - /* + + struct rdatasetheader *down; + /*%< * Points to the header for the next older version of * this rdataset. */ - isc_uint32_t count; - /* + isc_uint32_t count; + /*%< * Monotonously increased every time this rdataset is bound so that * it is used as the base of the starting point in DNS responses * when the "cyclic" rrset-order is required. Since the ordering * should not be so crucial, no lock is set for the counter for * performance reasons. */ + + acachectl_t *additional_auth; + acachectl_t *additional_glue; + + dns_rbtnode_t *node; + isc_stdtime_t last_used; + ISC_LINK(struct rdatasetheader) lru_link; + /*%< + * Used for LRU-based cache management. We should probably make + * these cache-DB specific. We might also make it a pointer and + * ensure only the top header has a valid link to save memory. + * The linked-list is locked by the rbtdb->lrulock. + */ + + /* + * It's possible this should not be here anymore, but instead + * referenced from the bucket's heap directly. + */ +#if 0 + isc_heap_t *heap; +#endif + unsigned int heap_index; + /*%< + * Used for TTL-based cache cleaning. + */ } rdatasetheader_t; -#define RDATASET_ATTR_NONEXISTENT 0x0001 -#define RDATASET_ATTR_STALE 0x0002 -#define RDATASET_ATTR_IGNORE 0x0004 -#define RDATASET_ATTR_RETAIN 0x0008 -#define RDATASET_ATTR_NXDOMAIN 0x0010 +typedef ISC_LIST(rdatasetheader_t) rdatasetheaderlist_t; +typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t; + +#define RDATASET_ATTR_NONEXISTENT 0x0001 +#define RDATASET_ATTR_STALE 0x0002 +#define RDATASET_ATTR_IGNORE 0x0004 +#define RDATASET_ATTR_RETAIN 0x0008 +#define RDATASET_ATTR_NXDOMAIN 0x0010 +#define RDATASET_ATTR_RESIGN 0x0020 +#define RDATASET_ATTR_STATCOUNT 0x0040 + +typedef struct acache_cbarg { + dns_rdatasetadditional_t type; + unsigned int count; + dns_db_t *db; + dns_dbnode_t *node; + rdatasetheader_t *header; +} acache_cbarg_t; + +struct acachectl { + dns_acacheentry_t *entry; + acache_cbarg_t *cbarg; +}; /* * XXX @@ -162,7 +301,7 @@ typedef struct rdatasetheader { * expired. */ -#undef IGNORE /* WIN32 winbase.h defines this. */ +#undef IGNORE /* WIN32 winbase.h defines this. */ #define EXISTS(header) \ (((header)->attributes & RDATASET_ATTR_NONEXISTENT) == 0) @@ -175,89 +314,144 @@ typedef struct rdatasetheader { #define NXDOMAIN(header) \ (((header)->attributes & RDATASET_ATTR_NXDOMAIN) != 0) -#define DEFAULT_NODE_LOCK_COUNT 7 /* Should be prime. */ +#define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */ + +/*% + * Number of buckets for cache DB entries (locks, LRU lists, TTL heaps). + * There is a tradeoff issue about configuring this value: if this is too + * small, it may cause heavier contention between threads; if this is too large, + * LRU purge algorithm won't work well (entries tend to be purged prematurely). + * The default value should work well for most environments, but this can + * also be configurable at compilation time via the + * DNS_RBTDB_CACHE_NODE_LOCK_COUNT variable. This value must be larger than + * 1 due to the assumption of overmem_purge(). + */ +#ifdef DNS_RBTDB_CACHE_NODE_LOCK_COUNT +#if DNS_RBTDB_CACHE_NODE_LOCK_COUNT <= 1 +#error "DNS_RBTDB_CACHE_NODE_LOCK_COUNT must be larger than 1" +#else +#define DEFAULT_CACHE_NODE_LOCK_COUNT DNS_RBTDB_CACHE_NODE_LOCK_COUNT +#endif +#else +#define DEFAULT_CACHE_NODE_LOCK_COUNT 16 +#endif /* DNS_RBTDB_CACHE_NODE_LOCK_COUNT */ typedef struct { - isc_mutex_t lock; + nodelock_t lock; + /* Protected in the refcount routines. */ + isc_refcount_t references; /* Locked by lock. */ - unsigned int references; - isc_boolean_t exiting; + isc_boolean_t exiting; } rbtdb_nodelock_t; typedef struct rbtdb_changed { - dns_rbtnode_t * node; - isc_boolean_t dirty; - ISC_LINK(struct rbtdb_changed) link; + dns_rbtnode_t * node; + isc_boolean_t dirty; + ISC_LINK(struct rbtdb_changed) link; } rbtdb_changed_t; -typedef ISC_LIST(rbtdb_changed_t) rbtdb_changedlist_t; +typedef ISC_LIST(rbtdb_changed_t) rbtdb_changedlist_t; typedef struct rbtdb_version { /* Not locked */ - rbtdb_serial_t serial; + rbtdb_serial_t serial; + /* + * Protected in the refcount routines. + * XXXJT: should we change the lock policy based on the refcount + * performance? + */ + isc_refcount_t references; /* Locked by database lock. */ - isc_boolean_t writer; - unsigned int references; - isc_boolean_t commit_ok; - rbtdb_changedlist_t changed_list; - ISC_LINK(struct rbtdb_version) link; + isc_boolean_t writer; + isc_boolean_t commit_ok; + rbtdb_changedlist_t changed_list; + ISC_LINK(struct rbtdb_version) link; } rbtdb_version_t; -typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t; +typedef ISC_LIST(rbtdb_version_t) rbtdb_versionlist_t; typedef struct { /* Unlocked. */ - dns_db_t common; - isc_mutex_t lock; - isc_rwlock_t tree_lock; - unsigned int node_lock_count; - rbtdb_nodelock_t * node_locks; - dns_rbtnode_t * origin_node; + dns_db_t common; +#if DNS_RBTDB_USERWLOCK + isc_rwlock_t lock; +#else + isc_mutex_t lock; +#endif + isc_rwlock_t tree_lock; + unsigned int node_lock_count; + rbtdb_nodelock_t * node_locks; + dns_rbtnode_t * origin_node; + dns_stats_t * rrsetstats; /* cache DB only */ /* Locked by lock. */ - unsigned int active; - isc_refcount_t references; - unsigned int attributes; - rbtdb_serial_t current_serial; - rbtdb_serial_t least_serial; - rbtdb_serial_t next_serial; - rbtdb_version_t * current_version; - rbtdb_version_t * future_version; - rbtdb_versionlist_t open_versions; - isc_boolean_t overmem; - isc_task_t * task; + unsigned int active; + isc_refcount_t references; + unsigned int attributes; + rbtdb_serial_t current_serial; + rbtdb_serial_t least_serial; + rbtdb_serial_t next_serial; + rbtdb_version_t * current_version; + rbtdb_version_t * future_version; + rbtdb_versionlist_t open_versions; + isc_boolean_t overmem; + isc_task_t * task; + dns_dbnode_t *soanode; + dns_dbnode_t *nsnode; + + /* + * This is a linked list used to implement the LRU cache. There will + * be node_lock_count linked lists here. Nodes in bucket 1 will be + * placed on the linked list rdatasets[1]. + */ + rdatasetheaderlist_t *rdatasets; + + /*% + * Temporary storage for stale cache nodes and dynamically deleted + * nodes that await being cleaned up. + */ + rbtnodelist_t *deadnodes; + + /* + * Heaps. Each of these is used for TTL based expiry. + */ + isc_heap_t **heaps; + /* Locked by tree_lock. */ - dns_rbt_t * tree; - isc_boolean_t secure; + dns_rbt_t * tree; + isc_boolean_t secure; + + /* Unlocked */ + unsigned int quantum; } dns_rbtdb_t; -#define RBTDB_ATTR_LOADED 0x01 -#define RBTDB_ATTR_LOADING 0x02 +#define RBTDB_ATTR_LOADED 0x01 +#define RBTDB_ATTR_LOADING 0x02 -/* +/*% * Search Context */ typedef struct { - dns_rbtdb_t * rbtdb; - rbtdb_version_t * rbtversion; - rbtdb_serial_t serial; - unsigned int options; - dns_rbtnodechain_t chain; - isc_boolean_t copy_name; - isc_boolean_t need_cleanup; - isc_boolean_t wild; - dns_rbtnode_t * zonecut; - rdatasetheader_t * zonecut_rdataset; - rdatasetheader_t * zonecut_sigrdataset; - dns_fixedname_t zonecut_name; - isc_stdtime_t now; + dns_rbtdb_t * rbtdb; + rbtdb_version_t * rbtversion; + rbtdb_serial_t serial; + unsigned int options; + dns_rbtnodechain_t chain; + isc_boolean_t copy_name; + isc_boolean_t need_cleanup; + isc_boolean_t wild; + dns_rbtnode_t * zonecut; + rdatasetheader_t * zonecut_rdataset; + rdatasetheader_t * zonecut_sigrdataset; + dns_fixedname_t zonecut_name; + isc_stdtime_t now; } rbtdb_search_t; -/* +/*% * Load Context */ typedef struct { - dns_rbtdb_t * rbtdb; - isc_stdtime_t now; + dns_rbtdb_t * rbtdb; + isc_stdtime_t now; } rbtdb_load_t; static void rdataset_disassociate(dns_rdataset_t *rdataset); @@ -267,9 +461,42 @@ static void rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata); static void rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target); static unsigned int rdataset_count(dns_rdataset_t *rdataset); static isc_result_t rdataset_getnoqname(dns_rdataset_t *rdataset, - dns_name_t *name, + dns_name_t *name, dns_rdataset_t *nsec, dns_rdataset_t *nsecsig); +static isc_result_t rdataset_getadditional(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t **zonep, + dns_db_t **dbp, + dns_dbversion_t **versionp, + dns_dbnode_t **nodep, + dns_name_t *fname, + dns_message_t *msg, + isc_stdtime_t now); +static isc_result_t rdataset_setadditional(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t *zone, + dns_db_t *db, + dns_dbversion_t *version, + dns_dbnode_t *node, + dns_name_t *fname); +static isc_result_t rdataset_putadditional(dns_acache_t *acache, + dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype); +static inline isc_boolean_t need_headerupdate(rdatasetheader_t *header, + isc_stdtime_t now); +static void update_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, + isc_stdtime_t now); +static void expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, + isc_boolean_t tree_locked); +static void overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, + isc_stdtime_t now, isc_boolean_t tree_locked); +static void prune_tree(isc_task_t *task, isc_event_t *event); static dns_rdatasetmethods_t rdataset_methods = { rdataset_disassociate, @@ -279,7 +506,10 @@ static dns_rdatasetmethods_t rdataset_methods = { rdataset_clone, rdataset_count, NULL, - rdataset_getnoqname + rdataset_getnoqname, + rdataset_getadditional, + rdataset_setadditional, + rdataset_putadditional }; static void rdatasetiter_destroy(dns_rdatasetiter_t **iteratorp); @@ -296,22 +526,22 @@ static dns_rdatasetitermethods_t rdatasetiter_methods = { }; typedef struct rbtdb_rdatasetiter { - dns_rdatasetiter_t common; - rdatasetheader_t * current; + dns_rdatasetiter_t common; + rdatasetheader_t * current; } rbtdb_rdatasetiter_t; -static void dbiterator_destroy(dns_dbiterator_t **iteratorp); -static isc_result_t dbiterator_first(dns_dbiterator_t *iterator); -static isc_result_t dbiterator_last(dns_dbiterator_t *iterator); -static isc_result_t dbiterator_seek(dns_dbiterator_t *iterator, +static void dbiterator_destroy(dns_dbiterator_t **iteratorp); +static isc_result_t dbiterator_first(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_last(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name); -static isc_result_t dbiterator_prev(dns_dbiterator_t *iterator); -static isc_result_t dbiterator_next(dns_dbiterator_t *iterator); -static isc_result_t dbiterator_current(dns_dbiterator_t *iterator, +static isc_result_t dbiterator_prev(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_next(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep, dns_name_t *name); -static isc_result_t dbiterator_pause(dns_dbiterator_t *iterator); -static isc_result_t dbiterator_origin(dns_dbiterator_t *iterator, +static isc_result_t dbiterator_pause(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_origin(dns_dbiterator_t *iterator, dns_name_t *name); static dns_dbiteratormethods_t dbiterator_methods = { @@ -332,17 +562,17 @@ static dns_dbiteratormethods_t dbiterator_methods = { * If 'paused' is ISC_TRUE, then the tree lock is not being held. */ typedef struct rbtdb_dbiterator { - dns_dbiterator_t common; - isc_boolean_t paused; - isc_boolean_t new_origin; - isc_rwlocktype_t tree_locked; - isc_result_t result; - dns_fixedname_t name; - dns_fixedname_t origin; - dns_rbtnodechain_t chain; - dns_rbtnode_t *node; - dns_rbtnode_t *deletions[DELETION_BATCH_MAX]; - int delete; + dns_dbiterator_t common; + isc_boolean_t paused; + isc_boolean_t new_origin; + isc_rwlocktype_t tree_locked; + isc_result_t result; + dns_fixedname_t name; + dns_fixedname_t origin; + dns_rbtnodechain_t chain; + dns_rbtnode_t *node; + dns_rbtnode_t *deletions[DELETION_BATCH_MAX]; + int delete; } rbtdb_dbiterator_t; @@ -351,6 +581,20 @@ typedef struct rbtdb_dbiterator { static void free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event); +static void overmem(dns_db_t *db, isc_boolean_t overmem); + +/*% + * 'init_count' is used to initialize 'newheader->count' which inturn + * is used to determine where in the cycle rrset-order cyclic starts. + * We don't lock this as we don't care about simultaneous updates. + * + * Note: + * Both init_count and header->count can be ISC_UINT32_MAX. + * The count on the returned rdataset however can't be as + * that indicates that the database does not implement cyclic + * processing. + */ +static unsigned int init_count; /* * Locking @@ -358,12 +602,12 @@ static void free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, * If a routine is going to lock more than one lock in this module, then * the locking must be done in the following order: * - * Tree Lock + * Tree Lock * - * Node Lock (Only one from the set may be locked at one time by - * any caller) + * Node Lock (Only one from the set may be locked at one time by + * any caller) * - * Database Lock + * Database Lock * * Failure to follow this hierarchy can result in deadlock. */ @@ -371,11 +615,7 @@ static void free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, /* * Deleting Nodes * - * Currently there is no deletion of nodes from the database, except when - * the database is being destroyed. - * - * If node deletion is added in the future, then for zone databases the node - * for the origin of the zone MUST NOT be deleted. + * For zone databases the node for the origin of the zone MUST NOT be deleted. */ @@ -403,29 +643,186 @@ free_rbtdb_callback(isc_task_t *task, isc_event_t *event) { free_rbtdb(rbtdb, ISC_TRUE, event); } +static void +update_rrsetstats(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, + isc_boolean_t increment) +{ + dns_rdatastatstype_t statattributes = 0; + dns_rdatastatstype_t base = 0; + dns_rdatastatstype_t type; + + /* At the moment we count statistics only for cache DB */ + INSIST(IS_CACHE(rbtdb)); + + if (NXDOMAIN(header)) + statattributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN; + else if (RBTDB_RDATATYPE_BASE(header->type) == 0) { + statattributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET; + base = RBTDB_RDATATYPE_EXT(header->type); + } else + base = RBTDB_RDATATYPE_BASE(header->type); + + type = DNS_RDATASTATSTYPE_VALUE(base, statattributes); + if (increment) + dns_rdatasetstats_increment(rbtdb->rrsetstats, type); + else + dns_rdatasetstats_decrement(rbtdb->rrsetstats, type); +} + +static void +set_ttl(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, dns_ttl_t newttl) { + int idx; + isc_heap_t *heap; + dns_ttl_t oldttl; + + oldttl = header->rdh_ttl; + header->rdh_ttl = newttl; + + /* + * It's possible the rbtdb is not a cache. If this is the case, + * we will not have a heap, and we move on. If we do, though, + * we might need to adjust things. + */ + if (header->heap_index == 0 || newttl == oldttl) + return; + idx = header->node->locknum; + if (rbtdb->heaps == NULL || rbtdb->heaps[idx] == NULL) + return; + heap = rbtdb->heaps[idx]; + + if (newttl < oldttl) + isc_heap_increased(heap, header->heap_index); + else + isc_heap_decreased(heap, header->heap_index); +} + +/*% + * This function allows the heap code to rank the priority of each + * element. It returns ISC_TRUE if v1 happens "sooner" than v2. + */ +static isc_boolean_t +ttl_sooner(void *v1, void *v2) { + rdatasetheader_t *h1 = v1; + rdatasetheader_t *h2 = v2; + + if (h1->rdh_ttl < h2->rdh_ttl) + return (ISC_TRUE); + return (ISC_FALSE); +} + +/*% + * This function sets the heap index into the header. + */ +static void +ttl_set_index(void *what, unsigned int index) { + rdatasetheader_t *h = what; + + h->heap_index = index; +} + +/*% + * Work out how many nodes can be deleted in the time between two + * requests to the nameserver. Smooth the resulting number and use it + * as a estimate for the number of nodes to be deleted in the next + * iteration. + */ +static unsigned int +adjust_quantum(unsigned int old, isc_time_t *start) { + unsigned int pps = dns_pps; /* packets per second */ + unsigned int interval; + isc_uint64_t usecs; + isc_time_t end; + unsigned int new; + + if (pps < 100) + pps = 100; + isc_time_now(&end); + + interval = 1000000 / pps; /* interval in usec */ + if (interval == 0) + interval = 1; + usecs = isc_time_microdiff(&end, start); + if (usecs == 0) { + /* + * We were unable to measure the amount of time taken. + * Double the nodes deleted next time. + */ + old *= 2; + if (old > 1000) + old = 1000; + return (old); + } + new = old * interval; + new /= (unsigned int)usecs; + if (new == 0) + new = 1; + else if (new > 1000) + new = 1000; + + /* Smooth */ + new = (new + old * 3) / 4; + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_CACHE, + ISC_LOG_DEBUG(1), "adjust_quantum -> %d", new); + + return (new); +} + static void free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { unsigned int i; isc_ondestroy_t ondest; isc_result_t result; char buf[DNS_NAME_FORMATSIZE]; + isc_time_t start; - REQUIRE(EMPTY(rbtdb->open_versions)); + if (IS_CACHE(rbtdb) && rbtdb->common.rdclass == dns_rdataclass_in) + overmem((dns_db_t *)rbtdb, (isc_boolean_t)-1); + + REQUIRE(rbtdb->current_version != NULL || EMPTY(rbtdb->open_versions)); REQUIRE(rbtdb->future_version == NULL); - if (rbtdb->current_version != NULL) + if (rbtdb->current_version != NULL) { + unsigned int refs; + + isc_refcount_decrement(&rbtdb->current_version->references, + &refs); + INSIST(refs == 0); + UNLINK(rbtdb->open_versions, rbtdb->current_version, link); + isc_refcount_destroy(&rbtdb->current_version->references); isc_mem_put(rbtdb->common.mctx, rbtdb->current_version, sizeof(rbtdb_version_t)); + } + + /* + * We assume the number of remaining dead nodes is reasonably small; + * the overhead of unlinking all nodes here should be negligible. + */ + for (i = 0; i < rbtdb->node_lock_count; i++) { + dns_rbtnode_t *node; + + node = ISC_LIST_HEAD(rbtdb->deadnodes[i]); + while (node != NULL) { + ISC_LIST_UNLINK(rbtdb->deadnodes[i], node, deadlink); + node = ISC_LIST_HEAD(rbtdb->deadnodes[i]); + } + } + + if (event == NULL) + rbtdb->quantum = (rbtdb->task != NULL) ? 100 : 0; again: if (rbtdb->tree != NULL) { - result = dns_rbt_destroy2(&rbtdb->tree, - (rbtdb->task != NULL) ? 1000 : 0); + isc_time_now(&start); + result = dns_rbt_destroy2(&rbtdb->tree, rbtdb->quantum); if (result == ISC_R_QUOTA) { INSIST(rbtdb->task != NULL); + if (rbtdb->quantum != 0) + rbtdb->quantum = adjust_quantum(rbtdb->quantum, + &start); if (event == NULL) event = isc_event_allocate(rbtdb->common.mctx, NULL, - DNS_EVENT_FREESTORAGE, + DNS_EVENT_FREESTORAGE, free_rbtdb_callback, rbtdb, sizeof(isc_event_t)); @@ -450,15 +847,52 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { } if (dns_name_dynamic(&rbtdb->common.origin)) dns_name_free(&rbtdb->common.origin, rbtdb->common.mctx); - for (i = 0; i < rbtdb->node_lock_count; i++) - DESTROYLOCK(&rbtdb->node_locks[i].lock); + for (i = 0; i < rbtdb->node_lock_count; i++) { + isc_refcount_destroy(&rbtdb->node_locks[i].references); + NODE_DESTROYLOCK(&rbtdb->node_locks[i].lock); + } + + /* + * Clean up LRU cache objects. + */ + if (rbtdb->rdatasets != NULL) { + for (i = 0; i < rbtdb->node_lock_count; i++) + INSIST(ISC_LIST_EMPTY(rbtdb->rdatasets[i])); + isc_mem_put(rbtdb->common.mctx, rbtdb->rdatasets, + rbtdb->node_lock_count * + sizeof(rdatasetheaderlist_t)); + } + /* + * Clean up dead node buckets. + */ + if (rbtdb->deadnodes != NULL) { + for (i = 0; i < rbtdb->node_lock_count; i++) + INSIST(ISC_LIST_EMPTY(rbtdb->deadnodes[i])); + isc_mem_put(rbtdb->common.mctx, rbtdb->deadnodes, + rbtdb->node_lock_count * sizeof(rbtnodelist_t)); + } + /* + * Clean up TTL heap cache objects. + */ + if (rbtdb->heaps != NULL) { + for (i = 0; i < rbtdb->node_lock_count; i++) + isc_heap_destroy(&rbtdb->heaps[i]); + isc_mem_put(rbtdb->common.mctx, rbtdb->heaps, + rbtdb->node_lock_count * + sizeof(isc_heap_t *)); + } + + if (rbtdb->rrsetstats != NULL) + dns_stats_detach(&rbtdb->rrsetstats); + isc_mem_put(rbtdb->common.mctx, rbtdb->node_locks, rbtdb->node_lock_count * sizeof(rbtdb_nodelock_t)); isc_rwlock_destroy(&rbtdb->tree_lock); isc_refcount_destroy(&rbtdb->references); if (rbtdb->task != NULL) isc_task_detach(&rbtdb->task); - DESTROYLOCK(&rbtdb->lock); + + RBTDB_DESTROYLOCK(&rbtdb->lock); rbtdb->common.magic = 0; rbtdb->common.impmagic = 0; ondest = rbtdb->common.ondest; @@ -474,24 +908,31 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb) { /* XXX check for open versions here */ + if (rbtdb->soanode != NULL) + dns_db_detachnode((dns_db_t *)rbtdb, &rbtdb->soanode); + if (rbtdb->nsnode != NULL) + dns_db_detachnode((dns_db_t *)rbtdb, &rbtdb->nsnode); + /* * Even though there are no external direct references, there still * may be nodes in use. */ for (i = 0; i < rbtdb->node_lock_count; i++) { - LOCK(&rbtdb->node_locks[i].lock); + NODE_LOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write); rbtdb->node_locks[i].exiting = ISC_TRUE; - if (rbtdb->node_locks[i].references == 0) + NODE_UNLOCK(&rbtdb->node_locks[i].lock, isc_rwlocktype_write); + if (isc_refcount_current(&rbtdb->node_locks[i].references) + == 0) { inactive++; - UNLOCK(&rbtdb->node_locks[i].lock); + } } if (inactive != 0) { - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); rbtdb->active -= inactive; if (rbtdb->active == 0) want_free = ISC_TRUE; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); if (want_free) { char buf[DNS_NAME_FORMATSIZE]; if (dns_name_dynamic(&rbtdb->common.origin)) @@ -526,15 +967,14 @@ static void currentversion(dns_db_t *db, dns_dbversion_t **versionp) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; rbtdb_version_t *version; + unsigned int refs; REQUIRE(VALID_RBTDB(rbtdb)); - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read); version = rbtdb->current_version; - if (version->references == 0) - PREPEND(rbtdb->open_versions, version, link); - version->references++; - UNLOCK(&rbtdb->lock); + isc_refcount_increment(&version->references, &refs); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read); *versionp = (dns_dbversion_t *)version; } @@ -543,13 +983,18 @@ static inline rbtdb_version_t * allocate_version(isc_mem_t *mctx, rbtdb_serial_t serial, unsigned int references, isc_boolean_t writer) { + isc_result_t result; rbtdb_version_t *version; version = isc_mem_get(mctx, sizeof(*version)); if (version == NULL) return (NULL); version->serial = serial; - version->references = references; + result = isc_refcount_init(&version->references, references); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, version, sizeof(*version)); + return (NULL); + } version->writer = writer; version->commit_ok = ISC_FALSE; ISC_LIST_INIT(version->changed_list); @@ -567,8 +1012,8 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { REQUIRE(versionp != NULL && *versionp == NULL); REQUIRE(rbtdb->future_version == NULL); - LOCK(&rbtdb->lock); - RUNTIME_CHECK(rbtdb->next_serial != 0); /* XXX Error? */ + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); + RUNTIME_CHECK(rbtdb->next_serial != 0); /* XXX Error? */ version = allocate_version(rbtdb->common.mctx, rbtdb->next_serial, 1, ISC_TRUE); if (version != NULL) { @@ -576,7 +1021,7 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { rbtdb->next_serial++; rbtdb->future_version = version; } - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); if (version == NULL) return (ISC_R_NOMEMORY); @@ -592,16 +1037,12 @@ attachversion(dns_db_t *db, dns_dbversion_t *source, { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; rbtdb_version_t *rbtversion = source; + unsigned int refs; REQUIRE(VALID_RBTDB(rbtdb)); - LOCK(&rbtdb->lock); - - INSIST(rbtversion->references > 0); - rbtversion->references++; - INSIST(rbtversion->references != 0); - - UNLOCK(&rbtdb->lock); + isc_refcount_increment(&rbtversion->references, &refs); + INSIST(refs > 1); *targetp = rbtversion; } @@ -611,32 +1052,62 @@ add_changed(dns_rbtdb_t *rbtdb, rbtdb_version_t *version, dns_rbtnode_t *node) { rbtdb_changed_t *changed; + unsigned int refs; /* - * Caller must be holding the node lock. + * Caller must be holding the node lock if its reference must be + * protected by the lock. */ changed = isc_mem_get(rbtdb->common.mctx, sizeof(*changed)); - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); REQUIRE(version->writer); if (changed != NULL) { - INSIST(node->references > 0); - node->references++; - INSIST(node->references != 0); + dns_rbtnode_refincrement(node, &refs); + INSIST(refs != 0); changed->node = node; changed->dirty = ISC_FALSE; ISC_LIST_INITANDAPPEND(version->changed_list, changed, link); } else version->commit_ok = ISC_FALSE; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); return (changed); } +static void +free_acachearray(isc_mem_t *mctx, rdatasetheader_t *header, + acachectl_t *array) +{ + unsigned int count; + unsigned int i; + unsigned char *raw; /* RDATASLAB */ + + /* + * The caller must be holding the corresponding node lock. + */ + + if (array == NULL) + return; + + raw = (unsigned char *)header + sizeof(*header); + count = raw[0] * 256 + raw[1]; + + /* + * Sanity check: since an additional cache entry has a reference to + * the original DB node (in the callback arg), there should be no + * acache entries when the node can be freed. + */ + for (i = 0; i < count; i++) + INSIST(array[i].entry == NULL && array[i].cbarg == NULL); + + isc_mem_put(mctx, array, count * sizeof(acachectl_t)); +} + static inline void free_noqname(isc_mem_t *mctx, struct noqname **noqname) { @@ -645,7 +1116,7 @@ free_noqname(isc_mem_t *mctx, struct noqname **noqname) { if ((*noqname)->nsec != NULL) isc_mem_put(mctx, (*noqname)->nsec, dns_rdataslab_size((*noqname)->nsec, 0)); - if ((*noqname)->nsec != NULL) + if ((*noqname)->nsecsig != NULL) isc_mem_put(mctx, (*noqname)->nsecsig, dns_rdataslab_size((*noqname)->nsecsig, 0)); isc_mem_put(mctx, *noqname, sizeof(**noqname)); @@ -653,12 +1124,62 @@ free_noqname(isc_mem_t *mctx, struct noqname **noqname) { } static inline void -free_rdataset(isc_mem_t *mctx, rdatasetheader_t *rdataset) { +init_rdataset(dns_rbtdb_t *rbtdb, rdatasetheader_t *h) +{ + ISC_LINK_INIT(h, lru_link); + h->heap_index = 0; + +#if TRACE_HEADER + if (IS_CACHE(rbtdb) && rbtdb->common.rdclass == dns_rdataclass_in) + fprintf(stderr, "initialized header: %p\n", h); +#else + UNUSED(rbtdb); +#endif +} + +static inline rdatasetheader_t * +new_rdataset(dns_rbtdb_t *rbtdb, isc_mem_t *mctx) +{ + rdatasetheader_t *h; + + h = isc_mem_get(mctx, sizeof(*h)); + if (h == NULL) + return (NULL); + +#if TRACE_HEADER + if (IS_CACHE(rbtdb) && rbtdb->common.rdclass == dns_rdataclass_in) + fprintf(stderr, "allocated header: %p\n", h); +#endif + init_rdataset(rbtdb, h); + return (h); +} + +static inline void +free_rdataset(dns_rbtdb_t *rbtdb, isc_mem_t *mctx, rdatasetheader_t *rdataset) +{ unsigned int size; + if (EXISTS(rdataset) && + (rdataset->attributes & RDATASET_ATTR_STATCOUNT) != 0) { + update_rrsetstats(rbtdb, rdataset, ISC_FALSE); + } + + if (IS_CACHE(rbtdb) && ISC_LINK_LINKED(rdataset, lru_link)) { + int idx = rdataset->node->locknum; + ISC_LIST_UNLINK(rbtdb->rdatasets[idx], rdataset, lru_link); + if (rdataset->heap_index != 0) { + isc_heap_delete(rbtdb->heaps[idx], + rdataset->heap_index); + } + rdataset->heap_index = 0; + } + if (rdataset->noqname != NULL) free_noqname(mctx, &rdataset->noqname); - + + free_acachearray(mctx, rdataset, rdataset->additional_auth); + free_acachearray(mctx, rdataset, rdataset->additional_glue); + if ((rdataset->attributes & RDATASET_ATTR_NONEXISTENT) != 0) size = sizeof(*rdataset); else @@ -699,9 +1220,21 @@ rollback_node(dns_rbtnode_t *node, rbtdb_serial_t serial) { node->dirty = 1; } +static inline void +clean_stale_headers(dns_rbtdb_t *rbtdb, isc_mem_t *mctx, rdatasetheader_t *top) +{ + rdatasetheader_t *d, *down_next; + + for (d = top->down; d != NULL; d = down_next) { + down_next = d->down; + free_rdataset(rbtdb, mctx, d); + } + top->down = NULL; +} + static inline void clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { - rdatasetheader_t *current, *dcurrent, *top_prev, *top_next, *down_next; + rdatasetheader_t *current, *top_prev, *top_next; isc_mem_t *mctx = rbtdb->common.mctx; /* @@ -711,15 +1244,7 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { top_prev = NULL; for (current = node->data; current != NULL; current = top_next) { top_next = current->next; - dcurrent = current->down; - if (dcurrent != NULL) { - do { - down_next = dcurrent->down; - free_rdataset(mctx, dcurrent); - dcurrent = down_next; - } while (dcurrent != NULL); - current->down = NULL; - } + clean_stale_headers(rbtdb, mctx, current); /* * If current is nonexistent or stale, we can clean it up. */ @@ -729,7 +1254,7 @@ clean_cache_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { top_prev->next = current->next; else node->data = current->next; - free_rdataset(mctx, current); + free_rdataset(rbtdb, mctx, current); } else top_prev = current; } @@ -770,7 +1295,7 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, if (down_next != NULL) down_next->next = dparent; dparent->down = down_next; - free_rdataset(mctx, dcurrent); + free_rdataset(rbtdb, mctx, dcurrent); } else dparent = dcurrent; } @@ -786,7 +1311,7 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, top_prev->next = current->next; else node->data = current->next; - free_rdataset(mctx, current); + free_rdataset(rbtdb, mctx, current); /* * current no longer exists, so we can * just continue with the loop. @@ -802,7 +1327,7 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, else node->data = down_next; down_next->next = top_next; - free_rdataset(mctx, current); + free_rdataset(rbtdb, mctx, current); current = down_next; } } @@ -829,7 +1354,7 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, do { down_next = dcurrent->down; INSIST(dcurrent->serial <= least_serial); - free_rdataset(mctx, dcurrent); + free_rdataset(rbtdb, mctx, dcurrent); dcurrent = down_next; } while (dcurrent != NULL); dparent->down = NULL; @@ -853,7 +1378,7 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, top_prev->next = current->next; else node->data = current->next; - free_rdataset(mctx, current); + free_rdataset(rbtdb, mctx, current); } else top_prev = current; } @@ -862,31 +1387,155 @@ clean_zone_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, node->dirty = 0; } +/*% + * Clean up dead nodes. These are nodes which have no references, and + * have no data. They are dead but we could not or chose not to delete + * them when we deleted all the data at that node because we did not want + * to wait for the tree write lock. + * + * The caller must hold a tree write lock and bucketnum'th node (write) lock. + */ +static void +cleanup_dead_nodes(dns_rbtdb_t *rbtdb, int bucketnum) { + dns_rbtnode_t *node; + isc_result_t result; + int count = 10; /* XXXJT: should be adjustable */ + + node = ISC_LIST_HEAD(rbtdb->deadnodes[bucketnum]); + while (node != NULL && count > 0) { + ISC_LIST_UNLINK(rbtdb->deadnodes[bucketnum], node, deadlink); + + /* + * Since we're holding a tree write lock, it should be + * impossible for this node to be referenced by others. + */ + INSIST(dns_rbtnode_refcurrent(node) == 0 && + node->data == NULL); + + result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE); + if (result != ISC_R_SUCCESS) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_CACHE, ISC_LOG_WARNING, + "cleanup_dead_nodes: " + "dns_rbt_deletenode: %s", + isc_result_totext(result)); + node = ISC_LIST_HEAD(rbtdb->deadnodes[bucketnum]); + count--; + } +} + +/* + * Caller must be holding the node lock if its reference must be protected + * by the lock. + */ static inline void new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { - if (node->references == 0) { - rbtdb->node_locks[node->locknum].references++; - INSIST(rbtdb->node_locks[node->locknum].references != 0); + unsigned int lockrefs, noderefs; + isc_refcount_t *lockref; + + dns_rbtnode_refincrement0(node, &noderefs); + if (noderefs == 1) { /* this is the first reference to the node */ + lockref = &rbtdb->node_locks[node->locknum].references; + isc_refcount_increment0(lockref, &lockrefs); + INSIST(lockrefs != 0); } - node->references++; - INSIST(node->references != 0); + INSIST(noderefs != 0); } -static void -no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, - rbtdb_serial_t least_serial, isc_rwlocktype_t lock) +/* + * This function is assumed to be called when a node is newly referenced + * and can be in the deadnode list. In that case the node must be retrieved + * from the list because it is going to be used. In addition, if the caller + * happens to hold a write lock on the tree, it's a good chance to purge dead + * nodes. + * Note: while a new reference is gained in multiple places, there are only very + * few cases where the node can be in the deadnode list (only empty nodes can + * have been added to the list). + */ +static inline void +reactivate_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + isc_rwlocktype_t treelocktype) +{ + isc_boolean_t need_relock = ISC_FALSE; + + NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock); + new_reference(rbtdb, node); + + NODE_WEAKLOCK(&rbtdb->node_locks[node->locknum].lock, + isc_rwlocktype_read); + if (ISC_LINK_LINKED(node, deadlink)) + need_relock = ISC_TRUE; + else if (!ISC_LIST_EMPTY(rbtdb->deadnodes[node->locknum]) && + treelocktype == isc_rwlocktype_write) + need_relock = ISC_TRUE; + NODE_WEAKUNLOCK(&rbtdb->node_locks[node->locknum].lock, + isc_rwlocktype_read); + if (need_relock) { + NODE_WEAKLOCK(&rbtdb->node_locks[node->locknum].lock, + isc_rwlocktype_write); + if (ISC_LINK_LINKED(node, deadlink)) + ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum], + node, deadlink); + if (treelocktype == isc_rwlocktype_write) + cleanup_dead_nodes(rbtdb, node->locknum); + NODE_WEAKUNLOCK(&rbtdb->node_locks[node->locknum].lock, + isc_rwlocktype_write); + } + + NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock); +} + +/* + * Caller must be holding the node lock; either the "strong", read or write + * lock. Note that the lock must be held even when node references are + * atomically modified; in that case the decrement operation itself does not + * have to be protected, but we must avoid a race condition where multiple + * threads are decreasing the reference to zero simultaneously and at least + * one of them is going to free the node. + * This function returns ISC_TRUE if and only if the node reference decreases + * to zero. + */ +static isc_boolean_t +decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + rbtdb_serial_t least_serial, + isc_rwlocktype_t nlock, isc_rwlocktype_t tlock, + isc_boolean_t pruning) { isc_result_t result; isc_boolean_t write_locked; - unsigned int locknum; - - /* - * Caller must be holding the node lock. - */ + rbtdb_nodelock_t *nodelock; + unsigned int refs, nrefs; + int bucket = node->locknum; + isc_boolean_t no_reference; + + nodelock = &rbtdb->node_locks[bucket]; + + /* Handle easy and typical case first. */ + if (!node->dirty && (node->data != NULL || node->down != NULL)) { + dns_rbtnode_refdecrement(node, &nrefs); + INSIST((int)nrefs >= 0); + if (nrefs == 0) { + isc_refcount_decrement(&nodelock->references, &refs); + INSIST((int)refs >= 0); + } + return ((nrefs == 0) ? ISC_TRUE : ISC_FALSE); + } - REQUIRE(node->references == 0); + /* Upgrade the lock? */ + if (nlock == isc_rwlocktype_read) { + NODE_WEAKUNLOCK(&nodelock->lock, isc_rwlocktype_read); + NODE_WEAKLOCK(&nodelock->lock, isc_rwlocktype_write); + } + dns_rbtnode_refdecrement(node, &nrefs); + INSIST((int)nrefs >= 0); + if (nrefs > 0) { + /* Restore the lock? */ + if (nlock == isc_rwlocktype_read) + NODE_WEAKDOWNGRADE(&nodelock->lock); + return (ISC_FALSE); + } - if (node->dirty) { + if (node->dirty && dns_rbtnode_refcurrent(node) == 0) { if (IS_CACHE(rbtdb)) clean_cache_node(rbtdb, node); else { @@ -895,76 +1544,227 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, * Caller doesn't know the least serial. * Get it. */ - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read); least_serial = rbtdb->least_serial; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, + isc_rwlocktype_read); } clean_zone_node(rbtdb, node, least_serial); } } - locknum = node->locknum; - - INSIST(rbtdb->node_locks[locknum].references > 0); - rbtdb->node_locks[locknum].references--; + isc_refcount_decrement(&nodelock->references, &refs); + INSIST((int)refs >= 0); /* * XXXDCL should this only be done for cache zones? */ - if (node->data != NULL || node->down != NULL) - return; + if (node->data != NULL || node->down != NULL) { + /* Restore the lock? */ + if (nlock == isc_rwlocktype_read) + NODE_WEAKDOWNGRADE(&nodelock->lock); + return (ISC_TRUE); + } /* - * XXXDCL need to add a deferred delete method for ISC_R_LOCKBUSY. + * Attempt to switch to a write lock on the tree. If this fails, + * we will add this node to a linked list of nodes in this locking + * bucket which we will free later. */ - if (lock != isc_rwlocktype_write) { + if (tlock != isc_rwlocktype_write) { /* * Locking hierarchy notwithstanding, we don't need to free * the node lock before acquiring the tree write lock because * we only do a trylock. */ - if (lock == isc_rwlocktype_read) + if (tlock == isc_rwlocktype_read) result = isc_rwlock_tryupgrade(&rbtdb->tree_lock); else result = isc_rwlock_trylock(&rbtdb->tree_lock, isc_rwlocktype_write); RUNTIME_CHECK(result == ISC_R_SUCCESS || result == ISC_R_LOCKBUSY); - + write_locked = ISC_TF(result == ISC_R_SUCCESS); } else write_locked = ISC_TRUE; - if (write_locked) { - if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(1))) { - char printname[DNS_NAME_FORMATSIZE]; + no_reference = ISC_TRUE; + if (write_locked && dns_rbtnode_refcurrent(node) == 0) { + /* + * We can now delete the node if the reference counter is + * zero. This should be typically the case, but a different + * thread may still gain a (new) reference just before the + * current thread locks the tree (e.g., in findnode()). + */ - isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, - DNS_LOGMODULE_CACHE, ISC_LOG_DEBUG(1), - "no_references: delete from rbt: %p %s", - node, - dns_rbt_formatnodename(node, printname, - sizeof(printname))); - } + /* + * If this node is the only one in the level it's in, deleting + * this node may recursively make its parent the only node in + * the parent level; if so, and if no one is currently using + * the parent node, this is almost the only opportunity to + * clean it up. But the recursive cleanup is not that trivial + * since the child and parent may be in different lock buckets, + * which would cause a lock order reversal problem. To avoid + * the trouble, we'll dispatch a separate event for batch + * cleaning. We need to check whether we're deleting the node + * as a result of pruning to avoid infinite dispatching. + * Note: pruning happens only when a task has been set for the + * rbtdb. If the user of the rbtdb chooses not to set a task, + * it's their responsibility to purge stale leaves (e.g. by + * periodic walk-through). + */ + if (!pruning && node->parent != NULL && + node->parent->down == node && node->left == NULL && + node->right == NULL && rbtdb->task != NULL) { + isc_event_t *ev; + dns_db_t *db; + + ev = isc_event_allocate(rbtdb->common.mctx, NULL, + DNS_EVENT_RBTPRUNE, + prune_tree, node, + sizeof(isc_event_t)); + if (ev != NULL) { + new_reference(rbtdb, node); + db = NULL; + attach((dns_db_t *)rbtdb, &db); + ev->ev_sender = db; + isc_task_send(rbtdb->task, &ev); + no_reference = ISC_FALSE; + } else { + /* + * XXX: this is a weird situation. We could + * ignore this error case, but then the stale + * node will unlikely be purged except via a + * rare condition such as manual cleanup. So + * we queue it in the deadnodes list, hoping + * the memory shortage is temporary and the node + * will be deleted later. + */ + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_CACHE, + ISC_LOG_INFO, + "decrement_reference: failed to " + "allocate pruning event"); + INSIST(!ISC_LINK_LINKED(node, deadlink)); + ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, + deadlink); + } + } else { + if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(1))) { + char printname[DNS_NAME_FORMATSIZE]; + + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_CACHE, + ISC_LOG_DEBUG(1), + "decrement_reference: " + "delete from rbt: %p %s", + node, + dns_rbt_formatnodename(node, + printname, + sizeof(printname))); + } - result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE); - if (result != ISC_R_SUCCESS) - isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, - DNS_LOGMODULE_CACHE, ISC_LOG_WARNING, - "no_references: dns_rbt_deletenode: %s", - isc_result_totext(result)); + INSIST(!ISC_LINK_LINKED(node, deadlink)); + result = dns_rbt_deletenode(rbtdb->tree, node, + ISC_FALSE); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_CACHE, + ISC_LOG_WARNING, + "decrement_reference: " + "dns_rbt_deletenode: %s", + isc_result_totext(result)); + } + } + } else if (dns_rbtnode_refcurrent(node) == 0) { + INSIST(!ISC_LINK_LINKED(node, deadlink)); + ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, deadlink); } + /* Restore the lock? */ + if (nlock == isc_rwlocktype_read) + NODE_WEAKDOWNGRADE(&nodelock->lock); + /* * Relock a read lock, or unlock the write lock if no lock was held. */ - if (lock == isc_rwlocktype_none) + if (tlock == isc_rwlocktype_none) if (write_locked) RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); - if (lock == isc_rwlocktype_read) + if (tlock == isc_rwlocktype_read) if (write_locked) isc_rwlock_downgrade(&rbtdb->tree_lock); + + return (no_reference); +} + +/* + * Prune the tree by recursively cleaning-up single leaves. In the worst + * case, the number of iteration is the number of tree levels, which is at + * most the maximum number of domain name labels, i.e, 127. In practice, this + * should be much smaller (only a few times), and even the worst case would be + * acceptable for a single event. + */ +static void +prune_tree(isc_task_t *task, isc_event_t *event) { + dns_rbtdb_t *rbtdb = event->ev_sender; + dns_rbtnode_t *node = event->ev_arg; + dns_rbtnode_t *parent; + unsigned int locknum; + + UNUSED(task); + + isc_event_free(&event); + + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); + locknum = node->locknum; + NODE_LOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_write); + do { + parent = node->parent; + decrement_reference(rbtdb, node, 0, isc_rwlocktype_write, + isc_rwlocktype_write, ISC_TRUE); + + if (parent != NULL && parent->down == NULL) { + /* + * node was the only down child of the parent and has + * just been removed. We'll then need to examine the + * parent. Keep the lock if possible; otherwise, + * release the old lock and acquire one for the parent. + */ + if (parent->locknum != locknum) { + NODE_UNLOCK(&rbtdb->node_locks[locknum].lock, + isc_rwlocktype_write); + locknum = parent->locknum; + NODE_LOCK(&rbtdb->node_locks[locknum].lock, + isc_rwlocktype_write); + } + + /* + * We need to gain a reference to the node before + * decrementing it in the next iteration. In addition, + * if the node is in the dead-nodes list, extract it + * from the list beforehand as we do in + * reactivate_node(). + */ + new_reference(rbtdb, parent); + if (ISC_LINK_LINKED(parent, deadlink)) { + ISC_LIST_UNLINK(rbtdb->deadnodes[locknum], + parent, deadlink); + } + } else + parent = NULL; + + node = parent; + } while (node != NULL); + NODE_UNLOCK(&rbtdb->node_locks[locknum].lock, isc_rwlocktype_write); + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); + + detach((dns_db_t **)&rbtdb); } static inline void @@ -1061,7 +1861,8 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { rbtdb_changed_t *changed, *next_changed; rbtdb_serial_t serial, least_serial; dns_rbtnode_t *rbtnode; - isc_mutex_t *lock; + unsigned int refs; + isc_boolean_t writer; REQUIRE(VALID_RBTDB(rbtdb)); version = (rbtdb_version_t *)*versionp; @@ -1069,118 +1870,152 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { cleanup_version = NULL; ISC_LIST_INIT(cleanup_list); - LOCK(&rbtdb->lock); - INSIST(version->references > 0); - INSIST(!version->writer || !(commit && version->references > 1)); - version->references--; + isc_refcount_decrement(&version->references, &refs); + if (refs > 0) { /* typical and easy case first */ + if (commit) { + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_read); + INSIST(!version->writer); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_read); + } + goto end; + } + + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); serial = version->serial; - if (version->references == 0) { - if (version->writer) { - if (commit) { - INSIST(version->commit_ok); - INSIST(version == rbtdb->future_version); - if (EMPTY(rbtdb->open_versions)) { - /* - * We're going to become the least open - * version. - */ - make_least_version(rbtdb, version, - &cleanup_list); - } else { - /* - * Some other open version is the - * least version. We can't cleanup - * records that were changed in this - * version because the older versions - * may still be in use by an open - * version. - * - * We can, however, discard the - * changed records for things that - * we've added that didn't exist in - * prior versions. - */ - cleanup_nondirty(version, - &cleanup_list); - } - /* - * If the (soon to be former) current version - * isn't being used by anyone, we can clean - * it up. - */ - if (rbtdb->current_version->references == 0) { - cleanup_version = - rbtdb->current_version; - APPENDLIST(version->changed_list, - cleanup_version->changed_list, - link); - } + writer = version->writer; + if (version->writer) { + if (commit) { + unsigned cur_ref; + rbtdb_version_t *cur_version; + + INSIST(version->commit_ok); + INSIST(version == rbtdb->future_version); + /* + * The current version is going to be replaced. + * Release the (likely last) reference to it from the + * DB itself and unlink it from the open list. + */ + cur_version = rbtdb->current_version; + isc_refcount_decrement(&cur_version->references, + &cur_ref); + if (cur_ref == 0) { + if (cur_version->serial == rbtdb->least_serial) + INSIST(EMPTY(cur_version->changed_list)); + UNLINK(rbtdb->open_versions, + cur_version, link); + } + if (EMPTY(rbtdb->open_versions)) { /* - * Become the current version. + * We're going to become the least open + * version. */ - version->writer = ISC_FALSE; - rbtdb->current_version = version; - rbtdb->current_serial = version->serial; - rbtdb->future_version = NULL; + make_least_version(rbtdb, version, + &cleanup_list); } else { /* - * We're rolling back this transaction. + * Some other open version is the + * least version. We can't cleanup + * records that were changed in this + * version because the older versions + * may still be in use by an open + * version. + * + * We can, however, discard the + * changed records for things that + * we've added that didn't exist in + * prior versions. */ - cleanup_list = version->changed_list; - ISC_LIST_INIT(version->changed_list); - rollback = ISC_TRUE; - cleanup_version = version; - rbtdb->future_version = NULL; + cleanup_nondirty(version, &cleanup_list); + } + /* + * If the (soon to be former) current version + * isn't being used by anyone, we can clean + * it up. + */ + if (cur_ref == 0) { + cleanup_version = cur_version; + APPENDLIST(version->changed_list, + cleanup_version->changed_list, + link); } + /* + * Become the current version. + */ + version->writer = ISC_FALSE; + rbtdb->current_version = version; + rbtdb->current_serial = version->serial; + rbtdb->future_version = NULL; + + /* + * Keep the current version in the open list, and + * gain a reference for the DB itself (see the DB + * creation function below). This must be the only + * case where we need to increment the counter from + * zero and need to use isc_refcount_increment0(). + */ + isc_refcount_increment0(&version->references, + &cur_ref); + INSIST(cur_ref == 1); + PREPEND(rbtdb->open_versions, + rbtdb->current_version, link); } else { - if (version != rbtdb->current_version) { - /* - * There are no external or internal references - * to this version and it can be cleaned up. - */ - cleanup_version = version; + /* + * We're rolling back this transaction. + */ + cleanup_list = version->changed_list; + ISC_LIST_INIT(version->changed_list); + rollback = ISC_TRUE; + cleanup_version = version; + rbtdb->future_version = NULL; + } + } else { + if (version != rbtdb->current_version) { + /* + * There are no external or internal references + * to this version and it can be cleaned up. + */ + cleanup_version = version; + + /* + * Find the version with the least serial + * number greater than ours. + */ + least_greater = PREV(version, link); + if (least_greater == NULL) + least_greater = rbtdb->current_version; + INSIST(version->serial < least_greater->serial); + /* + * Is this the least open version? + */ + if (version->serial == rbtdb->least_serial) { /* - * Find the version with the least serial - * number greater than ours. + * Yes. Install the new least open + * version. */ - least_greater = PREV(version, link); - if (least_greater == NULL) - least_greater = rbtdb->current_version; - - INSIST(version->serial < least_greater->serial); + make_least_version(rbtdb, + least_greater, + &cleanup_list); + } else { /* - * Is this the least open version? + * Add any unexecuted cleanups to + * those of the least greater version. */ - if (version->serial == rbtdb->least_serial) { - /* - * Yes. Install the new least open - * version. - */ - make_least_version(rbtdb, - least_greater, - &cleanup_list); - } else { - /* - * Add any unexecuted cleanups to - * those of the least greater version. - */ - APPENDLIST(least_greater->changed_list, - version->changed_list, - link); - } - } else if (version->serial == rbtdb->least_serial) - INSIST(EMPTY(version->changed_list)); - UNLINK(rbtdb->open_versions, version, link); - } + APPENDLIST(least_greater->changed_list, + version->changed_list, + link); + } + } else if (version->serial == rbtdb->least_serial) + INSIST(EMPTY(version->changed_list)); + UNLINK(rbtdb->open_versions, version, link); } least_serial = rbtdb->least_serial; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); /* * Update the zone's secure status. */ - if (version->writer && commit && !IS_CACHE(rbtdb)) + if (writer && commit && !IS_CACHE(rbtdb)) rbtdb->secure = iszonesecure(db, rbtdb->origin_node); if (cleanup_version != NULL) { @@ -1190,31 +2025,46 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { } if (!EMPTY(cleanup_list)) { + /* + * We acquire a tree write lock here in order to make sure + * that stale nodes will be removed in decrement_reference(). + * If we didn't have the lock, those nodes could miss the + * chance to be removed until the server stops. The write lock + * is expensive, but this event should be rare enough to justify + * the cost. + */ + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); for (changed = HEAD(cleanup_list); changed != NULL; changed = next_changed) { + nodelock_t *lock; + next_changed = NEXT(changed, link); rbtnode = changed->node; lock = &rbtdb->node_locks[rbtnode->locknum].lock; - LOCK(lock); + NODE_LOCK(lock, isc_rwlocktype_write); + /* + * This is a good opportunity to purge any dead nodes, + * so use it. + */ + cleanup_dead_nodes(rbtdb, rbtnode->locknum); - INSIST(rbtnode->references > 0); - rbtnode->references--; if (rollback) rollback_node(rbtnode, serial); + decrement_reference(rbtdb, rbtnode, least_serial, + isc_rwlocktype_write, + isc_rwlocktype_write, ISC_FALSE); - if (rbtnode->references == 0) - no_references(rbtdb, rbtnode, least_serial, - isc_rwlocktype_none); - - UNLOCK(lock); + NODE_UNLOCK(lock, isc_rwlocktype_write); isc_mem_put(rbtdb->common.mctx, changed, sizeof(*changed)); } + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); } + end: *versionp = NULL; } @@ -1264,7 +2114,7 @@ add_empty_wildcards(dns_rbtdb_t *rbtdb, dns_name_t *name) { l = dns_name_countlabels(&rbtdb->common.origin); i = l + 1; while (i < n) { - dns_rbtnode_t *node = NULL; /* dummy */ + dns_rbtnode_t *node = NULL; /* dummy */ dns_name_getlabelsequence(name, n - i, i, &foundname); if (dns_name_iswildcard(&foundname)) { result = add_wildcard_magic(rbtdb, &foundname); @@ -1287,7 +2137,6 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; dns_rbtnode_t *node = NULL; dns_name_t nodename; - unsigned int locknum; isc_result_t result; isc_rwlocktype_t locktype = isc_rwlocktype_read; @@ -1334,10 +2183,7 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, return (result); } } - locknum = node->locknum; - LOCK(&rbtdb->node_locks[locknum].lock); - new_reference(rbtdb, node); - UNLOCK(&rbtdb->node_locks[locknum].lock); + reactivate_node(rbtdb, node, locktype); RWUNLOCK(&rbtdb->tree_lock, locktype); *nodep = (dns_dbnode_t *)node; @@ -1366,7 +2212,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { result = DNS_R_CONTINUE; onode = search->rbtdb->origin_node; - LOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); /* * Look for an NS or DNAME rdataset active in our version. @@ -1395,7 +2242,7 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { if (header != NULL) { if (header->type == dns_rdatatype_dname) dname_header = header; - else if (header->type == + else if (header->type == RBTDB_RDATATYPE_SIGDNAME) sigdname_header = header; else if (node != onode || @@ -1477,7 +2324,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { search->wild = ISC_TRUE; } - UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); return (result); } @@ -1487,10 +2335,14 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header, isc_stdtime_t now, dns_rdataset_t *rdataset) { - unsigned char *raw; + unsigned char *raw; /* RDATASLAB */ /* - * Caller must be holding the node lock. + * Caller must be holding the node reader lock. + * XXXJT: technically, we need a writer lock, since we'll increment + * the header count below. However, since the actual counter value + * doesn't matter, we prioritize performance here. (We may want to + * use atomic increment when available). */ if (rdataset == NULL) @@ -1498,13 +2350,13 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, new_reference(rbtdb, node); - INSIST(rdataset->methods == NULL); /* We must be disassociated. */ + INSIST(rdataset->methods == NULL); /* We must be disassociated. */ rdataset->methods = &rdataset_methods; rdataset->rdclass = rbtdb->common.rdclass; rdataset->type = RBTDB_RDATATYPE_BASE(header->type); rdataset->covers = RBTDB_RDATATYPE_EXT(header->type); - rdataset->ttl = header->ttl - now; + rdataset->ttl = header->rdh_ttl - now; rdataset->trust = header->trust; if (NXDOMAIN(header)) rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN; @@ -1513,8 +2365,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, raw = (unsigned char *)header + sizeof(*header); rdataset->private3 = raw; rdataset->count = header->count++; - if (header->count == ISC_UINT32_MAX) - header->count = 0; + if (rdataset->count == ISC_UINT32_MAX) + rdataset->count = 0; /* * Reset iterator state. @@ -1570,14 +2422,16 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep, search->need_cleanup = ISC_FALSE; } if (rdataset != NULL) { - LOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); bind_rdataset(search->rbtdb, node, search->zonecut_rdataset, search->now, rdataset); if (sigrdataset != NULL && search->zonecut_sigrdataset != NULL) bind_rdataset(search->rbtdb, node, search->zonecut_sigrdataset, search->now, sigrdataset); - UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); } if (type == dns_rdatatype_dname) @@ -1589,7 +2443,7 @@ static inline isc_boolean_t valid_glue(rbtdb_search_t *search, dns_name_t *name, rbtdb_rdatatype_t type, dns_rbtnode_t *node) { - unsigned char *raw; + unsigned char *raw; /* RDATASLAB */ unsigned int count, size; dns_name_t ns_name; isc_boolean_t valid = ISC_FALSE; @@ -1618,12 +2472,20 @@ valid_glue(rbtdb_search_t *search, dns_name_t *name, rbtdb_rdatatype_t type, header = search->zonecut_rdataset; raw = (unsigned char *)header + sizeof(*header); count = raw[0] * 256 + raw[1]; +#if DNS_RDATASET_FIXED + raw += 2 + (4 * count); +#else raw += 2; +#endif while (count > 0) { count--; size = raw[0] * 256 + raw[1]; +#if DNS_RDATASET_FIXED + raw += 4; +#else raw += 2; +#endif region.base = raw; region.length = size; raw += size; @@ -1672,7 +2534,8 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain, origin, &node); if (result != ISC_R_SUCCESS) break; - LOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); for (header = node->data; header != NULL; header = header->next) { @@ -1680,7 +2543,8 @@ activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain, !IGNORE(header) && EXISTS(header)) break; } - UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); if (header != NULL) break; result = dns_rbtnodechain_next(chain, NULL, NULL); @@ -1737,7 +2601,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) { origin, &node); if (result != ISC_R_SUCCESS) break; - LOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); for (header = node->data; header != NULL; header = header->next) { @@ -1745,7 +2610,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) { !IGNORE(header) && EXISTS(header)) break; } - UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); if (header != NULL) break; result = dns_rbtnodechain_prev(&chain, NULL, NULL); @@ -1762,7 +2628,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) { origin, &node); if (result != ISC_R_SUCCESS) break; - LOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); for (header = node->data; header != NULL; header = header->next) { @@ -1770,7 +2637,8 @@ activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) { !IGNORE(header) && EXISTS(header)) break; } - UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); if (header != NULL) break; result = dns_rbtnodechain_next(&chain, NULL, NULL); @@ -1838,7 +2706,8 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep, done = ISC_FALSE; node = *nodep; do { - LOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); /* * First we try to figure out if this node is active in @@ -1863,7 +2732,8 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep, else wild = ISC_FALSE; - UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); if (wild) { /* @@ -1896,33 +2766,38 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep, DNS_RBTFIND_EMPTYDATA, NULL, NULL); if (result == ISC_R_SUCCESS) { - /* - * We have found the wildcard node. If it - * is active in the search's version, we're - * done. - */ - LOCK(&(rbtdb->node_locks[wnode->locknum].lock)); - for (header = wnode->data; - header != NULL; - header = header->next) { - if (header->serial <= search->serial && - !IGNORE(header) && EXISTS(header)) - break; - } - UNLOCK(&(rbtdb->node_locks[wnode->locknum].lock)); - if (header != NULL || - activeempty(search, &wchain, wname)) { - if (activeemtpynode(search, qname, wname)) + nodelock_t *lock; + + /* + * We have found the wildcard node. If it + * is active in the search's version, we're + * done. + */ + lock = &rbtdb->node_locks[wnode->locknum].lock; + NODE_LOCK(lock, isc_rwlocktype_read); + for (header = wnode->data; + header != NULL; + header = header->next) { + if (header->serial <= search->serial && + !IGNORE(header) && EXISTS(header)) + break; + } + NODE_UNLOCK(lock, isc_rwlocktype_read); + if (header != NULL || + activeempty(search, &wchain, wname)) { + if (activeemtpynode(search, qname, + wname)) { return (ISC_R_NOTFOUND); - /* - * The wildcard node is active! - * - * Note: result is still ISC_R_SUCCESS - * so we don't have to set it. - */ - *nodep = wnode; - break; - } + } + /* + * The wildcard node is active! + * + * Note: result is still ISC_R_SUCCESS + * so we don't have to set it. + */ + *nodep = wnode; + break; + } } else if (result != ISC_R_NOTFOUND && result != DNS_R_PARTIALMATCH) { /* @@ -1974,7 +2849,8 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep, origin, &node); if (result != ISC_R_SUCCESS) return (result); - LOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); found = NULL; foundsig = NULL; empty_node = ISC_TRUE; @@ -2074,7 +2950,8 @@ find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep, result = dns_rbtnodechain_prev(&search->chain, NULL, NULL); } - UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); } while (empty_node && result == ISC_R_SUCCESS); /* @@ -2103,12 +2980,12 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, isc_boolean_t at_zonecut = ISC_FALSE; isc_boolean_t wild; isc_boolean_t empty_node; - isc_mutex_t *lock; rdatasetheader_t *header, *header_next, *found, *nsecheader; rdatasetheader_t *foundsig, *cnamesig, *nsecsig; rbtdb_rdatatype_t sigtype; isc_boolean_t active; dns_rbtnodechain_t chain; + nodelock_t *lock; search.rbtdb = (dns_rbtdb_t *)db; @@ -2194,8 +3071,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, (search.options & DNS_DBFIND_FORCENSEC) != 0) { result = find_closest_nsec(&search, nodep, foundname, - rdataset, sigrdataset, - search.rbtdb->secure); + rdataset, sigrdataset, + search.rbtdb->secure); if (result == ISC_R_SUCCESS) result = active ? DNS_R_EMPTYNAME : DNS_R_NXDOMAIN; @@ -2243,7 +3120,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * We now go looking for rdata... */ - LOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + NODE_LOCK(&(search.rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); found = NULL; foundsig = NULL; @@ -2391,7 +3269,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * we really have a partial match. */ if (!wild) { - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + lock = &search.rbtdb->node_locks[node->locknum].lock; + NODE_UNLOCK(lock, isc_rwlocktype_read); goto partial_match; } } @@ -2401,16 +3280,17 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, */ if (found == NULL) { if (search.zonecut != NULL) { - /* - * We were trying to find glue at a node beneath a - * zone cut, but didn't. - * - * Return the delegation. - */ - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); - result = setup_delegation(&search, nodep, foundname, - rdataset, sigrdataset); - goto tree_exit; + /* + * We were trying to find glue at a node beneath a + * zone cut, but didn't. + * + * Return the delegation. + */ + lock = &search.rbtdb->node_locks[node->locknum].lock; + NODE_UNLOCK(lock, isc_rwlocktype_read); + result = setup_delegation(&search, nodep, foundname, + rdataset, sigrdataset); + goto tree_exit; } /* * The desired type doesn't exist. @@ -2426,11 +3306,12 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result = DNS_R_BADDB; goto node_exit; } - - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + + lock = &search.rbtdb->node_locks[node->locknum].lock; + NODE_UNLOCK(lock, isc_rwlocktype_read); result = find_closest_nsec(&search, nodep, foundname, - rdataset, sigrdataset, - search.rbtdb->secure); + rdataset, sigrdataset, + search.rbtdb->secure); if (result == ISC_R_SUCCESS) result = DNS_R_EMPTYWILD; goto tree_exit; @@ -2508,9 +3389,10 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, if (result == DNS_R_GLUE && (search.options & DNS_DBFIND_VALIDATEGLUE) != 0 && !valid_glue(&search, foundname, type, node)) { - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); - result = setup_delegation(&search, nodep, foundname, - rdataset, sigrdataset); + lock = &search.rbtdb->node_locks[node->locknum].lock; + NODE_UNLOCK(lock, isc_rwlocktype_read); + result = setup_delegation(&search, nodep, foundname, + rdataset, sigrdataset); goto tree_exit; } } else { @@ -2539,7 +3421,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, foundname->attributes |= DNS_NAMEATTR_WILDCARD; node_exit: - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); tree_exit: RWUNLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read); @@ -2552,14 +3435,11 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, node = search.zonecut; lock = &(search.rbtdb->node_locks[node->locknum].lock); - LOCK(lock); - INSIST(node->references > 0); - node->references--; - if (node->references == 0) - no_references(search.rbtdb, node, 0, - isc_rwlocktype_none); - - UNLOCK(lock); + NODE_LOCK(lock, isc_rwlocktype_read); + decrement_reference(search.rbtdb, node, 0, + isc_rwlocktype_read, isc_rwlocktype_none, + ISC_FALSE); + NODE_UNLOCK(lock, isc_rwlocktype_read); } if (close_version) @@ -2596,6 +3476,8 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { rdatasetheader_t *header, *header_prev, *header_next; rdatasetheader_t *dname_header, *sigdname_header; isc_result_t result; + nodelock_t *lock; + isc_rwlocktype_t locktype; /* XXX comment */ @@ -2606,7 +3488,9 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { */ UNUSED(name); - LOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + lock = &(search->rbtdb->node_locks[node->locknum].lock); + locktype = isc_rwlocktype_read; + NODE_LOCK(lock, locktype); /* * Look for a DNAME or RRSIG DNAME rdataset. @@ -2616,7 +3500,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (header->ttl <= search->now) { + if (header->rdh_ttl <= search->now) { /* * This rdataset is stale. If no one else is * using the node, we can clean it up right @@ -2624,21 +3508,50 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { * the node as dirty, so it will get cleaned * up later. */ - if (node->references == 0) { - INSIST(header->down == NULL); - if (header_prev != NULL) - header_prev->next = - header->next; - else - node->data = header->next; - free_rdataset(search->rbtdb->common.mctx, - header); - } else { - header->attributes |= - RDATASET_ATTR_STALE; - node->dirty = 1; + if ((header->rdh_ttl <= search->now - RBTDB_VIRTUAL) && + (locktype == isc_rwlocktype_write || + NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { + /* + * We update the node's status only when we + * can get write access; otherwise, we leave + * others to this work. Periodical cleaning + * will eventually take the job as the last + * resort. + * We won't downgrade the lock, since other + * rdatasets are probably stale, too. + */ + locktype = isc_rwlocktype_write; + + if (dns_rbtnode_refcurrent(node) == 0) { + isc_mem_t *mctx; + + /* + * header->down can be non-NULL if the + * refcount has just decremented to 0 + * but decrement_reference() has not + * performed clean_cache_node(), in + * which case we need to purge the + * stale headers first. + */ + mctx = search->rbtdb->common.mctx; + clean_stale_headers(search->rbtdb, + mctx, + header); + if (header_prev != NULL) + header_prev->next = + header->next; + else + node->data = header->next; + free_rdataset(search->rbtdb, mctx, + header); + } else { + header->attributes |= + RDATASET_ATTR_STALE; + node->dirty = 1; + header_prev = header; + } + } else header_prev = header; - } } else if (header->type == dns_rdatatype_dname && EXISTS(header)) { dname_header = header; @@ -2659,6 +3572,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { * search->zonecut_rdataset will still be valid later. */ new_reference(search->rbtdb, node); + INSIST(!ISC_LINK_LINKED(node, deadlink)); search->zonecut = node; search->zonecut_rdataset = dname_header; search->zonecut_sigrdataset = sigdname_header; @@ -2667,7 +3581,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { } else result = DNS_R_CONTINUE; - UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(lock, locktype); return (result); } @@ -2685,6 +3599,8 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, dns_name_t name; dns_rbtdb_t *rbtdb; isc_boolean_t done; + nodelock_t *lock; + isc_rwlocktype_t locktype; /* * Caller must be holding the tree lock. @@ -2694,7 +3610,9 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, i = search->chain.level_matches; done = ISC_FALSE; do { - LOCK(&(rbtdb->node_locks[node->locknum].lock)); + locktype = isc_rwlocktype_read; + lock = &rbtdb->node_locks[node->locknum].lock; + NODE_LOCK(lock, locktype); /* * Look for NS and RRSIG NS rdatasets. @@ -2706,7 +3624,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, header != NULL; header = header_next) { header_next = header->next; - if (header->ttl <= search->now) { + if (header->rdh_ttl <= search->now) { /* * This rdataset is stale. If no one else is * using the node, we can clean it up right @@ -2714,21 +3632,40 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, * the node as dirty, so it will get cleaned * up later. */ - if (node->references == 0) { - INSIST(header->down == NULL); - if (header_prev != NULL) - header_prev->next = - header->next; - else - node->data = header->next; - free_rdataset(rbtdb->common.mctx, - header); - } else { - header->attributes |= - RDATASET_ATTR_STALE; - node->dirty = 1; + if ((header->rdh_ttl <= search->now - + RBTDB_VIRTUAL) && + (locktype == isc_rwlocktype_write || + NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { + /* + * We update the node's status only + * when we can get write access. + */ + locktype = isc_rwlocktype_write; + + if (dns_rbtnode_refcurrent(node) + == 0) { + isc_mem_t *m; + + m = search->rbtdb->common.mctx; + clean_stale_headers( + search->rbtdb, + m, header); + if (header_prev != NULL) + header_prev->next = + header->next; + else + node->data = + header->next; + free_rdataset(rbtdb, m, + header); + } else { + header->attributes |= + RDATASET_ATTR_STALE; + node->dirty = 1; + header_prev = header; + } + } else header_prev = header; - } } else if (EXISTS(header)) { /* * We've found an extant rdataset. See if @@ -2789,10 +3726,27 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, if (foundsig != NULL) bind_rdataset(search->rbtdb, node, foundsig, search->now, sigrdataset); + if (need_headerupdate(found, search->now) || + (foundsig != NULL && + need_headerupdate(foundsig, search->now))) { + if (locktype != isc_rwlocktype_write) { + NODE_UNLOCK(lock, locktype); + NODE_LOCK(lock, isc_rwlocktype_write); + locktype = isc_rwlocktype_write; + } + if (need_headerupdate(found, search->now)) + update_header(search->rbtdb, found, + search->now); + if (foundsig != NULL && + need_headerupdate(foundsig, search->now)) { + update_header(search->rbtdb, foundsig, + search->now); + } + } } node_exit: - UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(lock, locktype); if (found == NULL && i > 0) { i--; @@ -2818,11 +3772,13 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, dns_fixedname_t fname, forigin; dns_name_t *name, *origin; rbtdb_rdatatype_t matchtype, sigmatchtype; + nodelock_t *lock; + isc_rwlocktype_t locktype; matchtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_nsec, 0); sigmatchtype = RBTDB_RDATATYPE_VALUE(dns_rdatatype_rrsig, dns_rdatatype_nsec); - + do { node = NULL; dns_fixedname_init(&fname); @@ -2833,7 +3789,9 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, origin, &node); if (result != ISC_R_SUCCESS) return (result); - LOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + locktype = isc_rwlocktype_read; + lock = &(search->rbtdb->node_locks[node->locknum].lock); + NODE_LOCK(lock, locktype); found = NULL; foundsig = NULL; empty_node = ISC_TRUE; @@ -2842,34 +3800,50 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, header != NULL; header = header_next) { header_next = header->next; - if (header->ttl <= now) { + if (header->rdh_ttl <= now) { /* * This rdataset is stale. If no one else is * using the node, we can clean it up right * now, otherwise we mark it as stale, and the - * node as dirty, so it will get cleaned up + * node as dirty, so it will get cleaned up * later. */ - if (header->ttl > search->now - RBTDB_VIRTUAL) - header_prev = header; - else if (node->references == 0) { - INSIST(header->down == NULL); - if (header_prev != NULL) - header_prev->next = - header->next; - else - node->data = header->next; - free_rdataset(search->rbtdb->common.mctx, - header); - } else { - header->attributes |= - RDATASET_ATTR_STALE; - node->dirty = 1; + if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + (locktype == isc_rwlocktype_write || + NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { + /* + * We update the node's status only + * when we can get write access. + */ + locktype = isc_rwlocktype_write; + + if (dns_rbtnode_refcurrent(node) + == 0) { + isc_mem_t *m; + + m = search->rbtdb->common.mctx; + clean_stale_headers( + search->rbtdb, + m, header); + if (header_prev != NULL) + header_prev->next = + header->next; + else + node->data = header->next; + free_rdataset(search->rbtdb, m, + header); + } else { + header->attributes |= + RDATASET_ATTR_STALE; + node->dirty = 1; + header_prev = header; + } + } else header_prev = header; - } continue; } - if (NONEXISTENT(header) || NXDOMAIN(header)) { + if (NONEXISTENT(header) || + RBTDB_RDATATYPE_BASE(header->type) == 0) { header_prev = header; continue; } @@ -2895,11 +3869,11 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, result = DNS_R_COVERINGNSEC; } else if (!empty_node) { result = ISC_R_NOTFOUND; - }else + } else result = dns_rbtnodechain_prev(&search->chain, NULL, NULL); unlock_node: - UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(lock, locktype); } while (empty_node && result == ISC_R_SUCCESS); return (result); } @@ -2915,10 +3889,12 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, rbtdb_search_t search; isc_boolean_t cname_ok = ISC_TRUE; isc_boolean_t empty_node; - isc_mutex_t *lock; + nodelock_t *lock; + isc_rwlocktype_t locktype; rdatasetheader_t *header, *header_prev, *header_next; rdatasetheader_t *found, *nsheader; rdatasetheader_t *foundsig, *nssig, *cnamesig; + rdatasetheader_t *update, *updatesig; rbtdb_rdatatype_t sigtype, negtype; UNUSED(version); @@ -2941,6 +3917,8 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, dns_fixedname_init(&search.zonecut_name); dns_rbtnodechain_init(&search.chain, search.rbtdb->common.mctx); search.now = now; + update = NULL; + updatesig = NULL; RWLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read); @@ -2989,7 +3967,9 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * We now go looking for rdata... */ - LOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + lock = &(search.rbtdb->node_locks[node->locknum].lock); + locktype = isc_rwlocktype_read; + NODE_LOCK(lock, locktype); found = NULL; foundsig = NULL; @@ -3002,28 +3982,43 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (header->ttl <= now) { + if (header->rdh_ttl <= now) { /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we * mark it as stale, and the node as dirty, so it will * get cleaned up later. */ - if (header->ttl > now - RBTDB_VIRTUAL) - header_prev = header; - else if (node->references == 0) { - INSIST(header->down == NULL); - if (header_prev != NULL) - header_prev->next = header->next; - else - node->data = header->next; - free_rdataset(search.rbtdb->common.mctx, - header); - } else { - header->attributes |= RDATASET_ATTR_STALE; - node->dirty = 1; + if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + (locktype == isc_rwlocktype_write || + NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { + /* + * We update the node's status only when we + * can get write access. + */ + locktype = isc_rwlocktype_write; + + if (dns_rbtnode_refcurrent(node) == 0) { + isc_mem_t *mctx; + + mctx = search.rbtdb->common.mctx; + clean_stale_headers(search.rbtdb, mctx, + header); + if (header_prev != NULL) + header_prev->next = + header->next; + else + node->data = header->next; + free_rdataset(search.rbtdb, mctx, + header); + } else { + header->attributes |= + RDATASET_ATTR_STALE; + node->dirty = 1; + header_prev = header; + } + } else header_prev = header; - } } else if (EXISTS(header)) { /* * We now know that there is at least one active @@ -3103,7 +4098,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * extant rdatasets. That means that this node doesn't * meaningfully exist, and that we really have a partial match. */ - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(lock, locktype); goto find_ns; } @@ -3122,13 +4117,19 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, if (nsheader != NULL) { if (nodep != NULL) { new_reference(search.rbtdb, node); + INSIST(!ISC_LINK_LINKED(node, deadlink)); *nodep = node; } bind_rdataset(search.rbtdb, node, nsheader, search.now, rdataset); - if (nssig != NULL) + if (need_headerupdate(nsheader, search.now)) + update = nsheader; + if (nssig != NULL) { bind_rdataset(search.rbtdb, node, nssig, search.now, sigrdataset); + if (need_headerupdate(nssig, search.now)) + updatesig = nssig; + } result = DNS_R_DELEGATION; goto node_exit; } @@ -3136,7 +4137,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, /* * Go find the deepest zone cut. */ - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(lock, locktype); goto find_ns; } @@ -3146,6 +4147,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, if (nodep != NULL) { new_reference(search.rbtdb, node); + INSIST(!ISC_LINK_LINKED(node, deadlink)); *nodep = node; } @@ -3177,13 +4179,29 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result == DNS_R_NCACHENXRRSET) { bind_rdataset(search.rbtdb, node, found, search.now, rdataset); - if (foundsig != NULL) + if (need_headerupdate(found, search.now)) + update = found; + if (foundsig != NULL) { bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); + if (need_headerupdate(foundsig, search.now)) + updatesig = foundsig; + } } node_exit: - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + if ((update != NULL || updatesig != NULL) && + locktype != isc_rwlocktype_write) { + NODE_UNLOCK(lock, locktype); + NODE_LOCK(lock, isc_rwlocktype_write); + locktype = isc_rwlocktype_write; + } + if (update != NULL && need_headerupdate(update, search.now)) + update_header(search.rbtdb, update, search.now); + if (updatesig != NULL && need_headerupdate(updatesig, search.now)) + update_header(search.rbtdb, updatesig, search.now); + + NODE_UNLOCK(lock, locktype); tree_exit: RWUNLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read); @@ -3196,13 +4214,11 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, node = search.zonecut; lock = &(search.rbtdb->node_locks[node->locknum].lock); - LOCK(lock); - INSIST(node->references > 0); - node->references--; - if (node->references == 0) - no_references(search.rbtdb, node, 0, - isc_rwlocktype_none); - UNLOCK(lock); + NODE_LOCK(lock, isc_rwlocktype_read); + decrement_reference(search.rbtdb, node, 0, + isc_rwlocktype_read, isc_rwlocktype_none, + ISC_FALSE); + NODE_UNLOCK(lock, isc_rwlocktype_read); } dns_rbtnodechain_reset(&search.chain); @@ -3217,11 +4233,13 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) { dns_rbtnode_t *node = NULL; + nodelock_t *lock; isc_result_t result; rbtdb_search_t search; rdatasetheader_t *header, *header_prev, *header_next; rdatasetheader_t *found, *foundsig; unsigned int rbtoptions = DNS_RBTFIND_EMPTYDATA; + isc_rwlocktype_t locktype; search.rbtdb = (dns_rbtdb_t *)db; @@ -3264,35 +4282,52 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, * We now go looking for an NS rdataset at the node. */ - LOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + lock = &(search.rbtdb->node_locks[node->locknum].lock); + locktype = isc_rwlocktype_read; + NODE_LOCK(lock, locktype); found = NULL; foundsig = NULL; header_prev = NULL; for (header = node->data; header != NULL; header = header_next) { header_next = header->next; - if (header->ttl <= now) { + if (header->rdh_ttl <= now) { /* * This rdataset is stale. If no one else is using the * node, we can clean it up right now, otherwise we * mark it as stale, and the node as dirty, so it will * get cleaned up later. */ - if (header->ttl > now - RBTDB_VIRTUAL) - header_prev = header; - else if (node->references == 0) { - INSIST(header->down == NULL); - if (header_prev != NULL) - header_prev->next = header->next; - else - node->data = header->next; - free_rdataset(search.rbtdb->common.mctx, - header); - } else { - header->attributes |= RDATASET_ATTR_STALE; - node->dirty = 1; + if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + (locktype == isc_rwlocktype_write || + NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { + /* + * We update the node's status only when we + * can get write access. + */ + locktype = isc_rwlocktype_write; + + if (dns_rbtnode_refcurrent(node) == 0) { + isc_mem_t *mctx; + + mctx = search.rbtdb->common.mctx; + clean_stale_headers(search.rbtdb, mctx, + header); + if (header_prev != NULL) + header_prev->next = + header->next; + else + node->data = header->next; + free_rdataset(search.rbtdb, mctx, + header); + } else { + header->attributes |= + RDATASET_ATTR_STALE; + node->dirty = 1; + header_prev = header; + } + } else header_prev = header; - } } else if (EXISTS(header)) { /* * If we found a type we were looking for, remember @@ -3321,12 +4356,13 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, /* * No NS records here. */ - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + NODE_UNLOCK(lock, locktype); goto find_ns; } if (nodep != NULL) { new_reference(search.rbtdb, node); + INSIST(!ISC_LINK_LINKED(node, deadlink)); *nodep = node; } @@ -3335,7 +4371,22 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, bind_rdataset(search.rbtdb, node, foundsig, search.now, sigrdataset); - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + if (need_headerupdate(found, search.now) || + (foundsig != NULL && need_headerupdate(foundsig, search.now))) { + if (locktype != isc_rwlocktype_write) { + NODE_UNLOCK(lock, locktype); + NODE_LOCK(lock, isc_rwlocktype_write); + locktype = isc_rwlocktype_write; + } + if (need_headerupdate(found, search.now)) + update_header(search.rbtdb, found, search.now); + if (foundsig != NULL && + need_headerupdate(foundsig, search.now)) { + update_header(search.rbtdb, foundsig, search.now); + } + } + + NODE_UNLOCK(lock, locktype); tree_exit: RWUNLOCK(&search.rbtdb->tree_lock, isc_rwlocktype_read); @@ -3354,15 +4405,15 @@ static void attachnode(dns_db_t *db, dns_dbnode_t *source, dns_dbnode_t **targetp) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; dns_rbtnode_t *node = (dns_rbtnode_t *)source; + unsigned int refs; REQUIRE(VALID_RBTDB(rbtdb)); REQUIRE(targetp != NULL && *targetp == NULL); - LOCK(&rbtdb->node_locks[node->locknum].lock); - INSIST(node->references > 0); - node->references++; - INSIST(node->references != 0); /* Catch overflow. */ - UNLOCK(&rbtdb->node_locks[node->locknum].lock); + NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock); + dns_rbtnode_refincrement(node, &refs); + INSIST(refs != 0); + NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock); *targetp = source; } @@ -3373,35 +4424,34 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) { dns_rbtnode_t *node; isc_boolean_t want_free = ISC_FALSE; isc_boolean_t inactive = ISC_FALSE; - unsigned int locknum; + rbtdb_nodelock_t *nodelock; REQUIRE(VALID_RBTDB(rbtdb)); REQUIRE(targetp != NULL && *targetp != NULL); node = (dns_rbtnode_t *)(*targetp); - locknum = node->locknum; + nodelock = &rbtdb->node_locks[node->locknum]; - LOCK(&rbtdb->node_locks[locknum].lock); + NODE_LOCK(&nodelock->lock, isc_rwlocktype_read); - INSIST(node->references > 0); - node->references--; - if (node->references == 0) { - no_references(rbtdb, node, 0, isc_rwlocktype_none); - if (rbtdb->node_locks[locknum].references == 0 && - rbtdb->node_locks[locknum].exiting) + if (decrement_reference(rbtdb, node, 0, isc_rwlocktype_read, + isc_rwlocktype_none, ISC_FALSE)) { + if (isc_refcount_current(&nodelock->references) == 0 && + nodelock->exiting) { inactive = ISC_TRUE; + } } - UNLOCK(&rbtdb->node_locks[locknum].lock); + NODE_UNLOCK(&nodelock->lock, isc_rwlocktype_read); *targetp = NULL; if (inactive) { - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); rbtdb->active--; if (rbtdb->active == 0) want_free = ISC_TRUE; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); if (want_free) { char buf[DNS_NAME_FORMATSIZE]; if (dns_name_dynamic(&rbtdb->common.origin)) @@ -3452,8 +4502,8 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { /* * Note that 'log' can be true IFF rbtdb->overmem is also true. - * rbtdb->ovemem can currently only be true for cache databases - * -- hence all of the "overmem cache" log strings. + * rbtdb->overmem can currently only be true for cache + * databases -- hence all of the "overmem cache" log strings. */ log = ISC_TF(isc_log_wouldlog(dns_lctx, level)); if (log) @@ -3465,14 +4515,19 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { sizeof(printname))); } - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + /* + * We may not need write access, but this code path is not performance + * sensitive, so it should be okay to always lock as a writer. + */ + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); for (header = rbtnode->data; header != NULL; header = header->next) - if (header->ttl <= now - RBTDB_VIRTUAL) { + if (header->rdh_ttl <= now - RBTDB_VIRTUAL) { /* - * We don't check if rbtnode->references == 0 and try + * We don't check if refcurrent(rbtnode) == 0 and try * to free like we do in cache_find(), because - * rbtnode->references must be non-zero. This is so + * refcurrent(rbtnode) must be non-zero. This is so * because 'node' is an argument to the function. */ header->attributes |= RDATASET_ATTR_STALE; @@ -3483,7 +4538,7 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { printname); } else if (force_expire) { if (! RETAIN(header)) { - header->ttl = 0; + set_ttl(rbtdb, header, 0); header->attributes |= RDATASET_ATTR_STALE; rbtnode->dirty = 1; } else if (log) { @@ -3496,7 +4551,8 @@ expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { isc_log_write(dns_lctx, category, module, level, "overmem cache: saved %s", printname); - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); return (ISC_R_SUCCESS); } @@ -3505,9 +4561,8 @@ static void overmem(dns_db_t *db, isc_boolean_t overmem) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; - if (IS_CACHE(rbtdb)) { + if (IS_CACHE(rbtdb)) rbtdb->overmem = overmem; - } } static void @@ -3518,10 +4573,12 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) { REQUIRE(VALID_RBTDB(rbtdb)); - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); fprintf(out, "node %p, %u references, locknum = %u\n", - rbtnode, rbtnode->references, rbtnode->locknum); + rbtnode, dns_rbtnode_refcurrent(rbtnode), + rbtnode->locknum); if (rbtnode->data != NULL) { rdatasetheader_t *current, *top_next; @@ -3538,7 +4595,7 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) { "\tserial = %lu, ttl = %u, " "trust = %u, attributes = %u\n", (unsigned long)current->serial, - current->ttl, + current->rdh_ttl, current->trust, current->attributes); current = current->down; @@ -3547,7 +4604,8 @@ printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) { } else fprintf(out, "(empty)\n"); - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); } static isc_result_t @@ -3608,7 +4666,8 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, serial = rbtversion->serial; now = 0; - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); found = NULL; foundsig = NULL; @@ -3656,7 +4715,8 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, sigrdataset); } - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); if (close_version) closeversion(db, (dns_dbversion_t **) (void *)(&rbtversion), @@ -3679,6 +4739,8 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, rdatasetheader_t *header, *header_next, *found, *foundsig; rbtdb_rdatatype_t matchtype, sigmatchtype, negtype; isc_result_t result; + nodelock_t *lock; + isc_rwlocktype_t locktype; REQUIRE(VALID_RBTDB(rbtdb)); REQUIRE(type != dns_rdatatype_any); @@ -3690,7 +4752,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if (now == 0) isc_stdtime_get(&now); - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + lock = &rbtdb->node_locks[rbtnode->locknum].lock; + locktype = isc_rwlocktype_read; + NODE_LOCK(lock, locktype); found = NULL; foundsig = NULL; @@ -3703,14 +4767,23 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, for (header = rbtnode->data; header != NULL; header = header_next) { header_next = header->next; - if (header->ttl <= now) { - /* - * We don't check if rbtnode->references == 0 and try - * to free like we do in cache_find(), because - * rbtnode->references must be non-zero. This is so - * because 'node' is an argument to the function. - */ - if (header->ttl <= now - RBTDB_VIRTUAL) { + if (header->rdh_ttl <= now) { + if ((header->rdh_ttl <= now - RBTDB_VIRTUAL) && + (locktype == isc_rwlocktype_write || + NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) { + /* + * We update the node's status only when we + * can get write access. + */ + locktype = isc_rwlocktype_write; + + /* + * We don't check if refcurrent(rbtnode) == 0 + * and try to free like we do in cache_find(), + * because refcurrent(rbtnode) must be + * non-zero. This is so because 'node' is an + * argument to the function. + */ header->attributes |= RDATASET_ATTR_STALE; rbtnode->dirty = 1; } @@ -3731,7 +4804,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, sigrdataset); } - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(lock, locktype); if (found == NULL) return (ISC_R_NOTFOUND); @@ -3757,6 +4830,7 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, dns_rbtnode_t *rbtnode = (dns_rbtnode_t *)node; rbtdb_version_t *rbtversion = version; rbtdb_rdatasetiter_t *iterator; + unsigned int refs; REQUIRE(VALID_RBTDB(rbtdb)); @@ -3770,11 +4844,11 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, currentversion(db, (dns_dbversion_t **) (void *)(&rbtversion)); else { - LOCK(&rbtdb->lock); - INSIST(rbtversion->references > 0); - rbtversion->references++; - INSIST(rbtversion->references != 0); - UNLOCK(&rbtdb->lock); + unsigned int refs; + + isc_refcount_increment(&rbtversion->references, + &refs); + INSIST(refs > 1); } } else { if (now == 0) @@ -3789,14 +4863,14 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, iterator->common.version = (dns_dbversion_t *)rbtversion; iterator->common.now = now; - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_STRONGLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + + dns_rbtnode_refincrement(rbtnode, &refs); + INSIST(refs != 0); - INSIST(rbtnode->references > 0); - rbtnode->references++; - INSIST(rbtnode->references != 0); iterator->current = NULL; - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_STRONGUNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); *iteratorp = (dns_rdatasetiter_t *)iterator; @@ -3844,19 +4918,15 @@ cname_and_other_data(dns_rbtnode_t *node, rbtdb_serial_t serial) { * Look for active extant "other data". * * "Other data" is any rdataset whose type is not - * KEY, RRSIG KEY, NSEC, RRSIG NSEC or RRSIG CNAME. + * KEY, NSEC, SIG or RRSIG. */ rdtype = RBTDB_RDATATYPE_BASE(header->type); - if (rdtype == dns_rdatatype_rrsig || - rdtype == dns_rdatatype_sig) - rdtype = RBTDB_RDATATYPE_EXT(header->type); - if (rdtype != dns_rdatatype_nsec && - rdtype != dns_rdatatype_key && - rdtype != dns_rdatatype_cname) { + if (rdtype != dns_rdatatype_key && + rdtype != dns_rdatatype_sig && + rdtype != dns_rdatatype_nsec && + rdtype != dns_rdatatype_rrsig) { /* - * We've found a type that isn't - * NSEC, KEY, CNAME, or one of their - * signatures. Is it active and extant? + * Is it active and extant? */ do { if (header->serial <= serial && @@ -3926,7 +4996,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, */ changed = add_changed(rbtdb, rbtversion, rbtnode); if (changed == NULL) { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); return (ISC_R_NOMEMORY); } } @@ -3955,7 +5025,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, for (topheader = rbtnode->data; topheader != NULL; topheader = topheader->next) { - topheader->ttl = 0; + set_ttl(rbtdb, topheader, 0); topheader->attributes |= RDATASET_ATTR_STALE; } @@ -3973,12 +5043,12 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, for (topheader = rbtnode->data; topheader != NULL; topheader = topheader->next) { - if (topheader->type == + if (topheader->type == RBTDB_RDATATYPE_NCACHEANY) break; } if (topheader != NULL && EXISTS(topheader) && - topheader->ttl > now) { + topheader->rdh_ttl > now) { /* * Found one. */ @@ -3987,7 +5057,8 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * The NXDOMAIN/NODATA(QTYPE=ANY) * is more trusted. */ - free_rdataset(rbtdb->common.mctx, + free_rdataset(rbtdb, + rbtdb->common.mctx, newheader); if (addedrdataset != NULL) bind_rdataset(rbtdb, rbtnode, @@ -3999,7 +5070,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * The new rdataset is better. Expire the * NXDOMAIN/NODATA(QTYPE=ANY). */ - topheader->ttl = 0; + set_ttl(rbtdb, topheader, 0); topheader->attributes |= RDATASET_ATTR_STALE; rbtnode->dirty = 1; topheader = NULL; @@ -4034,7 +5105,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * Deleting an already non-existent rdataset has no effect. */ if (header_nx && newheader_nx) { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); return (DNS_R_UNCHANGED); } @@ -4043,8 +5114,8 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * has no effect, provided that the cache data isn't stale. */ if (rbtversion == NULL && trust < header->trust && - (header->ttl > now || header_nx)) { - free_rdataset(rbtdb->common.mctx, newheader); + (header->rdh_ttl > now || header_nx)) { + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); if (addedrdataset != NULL) bind_rdataset(rbtdb, rbtnode, header, now, addedrdataset); @@ -4066,13 +5137,13 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, INSIST(rbtversion->serial >= header->serial); merged = NULL; result = ISC_R_SUCCESS; - + if ((options & DNS_DBADD_EXACT) != 0) flags |= DNS_RDATASLAB_EXACT; if ((options & DNS_DBADD_EXACTTTL) != 0 && - newheader->ttl != header->ttl) + newheader->rdh_ttl != header->rdh_ttl) result = DNS_R_NOTEXACT; - else if (newheader->ttl != header->ttl) + else if (newheader->rdh_ttl != header->rdh_ttl) flags |= DNS_RDATASLAB_FORCE; if (result == ISC_R_SUCCESS) result = dns_rdataslab_merge( @@ -4092,10 +5163,12 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * alone. It will get cleaned up when * clean_zone_node() runs. */ - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, + newheader); newheader = (rdatasetheader_t *)merged; } else { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, + newheader); return (result); } } @@ -4106,52 +5179,52 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * Don't lower trust of existing record if the * update is forced. */ - if (IS_CACHE(rbtdb) && header->ttl > now && + if (IS_CACHE(rbtdb) && header->rdh_ttl > now && header->type == dns_rdatatype_ns && !header_nx && !newheader_nx && header->trust >= newheader->trust && dns_rdataslab_equalx((unsigned char *)header, (unsigned char *)newheader, - (unsigned int)(sizeof(*newheader)), + (unsigned int)(sizeof(*newheader)), rbtdb->common.rdclass, - (dns_rdatatype_t)header->type)) { + (dns_rdatatype_t)header->type)) { /* * Honour the new ttl if it is less than the * older one. */ - if (header->ttl > newheader->ttl) - header->ttl = newheader->ttl; + if (header->rdh_ttl > newheader->rdh_ttl) + set_ttl(rbtdb, header, newheader->rdh_ttl); if (header->noqname == NULL && newheader->noqname != NULL) { header->noqname = newheader->noqname; newheader->noqname = NULL; } - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); if (addedrdataset != NULL) bind_rdataset(rbtdb, rbtnode, header, now, addedrdataset); return (ISC_R_SUCCESS); } - if (IS_CACHE(rbtdb) && header->ttl > now && + if (IS_CACHE(rbtdb) && header->rdh_ttl > now && (header->type == dns_rdatatype_a || header->type == dns_rdatatype_aaaa) && !header_nx && !newheader_nx && header->trust >= newheader->trust && dns_rdataslab_equal((unsigned char *)header, (unsigned char *)newheader, - (unsigned int)(sizeof(*newheader)))) { + (unsigned int)(sizeof(*newheader)))) { /* * Honour the new ttl if it is less than the * older one. */ - if (header->ttl > newheader->ttl) - header->ttl = newheader->ttl; + if (header->rdh_ttl > newheader->rdh_ttl) + set_ttl(rbtdb, header, newheader->rdh_ttl); if (header->noqname == NULL && newheader->noqname != NULL) { header->noqname = newheader->noqname; newheader->noqname = NULL; } - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); if (addedrdataset != NULL) bind_rdataset(rbtdb, rbtnode, header, now, addedrdataset); @@ -4172,7 +5245,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * loading, we MUST clean up 'header' now. */ newheader->down = NULL; - free_rdataset(rbtdb->common.mctx, header); + free_rdataset(rbtdb, rbtdb->common.mctx, header); } else { newheader->down = topheader; topheader->next = newheader; @@ -4180,9 +5253,24 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, if (changed != NULL) changed->dirty = ISC_TRUE; if (rbtversion == NULL) { - header->ttl = 0; + set_ttl(rbtdb, header, 0); header->attributes |= RDATASET_ATTR_STALE; } + if (IS_CACHE(rbtdb)) { + int idx = newheader->node->locknum; + + ISC_LIST_PREPEND(rbtdb->rdatasets[idx], + newheader, lru_link); + + /* + * XXXMLG We don't check the return value + * here. If it fails, we will not do TTL + * based expiry on this node. However, we + * will do it on the LRU side, so memory + * will not leak... for long. + */ + isc_heap_insert(rbtdb->heaps[idx], newheader); + } } } else { /* @@ -4194,7 +5282,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * If we're trying to delete the type, don't bother. */ if (newheader_nx) { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); return (DNS_R_UNCHANGED); } @@ -4228,6 +5316,12 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, newheader->down = NULL; rbtnode->data = newheader; } + if (IS_CACHE(rbtdb)) { + int idx = newheader->node->locknum; + ISC_LIST_PREPEND(rbtdb->rdatasets[idx], + newheader, lru_link); + isc_heap_insert(rbtdb->heaps[idx], newheader); + } } /* @@ -4318,8 +5412,10 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, rbtdb_version_t *rbtversion = version; isc_region_t region; rdatasetheader_t *newheader; + rdatasetheader_t *header; isc_result_t result; isc_boolean_t delegating; + isc_boolean_t tree_locked = ISC_FALSE; REQUIRE(VALID_RBTDB(rbtdb)); @@ -4336,13 +5432,18 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, return (result); newheader = (rdatasetheader_t *)region.base; - newheader->ttl = rdataset->ttl + now; + init_rdataset(rbtdb, newheader); + set_ttl(rbtdb, newheader, rdataset->ttl + now); newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type, rdataset->covers); newheader->attributes = 0; newheader->noqname = NULL; - newheader->count = 0; + newheader->count = init_count++; newheader->trust = rdataset->trust; + newheader->additional_auth = NULL; + newheader->additional_glue = NULL; + newheader->last_used = now; + newheader->node = rbtnode; if (rbtversion != NULL) { newheader->serial = rbtversion->serial; now = 0; @@ -4353,7 +5454,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if ((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0) { result = addnoqname(rbtdb, newheader, rdataset); if (result != ISC_R_SUCCESS) { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, + newheader); return (result); } } @@ -4362,30 +5464,68 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, /* * If we're adding a delegation type (e.g. NS or DNAME for a zone, * just DNAME for the cache), then we need to set the callback bit - * on the node, and to do that we must be holding an exclusive lock - * on the tree. + * on the node. */ - if (delegating_type(rbtdb, rbtnode, rdataset->type)) { + if (delegating_type(rbtdb, rbtnode, rdataset->type)) delegating = ISC_TRUE; - RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); - } else + else delegating = ISC_FALSE; - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + /* + * If we're adding a delegation type or the DB is a cache in an overmem + * state, hold an exclusive lock on the tree. In the latter case + * the lock does not necessarily have to be acquired but it will help + * purge stale entries more effectively. + */ + if (delegating || (IS_CACHE(rbtdb) && rbtdb->overmem)) { + tree_locked = ISC_TRUE; + RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); + } + + if (IS_CACHE(rbtdb) && rbtdb->overmem) + overmem_purge(rbtdb, rbtnode->locknum, now, tree_locked); + + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); + + if (rbtdb->rrsetstats != NULL) { + newheader->attributes |= RDATASET_ATTR_STATCOUNT; + update_rrsetstats(rbtdb, newheader, ISC_TRUE); + } + + if (IS_CACHE(rbtdb)) { + if (tree_locked) + cleanup_dead_nodes(rbtdb, rbtnode->locknum); + + header = isc_heap_element(rbtdb->heaps[rbtnode->locknum], 1); + if (header && header->rdh_ttl <= now - RBTDB_VIRTUAL) + expire_header(rbtdb, header, tree_locked); + + /* + * If we've been holding a write lock on the tree just for + * cleaning, we can release it now. However, we still need the + * node lock. + */ + if (tree_locked && !delegating) { + RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); + tree_locked = ISC_FALSE; + } + } result = add(rbtdb, rbtnode, rbtversion, newheader, options, ISC_FALSE, addedrdataset, now); if (result == ISC_R_SUCCESS && delegating) rbtnode->find_callback = 1; - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); - if (delegating) + if (tree_locked) RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); /* * Update the zone's secure status. If version is non-NULL - * this is defered until closeversion() is called. + * this is deferred until closeversion() is called. */ if (result == ISC_R_SUCCESS && version == NULL && !IS_CACHE(rbtdb)) rbtdb->secure = iszonesecure(db, rbtdb->origin_node); @@ -4415,21 +5555,28 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if (result != ISC_R_SUCCESS) return (result); newheader = (rdatasetheader_t *)region.base; - newheader->ttl = rdataset->ttl; + init_rdataset(rbtdb, newheader); + set_ttl(rbtdb, newheader, rdataset->ttl); newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type, rdataset->covers); newheader->attributes = 0; newheader->serial = rbtversion->serial; newheader->trust = 0; newheader->noqname = NULL; - newheader->count = 0; + newheader->count = init_count++; + newheader->additional_auth = NULL; + newheader->additional_glue = NULL; + newheader->last_used = 0; + newheader->node = rbtnode; - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); changed = add_changed(rbtdb, rbtversion, rbtnode); if (changed == NULL) { - free_rdataset(rbtdb->common.mctx, newheader); - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); return (ISC_R_NOMEMORY); } @@ -4455,7 +5602,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, result = ISC_R_SUCCESS; if ((options & DNS_DBSUB_EXACT) != 0) { flags |= DNS_RDATASLAB_EXACT; - if (newheader->ttl != header->ttl) + if (newheader->rdh_ttl != header->rdh_ttl) result = DNS_R_NOTEXACT; } if (result == ISC_R_SUCCESS) @@ -4468,7 +5615,7 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, (dns_rdatatype_t)header->type, flags, &subresult); if (result == ISC_R_SUCCESS) { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); newheader = (rdatasetheader_t *)subresult; /* * We have to set the serial since the rdataslab @@ -4476,27 +5623,37 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * header, not newheader. */ newheader->serial = rbtversion->serial; + /* + * XXXJT: dns_rdataslab_subtract() copied the pointers + * to additional info. We need to clear these fields + * to avoid having duplicated references. + */ + newheader->additional_auth = NULL; + newheader->additional_glue = NULL; } else if (result == DNS_R_NXRRSET) { /* * This subtraction would remove all of the rdata; * add a nonexistent header instead. */ - free_rdataset(rbtdb->common.mctx, newheader); - newheader = isc_mem_get(rbtdb->common.mctx, - sizeof(*newheader)); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); + newheader = new_rdataset(rbtdb, rbtdb->common.mctx); if (newheader == NULL) { result = ISC_R_NOMEMORY; goto unlock; } - newheader->ttl = 0; + set_ttl(rbtdb, newheader, 0); newheader->type = topheader->type; newheader->attributes = RDATASET_ATTR_NONEXISTENT; newheader->trust = 0; newheader->serial = rbtversion->serial; newheader->noqname = NULL; newheader->count = 0; + newheader->additional_auth = NULL; + newheader->additional_glue = NULL; + newheader->node = rbtnode; + newheader->last_used = 0; } else { - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); goto unlock; } @@ -4519,22 +5676,23 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * The rdataset doesn't exist, so we don't need to do anything * to satisfy the deletion request. */ - free_rdataset(rbtdb->common.mctx, newheader); + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); if ((options & DNS_DBSUB_EXACT) != 0) result = DNS_R_NOTEXACT; else - result = DNS_R_UNCHANGED; + result = DNS_R_UNCHANGED; } if (result == ISC_R_SUCCESS && newrdataset != NULL) bind_rdataset(rbtdb, rbtnode, newheader, 0, newrdataset); unlock: - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); /* * Update the zone's secure status. If version is non-NULL - * this is defered until closeversion() is called. + * this is deferred until closeversion() is called. */ if (result == ISC_R_SUCCESS && version == NULL && !IS_CACHE(rbtdb)) rbtdb->secure = iszonesecure(db, rbtdb->origin_node); @@ -4559,30 +5717,36 @@ deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if (type == dns_rdatatype_rrsig && covers == 0) return (ISC_R_NOTIMPLEMENTED); - newheader = isc_mem_get(rbtdb->common.mctx, sizeof(*newheader)); + newheader = new_rdataset(rbtdb, rbtdb->common.mctx); if (newheader == NULL) return (ISC_R_NOMEMORY); - newheader->ttl = 0; + set_ttl(rbtdb, newheader, 0); newheader->type = RBTDB_RDATATYPE_VALUE(type, covers); newheader->attributes = RDATASET_ATTR_NONEXISTENT; newheader->trust = 0; newheader->noqname = NULL; + newheader->additional_auth = NULL; + newheader->additional_glue = NULL; if (rbtversion != NULL) newheader->serial = rbtversion->serial; else newheader->serial = 0; newheader->count = 0; + newheader->last_used = 0; + newheader->node = rbtnode; - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); result = add(rbtdb, rbtnode, rbtversion, newheader, DNS_DBADD_FORCE, ISC_FALSE, NULL, 0); - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_write); /* * Update the zone's secure status. If version is non-NULL - * this is defered until closeversion() is called. + * this is deferred until closeversion() is called. */ if (result == ISC_R_SUCCESS && version == NULL && !IS_CACHE(rbtdb)) rbtdb->secure = iszonesecure(db, rbtdb->origin_node); @@ -4648,14 +5812,21 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) { if (result != ISC_R_SUCCESS) return (result); newheader = (rdatasetheader_t *)region.base; - newheader->ttl = rdataset->ttl + loadctx->now; /* XXX overflow check */ + init_rdataset(rbtdb, newheader); + set_ttl(rbtdb, newheader, + rdataset->ttl + loadctx->now); /* XXX overflow check */ newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type, rdataset->covers); newheader->attributes = 0; newheader->trust = rdataset->trust; newheader->serial = 1; newheader->noqname = NULL; - newheader->count = 0; + newheader->count = init_count++; + newheader->additional_auth = NULL; + newheader->additional_glue = NULL; + /* won't be used, but initialize anyway */ + newheader->last_used = 0; + newheader->node = node; result = add(rbtdb, node, rbtdb->current_version, newheader, DNS_DBADD_MERGE, ISC_TRUE, NULL, 0); @@ -4687,13 +5858,13 @@ beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp) { else loadctx->now = 0; - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); REQUIRE((rbtdb->attributes & (RBTDB_ATTR_LOADED|RBTDB_ATTR_LOADING)) == 0); rbtdb->attributes |= RBTDB_ATTR_LOADING; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); *addp = loading_addrdataset; *dbloadp = loadctx; @@ -4711,7 +5882,7 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) { loadctx = *dbloadp; REQUIRE(loadctx->rbtdb == rbtdb); - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); REQUIRE((rbtdb->attributes & RBTDB_ATTR_LOADING) != 0); REQUIRE((rbtdb->attributes & RBTDB_ATTR_LOADED) == 0); @@ -4719,7 +5890,7 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) { rbtdb->attributes &= ~RBTDB_ATTR_LOADING; rbtdb->attributes |= RBTDB_ATTR_LOADED; - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); /* * If there's a KEY rdataset at the zone origin containing a @@ -4736,16 +5907,17 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) { } static isc_result_t -dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) { +dump(dns_db_t *db, dns_dbversion_t *version, const char *filename, + dns_masterformat_t masterformat) { dns_rbtdb_t *rbtdb; rbtdb = (dns_rbtdb_t *)db; REQUIRE(VALID_RBTDB(rbtdb)); - return (dns_master_dump(rbtdb->common.mctx, db, version, - &dns_master_style_default, - filename)); + return (dns_master_dump2(rbtdb->common.mctx, db, version, + &dns_master_style_default, + filename, masterformat)); } static void @@ -4755,7 +5927,7 @@ delete_callback(void *data, void *arg) { for (current = data; current != NULL; current = next) { next = current->next; - free_rdataset(rbtdb->common.mctx, current); + free_rdataset(rbtdb, rbtdb->common.mctx, current); } } @@ -4799,18 +5971,53 @@ settask(dns_db_t *db, isc_task_t *task) { REQUIRE(VALID_RBTDB(rbtdb)); - LOCK(&rbtdb->lock); + RBTDB_LOCK(&rbtdb->lock, isc_rwlocktype_write); if (rbtdb->task != NULL) isc_task_detach(&rbtdb->task); if (task != NULL) isc_task_attach(task, &rbtdb->task); - UNLOCK(&rbtdb->lock); + RBTDB_UNLOCK(&rbtdb->lock, isc_rwlocktype_write); +} + +static isc_boolean_t +ispersistent(dns_db_t *db) { + UNUSED(db); + return (ISC_FALSE); +} + +static isc_result_t +getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) { + dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; + dns_rbtnode_t *onode; + isc_result_t result = ISC_R_SUCCESS; + + REQUIRE(VALID_RBTDB(rbtdb)); + REQUIRE(nodep != NULL && *nodep == NULL); + + /* Note that the access to origin_node doesn't require a DB lock */ + onode = (dns_rbtnode_t *)rbtdb->origin_node; + if (onode != NULL) { + NODE_STRONGLOCK(&rbtdb->node_locks[onode->locknum].lock); + new_reference(rbtdb, onode); + NODE_STRONGUNLOCK(&rbtdb->node_locks[onode->locknum].lock); + + *nodep = rbtdb->origin_node; + } else { + INSIST(!IS_CACHE(rbtdb)); + result = ISC_R_NOTFOUND; + } + + return (result); } -static isc_boolean_t -ispersistent(dns_db_t *db) { - UNUSED(db); - return (ISC_FALSE); +static dns_stats_t * +getrrsetstats(dns_db_t *db) { + dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; + + REQUIRE(VALID_RBTDB(rbtdb)); + REQUIRE(IS_CACHE(rbtdb)); /* current restriction */ + + return (rbtdb->rrsetstats); } static dns_dbmethods_t zone_methods = { @@ -4840,7 +6047,10 @@ static dns_dbmethods_t zone_methods = { nodecount, ispersistent, overmem, - settask + settask, + getoriginnode, + NULL, + NULL }; static dns_dbmethods_t cache_methods = { @@ -4870,7 +6080,10 @@ static dns_dbmethods_t cache_methods = { nodecount, ispersistent, overmem, - settask + settask, + getoriginnode, + NULL, + getrrsetstats }; isc_result_t @@ -4896,6 +6109,7 @@ dns_rbtdb_create rbtdb = isc_mem_get(mctx, sizeof(*rbtdb)); if (rbtdb == NULL) return (ISC_R_NOMEMORY); + memset(rbtdb, '\0', sizeof(*rbtdb)); dns_name_init(&rbtdb->common.origin, NULL); rbtdb->common.attributes = 0; @@ -4910,52 +6124,100 @@ dns_rbtdb_create rbtdb->common.rdclass = rdclass; rbtdb->common.mctx = NULL; - result = isc_mutex_init(&rbtdb->lock); - if (result != ISC_R_SUCCESS) { - isc_mem_put(mctx, rbtdb, sizeof(*rbtdb)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); - } + result = RBTDB_INITLOCK(&rbtdb->lock); + if (result != ISC_R_SUCCESS) + goto cleanup_rbtdb; result = isc_rwlock_init(&rbtdb->tree_lock, 0, 0); - if (result != ISC_R_SUCCESS) { - DESTROYLOCK(&rbtdb->lock); - isc_mem_put(mctx, rbtdb, sizeof(*rbtdb)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_rwlock_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); - } + if (result != ISC_R_SUCCESS) + goto cleanup_lock; + /* + * Initialize node_lock_count in a generic way to support future + * extension which allows the user to specify this value on creation. + * Note that when specified for a cache DB it must be larger than 1 + * as commented with the definition of DEFAULT_CACHE_NODE_LOCK_COUNT. + */ + if (rbtdb->node_lock_count == 0) { + if (IS_CACHE(rbtdb)) + rbtdb->node_lock_count = DEFAULT_CACHE_NODE_LOCK_COUNT; + else + rbtdb->node_lock_count = DEFAULT_NODE_LOCK_COUNT; + } else if (rbtdb->node_lock_count < 2 && IS_CACHE(rbtdb)) { + result = ISC_R_RANGE; + goto cleanup_tree_lock; + } INSIST(rbtdb->node_lock_count < (1 << DNS_RBT_LOCKLENGTH)); - - if (rbtdb->node_lock_count == 0) - rbtdb->node_lock_count = DEFAULT_NODE_LOCK_COUNT; rbtdb->node_locks = isc_mem_get(mctx, rbtdb->node_lock_count * sizeof(rbtdb_nodelock_t)); + if (rbtdb->node_locks == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup_tree_lock; + } + + rbtdb->rrsetstats = NULL; + if (IS_CACHE(rbtdb)) { + result = dns_rdatasetstats_create(mctx, &rbtdb->rrsetstats); + if (result != ISC_R_SUCCESS) + goto cleanup_node_locks; + rbtdb->rdatasets = isc_mem_get(mctx, rbtdb->node_lock_count * + sizeof(rdatasetheaderlist_t)); + if (rbtdb->rdatasets == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup_rrsetstats; + } + for (i = 0; i < (int)rbtdb->node_lock_count; i++) + ISC_LIST_INIT(rbtdb->rdatasets[i]); + + /* + * Create the heaps. + */ + rbtdb->heaps = isc_mem_get(mctx, rbtdb->node_lock_count * + sizeof(isc_heap_t *)); + if (rbtdb->heaps == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup_rdatasets; + } + for (i = 0; i < (int)rbtdb->node_lock_count; i++) + rbtdb->heaps[i] = NULL; + for (i = 0; i < (int)rbtdb->node_lock_count; i++) { + result = isc_heap_create(mctx, ttl_sooner, + ttl_set_index, 0, + &rbtdb->heaps[i]); + if (result != ISC_R_SUCCESS) + goto cleanup_heaps; + } + } else { + rbtdb->rdatasets = NULL; + rbtdb->heaps = NULL; + } + + rbtdb->deadnodes = isc_mem_get(mctx, rbtdb->node_lock_count * + sizeof(rbtnodelist_t)); + if (rbtdb->deadnodes == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup_heaps; + } + for (i = 0; i < (int)rbtdb->node_lock_count; i++) + ISC_LIST_INIT(rbtdb->deadnodes[i]); + rbtdb->active = rbtdb->node_lock_count; + for (i = 0; i < (int)(rbtdb->node_lock_count); i++) { - result = isc_mutex_init(&rbtdb->node_locks[i].lock); + result = NODE_INITLOCK(&rbtdb->node_locks[i].lock); + if (result == ISC_R_SUCCESS) { + result = isc_refcount_init(&rbtdb->node_locks[i].references, 0); + if (result != ISC_R_SUCCESS) + NODE_DESTROYLOCK(&rbtdb->node_locks[i].lock); + } if (result != ISC_R_SUCCESS) { - i--; - while (i >= 0) { - DESTROYLOCK(&rbtdb->node_locks[i].lock); - i--; + while (i-- > 0) { + NODE_DESTROYLOCK(&rbtdb->node_locks[i].lock); + isc_refcount_decrement(&rbtdb->node_locks[i].references, NULL); + isc_refcount_destroy(&rbtdb->node_locks[i].references); } - isc_mem_put(mctx, rbtdb->node_locks, - rbtdb->node_lock_count * - sizeof(rbtdb_nodelock_t)); - isc_rwlock_destroy(&rbtdb->tree_lock); - DESTROYLOCK(&rbtdb->lock); - isc_mem_put(mctx, rbtdb, sizeof(*rbtdb)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); + goto cleanup_deadnodes; } - rbtdb->node_locks[i].references = 0; rbtdb->node_locks[i].exiting = ISC_FALSE; } @@ -4967,7 +6229,7 @@ dns_rbtdb_create isc_mem_attach(mctx, &rbtdb->common.mctx); /* - * Must be initalized before free_rbtdb() is called. + * Must be initialized before free_rbtdb() is called. */ isc_ondestroy_init(&rbtdb->common.ondest); @@ -5001,7 +6263,7 @@ dns_rbtdb_create * the top-of-zone node can never be deleted, nor can its address * change. */ - if (! IS_CACHE(rbtdb)) { + if (!IS_CACHE(rbtdb)) { rbtdb->origin_node = NULL; result = dns_rbt_addnode(rbtdb->tree, &rbtdb->common.origin, &rbtdb->origin_node); @@ -5029,7 +6291,11 @@ dns_rbtdb_create /* * Misc. Initialization. */ - isc_refcount_init(&rbtdb->references, 1); + result = isc_refcount_init(&rbtdb->references, 1); + if (result != ISC_R_SUCCESS) { + free_rbtdb(rbtdb, ISC_FALSE, NULL); + return (result); + } rbtdb->attributes = 0; rbtdb->secure = ISC_FALSE; rbtdb->overmem = ISC_FALSE; @@ -5041,13 +6307,20 @@ dns_rbtdb_create rbtdb->current_serial = 1; rbtdb->least_serial = 1; rbtdb->next_serial = 2; - rbtdb->current_version = allocate_version(mctx, 1, 0, ISC_FALSE); + rbtdb->current_version = allocate_version(mctx, 1, 1, ISC_FALSE); if (rbtdb->current_version == NULL) { + isc_refcount_decrement(&rbtdb->references, NULL); + isc_refcount_destroy(&rbtdb->references); free_rbtdb(rbtdb, ISC_FALSE, NULL); return (ISC_R_NOMEMORY); } rbtdb->future_version = NULL; ISC_LIST_INIT(rbtdb->open_versions); + /* + * Keep the current version in the open list so that list operation + * won't happen in normal lookup operations. + */ + PREPEND(rbtdb->open_versions, rbtdb->current_version, link); rbtdb->common.magic = DNS_DB_MAGIC; rbtdb->common.impmagic = RBTDB_MAGIC; @@ -5055,6 +6328,41 @@ dns_rbtdb_create *dbp = (dns_db_t *)rbtdb; return (ISC_R_SUCCESS); + + cleanup_deadnodes: + isc_mem_put(mctx, rbtdb->deadnodes, + rbtdb->node_lock_count * sizeof(rbtnodelist_t)); + + cleanup_heaps: + if (rbtdb->heaps != NULL) { + for (i = 0 ; i < (int)rbtdb->node_lock_count ; i++) + if (rbtdb->heaps[i] != NULL) + isc_heap_destroy(&rbtdb->heaps[i]); + isc_mem_put(mctx, rbtdb->heaps, + rbtdb->node_lock_count * sizeof(isc_heap_t *)); + } + + cleanup_rdatasets: + if (rbtdb->rdatasets != NULL) + isc_mem_put(mctx, rbtdb->rdatasets, rbtdb->node_lock_count * + sizeof(rdatasetheaderlist_t)); + cleanup_rrsetstats: + if (rbtdb->rrsetstats != NULL) + dns_stats_detach(&rbtdb->rrsetstats); + + cleanup_node_locks: + isc_mem_put(mctx, rbtdb->node_locks, + rbtdb->node_lock_count * sizeof(rbtdb_nodelock_t)); + + cleanup_tree_lock: + isc_rwlock_destroy(&rbtdb->tree_lock); + + cleanup_lock: + RBTDB_DESTROYLOCK(&rbtdb->lock); + + cleanup_rbtdb: + isc_mem_put(mctx, rbtdb, sizeof(*rbtdb)); + return (result); } @@ -5072,7 +6380,7 @@ rdataset_disassociate(dns_rdataset_t *rdataset) { static isc_result_t rdataset_first(dns_rdataset_t *rdataset) { - unsigned char *raw = rdataset->private3; + unsigned char *raw = rdataset->private3; /* RDATASLAB */ unsigned int count; count = raw[0] * 256 + raw[1]; @@ -5080,11 +6388,22 @@ rdataset_first(dns_rdataset_t *rdataset) { rdataset->private5 = NULL; return (ISC_R_NOMORE); } - raw += 2; + +#if DNS_RDATASET_FIXED + if ((rdataset->attributes & DNS_RDATASETATTR_LOADORDER) == 0) + raw += 2 + (4 * count); + else +#endif + raw += 2; + /* - * The privateuint4 field is the number of rdata beyond the cursor - * position, so we decrement the total count by one before storing - * it. + * The privateuint4 field is the number of rdata beyond the + * cursor position, so we decrement the total count by one + * before storing it. + * + * If DNS_RDATASETATTR_LOADORDER is not set 'raw' points to the + * first record. If DNS_RDATASETATTR_LOADORDER is set 'raw' points + * to the first entry in the offset table. */ count--; rdataset->privateuint4 = count; @@ -5097,30 +6416,62 @@ static isc_result_t rdataset_next(dns_rdataset_t *rdataset) { unsigned int count; unsigned int length; - unsigned char *raw; + unsigned char *raw; /* RDATASLAB */ count = rdataset->privateuint4; if (count == 0) return (ISC_R_NOMORE); count--; rdataset->privateuint4 = count; + + /* + * Skip forward one record (length + 4) or one offset (4). + */ raw = rdataset->private5; - length = raw[0] * 256 + raw[1]; - raw += length + 2; - rdataset->private5 = raw; +#if DNS_RDATASET_FIXED + if ((rdataset->attributes & DNS_RDATASETATTR_LOADORDER) == 0) { +#endif + length = raw[0] * 256 + raw[1]; + raw += length; +#if DNS_RDATASET_FIXED + } + rdataset->private5 = raw + 4; /* length(2) + order(2) */ +#else + rdataset->private5 = raw + 2; /* length(2) */ +#endif return (ISC_R_SUCCESS); } static void rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { - unsigned char *raw = rdataset->private5; + unsigned char *raw = rdataset->private5; /* RDATASLAB */ +#if DNS_RDATASET_FIXED + unsigned int offset; +#endif isc_region_t r; REQUIRE(raw != NULL); + /* + * Find the start of the record if not already in private5 + * then skip the length and order fields. + */ +#if DNS_RDATASET_FIXED + if ((rdataset->attributes & DNS_RDATASETATTR_LOADORDER) != 0) { + offset = (raw[0] << 24) + (raw[1] << 16) + + (raw[2] << 8) + raw[3]; + raw = rdataset->private3; + raw += offset; + } +#endif r.length = raw[0] * 256 + raw[1]; + +#if DNS_RDATASET_FIXED + raw += 4; +#else raw += 2; +#endif r.base = raw; dns_rdata_fromregion(rdata, rdataset->rdclass, rdataset->type, &r); } @@ -5143,7 +6494,7 @@ rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target) { static unsigned int rdataset_count(dns_rdataset_t *rdataset) { - unsigned char *raw = rdataset->private3; + unsigned char *raw = rdataset->private3; /* RDATASLAB */ unsigned int count; count = raw[0] * 256 + raw[1]; @@ -5233,7 +6584,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { now = 0; } - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); for (header = rbtnode->data; header != NULL; header = top_next) { top_next = header->next; @@ -5250,7 +6602,7 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { * rdatasets to work. */ if (NONEXISTENT(header) || - (now != 0 && now > header->ttl)) + (now != 0 && now > header->rdh_ttl)) header = NULL; break; } else @@ -5260,7 +6612,8 @@ rdatasetiter_first(dns_rdatasetiter_t *iterator) { break; } - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); rbtiterator->current = header; @@ -5294,14 +6647,15 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { now = 0; } - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); type = header->type; rdtype = RBTDB_RDATATYPE_BASE(header->type); if (rdtype == 0) { covers = RBTDB_RDATATYPE_EXT(header->type); negtype = RBTDB_RDATATYPE_VALUE(covers, 0); - } else + } else negtype = RBTDB_RDATATYPE_VALUE(0, rdtype); for (header = header->next; header != NULL; header = top_next) { top_next = header->next; @@ -5324,7 +6678,7 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { */ if ((header->attributes & RDATASET_ATTR_NONEXISTENT) != 0 || - (now != 0 && now > header->ttl)) + (now != 0 && now > header->rdh_ttl)) header = NULL; break; } else @@ -5335,7 +6689,8 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { } } - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); rbtiterator->current = header; @@ -5355,12 +6710,14 @@ rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) { header = rbtiterator->current; REQUIRE(header != NULL); - LOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); bind_rdataset(rbtdb, rbtnode, header, rbtiterator->common.now, rdataset); - UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock); + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); } @@ -5377,26 +6734,23 @@ reference_iter_node(rbtdb_dbiterator_t *rbtdbiter) { return; INSIST(rbtdbiter->tree_locked != isc_rwlocktype_none); - LOCK(&rbtdb->node_locks[node->locknum].lock); - new_reference(rbtdb, node); - UNLOCK(&rbtdb->node_locks[node->locknum].lock); + reactivate_node(rbtdb, node, rbtdbiter->tree_locked); } static inline void dereference_iter_node(rbtdb_dbiterator_t *rbtdbiter) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)rbtdbiter->common.db; dns_rbtnode_t *node = rbtdbiter->node; - isc_mutex_t *lock; + nodelock_t *lock; if (node == NULL) return; lock = &rbtdb->node_locks[node->locknum].lock; - LOCK(lock); - INSIST(rbtdbiter->node->references > 0); - if (--node->references == 0) - no_references(rbtdb, node, 0, rbtdbiter->tree_locked); - UNLOCK(lock); + NODE_LOCK(lock, isc_rwlocktype_read); + decrement_reference(rbtdb, node, 0, isc_rwlocktype_read, + rbtdbiter->tree_locked, ISC_FALSE); + NODE_UNLOCK(lock, isc_rwlocktype_read); rbtdbiter->node = NULL; } @@ -5406,7 +6760,7 @@ flush_deletions(rbtdb_dbiterator_t *rbtdbiter) { dns_rbtnode_t *node; dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)rbtdbiter->common.db; isc_boolean_t was_read_locked = ISC_FALSE; - isc_mutex_t *lock; + nodelock_t *lock; int i; if (rbtdbiter->delete != 0) { @@ -5433,13 +6787,11 @@ flush_deletions(rbtdb_dbiterator_t *rbtdbiter) { node = rbtdbiter->deletions[i]; lock = &rbtdb->node_locks[node->locknum].lock; - LOCK(lock); - INSIST(node->references > 0); - node->references--; - if (node->references == 0) - no_references(rbtdb, node, 0, - rbtdbiter->tree_locked); - UNLOCK(lock); + NODE_LOCK(lock, isc_rwlocktype_read); + decrement_reference(rbtdb, node, 0, + isc_rwlocktype_read, + rbtdbiter->tree_locked, ISC_FALSE); + NODE_UNLOCK(lock, isc_rwlocktype_read); } rbtdbiter->delete = 0; @@ -5707,9 +7059,9 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep, } else result = ISC_R_SUCCESS; - LOCK(&rbtdb->node_locks[node->locknum].lock); + NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock); new_reference(rbtdb, node); - UNLOCK(&rbtdb->node_locks[node->locknum].lock); + NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock); *nodep = rbtdbiter->node; @@ -5730,10 +7082,13 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep, * expirenode() currently always returns success. */ if (expire_result == ISC_R_SUCCESS && node->down == NULL) { + unsigned int refs; + rbtdbiter->deletions[rbtdbiter->delete++] = node; - LOCK(&rbtdb->node_locks[node->locknum].lock); - node->references++; - UNLOCK(&rbtdb->node_locks[node->locknum].lock); + NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock); + dns_rbtnode_refincrement(node, &refs); + INSIST(refs != 0); + NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock); } } @@ -5775,3 +7130,502 @@ dbiterator_origin(dns_dbiterator_t *iterator, dns_name_t *name) { return (dns_name_copy(origin, name, NULL)); } + +/*% + * Additional cache routines. + */ +static isc_result_t +rdataset_getadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, dns_acache_t *acache, + dns_zone_t **zonep, dns_db_t **dbp, + dns_dbversion_t **versionp, dns_dbnode_t **nodep, + dns_name_t *fname, dns_message_t *msg, + isc_stdtime_t now) +{ + dns_rbtdb_t *rbtdb = rdataset->private1; + dns_rbtnode_t *rbtnode = rdataset->private2; + unsigned char *raw = rdataset->private3; /* RDATASLAB */ + unsigned int current_count = rdataset->privateuint4; + unsigned int count; + rdatasetheader_t *header; + nodelock_t *nodelock; + unsigned int total_count; + acachectl_t *acarray; + dns_acacheentry_t *entry; + isc_result_t result; + + UNUSED(qtype); /* we do not use this value at least for now */ + UNUSED(acache); + + header = (struct rdatasetheader *)(raw - sizeof(*header)); + + total_count = raw[0] * 256 + raw[1]; + INSIST(total_count > current_count); + count = total_count - current_count - 1; + + acarray = NULL; + + nodelock = &rbtdb->node_locks[rbtnode->locknum].lock; + NODE_LOCK(nodelock, isc_rwlocktype_read); + + switch (type) { + case dns_rdatasetadditional_fromauth: + acarray = header->additional_auth; + break; + case dns_rdatasetadditional_fromcache: + acarray = NULL; + break; + case dns_rdatasetadditional_fromglue: + acarray = header->additional_glue; + break; + default: + INSIST(0); + } + + if (acarray == NULL) { + if (type != dns_rdatasetadditional_fromcache) + dns_acache_countquerymiss(acache); + NODE_UNLOCK(nodelock, isc_rwlocktype_read); + return (ISC_R_NOTFOUND); + } + + if (acarray[count].entry == NULL) { + dns_acache_countquerymiss(acache); + NODE_UNLOCK(nodelock, isc_rwlocktype_read); + return (ISC_R_NOTFOUND); + } + + entry = NULL; + dns_acache_attachentry(acarray[count].entry, &entry); + + NODE_UNLOCK(nodelock, isc_rwlocktype_read); + + result = dns_acache_getentry(entry, zonep, dbp, versionp, + nodep, fname, msg, now); + + dns_acache_detachentry(&entry); + + return (result); +} + +static void +acache_callback(dns_acacheentry_t *entry, void **arg) { + dns_rbtdb_t *rbtdb; + dns_rbtnode_t *rbtnode; + nodelock_t *nodelock; + acachectl_t *acarray = NULL; + acache_cbarg_t *cbarg; + unsigned int count; + + REQUIRE(arg != NULL); + cbarg = *arg; + + /* + * The caller must hold the entry lock. + */ + + rbtdb = (dns_rbtdb_t *)cbarg->db; + rbtnode = (dns_rbtnode_t *)cbarg->node; + + nodelock = &rbtdb->node_locks[rbtnode->locknum].lock; + NODE_LOCK(nodelock, isc_rwlocktype_write); + + switch (cbarg->type) { + case dns_rdatasetadditional_fromauth: + acarray = cbarg->header->additional_auth; + break; + case dns_rdatasetadditional_fromglue: + acarray = cbarg->header->additional_glue; + break; + default: + INSIST(0); + } + + count = cbarg->count; + if (acarray != NULL && acarray[count].entry == entry) { + acarray[count].entry = NULL; + INSIST(acarray[count].cbarg == cbarg); + isc_mem_put(rbtdb->common.mctx, cbarg, sizeof(acache_cbarg_t)); + acarray[count].cbarg = NULL; + } else + isc_mem_put(rbtdb->common.mctx, cbarg, sizeof(acache_cbarg_t)); + + dns_acache_detachentry(&entry); + + NODE_UNLOCK(nodelock, isc_rwlocktype_write); + + dns_db_detachnode((dns_db_t *)rbtdb, (dns_dbnode_t **)(void*)&rbtnode); + dns_db_detach((dns_db_t **)(void*)&rbtdb); + + *arg = NULL; +} + +static void +acache_cancelentry(isc_mem_t *mctx, dns_acacheentry_t *entry, + acache_cbarg_t **cbargp) +{ + acache_cbarg_t *cbarg; + + REQUIRE(mctx != NULL); + REQUIRE(entry != NULL); + REQUIRE(cbargp != NULL && *cbargp != NULL); + + cbarg = *cbargp; + + dns_acache_cancelentry(entry); + dns_db_detachnode(cbarg->db, &cbarg->node); + dns_db_detach(&cbarg->db); + + isc_mem_put(mctx, cbarg, sizeof(acache_cbarg_t)); + + *cbargp = NULL; +} + +static isc_result_t +rdataset_setadditional(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, dns_acache_t *acache, + dns_zone_t *zone, dns_db_t *db, + dns_dbversion_t *version, dns_dbnode_t *node, + dns_name_t *fname) +{ + dns_rbtdb_t *rbtdb = rdataset->private1; + dns_rbtnode_t *rbtnode = rdataset->private2; + unsigned char *raw = rdataset->private3; /* RDATASLAB */ + unsigned int current_count = rdataset->privateuint4; + rdatasetheader_t *header; + unsigned int total_count, count; + nodelock_t *nodelock; + isc_result_t result; + acachectl_t *acarray; + dns_acacheentry_t *newentry, *oldentry = NULL; + acache_cbarg_t *newcbarg, *oldcbarg = NULL; + + UNUSED(qtype); + + if (type == dns_rdatasetadditional_fromcache) + return (ISC_R_SUCCESS); + + header = (struct rdatasetheader *)(raw - sizeof(*header)); + + total_count = raw[0] * 256 + raw[1]; + INSIST(total_count > current_count); + count = total_count - current_count - 1; /* should be private data */ + + newcbarg = isc_mem_get(rbtdb->common.mctx, sizeof(*newcbarg)); + if (newcbarg == NULL) + return (ISC_R_NOMEMORY); + newcbarg->type = type; + newcbarg->count = count; + newcbarg->header = header; + newcbarg->db = NULL; + dns_db_attach((dns_db_t *)rbtdb, &newcbarg->db); + newcbarg->node = NULL; + dns_db_attachnode((dns_db_t *)rbtdb, (dns_dbnode_t *)rbtnode, + &newcbarg->node); + newentry = NULL; + result = dns_acache_createentry(acache, (dns_db_t *)rbtdb, + acache_callback, newcbarg, &newentry); + if (result != ISC_R_SUCCESS) + goto fail; + /* Set cache data in the new entry. */ + result = dns_acache_setentry(acache, newentry, zone, db, + version, node, fname); + if (result != ISC_R_SUCCESS) + goto fail; + + nodelock = &rbtdb->node_locks[rbtnode->locknum].lock; + NODE_LOCK(nodelock, isc_rwlocktype_write); + + acarray = NULL; + switch (type) { + case dns_rdatasetadditional_fromauth: + acarray = header->additional_auth; + break; + case dns_rdatasetadditional_fromglue: + acarray = header->additional_glue; + break; + default: + INSIST(0); + } + + if (acarray == NULL) { + unsigned int i; + + acarray = isc_mem_get(rbtdb->common.mctx, total_count * + sizeof(acachectl_t)); + + if (acarray == NULL) { + NODE_UNLOCK(nodelock, isc_rwlocktype_write); + goto fail; + } + + for (i = 0; i < total_count; i++) { + acarray[i].entry = NULL; + acarray[i].cbarg = NULL; + } + } + switch (type) { + case dns_rdatasetadditional_fromauth: + header->additional_auth = acarray; + break; + case dns_rdatasetadditional_fromglue: + header->additional_glue = acarray; + break; + default: + INSIST(0); + } + + if (acarray[count].entry != NULL) { + /* + * Swap the entry. Delay cleaning-up the old entry since + * it would require a node lock. + */ + oldentry = acarray[count].entry; + INSIST(acarray[count].cbarg != NULL); + oldcbarg = acarray[count].cbarg; + } + acarray[count].entry = newentry; + acarray[count].cbarg = newcbarg; + + NODE_UNLOCK(nodelock, isc_rwlocktype_write); + + if (oldentry != NULL) { + acache_cancelentry(rbtdb->common.mctx, oldentry, &oldcbarg); + dns_acache_detachentry(&oldentry); + } + + return (ISC_R_SUCCESS); + + fail: + if (newcbarg != NULL) { + if (newentry != NULL) { + acache_cancelentry(rbtdb->common.mctx, newentry, + &newcbarg); + dns_acache_detachentry(&newentry); + } else { + dns_db_detachnode((dns_db_t *)rbtdb, &newcbarg->node); + dns_db_detach(&newcbarg->db); + isc_mem_put(rbtdb->common.mctx, newcbarg, + sizeof(*newcbarg)); + } + } + + return (result); +} + +static isc_result_t +rdataset_putadditional(dns_acache_t *acache, dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, dns_rdatatype_t qtype) +{ + dns_rbtdb_t *rbtdb = rdataset->private1; + dns_rbtnode_t *rbtnode = rdataset->private2; + unsigned char *raw = rdataset->private3; /* RDATASLAB */ + unsigned int current_count = rdataset->privateuint4; + rdatasetheader_t *header; + nodelock_t *nodelock; + unsigned int total_count, count; + acachectl_t *acarray; + dns_acacheentry_t *entry; + acache_cbarg_t *cbarg; + + UNUSED(qtype); /* we do not use this value at least for now */ + UNUSED(acache); + + if (type == dns_rdatasetadditional_fromcache) + return (ISC_R_SUCCESS); + + header = (struct rdatasetheader *)(raw - sizeof(*header)); + + total_count = raw[0] * 256 + raw[1]; + INSIST(total_count > current_count); + count = total_count - current_count - 1; + + acarray = NULL; + entry = NULL; + + nodelock = &rbtdb->node_locks[rbtnode->locknum].lock; + NODE_LOCK(nodelock, isc_rwlocktype_write); + + switch (type) { + case dns_rdatasetadditional_fromauth: + acarray = header->additional_auth; + break; + case dns_rdatasetadditional_fromglue: + acarray = header->additional_glue; + break; + default: + INSIST(0); + } + + if (acarray == NULL) { + NODE_UNLOCK(nodelock, isc_rwlocktype_write); + return (ISC_R_NOTFOUND); + } + + entry = acarray[count].entry; + if (entry == NULL) { + NODE_UNLOCK(nodelock, isc_rwlocktype_write); + return (ISC_R_NOTFOUND); + } + + acarray[count].entry = NULL; + cbarg = acarray[count].cbarg; + acarray[count].cbarg = NULL; + + NODE_UNLOCK(nodelock, isc_rwlocktype_write); + + if (entry != NULL) { + if (cbarg != NULL) + acache_cancelentry(rbtdb->common.mctx, entry, &cbarg); + dns_acache_detachentry(&entry); + } + + return (ISC_R_SUCCESS); +} + +/*% + * Routines for LRU-based cache management. + */ + +/*% + * See if a given cache entry that is being reused needs to be updated + * in the LRU-list. From the LRU management point of view, this function is + * expected to return true for almost all cases. When used with threads, + * however, this may cause a non-negligible performance penalty because a + * writer lock will have to be acquired before updating the list. + * If DNS_RBTDB_LIMITLRUUPDATE is defined to be non 0 at compilation time, this + * function returns true if the entry has not been updated for some period of + * time. We differentiate the NS or glue address case and the others since + * experiments have shown that the former tends to be accessed relatively + * infrequently and the cost of cache miss is higher (e.g., a missing NS records + * may cause external queries at a higher level zone, involving more + * transactions). + * + * Caller must hold the node (read or write) lock. + */ +static inline isc_boolean_t +need_headerupdate(rdatasetheader_t *header, isc_stdtime_t now) { + if ((header->attributes & + (RDATASET_ATTR_NONEXISTENT|RDATASET_ATTR_STALE)) != 0) + return (ISC_FALSE); + +#if DNS_RBTDB_LIMITLRUUPDATE + if (header->type == dns_rdatatype_ns || + (header->trust == dns_trust_glue && + (header->type == dns_rdatatype_a || + header->type == dns_rdatatype_aaaa))) { + /* + * Glue records are updated if at least 60 seconds have passed + * since the previous update time. + */ + return (header->last_used + 60 <= now); + } + + /* Other records are updated if 5 minutes have passed. */ + return (header->last_used + 300 <= now); +#else + UNUSED(now); + + return (ISC_TRUE); +#endif +} + +/*% + * Update the timestamp of a given cache entry and move it to the head + * of the corresponding LRU list. + * + * Caller must hold the node (write) lock. + * + * Note that the we do NOT touch the heap here, as the TTL has not changed. + */ +static void +update_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, + isc_stdtime_t now) +{ + /* To be checked: can we really assume this? XXXMLG */ + INSIST(ISC_LINK_LINKED(header, lru_link)); + + ISC_LIST_UNLINK(rbtdb->rdatasets[header->node->locknum], + header, lru_link); + header->last_used = now; + ISC_LIST_PREPEND(rbtdb->rdatasets[header->node->locknum], + header, lru_link); +} + +/*% + * Purge some expired and/or stale (i.e. unused for some period) cache entries + * under an overmem condition. To recover from this condition quickly, up to + * 2 entries will be purged. This process is triggered while adding a new + * entry, and we specifically avoid purging entries in the same LRU bucket as + * the one to which the new entry will belong. Otherwise, we might purge + * entries of the same name of different RR types while adding RRsets from a + * single response (consider the case where we're adding A and AAAA glue records + * of the same NS name). + */ +static void +overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, + isc_stdtime_t now, isc_boolean_t tree_locked) +{ + rdatasetheader_t *header, *header_prev; + unsigned int locknum; + int purgecount = 2; + + for (locknum = (locknum_start + 1) % rbtdb->node_lock_count; + locknum != locknum_start && purgecount > 0; + locknum = (locknum + 1) % rbtdb->node_lock_count) { + NODE_LOCK(&rbtdb->node_locks[locknum].lock, + isc_rwlocktype_write); + + header = isc_heap_element(rbtdb->heaps[locknum], 1); + if (header && header->rdh_ttl <= now - RBTDB_VIRTUAL) { + expire_header(rbtdb, header, tree_locked); + purgecount--; + } + + for (header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]); + header != NULL && purgecount > 0; + header = header_prev) { + header_prev = ISC_LIST_PREV(header, lru_link); + /* + * Unlink the entry at this point to avoid checking it + * again even if it's currently used someone else and + * cannot be purged at this moment. This entry won't be + * referenced any more (so unlinking is safe) since the + * TTL was reset to 0. + */ + ISC_LIST_UNLINK(rbtdb->rdatasets[locknum], header, + lru_link); + expire_header(rbtdb, header, tree_locked); + purgecount--; + } + + NODE_UNLOCK(&rbtdb->node_locks[locknum].lock, + isc_rwlocktype_write); + } +} + +static void +expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, + isc_boolean_t tree_locked) +{ + set_ttl(rbtdb, header, 0); + header->attributes |= RDATASET_ATTR_STALE; + header->node->dirty = 1; + + /* + * Caller must hold the node (write) lock. + */ + + if (dns_rbtnode_refcurrent(header->node) == 0) { + /* + * If no one else is using the node, we can clean it up now. + * We first need to gain a new reference to the node to meet a + * requirement of decrement_reference(). + */ + new_reference(rbtdb, header->node); + decrement_reference(rbtdb, header->node, 0, + isc_rwlocktype_write, + tree_locked ? isc_rwlocktype_write : + isc_rwlocktype_none, ISC_FALSE); + } +} diff --git a/contrib/bind-9.3/lib/dns/rbtdb.h b/contrib/bind-9.5.2/lib/dns/rbtdb.h similarity index 83% rename from contrib/bind-9.3/lib/dns/rbtdb.h rename to contrib/bind-9.5.2/lib/dns/rbtdb.h index 086b75e91f..b024d136e8 100644 --- a/contrib/bind-9.3/lib/dns/rbtdb.h +++ b/contrib/bind-9.5.2/lib/dns/rbtdb.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.h,v 1.13.206.1 2004/03/06 08:13:42 marka Exp $ */ +/* $Id: rbtdb.h,v 1.18 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_RBTDB_H #define DNS_RBTDB_H 1 @@ -27,7 +27,8 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * DNS Red-Black Tree DB Implementation */ diff --git a/contrib/bind-9.3/lib/dns/rbtdb64.c b/contrib/bind-9.5.2/lib/dns/rbtdb64.c similarity index 77% copy from contrib/bind-9.3/lib/dns/rbtdb64.c copy to contrib/bind-9.5.2/lib/dns/rbtdb64.c index f41ab37c4a..5e325fac0a 100644 --- a/contrib/bind-9.3/lib/dns/rbtdb64.c +++ b/contrib/bind-9.5.2/lib/dns/rbtdb64.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb64.c,v 1.6.206.1 2004/03/06 08:13:42 marka Exp $ */ +/* $Id: rbtdb64.c,v 1.11 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #define DNS_RBTDB_VERSION64 1 #include "rbtdb.c" diff --git a/contrib/bind-9.3/lib/dns/rbtdb64.h b/contrib/bind-9.5.2/lib/dns/rbtdb64.h similarity index 83% rename from contrib/bind-9.3/lib/dns/rbtdb64.h rename to contrib/bind-9.5.2/lib/dns/rbtdb64.h index 5d426b5e50..fe11622f67 100644 --- a/contrib/bind-9.3/lib/dns/rbtdb64.h +++ b/contrib/bind-9.5.2/lib/dns/rbtdb64.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb64.h,v 1.12.206.1 2004/03/06 08:13:43 marka Exp $ */ +/* $Id: rbtdb64.h,v 1.17 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_RBTDB64_H #define DNS_RBTDB64_H 1 @@ -26,7 +26,8 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * DNS Red-Black Tree DB Implementation with 64-bit version numbers */ diff --git a/contrib/bind-9.3/lib/dns/rcode.c b/contrib/bind-9.5.2/lib/dns/rcode.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rcode.c rename to contrib/bind-9.5.2/lib/dns/rcode.c index 337f64918d..135c3eec06 100644 --- a/contrib/bind-9.3/lib/dns/rcode.c +++ b/contrib/bind-9.5.2/lib/dns/rcode.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rcode.c,v 1.1.4.1 2004/03/12 10:31:25 marka Exp $ */ +/* $Id: rcode.c,v 1.6 2007/06/19 23:47:16 tbox Exp $ */ #include #include @@ -76,6 +76,7 @@ { dns_tsigerror_badmode, "BADMODE", 0}, \ { dns_tsigerror_badname, "BADNAME", 0}, \ { dns_tsigerror_badalg, "BADALG", 0}, \ + { dns_tsigerror_badtrunc, "BADTRUNC", 0}, \ { 0, NULL, 0 } /* RFC2538 section 2.1 */ diff --git a/contrib/bind-9.3/lib/dns/rdata.c b/contrib/bind-9.5.2/lib/dns/rdata.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata.c rename to contrib/bind-9.5.2/lib/dns/rdata.c index bcd0e15005..7733bba77d 100644 --- a/contrib/bind-9.3/lib/dns/rdata.c +++ b/contrib/bind-9.5.2/lib/dns/rdata.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.c,v 1.147.2.11.2.22 2006/07/21 02:05:56 marka Exp $ */ +/* $Id: rdata.c,v 1.196.128.2 2008/12/12 23:46:38 tbox Exp $ */ + +/*! \file */ #include #include @@ -100,16 +102,16 @@ #define ARGS_CHECKNAMES dns_rdata_t *rdata, dns_name_t *owner, dns_name_t *bad -/* +/*% * Context structure for the totext_ functions. * Contains formatting options for rdata-to-text * conversion. */ typedef struct dns_rdata_textctx { - dns_name_t *origin; /* Current origin, or NULL. */ - unsigned int flags; /* DNS_STYLEFLAG_* */ - unsigned int width; /* Width of rdata column. */ - const char *linebreak; /* Line break string. */ + dns_name_t *origin; /*%< Current origin, or NULL. */ + unsigned int flags; /*%< DNS_STYLEFLAG_* */ + unsigned int width; /*%< Width of rdata column. */ + const char *linebreak; /*%< Line break string. */ } dns_rdata_textctx_t; static isc_result_t @@ -195,6 +197,10 @@ static void warn_badname(dns_name_t *name, isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks); +static void +warn_badmx(isc_token_t *token, isc_lex_t *lexer, + dns_rdatacallbacks_t *callbacks); + static inline int getquad(const void *src, struct in_addr *dst, isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks) @@ -526,7 +532,7 @@ unknown_fromtext(dns_rdataclass_t rdclass, dns_rdatatype_t type, result = isc_buffer_allocate(mctx, &buf, token.value.as_ulong); if (result != ISC_R_SUCCESS) return (result); - + result = isc_hex_tobuffer(lexer, buf, (unsigned int)token.value.as_ulong); if (result != ISC_R_SUCCESS) @@ -722,7 +728,7 @@ dns_rdata_totext(dns_rdata_t *rdata, dns_name_t *origin, isc_buffer_t *target) isc_result_t dns_rdata_tofmttext(dns_rdata_t *rdata, dns_name_t *origin, unsigned int flags, unsigned int width, - char *linebreak, isc_buffer_t *target) + const char *linebreak, isc_buffer_t *target) { dns_rdata_textctx_t tctx; @@ -895,7 +901,7 @@ dns_rdatatype_fromtext(dns_rdatatype_t *typep, isc_textregion_t *source) { hash = ((a + n) * b) % 256; /* - * This switch block is inlined via #define, and will use "return" + * This switch block is inlined via \#define, and will use "return" * to return a result to the caller if it is a valid (known) * rdatatype name. */ @@ -1498,16 +1504,16 @@ byte_btoa(int c, isc_buffer_t *target, struct state *state) { /* * Because some don't support u_long. */ - tmp = 32; - tmpword -= (isc_int32_t)(85 * 85 * 85 * 85 * 32); + tmp = 32; + tmpword -= (isc_int32_t)(85 * 85 * 85 * 85 * 32); } if (tmpword < 0) { - tmp = 64; - tmpword -= (isc_int32_t)(85 * 85 * 85 * 85 * 32); + tmp = 64; + tmpword -= (isc_int32_t)(85 * 85 * 85 * 85 * 32); } if (tr.length < 5) return (ISC_R_NOSPACE); - tr.base[0] = atob_digits[(tmpword / + tr.base[0] = atob_digits[(tmpword / (isc_int32_t)(85 * 85 * 85 * 85)) + tmp]; tmpword %= (isc_int32_t)(85 * 85 * 85 * 85); @@ -1580,6 +1586,22 @@ fromtext_warneof(isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks) { } } +static void +warn_badmx(isc_token_t *token, isc_lex_t *lexer, + dns_rdatacallbacks_t *callbacks) +{ + const char *file; + unsigned long line; + + if (lexer != NULL) { + file = isc_lex_getsourcename(lexer); + line = isc_lex_getsourceline(lexer); + (*callbacks->warn)(callbacks, "%s:%u: warning: '%s': %s", + file, line, DNS_AS_STR(*token), + dns_result_totext(DNS_R_MXISADDRESS)); + } +} + static void warn_badname(dns_name_t *name, isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks) @@ -1587,12 +1609,12 @@ warn_badname(dns_name_t *name, isc_lex_t *lexer, const char *file; unsigned long line; char namebuf[DNS_NAME_FORMATSIZE]; - + if (lexer != NULL) { file = isc_lex_getsourcename(lexer); line = isc_lex_getsourceline(lexer); dns_name_format(name, namebuf, sizeof(namebuf)); - (*callbacks->warn)(callbacks, "%s:%u: warning: %s: %s", + (*callbacks->warn)(callbacks, "%s:%u: warning: %s: %s", file, line, namebuf, dns_result_totext(DNS_R_BADNAME)); } diff --git a/contrib/bind-9.3/lib/dns/rdata/any_255/tsig_250.c b/contrib/bind-9.5.2/lib/dns/rdata/any_255/tsig_250.c similarity index 98% rename from contrib/bind-9.3/lib/dns/rdata/any_255/tsig_250.c rename to contrib/bind-9.5.2/lib/dns/rdata/any_255/tsig_250.c index c9b52c7e78..3121f78238 100644 --- a/contrib/bind-9.3/lib/dns/rdata/any_255/tsig_250.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/any_255/tsig_250.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsig_250.c,v 1.52.2.1.2.8 2005/03/20 22:34:01 marka Exp $ */ +/* $Id: tsig_250.c,v 1.63 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 13:39:43 PST 2000 by gson */ diff --git a/contrib/bind-9.3/lib/dns/rdata/any_255/tsig_250.h b/contrib/bind-9.5.2/lib/dns/rdata/any_255/tsig_250.h similarity index 83% rename from contrib/bind-9.3/lib/dns/rdata/any_255/tsig_250.h rename to contrib/bind-9.5.2/lib/dns/rdata/any_255/tsig_250.h index 7b5ccc2633..0c016676b0 100644 --- a/contrib/bind-9.3/lib/dns/rdata/any_255/tsig_250.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/any_255/tsig_250.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsig_250.h,v 1.20.206.1 2004/03/06 08:14:02 marka Exp $ */ - -/* RFC 2845 */ +/* $Id: tsig_250.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */ #ifndef ANY_255_TSIG_250_H #define ANY_255_TSIG_250_H 1 +/*% RFC2845 */ typedef struct dns_rdata_any_tsig { dns_rdatacommon_t common; isc_mem_t * mctx; diff --git a/contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.c b/contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.c new file mode 100644 index 0000000000..78d4ecda7b --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.c @@ -0,0 +1,316 @@ +/* + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: a_1.c,v 1.6 2007/06/19 23:47:17 tbox Exp $ */ + +/* by Bjorn.Victor@it.uu.se, 2005-05-07 */ +/* Based on generic/soa_6.c and generic/mx_15.c */ + +#ifndef RDATA_CH_3_A_1_C +#define RDATA_CH_3_A_1_C + +#include + +#define RRTYPE_A_ATTRIBUTES (0) + +static inline isc_result_t +fromtext_ch_a(ARGS_FROMTEXT) { + isc_token_t token; + dns_name_t name; + isc_buffer_t buffer; + + REQUIRE(type == 1); + REQUIRE(rdclass == dns_rdataclass_ch); /* 3 */ + + UNUSED(type); + UNUSED(callbacks); + + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + + /* get domain name */ + dns_name_init(&name, NULL); + buffer_fromregion(&buffer, &token.value.as_region); + origin = (origin != NULL) ? origin : dns_rootname; + RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target)); + if ((options & DNS_RDATA_CHECKNAMES) != 0 && + (options & DNS_RDATA_CHECKREVERSE) != 0) { + isc_boolean_t ok; + ok = dns_name_ishostname(&name, ISC_FALSE); + if (!ok && (options & DNS_RDATA_CHECKNAMESFAIL) != 0) + RETTOK(DNS_R_BADNAME); + if (!ok && callbacks != NULL) + warn_badname(&name, lexer, callbacks); + } + + /* 16-bit octal address */ + RETERR(isc_lex_getoctaltoken(lexer, &token, ISC_FALSE)); + if (token.value.as_ulong > 0xffffU) + RETTOK(ISC_R_RANGE); + return (uint16_tobuffer(token.value.as_ulong, target)); +} + +static inline isc_result_t +totext_ch_a(ARGS_TOTEXT) { + isc_region_t region; + dns_name_t name; + dns_name_t prefix; + isc_boolean_t sub; + char buf[sizeof("0177777")]; + isc_uint16_t addr; + + REQUIRE(rdata->type == 1); + REQUIRE(rdata->rdclass == dns_rdataclass_ch); /* 3 */ + REQUIRE(rdata->length != 0); + + dns_name_init(&name, NULL); + dns_name_init(&prefix, NULL); + + dns_rdata_toregion(rdata, ®ion); + dns_name_fromregion(&name, ®ion); + isc_region_consume(®ion, name_length(&name)); + addr = uint16_fromregion(®ion); + + sub = name_prefix(&name, tctx->origin, &prefix); + RETERR(dns_name_totext(&prefix, sub, target)); + + sprintf(buf, "%o", addr); /* note octal */ + RETERR(str_totext(" ", target)); + return (str_totext(buf, target)); +} + +static inline isc_result_t +fromwire_ch_a(ARGS_FROMWIRE) { + isc_region_t sregion; + isc_region_t tregion; + dns_name_t name; + + REQUIRE(type == 1); + REQUIRE(rdclass == dns_rdataclass_ch); + + UNUSED(type); + UNUSED(rdclass); + + dns_decompress_setmethods(dctx, DNS_COMPRESS_GLOBAL14); + + dns_name_init(&name, NULL); + + RETERR(dns_name_fromwire(&name, source, dctx, options, target)); + + isc_buffer_activeregion(source, &sregion); + isc_buffer_availableregion(target, &tregion); + if (sregion.length < 2) + return (ISC_R_UNEXPECTEDEND); + if (tregion.length < 2) + return (ISC_R_NOSPACE); + + memcpy(tregion.base, sregion.base, 2); + isc_buffer_forward(source, 2); + isc_buffer_add(target, 2); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +towire_ch_a(ARGS_TOWIRE) { + dns_name_t name; + dns_offsets_t offsets; + isc_region_t sregion; + isc_region_t tregion; + + REQUIRE(rdata->type == 1); + REQUIRE(rdata->rdclass == dns_rdataclass_ch); + REQUIRE(rdata->length != 0); + + dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14); + + dns_name_init(&name, offsets); + + dns_rdata_toregion(rdata, &sregion); + + dns_name_fromregion(&name, &sregion); + isc_region_consume(&sregion, name_length(&name)); + RETERR(dns_name_towire(&name, cctx, target)); + + isc_buffer_availableregion(target, &tregion); + if (tregion.length < 2) + return (ISC_R_NOSPACE); + + memcpy(tregion.base, sregion.base, 2); + isc_buffer_add(target, 2); + return (ISC_R_SUCCESS); +} + +static inline int +compare_ch_a(ARGS_COMPARE) { + dns_name_t name1; + dns_name_t name2; + isc_region_t region1; + isc_region_t region2; + int order; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 1); + REQUIRE(rdata1->rdclass == dns_rdataclass_ch); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_name_init(&name1, NULL); + dns_name_init(&name2, NULL); + + dns_rdata_toregion(rdata1, ®ion1); + dns_rdata_toregion(rdata2, ®ion2); + + dns_name_fromregion(&name1, ®ion1); + dns_name_fromregion(&name2, ®ion2); + isc_region_consume(®ion1, name_length(&name1)); + isc_region_consume(®ion2, name_length(&name2)); + + order = dns_name_rdatacompare(&name1, &name2); + if (order != 0) + return (order); + + order = memcmp(rdata1->data, rdata2->data, 2); + if (order != 0) + order = (order < 0) ? -1 : 1; + return (order); +} + +static inline isc_result_t +fromstruct_ch_a(ARGS_FROMSTRUCT) { + dns_rdata_ch_a_t *a = source; + isc_region_t region; + + REQUIRE(type == 1); + REQUIRE(source != NULL); + REQUIRE(a->common.rdtype == type); + REQUIRE(a->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + dns_name_toregion(&a->ch_addr_dom, ®ion); + RETERR(isc_buffer_copyregion(target, ®ion)); + + return (uint16_tobuffer(ntohs(a->ch_addr), target)); +} + +static inline isc_result_t +tostruct_ch_a(ARGS_TOSTRUCT) { + dns_rdata_ch_a_t *a = target; + isc_region_t region; + dns_name_t name; + + REQUIRE(rdata->type == 1); + REQUIRE(rdata->rdclass == dns_rdataclass_ch); + REQUIRE(rdata->length != 0); + + a->common.rdclass = rdata->rdclass; + a->common.rdtype = rdata->type; + ISC_LINK_INIT(&a->common, link); + + dns_rdata_toregion(rdata, ®ion); + + dns_name_init(&name, NULL); + dns_name_fromregion(&name, ®ion); + isc_region_consume(®ion, name_length(&name)); + + dns_name_init(&a->ch_addr_dom, NULL); + RETERR(name_duporclone(&name, mctx, &a->ch_addr_dom)); + a->ch_addr = htons(uint16_fromregion(®ion)); + a->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_ch_a(ARGS_FREESTRUCT) { + dns_rdata_ch_a_t *a = source; + + REQUIRE(source != NULL); + REQUIRE(a->common.rdtype == 1); + + if (a->mctx == NULL) + return; + + dns_name_free(&a->ch_addr_dom, a->mctx); + a->mctx = NULL; +} + +static inline isc_result_t +additionaldata_ch_a(ARGS_ADDLDATA) { + + REQUIRE(rdata->type == 1); + REQUIRE(rdata->rdclass == dns_rdataclass_ch); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_ch_a(ARGS_DIGEST) { + isc_region_t r; + + dns_name_t name; + + REQUIRE(rdata->type == 1); + REQUIRE(rdata->rdclass == dns_rdataclass_ch); + + dns_rdata_toregion(rdata, &r); + dns_name_init(&name, NULL); + dns_name_fromregion(&name, &r); + isc_region_consume(&r, name_length(&name)); + RETERR(dns_name_digest(&name, digest, arg)); + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_ch_a(ARGS_CHECKOWNER) { + + REQUIRE(type == 1); + REQUIRE(rdclass == dns_rdataclass_ch); + + UNUSED(type); + + return (dns_name_ishostname(name, wildcard)); +} + +static inline isc_boolean_t +checknames_ch_a(ARGS_CHECKNAMES) { + isc_region_t region; + dns_name_t name; + + REQUIRE(rdata->type == 1); + REQUIRE(rdata->rdclass == dns_rdataclass_ch); + + UNUSED(owner); + + dns_rdata_toregion(rdata, ®ion); + dns_name_init(&name, NULL); + dns_name_fromregion(&name, ®ion); + if (!dns_name_ishostname(&name, ISC_FALSE)) { + if (bad != NULL) + dns_name_clone(&name, bad); + return (ISC_FALSE); + } + + return (ISC_TRUE); +} + +#endif /* RDATA_CH_3_A_1_C */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.h b/contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.h similarity index 56% copy from contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.h copy to contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.h index 08a9b1d4aa..a279d0e7fc 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/ch_3/a_1.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -14,20 +14,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlv_32769.h,v 1.2.4.2 2006/02/19 06:50:46 marka Exp $ */ +/* $Id: a_1.h,v 1.5 2007/06/19 23:47:17 tbox Exp $ */ -/* draft-ietf-dnsext-delegation-signer-05.txt */ -#ifndef GENERIC_DLV_32769_H -#define GENERIC_DLV_32769_H 1 +/* by Bjorn.Victor@it.uu.se, 2005-05-07 */ +/* Based on generic/mx_15.h */ -typedef struct dns_rdata_dlv { +#ifndef CH_3_A_1_H +#define CH_3_A_1_H 1 + +typedef isc_uint16_t ch_addr_t; + +typedef struct dns_rdata_ch_a { dns_rdatacommon_t common; isc_mem_t *mctx; - isc_uint16_t key_tag; - isc_uint8_t algorithm; - isc_uint8_t digest_type; - isc_uint16_t length; - unsigned char *digest; -} dns_rdata_dlv_t; + dns_name_t ch_addr_dom; /* ch-addr domain for back mapping */ + ch_addr_t ch_addr; /* chaos address (16 bit) network order */ +} dns_rdata_ch_a_t; -#endif /* GENERIC_DLV_32769_H */ +#endif /* CH_3_A_1_H */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/afsdb_18.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/afsdb_18.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/afsdb_18.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/afsdb_18.c index f46844a4b2..2230efb149 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/afsdb_18.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/afsdb_18.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: afsdb_18.c,v 1.39.2.1.2.3 2004/03/06 08:14:03 marka Exp $ */ +/* $Id: afsdb_18.c,v 1.47 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 14:59:00 PST 2000 by explorer */ -/* RFC 1183 */ +/* RFC1183 */ #ifndef RDATA_GENERIC_AFSDB_18_C #define RDATA_GENERIC_AFSDB_18_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/afsdb_18.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/afsdb_18.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/generic/afsdb_18.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/afsdb_18.h index 3f89f9dfbd..ccccc116f6 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/afsdb_18.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/afsdb_18.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_AFSDB_18_H #define GENERIC_AFSDB_18_H 1 -/* $Id: afsdb_18.h,v 1.15.206.1 2004/03/06 08:14:03 marka Exp $ */ +/* $Id: afsdb_18.h,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1183 */ +/*! + * \brief Per RFC1183 */ typedef struct dns_rdata_afsdb { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/cert_37.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/cert_37.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/cert_37.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/cert_37.c index 81a1aa74d4..2c45230ae2 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/cert_37.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/cert_37.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cert_37.c,v 1.40.2.1.2.5 2004/03/08 09:04:40 marka Exp $ */ +/* $Id: cert_37.c,v 1.50 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 21:14:32 EST 2000 by tale */ -/* RFC 2538 */ +/* RFC2538 */ #ifndef RDATA_GENERIC_CERT_37_C #define RDATA_GENERIC_CERT_37_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/cert_37.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/cert_37.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/cert_37.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/cert_37.h index 01ae265a2b..ddfaa4f6da 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/cert_37.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/cert_37.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cert_37.h,v 1.15.206.1 2004/03/06 08:14:03 marka Exp $ */ +/* $Id: cert_37.h,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2538 */ #ifndef GENERIC_CERT_37_H #define GENERIC_CERT_37_H 1 +/*% RFC2538 */ typedef struct dns_rdata_cert { dns_rdatacommon_t common; isc_mem_t *mctx; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/cname_5.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/cname_5.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/cname_5.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/cname_5.c index 0ce7aa25b0..28c3d60277 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/cname_5.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/cname_5.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cname_5.c,v 1.43.206.2 2004/03/06 08:14:03 marka Exp $ */ +/* $Id: cname_5.c,v 1.47 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 16:48:45 PST 2000 by brister */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/cname_5.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/cname_5.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/cname_5.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/cname_5.h index 2efee443ef..516f8d38ab 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/cname_5.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/cname_5.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cname_5.h,v 1.23.206.1 2004/03/06 08:14:04 marka Exp $ */ +/* $Id: cname_5.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */ #ifndef GENERIC_CNAME_5_H #define GENERIC_CNAME_5_H 1 diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/dlv_32769.c similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/dlv_32769.c index b28435c8bd..957f038f87 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/dlv_32769.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlv_32769.c,v 1.2.4.2 2006/02/19 06:50:46 marka Exp $ */ +/* $Id: dlv_32769.c,v 1.6 2007/06/18 23:47:43 tbox Exp $ */ /* draft-ietf-dnsext-delegation-signer-05.txt */ @@ -23,9 +23,17 @@ #define RRTYPE_DLV_ATTRIBUTES 0 +#include +#include + +#include + + static inline isc_result_t fromtext_dlv(ARGS_FROMTEXT) { isc_token_t token; + unsigned char c; + int length; REQUIRE(type == 32769); @@ -61,11 +69,17 @@ fromtext_dlv(ARGS_FROMTEXT) { if (token.value.as_ulong > 0xffU) RETTOK(ISC_R_RANGE); RETERR(uint8_tobuffer(token.value.as_ulong, target)); - type = (isc_uint16_t) token.value.as_ulong; + c = (unsigned char) token.value.as_ulong; /* * Digest. */ + if (c == DNS_DSDIGEST_SHA1) + length = ISC_SHA1_DIGESTLENGTH; + else if (c == DNS_DSDIGEST_SHA256) + length = ISC_SHA256_DIGESTLENGTH; + else + length = -1; return (isc_hex_tobuffer(lexer, target, -1)); } @@ -130,9 +144,27 @@ fromwire_dlv(ARGS_FROMWIRE) { UNUSED(options); isc_buffer_activeregion(source, &sr); - if (sr.length < 4) + + /* + * Check digest lengths if we know them. + */ + if (sr.length < 4 || + (sr.base[3] == DNS_DSDIGEST_SHA1 && + sr.length < 4 + ISC_SHA1_DIGESTLENGTH) || + (sr.base[3] == DNS_DSDIGEST_SHA256 && + sr.length < 4 + ISC_SHA256_DIGESTLENGTH)) return (ISC_R_UNEXPECTEDEND); + /* + * Only copy digest lengths if we know them. + * If there is extra data dns_rdata_fromwire() will + * detect that. + */ + if (sr.base[3] == DNS_DSDIGEST_SHA1) + sr.length = 4 + ISC_SHA1_DIGESTLENGTH; + else if (sr.base[3] == DNS_DSDIGEST_SHA256) + sr.length = 4 + ISC_SHA256_DIGESTLENGTH; + isc_buffer_forward(source, sr.length); return (mem_tobuffer(target, sr.base, sr.length)); } @@ -174,6 +206,14 @@ fromstruct_dlv(ARGS_FROMSTRUCT) { REQUIRE(source != NULL); REQUIRE(dlv->common.rdtype == type); REQUIRE(dlv->common.rdclass == rdclass); + switch (dlv->digest_type) { + case DNS_DSDIGEST_SHA1: + REQUIRE(dlv->length == ISC_SHA1_DIGESTLENGTH); + break; + case DNS_DSDIGEST_SHA256: + REQUIRE(dlv->length == ISC_SHA256_DIGESTLENGTH); + break; + } UNUSED(type); UNUSED(rdclass); diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/dlv_32769.h similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/dlv_32769.h index 08a9b1d4aa..2313c57582 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_32769.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/dlv_32769.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlv_32769.h,v 1.2.4.2 2006/02/19 06:50:46 marka Exp $ */ +/* $Id: dlv_32769.h,v 1.5 2007/06/19 23:47:17 tbox Exp $ */ /* draft-ietf-dnsext-delegation-signer-05.txt */ #ifndef GENERIC_DLV_32769_H diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dname_39.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/dname_39.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/dname_39.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/dname_39.c index b532f2ea17..c399f1e7e5 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dname_39.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/dname_39.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dname_39.c,v 1.34.206.2 2004/03/06 08:14:04 marka Exp $ */ +/* $Id: dname_39.c,v 1.38 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 16:52:38 PST 2000 by explorer */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dname_39.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/dname_39.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/generic/dname_39.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/dname_39.h index a1b2192daa..f8aca2756f 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dname_39.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/dname_39.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_DNAME_39_H #define GENERIC_DNAME_39_H 1 -/* $Id: dname_39.h,v 1.16.206.1 2004/03/06 08:14:04 marka Exp $ */ +/* $Id: dname_39.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC2672 */ +/*! + * \brief per RFC2672 */ typedef struct dns_rdata_dname { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dnskey_48.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/dnskey_48.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/dnskey_48.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/dnskey_48.c index 5cf58d54d1..2e11cbaed4 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dnskey_48.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/dnskey_48.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnskey_48.c,v 1.4.2.1 2004/03/08 02:08:02 marka Exp $ */ +/* $Id: dnskey_48.c,v 1.8 2007/06/19 23:47:17 tbox Exp $ */ /* * Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley. */ -/* RFC 2535 */ +/* RFC2535 */ #ifndef RDATA_GENERIC_DNSKEY_48_C #define RDATA_GENERIC_DNSKEY_48_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dnskey_48.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/dnskey_48.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/dnskey_48.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/dnskey_48.h index 4dd71d2101..ce88cd1bf3 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dnskey_48.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/dnskey_48.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_DNSKEY_48_H #define GENERIC_DNSKEY_48_H 1 -/* $Id: dnskey_48.h,v 1.3.2.1 2004/03/08 02:08:02 marka Exp $ */ +/* $Id: dnskey_48.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2535 */ +/*! + * \brief per RFC2535 */ typedef struct dns_rdata_dnskey { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/ds_43.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/ds_43.c similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/ds_43.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ds_43.c index 0206b6f06c..08e5d5f739 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/ds_43.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ds_43.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ds_43.c,v 1.6.2.4 2005/09/06 07:29:31 marka Exp $ */ +/* $Id: ds_43.c,v 1.12 2007/06/18 23:47:43 tbox Exp $ */ /* draft-ietf-dnsext-delegation-signer-05.txt */ @@ -25,10 +25,16 @@ #define RRTYPE_DS_ATTRIBUTES \ (DNS_RDATATYPEATTR_DNSSEC|DNS_RDATATYPEATTR_ATPARENT) +#include +#include + +#include + static inline isc_result_t fromtext_ds(ARGS_FROMTEXT) { isc_token_t token; unsigned char c; + int length; REQUIRE(type == 43); @@ -63,12 +69,18 @@ fromtext_ds(ARGS_FROMTEXT) { if (token.value.as_ulong > 0xffU) RETTOK(ISC_R_RANGE); RETERR(uint8_tobuffer(token.value.as_ulong, target)); - type = (isc_uint16_t) token.value.as_ulong; + c = (unsigned char) token.value.as_ulong; /* * Digest. */ - return (isc_hex_tobuffer(lexer, target, -1)); + if (c == DNS_DSDIGEST_SHA1) + length = ISC_SHA1_DIGESTLENGTH; + else if (c == DNS_DSDIGEST_SHA256) + length = ISC_SHA256_DIGESTLENGTH; + else + length = -1; + return (isc_hex_tobuffer(lexer, target, length)); } static inline isc_result_t @@ -132,9 +144,27 @@ fromwire_ds(ARGS_FROMWIRE) { UNUSED(options); isc_buffer_activeregion(source, &sr); - if (sr.length < 4) + + /* + * Check digest lengths if we know them. + */ + if (sr.length < 4 || + (sr.base[3] == DNS_DSDIGEST_SHA1 && + sr.length < 4 + ISC_SHA1_DIGESTLENGTH) || + (sr.base[3] == DNS_DSDIGEST_SHA256 && + sr.length < 4 + ISC_SHA256_DIGESTLENGTH)) return (ISC_R_UNEXPECTEDEND); + /* + * Only copy digest lengths if we know them. + * If there is extra data dns_rdata_fromwire() will + * detect that. + */ + if (sr.base[3] == DNS_DSDIGEST_SHA1) + sr.length = 4 + ISC_SHA1_DIGESTLENGTH; + else if (sr.base[3] == DNS_DSDIGEST_SHA256) + sr.length = 4 + ISC_SHA256_DIGESTLENGTH; + isc_buffer_forward(source, sr.length); return (mem_tobuffer(target, sr.base, sr.length)); } @@ -176,6 +206,14 @@ fromstruct_ds(ARGS_FROMSTRUCT) { REQUIRE(source != NULL); REQUIRE(ds->common.rdtype == type); REQUIRE(ds->common.rdclass == rdclass); + switch (ds->digest_type) { + case DNS_DSDIGEST_SHA1: + REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH); + break; + case DNS_DSDIGEST_SHA256: + REQUIRE(ds->length == ISC_SHA256_DIGESTLENGTH); + break; + } UNUSED(type); UNUSED(rdclass); diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/ds_43.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/ds_43.h similarity index 78% rename from contrib/bind-9.3/lib/dns/rdata/generic/ds_43.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ds_43.h index cd4a5ca996..3a409a15ee 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/ds_43.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ds_43.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ds_43.h,v 1.3.2.1 2004/03/08 02:08:03 marka Exp $ */ +/* $Id: ds_43.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ -/* draft-ietf-dnsext-delegation-signer-05.txt */ #ifndef GENERIC_DS_43_H #define GENERIC_DS_43_H 1 +/*! + * \brief per draft-ietf-dnsext-delegation-signer-05.txt */ typedef struct dns_rdata_ds { dns_rdatacommon_t common; isc_mem_t *mctx; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/gpos_27.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/gpos_27.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/gpos_27.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/gpos_27.c index 1768f171f0..18effb5a9c 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/gpos_27.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/gpos_27.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gpos_27.c,v 1.32.12.5 2004/03/08 09:04:40 marka Exp $ */ +/* $Id: gpos_27.c,v 1.41 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 16:48:45 PST 2000 by brister */ -/* RFC 1712 */ +/* RFC1712 */ #ifndef RDATA_GENERIC_GPOS_27_C #define RDATA_GENERIC_GPOS_27_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/gpos_27.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/gpos_27.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/gpos_27.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/gpos_27.h index 6f9ed37569..f5df4fa188 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/gpos_27.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/gpos_27.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_GPOS_27_H #define GENERIC_GPOS_27_H 1 -/* $Id: gpos_27.h,v 1.12.206.1 2004/03/06 08:14:04 marka Exp $ */ +/* $Id: gpos_27.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1712 */ +/*! + * \brief per RFC1712 */ typedef struct dns_rdata_gpos { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/hinfo_13.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/hinfo_13.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/generic/hinfo_13.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/hinfo_13.c index e432ce57ec..5321357402 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/hinfo_13.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/hinfo_13.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hinfo_13.c,v 1.37.12.5 2004/03/08 09:04:40 marka Exp $ */ +/* $Id: hinfo_13.c,v 1.44 2007/06/19 23:47:17 tbox Exp $ */ /* * Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley. diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/hinfo_13.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/hinfo_13.h similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/hinfo_13.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/hinfo_13.h index 61cbdd7251..66766dfe04 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/hinfo_13.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/hinfo_13.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,7 +18,7 @@ #ifndef GENERIC_HINFO_13_H #define GENERIC_HINFO_13_H 1 -/* $Id: hinfo_13.h,v 1.22.206.1 2004/03/06 08:14:05 marka Exp $ */ +/* $Id: hinfo_13.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_hinfo { dns_rdatacommon_t common; diff --git a/contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.c new file mode 100644 index 0000000000..9f5c62b512 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.c @@ -0,0 +1,463 @@ +/* + * Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: ipseckey_45.c,v 1.4.128.3 2009/09/18 21:56:25 jinmei Exp $ */ + +#ifndef RDATA_GENERIC_IPSECKEY_45_C +#define RDATA_GENERIC_IPSECKEY_45_C + +#include + +#include + +#define RRTYPE_IPSECKEY_ATTRIBUTES (0) + +static inline isc_result_t +fromtext_ipseckey(ARGS_FROMTEXT) { + isc_token_t token; + dns_name_t name; + isc_buffer_t buffer; + unsigned int gateway; + struct in_addr addr; + unsigned char addr6[16]; + isc_region_t region; + + REQUIRE(type == 45); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(callbacks); + + /* + * Precedence. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Gateway type. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0x3U) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + gateway = token.value.as_ulong; + + /* + * Algorithm. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Gateway. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + + switch (gateway) { + case 0: + if (strcmp(DNS_AS_STR(token), ".") != 0) + RETTOK(DNS_R_SYNTAX); + break; + + case 1: + if (getquad(DNS_AS_STR(token), &addr, lexer, callbacks) != 1) + RETTOK(DNS_R_BADDOTTEDQUAD); + isc_buffer_availableregion(target, ®ion); + if (region.length < 4) + return (ISC_R_NOSPACE); + memcpy(region.base, &addr, 4); + isc_buffer_add(target, 4); + break; + + case 2: + if (inet_pton(AF_INET6, DNS_AS_STR(token), addr6) != 1) + RETTOK(DNS_R_BADAAAA); + isc_buffer_availableregion(target, ®ion); + if (region.length < 16) + return (ISC_R_NOSPACE); + memcpy(region.base, addr6, 16); + isc_buffer_add(target, 16); + break; + + case 3: + dns_name_init(&name, NULL); + buffer_fromregion(&buffer, &token.value.as_region); + origin = (origin != NULL) ? origin : dns_rootname; + RETTOK(dns_name_fromtext(&name, &buffer, origin, + options, target)); + break; + } + + /* + * Public key. + */ + return (isc_base64_tobuffer(lexer, target, -1)); +} + +static inline isc_result_t +totext_ipseckey(ARGS_TOTEXT) { + isc_region_t region; + dns_name_t name; + dns_name_t prefix; + isc_boolean_t sub; + char buf[sizeof("255 ")]; + unsigned short num; + unsigned short gateway; + + REQUIRE(rdata->type == 45); + REQUIRE(rdata->length >= 3); + + dns_name_init(&name, NULL); + dns_name_init(&prefix, NULL); + + if (rdata->data[1] > 3U) + return (ISC_R_NOTIMPLEMENTED); + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext("( ", target)); + + /* + * Precedence. + */ + dns_rdata_toregion(rdata, ®ion); + num = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + sprintf(buf, "%u ", num); + RETERR(str_totext(buf, target)); + + /* + * Gateway type. + */ + gateway = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + sprintf(buf, "%u ", gateway); + RETERR(str_totext(buf, target)); + + /* + * Algorithm. + */ + num = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + sprintf(buf, "%u ", num); + RETERR(str_totext(buf, target)); + + /* + * Gateway. + */ + switch (gateway) { + case 0: + RETERR(str_totext(".", target)); + break; + + case 1: + RETERR(inet_totext(AF_INET, ®ion, target)); + isc_region_consume(®ion, 4); + break; + + case 2: + RETERR(inet_totext(AF_INET6, ®ion, target)); + isc_region_consume(®ion, 16); + break; + + case 3: + dns_name_fromregion(&name, ®ion); + sub = name_prefix(&name, tctx->origin, &prefix); + RETERR(dns_name_totext(&prefix, sub, target)); + isc_region_consume(®ion, name_length(&name)); + break; + } + + /* + * Key. + */ + if (region.length > 0U) { + RETERR(str_totext(tctx->linebreak, target)); + RETERR(isc_base64_totext(®ion, tctx->width - 2, + tctx->linebreak, target)); + } + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" )", target)); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_ipseckey(ARGS_FROMWIRE) { + dns_name_t name; + isc_region_t region; + + REQUIRE(type == 45); + + UNUSED(type); + UNUSED(rdclass); + + dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE); + + dns_name_init(&name, NULL); + + isc_buffer_activeregion(source, ®ion); + if (region.length < 3) + return (ISC_R_UNEXPECTEDEND); + + switch (region.base[1]) { + case 0: + isc_buffer_forward(source, region.length); + return (mem_tobuffer(target, region.base, region.length)); + + case 1: + if (region.length < 7) + return (ISC_R_UNEXPECTEDEND); + isc_buffer_forward(source, region.length); + return (mem_tobuffer(target, region.base, region.length)); + + case 2: + if (region.length < 19) + return (ISC_R_UNEXPECTEDEND); + isc_buffer_forward(source, region.length); + return (mem_tobuffer(target, region.base, region.length)); + + case 3: + RETERR(mem_tobuffer(target, region.base, 3)); + isc_buffer_forward(source, 3); + RETERR(dns_name_fromwire(&name, source, dctx, options, target)); + isc_buffer_activeregion(source, ®ion); + isc_buffer_forward(source, region.length); + return(mem_tobuffer(target, region.base, region.length)); + + default: + return (ISC_R_NOTIMPLEMENTED); + } +} + +static inline isc_result_t +towire_ipseckey(ARGS_TOWIRE) { + isc_region_t region; + + REQUIRE(rdata->type == 45); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, ®ion); + return (mem_tobuffer(target, region.base, region.length)); +} + +static inline int +compare_ipseckey(ARGS_COMPARE) { + isc_region_t region1; + isc_region_t region2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 45); + REQUIRE(rdata1->length >= 3); + REQUIRE(rdata2->length >= 3); + + dns_rdata_toregion(rdata1, ®ion1); + dns_rdata_toregion(rdata2, ®ion2); + + return (isc_region_compare(®ion1, ®ion2)); +} + +static inline isc_result_t +fromstruct_ipseckey(ARGS_FROMSTRUCT) { + dns_rdata_ipseckey_t *ipseckey = source; + isc_region_t region; + isc_uint32_t n; + + REQUIRE(type == 45); + REQUIRE(source != NULL); + REQUIRE(ipseckey->common.rdtype == type); + REQUIRE(ipseckey->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + if (ipseckey->gateway_type > 3U) + return (ISC_R_NOTIMPLEMENTED); + + RETERR(uint8_tobuffer(ipseckey->precedence, target)); + RETERR(uint8_tobuffer(ipseckey->gateway_type, target)); + RETERR(uint8_tobuffer(ipseckey->algorithm, target)); + + switch (ipseckey->gateway_type) { + case 0: + break; + + case 1: + n = ntohl(ipseckey->in_addr.s_addr); + RETERR(uint32_tobuffer(n, target)); + break; + + case 2: + RETERR(mem_tobuffer(target, ipseckey->in6_addr.s6_addr, 16)); + break; + + case 3: + dns_name_toregion(&ipseckey->gateway, ®ion); + RETERR(isc_buffer_copyregion(target, ®ion)); + break; + } + + return (mem_tobuffer(target, ipseckey->key, ipseckey->keylength)); +} + +static inline isc_result_t +tostruct_ipseckey(ARGS_TOSTRUCT) { + isc_region_t region; + dns_rdata_ipseckey_t *ipseckey = target; + dns_name_t name; + isc_uint32_t n; + + REQUIRE(rdata->type == 45); + REQUIRE(target != NULL); + REQUIRE(rdata->length >= 3); + + if (rdata->data[1] > 3U) + return (ISC_R_NOTIMPLEMENTED); + + ipseckey->common.rdclass = rdata->rdclass; + ipseckey->common.rdtype = rdata->type; + ISC_LINK_INIT(&ipseckey->common, link); + + dns_name_init(&name, NULL); + dns_rdata_toregion(rdata, ®ion); + + ipseckey->precedence = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + + ipseckey->gateway_type = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + + ipseckey->algorithm = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + + switch (ipseckey->gateway_type) { + case 0: + break; + + case 1: + n = uint32_fromregion(®ion); + ipseckey->in_addr.s_addr = htonl(n); + isc_region_consume(®ion, 4); + break; + + case 2: + memcpy(ipseckey->in6_addr.s6_addr, region.base, 16); + isc_region_consume(®ion, 16); + break; + + case 3: + dns_name_init(&ipseckey->gateway, NULL); + dns_name_fromregion(&name, ®ion); + RETERR(name_duporclone(&name, mctx, &ipseckey->gateway)); + isc_region_consume(®ion, name_length(&name)); + break; + } + + ipseckey->keylength = region.length; + if (ipseckey->keylength != 0U) { + ipseckey->key = mem_maybedup(mctx, region.base, + ipseckey->keylength); + if (ipseckey->key == NULL) { + if (ipseckey->gateway_type == 3) + dns_name_free(&ipseckey->gateway, + ipseckey->mctx); + return (ISC_R_NOMEMORY); + } + } else + ipseckey->key = NULL; + + ipseckey->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_ipseckey(ARGS_FREESTRUCT) { + dns_rdata_ipseckey_t *ipseckey = source; + + REQUIRE(source != NULL); + REQUIRE(ipseckey->common.rdtype == 45); + + if (ipseckey->mctx == NULL) + return; + + if (ipseckey->gateway_type == 3) + dns_name_free(&ipseckey->gateway, ipseckey->mctx); + + if (ipseckey->key != NULL) + isc_mem_free(ipseckey->mctx, ipseckey->key); + + ipseckey->mctx = NULL; +} + +static inline isc_result_t +additionaldata_ipseckey(ARGS_ADDLDATA) { + + REQUIRE(rdata->type == 45); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_ipseckey(ARGS_DIGEST) { + isc_region_t region; + + REQUIRE(rdata->type == 45); + + dns_rdata_toregion(rdata, ®ion); + return ((digest)(arg, ®ion)); +} + +static inline isc_boolean_t +checkowner_ipseckey(ARGS_CHECKOWNER) { + + REQUIRE(type == 45); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (ISC_TRUE); +} + +static inline isc_boolean_t +checknames_ipseckey(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 45); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +#endif /* RDATA_GENERIC_IPSECKEY_45_C */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.h similarity index 54% rename from contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.h index 689fd4b33e..2a6201f0b7 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/dlv_65323.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ipseckey_45.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -14,20 +14,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlv_65323.h,v 1.2.2.3 2004/03/15 01:02:55 marka Exp $ */ +/* $Id: ipseckey_45.h,v 1.4 2007/06/19 23:47:17 tbox Exp $ */ -/* draft-ietf-dnsext-delegation-signer-05.txt */ -#ifndef GENERIC_DLV_65323_H -#define GENERIC_DLV_65323_H 1 +#ifndef GENERIC_IPSECKEY_45_H +#define GENERIC_IPSECKEY_45_H 1 -typedef struct dns_rdata_dlv { +typedef struct dns_rdata_ipseckey { dns_rdatacommon_t common; isc_mem_t *mctx; - isc_uint16_t key_tag; + isc_uint8_t precedence; + isc_uint8_t gateway_type; isc_uint8_t algorithm; - isc_uint8_t digest_type; - isc_uint16_t length; - unsigned char *digest; -} dns_rdata_dlv_t; + struct in_addr in_addr; /* gateway type 1 */ + struct in6_addr in6_addr; /* gateway type 2 */ + dns_name_t gateway; /* gateway type 3 */ + unsigned char *key; + isc_uint16_t keylength; +} dns_rdata_ipseckey_t; -#endif /* GENERIC_DLV_65323_H */ +#endif /* GENERIC_IPSECKEY_45_H */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/isdn_20.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/isdn_20.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/generic/isdn_20.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/isdn_20.c index cc141578dd..d7333d14c4 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/isdn_20.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/isdn_20.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: isdn_20.c,v 1.30.12.4 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: isdn_20.c,v 1.38 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 16:53:11 PST 2000 by bwelling */ -/* RFC 1183 */ +/* RFC1183 */ #ifndef RDATA_GENERIC_ISDN_20_C #define RDATA_GENERIC_ISDN_20_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/isdn_20.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/isdn_20.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/isdn_20.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/isdn_20.h index 3a63971ffb..a1f65ca4d9 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/isdn_20.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/isdn_20.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_ISDN_20_H #define GENERIC_ISDN_20_H 1 -/* $Id: isdn_20.h,v 1.13.206.1 2004/03/06 08:14:05 marka Exp $ */ +/* $Id: isdn_20.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1183 */ +/*! + * \brief Per RFC1183 */ typedef struct dns_rdata_isdn { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/key_25.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/key_25.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/key_25.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/key_25.c index defbe6df6b..9acfe95f6c 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/key_25.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/key_25.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: key_25.c,v 1.41.12.7 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: key_25.c,v 1.51 2007/06/19 23:47:17 tbox Exp $ */ /* * Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley. */ -/* RFC 2535 */ +/* RFC2535 */ #ifndef RDATA_GENERIC_KEY_25_C #define RDATA_GENERIC_KEY_25_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/key_25.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/key_25.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/key_25.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/key_25.h index e192a1ba95..bcf9cb6a22 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/key_25.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/key_25.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_KEY_25_H #define GENERIC_KEY_25_H 1 -/* $Id: key_25.h,v 1.14.206.1 2004/03/06 08:14:06 marka Exp $ */ +/* $Id: key_25.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2535 */ +/*! + * \brief Per RFC2535 */ typedef struct dns_rdata_key_t { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/loc_29.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/loc_29.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/generic/loc_29.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/loc_29.c index 28003ab348..5d605c27ac 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/loc_29.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/loc_29.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: loc_29.c,v 1.30.2.3.2.6 2004/03/06 08:14:06 marka Exp $ */ +/* $Id: loc_29.c,v 1.45.128.4 2009/02/17 05:54:41 marka Exp $ */ /* Reviewed: Wed Mar 15 18:13:09 PST 2000 by explorer */ -/* RFC 1876 */ +/* RFC1876 */ #ifndef RDATA_GENERIC_LOC_29_C #define RDATA_GENERIC_LOC_29_C @@ -482,16 +482,19 @@ totext_loc(ARGS_TOTEXT) { /* version = sr.base[0]; */ size = sr.base[1]; + INSIST((size&0x0f) < 10 && (size>>4) < 10); if ((size&0x0f)> 1) sprintf(sbuf, "%lum", (size>>4) * poweroften[(size&0x0f)-2]); else sprintf(sbuf, "0.%02lum", (size>>4) * poweroften[(size&0x0f)]); hp = sr.base[2]; + INSIST((hp&0x0f) < 10 && (hp>>4) < 10); if ((hp&0x0f)> 1) sprintf(hbuf, "%lum", (hp>>4) * poweroften[(hp&0x0f)-2]); else sprintf(hbuf, "0.%02lum", (hp>>4) * poweroften[(hp&0x0f)]); vp = sr.base[3]; + INSIST((vp&0x0f) < 10 && (vp>>4) < 10); if ((vp&0x0f)> 1) sprintf(vbuf, "%lum", (vp>>4) * poweroften[(vp&0x0f)-2]); else @@ -514,6 +517,7 @@ totext_loc(ARGS_TOTEXT) { m1 = (int)(latitude % 60); latitude /= 60; d1 = (int)latitude; + INSIST(latitude <= 90U); longitude = uint32_fromregion(&sr); isc_region_consume(&sr, 4); @@ -531,6 +535,7 @@ totext_loc(ARGS_TOTEXT) { m2 = (int)(longitude % 60); longitude /= 60; d2 = (int)longitude; + INSIST(longitude <= 180U); altitude = uint32_fromregion(&sr); isc_region_consume(&sr, 4); @@ -616,7 +621,7 @@ fromwire_loc(ARGS_FROMWIRE) { return (ISC_R_RANGE); /* - * Altitiude. + * Altitude. * All values possible. */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/loc_29.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/loc_29.h similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/loc_29.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/loc_29.h index cdca67b832..f053c60a91 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/loc_29.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/loc_29.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_LOC_29_H #define GENERIC_LOC_29_H 1 -/* $Id: loc_29.h,v 1.14.206.1 2004/03/06 08:14:06 marka Exp $ */ +/* $Id: loc_29.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1876 */ +/*! + * \brief Per RFC1876 */ typedef struct dns_rdata_loc_0 { isc_uint8_t version; /* must be first and zero */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mb_7.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/mb_7.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/mb_7.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mb_7.c index 25627071d7..fc3a7b604c 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mb_7.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mb_7.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mb_7.c,v 1.41.206.2 2004/03/06 08:14:06 marka Exp $ */ +/* $Id: mb_7.c,v 1.45 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 17:31:26 PST 2000 by bwelling */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mb_7.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/mb_7.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/mb_7.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mb_7.h index 115ab49e89..b427ee9b66 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mb_7.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mb_7.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MB_7_H #define GENERIC_MB_7_H 1 -/* $Id: mb_7.h,v 1.22.206.1 2004/03/06 08:14:06 marka Exp $ */ +/* $Id: mb_7.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_mb { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/md_3.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/md_3.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/md_3.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/md_3.c index 7488d84f2d..0f8560fcd2 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/md_3.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/md_3.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: md_3.c,v 1.43.206.2 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: md_3.c,v 1.47 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 17:48:20 PST 2000 by bwelling */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/md_3.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/md_3.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/md_3.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/md_3.h index 8662829ba2..ba70d18d95 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/md_3.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/md_3.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MD_3_H #define GENERIC_MD_3_H 1 -/* $Id: md_3.h,v 1.23.206.1 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: md_3.h,v 1.28 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_md { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mf_4.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/mf_4.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/mf_4.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mf_4.c index b6c72d9375..dffcec2cb8 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mf_4.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mf_4.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mf_4.c,v 1.41.206.2 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: mf_4.c,v 1.45 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 17:47:33 PST 2000 by brister */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mf_4.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/mf_4.h similarity index 80% copy from contrib/bind-9.3/lib/dns/rdata/generic/mf_4.h copy to contrib/bind-9.5.2/lib/dns/rdata/generic/mf_4.h index adb825455e..32d2493581 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mf_4.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mf_4.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MF_4_H #define GENERIC_MF_4_H 1 -/* $Id: mf_4.h,v 1.21.206.1 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: mf_4.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_mf { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mg_8.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/mg_8.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/mg_8.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mg_8.c index 26eac8ddbf..e4dca1ddb5 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mg_8.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mg_8.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mg_8.c,v 1.39.206.2 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: mg_8.c,v 1.43 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 17:49:21 PST 2000 by brister */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mg_8.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/mg_8.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/mg_8.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mg_8.h index b45c2bf619..8fa143a370 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mg_8.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mg_8.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MG_8_H #define GENERIC_MG_8_H 1 -/* $Id: mg_8.h,v 1.21.206.1 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: mg_8.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_mg { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/minfo_14.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/minfo_14.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/generic/minfo_14.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/minfo_14.c index a3c4a9c558..6645bbc0b0 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/minfo_14.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/minfo_14.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: minfo_14.c,v 1.40.12.4 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: minfo_14.c,v 1.45 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 17:45:32 PST 2000 by brister */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/minfo_14.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/minfo_14.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/minfo_14.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/minfo_14.h index 84078b9b4c..76195c52f3 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/minfo_14.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/minfo_14.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MINFO_14_H #define GENERIC_MINFO_14_H 1 -/* $Id: minfo_14.h,v 1.22.206.1 2004/03/06 08:14:08 marka Exp $ */ +/* $Id: minfo_14.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_minfo { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mr_9.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/mr_9.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/mr_9.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mr_9.c index 30da6cb58c..289d7395c0 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mr_9.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mr_9.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mr_9.c,v 1.38.206.2 2004/03/06 08:14:08 marka Exp $ */ +/* $Id: mr_9.c,v 1.42 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 21:30:35 EST 2000 by tale */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mr_9.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/mr_9.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/mr_9.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mr_9.h index ba6e154041..3d81bdd94c 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mr_9.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mr_9.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MR_9_H #define GENERIC_MR_9_H 1 -/* $Id: mr_9.h,v 1.21.206.1 2004/03/06 08:14:08 marka Exp $ */ +/* $Id: mr_9.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_mr { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mx_15.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/mx_15.c similarity index 88% rename from contrib/bind-9.3/lib/dns/rdata/generic/mx_15.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mx_15.c index 794249c090..086c043d82 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mx_15.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mx_15.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,15 +15,37 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mx_15.c,v 1.48.2.1.2.3 2004/03/06 08:14:08 marka Exp $ */ +/* $Id: mx_15.c,v 1.56 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 18:05:46 PST 2000 by brister */ #ifndef RDATA_GENERIC_MX_15_C #define RDATA_GENERIC_MX_15_C +#include + +#include + #define RRTYPE_MX_ATTRIBUTES (0) +static isc_boolean_t +check_mx(isc_token_t *token) { + char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123.")]; + struct in_addr addr; + struct in6_addr addr6; + + if (strlcpy(tmp, DNS_AS_STR(*token), sizeof(tmp)) >= sizeof(tmp)) + return (ISC_TRUE); + + if (tmp[strlen(tmp) - 1] == '.') + tmp[strlen(tmp) - 1] = '\0'; + if (inet_aton(tmp, &addr) == 1 || + inet_pton(AF_INET6, tmp, &addr6) == 1) + return (ISC_FALSE); + + return (ISC_TRUE); +} + static inline isc_result_t fromtext_mx(ARGS_FROMTEXT) { isc_token_t token; @@ -45,6 +67,15 @@ fromtext_mx(ARGS_FROMTEXT) { RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, ISC_FALSE)); + + ok = ISC_TRUE; + if ((options & DNS_RDATA_CHECKMX) != 0) + ok = check_mx(&token); + if (!ok && (options & DNS_RDATA_CHECKMXFAIL) != 0) + RETTOK(DNS_R_MXISADDRESS); + if (!ok && callbacks != NULL) + warn_badmx(&token, lexer, callbacks); + dns_name_init(&name, NULL); buffer_fromregion(&buffer, &token.value.as_region); origin = (origin != NULL) ? origin : dns_rootname; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mx_15.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/mx_15.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/mx_15.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/mx_15.h index 01225fa292..25d5ac5b72 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mx_15.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/mx_15.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_MX_15_H #define GENERIC_MX_15_H 1 -/* $Id: mx_15.h,v 1.24.206.1 2004/03/06 08:14:09 marka Exp $ */ +/* $Id: mx_15.h,v 1.29 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_mx { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/ns_2.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/ns_2.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/ns_2.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ns_2.c index bf32d63614..9a2ee8c2f2 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/ns_2.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ns_2.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ns_2.c,v 1.42.206.2 2004/03/06 08:14:09 marka Exp $ */ +/* $Id: ns_2.c,v 1.46 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Wed Mar 15 18:15:00 PST 2000 by bwelling */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/ns_2.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/ns_2.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/ns_2.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ns_2.h index 2bef1f848f..546e71af06 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/ns_2.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ns_2.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_NS_2_H #define GENERIC_NS_2_H 1 -/* $Id: ns_2.h,v 1.22.206.1 2004/03/06 08:14:09 marka Exp $ */ +/* $Id: ns_2.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_ns { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/nsec_47.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/nsec_47.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/nsec_47.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/nsec_47.c index 74b7806c7e..87c2f33fa4 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/nsec_47.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/nsec_47.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec_47.c,v 1.7.2.1 2004/03/08 02:08:03 marka Exp $ */ +/* $Id: nsec_47.c,v 1.9.128.2 2008/07/15 23:46:46 tbox Exp $ */ /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */ -/* draft-ietf-dnsext-nsec-rdata-01.txt */ +/* RFC 3845 */ #ifndef RDATA_GENERIC_NSEC_47_C #define RDATA_GENERIC_NSEC_47_C @@ -255,7 +255,7 @@ fromstruct_nsec(ARGS_FROMSTRUCT) { window = nsec->typebits[i]; len = nsec->typebits[i+1]; i += 2; - INSIST(first || window > lastwindow); + INSIST(first || window > lastwindow); INSIST(len > 0 && len <= 32); INSIST(i + len <= nsec->len); INSIST(nsec->typebits[i + len - 1] != 0); diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/nsec_47.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/nsec_47.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/generic/nsec_47.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/nsec_47.h index d76a25cc43..935fdc9f7d 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/nsec_47.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/nsec_47.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_NSEC_47_H #define GENERIC_NSEC_47_H 1 -/* $Id: nsec_47.h,v 1.4.2.1 2004/03/08 02:08:03 marka Exp $ */ +/* $Id: nsec_47.h,v 1.8.128.2 2008/07/15 23:46:46 tbox Exp $ */ -/* draft-ietf-dnsext-nsec-rdata-01.txt */ +/*! + * \brief Per RFC 3845 */ typedef struct dns_rdata_nsec { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/null_10.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/null_10.c similarity index 94% rename from contrib/bind-9.3/lib/dns/rdata/generic/null_10.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/null_10.c index 492044d9c7..00bb542962 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/null_10.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/null_10.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: null_10.c,v 1.35.2.1.10.4 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: null_10.c,v 1.42 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 13:57:50 PST 2000 by explorer */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/null_10.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/null_10.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/null_10.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/null_10.h index 44a9e8f785..ceeb0185c6 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/null_10.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/null_10.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_NULL_10_H #define GENERIC_NULL_10_H 1 -/* $Id: null_10.h,v 1.20.206.1 2004/03/06 08:14:09 marka Exp $ */ +/* $Id: null_10.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_null { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/nxt_30.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/nxt_30.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/generic/nxt_30.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/nxt_30.c index e4dba7fb27..7ffb86c7d3 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/nxt_30.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/nxt_30.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nxt_30.c,v 1.49.2.2.2.9 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: nxt_30.c,v 1.63 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */ -/* RFC 2535 */ +/* RFC2535 */ #ifndef RDATA_GENERIC_NXT_30_C #define RDATA_GENERIC_NXT_30_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/nxt_30.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/nxt_30.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/nxt_30.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/nxt_30.h index 540135f72c..e2e8688f72 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/nxt_30.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/nxt_30.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_NXT_30_H #define GENERIC_NXT_30_H 1 -/* $Id: nxt_30.h,v 1.18.12.3 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: nxt_30.h,v 1.25 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2535 */ +/*! + * \brief RFC2535 */ typedef struct dns_rdata_nxt { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/opt_41.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/opt_41.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/opt_41.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/opt_41.c index ac74a28529..d2cfc2e763 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/opt_41.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/opt_41.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: opt_41.c,v 1.25.12.4 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: opt_41.c,v 1.33 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 14:06:44 PST 2000 by gson */ -/* RFC 2671 */ +/* RFC2671 */ #ifndef RDATA_GENERIC_OPT_41_C #define RDATA_GENERIC_OPT_41_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/opt_41.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/opt_41.h similarity index 85% rename from contrib/bind-9.3/lib/dns/rdata/generic/opt_41.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/opt_41.h index c70ad90fd5..d6539cf494 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/opt_41.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/opt_41.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_OPT_41_H #define GENERIC_OPT_41_H 1 -/* $Id: opt_41.h,v 1.13.206.1 2004/03/06 08:14:10 marka Exp $ */ +/* $Id: opt_41.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2671 */ +/*! + * \brief Per RFC2671 */ typedef struct dns_rdata_opt_opcode { isc_uint16_t opcode; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/proforma.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/proforma.c similarity index 94% rename from contrib/bind-9.3/lib/dns/rdata/generic/proforma.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/proforma.c index 21c65775e6..879b7613e8 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/proforma.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/proforma.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: proforma.c,v 1.30.12.4 2004/03/08 09:04:41 marka Exp $ */ +/* $Id: proforma.c,v 1.36 2007/06/19 23:47:17 tbox Exp $ */ #ifndef RDATA_GENERIC_#_#_C #define RDATA_GENERIC_#_#_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/proforma.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/proforma.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/proforma.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/proforma.h index 5d5090e033..e5c420ac2b 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/proforma.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/proforma.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_PROFORMA_H #define GENERIC_PROFORMA_H 1 -/* $Id: proforma.h,v 1.18.206.1 2004/03/06 08:14:11 marka Exp $ */ +/* $Id: proforma.h,v 1.23 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_# { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/ptr_12.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/ptr_12.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/generic/ptr_12.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ptr_12.c index 9be93b3329..fbabcbf673 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/ptr_12.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ptr_12.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ptr_12.c,v 1.39.206.2 2004/03/06 08:14:11 marka Exp $ */ +/* $Id: ptr_12.c,v 1.43 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 14:05:12 PST 2000 by explorer */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/ptr_12.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/ptr_12.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/ptr_12.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/ptr_12.h index 53e792005f..304dcc4e5c 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/ptr_12.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/ptr_12.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_PTR_12_H #define GENERIC_PTR_12_H 1 -/* $Id: ptr_12.h,v 1.22.206.1 2004/03/06 08:14:11 marka Exp $ */ +/* $Id: ptr_12.h,v 1.27 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_ptr { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/rp_17.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/rp_17.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/generic/rp_17.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/rp_17.c index 27e02ee22b..557cb044a4 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/rp_17.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/rp_17.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rp_17.c,v 1.35.12.4 2004/03/08 09:04:42 marka Exp $ */ +/* $Id: rp_17.c,v 1.42 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1183 */ +/* RFC1183 */ #ifndef RDATA_GENERIC_RP_17_C #define RDATA_GENERIC_RP_17_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/rp_17.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/rp_17.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/rp_17.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/rp_17.h index a88b9c00b5..6223038c83 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/rp_17.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/rp_17.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_RP_17_H #define GENERIC_RP_17_H 1 -/* $Id: rp_17.h,v 1.16.206.1 2004/03/06 08:14:11 marka Exp $ */ +/* $Id: rp_17.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1183 */ +/*! + * \brief Per RFC1183 */ typedef struct dns_rdata_rp { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/rrsig_46.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/rrsig_46.c similarity index 98% rename from contrib/bind-9.3/lib/dns/rdata/generic/rrsig_46.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/rrsig_46.c index ad43295398..a9af4bd050 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/rrsig_46.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/rrsig_46.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rrsig_46.c,v 1.4.2.3 2004/06/24 00:58:06 marka Exp $ */ +/* $Id: rrsig_46.c,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */ -/* RFC 2535 */ +/* RFC2535 */ #ifndef RDATA_GENERIC_RRSIG_46_C #define RDATA_GENERIC_RRSIG_46_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/rrsig_46.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/rrsig_46.h similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/rrsig_46.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/rrsig_46.h index 148604b7b2..8e8dc4efb3 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/rrsig_46.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/rrsig_46.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_DNSSIG_46_H #define GENERIC_DNSSIG_46_H 1 -/* $Id: rrsig_46.h,v 1.3.2.1 2004/03/08 02:08:04 marka Exp $ */ +/* $Id: rrsig_46.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2535 */ +/*! + * \brief Per RFC2535 */ typedef struct dns_rdata_rrsig { dns_rdatacommon_t common; isc_mem_t * mctx; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/rt_21.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/rt_21.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/generic/rt_21.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/rt_21.c index daf9756ff9..6444102dfc 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/rt_21.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/rt_21.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rt_21.c,v 1.37.2.1.2.5 2005/03/17 03:58:31 marka Exp $ */ +/* $Id: rt_21.c,v 1.46 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Thu Mar 16 15:02:31 PST 2000 by brister */ -/* RFC 1183 */ +/* RFC1183 */ #ifndef RDATA_GENERIC_RT_21_C #define RDATA_GENERIC_RT_21_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/rt_21.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/rt_21.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/generic/rt_21.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/rt_21.h index 32b0352d57..2c0e9fc27f 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/rt_21.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/rt_21.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_RT_21_H #define GENERIC_RT_21_H 1 -/* $Id: rt_21.h,v 1.16.206.1 2004/03/06 08:14:12 marka Exp $ */ +/* $Id: rt_21.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1183 */ +/*! + * \brief Per RFC1183 */ typedef struct dns_rdata_rt { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/sig_24.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/sig_24.c similarity index 98% rename from contrib/bind-9.3/lib/dns/rdata/generic/sig_24.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/sig_24.c index 39cb0644d6..e79e1e4f1d 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/sig_24.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/sig_24.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sig_24.c,v 1.54.2.1.2.7 2004/03/08 09:04:42 marka Exp $ */ +/* $Id: sig_24.c,v 1.66 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */ -/* RFC 2535 */ +/* RFC2535 */ #ifndef RDATA_GENERIC_SIG_24_C #define RDATA_GENERIC_SIG_24_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/sig_24.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/sig_24.h similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/generic/sig_24.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/sig_24.h index 28bcac21cc..7212d4d612 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/sig_24.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/sig_24.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_SIG_24_H #define GENERIC_SIG_24_H 1 -/* $Id: sig_24.h,v 1.21.206.1 2004/03/06 08:14:12 marka Exp $ */ +/* $Id: sig_24.h,v 1.26 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2535 */ +/*! + * \brief Per RFC2535 */ typedef struct dns_rdata_sig_t { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/soa_6.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/soa_6.c similarity index 92% rename from contrib/bind-9.3/lib/dns/rdata/generic/soa_6.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/soa_6.c index 7eeb36e2f5..2b26ba4437 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/soa_6.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/soa_6.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: soa_6.c,v 1.53.12.6 2004/03/08 09:04:42 marka Exp $ */ +/* $Id: soa_6.c,v 1.61.128.2 2009/02/16 23:46:44 tbox Exp $ */ /* Reviewed: Thu Mar 16 15:18:32 PST 2000 by explorer */ @@ -101,7 +101,11 @@ totext_soa(ARGS_TOTEXT) { REQUIRE(rdata->length != 0); multiline = ISC_TF((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0); - comment = ISC_TF((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0); + if (multiline) + comment = ISC_TF((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0); + else + comment = ISC_FALSE; + dns_name_init(&mname, NULL); dns_name_init(&rname, NULL); @@ -128,16 +132,13 @@ totext_soa(ARGS_TOTEXT) { RETERR(str_totext(tctx->linebreak, target)); for (i = 0; i < 5; i++) { - char buf[sizeof("2147483647")]; + char buf[sizeof("0123456789 ; ")]; unsigned long num; - unsigned int numlen; num = uint32_fromregion(&dregion); isc_region_consume(&dregion, 4); - numlen = sprintf(buf, "%lu", num); - INSIST(numlen > 0 && numlen < sizeof("2147483647")); + sprintf(buf, comment ? "%-10lu ; " : "%lu", num); RETERR(str_totext(buf, target)); - if (multiline && comment) { - RETERR(str_totext(" ; " + numlen, target)); + if (comment) { RETERR(str_totext(soa_fieldnames[i], target)); /* Print times in week/day/hour/minute/second form */ if (i >= 1) { @@ -147,7 +148,7 @@ totext_soa(ARGS_TOTEXT) { } RETERR(str_totext(tctx->linebreak, target)); } else if (i < 4) { - RETERR(str_totext(tctx->linebreak, target)); + RETERR(str_totext(tctx->linebreak, target)); } } @@ -159,8 +160,8 @@ totext_soa(ARGS_TOTEXT) { static inline isc_result_t fromwire_soa(ARGS_FROMWIRE) { - dns_name_t mname; - dns_name_t rname; + dns_name_t mname; + dns_name_t rname; isc_region_t sregion; isc_region_t tregion; @@ -171,11 +172,11 @@ fromwire_soa(ARGS_FROMWIRE) { dns_decompress_setmethods(dctx, DNS_COMPRESS_GLOBAL14); - dns_name_init(&mname, NULL); - dns_name_init(&rname, NULL); + dns_name_init(&mname, NULL); + dns_name_init(&rname, NULL); - RETERR(dns_name_fromwire(&mname, source, dctx, options, target)); - RETERR(dns_name_fromwire(&rname, source, dctx, options, target)); + RETERR(dns_name_fromwire(&mname, source, dctx, options, target)); + RETERR(dns_name_fromwire(&rname, source, dctx, options, target)); isc_buffer_activeregion(source, &sregion); isc_buffer_availableregion(target, &tregion); diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/soa_6.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/soa_6.h similarity index 68% rename from contrib/bind-9.3/lib/dns/rdata/generic/soa_6.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/soa_6.h index eca6dfd43b..7443b041c5 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/soa_6.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/soa_6.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,21 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_SOA_6_H #define GENERIC_SOA_6_H 1 -/* $Id: soa_6.h,v 1.27.206.1 2004/03/06 08:14:12 marka Exp $ */ +/* $Id: soa_6.h,v 1.32 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_soa { dns_rdatacommon_t common; isc_mem_t *mctx; dns_name_t origin; dns_name_t contact; - isc_uint32_t serial; /* host order */ - isc_uint32_t refresh; /* host order */ - isc_uint32_t retry; /* host order */ - isc_uint32_t expire; /* host order */ - isc_uint32_t minimum; /* host order */ + isc_uint32_t serial; /*%< host order */ + isc_uint32_t refresh; /*%< host order */ + isc_uint32_t retry; /*%< host order */ + isc_uint32_t expire; /*%< host order */ + isc_uint32_t minimum; /*%< host order */ } dns_rdata_soa_t; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/spf_99.c similarity index 78% copy from contrib/bind-9.3/lib/dns/rdata/generic/txt_16.c copy to contrib/bind-9.5.2/lib/dns/rdata/generic/spf_99.c index 631d7af55b..12e813e4ab 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/spf_99.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,21 +15,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: txt_16.c,v 1.37.12.4 2004/03/08 09:04:42 marka Exp $ */ +/* $Id: spf_99.c,v 1.4 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 15:40:00 PST 2000 by bwelling */ -#ifndef RDATA_GENERIC_TXT_16_C -#define RDATA_GENERIC_TXT_16_C +#ifndef RDATA_GENERIC_SPF_99_C +#define RDATA_GENERIC_SPF_99_C -#define RRTYPE_TXT_ATTRIBUTES (0) +#define RRTYPE_SPF_ATTRIBUTES (0) static inline isc_result_t -fromtext_txt(ARGS_FROMTEXT) { +fromtext_spf(ARGS_FROMTEXT) { isc_token_t token; int strings; - REQUIRE(type == 16); + REQUIRE(type == 99); UNUSED(type); UNUSED(rdclass); @@ -54,12 +54,12 @@ fromtext_txt(ARGS_FROMTEXT) { } static inline isc_result_t -totext_txt(ARGS_TOTEXT) { +totext_spf(ARGS_TOTEXT) { isc_region_t region; UNUSED(tctx); - REQUIRE(rdata->type == 16); + REQUIRE(rdata->type == 99); dns_rdata_toregion(rdata, ®ion); @@ -73,10 +73,10 @@ totext_txt(ARGS_TOTEXT) { } static inline isc_result_t -fromwire_txt(ARGS_FROMWIRE) { +fromwire_spf(ARGS_FROMWIRE) { isc_result_t result; - REQUIRE(type == 16); + REQUIRE(type == 99); UNUSED(type); UNUSED(dctx); @@ -92,10 +92,10 @@ fromwire_txt(ARGS_FROMWIRE) { } static inline isc_result_t -towire_txt(ARGS_TOWIRE) { +towire_spf(ARGS_TOWIRE) { isc_region_t region; - REQUIRE(rdata->type == 16); + REQUIRE(rdata->type == 99); UNUSED(cctx); @@ -109,13 +109,13 @@ towire_txt(ARGS_TOWIRE) { } static inline int -compare_txt(ARGS_COMPARE) { +compare_spf(ARGS_COMPARE) { isc_region_t r1; isc_region_t r2; REQUIRE(rdata1->type == rdata2->type); REQUIRE(rdata1->rdclass == rdata2->rdclass); - REQUIRE(rdata1->type == 16); + REQUIRE(rdata1->type == 99); dns_rdata_toregion(rdata1, &r1); dns_rdata_toregion(rdata2, &r2); @@ -123,12 +123,12 @@ compare_txt(ARGS_COMPARE) { } static inline isc_result_t -fromstruct_txt(ARGS_FROMSTRUCT) { - dns_rdata_txt_t *txt = source; +fromstruct_spf(ARGS_FROMSTRUCT) { + dns_rdata_spf_t *txt = source; isc_region_t region; isc_uint8_t length; - REQUIRE(type == 16); + REQUIRE(type == 99); REQUIRE(source != NULL); REQUIRE(txt->common.rdtype == type); REQUIRE(txt->common.rdclass == rdclass); @@ -151,11 +151,11 @@ fromstruct_txt(ARGS_FROMSTRUCT) { } static inline isc_result_t -tostruct_txt(ARGS_TOSTRUCT) { - dns_rdata_txt_t *txt = target; +tostruct_spf(ARGS_TOSTRUCT) { + dns_rdata_spf_t *txt = target; isc_region_t r; - REQUIRE(rdata->type == 16); + REQUIRE(rdata->type == 99); REQUIRE(target != NULL); txt->common.rdclass = rdata->rdclass; @@ -174,11 +174,11 @@ tostruct_txt(ARGS_TOSTRUCT) { } static inline void -freestruct_txt(ARGS_FREESTRUCT) { - dns_rdata_txt_t *txt = source; +freestruct_spf(ARGS_FREESTRUCT) { + dns_rdata_spf_t *txt = source; REQUIRE(source != NULL); - REQUIRE(txt->common.rdtype == 16); + REQUIRE(txt->common.rdtype == 99); if (txt->mctx == NULL) return; @@ -189,8 +189,8 @@ freestruct_txt(ARGS_FREESTRUCT) { } static inline isc_result_t -additionaldata_txt(ARGS_ADDLDATA) { - REQUIRE(rdata->type == 16); +additionaldata_spf(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 99); UNUSED(rdata); UNUSED(add); @@ -200,10 +200,10 @@ additionaldata_txt(ARGS_ADDLDATA) { } static inline isc_result_t -digest_txt(ARGS_DIGEST) { +digest_spf(ARGS_DIGEST) { isc_region_t r; - REQUIRE(rdata->type == 16); + REQUIRE(rdata->type == 99); dns_rdata_toregion(rdata, &r); @@ -211,9 +211,9 @@ digest_txt(ARGS_DIGEST) { } static inline isc_boolean_t -checkowner_txt(ARGS_CHECKOWNER) { +checkowner_spf(ARGS_CHECKOWNER) { - REQUIRE(type == 16); + REQUIRE(type == 99); UNUSED(name); UNUSED(type); @@ -224,9 +224,9 @@ checkowner_txt(ARGS_CHECKOWNER) { } static inline isc_boolean_t -checknames_txt(ARGS_CHECKNAMES) { +checknames_spf(ARGS_CHECKNAMES) { - REQUIRE(rdata->type == 16); + REQUIRE(rdata->type == 99); UNUSED(rdata); UNUSED(owner); @@ -235,4 +235,4 @@ checknames_txt(ARGS_CHECKNAMES) { return (ISC_TRUE); } -#endif /* RDATA_GENERIC_TXT_16_C */ +#endif /* RDATA_GENERIC_SPF_99_C */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/spf_99.h similarity index 68% copy from contrib/bind-9.3/lib/dns/rdata/generic/txt_16.h copy to contrib/bind-9.5.2/lib/dns/rdata/generic/spf_99.h index db5019c133..be5e978984 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/spf_99.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,24 +15,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#ifndef GENERIC_TXT_16_H -#define GENERIC_TXT_16_H 1 +#ifndef GENERIC_SPF_99_H +#define GENERIC_SPF_99_H 1 -/* $Id: txt_16.h,v 1.23.206.1 2004/03/06 08:14:14 marka Exp $ */ +/* $Id: spf_99.h,v 1.4 2007/06/19 23:47:17 tbox Exp $ */ -typedef struct dns_rdata_txt_string { +typedef struct dns_rdata_spf_string { isc_uint8_t length; unsigned char *data; -} dns_rdata_txt_string_t; +} dns_rdata_spf_string_t; -typedef struct dns_rdata_txt { +typedef struct dns_rdata_spf { dns_rdatacommon_t common; isc_mem_t *mctx; unsigned char *txt; isc_uint16_t txt_len; /* private */ isc_uint16_t offset; -} dns_rdata_txt_t; +} dns_rdata_spf_t; /* * ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS are already done @@ -40,12 +40,12 @@ typedef struct dns_rdata_txt { */ isc_result_t -dns_rdata_txt_first(dns_rdata_txt_t *); +dns_rdata_spf_first(dns_rdata_spf_t *); isc_result_t -dns_rdata_txt_next(dns_rdata_txt_t *); +dns_rdata_spf_next(dns_rdata_spf_t *); isc_result_t -dns_rdata_txt_current(dns_rdata_txt_t *, dns_rdata_txt_string_t *); +dns_rdata_spf_current(dns_rdata_spf_t *, dns_rdata_spf_string_t *); -#endif /* GENERIC_TXT_16_H */ +#endif /* GENERIC_SPF_99_H */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/sshfp_44.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/sshfp_44.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/generic/sshfp_44.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/sshfp_44.c index eabf056d6f..570a3b76aa 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/sshfp_44.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/sshfp_44.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sshfp_44.c,v 1.1.8.3 2004/03/06 08:14:13 marka Exp $ */ +/* $Id: sshfp_44.c,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ -/* draft-ietf-secsh-dns-05.txt */ +/* RFC 4255 */ #ifndef RDATA_GENERIC_SSHFP_44_C #define RDATA_GENERIC_SSHFP_44_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/sshfp_44.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/sshfp_44.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/generic/sshfp_44.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/sshfp_44.h index ccdefd4ea2..daea74c3a4 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/sshfp_44.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/sshfp_44.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sshfp_44.h,v 1.1.8.2 2004/03/06 08:14:13 marka Exp $ */ +/* $Id: sshfp_44.h,v 1.8 2007/06/19 23:47:17 tbox Exp $ */ -/* draft-ietf-secsh-dns-05.txt */ +/*! + * \brief Per RFC 4255 */ #ifndef GENERIC_SSHFP_44_H #define GENERIC_SSHFP_44_H 1 diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/tkey_249.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/tkey_249.c similarity index 98% rename from contrib/bind-9.3/lib/dns/rdata/generic/tkey_249.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/tkey_249.c index da63167671..2412c85b8f 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/tkey_249.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/tkey_249.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkey_249.c,v 1.48.2.1.2.6 2004/03/08 09:04:42 marka Exp $ */ +/* $Id: tkey_249.c,v 1.57 2007/06/19 23:47:17 tbox Exp $ */ /* * Reviewed: Thu Mar 16 17:35:30 PST 2000 by halley. diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/tkey_249.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/tkey_249.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/tkey_249.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/tkey_249.h index 8e0081cf93..34d5646828 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/tkey_249.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/tkey_249.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_TKEY_249_H #define GENERIC_TKEY_249_H 1 -/* $Id: tkey_249.h,v 1.18.206.2 2004/03/06 08:14:13 marka Exp $ */ +/* $Id: tkey_249.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */ -/* draft-ietf-dnsind-tkey-00.txt */ +/*! + * \brief Per draft-ietf-dnsind-tkey-00.txt */ typedef struct dns_rdata_tkey { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/txt_16.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/generic/txt_16.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/txt_16.c index 631d7af55b..d3c9dc393f 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/txt_16.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: txt_16.c,v 1.37.12.4 2004/03/08 09:04:42 marka Exp $ */ +/* $Id: txt_16.c,v 1.43.128.2 2008/02/15 23:46:22 tbox Exp $ */ /* Reviewed: Thu Mar 16 15:40:00 PST 2000 by bwelling */ @@ -142,7 +142,7 @@ fromstruct_txt(ARGS_FROMSTRUCT) { while (region.length > 0) { length = uint8_fromregion(®ion); isc_region_consume(®ion, 1); - if (region.length <= length) + if (region.length < length) return (ISC_R_UNEXPECTEDEND); isc_region_consume(®ion, length); } diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/txt_16.h similarity index 87% rename from contrib/bind-9.3/lib/dns/rdata/generic/txt_16.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/txt_16.h index db5019c133..fc46486c74 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/txt_16.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/txt_16.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_TXT_16_H #define GENERIC_TXT_16_H 1 -/* $Id: txt_16.h,v 1.23.206.1 2004/03/06 08:14:14 marka Exp $ */ +/* $Id: txt_16.h,v 1.28 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_txt_string { isc_uint8_t length; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/unspec_103.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/unspec_103.c similarity index 94% rename from contrib/bind-9.3/lib/dns/rdata/generic/unspec_103.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/unspec_103.c index 157e9a1cc0..384863e887 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/unspec_103.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/unspec_103.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: unspec_103.c,v 1.28.2.1.10.4 2004/03/08 09:04:43 marka Exp $ */ +/* $Id: unspec_103.c,v 1.35 2007/06/19 23:47:17 tbox Exp $ */ #ifndef RDATA_GENERIC_UNSPEC_103_C #define RDATA_GENERIC_UNSPEC_103_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/unspec_103.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/unspec_103.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/generic/unspec_103.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/unspec_103.h index 021e308deb..4b2d3108f4 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/unspec_103.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/unspec_103.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef GENERIC_UNSPEC_103_H #define GENERIC_UNSPEC_103_H 1 -/* $Id: unspec_103.h,v 1.12.206.1 2004/03/06 08:14:14 marka Exp $ */ +/* $Id: unspec_103.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_unspec_t { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/x25_19.c b/contrib/bind-9.5.2/lib/dns/rdata/generic/x25_19.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/generic/x25_19.c rename to contrib/bind-9.5.2/lib/dns/rdata/generic/x25_19.c index 2f123ad76d..c496aafda2 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/x25_19.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/x25_19.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: x25_19.c,v 1.31.12.4 2004/03/08 09:04:43 marka Exp $ */ +/* $Id: x25_19.c,v 1.39 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 16:15:57 PST 2000 by bwelling */ -/* RFC 1183 */ +/* RFC1183 */ #ifndef RDATA_GENERIC_X25_19_C #define RDATA_GENERIC_X25_19_C diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/x25_19.h b/contrib/bind-9.5.2/lib/dns/rdata/generic/x25_19.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/generic/x25_19.h rename to contrib/bind-9.5.2/lib/dns/rdata/generic/x25_19.h index bcb74cf603..5ebc230589 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/x25_19.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/generic/x25_19.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef GENERIC_X25_19_H #define GENERIC_X25_19_H 1 -/* $Id: x25_19.h,v 1.13.206.1 2004/03/06 08:14:14 marka Exp $ */ +/* $Id: x25_19.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1183 */ +/*! + * \brief Per RFC1183 */ typedef struct dns_rdata_x25 { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/hs_4/a_1.c b/contrib/bind-9.5.2/lib/dns/rdata/hs_4/a_1.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/hs_4/a_1.c rename to contrib/bind-9.5.2/lib/dns/rdata/hs_4/a_1.c index 07d6adcd42..487e8bc432 100644 --- a/contrib/bind-9.3/lib/dns/rdata/hs_4/a_1.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/hs_4/a_1.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: a_1.c,v 1.25.12.4 2004/03/08 09:04:43 marka Exp $ */ +/* $Id: a_1.c,v 1.31 2007/06/19 23:47:17 tbox Exp $ */ /* reviewed: Thu Mar 16 15:58:36 PST 2000 by brister */ diff --git a/contrib/bind-9.3/lib/dns/rdata/hs_4/a_1.h b/contrib/bind-9.5.2/lib/dns/rdata/hs_4/a_1.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/hs_4/a_1.h rename to contrib/bind-9.5.2/lib/dns/rdata/hs_4/a_1.h index c06c648afe..dee812fcb2 100644 --- a/contrib/bind-9.3/lib/dns/rdata/hs_4/a_1.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/hs_4/a_1.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef HS_4_A_1_H #define HS_4_A_1_H 1 -/* $Id: a_1.h,v 1.7.206.1 2004/03/06 08:14:15 marka Exp $ */ +/* $Id: a_1.h,v 1.12 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_hs_a { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/a6_38.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a6_38.c similarity index 98% rename from contrib/bind-9.3/lib/dns/rdata/in_1/a6_38.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/a6_38.c index ded70c12bd..d4d42bb3a5 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/a6_38.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a6_38.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: a6_38.c,v 1.46.2.1.2.5 2004/03/08 09:04:43 marka Exp $ */ +/* $Id: a6_38.c,v 1.54 2007/06/19 23:47:17 tbox Exp $ */ /* RFC2874 */ diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/a6_38.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a6_38.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/in_1/a6_38.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/a6_38.h index 9134cedb06..75e53f138f 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/a6_38.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a6_38.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_A6_38_H #define IN_1_A6_38_H 1 -/* $Id: a6_38.h,v 1.19.206.1 2004/03/06 08:14:15 marka Exp $ */ +/* $Id: a6_38.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC2874 */ +/*! + * \brief Per RFC2874 */ typedef struct dns_rdata_in_a6 { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/a_1.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a_1.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/in_1/a_1.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/a_1.c index 30165c9045..d7644bc897 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/a_1.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a_1.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: a_1.c,v 1.46.12.5 2004/03/08 09:04:43 marka Exp $ */ +/* $Id: a_1.c,v 1.53 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */ diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/a_1.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a_1.h similarity index 80% rename from contrib/bind-9.3/lib/dns/rdata/in_1/a_1.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/a_1.h index 34d74697f6..c192d1a7bd 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/a_1.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/a_1.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef IN_1_A_1_H #define IN_1_A_1_H 1 -/* $Id: a_1.h,v 1.23.206.1 2004/03/06 08:14:16 marka Exp $ */ +/* $Id: a_1.h,v 1.28 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_in_a { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/aaaa_28.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/aaaa_28.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/in_1/aaaa_28.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/aaaa_28.c index 489fe01535..d0503a9447 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/aaaa_28.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/aaaa_28.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aaaa_28.c,v 1.36.12.5 2004/03/08 09:04:44 marka Exp $ */ +/* $Id: aaaa_28.c,v 1.45 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */ -/* RFC 1886 */ +/* RFC1886 */ #ifndef RDATA_IN_1_AAAA_28_C #define RDATA_IN_1_AAAA_28_C diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/aaaa_28.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/aaaa_28.h similarity index 78% rename from contrib/bind-9.3/lib/dns/rdata/in_1/aaaa_28.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/aaaa_28.h index e8a93195da..54a0cb3767 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/aaaa_28.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/aaaa_28.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_AAAA_28_H #define IN_1_AAAA_28_H 1 -/* $Id: aaaa_28.h,v 1.16.206.1 2004/03/06 08:14:16 marka Exp $ */ +/* $Id: aaaa_28.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1886 */ +/*! + * \brief Per RFC1886 */ typedef struct dns_rdata_in_aaaa { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/apl_42.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/apl_42.c similarity index 86% rename from contrib/bind-9.3/lib/dns/rdata/in_1/apl_42.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/apl_42.c index ac3956983d..a2e94f643d 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/apl_42.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/apl_42.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: apl_42.c,v 1.4.200.8 2004/03/16 12:38:15 marka Exp $ */ +/* $Id: apl_42.c,v 1.12.128.2 2008/01/22 23:27:35 tbox Exp $ */ -/* RFC 3123 */ +/* RFC3123 */ #ifndef RDATA_IN_1_APL_42_C #define RDATA_IN_1_APL_42_C @@ -49,7 +49,7 @@ fromtext_in_apl(ARGS_FROMTEXT) { isc_tokentype_string, ISC_TRUE)); if (token.type != isc_tokentype_string) break; - + cp = DNS_AS_STR(token); neg = ISC_TF(*cp == '!'); if (neg) @@ -259,7 +259,7 @@ fromstruct_in_apl(ARGS_FROMSTRUCT) { REQUIRE(apl->common.rdtype == type); REQUIRE(apl->common.rdclass == rdclass); REQUIRE(apl->apl != NULL || apl->apl_len == 0); - + isc_buffer_init(&b, apl->apl, apl->apl_len); isc_buffer_add(&b, apl->apl_len); isc_buffer_setactive(&b, apl->apl_len); @@ -306,37 +306,88 @@ freestruct_in_apl(ARGS_FREESTRUCT) { isc_result_t dns_rdata_apl_first(dns_rdata_in_apl_t *apl) { + isc_uint32_t length; + + REQUIRE(apl != NULL); REQUIRE(apl->common.rdtype == 42); REQUIRE(apl->common.rdclass == 1); REQUIRE(apl->apl != NULL || apl->apl_len == 0); + /* + * If no APL return ISC_R_NOMORE. + */ + if (apl->apl == NULL) + return (ISC_R_NOMORE); + + /* + * Sanity check data. + */ + INSIST(apl->apl_len > 3U); + length = apl->apl[apl->offset + 3] & 0x7f; + INSIST(length <= apl->apl_len); + apl->offset = 0; - return ((apl->apl_len != 0) ? ISC_R_SUCCESS : ISC_R_NOMORE); + return (ISC_R_SUCCESS); } isc_result_t dns_rdata_apl_next(dns_rdata_in_apl_t *apl) { + isc_uint32_t length; + + REQUIRE(apl != NULL); REQUIRE(apl->common.rdtype == 42); REQUIRE(apl->common.rdclass == 1); REQUIRE(apl->apl != NULL || apl->apl_len == 0); - if (apl->offset + 3 < apl->apl_len) + /* + * No APL or have already reached the end return ISC_R_NOMORE. + */ + if (apl->apl == NULL || apl->offset == apl->apl_len) return (ISC_R_NOMORE); + + /* + * Sanity check data. + */ + INSIST(apl->offset < apl->apl_len); + INSIST(apl->apl_len > 3U); + INSIST(apl->offset <= apl->apl_len - 4U); + length = apl->apl[apl->offset + 3] & 0x7f; + /* + * 16 to 32 bits promotion as 'length' is 32 bits so there is + * no overflow problems. + */ + INSIST(length + apl->offset <= apl->apl_len); + apl->offset += apl->apl[apl->offset + 3] & 0x7f; return ((apl->offset >= apl->apl_len) ? ISC_R_SUCCESS : ISC_R_NOMORE); } isc_result_t dns_rdata_apl_current(dns_rdata_in_apl_t *apl, dns_rdata_apl_ent_t *ent) { + isc_uint32_t length; + REQUIRE(apl != NULL); REQUIRE(apl->common.rdtype == 42); REQUIRE(apl->common.rdclass == 1); REQUIRE(ent != NULL); REQUIRE(apl->apl != NULL || apl->apl_len == 0); + REQUIRE(apl->offset <= apl->apl_len); - if (apl->offset >= apl->apl_len) + if (apl->offset == apl->apl_len) return (ISC_R_NOMORE); + /* + * Sanity check data. + */ + INSIST(apl->apl_len > 3U); + INSIST(apl->offset <= apl->apl_len - 4U); + length = apl->apl[apl->offset + 3] & 0x7f; + /* + * 16 to 32 bits promotion as 'length' is 32 bits so there is + * no overflow problems. + */ + INSIST(length + apl->offset <= apl->apl_len); + ent->family = (apl->apl[apl->offset] << 8) + apl->apl[apl->offset + 1]; ent->prefix = apl->apl[apl->offset + 2]; ent->length = apl->apl[apl->offset + 3] & 0x7f; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/apl_42.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/apl_42.h similarity index 87% rename from contrib/bind-9.3/lib/dns/rdata/in_1/apl_42.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/apl_42.h index 83309a60e0..2d01040ba8 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/apl_42.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/apl_42.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* */ #ifndef IN_1_APL_42_H #define IN_1_APL_42_H 1 -/* $Id: apl_42.h,v 1.1.202.3 2004/03/08 09:04:44 marka Exp $ */ +/* $Id: apl_42.h,v 1.6 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_apl_ent { isc_boolean_t negative; diff --git a/contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.c new file mode 100644 index 0000000000..27c4e4e23e --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.c @@ -0,0 +1,229 @@ +/* + * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dhcid_49.c,v 1.5 2007/06/19 23:47:17 tbox Exp $ */ + +/* RFC 4701 */ + +#ifndef RDATA_IN_1_DHCID_49_C +#define RDATA_IN_1_DHCID_49_C 1 + +#define RRTYPE_DHCID_ATTRIBUTES 0 + +static inline isc_result_t +fromtext_in_dhcid(ARGS_FROMTEXT) { + + REQUIRE(type == 49); + REQUIRE(rdclass == 1); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + return (isc_base64_tobuffer(lexer, target, -1)); +} + +static inline isc_result_t +totext_in_dhcid(ARGS_TOTEXT) { + isc_region_t sr; + char buf[sizeof(" ; 64000 255 64000")]; + size_t n; + + REQUIRE(rdata->type == 49); + REQUIRE(rdata->rdclass == 1); + REQUIRE(rdata->length != 0); + + dns_rdata_toregion(rdata, &sr); + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext("( " /*)*/, target)); + RETERR(isc_base64_totext(&sr, tctx->width - 2, tctx->linebreak, + target)); + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(/* ( */ " )", target)); + if (rdata->length > 2) { + n = snprintf(buf, sizeof(buf), " ; %u %u %u", + sr.base[0] * 256 + sr.base[1], + sr.base[2], rdata->length - 3); + INSIST(n < sizeof(buf)); + RETERR(str_totext(buf, target)); + } + } + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_in_dhcid(ARGS_FROMWIRE) { + isc_region_t sr; + + REQUIRE(type == 49); + REQUIRE(rdclass == 1); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(dctx); + UNUSED(options); + + isc_buffer_activeregion(source, &sr); + if (sr.length == 0) + return (ISC_R_UNEXPECTEDEND); + + isc_buffer_forward(source, sr.length); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline isc_result_t +towire_in_dhcid(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == 49); + REQUIRE(rdata->rdclass == 1); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_in_dhcid(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 49); + REQUIRE(rdata1->rdclass == 1); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_in_dhcid(ARGS_FROMSTRUCT) { + dns_rdata_in_dhcid_t *dhcid = source; + + REQUIRE(type == 49); + REQUIRE(rdclass == 1); + REQUIRE(source != NULL); + REQUIRE(dhcid->common.rdtype == type); + REQUIRE(dhcid->common.rdclass == rdclass); + REQUIRE(dhcid->length != 0); + + UNUSED(type); + UNUSED(rdclass); + + return (mem_tobuffer(target, dhcid->dhcid, dhcid->length)); +} + +static inline isc_result_t +tostruct_in_dhcid(ARGS_TOSTRUCT) { + dns_rdata_in_dhcid_t *dhcid = target; + isc_region_t region; + + REQUIRE(rdata->type == 49); + REQUIRE(rdata->rdclass == 1); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + dhcid->common.rdclass = rdata->rdclass; + dhcid->common.rdtype = rdata->type; + ISC_LINK_INIT(&dhcid->common, link); + + dns_rdata_toregion(rdata, ®ion); + + dhcid->dhcid = mem_maybedup(mctx, region.base, region.length); + if (dhcid->dhcid == NULL) + return (ISC_R_NOMEMORY); + + dhcid->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_in_dhcid(ARGS_FREESTRUCT) { + dns_rdata_in_dhcid_t *dhcid = source; + + REQUIRE(dhcid != NULL); + REQUIRE(dhcid->common.rdtype == 49); + REQUIRE(dhcid->common.rdclass == 1); + + if (dhcid->mctx == NULL) + return; + + if (dhcid->dhcid != NULL) + isc_mem_free(dhcid->mctx, dhcid->dhcid); + dhcid->mctx = NULL; +} + +static inline isc_result_t +additionaldata_in_dhcid(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 49); + REQUIRE(rdata->rdclass == 1); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_in_dhcid(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == 49); + REQUIRE(rdata->rdclass == 1); + + dns_rdata_toregion(rdata, &r); + + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_in_dhcid(ARGS_CHECKOWNER) { + + REQUIRE(type == 49); + REQUIRE(rdclass == 1); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (ISC_TRUE); +} + +static inline isc_boolean_t +checknames_in_dhcid(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 49); + REQUIRE(rdata->rdclass == 1); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +#endif /* RDATA_IN_1_DHCID_49_C */ diff --git a/contrib/bind-9.3/lib/dns/rdata/generic/mf_4.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.h similarity index 63% rename from contrib/bind-9.3/lib/dns/rdata/generic/mf_4.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.h index adb825455e..279719251b 100644 --- a/contrib/bind-9.3/lib/dns/rdata/generic/mf_4.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/dhcid_49.h @@ -1,8 +1,7 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1998-2001 Internet Software Consortium. + * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,15 +14,17 @@ * PERFORMANCE OF THIS SOFTWARE. */ -#ifndef GENERIC_MF_4_H -#define GENERIC_MF_4_H 1 +/* */ +#ifndef IN_1_DHCID_49_H +#define IN_1_DHCID_49_H 1 -/* $Id: mf_4.h,v 1.21.206.1 2004/03/06 08:14:07 marka Exp $ */ +/* $Id: dhcid_49.h,v 1.5 2007/06/19 23:47:17 tbox Exp $ */ -typedef struct dns_rdata_mf { +typedef struct dns_rdata_in_dhcid { dns_rdatacommon_t common; isc_mem_t *mctx; - dns_name_t mf; -} dns_rdata_mf_t; + unsigned char *dhcid; + unsigned int length; +} dns_rdata_in_dhcid_t; -#endif /* GENERIC_MF_4_H */ +#endif /* IN_1_DHCID_49_H */ diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/kx_36.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/kx_36.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/in_1/kx_36.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/kx_36.c index fee1e3d7a5..9df2e5eeba 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/kx_36.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/kx_36.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: kx_36.c,v 1.37.2.1.2.3 2004/03/06 08:14:17 marka Exp $ */ +/* $Id: kx_36.c,v 1.45 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Thu Mar 16 17:24:54 PST 2000 by explorer */ -/* RFC 2230 */ +/* RFC2230 */ #ifndef RDATA_IN_1_KX_36_C #define RDATA_IN_1_KX_36_C diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/kx_36.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/kx_36.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/in_1/kx_36.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/kx_36.h index 5ac328d9ab..391ae27dd9 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/kx_36.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/kx_36.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_KX_36_H #define IN_1_KX_36_H 1 -/* $Id: kx_36.h,v 1.15.206.1 2004/03/06 08:14:17 marka Exp $ */ +/* $Id: kx_36.h,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2230 */ +/*! + * \brief Per RFC2230 */ typedef struct dns_rdata_in_kx { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/naptr_35.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/naptr_35.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/in_1/naptr_35.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/naptr_35.c index f3c93c7c03..18ea614afd 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/naptr_35.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/naptr_35.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: naptr_35.c,v 1.43.2.1.2.3 2004/03/06 08:14:17 marka Exp $ */ +/* $Id: naptr_35.c,v 1.51.128.2 2008/02/15 23:46:22 tbox Exp $ */ /* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */ -/* RFC 2915 */ +/* RFC2915 */ #ifndef RDATA_IN_1_NAPTR_35_C #define RDATA_IN_1_NAPTR_35_C @@ -154,7 +154,7 @@ totext_in_naptr(ARGS_TOTEXT) { static inline isc_result_t fromwire_in_naptr(ARGS_FROMWIRE) { - dns_name_t name; + dns_name_t name; isc_region_t sr; REQUIRE(type == 35); @@ -165,7 +165,7 @@ fromwire_in_naptr(ARGS_FROMWIRE) { dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE); - dns_name_init(&name, NULL); + dns_name_init(&name, NULL); /* * Order, preference. @@ -321,8 +321,8 @@ fromstruct_in_naptr(ARGS_FROMSTRUCT) { REQUIRE(naptr->common.rdtype == type); REQUIRE(naptr->common.rdclass == rdclass); REQUIRE(naptr->flags != NULL || naptr->flags_len == 0); - REQUIRE(naptr->service != NULL && naptr->service_len == 0); - REQUIRE(naptr->regexp != NULL && naptr->regexp_len == 0); + REQUIRE(naptr->service != NULL || naptr->service_len == 0); + REQUIRE(naptr->regexp != NULL || naptr->regexp_len == 0); UNUSED(type); UNUSED(rdclass); diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/naptr_35.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/naptr_35.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/in_1/naptr_35.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/naptr_35.h index b1deb2cef5..503f7a8cf5 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/naptr_35.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/naptr_35.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_NAPTR_35_H #define IN_1_NAPTR_35_H 1 -/* $Id: naptr_35.h,v 1.18.206.1 2004/03/06 08:14:17 marka Exp $ */ +/* $Id: naptr_35.h,v 1.23 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2915 */ +/*! + * \brief Per RFC2915 */ typedef struct dns_rdata_in_naptr { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap-ptr_23.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap-ptr_23.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/in_1/nsap-ptr_23.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap-ptr_23.c index 0fa0fb25e3..2da7869599 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap-ptr_23.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap-ptr_23.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsap-ptr_23.c,v 1.32.206.2 2004/03/06 08:14:17 marka Exp $ */ +/* $Id: nsap-ptr_23.c,v 1.38 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Fri Mar 17 10:16:02 PST 2000 by gson */ -/* RFC 1348. Obsoleted in RFC 1706 - use PTR instead. */ +/* RFC1348. Obsoleted in RFC 1706 - use PTR instead. */ #ifndef RDATA_IN_1_NSAP_PTR_23_C #define RDATA_IN_1_NSAP_PTR_23_C diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap-ptr_23.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap-ptr_23.h similarity index 76% rename from contrib/bind-9.3/lib/dns/rdata/in_1/nsap-ptr_23.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap-ptr_23.h index 9bf3c6564e..14a8b19559 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap-ptr_23.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap-ptr_23.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_NSAP_PTR_23_H #define IN_1_NSAP_PTR_23_H 1 -/* $Id: nsap-ptr_23.h,v 1.14.206.1 2004/03/06 08:14:18 marka Exp $ */ +/* $Id: nsap-ptr_23.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1348. Obsoleted in RFC 1706 - use PTR instead. */ +/*! + * \brief Per RFC1348. Obsoleted in RFC 1706 - use PTR instead. */ typedef struct dns_rdata_in_nsap_ptr { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap_22.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap_22.c similarity index 96% rename from contrib/bind-9.3/lib/dns/rdata/in_1/nsap_22.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap_22.c index 594b97fb63..c25f560888 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap_22.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap_22.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsap_22.c,v 1.33.12.5 2004/03/08 09:04:44 marka Exp $ */ +/* $Id: nsap_22.c,v 1.42 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Fri Mar 17 10:41:07 PST 2000 by gson */ -/* RFC 1706 */ +/* RFC1706 */ #ifndef RDATA_IN_1_NSAP_22_C #define RDATA_IN_1_NSAP_22_C diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap_22.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap_22.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/in_1/nsap_22.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap_22.h index 646743356c..11e3f66ce8 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/nsap_22.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/nsap_22.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_NSAP_22_H #define IN_1_NSAP_22_H 1 -/* $Id: nsap_22.h,v 1.13.206.1 2004/03/06 08:14:18 marka Exp $ */ +/* $Id: nsap_22.h,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 1706 */ +/*! + * \brief Per RFC1706 */ typedef struct dns_rdata_in_nsap { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/px_26.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/px_26.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/in_1/px_26.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/px_26.c index 66214dd4bd..1d17f2f0e6 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/px_26.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/px_26.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: px_26.c,v 1.34.2.1.2.4 2004/03/06 08:14:18 marka Exp $ */ +/* $Id: px_26.c,v 1.43 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Mon Mar 20 10:44:27 PST 2000 */ -/* RFC 2163 */ +/* RFC2163 */ #ifndef RDATA_IN_1_PX_26_C #define RDATA_IN_1_PX_26_C diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/px_26.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/px_26.h similarity index 79% rename from contrib/bind-9.3/lib/dns/rdata/in_1/px_26.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/px_26.h index 79d4b189fb..69a7baedff 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/px_26.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/px_26.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,9 +18,10 @@ #ifndef IN_1_PX_26_H #define IN_1_PX_26_H 1 -/* $Id: px_26.h,v 1.14.206.1 2004/03/06 08:14:18 marka Exp $ */ +/* $Id: px_26.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ -/* RFC 2163 */ +/*! + * \brief Per RFC2163 */ typedef struct dns_rdata_in_px { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/srv_33.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/srv_33.c similarity index 97% rename from contrib/bind-9.3/lib/dns/rdata/in_1/srv_33.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/srv_33.c index 7bcba1b74c..7bc85cda2f 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/srv_33.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/srv_33.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: srv_33.c,v 1.36.2.1.2.4 2004/03/06 08:14:18 marka Exp $ */ +/* $Id: srv_33.c,v 1.45 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Fri Mar 17 13:01:00 PST 2000 by bwelling */ -/* RFC 2782 */ +/* RFC2782 */ #ifndef RDATA_IN_1_SRV_33_C #define RDATA_IN_1_SRV_33_C diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/srv_33.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/srv_33.h similarity index 81% rename from contrib/bind-9.3/lib/dns/rdata/in_1/srv_33.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/srv_33.h index 91dbf37345..e019698734 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/srv_33.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/srv_33.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,11 +18,12 @@ #ifndef IN_1_SRV_33_H #define IN_1_SRV_33_H 1 -/* $Id: srv_33.h,v 1.14.206.1 2004/03/06 08:14:19 marka Exp $ */ +/* $Id: srv_33.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ /* Reviewed: Fri Mar 17 13:01:00 PST 2000 by bwelling */ -/* RFC 2782 */ +/*! + * \brief Per RFC2782 */ typedef struct dns_rdata_in_srv { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/wks_11.c b/contrib/bind-9.5.2/lib/dns/rdata/in_1/wks_11.c similarity index 95% rename from contrib/bind-9.3/lib/dns/rdata/in_1/wks_11.c rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/wks_11.c index c27868602d..2d26e518c5 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/wks_11.c +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/wks_11.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: wks_11.c,v 1.44.12.8 2004/09/16 01:00:58 marka Exp $ */ +/* $Id: wks_11.c,v 1.54.128.2 2009/02/16 23:46:44 tbox Exp $ */ /* Reviewed: Fri Mar 17 15:01:49 PST 2000 by explorer */ @@ -158,6 +158,7 @@ totext_in_wks(ARGS_TOTEXT) { RETERR(str_totext(buf, target)); isc_region_consume(&sr, 1); + INSIST(sr.length <= 8*1024); for (i = 0; i < sr.length; i++) { if (sr.base[i] != 0) for (j = 0; j < 8; j++) @@ -242,7 +243,8 @@ fromstruct_in_wks(ARGS_FROMSTRUCT) { REQUIRE(source != NULL); REQUIRE(wks->common.rdtype == type); REQUIRE(wks->common.rdclass == rdclass); - REQUIRE(wks->map != NULL || wks->map_len == 0); + REQUIRE((wks->map != NULL && wks->map_len <= 8*1024) || + wks->map_len == 0); UNUSED(type); UNUSED(rdclass); diff --git a/contrib/bind-9.3/lib/dns/rdata/in_1/wks_11.h b/contrib/bind-9.5.2/lib/dns/rdata/in_1/wks_11.h similarity index 82% rename from contrib/bind-9.3/lib/dns/rdata/in_1/wks_11.h rename to contrib/bind-9.5.2/lib/dns/rdata/in_1/wks_11.h index e734281977..2fd26e8f94 100644 --- a/contrib/bind-9.3/lib/dns/rdata/in_1/wks_11.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/in_1/wks_11.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,7 +18,7 @@ #ifndef IN_1_WKS_11_H #define IN_1_WKS_11_H 1 -/* $Id: wks_11.h,v 1.19.206.1 2004/03/06 08:14:19 marka Exp $ */ +/* $Id: wks_11.h,v 1.22 2007/06/19 23:47:17 tbox Exp $ */ typedef struct dns_rdata_in_wks { dns_rdatacommon_t common; diff --git a/contrib/bind-9.3/lib/dns/rdata/rdatastructpre.h b/contrib/bind-9.5.2/lib/dns/rdata/rdatastructpre.h similarity index 85% rename from contrib/bind-9.3/lib/dns/rdata/rdatastructpre.h rename to contrib/bind-9.5.2/lib/dns/rdata/rdatastructpre.h index 19af8b455b..ab7e05103e 100644 --- a/contrib/bind-9.3/lib/dns/rdata/rdatastructpre.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/rdatastructpre.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatastructpre.h,v 1.13.206.1 2004/03/06 08:14:02 marka Exp $ */ +/* $Id: rdatastructpre.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATASTRUCT_H #define DNS_RDATASTRUCT_H 1 diff --git a/contrib/bind-9.3/lib/dns/rdata/rdatastructsuf.h b/contrib/bind-9.5.2/lib/dns/rdata/rdatastructsuf.h similarity index 78% rename from contrib/bind-9.3/lib/dns/rdata/rdatastructsuf.h rename to contrib/bind-9.5.2/lib/dns/rdata/rdatastructsuf.h index 3eabff24d2..3ba1275ed7 100644 --- a/contrib/bind-9.3/lib/dns/rdata/rdatastructsuf.h +++ b/contrib/bind-9.5.2/lib/dns/rdata/rdatastructsuf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatastructsuf.h,v 1.7.206.1 2004/03/06 08:14:02 marka Exp $ */ +/* $Id: rdatastructsuf.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/dns/rdatalist.c b/contrib/bind-9.5.2/lib/dns/rdatalist.c similarity index 91% rename from contrib/bind-9.3/lib/dns/rdatalist.c rename to contrib/bind-9.5.2/lib/dns/rdatalist.c index baa62e5e58..836d997493 100644 --- a/contrib/bind-9.3/lib/dns/rdatalist.c +++ b/contrib/bind-9.5.2/lib/dns/rdatalist.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatalist.c,v 1.25.2.2.2.2 2004/03/08 02:07:56 marka Exp $ */ +/* $Id: rdatalist.c,v 1.33.128.2 2008/04/03 06:08:27 tbox Exp $ */ + +/*! \file */ #include @@ -38,7 +40,10 @@ static dns_rdatasetmethods_t methods = { isc__rdatalist_clone, isc__rdatalist_count, isc__rdatalist_addnoqname, - isc__rdatalist_getnoqname + isc__rdatalist_getnoqname, + NULL, + NULL, + NULL }; void @@ -83,6 +88,16 @@ dns_rdatalist_tordataset(dns_rdatalist_t *rdatalist, return (ISC_R_SUCCESS); } +isc_result_t +dns_rdatalist_fromrdataset(dns_rdataset_t *rdataset, + dns_rdatalist_t **rdatalist) +{ + REQUIRE(rdatalist != NULL && rdataset != NULL); + *rdatalist = rdataset->private1; + + return (ISC_R_SUCCESS); +} + void isc__rdatalist_disassociate(dns_rdataset_t *rdataset) { UNUSED(rdataset); diff --git a/contrib/bind-9.3/lib/dns/rdatalist_p.h b/contrib/bind-9.5.2/lib/dns/rdatalist_p.h similarity index 86% rename from contrib/bind-9.3/lib/dns/rdatalist_p.h rename to contrib/bind-9.5.2/lib/dns/rdatalist_p.h index 3a7b52c256..4c9d08688e 100644 --- a/contrib/bind-9.3/lib/dns/rdatalist_p.h +++ b/contrib/bind-9.5.2/lib/dns/rdatalist_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatalist_p.h,v 1.3.206.2 2004/03/08 02:07:56 marka Exp $ */ +/* $Id: rdatalist_p.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_RDATALIST_P_H #define DNS_RDATALIST_P_H +/*! \file */ + #include #include diff --git a/contrib/bind-9.3/lib/dns/rdataset.c b/contrib/bind-9.5.2/lib/dns/rdataset.c similarity index 86% rename from contrib/bind-9.3/lib/dns/rdataset.c rename to contrib/bind-9.5.2/lib/dns/rdataset.c index 8af71c3f8d..ea2d90f005 100644 --- a/contrib/bind-9.3/lib/dns/rdataset.c +++ b/contrib/bind-9.5.2/lib/dns/rdataset.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.58.2.2.2.12 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: rdataset.c,v 1.79.128.2 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ #include @@ -135,7 +137,7 @@ question_disassociate(dns_rdataset_t *rdataset) { static isc_result_t question_cursor(dns_rdataset_t *rdataset) { UNUSED(rdataset); - + return (ISC_R_NOMORE); } @@ -146,7 +148,7 @@ question_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { */ UNUSED(rdataset); UNUSED(rdata); - + REQUIRE(0); } @@ -174,6 +176,9 @@ static dns_rdatasetmethods_t question_methods = { question_clone, question_count, NULL, + NULL, + NULL, + NULL, NULL }; @@ -334,7 +339,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, } /* - * Do we want to shuffle this anwer? + * Do we want to shuffle this answer? */ if (!question && count > 1 && (!WANT_FIXED(rdataset) || order != NULL) && @@ -440,7 +445,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, /* * Copy out the name, type, class, ttl. */ - + rrbuffer = *target; dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14); result = dns_name_towire(owner_name, cctx, target); @@ -615,7 +620,7 @@ dns_rdataset_addnoqname(dns_rdataset_t *rdataset, dns_name_t *name) { isc_result_t dns_rdataset_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name, - dns_rdataset_t *nsec, dns_rdataset_t *nsecsig) + dns_rdataset_t *nsec, dns_rdataset_t *nsecsig) { REQUIRE(DNS_RDATASET_VALID(rdataset)); REQUIRE(rdataset->methods != NULL); @@ -624,3 +629,81 @@ dns_rdataset_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name, return (ISC_R_NOTIMPLEMENTED); return((rdataset->methods->getnoqname)(rdataset, name, nsec, nsecsig)); } + +/* + * Additional cache stuff + */ +isc_result_t +dns_rdataset_getadditional(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t **zonep, + dns_db_t **dbp, + dns_dbversion_t **versionp, + dns_dbnode_t **nodep, + dns_name_t *fname, + dns_message_t *msg, + isc_stdtime_t now) +{ + REQUIRE(DNS_RDATASET_VALID(rdataset)); + REQUIRE(rdataset->methods != NULL); + REQUIRE(zonep == NULL || *zonep == NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + REQUIRE(versionp != NULL && *versionp == NULL); + REQUIRE(nodep != NULL && *nodep == NULL); + REQUIRE(fname != NULL); + REQUIRE(msg != NULL); + + if (acache != NULL && rdataset->methods->getadditional != NULL) { + return ((rdataset->methods->getadditional)(rdataset, type, + qtype, acache, + zonep, dbp, + versionp, nodep, + fname, msg, now)); + } + + return (ISC_R_FAILURE); +} + +isc_result_t +dns_rdataset_setadditional(dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype, + dns_acache_t *acache, + dns_zone_t *zone, + dns_db_t *db, + dns_dbversion_t *version, + dns_dbnode_t *node, + dns_name_t *fname) +{ + REQUIRE(DNS_RDATASET_VALID(rdataset)); + REQUIRE(rdataset->methods != NULL); + + if (acache != NULL && rdataset->methods->setadditional != NULL) { + return ((rdataset->methods->setadditional)(rdataset, type, + qtype, acache, zone, + db, version, + node, fname)); + } + + return (ISC_R_FAILURE); +} + +isc_result_t +dns_rdataset_putadditional(dns_acache_t *acache, + dns_rdataset_t *rdataset, + dns_rdatasetadditional_t type, + dns_rdatatype_t qtype) +{ + REQUIRE(DNS_RDATASET_VALID(rdataset)); + REQUIRE(rdataset->methods != NULL); + + if (acache != NULL && rdataset->methods->putadditional != NULL) { + return ((rdataset->methods->putadditional)(acache, rdataset, + type, qtype)); + } + + return (ISC_R_FAILURE); +} + diff --git a/contrib/bind-9.3/lib/dns/rdatasetiter.c b/contrib/bind-9.5.2/lib/dns/rdatasetiter.c similarity index 89% rename from contrib/bind-9.3/lib/dns/rdatasetiter.c rename to contrib/bind-9.5.2/lib/dns/rdatasetiter.c index f3b0f8bf39..7ed30301ed 100644 --- a/contrib/bind-9.3/lib/dns/rdatasetiter.c +++ b/contrib/bind-9.5.2/lib/dns/rdatasetiter.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatasetiter.c,v 1.11.206.1 2004/03/06 08:13:44 marka Exp $ */ +/* $Id: rdatasetiter.c,v 1.16 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/rdataslab.c b/contrib/bind-9.5.2/lib/dns/rdataslab.c similarity index 64% rename from contrib/bind-9.3/lib/dns/rdataslab.c rename to contrib/bind-9.5.2/lib/dns/rdataslab.c index 0604cd5d4d..28d95c94d7 100644 --- a/contrib/bind-9.3/lib/dns/rdataslab.c +++ b/contrib/bind-9.5.2/lib/dns/rdataslab.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataslab.c,v 1.29.2.2.2.6 2004/03/08 09:04:31 marka Exp $ */ +/* $Id: rdataslab.c,v 1.43.128.4 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ #include @@ -31,25 +33,110 @@ #include #include -/* Note: the "const void *" are just to make qsort happy. */ +/* + * The rdataslab structure allows iteration to occur in both load order + * and DNSSEC order. The structure is as follows: + * + * header (reservelen bytes) + * record count (2 bytes) + * offset table (4 x record count bytes in load order) + * data records + * data length (2 bytes) + * order (2 bytes) + * data (data length bytes) + * + * If DNS_RDATASET_FIXED is defined to be zero (0) the format of a + * rdataslab is as follows: + * + * header (reservelen bytes) + * record count (2 bytes) + * data records + * data length (2 bytes) + * data (data length bytes) + * + * Offsets are from the end of the header. + * + * Load order traversal is performed by walking the offset table to find + * the start of the record (DNS_RDATASET_FIXED = 1). + * + * DNSSEC order traversal is performed by walking the data records. + * + * The order is stored with record to allow for efficient reconstruction + * of the offset table following a merge or subtraction. + * + * The iterator methods here currently only support DNSSEC order iteration. + * + * The iterator methods in rbtdb support both load order and DNSSEC order + * iteration. + * + * WARNING: + * rbtdb.c directly interacts with the slab's raw structures. If the + * structure changes then rbtdb.c also needs to be updated to reflect + * the changes. See the areas tagged with "RDATASLAB". + */ + +struct xrdata { + dns_rdata_t rdata; + unsigned int order; +}; + +/*% Note: the "const void *" are just to make qsort happy. */ static int compare_rdata(const void *p1, const void *p2) { - const dns_rdata_t *rdata1 = p1; - const dns_rdata_t *rdata2 = p2; - return (dns_rdata_compare(rdata1, rdata2)); + const struct xrdata *x1 = p1; + const struct xrdata *x2 = p2; + return (dns_rdata_compare(&x1->rdata, &x2->rdata)); } +#if DNS_RDATASET_FIXED +static void +fillin_offsets(unsigned char *offsetbase, unsigned int *offsettable, + unsigned length) +{ + unsigned int i, j; + unsigned char *raw; + + for (i = 0, j = 0; i < length; i++) { + + if (offsettable[i] == 0) + continue; + + /* + * Fill in offset table. + */ + raw = &offsetbase[j*4 + 2]; + *raw++ = (offsettable[i] & 0xff000000) >> 24; + *raw++ = (offsettable[i] & 0xff0000) >> 16; + *raw++ = (offsettable[i] & 0xff00) >> 8; + *raw = offsettable[i] & 0xff; + + /* + * Fill in table index. + */ + raw = offsetbase + offsettable[i] + 2; + *raw++ = (j & 0xff00) >> 8; + *raw = j++ & 0xff; + } +} +#endif + isc_result_t dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, isc_region_t *region, unsigned int reservelen) { - dns_rdata_t *rdatas; + struct xrdata *x; unsigned char *rawbuf; +#if DNS_RDATASET_FIXED + unsigned char *offsetbase; +#endif unsigned int buflen; isc_result_t result; unsigned int nitems; unsigned int nalloc; unsigned int i; +#if DNS_RDATASET_FIXED + unsigned int *offsettable; +#endif buflen = reservelen + 2; @@ -58,8 +145,11 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, if (nitems == 0) return (ISC_R_FAILURE); - rdatas = isc_mem_get(mctx, nalloc * sizeof(dns_rdata_t)); - if (rdatas == NULL) + if (nalloc > 0xffff) + return (ISC_R_NOSPACE); + + x = isc_mem_get(mctx, nalloc * sizeof(struct xrdata)); + if (x == NULL) return (ISC_R_NOMEMORY); /* @@ -70,8 +160,11 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, goto free_rdatas; for (i = 0; i < nalloc && result == ISC_R_SUCCESS; i++) { INSIST(result == ISC_R_SUCCESS); - dns_rdata_init(&rdatas[i]); - dns_rdataset_current(rdataset, &rdatas[i]); + dns_rdata_init(&x[i].rdata); + dns_rdataset_current(rdataset, &x[i].rdata); +#if DNS_RDATASET_FIXED + x[i].order = i; +#endif result = dns_rdataset_next(rdataset); } if (result != ISC_R_NOMORE) @@ -85,7 +178,10 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, goto free_rdatas; } - qsort(rdatas, nalloc, sizeof(dns_rdata_t), compare_rdata); + /* + * Put into DNSSEC order. + */ + qsort(x, nalloc, sizeof(struct xrdata), compare_rdata); /* * Remove duplicates and compute the total storage required. @@ -93,20 +189,37 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, * If an rdata is not a duplicate, accumulate the storage size * required for the rdata. We do not store the class, type, etc, * just the rdata, so our overhead is 2 bytes for the number of - * records, and 2 for each rdata length, and then the rdata itself. + * records, and 8 for each rdata, (length(2), offset(4) and order(2)) + * and then the rdata itself. */ for (i = 1; i < nalloc; i++) { - if (compare_rdata(&rdatas[i-1], &rdatas[i]) == 0) { - rdatas[i-1].data = NULL; - rdatas[i-1].length = 0; + if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) { + x[i-1].rdata.data = NULL; + x[i-1].rdata.length = 0; +#if DNS_RDATASET_FIXED + /* + * Preserve the least order so A, B, A -> A, B + * after duplicate removal. + */ + if (x[i-1].order < x[i].order) + x[i].order = x[i-1].order; +#endif nitems--; } else - buflen += (2 + rdatas[i-1].length); +#if DNS_RDATASET_FIXED + buflen += (8 + x[i-1].rdata.length); +#else + buflen += (2 + x[i-1].rdata.length); +#endif } /* * Don't forget the last item! */ - buflen += (2 + rdatas[i-1].length); +#if DNS_RDATASET_FIXED + buflen += (8 + x[i-1].rdata.length); +#else + buflen += (2 + x[i-1].rdata.length); +#endif /* * Ensure that singleton types are actually singletons. @@ -130,25 +243,57 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, goto free_rdatas; } +#if DNS_RDATASET_FIXED + /* Allocate temporary offset table. */ + offsettable = isc_mem_get(mctx, nalloc * sizeof(unsigned int)); + if (offsettable == NULL) { + isc_mem_put(mctx, rawbuf, buflen); + result = ISC_R_NOMEMORY; + goto free_rdatas; + } + memset(offsettable, 0, nalloc * sizeof(unsigned int)); +#endif + region->base = rawbuf; region->length = buflen; rawbuf += reservelen; +#if DNS_RDATASET_FIXED + offsetbase = rawbuf; +#endif *rawbuf++ = (nitems & 0xff00) >> 8; *rawbuf++ = (nitems & 0x00ff); + +#if DNS_RDATASET_FIXED + /* Skip load order table. Filled in later. */ + rawbuf += nitems * 4; +#endif + for (i = 0; i < nalloc; i++) { - if (rdatas[i].data == NULL) + if (x[i].rdata.data == NULL) continue; - *rawbuf++ = (rdatas[i].length & 0xff00) >> 8; - *rawbuf++ = (rdatas[i].length & 0x00ff); - memcpy(rawbuf, rdatas[i].data, rdatas[i].length); - rawbuf += rdatas[i].length; +#if DNS_RDATASET_FIXED + offsettable[x[i].order] = rawbuf - offsetbase; +#endif + *rawbuf++ = (x[i].rdata.length & 0xff00) >> 8; + *rawbuf++ = (x[i].rdata.length & 0x00ff); +#if DNS_RDATASET_FIXED + rawbuf += 2; /* filled in later */ +#endif + memcpy(rawbuf, x[i].rdata.data, x[i].rdata.length); + rawbuf += x[i].rdata.length; } + +#if DNS_RDATASET_FIXED + fillin_offsets(offsetbase, offsettable, nalloc); + isc_mem_put(mctx, offsettable, nalloc * sizeof(unsigned int)); +#endif + result = ISC_R_SUCCESS; free_rdatas: - isc_mem_put(mctx, rdatas, nalloc * sizeof(dns_rdata_t)); + isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata)); return (result); } @@ -167,7 +312,11 @@ rdataset_first(dns_rdataset_t *rdataset) { rdataset->private5 = NULL; return (ISC_R_NOMORE); } +#if DNS_RDATASET_FIXED + raw += 2 + (4 * count); +#else raw += 2; +#endif /* * The privateuint4 field is the number of rdata beyond the cursor * position, so we decrement the total count by one before storing @@ -193,7 +342,11 @@ rdataset_next(dns_rdataset_t *rdataset) { rdataset->privateuint4 = count; raw = rdataset->private5; length = raw[0] * 256 + raw[1]; +#if DNS_RDATASET_FIXED + raw += length + 4; +#else raw += length + 2; +#endif rdataset->private5 = raw; return (ISC_R_SUCCESS); @@ -207,7 +360,11 @@ rdataset_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { REQUIRE(raw != NULL); r.length = raw[0] * 256 + raw[1]; +#if DNS_RDATASET_FIXED + raw += 4; +#else raw += 2; +#endif r.base = raw; dns_rdata_fromregion(rdata, rdataset->rdclass, rdataset->type, &r); } @@ -241,6 +398,9 @@ static dns_rdatasetmethods_t rdataset_methods = { rdataset_clone, rdataset_count, NULL, + NULL, + NULL, + NULL, NULL }; @@ -280,11 +440,18 @@ dns_rdataslab_size(unsigned char *slab, unsigned int reservelen) { current = slab + reservelen; count = *current++ * 256; count += *current++; +#if DNS_RDATASET_FIXED + current += (4 * count); +#endif while (count > 0) { count--; length = *current++ * 256; length += *current++; +#if DNS_RDATASET_FIXED + current += length + 2; +#else current += length; +#endif } return ((unsigned int)(current - slab)); @@ -306,6 +473,9 @@ rdata_from_slab(unsigned char **current, region.length = *tcurrent++ * 256; region.length += *tcurrent++; +#if DNS_RDATASET_FIXED + tcurrent += 2; +#endif region.base = tcurrent; tcurrent += region.length; dns_rdata_fromregion(rdata, rdclass, type, ®ion); @@ -325,15 +495,24 @@ rdata_in_slab(unsigned char *slab, unsigned int reservelen, unsigned int count, i; unsigned char *current; dns_rdata_t trdata = DNS_RDATA_INIT; + int n; current = slab + reservelen; count = *current++ * 256; count += *current++; +#if DNS_RDATASET_FIXED + current += (4 * count); +#endif + for (i = 0; i < count; i++) { rdata_from_slab(¤t, rdclass, type, &trdata); - if (dns_rdata_compare(&trdata, rdata) == 0) + + n = dns_rdata_compare(&trdata, rdata); + if (n == 0) return (ISC_TRUE); + if (n > 0) /* In DNSSEC order. */ + break; dns_rdata_reset(&trdata); } return (ISC_FALSE); @@ -354,6 +533,13 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, unsigned int oadded = 0; unsigned int nadded = 0; unsigned int nncount = 0; +#if DNS_RDATASET_FIXED + unsigned int oncount; + unsigned int norder = 0; + unsigned int oorder = 0; + unsigned char *offsetbase; + unsigned int *offsettable; +#endif /* * XXX Need parameter to allow "delete rdatasets in nslab" merge, @@ -366,12 +552,22 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, ocurrent = oslab + reservelen; ocount = *ocurrent++ * 256; ocount += *ocurrent++; +#if DNS_RDATASET_FIXED + ocurrent += (4 * ocount); +#endif ostart = ocurrent; ncurrent = nslab + reservelen; ncount = *ncurrent++ * 256; ncount += *ncurrent++; +#if DNS_RDATASET_FIXED + ncurrent += (4 * ncount); +#endif INSIST(ocount > 0 && ncount > 0); +#if DNS_RDATASET_FIXED + oncount = ncount; +#endif + /* * Yes, this is inefficient! */ @@ -383,8 +579,13 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, for (count = 0; count < ocount; count++) { length = *ocurrent++ * 256; length += *ocurrent++; +#if DNS_RDATASET_FIXED + olength += length + 8; + ocurrent += length + 2; +#else olength += length + 2; ocurrent += length; +#endif } /* @@ -400,6 +601,9 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, do { nregion.length = *ncurrent++ * 256; nregion.length += *ncurrent++; +#if DNS_RDATASET_FIXED + ncurrent += 2; /* Skip order. */ +#endif nregion.base = ncurrent; dns_rdata_init(&nrdata); dns_rdata_fromregion(&nrdata, rdclass, type, &nregion); @@ -408,7 +612,11 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, /* * This rdata isn't in the old slab. */ +#if DNS_RDATASET_FIXED + tlength += nregion.length + 8; +#else tlength += nregion.length + 2; +#endif tcount++; nncount++; added_something = ISC_TRUE; @@ -436,6 +644,9 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, return (DNS_R_SINGLETON); } + if (tcount > 0xffff) + return (ISC_R_NOSPACE); + /* * Copy the reserved area from the new slab. */ @@ -444,6 +655,9 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, return (ISC_R_NOMEMORY); memcpy(tstart, nslab, reservelen); tcurrent = tstart + reservelen; +#if DNS_RDATASET_FIXED + offsetbase = tcurrent; +#endif /* * Write the new count. @@ -451,18 +665,46 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, *tcurrent++ = (tcount & 0xff00) >> 8; *tcurrent++ = (tcount & 0x00ff); +#if DNS_RDATASET_FIXED + /* + * Skip offset table. + */ + tcurrent += (tcount * 4); + + offsettable = isc_mem_get(mctx, + (ocount + oncount) * sizeof(unsigned int)); + if (offsettable == NULL) { + isc_mem_put(mctx, tstart, tlength); + return (ISC_R_NOMEMORY); + } + memset(offsettable, 0, (ocount + oncount) * sizeof(unsigned int)); +#endif + /* * Merge the two slabs. */ ocurrent = ostart; INSIST(ocount != 0); +#if DNS_RDATASET_FIXED + oorder = ocurrent[2] * 256 + ocurrent[3]; + INSIST(oorder < ocount); +#endif rdata_from_slab(&ocurrent, rdclass, type, &ordata); ncurrent = nslab + reservelen + 2; +#if DNS_RDATASET_FIXED + ncurrent += (4 * oncount); +#endif + if (ncount > 0) { do { dns_rdata_reset(&nrdata); - rdata_from_slab(&ncurrent, rdclass, type, &nrdata); +#if DNS_RDATASET_FIXED + norder = ncurrent[2] * 256 + ncurrent[3]; + + INSIST(norder < oncount); +#endif + rdata_from_slab(&ncurrent, rdclass, type, &nrdata); } while (rdata_in_slab(oslab, reservelen, rdclass, type, &nrdata)); } @@ -476,28 +718,48 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, else fromold = ISC_TF(compare_rdata(&ordata, &nrdata) < 0); if (fromold) { +#if DNS_RDATASET_FIXED + offsettable[oorder] = tcurrent - offsetbase; +#endif length = ordata.length; *tcurrent++ = (length & 0xff00) >> 8; *tcurrent++ = (length & 0x00ff); +#if DNS_RDATASET_FIXED + tcurrent += 2; /* fill in later */ +#endif memcpy(tcurrent, ordata.data, length); tcurrent += length; oadded++; if (oadded < ocount) { dns_rdata_reset(&ordata); - rdata_from_slab(&ocurrent, rdclass, type, +#if DNS_RDATASET_FIXED + oorder = ocurrent[2] * 256 + ocurrent[3]; + INSIST(oorder < ocount); +#endif + rdata_from_slab(&ocurrent, rdclass, type, &ordata); } } else { +#if DNS_RDATASET_FIXED + offsettable[ocount + norder] = tcurrent - offsetbase; +#endif length = nrdata.length; *tcurrent++ = (length & 0xff00) >> 8; *tcurrent++ = (length & 0x00ff); +#if DNS_RDATASET_FIXED + tcurrent += 2; /* fill in later */ +#endif memcpy(tcurrent, nrdata.data, length); tcurrent += length; nadded++; if (nadded < ncount) { do { dns_rdata_reset(&nrdata); - rdata_from_slab(&ncurrent, rdclass, +#if DNS_RDATASET_FIXED + norder = ncurrent[2] * 256 + ncurrent[3]; + INSIST(norder < oncount); +#endif + rdata_from_slab(&ncurrent, rdclass, type, &nrdata); } while (rdata_in_slab(oslab, reservelen, rdclass, type, @@ -506,6 +768,13 @@ dns_rdataslab_merge(unsigned char *oslab, unsigned char *nslab, } } +#if DNS_RDATASET_FIXED + fillin_offsets(offsetbase, offsettable, ocount + oncount); + + isc_mem_put(mctx, offsettable, + (ocount + oncount) * sizeof(unsigned int)); +#endif + INSIST(tcurrent == tstart + tlength); *tslabp = tstart; @@ -520,9 +789,14 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, unsigned int flags, unsigned char **tslabp) { unsigned char *mcurrent, *sstart, *scurrent, *tstart, *tcurrent; - unsigned int mcount, scount, rcount ,count, tlength, tcount; + unsigned int mcount, scount, rcount ,count, tlength, tcount, i; dns_rdata_t srdata = DNS_RDATA_INIT; dns_rdata_t mrdata = DNS_RDATA_INIT; +#if DNS_RDATASET_FIXED + unsigned char *offsetbase; + unsigned int *offsettable; + unsigned int order; +#endif REQUIRE(tslabp != NULL && *tslabp == NULL); REQUIRE(mslab != NULL && sslab != NULL); @@ -533,7 +807,6 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, scurrent = sslab + reservelen; scount = *scurrent++ * 256; scount += *scurrent++; - sstart = scurrent; INSIST(mcount > 0 && scount > 0); /* @@ -547,11 +820,17 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, tcount = 0; rcount = 0; +#if DNS_RDATASET_FIXED + mcurrent += 4 * mcount; + scurrent += 4 * scount; +#endif + sstart = scurrent; + /* * Add in the length of rdata in the mslab that aren't in * the sslab. */ - do { + for (i = 0; i < mcount; i++) { unsigned char *mrdatabegin = mcurrent; rdata_from_slab(&mcurrent, rdclass, type, &mrdata); scurrent = sstart; @@ -570,13 +849,16 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, tcount++; } else rcount++; - mcount--; dns_rdata_reset(&mrdata); - } while (mcount > 0); + } + +#if DNS_RDATASET_FIXED + tlength += (4 * tcount); +#endif /* * Check that all the records originally existed. The numeric - * check only works as rdataslabs do not contain duplicates. + * check only works as rdataslabs do not contain duplicates. */ if (((flags & DNS_RDATASLAB_EXACT) != 0) && (rcount != scount)) return (DNS_R_NOTEXACT); @@ -601,6 +883,16 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, return (ISC_R_NOMEMORY); memcpy(tstart, mslab, reservelen); tcurrent = tstart + reservelen; +#if DNS_RDATASET_FIXED + offsetbase = tcurrent; + + offsettable = isc_mem_get(mctx, mcount * sizeof(unsigned int)); + if (offsettable == NULL) { + isc_mem_put(mctx, tstart, tlength); + return (ISC_R_NOMEMORY); + } + memset(offsettable, 0, mcount * sizeof(unsigned int)); +#endif /* * Write the new count. @@ -608,14 +900,25 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, *tcurrent++ = (tcount & 0xff00) >> 8; *tcurrent++ = (tcount & 0x00ff); +#if DNS_RDATASET_FIXED + tcurrent += (4 * tcount); +#endif + /* * Copy the parts of mslab not in sslab. */ mcurrent = mslab + reservelen; mcount = *mcurrent++ * 256; mcount += *mcurrent++; - do { +#if DNS_RDATASET_FIXED + mcurrent += (4 * mcount); +#endif + for (i = 0; i < mcount; i++) { unsigned char *mrdatabegin = mcurrent; +#if DNS_RDATASET_FIXED + order = mcurrent[2] * 256 + mcurrent[3]; + INSIST(order < mcount); +#endif rdata_from_slab(&mcurrent, rdclass, type, &mrdata); scurrent = sstart; for (count = 0; count < scount; count++) { @@ -630,12 +933,20 @@ dns_rdataslab_subtract(unsigned char *mslab, unsigned char *sslab, * copied to the tslab. */ unsigned int length = mcurrent - mrdatabegin; +#if DNS_RDATASET_FIXED + offsettable[order] = tcurrent - offsetbase; +#endif memcpy(tcurrent, mrdatabegin, length); tcurrent += length; } dns_rdata_reset(&mrdata); - mcount--; - } while (mcount > 0); + } + +#if DNS_RDATASET_FIXED + fillin_offsets(offsetbase, offsettable, mcount); + + isc_mem_put(mctx, offsettable, mcount * sizeof(unsigned int)); +#endif INSIST(tcurrent == tstart + tlength); @@ -663,6 +974,11 @@ dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, if (count1 != count2) return (ISC_FALSE); +#if DNS_RDATASET_FIXED + current1 += (4 * count1); + current2 += (4 * count2); +#endif + while (count1 > 0) { length1 = *current1++ * 256; length1 += *current1++; @@ -670,6 +986,11 @@ dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, length2 = *current2++ * 256; length2 += *current2++; +#if DNS_RDATASET_FIXED + current1 += 2; + current2 += 2; +#endif + if (length1 != length2 || memcmp(current1, current2, length1) != 0) return (ISC_FALSE); @@ -703,6 +1024,11 @@ dns_rdataslab_equalx(unsigned char *slab1, unsigned char *slab2, if (count1 != count2) return (ISC_FALSE); +#if DNS_RDATASET_FIXED + current1 += (4 * count1); + current2 += (4 * count2); +#endif + while (count1-- > 0) { rdata_from_slab(¤t1, rdclass, type, &rdata1); rdata_from_slab(¤t2, rdclass, type, &rdata2); diff --git a/contrib/bind-9.3/lib/dns/request.c b/contrib/bind-9.5.2/lib/dns/request.c similarity index 93% rename from contrib/bind-9.3/lib/dns/request.c rename to contrib/bind-9.5.2/lib/dns/request.c index c325fd4c28..cb1ac34d4e 100644 --- a/contrib/bind-9.3/lib/dns/request.c +++ b/contrib/bind-9.5.2/lib/dns/request.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.c,v 1.64.2.1.10.9 2006/08/21 00:50:48 marka Exp $ */ +/* $Id: request.c,v 1.79.128.5 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ #include @@ -91,10 +93,10 @@ struct dns_request { #define DNS_REQUEST_F_CONNECTING 0x0001 #define DNS_REQUEST_F_SENDING 0x0002 -#define DNS_REQUEST_F_CANCELED 0x0004 /* ctlevent received, or otherwise +#define DNS_REQUEST_F_CANCELED 0x0004 /*%< ctlevent received, or otherwise synchronously canceled */ -#define DNS_REQUEST_F_TIMEDOUT 0x0008 /* cancelled due to a timeout */ -#define DNS_REQUEST_F_TCP 0x0010 /* This request used TCP */ +#define DNS_REQUEST_F_TIMEDOUT 0x0008 /*%< canceled due to a timeout */ +#define DNS_REQUEST_F_TCP 0x0010 /*%< This request used TCP */ #define DNS_REQUEST_CANCELED(r) \ (((r)->flags & DNS_REQUEST_F_CANCELED) != 0) #define DNS_REQUEST_CONNECTING(r) \ @@ -119,6 +121,7 @@ static isc_result_t req_render(dns_message_t *message, isc_buffer_t **buffer, static void req_senddone(isc_task_t *task, isc_event_t *event); static void req_response(isc_task_t *task, isc_event_t *event); static void req_timeout(isc_task_t *task, isc_event_t *event); +static isc_socket_t * req_getsocket(dns_request_t *request); static void req_connected(isc_task_t *task, isc_event_t *event); static void req_sendevent(dns_request_t *request, isc_result_t result); static void req_cancel(dns_request_t *request); @@ -144,6 +147,7 @@ dns_requestmgr_create(isc_mem_t *mctx, isc_socket_t *socket; isc_result_t result; int i; + unsigned int dispattr; req_log(ISC_LOG_DEBUG(3), "dns_requestmgr_create"); @@ -152,13 +156,14 @@ dns_requestmgr_create(isc_mem_t *mctx, REQUIRE(socketmgr != NULL); REQUIRE(taskmgr != NULL); REQUIRE(dispatchmgr != NULL); + UNUSED(socket); if (dispatchv4 != NULL) { - socket = dns_dispatch_getsocket(dispatchv4); - REQUIRE(isc_socket_gettype(socket) == isc_sockettype_udp); + dispattr = dns_dispatch_getattributes(dispatchv4); + REQUIRE((dispattr & DNS_DISPATCHATTR_UDP) != 0); } if (dispatchv6 != NULL) { - socket = dns_dispatch_getsocket(dispatchv6); - REQUIRE(isc_socket_gettype(socket) == isc_sockettype_udp); + dispattr = dns_dispatch_getattributes(dispatchv6); + REQUIRE((dispattr & DNS_DISPATCHATTR_UDP) != 0); } requestmgr = isc_mem_get(mctx, sizeof(*requestmgr)); @@ -192,7 +197,7 @@ dns_requestmgr_create(isc_mem_t *mctx, dns_dispatch_attach(dispatchv6, &requestmgr->dispatchv6); requestmgr->mctx = NULL; isc_mem_attach(mctx, &requestmgr->mctx); - requestmgr->eref = 1; /* implict attach */ + requestmgr->eref = 1; /* implicit attach */ requestmgr->iref = 0; ISC_LIST_INIT(requestmgr->whenshutdown); ISC_LIST_INIT(requestmgr->requests); @@ -423,12 +428,19 @@ req_send(dns_request_t *request, isc_task_t *task, isc_sockaddr_t *address) { isc_region_t r; isc_socket_t *socket; isc_result_t result; + unsigned int dispattr; req_log(ISC_LOG_DEBUG(3), "req_send: request %p", request); REQUIRE(VALID_REQUEST(request)); - socket = dns_dispatch_getsocket(request->dispatch); + dispattr = dns_dispatch_getattributes(request->dispatch); + socket = req_getsocket(request); isc_buffer_usedregion(request->query, &r); + /* + * We could connect the socket when we are using an exclusive dispatch + * as we do in resolver.c, but we prefer implementation simplicity + * at this moment. + */ result = isc_socket_sendto(socket, &r, task, req_senddone, request, address, NULL); if (result == ISC_R_SUCCESS) @@ -516,11 +528,11 @@ create_tcp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr, if (srcaddr == NULL) { isc_sockaddr_anyofpf(&bind_any, isc_sockaddr_pf(destaddr)); - result = isc_socket_bind(socket, &bind_any); + result = isc_socket_bind(socket, &bind_any, 0); } else { src = *srcaddr; isc_sockaddr_setport(&src, 0); - result = isc_socket_bind(socket, &src); + result = isc_socket_bind(socket, &src, 0); } if (result != ISC_R_SUCCESS) goto cleanup; @@ -683,7 +695,7 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, REQUIRE(action != NULL); REQUIRE(requestp != NULL && *requestp == NULL); REQUIRE(timeout > 0); - if (srcaddr != NULL) + if (srcaddr != NULL) REQUIRE(isc_sockaddr_pf(srcaddr) == isc_sockaddr_pf(destaddr)); mctx = requestmgr->mctx; @@ -731,7 +743,7 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, result = DNS_R_FORMERR; goto cleanup; } - + if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) tcp = ISC_TRUE; @@ -740,14 +752,16 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, if (result != ISC_R_SUCCESS) goto cleanup; - socket = dns_dispatch_getsocket(request->dispatch); - INSIST(socket != NULL); - result = dns_dispatch_addresponse(request->dispatch, destaddr, task, - req_response, request, &id, - &request->dispentry); + result = dns_dispatch_addresponse2(request->dispatch, destaddr, task, + req_response, request, &id, + &request->dispentry, + requestmgr->socketmgr); if (result != ISC_R_SUCCESS) goto cleanup; + socket = req_getsocket(request); + INSIST(socket != NULL); + result = isc_buffer_allocate(mctx, &request->query, r.length + (tcp ? 2 : 0)); if (result != ISC_R_SUCCESS) @@ -855,7 +869,7 @@ dns_request_createvia2(dns_requestmgr_t *requestmgr, dns_message_t *message, udpretries, task, action, arg, requestp)); } - + isc_result_t dns_request_createvia3(dns_requestmgr_t *requestmgr, dns_message_t *message, isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, @@ -881,7 +895,7 @@ dns_request_createvia3(dns_requestmgr_t *requestmgr, dns_message_t *message, REQUIRE(action != NULL); REQUIRE(requestp != NULL && *requestp == NULL); REQUIRE(timeout > 0); - if (srcaddr != NULL) + if (srcaddr != NULL) REQUIRE(isc_sockaddr_pf(srcaddr) == isc_sockaddr_pf(destaddr)); mctx = requestmgr->mctx; @@ -933,13 +947,14 @@ dns_request_createvia3(dns_requestmgr_t *requestmgr, dns_message_t *message, if (result != ISC_R_SUCCESS) goto cleanup; - socket = dns_dispatch_getsocket(request->dispatch); - INSIST(socket != NULL); - result = dns_dispatch_addresponse(request->dispatch, destaddr, task, - req_response, request, &id, - &request->dispentry); + result = dns_dispatch_addresponse2(request->dispatch, destaddr, task, + req_response, request, &id, + &request->dispentry, + requestmgr->socketmgr); if (result != ISC_R_SUCCESS) goto cleanup; + socket = req_getsocket(request); + INSIST(socket != NULL); message->id = id; if (setkey) { @@ -1135,7 +1150,7 @@ do_cancel(isc_task_t *task, isc_event_t *event) { if (!DNS_REQUEST_CANCELED(request)) req_cancel(request); send_if_done(request, ISC_R_CANCELED); - UNLOCK(&request->requestmgr->locks[request->hash]); + UNLOCK(&request->requestmgr->locks[request->hash]); } void @@ -1224,6 +1239,21 @@ dns_request_destroy(dns_request_t **requestp) { *** Private: request. ***/ +static isc_socket_t * +req_getsocket(dns_request_t *request) { + unsigned int dispattr; + isc_socket_t *socket; + + dispattr = dns_dispatch_getattributes(request->dispatch); + if ((dispattr & DNS_DISPATCHATTR_EXCLUSIVE) != 0) { + INSIST(request->dispentry != NULL); + socket = dns_dispatch_getentrysocket(request->dispentry); + } else + socket = dns_dispatch_getsocket(request->dispatch); + + return (socket); +} + static void req_connected(isc_task_t *task, isc_event_t *event) { isc_socketevent_t *sevent = (isc_socketevent_t *)event; @@ -1423,6 +1453,7 @@ req_destroy(dns_request_t *request) { static void req_cancel(dns_request_t *request) { isc_socket_t *socket; + unsigned int dispattr; REQUIRE(VALID_REQUEST(request)); @@ -1435,16 +1466,23 @@ req_cancel(dns_request_t *request) { if (request->timer != NULL) isc_timer_detach(&request->timer); + dispattr = dns_dispatch_getattributes(request->dispatch); + socket = NULL; + if (DNS_REQUEST_CONNECTING(request) || DNS_REQUEST_SENDING(request)) { + if ((dispattr & DNS_DISPATCHATTR_EXCLUSIVE) != 0) { + if (request->dispentry != NULL) { + socket = dns_dispatch_getentrysocket( + request->dispentry); + } + } else + socket = dns_dispatch_getsocket(request->dispatch); + if (DNS_REQUEST_CONNECTING(request) && socket != NULL) + isc_socket_cancel(socket, NULL, ISC_SOCKCANCEL_CONNECT); + if (DNS_REQUEST_SENDING(request) && socket != NULL) + isc_socket_cancel(socket, NULL, ISC_SOCKCANCEL_SEND); + } if (request->dispentry != NULL) dns_dispatch_removeresponse(&request->dispentry, NULL); - if (DNS_REQUEST_CONNECTING(request)) { - socket = dns_dispatch_getsocket(request->dispatch); - isc_socket_cancel(socket, NULL, ISC_SOCKCANCEL_CONNECT); - } - if (DNS_REQUEST_SENDING(request)) { - socket = dns_dispatch_getsocket(request->dispatch); - isc_socket_cancel(socket, NULL, ISC_SOCKCANCEL_SEND); - } dns_dispatch_detach(&request->dispatch); } diff --git a/contrib/bind-9.3/lib/dns/resolver.c b/contrib/bind-9.5.2/lib/dns/resolver.c similarity index 77% rename from contrib/bind-9.3/lib/dns/resolver.c rename to contrib/bind-9.5.2/lib/dns/resolver.c index 099b80433f..1441f61dba 100644 --- a/contrib/bind-9.3/lib/dns/resolver.c +++ b/contrib/bind-9.5.2/lib/dns/resolver.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.218.2.18.4.64.4.2 2007/01/11 05:05:10 marka Exp $ */ +/* $Id: resolver.c,v 1.355.12.44 2009/08/13 04:54:21 marka Exp $ */ + +/*! \file */ #include +#include #include #include +#include #include +#include #include #include @@ -50,22 +55,23 @@ #include #include #include +#include #include #include #define DNS_RESOLVER_TRACE #ifdef DNS_RESOLVER_TRACE -#define RTRACE(m) isc_log_write(dns_lctx, \ +#define RTRACE(m) isc_log_write(dns_lctx, \ DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, \ ISC_LOG_DEBUG(3), \ "res %p: %s", res, (m)) -#define RRTRACE(r, m) isc_log_write(dns_lctx, \ +#define RRTRACE(r, m) isc_log_write(dns_lctx, \ DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, \ ISC_LOG_DEBUG(3), \ "res %p: %s", (r), (m)) -#define FCTXTRACE(m) isc_log_write(dns_lctx, \ +#define FCTXTRACE(m) isc_log_write(dns_lctx, \ DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, \ ISC_LOG_DEBUG(3), \ @@ -77,14 +83,14 @@ ISC_LOG_DEBUG(3), \ "fctx %p(%s): %s %s", \ fctx, fctx->info, (m1), (m2)) -#define FTRACE(m) isc_log_write(dns_lctx, \ +#define FTRACE(m) isc_log_write(dns_lctx, \ DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, \ ISC_LOG_DEBUG(3), \ "fetch %p (fctx %p(%s)): %s", \ fetch, fetch->private, \ fetch->private->info, (m)) -#define QTRACE(m) isc_log_write(dns_lctx, \ +#define QTRACE(m) isc_log_write(dns_lctx, \ DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, \ ISC_LOG_DEBUG(3), \ @@ -99,16 +105,16 @@ #define QTRACE(m) #endif -/* +/*% * Maximum EDNS0 input packet size. */ -#define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */ +#define RECV_BUFFER_SIZE 4096 /* XXXRTH Constant. */ -/* +/*% * This defines the maximum number of timeouts we will permit before we * disable EDNS0 on the query. */ -#define MAX_EDNS0_TIMEOUTS 3 +#define MAX_EDNS0_TIMEOUTS 3 typedef struct fetchctx fetchctx_t; @@ -119,6 +125,7 @@ typedef struct query { isc_mem_t * mctx; dns_dispatchmgr_t * dispatchmgr; dns_dispatch_t * dispatch; + isc_boolean_t exclusivesocket; dns_adbaddrinfo_t * addrinfo; isc_socket_t * tcpsocket; isc_time_t start; @@ -138,37 +145,44 @@ typedef struct query { #define QUERY_MAGIC ISC_MAGIC('Q', '!', '!', '!') #define VALID_QUERY(query) ISC_MAGIC_VALID(query, QUERY_MAGIC) -#define RESQUERY_ATTR_CANCELED 0x02 +#define RESQUERY_ATTR_CANCELED 0x02 -#define RESQUERY_CONNECTING(q) ((q)->connects > 0) -#define RESQUERY_CANCELED(q) (((q)->attributes & \ +#define RESQUERY_CONNECTING(q) ((q)->connects > 0) +#define RESQUERY_CANCELED(q) (((q)->attributes & \ RESQUERY_ATTR_CANCELED) != 0) -#define RESQUERY_SENDING(q) ((q)->sends > 0) +#define RESQUERY_SENDING(q) ((q)->sends > 0) typedef enum { - fetchstate_init = 0, /* Start event has not run yet. */ + fetchstate_init = 0, /*%< Start event has not run yet. */ fetchstate_active, - fetchstate_done /* FETCHDONE events posted. */ + fetchstate_done /*%< FETCHDONE events posted. */ } fetchstate; +typedef enum { + badns_unreachable = 0, + badns_response, + badns_validation +} badnstype_t; + struct fetchctx { - /* Not locked. */ + /*% Not locked. */ unsigned int magic; dns_resolver_t * res; dns_name_t name; dns_rdatatype_t type; unsigned int options; unsigned int bucketnum; - char * info; - /* Locked by appropriate bucket lock. */ + char * info; + /*% Locked by appropriate bucket lock. */ fetchstate state; isc_boolean_t want_shutdown; isc_boolean_t cloned; + isc_boolean_t spilled; unsigned int references; isc_event_t control_event; - ISC_LINK(struct fetchctx) link; - ISC_LIST(dns_fetchevent_t) events; - /* Locked by task event serialization. */ + ISC_LINK(struct fetchctx) link; + ISC_LIST(dns_fetchevent_t) events; + /*% Locked by task event serialization. */ dns_name_t domain; dns_rdataset_t nameservers; unsigned int attributes; @@ -187,16 +201,19 @@ struct fetchctx { isc_sockaddrlist_t forwarders; dns_fwdpolicy_t fwdpolicy; isc_sockaddrlist_t bad; - ISC_LIST(dns_validator_t) validators; + isc_sockaddrlist_t edns; + isc_sockaddrlist_t edns512; + dns_validator_t *validator; + ISC_LIST(dns_validator_t) validators; dns_db_t * cache; dns_adb_t * adb; - /* + /*% * The number of events we're waiting for. */ unsigned int pending; - /* + /*% * The number of times we've "restarted" the current * nameserver set. This acts as a failsafe to prevent * us from pounding constantly on a particular set of @@ -206,16 +223,17 @@ struct fetchctx { */ unsigned int restarts; - /* - * The number of timeouts that have occurred since we + /*% + * The number of timeouts that have occurred since we * last successfully received a response packet. This * is used for EDNS0 black hole detection. */ unsigned int timeouts; - /* + + /*% * Look aside state for DS lookups. */ - dns_name_t nsname; + dns_name_t nsname; dns_fetch_t * nsfetch; dns_rdataset_t nsrrset; @@ -223,34 +241,59 @@ struct fetchctx { * Number of queries that reference this context. */ unsigned int nqueries; + + /*% + * The reason to print when logging a successful + * response to a query. + */ + const char * reason; + + /*% + * Fetch-local statistics for detailed logging. + */ + isc_result_t result; /*%< fetch result */ + isc_result_t vresult; /*%< validation result */ + int exitline; + isc_time_t start; + isc_uint64_t duration; + isc_boolean_t logged; + unsigned int querysent; + unsigned int referrals; + unsigned int lamecount; + unsigned int neterr; + unsigned int badresp; + unsigned int adberr; + unsigned int findfail; + unsigned int valfail; + isc_boolean_t timeout; }; #define FCTX_MAGIC ISC_MAGIC('F', '!', '!', '!') #define VALID_FCTX(fctx) ISC_MAGIC_VALID(fctx, FCTX_MAGIC) -#define FCTX_ATTR_HAVEANSWER 0x0001 -#define FCTX_ATTR_GLUING 0x0002 -#define FCTX_ATTR_ADDRWAIT 0x0004 -#define FCTX_ATTR_SHUTTINGDOWN 0x0008 -#define FCTX_ATTR_WANTCACHE 0x0010 -#define FCTX_ATTR_WANTNCACHE 0x0020 -#define FCTX_ATTR_NEEDEDNS0 0x0040 -#define FCTX_ATTR_TRIEDFIND 0x0080 -#define FCTX_ATTR_TRIEDALT 0x0100 - -#define HAVE_ANSWER(f) (((f)->attributes & FCTX_ATTR_HAVEANSWER) != \ +#define FCTX_ATTR_HAVEANSWER 0x0001 +#define FCTX_ATTR_GLUING 0x0002 +#define FCTX_ATTR_ADDRWAIT 0x0004 +#define FCTX_ATTR_SHUTTINGDOWN 0x0008 +#define FCTX_ATTR_WANTCACHE 0x0010 +#define FCTX_ATTR_WANTNCACHE 0x0020 +#define FCTX_ATTR_NEEDEDNS0 0x0040 +#define FCTX_ATTR_TRIEDFIND 0x0080 +#define FCTX_ATTR_TRIEDALT 0x0100 + +#define HAVE_ANSWER(f) (((f)->attributes & FCTX_ATTR_HAVEANSWER) != \ 0) -#define GLUING(f) (((f)->attributes & FCTX_ATTR_GLUING) != \ +#define GLUING(f) (((f)->attributes & FCTX_ATTR_GLUING) != \ 0) -#define ADDRWAIT(f) (((f)->attributes & FCTX_ATTR_ADDRWAIT) != \ +#define ADDRWAIT(f) (((f)->attributes & FCTX_ATTR_ADDRWAIT) != \ 0) -#define SHUTTINGDOWN(f) (((f)->attributes & FCTX_ATTR_SHUTTINGDOWN) \ - != 0) -#define WANTCACHE(f) (((f)->attributes & FCTX_ATTR_WANTCACHE) != 0) -#define WANTNCACHE(f) (((f)->attributes & FCTX_ATTR_WANTNCACHE) != 0) -#define NEEDEDNS0(f) (((f)->attributes & FCTX_ATTR_NEEDEDNS0) != 0) -#define TRIEDFIND(f) (((f)->attributes & FCTX_ATTR_TRIEDFIND) != 0) -#define TRIEDALT(f) (((f)->attributes & FCTX_ATTR_TRIEDALT) != 0) +#define SHUTTINGDOWN(f) (((f)->attributes & FCTX_ATTR_SHUTTINGDOWN) \ + != 0) +#define WANTCACHE(f) (((f)->attributes & FCTX_ATTR_WANTCACHE) != 0) +#define WANTNCACHE(f) (((f)->attributes & FCTX_ATTR_WANTNCACHE) != 0) +#define NEEDEDNS0(f) (((f)->attributes & FCTX_ATTR_NEEDEDNS0) != 0) +#define TRIEDFIND(f) (((f)->attributes & FCTX_ATTR_TRIEDFIND) != 0) +#define TRIEDALT(f) (((f)->attributes & FCTX_ATTR_TRIEDALT) != 0) typedef struct { dns_adbaddrinfo_t * addrinfo; @@ -270,18 +313,19 @@ typedef struct fctxbucket { isc_mutex_t lock; ISC_LIST(fetchctx_t) fctxs; isc_boolean_t exiting; + isc_mem_t * mctx; } fctxbucket_t; typedef struct alternate { isc_boolean_t isaddress; - union { + union { isc_sockaddr_t addr; struct { - dns_name_t name; - in_port_t port; + dns_name_t name; + in_port_t port; } _n; } _u; - ISC_LINK(struct alternate) link; + ISC_LINK(struct alternate) link; } alternate_t; struct dns_resolver { @@ -289,8 +333,8 @@ struct dns_resolver { unsigned int magic; isc_mem_t * mctx; isc_mutex_t lock; - isc_mutex_t nlock; - isc_mutex_t primelock; + isc_mutex_t nlock; + isc_mutex_t primelock; dns_rdataclass_t rdclass; isc_socketmgr_t * socketmgr; isc_timermgr_t * timermgr; @@ -300,7 +344,10 @@ struct dns_resolver { unsigned int options; dns_dispatchmgr_t * dispatchmgr; dns_dispatch_t * dispatchv4; + isc_boolean_t exclusivev4; dns_dispatch_t * dispatchv6; + isc_boolean_t exclusivev6; + unsigned int ndisps; unsigned int nbuckets; fctxbucket_t * buckets; isc_uint32_t lame_ttl; @@ -314,12 +361,19 @@ struct dns_resolver { isc_rwlock_t mbslock; #endif dns_rbt_t * mustbesecure; + unsigned int spillatmax; + unsigned int spillatmin; + isc_timer_t * spillattimer; + isc_boolean_t zero_no_soa_ttl; + /* Locked by lock. */ unsigned int references; isc_boolean_t exiting; isc_eventlist_t whenshutdown; unsigned int activebuckets; isc_boolean_t priming; + unsigned int spillat; /* clients-per-query */ + unsigned int nextdisp; /* Locked by primelock. */ dns_fetch_t * primefetch; /* Locked by nlock. */ @@ -329,15 +383,15 @@ struct dns_resolver { #define RES_MAGIC ISC_MAGIC('R', 'e', 's', '!') #define VALID_RESOLVER(res) ISC_MAGIC_VALID(res, RES_MAGIC) -/* +/*% * Private addrinfo flags. These must not conflict with DNS_FETCHOPT_NOEDNS0, * which we also use as an addrinfo flag. */ -#define FCTX_ADDRINFO_MARK 0x0001 -#define FCTX_ADDRINFO_FORWARDER 0x1000 -#define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) \ +#define FCTX_ADDRINFO_MARK 0x0001 +#define FCTX_ADDRINFO_FORWARDER 0x1000 +#define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) \ == 0) -#define ISFORWARDER(a) (((a)->flags & \ +#define ISFORWARDER(a) (((a)->flags & \ FCTX_ADDRINFO_FORWARDER) != 0) #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) @@ -347,7 +401,7 @@ static void empty_bucket(dns_resolver_t *res); static isc_result_t resquery_send(resquery_t *query); static void resquery_response(isc_task_t *task, isc_event_t *event); static void resquery_connected(isc_task_t *task, isc_event_t *event); -static void fctx_try(fetchctx_t *fctx); +static void fctx_try(fetchctx_t *fctx, isc_boolean_t retrying); static isc_boolean_t fctx_destroy(fetchctx_t *fctx); static isc_result_t ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, @@ -355,8 +409,19 @@ static isc_result_t ncache_adderesult(dns_message_t *message, isc_stdtime_t now, dns_ttl_t maxttl, dns_rdataset_t *ardataset, isc_result_t *eresultp); -static void validated(isc_task_t *task, isc_event_t *event); +static void validated(isc_task_t *task, isc_event_t *event); static void maybe_destroy(fetchctx_t *fctx); +static void add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, + isc_result_t reason, badnstype_t badtype); + +/*% + * Increment resolver-related statistics counters. + */ +static inline void +inc_stats(dns_resolver_t *res, isc_statscounter_t counter) { + if (res->view->resstats != NULL) + isc_stats_increment(res->view->resstats, counter); +} static isc_result_t valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name, @@ -368,7 +433,8 @@ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name, dns_valarg_t *valarg; isc_result_t result; - valarg = isc_mem_get(fctx->res->mctx, sizeof(*valarg)); + valarg = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx, + sizeof(*valarg)); if (valarg == NULL) return (ISC_R_NOMEMORY); @@ -382,13 +448,43 @@ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name, sigrdataset, fctx->rmessage, valoptions, task, validated, valarg, &validator); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { + inc_stats(fctx->res, dns_resstatscounter_val); + if ((valoptions & DNS_VALIDATOR_DEFER) == 0) { + INSIST(fctx->validator == NULL); + fctx->validator = validator; + } ISC_LIST_APPEND(fctx->validators, validator, link); - else - isc_mem_put(fctx->res->mctx, valarg, sizeof(*valarg)); + } else + isc_mem_put(fctx->res->buckets[fctx->bucketnum].mctx, + valarg, sizeof(*valarg)); return (result); } +static isc_boolean_t +rrsig_fromchildzone(fetchctx_t *fctx, dns_rdataset_t *rdataset) { + dns_namereln_t namereln; + dns_rdata_rrsig_t rrsig; + dns_rdata_t rdata = DNS_RDATA_INIT; + int order; + isc_result_t result; + unsigned int labels; + + for (result = dns_rdataset_first(rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(rdataset)) { + dns_rdataset_current(rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &rrsig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + namereln = dns_name_fullcompare(&rrsig.signer, &fctx->domain, + &order, &labels); + if (namereln == dns_namereln_subdomain) + return (ISC_TRUE); + dns_rdata_reset(&rdata); + } + return (ISC_FALSE); +} + static isc_boolean_t fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) { dns_name_t *name; @@ -402,13 +498,43 @@ fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) { return (ISC_FALSE); /* - * Look for BIND 8 style delegations. - * Also look for answers to ANY queries where the duplicate NS RRset - * may have been stripped from the authority section. + * A DS RRset can appear anywhere in a zone, even for a delegation-only + * zone. So a response to an explicit query for this type should be + * excluded from delegation-only fixup. + * + * SOA, NS, and DNSKEY can only exist at a zone apex, so a postive + * response to a query for these types can never violate the + * delegation-only assumption: if the query name is below a + * zone cut, the response should normally be a referral, which should + * be accepted; if the query name is below a zone cut but the server + * happens to have authority for the zone of the query name, the + * response is a (non-referral) answer. But this does not violate + * delegation-only because the query name must be in a different zone + * due to the "apex-only" nature of these types. Note that if the + * remote server happens to have authority for a child zone of a + * delegation-only zone, we may still incorrectly "fix" the response + * with NXDOMAIN for queries for other types. Unfortunately it's + * generally impossible to differentiate this case from violation of + * the delegation-only assumption. Once the resolver learns the + * correct zone cut, possibly via a separate query for an "apex-only" + * type, queries for other types will be resolved correctly. + * + * A query for type ANY will be accepted if it hits an exceptional + * type above in the answer section as it should be from a child + * zone. + * + * Also accept answers with RRSIG records from the child zone. + * Direct queries for RRSIG records should not be answered from + * the parent zone. */ + if (message->counts[DNS_SECTION_ANSWER] != 0 && (fctx->type == dns_rdatatype_ns || - fctx->type == dns_rdatatype_any)) { + fctx->type == dns_rdatatype_ds || + fctx->type == dns_rdatatype_soa || + fctx->type == dns_rdatatype_any || + fctx->type == dns_rdatatype_rrsig || + fctx->type == dns_rdatatype_dnskey)) { result = dns_message_firstname(message, DNS_SECTION_ANSWER); while (result == ISC_R_SUCCESS) { name = NULL; @@ -417,10 +543,32 @@ fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) { for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { - type = rdataset->type; - if (type != dns_rdatatype_ns) + if (!dns_name_equal(name, &fctx->name)) continue; - if (dns_name_issubdomain(name, domain)) + type = rdataset->type; + /* + * RRsig from child? + */ + if (type == dns_rdatatype_rrsig && + rrsig_fromchildzone(fctx, rdataset)) + return (ISC_FALSE); + /* + * Direct query for apex records or DS. + */ + if (fctx->type == type && + (type == dns_rdatatype_ds || + type == dns_rdatatype_ns || + type == dns_rdatatype_soa || + type == dns_rdatatype_dnskey)) + return (ISC_FALSE); + /* + * Indirect query for apex records or DS. + */ + if (fctx->type == dns_rdatatype_any && + (type == dns_rdatatype_ns || + type == dns_rdatatype_ds || + type == dns_rdatatype_soa || + type == dns_rdatatype_dnskey)) return (ISC_FALSE); } result = dns_message_nextname(message, @@ -428,7 +576,14 @@ fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) { } } - /* Look for referral. */ + /* + * A NODATA response to a DS query? + */ + if (fctx->type == dns_rdatatype_ds && + message->counts[DNS_SECTION_ANSWER] == 0) + return (ISC_FALSE); + + /* Look for referral or indication of answer from child zone? */ if (message->counts[DNS_SECTION_AUTHORITY] == 0) goto munge; @@ -443,13 +598,37 @@ fix_mustbedelegationornxdomain(dns_message_t *message, fetchctx_t *fctx) { if (type == dns_rdatatype_soa && dns_name_equal(name, domain)) keep_auth = ISC_TRUE; + if (type != dns_rdatatype_ns && - type != dns_rdatatype_soa) + type != dns_rdatatype_soa && + type != dns_rdatatype_rrsig) continue; - if (dns_name_equal(name, domain)) - goto munge; - if (dns_name_issubdomain(name, domain)) + + if (type == dns_rdatatype_rrsig) { + if (rrsig_fromchildzone(fctx, rdataset)) + return (ISC_FALSE); + else + continue; + } + + /* NS or SOA records. */ + if (dns_name_equal(name, domain)) { + /* + * If a query for ANY causes a negative + * response, we can be sure that this is + * an empty node. For other type of queries + * we cannot differentiate an empty node + * from a node that just doesn't have that + * type of record. We only accept the former + * case. + */ + if (message->counts[DNS_SECTION_ANSWER] == 0 && + fctx->type == dns_rdatatype_any) + return (ISC_FALSE); + } else if (dns_name_issubdomain(name, domain)) { + /* Referral or answer from child zone. */ return (ISC_FALSE); + } } result = dns_message_nextname(message, DNS_SECTION_AUTHORITY); } @@ -497,21 +676,20 @@ fctx_stoptimer(fetchctx_t *fctx) { static inline isc_result_t -fctx_startidletimer(fetchctx_t *fctx) { +fctx_startidletimer(fetchctx_t *fctx, isc_interval_t *interval) { /* * Start the idle timer for fctx. The lifetime timer continues * to be in effect. */ return (isc_timer_reset(fctx->timer, isc_timertype_once, - &fctx->expires, &fctx->interval, - ISC_FALSE)); + &fctx->expires, interval, ISC_FALSE)); } /* * Stopping the idle timer is equivalent to calling fctx_starttimer(), but * we use fctx_stopidletimer for readability in the code below. */ -#define fctx_stopidletimer fctx_starttimer +#define fctx_stopidletimer fctx_starttimer static inline void @@ -526,7 +704,7 @@ resquery_destroy(resquery_t **queryp) { query->fctx->nqueries--; if (SHUTTINGDOWN(query->fctx)) - maybe_destroy(query->fctx); /* Locks bucket. */ + maybe_destroy(query->fctx); /* Locks bucket. */ query->magic = 0; isc_mem_put(query->mctx, query, sizeof(*query)); *queryp = NULL; @@ -538,10 +716,11 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp, { fetchctx_t *fctx; resquery_t *query; - unsigned int rtt; + unsigned int rtt, rttms; unsigned int factor; dns_adbfind_t *find; dns_adbaddrinfo_t *addrinfo; + isc_socket_t *socket; query = *queryp; fctx = query->fctx; @@ -564,6 +743,27 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp, rtt = (unsigned int)isc_time_microdiff(finish, &query->start); factor = DNS_ADB_RTTADJDEFAULT; + + rttms = rtt / 1000; + if (rttms < DNS_RESOLVER_QRYRTTCLASS0) { + inc_stats(fctx->res, + dns_resstatscounter_queryrtt0); + } else if (rttms < DNS_RESOLVER_QRYRTTCLASS1) { + inc_stats(fctx->res, + dns_resstatscounter_queryrtt1); + } else if (rttms < DNS_RESOLVER_QRYRTTCLASS2) { + inc_stats(fctx->res, + dns_resstatscounter_queryrtt2); + } else if (rttms < DNS_RESOLVER_QRYRTTCLASS3) { + inc_stats(fctx->res, + dns_resstatscounter_queryrtt3); + } else if (rttms < DNS_RESOLVER_QRYRTTCLASS4) { + inc_stats(fctx->res, + dns_resstatscounter_queryrtt4); + } else { + inc_stats(fctx->res, + dns_resstatscounter_queryrtt5); + } } else { /* * We don't have an RTT for this query. Maybe the @@ -571,8 +771,7 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp, * slow. We don't know. Increase the RTT. */ INSIST(no_response); - rtt = query->addrinfo->srtt + - (200000 * fctx->restarts); + rtt = query->addrinfo->srtt + 200000; if (rtt > 10000000) rtt = 10000000; /* @@ -624,35 +823,48 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp, 0, factor); } - if (query->dispentry != NULL) - dns_dispatch_removeresponse(&query->dispentry, deventp); - - ISC_LIST_UNLINK(fctx->queries, query, link); - - if (query->tsig != NULL) - isc_buffer_free(&query->tsig); - - if (query->tsigkey != NULL) - dns_tsigkey_detach(&query->tsigkey); - /* * Check for any outstanding socket events. If they exist, cancel * them and let the event handlers finish the cleanup. The resolver * only needs to worry about managing the connect and send events; * the dispatcher manages the recv events. */ - if (RESQUERY_CONNECTING(query)) + if (RESQUERY_CONNECTING(query)) { /* * Cancel the connect. */ - isc_socket_cancel(query->tcpsocket, NULL, - ISC_SOCKCANCEL_CONNECT); - else if (RESQUERY_SENDING(query)) + if (query->tcpsocket != NULL) { + isc_socket_cancel(query->tcpsocket, NULL, + ISC_SOCKCANCEL_CONNECT); + } else if (query->dispentry != NULL) { + INSIST(query->exclusivesocket); + socket = dns_dispatch_getentrysocket(query->dispentry); + if (socket != NULL) + isc_socket_cancel(socket, NULL, + ISC_SOCKCANCEL_CONNECT); + } + } else if (RESQUERY_SENDING(query)) { /* * Cancel the pending send. */ - isc_socket_cancel(dns_dispatch_getsocket(query->dispatch), - NULL, ISC_SOCKCANCEL_SEND); + if (query->exclusivesocket && query->dispentry != NULL) + socket = dns_dispatch_getentrysocket(query->dispentry); + else + socket = dns_dispatch_getsocket(query->dispatch); + if (socket != NULL) + isc_socket_cancel(socket, NULL, ISC_SOCKCANCEL_SEND); + } + + if (query->dispentry != NULL) + dns_dispatch_removeresponse(&query->dispentry, deventp); + + ISC_LIST_UNLINK(fctx->queries, query, link); + + if (query->tsig != NULL) + isc_buffer_free(&query->tsig); + + if (query->tsigkey != NULL) + dns_tsigkey_detach(&query->tsigkey); if (query->dispatch != NULL) dns_dispatch_detach(&query->dispatch); @@ -752,9 +964,16 @@ fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response) { } static inline void -fctx_sendevents(fetchctx_t *fctx, isc_result_t result) { +fctx_sendevents(fetchctx_t *fctx, isc_result_t result, int line) { dns_fetchevent_t *event, *next_event; isc_task_t *task; + unsigned int count = 0; + isc_interval_t i; + isc_boolean_t logit = ISC_FALSE; + isc_time_t now; + unsigned int old_spillat; + unsigned int new_spillat = 0; /* initialized to silence + compiler warnings */ /* * Caller must be holding the appropriate bucket lock. @@ -763,6 +982,14 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result) { FCTXTRACE("sendevents"); + /* + * Keep some record of fetch result for logging later (if required). + */ + fctx->result = result; + fctx->exitline = line; + TIME_NOW(&now); + fctx->duration = isc_time_microdiff(&now, &fctx->start); + for (event = ISC_LIST_HEAD(fctx->events); event != NULL; event = next_event) { @@ -779,72 +1006,116 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result) { fctx->type == dns_rdatatype_rrsig || fctx->type == dns_rdatatype_sig); + /* + * Negative results must be indicated in event->result. + */ + if (dns_rdataset_isassociated(event->rdataset) && + event->rdataset->type == dns_rdatatype_none) { + INSIST(event->result == DNS_R_NCACHENXDOMAIN || + event->result == DNS_R_NCACHENXRRSET); + } + isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event)); + count++; + } + + if ((fctx->attributes & FCTX_ATTR_HAVEANSWER) != 0 && + fctx->spilled && + (count < fctx->res->spillatmax || fctx->res->spillatmax == 0)) { + LOCK(&fctx->res->lock); + if (count == fctx->res->spillat && !fctx->res->exiting) { + old_spillat = fctx->res->spillat; + fctx->res->spillat += 5; + if (fctx->res->spillat > fctx->res->spillatmax && + fctx->res->spillatmax != 0) + fctx->res->spillat = fctx->res->spillatmax; + new_spillat = fctx->res->spillat; + if (new_spillat != old_spillat) { + logit = ISC_TRUE; + } + isc_interval_set(&i, 20 * 60, 0); + result = isc_timer_reset(fctx->res->spillattimer, + isc_timertype_ticker, NULL, + &i, ISC_TRUE); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + } + UNLOCK(&fctx->res->lock); + if (logit) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, + DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, + "clients-per-query increased to %u", + new_spillat); } } +static inline void +log_edns(fetchctx_t *fctx) { + char domainbuf[DNS_NAME_FORMATSIZE]; + + if (fctx->reason == NULL) + return; + + dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED, + DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO, + "too many timeouts resolving '%s' (in '%s'?): %s", + fctx->info, domainbuf, fctx->reason); + + fctx->reason = NULL; +} + static void -fctx_done(fetchctx_t *fctx, isc_result_t result) { +fctx_done(fetchctx_t *fctx, isc_result_t result, int line) { dns_resolver_t *res; isc_boolean_t no_response; + REQUIRE(line >= 0); + FCTXTRACE("done"); res = fctx->res; - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { + /*% + * Log any deferred EDNS timeout messages. + */ + log_edns(fctx); no_response = ISC_TRUE; - else + } else no_response = ISC_FALSE; + + fctx->reason = NULL; fctx_stopeverything(fctx, no_response); LOCK(&res->buckets[fctx->bucketnum].lock); fctx->state = fetchstate_done; fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; - fctx_sendevents(fctx, result); + fctx_sendevents(fctx, result, line); UNLOCK(&res->buckets[fctx->bucketnum].lock); } static void -resquery_senddone(isc_task_t *task, isc_event_t *event) { +process_sendevent(resquery_t *query, isc_event_t *event) { isc_socketevent_t *sevent = (isc_socketevent_t *)event; - resquery_t *query = event->ev_arg; isc_boolean_t retry = ISC_FALSE; isc_result_t result; fetchctx_t *fctx; - REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE); - - QTRACE("senddone"); - - /* - * XXXRTH - * - * Currently we don't wait for the senddone event before retrying - * a query. This means that if we get really behind, we may end - * up doing extra work! - */ - - UNUSED(task); - - INSIST(RESQUERY_SENDING(query)); - - query->sends--; fctx = query->fctx; if (RESQUERY_CANCELED(query)) { - if (query->sends == 0) { + if (query->sends == 0 && query->connects == 0) { /* * This query was canceled while the - * isc_socket_sendto() was in progress. + * isc_socket_sendto/connect() was in progress. */ if (query->tcpsocket != NULL) isc_socket_detach(&query->tcpsocket); resquery_destroy(&query); } - } else + } else { switch (sevent->result) { case ISC_R_SUCCESS: break; @@ -858,6 +1129,8 @@ resquery_senddone(isc_task_t *task, isc_event_t *event) { /* * No route to remote. */ + add_bad(fctx, query->addrinfo, sevent->result, + badns_unreachable); fctx_cancelquery(&query, NULL, NULL, ISC_TRUE); retry = ISC_TRUE; break; @@ -866,6 +1139,7 @@ resquery_senddone(isc_task_t *task, isc_event_t *event) { fctx_cancelquery(&query, NULL, NULL, ISC_FALSE); break; } + } isc_event_free(&event); @@ -877,14 +1151,58 @@ resquery_senddone(isc_task_t *task, isc_event_t *event) { fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; result = fctx_stopidletimer(fctx); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); else - fctx_try(fctx); + fctx_try(fctx, ISC_TRUE); } } +static void +resquery_udpconnected(isc_task_t *task, isc_event_t *event) { + resquery_t *query = event->ev_arg; + + REQUIRE(event->ev_type == ISC_SOCKEVENT_CONNECT); + + QTRACE("udpconnected"); + + UNUSED(task); + + INSIST(RESQUERY_CONNECTING(query)); + + query->connects--; + + process_sendevent(query, event); +} + +static void +resquery_senddone(isc_task_t *task, isc_event_t *event) { + resquery_t *query = event->ev_arg; + + REQUIRE(event->ev_type == ISC_SOCKEVENT_SENDDONE); + + QTRACE("senddone"); + + /* + * XXXRTH + * + * Currently we don't wait for the senddone event before retrying + * a query. This means that if we get really behind, we may end + * up doing extra work! + */ + + UNUSED(task); + + INSIST(RESQUERY_SENDING(query)); + + query->sends--; + + process_sendevent(query, event); +} + static inline isc_result_t -fctx_addopt(dns_message_t *message, dns_resolver_t *res) { +fctx_addopt(dns_message_t *message, unsigned int version, + isc_uint16_t udpsize, isc_boolean_t request_nsid) +{ dns_rdataset_t *rdataset; dns_rdatalist_t *rdatalist; dns_rdata_t *rdata; @@ -910,18 +1228,32 @@ fctx_addopt(dns_message_t *message, dns_resolver_t *res) { /* * Set Maximum UDP buffer size. */ - rdatalist->rdclass = res->udpsize; + rdatalist->rdclass = udpsize; /* - * Set EXTENDED-RCODE, VERSION, and Z to 0, and the DO bit to 1. + * Set EXTENDED-RCODE and Z to 0, DO to 1. */ - rdatalist->ttl = DNS_MESSAGEEXTFLAG_DO; + rdatalist->ttl = (version << 16); + rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO; /* - * No EDNS options. + * Set EDNS options if applicable */ - rdata->data = NULL; - rdata->length = 0; + if (request_nsid) { + /* Send empty NSID option (RFC5001) */ + unsigned char data[4]; + isc_buffer_t buf; + + isc_buffer_init(&buf, data, sizeof(data)); + isc_buffer_putuint16(&buf, DNS_OPT_NSID); + isc_buffer_putuint16(&buf, 0); + rdata->data = data; + rdata->length = sizeof(data); + } else { + rdata->data = NULL; + rdata->length = 0; + } + rdata->rdclass = rdatalist->rdclass; rdata->type = rdatalist->type; rdata->flags = 0; @@ -936,34 +1268,37 @@ fctx_addopt(dns_message_t *message, dns_resolver_t *res) { static inline void fctx_setretryinterval(fetchctx_t *fctx, unsigned int rtt) { unsigned int seconds; + unsigned int us; /* - * We retry every 2 seconds the first two times through the address + * We retry every .8 seconds the first two times through the address * list, and then we do exponential back-off. */ if (fctx->restarts < 3) - seconds = 2; + us = 800000; else - seconds = (2 << (fctx->restarts - 1)); + us = (800000 << (fctx->restarts - 2)); /* - * Double the round-trip time and convert to seconds. + * Double the round-trip time. */ - rtt /= 500000; + rtt *= 2; /* * Always wait for at least the doubled round-trip time. */ - if (seconds < rtt) - seconds = rtt; + if (us < rtt) + us = rtt; /* - * But don't ever wait for more than 30 seconds. + * But don't ever wait for more than 10 seconds. */ - if (seconds > 30) - seconds = 30; + if (us > 10000000) + us = 10000000; - isc_interval_set(&fctx->interval, seconds, 0); + seconds = us / 1000000; + us -= seconds * 1000000; + isc_interval_set(&fctx->interval, seconds, us * 1000); } static isc_result_t @@ -974,6 +1309,8 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_task_t *task; isc_result_t result; resquery_t *query; + isc_sockaddr_t addr; + isc_boolean_t have_addr = ISC_FALSE; FCTXTRACE("query"); @@ -981,7 +1318,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, task = res->buckets[fctx->bucketnum].task; fctx_setretryinterval(fctx, addrinfo->srtt); - result = fctx_startidletimer(fctx); + result = fctx_startidletimer(fctx, &fctx->interval); if (result != ISC_R_SUCCESS) return (result); @@ -989,12 +1326,13 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE); - query = isc_mem_get(res->mctx, sizeof(*query)); + query = isc_mem_get(res->buckets[fctx->bucketnum].mctx, + sizeof(*query)); if (query == NULL) { result = ISC_R_NOMEMORY; goto stop_idle_timer; } - query->mctx = res->mctx; + query->mctx = res->buckets[fctx->bucketnum].mctx; query->options = options; query->attributes = 0; query->sends = 0; @@ -1013,29 +1351,44 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, */ query->dispatchmgr = res->dispatchmgr; query->dispatch = NULL; + query->exclusivesocket = ISC_FALSE; query->tcpsocket = NULL; + if (res->view->peers != NULL) { + dns_peer_t *peer = NULL; + isc_netaddr_t dstip; + isc_netaddr_fromsockaddr(&dstip, &addrinfo->sockaddr); + result = dns_peerlist_peerbyaddr(res->view->peers, + &dstip, &peer); + if (result == ISC_R_SUCCESS) { + result = dns_peer_getquerysource(peer, &addr); + if (result == ISC_R_SUCCESS) + have_addr = ISC_TRUE; + } + } + if ((query->options & DNS_FETCHOPT_TCP) != 0) { - isc_sockaddr_t addr; int pf; pf = isc_sockaddr_pf(&addrinfo->sockaddr); - - switch (pf) { - case PF_INET: - result = dns_dispatch_getlocaladdress(res->dispatchv4, - &addr); - break; - case PF_INET6: - result = dns_dispatch_getlocaladdress(res->dispatchv6, - &addr); - break; - default: - result = ISC_R_NOTIMPLEMENTED; - break; + if (!have_addr) { + switch (pf) { + case PF_INET: + result = + dns_dispatch_getlocaladdress(res->dispatchv4, + &addr); + break; + case PF_INET6: + result = + dns_dispatch_getlocaladdress(res->dispatchv6, + &addr); + break; + default: + result = ISC_R_NOTIMPLEMENTED; + break; + } + if (result != ISC_R_SUCCESS) + goto cleanup_query; } - if (result != ISC_R_SUCCESS) - goto cleanup_query; - isc_sockaddr_setport(&addr, 0); result = isc_socket_create(res->socketmgr, pf, @@ -1045,7 +1398,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, goto cleanup_query; #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT - result = isc_socket_bind(query->tcpsocket, &addr); + result = isc_socket_bind(query->tcpsocket, &addr, 0); if (result != ISC_R_SUCCESS) goto cleanup_socket; #endif @@ -1054,50 +1407,49 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, * A dispatch will be created once the connect succeeds. */ } else { - isc_sockaddr_t localaddr; - unsigned int attrs, attrmask; - dns_dispatch_t *disp_base; - - attrs = 0; - attrs |= DNS_DISPATCHATTR_UDP; - attrs |= DNS_DISPATCHATTR_RANDOMPORT; - - attrmask = 0; - attrmask |= DNS_DISPATCHATTR_UDP; - attrmask |= DNS_DISPATCHATTR_TCP; - attrmask |= DNS_DISPATCHATTR_IPV4; - attrmask |= DNS_DISPATCHATTR_IPV6; - - switch (isc_sockaddr_pf(&addrinfo->sockaddr)) { - case AF_INET: - disp_base = res->dispatchv4; - attrs |= DNS_DISPATCHATTR_IPV4; - break; - case AF_INET6: - disp_base = res->dispatchv6; - attrs |= DNS_DISPATCHATTR_IPV6; - break; - default: - result = ISC_R_NOTIMPLEMENTED; - goto cleanup_query; - } - - result = dns_dispatch_getlocaladdress(disp_base, &localaddr); - if (result != ISC_R_SUCCESS) - goto cleanup_query; - if (isc_sockaddr_getport(&localaddr) == 0) { + if (have_addr) { + unsigned int attrs, attrmask; + attrs = DNS_DISPATCHATTR_UDP; + switch (isc_sockaddr_pf(&addr)) { + case AF_INET: + attrs |= DNS_DISPATCHATTR_IPV4; + break; + case AF_INET6: + attrs |= DNS_DISPATCHATTR_IPV6; + break; + default: + result = ISC_R_NOTIMPLEMENTED; + goto cleanup_query; + } + attrmask = DNS_DISPATCHATTR_UDP; + attrmask |= DNS_DISPATCHATTR_TCP; + attrmask |= DNS_DISPATCHATTR_IPV4; + attrmask |= DNS_DISPATCHATTR_IPV6; result = dns_dispatch_getudp(res->dispatchmgr, res->socketmgr, - res->taskmgr, - &localaddr, - 4096, 1000, 32768, - 16411, 16433, - attrs, attrmask, + res->taskmgr, &addr, + 4096, 1000, 32768, 16411, + 16433, attrs, attrmask, &query->dispatch); if (result != ISC_R_SUCCESS) goto cleanup_query; - } else - dns_dispatch_attach(disp_base, &query->dispatch); + } else { + switch (isc_sockaddr_pf(&addrinfo->sockaddr)) { + case PF_INET: + dns_dispatch_attach(res->dispatchv4, + &query->dispatch); + query->exclusivesocket = res->exclusivev4; + break; + case PF_INET6: + dns_dispatch_attach(res->dispatchv6, + &query->dispatch); + query->exclusivesocket = res->exclusivev6; + break; + default: + result = ISC_R_NOTIMPLEMENTED; + goto cleanup_query; + } + } /* * We should always have a valid dispatcher here. If we * don't support a protocol family, then its dispatcher @@ -1133,9 +1485,17 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, if (result != ISC_R_SUCCESS) goto cleanup_dispatch; } + fctx->querysent++; ISC_LIST_APPEND(fctx->queries, query, link); query->fctx->nqueries++; + if (isc_sockaddr_pf(&addrinfo->sockaddr) == PF_INET) + inc_stats(res, dns_resstatscounter_queryv4); + else + inc_stats(res, dns_resstatscounter_queryv6); + if (res->view->resquerystats != NULL) + dns_rdatatypestats_increment(res->view->resquerystats, + fctx->type); return (ISC_R_SUCCESS); @@ -1148,7 +1508,8 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, cleanup_query: query->magic = 0; - isc_mem_put(res->mctx, query, sizeof(*query)); + isc_mem_put(res->buckets[fctx->bucketnum].mctx, + query, sizeof(*query)); stop_idle_timer: RUNTIME_CHECK(fctx_stopidletimer(fctx) == ISC_R_SUCCESS); @@ -1156,6 +1517,66 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, return (result); } +static isc_boolean_t +triededns(fetchctx_t *fctx, isc_sockaddr_t *address) { + isc_sockaddr_t *sa; + + for (sa = ISC_LIST_HEAD(fctx->edns); + sa != NULL; + sa = ISC_LIST_NEXT(sa, link)) { + if (isc_sockaddr_equal(sa, address)) + return (ISC_TRUE); + } + + return (ISC_FALSE); +} + +static void +add_triededns(fetchctx_t *fctx, isc_sockaddr_t *address) { + isc_sockaddr_t *sa; + + if (triededns(fctx, address)) + return; + + sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx, + sizeof(*sa)); + if (sa == NULL) + return; + + *sa = *address; + ISC_LIST_INITANDAPPEND(fctx->edns, sa, link); +} + +static isc_boolean_t +triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) { + isc_sockaddr_t *sa; + + for (sa = ISC_LIST_HEAD(fctx->edns512); + sa != NULL; + sa = ISC_LIST_NEXT(sa, link)) { + if (isc_sockaddr_equal(sa, address)) + return (ISC_TRUE); + } + + return (ISC_FALSE); +} + +static void +add_triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) { + isc_sockaddr_t *sa; + + if (triededns512(fctx, address)) + return; + + sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx, + sizeof(*sa)); + if (sa == NULL) + return; + + *sa = *address; + ISC_LIST_INITANDAPPEND(fctx->edns512, sa, link); +} + static isc_result_t resquery_send(resquery_t *query) { fetchctx_t *fctx; @@ -1208,13 +1629,14 @@ resquery_send(resquery_t *query) { /* * Get a query id from the dispatch. */ - result = dns_dispatch_addresponse(query->dispatch, - &query->addrinfo->sockaddr, - task, - resquery_response, - query, - &query->id, - &query->dispentry); + result = dns_dispatch_addresponse2(query->dispatch, + &query->addrinfo->sockaddr, + task, + resquery_response, + query, + &query->id, + &query->dispentry, + res->socketmgr); if (result != ISC_R_SUCCESS) goto cleanup_temps; @@ -1244,7 +1666,9 @@ resquery_send(resquery_t *query) { * Set CD if the client says don't validate or the question is * under a secure entry point. */ - if ((query->options & DNS_FETCHOPT_NOVALIDATE) == 0) { + if ((query->options & DNS_FETCHOPT_NOVALIDATE) != 0) { + fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD; + } else if (res->view->enablevalidation) { result = dns_keytable_issecuredomain(res->view->secroots, &fctx->name, &secure_domain); @@ -1254,8 +1678,7 @@ resquery_send(resquery_t *query) { secure_domain = ISC_TRUE; if (secure_domain) fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD; - } else - fctx->qmessage->flags |= DNS_MESSAGEFLAG_CD; + } /* * We don't have to set opcode because it defaults to query. @@ -1294,26 +1717,74 @@ resquery_send(resquery_t *query) { !useedns) { query->options |= DNS_FETCHOPT_NOEDNS0; - dns_adb_changeflags(fctx->adb, - query->addrinfo, + dns_adb_changeflags(fctx->adb, query->addrinfo, DNS_FETCHOPT_NOEDNS0, DNS_FETCHOPT_NOEDNS0); } + /* Sync NOEDNS0 flag in addrinfo->flags and options now. */ + if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) != 0) + query->options |= DNS_FETCHOPT_NOEDNS0; + + /* + * Handle timeouts by reducing the UDP response size to 512 bytes + * then if that doesn't work disabling EDNS (includes DO) and CD. + * + * These timeout can be due to: + * * broken nameservers that don't respond to EDNS queries. + * * broken/misconfigured firewalls and NAT implementations + * that don't handle IP fragmentation. + * * broken/misconfigured firewalls that don't handle responses + * greater than 512 bytes. + * * broken/misconfigured firewalls that don't handle EDNS, DO + * or CD. + * * packet loss / link outage. + */ + if (fctx->timeout) { + if ((triededns512(fctx, &query->addrinfo->sockaddr) || + fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) && + (query->options & DNS_FETCHOPT_NOEDNS0) == 0) { + query->options |= DNS_FETCHOPT_NOEDNS0; + fctx->reason = "disabling EDNS"; + } else if ((triededns(fctx, &query->addrinfo->sockaddr) || + fctx->timeouts >= MAX_EDNS0_TIMEOUTS) && + (query->options & DNS_FETCHOPT_NOEDNS0) == 0) { + query->options |= DNS_FETCHOPT_EDNS512; + fctx->reason = "reducing the advertised EDNS UDP " + "packet size to 512 octets"; + } + fctx->timeout = ISC_FALSE; + } + /* * Use EDNS0, unless the caller doesn't want it, or we know that * the remote server doesn't like it. */ - if (fctx->timeouts >= MAX_EDNS0_TIMEOUTS && - (query->options & DNS_FETCHOPT_NOEDNS0) == 0) { - query->options |= DNS_FETCHOPT_NOEDNS0; - FCTXTRACE("too many timeouts, disabling EDNS0"); - } - if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) { if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) == 0) { - result = fctx_addopt(fctx->qmessage, res); - if (result != ISC_R_SUCCESS) { + unsigned int version = 0; /* Default version. */ + unsigned int flags; + isc_uint16_t udpsize = res->udpsize; + isc_boolean_t reqnsid = res->view->requestnsid; + + flags = query->addrinfo->flags; + if ((flags & DNS_FETCHOPT_EDNSVERSIONSET) != 0) { + version = flags & DNS_FETCHOPT_EDNSVERSIONMASK; + version >>= DNS_FETCHOPT_EDNSVERSIONSHIFT; + } + if ((query->options & DNS_FETCHOPT_EDNS512) != 0) + udpsize = 512; + else if (peer != NULL) + (void)dns_peer_getudpsize(peer, &udpsize); + + /* request NSID for current view or peer? */ + if (peer != NULL) + (void) dns_peer_getrequestnsid(peer, &reqnsid); + result = fctx_addopt(fctx->qmessage, version, + udpsize, reqnsid); + if (reqnsid && result == ISC_R_SUCCESS) { + query->options |= DNS_FETCHOPT_WANTNSID; + } else if (result != ISC_R_SUCCESS) { /* * We couldn't add the OPT, but we'll press on. * We're not using EDNS0, so set the NOEDNS0 @@ -1339,6 +1810,12 @@ resquery_send(resquery_t *query) { goto cleanup_message; } + if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) + add_triededns(fctx, &query->addrinfo->sockaddr); + + if ((query->options & DNS_FETCHOPT_EDNS512) != 0) + add_triededns512(fctx, &query->addrinfo->sockaddr); + /* * Clear CD if EDNS is not in use. */ @@ -1396,23 +1873,37 @@ resquery_send(resquery_t *query) { */ dns_message_reset(fctx->qmessage, DNS_MESSAGE_INTENTRENDER); - socket = dns_dispatch_getsocket(query->dispatch); + if (query->exclusivesocket) + socket = dns_dispatch_getentrysocket(query->dispentry); + else + socket = dns_dispatch_getsocket(query->dispatch); /* * Send the query! */ - if ((query->options & DNS_FETCHOPT_TCP) == 0) + if ((query->options & DNS_FETCHOPT_TCP) == 0) { address = &query->addrinfo->sockaddr; + if (query->exclusivesocket) { + result = isc_socket_connect(socket, address, task, + resquery_udpconnected, + query); + if (result != ISC_R_SUCCESS) + goto cleanup_message; + query->connects++; + } + } isc_buffer_usedregion(buffer, &r); /* * XXXRTH Make sure we don't send to ourselves! We should probably - * prune out these addresses when we get them from the ADB. + * prune out these addresses when we get them from the ADB. */ result = isc_socket_sendto(socket, &r, task, resquery_senddone, query, address, NULL); if (result != ISC_R_SUCCESS) goto cleanup_message; + query->sends++; + QTRACE("sent"); return (ISC_R_SUCCESS); @@ -1442,6 +1933,7 @@ resquery_connected(isc_task_t *task, isc_event_t *event) { isc_socketevent_t *sevent = (isc_socketevent_t *)event; resquery_t *query = event->ev_arg; isc_boolean_t retry = ISC_FALSE; + isc_interval_t interval; isc_result_t result; unsigned int attrs; fetchctx_t *fctx; @@ -1474,6 +1966,20 @@ resquery_connected(isc_task_t *task, isc_event_t *event) { } else { switch (sevent->result) { case ISC_R_SUCCESS: + + /* + * Extend the idle timer for TCP. 20 seconds + * should be long enough for a TCP connection to be + * established, a single DNS request to be sent, + * and the response received. + */ + isc_interval_set(&interval, 20, 0); + result = fctx_startidletimer(query->fctx, &interval); + if (result != ISC_R_SUCCESS) { + fctx_cancelquery(&query, NULL, NULL, ISC_FALSE); + fctx_done(fctx, result, __LINE__); + break; + } /* * We are connected. Create a dispatcher and * send the query. @@ -1506,9 +2012,8 @@ resquery_connected(isc_task_t *task, isc_event_t *event) { result = resquery_send(query); if (result != ISC_R_SUCCESS) { - fctx_cancelquery(&query, NULL, NULL, - ISC_FALSE); - fctx_done(fctx, result); + fctx_cancelquery(&query, NULL, NULL, ISC_FALSE); + fctx_done(fctx, result, __LINE__); } break; @@ -1534,7 +2039,7 @@ resquery_connected(isc_task_t *task, isc_event_t *event) { } isc_event_free(&event); - + if (retry) { /* * Behave as if the idle timer has expired. For TCP @@ -1543,9 +2048,9 @@ resquery_connected(isc_task_t *task, isc_event_t *event) { fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; result = fctx_stopidletimer(fctx); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); else - fctx_try(fctx); + fctx_try(fctx, ISC_TRUE); } } @@ -1579,13 +2084,16 @@ fctx_finddone(isc_task_t *task, isc_event_t *event) { fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) want_try = ISC_TRUE; - else if (fctx->pending == 0) { - /* - * We've got nothing else to wait for and don't - * know the answer. There's nothing to do but - * fail the fctx. - */ - want_done = ISC_TRUE; + else { + fctx->findfail++; + if (fctx->pending == 0) { + /* + * We've got nothing else to wait for and don't + * know the answer. There's nothing to do but + * fail the fctx. + */ + want_done = ISC_TRUE; + } } } else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 && fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) { @@ -1604,9 +2112,9 @@ fctx_finddone(isc_task_t *task, isc_event_t *event) { dns_adb_destroyfind(&find); if (want_try) - fctx_try(fctx); + fctx_try(fctx, ISC_TRUE); else if (want_done) - fctx_done(fctx, ISC_R_FAILURE); + fctx_done(fctx, ISC_R_FAILURE, __LINE__); else if (bucket_empty) empty_bucket(res); } @@ -1694,7 +2202,9 @@ mark_bad(fetchctx_t *fctx) { } static void -add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) { +add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason, + badnstype_t badtype) +{ char namebuf[DNS_NAME_FORMATSIZE]; char addrbuf[ISC_SOCKADDR_FORMATSIZE]; char classbuf[64]; @@ -1703,6 +2213,22 @@ add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) { isc_buffer_t b; isc_sockaddr_t *sa; const char *sep1, *sep2; + isc_sockaddr_t *address = &addrinfo->sockaddr; + + if (reason == DNS_R_LAME) + fctx->lamecount++; + else { + switch (badtype) { + case badns_unreachable: + fctx->neterr++; + break; + case badns_response: + fctx->badresp++; + break; + case badns_validation: + break; /* counted as 'valfail' */ + } + } if (bad_server(fctx, address)) { /* @@ -1713,13 +2239,19 @@ add_bad(fetchctx_t *fctx, isc_sockaddr_t *address, isc_result_t reason) { FCTXTRACE("add_bad"); - sa = isc_mem_get(fctx->res->mctx, sizeof(*sa)); + sa = isc_mem_get(fctx->res->buckets[fctx->bucketnum].mctx, + sizeof(*sa)); if (sa == NULL) return; *sa = *address; ISC_LIST_INITANDAPPEND(fctx->bad, sa, link); - if (reason == DNS_R_LAME) /* already logged */ + if (reason == DNS_R_LAME) /* already logged */ + return; + + if (reason == DNS_R_UNEXPECTEDRCODE && + fctx->rmessage->rcode == dns_rcode_servfail && + ISFORWARDER(addrinfo)) return; if (reason == DNS_R_UNEXPECTEDRCODE) { @@ -1828,7 +2360,7 @@ sort_finds(fetchctx_t *fctx) { static void findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, unsigned int options, unsigned int flags, isc_stdtime_t now, - isc_boolean_t *pruned, isc_boolean_t *need_alternate) + isc_boolean_t *need_alternate) { dns_adbaddrinfo_t *ai; dns_adbfind_t *find; @@ -1857,7 +2389,8 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, result = dns_adb_createfind(fctx->adb, res->buckets[fctx->bucketnum].task, fctx_finddone, fctx, name, - &fctx->domain, options, now, NULL, + &fctx->name, fctx->type, + options, now, NULL, res->view->dstport, &find); if (result != ISC_R_SUCCESS) { if (result == DNS_R_ALIAS) { @@ -1865,6 +2398,7 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, * XXXRTH Follow the CNAME/DNAME chain? */ dns_adb_destroyfind(&find); + fctx->adberr++; } } else if (!ISC_LIST_EMPTY(find->list)) { /* @@ -1909,6 +2443,11 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, find->result_v4 != DNS_R_NXDOMAIN))) *need_alternate = ISC_TRUE; } else { + if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0) + fctx->lamecount++; /* cached lame server */ + else + fctx->adberr++; /* unreachable server, etc. */ + /* * If we know there are no addresses for * the family we are using then try to add @@ -1920,23 +2459,21 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, (res->dispatchv6 == NULL && find->result_v4 == DNS_R_NXRRSET))) *need_alternate = ISC_TRUE; - /* - * And ADB isn't going to send us any events - * either. This find loses. - */ - if ((find->options & DNS_ADBFIND_LAMEPRUNED) != 0) { - /* - * The ADB pruned lame servers for - * this name. Remember that in case - * we get desperate later on. - */ - *pruned = ISC_TRUE; - } dns_adb_destroyfind(&find); } } } +static isc_boolean_t +isstrictsubdomain(dns_name_t *name1, dns_name_t *name2) { + int order; + unsigned int nlabels; + dns_namereln_t namereln; + + namereln = dns_name_fullcompare(name1, name2, &order, &nlabels); + return (ISC_TF(namereln == dns_namereln_subdomain)); +} + static isc_result_t fctx_getaddresses(fetchctx_t *fctx) { dns_rdata_t rdata = DNS_RDATA_INIT; @@ -1946,7 +2483,7 @@ fctx_getaddresses(fetchctx_t *fctx) { unsigned int stdoptions; isc_sockaddr_t *sa; dns_adbaddrinfo_t *ai; - isc_boolean_t pruned, all_bad; + isc_boolean_t all_bad; dns_rdata_ns_t ns; isc_boolean_t need_alternate = ISC_FALSE; @@ -1962,8 +2499,7 @@ fctx_getaddresses(fetchctx_t *fctx) { } res = fctx->res; - pruned = ISC_FALSE; - stdoptions = 0; /* Keep compiler happy. */ + stdoptions = 0; /* Keep compiler happy. */ /* * Forwarders. @@ -1983,27 +2519,51 @@ fctx_getaddresses(fetchctx_t *fctx) { dns_name_t *name = &fctx->name; dns_name_t suffix; unsigned int labels; + dns_fixedname_t fixed; + dns_name_t *domain; /* * DS records are found in the parent server. * Strip label to get the correct forwarder (if any). */ - if (fctx->type == dns_rdatatype_ds && + if (dns_rdatatype_atparent(fctx->type) && dns_name_countlabels(name) > 1) { dns_name_init(&suffix, NULL); labels = dns_name_countlabels(name); dns_name_getlabelsequence(name, 1, labels - 1, &suffix); name = &suffix; } - result = dns_fwdtable_find(fctx->res->view->fwdtable, name, - &forwarders); + + dns_fixedname_init(&fixed); + domain = dns_fixedname_name(&fixed); + result = dns_fwdtable_find2(fctx->res->view->fwdtable, name, + domain, &forwarders); if (result == ISC_R_SUCCESS) { sa = ISC_LIST_HEAD(forwarders->addrs); fctx->fwdpolicy = forwarders->fwdpolicy; + if (fctx->fwdpolicy == dns_fwdpolicy_only && + isstrictsubdomain(domain, &fctx->domain)) { + isc_mem_t *mctx; + + mctx = res->buckets[fctx->bucketnum].mctx; + dns_name_free(&fctx->domain, mctx); + dns_name_init(&fctx->domain, NULL); + result = dns_name_dup(domain, mctx, + &fctx->domain); + if (result != ISC_R_SUCCESS) + return (result); + } } } while (sa != NULL) { + if ((isc_sockaddr_pf(sa) == AF_INET && + fctx->res->dispatchv4 == NULL) || + (isc_sockaddr_pf(sa) == AF_INET6 && + fctx->res->dispatchv6 == NULL)) { + sa = ISC_LIST_NEXT(sa, link); + continue; + } ai = NULL; result = dns_adb_findaddrinfo(fctx->adb, sa, &ai, 0); /* XXXMLG */ @@ -2054,7 +2614,6 @@ fctx_getaddresses(fetchctx_t *fctx) { stdoptions |= DNS_ADBFIND_INET6; isc_stdtime_get(&now); - restart: INSIST(ISC_LIST_EMPTY(fctx->finds)); INSIST(ISC_LIST_EMPTY(fctx->altfinds)); @@ -2071,7 +2630,7 @@ fctx_getaddresses(fetchctx_t *fctx) { continue; findname(fctx, &ns.name, 0, stdoptions, 0, now, - &pruned, &need_alternate); + &need_alternate); dns_rdata_reset(&rdata); dns_rdata_freestruct(&ns); } @@ -2091,7 +2650,7 @@ fctx_getaddresses(fetchctx_t *fctx) { if (!a->isaddress) { findname(fctx, &a->_u._n.name, a->_u._n.port, stdoptions, FCTX_ADDRINFO_FORWARDER, - now, &pruned, NULL); + now, NULL); continue; } if (isc_sockaddr_pf(&a->_u.addr) != family) @@ -2134,18 +2693,6 @@ fctx_getaddresses(fetchctx_t *fctx) { * yet. Tell the caller to wait for an answer. */ result = DNS_R_WAIT; - } else if (pruned) { - /* - * Some addresses were removed by lame pruning. - * Turn pruning off and try again. - */ - FCTXTRACE("restarting with returnlame"); - INSIST((stdoptions & DNS_ADBFIND_RETURNLAME) == 0); - stdoptions |= DNS_ADBFIND_RETURNLAME; - pruned = ISC_FALSE; - fctx_cleanupaltfinds(fctx); - fctx_cleanupfinds(fctx); - goto restart; } else { /* * We've lost completely. We don't know any @@ -2187,7 +2734,7 @@ possibly_mark(fetchctx_t *fctx, dns_adbaddrinfo_t *addr) isc_netaddr_fromsockaddr(&ipaddr, sa); blackhole = dns_dispatchmgr_getblackhole(res->dispatchmgr); (void) dns_peerlist_peerbyaddr(res->view->peers, &ipaddr, &peer); - + if (blackhole != NULL) { int match; @@ -2374,7 +2921,7 @@ fctx_nextaddress(fetchctx_t *fctx) { } static void -fctx_try(fetchctx_t *fctx) { +fctx_try(fetchctx_t *fctx, isc_boolean_t retrying) { isc_result_t result; dns_adbaddrinfo_t *addrinfo; @@ -2404,7 +2951,7 @@ fctx_try(fetchctx_t *fctx) { /* * Something bad happened. */ - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); return; } @@ -2414,14 +2961,16 @@ fctx_try(fetchctx_t *fctx) { * might be bad ones. In this case, return SERVFAIL. */ if (addrinfo == NULL) { - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); return; } } result = fctx_query(fctx, addrinfo, fctx->options); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); + else if (retrying) + inc_stats(fctx->res, dns_resstatscounter_retry); } static isc_boolean_t @@ -2452,29 +3001,45 @@ fctx_destroy(fetchctx_t *fctx) { ISC_LIST_UNLINK(res->buckets[bucketnum].fctxs, fctx, link); - /* - * Free bad. - */ - for (sa = ISC_LIST_HEAD(fctx->bad); + /* + * Free bad. + */ + for (sa = ISC_LIST_HEAD(fctx->bad); + sa != NULL; + sa = next_sa) { + next_sa = ISC_LIST_NEXT(sa, link); + ISC_LIST_UNLINK(fctx->bad, sa, link); + isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa)); + } + + for (sa = ISC_LIST_HEAD(fctx->edns); + sa != NULL; + sa = next_sa) { + next_sa = ISC_LIST_NEXT(sa, link); + ISC_LIST_UNLINK(fctx->edns, sa, link); + isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa)); + } + + for (sa = ISC_LIST_HEAD(fctx->edns512); sa != NULL; sa = next_sa) { next_sa = ISC_LIST_NEXT(sa, link); - ISC_LIST_UNLINK(fctx->bad, sa, link); - isc_mem_put(res->mctx, sa, sizeof(*sa)); + ISC_LIST_UNLINK(fctx->edns512, sa, link); + isc_mem_put(res->buckets[bucketnum].mctx, sa, sizeof(*sa)); } isc_timer_detach(&fctx->timer); dns_message_destroy(&fctx->rmessage); dns_message_destroy(&fctx->qmessage); if (dns_name_countlabels(&fctx->domain) > 0) - dns_name_free(&fctx->domain, res->mctx); + dns_name_free(&fctx->domain, res->buckets[bucketnum].mctx); if (dns_rdataset_isassociated(&fctx->nameservers)) dns_rdataset_disassociate(&fctx->nameservers); - dns_name_free(&fctx->name, res->mctx); + dns_name_free(&fctx->name, res->buckets[bucketnum].mctx); dns_db_detach(&fctx->cache); dns_adb_detach(&fctx->adb); - isc_mem_free(res->mctx, fctx->info); - isc_mem_put(res->mctx, fctx, sizeof(*fctx)); + isc_mem_free(res->buckets[bucketnum].mctx, fctx->info); + isc_mem_put(res->buckets[bucketnum].mctx, fctx, sizeof(*fctx)); LOCK(&res->nlock); res->nfctx--; @@ -2494,6 +3059,8 @@ fctx_destroy(fetchctx_t *fctx) { static void fctx_timeout(isc_task_t *task, isc_event_t *event) { fetchctx_t *fctx = event->ev_arg; + isc_timerevent_t *tevent = (isc_timerevent_t *)event; + resquery_t *query; REQUIRE(VALID_FCTX(fctx)); @@ -2501,16 +3068,30 @@ fctx_timeout(isc_task_t *task, isc_event_t *event) { FCTXTRACE("timeout"); + inc_stats(fctx->res, dns_resstatscounter_querytimeout); + if (event->ev_type == ISC_TIMEREVENT_LIFE) { - fctx_done(fctx, ISC_R_TIMEDOUT); + fctx->reason = NULL; + fctx_done(fctx, ISC_R_TIMEDOUT, __LINE__); } else { isc_result_t result; fctx->timeouts++; + fctx->timeout = ISC_TRUE; /* * We could cancel the running queries here, or we could let - * them keep going. Right now we choose the latter... + * them keep going. Since we normally use separate sockets for + * different queries, we adopt the former approach to reduce + * the number of open sockets: cancel the oldest query if it + * expired after the query had started (this is usually the + * case but is not always so, depending on the task schedule + * timing). */ + query = ISC_LIST_HEAD(fctx->queries); + if (query != NULL && + isc_time_compare(&tevent->due, &query->start) >= 0) { + fctx_cancelquery(&query, NULL, NULL, ISC_TRUE); + } fctx->attributes &= ~FCTX_ATTR_ADDRWAIT; /* * Our timer has triggered. Reestablish the fctx lifetime @@ -2518,12 +3099,12 @@ fctx_timeout(isc_task_t *task, isc_event_t *event) { */ result = fctx_starttimer(fctx); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); else /* * Keep trying. */ - fctx_try(fctx); + fctx_try(fctx, ISC_TRUE); } isc_event_free(&event); @@ -2592,7 +3173,7 @@ fctx_doshutdown(isc_task_t *task, isc_event_t *event) { dns_validator_cancel(validator); validator = ISC_LIST_NEXT(validator, link); } - + if (fctx->nsfetch != NULL) dns_resolver_cancelfetch(fctx->nsfetch); @@ -2613,7 +3194,7 @@ fctx_doshutdown(isc_task_t *task, isc_event_t *event) { if (fctx->state != fetchstate_done) { fctx->state = fetchstate_done; - fctx_sendevents(fctx, ISC_R_CANCELED); + fctx_sendevents(fctx, ISC_R_CANCELED, __LINE__); } if (fctx->references == 0 && fctx->pending == 0 && @@ -2652,7 +3233,7 @@ fctx_start(isc_task_t *task, isc_event_t *event) { */ fctx->attributes |= FCTX_ATTR_SHUTTINGDOWN; fctx->state = fetchstate_done; - fctx_sendevents(fctx, ISC_R_CANCELED); + fctx_sendevents(fctx, ISC_R_CANCELED, __LINE__); /* * Since we haven't started, we INSIST that we have no * pending ADB finds and no pending validations. @@ -2691,9 +3272,9 @@ fctx_start(isc_task_t *task, isc_event_t *event) { */ result = fctx_starttimer(fctx); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); else - fctx_try(fctx); + fctx_try(fctx, ISC_FALSE); } else if (bucket_empty) empty_bucket(res); } @@ -2703,8 +3284,9 @@ fctx_start(isc_task_t *task, isc_event_t *event) { */ static inline isc_result_t -fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action, - void *arg, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, +fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client, + dns_messageid_t id, isc_taskaction_t action, void *arg, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, dns_fetch_t *fetch) { isc_task_t *clone; @@ -2720,8 +3302,7 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action, clone = NULL; isc_task_attach(task, &clone); event = (dns_fetchevent_t *) - isc_event_allocate(fctx->res->mctx, clone, - DNS_EVENT_FETCHDONE, + isc_event_allocate(fctx->res->mctx, clone, DNS_EVENT_FETCHDONE, action, arg, sizeof(*event)); if (event == NULL) { isc_task_detach(&clone); @@ -2734,6 +3315,8 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_taskaction_t action, event->rdataset = rdataset; event->sigrdataset = sigrdataset; event->fetch = fetch; + event->client = client; + event->id = id; dns_fixedname_init(&event->foundname); /* @@ -2772,21 +3355,21 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, */ REQUIRE(fctxp != NULL && *fctxp == NULL); - fctx = isc_mem_get(res->mctx, sizeof(*fctx)); + fctx = isc_mem_get(res->buckets[bucketnum].mctx, sizeof(*fctx)); if (fctx == NULL) return (ISC_R_NOMEMORY); dns_name_format(name, buf, sizeof(buf)); dns_rdatatype_format(type, typebuf, sizeof(typebuf)); - strcat(buf, "/"); /* checked */ - strcat(buf, typebuf); /* checked */ - fctx->info = isc_mem_strdup(res->mctx, buf); + strcat(buf, "/"); /* checked */ + strcat(buf, typebuf); /* checked */ + fctx->info = isc_mem_strdup(res->buckets[bucketnum].mctx, buf); if (fctx->info == NULL) { result = ISC_R_NOMEMORY; goto cleanup_fetch; } FCTXTRACE("create"); dns_name_init(&fctx->name, NULL); - result = dns_name_dup(name, res->mctx, &fctx->name); + result = dns_name_dup(name, res->buckets[bucketnum].mctx, &fctx->name); if (result != ISC_R_SUCCESS) goto cleanup_info; dns_name_init(&fctx->domain, NULL); @@ -2813,14 +3396,33 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, ISC_LIST_INIT(fctx->forwarders); fctx->fwdpolicy = dns_fwdpolicy_none; ISC_LIST_INIT(fctx->bad); + ISC_LIST_INIT(fctx->edns); + ISC_LIST_INIT(fctx->edns512); ISC_LIST_INIT(fctx->validators); + fctx->validator = NULL; fctx->find = NULL; fctx->altfind = NULL; fctx->pending = 0; fctx->restarts = 0; + fctx->querysent = 0; + fctx->referrals = 0; + TIME_NOW(&fctx->start); fctx->timeouts = 0; + fctx->lamecount = 0; + fctx->adberr = 0; + fctx->neterr = 0; + fctx->badresp = 0; + fctx->findfail = 0; + fctx->valfail = 0; + fctx->result = ISC_R_FAILURE; + fctx->vresult = ISC_R_SUCCESS; + fctx->exitline = -1; /* sentinel */ + fctx->logged = ISC_FALSE; fctx->attributes = 0; + fctx->spilled = ISC_FALSE; fctx->nqueries = 0; + fctx->reason = NULL; + fctx->timeout = ISC_FALSE; dns_name_init(&fctx->nsname, NULL); fctx->nsfetch = NULL; @@ -2829,21 +3431,22 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, if (domain == NULL) { dns_forwarders_t *forwarders = NULL; unsigned int labels; + dns_name_t *fwdname = name; /* * DS records are found in the parent server. * Strip label to get the correct forwarder (if any). */ - if (fctx->type == dns_rdatatype_ds && + if (dns_rdatatype_atparent(fctx->type) && dns_name_countlabels(name) > 1) { dns_name_init(&suffix, NULL); labels = dns_name_countlabels(name); dns_name_getlabelsequence(name, 1, labels - 1, &suffix); - name = &suffix; + fwdname = &suffix; } dns_fixedname_init(&fixed); domain = dns_fixedname_name(&fixed); - result = dns_fwdtable_find2(fctx->res->view->fwdtable, name, + result = dns_fwdtable_find2(fctx->res->view->fwdtable, fwdname, domain, &forwarders); if (result == ISC_R_SUCCESS) fctx->fwdpolicy = forwarders->fwdpolicy; @@ -2854,7 +3457,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, * nameservers, and we're not in forward-only mode, * so find the best nameservers to use. */ - if (dns_rdatatype_atparent(type)) + if (dns_rdatatype_atparent(fctx->type)) findoptions |= DNS_DBFIND_NOEXACT; result = dns_view_findzonecut(res->view, name, domain, 0, findoptions, ISC_TRUE, @@ -2862,7 +3465,9 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, NULL); if (result != ISC_R_SUCCESS) goto cleanup_name; - result = dns_name_dup(domain, res->mctx, &fctx->domain); + result = dns_name_dup(domain, + res->buckets[bucketnum].mctx, + &fctx->domain); if (result != ISC_R_SUCCESS) { dns_rdataset_disassociate(&fctx->nameservers); goto cleanup_name; @@ -2871,12 +3476,16 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, /* * We're in forward-only mode. Set the query domain. */ - result = dns_name_dup(domain, res->mctx, &fctx->domain); + result = dns_name_dup(domain, + res->buckets[bucketnum].mctx, + &fctx->domain); if (result != ISC_R_SUCCESS) goto cleanup_name; } } else { - result = dns_name_dup(domain, res->mctx, &fctx->domain); + result = dns_name_dup(domain, + res->buckets[bucketnum].mctx, + &fctx->domain); if (result != ISC_R_SUCCESS) goto cleanup_name; dns_rdataset_clone(nameservers, &fctx->nameservers); @@ -2885,14 +3494,16 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)); fctx->qmessage = NULL; - result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTRENDER, + result = dns_message_create(res->buckets[bucketnum].mctx, + DNS_MESSAGE_INTENTRENDER, &fctx->qmessage); if (result != ISC_R_SUCCESS) goto cleanup_domain; fctx->rmessage = NULL; - result = dns_message_create(res->mctx, DNS_MESSAGE_INTENTPARSE, + result = dns_message_create(res->buckets[bucketnum].mctx, + DNS_MESSAGE_INTENTPARSE, &fctx->rmessage); if (result != ISC_R_SUCCESS) @@ -2901,7 +3512,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, /* * Compute an expiration time for the entire fetch. */ - isc_interval_set(&interval, 30, 0); /* XXXRTH constant */ + isc_interval_set(&interval, 30, 0); /* XXXRTH constant */ iresult = isc_time_nowplusinterval(&fctx->expires, &interval); if (iresult != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -2965,18 +3576,18 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, cleanup_domain: if (dns_name_countlabels(&fctx->domain) > 0) - dns_name_free(&fctx->domain, res->mctx); + dns_name_free(&fctx->domain, res->buckets[bucketnum].mctx); if (dns_rdataset_isassociated(&fctx->nameservers)) dns_rdataset_disassociate(&fctx->nameservers); cleanup_name: - dns_name_free(&fctx->name, res->mctx); + dns_name_free(&fctx->name, res->buckets[bucketnum].mctx); cleanup_info: - isc_mem_free(res->mctx, fctx->info); + isc_mem_free(res->buckets[bucketnum].mctx, fctx->info); cleanup_fetch: - isc_mem_put(res->mctx, fctx, sizeof(*fctx)); + isc_mem_put(res->buckets[bucketnum].mctx, fctx, sizeof(*fctx)); return (result); } @@ -3014,7 +3625,7 @@ is_lame(fetchctx_t *fctx) { if (rdataset->type != dns_rdatatype_ns) continue; namereln = dns_name_fullcompare(name, &fctx->domain, - &order, &labels); + &order, &labels); if (namereln == dns_namereln_equal && (message->flags & DNS_MESSAGEFLAG_AA) != 0) return (ISC_FALSE); @@ -3031,9 +3642,9 @@ is_lame(fetchctx_t *fctx) { static inline void log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) { char namebuf[DNS_NAME_FORMATSIZE]; - char domainbuf[DNS_NAME_FORMATSIZE]; + char domainbuf[DNS_NAME_FORMATSIZE]; char addrbuf[ISC_SOCKADDR_FORMATSIZE]; - + dns_name_format(&fctx->name, namebuf, sizeof(namebuf)); dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf)); @@ -3121,13 +3732,13 @@ clone_results(fetchctx_t *fctx) { } } -#define CACHE(r) (((r)->attributes & DNS_RDATASETATTR_CACHE) != 0) -#define ANSWER(r) (((r)->attributes & DNS_RDATASETATTR_ANSWER) != 0) -#define ANSWERSIG(r) (((r)->attributes & DNS_RDATASETATTR_ANSWERSIG) != 0) -#define EXTERNAL(r) (((r)->attributes & DNS_RDATASETATTR_EXTERNAL) != 0) -#define CHAINING(r) (((r)->attributes & DNS_RDATASETATTR_CHAINING) != 0) -#define CHASE(r) (((r)->attributes & DNS_RDATASETATTR_CHASE) != 0) -#define CHECKNAMES(r) (((r)->attributes & DNS_RDATASETATTR_CHECKNAMES) != 0) +#define CACHE(r) (((r)->attributes & DNS_RDATASETATTR_CACHE) != 0) +#define ANSWER(r) (((r)->attributes & DNS_RDATASETATTR_ANSWER) != 0) +#define ANSWERSIG(r) (((r)->attributes & DNS_RDATASETATTR_ANSWERSIG) != 0) +#define EXTERNAL(r) (((r)->attributes & DNS_RDATASETATTR_EXTERNAL) != 0) +#define CHAINING(r) (((r)->attributes & DNS_RDATASETATTR_CHAINING) != 0) +#define CHASE(r) (((r)->attributes & DNS_RDATASETATTR_CHASE) != 0) +#define CHECKNAMES(r) (((r)->attributes & DNS_RDATASETATTR_CHECKNAMES) != 0) /* @@ -3136,14 +3747,14 @@ clone_results(fetchctx_t *fctx) { * was the last fctx in the resolver, destroy the resolver. * * Requires: - * '*fctx' is shutting down. + * '*fctx' is shutting down. */ static void maybe_destroy(fetchctx_t *fctx) { unsigned int bucketnum; isc_boolean_t bucket_empty = ISC_FALSE; dns_resolver_t *res = fctx->res; - dns_validator_t *validator; + dns_validator_t *validator, *next_validator; REQUIRE(SHUTTINGDOWN(fctx)); @@ -3151,16 +3762,22 @@ maybe_destroy(fetchctx_t *fctx) { return; for (validator = ISC_LIST_HEAD(fctx->validators); - validator != NULL; - validator = ISC_LIST_HEAD(fctx->validators)) { - ISC_LIST_UNLINK(fctx->validators, validator, link); + validator != NULL; validator = next_validator) { + next_validator = ISC_LIST_NEXT(validator, link); dns_validator_cancel(validator); + /* + * If this is a active validator wait for the cancel + * to complete before calling dns_validator_destroy(). + */ + if (validator == fctx->validator) + continue; + ISC_LIST_UNLINK(fctx->validators, validator, link); dns_validator_destroy(&validator); } bucketnum = fctx->bucketnum; LOCK(&res->buckets[bucketnum].lock); - if (fctx->references == 0) + if (fctx->references == 0 && ISC_LIST_EMPTY(fctx->validators)) bucket_empty = fctx_destroy(fctx); UNLOCK(&res->buckets[bucketnum].lock); @@ -3207,13 +3824,15 @@ validated(isc_task_t *task, isc_event_t *event) { FCTXTRACE("received validation completion event"); ISC_LIST_UNLINK(fctx->validators, vevent->validator, link); + fctx->validator = NULL; /* * Destroy the validator early so that we can * destroy the fctx if necessary. */ dns_validator_destroy(&vevent->validator); - isc_mem_put(fctx->res->mctx, valarg, sizeof(*valarg)); + isc_mem_put(fctx->res->buckets[fctx->bucketnum].mctx, + valarg, sizeof(*valarg)); negative = ISC_TF(vevent->rdataset == NULL); @@ -3225,7 +3844,7 @@ validated(isc_task_t *task, isc_event_t *event) { * so, destroy the fctx. */ if (SHUTTINGDOWN(fctx) && !sentresponse) { - maybe_destroy(fctx); /* Locks bucket. */ + maybe_destroy(fctx); /* Locks bucket. */ goto cleanup_event; } @@ -3274,6 +3893,9 @@ validated(isc_task_t *task, isc_event_t *event) { if (vevent->result != ISC_R_SUCCESS) { FCTXTRACE("validation failed"); + inc_stats(fctx->res, dns_resstatscounter_valfail); + fctx->valfail++; + fctx->vresult = vevent->result; result = ISC_R_NOTFOUND; if (vevent->rdataset != NULL) result = dns_db_findnode(fctx->cache, vevent->name, @@ -3288,15 +3910,17 @@ validated(isc_task_t *task, isc_event_t *event) { if (result == ISC_R_SUCCESS) dns_db_detachnode(fctx->cache, &node); result = vevent->result; - add_bad(fctx, &addrinfo->sockaddr, result); + add_bad(fctx, addrinfo, result, badns_validation); isc_event_free(&event); UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); - if (!ISC_LIST_EMPTY(fctx->validators)) - dns_validator_send(ISC_LIST_HEAD(fctx->validators)); - else if (sentresponse) - fctx_done(fctx, result); /* Locks bucket. */ + INSIST(fctx->validator == NULL); + fctx->validator = ISC_LIST_HEAD(fctx->validators); + if (fctx->validator != NULL) { + dns_validator_send(fctx->validator); + } else if (sentresponse) + fctx_done(fctx, result, __LINE__); /* Locks bucket. */ else - fctx_try(fctx); /* Locks bucket. */ + fctx_try(fctx, ISC_TRUE); /* Locks bucket. */ return; } @@ -3306,6 +3930,8 @@ validated(isc_task_t *task, isc_event_t *event) { dns_rdatatype_t covers; FCTXTRACE("nonexistence validation OK"); + inc_stats(fctx->res, dns_resstatscounter_valnegsuccess); + if (fctx->rmessage->rcode == dns_rcode_nxdomain) covers = dns_rdatatype_any; else @@ -3319,11 +3945,12 @@ validated(isc_task_t *task, isc_event_t *event) { /* * If we are asking for a SOA record set the cache time * to zero to facilitate locating the containing zone of - * a arbitary zone. + * a arbitrary zone. */ ttl = fctx->res->view->maxncachettl; if (fctx->type == dns_rdatatype_soa && - covers == dns_rdatatype_any) + covers == dns_rdatatype_any && + fctx->res->zero_no_soa_ttl) ttl = 0; result = ncache_adderesult(fctx->rmessage, fctx->cache, node, @@ -3332,7 +3959,8 @@ validated(isc_task_t *task, isc_event_t *event) { if (result != ISC_R_SUCCESS) goto noanswer_response; goto answer_response; - } + } else + inc_stats(fctx->res, dns_resstatscounter_valsuccess); FCTXTRACE("validation OK"); @@ -3360,7 +3988,12 @@ validated(isc_task_t *task, isc_event_t *event) { if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) goto noanswer_response; - if (vevent->sigrdataset != NULL) { + if (ardataset != NULL && ardataset->type == 0) { + if (NXDOMAIN(ardataset)) + eresult = DNS_R_NCACHENXDOMAIN; + else + eresult = DNS_R_NCACHENXRRSET; + } else if (vevent->sigrdataset != NULL) { result = dns_db_addrdataset(fctx->cache, node, NULL, now, vevent->sigrdataset, 0, asigrdataset); @@ -3374,9 +4007,10 @@ validated(isc_task_t *task, isc_event_t *event) { * If we only deferred the destroy because we wanted to cache * the data, destroy now. */ + dns_db_detachnode(fctx->cache, &node); UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); if (SHUTTINGDOWN(fctx)) - maybe_destroy(fctx); /* Locks bucket. */ + maybe_destroy(fctx); /* Locks bucket. */ goto cleanup_event; } @@ -3390,6 +4024,7 @@ validated(isc_task_t *task, isc_event_t *event) { * more rdatasets that still need to * be validated. */ + dns_db_detachnode(fctx->cache, &node); UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); dns_validator_send(ISC_LIST_HEAD(fctx->validators)); goto cleanup_event; @@ -3455,8 +4090,7 @@ validated(isc_task_t *task, isc_event_t *event) { dns_fixedname_name(&hevent->foundname), NULL) == ISC_R_SUCCESS); dns_db_attach(fctx->cache, &hevent->db); - hevent->node = node; - node = NULL; + dns_db_transfernode(fctx->cache, &node, &hevent->node); clone_results(fctx); } @@ -3466,15 +4100,17 @@ validated(isc_task_t *task, isc_event_t *event) { UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); - fctx_done(fctx, result); /* Locks bucket. */ + fctx_done(fctx, result, __LINE__); /* Locks bucket. */ cleanup_event: + INSIST(node == NULL); isc_event_free(&event); } static inline isc_result_t cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, - isc_stdtime_t now) { + isc_stdtime_t now) +{ dns_rdataset_t *rdataset, *sigrdataset; dns_rdataset_t *addedrdataset, *ardataset, *asigrdataset; dns_rdataset_t *valrdataset = NULL, *valsigrdataset = NULL; @@ -3504,14 +4140,16 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, /* * Is DNSSEC validation required for this name? */ - result = dns_keytable_issecuredomain(res->view->secroots, name, - &secure_domain); - if (result != ISC_R_SUCCESS) - return (result); + if (res->view->enablevalidation) { + result = dns_keytable_issecuredomain(res->view->secroots, name, + &secure_domain); + if (result != ISC_R_SUCCESS) + return (result); - if (!secure_domain && res->view->dlv != NULL) { - valoptions = DNS_VALIDATOR_DLV; - secure_domain = ISC_TRUE; + if (!secure_domain && res->view->dlv != NULL) { + valoptions = DNS_VALIDATOR_DLV; + secure_domain = ISC_TRUE; + } } if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0) @@ -3580,14 +4218,16 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, sizeof(typebuf)); dns_rdataclass_format(rdataset->rdclass, classbuf, sizeof(classbuf)); - isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, + isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, - "check-names %s %s/%s/%s", + "check-names %s %s/%s/%s", fail ? "failure" : "warning", namebuf, typebuf, classbuf); if (fail) { - if (ANSWER(rdataset)) + if (ANSWER(rdataset)) { + dns_db_detachnode(fctx->cache, &node); return (DNS_R_BADNAME); + } continue; } } @@ -3645,32 +4285,53 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, rdataset->trust = dns_trust_pending; if (sigrdataset != NULL) sigrdataset->trust = dns_trust_pending; - if (!need_validation) + if (!need_validation || !ANSWER(rdataset)) { addedrdataset = ardataset; - else - addedrdataset = NULL; - result = dns_db_addrdataset(fctx->cache, node, NULL, - now, rdataset, 0, - addedrdataset); - if (result == DNS_R_UNCHANGED) - result = ISC_R_SUCCESS; - if (result != ISC_R_SUCCESS) - break; - if (sigrdataset != NULL) { - if (!need_validation) - addedrdataset = asigrdataset; - else - addedrdataset = NULL; - result = dns_db_addrdataset(fctx->cache, - node, NULL, now, - sigrdataset, 0, - addedrdataset); - if (result == DNS_R_UNCHANGED) + result = dns_db_addrdataset(fctx->cache, node, + NULL, now, rdataset, + 0, addedrdataset); + if (result == DNS_R_UNCHANGED) { result = ISC_R_SUCCESS; + if (!need_validation && + ardataset != NULL && + ardataset->type == 0) { + /* + * The answer in the cache is + * better than the answer we + * found, and is a negative + * cache entry, so we must set + * eresult appropriately. + */ + if (NXDOMAIN(ardataset)) + eresult = + DNS_R_NCACHENXDOMAIN; + else + eresult = + DNS_R_NCACHENXRRSET; + /* + * We have a negative response + * from the cache so don't + * attempt to add the RRSIG + * rrset. + */ + continue; + } + } if (result != ISC_R_SUCCESS) break; - } else if (!ANSWER(rdataset)) - continue; + if (sigrdataset != NULL) { + addedrdataset = asigrdataset; + result = dns_db_addrdataset(fctx->cache, + node, NULL, now, + sigrdataset, 0, + addedrdataset); + if (result == DNS_R_UNCHANGED) + result = ISC_R_SUCCESS; + if (result != ISC_R_SUCCESS) + break; + } else if (!ANSWER(rdataset)) + continue; + } if (ANSWER(rdataset) && need_validation) { if (fctx->type != dns_rdatatype_any && @@ -3706,7 +4367,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, * Defer any further validations. * This prevents multiple validators * from manipulating fctx->rmessage - * simultaniously. + * simultaneously. */ valoptions |= DNS_VALIDATOR_DEFER; } @@ -3770,12 +4431,10 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, * a negative cache entry, so we * must set eresult appropriately. */ - if (NXDOMAIN(ardataset)) - eresult = - DNS_R_NCACHENXDOMAIN; - else - eresult = - DNS_R_NCACHENXRRSET; + if (NXDOMAIN(ardataset)) + eresult = DNS_R_NCACHENXDOMAIN; + else + eresult = DNS_R_NCACHENXRRSET; } result = ISC_R_SUCCESS; } else if (result != ISC_R_SUCCESS) @@ -3786,15 +4445,22 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, if (valrdataset != NULL) result = valcreate(fctx, addrinfo, name, fctx->type, valrdataset, valsigrdataset, valoptions, - task); + task); if (result == ISC_R_SUCCESS && have_answer) { fctx->attributes |= FCTX_ATTR_HAVEANSWER; if (event != NULL) { + /* + * Negative results must be indicated in event->result. + */ + if (dns_rdataset_isassociated(event->rdataset) && + event->rdataset->type == dns_rdatatype_none) { + INSIST(eresult == DNS_R_NCACHENXDOMAIN || + eresult == DNS_R_NCACHENXRRSET); + } event->result = eresult; dns_db_attach(fctx->cache, adbp); - *anodep = node; - node = NULL; + dns_db_transfernode(fctx->cache, &node, anodep); clone_results(fctx); } } @@ -3932,14 +4598,16 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, /* * Is DNSSEC validation required for this name? */ - result = dns_keytable_issecuredomain(res->view->secroots, name, - &secure_domain); - if (result != ISC_R_SUCCESS) - return (result); + if (fctx->res->view->enablevalidation) { + result = dns_keytable_issecuredomain(res->view->secroots, name, + &secure_domain); + if (result != ISC_R_SUCCESS) + return (result); - if (!secure_domain && res->view->dlv != NULL) { - valoptions = DNS_VALIDATOR_DLV; - secure_domain = ISC_TRUE; + if (!secure_domain && res->view->dlv != NULL) { + valoptions = DNS_VALIDATOR_DLV; + secure_domain = ISC_TRUE; + } } if ((fctx->options & DNS_FETCHOPT_NOVALIDATE) != 0) @@ -4015,11 +4683,12 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, /* * If we are asking for a SOA record set the cache time * to zero to facilitate locating the containing zone of - * a arbitary zone. + * a arbitrary zone. */ ttl = fctx->res->view->maxncachettl; if (fctx->type == dns_rdatatype_soa && - covers == dns_rdatatype_any) + covers == dns_rdatatype_any && + fctx->res->zero_no_soa_ttl) ttl = 0; result = ncache_adderesult(fctx->rmessage, fctx->cache, node, @@ -4032,8 +4701,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, if (event != NULL) { event->result = eresult; dns_db_attach(fctx->cache, adbp); - *anodep = node; - node = NULL; + dns_db_transfernode(fctx->cache, &node, anodep); clone_results(fctx); } } @@ -4140,7 +4808,7 @@ chase_additional(fetchctx_t *fctx) { again: rescan = ISC_FALSE; - + for (result = dns_message_firstname(fctx->rmessage, section); result == ISC_R_SUCCESS; result = dns_message_nextname(fctx->rmessage, section)) { @@ -4220,7 +4888,7 @@ dname_target(dns_rdataset_t *rdataset, dns_name_t *qname, dns_name_t *oname, return (DNS_R_FORMERR); } dns_fixedname_init(&prefix); - dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL); + dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL); dns_fixedname_init(fixeddname); result = dns_name_concatenate(dns_fixedname_name(&prefix), &dname.dname, @@ -4244,7 +4912,7 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, dns_message_t *message; dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name; dns_rdataset_t *rdataset, *ns_rdataset; - isc_boolean_t done, aa, negative_response; + isc_boolean_t aa, negative_response; dns_rdatatype_t type; dns_section_t section = bind8_ns_resp ? DNS_SECTION_ANSWER : DNS_SECTION_AUTHORITY; @@ -4303,13 +4971,12 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, /* * Process the authority section. */ - done = ISC_FALSE; ns_name = NULL; ns_rdataset = NULL; soa_name = NULL; ds_name = NULL; result = dns_message_firstname(message, section); - while (!done && result == ISC_R_SUCCESS) { + while (result == ISC_R_SUCCESS) { name = NULL; dns_message_currentname(message, section, &name); if (dns_name_issubdomain(name, &fctx->domain)) { @@ -4371,15 +5038,29 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, dns_trust_additional; } } - /* - * A negative response has a SOA record (Type 2) - * and a optional NS RRset (Type 1) or it has neither - * a SOA or a NS RRset (Type 3, handled above) or - * rcode is NXDOMAIN (handled above) in which case - * the NS RRset is allowed (Type 4). - */ - if (soa_name != NULL) - negative_response = ISC_TRUE; + } + result = dns_message_nextname(message, section); + if (result == ISC_R_NOMORE) + break; + else if (result != ISC_R_SUCCESS) + return (result); + } + + /* + * A negative response has a SOA record (Type 2) + * and a optional NS RRset (Type 1) or it has neither + * a SOA or a NS RRset (Type 3, handled above) or + * rcode is NXDOMAIN (handled above) in which case + * the NS RRset is allowed (Type 4). + */ + if (soa_name != NULL) + negative_response = ISC_TRUE; + + result = dns_message_firstname(message, section); + while (result == ISC_R_SUCCESS) { + name = NULL; + dns_message_currentname(message, section, &name); + if (dns_name_issubdomain(name, &fctx->domain)) { for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { @@ -4531,14 +5212,17 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname, * Set the current query domain to the referral name. * * XXXRTH We should check if we're in forward-only mode, and - * if so we should bail out. + * if so we should bail out. */ INSIST(dns_name_countlabels(&fctx->domain) > 0); - dns_name_free(&fctx->domain, fctx->res->mctx); + dns_name_free(&fctx->domain, + fctx->res->buckets[fctx->bucketnum].mctx); if (dns_rdataset_isassociated(&fctx->nameservers)) dns_rdataset_disassociate(&fctx->nameservers); dns_name_init(&fctx->domain, NULL); - result = dns_name_dup(ns_name, fctx->res->mctx, &fctx->domain); + result = dns_name_dup(ns_name, + fctx->res->buckets[fctx->bucketnum].mctx, + &fctx->domain); if (result != ISC_R_SUCCESS) return (result); fctx->attributes |= FCTX_ATTR_WANTCACHE; @@ -4830,7 +5514,7 @@ answer_response(fetchctx_t *fctx) { */ if (found_dname) { /* - * Copy the the dname into the + * Copy the dname into the * qname fixed name. * * Although we check for @@ -4984,7 +5668,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { bucketnum = fctx->bucketnum; if (fevent->result == ISC_R_CANCELED) { dns_resolver_destroyfetch(&fctx->nsfetch); - fctx_done(fctx, ISC_R_CANCELED); + fctx_done(fctx, ISC_R_CANCELED, __LINE__); } else if (fevent->result == ISC_R_SUCCESS) { FCTXTRACE("resuming DS lookup"); @@ -4993,18 +5677,20 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { if (dns_rdataset_isassociated(&fctx->nameservers)) dns_rdataset_disassociate(&fctx->nameservers); dns_rdataset_clone(fevent->rdataset, &fctx->nameservers); - dns_name_free(&fctx->domain, fctx->res->mctx); + dns_name_free(&fctx->domain, + fctx->res->buckets[bucketnum].mctx); dns_name_init(&fctx->domain, NULL); - result = dns_name_dup(&fctx->nsname, fctx->res->mctx, + result = dns_name_dup(&fctx->nsname, + fctx->res->buckets[bucketnum].mctx, &fctx->domain); if (result != ISC_R_SUCCESS) { - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); goto cleanup; } /* * Try again. */ - fctx_try(fctx); + fctx_try(fctx, ISC_TRUE); } else { unsigned int n; dns_rdataset_t *nsrdataset = NULL; @@ -5016,7 +5702,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { domain = dns_fixedname_name(&fixed); dns_name_copy(&fctx->nsfetch->private->domain, domain, NULL); if (dns_name_equal(&fctx->nsname, domain)) { - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); dns_resolver_destroyfetch(&fctx->nsfetch); goto cleanup; } @@ -5043,7 +5729,7 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) { &fctx->nsrrset, NULL, &fctx->nsfetch); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); else { LOCK(&res->buckets[bucketnum].lock); locked = ISC_TRUE; @@ -5074,7 +5760,7 @@ checknamessection(dns_message_t *message, dns_section_t section) { dns_name_t *name; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_t *rdataset; - + for (result = dns_message_firstname(message, section); result == ISC_R_SUCCESS; result = dns_message_nextname(message, section)) @@ -5093,7 +5779,7 @@ checknamessection(dns_message_t *message, dns_section_t section) { ISC_FALSE) || !dns_rdata_checknames(&rdata, name, NULL)) { - rdataset->attributes |= + rdataset->attributes |= DNS_RDATASETATTR_CHECKNAMES; } dns_rdata_reset(&rdata); @@ -5110,6 +5796,65 @@ checknames(dns_message_t *message) { checknamessection(message, DNS_SECTION_ADDITIONAL); } +/* + * Log server NSID at log level 'level' + */ +static isc_result_t +log_nsid(dns_rdataset_t *opt, resquery_t *query, int level, isc_mem_t *mctx) +{ + static const char hex[17] = "0123456789abcdef"; + char addrbuf[ISC_SOCKADDR_FORMATSIZE]; + isc_uint16_t optcode, nsid_len, buflen, i; + isc_result_t result; + isc_buffer_t nsidbuf; + dns_rdata_t rdata; + unsigned char *p, *buf, *nsid; + + /* Extract rdata from OPT rdataset */ + result = dns_rdataset_first(opt); + if (result != ISC_R_SUCCESS) + return (ISC_R_FAILURE); + + dns_rdata_init(&rdata); + dns_rdataset_current(opt, &rdata); + if (rdata.length < 4) + return (ISC_R_FAILURE); + + /* Check for NSID */ + isc_buffer_init(&nsidbuf, rdata.data, rdata.length); + isc_buffer_add(&nsidbuf, rdata.length); + optcode = isc_buffer_getuint16(&nsidbuf); + nsid_len = isc_buffer_getuint16(&nsidbuf); + if (optcode != DNS_OPT_NSID || nsid_len == 0) + return (ISC_R_FAILURE); + + /* Allocate buffer for storing hex version of the NSID */ + buflen = nsid_len * 2 + 1; + buf = isc_mem_get(mctx, buflen); + if (buf == NULL) + return (ISC_R_NOSPACE); + + /* Convert to hex */ + p = buf; + nsid = rdata.data + 4; + for (i = 0; i < nsid_len; i++) { + *p++ = hex[(nsid[0] >> 4) & 0xf]; + *p++ = hex[nsid[0] & 0xf]; + nsid++; + } + *p = '\0'; + + isc_sockaddr_format(&query->addrinfo->sockaddr, addrbuf, + sizeof(addrbuf)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, + DNS_LOGMODULE_RESOLVER, level, + "received NSID '%s' from %s", buf, addrbuf); + + /* Clean up */ + isc_mem_put(mctx, buf, buflen); + return (ISC_R_SUCCESS); +} + static void log_packet(dns_message_t *message, int level, isc_mem_t *mctx) { isc_buffer_t buffer; @@ -5155,6 +5900,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { isc_boolean_t keep_trying, get_nameservers, resend; isc_boolean_t truncated; dns_message_t *message; + dns_rdataset_t *opt; fetchctx_t *fctx; dns_name_t *fname; dns_fixedname_t foundname; @@ -5164,6 +5910,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { unsigned int options; unsigned int findoptions; isc_result_t broken_server; + badnstype_t broken_type = badns_response; REQUIRE(VALID_QUERY(query)); fctx = query->fctx; @@ -5173,6 +5920,11 @@ resquery_response(isc_task_t *task, isc_event_t *event) { QTRACE("response"); + if (isc_sockaddr_pf(&query->addrinfo->sockaddr) == PF_INET) + inc_stats(fctx->res, dns_resstatscounter_responsev4); + else + inc_stats(fctx->res, dns_resstatscounter_responsev6); + (void)isc_timer_touch(fctx->timer); keep_trying = ISC_FALSE; @@ -5188,11 +5940,12 @@ resquery_response(isc_task_t *task, isc_event_t *event) { } fctx->timeouts = 0; + fctx->timeout = ISC_FALSE; /* * XXXRTH We should really get the current time just once. We - * need a routine to convert from an isc_time_t to an - * isc_stdtime_t. + * need a routine to convert from an isc_time_t to an + * isc_stdtime_t. */ TIME_NOW(&tnow); finish = &tnow; @@ -5223,6 +5976,20 @@ resquery_response(isc_task_t *task, isc_event_t *event) { * There's no hope for this query. */ keep_trying = ISC_TRUE; + + /* + * If this is a network error on an exclusive query + * socket, mark the server as bad so that we won't try + * it for this fetch again. + */ + if (query->exclusivesocket && + (devent->result == ISC_R_HOSTUNREACH || + devent->result == ISC_R_NETUNREACH || + devent->result == ISC_R_CONNREFUSED || + devent->result == ISC_R_CANCELED)) { + broken_server = devent->result; + broken_type = badns_unreachable; + } } goto done; } @@ -5274,6 +6041,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) { query->addrinfo, DNS_FETCHOPT_NOEDNS0, DNS_FETCHOPT_NOEDNS0); + inc_stats(fctx->res, + dns_resstatscounter_edns0fail); } else { broken_server = result; keep_trying = ISC_TRUE; @@ -5302,6 +6071,8 @@ resquery_response(isc_task_t *task, isc_event_t *event) { query->addrinfo, DNS_FETCHOPT_NOEDNS0, DNS_FETCHOPT_NOEDNS0); + inc_stats(fctx->res, + dns_resstatscounter_edns0fail); } else { broken_server = DNS_R_UNEXPECTEDRCODE; keep_trying = ISC_TRUE; @@ -5315,11 +6086,20 @@ resquery_response(isc_task_t *task, isc_event_t *event) { } } + /* * Log the incoming packet. */ log_packet(message, ISC_LOG_DEBUG(10), fctx->res->mctx); + /* + * Did we request NSID? If so, and if the response contains + * NSID data, log it at INFO level. + */ + opt = dns_message_getopt(message); + if (opt != NULL && (query->options & DNS_FETCHOPT_WANTNSID) != 0) + log_nsid(opt, query, ISC_LOG_INFO, fctx->res->mctx); + /* * If the message is signed, check the signature. If not, this * returns success anyway. @@ -5348,6 +6128,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { truncated = ISC_TRUE; if (truncated) { + inc_stats(fctx->res, dns_resstatscounter_truncated); if ((options & DNS_FETCHOPT_TCP) != 0) { broken_server = DNS_R_TRUNCATEDTCP; keep_trying = ISC_TRUE; @@ -5368,21 +6149,46 @@ resquery_response(isc_task_t *task, isc_event_t *event) { goto done; } + /* + * Update statistics about erroneous responses. + */ + if (message->rcode != dns_rcode_noerror) { + switch (message->rcode) { + case dns_rcode_nxdomain: + inc_stats(fctx->res, dns_resstatscounter_nxdomain); + break; + case dns_rcode_servfail: + inc_stats(fctx->res, dns_resstatscounter_servfail); + break; + case dns_rcode_formerr: + inc_stats(fctx->res, dns_resstatscounter_formerr); + break; + default: + inc_stats(fctx->res, dns_resstatscounter_othererror); + break; + } + } + /* * Is the remote server broken, or does it dislike us? */ if (message->rcode != dns_rcode_noerror && message->rcode != dns_rcode_nxdomain) { - if ((message->rcode == dns_rcode_formerr || - message->rcode == dns_rcode_notimp || - message->rcode == dns_rcode_servfail) && + if (((message->rcode == dns_rcode_formerr || + message->rcode == dns_rcode_notimp) || + (message->rcode == dns_rcode_servfail && + dns_message_getopt(message) == NULL)) && (query->options & DNS_FETCHOPT_NOEDNS0) == 0) { /* * It's very likely they don't like EDNS0. + * If the response code is SERVFAIL, also check if the + * response contains an OPT RR and don't cache the + * failure since it can be returned for various other + * reasons. * * XXXRTH We should check if the question - * we're asking requires EDNS0, and - * if so, we should bail out. + * we're asking requires EDNS0, and + * if so, we should bail out. */ options |= DNS_FETCHOPT_NOEDNS0; resend = ISC_TRUE; @@ -5393,6 +6199,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { dns_adb_changeflags(fctx->adb, query->addrinfo, DNS_FETCHOPT_NOEDNS0, DNS_FETCHOPT_NOEDNS0); + inc_stats(fctx->res, dns_resstatscounter_edns0fail); } else if (message->rcode == dns_rcode_formerr) { if (ISFORWARDER(query->addrinfo)) { /* @@ -5419,6 +6226,26 @@ resquery_response(isc_task_t *task, isc_event_t *event) { * for this fetch. */ result = DNS_R_YXDOMAIN; + } else if (message->rcode == dns_rcode_badvers) { + unsigned int flags, mask; + unsigned int version; + + resend = ISC_TRUE; + version = (opt->ttl >> 16) & 0xff; + flags = (version << DNS_FETCHOPT_EDNSVERSIONSHIFT) | + DNS_FETCHOPT_EDNSVERSIONSET; + mask = DNS_FETCHOPT_EDNSVERSIONMASK | + DNS_FETCHOPT_EDNSVERSIONSET; + switch (version) { + case 0: + dns_adb_changeflags(fctx->adb, query->addrinfo, + flags, mask); + break; + default: + broken_server = DNS_R_BADVERS; + keep_trying = ISC_TRUE; + break; + } } else { /* * XXXRTH log. @@ -5446,9 +6273,10 @@ resquery_response(isc_task_t *task, isc_event_t *event) { */ if (fctx->res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) && is_lame(fctx)) { + inc_stats(fctx->res, dns_resstatscounter_lame); log_lame(fctx, query->addrinfo); result = dns_adb_marklame(fctx->adb, query->addrinfo, - &fctx->domain, + &fctx->name, fctx->type, now + fctx->res->lame_ttl); if (result != ISC_R_SUCCESS) isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, @@ -5559,6 +6387,18 @@ resquery_response(isc_task_t *task, isc_event_t *event) { * has not experienced any restarts yet. */ fctx->restarts = 0; + + /* + * Update local statistics counters collected for each + * new zone. + */ + fctx->referrals++; + fctx->querysent = 0; + fctx->lamecount = 0; + fctx->neterr = 0; + fctx->badresp = 0; + fctx->adberr = 0; + result = ISC_R_SUCCESS; } else if (result != ISC_R_SUCCESS) { /* @@ -5632,7 +6472,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { * Add this server to the list of bad servers for * this fctx. */ - add_bad(fctx, &addrinfo->sockaddr, broken_server); + add_bad(fctx, addrinfo, broken_server, broken_type); } if (get_nameservers) { @@ -5640,7 +6480,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { dns_fixedname_init(&foundname); fname = dns_fixedname_name(&foundname); if (result != ISC_R_SUCCESS) { - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); return; } findoptions = 0; @@ -5658,7 +6498,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { NULL); if (result != ISC_R_SUCCESS) { FCTXTRACE("couldn't find a zonecut"); - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); return; } if (!dns_name_issubdomain(fname, &fctx->domain)) { @@ -5667,15 +6507,17 @@ resquery_response(isc_task_t *task, isc_event_t *event) { * QDOMAIN. */ FCTXTRACE("nameservers now above QDOMAIN"); - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); return; } - dns_name_free(&fctx->domain, fctx->res->mctx); + dns_name_free(&fctx->domain, + fctx->res->buckets[fctx->bucketnum].mctx); dns_name_init(&fctx->domain, NULL); - result = dns_name_dup(fname, fctx->res->mctx, + result = dns_name_dup(fname, + fctx->res->buckets[fctx->bucketnum].mctx, &fctx->domain); if (result != ISC_R_SUCCESS) { - fctx_done(fctx, DNS_R_SERVFAIL); + fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); return; } fctx_cancelqueries(fctx, ISC_TRUE); @@ -5687,15 +6529,16 @@ resquery_response(isc_task_t *task, isc_event_t *event) { /* * Try again. */ - fctx_try(fctx); + fctx_try(fctx, !get_nameservers); } else if (resend) { /* * Resend (probably with changed options). */ FCTXTRACE("resend"); + inc_stats(fctx->res, dns_resstatscounter_retry); result = fctx_query(fctx, addrinfo, options); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); } else if (result == ISC_R_SUCCESS && !HAVE_ANSWER(fctx)) { /* * All has gone well so far, but we are waiting for the @@ -5709,10 +6552,10 @@ resquery_response(isc_task_t *task, isc_event_t *event) { */ result = fctx_stopidletimer(fctx); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); } else if (result == DNS_R_CHASEDSSERVERS) { unsigned int n; - add_bad(fctx, &addrinfo->sockaddr, result); + add_bad(fctx, addrinfo, result, broken_type); fctx_cancelqueries(fctx, ISC_TRUE); fctx_cleanupfinds(fctx); fctx_cleanupforwaddrs(fctx); @@ -5729,18 +6572,18 @@ resquery_response(isc_task_t *task, isc_event_t *event) { &fctx->nsrrset, NULL, &fctx->nsfetch); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); LOCK(&fctx->res->buckets[fctx->bucketnum].lock); fctx->references++; UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock); result = fctx_stopidletimer(fctx); if (result != ISC_R_SUCCESS) - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); } else { /* * We're done. */ - fctx_done(fctx, result); + fctx_done(fctx, result, __LINE__); } } @@ -5770,6 +6613,7 @@ destroy(dns_resolver_t *res) { isc_task_shutdown(res->buckets[i].task); isc_task_detach(&res->buckets[i].task); DESTROYLOCK(&res->buckets[i].lock); + isc_mem_detach(&res->buckets[i].mctx); } isc_mem_put(res->mctx, res->buckets, res->nbuckets * sizeof(fctxbucket_t)); @@ -5791,6 +6635,7 @@ destroy(dns_resolver_t *res) { #if USE_MBSLOCK isc_rwlock_destroy(&res->mbslock); #endif + isc_timer_detach(&res->spillattimer); res->magic = 0; isc_mem_put(res->mctx, res, sizeof(*res)); } @@ -5829,6 +6674,39 @@ empty_bucket(dns_resolver_t *res) { UNLOCK(&res->lock); } +static void +spillattimer_countdown(isc_task_t *task, isc_event_t *event) { + dns_resolver_t *res = event->ev_arg; + isc_result_t result; + unsigned int count; + isc_boolean_t logit = ISC_FALSE; + + REQUIRE(VALID_RESOLVER(res)); + + UNUSED(task); + + LOCK(&res->lock); + INSIST(!res->exiting); + if (res->spillat > res->spillatmin) { + res->spillat--; + logit = ISC_TRUE; + } + if (res->spillat <= res->spillatmin) { + result = isc_timer_reset(res->spillattimer, + isc_timertype_inactive, NULL, + NULL, ISC_TRUE); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + } + count = res->spillat; + UNLOCK(&res->lock); + if (logit) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, + DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, + "clients-per-query decreased to %u", count); + + isc_event_free(&event); +} + isc_result_t dns_resolver_create(dns_view_t *view, isc_taskmgr_t *taskmgr, unsigned int ntasks, @@ -5843,7 +6721,9 @@ dns_resolver_create(dns_view_t *view, dns_resolver_t *res; isc_result_t result = ISC_R_SUCCESS; unsigned int i, buckets_created = 0; + isc_task_t *task = NULL; char name[16]; + unsigned dispattr; /* * Create a resolver. @@ -5872,7 +6752,12 @@ dns_resolver_create(dns_view_t *view, res->udpsize = RECV_BUFFER_SIZE; res->algorithms = NULL; res->mustbesecure = NULL; - + res->spillatmin = res->spillat = 10; + res->spillatmax = 100; + res->spillattimer = NULL; + res->zero_no_soa_ttl = ISC_FALSE; + res->ndisps = 0; + res->nextdisp = 0; /* meaningless at this point, but init it */ res->nbuckets = ntasks; res->activebuckets = ntasks; res->buckets = isc_mem_get(view->mctx, @@ -5891,7 +6776,24 @@ dns_resolver_create(dns_view_t *view, DESTROYLOCK(&res->buckets[i].lock); goto cleanup_buckets; } + res->buckets[i].mctx = NULL; snprintf(name, sizeof(name), "res%u", i); +#ifdef ISC_PLATFORM_USETHREADS + /* + * Use a separate memory context for each bucket to reduce + * contention among multiple threads. Do this only when + * enabling threads because it will be require more memory. + */ + result = isc_mem_create(0, 0, &res->buckets[i].mctx); + if (result != ISC_R_SUCCESS) { + isc_task_detach(&res->buckets[i].task); + DESTROYLOCK(&res->buckets[i].lock); + goto cleanup_buckets; + } + isc_mem_setname(res->buckets[i].mctx, name, NULL); +#else + isc_mem_attach(view->mctx, &res->buckets[i].mctx); +#endif isc_task_setname(res->buckets[i].task, name, res); ISC_LIST_INIT(res->buckets[i].fctxs); res->buckets[i].exiting = ISC_FALSE; @@ -5899,11 +6801,20 @@ dns_resolver_create(dns_view_t *view, } res->dispatchv4 = NULL; - if (dispatchv4 != NULL) + if (dispatchv4 != NULL) { dns_dispatch_attach(dispatchv4, &res->dispatchv4); + dispattr = dns_dispatch_getattributes(dispatchv4); + res->exclusivev4 = + ISC_TF((dispattr & DNS_DISPATCHATTR_EXCLUSIVE) != 0); + } + res->dispatchv6 = NULL; - if (dispatchv6 != NULL) + if (dispatchv6 != NULL) { dns_dispatch_attach(dispatchv6, &res->dispatchv6); + dispattr = dns_dispatch_getattributes(dispatchv6); + res->exclusivev6 = + ISC_TF((dispattr & DNS_DISPATCHATTR_EXCLUSIVE) != 0); + } res->references = 1; res->exiting = ISC_FALSE; @@ -5925,10 +6836,22 @@ dns_resolver_create(dns_view_t *view, if (result != ISC_R_SUCCESS) goto cleanup_nlock; + task = NULL; + result = isc_task_create(taskmgr, 0, &task); + if (result != ISC_R_SUCCESS) + goto cleanup_primelock; + + result = isc_timer_create(timermgr, isc_timertype_inactive, NULL, NULL, + task, spillattimer_countdown, res, + &res->spillattimer); + isc_task_detach(&task); + if (result != ISC_R_SUCCESS) + goto cleanup_primelock; + #if USE_ALGLOCK result = isc_rwlock_init(&res->alglock, 0, 0); if (result != ISC_R_SUCCESS) - goto cleanup_primelock; + goto cleanup_spillattimer; #endif #if USE_MBSLOCK result = isc_rwlock_init(&res->mbslock, 0, 0); @@ -5949,9 +6872,12 @@ dns_resolver_create(dns_view_t *view, #endif #endif #if USE_ALGLOCK || USE_MBSLOCK + cleanup_spillattimer: + isc_timer_detach(&res->spillattimer); +#endif + cleanup_primelock: DESTROYLOCK(&res->primelock); -#endif cleanup_nlock: DESTROYLOCK(&res->nlock); @@ -5967,6 +6893,7 @@ dns_resolver_create(dns_view_t *view, cleanup_buckets: for (i = 0; i < buckets_created; i++) { + isc_mem_detach(&res->buckets[i].mctx); DESTROYLOCK(&res->buckets[i].lock); isc_task_shutdown(res->buckets[i].task); isc_task_detach(&res->buckets[i].task); @@ -5985,6 +6912,7 @@ prime_done(isc_task_t *task, isc_event_t *event) { dns_resolver_t *res; dns_fetchevent_t *fevent; dns_fetch_t *fetch; + dns_db_t *db = NULL; REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE); fevent = (dns_fetchevent_t *)event; @@ -6004,6 +6932,13 @@ prime_done(isc_task_t *task, isc_event_t *event) { UNLOCK(&res->lock); + if (fevent->result == ISC_R_SUCCESS && + res->view->cache != NULL && res->view->hints != NULL) { + dns_cache_attachdb(res->view->cache, &db); + dns_root_checkhints(res->view, res->view->hints, db); + dns_db_detach(&db); + } + if (fevent->node != NULL) dns_db_detachnode(fevent->db, &fevent->node); if (fevent->db != NULL) @@ -6144,6 +7079,7 @@ dns_resolver_shutdown(dns_resolver_t *res) { unsigned int i; fetchctx_t *fctx; isc_socket_t *sock; + isc_result_t result; REQUIRE(VALID_RESOLVER(res)); @@ -6161,12 +7097,12 @@ dns_resolver_shutdown(dns_resolver_t *res) { fctx != NULL; fctx = ISC_LIST_NEXT(fctx, link)) fctx_shutdown(fctx); - if (res->dispatchv4 != NULL) { + if (res->dispatchv4 != NULL && !res->exclusivev4) { sock = dns_dispatch_getsocket(res->dispatchv4); isc_socket_cancel(sock, res->buckets[i].task, ISC_SOCKCANCEL_ALL); } - if (res->dispatchv6 != NULL) { + if (res->dispatchv6 != NULL && !res->exclusivev6) { sock = dns_dispatch_getsocket(res->dispatchv6); isc_socket_cancel(sock, res->buckets[i].task, ISC_SOCKCANCEL_ALL); @@ -6180,6 +7116,10 @@ dns_resolver_shutdown(dns_resolver_t *res) { } if (res->activebuckets == 0) send_shutdown_events(res); + result = isc_timer_reset(res->spillattimer, + isc_timertype_inactive, NULL, + NULL, ISC_TRUE); + RUNTIME_CHECK(result == ISC_R_SUCCESS); } UNLOCK(&res->lock); @@ -6249,13 +7189,34 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, dns_fetch_t **fetchp) +{ + return (dns_resolver_createfetch2(res, name, type, domain, + nameservers, forwarders, NULL, 0, + options, task, action, arg, + rdataset, sigrdataset, fetchp)); +} + +isc_result_t +dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, + dns_rdatatype_t type, + dns_name_t *domain, dns_rdataset_t *nameservers, + dns_forwarders_t *forwarders, + isc_sockaddr_t *client, dns_messageid_t id, + unsigned int options, isc_task_t *task, + isc_taskaction_t action, void *arg, + dns_rdataset_t *rdataset, + dns_rdataset_t *sigrdataset, + dns_fetch_t **fetchp) { dns_fetch_t *fetch; fetchctx_t *fctx = NULL; - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; unsigned int bucketnum; isc_boolean_t new_fctx = ISC_FALSE; isc_event_t *event; + unsigned int count = 0; + unsigned int spillat; + unsigned int spillatmin; UNUSED(forwarders); @@ -6282,8 +7243,12 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name, if (fetch == NULL) return (ISC_R_NOMEMORY); - bucketnum = dns_name_hash(name, ISC_FALSE) % res->nbuckets; + bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets; + LOCK(&res->lock); + spillat = res->spillat; + spillatmin = res->spillatmin; + UNLOCK(&res->lock); LOCK(&res->buckets[bucketnum].lock); if (res->buckets[bucketnum].exiting) { @@ -6300,6 +7265,32 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name, } } + /* + * Is this a duplicate? + */ + if (fctx != NULL && client != NULL) { + dns_fetchevent_t *fevent; + for (fevent = ISC_LIST_HEAD(fctx->events); + fevent != NULL; + fevent = ISC_LIST_NEXT(fevent, ev_link)) { + if (fevent->client != NULL && fevent->id == id && + isc_sockaddr_equal(fevent->client, client)) { + result = DNS_R_DUPLICATE; + goto unlock; + } + count++; + } + } + if (count >= spillatmin && spillatmin != 0) { + INSIST(fctx != NULL); + if (count >= spillat) + fctx->spilled = ISC_TRUE; + if (fctx->spilled) { + result = DNS_R_DROP; + goto unlock; + } + } + /* * If we didn't have a fetch, would attach to a done fetch, this * fetch has already cloned its results, or if the fetch has gone @@ -6318,7 +7309,7 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name, new_fctx = ISC_TRUE; } - result = fctx_join(fctx, task, action, arg, + result = fctx_join(fctx, task, client, id, action, arg, rdataset, sigrdataset, fetch); if (new_fctx) { if (result == ISC_R_SUCCESS) { @@ -6465,6 +7456,47 @@ dns_resolver_destroyfetch(dns_fetch_t **fetchp) { empty_bucket(res); } +void +dns_resolver_logfetch(dns_fetch_t *fetch, isc_log_t *lctx, + isc_logcategory_t *category, isc_logmodule_t *module, + int level, isc_boolean_t duplicateok) +{ + fetchctx_t *fctx; + dns_resolver_t *res; + char domainbuf[DNS_NAME_FORMATSIZE]; + + REQUIRE(DNS_FETCH_VALID(fetch)); + fctx = fetch->private; + REQUIRE(VALID_FCTX(fctx)); + res = fctx->res; + + LOCK(&res->buckets[fctx->bucketnum].lock); + + INSIST(fctx->exitline >= 0); + if (!fctx->logged || duplicateok) { + dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); + isc_log_write(lctx, category, module, level, + "fetch completed at %s:%d for %s in " + "%" ISC_PRINT_QUADFORMAT "u." + "%06" ISC_PRINT_QUADFORMAT "u: %s/%s " + "[domain:%s,referral:%u,restart:%u,qrysent:%u," + "timeout:%u,lame:%u,neterr:%u,badresp:%u," + "adberr:%u,findfail:%u,valfail:%u]", + __FILE__, fctx->exitline, fctx->info, + fctx->duration / 1000000, + fctx->duration % 1000000, + isc_result_totext(fctx->result), + isc_result_totext(fctx->vresult), domainbuf, + fctx->referrals, fctx->restarts, + fctx->querysent, fctx->timeouts, fctx->lamecount, + fctx->neterr, fctx->badresp, fctx->adberr, + fctx->findfail, fctx->valfail); + fctx->logged = ISC_TRUE; + } + + UNLOCK(&res->buckets[fctx->bucketnum].lock); +} + dns_dispatchmgr_t * dns_resolver_dispatchmgr(dns_resolver_t *resolver) { REQUIRE(VALID_RESOLVER(resolver)); @@ -6567,7 +7599,7 @@ free_algorithm(void *node, void *arg) { isc_mem_put(mctx, algorithms, *algorithms); } - + void dns_resolver_reset_algorithms(dns_resolver_t *resolver) { @@ -6611,7 +7643,7 @@ dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name, mask = 1 << (alg%8); result = dns_rbt_addnode(resolver->algorithms, name, &node); - + if (result == ISC_R_SUCCESS || result == ISC_R_EXISTS) { algorithms = node->data; if (algorithms == NULL || len > *algorithms) { @@ -6627,7 +7659,7 @@ dns_resolver_disable_algorithm(dns_resolver_t *resolver, dns_name_t *name, *new = len; node->data = new; if (algorithms != NULL) - isc_mem_put(resolver->mctx, algorithms, + isc_mem_put(resolver->mctx, algorithms, *algorithms); } else algorithms[len-1] |= mask; @@ -6674,6 +7706,13 @@ dns_resolver_algorithm_supported(dns_resolver_t *resolver, dns_name_t *name, return (dst_algorithm_supported(alg)); } +isc_boolean_t +dns_resolver_digest_supported(dns_resolver_t *resolver, unsigned int digest) { + + UNUSED(resolver); + return (dns_ds_digest_supported(digest)); +} + void dns_resolver_resetmustbesecure(dns_resolver_t *resolver) { @@ -6688,12 +7727,12 @@ dns_resolver_resetmustbesecure(dns_resolver_t *resolver) { RWUNLOCK(&resolver->mbslock, isc_rwlocktype_write); #endif } - + static isc_boolean_t yes = ISC_TRUE, no = ISC_FALSE; isc_result_t dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name, - isc_boolean_t value) + isc_boolean_t value) { isc_result_t result; @@ -6708,7 +7747,7 @@ dns_resolver_setmustbesecure(dns_resolver_t *resolver, dns_name_t *name, if (result != ISC_R_SUCCESS) goto cleanup; } - result = dns_rbt_addname(resolver->mustbesecure, name, + result = dns_rbt_addname(resolver->mustbesecure, name, value ? &yes : &no); cleanup: #if USE_MBSLOCK @@ -6739,3 +7778,52 @@ dns_resolver_getmustbesecure(dns_resolver_t *resolver, dns_name_t *name) { #endif return (value); } + +void +dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur, + isc_uint32_t *min, isc_uint32_t *max) +{ + REQUIRE(VALID_RESOLVER(resolver)); + + LOCK(&resolver->lock); + if (cur != NULL) + *cur = resolver->spillat; + if (min != NULL) + *min = resolver->spillatmin; + if (max != NULL) + *max = resolver->spillatmax; + UNLOCK(&resolver->lock); +} + +void +dns_resolver_setclientsperquery(dns_resolver_t *resolver, isc_uint32_t min, + isc_uint32_t max) +{ + REQUIRE(VALID_RESOLVER(resolver)); + + LOCK(&resolver->lock); + resolver->spillatmin = resolver->spillat = min; + resolver->spillatmax = max; + UNLOCK(&resolver->lock); +} + +isc_boolean_t +dns_resolver_getzeronosoattl(dns_resolver_t *resolver) { + REQUIRE(VALID_RESOLVER(resolver)); + + return (resolver->zero_no_soa_ttl); +} + +void +dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state) { + REQUIRE(VALID_RESOLVER(resolver)); + + resolver->zero_no_soa_ttl = state; +} + +unsigned int +dns_resolver_getoptions(dns_resolver_t *resolver) { + REQUIRE(VALID_RESOLVER(resolver)); + + return (resolver->options); +} diff --git a/contrib/bind-9.5.2/lib/dns/result.c b/contrib/bind-9.5.2/lib/dns/result.c new file mode 100644 index 0000000000..2e060542fa --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/result.c @@ -0,0 +1,276 @@ +/* + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1998-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: result.c,v 1.123 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ + +#include + +#include +#include + +#include +#include + +static const char *text[DNS_R_NRESULTS] = { + "label too long", /*%< 0 DNS_R_LABELTOOLONG */ + "bad escape", /*%< 1 DNS_R_BADESCAPE */ + /*! + * Note that DNS_R_BADBITSTRING and DNS_R_BITSTRINGTOOLONG are + * deprecated. + */ + "bad bitstring", /*%< 2 DNS_R_BADBITSTRING */ + "bitstring too long", /*%< 3 DNS_R_BITSTRINGTOOLONG */ + "empty label", /*%< 4 DNS_R_EMPTYLABEL */ + + "bad dotted quad", /*%< 5 DNS_R_BADDOTTEDQUAD */ + "invalid NS owner name (wildcard)", /*%< 6 DNS_R_INVALIDNS */ + "unknown class/type", /*%< 7 DNS_R_UNKNOWN */ + "bad label type", /*%< 8 DNS_R_BADLABELTYPE */ + "bad compression pointer", /*%< 9 DNS_R_BADPOINTER */ + + "too many hops", /*%< 10 DNS_R_TOOMANYHOPS */ + "disallowed (by application policy)", /*%< 11 DNS_R_DISALLOWED */ + "extra input text", /*%< 12 DNS_R_EXTRATOKEN */ + "extra input data", /*%< 13 DNS_R_EXTRADATA */ + "text too long", /*%< 14 DNS_R_TEXTTOOLONG */ + + "not at top of zone", /*%< 15 DNS_R_NOTZONETOP */ + "syntax error", /*%< 16 DNS_R_SYNTAX */ + "bad checksum", /*%< 17 DNS_R_BADCKSUM */ + "bad IPv6 address", /*%< 18 DNS_R_BADAAAA */ + "no owner", /*%< 19 DNS_R_NOOWNER */ + + "no ttl", /*%< 20 DNS_R_NOTTL */ + "bad class", /*%< 21 DNS_R_BADCLASS */ + "name too long", /*%< 22 DNS_R_NAMETOOLONG */ + "partial match", /*%< 23 DNS_R_PARTIALMATCH */ + "new origin", /*%< 24 DNS_R_NEWORIGIN */ + + "unchanged", /*%< 25 DNS_R_UNCHANGED */ + "bad ttl", /*%< 26 DNS_R_BADTTL */ + "more data needed/to be rendered", /*%< 27 DNS_R_NOREDATA */ + "continue", /*%< 28 DNS_R_CONTINUE */ + "delegation", /*%< 29 DNS_R_DELEGATION */ + + "glue", /*%< 30 DNS_R_GLUE */ + "dname", /*%< 31 DNS_R_DNAME */ + "cname", /*%< 32 DNS_R_CNAME */ + "bad database", /*%< 33 DNS_R_BADDB */ + "zonecut", /*%< 34 DNS_R_ZONECUT */ + + "bad zone", /*%< 35 DNS_R_BADZONE */ + "more data", /*%< 36 DNS_R_MOREDATA */ + "up to date", /*%< 37 DNS_R_UPTODATE */ + "tsig verify failure", /*%< 38 DNS_R_TSIGVERIFYFAILURE */ + "tsig indicates error", /*%< 39 DNS_R_TSIGERRORSET */ + + "RRSIG failed to verify", /*%< 40 DNS_R_SIGINVALID */ + "RRSIG has expired", /*%< 41 DNS_R_SIGEXPIRED */ + "RRSIG validity period has not begun", /*%< 42 DNS_R_SIGFUTURE */ + "key is unauthorized to sign data", /*%< 43 DNS_R_KEYUNAUTHORIZED */ + "invalid time", /*%< 44 DNS_R_INVALIDTIME */ + + "expected a TSIG or SIG(0)", /*%< 45 DNS_R_EXPECTEDTSIG */ + "did not expect a TSIG or SIG(0)", /*%< 46 DNS_R_UNEXPECTEDTSIG */ + "TKEY is unacceptable", /*%< 47 DNS_R_INVALIDTKEY */ + "hint", /*%< 48 DNS_R_HINT */ + "drop", /*%< 49 DNS_R_DROP */ + + "zone not loaded", /*%< 50 DNS_R_NOTLOADED */ + "ncache nxdomain", /*%< 51 DNS_R_NCACHENXDOMAIN */ + "ncache nxrrset", /*%< 52 DNS_R_NCACHENXRRSET */ + "wait", /*%< 53 DNS_R_WAIT */ + "not verified yet", /*%< 54 DNS_R_NOTVERIFIEDYET */ + + "no identity", /*%< 55 DNS_R_NOIDENTITY */ + "no journal", /*%< 56 DNS_R_NOJOURNAL */ + "alias", /*%< 57 DNS_R_ALIAS */ + "use TCP", /*%< 58 DNS_R_USETCP */ + "no valid RRSIG", /*%< 59 DNS_R_NOVALIDSIG */ + + "no valid NSEC", /*%< 60 DNS_R_NOVALIDNSEC */ + "not insecure", /*%< 61 DNS_R_NOTINSECURE */ + "unknown service", /*%< 62 DNS_R_UNKNOWNSERVICE */ + "recoverable error occurred", /*%< 63 DNS_R_RECOVERABLE */ + "unknown opt attribute record", /*%< 64 DNS_R_UNKNOWNOPT */ + + "unexpected message id", /*%< 65 DNS_R_UNEXPECTEDID */ + "seen include file", /*%< 66 DNS_R_SEENINCLUDE */ + "not exact", /*%< 67 DNS_R_NOTEXACT */ + "address blackholed", /*%< 68 DNS_R_BLACKHOLED */ + "bad algorithm", /*%< 69 DNS_R_BADALG */ + + "invalid use of a meta type", /*%< 70 DNS_R_METATYPE */ + "CNAME and other data", /*%< 71 DNS_R_CNAMEANDOTHER */ + "multiple RRs of singleton type", /*%< 72 DNS_R_SINGLETON */ + "hint nxrrset", /*%< 73 DNS_R_HINTNXRRSET */ + "no master file configured", /*%< 74 DNS_R_NOMASTERFILE */ + + "unknown protocol", /*%< 75 DNS_R_UNKNOWNPROTO */ + "clocks are unsynchronized", /*%< 76 DNS_R_CLOCKSKEW */ + "IXFR failed", /*%< 77 DNS_R_BADIXFR */ + "not authoritative", /*%< 78 DNS_R_NOTAUTHORITATIVE */ + "no valid KEY", /*%< 79 DNS_R_NOVALIDKEY */ + + "obsolete", /*%< 80 DNS_R_OBSOLETE */ + "already frozen", /*%< 81 DNS_R_FROZEN */ + "unknown flag", /*%< 82 DNS_R_UNKNOWNFLAG */ + "expected a response", /*%< 83 DNS_R_EXPECTEDRESPONSE */ + "no valid DS", /*%< 84 DNS_R_NOVALIDDS */ + + "NS is an address", /*%< 85 DNS_R_NSISADDRESS */ + "received FORMERR", /*%< 86 DNS_R_REMOTEFORMERR */ + "truncated TCP response", /*%< 87 DNS_R_TRUNCATEDTCP */ + "lame server detected", /*%< 88 DNS_R_LAME */ + "unexpected RCODE", /*%< 89 DNS_R_UNEXPECTEDRCODE */ + + "unexpected OPCODE", /*%< 90 DNS_R_UNEXPECTEDOPCODE */ + "chase DS servers", /*%< 91 DNS_R_CHASEDSSERVERS */ + "empty name", /*%< 92 DNS_R_EMPTYNAME */ + "empty wild", /*%< 93 DNS_R_EMPTYWILD */ + "bad bitmap", /*%< 94 DNS_R_BADBITMAP */ + + "from wildcard", /*%< 95 DNS_R_FROMWILDCARD */ + "bad owner name (check-names)", /*%< 96 DNS_R_BADOWNERNAME */ + "bad name (check-names)", /*%< 97 DNS_R_BADNAME */ + "dynamic zone", /*%< 98 DNS_R_DYNAMIC */ + "unknown command", /*%< 99 DNS_R_UNKNOWNCOMMAND */ + + "must-be-secure", /*%< 100 DNS_R_MUSTBESECURE */ + "covering NSEC record returned", /*%< 101 DNS_R_COVERINGNSEC */ + "MX is an address", /*%< 102 DNS_R_MXISADDRESS */ + "duplicate query" /*%< 103 DNS_R_DUPLICATE */ +}; + +static const char *rcode_text[DNS_R_NRCODERESULTS] = { + "NOERROR", /*%< 0 DNS_R_NOEROR */ + "FORMERR", /*%< 1 DNS_R_FORMERR */ + "SERVFAIL", /*%< 2 DNS_R_SERVFAIL */ + "NXDOMAIN", /*%< 3 DNS_R_NXDOMAIN */ + "NOTIMP", /*%< 4 DNS_R_NOTIMP */ + + "REFUSED", /*%< 5 DNS_R_REFUSED */ + "YXDOMAIN", /*%< 6 DNS_R_YXDOMAIN */ + "YXRRSET", /*%< 7 DNS_R_YXRRSET */ + "NXRRSET", /*%< 8 DNS_R_NXRRSET */ + "NOTAUTH", /*%< 9 DNS_R_NOTAUTH */ + + "NOTZONE", /*%< 10 DNS_R_NOTZONE */ + "", /*%< 11 has no macro */ + "", /*%< 12 has no macro */ + "", /*%< 13 has no macro */ + "", /*%< 14 has no macro */ + + "", /*%< 15 has no macro */ + "BADVERS", /*%< 16 DNS_R_BADVERS */ +}; + +#define DNS_RESULT_RESULTSET 2 +#define DNS_RESULT_RCODERESULTSET 3 + +static isc_once_t once = ISC_ONCE_INIT; + +static void +initialize_action(void) { + isc_result_t result; + + result = isc_result_register(ISC_RESULTCLASS_DNS, DNS_R_NRESULTS, + text, dns_msgcat, DNS_RESULT_RESULTSET); + if (result == ISC_R_SUCCESS) + result = isc_result_register(ISC_RESULTCLASS_DNSRCODE, + DNS_R_NRCODERESULTS, + rcode_text, dns_msgcat, + DNS_RESULT_RCODERESULTSET); + if (result != ISC_R_SUCCESS) + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_result_register() failed: %u", result); +} + +static void +initialize(void) { + dns_lib_initmsgcat(); + RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); +} + +const char * +dns_result_totext(isc_result_t result) { + initialize(); + + return (isc_result_totext(result)); +} + +void +dns_result_register(void) { + initialize(); +} + +dns_rcode_t +dns_result_torcode(isc_result_t result) { + dns_rcode_t rcode = dns_rcode_servfail; + + if (DNS_RESULT_ISRCODE(result)) { + /* + * Rcodes can't be bigger than 12 bits, which is why we + * AND with 0xFFF instead of 0xFFFF. + */ + return ((dns_rcode_t)((result) & 0xFFF)); + } + /* + * Try to supply an appropriate rcode. + */ + switch (result) { + case ISC_R_SUCCESS: + rcode = dns_rcode_noerror; + break; + case ISC_R_BADBASE64: + case ISC_R_NOSPACE: + case ISC_R_RANGE: + case ISC_R_UNEXPECTEDEND: + case DNS_R_BADAAAA: + /* case DNS_R_BADBITSTRING: deprecated */ + case DNS_R_BADCKSUM: + case DNS_R_BADCLASS: + case DNS_R_BADLABELTYPE: + case DNS_R_BADPOINTER: + case DNS_R_BADTTL: + case DNS_R_BADZONE: + /* case DNS_R_BITSTRINGTOOLONG: deprecated */ + case DNS_R_EXTRADATA: + case DNS_R_LABELTOOLONG: + case DNS_R_NOREDATA: + case DNS_R_SYNTAX: + case DNS_R_TEXTTOOLONG: + case DNS_R_TOOMANYHOPS: + case DNS_R_TSIGERRORSET: + case DNS_R_UNKNOWN: + rcode = dns_rcode_formerr; + break; + case DNS_R_DISALLOWED: + rcode = dns_rcode_refused; + break; + case DNS_R_TSIGVERIFYFAILURE: + case DNS_R_CLOCKSKEW: + rcode = dns_rcode_notauth; + break; + default: + rcode = dns_rcode_servfail; + } + + return (rcode); +} diff --git a/contrib/bind-9.5.2/lib/dns/rootns.c b/contrib/bind-9.5.2/lib/dns/rootns.c new file mode 100644 index 0000000000..0121325f15 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/rootns.c @@ -0,0 +1,518 @@ +/* + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: rootns.c,v 1.32.24.2 2008/02/05 23:46:39 tbox Exp $ */ + +/*! \file */ + +#include + +#include +#include /* Required for HP/UX (and others?) */ +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static char root_ns[] = +";\n" +"; Internet Root Nameservers\n" +";\n" +"$TTL 518400\n" +". 518400 IN NS A.ROOT-SERVERS.NET.\n" +". 518400 IN NS B.ROOT-SERVERS.NET.\n" +". 518400 IN NS C.ROOT-SERVERS.NET.\n" +". 518400 IN NS D.ROOT-SERVERS.NET.\n" +". 518400 IN NS E.ROOT-SERVERS.NET.\n" +". 518400 IN NS F.ROOT-SERVERS.NET.\n" +". 518400 IN NS G.ROOT-SERVERS.NET.\n" +". 518400 IN NS H.ROOT-SERVERS.NET.\n" +". 518400 IN NS I.ROOT-SERVERS.NET.\n" +". 518400 IN NS J.ROOT-SERVERS.NET.\n" +". 518400 IN NS K.ROOT-SERVERS.NET.\n" +". 518400 IN NS L.ROOT-SERVERS.NET.\n" +". 518400 IN NS M.ROOT-SERVERS.NET.\n" +"A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4\n" +"A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n" +"B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n" +"C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n" +"D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90\n" +"E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n" +"F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n" +"F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n" +"G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n" +"H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n" +"H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803F:235\n" +"I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n" +"J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n" +"J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:C27::2:30\n" +"K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n" +"K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n" +"L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n" +"M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n" +"M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n"; + +static isc_result_t +in_rootns(dns_rdataset_t *rootns, dns_name_t *name) { + isc_result_t result; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_ns_t ns; + + if (!dns_rdataset_isassociated(rootns)) + return (ISC_R_NOTFOUND); + + result = dns_rdataset_first(rootns); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(rootns, &rdata); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + if (result != ISC_R_SUCCESS) + return (result); + if (dns_name_compare(name, &ns.name) == 0) + return (ISC_R_SUCCESS); + result = dns_rdataset_next(rootns); + } + if (result == ISC_R_NOMORE) + result = ISC_R_NOTFOUND; + return (result); +} + +static isc_result_t +check_node(dns_rdataset_t *rootns, dns_name_t *name, + dns_rdatasetiter_t *rdsiter) { + isc_result_t result; + dns_rdataset_t rdataset; + + dns_rdataset_init(&rdataset); + result = dns_rdatasetiter_first(rdsiter); + while (result == ISC_R_SUCCESS) { + dns_rdatasetiter_current(rdsiter, &rdataset); + switch (rdataset.type) { + case dns_rdatatype_a: + case dns_rdatatype_aaaa: + result = in_rootns(rootns, name); + if (result != ISC_R_SUCCESS) + goto cleanup; + break; + case dns_rdatatype_ns: + if (dns_name_compare(name, dns_rootname) == 0) + break; + /*FALLTHROUGH*/ + default: + result = ISC_R_FAILURE; + goto cleanup; + } + dns_rdataset_disassociate(&rdataset); + result = dns_rdatasetiter_next(rdsiter); + } + if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + cleanup: + if (dns_rdataset_isassociated(&rdataset)) + dns_rdataset_disassociate(&rdataset); + return (result); +} + +static isc_result_t +check_hints(dns_db_t *db) { + isc_result_t result; + dns_rdataset_t rootns; + dns_dbiterator_t *dbiter = NULL; + dns_dbnode_t *node = NULL; + isc_stdtime_t now; + dns_fixedname_t fixname; + dns_name_t *name; + dns_rdatasetiter_t *rdsiter = NULL; + + isc_stdtime_get(&now); + + dns_fixedname_init(&fixname); + name = dns_fixedname_name(&fixname); + + dns_rdataset_init(&rootns); + (void)dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, + now, NULL, name, &rootns, NULL); + result = dns_db_createiterator(db, ISC_FALSE, &dbiter); + if (result != ISC_R_SUCCESS) + goto cleanup; + result = dns_dbiterator_first(dbiter); + while (result == ISC_R_SUCCESS) { + result = dns_dbiterator_current(dbiter, &node, name); + if (result != ISC_R_SUCCESS) + goto cleanup; + result = dns_db_allrdatasets(db, node, NULL, now, &rdsiter); + if (result != ISC_R_SUCCESS) + goto cleanup; + result = check_node(&rootns, name, rdsiter); + if (result != ISC_R_SUCCESS) + goto cleanup; + dns_rdatasetiter_destroy(&rdsiter); + dns_db_detachnode(db, &node); + result = dns_dbiterator_next(dbiter); + } + if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + + cleanup: + if (dns_rdataset_isassociated(&rootns)) + dns_rdataset_disassociate(&rootns); + if (rdsiter != NULL) + dns_rdatasetiter_destroy(&rdsiter); + if (node != NULL) + dns_db_detachnode(db, &node); + if (dbiter != NULL) + dns_dbiterator_destroy(&dbiter); + return (result); +} + +isc_result_t +dns_rootns_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, + const char *filename, dns_db_t **target) +{ + isc_result_t result, eresult; + isc_buffer_t source; + size_t len; + dns_rdatacallbacks_t callbacks; + dns_db_t *db = NULL; + + REQUIRE(target != NULL && *target == NULL); + + result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone, + rdclass, 0, NULL, &db); + if (result != ISC_R_SUCCESS) + return (result); + + dns_rdatacallbacks_init(&callbacks); + + len = strlen(root_ns); + isc_buffer_init(&source, root_ns, len); + isc_buffer_add(&source, len); + + result = dns_db_beginload(db, &callbacks.add, + &callbacks.add_private); + if (result != ISC_R_SUCCESS) + return (result); + if (filename != NULL) { + /* + * Load the hints from the specified filename. + */ + result = dns_master_loadfile(filename, &db->origin, + &db->origin, db->rdclass, + DNS_MASTER_HINT, + &callbacks, db->mctx); + } else if (rdclass == dns_rdataclass_in) { + /* + * Default to using the Internet root servers. + */ + result = dns_master_loadbuffer(&source, &db->origin, + &db->origin, db->rdclass, + DNS_MASTER_HINT, + &callbacks, db->mctx); + } else + result = ISC_R_NOTFOUND; + eresult = dns_db_endload(db, &callbacks.add_private); + if (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) + result = eresult; + if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) + goto db_detach; + if (check_hints(db) != ISC_R_SUCCESS) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "extra data in root hints '%s'", + (filename != NULL) ? filename : ""); + *target = db; + return (ISC_R_SUCCESS); + + db_detach: + dns_db_detach(&db); + + return (result); +} + +static void +report(dns_view_t *view, dns_name_t *name, isc_boolean_t missing, + dns_rdata_t *rdata) +{ + const char *viewname = "", *sep = ""; + char namebuf[DNS_NAME_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; + char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")]; + isc_buffer_t buffer; + isc_result_t result; + + if (strcmp(view->name, "_bind") != 0 && + strcmp(view->name, "_default") != 0) { + viewname = view->name; + sep = ": view "; + } + + dns_name_format(name, namebuf, sizeof(namebuf)); + dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf)); + isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1); + result = dns_rdata_totext(rdata, NULL, &buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + databuf[isc_buffer_usedlength(&buffer)] = '\0'; + + if (missing) + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "checkhints%s%s: %s/%s (%s) missing from hints", + sep, viewname, namebuf, typebuf, databuf); + else + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "checkhints%s%s: %s/%s (%s) extra record " + "in hints", sep, viewname, namebuf, typebuf, + databuf); +} + +static isc_boolean_t +inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) { + isc_result_t result; + dns_rdata_t current = DNS_RDATA_INIT; + + result = dns_rdataset_first(rrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(rrset, ¤t); + if (dns_rdata_compare(rdata, ¤t) == 0) + return (ISC_TRUE); + dns_rdata_reset(¤t); + result = dns_rdataset_next(rrset); + } + return (ISC_FALSE); +} + +/* + * Check that the address RRsets match. + * + * Note we don't complain about missing glue records. + */ + +static void +check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db, + dns_name_t *name, isc_stdtime_t now) +{ + isc_result_t hresult, rresult, result; + dns_rdataset_t hintrrset, rootrrset; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_name_t *foundname; + dns_fixedname_t fixed; + + dns_rdataset_init(&hintrrset); + dns_rdataset_init(&rootrrset); + dns_fixedname_init(&fixed); + foundname = dns_fixedname_name(&fixed); + + hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0, + now, NULL, foundname, &hintrrset, NULL); + rresult = dns_db_find(db, name, NULL, dns_rdatatype_a, + DNS_DBFIND_GLUEOK, now, NULL, foundname, + &rootrrset, NULL); + if (hresult == ISC_R_SUCCESS && + (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { + result = dns_rdataset_first(&rootrrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rootrrset, &rdata); + if (!inrrset(&hintrrset, &rdata)) + report(view, name, ISC_TRUE, &rdata); + result = dns_rdataset_next(&rootrrset); + } + result = dns_rdataset_first(&hintrrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&hintrrset, &rdata); + if (!inrrset(&rootrrset, &rdata)) + report(view, name, ISC_FALSE, &rdata); + result = dns_rdataset_next(&hintrrset); + } + } + if (hresult == ISC_R_NOTFOUND && + (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { + result = dns_rdataset_first(&rootrrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rootrrset, &rdata); + report(view, name, ISC_TRUE, &rdata); + result = dns_rdataset_next(&rootrrset); + } + } + if (dns_rdataset_isassociated(&rootrrset)) + dns_rdataset_disassociate(&rootrrset); + if (dns_rdataset_isassociated(&hintrrset)) + dns_rdataset_disassociate(&hintrrset); + + /* + * Check AAAA records. + */ + hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0, + now, NULL, foundname, &hintrrset, NULL); + rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, + DNS_DBFIND_GLUEOK, now, NULL, foundname, + &rootrrset, NULL); + if (hresult == ISC_R_SUCCESS && + (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { + result = dns_rdataset_first(&rootrrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rootrrset, &rdata); + if (!inrrset(&hintrrset, &rdata)) + report(view, name, ISC_TRUE, &rdata); + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rootrrset); + } + result = dns_rdataset_first(&hintrrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&hintrrset, &rdata); + if (!inrrset(&rootrrset, &rdata)) + report(view, name, ISC_FALSE, &rdata); + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&hintrrset); + } + } + if (hresult == ISC_R_NOTFOUND && + (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { + result = dns_rdataset_first(&rootrrset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rootrrset, &rdata); + report(view, name, ISC_TRUE, &rdata); + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rootrrset); + } + } + if (dns_rdataset_isassociated(&rootrrset)) + dns_rdataset_disassociate(&rootrrset); + if (dns_rdataset_isassociated(&hintrrset)) + dns_rdataset_disassociate(&hintrrset); +} + +void +dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) { + isc_result_t result; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_ns_t ns; + dns_rdataset_t hintns, rootns; + const char *viewname = "", *sep = ""; + isc_stdtime_t now; + dns_name_t *name; + dns_fixedname_t fixed; + + REQUIRE(hints != NULL); + REQUIRE(db != NULL); + REQUIRE(view != NULL); + + isc_stdtime_get(&now); + + if (strcmp(view->name, "_bind") != 0 && + strcmp(view->name, "_default") != 0) { + viewname = view->name; + sep = ": view "; + } + + dns_rdataset_init(&hintns); + dns_rdataset_init(&rootns); + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + + result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0, + now, NULL, name, &hintns, NULL); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "checkhints%s%s: unable to get root NS rrset " + "from hints: %s", sep, viewname, + dns_result_totext(result)); + goto cleanup; + } + + result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, + now, NULL, name, &rootns, NULL); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "checkhints%s%s: unable to get root NS rrset " + "from cache: %s", sep, viewname, + dns_result_totext(result)); + goto cleanup; + } + + /* + * Look for missing root NS names. + */ + result = dns_rdataset_first(&rootns); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rootns, &rdata); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + result = in_rootns(&hintns, &ns.name); + if (result != ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + /* missing from hints */ + dns_name_format(&ns.name, namebuf, sizeof(namebuf)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "checkhints%s%s: unable to find root " + "NS '%s' in hints", sep, viewname, + namebuf); + } else + check_address_records(view, hints, db, &ns.name, now); + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rootns); + } + if (result != ISC_R_NOMORE) { + goto cleanup; + } + + /* + * Look for extra root NS names. + */ + result = dns_rdataset_first(&hintns); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&hintns, &rdata); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + result = in_rootns(&rootns, &ns.name); + if (result != ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + /* extra entry in hints */ + dns_name_format(&ns.name, namebuf, sizeof(namebuf)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, + "checkhints%s%s: extra NS '%s' in hints", + sep, viewname, namebuf); + } + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&hintns); + } + if (result != ISC_R_NOMORE) { + goto cleanup; + } + + cleanup: + if (dns_rdataset_isassociated(&rootns)) + dns_rdataset_disassociate(&rootns); + if (dns_rdataset_isassociated(&hintns)) + dns_rdataset_disassociate(&hintns); +} diff --git a/contrib/bind-9.3/lib/dns/sdb.c b/contrib/bind-9.5.2/lib/dns/sdb.c similarity index 96% rename from contrib/bind-9.3/lib/dns/sdb.c rename to contrib/bind-9.5.2/lib/dns/sdb.c index ef22418629..1c80f97f25 100644 --- a/contrib/bind-9.3/lib/dns/sdb.c +++ b/contrib/bind-9.5.2/lib/dns/sdb.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdb.c,v 1.35.12.8 2004/07/22 04:01:58 marka Exp $ */ +/* $Id: sdb.c,v 1.59.94.8 2009/06/26 06:23:47 marka Exp $ */ + +/*! \file */ #include @@ -99,7 +101,7 @@ typedef struct sdb_rdatasetiter { #define SDB_MAGIC ISC_MAGIC('S', 'D', 'B', '-') -/* +/*% * Note that "impmagic" is not the first four bytes of the struct, so * ISC_MAGIC_VALID cannot be used. */ @@ -110,7 +112,7 @@ typedef struct sdb_rdatasetiter { #define VALID_SDBLOOKUP(sdbl) ISC_MAGIC_VALID(sdbl, SDBLOOKUP_MAGIC) #define VALID_SDBNODE(sdbn) VALID_SDBLOOKUP(sdbn) -/* These values are taken from RFC 1537 */ +/* These values are taken from RFC1537 */ #define SDB_DEFAULT_REFRESH (60 * 60 * 8) #define SDB_DEFAULT_RETRY (60 * 60 * 2) #define SDB_DEFAULT_EXPIRE (60 * 60 * 24 * 7) @@ -119,6 +121,10 @@ typedef struct sdb_rdatasetiter { /* This is a reasonable value */ #define SDB_DEFAULT_TTL (60 * 60 * 24) +#ifdef __COVERITY__ +#define MAYBE_LOCK(sdb) LOCK(&sdb->implementation->driverlock) +#define MAYBE_UNLOCK(sdb) UNLOCK(&sdb->implementation->driverlock) +#else #define MAYBE_LOCK(sdb) \ do { \ unsigned int flags = sdb->implementation->flags; \ @@ -132,6 +138,7 @@ typedef struct sdb_rdatasetiter { if ((flags & DNS_SDBFLAG_THREADSAFE) == 0) \ UNLOCK(&sdb->implementation->driverlock); \ } while (0) +#endif static int dummy; @@ -225,12 +232,8 @@ dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods, imp->mctx = NULL; isc_mem_attach(mctx, &imp->mctx); result = isc_mutex_init(&imp->driverlock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); + if (result != ISC_R_SUCCESS) goto cleanup_mctx; - } imp->dbimp = NULL; result = dns_db_register(drivername, dns_sdb_create, imp, mctx, @@ -269,10 +272,11 @@ dns_sdb_unregister(dns_sdbimplementation_t **sdbimp) { static inline unsigned int initial_size(unsigned int len) { unsigned int size; - for (size = 64; size < (64 * 1024); size *= 2) + + for (size = 1024; size < (64 * 1024); size *= 2) if (len < size) return (size); - return (64 * 1024); + return (65535); } isc_result_t @@ -306,7 +310,7 @@ dns_sdb_putrdata(dns_sdblookup_t *lookup, dns_rdatatype_t typeval, dns_ttl_t ttl ISC_LIST_INIT(rdatalist->rdata); ISC_LINK_INIT(rdatalist, link); ISC_LIST_APPEND(lookup->lists, rdatalist, link); - } else + } else if (rdatalist->ttl != ttl) return (DNS_R_BADTTL); @@ -333,7 +337,7 @@ dns_sdb_putrdata(dns_sdblookup_t *lookup, dns_rdatatype_t typeval, dns_ttl_t ttl isc_mem_put(mctx, rdata, sizeof(dns_rdata_t)); return (result); } - + isc_result_t dns_sdb_putrr(dns_sdblookup_t *lookup, const char *type, dns_ttl_t ttl, @@ -376,13 +380,15 @@ dns_sdb_putrr(dns_sdblookup_t *lookup, const char *type, dns_ttl_t ttl, datalen = strlen(data); size = initial_size(datalen); - for (;;) { + do { isc_buffer_init(&b, data, datalen); isc_buffer_add(&b, datalen); result = isc_lex_openbuffer(lex, &b); if (result != ISC_R_SUCCESS) goto failure; + if (size >= 65535) + size = 65535; p = isc_mem_get(mctx, size); if (p == NULL) { result = ISC_R_NOMEMORY; @@ -398,6 +404,11 @@ dns_sdb_putrr(dns_sdblookup_t *lookup, const char *type, dns_ttl_t ttl, if (result != ISC_R_NOSPACE) break; + /* + * Is the RR too big? + */ + if (size >= 65535) + break; isc_mem_put(mctx, p, size); p = NULL; size *= 2; @@ -599,10 +610,12 @@ endload(dns_db_t *db, dns_dbload_t **dbloadp) { } static isc_result_t -dump(dns_db_t *db, dns_dbversion_t *version, const char *filename) { +dump(dns_db_t *db, dns_dbversion_t *version, const char *filename, + dns_masterformat_t masterformat) { UNUSED(db); UNUSED(version); UNUSED(filename); + UNUSED(masterformat); return (ISC_R_NOTIMPLEMENTED); } @@ -625,7 +638,7 @@ newversion(dns_db_t *db, dns_dbversion_t **versionp) { } static void -attachversion(dns_db_t *db, dns_dbversion_t *source, +attachversion(dns_db_t *db, dns_dbversion_t *source, dns_dbversion_t **targetp) { REQUIRE(source != NULL && source == (void *) &dummy); @@ -664,11 +677,8 @@ createnode(dns_sdb_t *sdb, dns_sdbnode_t **nodep) { node->name = NULL; result = isc_mutex_init(&node->lock); if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); isc_mem_put(sdb->common.mctx, node, sizeof(dns_sdbnode_t)); - return (ISC_R_UNEXPECTED); + return (result); } dns_rdatacallbacks_init(&node->callbacks); node->references = 1; @@ -782,7 +792,7 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, return (result); } } - + *nodep = node; return (ISC_R_SUCCESS); } @@ -870,9 +880,12 @@ find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, { result = DNS_R_ZONECUT; dns_rdataset_disassociate(rdataset); - if (sigrdataset != NULL) + if (sigrdataset != NULL && + dns_rdataset_isassociated + (sigrdataset)) { dns_rdataset_disassociate (sigrdataset); + } } else result = DNS_R_DELEGATION; break; @@ -930,7 +943,8 @@ find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, xresult = dns_name_copy(xname, foundname, NULL); if (xresult != ISC_R_SUCCESS) { - destroynode(node); + if (node != NULL) + destroynode(node); if (dns_rdataset_isassociated(rdataset)) dns_rdataset_disassociate(rdataset); return (DNS_R_BADDB); @@ -1109,7 +1123,7 @@ allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, sdb_rdatasetiter_t *iterator; REQUIRE(version == NULL || version == &dummy); - + UNUSED(version); UNUSED(now); @@ -1234,7 +1248,10 @@ static dns_dbmethods_t sdb_methods = { nodecount, ispersistent, overmem, - settask + settask, + NULL, + NULL, + NULL }; static isc_result_t @@ -1270,13 +1287,8 @@ dns_sdb_create(isc_mem_t *mctx, dns_name_t *origin, dns_dbtype_t type, isc_mem_attach(mctx, &sdb->common.mctx); result = isc_mutex_init(&sdb->lock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_mctx; - } result = dns_name_dupwithoffsets(origin, mctx, &sdb->common.origin); if (result != ISC_R_SUCCESS) @@ -1361,7 +1373,10 @@ static dns_rdatasetmethods_t methods = { rdataset_clone, isc__rdatalist_count, isc__rdatalist_addnoqname, - isc__rdatalist_getnoqname + isc__rdatalist_getnoqname, + NULL, + NULL, + NULL }; static void @@ -1432,9 +1447,11 @@ dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) { sdb_dbiterator_t *sdbiter = (sdb_dbiterator_t *)iterator; sdbiter->current = ISC_LIST_HEAD(sdbiter->nodelist); - while (sdbiter->current != NULL) + while (sdbiter->current != NULL) { if (dns_name_equal(sdbiter->current->name, name)) return (ISC_R_SUCCESS); + sdbiter->current = ISC_LIST_NEXT(sdbiter->current, link); + } return (ISC_R_NOTFOUND); } diff --git a/contrib/bind-9.5.2/lib/dns/sdlz.c b/contrib/bind-9.5.2/lib/dns/sdlz.c new file mode 100644 index 0000000000..11993939bc --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/sdlz.c @@ -0,0 +1,1793 @@ +/* + * Portions Copyright (C) 2005-2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + * + * The development of Dynamically Loadable Zones (DLZ) for Bind 9 was + * conceived and contributed by Rob Butler. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the + * above copyright notice and this permission notice appear in all + * copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS + * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE + * USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: sdlz.c,v 1.14.94.6 2009/06/26 06:23:47 marka Exp $ */ + +/*! \file */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "rdatalist_p.h" + +/* + * Private Types + */ + +struct dns_sdlzimplementation { + const dns_sdlzmethods_t *methods; + isc_mem_t *mctx; + void *driverarg; + unsigned int flags; + isc_mutex_t driverlock; + dns_dlzimplementation_t *dlz_imp; +}; + +struct dns_sdlz_db { + /* Unlocked */ + dns_db_t common; + void *dbdata; + dns_sdlzimplementation_t *dlzimp; + isc_mutex_t refcnt_lock; + /* Locked */ + unsigned int references; +}; + +struct dns_sdlzlookup { + /* Unlocked */ + unsigned int magic; + dns_sdlz_db_t *sdlz; + ISC_LIST(dns_rdatalist_t) lists; + ISC_LIST(isc_buffer_t) buffers; + dns_name_t *name; + ISC_LINK(dns_sdlzlookup_t) link; + isc_mutex_t lock; + dns_rdatacallbacks_t callbacks; + /* Locked */ + unsigned int references; +}; + +typedef struct dns_sdlzlookup dns_sdlznode_t; + +struct dns_sdlzallnodes { + dns_dbiterator_t common; + ISC_LIST(dns_sdlznode_t) nodelist; + dns_sdlznode_t *current; + dns_sdlznode_t *origin; +}; + +typedef dns_sdlzallnodes_t sdlz_dbiterator_t; + +typedef struct sdlz_rdatasetiter { + dns_rdatasetiter_t common; + dns_rdatalist_t *current; +} sdlz_rdatasetiter_t; + + +#define SDLZDB_MAGIC ISC_MAGIC('D', 'L', 'Z', 'S') + +/* + * Note that "impmagic" is not the first four bytes of the struct, so + * ISC_MAGIC_VALID cannot be used. + */ + +#define VALID_SDLZDB(sdlzdb) ((sdlzdb) != NULL && \ + (sdlzdb)->common.impmagic == SDLZDB_MAGIC) + +#define SDLZLOOKUP_MAGIC ISC_MAGIC('D','L','Z','L') +#define VALID_SDLZLOOKUP(sdlzl) ISC_MAGIC_VALID(sdlzl, SDLZLOOKUP_MAGIC) +#define VALID_SDLZNODE(sdlzn) VALID_SDLZLOOKUP(sdlzn) + +/* These values are taken from RFC 1537 */ +#define SDLZ_DEFAULT_REFRESH (60 * 60 * 8) +#define SDLZ_DEFAULT_RETRY (60 * 60 * 2) +#define SDLZ_DEFAULT_EXPIRE (60 * 60 * 24 * 7) +#define SDLZ_DEFAULT_MINIMUM (60 * 60 * 24) + +/* This is a reasonable value */ +#define SDLZ_DEFAULT_TTL (60 * 60 * 24) + +static int dummy; + +#ifdef __COVERITY__ +#define MAYBE_LOCK(imp) LOCK(&imp->driverlock) +#define MAYBE_UNLOCK(imp) UNLOCK(&imp->driverlock) +#else +#define MAYBE_LOCK(imp) \ + do { \ + unsigned int flags = imp->flags; \ + if ((flags & DNS_SDLZFLAG_THREADSAFE) == 0) \ + LOCK(&imp->driverlock); \ + } while (0) + +#define MAYBE_UNLOCK(imp) \ + do { \ + unsigned int flags = imp->flags; \ + if ((flags & DNS_SDLZFLAG_THREADSAFE) == 0) \ + UNLOCK(&imp->driverlock); \ + } while (0) +#endif + +/* + * Forward references. Try to keep these to a minimum. + */ + +static void list_tordataset(dns_rdatalist_t *rdatalist, + dns_db_t *db, dns_dbnode_t *node, + dns_rdataset_t *rdataset); + +static void detachnode(dns_db_t *db, dns_dbnode_t **targetp); + +static void dbiterator_destroy(dns_dbiterator_t **iteratorp); +static isc_result_t dbiterator_first(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_last(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_seek(dns_dbiterator_t *iterator, + dns_name_t *name); +static isc_result_t dbiterator_prev(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_next(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_current(dns_dbiterator_t *iterator, + dns_dbnode_t **nodep, + dns_name_t *name); +static isc_result_t dbiterator_pause(dns_dbiterator_t *iterator); +static isc_result_t dbiterator_origin(dns_dbiterator_t *iterator, + dns_name_t *name); + +static dns_dbiteratormethods_t dbiterator_methods = { + dbiterator_destroy, + dbiterator_first, + dbiterator_last, + dbiterator_seek, + dbiterator_prev, + dbiterator_next, + dbiterator_current, + dbiterator_pause, + dbiterator_origin +}; + +/* + * Utility functions + */ + +/*% Converts the input string to lowercase, in place. */ + +static void +dns_sdlz_tolower(char *str) { + + unsigned int len = strlen(str); + unsigned int i; + + for (i = 0; i < len; i++) { + if (str[i] >= 'A' && str[i] <= 'Z') + str[i] += 32; + } + +} + +static inline unsigned int +initial_size(const char *data) { + unsigned int len = (strlen(data) / 64) + 1; + return (len * 64 + 64); +} + +/* + * Rdataset Iterator Methods. These methods were "borrowed" from the SDB + * driver interface. See the SDB driver interface documentation for more info. + */ + +static void +rdatasetiter_destroy(dns_rdatasetiter_t **iteratorp) { + sdlz_rdatasetiter_t *sdlziterator = + (sdlz_rdatasetiter_t *)(*iteratorp); + + detachnode(sdlziterator->common.db, &sdlziterator->common.node); + isc_mem_put(sdlziterator->common.db->mctx, sdlziterator, + sizeof(sdlz_rdatasetiter_t)); + *iteratorp = NULL; +} + +static isc_result_t +rdatasetiter_first(dns_rdatasetiter_t *iterator) { + sdlz_rdatasetiter_t *sdlziterator = (sdlz_rdatasetiter_t *)iterator; + dns_sdlznode_t *sdlznode = (dns_sdlznode_t *)iterator->node; + + if (ISC_LIST_EMPTY(sdlznode->lists)) + return (ISC_R_NOMORE); + sdlziterator->current = ISC_LIST_HEAD(sdlznode->lists); + return (ISC_R_SUCCESS); +} + +static isc_result_t +rdatasetiter_next(dns_rdatasetiter_t *iterator) { + sdlz_rdatasetiter_t *sdlziterator = (sdlz_rdatasetiter_t *)iterator; + + sdlziterator->current = ISC_LIST_NEXT(sdlziterator->current, link); + if (sdlziterator->current == NULL) + return (ISC_R_NOMORE); + else + return (ISC_R_SUCCESS); +} + +static void +rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) { + sdlz_rdatasetiter_t *sdlziterator = (sdlz_rdatasetiter_t *)iterator; + + list_tordataset(sdlziterator->current, iterator->db, iterator->node, + rdataset); +} + +static dns_rdatasetitermethods_t rdatasetiter_methods = { + rdatasetiter_destroy, + rdatasetiter_first, + rdatasetiter_next, + rdatasetiter_current +}; + +/* + * DB routines. These methods were "borrowed" from the SDB driver interface. + * See the SDB driver interface documentation for more info. + */ + +static void +attach(dns_db_t *source, dns_db_t **targetp) { + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *) source; + + REQUIRE(VALID_SDLZDB(sdlz)); + + LOCK(&sdlz->refcnt_lock); + REQUIRE(sdlz->references > 0); + sdlz->references++; + UNLOCK(&sdlz->refcnt_lock); + + *targetp = source; +} + +static void +destroy(dns_sdlz_db_t *sdlz) { + isc_mem_t *mctx; + mctx = sdlz->common.mctx; + + sdlz->common.magic = 0; + sdlz->common.impmagic = 0; + + isc_mutex_destroy(&sdlz->refcnt_lock); + + dns_name_free(&sdlz->common.origin, mctx); + + isc_mem_put(mctx, sdlz, sizeof(dns_sdlz_db_t)); + isc_mem_detach(&mctx); +} + +static void +detach(dns_db_t **dbp) { + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)(*dbp); + isc_boolean_t need_destroy = ISC_FALSE; + + REQUIRE(VALID_SDLZDB(sdlz)); + LOCK(&sdlz->refcnt_lock); + REQUIRE(sdlz->references > 0); + sdlz->references--; + if (sdlz->references == 0) + need_destroy = ISC_TRUE; + UNLOCK(&sdlz->refcnt_lock); + + if (need_destroy) + destroy(sdlz); + + *dbp = NULL; +} + +static isc_result_t +beginload(dns_db_t *db, dns_addrdatasetfunc_t *addp, dns_dbload_t **dbloadp) { + UNUSED(db); + UNUSED(addp); + UNUSED(dbloadp); + return (ISC_R_NOTIMPLEMENTED); +} + +static isc_result_t +endload(dns_db_t *db, dns_dbload_t **dbloadp) { + UNUSED(db); + UNUSED(dbloadp); + return (ISC_R_NOTIMPLEMENTED); +} + +static isc_result_t +dump(dns_db_t *db, dns_dbversion_t *version, const char *filename, + dns_masterformat_t masterformat) +{ + UNUSED(db); + UNUSED(version); + UNUSED(filename); + UNUSED(masterformat); + return (ISC_R_NOTIMPLEMENTED); +} + +static void +currentversion(dns_db_t *db, dns_dbversion_t **versionp) { + REQUIRE(versionp != NULL && *versionp == NULL); + + UNUSED(db); + + *versionp = (void *) &dummy; + return; +} + +static isc_result_t +newversion(dns_db_t *db, dns_dbversion_t **versionp) { + UNUSED(db); + UNUSED(versionp); + + return (ISC_R_NOTIMPLEMENTED); +} + +static void +attachversion(dns_db_t *db, dns_dbversion_t *source, + dns_dbversion_t **targetp) +{ + REQUIRE(source != NULL && source == (void *) &dummy); + + UNUSED(db); + UNUSED(source); + UNUSED(targetp); + *targetp = source; +} + +static void +closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) { + REQUIRE(versionp != NULL && *versionp == (void *) &dummy); + REQUIRE(commit == ISC_FALSE); + + UNUSED(db); + UNUSED(commit); + + *versionp = NULL; +} + +static isc_result_t +createnode(dns_sdlz_db_t *sdlz, dns_sdlznode_t **nodep) { + dns_sdlznode_t *node; + isc_result_t result; + + node = isc_mem_get(sdlz->common.mctx, sizeof(dns_sdlznode_t)); + if (node == NULL) + return (ISC_R_NOMEMORY); + + node->sdlz = NULL; + attach((dns_db_t *)sdlz, (dns_db_t **)&node->sdlz); + ISC_LIST_INIT(node->lists); + ISC_LIST_INIT(node->buffers); + ISC_LINK_INIT(node, link); + node->name = NULL; + result = isc_mutex_init(&node->lock); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_mutex_init() failed: %s", + isc_result_totext(result)); + isc_mem_put(sdlz->common.mctx, node, sizeof(dns_sdlznode_t)); + return (ISC_R_UNEXPECTED); + } + dns_rdatacallbacks_init(&node->callbacks); + node->references = 1; + node->magic = SDLZLOOKUP_MAGIC; + + *nodep = node; + return (ISC_R_SUCCESS); +} + +static void +destroynode(dns_sdlznode_t *node) { + dns_rdatalist_t *list; + dns_rdata_t *rdata; + isc_buffer_t *b; + dns_sdlz_db_t *sdlz; + dns_db_t *db; + isc_mem_t *mctx; + + sdlz = node->sdlz; + mctx = sdlz->common.mctx; + + while (!ISC_LIST_EMPTY(node->lists)) { + list = ISC_LIST_HEAD(node->lists); + while (!ISC_LIST_EMPTY(list->rdata)) { + rdata = ISC_LIST_HEAD(list->rdata); + ISC_LIST_UNLINK(list->rdata, rdata, link); + isc_mem_put(mctx, rdata, sizeof(dns_rdata_t)); + } + ISC_LIST_UNLINK(node->lists, list, link); + isc_mem_put(mctx, list, sizeof(dns_rdatalist_t)); + } + + while (!ISC_LIST_EMPTY(node->buffers)) { + b = ISC_LIST_HEAD(node->buffers); + ISC_LIST_UNLINK(node->buffers, b, link); + isc_buffer_free(&b); + } + + if (node->name != NULL) { + dns_name_free(node->name, mctx); + isc_mem_put(mctx, node->name, sizeof(dns_name_t)); + } + DESTROYLOCK(&node->lock); + node->magic = 0; + isc_mem_put(mctx, node, sizeof(dns_sdlznode_t)); + db = &sdlz->common; + detach(&db); +} + +static isc_result_t +findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, + dns_dbnode_t **nodep) +{ + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db; + dns_sdlznode_t *node = NULL; + isc_result_t result; + isc_buffer_t b; + char namestr[DNS_NAME_MAXTEXT + 1]; + isc_buffer_t b2; + char zonestr[DNS_NAME_MAXTEXT + 1]; + isc_boolean_t isorigin; + dns_sdlzauthorityfunc_t authority; + + REQUIRE(VALID_SDLZDB(sdlz)); + REQUIRE(create == ISC_FALSE); + REQUIRE(nodep != NULL && *nodep == NULL); + + UNUSED(name); + UNUSED(create); + + isc_buffer_init(&b, namestr, sizeof(namestr)); + if ((sdlz->dlzimp->flags & DNS_SDLZFLAG_RELATIVEOWNER) != 0) { + dns_name_t relname; + unsigned int labels; + + labels = dns_name_countlabels(name) - + dns_name_countlabels(&db->origin); + dns_name_init(&relname, NULL); + dns_name_getlabelsequence(name, 0, labels, &relname); + result = dns_name_totext(&relname, ISC_TRUE, &b); + if (result != ISC_R_SUCCESS) + return (result); + } else { + result = dns_name_totext(name, ISC_TRUE, &b); + if (result != ISC_R_SUCCESS) + return (result); + } + isc_buffer_putuint8(&b, 0); + + isc_buffer_init(&b2, zonestr, sizeof(zonestr)); + result = dns_name_totext(&sdlz->common.origin, ISC_TRUE, &b2); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_putuint8(&b2, 0); + + result = createnode(sdlz, &node); + if (result != ISC_R_SUCCESS) + return (result); + + isorigin = dns_name_equal(name, &sdlz->common.origin); + + /* make sure strings are always lowercase */ + dns_sdlz_tolower(zonestr); + dns_sdlz_tolower(namestr); + + MAYBE_LOCK(sdlz->dlzimp); + + /* try to lookup the host (namestr) */ + result = sdlz->dlzimp->methods->lookup(zonestr, namestr, + sdlz->dlzimp->driverarg, + sdlz->dbdata, node); + + /* + * if the host (namestr) was not found, try to lookup a + * "wildcard" host. + */ + if (result != ISC_R_SUCCESS) { + result = sdlz->dlzimp->methods->lookup(zonestr, "*", + sdlz->dlzimp->driverarg, + sdlz->dbdata, node); + } + + MAYBE_UNLOCK(sdlz->dlzimp); + + if (result != ISC_R_SUCCESS && !isorigin) { + destroynode(node); + return (result); + } + + if (isorigin && sdlz->dlzimp->methods->authority != NULL) { + MAYBE_LOCK(sdlz->dlzimp); + authority = sdlz->dlzimp->methods->authority; + result = (*authority)(zonestr, sdlz->dlzimp->driverarg, + sdlz->dbdata, node); + MAYBE_UNLOCK(sdlz->dlzimp); + if (result != ISC_R_SUCCESS && + result != ISC_R_NOTIMPLEMENTED) { + destroynode(node); + return (result); + } + } + + *nodep = node; + return (ISC_R_SUCCESS); +} + +static isc_result_t +findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, + isc_stdtime_t now, dns_dbnode_t **nodep, dns_name_t *foundname, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) +{ + UNUSED(db); + UNUSED(name); + UNUSED(options); + UNUSED(now); + UNUSED(nodep); + UNUSED(foundname); + UNUSED(rdataset); + UNUSED(sigrdataset); + + return (ISC_R_NOTIMPLEMENTED); +} + +static void +attachnode(dns_db_t *db, dns_dbnode_t *source, dns_dbnode_t **targetp) { + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db; + dns_sdlznode_t *node = (dns_sdlznode_t *)source; + + REQUIRE(VALID_SDLZDB(sdlz)); + + UNUSED(sdlz); + + LOCK(&node->lock); + INSIST(node->references > 0); + node->references++; + INSIST(node->references != 0); /* Catch overflow. */ + UNLOCK(&node->lock); + + *targetp = source; +} + +static void +detachnode(dns_db_t *db, dns_dbnode_t **targetp) { + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db; + dns_sdlznode_t *node; + isc_boolean_t need_destroy = ISC_FALSE; + + REQUIRE(VALID_SDLZDB(sdlz)); + REQUIRE(targetp != NULL && *targetp != NULL); + + UNUSED(sdlz); + + node = (dns_sdlznode_t *)(*targetp); + + LOCK(&node->lock); + INSIST(node->references > 0); + node->references--; + if (node->references == 0) + need_destroy = ISC_TRUE; + UNLOCK(&node->lock); + + if (need_destroy) + destroynode(node); + + *targetp = NULL; +} + +static isc_result_t +expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now) { + UNUSED(db); + UNUSED(node); + UNUSED(now); + INSIST(0); + return (ISC_R_UNEXPECTED); +} + +static void +printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out) { + UNUSED(db); + UNUSED(node); + UNUSED(out); + return; +} + +static isc_result_t +createiterator(dns_db_t *db, isc_boolean_t relative_names, + dns_dbiterator_t **iteratorp) +{ + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db; + sdlz_dbiterator_t *sdlziter; + isc_result_t result; + isc_buffer_t b; + char zonestr[DNS_NAME_MAXTEXT + 1]; + + REQUIRE(VALID_SDLZDB(sdlz)); + + if (sdlz->dlzimp->methods->allnodes == NULL) + return (ISC_R_NOTIMPLEMENTED); + + isc_buffer_init(&b, zonestr, sizeof(zonestr)); + result = dns_name_totext(&sdlz->common.origin, ISC_TRUE, &b); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_putuint8(&b, 0); + + sdlziter = isc_mem_get(sdlz->common.mctx, sizeof(sdlz_dbiterator_t)); + if (sdlziter == NULL) + return (ISC_R_NOMEMORY); + + sdlziter->common.methods = &dbiterator_methods; + sdlziter->common.db = NULL; + dns_db_attach(db, &sdlziter->common.db); + sdlziter->common.relative_names = relative_names; + sdlziter->common.magic = DNS_DBITERATOR_MAGIC; + ISC_LIST_INIT(sdlziter->nodelist); + sdlziter->current = NULL; + sdlziter->origin = NULL; + + /* make sure strings are always lowercase */ + dns_sdlz_tolower(zonestr); + + MAYBE_LOCK(sdlz->dlzimp); + result = sdlz->dlzimp->methods->allnodes(zonestr, + sdlz->dlzimp->driverarg, + sdlz->dbdata, sdlziter); + MAYBE_UNLOCK(sdlz->dlzimp); + if (result != ISC_R_SUCCESS) { + dns_dbiterator_t *iter = &sdlziter->common; + dbiterator_destroy(&iter); + return (result); + } + + if (sdlziter->origin != NULL) { + ISC_LIST_UNLINK(sdlziter->nodelist, sdlziter->origin, link); + ISC_LIST_PREPEND(sdlziter->nodelist, sdlziter->origin, link); + } + + *iteratorp = (dns_dbiterator_t *)sdlziter; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + dns_rdatatype_t type, dns_rdatatype_t covers, + isc_stdtime_t now, dns_rdataset_t *rdataset, + dns_rdataset_t *sigrdataset) +{ + dns_rdatalist_t *list; + dns_sdlznode_t *sdlznode = (dns_sdlznode_t *)node; + + REQUIRE(VALID_SDLZNODE(node)); + + UNUSED(db); + UNUSED(version); + UNUSED(covers); + UNUSED(now); + UNUSED(sigrdataset); + + if (type == dns_rdatatype_sig || type == dns_rdatatype_rrsig) + return (ISC_R_NOTIMPLEMENTED); + + list = ISC_LIST_HEAD(sdlznode->lists); + while (list != NULL) { + if (list->type == type) + break; + list = ISC_LIST_NEXT(list, link); + } + if (list == NULL) + return (ISC_R_NOTFOUND); + + list_tordataset(list, db, node, rdataset); + + return (ISC_R_SUCCESS); +} + +static isc_result_t +find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, + dns_rdatatype_t type, unsigned int options, isc_stdtime_t now, + dns_dbnode_t **nodep, dns_name_t *foundname, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) +{ + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)db; + dns_dbnode_t *node = NULL; + dns_fixedname_t fname; + dns_rdataset_t xrdataset; + dns_name_t *xname; + unsigned int nlabels, olabels; + isc_result_t result; + unsigned int i; + + REQUIRE(VALID_SDLZDB(sdlz)); + REQUIRE(nodep == NULL || *nodep == NULL); + REQUIRE(version == NULL || version == (void *) &dummy); + + UNUSED(options); + UNUSED(sdlz); + + if (!dns_name_issubdomain(name, &db->origin)) + return (DNS_R_NXDOMAIN); + + olabels = dns_name_countlabels(&db->origin); + nlabels = dns_name_countlabels(name); + + dns_fixedname_init(&fname); + xname = dns_fixedname_name(&fname); + + if (rdataset == NULL) { + dns_rdataset_init(&xrdataset); + rdataset = &xrdataset; + } + + result = DNS_R_NXDOMAIN; + + for (i = olabels; i <= nlabels; i++) { + /* + * Unless this is an explicit lookup at the origin, don't + * look at the origin. + */ + if (i == olabels && i != nlabels) + continue; + + /* + * Look up the next label. + */ + dns_name_getlabelsequence(name, nlabels - i, i, xname); + result = findnode(db, xname, ISC_FALSE, &node); + if (result != ISC_R_SUCCESS) { + result = DNS_R_NXDOMAIN; + continue; + } + + /* + * Look for a DNAME at the current label, unless this is + * the qname. + */ + if (i < nlabels) { + result = findrdataset(db, node, version, + dns_rdatatype_dname, + 0, now, rdataset, sigrdataset); + if (result == ISC_R_SUCCESS) { + result = DNS_R_DNAME; + break; + } + } + + /* + * Look for an NS at the current label, unless this is the + * origin or glue is ok. + */ + if (i != olabels && (options & DNS_DBFIND_GLUEOK) == 0) { + result = findrdataset(db, node, version, + dns_rdatatype_ns, + 0, now, rdataset, sigrdataset); + if (result == ISC_R_SUCCESS) { + if (i == nlabels && type == dns_rdatatype_any) + { + result = DNS_R_ZONECUT; + dns_rdataset_disassociate(rdataset); + if (sigrdataset != NULL && + dns_rdataset_isassociated + (sigrdataset)) { + dns_rdataset_disassociate + (sigrdataset); + } + } else + result = DNS_R_DELEGATION; + break; + } + } + + /* + * If the current name is not the qname, add another label + * and try again. + */ + if (i < nlabels) { + destroynode(node); + node = NULL; + continue; + } + + /* + * If we're looking for ANY, we're done. + */ + if (type == dns_rdatatype_any) { + result = ISC_R_SUCCESS; + break; + } + + /* + * Look for the qtype. + */ + result = findrdataset(db, node, version, type, + 0, now, rdataset, sigrdataset); + if (result == ISC_R_SUCCESS) + break; + + /* + * Look for a CNAME + */ + if (type != dns_rdatatype_cname) { + result = findrdataset(db, node, version, + dns_rdatatype_cname, + 0, now, rdataset, sigrdataset); + if (result == ISC_R_SUCCESS) { + result = DNS_R_CNAME; + break; + } + } + + result = DNS_R_NXRRSET; + break; + } + + if (rdataset == &xrdataset && dns_rdataset_isassociated(rdataset)) + dns_rdataset_disassociate(rdataset); + + if (foundname != NULL) { + isc_result_t xresult; + + xresult = dns_name_copy(xname, foundname, NULL); + if (xresult != ISC_R_SUCCESS) { + if (node != NULL) + destroynode(node); + if (dns_rdataset_isassociated(rdataset)) + dns_rdataset_disassociate(rdataset); + return (DNS_R_BADDB); + } + } + + if (nodep != NULL) + *nodep = node; + else if (node != NULL) + detachnode(db, &node); + + return (result); +} + +static isc_result_t +allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + isc_stdtime_t now, dns_rdatasetiter_t **iteratorp) +{ + sdlz_rdatasetiter_t *iterator; + + REQUIRE(version == NULL || version == &dummy); + + UNUSED(version); + UNUSED(now); + + iterator = isc_mem_get(db->mctx, sizeof(sdlz_rdatasetiter_t)); + if (iterator == NULL) + return (ISC_R_NOMEMORY); + + iterator->common.magic = DNS_RDATASETITER_MAGIC; + iterator->common.methods = &rdatasetiter_methods; + iterator->common.db = db; + iterator->common.node = NULL; + attachnode(db, node, &iterator->common.node); + iterator->common.version = version; + iterator->common.now = now; + + *iteratorp = (dns_rdatasetiter_t *)iterator; + + return (ISC_R_SUCCESS); +} + +static isc_result_t +addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + isc_stdtime_t now, dns_rdataset_t *rdataset, unsigned int options, + dns_rdataset_t *addedrdataset) +{ + UNUSED(db); + UNUSED(node); + UNUSED(version); + UNUSED(now); + UNUSED(rdataset); + UNUSED(options); + UNUSED(addedrdataset); + + return (ISC_R_NOTIMPLEMENTED); +} + +static isc_result_t +subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + dns_rdataset_t *rdataset, unsigned int options, + dns_rdataset_t *newrdataset) +{ + UNUSED(db); + UNUSED(node); + UNUSED(version); + UNUSED(rdataset); + UNUSED(options); + UNUSED(newrdataset); + + return (ISC_R_NOTIMPLEMENTED); +} + +static isc_result_t +deleterdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + dns_rdatatype_t type, dns_rdatatype_t covers) +{ + UNUSED(db); + UNUSED(node); + UNUSED(version); + UNUSED(type); + UNUSED(covers); + + return (ISC_R_NOTIMPLEMENTED); +} + +static isc_boolean_t +issecure(dns_db_t *db) { + UNUSED(db); + + return (ISC_FALSE); +} + +static unsigned int +nodecount(dns_db_t *db) { + UNUSED(db); + + return (0); +} + +static isc_boolean_t +ispersistent(dns_db_t *db) { + UNUSED(db); + return (ISC_TRUE); +} + +static void +overmem(dns_db_t *db, isc_boolean_t overmem) { + UNUSED(db); + UNUSED(overmem); +} + +static void +settask(dns_db_t *db, isc_task_t *task) { + UNUSED(db); + UNUSED(task); +} + + +static dns_dbmethods_t sdlzdb_methods = { + attach, + detach, + beginload, + endload, + dump, + currentversion, + newversion, + attachversion, + closeversion, + findnode, + find, + findzonecut, + attachnode, + detachnode, + expirenode, + printnode, + createiterator, + findrdataset, + allrdatasets, + addrdataset, + subtractrdataset, + deleterdataset, + issecure, + nodecount, + ispersistent, + overmem, + settask, + NULL, + NULL, + NULL +}; + +/* + * Database Iterator Methods. These methods were "borrowed" from the SDB + * driver interface. See the SDB driver interface documentation for more info. + */ + +static void +dbiterator_destroy(dns_dbiterator_t **iteratorp) { + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)(*iteratorp); + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)sdlziter->common.db; + + while (!ISC_LIST_EMPTY(sdlziter->nodelist)) { + dns_sdlznode_t *node; + node = ISC_LIST_HEAD(sdlziter->nodelist); + ISC_LIST_UNLINK(sdlziter->nodelist, node, link); + destroynode(node); + } + + dns_db_detach(&sdlziter->common.db); + isc_mem_put(sdlz->common.mctx, sdlziter, sizeof(sdlz_dbiterator_t)); + + *iteratorp = NULL; +} + +static isc_result_t +dbiterator_first(dns_dbiterator_t *iterator) { + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)iterator; + + sdlziter->current = ISC_LIST_HEAD(sdlziter->nodelist); + if (sdlziter->current == NULL) + return (ISC_R_NOMORE); + else + return (ISC_R_SUCCESS); +} + +static isc_result_t +dbiterator_last(dns_dbiterator_t *iterator) { + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)iterator; + + sdlziter->current = ISC_LIST_TAIL(sdlziter->nodelist); + if (sdlziter->current == NULL) + return (ISC_R_NOMORE); + else + return (ISC_R_SUCCESS); +} + +static isc_result_t +dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) { + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)iterator; + + sdlziter->current = ISC_LIST_HEAD(sdlziter->nodelist); + while (sdlziter->current != NULL) { + if (dns_name_equal(sdlziter->current->name, name)) + return (ISC_R_SUCCESS); + sdlziter->current = ISC_LIST_NEXT(sdlziter->current, link); + } + return (ISC_R_NOTFOUND); +} + +static isc_result_t +dbiterator_prev(dns_dbiterator_t *iterator) { + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)iterator; + + sdlziter->current = ISC_LIST_PREV(sdlziter->current, link); + if (sdlziter->current == NULL) + return (ISC_R_NOMORE); + else + return (ISC_R_SUCCESS); +} + +static isc_result_t +dbiterator_next(dns_dbiterator_t *iterator) { + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)iterator; + + sdlziter->current = ISC_LIST_NEXT(sdlziter->current, link); + if (sdlziter->current == NULL) + return (ISC_R_NOMORE); + else + return (ISC_R_SUCCESS); +} + +static isc_result_t +dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep, + dns_name_t *name) +{ + sdlz_dbiterator_t *sdlziter = (sdlz_dbiterator_t *)iterator; + + attachnode(iterator->db, sdlziter->current, nodep); + if (name != NULL) + return (dns_name_copy(sdlziter->current->name, name, NULL)); + return (ISC_R_SUCCESS); +} + +static isc_result_t +dbiterator_pause(dns_dbiterator_t *iterator) { + UNUSED(iterator); + return (ISC_R_SUCCESS); +} + +static isc_result_t +dbiterator_origin(dns_dbiterator_t *iterator, dns_name_t *name) { + UNUSED(iterator); + return (dns_name_copy(dns_rootname, name, NULL)); +} + +/* + * Rdataset Methods. These methods were "borrowed" from the SDB driver + * interface. See the SDB driver interface documentation for more info. + */ + +static void +disassociate(dns_rdataset_t *rdataset) { + dns_dbnode_t *node = rdataset->private5; + dns_sdlznode_t *sdlznode = (dns_sdlznode_t *) node; + dns_db_t *db = (dns_db_t *) sdlznode->sdlz; + + detachnode(db, &node); + isc__rdatalist_disassociate(rdataset); +} + +static void +rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target) { + dns_dbnode_t *node = source->private5; + dns_sdlznode_t *sdlznode = (dns_sdlznode_t *) node; + dns_db_t *db = (dns_db_t *) sdlznode->sdlz; + dns_dbnode_t *tempdb = NULL; + + isc__rdatalist_clone(source, target); + attachnode(db, node, &tempdb); + source->private5 = tempdb; +} + +static dns_rdatasetmethods_t rdataset_methods = { + disassociate, + isc__rdatalist_first, + isc__rdatalist_next, + isc__rdatalist_current, + rdataset_clone, + isc__rdatalist_count, + isc__rdatalist_addnoqname, + isc__rdatalist_getnoqname, + NULL, + NULL, + NULL +}; + +static void +list_tordataset(dns_rdatalist_t *rdatalist, + dns_db_t *db, dns_dbnode_t *node, + dns_rdataset_t *rdataset) +{ + /* + * The sdlz rdataset is an rdatalist with some additions. + * - private1 & private2 are used by the rdatalist. + * - private3 & private 4 are unused. + * - private5 is the node. + */ + + /* This should never fail. */ + RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset) == + ISC_R_SUCCESS); + + rdataset->methods = &rdataset_methods; + dns_db_attachnode(db, node, &rdataset->private5); +} + +/* + * SDLZ core methods. This is the core of the new DLZ functionality. + */ + +/*% + * Build a 'bind' database driver structure to be returned by + * either the find zone or the allow zone transfer method. + * This method is only available in this source file, it is + * not made available anywhere else. + */ + +static isc_result_t +dns_sdlzcreateDBP(isc_mem_t *mctx, void *driverarg, void *dbdata, + dns_name_t *name, dns_rdataclass_t rdclass, dns_db_t **dbp) +{ + isc_result_t result; + dns_sdlz_db_t *sdlzdb; + dns_sdlzimplementation_t *imp; + + /* check that things are as we expect */ + REQUIRE(dbp != NULL && *dbp == NULL); + REQUIRE(name != NULL); + + imp = (dns_sdlzimplementation_t *) driverarg; + + /* allocate and zero memory for driver structure */ + sdlzdb = isc_mem_get(mctx, sizeof(dns_sdlz_db_t)); + if (sdlzdb == NULL) + return (ISC_R_NOMEMORY); + memset(sdlzdb, 0, sizeof(dns_sdlz_db_t)); + + /* initialize and set origin */ + dns_name_init(&sdlzdb->common.origin, NULL); + result = dns_name_dupwithoffsets(name, mctx, &sdlzdb->common.origin); + if (result != ISC_R_SUCCESS) + goto mem_cleanup; + + /* initialize the reference count mutex */ + result = isc_mutex_init(&sdlzdb->refcnt_lock); + if (result != ISC_R_SUCCESS) + goto name_cleanup; + + /* set the rest of the database structure attributes */ + sdlzdb->dlzimp = imp; + sdlzdb->common.methods = &sdlzdb_methods; + sdlzdb->common.attributes = 0; + sdlzdb->common.rdclass = rdclass; + sdlzdb->common.mctx = NULL; + sdlzdb->dbdata = dbdata; + sdlzdb->references = 1; + + /* attach to the memory context */ + isc_mem_attach(mctx, &sdlzdb->common.mctx); + + /* mark structure as valid */ + sdlzdb->common.magic = DNS_DB_MAGIC; + sdlzdb->common.impmagic = SDLZDB_MAGIC; + *dbp = (dns_db_t *) sdlzdb; + + return (result); + + /* + * reference count mutex could not be initialized, clean up + * name memory + */ + name_cleanup: + dns_name_free(&sdlzdb->common.origin, mctx); + mem_cleanup: + isc_mem_put(mctx, sdlzdb, sizeof(dns_sdlz_db_t)); + return (result); +} + +static isc_result_t +dns_sdlzallowzonexfr(void *driverarg, void *dbdata, isc_mem_t *mctx, + dns_rdataclass_t rdclass, dns_name_t *name, + isc_sockaddr_t *clientaddr, dns_db_t **dbp) +{ + isc_buffer_t b; + isc_buffer_t b2; + char namestr[DNS_NAME_MAXTEXT + 1]; + char clientstr[(sizeof "xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255") + + 1]; + isc_netaddr_t netaddr; + isc_result_t result; + dns_sdlzimplementation_t *imp; + + /* + * Perform checks to make sure data is as we expect it to be. + */ + REQUIRE(driverarg != NULL); + REQUIRE(name != NULL); + REQUIRE(clientaddr != NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + + imp = (dns_sdlzimplementation_t *) driverarg; + + /* Convert DNS name to ascii text */ + isc_buffer_init(&b, namestr, sizeof(namestr)); + result = dns_name_totext(name, ISC_TRUE, &b); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_putuint8(&b, 0); + + /* convert client address to ascii text */ + isc_buffer_init(&b2, clientstr, sizeof(clientstr)); + isc_netaddr_fromsockaddr(&netaddr, clientaddr); + result = isc_netaddr_totext(&netaddr, &b2); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_putuint8(&b2, 0); + + /* make sure strings are always lowercase */ + dns_sdlz_tolower(namestr); + dns_sdlz_tolower(clientstr); + + /* Call SDLZ driver's find zone method */ + if (imp->methods->allowzonexfr != NULL) { + MAYBE_LOCK(imp); + result = imp->methods->allowzonexfr(imp->driverarg, dbdata, + namestr, clientstr); + MAYBE_UNLOCK(imp); + /* + * if zone is supported and transfers allowed build a 'bind' + * database driver + */ + if (result == ISC_R_SUCCESS) + result = dns_sdlzcreateDBP(mctx, driverarg, dbdata, + name, rdclass, dbp); + return (result); + } + + return (ISC_R_NOTIMPLEMENTED); +} + +static isc_result_t +dns_sdlzcreate(isc_mem_t *mctx, const char *dlzname, unsigned int argc, + char *argv[], void *driverarg, void **dbdata) +{ + dns_sdlzimplementation_t *imp; + isc_result_t result = ISC_R_NOTFOUND; + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Loading SDLZ driver."); + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(driverarg != NULL); + REQUIRE(dlzname != NULL); + REQUIRE(dbdata != NULL); + UNUSED(mctx); + + imp = driverarg; + + /* If the create method exists, call it. */ + if (imp->methods->create != NULL) { + MAYBE_LOCK(imp); + result = imp->methods->create(dlzname, argc, argv, + imp->driverarg, dbdata); + MAYBE_UNLOCK(imp); + } + + /* Write debugging message to log */ + if (result == ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "SDLZ driver loaded successfully."); + } else { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_ERROR, + "SDLZ driver failed to load."); + } + + return (result); +} + +static void +dns_sdlzdestroy(void *driverdata, void **dbdata) +{ + + dns_sdlzimplementation_t *imp; + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Unloading SDLZ driver."); + + imp = driverdata; + + /* If the destroy method exists, call it. */ + if (imp->methods->destroy != NULL) { + MAYBE_LOCK(imp); + imp->methods->destroy(imp->driverarg, dbdata); + MAYBE_UNLOCK(imp); + } +} + +static isc_result_t +dns_sdlzfindzone(void *driverarg, void *dbdata, isc_mem_t *mctx, + dns_rdataclass_t rdclass, dns_name_t *name, dns_db_t **dbp) +{ + isc_buffer_t b; + char namestr[DNS_NAME_MAXTEXT + 1]; + isc_result_t result; + dns_sdlzimplementation_t *imp; + + /* + * Perform checks to make sure data is as we expect it to be. + */ + REQUIRE(driverarg != NULL); + REQUIRE(name != NULL); + REQUIRE(dbp != NULL && *dbp == NULL); + + imp = (dns_sdlzimplementation_t *) driverarg; + + /* Convert DNS name to ascii text */ + isc_buffer_init(&b, namestr, sizeof(namestr)); + result = dns_name_totext(name, ISC_TRUE, &b); + if (result != ISC_R_SUCCESS) + return (result); + isc_buffer_putuint8(&b, 0); + + /* make sure strings are always lowercase */ + dns_sdlz_tolower(namestr); + + /* Call SDLZ driver's find zone method */ + MAYBE_LOCK(imp); + result = imp->methods->findzone(imp->driverarg, dbdata, namestr); + MAYBE_UNLOCK(imp); + + /* + * if zone is supported build a 'bind' database driver + * structure to return + */ + if (result == ISC_R_SUCCESS) + result = dns_sdlzcreateDBP(mctx, driverarg, dbdata, name, + rdclass, dbp); + + return (result); +} + +static dns_dlzmethods_t sdlzmethods = { + dns_sdlzcreate, + dns_sdlzdestroy, + dns_sdlzfindzone, + dns_sdlzallowzonexfr +}; + +/* + * Public functions. + */ + +isc_result_t +dns_sdlz_putrr(dns_sdlzlookup_t *lookup, const char *type, dns_ttl_t ttl, + const char *data) +{ + dns_rdatalist_t *rdatalist; + dns_rdata_t *rdata; + dns_rdatatype_t typeval; + isc_consttextregion_t r; + isc_buffer_t b; + isc_buffer_t *rdatabuf = NULL; + isc_lex_t *lex; + isc_result_t result; + unsigned int size; + isc_mem_t *mctx; + dns_name_t *origin; + + REQUIRE(VALID_SDLZLOOKUP(lookup)); + REQUIRE(type != NULL); + REQUIRE(data != NULL); + + mctx = lookup->sdlz->common.mctx; + + r.base = type; + r.length = strlen(type); + result = dns_rdatatype_fromtext(&typeval, (void *) &r); + if (result != ISC_R_SUCCESS) + return (result); + + rdatalist = ISC_LIST_HEAD(lookup->lists); + while (rdatalist != NULL) { + if (rdatalist->type == typeval) + break; + rdatalist = ISC_LIST_NEXT(rdatalist, link); + } + + if (rdatalist == NULL) { + rdatalist = isc_mem_get(mctx, sizeof(dns_rdatalist_t)); + if (rdatalist == NULL) + return (ISC_R_NOMEMORY); + rdatalist->rdclass = lookup->sdlz->common.rdclass; + rdatalist->type = typeval; + rdatalist->covers = 0; + rdatalist->ttl = ttl; + ISC_LIST_INIT(rdatalist->rdata); + ISC_LINK_INIT(rdatalist, link); + ISC_LIST_APPEND(lookup->lists, rdatalist, link); + } else + if (rdatalist->ttl != ttl) + return (DNS_R_BADTTL); + + rdata = isc_mem_get(mctx, sizeof(dns_rdata_t)); + if (rdata == NULL) + return (ISC_R_NOMEMORY); + dns_rdata_init(rdata); + + if ((lookup->sdlz->dlzimp->flags & DNS_SDLZFLAG_RELATIVERDATA) != 0) + origin = &lookup->sdlz->common.origin; + else + origin = dns_rootname; + + lex = NULL; + result = isc_lex_create(mctx, 64, &lex); + if (result != ISC_R_SUCCESS) + goto failure; + + size = initial_size(data); + do { + isc_buffer_init(&b, data, strlen(data)); + isc_buffer_add(&b, strlen(data)); + + result = isc_lex_openbuffer(lex, &b); + if (result != ISC_R_SUCCESS) + goto failure; + + rdatabuf = NULL; + result = isc_buffer_allocate(mctx, &rdatabuf, size); + if (result != ISC_R_SUCCESS) + goto failure; + + result = dns_rdata_fromtext(rdata, rdatalist->rdclass, + rdatalist->type, lex, + origin, ISC_FALSE, + mctx, rdatabuf, + &lookup->callbacks); + if (result != ISC_R_SUCCESS) + isc_buffer_free(&rdatabuf); + size *= 2; + } while (result == ISC_R_NOSPACE); + + if (result != ISC_R_SUCCESS) + goto failure; + + ISC_LIST_APPEND(rdatalist->rdata, rdata, link); + ISC_LIST_APPEND(lookup->buffers, rdatabuf, link); + + if (lex != NULL) + isc_lex_destroy(&lex); + + return (ISC_R_SUCCESS); + + failure: + if (rdatabuf != NULL) + isc_buffer_free(&rdatabuf); + if (lex != NULL) + isc_lex_destroy(&lex); + isc_mem_put(mctx, rdata, sizeof(dns_rdata_t)); + + return (result); +} + +isc_result_t +dns_sdlz_putnamedrr(dns_sdlzallnodes_t *allnodes, const char *name, + const char *type, dns_ttl_t ttl, const char *data) +{ + dns_name_t *newname, *origin; + dns_fixedname_t fnewname; + dns_sdlz_db_t *sdlz = (dns_sdlz_db_t *)allnodes->common.db; + dns_sdlznode_t *sdlznode; + isc_mem_t *mctx = sdlz->common.mctx; + isc_buffer_t b; + isc_result_t result; + + dns_fixedname_init(&fnewname); + newname = dns_fixedname_name(&fnewname); + + if ((sdlz->dlzimp->flags & DNS_SDLZFLAG_RELATIVERDATA) != 0) + origin = &sdlz->common.origin; + else + origin = dns_rootname; + isc_buffer_init(&b, name, strlen(name)); + isc_buffer_add(&b, strlen(name)); + + result = dns_name_fromtext(newname, &b, origin, ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + if (allnodes->common.relative_names) { + /* All names are relative to the root */ + unsigned int nlabels = dns_name_countlabels(newname); + dns_name_getlabelsequence(newname, 0, nlabels - 1, newname); + } + + sdlznode = ISC_LIST_HEAD(allnodes->nodelist); + if (sdlznode == NULL || !dns_name_equal(sdlznode->name, newname)) { + sdlznode = NULL; + result = createnode(sdlz, &sdlznode); + if (result != ISC_R_SUCCESS) + return (result); + sdlznode->name = isc_mem_get(mctx, sizeof(dns_name_t)); + if (sdlznode->name == NULL) { + destroynode(sdlznode); + return (ISC_R_NOMEMORY); + } + dns_name_init(sdlznode->name, NULL); + result = dns_name_dup(newname, mctx, sdlznode->name); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, sdlznode->name, sizeof(dns_name_t)); + destroynode(sdlznode); + return (result); + } + ISC_LIST_PREPEND(allnodes->nodelist, sdlznode, link); + if (allnodes->origin == NULL && + dns_name_equal(newname, &sdlz->common.origin)) + allnodes->origin = sdlznode; + } + return (dns_sdlz_putrr(sdlznode, type, ttl, data)); + +} + +isc_result_t +dns_sdlz_putsoa(dns_sdlzlookup_t *lookup, const char *mname, const char *rname, + isc_uint32_t serial) +{ + char str[2 * DNS_NAME_MAXTEXT + 5 * (sizeof("2147483647")) + 7]; + int n; + + REQUIRE(mname != NULL); + REQUIRE(rname != NULL); + + n = snprintf(str, sizeof str, "%s %s %u %u %u %u %u", + mname, rname, serial, + SDLZ_DEFAULT_REFRESH, SDLZ_DEFAULT_RETRY, + SDLZ_DEFAULT_EXPIRE, SDLZ_DEFAULT_MINIMUM); + if (n >= (int)sizeof(str) || n < 0) + return (ISC_R_NOSPACE); + return (dns_sdlz_putrr(lookup, "SOA", SDLZ_DEFAULT_TTL, str)); +} + +isc_result_t +dns_sdlzregister(const char *drivername, const dns_sdlzmethods_t *methods, + void *driverarg, unsigned int flags, isc_mem_t *mctx, + dns_sdlzimplementation_t **sdlzimp) +{ + + dns_sdlzimplementation_t *imp; + isc_result_t result; + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(drivername != NULL); + REQUIRE(methods != NULL); + REQUIRE(methods->findzone != NULL); + REQUIRE(methods->lookup != NULL); + REQUIRE(mctx != NULL); + REQUIRE(sdlzimp != NULL && *sdlzimp == NULL); + REQUIRE((flags & ~(DNS_SDLZFLAG_RELATIVEOWNER | + DNS_SDLZFLAG_RELATIVERDATA | + DNS_SDLZFLAG_THREADSAFE)) == 0); + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Registering SDLZ driver '%s'", drivername); + + /* + * Allocate memory for a sdlz_implementation object. Error if + * we cannot. + */ + imp = isc_mem_get(mctx, sizeof(dns_sdlzimplementation_t)); + if (imp == NULL) + return (ISC_R_NOMEMORY); + + /* Make sure memory region is set to all 0's */ + memset(imp, 0, sizeof(dns_sdlzimplementation_t)); + + /* Store the data passed into this method */ + imp->methods = methods; + imp->driverarg = driverarg; + imp->flags = flags; + imp->mctx = NULL; + + /* attach the new sdlz_implementation object to a memory context */ + isc_mem_attach(mctx, &imp->mctx); + + /* + * initialize the driver lock, error if we cannot + * (used if a driver does not support multiple threads) + */ + result = isc_mutex_init(&imp->driverlock); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_mutex_init() failed: %s", + isc_result_totext(result)); + goto cleanup_mctx; + } + + imp->dlz_imp = NULL; + + /* + * register the DLZ driver. Pass in our "extra" sdlz information as + * a driverarg. (that's why we stored the passed in driver arg in our + * sdlz_implementation structure) Also, store the dlz_implementation + * structure in our sdlz_implementation. + */ + result = dns_dlzregister(drivername, &sdlzmethods, imp, mctx, + &imp->dlz_imp); + + /* if registration fails, cleanup and get outta here. */ + if (result != ISC_R_SUCCESS) + goto cleanup_mutex; + + *sdlzimp = imp; + + return (ISC_R_SUCCESS); + + cleanup_mutex: + /* destroy the driver lock, we don't need it anymore */ + DESTROYLOCK(&imp->driverlock); + + cleanup_mctx: + /* + * return the memory back to the available memory pool and + * remove it from the memory context. + */ + isc_mem_put(mctx, imp, sizeof(dns_sdlzimplementation_t)); + isc_mem_detach(&mctx); + return (result); +} + +void +dns_sdlzunregister(dns_sdlzimplementation_t **sdlzimp) { + dns_sdlzimplementation_t *imp; + isc_mem_t *mctx; + + /* Write debugging message to log */ + isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(2), + "Unregistering SDLZ driver."); + + /* + * Performs checks to make sure data is as we expect it to be. + */ + REQUIRE(sdlzimp != NULL && *sdlzimp != NULL); + + imp = *sdlzimp; + + /* Unregister the DLZ driver implementation */ + dns_dlzunregister(&imp->dlz_imp); + + /* destroy the driver lock, we don't need it anymore */ + DESTROYLOCK(&imp->driverlock); + + mctx = imp->mctx; + + /* + * return the memory back to the available memory pool and + * remove it from the memory context. + */ + isc_mem_put(mctx, imp, sizeof(dns_sdlzimplementation_t)); + isc_mem_detach(&mctx); + + *sdlzimp = NULL; +} diff --git a/contrib/bind-9.3/lib/dns/soa.c b/contrib/bind-9.5.2/lib/dns/soa.c similarity index 93% rename from contrib/bind-9.3/lib/dns/soa.c rename to contrib/bind-9.5.2/lib/dns/soa.c index c0e05184c5..83a1c1790e 100644 --- a/contrib/bind-9.3/lib/dns/soa.c +++ b/contrib/bind-9.5.2/lib/dns/soa.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: soa.c,v 1.3.206.1 2004/03/06 08:13:45 marka Exp $ */ +/* $Id: soa.c,v 1.8 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/dns/spnego.asn1 b/contrib/bind-9.5.2/lib/dns/spnego.asn1 new file mode 100644 index 0000000000..43d152bd4f --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/spnego.asn1 @@ -0,0 +1,52 @@ +-- Copyright (C) The Internet Society 2005. This version of +-- this module is part of RFC 4178; see the RFC itself for +-- full legal notices. + +-- (The above copyright notice is per RFC 3978 5.6 (a), q.v.) + +-- $Id: spnego.asn1,v 1.2 2006/12/04 01:52:46 marka Exp $ + +-- This is the SPNEGO ASN.1 module from RFC 4178, tweaked +-- to get the Heimdal ASN.1 compiler to accept it. + +SPNEGOASNOneSpec DEFINITIONS ::= BEGIN + +MechType ::= OBJECT IDENTIFIER + +MechTypeList ::= SEQUENCE OF MechType + +ContextFlags ::= BIT STRING { + delegFlag (0), + mutualFlag (1), + replayFlag (2), + sequenceFlag (3), + anonFlag (4), + confFlag (5), + integFlag (6) +} + +NegTokenInit ::= SEQUENCE { + mechTypes [0] MechTypeList, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL +} + +NegTokenResp ::= SEQUENCE { + negState [0] ENUMERATED { + accept-completed (0), + accept-incomplete (1), + reject (2), + request-mic (3) + } OPTIONAL, + supportedMech [1] MechType OPTIONAL, + responseToken [2] OCTET STRING OPTIONAL, + mechListMIC [3] OCTET STRING OPTIONAL +} + +NegotiationToken ::= CHOICE { + negTokenInit [0] NegTokenInit, + negTokenResp [1] NegTokenResp +} + +END diff --git a/contrib/bind-9.5.2/lib/dns/spnego.c b/contrib/bind-9.5.2/lib/dns/spnego.c new file mode 100644 index 0000000000..0233a2babd --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/spnego.c @@ -0,0 +1,1788 @@ +/* + * Copyright (C) 2006-2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: spnego.c,v 1.5.128.7 2009/07/21 07:29:23 marka Exp $ */ + +/*! \file + * \brief + * Portable SPNEGO implementation. + * + * This is part of a portable implementation of the SPNEGO protocol + * (RFCs 2478 and 4178). This implementation uses the RFC 4178 ASN.1 + * module but is not a full implementation of the RFC 4178 protocol; + * at the moment, we only support GSS-TSIG with Kerberos + * authentication, so we only need enough of the SPNEGO protocol to + * support that. + * + * The files that make up this portable SPNEGO implementation are: + * \li spnego.c (this file) + * \li spnego.h (API SPNEGO exports to the rest of lib/dns) + * \li spnego.asn1 (SPNEGO ASN.1 module) + * \li spnego_asn1.c (routines generated from spngo.asn1) + * \li spnego_asn1.pl (perl script to generate spnego_asn1.c) + * + * Everything but the functions exported in spnego.h is static, to + * avoid possible conflicts with other libraries (particularly Heimdal, + * since much of this code comes from Heimdal by way of mod_auth_kerb). + * + * spnego_asn1.c is shipped as part of lib/dns because generating it + * requires both Perl and the Heimdal ASN.1 compiler. See + * spnego_asn1.pl for further details. We've tried to eliminate all + * compiler warnings from the generated code, but you may see a few + * when using a compiler version we haven't tested yet. + */ + +/* + * Portions of this code were derived from mod_auth_kerb and Heimdal. + * These packages are available from: + * + * http://modauthkerb.sourceforge.net/ + * http://www.pdc.kth.se/heimdal/ + * + * and were released under the following licenses: + * + * ---------------------------------------------------------------- + * + * Copyright (c) 2004 Masarykova universita + * (Masaryk University, Brno, Czech Republic) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the University nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * ---------------------------------------------------------------- + * + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * XXXSRA We should omit this file entirely in Makefile.in via autoconf, + * but this will keep it from generating errors until that's written. + */ + +#ifdef GSSAPI + +/* + * XXXSRA Some of the following files are almost certainly unnecessary, + * but using this list (borrowed from gssapictx.c) gets rid of some + * whacky compilation errors when building with MSVC and should be + * harmless in any case. + */ + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "dst_internal.h" + +/* + * The API we export + */ +#include "spnego.h" + +/* asn1_err.h */ +/* Generated from ../../../lib/asn1/asn1_err.et */ + +typedef enum asn1_error_number { + ASN1_BAD_TIMEFORMAT = 1859794432, + ASN1_MISSING_FIELD = 1859794433, + ASN1_MISPLACED_FIELD = 1859794434, + ASN1_TYPE_MISMATCH = 1859794435, + ASN1_OVERFLOW = 1859794436, + ASN1_OVERRUN = 1859794437, + ASN1_BAD_ID = 1859794438, + ASN1_BAD_LENGTH = 1859794439, + ASN1_BAD_FORMAT = 1859794440, + ASN1_PARSE_ERROR = 1859794441 +} asn1_error_number; + +#define ERROR_TABLE_BASE_asn1 1859794432 + +#define __asn1_common_definitions__ + +typedef struct octet_string { + size_t length; + void *data; +} octet_string; + +typedef char *general_string; + +typedef char *utf8_string; + +typedef struct oid { + size_t length; + unsigned *components; +} oid; + +/* der.h */ + +typedef enum { + ASN1_C_UNIV = 0, ASN1_C_APPL = 1, + ASN1_C_CONTEXT = 2, ASN1_C_PRIVATE = 3 +} Der_class; + +typedef enum { + PRIM = 0, CONS = 1 +} Der_type; + +/* Universal tags */ + +enum { + UT_Boolean = 1, + UT_Integer = 2, + UT_BitString = 3, + UT_OctetString = 4, + UT_Null = 5, + UT_OID = 6, + UT_Enumerated = 10, + UT_Sequence = 16, + UT_Set = 17, + UT_PrintableString = 19, + UT_IA5String = 22, + UT_UTCTime = 23, + UT_GeneralizedTime = 24, + UT_VisibleString = 26, + UT_GeneralString = 27 +}; + +#define ASN1_INDEFINITE 0xdce0deed + +static int +der_get_length(const unsigned char *p, size_t len, + size_t * val, size_t * size); + +static int +der_get_octet_string(const unsigned char *p, size_t len, + octet_string * data, size_t * size); +static int +der_get_oid(const unsigned char *p, size_t len, + oid * data, size_t * size); +static int +der_get_tag(const unsigned char *p, size_t len, + Der_class * class, Der_type * type, + int *tag, size_t * size); + +static int +der_match_tag(const unsigned char *p, size_t len, + Der_class class, Der_type type, + int tag, size_t * size); +static int +der_match_tag_and_length(const unsigned char *p, size_t len, + Der_class class, Der_type type, int tag, + size_t * length_ret, size_t * size); + +static int +decode_oid(const unsigned char *p, size_t len, + oid * k, size_t * size); + +static int +decode_enumerated(const unsigned char *p, size_t len, void *num, size_t *size); + +static int +decode_octet_string(const unsigned char *, size_t, octet_string *, size_t *); + +static int +der_put_int(unsigned char *p, size_t len, int val, size_t *); + +static int +der_put_length(unsigned char *p, size_t len, size_t val, size_t *); + +static int +der_put_octet_string(unsigned char *p, size_t len, + const octet_string * data, size_t *); +static int +der_put_oid(unsigned char *p, size_t len, + const oid * data, size_t * size); +static int +der_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type, + int tag, size_t *); +static int +der_put_length_and_tag(unsigned char *, size_t, size_t, + Der_class, Der_type, int, size_t *); + +static int +encode_enumerated(unsigned char *p, size_t len, const void *data, size_t *); + +static int +encode_octet_string(unsigned char *p, size_t len, + const octet_string * k, size_t *); +static int +encode_oid(unsigned char *p, size_t len, + const oid * k, size_t *); + +static void +free_octet_string(octet_string * k); + +static void +free_oid (oid * k); + +static size_t +length_len(size_t len); + +static int +fix_dce(size_t reallen, size_t * len); + +/* + * Include stuff generated by the ASN.1 compiler. + */ + +#include "spnego_asn1.c" + +static unsigned char gss_krb5_mech_oid_bytes[] = { + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 +}; + +static gss_OID_desc gss_krb5_mech_oid_desc = { + sizeof(gss_krb5_mech_oid_bytes), + gss_krb5_mech_oid_bytes +}; + +static gss_OID GSS_KRB5_MECH = &gss_krb5_mech_oid_desc; + +static unsigned char gss_mskrb5_mech_oid_bytes[] = { + 0x2a, 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02 +}; + +static gss_OID_desc gss_mskrb5_mech_oid_desc = { + sizeof(gss_mskrb5_mech_oid_bytes), + gss_mskrb5_mech_oid_bytes +}; + +static gss_OID GSS_MSKRB5_MECH = &gss_mskrb5_mech_oid_desc; + +static unsigned char gss_spnego_mech_oid_bytes[] = { + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 +}; + +static gss_OID_desc gss_spnego_mech_oid_desc = { + sizeof(gss_spnego_mech_oid_bytes), + gss_spnego_mech_oid_bytes +}; + +static gss_OID GSS_SPNEGO_MECH = &gss_spnego_mech_oid_desc; + +/* spnegokrb5_locl.h */ + +static OM_uint32 +gssapi_spnego_encapsulate(OM_uint32 *, + unsigned char *, + size_t, + gss_buffer_t, + const gss_OID); + +static OM_uint32 +gssapi_spnego_decapsulate(OM_uint32 *, + gss_buffer_t, + unsigned char **, + size_t *, + const gss_OID); + +/* mod_auth_kerb.c */ + +static int +cmp_gss_type(gss_buffer_t token, gss_OID oid) +{ + unsigned char *p; + size_t len; + + if (token->length == 0) + return (GSS_S_DEFECTIVE_TOKEN); + + p = token->value; + if (*p++ != 0x60) + return (GSS_S_DEFECTIVE_TOKEN); + len = *p++; + if (len & 0x80) { + if ((len & 0x7f) > 4) + return (GSS_S_DEFECTIVE_TOKEN); + p += len & 0x7f; + } + if (*p++ != 0x06) + return (GSS_S_DEFECTIVE_TOKEN); + + if (((OM_uint32) *p++) != oid->length) + return (GSS_S_DEFECTIVE_TOKEN); + + return (memcmp(p, oid->elements, oid->length)); +} + +/* accept_sec_context.c */ +/* + * SPNEGO wrapper for Kerberos5 GSS-API kouril@ics.muni.cz, 2003 (mostly + * based on Heimdal code) + */ + +static OM_uint32 +code_NegTokenArg(OM_uint32 * minor_status, + const NegTokenResp * resp, + unsigned char **outbuf, + size_t * outbuf_size) +{ + OM_uint32 ret; + u_char *buf; + size_t buf_size, buf_len; + + buf_size = 1024; + buf = malloc(buf_size); + if (buf == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + do { + ret = encode_NegTokenResp(buf + buf_size - 1, + buf_size, + resp, &buf_len); + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - buf_len - 1, + buf_size - buf_len, + buf_len, + ASN1_C_CONTEXT, + CONS, + 1, + &tmp); + if (ret == 0) + buf_len += tmp; + } + if (ret) { + if (ret == ASN1_OVERFLOW) { + u_char *tmp; + + buf_size *= 2; + tmp = realloc(buf, buf_size); + if (tmp == NULL) { + *minor_status = ENOMEM; + free(buf); + return (GSS_S_FAILURE); + } + buf = tmp; + } else { + *minor_status = ret; + free(buf); + return (GSS_S_FAILURE); + } + } + } while (ret == ASN1_OVERFLOW); + + *outbuf = malloc(buf_len); + if (*outbuf == NULL) { + *minor_status = ENOMEM; + free(buf); + return (GSS_S_FAILURE); + } + memcpy(*outbuf, buf + buf_size - buf_len, buf_len); + *outbuf_size = buf_len; + + free(buf); + + return (GSS_S_COMPLETE); +} + +static OM_uint32 +send_reject(OM_uint32 * minor_status, + gss_buffer_t output_token) +{ + NegTokenResp resp; + OM_uint32 ret; + + resp.negState = malloc(sizeof(*resp.negState)); + if (resp.negState == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + *(resp.negState) = reject; + + resp.supportedMech = NULL; + resp.responseToken = NULL; + resp.mechListMIC = NULL; + + ret = code_NegTokenArg(minor_status, &resp, + (unsigned char **)&output_token->value, + &output_token->length); + free_NegTokenResp(&resp); + if (ret) + return (ret); + + return (GSS_S_BAD_MECH); +} + +static OM_uint32 +send_accept(OM_uint32 * minor_status, + gss_buffer_t output_token, + gss_buffer_t mech_token, + const gss_OID pref) +{ + NegTokenResp resp; + OM_uint32 ret; + + memset(&resp, 0, sizeof(resp)); + resp.negState = malloc(sizeof(*resp.negState)); + if (resp.negState == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + *(resp.negState) = accept_completed; + + resp.supportedMech = malloc(sizeof(*resp.supportedMech)); + if (resp.supportedMech == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + ret = der_get_oid(pref->elements, + pref->length, + resp.supportedMech, + NULL); + if (ret) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + if (mech_token != NULL && mech_token->length != 0) { + resp.responseToken = malloc(sizeof(*resp.responseToken)); + if (resp.responseToken == NULL) { + free_NegTokenResp(&resp); + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + resp.responseToken->length = mech_token->length; + resp.responseToken->data = mech_token->value; + } + + ret = code_NegTokenArg(minor_status, &resp, + (unsigned char **)&output_token->value, + &output_token->length); + if (resp.responseToken != NULL) { + free(resp.responseToken); + resp.responseToken = NULL; + } + free_NegTokenResp(&resp); + if (ret) + return (ret); + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gss_accept_sec_context_spnego(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle) +{ + NegTokenInit init_token; + OM_uint32 major_status; + OM_uint32 minor_status2; + gss_buffer_desc ibuf, obuf; + gss_buffer_t ot = NULL; + gss_OID pref = GSS_KRB5_MECH; + unsigned char *buf; + size_t buf_size; + size_t len, taglen, ni_len; + int found = 0; + int ret; + unsigned i; + + /* + * Before doing anything else, see whether this is a SPNEGO + * PDU. If not, dispatch to the GSSAPI library and get out. + */ + + if (cmp_gss_type(input_token_buffer, GSS_SPNEGO_MECH)) + return (gss_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle)); + + /* + * If we get here, it's SPNEGO. + */ + + memset(&init_token, 0, sizeof(init_token)); + + ret = gssapi_spnego_decapsulate(minor_status, input_token_buffer, + &buf, &buf_size, GSS_SPNEGO_MECH); + if (ret) + return (ret); + + ret = der_match_tag_and_length(buf, buf_size, ASN1_C_CONTEXT, CONS, + 0, &len, &taglen); + if (ret) + return (ret); + + ret = decode_NegTokenInit(buf + taglen, len, &init_token, &ni_len); + if (ret) { + *minor_status = EINVAL; /* XXX */ + return (GSS_S_DEFECTIVE_TOKEN); + } + + for (i = 0; !found && i < init_token.mechTypes.len; ++i) { + unsigned char mechbuf[17]; + size_t mech_len; + + ret = der_put_oid(mechbuf + sizeof(mechbuf) - 1, + sizeof(mechbuf), + &init_token.mechTypes.val[i], + &mech_len); + if (ret) + return (GSS_S_DEFECTIVE_TOKEN); + if (mech_len == GSS_KRB5_MECH->length && + memcmp(GSS_KRB5_MECH->elements, + mechbuf + sizeof(mechbuf) - mech_len, + mech_len) == 0) { + found = 1; + break; + } + if (mech_len == GSS_MSKRB5_MECH->length && + memcmp(GSS_MSKRB5_MECH->elements, + mechbuf + sizeof(mechbuf) - mech_len, + mech_len) == 0) { + found = 1; + if (i == 0) + pref = GSS_MSKRB5_MECH; + break; + } + } + + if (!found) + return (send_reject(minor_status, output_token)); + + if (i == 0 && init_token.mechToken != NULL) { + ibuf.length = init_token.mechToken->length; + ibuf.value = init_token.mechToken->data; + + major_status = gss_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + &ibuf, + input_chan_bindings, + src_name, + mech_type, + &obuf, + ret_flags, + time_rec, + delegated_cred_handle); + if (GSS_ERROR(major_status)) { + send_reject(&minor_status2, output_token); + return (major_status); + } + ot = &obuf; + } + ret = send_accept(&minor_status2, output_token, ot, pref); + if (ot != NULL && ot->length != 0) + gss_release_buffer(&minor_status2, ot); + + return (ret); +} + +/* decapsulate.c */ + +static OM_uint32 +gssapi_verify_mech_header(u_char ** str, + size_t total_len, + const gss_OID mech) +{ + size_t len, len_len, mech_len, foo; + int e; + u_char *p = *str; + + if (total_len < 1) + return (GSS_S_DEFECTIVE_TOKEN); + if (*p++ != 0x60) + return (GSS_S_DEFECTIVE_TOKEN); + e = der_get_length(p, total_len - 1, &len, &len_len); + if (e || 1 + len_len + len != total_len) + return (GSS_S_DEFECTIVE_TOKEN); + p += len_len; + if (*p++ != 0x06) + return (GSS_S_DEFECTIVE_TOKEN); + e = der_get_length(p, total_len - 1 - len_len - 1, + &mech_len, &foo); + if (e) + return (GSS_S_DEFECTIVE_TOKEN); + p += foo; + if (mech_len != mech->length) + return (GSS_S_BAD_MECH); + if (memcmp(p, mech->elements, mech->length) != 0) + return (GSS_S_BAD_MECH); + p += mech_len; + *str = p; + return (GSS_S_COMPLETE); +} + +/* + * Remove the GSS-API wrapping from `in_token' giving `buf and buf_size' Does + * not copy data, so just free `in_token'. + */ + +static OM_uint32 +gssapi_spnego_decapsulate(OM_uint32 *minor_status, + gss_buffer_t input_token_buffer, + unsigned char **buf, + size_t *buf_len, + const gss_OID mech) +{ + u_char *p; + OM_uint32 ret; + + p = input_token_buffer->value; + ret = gssapi_verify_mech_header(&p, + input_token_buffer->length, + mech); + if (ret) { + *minor_status = ret; + return (GSS_S_FAILURE); + } + *buf_len = input_token_buffer->length - + (p - (u_char *) input_token_buffer->value); + *buf = p; + return (GSS_S_COMPLETE); +} + +/* der_free.c */ + +static void +free_octet_string(octet_string *k) +{ + free(k->data); + k->data = NULL; +} + +static void +free_oid(oid *k) +{ + free(k->components); + k->components = NULL; +} + +/* der_get.c */ + +/* + * All decoding functions take a pointer `p' to first position in which to + * read, from the left, `len' which means the maximum number of characters we + * are able to read, `ret' were the value will be returned and `size' where + * the number of used bytes is stored. Either 0 or an error code is returned. + */ + +static int +der_get_unsigned(const unsigned char *p, size_t len, + unsigned *ret, size_t *size) +{ + unsigned val = 0; + size_t oldlen = len; + + while (len--) + val = val * 256 + *p++; + *ret = val; + if (size) + *size = oldlen; + return (0); +} + +static int +der_get_int(const unsigned char *p, size_t len, + int *ret, size_t *size) +{ + int val = 0; + size_t oldlen = len; + + if (len > 0) { + val = (signed char)*p++; + while (--len) + val = val * 256 + *p++; + } + *ret = val; + if (size) + *size = oldlen; + return (0); +} + +static int +der_get_length(const unsigned char *p, size_t len, + size_t *val, size_t *size) +{ + size_t v; + + if (len <= 0) + return (ASN1_OVERRUN); + --len; + v = *p++; + if (v < 128) { + *val = v; + if (size) + *size = 1; + } else { + int e; + size_t l; + unsigned tmp; + + if (v == 0x80) { + *val = ASN1_INDEFINITE; + if (size) + *size = 1; + return (0); + } + v &= 0x7F; + if (len < v) + return (ASN1_OVERRUN); + e = der_get_unsigned(p, v, &tmp, &l); + if (e) + return (e); + *val = tmp; + if (size) + *size = l + 1; + } + return (0); +} + +static int +der_get_octet_string(const unsigned char *p, size_t len, + octet_string *data, size_t *size) +{ + data->length = len; + data->data = malloc(len); + if (data->data == NULL && data->length != 0) + return (ENOMEM); + memcpy(data->data, p, len); + if (size) + *size = len; + return (0); +} + +static int +der_get_oid(const unsigned char *p, size_t len, + oid *data, size_t *size) +{ + int n; + size_t oldlen = len; + + if (len < 1) + return (ASN1_OVERRUN); + + data->components = malloc(len * sizeof(*data->components)); + if (data->components == NULL && len != 0) + return (ENOMEM); + data->components[0] = (*p) / 40; + data->components[1] = (*p) % 40; + --len; + ++p; + for (n = 2; len > 0; ++n) { + unsigned u = 0; + + do { + --len; + u = u * 128 + (*p++ % 128); + } while (len > 0 && p[-1] & 0x80); + data->components[n] = u; + } + if (p[-1] & 0x80) { + free_oid(data); + return (ASN1_OVERRUN); + } + data->length = n; + if (size) + *size = oldlen; + return (0); +} + +static int +der_get_tag(const unsigned char *p, size_t len, + Der_class *class, Der_type *type, + int *tag, size_t *size) +{ + if (len < 1) + return (ASN1_OVERRUN); + *class = (Der_class) (((*p) >> 6) & 0x03); + *type = (Der_type) (((*p) >> 5) & 0x01); + *tag = (*p) & 0x1F; + if (size) + *size = 1; + return (0); +} + +static int +der_match_tag(const unsigned char *p, size_t len, + Der_class class, Der_type type, + int tag, size_t *size) +{ + size_t l; + Der_class thisclass; + Der_type thistype; + int thistag; + int e; + + e = der_get_tag(p, len, &thisclass, &thistype, &thistag, &l); + if (e) + return (e); + if (class != thisclass || type != thistype) + return (ASN1_BAD_ID); + if (tag > thistag) + return (ASN1_MISPLACED_FIELD); + if (tag < thistag) + return (ASN1_MISSING_FIELD); + if (size) + *size = l; + return (0); +} + +static int +der_match_tag_and_length(const unsigned char *p, size_t len, + Der_class class, Der_type type, int tag, + size_t *length_ret, size_t *size) +{ + size_t l, ret = 0; + int e; + + e = der_match_tag(p, len, class, type, tag, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, length_ret, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + if (size) + *size = ret; + return (0); +} + +static int +decode_enumerated(const unsigned char *p, size_t len, void *num, size_t *size) +{ + size_t ret = 0; + size_t l, reallen; + int e; + + e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_Enumerated, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &reallen, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + e = der_get_int(p, reallen, num, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + if (size) + *size = ret; + return (0); +} + +static int +decode_octet_string(const unsigned char *p, size_t len, + octet_string *k, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + size_t slen; + + e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OctetString, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + + e = der_get_length(p, len, &slen, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + if (len < slen) + return (ASN1_OVERRUN); + + e = der_get_octet_string(p, slen, k, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + if (size) + *size = ret; + return (0); +} + +static int +decode_oid(const unsigned char *p, size_t len, + oid *k, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + size_t slen; + + e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OID, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + + e = der_get_length(p, len, &slen, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + if (len < slen) + return (ASN1_OVERRUN); + + e = der_get_oid(p, slen, k, &l); + if (e) + return (e); + p += l; + len -= l; + ret += l; + if (size) + *size = ret; + return (0); +} + +static int +fix_dce(size_t reallen, size_t *len) +{ + if (reallen == ASN1_INDEFINITE) + return (1); + if (*len < reallen) + return (-1); + *len = reallen; + return (0); +} + +/* der_length.c */ + +static size_t +len_unsigned(unsigned val) +{ + size_t ret = 0; + + do { + ++ret; + val /= 256; + } while (val); + return (ret); +} + +static size_t +length_len(size_t len) +{ + if (len < 128) + return (1); + else + return (len_unsigned(len) + 1); +} + + +/* der_put.c */ + +/* + * All encoding functions take a pointer `p' to first position in which to + * write, from the right, `len' which means the maximum number of characters + * we are able to write. The function returns the number of characters + * written in `size' (if non-NULL). The return value is 0 or an error. + */ + +static int +der_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size) +{ + unsigned char *base = p; + + if (val) { + while (len > 0 && val) { + *p-- = val % 256; + val /= 256; + --len; + } + if (val != 0) + return (ASN1_OVERFLOW); + else { + *size = base - p; + return (0); + } + } else if (len < 1) + return (ASN1_OVERFLOW); + else { + *p = 0; + *size = 1; + return (0); + } +} + +static int +der_put_int(unsigned char *p, size_t len, int val, size_t *size) +{ + unsigned char *base = p; + + if (val >= 0) { + do { + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = val % 256; + len--; + val /= 256; + } while (val); + if (p[1] >= 128) { + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = 0; + len--; + } + } else { + val = ~val; + do { + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = ~(val % 256); + len--; + val /= 256; + } while (val); + if (p[1] < 128) { + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = 0xff; + len--; + } + } + *size = base - p; + return (0); +} + +static int +der_put_length(unsigned char *p, size_t len, size_t val, size_t *size) +{ + if (len < 1) + return (ASN1_OVERFLOW); + if (val < 128) { + *p = val; + *size = 1; + return (0); + } else { + size_t l; + int e; + + e = der_put_unsigned(p, len - 1, val, &l); + if (e) + return (e); + p -= l; + *p = 0x80 | l; + *size = l + 1; + return (0); + } +} + +static int +der_put_octet_string(unsigned char *p, size_t len, + const octet_string *data, size_t *size) +{ + if (len < data->length) + return (ASN1_OVERFLOW); + p -= data->length; + len -= data->length; + memcpy(p + 1, data->data, data->length); + *size = data->length; + return (0); +} + +static int +der_put_oid(unsigned char *p, size_t len, + const oid *data, size_t *size) +{ + unsigned char *base = p; + int n; + + for (n = data->length - 1; n >= 2; --n) { + unsigned u = data->components[n]; + + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = u % 128; + u /= 128; + --len; + while (u > 0) { + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = 128 + u % 128; + u /= 128; + --len; + } + } + if (len < 1) + return (ASN1_OVERFLOW); + *p-- = 40 * data->components[0] + data->components[1]; + *size = base - p; + return (0); +} + +static int +der_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type, + int tag, size_t *size) +{ + if (len < 1) + return (ASN1_OVERFLOW); + *p = (class << 6) | (type << 5) | tag; /* XXX */ + *size = 1; + return (0); +} + +static int +der_put_length_and_tag(unsigned char *p, size_t len, size_t len_val, + Der_class class, Der_type type, int tag, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_length(p, len, len_val, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + e = der_put_tag(p, len, class, type, tag, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + *size = ret; + return (0); +} + +static int +encode_enumerated(unsigned char *p, size_t len, const void *data, size_t *size) +{ + unsigned num = *(const unsigned *)data; + size_t ret = 0; + size_t l; + int e; + + e = der_put_int(p, len, num, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_Enumerated, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + *size = ret; + return (0); +} + +static int +encode_octet_string(unsigned char *p, size_t len, + const octet_string *k, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_octet_string(p, len, k, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_OctetString, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + *size = ret; + return (0); +} + +static int +encode_oid(unsigned char *p, size_t len, + const oid *k, size_t *size) +{ + size_t ret = 0; + size_t l; + int e; + + e = der_put_oid(p, len, k, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_OID, &l); + if (e) + return (e); + p -= l; + len -= l; + ret += l; + *size = ret; + return (0); +} + + +/* encapsulate.c */ + +static void +gssapi_encap_length(size_t data_len, + size_t *len, + size_t *total_len, + const gss_OID mech) +{ + size_t len_len; + + *len = 1 + 1 + mech->length + data_len; + + len_len = length_len(*len); + + *total_len = 1 + len_len + *len; +} + +static u_char * +gssapi_mech_make_header(u_char *p, + size_t len, + const gss_OID mech) +{ + int e; + size_t len_len, foo; + + *p++ = 0x60; + len_len = length_len(len); + e = der_put_length(p + len_len - 1, len_len, len, &foo); + if (e || foo != len_len) + return (NULL); + p += len_len; + *p++ = 0x06; + *p++ = mech->length; + memcpy(p, mech->elements, mech->length); + p += mech->length; + return (p); +} + +/* + * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. + */ + +static OM_uint32 +gssapi_spnego_encapsulate(OM_uint32 * minor_status, + unsigned char *buf, + size_t buf_size, + gss_buffer_t output_token, + const gss_OID mech) +{ + size_t len, outer_len; + u_char *p; + + gssapi_encap_length(buf_size, &len, &outer_len, mech); + + output_token->length = outer_len; + output_token->value = malloc(outer_len); + if (output_token->value == NULL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + p = gssapi_mech_make_header(output_token->value, len, mech); + if (p == NULL) { + if (output_token->length != 0) + gss_release_buffer(minor_status, output_token); + return (GSS_S_FAILURE); + } + memcpy(p, buf, buf_size); + return (GSS_S_COMPLETE); +} + +/* init_sec_context.c */ +/* + * SPNEGO wrapper for Kerberos5 GSS-API kouril@ics.muni.cz, 2003 (mostly + * based on Heimdal code) + */ + +static int +add_mech(MechTypeList * mech_list, gss_OID mech) +{ + MechType *tmp; + int ret; + + tmp = realloc(mech_list->val, (mech_list->len + 1) * sizeof(*tmp)); + if (tmp == NULL) + return (ENOMEM); + mech_list->val = tmp; + + ret = der_get_oid(mech->elements, mech->length, + &mech_list->val[mech_list->len], NULL); + if (ret) + return (ret); + + mech_list->len++; + return (0); +} + +/* + * return the length of the mechanism in token or -1 + * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN + */ + +static ssize_t +gssapi_krb5_get_mech(const u_char *ptr, + size_t total_len, + const u_char **mech_ret) +{ + size_t len, len_len, mech_len, foo; + const u_char *p = ptr; + int e; + + if (total_len < 1) + return (-1); + if (*p++ != 0x60) + return (-1); + e = der_get_length (p, total_len - 1, &len, &len_len); + if (e || 1 + len_len + len != total_len) + return (-1); + p += len_len; + if (*p++ != 0x06) + return (-1); + e = der_get_length (p, total_len - 1 - len_len - 1, + &mech_len, &foo); + if (e) + return (-1); + p += foo; + *mech_ret = p; + return (mech_len); +} + +static OM_uint32 +spnego_initial(OM_uint32 *minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t *context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + NegTokenInit token_init; + OM_uint32 major_status, minor_status2; + gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER; + unsigned char *buf = NULL; + size_t buf_size; + size_t len; + int ret; + + (void)mech_type; + + memset(&token_init, 0, sizeof(token_init)); + + ret = add_mech(&token_init.mechTypes, GSS_KRB5_MECH); + if (ret) { + *minor_status = ret; + ret = GSS_S_FAILURE; + goto end; + } + + major_status = gss_init_sec_context(minor_status, + initiator_cred_handle, + context_handle, + target_name, + GSS_KRB5_MECH, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + &krb5_output_token, + ret_flags, + time_rec); + if (GSS_ERROR(major_status)) { + ret = major_status; + goto end; + } + if (krb5_output_token.length > 0) { + token_init.mechToken = malloc(sizeof(*token_init.mechToken)); + if (token_init.mechToken == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + goto end; + } + token_init.mechToken->data = krb5_output_token.value; + token_init.mechToken->length = krb5_output_token.length; + } + /* + * The MS implementation of SPNEGO seems to not like the mechListMIC + * field, so we omit it (it's optional anyway) + */ + + buf_size = 1024; + buf = malloc(buf_size); + + do { + ret = encode_NegTokenInit(buf + buf_size - 1, + buf_size, + &token_init, &len); + if (ret == 0) { + size_t tmp; + + ret = der_put_length_and_tag(buf + buf_size - len - 1, + buf_size - len, + len, + ASN1_C_CONTEXT, + CONS, + 0, + &tmp); + if (ret == 0) + len += tmp; + } + if (ret) { + if (ret == ASN1_OVERFLOW) { + u_char *tmp; + + buf_size *= 2; + tmp = realloc(buf, buf_size); + if (tmp == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + goto end; + } + buf = tmp; + } else { + *minor_status = ret; + ret = GSS_S_FAILURE; + goto end; + } + } + } while (ret == ASN1_OVERFLOW); + + ret = gssapi_spnego_encapsulate(minor_status, + buf + buf_size - len, len, + output_token, GSS_SPNEGO_MECH); + if (ret == GSS_S_COMPLETE) + ret = major_status; + +end: + if (token_init.mechToken != NULL) { + free(token_init.mechToken); + token_init.mechToken = NULL; + } + free_NegTokenInit(&token_init); + if (krb5_output_token.length != 0) + gss_release_buffer(&minor_status2, &krb5_output_token); + if (buf) + free(buf); + + return (ret); +} + +static OM_uint32 +spnego_reply(OM_uint32 *minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t *context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + OM_uint32 ret; + NegTokenResp resp; + unsigned char *buf; + size_t buf_size; + u_char oidbuf[17]; + size_t oidlen; + gss_buffer_desc sub_token; + ssize_t mech_len; + const u_char *p; + size_t len, taglen; + + (void)mech_type; + + output_token->length = 0; + output_token->value = NULL; + + /* + * SPNEGO doesn't include gss wrapping on SubsequentContextToken + * like the Kerberos 5 mech does. But lets check for it anyway. + */ + + mech_len = gssapi_krb5_get_mech(input_token->value, + input_token->length, + &p); + + if (mech_len < 0) { + buf = input_token->value; + buf_size = input_token->length; + } else if ((size_t)mech_len == GSS_KRB5_MECH->length && + memcmp(GSS_KRB5_MECH->elements, p, mech_len) == 0) + return (gss_init_sec_context(minor_status, + initiator_cred_handle, + context_handle, + target_name, + GSS_KRB5_MECH, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec)); + else if ((size_t)mech_len == GSS_SPNEGO_MECH->length && + memcmp(GSS_SPNEGO_MECH->elements, p, mech_len) == 0) { + ret = gssapi_spnego_decapsulate(minor_status, + input_token, + &buf, + &buf_size, + GSS_SPNEGO_MECH); + if (ret) + return (ret); + } else + return (GSS_S_BAD_MECH); + + ret = der_match_tag_and_length(buf, buf_size, + ASN1_C_CONTEXT, CONS, 1, &len, &taglen); + if (ret) + return (ret); + + if(len > buf_size - taglen) + return (ASN1_OVERRUN); + + ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL); + if (ret) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + if (resp.negState == NULL || + *(resp.negState) == reject || + resp.supportedMech == NULL) { + free_NegTokenResp(&resp); + return (GSS_S_BAD_MECH); + } + + ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1, + sizeof(oidbuf), + resp.supportedMech, + &oidlen); + if (ret || oidlen != GSS_KRB5_MECH->length || + memcmp(oidbuf + sizeof(oidbuf) - oidlen, + GSS_KRB5_MECH->elements, + oidlen) != 0) { + free_NegTokenResp(&resp); + return GSS_S_BAD_MECH; + } + + if (resp.responseToken != NULL) { + sub_token.length = resp.responseToken->length; + sub_token.value = resp.responseToken->data; + } else { + sub_token.length = 0; + sub_token.value = NULL; + } + + ret = gss_init_sec_context(minor_status, + initiator_cred_handle, + context_handle, + target_name, + GSS_KRB5_MECH, + req_flags, + time_req, + input_chan_bindings, + &sub_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); + if (ret) { + free_NegTokenResp(&resp); + return (ret); + } + + /* + * XXXSRA I don't think this limited implementation ever needs + * to check the MIC -- our preferred mechanism (Kerberos) + * authenticates its own messages and is the only mechanism + * we'll accept, so if the mechanism negotiation completes + * successfully, we don't need the MIC. See RFC 4178. + */ + + free_NegTokenResp(&resp); + return (ret); +} + + + +OM_uint32 +gss_init_sec_context_spnego(OM_uint32 *minor_status, + const gss_cred_id_t initiator_cred_handle, + gss_ctx_id_t *context_handle, + const gss_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + /* Dirty trick to suppress compiler warnings */ + + /* Figure out whether we're starting over or processing a reply */ + + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) + return (spnego_initial(minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec)); + else + return (spnego_reply(minor_status, + initiator_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_chan_bindings, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec)); +} + +#endif /* GSSAPI */ diff --git a/contrib/bind-9.5.2/lib/dns/spnego.h b/contrib/bind-9.5.2/lib/dns/spnego.h new file mode 100644 index 0000000000..c44614b43b --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/spnego.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: spnego.h,v 1.4 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file + * \brief + * Entry points into portable SPNEGO implementation. + * See spnego.c for information on the SPNEGO implementation itself. + */ + +#ifndef _SPNEGO_H_ +#define _SPNEGO_H_ + +/*% + * Wrapper for GSSAPI gss_init_sec_context(), using portable SPNEGO + * implementation instead of the one that's part of the GSSAPI + * library. Takes arguments identical to the standard GSSAPI + * function, uses standard gss_init_sec_context() to handle + * everything inside the SPNEGO wrapper. + */ +OM_uint32 +gss_init_sec_context_spnego(OM_uint32 *, + const gss_cred_id_t, + gss_ctx_id_t *, + const gss_name_t, + const gss_OID, + OM_uint32, + OM_uint32, + const gss_channel_bindings_t, + const gss_buffer_t, + gss_OID *, + gss_buffer_t, + OM_uint32 *, + OM_uint32 *); + +/*% + * Wrapper for GSSAPI gss_accept_sec_context(), using portable SPNEGO + * implementation instead of the one that's part of the GSSAPI + * library. Takes arguments identical to the standard GSSAPI + * function. Checks the OID of the input token to see if it's SPNEGO; + * if so, processes it, otherwise hands the call off to the standard + * gss_accept_sec_context() function. + */ +OM_uint32 gss_accept_sec_context_spnego(OM_uint32 *, + gss_ctx_id_t *, + const gss_cred_id_t, + const gss_buffer_t, + const gss_channel_bindings_t, + gss_name_t *, + gss_OID *, + gss_buffer_t, + OM_uint32 *, + OM_uint32 *, + gss_cred_id_t *); + + +#endif diff --git a/contrib/bind-9.5.2/lib/dns/spnego_asn1.c b/contrib/bind-9.5.2/lib/dns/spnego_asn1.c new file mode 100644 index 0000000000..75c2304d8e --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/spnego_asn1.c @@ -0,0 +1,885 @@ +/* + * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: spnego_asn1.c,v 1.4 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file + * \brief Method routines generated from SPNEGO ASN.1 module. + * See spnego_asn1.pl for details. Do not edit. + */ + +/* Generated from spnego.asn1 */ +/* Do not edit */ + +#ifndef __asn1_h__ +#define __asn1_h__ + + +#ifndef __asn1_common_definitions__ +#define __asn1_common_definitions__ + +typedef struct octet_string { + size_t length; + void *data; +} octet_string; + +typedef char *general_string; + +typedef char *utf8_string; + +typedef struct oid { + size_t length; + unsigned *components; +} oid; + +#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \ + do { \ + (BL) = length_##T((S)); \ + (B) = malloc((BL)); \ + if((B) == NULL) { \ + (R) = ENOMEM; \ + } else { \ + (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ + (S), (L)); \ + if((R) != 0) { \ + free((B)); \ + (B) = NULL; \ + } \ + } \ + } while (0) + +#endif + +/* + * MechType ::= OBJECT IDENTIFIER + */ + +typedef oid MechType; + +static int encode_MechType(unsigned char *, size_t, const MechType *, size_t *); +static int decode_MechType(const unsigned char *, size_t, MechType *, size_t *); +static void free_MechType(MechType *); +/* unused declaration: length_MechType */ +/* unused declaration: copy_MechType */ + + +/* + * MechTypeList ::= SEQUENCE OF MechType + */ + +typedef struct MechTypeList { + unsigned int len; + MechType *val; +} MechTypeList; + +static int encode_MechTypeList(unsigned char *, size_t, const MechTypeList *, size_t *); +static int decode_MechTypeList(const unsigned char *, size_t, MechTypeList *, size_t *); +static void free_MechTypeList(MechTypeList *); +/* unused declaration: length_MechTypeList */ +/* unused declaration: copy_MechTypeList */ + + +/* + * ContextFlags ::= BIT STRING { delegFlag(0), mutualFlag(1), replayFlag(2), + * sequenceFlag(3), anonFlag(4), confFlag(5), integFlag(6) } + */ + +typedef struct ContextFlags { + unsigned int delegFlag:1; + unsigned int mutualFlag:1; + unsigned int replayFlag:1; + unsigned int sequenceFlag:1; + unsigned int anonFlag:1; + unsigned int confFlag:1; + unsigned int integFlag:1; +} ContextFlags; + + +static int encode_ContextFlags(unsigned char *, size_t, const ContextFlags *, size_t *); +static int decode_ContextFlags(const unsigned char *, size_t, ContextFlags *, size_t *); +static void free_ContextFlags(ContextFlags *); +/* unused declaration: length_ContextFlags */ +/* unused declaration: copy_ContextFlags */ +/* unused declaration: ContextFlags2int */ +/* unused declaration: int2ContextFlags */ +/* unused declaration: asn1_ContextFlags_units */ + +/* + * NegTokenInit ::= SEQUENCE { mechTypes[0] MechTypeList, reqFlags[1] + * ContextFlags OPTIONAL, mechToken[2] OCTET STRING OPTIONAL, + * mechListMIC[3] OCTET STRING OPTIONAL } + */ + +typedef struct NegTokenInit { + MechTypeList mechTypes; + ContextFlags *reqFlags; + octet_string *mechToken; + octet_string *mechListMIC; +} NegTokenInit; + +static int encode_NegTokenInit(unsigned char *, size_t, const NegTokenInit *, size_t *); +static int decode_NegTokenInit(const unsigned char *, size_t, NegTokenInit *, size_t *); +static void free_NegTokenInit(NegTokenInit *); +/* unused declaration: length_NegTokenInit */ +/* unused declaration: copy_NegTokenInit */ + + +/* + * NegTokenResp ::= SEQUENCE { negState[0] ENUMERATED { + * accept-completed(0), accept-incomplete(1), reject(2), request-mic(3) } + * OPTIONAL, supportedMech[1] MechType OPTIONAL, responseToken[2] OCTET + * STRING OPTIONAL, mechListMIC[3] OCTET STRING OPTIONAL } + */ + +typedef struct NegTokenResp { + enum { + accept_completed = 0, + accept_incomplete = 1, + reject = 2, + request_mic = 3 + } *negState; + + MechType *supportedMech; + octet_string *responseToken; + octet_string *mechListMIC; +} NegTokenResp; + +static int encode_NegTokenResp(unsigned char *, size_t, const NegTokenResp *, size_t *); +static int decode_NegTokenResp(const unsigned char *, size_t, NegTokenResp *, size_t *); +static void free_NegTokenResp(NegTokenResp *); +/* unused declaration: length_NegTokenResp */ +/* unused declaration: copy_NegTokenResp */ + + + + +#endif /* __asn1_h__ */ +/* Generated from spnego.asn1 */ +/* Do not edit */ + + +#define BACK if (e) return e; p -= l; len -= l; ret += l + +static int +encode_MechType(unsigned char *p, size_t len, const MechType * data, size_t * size) +{ + size_t ret = 0; + size_t l; + int i, e; + + i = 0; + e = encode_oid(p, len, data, &l); + BACK; + *size = ret; + return 0; +} + +#define FORW if(e) goto fail; p += l; len -= l; ret += l + +static int +decode_MechType(const unsigned char *p, size_t len, MechType * data, size_t * size) +{ + size_t ret = 0, reallen; + size_t l; + int e; + + memset(data, 0, sizeof(*data)); + reallen = 0; + e = decode_oid(p, len, data, &l); + FORW; + if (size) + *size = ret; + return 0; +fail: + free_MechType(data); + return e; +} + +static void +free_MechType(MechType * data) +{ + free_oid(data); +} + +/* unused function: length_MechType */ + + +/* unused function: copy_MechType */ + +/* Generated from spnego.asn1 */ +/* Do not edit */ + + +#define BACK if (e) return e; p -= l; len -= l; ret += l + +static int +encode_MechTypeList(unsigned char *p, size_t len, const MechTypeList * data, size_t * size) +{ + size_t ret = 0; + size_t l; + int i, e; + + i = 0; + for (i = (data)->len - 1; i >= 0; --i) { + int oldret = ret; + ret = 0; + e = encode_MechType(p, len, &(data)->val[i], &l); + BACK; + ret += oldret; + } + e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l); + BACK; + *size = ret; + return 0; +} + +#define FORW if(e) goto fail; p += l; len -= l; ret += l + +static int +decode_MechTypeList(const unsigned char *p, size_t len, MechTypeList * data, size_t * size) +{ + size_t ret = 0, reallen; + size_t l; + int e; + + memset(data, 0, sizeof(*data)); + reallen = 0; + e = der_match_tag_and_length(p, len, ASN1_C_UNIV, CONS, UT_Sequence, &reallen, &l); + FORW; + if (len < reallen) + return ASN1_OVERRUN; + len = reallen; + { + size_t origlen = len; + int oldret = ret; + ret = 0; + (data)->len = 0; + (data)->val = NULL; + while (ret < origlen) { + (data)->len++; + (data)->val = realloc((data)->val, sizeof(*((data)->val)) * (data)->len); + e = decode_MechType(p, len, &(data)->val[(data)->len - 1], &l); + FORW; + len = origlen - ret; + } + ret += oldret; + } + if (size) + *size = ret; + return 0; +fail: + free_MechTypeList(data); + return e; +} + +static void +free_MechTypeList(MechTypeList * data) +{ + while ((data)->len) { + free_MechType(&(data)->val[(data)->len - 1]); + (data)->len--; + } + free((data)->val); + (data)->val = NULL; +} + +/* unused function: length_MechTypeList */ + + +/* unused function: copy_MechTypeList */ + +/* Generated from spnego.asn1 */ +/* Do not edit */ + + +#define BACK if (e) return e; p -= l; len -= l; ret += l + +static int +encode_ContextFlags(unsigned char *p, size_t len, const ContextFlags * data, size_t * size) +{ + size_t ret = 0; + size_t l; + int i, e; + + i = 0; + { + unsigned char c = 0; + *p-- = c; + len--; + ret++; + c = 0; + *p-- = c; + len--; + ret++; + c = 0; + *p-- = c; + len--; + ret++; + c = 0; + if (data->integFlag) + c |= 1 << 1; + if (data->confFlag) + c |= 1 << 2; + if (data->anonFlag) + c |= 1 << 3; + if (data->sequenceFlag) + c |= 1 << 4; + if (data->replayFlag) + c |= 1 << 5; + if (data->mutualFlag) + c |= 1 << 6; + if (data->delegFlag) + c |= 1 << 7; + *p-- = c; + *p-- = 0; + len -= 2; + ret += 2; + } + + e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, PRIM, UT_BitString, &l); + BACK; + *size = ret; + return 0; +} + +#define FORW if(e) goto fail; p += l; len -= l; ret += l + +static int +decode_ContextFlags(const unsigned char *p, size_t len, ContextFlags * data, size_t * size) +{ + size_t ret = 0, reallen; + size_t l; + int e; + + memset(data, 0, sizeof(*data)); + reallen = 0; + e = der_match_tag_and_length(p, len, ASN1_C_UNIV, PRIM, UT_BitString, &reallen, &l); + FORW; + if (len < reallen) + return ASN1_OVERRUN; + p++; + len--; + reallen--; + ret++; + data->delegFlag = (*p >> 7) & 1; + data->mutualFlag = (*p >> 6) & 1; + data->replayFlag = (*p >> 5) & 1; + data->sequenceFlag = (*p >> 4) & 1; + data->anonFlag = (*p >> 3) & 1; + data->confFlag = (*p >> 2) & 1; + data->integFlag = (*p >> 1) & 1; + p += reallen; + len -= reallen; + ret += reallen; + if (size) + *size = ret; + return 0; +fail: + free_ContextFlags(data); + return e; +} + +static void +free_ContextFlags(ContextFlags * data) +{ + (void)data; +} + +/* unused function: length_ContextFlags */ + + +/* unused function: copy_ContextFlags */ + + +/* unused function: ContextFlags2int */ + + +/* unused function: int2ContextFlags */ + + +/* unused variable: ContextFlags_units */ + +/* unused function: asn1_ContextFlags_units */ + +/* Generated from spnego.asn1 */ +/* Do not edit */ + + +#define BACK if (e) return e; p -= l; len -= l; ret += l + +static int +encode_NegTokenInit(unsigned char *p, size_t len, const NegTokenInit * data, size_t * size) +{ + size_t ret = 0; + size_t l; + int i, e; + + i = 0; + if ((data)->mechListMIC) { + int oldret = ret; + ret = 0; + e = encode_octet_string(p, len, (data)->mechListMIC, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 3, &l); + BACK; + ret += oldret; + } + if ((data)->mechToken) { + int oldret = ret; + ret = 0; + e = encode_octet_string(p, len, (data)->mechToken, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 2, &l); + BACK; + ret += oldret; + } + if ((data)->reqFlags) { + int oldret = ret; + ret = 0; + e = encode_ContextFlags(p, len, (data)->reqFlags, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l); + BACK; + ret += oldret; + } { + int oldret = ret; + ret = 0; + e = encode_MechTypeList(p, len, &(data)->mechTypes, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l); + BACK; + ret += oldret; + } + e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l); + BACK; + *size = ret; + return 0; +} + +#define FORW if(e) goto fail; p += l; len -= l; ret += l + +static int +decode_NegTokenInit(const unsigned char *p, size_t len, NegTokenInit * data, size_t * size) +{ + size_t ret = 0, reallen; + size_t l; + int e; + + memset(data, 0, sizeof(*data)); + reallen = 0; + e = der_match_tag_and_length(p, len, ASN1_C_UNIV, CONS, UT_Sequence, &reallen, &l); + FORW; + { + int dce_fix; + if ((dce_fix = fix_dce(reallen, &len)) < 0) + return ASN1_BAD_FORMAT; + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 0, &l); + if (e) + return e; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + e = decode_MechTypeList(p, len, &(data)->mechTypes, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 1, &l); + if (e) + (data)->reqFlags = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->reqFlags = malloc(sizeof(*(data)->reqFlags)); + if ((data)->reqFlags == NULL) + return ENOMEM; + e = decode_ContextFlags(p, len, (data)->reqFlags, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 2, &l); + if (e) + (data)->mechToken = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->mechToken = malloc(sizeof(*(data)->mechToken)); + if ((data)->mechToken == NULL) + return ENOMEM; + e = decode_octet_string(p, len, (data)->mechToken, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 3, &l); + if (e) + (data)->mechListMIC = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->mechListMIC = malloc(sizeof(*(data)->mechListMIC)); + if ((data)->mechListMIC == NULL) + return ENOMEM; + e = decode_octet_string(p, len, (data)->mechListMIC, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } + } + if (size) + *size = ret; + return 0; +fail: + free_NegTokenInit(data); + return e; +} + +static void +free_NegTokenInit(NegTokenInit * data) +{ + free_MechTypeList(&(data)->mechTypes); + if ((data)->reqFlags) { + free_ContextFlags((data)->reqFlags); + free((data)->reqFlags); + (data)->reqFlags = NULL; + } + if ((data)->mechToken) { + free_octet_string((data)->mechToken); + free((data)->mechToken); + (data)->mechToken = NULL; + } + if ((data)->mechListMIC) { + free_octet_string((data)->mechListMIC); + free((data)->mechListMIC); + (data)->mechListMIC = NULL; + } +} + +/* unused function: length_NegTokenInit */ + + +/* unused function: copy_NegTokenInit */ + +/* Generated from spnego.asn1 */ +/* Do not edit */ + + +#define BACK if (e) return e; p -= l; len -= l; ret += l + +static int +encode_NegTokenResp(unsigned char *p, size_t len, const NegTokenResp * data, size_t * size) +{ + size_t ret = 0; + size_t l; + int i, e; + + i = 0; + if ((data)->mechListMIC) { + int oldret = ret; + ret = 0; + e = encode_octet_string(p, len, (data)->mechListMIC, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 3, &l); + BACK; + ret += oldret; + } + if ((data)->responseToken) { + int oldret = ret; + ret = 0; + e = encode_octet_string(p, len, (data)->responseToken, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 2, &l); + BACK; + ret += oldret; + } + if ((data)->supportedMech) { + int oldret = ret; + ret = 0; + e = encode_MechType(p, len, (data)->supportedMech, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 1, &l); + BACK; + ret += oldret; + } + if ((data)->negState) { + int oldret = ret; + ret = 0; + e = encode_enumerated(p, len, (data)->negState, &l); + BACK; + e = der_put_length_and_tag(p, len, ret, ASN1_C_CONTEXT, CONS, 0, &l); + BACK; + ret += oldret; + } + e = der_put_length_and_tag(p, len, ret, ASN1_C_UNIV, CONS, UT_Sequence, &l); + BACK; + *size = ret; + return 0; +} + +#define FORW if(e) goto fail; p += l; len -= l; ret += l + +static int +decode_NegTokenResp(const unsigned char *p, size_t len, NegTokenResp * data, size_t * size) +{ + size_t ret = 0, reallen; + size_t l; + int e; + + memset(data, 0, sizeof(*data)); + reallen = 0; + e = der_match_tag_and_length(p, len, ASN1_C_UNIV, CONS, UT_Sequence, &reallen, &l); + FORW; + { + int dce_fix; + if ((dce_fix = fix_dce(reallen, &len)) < 0) + return ASN1_BAD_FORMAT; + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 0, &l); + if (e) + (data)->negState = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->negState = malloc(sizeof(*(data)->negState)); + if ((data)->negState == NULL) + return ENOMEM; + e = decode_enumerated(p, len, (data)->negState, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 1, &l); + if (e) + (data)->supportedMech = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->supportedMech = malloc(sizeof(*(data)->supportedMech)); + if ((data)->supportedMech == NULL) + return ENOMEM; + e = decode_MechType(p, len, (data)->supportedMech, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 2, &l); + if (e) + (data)->responseToken = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->responseToken = malloc(sizeof(*(data)->responseToken)); + if ((data)->responseToken == NULL) + return ENOMEM; + e = decode_octet_string(p, len, (data)->responseToken, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + { + size_t newlen, oldlen; + + e = der_match_tag(p, len, ASN1_C_CONTEXT, CONS, 3, &l); + if (e) + (data)->mechListMIC = NULL; + else { + p += l; + len -= l; + ret += l; + e = der_get_length(p, len, &newlen, &l); + FORW; + { + int dce_fix; + oldlen = len; + if ((dce_fix = fix_dce(newlen, &len)) < 0) + return ASN1_BAD_FORMAT; + (data)->mechListMIC = malloc(sizeof(*(data)->mechListMIC)); + if ((data)->mechListMIC == NULL) + return ENOMEM; + e = decode_octet_string(p, len, (data)->mechListMIC, &l); + FORW; + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } else + len = oldlen - newlen; + } + } + } + if (dce_fix) { + e = der_match_tag_and_length(p, len, (Der_class) 0, (Der_type) 0, 0, &reallen, &l); + FORW; + } + } + if (size) + *size = ret; + return 0; +fail: + free_NegTokenResp(data); + return e; +} + +static void +free_NegTokenResp(NegTokenResp * data) +{ + if ((data)->negState) { + free((data)->negState); + (data)->negState = NULL; + } + if ((data)->supportedMech) { + free_MechType((data)->supportedMech); + free((data)->supportedMech); + (data)->supportedMech = NULL; + } + if ((data)->responseToken) { + free_octet_string((data)->responseToken); + free((data)->responseToken); + (data)->responseToken = NULL; + } + if ((data)->mechListMIC) { + free_octet_string((data)->mechListMIC); + free((data)->mechListMIC); + (data)->mechListMIC = NULL; + } +} + +/* unused function: length_NegTokenResp */ + + +/* unused function: copy_NegTokenResp */ + +/* Generated from spnego.asn1 */ +/* Do not edit */ + + +/* CHOICE */ +/* unused variable: asn1_NegotiationToken_dummy_holder */ diff --git a/contrib/bind-9.5.2/lib/dns/spnego_asn1.pl b/contrib/bind-9.5.2/lib/dns/spnego_asn1.pl new file mode 100644 index 0000000000..93dd676752 --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/spnego_asn1.pl @@ -0,0 +1,200 @@ +#!/bin/bin/perl -w +# +# Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: spnego_asn1.pl,v 1.4 2007/06/19 23:47:16 tbox Exp $ + +# Our SPNEGO implementation uses some functions generated by the +# Heimdal ASN.1 compiler, which this script then whacks a bit to make +# them work properly in this stripped down implementation. We don't +# want to require our users to have a copy of the compiler, so we ship +# the output of this script, but we need to keep the script around in +# any case to cope with future changes to the SPNEGO ASN.1 code, so we +# might as well supply the script for users who want it. + +# Overall plan: run the ASN.1 compiler, run each of its output files +# through indent, fix up symbols and whack everything to be static. +# We use indent for two reasons: (1) to whack the Heimdal compiler's +# output into something closer to ISC's coding standard, and (2) to +# make it easier for this script to parse the result. + +# Output from this script is C code which we expect to be #included +# into another C file, which is why everything generated by this +# script is marked "static". The intent is to minimize the number of +# extern symbols exported by the SPNEGO implementation, to avoid +# potential conflicts with the GSSAPI libraries. + +### + +# Filename of the ASN.1 specification. Hardcoded for the moment +# since this script is intended for compiling exactly one module. + +my $asn1_source = $ENV{ASN1_SOURCE} || "spnego.asn1"; + +# Heimdal ASN.1 compiler. This script was written using the version +# from Heimdal 0.7.1. To build this, download a copy of +# heimdal-0.7.1.tar.gz, configure and build with the default options, +# then look for the compiler in heimdal-0.7.1/lib/asn1/asn1_compile. + +my $asn1_compile = $ENV{ASN1_COMPILE} || "asn1_compile"; + +# BSD indent program. This script was written using the version of +# indent that comes with FreeBSD 4.11-STABLE. The GNU project, as +# usual, couldn't resist the temptation to monkey with indent's +# command line syntax, so this probably won't work with GNU indent. + +my $indent = $ENV{INDENT} || "indent"; + +### + +# Step 1: run the compiler. Input is the ASN.1 file. Outputs are a +# header file (name specified on command line without the .h suffix), +# a file called "asn1_files" listing the names of the other output +# files, and a set of files containing C code generated by the +# compiler for each data type that the compiler found. + +if (! -r $asn1_source || system($asn1_compile, $asn1_source, "asn1")) { + die("Couldn't compile ASN.1 source file $asn1_source\n"); +} + +my @files = ("asn1.h"); + +open(F, "asn1_files") + or die("Couldn't open asn1_files: $!\n"); +push(@files, split) + while (); +close(F); + +unlink("asn1_files"); + +### + +# Step 2: generate header block. + +print(q~/* + * Copyright (C) 2006 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: spnego_asn1.pl,v 1.4 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file + * \brief Method routines generated from SPNEGO ASN.1 module. + * See spnego_asn1.pl for details. Do not edit. + */ + +~); + +### + +# Step 3: read and process each generated file, then delete it. + +my $output; + +for my $file (@files) { + + my $is_static = 0; + + system($indent, "-di1", "-ldi1", $file) == 0 + or die("Couldn't indent $file"); + + unlink("$file.BAK"); + + open(F, $file) + or die("Couldn't open $file: $!"); + + while () { + + # Symbol name fixups + + s/heim_general_string/general_string/g; + s/heim_octet_string/octet_string/g; + s/heim_oid/oid/g; + s/heim_utf8_string/utf8_string/g; + + # Convert all externs to statics + + if (/^static/) { + $is_static = 1; + } + + if (!/^typedef/ && + !$is_static && + /^[A-Za-z_][0-9A-Za-z_]*[ \t]*($|[^:0-9A-Za-z_])/) { + $_ = "static " . $_; + $is_static = 1; + } + + if (/[{};]/) { + $is_static = 0; + } + + # Suppress file inclusion, pass anything else through + + if (!/#include/) { + $output .= $_; + } + } + + close(F); + unlink($file); +} + +# Step 4: Delete unused stuff to avoid code bloat and compiler warnings. + +my @unused_functions = qw(ContextFlags2int + int2ContextFlags + asn1_ContextFlags_units + length_NegTokenInit + copy_NegTokenInit + length_NegTokenResp + copy_NegTokenResp + length_MechTypeList + length_MechType + copy_MechTypeList + length_ContextFlags + copy_ContextFlags + copy_MechType); + +$output =~ s<^static [^\n]+\n$_\(.+?^}>ms + foreach (@unused_functions); + +$output =~ s<^static .+$_\(.*\);$>m + foreach (@unused_functions); + +$output =~ s<^static struct units ContextFlags_units\[\].+?^};> + ms; + +$output =~ s<^static int asn1_NegotiationToken_dummy_holder = 1;> + ms; + +$output =~ s<^static void\nfree_ContextFlags\(ContextFlags \* data\)\n{\n> + <$&\t(void)data;\n>ms; + +# Step 5: Write the result. + +print($output); + diff --git a/contrib/bind-9.3/lib/dns/ssu.c b/contrib/bind-9.5.2/lib/dns/ssu.c similarity index 75% rename from contrib/bind-9.3/lib/dns/ssu.c rename to contrib/bind-9.5.2/lib/dns/ssu.c index a9ecdceed3..517945943c 100644 --- a/contrib/bind-9.3/lib/dns/ssu.c +++ b/contrib/bind-9.5.2/lib/dns/ssu.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,8 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/*! \file */ /* - * $Id: ssu.c,v 1.22.206.3 2004/03/08 09:04:32 marka Exp $ + * $Id: ssu.c,v 1.31 2007/06/19 23:47:16 tbox Exp $ * Principal Author: Brian Wellington */ @@ -24,12 +25,16 @@ #include #include +#include #include /* Required for HP/UX (and others?) */ #include +#include #include #include +#include + #define SSUTABLEMAGIC ISC_MAGIC('S', 'S', 'U', 'T') #define VALID_SSUTABLE(table) ISC_MAGIC_VALID(table, SSUTABLEMAGIC) @@ -38,13 +43,13 @@ struct dns_ssurule { unsigned int magic; - isc_boolean_t grant; /* is this a grant or a deny? */ - unsigned int matchtype; /* which type of pattern match? */ - dns_name_t *identity; /* the identity to match */ - dns_name_t *name; /* the name being updated */ - unsigned int ntypes; /* number of data types covered */ - dns_rdatatype_t *types; /* the data types. Can include ANY, */ - /* defaults to all but SIG,SOA,NS if NULL*/ + isc_boolean_t grant; /*%< is this a grant or a deny? */ + unsigned int matchtype; /*%< which type of pattern match? */ + dns_name_t *identity; /*%< the identity to match */ + dns_name_t *name; /*%< the name being updated */ + unsigned int ntypes; /*%< number of data types covered */ + dns_rdatatype_t *types; /*%< the data types. Can include ANY, */ + /*%< defaults to all but SIG,SOA,NS if NULL */ ISC_LINK(dns_ssurule_t) link; }; @@ -160,7 +165,7 @@ dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, REQUIRE(VALID_SSUTABLE(table)); REQUIRE(dns_name_isabsolute(identity)); REQUIRE(dns_name_isabsolute(name)); - REQUIRE(matchtype <= DNS_SSUMATCHTYPE_SELF); + REQUIRE(matchtype <= DNS_SSUMATCHTYPE_MAX); if (matchtype == DNS_SSUMATCHTYPE_WILDCARD) REQUIRE(dns_name_iswildcard(name)); if (ntypes > 0) @@ -208,8 +213,7 @@ dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, goto failure; } memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t)); - } - else + } else rule->types = NULL; rule->magic = SSURULEMAGIC; @@ -249,6 +253,9 @@ dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer, { dns_ssurule_t *rule; unsigned int i; + dns_fixedname_t fixed; + dns_name_t *wildcard; + isc_result_t result; REQUIRE(VALID_SSUTABLE(table)); REQUIRE(signer == NULL || dns_name_isabsolute(signer)); @@ -256,44 +263,91 @@ dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer, if (signer == NULL) return (ISC_FALSE); - rule = ISC_LIST_HEAD(table->rules); - rule = ISC_LIST_NEXT(rule, link); + for (rule = ISC_LIST_HEAD(table->rules); rule != NULL; rule = ISC_LIST_NEXT(rule, link)) { - if (dns_name_iswildcard(rule->identity)) { - if (!dns_name_matcheswildcard(signer, rule->identity)) - continue; - } - else { - if (!dns_name_equal(signer, rule->identity)) - continue; + switch (rule->matchtype) { + case DNS_SSUMATCHTYPE_NAME: + case DNS_SSUMATCHTYPE_SUBDOMAIN: + case DNS_SSUMATCHTYPE_WILDCARD: + case DNS_SSUMATCHTYPE_SELF: + case DNS_SSUMATCHTYPE_SELFSUB: + case DNS_SSUMATCHTYPE_SELFWILD: + if (dns_name_iswildcard(rule->identity)) { + if (!dns_name_matcheswildcard(signer, + rule->identity)) + continue; + } + else { + if (!dns_name_equal(signer, rule->identity)) + continue; + } + break; } - if (rule->matchtype == DNS_SSUMATCHTYPE_NAME) { + switch (rule->matchtype) { + case DNS_SSUMATCHTYPE_NAME: if (!dns_name_equal(name, rule->name)) continue; - } - else if (rule->matchtype == DNS_SSUMATCHTYPE_SUBDOMAIN) { + break; + case DNS_SSUMATCHTYPE_SUBDOMAIN: if (!dns_name_issubdomain(name, rule->name)) continue; - } - else if (rule->matchtype == DNS_SSUMATCHTYPE_WILDCARD) { + break; + case DNS_SSUMATCHTYPE_WILDCARD: if (!dns_name_matcheswildcard(name, rule->name)) continue; - - } - else if (rule->matchtype == DNS_SSUMATCHTYPE_SELF) { + break; + case DNS_SSUMATCHTYPE_SELF: if (!dns_name_equal(signer, name)) continue; + break; + case DNS_SSUMATCHTYPE_SELFSUB: + if (!dns_name_issubdomain(name, signer)) + continue; + break; + case DNS_SSUMATCHTYPE_SELFWILD: + dns_fixedname_init(&fixed); + wildcard = dns_fixedname_name(&fixed); + result = dns_name_concatenate(dns_wildcardname, signer, + wildcard, NULL); + if (result != ISC_R_SUCCESS) + continue; + if (!dns_name_matcheswildcard(name, wildcard)) + continue; + break; + case DNS_SSUMATCHTYPE_SELFKRB5: + if (!dst_gssapi_identitymatchesrealmkrb5(signer, name, + rule->identity)) + continue; + break; + case DNS_SSUMATCHTYPE_SELFMS: + if (!dst_gssapi_identitymatchesrealmms(signer, name, + rule->identity)) + continue; + break; + case DNS_SSUMATCHTYPE_SUBDOMAINKRB5: + if (!dns_name_issubdomain(name, rule->name)) + continue; + if (!dst_gssapi_identitymatchesrealmkrb5(signer, NULL, + rule->identity)) + continue; + break; + case DNS_SSUMATCHTYPE_SUBDOMAINMS: + if (!dns_name_issubdomain(name, rule->name)) + continue; + if (!dst_gssapi_identitymatchesrealmms(signer, NULL, + rule->identity)) + continue; + break; } if (rule->ntypes == 0) { if (!isusertype(type)) continue; - } - else { + } else { for (i = 0; i < rule->ntypes; i++) { if (rule->types[i] == dns_rdatatype_any || rule->types[i] == type) diff --git a/contrib/bind-9.5.2/lib/dns/stats.c b/contrib/bind-9.5.2/lib/dns/stats.c new file mode 100644 index 0000000000..fa5372b74f --- /dev/null +++ b/contrib/bind-9.5.2/lib/dns/stats.c @@ -0,0 +1,404 @@ +/* + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: stats.c,v 1.12.128.6 2009/01/29 23:47:13 tbox Exp $ */ + +/*! \file */ + +#include + +#include +#include +#include +#include + +#include +#include +#include + +#define DNS_STATS_MAGIC ISC_MAGIC('D', 's', 't', 't') +#define DNS_STATS_VALID(x) ISC_MAGIC_VALID(x, DNS_STATS_MAGIC) + +/*% + * Statistics types. + */ +typedef enum { + dns_statstype_general = 0, + dns_statstype_rdtype = 1, + dns_statstype_rdataset = 2, + dns_statstype_opcode = 3 +} dns_statstype_t; + +/*% + * It doesn't make sense to have 2^16 counters for all possible types since + * most of them won't be used. We have counters for the first 256 types and + * those explicitly supported in the rdata implementation. + * XXXJT: this introduces tight coupling with the rdata implementation. + * Ideally, we should have rdata handle this type of details. + */ +enum { + /* For 0-255, we use the rdtype value as counter indices */ + rdtypecounter_dlv = 256, /* for dns_rdatatype_dlv */ + rdtypecounter_others = 257, /* anything else */ + rdtypecounter_max = 258, + /* The following are used for rdataset */ + rdtypenxcounter_max = rdtypecounter_max * 2, + rdtypecounter_nxdomain = rdtypenxcounter_max, + rdatasettypecounter_max = rdtypecounter_nxdomain + 1 +}; + +struct dns_stats { + /*% Unlocked */ + unsigned int magic; + dns_statstype_t type; + isc_mem_t *mctx; + isc_mutex_t lock; + isc_stats_t *counters; + + /*% Locked by lock */ + unsigned int references; +}; + +typedef struct rdatadumparg { + dns_rdatatypestats_dumper_t fn; + void *arg; +} rdatadumparg_t; + +typedef struct opcodedumparg { + dns_opcodestats_dumper_t fn; + void *arg; +} opcodedumparg_t; + +void +dns_stats_attach(dns_stats_t *stats, dns_stats_t **statsp) { + REQUIRE(DNS_STATS_VALID(stats)); + REQUIRE(statsp != NULL && *statsp == NULL); + + LOCK(&stats->lock); + stats->references++; + UNLOCK(&stats->lock); + + *statsp = stats; +} + +void +dns_stats_detach(dns_stats_t **statsp) { + dns_stats_t *stats; + + REQUIRE(statsp != NULL && DNS_STATS_VALID(*statsp)); + + stats = *statsp; + *statsp = NULL; + + LOCK(&stats->lock); + stats->references--; + UNLOCK(&stats->lock); + + if (stats->references == 0) { + isc_stats_detach(&stats->counters); + DESTROYLOCK(&stats->lock); + isc_mem_putanddetach(&stats->mctx, stats, sizeof(*stats)); + } +} + +/*% + * Create methods + */ +static isc_result_t +create_stats(isc_mem_t *mctx, dns_statstype_t type, int ncounters, + dns_stats_t **statsp) +{ + dns_stats_t *stats; + isc_result_t result; + + stats = isc_mem_get(mctx, sizeof(*stats)); + if (stats == NULL) + return (ISC_R_NOMEMORY); + + stats->counters = NULL; + stats->references = 1; + + result = isc_mutex_init(&stats->lock); + if (result != ISC_R_SUCCESS) + goto clean_stats; + + result = isc_stats_create(mctx, &stats->counters, ncounters); + if (result != ISC_R_SUCCESS) + goto clean_mutex; + + stats->magic = DNS_STATS_MAGIC; + stats->type = type; + stats->mctx = NULL; + isc_mem_attach(mctx, &stats->mctx); + *statsp = stats; + + return (ISC_R_SUCCESS); + + clean_mutex: + DESTROYLOCK(&stats->lock); + clean_stats: + isc_mem_put(mctx, stats, sizeof(*stats)); + + return (result); +} + +isc_result_t +dns_generalstats_create(isc_mem_t *mctx, dns_stats_t **statsp, int ncounters) { + REQUIRE(statsp != NULL && *statsp == NULL); + + return (create_stats(mctx, dns_statstype_general, ncounters, statsp)); +} + +isc_result_t +dns_rdatatypestats_create(isc_mem_t *mctx, dns_stats_t **statsp) { + REQUIRE(statsp != NULL && *statsp == NULL); + + return (create_stats(mctx, dns_statstype_rdtype, rdtypecounter_max, + statsp)); +} + +isc_result_t +dns_rdatasetstats_create(isc_mem_t *mctx, dns_stats_t **statsp) { + REQUIRE(statsp != NULL && *statsp == NULL); + + return (create_stats(mctx, dns_statstype_rdataset, + (rdtypecounter_max * 2) + 1, statsp)); +} + +isc_result_t +dns_opcodestats_create(isc_mem_t *mctx, dns_stats_t **statsp) { + REQUIRE(statsp != NULL && *statsp == NULL); + + return (create_stats(mctx, dns_statstype_opcode, 16, statsp)); +} + +/*% + * Increment/Decrement methods + */ +void +dns_generalstats_increment(dns_stats_t *stats, isc_statscounter_t counter) { + REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_general); + + isc_stats_increment(stats->counters, counter); +} + +void +dns_rdatatypestats_increment(dns_stats_t *stats, dns_rdatatype_t type) { + int counter; + + REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_rdtype); + + if (type == dns_rdatatype_dlv) + counter = rdtypecounter_dlv; + else if (type > dns_rdatatype_any) + counter = rdtypecounter_others; + else + counter = (int)type; + + isc_stats_increment(stats->counters, (isc_statscounter_t)counter); +} + +static inline void +update_rdatasetstats(dns_stats_t *stats, dns_rdatastatstype_t rrsettype, + isc_boolean_t increment) +{ + int counter; + dns_rdatatype_t rdtype; + + if ((DNS_RDATASTATSTYPE_ATTR(rrsettype) & + DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) != 0) { + counter = rdtypecounter_nxdomain; + } else { + rdtype = DNS_RDATASTATSTYPE_BASE(rrsettype); + if (rdtype == dns_rdatatype_dlv) + counter = (int)rdtypecounter_dlv; + else if (rdtype > dns_rdatatype_any) + counter = (int)rdtypecounter_others; + else + counter = (int)rdtype; + + if ((DNS_RDATASTATSTYPE_ATTR(rrsettype) & + DNS_RDATASTATSTYPE_ATTR_NXRRSET) != 0) + counter += rdtypecounter_max; + } + + if (increment) + isc_stats_increment(stats->counters, counter); + else + isc_stats_decrement(stats->counters, counter); +} + +void +dns_rdatasetstats_increment(dns_stats_t *stats, dns_rdatastatstype_t rrsettype) +{ + REQUIRE(DNS_STATS_VALID(stats) && + stats->type == dns_statstype_rdataset); + + update_rdatasetstats(stats, rrsettype, ISC_TRUE); +} + +void +dns_rdatasetstats_decrement(dns_stats_t *stats, dns_rdatastatstype_t rrsettype) +{ + REQUIRE(DNS_STATS_VALID(stats) && + stats->type == dns_statstype_rdataset); + + update_rdatasetstats(stats, rrsettype, ISC_FALSE); +} +void +dns_opcodestats_increment(dns_stats_t *stats, dns_opcode_t code) { + REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_opcode); + + isc_stats_increment(stats->counters, (isc_statscounter_t)code); +} + +/*% + * Dump methods + */ +void +dns_generalstats_dump(dns_stats_t *stats, dns_generalstats_dumper_t dump_fn, + void *arg, unsigned int options) +{ + REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_general); + + isc_stats_dump(stats->counters, (isc_stats_dumper_t)dump_fn, + arg, options); +} + +static void +dump_rdentry(int rdcounter, isc_uint64_t value, dns_rdatastatstype_t attributes, + dns_rdatatypestats_dumper_t dump_fn, void * arg) +{ + dns_rdatatype_t rdtype = dns_rdatatype_none; /* sentinel */ + dns_rdatastatstype_t type; + + if (rdcounter == rdtypecounter_others) + attributes |= DNS_RDATASTATSTYPE_ATTR_OTHERTYPE; + else { + if (rdcounter == rdtypecounter_dlv) + rdtype = dns_rdatatype_dlv; + else + rdtype = (dns_rdatatype_t)rdcounter; + } + type = DNS_RDATASTATSTYPE_VALUE((dns_rdatastatstype_t)rdtype, + attributes); + dump_fn(type, value, arg); +} + +static void +rdatatype_dumpcb(isc_statscounter_t counter, isc_uint64_t value, void *arg) { + rdatadumparg_t *rdatadumparg = arg; + + dump_rdentry(counter, value, 0, rdatadumparg->fn, rdatadumparg->arg); +} + +void +dns_rdatatypestats_dump(dns_stats_t *stats, dns_rdatatypestats_dumper_t dump_fn, + void *arg0, unsigned int options) +{ + rdatadumparg_t arg; + REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_rdtype); + + arg.fn = dump_fn; + arg.arg = arg0; + isc_stats_dump(stats->counters, rdatatype_dumpcb, &arg, options); +} + +static void +rdataset_dumpcb(isc_statscounter_t counter, isc_uint64_t value, void *arg) { + rdatadumparg_t *rdatadumparg = arg; + + if (counter < rdtypecounter_max) { + dump_rdentry(counter, value, 0, rdatadumparg->fn, + rdatadumparg->arg); + } else if (counter < rdtypenxcounter_max) { + dump_rdentry(counter - rdtypecounter_max, value, + DNS_RDATASTATSTYPE_ATTR_NXRRSET, + rdatadumparg->fn, rdatadumparg->arg); + } else { + dump_rdentry(0, value, DNS_RDATASTATSTYPE_ATTR_NXDOMAIN, + rdatadumparg->fn, rdatadumparg->arg); + } +} + +void +dns_rdatasetstats_dump(dns_stats_t *stats, dns_rdatatypestats_dumper_t dump_fn, + void *arg0, unsigned int options) +{ + rdatadumparg_t arg; + + REQUIRE(DNS_STATS_VALID(stats) && + stats->type == dns_statstype_rdataset); + + arg.fn = dump_fn; + arg.arg = arg0; + isc_stats_dump(stats->counters, rdataset_dumpcb, &arg, options); +} + +static void +opcode_dumpcb(isc_statscounter_t counter, isc_uint64_t value, void *arg) { + opcodedumparg_t *opcodearg = arg; + + opcodearg->fn((dns_opcode_t)counter, value, opcodearg->arg); +} + +void +dns_opcodestats_dump(dns_stats_t *stats, dns_opcodestats_dumper_t dump_fn, + void *arg0, unsigned int options) +{ + opcodedumparg_t arg; + + REQUIRE(DNS_STATS_VALID(stats) && stats->type == dns_statstype_opcode); + + arg.fn = dump_fn; + arg.arg = arg0; + isc_stats_dump(stats->counters, opcode_dumpcb, &arg, options); +} + +/*** + *** Obsolete variables and functions follow: + ***/ +LIBDNS_EXTERNAL_DATA const char *dns_statscounter_names[DNS_STATS_NCOUNTERS] = + { + "success", + "referral", + "nxrrset", + "nxdomain", + "recursion", + "failure", + "duplicate", + "dropped" + }; + +isc_result_t +dns_stats_alloccounters(isc_mem_t *mctx, isc_uint64_t **ctrp) { + int i; + isc_uint64_t *p = + isc_mem_get(mctx, DNS_STATS_NCOUNTERS * sizeof(isc_uint64_t)); + if (p == NULL) + return (ISC_R_NOMEMORY); + for (i = 0; i < DNS_STATS_NCOUNTERS; i++) + p[i] = 0; + *ctrp = p; + return (ISC_R_SUCCESS); +} + +void +dns_stats_freecounters(isc_mem_t *mctx, isc_uint64_t **ctrp) { + isc_mem_put(mctx, *ctrp, DNS_STATS_NCOUNTERS * sizeof(isc_uint64_t)); + *ctrp = NULL; +} diff --git a/contrib/bind-9.3/lib/dns/tcpmsg.c b/contrib/bind-9.5.2/lib/dns/tcpmsg.c similarity index 96% rename from contrib/bind-9.3/lib/dns/tcpmsg.c rename to contrib/bind-9.5.2/lib/dns/tcpmsg.c index a0fddcde12..49add56f37 100644 --- a/contrib/bind-9.3/lib/dns/tcpmsg.c +++ b/contrib/bind-9.5.2/lib/dns/tcpmsg.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tcpmsg.c,v 1.24.206.3 2006/08/10 23:59:28 marka Exp $ */ +/* $Id: tcpmsg.c,v 1.31 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/time.c b/contrib/bind-9.5.2/lib/dns/time.c similarity index 94% rename from contrib/bind-9.3/lib/dns/time.c rename to contrib/bind-9.5.2/lib/dns/time.c index 770f021a77..9017639391 100644 --- a/contrib/bind-9.3/lib/dns/time.c +++ b/contrib/bind-9.5.2/lib/dns/time.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.c,v 1.18.2.4.2.8 2004/08/28 06:25:20 marka Exp $ */ +/* $Id: time.c,v 1.31.128.2 2009/01/19 23:47:02 tbox Exp $ */ + +/*! \file */ #include @@ -143,7 +145,7 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { RANGE(0, 60, second); /* 60 == leap second. */ /* - * Calulate seconds since epoch. + * Calculate seconds since epoch. */ value = second + (60 * minute) + (3600 * hour) + ((day - 1) * 86400); for (i = 0; i < (month - 1); i++) diff --git a/contrib/bind-9.3/lib/dns/timer.c b/contrib/bind-9.5.2/lib/dns/timer.c similarity index 88% rename from contrib/bind-9.3/lib/dns/timer.c rename to contrib/bind-9.5.2/lib/dns/timer.c index b364f54cbe..39e45514ea 100644 --- a/contrib/bind-9.3/lib/dns/timer.c +++ b/contrib/bind-9.5.2/lib/dns/timer.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.c,v 1.2.206.1 2004/03/06 08:13:46 marka Exp $ */ +/* $Id: timer.c,v 1.7 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/tkey.c b/contrib/bind-9.5.2/lib/dns/tkey.c similarity index 80% rename from contrib/bind-9.3/lib/dns/tkey.c rename to contrib/bind-9.5.2/lib/dns/tkey.c index ca793d2b94..f94b3ae0b2 100644 --- a/contrib/bind-9.3/lib/dns/tkey.c +++ b/contrib/bind-9.5.2/lib/dns/tkey.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,9 +16,9 @@ */ /* - * $Id: tkey.c,v 1.71.2.1.10.9 2006/01/04 23:50:20 marka Exp $ + * $Id: tkey.c,v 1.87.2.3 2008/04/03 00:47:46 marka Exp $ */ - +/*! \file */ #include #include @@ -66,6 +66,20 @@ tkey_log(const char *fmt, ...) { va_end(ap); } +static void +_dns_tkey_dumpmessage(dns_message_t *msg) { + isc_buffer_t outbuf; + unsigned char output[4096]; + isc_result_t result; + + isc_buffer_init(&outbuf, output, sizeof(output)); + result = dns_message_totext(msg, &dns_master_style_debug, 0, + &outbuf); + /* XXXMLG ignore result */ + fprintf(stderr, "%.*s\n", (int)isc_buffer_usedlength(&outbuf), + (char *)isc_buffer_base(&outbuf)); +} + isc_result_t dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp) { @@ -107,6 +121,8 @@ dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp) { dns_name_free(tctx->domain, mctx); isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t)); } + if (tctx->gsscred != NULL) + dst_gssapi_releasecred(&tctx->gsscred); isc_entropy_detach(&tctx->ectx); isc_mem_put(mctx, tctx, sizeof(dns_tkeyctx_t)); isc_mem_detach(&mctx); @@ -280,8 +296,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, */ for (result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL); result == ISC_R_SUCCESS && !found_key; - result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL)) - { + result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL)) { keyname = NULL; dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, &keyname); keyset = NULL; @@ -292,8 +307,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, for (result = dns_rdataset_first(keyset); result == ISC_R_SUCCESS && !found_key; - result = dns_rdataset_next(keyset)) - { + result = dns_rdataset_next(keyset)) { dns_rdataset_current(keyset, &keyrdata); pubkey = NULL; result = dns_dnssec_keyfromrdata(keyname, &keyrdata, @@ -379,7 +393,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, isc_buffer_base(&secret), isc_buffer_usedlength(&secret), ISC_TRUE, signer, tkeyin->inception, - tkeyin->expire, msg->mctx, ring, NULL)); + tkeyin->expire, ring->mctx, ring, NULL)); /* This key is good for a long time */ tkeyout->inception = tkeyin->inception; @@ -410,13 +424,15 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, { isc_result_t result = ISC_R_SUCCESS; dst_key_t *dstkey = NULL; - void *gssctx = NULL; + dns_tsigkey_t *tsigkey = NULL; + dns_fixedname_t principal; isc_stdtime_t now; isc_region_t intoken; - unsigned char array[1024]; - isc_buffer_t outtoken; + isc_buffer_t *outtoken = NULL; + gss_ctx_id_t gss_ctx = NULL; UNUSED(namelist); + UNUSED(signer); if (tctx->gsscred == NULL) return (ISC_R_NOPERM); @@ -424,55 +440,95 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_GSSAPI_NAME) && !dns_name_equal(&tkeyin->algorithm, DNS_TSIG_GSSAPIMS_NAME)) { tkeyout->error = dns_tsigerror_badalg; + tkey_log("process_gsstkey(): dns_tsigerror_badalg"); /* XXXSRA */ return (ISC_R_SUCCESS); } + /* + * XXXDCL need to check for key expiry per 4.1.1 + * XXXDCL need a way to check fully established, perhaps w/key_flags + */ + intoken.base = tkeyin->key; intoken.length = tkeyin->keylen; - isc_buffer_init(&outtoken, array, sizeof(array)); - RETERR(dst_gssapi_acceptctx(name, tctx->gsscred, &intoken, - &outtoken, &gssctx)); + result = dns_tsigkey_find(&tsigkey, name, &tkeyin->algorithm, ring); + if (result == ISC_R_SUCCESS) + gss_ctx = dst_key_getgssctx(tsigkey->key); - dstkey = NULL; - RETERR(dst_key_fromgssapi(name, gssctx, msg->mctx, &dstkey)); - result = dns_tsigkey_createfromkey(name, &tkeyin->algorithm, - dstkey, ISC_TRUE, signer, - tkeyin->inception, tkeyin->expire, - msg->mctx, ring, NULL); -#if 1 - if (result != ISC_R_SUCCESS) - goto failure; -#else - if (result == ISC_R_NOTFOUND) { - tkeyout->error = dns_tsigerror_badalg; + dns_fixedname_init(&principal); + + result = dst_gssapi_acceptctx(tctx->gsscred, &intoken, + &outtoken, &gss_ctx, + dns_fixedname_name(&principal), + tctx->mctx); + + if (tsigkey != NULL) + dns_tsigkey_detach(&tsigkey); + + if (result == DNS_R_INVALIDTKEY) { + tkeyout->error = dns_tsigerror_badkey; + tkey_log("process_gsstkey(): dns_tsigerror_badkey"); /* XXXSRA */ return (ISC_R_SUCCESS); - } - if (result != ISC_R_SUCCESS) + } else if (result == ISC_R_FAILURE) goto failure; -#endif + ENSURE(result == DNS_R_CONTINUE || result == ISC_R_SUCCESS); + /* + * XXXDCL Section 4.1.3: Limit GSS_S_CONTINUE_NEEDED to 10 times. + */ + + if (tsigkey == NULL) { + RETERR(dst_key_fromgssapi(name, gss_ctx, msg->mctx, &dstkey)); + RETERR(dns_tsigkey_createfromkey(name, &tkeyin->algorithm, + dstkey, ISC_TRUE, + dns_fixedname_name(&principal), + tkeyin->inception, + tkeyin->expire, + ring->mctx, ring, NULL)); + } - /* This key is good for a long time */ isc_stdtime_get(&now); tkeyout->inception = tkeyin->inception; tkeyout->expire = tkeyin->expire; - tkeyout->key = isc_mem_get(msg->mctx, - isc_buffer_usedlength(&outtoken)); - if (tkeyout->key == NULL) { - result = ISC_R_NOMEMORY; - goto failure; + if (outtoken) { + tkeyout->key = isc_mem_get(tkeyout->mctx, + isc_buffer_usedlength(outtoken)); + if (tkeyout->key == NULL) { + result = ISC_R_NOMEMORY; + goto failure; + } + tkeyout->keylen = isc_buffer_usedlength(outtoken); + memcpy(tkeyout->key, isc_buffer_base(outtoken), + isc_buffer_usedlength(outtoken)); + isc_buffer_free(&outtoken); + } else { + tkeyout->key = isc_mem_get(tkeyout->mctx, tkeyin->keylen); + if (tkeyout->key == NULL) { + result = ISC_R_NOMEMORY; + goto failure; + } + tkeyout->keylen = tkeyin->keylen; + memcpy(tkeyout->key, tkeyin->key, tkeyin->keylen); } - tkeyout->keylen = isc_buffer_usedlength(&outtoken); - memcpy(tkeyout->key, isc_buffer_base(&outtoken), tkeyout->keylen); + + tkeyout->error = dns_rcode_noerror; + + tkey_log("process_gsstkey(): dns_tsigerror_noerror"); /* XXXSRA */ return (ISC_R_SUCCESS); - failure: +failure: if (dstkey != NULL) dst_key_free(&dstkey); + if (outtoken != NULL) + isc_buffer_free(&outtoken); + + tkey_log("process_gsstkey(): %s", + isc_result_totext(result)); /* XXXSRA */ + return (result); } @@ -564,8 +620,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, */ if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname, dns_rdatatype_tkey, 0, &name, - &tkeyset) != ISC_R_SUCCESS) - { + &tkeyset) != ISC_R_SUCCESS) { result = DNS_R_FORMERR; tkey_log("dns_tkey_processquery: couldn't find a TKEY " "matching the question"); @@ -632,7 +687,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, if (tkeyin.mode != DNS_TKEYMODE_DELETE) { dns_tsigkey_t *tsigkey = NULL; - if (tctx->domain == NULL) { + if (tctx->domain == NULL && tkeyin.mode != DNS_TKEYMODE_GSSAPI) { tkey_log("dns_tkey_processquery: tkey-domain not set"); result = DNS_R_REFUSED; goto failure; @@ -674,12 +729,22 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, if (result != ISC_R_SUCCESS) goto failure; } - result = dns_name_concatenate(keyname, tctx->domain, - keyname, NULL); - if (result != ISC_R_SUCCESS) - goto failure; + + if (tkeyin.mode == DNS_TKEYMODE_GSSAPI) { + /* Yup. This is a hack */ + result = dns_name_concatenate(keyname, dns_rootname, + keyname, NULL); + if (result != ISC_R_SUCCESS) + goto failure; + } else { + result = dns_name_concatenate(keyname, tctx->domain, + keyname, NULL); + if (result != ISC_R_SUCCESS) + goto failure; + } result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring); + if (result == ISC_R_SUCCESS) { tkeyout.error = dns_tsigerror_badname; dns_tsigkey_detach(&tsigkey); @@ -701,6 +766,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, RETERR(process_gsstkey(msg, signer, keyname, &tkeyin, tctx, &tkeyout, ring, &namelist)); + break; case DNS_TKEYMODE_DELETE: tkeyout.error = dns_rcode_noerror; @@ -729,9 +795,9 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, } if (tkeyout.key != NULL) - isc_mem_put(msg->mctx, tkeyout.key, tkeyout.keylen); + isc_mem_put(tkeyout.mctx, tkeyout.key, tkeyout.keylen); if (tkeyout.other != NULL) - isc_mem_put(msg->mctx, tkeyout.other, tkeyout.otherlen); + isc_mem_put(tkeyout.mctx, tkeyout.other, tkeyout.otherlen); if (result != ISC_R_SUCCESS) goto failure; @@ -759,7 +825,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx, static isc_result_t buildquery(dns_message_t *msg, dns_name_t *name, - dns_rdata_tkey_t *tkey) + dns_rdata_tkey_t *tkey, isc_boolean_t win2k) { dns_name_t *qname = NULL, *aname = NULL; dns_rdataset_t *question = NULL, *tkeyset = NULL; @@ -780,8 +846,9 @@ buildquery(dns_message_t *msg, dns_name_t *name, dns_rdataset_makequestion(question, dns_rdataclass_any, dns_rdatatype_tkey); - RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 512)); + RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 4096)); RETERR(dns_message_gettemprdata(msg, &rdata)); + RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any, dns_rdatatype_tkey, tkey, dynbuf)); dns_message_takebuffer(msg, &dynbuf); @@ -808,7 +875,15 @@ buildquery(dns_message_t *msg, dns_name_t *name, ISC_LIST_APPEND(aname->list, tkeyset, link); dns_message_addname(msg, qname, DNS_SECTION_QUESTION); - dns_message_addname(msg, aname, DNS_SECTION_ADDITIONAL); + + /* + * Windows 2000 needs this in the answer section, not the additional + * section where the RFC specifies. + */ + if (win2k) + dns_message_addname(msg, aname, DNS_SECTION_ANSWER); + else + dns_message_addname(msg, aname, DNS_SECTION_ADDITIONAL); return (ISC_R_SUCCESS); @@ -823,6 +898,7 @@ buildquery(dns_message_t *msg, dns_name_t *name, } if (dynbuf != NULL) isc_buffer_free(&dynbuf); + printf("buildquery error\n"); return (result); } @@ -869,7 +945,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, tkey.other = NULL; tkey.otherlen = 0; - RETERR(buildquery(msg, name, &tkey)); + RETERR(buildquery(msg, name, &tkey, ISC_FALSE)); if (nonce == NULL) isc_mem_put(msg->mctx, r.base, 0); @@ -900,23 +976,25 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, } isc_result_t -dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, - dns_name_t *gname, void *cred, - isc_uint32_t lifetime, void **context) +dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname, + isc_buffer_t *intoken, isc_uint32_t lifetime, + gss_ctx_id_t *context, isc_boolean_t win2k) { dns_rdata_tkey_t tkey; isc_result_t result; isc_stdtime_t now; isc_buffer_t token; - unsigned char array[1024]; + unsigned char array[4096]; + + UNUSED(intoken); REQUIRE(msg != NULL); REQUIRE(name != NULL); REQUIRE(gname != NULL); - REQUIRE(context != NULL && *context == NULL); + REQUIRE(context != NULL); isc_buffer_init(&token, array, sizeof(array)); - result = dst_gssapi_initctx(gname, cred, NULL, &token, context); + result = dst_gssapi_initctx(gname, NULL, &token, context); if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) return (result); @@ -925,7 +1003,12 @@ dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, ISC_LINK_INIT(&tkey.common, link); tkey.mctx = NULL; dns_name_init(&tkey.algorithm, NULL); - dns_name_clone(DNS_TSIG_GSSAPI_NAME, &tkey.algorithm); + + if (win2k) + dns_name_clone(DNS_TSIG_GSSAPIMS_NAME, &tkey.algorithm); + else + dns_name_clone(DNS_TSIG_GSSAPI_NAME, &tkey.algorithm); + isc_stdtime_get(&now); tkey.inception = now; tkey.expire = now + lifetime; @@ -936,7 +1019,7 @@ dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, tkey.other = NULL; tkey.otherlen = 0; - RETERR(buildquery(msg, name, &tkey)); + RETERR(buildquery(msg, name, &tkey, win2k)); return (ISC_R_SUCCESS); @@ -963,7 +1046,7 @@ dns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key) { tkey.keylen = tkey.otherlen = 0; tkey.key = tkey.other = NULL; - return (buildquery(msg, &key->name, &tkey)); + return (buildquery(msg, &key->name, &tkey, ISC_FALSE)); } static isc_result_t @@ -1034,10 +1117,9 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, rtkey.mode != DNS_TKEYMODE_DIFFIEHELLMAN || rtkey.mode != qtkey.mode || !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm) || - rmsg->rcode != dns_rcode_noerror) - { + rmsg->rcode != dns_rcode_noerror) { tkey_log("dns_tkey_processdhresponse: tkey mode invalid " - "or error set"); + "or error set(1)"); result = DNS_R_INVALIDTKEY; dns_rdata_freestruct(&qtkey); goto failure; @@ -1127,18 +1209,19 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, isc_result_t dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, - dns_name_t *gname, void *cred, void **context, - dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring) + dns_name_t *gname, gss_ctx_id_t *context, + isc_buffer_t *outtoken, dns_tsigkey_t **outkey, + dns_tsig_keyring_t *ring) { dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT; dns_name_t *tkeyname; dns_rdata_tkey_t rtkey, qtkey; - isc_buffer_t outtoken; dst_key_t *dstkey = NULL; - isc_region_t r; + isc_buffer_t intoken; isc_result_t result; unsigned char array[1024]; + REQUIRE(outtoken != NULL); REQUIRE(qmsg != NULL); REQUIRE(rmsg != NULL); REQUIRE(gname != NULL); @@ -1150,38 +1233,52 @@ dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); - RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, - DNS_SECTION_ADDITIONAL)); + /* + * Win2k puts the item in the ANSWER section, while the RFC + * specifies it should be in the ADDITIONAL section. Check first + * where it should be, and then where it may be. + */ + result = find_tkey(qmsg, &tkeyname, &qtkeyrdata, + DNS_SECTION_ADDITIONAL); + if (result == ISC_R_NOTFOUND) + result = find_tkey(qmsg, &tkeyname, &qtkeyrdata, + DNS_SECTION_ANSWER); + if (result != ISC_R_SUCCESS) + goto failure; + RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); if (rtkey.error != dns_rcode_noerror || rtkey.mode != DNS_TKEYMODE_GSSAPI || - !dns_name_equal(&rtkey.algorithm, &rtkey.algorithm)) - { - tkey_log("dns_tkey_processdhresponse: tkey mode invalid " - "or error set"); + !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm)) { + tkey_log("dns_tkey_processgssresponse: tkey mode invalid " + "or error set(2) %d", rtkey.error); + _dns_tkey_dumpmessage(qmsg); + _dns_tkey_dumpmessage(rmsg); result = DNS_R_INVALIDTKEY; goto failure; } - isc_buffer_init(&outtoken, array, sizeof(array)); - r.base = rtkey.key; - r.length = rtkey.keylen; - RETERR(dst_gssapi_initctx(gname, cred, &r, &outtoken, context)); + isc_buffer_init(outtoken, array, sizeof(array)); + isc_buffer_init(&intoken, rtkey.key, rtkey.keylen); + RETERR(dst_gssapi_initctx(gname, &intoken, outtoken, context)); dstkey = NULL; RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, &dstkey)); RETERR(dns_tsigkey_createfromkey(tkeyname, DNS_TSIG_GSSAPI_NAME, - dstkey, ISC_TRUE, NULL, + dstkey, ISC_FALSE, NULL, rtkey.inception, rtkey.expire, - rmsg->mctx, ring, outkey)); + ring->mctx, ring, outkey)); dns_rdata_freestruct(&rtkey); return (result); failure: + /* + * XXXSRA This probably leaks memory from rtkey and qtkey. + */ return (result); } @@ -1212,10 +1309,9 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, rtkey.mode != DNS_TKEYMODE_DELETE || rtkey.mode != qtkey.mode || !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm) || - rmsg->rcode != dns_rcode_noerror) - { + rmsg->rcode != dns_rcode_noerror) { tkey_log("dns_tkey_processdeleteresponse: tkey mode invalid " - "or error set"); + "or error set(3)"); result = DNS_R_INVALIDTKEY; dns_rdata_freestruct(&qtkey); dns_rdata_freestruct(&rtkey); @@ -1240,3 +1336,84 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, failure: return (result); } + +isc_result_t +dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, + dns_name_t *server, gss_ctx_id_t *context, + dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, + isc_boolean_t win2k) +{ + dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT; + dns_name_t *tkeyname; + dns_rdata_tkey_t rtkey, qtkey; + isc_buffer_t intoken, outtoken; + dst_key_t *dstkey = NULL; + isc_result_t result; + unsigned char array[1024]; + + REQUIRE(qmsg != NULL); + REQUIRE(rmsg != NULL); + REQUIRE(server != NULL); + if (outkey != NULL) + REQUIRE(*outkey == NULL); + + if (rmsg->rcode != dns_rcode_noerror) + return (ISC_RESULTCLASS_DNSRCODE + rmsg->rcode); + + RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); + RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, NULL)); + + if (win2k == ISC_TRUE) + RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, + DNS_SECTION_ANSWER)); + else + RETERR(find_tkey(qmsg, &tkeyname, &qtkeyrdata, + DNS_SECTION_ADDITIONAL)); + + RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, NULL)); + + if (rtkey.error != dns_rcode_noerror || + rtkey.mode != DNS_TKEYMODE_GSSAPI || + !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm)) + { + tkey_log("dns_tkey_processdhresponse: tkey mode invalid " + "or error set(4)"); + result = DNS_R_INVALIDTKEY; + goto failure; + } + + isc_buffer_init(&intoken, rtkey.key, rtkey.keylen); + isc_buffer_init(&outtoken, array, sizeof(array)); + + result = dst_gssapi_initctx(server, &intoken, &outtoken, context); + if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) + return (result); + + dstkey = NULL; + RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx, + &dstkey)); + + /* + * XXXSRA This seems confused. If we got CONTINUE from initctx, + * the GSS negotiation hasn't completed yet, so we can't sign + * anything yet. + */ + + RETERR(dns_tsigkey_createfromkey(tkeyname, + (win2k + ? DNS_TSIG_GSSAPIMS_NAME + : DNS_TSIG_GSSAPI_NAME), + dstkey, ISC_TRUE, NULL, + rtkey.inception, rtkey.expire, + ring->mctx, ring, outkey)); + + dns_rdata_freestruct(&rtkey); + return (result); + + failure: + /* + * XXXSRA This probably leaks memory from qtkey. + */ + dns_rdata_freestruct(&rtkey); + return (result); +} diff --git a/contrib/bind-9.3/lib/dns/tsig.c b/contrib/bind-9.5.2/lib/dns/tsig.c similarity index 71% rename from contrib/bind-9.3/lib/dns/tsig.c rename to contrib/bind-9.5.2/lib/dns/tsig.c index 9bdde06eb1..7a91acc435 100644 --- a/contrib/bind-9.3/lib/dns/tsig.c +++ b/contrib/bind-9.5.2/lib/dns/tsig.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,9 +16,9 @@ */ /* - * $Id: tsig.c,v 1.112.2.3.8.10 2006/05/02 04:21:42 marka Exp $ + * $Id: tsig.c,v 1.131.2.3 2008/11/04 22:28:45 marka Exp $ */ - +/*! \file */ #include #include @@ -28,10 +28,12 @@ #include #include /* Required for HP/UX (and others?) */ #include +#include #include #include #include +#include #include #include #include @@ -48,6 +50,11 @@ #define is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR) #define algname_is_allocated(algname) \ ((algname) != dns_tsig_hmacmd5_name && \ + (algname) != dns_tsig_hmacsha1_name && \ + (algname) != dns_tsig_hmacsha224_name && \ + (algname) != dns_tsig_hmacsha256_name && \ + (algname) != dns_tsig_hmacsha384_name && \ + (algname) != dns_tsig_hmacsha512_name && \ (algname) != dns_tsig_gssapi_name && \ (algname) != dns_tsig_gssapims_name) @@ -69,7 +76,6 @@ dns_name_t *dns_tsig_hmacmd5_name = &hmacmd5; static unsigned char gsstsig_ndata[] = "\010gss-tsig"; static unsigned char gsstsig_offsets[] = { 0, 9 }; - static dns_name_t gsstsig = { DNS_NAME_MAGIC, gsstsig_ndata, 10, 2, @@ -78,13 +84,14 @@ static dns_name_t gsstsig = { {(void *)-1, (void *)-1}, {NULL, NULL} }; - LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_gssapi_name = &gsstsig; -/* It's nice of Microsoft to conform to their own standard. */ +/* + * Since Microsoft doesn't follow its own standard, we will use this + * alternate name as a second guess. + */ static unsigned char gsstsigms_ndata[] = "\003gss\011microsoft\003com"; static unsigned char gsstsigms_offsets[] = { 0, 4, 14, 18 }; - static dns_name_t gsstsigms = { DNS_NAME_MAGIC, gsstsigms_ndata, 19, 4, @@ -93,9 +100,78 @@ static dns_name_t gsstsigms = { {(void *)-1, (void *)-1}, {NULL, NULL} }; - LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_gssapims_name = &gsstsigms; +static unsigned char hmacsha1_ndata[] = "\011hmac-sha1"; +static unsigned char hmacsha1_offsets[] = { 0, 10 }; + +static dns_name_t hmacsha1 = { + DNS_NAME_MAGIC, + hmacsha1_ndata, 11, 2, + DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, + hmacsha1_offsets, NULL, + {(void *)-1, (void *)-1}, + {NULL, NULL} +}; + +LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_hmacsha1_name = &hmacsha1; + +static unsigned char hmacsha224_ndata[] = "\013hmac-sha224"; +static unsigned char hmacsha224_offsets[] = { 0, 12 }; + +static dns_name_t hmacsha224 = { + DNS_NAME_MAGIC, + hmacsha224_ndata, 13, 2, + DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, + hmacsha224_offsets, NULL, + {(void *)-1, (void *)-1}, + {NULL, NULL} +}; + +LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_hmacsha224_name = &hmacsha224; + +static unsigned char hmacsha256_ndata[] = "\013hmac-sha256"; +static unsigned char hmacsha256_offsets[] = { 0, 12 }; + +static dns_name_t hmacsha256 = { + DNS_NAME_MAGIC, + hmacsha256_ndata, 13, 2, + DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, + hmacsha256_offsets, NULL, + {(void *)-1, (void *)-1}, + {NULL, NULL} +}; + +LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_hmacsha256_name = &hmacsha256; + +static unsigned char hmacsha384_ndata[] = "\013hmac-sha384"; +static unsigned char hmacsha384_offsets[] = { 0, 12 }; + +static dns_name_t hmacsha384 = { + DNS_NAME_MAGIC, + hmacsha384_ndata, 13, 2, + DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, + hmacsha384_offsets, NULL, + {(void *)-1, (void *)-1}, + {NULL, NULL} +}; + +LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_hmacsha384_name = &hmacsha384; + +static unsigned char hmacsha512_ndata[] = "\013hmac-sha512"; +static unsigned char hmacsha512_offsets[] = { 0, 12 }; + +static dns_name_t hmacsha512 = { + DNS_NAME_MAGIC, + hmacsha512_ndata, 13, 2, + DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, + hmacsha512_offsets, NULL, + {(void *)-1, (void *)-1}, + {NULL, NULL} +}; + +LIBDNS_EXTERNAL_DATA dns_name_t *dns_tsig_hmacsha512_name = &hmacsha512; + static isc_result_t tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg); @@ -103,11 +179,17 @@ static void tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) ISC_FORMAT_PRINTF(3, 4); +static void +cleanup_ring(dns_tsig_keyring_t *ring); +static void +tsigkey_free(dns_tsigkey_t *key); + static void tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) { va_list ap; char message[4096]; char namestr[DNS_NAME_FORMATSIZE]; + char creatorstr[DNS_NAME_FORMATSIZE]; if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; @@ -115,11 +197,22 @@ tsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) { dns_name_format(&key->name, namestr, sizeof(namestr)); else strcpy(namestr, ""); + + if (key != NULL && key->generated) + dns_name_format(key->creator, creatorstr, sizeof(creatorstr)); + va_start(ap, fmt); vsnprintf(message, sizeof(message), fmt, ap); va_end(ap); - isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, - level, "tsig key '%s': %s", namestr, message); + if (key != NULL && key->generated) + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, + level, "tsig key '%s' (%s): %s", + namestr, creatorstr, message); + else + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, + level, "tsig key '%s': %s", namestr, message); } isc_result_t @@ -137,6 +230,7 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, REQUIRE(name != NULL); REQUIRE(algorithm != NULL); REQUIRE(mctx != NULL); + REQUIRE(key != NULL || ring != NULL); tkey = (dns_tsigkey_t *) isc_mem_get(mctx, sizeof(dns_tsigkey_t)); if (tkey == NULL) @@ -154,6 +248,40 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, ret = DNS_R_BADALG; goto cleanup_name; } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) { + tkey->algorithm = DNS_TSIG_HMACSHA1_NAME; + if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA1) { + ret = DNS_R_BADALG; + goto cleanup_name; + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA224_NAME)) { + tkey->algorithm = DNS_TSIG_HMACSHA224_NAME; + if (dstkey != NULL && + dst_key_alg(dstkey) != DST_ALG_HMACSHA224) { + ret = DNS_R_BADALG; + goto cleanup_name; + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA256_NAME)) { + tkey->algorithm = DNS_TSIG_HMACSHA256_NAME; + if (dstkey != NULL && + dst_key_alg(dstkey) != DST_ALG_HMACSHA256) { + ret = DNS_R_BADALG; + goto cleanup_name; + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA384_NAME)) { + tkey->algorithm = DNS_TSIG_HMACSHA384_NAME; + if (dstkey != NULL && + dst_key_alg(dstkey) != DST_ALG_HMACSHA384) { + ret = DNS_R_BADALG; + goto cleanup_name; + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA512_NAME)) { + tkey->algorithm = DNS_TSIG_HMACSHA512_NAME; + if (dstkey != NULL && + dst_key_alg(dstkey) != DST_ALG_HMACSHA512) { + ret = DNS_R_BADALG; + goto cleanup_name; + } } else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPI_NAME)) { tkey->algorithm = DNS_TSIG_GSSAPI_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_GSSAPI) { @@ -202,28 +330,48 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, tkey->key = dstkey; tkey->ring = ring; + if (key != NULL) + refs++; + if (ring != NULL) + refs++; + ret = isc_refcount_init(&tkey->refs, refs); + if (ret != ISC_R_SUCCESS) + goto cleanup_creator; + + tkey->generated = generated; + tkey->inception = inception; + tkey->expire = expire; + tkey->mctx = NULL; + isc_mem_attach(mctx, &tkey->mctx); + + tkey->magic = TSIG_MAGIC; + if (ring != NULL) { RWLOCK(&ring->lock, isc_rwlocktype_write); + ring->writecount++; + + /* + * Do on the fly cleaning. Find some nodes we might not + * want around any more. + */ + if (ring->writecount > 10) { + cleanup_ring(ring); + ring->writecount = 0; + } ret = dns_rbt_addname(ring->keys, name, tkey); if (ret != ISC_R_SUCCESS) { RWUNLOCK(&ring->lock, isc_rwlocktype_write); - goto cleanup_algorithm; + goto cleanup_refs; } - refs++; RWUNLOCK(&ring->lock, isc_rwlocktype_write); } - if (key != NULL) - refs++; - isc_refcount_init(&tkey->refs, refs); - tkey->generated = generated; - tkey->inception = inception; - tkey->expire = expire; - tkey->mctx = mctx; - - tkey->magic = TSIG_MAGIC; - - if (dstkey != NULL && dst_key_size(dstkey) < 64) { + /* + * Ignore this if it's a GSS key, since the key size is meaningless. + */ + if (dstkey != NULL && dst_key_size(dstkey) < 64 && + !dns_name_equal(algorithm, DNS_TSIG_GSSAPI_NAME) && + !dns_name_equal(algorithm, DNS_TSIG_GSSAPIMS_NAME)) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(name, namestr, sizeof(namestr)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, @@ -236,6 +384,16 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, return (ISC_R_SUCCESS); + cleanup_refs: + tkey->magic = 0; + while (refs-- > 0) + isc_refcount_decrement(&tkey->refs, NULL); + isc_refcount_destroy(&tkey->refs); + cleanup_creator: + if (tkey->creator != NULL) { + dns_name_free(tkey->creator, mctx); + isc_mem_put(mctx, tkey->creator, sizeof(dns_name_t)); + } cleanup_algorithm: if (algname_is_allocated(tkey->algorithm)) { if (dns_name_dynamic(tkey->algorithm)) @@ -250,6 +408,66 @@ dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, return (ret); } +/* + * Find a few nodes to destroy if possible. + */ +static void +cleanup_ring(dns_tsig_keyring_t *ring) +{ + isc_result_t result; + dns_rbtnodechain_t chain; + dns_name_t foundname; + dns_fixedname_t fixedorigin; + dns_name_t *origin; + isc_stdtime_t now; + dns_rbtnode_t *node; + dns_tsigkey_t *tkey; + + /* + * Start up a new iterator each time. + */ + isc_stdtime_get(&now); + dns_name_init(&foundname, NULL); + dns_fixedname_init(&fixedorigin); + origin = dns_fixedname_name(&fixedorigin); + + again: + dns_rbtnodechain_init(&chain, ring->mctx); + result = dns_rbtnodechain_first(&chain, ring->keys, &foundname, + origin); + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + return; + } + + for (;;) { + node = NULL; + dns_rbtnodechain_current(&chain, &foundname, origin, &node); + tkey = node->data; + if (tkey != NULL) { + if (tkey->generated + && isc_refcount_current(&tkey->refs) == 1 + && tkey->inception != tkey->expire + && tkey->expire < now) { + tsig_log(tkey, 2, "tsig expire: deleting"); + /* delete the key */ + dns_rbtnodechain_invalidate(&chain); + (void)dns_rbt_deletename(ring->keys, + &tkey->name, + ISC_FALSE); + goto again; + } + } + result = dns_rbtnodechain_next(&chain, &foundname, + origin); + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + return; + } + + } +} + isc_result_t dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm, unsigned char *secret, int length, isc_boolean_t generated, @@ -264,22 +482,93 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm, if (length > 0) REQUIRE(secret != NULL); - if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME) && length > 0) + if (dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME)) { + if (secret != NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + result = dst_key_frombuffer(name, DST_ALG_HMACMD5, + DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, + &b, mctx, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) { + if (secret != NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + result = dst_key_frombuffer(name, DST_ALG_HMACSHA1, + DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, + &b, mctx, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA224_NAME)) { + if (secret != NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + result = dst_key_frombuffer(name, DST_ALG_HMACSHA224, + DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, + &b, mctx, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA256_NAME)) { + if (secret != NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + result = dst_key_frombuffer(name, DST_ALG_HMACSHA256, + DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, + &b, mctx, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA384_NAME)) { + if (secret != NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + result = dst_key_frombuffer(name, DST_ALG_HMACSHA384, + DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, + &b, mctx, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + } + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA512_NAME)) { + if (secret != NULL) { + isc_buffer_t b; + + isc_buffer_init(&b, secret, length); + isc_buffer_add(&b, length); + result = dst_key_frombuffer(name, DST_ALG_HMACSHA512, + DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, + dns_rdataclass_in, + &b, mctx, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + } + } else if (length > 0) return (DNS_R_BADALG); - if (secret != NULL) { - isc_buffer_t b; - - isc_buffer_init(&b, secret, length); - isc_buffer_add(&b, length); - result = dst_key_frombuffer(name, DST_ALG_HMACMD5, - DNS_KEYOWNER_ENTITY, - DNS_KEYPROTO_DNSSEC, - dns_rdataclass_in, - &b, mctx, &dstkey); - if (result != ISC_R_SUCCESS) - return (result); - } result = dns_tsigkey_createfromkey(name, algorithm, dstkey, generated, creator, inception, expire, mctx, ring, key); @@ -314,7 +603,7 @@ tsigkey_free(dns_tsigkey_t *key) { isc_mem_put(key->mctx, key->creator, sizeof(dns_name_t)); } isc_refcount_destroy(&key->refs); - isc_mem_put(key->mctx, key, sizeof(dns_tsigkey_t)); + isc_mem_putanddetach(&key->mctx, key, sizeof(dns_tsigkey_t)); } void @@ -344,17 +633,6 @@ dns_tsigkey_setdeleted(dns_tsigkey_t *key) { RWUNLOCK(&key->ring->lock, isc_rwlocktype_write); } -static void -buffer_putuint48(isc_buffer_t *b, isc_uint64_t val) { - isc_uint16_t valhi; - isc_uint32_t vallo; - - valhi = (isc_uint16_t)(val >> 32); - vallo = (isc_uint32_t)(val & 0xFFFFFFFF); - isc_buffer_putuint16(b, valhi); - isc_buffer_putuint32(b, vallo); -} - isc_result_t dns_tsig_sign(dns_message_t *msg) { dns_tsigkey_t *key; @@ -417,12 +695,13 @@ dns_tsig_sign(dns_message_t *msg) { tsig.otherlen = BADTIMELEN; tsig.other = badtimedata; isc_buffer_init(&otherbuf, tsig.other, tsig.otherlen); - buffer_putuint48(&otherbuf, tsig.timesigned); + isc_buffer_putuint48(&otherbuf, tsig.timesigned); } if (key->key != NULL && tsig.error != dns_tsigerror_badsig) { unsigned char header[DNS_MESSAGE_HEADERLEN]; isc_buffer_t headerbuf; + isc_uint16_t digestbits; ret = dst_context_create(key->key, mctx, &ctx); if (ret != ISC_R_SUCCESS) @@ -444,8 +723,7 @@ dns_tsig_sign(dns_message_t *msg) { goto cleanup_context; isc_buffer_putuint16(&databuf, querytsig.siglen); if (isc_buffer_availablelength(&databuf) < - querytsig.siglen) - { + querytsig.siglen) { ret = ISC_R_NOSPACE; goto cleanup_context; } @@ -503,7 +781,7 @@ dns_tsig_sign(dns_message_t *msg) { isc_buffer_clear(&databuf); if (tsig.error == dns_tsigerror_badtime) tsig.timesigned = querytsig.timesigned; - buffer_putuint48(&databuf, tsig.timesigned); + isc_buffer_putuint48(&databuf, tsig.timesigned); isc_buffer_putuint16(&databuf, tsig.fudge); isc_buffer_usedregion(&databuf, &r); ret = dst_context_adddata(ctx, &r); @@ -549,7 +827,16 @@ dns_tsig_sign(dns_message_t *msg) { if (ret != ISC_R_SUCCESS) goto cleanup_signature; dst_context_destroy(&ctx); - tsig.siglen = isc_buffer_usedlength(&sigbuf); + digestbits = dst_key_getbits(key->key); + if (digestbits != 0) { + unsigned int bytes = (digestbits + 1) / 8; + if (is_response(msg) && bytes < querytsig.siglen) + bytes = querytsig.siglen; + if (bytes > isc_buffer_usedlength(&sigbuf)) + bytes = isc_buffer_usedlength(&sigbuf); + tsig.siglen = bytes; + } else + tsig.siglen = isc_buffer_usedlength(&sigbuf); } else { tsig.siglen = 0; tsig.signature = NULL; @@ -640,10 +927,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, dst_context_t *ctx = NULL; isc_mem_t *mctx; isc_uint16_t addcount, id; + unsigned int siglen; + unsigned int alg; REQUIRE(source != NULL); REQUIRE(DNS_MESSAGE_VALID(msg)); tsigkey = dns_message_gettsigkey(msg); + REQUIRE(tsigkey == NULL || VALID_TSIG_KEY(tsigkey)); msg->verify_attempted = 1; @@ -699,8 +989,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, */ if (is_response(msg) && (!dns_name_equal(keyname, &tsigkey->name) || - !dns_name_equal(&tsig.algorithm, &querytsig.algorithm))) - { + !dns_name_equal(&tsig.algorithm, &querytsig.algorithm))) { msg->tsigstatus = dns_tsigerror_badkey; tsig_log(msg->tsigkey, 2, "key name and algorithm do not match"); @@ -752,6 +1041,42 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, return (DNS_R_CLOCKSKEW); } + /* + * Check digest length. + */ + alg = dst_key_alg(key); + ret = dst_key_sigsize(key, &siglen); + if (ret != ISC_R_SUCCESS) + return (ret); + if (alg == DST_ALG_HMACMD5 || alg == DST_ALG_HMACSHA1 || + alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 || + alg == DST_ALG_HMACSHA384 || alg == DST_ALG_HMACSHA512) { + isc_uint16_t digestbits = dst_key_getbits(key); + if (tsig.siglen > siglen) { + tsig_log(msg->tsigkey, 2, "signature length to big"); + return (DNS_R_FORMERR); + } + if (tsig.siglen > 0 && + (tsig.siglen < 10 || tsig.siglen < ((siglen + 1) / 2))) { + tsig_log(msg->tsigkey, 2, + "signature length below minimum"); + return (DNS_R_FORMERR); + } + if (tsig.siglen > 0 && digestbits != 0 && + tsig.siglen < ((digestbits + 1) / 8)) { + msg->tsigstatus = dns_tsigerror_badtrunc; + tsig_log(msg->tsigkey, 2, + "truncated signature length too small"); + return (DNS_R_TSIGVERIFYFAILURE); + } + if (tsig.siglen > 0 && digestbits == 0 && + tsig.siglen < siglen) { + msg->tsigstatus = dns_tsigerror_badtrunc; + tsig_log(msg->tsigkey, 2, "signature length too small"); + return (DNS_R_TSIGVERIFYFAILURE); + } + } + if (tsig.siglen > 0) { sig_r.base = tsig.signature; sig_r.length = tsig.siglen; @@ -840,7 +1165,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, goto cleanup_context; isc_buffer_clear(&databuf); - buffer_putuint48(&databuf, tsig.timesigned); + isc_buffer_putuint48(&databuf, tsig.timesigned); isc_buffer_putuint16(&databuf, tsig.fudge); isc_buffer_putuint16(&databuf, tsig.error); isc_buffer_putuint16(&databuf, tsig.otherlen); @@ -862,15 +1187,14 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, msg->tsigstatus = dns_tsigerror_badsig; ret = DNS_R_TSIGVERIFYFAILURE; tsig_log(msg->tsigkey, 2, - "signature failed to verify"); + "signature failed to verify(1)"); goto cleanup_context; } else if (ret != ISC_R_SUCCESS) goto cleanup_context; dst_context_destroy(&ctx); } else if (tsig.error != dns_tsigerror_badsig && - tsig.error != dns_tsigerror_badkey) - { + tsig.error != dns_tsigerror_badkey) { msg->tsigstatus = dns_tsigerror_badsig; tsig_log(msg->tsigkey, 2, "signature was empty"); return (DNS_R_TSIGVERIFYFAILURE); @@ -957,8 +1281,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { * Do the key name and algorithm match that of the query? */ if (!dns_name_equal(keyname, &tsigkey->name) || - !dns_name_equal(&tsig.algorithm, &querytsig.algorithm)) - { + !dns_name_equal(&tsig.algorithm, &querytsig.algorithm)) { msg->tsigstatus = dns_tsigerror_badkey; ret = DNS_R_TSIGVERIFYFAILURE; tsig_log(msg->tsigkey, 2, @@ -977,8 +1300,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { ret = DNS_R_CLOCKSKEW; goto cleanup_querystruct; } else if (now + msg->timeadjust < - tsig.timesigned - tsig.fudge) - { + tsig.timesigned - tsig.fudge) { msg->tsigstatus = dns_tsigerror_badtime; tsig_log(msg->tsigkey, 2, "signature is in the future"); @@ -1068,7 +1390,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { */ if (has_tsig) { isc_buffer_init(&databuf, data, sizeof(data)); - buffer_putuint48(&databuf, tsig.timesigned); + isc_buffer_putuint48(&databuf, tsig.timesigned); isc_buffer_putuint16(&databuf, tsig.fudge); isc_buffer_usedregion(&databuf, &r); ret = dst_context_adddata(msg->tsigctx, &r); @@ -1095,7 +1417,7 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) { if (ret == DST_R_VERIFYFAILURE) { msg->tsigstatus = dns_tsigerror_badsig; tsig_log(msg->tsigkey, 2, - "signature failed to verify"); + "signature failed to verify(2)"); ret = DNS_R_TSIGVERIFYFAILURE; goto cleanup_context; } @@ -1131,6 +1453,10 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name, REQUIRE(name != NULL); REQUIRE(ring != NULL); + RWLOCK(&ring->lock, isc_rwlocktype_write); + cleanup_ring(ring); + RWUNLOCK(&ring->lock, isc_rwlocktype_write); + isc_stdtime_get(&now); RWLOCK(&ring->lock, isc_rwlocktype_read); key = NULL; @@ -1149,7 +1475,7 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name, */ RWUNLOCK(&ring->lock, isc_rwlocktype_read); RWLOCK(&ring->lock, isc_rwlocktype_write); - (void) dns_rbt_deletename(ring->keys, name, ISC_FALSE); + (void)dns_rbt_deletename(ring->keys, name, ISC_FALSE); RWUNLOCK(&ring->lock, isc_rwlocktype_write); return (ISC_R_NOTFOUND); } @@ -1187,10 +1513,8 @@ dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) { result = isc_rwlock_init(&ring->lock, 0, 0); if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_rwlock_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); + isc_mem_put(mctx, ring, sizeof(dns_tsig_keyring_t)); + return (result); } ring->keys = NULL; @@ -1201,7 +1525,9 @@ dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) { return (result); } - ring->mctx = mctx; + ring->writecount = 0; + ring->mctx = NULL; + isc_mem_attach(mctx, &ring->mctx); *ringp = ring; return (ISC_R_SUCCESS); @@ -1219,5 +1545,5 @@ dns_tsigkeyring_destroy(dns_tsig_keyring_t **ringp) { dns_rbt_destroy(&ring->keys); isc_rwlock_destroy(&ring->lock); - isc_mem_put(ring->mctx, ring, sizeof(dns_tsig_keyring_t)); + isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsig_keyring_t)); } diff --git a/contrib/bind-9.3/lib/dns/ttl.c b/contrib/bind-9.5.2/lib/dns/ttl.c similarity index 95% rename from contrib/bind-9.3/lib/dns/ttl.c rename to contrib/bind-9.5.2/lib/dns/ttl.c index 1dad0fbad6..9d0dec52ff 100644 --- a/contrib/bind-9.3/lib/dns/ttl.c +++ b/contrib/bind-9.5.2/lib/dns/ttl.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ttl.c,v 1.21.12.5 2004/03/08 09:04:32 marka Exp $ */ +/* $Id: ttl.c,v 1.29 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/validator.c b/contrib/bind-9.5.2/lib/dns/validator.c similarity index 88% rename from contrib/bind-9.3/lib/dns/validator.c rename to contrib/bind-9.5.2/lib/dns/validator.c index 571ad791e7..4ea5a03ceb 100644 --- a/contrib/bind-9.3/lib/dns/validator.c +++ b/contrib/bind-9.5.2/lib/dns/validator.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.91.2.5.8.27.6.1 2007/01/11 04:51:39 marka Exp $ */ +/* $Id: validator.c,v 1.155.52.14 2009/03/17 23:46:41 tbox Exp $ */ #include @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -52,7 +53,7 @@ * dlv_validator_start -> validator_start -> validate -> proveunsecure * * validator_start -> validate -> nsecvalidate (secure wildcard answer) - * + * * \li When called with rdataset, sigrdataset and with DNS_VALIDATOR_DLV: * validator_start -> startfinddlvsep -> dlv_validator_start -> * validator_start -> validate -> proveunsecure @@ -69,9 +70,9 @@ * validator_start -> nsecvalidate -> proveunsecure -> startfinddlvsep -> * dlv_validator_start -> validator_start -> nsecvalidate -> proveunsecure * - * \li When called without a rdataset and with DNS_VALIDATOR_DLV: - * validator_start -> startfinddlvsep -> dlv_validator_start -> - * validator_start -> nsecvalidate -> proveunsecure + * Note: there isn't a case for DNS_VALIDATOR_DLV here as we want nsecvalidate() + * to always validate the authority section even when it does not contain + * signatures. * * validator_start: determines what type of validation to do. * validate: attempts to perform a positive validation. @@ -86,11 +87,11 @@ #define VALID_VALIDATOR(v) ISC_MAGIC_VALID(v, VALIDATOR_MAGIC) #define VALATTR_SHUTDOWN 0x0001 /*%< Shutting down. */ +#define VALATTR_CANCELED 0x0002 /*%< Canceled. */ #define VALATTR_TRIEDVERIFY 0x0004 /*%< We have found a key and * have attempted a verify. */ #define VALATTR_INSECURITY 0x0010 /*%< Attempting proveunsecure. */ #define VALATTR_DLVTRIED 0x0020 /*%< Looked for a DLV record. */ -#define VALATTR_AUTHNONPENDING 0x0040 /*%< Tidy up pending auth. */ /*! * NSEC proofs to be looked for. @@ -112,6 +113,7 @@ #define DLVTRIED(val) ((val->attributes & VALATTR_DLVTRIED) != 0) #define SHUTDOWN(v) (((v)->attributes & VALATTR_SHUTDOWN) != 0) +#define CANCELED(v) (((v)->attributes & VALATTR_CANCELED) != 0) static void destroy(dns_validator_t *val); @@ -130,7 +132,8 @@ static isc_result_t nsecvalidate(dns_validator_t *val, isc_boolean_t resume); static isc_result_t -proveunsecure(dns_validator_t *val, isc_boolean_t resume); +proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, + isc_boolean_t resume); static void validator_logv(dns_validator_t *val, isc_logcategory_t *category, @@ -155,18 +158,11 @@ dlv_validator_start(dns_validator_t *val); static isc_result_t finddlvsep(dns_validator_t *val, isc_boolean_t resume); -static void -auth_nonpending(dns_message_t *message); - static isc_result_t startfinddlvsep(dns_validator_t *val, dns_name_t *unsecure); /*% * Mark the RRsets as a answer. - * - * If VALATTR_AUTHNONPENDING is set then this is a negative answer - * in a insecure zone. We need to mark any pending RRsets as - * dns_trust_authauthority answers (this is deferred from resolver.c). */ static inline void markanswer(dns_validator_t *val) { @@ -175,9 +171,6 @@ markanswer(dns_validator_t *val) { val->event->rdataset->trust = dns_trust_answer; if (val->event->sigrdataset != NULL) val->event->sigrdataset->trust = dns_trust_answer; - if (val->event->message != NULL && - (val->attributes & VALATTR_AUTHNONPENDING) != 0) - auth_nonpending(val->event->message); } static void @@ -216,29 +209,35 @@ exit_check(dns_validator_t *val) { return (ISC_TRUE); } -/*% - * Mark pending answers in the authority section as dns_trust_authauthority. +/* + * Check that we have atleast one supported algorithm in the DLV RRset. */ -static void -auth_nonpending(dns_message_t *message) { +static inline isc_boolean_t +dlv_algorithm_supported(dns_validator_t *val) { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_dlv_t dlv; isc_result_t result; - dns_name_t *name; - dns_rdataset_t *rdataset; - for (result = dns_message_firstname(message, DNS_SECTION_AUTHORITY); + for (result = dns_rdataset_first(&val->dlv); result == ISC_R_SUCCESS; - result = dns_message_nextname(message, DNS_SECTION_AUTHORITY)) - { - name = NULL; - dns_message_currentname(message, DNS_SECTION_AUTHORITY, &name); - for (rdataset = ISC_LIST_HEAD(name->list); - rdataset != NULL; - rdataset = ISC_LIST_NEXT(rdataset, link)) - { - if (rdataset->trust == dns_trust_pending) - rdataset->trust = dns_trust_authauthority; - } + result = dns_rdataset_next(&val->dlv)) { + dns_rdata_reset(&rdata); + dns_rdataset_current(&val->dlv, &rdata); + result = dns_rdata_tostruct(&rdata, &dlv, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + if (!dns_resolver_algorithm_supported(val->view->resolver, + val->event->name, + dlv.algorithm)) + continue; + + if (dlv.digest_type != DNS_DSDIGEST_SHA256 && + dlv.digest_type != DNS_DSDIGEST_SHA1) + continue; + + return (ISC_TRUE); } + return (ISC_FALSE); } /*% @@ -313,7 +312,9 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "in fetch_callback_validator"); LOCK(&val->lock); - if (eresult == ISC_R_SUCCESS) { + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), "keyset with trust %d", rdataset->trust); /* @@ -377,7 +378,9 @@ dsfetched(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "in dsfetched"); LOCK(&val->lock); - if (eresult == ISC_R_SUCCESS) { + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), "dsset with trust %d", rdataset->trust); val->dsset = &val->frdataset; @@ -385,12 +388,14 @@ dsfetched(isc_task_t *task, isc_event_t *event) { if (result != DNS_R_WAIT) validator_done(val, result); } else if (eresult == DNS_R_NXRRSET || - eresult == DNS_R_NCACHENXRRSET) + eresult == DNS_R_NCACHENXRRSET || + eresult == DNS_R_SERVFAIL) /* RFC 1034 parent? */ { validator_log(val, ISC_LOG_DEBUG(3), - "falling back to insecurity proof"); + "falling back to insecurity proof (%s)", + dns_result_totext(eresult)); val->attributes |= VALATTR_INSECURITY; - result = proveunsecure(val, ISC_FALSE); + result = proveunsecure(val, ISC_FALSE, ISC_FALSE); if (result != DNS_R_WAIT) validator_done(val, result); } else { @@ -448,7 +453,9 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "in dsfetched2: %s", dns_result_totext(eresult)); LOCK(&val->lock); - if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET) { + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET) { /* * There is no DS. If this is a delegation, we're done. */ @@ -467,7 +474,7 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { validator_done(val, result); } } else { - result = proveunsecure(val, ISC_TRUE); + result = proveunsecure(val, ISC_FALSE, ISC_TRUE); if (result != DNS_R_WAIT) validator_done(val, result); } @@ -476,11 +483,12 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { eresult == DNS_R_NCACHENXDOMAIN) { /* - * There is a DS which may or may not be a zone cut. + * There is a DS which may or may not be a zone cut. * In either case we are still in a secure zone resume * validation. */ - result = proveunsecure(val, ISC_TRUE); + result = proveunsecure(val, ISC_TF(eresult == ISC_R_SUCCESS), + ISC_TRUE); if (result != DNS_R_WAIT) validator_done(val, result); } else { @@ -523,7 +531,9 @@ keyvalidated(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "in keyvalidated"); LOCK(&val->lock); - if (eresult == ISC_R_SUCCESS) { + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), "keyset with trust %d", val->frdataset.trust); /* @@ -573,11 +583,13 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "in dsvalidated"); LOCK(&val->lock); - if (eresult == ISC_R_SUCCESS) { + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), "dsset with trust %d", val->frdataset.trust); if ((val->attributes & VALATTR_INSECURITY) != 0) - result = proveunsecure(val, ISC_TRUE); + result = proveunsecure(val, ISC_TRUE, ISC_TRUE); else result = validatezonekey(val); if (result != DNS_R_WAIT) @@ -613,6 +625,8 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, unsigned int olabels, nlabels, labels; dns_rdata_nsec_t nsec; isc_boolean_t atparent; + isc_boolean_t ns; + isc_boolean_t soa; REQUIRE(exists != NULL); REQUIRE(data != NULL); @@ -644,9 +658,9 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, * The names are the same. */ atparent = dns_rdatatype_atparent(val->event->type); - if (dns_nsec_typepresent(&rdata, dns_rdatatype_ns) && - !dns_nsec_typepresent(&rdata, dns_rdatatype_soa)) - { + ns = dns_nsec_typepresent(&rdata, dns_rdatatype_ns); + soa = dns_nsec_typepresent(&rdata, dns_rdatatype_soa); + if (ns && !soa) { if (!atparent) { /* * This NSEC record is from somewhere higher in @@ -657,7 +671,7 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, "ignoring parent nsec"); return (ISC_R_IGNORE); } - } else if (atparent) { + } else if (atparent && ns && soa) { /* * This NSEC record is from the child. * It can not be legitimately used here. @@ -666,12 +680,20 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, "ignoring child nsec"); return (ISC_R_IGNORE); } - *exists = ISC_TRUE; - *data = dns_nsec_typepresent(&rdata, val->event->type); - validator_log(val, ISC_LOG_DEBUG(3), - "nsec proves name exists (owner) data=%d", - *data); - return (ISC_R_SUCCESS); + if (val->event->type == dns_rdatatype_cname || + val->event->type == dns_rdatatype_nxt || + val->event->type == dns_rdatatype_nsec || + val->event->type == dns_rdatatype_key || + !dns_nsec_typepresent(&rdata, dns_rdatatype_cname)) { + *exists = ISC_TRUE; + *data = dns_nsec_typepresent(&rdata, val->event->type); + validator_log(val, ISC_LOG_DEBUG(3), + "nsec proves name exists (owner) data=%d", + *data); + return (ISC_R_SUCCESS); + } + validator_log(val, ISC_LOG_DEBUG(3), "NSEC proves CNAME exists"); + return (ISC_R_IGNORE); } if (relation == dns_namereln_subdomain && @@ -731,6 +753,7 @@ nsecnoexistnodata(dns_validator_t *val, dns_name_t* name, dns_name_t *nsecname, result = dns_name_concatenate(dns_wildcardname, &common, wild, NULL); if (result != ISC_R_SUCCESS) { + dns_rdata_freestruct(&nsec); validator_log(val, ISC_LOG_DEBUG(3), "failure generating wildcard name"); return (result); @@ -771,7 +794,9 @@ authvalidated(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "in authvalidated"); LOCK(&val->lock); - if (result != ISC_R_SUCCESS) { + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (result != ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), "authvalidated: got %s", isc_result_totext(result)); @@ -784,7 +809,8 @@ authvalidated(isc_task_t *task, isc_event_t *event) { } } else { dns_name_t **proofs = val->event->proofs; - + dns_name_t *wild = dns_fixedname_name(&val->wild); + if (rdataset->trust == dns_trust_secure) val->seensig = ISC_TRUE; @@ -792,13 +818,12 @@ authvalidated(isc_task_t *task, isc_event_t *event) { rdataset->trust == dns_trust_secure && ((val->attributes & VALATTR_NEEDNODATA) != 0 || (val->attributes & VALATTR_NEEDNOQNAME) != 0) && - (val->attributes & VALATTR_FOUNDNODATA) == 0 && + (val->attributes & VALATTR_FOUNDNODATA) == 0 && (val->attributes & VALATTR_FOUNDNOQNAME) == 0 && nsecnoexistnodata(val, val->event->name, devent->name, - rdataset, &exists, &data, - dns_fixedname_name(&val->wild)) + rdataset, &exists, &data, wild) == ISC_R_SUCCESS) - { + { if (exists && !data) { val->attributes |= VALATTR_FOUNDNODATA; if (NEEDNODATA(val)) @@ -906,7 +931,7 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { /* End of zone chain. */ if (!dns_name_issubdomain(name, &nsec.next)) { /* - * XXXMPA We could look for a parent NSEC + * XXXMPA We could look for a parent NSEC * at nsec.next and if found retest with * this NSEC. */ @@ -943,10 +968,11 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { dns_rdata_freestruct(&nsec); result = DNS_R_NCACHENXDOMAIN; } else if (result != ISC_R_SUCCESS && - result != DNS_R_NCACHENXDOMAIN && - result != DNS_R_NCACHENXRRSET && - result != DNS_R_NXRRSET && - result != ISC_R_NOTFOUND) { + result != DNS_R_NCACHENXDOMAIN && + result != DNS_R_NCACHENXRRSET && + result != DNS_R_EMPTYNAME && + result != DNS_R_NXRRSET && + result != ISC_R_NOTFOUND) { goto notfound; } return (result); @@ -1100,7 +1126,7 @@ get_dst_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo, } /*% - * Get the key that genertated this signature. + * Get the key that generated this signature. */ static isc_result_t get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { @@ -1113,7 +1139,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { * Is the signer name appropriate for this signature? * * The signer name must be at the same level as the owner name - * or closer to the the DNS root. + * or closer to the DNS root. */ namereln = dns_name_fullcompare(val->event->name, &siginfo->signer, &order, &nlabels); @@ -1135,6 +1161,23 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { */ if (dns_rdatatype_atparent(val->event->rdataset->type)) return (DNS_R_CONTINUE); + } else { + /* + * SOA and NS RRsets can only be signed by a key with + * the same name. + */ + if (val->event->rdataset->type == dns_rdatatype_soa || + val->event->rdataset->type == dns_rdatatype_ns) { + const char *typename; + + if (val->event->rdataset->type == dns_rdatatype_soa) + typename = "SOA"; + else + typename = "NS"; + validator_log(val, ISC_LOG_DEBUG(3), + "%s signer mismatch", typename); + return (DNS_R_CONTINUE); + } } /* @@ -1202,6 +1245,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { return (DNS_R_WAIT); } else if (result == DNS_R_NCACHENXDOMAIN || result == DNS_R_NCACHENXRRSET || + result == DNS_R_EMPTYNAME || result == DNS_R_NXDOMAIN || result == DNS_R_NXRRSET) { @@ -1252,7 +1296,8 @@ isselfsigned(dns_validator_t *val) { { dns_rdata_reset(&rdata); dns_rdataset_current(rdataset, &rdata); - (void)dns_rdata_tostruct(&rdata, &key, NULL); + result = dns_rdata_tostruct(&rdata, &key, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); keytag = compute_keytag(&rdata, &key); for (result = dns_rdataset_first(sigrdataset); result == ISC_R_SUCCESS; @@ -1260,7 +1305,8 @@ isselfsigned(dns_validator_t *val) { { dns_rdata_reset(&sigrdata); dns_rdataset_current(sigrdataset, &sigrdata); - (void)dns_rdata_tostruct(&sigrdata, &sig, NULL); + result = dns_rdata_tostruct(&sigrdata, &sig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (sig.algorithm == key.algorithm && sig.keyid == keytag) @@ -1285,15 +1331,27 @@ verify(dns_validator_t *val, dst_key_t *key, dns_rdata_t *rdata, { isc_result_t result; dns_fixedname_t fixed; + isc_boolean_t ignore = ISC_FALSE; val->attributes |= VALATTR_TRIEDVERIFY; dns_fixedname_init(&fixed); + again: result = dns_dnssec_verify2(val->event->name, val->event->rdataset, - key, ISC_FALSE, val->view->mctx, rdata, + key, ignore, val->view->mctx, rdata, dns_fixedname_name(&fixed)); - validator_log(val, ISC_LOG_DEBUG(3), - "verify rdataset (keyid=%u): %s", - keyid, isc_result_totext(result)); + if (result == DNS_R_SIGEXPIRED && val->view->acceptexpired) { + ignore = ISC_TRUE; + goto again; + } + if (ignore && (result == ISC_R_SUCCESS || result == DNS_R_FROMWILDCARD)) + validator_log(val, ISC_LOG_INFO, + "accepted expired %sRRSIG (keyid=%u)", + (result == DNS_R_FROMWILDCARD) ? + "wildcard " : "", keyid); + else + validator_log(val, ISC_LOG_DEBUG(3), + "verify rdataset (keyid=%u): %s", + keyid, isc_result_totext(result)); if (result == DNS_R_FROMWILDCARD) { if (!dns_name_equal(val->event->name, dns_fixedname_name(&fixed))) @@ -1485,6 +1543,7 @@ dlv_validatezonekey(dns_validator_t *val) { isc_boolean_t supported_algorithm; isc_result_t result; unsigned char dsbuf[DNS_DS_BUFFERSIZE]; + isc_uint8_t digest_type; validator_log(val, ISC_LOG_DEBUG(3), "dlv_validatezonekey"); @@ -1495,16 +1554,50 @@ dlv_validatezonekey(dns_validator_t *val) { */ supported_algorithm = ISC_FALSE; + /* + * If DNS_DSDIGEST_SHA256 is present we are required to prefer + * it over DNS_DSDIGEST_SHA1. This in practice means that we + * need to ignore DNS_DSDIGEST_SHA1 if a DNS_DSDIGEST_SHA256 + * is present. + */ + digest_type = DNS_DSDIGEST_SHA1; + for (result = dns_rdataset_first(&val->dlv); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(&val->dlv)) { + dns_rdata_reset(&dlvrdata); + dns_rdataset_current(&val->dlv, &dlvrdata); + result = dns_rdata_tostruct(&dlvrdata, &dlv, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + if (!dns_resolver_algorithm_supported(val->view->resolver, + val->event->name, + dlv.algorithm)) + continue; + + if (dlv.digest_type == DNS_DSDIGEST_SHA256 && + dlv.length == ISC_SHA256_DIGESTLENGTH) { + digest_type = DNS_DSDIGEST_SHA256; + break; + } + } + for (result = dns_rdataset_first(&val->dlv); result == ISC_R_SUCCESS; result = dns_rdataset_next(&val->dlv)) { dns_rdata_reset(&dlvrdata); dns_rdataset_current(&val->dlv, &dlvrdata); - (void)dns_rdata_tostruct(&dlvrdata, &dlv, NULL); + result = dns_rdata_tostruct(&dlvrdata, &dlv, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + if (!dns_resolver_digest_supported(val->view->resolver, + dlv.digest_type)) + continue; + + if (dlv.digest_type != digest_type) + continue; - if (dlv.digest_type != DNS_DSDIGEST_SHA1 || - !dns_resolver_algorithm_supported(val->view->resolver, + if (!dns_resolver_algorithm_supported(val->view->resolver, val->event->name, dlv.algorithm)) continue; @@ -1520,7 +1613,8 @@ dlv_validatezonekey(dns_validator_t *val) { { dns_rdata_reset(&keyrdata); dns_rdataset_current(&trdataset, &keyrdata); - (void)dns_rdata_tostruct(&keyrdata, &key, NULL); + result = dns_rdata_tostruct(&keyrdata, &key, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); keytag = compute_keytag(&keyrdata, &key); if (dlv.key_tag != keytag || dlv.algorithm != key.algorithm) @@ -1541,6 +1635,7 @@ dlv_validatezonekey(dns_validator_t *val) { break; } if (result != ISC_R_SUCCESS) { + dns_rdataset_disassociate(&trdataset); validator_log(val, ISC_LOG_DEBUG(3), "no DNSKEY matching DLV"); continue; @@ -1555,7 +1650,8 @@ dlv_validatezonekey(dns_validator_t *val) { dns_rdata_reset(&sigrdata); dns_rdataset_current(val->event->sigrdataset, &sigrdata); - (void)dns_rdata_tostruct(&sigrdata, &sig, NULL); + result = dns_rdata_tostruct(&sigrdata, &sig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (dlv.key_tag != sig.keyid && dlv.algorithm != sig.algorithm) continue; @@ -1627,6 +1723,7 @@ validatezonekey(dns_validator_t *val) { dst_key_t *dstkey; isc_boolean_t supported_algorithm; isc_boolean_t atsep = ISC_FALSE; + isc_uint8_t digest_type; /* * Caller must be holding the validator lock. @@ -1651,7 +1748,12 @@ validatezonekey(dns_validator_t *val) { dns_rdata_reset(&sigrdata); dns_rdataset_current(val->event->sigrdataset, &sigrdata); - (void)dns_rdata_tostruct(&sigrdata, &sig, NULL); + result = dns_rdata_tostruct(&sigrdata, &sig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + if (!dns_name_equal(val->event->name, &sig.signer)) + continue; + result = dns_keytable_findkeynode(val->keytable, val->event->name, sig.algorithm, @@ -1705,7 +1807,7 @@ validatezonekey(dns_validator_t *val) { * the RRset is invalid. */ dns_name_format(val->event->name, namebuf, - sizeof(namebuf)); + sizeof(namebuf)); validator_log(val, ISC_LOG_DEBUG(2), "unable to find a DNSKEY which verifies " "the DNSKEY RRset and also matches one " @@ -1756,8 +1858,9 @@ validatezonekey(dns_validator_t *val) { if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (result == DNS_R_NCACHENXDOMAIN || + } else if (result == DNS_R_NCACHENXDOMAIN || result == DNS_R_NCACHENXRRSET || + result == DNS_R_EMPTYNAME || result == DNS_R_NXDOMAIN || result == DNS_R_NXRRSET) { @@ -1796,16 +1899,49 @@ validatezonekey(dns_validator_t *val) { supported_algorithm = ISC_FALSE; + /* + * If DNS_DSDIGEST_SHA256 is present we are required to prefer + * it over DNS_DSDIGEST_SHA1. This in practice means that we + * need to ignore DNS_DSDIGEST_SHA1 if a DNS_DSDIGEST_SHA256 + * is present. + */ + digest_type = DNS_DSDIGEST_SHA1; + for (result = dns_rdataset_first(val->dsset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(val->dsset)) { + dns_rdata_reset(&dsrdata); + dns_rdataset_current(val->dsset, &dsrdata); + result = dns_rdata_tostruct(&dsrdata, &ds, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + if (!dns_resolver_algorithm_supported(val->view->resolver, + val->event->name, + ds.algorithm)) + continue; + + if (ds.digest_type == DNS_DSDIGEST_SHA256 && + ds.length == ISC_SHA256_DIGESTLENGTH) { + digest_type = DNS_DSDIGEST_SHA256; + break; + } + } + for (result = dns_rdataset_first(val->dsset); result == ISC_R_SUCCESS; result = dns_rdataset_next(val->dsset)) { dns_rdata_reset(&dsrdata); dns_rdataset_current(val->dsset, &dsrdata); - (void)dns_rdata_tostruct(&dsrdata, &ds, NULL); + result = dns_rdata_tostruct(&dsrdata, &ds, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); - if (ds.digest_type != DNS_DSDIGEST_SHA1) + if (!dns_resolver_digest_supported(val->view->resolver, + ds.digest_type)) continue; + + if (ds.digest_type != digest_type) + continue; + if (!dns_resolver_algorithm_supported(val->view->resolver, val->event->name, ds.algorithm)) @@ -1825,7 +1961,8 @@ validatezonekey(dns_validator_t *val) { { dns_rdata_reset(&keyrdata); dns_rdataset_current(&trdataset, &keyrdata); - (void)dns_rdata_tostruct(&keyrdata, &key, NULL); + result = dns_rdata_tostruct(&keyrdata, &key, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); keytag = compute_keytag(&keyrdata, &key); if (ds.key_tag != keytag || ds.algorithm != key.algorithm) @@ -1840,11 +1977,12 @@ validatezonekey(dns_validator_t *val) { break; } if (result != ISC_R_SUCCESS) { + dns_rdataset_disassociate(&trdataset); validator_log(val, ISC_LOG_DEBUG(3), "no DNSKEY matching DS"); continue; } - + for (result = dns_rdataset_first(val->event->sigrdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(val->event->sigrdataset)) @@ -1852,11 +1990,16 @@ validatezonekey(dns_validator_t *val) { dns_rdata_reset(&sigrdata); dns_rdataset_current(val->event->sigrdataset, &sigrdata); - (void)dns_rdata_tostruct(&sigrdata, &sig, NULL); + result = dns_rdata_tostruct(&sigrdata, &sig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (ds.key_tag != sig.keyid || ds.algorithm != sig.algorithm) continue; - + if (!dns_name_equal(val->event->name, &sig.signer)) { + validator_log(val, ISC_LOG_DEBUG(3), + "DNSKEY signer mismatch"); + continue; + } dstkey = NULL; result = dns_dnssec_keyfromrdata(val->event->name, &keyrdata, @@ -1923,7 +2066,7 @@ start_positive_validation(dns_validator_t *val) { * exclusive we stop when one is found. * * Returns - * \li ISC_R_SUCCESS + * \li ISC_R_SUCCESS */ static isc_result_t checkwildcard(dns_validator_t *val) { @@ -2044,12 +2187,6 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { if (rdataset->type == dns_rdatatype_rrsig) continue; - if (rdataset->type == dns_rdatatype_soa) { - val->soaset = rdataset; - val->soaname = name; - } else if (rdataset->type == dns_rdatatype_nsec) - val->nsecset = rdataset; - for (sigrdataset = ISC_LIST_HEAD(name->list); sigrdataset != NULL; sigrdataset = ISC_LIST_NEXT(sigrdataset, @@ -2059,8 +2196,6 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { sigrdataset->covers == rdataset->type) break; } - if (sigrdataset == NULL) - continue; /* * If a signed zone is missing the zone key, bad * things could happen. A query for data in the zone @@ -2149,9 +2284,8 @@ nsecvalidate(dns_validator_t *val, isc_boolean_t resume) { validator_log(val, ISC_LOG_DEBUG(3), "nonexistence proof(s) not found"); - val->attributes |= VALATTR_AUTHNONPENDING; val->attributes |= VALATTR_INSECURITY; - return (proveunsecure(val, ISC_FALSE)); + return (proveunsecure(val, ISC_FALSE, ISC_FALSE)); } static isc_boolean_t @@ -2164,9 +2298,11 @@ check_ds(dns_validator_t *val, dns_name_t *name, dns_rdataset_t *rdataset) { result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) { dns_rdataset_current(rdataset, &dsrdata); - (void)dns_rdata_tostruct(&dsrdata, &ds, NULL); + result = dns_rdata_tostruct(&dsrdata, &ds, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); - if (ds.digest_type == DNS_DSDIGEST_SHA1 && + if (dns_resolver_digest_supported(val->view->resolver, + ds.digest_type) && dns_resolver_algorithm_supported(val->view->resolver, name, ds.algorithm)) { dns_rdata_reset(&dsrdata); @@ -2179,7 +2315,7 @@ check_ds(dns_validator_t *val, dns_name_t *name, dns_rdataset_t *rdataset) { /*% * Callback from fetching a DLV record. - * + * * Resumes the DLV lookup process. */ static void @@ -2217,19 +2353,36 @@ dlvfetched(isc_task_t *task, isc_event_t *event) { sizeof(namebuf)); dns_rdataset_clone(&val->frdataset, &val->dlv); val->havedlvsep = ISC_TRUE; - validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - dlv_validator_start(val); + if (dlv_algorithm_supported(val)) { + validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", + namebuf); + dlv_validator_start(val); + } else { + validator_log(val, ISC_LOG_DEBUG(3), + "DLV %s found with no supported algorithms", + namebuf); + markanswer(val); + validator_done(val, ISC_R_SUCCESS); + } } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NXDOMAIN || eresult == DNS_R_NCACHENXRRSET || eresult == DNS_R_NCACHENXDOMAIN) { - result = finddlvsep(val, ISC_TRUE); + result = finddlvsep(val, ISC_TRUE); if (result == ISC_R_SUCCESS) { - dns_name_format(dns_fixedname_name(&val->dlvsep), - namebuf, sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", - namebuf); - dlv_validator_start(val); + if (dlv_algorithm_supported(val)) { + dns_name_format(dns_fixedname_name(&val->dlvsep), + namebuf, sizeof(namebuf)); + validator_log(val, ISC_LOG_DEBUG(3), + "DLV %s found", namebuf); + dlv_validator_start(val); + } else { + validator_log(val, ISC_LOG_DEBUG(3), + "DLV %s found with no supported " + "algorithms", namebuf); + markanswer(val); + validator_done(val, ISC_R_SUCCESS); + } } else if (result == ISC_R_NOTFOUND) { validator_log(val, ISC_LOG_DEBUG(3), "DLV not found"); markanswer(val); @@ -2252,8 +2405,8 @@ dlvfetched(isc_task_t *task, isc_event_t *event) { } /*% - * Start the DLV lookup proccess. - * + * Start the DLV lookup process. + * * Returns * \li ISC_R_SUCCESS * \li DNS_R_WAIT @@ -2292,9 +2445,16 @@ startfinddlvsep(dns_validator_t *val, dns_name_t *unsecure) { } dns_name_format(dns_fixedname_name(&val->dlvsep), namebuf, sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - dlv_validator_start(val); - return (DNS_R_WAIT); + if (dlv_algorithm_supported(val)) { + validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); + dlv_validator_start(val); + return (DNS_R_WAIT); + } + validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found with no supported " + "algorithms", namebuf); + markanswer(val); + validator_done(val, ISC_R_SUCCESS); + return (ISC_R_SUCCESS); } /*% @@ -2329,6 +2489,10 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) { dns_fixedname_init(&val->dlvsep); dlvsep = dns_fixedname_name(&val->dlvsep); dns_name_copy(val->event->name, dlvsep, NULL); + /* + * If this is a response to a DS query, we need to look in + * the parent zone for the trust anchor. + */ if (val->event->type == dns_rdatatype_ds) { labels = dns_name_countlabels(dlvsep); if (labels == 0) @@ -2383,6 +2547,7 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) { } if (result != DNS_R_NXRRSET && result != DNS_R_NXDOMAIN && + result != DNS_R_EMPTYNAME && result != DNS_R_NCACHENXRRSET && result != DNS_R_NCACHENXDOMAIN) return (result); @@ -2419,7 +2584,8 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) { * \li DNS_R_NOTINSECURE */ static isc_result_t -proveunsecure(dns_validator_t *val, isc_boolean_t resume) { +proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume) +{ isc_result_t result; dns_fixedname_t fixedsecroot; dns_name_t *secroot; @@ -2431,10 +2597,17 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { if (val->havedlvsep) dns_name_copy(dns_fixedname_name(&val->dlvsep), secroot, NULL); else { + dns_name_copy(val->event->name, secroot, NULL); + /* + * If this is a response to a DS query, we need to look in + * the parent zone for the trust anchor. + */ + if (val->event->type == dns_rdatatype_ds && + dns_name_countlabels(secroot) > 1U) + dns_name_split(secroot, 1, NULL, secroot); result = dns_keytable_finddeepestmatch(val->keytable, - val->event->name, - secroot); - + secroot, secroot); + if (result == ISC_R_NOTFOUND) { validator_log(val, ISC_LOG_DEBUG(3), "not beneath secure root"); @@ -2460,12 +2633,19 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { val->labels = dns_name_countlabels(secroot) + 1; } else { validator_log(val, ISC_LOG_DEBUG(3), "resuming proveunsecure"); - if (val->frdataset.trust >= dns_trust_secure && + /* + * If we have a DS rdataset and it is secure then check if + * the DS rdataset has a supported algorithm combination. + * If not this is a insecure delegation as far as this + * resolver is concerned. Fall back to DLV if available. + */ + if (have_ds && val->frdataset.trust >= dns_trust_secure && !check_ds(val, dns_fixedname_name(&val->fname), &val->frdataset)) { dns_name_format(dns_fixedname_name(&val->fname), namebuf, sizeof(namebuf)); - if (val->mustbesecure) { + if ((val->view->dlv == NULL || DLVTRIED(val)) && + val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, "must be secure failure at '%s'", namebuf); @@ -2506,11 +2686,21 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) { namebuf); result = view_find(val, tname, dns_rdatatype_ds); + if (result == DNS_R_NXRRSET || result == DNS_R_NCACHENXRRSET) { /* * There is no DS. If this is a delegation, * we maybe done. */ + if (val->frdataset.trust == dns_trust_pending) { + result = create_fetch(val, tname, + dns_rdatatype_ds, + dsfetched2, + "proveunsecure"); + if (result != ISC_R_SUCCESS) + goto out; + return (DNS_R_WAIT); + } if (val->frdataset.trust < dns_trust_secure) { /* * This shouldn't happen, since the negative @@ -2643,7 +2833,7 @@ dlv_validator_start(dns_validator_t *val) { /*% * Start the validation process. * - * Attempt to valididate the answer based on the category it appears to + * Attempt to validate the answer based on the category it appears to * fall in. * \li 1. secure positive answer. * \li 2. unsecure positive answer. @@ -2664,7 +2854,7 @@ validator_start(isc_task_t *task, isc_event_t *event) { vevent = (dns_validatorevent_t *)event; val = vevent->validator; - /* If the validator has been cancelled, val->event == NULL */ + /* If the validator has been canceled, val->event == NULL */ if (val->event == NULL) return; @@ -2675,7 +2865,8 @@ validator_start(isc_task_t *task, isc_event_t *event) { LOCK(&val->lock); - if ((val->options & DNS_VALIDATOR_DLV) != 0) { + if ((val->options & DNS_VALIDATOR_DLV) != 0 && + val->event->rdataset != NULL) { validator_log(val, ISC_LOG_DEBUG(3), "looking for DLV"); result = startfinddlvsep(val, dns_rootname); } else if (val->event->rdataset != NULL && @@ -2699,7 +2890,7 @@ validator_start(isc_task_t *task, isc_event_t *event) { validator_log(val, ISC_LOG_DEBUG(3), "falling back to insecurity proof"); val->attributes |= VALATTR_INSECURITY; - result = proveunsecure(val, ISC_FALSE); + result = proveunsecure(val, ISC_FALSE, ISC_FALSE); if (result == DNS_R_NOTINSECURE) result = saved_result; } @@ -2713,7 +2904,7 @@ validator_start(isc_task_t *task, isc_event_t *event) { "attempting insecurity proof"); val->attributes |= VALATTR_INSECURITY; - result = proveunsecure(val, ISC_FALSE); + result = proveunsecure(val, ISC_FALSE, ISC_FALSE); } else if (val->event->rdataset == NULL && val->event->sigrdataset == NULL) { @@ -2759,7 +2950,6 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, dns_validatorevent_t *event; REQUIRE(name != NULL); - REQUIRE(type != 0); REQUIRE(rdataset != NULL || (rdataset == NULL && sigrdataset == NULL && message != NULL)); REQUIRE(validatorp != NULL && *validatorp == NULL); @@ -2812,9 +3002,6 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, val->keyset = NULL; val->dsset = NULL; dns_rdataset_init(&val->dlv); - val->soaset = NULL; - val->nsecset = NULL; - val->soaname = NULL; val->seensig = ISC_FALSE; val->havedlvsep = ISC_FALSE; val->depth = 0; @@ -2878,6 +3065,7 @@ dns_validator_cancel(dns_validator_t *validator) { isc_event_free((isc_event_t **)&validator->event); isc_task_detach(&task); } + validator->attributes |= VALATTR_CANCELED; } UNLOCK(&validator->lock); } diff --git a/contrib/bind-9.3/lib/dns/version.c b/contrib/bind-9.5.2/lib/dns/version.c similarity index 80% rename from contrib/bind-9.3/lib/dns/version.c rename to contrib/bind-9.5.2/lib/dns/version.c index 6b043ab5a8..fbc8889bd5 100644 --- a/contrib/bind-9.3/lib/dns/version.c +++ b/contrib/bind-9.5.2/lib/dns/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.9.12.3 2004/03/08 09:04:33 marka Exp $ */ +/* $Id: version.c,v 1.15 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/view.c b/contrib/bind-9.5.2/lib/dns/view.c similarity index 88% rename from contrib/bind-9.3/lib/dns/view.c rename to contrib/bind-9.5.2/lib/dns/view.c index ac7af61639..5766cd5b40 100644 --- a/contrib/bind-9.3/lib/dns/view.c +++ b/contrib/bind-9.5.2/lib/dns/view.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.103.2.5.2.14 2004/03/10 02:55:58 marka Exp $ */ +/* $Id: view.c,v 1.143.128.9 2009/01/29 23:47:13 tbox Exp $ */ + +/*! \file */ #include #include -#include #include /* Required for HP/UX (and others?) */ +#include +#include #include +#include #include #include #include #include +#include #include #include #include @@ -39,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -76,13 +82,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, goto cleanup_view; } result = isc_mutex_init(&view->lock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_name; - } + view->zonetable = NULL; result = dns_zt_create(mctx, rdclass, &view->zonetable); if (result != ISC_R_SUCCESS) { @@ -120,8 +122,10 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, goto cleanup_trustedkeys; } + view->acache = NULL; view->cache = NULL; view->cachedb = NULL; + view->dlzdatabase = NULL; view->hints = NULL; view->resolver = NULL; view->adb = NULL; @@ -130,7 +134,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->rdclass = rdclass; view->frozen = ISC_FALSE; view->task = NULL; - isc_refcount_init(&view->references, 1); + result = isc_refcount_init(&view->references, 1); + if (result != ISC_R_SUCCESS) + goto cleanup_fwdtable; view->weakrefs = 0; view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN| DNS_VIEWATTR_REQSHUTDOWN); @@ -141,12 +147,14 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->matchrecursiveonly = ISC_FALSE; result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys); if (result != ISC_R_SUCCESS) - goto cleanup_fwdtable; + goto cleanup_references; view->peers = NULL; view->order = NULL; view->delonly = NULL; view->rootdelonly = ISC_FALSE; view->rootexclude = NULL; + view->resstats = NULL; + view->resquerystats = NULL; /* * Initialize configuration data with default values. @@ -156,11 +164,19 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->additionalfromcache = ISC_TRUE; view->additionalfromauth = ISC_TRUE; view->enablednssec = ISC_TRUE; + view->enablevalidation = ISC_TRUE; + view->acceptexpired = ISC_FALSE; view->minimalresponses = ISC_FALSE; view->transfer_format = dns_one_answer; view->queryacl = NULL; + view->queryonacl = NULL; view->recursionacl = NULL; + view->recursiononacl = NULL; view->sortlist = NULL; + view->transferacl = NULL; + view->notifyacl = NULL; + view->updateacl = NULL; + view->upfwdacl = NULL; view->requestixfr = ISC_TRUE; view->provideixfr = ISC_TRUE; view->maxcachettl = 7 * 24 * 3600; @@ -169,6 +185,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->preferred_glue = 0; view->flush = ISC_FALSE; view->dlv = NULL; + view->maxudp = 0; dns_fixedname_init(&view->dlv_fixed); result = dns_order_create(view->mctx, &view->order); @@ -208,6 +225,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, cleanup_dynkeys: dns_tsigkeyring_destroy(&view->dynamickeys); + cleanup_references: + isc_refcount_destroy(&view->references); + cleanup_fwdtable: dns_fwdtable_destroy(&view->fwdtable); @@ -253,12 +273,19 @@ destroy(dns_view_t *view) { dns_adb_detach(&view->adb); if (view->resolver != NULL) dns_resolver_detach(&view->resolver); + if (view->acache != NULL) { + if (view->cachedb != NULL) + dns_acache_putdb(view->acache, view->cachedb); + dns_acache_detach(&view->acache); + } if (view->requestmgr != NULL) dns_requestmgr_detach(&view->requestmgr); if (view->task != NULL) isc_task_detach(&view->task); if (view->hints != NULL) dns_db_detach(&view->hints); + if (view->dlzdatabase != NULL) + dns_dlzdestroy(&view->dlzdatabase); if (view->cachedb != NULL) dns_db_detach(&view->cachedb); if (view->cache != NULL) @@ -269,10 +296,22 @@ destroy(dns_view_t *view) { dns_acl_detach(&view->matchdestinations); if (view->queryacl != NULL) dns_acl_detach(&view->queryacl); + if (view->queryonacl != NULL) + dns_acl_detach(&view->queryonacl); if (view->recursionacl != NULL) dns_acl_detach(&view->recursionacl); + if (view->recursiononacl != NULL) + dns_acl_detach(&view->recursiononacl); if (view->sortlist != NULL) dns_acl_detach(&view->sortlist); + if (view->transferacl != NULL) + dns_acl_detach(&view->transferacl); + if (view->notifyacl != NULL) + dns_acl_detach(&view->notifyacl); + if (view->updateacl != NULL) + dns_acl_detach(&view->updateacl); + if (view->upfwdacl != NULL) + dns_acl_detach(&view->upfwdacl); if (view->delonly != NULL) { dns_name_t *name; int i; @@ -298,7 +337,7 @@ destroy(dns_view_t *view) { name = ISC_LIST_HEAD(view->rootexclude[i]); while (name != NULL) { ISC_LIST_UNLINK(view->rootexclude[i], - name, link); + name, link); dns_name_free(name, view->mctx); isc_mem_put(view->mctx, name, sizeof(*name)); name = ISC_LIST_HEAD(view->rootexclude[i]); @@ -308,6 +347,10 @@ destroy(dns_view_t *view) { sizeof(dns_namelist_t) * DNS_VIEW_DELONLYHASH); view->rootexclude = NULL; } + if (view->resstats != NULL) + isc_stats_detach(&view->resstats); + if (view->resquerystats != NULL) + dns_stats_detach(&view->resquerystats); dns_keytable_detach(&view->trustedkeys); dns_keytable_detach(&view->secroots); dns_fwdtable_destroy(&view->fwdtable); @@ -365,6 +408,8 @@ view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) { dns_adb_shutdown(view->adb); if (!REQSHUTDOWN(view)) dns_requestmgr_shutdown(view->requestmgr); + if (view->acache != NULL) + dns_acache_shutdown(view->acache); if (view->flush) dns_zt_flushanddetach(&view->zonetable); else @@ -552,6 +597,7 @@ dns_view_createresolver(dns_view_t *view, } result = dns_adb_create(mctx, view, timermgr, taskmgr, &view->adb); + isc_mem_setname(mctx, "ADB", NULL); isc_mem_detach(&mctx); if (result != ISC_R_SUCCESS) { dns_resolver_shutdown(view->resolver); @@ -585,12 +631,17 @@ dns_view_setcache(dns_view_t *view, dns_cache_t *cache) { REQUIRE(!view->frozen); if (view->cache != NULL) { + if (view->acache != NULL) + dns_acache_putdb(view->acache, view->cachedb); dns_db_detach(&view->cachedb); dns_cache_detach(&view->cache); } dns_cache_attach(cache, &view->cache); dns_cache_attachdb(cache, &view->cachedb); INSIST(DNS_DB_VALID(view->cachedb)); + + if (view->acache != NULL) + dns_acache_setdb(view->acache, view->cachedb); } void @@ -679,6 +730,7 @@ dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, REQUIRE(view->frozen); REQUIRE(type != dns_rdatatype_rrsig); REQUIRE(rdataset != NULL); /* XXXBEW - remove this */ + REQUIRE(nodep == NULL || *nodep == NULL); /* * Initialize. @@ -821,17 +873,6 @@ dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, } cleanup: - if (result == DNS_R_NXDOMAIN || result == DNS_R_NXRRSET) { - /* - * We don't care about any DNSSEC proof data in these cases. - */ - if (dns_rdataset_isassociated(rdataset)) - dns_rdataset_disassociate(rdataset); - if (sigrdataset != NULL && - dns_rdataset_isassociated(sigrdataset)) - dns_rdataset_disassociate(sigrdataset); - } - if (dns_rdataset_isassociated(&zrdataset)) { dns_rdataset_disassociate(&zrdataset); if (dns_rdataset_isassociated(&zsigrdataset)) @@ -911,7 +952,7 @@ dns_view_simplefind(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, isc_result_t dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, isc_stdtime_t now, unsigned int options, - isc_boolean_t use_hints, + isc_boolean_t use_hints, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) { return(dns_view_findzonecut2(view, name, fname, now, options, @@ -1114,6 +1155,55 @@ dns_viewlist_find(dns_viewlist_t *list, const char *name, return (ISC_R_SUCCESS); } +isc_result_t +dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name, + isc_boolean_t allclasses, dns_rdataclass_t rdclass, + dns_zone_t **zonep) +{ + dns_view_t *view; + isc_result_t result; + dns_zone_t *zone1 = NULL, *zone2 = NULL; + dns_zone_t **zp = NULL;; + + REQUIRE(list != NULL); + for (view = ISC_LIST_HEAD(*list); + view != NULL; + view = ISC_LIST_NEXT(view, link)) { + if (allclasses == ISC_FALSE && view->rdclass != rdclass) + continue; + + /* + * If the zone is defined in more than one view, + * treat it as not found. + */ + zp = (zone1 == NULL) ? &zone1 : &zone2; + result = dns_zt_find(view->zonetable, name, 0, NULL, zp); + INSIST(result == ISC_R_SUCCESS || + result == ISC_R_NOTFOUND || + result == DNS_R_PARTIALMATCH); + + /* Treat a partial match as no match */ + if (result == DNS_R_PARTIALMATCH) { + dns_zone_detach(zp); + result = ISC_R_NOTFOUND; + } + + if (zone2 != NULL) { + dns_zone_detach(&zone1); + dns_zone_detach(&zone2); + return (ISC_R_NOTFOUND); + } + } + + if (zone1 != NULL) { + dns_zone_attach(zone1, zonep); + dns_zone_detach(&zone1); + return (ISC_R_SUCCESS); + } + + return (ISC_R_NOTFOUND); +} + isc_result_t dns_view_load(dns_view_t *view, isc_boolean_t stop) { @@ -1198,8 +1288,12 @@ dns_view_flushcache(dns_view_t *view) { result = dns_cache_flush(view->cache); if (result != ISC_R_SUCCESS) return (result); + if (view->acache != NULL) + dns_acache_putdb(view->acache, view->cachedb); dns_db_detach(&view->cachedb); dns_cache_attachdb(view->cache, &view->cachedb); + if (view->acache != NULL) + dns_acache_setdb(view->acache, view->cachedb); dns_adb_flush(view->adb); return (ISC_R_SUCCESS); @@ -1319,7 +1413,7 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) { return (ISC_TRUE); } -void +void dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value) { REQUIRE(DNS_VIEW_VALID(view)); view->rootdelonly = value; @@ -1330,3 +1424,45 @@ dns_view_getrootdelonly(dns_view_t *view) { REQUIRE(DNS_VIEW_VALID(view)); return (view->rootdelonly); } + +isc_result_t +dns_view_freezezones(dns_view_t *view, isc_boolean_t value) { + REQUIRE(DNS_VIEW_VALID(view)); + return (dns_zt_freezezones(view->zonetable, value)); +} + +void +dns_view_setresstats(dns_view_t *view, isc_stats_t *stats) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(!view->frozen); + REQUIRE(view->resstats == NULL); + + isc_stats_attach(stats, &view->resstats); +} + +void +dns_view_getresstats(dns_view_t *view, isc_stats_t **statsp) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(statsp != NULL && *statsp == NULL); + + if (view->resstats != NULL) + isc_stats_attach(view->resstats, statsp); +} + +void +dns_view_setresquerystats(dns_view_t *view, dns_stats_t *stats) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(!view->frozen); + REQUIRE(view->resquerystats == NULL); + + dns_stats_attach(stats, &view->resquerystats); +} + +void +dns_view_getresquerystats(dns_view_t *view, dns_stats_t **statsp) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(statsp != NULL && *statsp == NULL); + + if (view->resquerystats != NULL) + dns_stats_attach(view->resquerystats, statsp); +} diff --git a/contrib/bind-9.3/lib/dns/xfrin.c b/contrib/bind-9.5.2/lib/dns/xfrin.c similarity index 89% rename from contrib/bind-9.3/lib/dns/xfrin.c rename to contrib/bind-9.5.2/lib/dns/xfrin.c index fdeed14bd6..ab7af0be28 100644 --- a/contrib/bind-9.3/lib/dns/xfrin.c +++ b/contrib/bind-9.5.2/lib/dns/xfrin.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.c,v 1.124.2.4.2.16 2006/07/19 01:04:24 marka Exp $ */ +/* $Id: xfrin.c,v 1.157.12.7 2008/09/25 04:15:41 marka Exp $ */ + +/*! \file */ #include @@ -51,7 +53,7 @@ * Incoming AXFR and IXFR. */ -/* +/*% * It would be non-sensical (or at least obtuse) to use FAIL() with an * ISC_R_SUCCESS code, but the test is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". @@ -66,7 +68,7 @@ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) -/* +/*% * The states of the *XFR state machine. We handle both IXFR and AXFR * with a single integrated state machine because they cannot be distinguished * immediately - an AXFR response to an IXFR request can only be detected @@ -85,7 +87,7 @@ typedef enum { XFRST_END } xfrin_state_t; -/* +/*% * Incoming zone transfer context. */ @@ -100,18 +102,18 @@ struct dns_xfrin_ctx { isc_timer_t *timer; isc_socketmgr_t *socketmgr; - int connects; /* Connect in progress */ - int sends; /* Send in progress */ - int recvs; /* Receive in progress */ + int connects; /*%< Connect in progress */ + int sends; /*%< Send in progress */ + int recvs; /*%< Receive in progress */ isc_boolean_t shuttingdown; - dns_name_t name; /* Name of zone to transfer */ + dns_name_t name; /*%< Name of zone to transfer */ dns_rdataclass_t rdclass; isc_boolean_t checkid; dns_messageid_t id; - /* + /*% * Requested transfer type (dns_rdatatype_axfr or * dns_rdatatype_ixfr). The actual transfer type * may differ due to IXFR->AXFR fallback. @@ -122,32 +124,37 @@ struct dns_xfrin_ctx { isc_sockaddr_t sourceaddr; isc_socket_t *socket; - /* Buffer for IXFR/AXFR request message */ + /*% Buffer for IXFR/AXFR request message */ isc_buffer_t qbuffer; unsigned char qbuffer_data[512]; - /* Incoming reply TCP message */ + /*% Incoming reply TCP message */ dns_tcpmsg_t tcpmsg; isc_boolean_t tcpmsg_valid; dns_db_t *db; dns_dbversion_t *ver; - dns_diff_t diff; /* Pending database changes */ - int difflen; /* Number of pending tuples */ + dns_diff_t diff; /*%< Pending database changes */ + int difflen; /*%< Number of pending tuples */ xfrin_state_t state; isc_uint32_t end_serial; isc_boolean_t is_ixfr; - unsigned int nmsg; /* Number of messages recvd */ + unsigned int nmsg; /*%< Number of messages recvd */ + unsigned int nrecs; /*%< Number of records recvd */ + isc_uint64_t nbytes; /*%< Number of bytes received */ - dns_tsigkey_t *tsigkey; /* Key used to create TSIG */ - isc_buffer_t *lasttsig; /* The last TSIG */ - dst_context_t *tsigctx; /* TSIG verification context */ - unsigned int sincetsig; /* recvd since the last TSIG */ + isc_time_t start; /*%< Start time of the transfer */ + isc_time_t end; /*%< End time of the transfer */ + + dns_tsigkey_t *tsigkey; /*%< Key used to create TSIG */ + isc_buffer_t *lasttsig; /*%< The last TSIG */ + dst_context_t *tsigctx; /*%< TSIG verification context */ + unsigned int sincetsig; /*%< recvd since the last TSIG */ dns_xfrindone_t done; - /* + /*% * AXFR- and IXFR-specific data. Only one is used at a time * according to the is_ixfr flag, so this could be a union, * but keeping them separate makes it a bit simpler to clean @@ -224,14 +231,14 @@ static isc_result_t render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf); static void -xfrin_logv(int level, dns_name_t *zonename, dns_rdataclass_t rdclass, - isc_sockaddr_t *masteraddr, const char *fmt, va_list ap) - ISC_FORMAT_PRINTF(5, 0); +xfrin_logv(int level, const char *zonetext, isc_sockaddr_t *masteraddr, + const char *fmt, va_list ap) + ISC_FORMAT_PRINTF(4, 0); static void -xfrin_log1(int level, dns_name_t *zonename, dns_rdataclass_t rdclass, - isc_sockaddr_t *masteraddr, const char *fmt, ...) - ISC_FORMAT_PRINTF(5, 6); +xfrin_log1(int level, const char *zonetext, isc_sockaddr_t *masteraddr, + const char *fmt, ...) + ISC_FORMAT_PRINTF(4, 5); static void xfrin_log(dns_xfrin_ctx_t *xfr, int level, const char *fmt, ...) @@ -246,7 +253,7 @@ static isc_result_t axfr_init(dns_xfrin_ctx_t *xfr) { isc_result_t result; - xfr->is_ixfr = ISC_FALSE; + xfr->is_ixfr = ISC_FALSE; if (xfr->db != NULL) dns_db_detach(&xfr->db); @@ -424,6 +431,12 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, { isc_result_t result; + xfr->nrecs++; + + if (rdata->type == dns_rdatatype_none || + dns_rdatatype_ismeta(rdata->type)) + FAIL(DNS_R_FORMERR); + redo: switch (xfr->state) { case XFRST_SOAQUERY: @@ -457,7 +470,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, FAIL(DNS_R_FORMERR); } /* - * Remember the serial number in the intial SOA. + * Remember the serial number in the initial SOA. * We need it to recognize the end of an IXFR. */ xfr->end_serial = dns_soa_getserial(rdata); @@ -631,9 +644,12 @@ dns_xfrin_create2(dns_zone_t *zone, dns_rdatatype_t xfrtype, failure: if (db != NULL) dns_db_detach(&db); - if (result != ISC_R_SUCCESS) - xfrin_log1(ISC_LOG_ERROR, zonename, dns_zone_getclass(zone), - masteraddr, "zone transfer setup failed"); + if (result != ISC_R_SUCCESS) { + char zonetext[DNS_NAME_MAXTEXT+32]; + dns_zone_name(zone, zonetext, sizeof(zonetext)); + xfrin_log1(ISC_LOG_ERROR, zonetext, masteraddr, + "zone transfer setup failed"); + } return (result); } @@ -717,6 +733,11 @@ xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, const char *msg) { result = DNS_R_BADIXFR; } xfrin_cancelio(xfr); + /* + * Close the journal. + */ + if (xfr->ixfr.journal != NULL) + dns_journal_destroy(&xfr->ixfr.journal); if (xfr->done != NULL) { (xfr->done)(xfr->zone, result); xfr->done = NULL; @@ -790,6 +811,9 @@ xfrin_create(isc_mem_t *mctx, /* end_serial */ xfr->nmsg = 0; + xfr->nrecs = 0; + xfr->nbytes = 0; + isc_time_now(&xfr->start); xfr->tsigkey = NULL; if (tsigkey != NULL) @@ -851,8 +875,10 @@ xfrin_start(dns_xfrin_ctx_t *xfr) { isc_sockaddr_pf(&xfr->sourceaddr), isc_sockettype_tcp, &xfr->socket)); + isc_socket_setname(xfr->socket, "xfrin", NULL); #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT - CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr)); + CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr, + ISC_SOCKET_REUSEADDRESS)); #endif CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task, xfrin_connect_done, xfr)); @@ -881,8 +907,8 @@ render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) { CHECK(dns_message_renderend(msg)); result = ISC_R_SUCCESS; failure: - if (cleanup_cctx) - dns_compress_invalidate(&cctx); + if (cleanup_cctx) + dns_compress_invalidate(&cctx); return (result); } @@ -893,8 +919,7 @@ static void xfrin_connect_done(isc_task_t *task, isc_event_t *event) { isc_socket_connev_t *cev = (isc_socket_connev_t *) event; dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg; - isc_result_t evresult = cev->result; - isc_result_t result; + isc_result_t result = cev->result; char sourcetext[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t sockaddr; @@ -911,7 +936,18 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) { return; } - CHECK(evresult); + if (result != ISC_R_SUCCESS) { + dns_zonemgr_t * zmgr = dns_zone_getmgr(xfr->zone); + isc_time_t now; + + if (zmgr != NULL) { + TIME_NOW(&now); + dns_zonemgr_unreachableadd(zmgr, &xfr->masteraddr, + &xfr->sourceaddr, &now); + } + goto failure; + } + result = isc_socket_getsockname(xfr->socket, &sockaddr); if (result == ISC_R_SUCCESS) { isc_sockaddr_format(&sockaddr, sourcetext, sizeof(sourcetext)); @@ -1038,7 +1074,13 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) { xfr->checkid = ISC_TRUE; xfr->id++; + xfr->nmsg = 0; + xfr->nrecs = 0; + xfr->nbytes = 0; + isc_time_now(&xfr->start); msg->id = xfr->id; + if (xfr->tsigctx != NULL) + dst_context_destroy(&xfr->tsigctx); CHECK(render(msg, xfr->mctx, &xfr->qbuffer)); @@ -1174,7 +1216,10 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { CHECK(dns_message_settsigkey(msg, xfr->tsigkey)); CHECK(dns_message_setquerytsig(msg, xfr->lasttsig)); + msg->tsigctx = xfr->tsigctx; + xfr->tsigctx = NULL; + if (xfr->nmsg > 0) msg->tcp_continuation = 1; @@ -1287,9 +1332,16 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { xfr->nmsg++; /* - * Copy the context back. + * Update the number of bytes received. + */ + xfr->nbytes += tcpmsg->buffer.used; + + /* + * Take the context back. */ + INSIST(xfr->tsigctx == NULL); xfr->tsigctx = msg->tsigctx; + msg->tsigctx = NULL; dns_message_destroy(&msg); @@ -1298,6 +1350,11 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { xfr->state = XFRST_INITIALSOA; CHECK(xfrin_send_request(xfr)); } else if (xfr->state == XFRST_END) { + /* + * Close the journal. + */ + if (xfr->ixfr.journal != NULL) + dns_journal_destroy(&xfr->ixfr.journal); /* * Inform the caller we succeeded. */ @@ -1345,6 +1402,9 @@ xfrin_timeout(isc_task_t *task, isc_event_t *event) { static void maybe_free(dns_xfrin_ctx_t *xfr) { + isc_uint64_t msecs; + isc_uint64_t persec; + REQUIRE(VALID_XFRIN(xfr)); if (! xfr->shuttingdown || xfr->refcount != 0 || @@ -1352,7 +1412,22 @@ maybe_free(dns_xfrin_ctx_t *xfr) { xfr->recvs != 0) return; - xfrin_log(xfr, ISC_LOG_INFO, "end of transfer"); + /* + * Calculate the length of time the transfer took, + * and print a log message with the bytes and rate. + */ + isc_time_now(&xfr->end); + msecs = isc_time_microdiff(&xfr->end, &xfr->start) / 1000; + if (msecs == 0) + msecs = 1; + persec = (xfr->nbytes * 1000) / msecs; + xfrin_log(xfr, ISC_LOG_INFO, + "Transfer completed: %d messages, %d records, " + "%" ISC_PRINT_QUADFORMAT "u bytes, " + "%u.%03u secs (%u bytes/sec)", + xfr->nmsg, xfr->nrecs, xfr->nbytes, + (unsigned int) (msecs / 1000), (unsigned int) (msecs % 1000), + (unsigned int) persec); if (xfr->socket != NULL) isc_socket_detach(&xfr->socket); @@ -1380,6 +1455,9 @@ maybe_free(dns_xfrin_ctx_t *xfr) { if (xfr->tcpmsg_valid) dns_tcpmsg_invalidate(&xfr->tcpmsg); + if (xfr->tsigctx != NULL) + dst_context_destroy(&xfr->tsigctx); + if ((xfr->name.attributes & DNS_NAMEATTR_DYNAMIC) != 0) dns_name_free(&xfr->name, xfr->mctx); @@ -1400,23 +1478,19 @@ maybe_free(dns_xfrin_ctx_t *xfr) { * transfer of from
: */ static void -xfrin_logv(int level, dns_name_t *zonename, dns_rdataclass_t rdclass, - isc_sockaddr_t *masteraddr, const char *fmt, va_list ap) +xfrin_logv(int level, const char *zonetext, isc_sockaddr_t *masteraddr, + const char *fmt, va_list ap) { - char zntext[DNS_NAME_FORMATSIZE]; char mastertext[ISC_SOCKADDR_FORMATSIZE]; - char classtext[DNS_RDATACLASS_FORMATSIZE]; char msgtext[2048]; - dns_name_format(zonename, zntext, sizeof(zntext)); - dns_rdataclass_format(rdclass, classtext, sizeof(classtext)); isc_sockaddr_format(masteraddr, mastertext, sizeof(mastertext)); vsnprintf(msgtext, sizeof(msgtext), fmt, ap); isc_log_write(dns_lctx, DNS_LOGCATEGORY_XFER_IN, DNS_LOGMODULE_XFER_IN, level, - "transfer of '%s/%s' from %s: %s", - zntext, classtext, mastertext, msgtext); + "transfer of '%s' from %s: %s", + zonetext, mastertext, msgtext); } /* @@ -1424,8 +1498,8 @@ xfrin_logv(int level, dns_name_t *zonename, dns_rdataclass_t rdclass, */ static void -xfrin_log1(int level, dns_name_t *zonename, dns_rdataclass_t rdclass, - isc_sockaddr_t *masteraddr, const char *fmt, ...) +xfrin_log1(int level, const char *zonetext, isc_sockaddr_t *masteraddr, + const char *fmt, ...) { va_list ap; @@ -1433,7 +1507,7 @@ xfrin_log1(int level, dns_name_t *zonename, dns_rdataclass_t rdclass, return; va_start(ap, fmt); - xfrin_logv(level, zonename, rdclass, masteraddr, fmt, ap); + xfrin_logv(level, zonetext, masteraddr, fmt, ap); va_end(ap); } @@ -1445,11 +1519,14 @@ static void xfrin_log(dns_xfrin_ctx_t *xfr, int level, const char *fmt, ...) { va_list ap; + char zonetext[DNS_NAME_MAXTEXT+32]; if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; + dns_zone_name(xfr->zone, zonetext, sizeof(zonetext)); + va_start(ap, fmt); - xfrin_logv(level, &xfr->name, xfr->rdclass, &xfr->masteraddr, fmt, ap); + xfrin_logv(level, zonetext, &xfr->masteraddr, fmt, ap); va_end(ap); } diff --git a/contrib/bind-9.3/lib/dns/zone.c b/contrib/bind-9.5.2/lib/dns/zone.c similarity index 77% rename from contrib/bind-9.3/lib/dns/zone.c rename to contrib/bind-9.5.2/lib/dns/zone.c index d2a47b072b..39c4a64bc7 100644 --- a/contrib/bind-9.3/lib/dns/zone.c +++ b/contrib/bind-9.5.2/lib/dns/zone.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.333.2.23.2.65 2006/07/19 01:04:24 marka Exp $ */ +/* $Id: zone.c,v 1.470.12.12 2009/07/11 04:28:14 marka Exp $ */ + +/*! \file */ #include +#include #include #include @@ -25,16 +28,21 @@ #include #include #include +#include #include +#include +#include #include #include #include #include +#include #include #include #include #include +#include #include #include #include @@ -79,7 +87,7 @@ #define IO_MAGIC ISC_MAGIC('Z', 'm', 'I', 'O') #define DNS_IO_VALID(load) ISC_MAGIC_VALID(load, IO_MAGIC) -/* +/*% * Ensure 'a' is at least 'min' but not more than 'max'. */ #define RANGE(a, min, max) \ @@ -88,16 +96,16 @@ /* * Default values. */ -#define DNS_DEFAULT_IDLEIN 3600 /* 1 hour */ -#define DNS_DEFAULT_IDLEOUT 3600 /* 1 hour */ -#define MAX_XFER_TIME (2*3600) /* Documented default is 2 hours */ +#define DNS_DEFAULT_IDLEIN 3600 /*%< 1 hour */ +#define DNS_DEFAULT_IDLEOUT 3600 /*%< 1 hour */ +#define MAX_XFER_TIME (2*3600) /*%< Documented default is 2 hours */ #ifndef DNS_MAX_EXPIRE -#define DNS_MAX_EXPIRE 14515200 /* 24 weeks */ +#define DNS_MAX_EXPIRE 14515200 /*%< 24 weeks */ #endif #ifndef DNS_DUMP_DELAY -#define DNS_DUMP_DELAY 900 /* 15 minutes */ +#define DNS_DUMP_DELAY 900 /*%< 15 minutes */ #endif typedef struct dns_notify dns_notify_t; @@ -123,6 +131,18 @@ typedef ISC_LIST(dns_io_t) dns_iolist_t; #define LOCKED_ZONE(z) ISC_TRUE #endif +#ifdef ISC_RWLOCK_USEATOMIC +#define ZONEDB_INITLOCK(l) isc_rwlock_init((l), 0, 0) +#define ZONEDB_DESTROYLOCK(l) isc_rwlock_destroy(l) +#define ZONEDB_LOCK(l, t) RWLOCK((l), (t)) +#define ZONEDB_UNLOCK(l, t) RWUNLOCK((l), (t)) +#else +#define ZONEDB_INITLOCK(l) isc_mutex_init(l) +#define ZONEDB_DESTROYLOCK(l) DESTROYLOCK(l) +#define ZONEDB_LOCK(l, t) LOCK(l) +#define ZONEDB_UNLOCK(l, t) UNLOCK(l) +#endif + struct dns_zone { /* Unlocked */ unsigned int magic; @@ -133,14 +153,21 @@ struct dns_zone { isc_mem_t *mctx; isc_refcount_t erefs; +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_t dblock; +#else + isc_mutex_t dblock; +#endif + dns_db_t *db; /* Locked by dblock */ + /* Locked */ - dns_db_t *db; dns_zonemgr_t *zmgr; ISC_LINK(dns_zone_t) link; /* Used by zmgr. */ isc_timer_t *timer; unsigned int irefs; dns_name_t origin; char *masterfile; + dns_masterformat_t masterformat; char *journal; isc_int32_t journalsize; dns_rdataclass_t rdclass; @@ -153,6 +180,7 @@ struct dns_zone { isc_time_t refreshtime; isc_time_t dumptime; isc_time_t loadtime; + isc_time_t notifytime; isc_uint32_t serial; isc_uint32_t refresh; isc_uint32_t retry; @@ -176,13 +204,13 @@ struct dns_zone { unsigned int notifycnt; isc_sockaddr_t notifyfrom; isc_task_t *task; - isc_sockaddr_t notifysrc4; - isc_sockaddr_t notifysrc6; - isc_sockaddr_t xfrsource4; - isc_sockaddr_t xfrsource6; - isc_sockaddr_t altxfrsource4; - isc_sockaddr_t altxfrsource6; - isc_sockaddr_t sourceaddr; + isc_sockaddr_t notifysrc4; + isc_sockaddr_t notifysrc6; + isc_sockaddr_t xfrsource4; + isc_sockaddr_t xfrsource6; + isc_sockaddr_t altxfrsource4; + isc_sockaddr_t altxfrsource6; + isc_sockaddr_t sourceaddr; dns_xfrin_ctx_t *xfr; /* task locked */ dns_tsigkey_t *tsigkey; /* key used for xfr */ /* Access Control Lists */ @@ -190,8 +218,10 @@ struct dns_zone { dns_acl_t *forward_acl; dns_acl_t *notify_acl; dns_acl_t *query_acl; + dns_acl_t *queryon_acl; dns_acl_t *xfr_acl; isc_boolean_t update_disabled; + isc_boolean_t zero_no_soa_ttl; dns_severity_t check_names; ISC_LIST(dns_notify_t) notifies; dns_request_t *request; @@ -207,7 +237,11 @@ struct dns_zone { dns_ssutable_t *ssutable; isc_uint32_t sigvalidityinterval; dns_view_t *view; - /* + dns_acache_t *acache; + dns_checkmxfunc_t checkmx; + dns_checksrvfunc_t checksrv; + dns_checknsfunc_t checkns; + /*% * Zones in certain states such as "waiting for zone transfer" * or "zone transfer in progress" are kept on per-state linked lists * in the zone manager using the 'statelink' field. The 'statelist' @@ -216,10 +250,29 @@ struct dns_zone { */ ISC_LINK(dns_zone_t) statelink; dns_zonelist_t *statelist; - /* - * Optional per-zone statistics counters (NULL if not present). + /*% + * Statistics counters about zone management. + */ + isc_stats_t *stats; + /*% + * Optional per-zone statistics counters. Counted outside of this + * module. */ - isc_uint64_t *counters; + isc_boolean_t requeststats_on; + isc_stats_t *requeststats; + isc_uint32_t notifydelay; + dns_isselffunc_t isself; + void *isselfarg; + + char * strnamerd; + char * strname; + char * strrdclass; + char * strviewname; + + /*% + * Serial number for deferred journal compaction. + */ + isc_uint32_t compact_serial; }; #define DNS_ZONE_FLAG(z,f) (ISC_TF(((z)->flags & (f)) != 0)) @@ -232,44 +285,59 @@ struct dns_zone { (z)->flags &= ~(f); \ } while (0) /* XXX MPA these may need to go back into zone.h */ -#define DNS_ZONEFLG_REFRESH 0x00000001U /* refresh check in progress */ -#define DNS_ZONEFLG_NEEDDUMP 0x00000002U /* zone need consolidation */ -#define DNS_ZONEFLG_USEVC 0x00000004U /* use tcp for refresh query */ -#define DNS_ZONEFLG_DUMPING 0x00000008U /* a dump is in progress */ -#define DNS_ZONEFLG_HASINCLUDE 0x00000010U /* $INCLUDE in zone file */ -#define DNS_ZONEFLG_LOADED 0x00000020U /* database has loaded */ -#define DNS_ZONEFLG_EXITING 0x00000040U /* zone is being destroyed */ -#define DNS_ZONEFLG_EXPIRED 0x00000080U /* zone has expired */ -#define DNS_ZONEFLG_NEEDREFRESH 0x00000100U /* refresh check needed */ -#define DNS_ZONEFLG_UPTODATE 0x00000200U /* zone contents are +#define DNS_ZONEFLG_REFRESH 0x00000001U /*%< refresh check in progress */ +#define DNS_ZONEFLG_NEEDDUMP 0x00000002U /*%< zone need consolidation */ +#define DNS_ZONEFLG_USEVC 0x00000004U /*%< use tcp for refresh query */ +#define DNS_ZONEFLG_DUMPING 0x00000008U /*%< a dump is in progress */ +#define DNS_ZONEFLG_HASINCLUDE 0x00000010U /*%< $INCLUDE in zone file */ +#define DNS_ZONEFLG_LOADED 0x00000020U /*%< database has loaded */ +#define DNS_ZONEFLG_EXITING 0x00000040U /*%< zone is being destroyed */ +#define DNS_ZONEFLG_EXPIRED 0x00000080U /*%< zone has expired */ +#define DNS_ZONEFLG_NEEDREFRESH 0x00000100U /*%< refresh check needed */ +#define DNS_ZONEFLG_UPTODATE 0x00000200U /*%< zone contents are * uptodate */ -#define DNS_ZONEFLG_NEEDNOTIFY 0x00000400U /* need to send out notify +#define DNS_ZONEFLG_NEEDNOTIFY 0x00000400U /*%< need to send out notify * messages */ -#define DNS_ZONEFLG_DIFFONRELOAD 0x00000800U /* generate a journal diff on +#define DNS_ZONEFLG_DIFFONRELOAD 0x00000800U /*%< generate a journal diff on * reload */ -#define DNS_ZONEFLG_NOMASTERS 0x00001000U /* an attempt to refresh a +#define DNS_ZONEFLG_NOMASTERS 0x00001000U /*%< an attempt to refresh a * zone with no masters - * occured */ -#define DNS_ZONEFLG_LOADING 0x00002000U /* load from disk in progress*/ -#define DNS_ZONEFLG_HAVETIMERS 0x00004000U /* timer values have been set + * occurred */ +#define DNS_ZONEFLG_LOADING 0x00002000U /*%< load from disk in progress*/ +#define DNS_ZONEFLG_HAVETIMERS 0x00004000U /*%< timer values have been set * from SOA (if not set, we * are still using * default timer values) */ -#define DNS_ZONEFLG_FORCEXFER 0x00008000U /* Force a zone xfer */ +#define DNS_ZONEFLG_FORCEXFER 0x00008000U /*%< Force a zone xfer */ #define DNS_ZONEFLG_NOREFRESH 0x00010000U #define DNS_ZONEFLG_DIALNOTIFY 0x00020000U #define DNS_ZONEFLG_DIALREFRESH 0x00040000U #define DNS_ZONEFLG_SHUTDOWN 0x00080000U -#define DNS_ZONEFLAG_NOIXFR 0x00100000U /* IXFR failed, force AXFR */ +#define DNS_ZONEFLAG_NOIXFR 0x00100000U /*%< IXFR failed, force AXFR */ #define DNS_ZONEFLG_FLUSH 0x00200000U #define DNS_ZONEFLG_NOEDNS 0x00400000U #define DNS_ZONEFLG_USEALTXFRSRC 0x00800000U #define DNS_ZONEFLG_SOABEFOREAXFR 0x01000000U +#define DNS_ZONEFLG_NEEDCOMPACT 0x02000000U +#define DNS_ZONEFLG_REFRESHING 0x04000000U /*%< Refreshing keydata */ +#define DNS_ZONEFLG_THAW 0x08000000U #define DNS_ZONE_OPTION(z,o) (((z)->options & (o)) != 0) /* Flags for zone_load() */ #define DNS_ZONELOADFLAG_NOSTAT 0x00000001U /* Do not stat() master files */ +#define DNS_ZONELOADFLAG_THAW 0x00000002U /* Thaw the zone on successful + load. */ + +#define UNREACH_CHACHE_SIZE 10U +#define UNREACH_HOLD_TIME 600 /* 10 minutes */ + +struct dns_unreachable { + isc_sockaddr_t remote; + isc_sockaddr_t local; + isc_uint32_t expire; + isc_uint32_t last; +}; struct dns_zonemgr { unsigned int magic; @@ -299,9 +367,13 @@ struct dns_zonemgr { isc_uint32_t ioactive; dns_iolist_t high; dns_iolist_t low; + + /* Locked by rwlock. */ + /* LRU cache */ + struct dns_unreachable unreachable[UNREACH_CHACHE_SIZE]; }; -/* +/*% * Hold notify state. */ struct dns_notify { @@ -318,7 +390,7 @@ struct dns_notify { #define DNS_NOTIFY_NOSOA 0x0001U -/* +/*% * dns_stub holds state while performing a 'stub' transfer. * 'db' is the zone's 'db' or a new one if this is the initial * transfer. @@ -332,7 +404,7 @@ struct dns_stub { dns_dbversion_t *version; }; -/* +/*% * Hold load state. */ struct dns_load { @@ -344,7 +416,7 @@ struct dns_load { dns_rdatacallbacks_t callbacks; }; -/* +/*% * Hold forward state. */ struct dns_forward { @@ -359,7 +431,7 @@ struct dns_forward { void *callback_arg; }; -/* +/*% * Hold IO request state. */ struct dns_io { @@ -386,6 +458,8 @@ static void zone_iattach(dns_zone_t *source, dns_zone_t **target); static void zone_idetach(dns_zone_t **zonep); static isc_result_t zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump); +static inline void zone_attachdb(dns_zone_t *zone, dns_db_t *db); +static inline void zone_detachdb(dns_zone_t *zone); static isc_result_t default_journal(dns_zone_t *zone); static void zone_xfrdone(dns_zone_t *zone, isc_result_t result); static isc_result_t zone_postload(dns_zone_t *zone, dns_db_t *db, @@ -395,6 +469,10 @@ static void zone_shutdown(isc_task_t *, isc_event_t *); static void zone_loaddone(void *arg, isc_result_t result); static isc_result_t zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime); +static void zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length); +static void zone_name_tostr(dns_zone_t *zone, char *buf, size_t length); +static void zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length); +static void zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length); #if 0 /* ondestroy example */ @@ -430,18 +508,23 @@ static void zonemgr_putio(dns_io_t **iop); static void zonemgr_cancelio(dns_io_t *io); static isc_result_t -zone_get_from_db(dns_db_t *db, dns_name_t *origin, unsigned int *nscount, +zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount, unsigned int *soacount, isc_uint32_t *serial, isc_uint32_t *refresh, isc_uint32_t *retry, - isc_uint32_t *expire, isc_uint32_t *minimum); + isc_uint32_t *expire, isc_uint32_t *minimum, + unsigned int *errors); static void zone_freedbargs(dns_zone_t *zone); static void forward_callback(isc_task_t *task, isc_event_t *event); static void zone_saveunique(dns_zone_t *zone, const char *path, const char *templat); static void zone_maintenance(dns_zone_t *zone); -static void zone_notify(dns_zone_t *zone); +static void zone_notify(dns_zone_t *zone, isc_time_t *now); static void dump_done(void *arg, isc_result_t result); +static isc_boolean_t dns_zonemgr_unreachable(dns_zonemgr_t *zmgr, + isc_sockaddr_t *remote, + isc_sockaddr_t *local, + isc_time_t *now); #define ENTER zone_debuglog(zone, me, 1, "enter") @@ -476,6 +559,15 @@ static const char *dbargv_default[] = { "rbt" }; } \ } while (0) +/*% + * Increment resolver-related statistics counters. Zone must be locked. + */ +static inline void +inc_stats(dns_zone_t *zone, isc_statscounter_t counter) { + if (zone->stats != NULL) + isc_stats_increment(zone->stats, counter); +} + /*** *** Public functions. ***/ @@ -484,36 +576,45 @@ isc_result_t dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { isc_result_t result; dns_zone_t *zone; + isc_time_t now; REQUIRE(zonep != NULL && *zonep == NULL); REQUIRE(mctx != NULL); + TIME_NOW(&now); zone = isc_mem_get(mctx, sizeof(*zone)); if (zone == NULL) return (ISC_R_NOMEMORY); + zone->mctx = NULL; + isc_mem_attach(mctx, &zone->mctx); + result = isc_mutex_init(&zone->lock); - if (result != ISC_R_SUCCESS) { - isc_mem_put(mctx, zone, sizeof(*zone)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); - return (ISC_R_UNEXPECTED); - } + if (result != ISC_R_SUCCESS) + goto free_zone; + + result = ZONEDB_INITLOCK(&zone->dblock); + if (result != ISC_R_SUCCESS) + goto free_mutex; /* XXX MPA check that all elements are initialised */ - zone->mctx = NULL; #ifdef DNS_ZONE_CHECKLOCK zone->locked = ISC_FALSE; #endif - isc_mem_attach(mctx, &zone->mctx); zone->db = NULL; zone->zmgr = NULL; ISC_LINK_INIT(zone, link); - isc_refcount_init(&zone->erefs, 1); /* Implicit attach. */ + result = isc_refcount_init(&zone->erefs, 1); /* Implicit attach. */ + if (result != ISC_R_SUCCESS) + goto free_dblock; zone->irefs = 0; dns_name_init(&zone->origin, NULL); + zone->strnamerd = NULL; + zone->strname = NULL; + zone->strrdclass = NULL; + zone->strviewname = NULL; zone->masterfile = NULL; + zone->masterformat = dns_masterformat_none; zone->keydirectory = NULL; zone->journalsize = -1; zone->journal = NULL; @@ -527,6 +628,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { isc_time_settoepoch(&zone->refreshtime); isc_time_settoepoch(&zone->dumptime); isc_time_settoepoch(&zone->loadtime); + zone->notifytime = now; zone->serial = 0; zone->refresh = DNS_ZONE_DEFAULTREFRESH; zone->retry = DNS_ZONE_DEFAULTRETRY; @@ -549,8 +651,10 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { zone->forward_acl = NULL; zone->notify_acl = NULL; zone->query_acl = NULL; + zone->queryon_acl = NULL; zone->xfr_acl = NULL; zone->update_disabled = ISC_FALSE; + zone->zero_no_soa_ttl = ISC_TRUE; zone->check_names = dns_severity_ignore; zone->request = NULL; zone->lctx = NULL; @@ -574,16 +678,25 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { zone->ssutable = NULL; zone->sigvalidityinterval = 30 * 24 * 3600; zone->view = NULL; + zone->acache = NULL; + zone->checkmx = NULL; + zone->checksrv = NULL; + zone->checkns = NULL; ISC_LINK_INIT(zone, statelink); zone->statelist = NULL; - zone->counters = NULL; + zone->stats = NULL; + zone->requeststats_on = ISC_FALSE; + zone->requeststats = NULL; + zone->notifydelay = 5; + zone->isself = NULL; + zone->isselfarg = NULL; zone->magic = ZONE_MAGIC; /* Must be after magic is set. */ result = dns_zone_setdbtype(zone, dbargc_default, dbargv_default); if (result != ISC_R_SUCCESS) - goto free_mutex; + goto free_erefs; ISC_EVENT_INIT(&zone->ctlevent, sizeof(zone->ctlevent), 0, NULL, DNS_EVENT_ZONECONTROL, zone_shutdown, zone, zone, @@ -591,8 +704,17 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { *zonep = zone; return (ISC_R_SUCCESS); + free_erefs: + isc_refcount_decrement(&zone->erefs, NULL); + isc_refcount_destroy(&zone->erefs); + + free_dblock: + ZONEDB_DESTROYLOCK(&zone->dblock); + free_mutex: DESTROYLOCK(&zone->lock); + + free_zone: isc_mem_putanddetach(&zone->mctx, zone, sizeof(*zone)); return (result); } @@ -622,7 +744,7 @@ zone_free(dns_zone_t *zone) { if (zone->task != NULL) isc_task_detach(&zone->task); - if (zone->zmgr) + if (zone->zmgr != NULL) dns_zonemgr_releasezone(zone->zmgr, zone); /* Unmanaged objects */ @@ -636,10 +758,14 @@ zone_free(dns_zone_t *zone) { if (zone->journal != NULL) isc_mem_free(zone->mctx, zone->journal); zone->journal = NULL; - if (zone->counters != NULL) - dns_stats_freecounters(zone->mctx, &zone->counters); + if (zone->stats != NULL) + isc_stats_detach(&zone->stats); + if (zone->requeststats != NULL) + isc_stats_detach(&zone->requeststats); if (zone->db != NULL) - dns_db_detach(&zone->db); + zone_detachdb(zone); + if (zone->acache != NULL) + dns_acache_detach(&zone->acache); zone_freedbargs(zone); RUNTIME_CHECK(dns_zone_setmasterswithkeys(zone, NULL, NULL, 0) == ISC_R_SUCCESS); @@ -654,14 +780,25 @@ zone_free(dns_zone_t *zone) { dns_acl_detach(&zone->notify_acl); if (zone->query_acl != NULL) dns_acl_detach(&zone->query_acl); + if (zone->queryon_acl != NULL) + dns_acl_detach(&zone->queryon_acl); if (zone->xfr_acl != NULL) dns_acl_detach(&zone->xfr_acl); if (dns_name_dynamic(&zone->origin)) dns_name_free(&zone->origin, zone->mctx); + if (zone->strnamerd != NULL) + isc_mem_free(zone->mctx, zone->strnamerd); + if (zone->strname != NULL) + isc_mem_free(zone->mctx, zone->strname); + if (zone->strrdclass != NULL) + isc_mem_free(zone->mctx, zone->strrdclass); + if (zone->strviewname != NULL) + isc_mem_free(zone->mctx, zone->strviewname); if (zone->ssutable != NULL) dns_ssutable_detach(&zone->ssutable); /* last stuff */ + ZONEDB_DESTROYLOCK(&zone->dblock); DESTROYLOCK(&zone->lock); isc_refcount_destroy(&zone->erefs); zone->magic = 0; @@ -675,6 +812,7 @@ zone_free(dns_zone_t *zone) { */ void dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass) { + char namebuf[1024]; REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE(rdclass != dns_rdataclass_none); @@ -686,11 +824,22 @@ dns_zone_setclass(dns_zone_t *zone, dns_rdataclass_t rdclass) { REQUIRE(zone->rdclass == dns_rdataclass_none || zone->rdclass == rdclass); zone->rdclass = rdclass; + + if (zone->strnamerd != NULL) + isc_mem_free(zone->mctx, zone->strnamerd); + if (zone->strrdclass != NULL) + isc_mem_free(zone->mctx, zone->strrdclass); + + zone_namerd_tostr(zone, namebuf, sizeof namebuf); + zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf); + zone_rdclass_tostr(zone, namebuf, sizeof namebuf); + zone->strrdclass = isc_mem_strdup(zone->mctx, namebuf); + UNLOCK_ZONE(zone); } dns_rdataclass_t -dns_zone_getclass(dns_zone_t *zone){ +dns_zone_getclass(dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); return (zone->rdclass); @@ -705,6 +854,19 @@ dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype) { UNLOCK_ZONE(zone); } +isc_uint32_t +dns_zone_getserial(dns_zone_t *zone) { + isc_uint32_t serial; + + REQUIRE(DNS_ZONE_VALID(zone)); + + LOCK_ZONE(zone); + serial = zone->serial; + UNLOCK_ZONE(zone); + + return (serial); +} + /* * Single shot. */ @@ -738,6 +900,39 @@ zone_freedbargs(dns_zone_t *zone) { zone->db_argv = NULL; } +isc_result_t +dns_zone_getdbtype(dns_zone_t *zone, char ***argv, isc_mem_t *mctx) { + size_t size = 0; + unsigned int i; + isc_result_t result = ISC_R_SUCCESS; + void *mem; + char **tmp, *tmp2; + + REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(argv != NULL && *argv == NULL); + + LOCK_ZONE(zone); + size = (zone->db_argc + 1) * sizeof(char *); + for (i = 0; i < zone->db_argc; i++) + size += strlen(zone->db_argv[i]) + 1; + mem = isc_mem_allocate(mctx, size); + if (mem != NULL) { + tmp = mem; + tmp2 = mem; + tmp2 += (zone->db_argc + 1) * sizeof(char *); + for (i = 0; i < zone->db_argc; i++) { + *tmp++ = tmp2; + strcpy(tmp2, zone->db_argv[i]); + tmp2 += strlen(tmp2) + 1; + } + *tmp = NULL; + } else + result = ISC_R_NOMEMORY; + UNLOCK_ZONE(zone); + *argv = mem; + return (result); +} + isc_result_t dns_zone_setdbtype(dns_zone_t *zone, unsigned int dbargc, const char * const *dbargv) { @@ -787,12 +982,24 @@ dns_zone_setdbtype(dns_zone_t *zone, void dns_zone_setview(dns_zone_t *zone, dns_view_t *view) { + char namebuf[1024]; REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); if (zone->view != NULL) dns_view_weakdetach(&zone->view); dns_view_weakattach(view, &zone->view); + + if (zone->strviewname != NULL) + isc_mem_free(zone->mctx, zone->strviewname); + if (zone->strnamerd != NULL) + isc_mem_free(zone->mctx, zone->strnamerd); + + zone_namerd_tostr(zone, namebuf, sizeof namebuf); + zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf); + zone_viewname_tostr(zone, namebuf, sizeof namebuf); + zone->strviewname = isc_mem_strdup(zone->mctx, namebuf); + UNLOCK_ZONE(zone); } @@ -808,6 +1015,7 @@ dns_zone_getview(dns_zone_t *zone) { isc_result_t dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin) { isc_result_t result; + char namebuf[1024]; REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE(origin != NULL); @@ -818,10 +1026,50 @@ dns_zone_setorigin(dns_zone_t *zone, const dns_name_t *origin) { dns_name_init(&zone->origin, NULL); } result = dns_name_dup(origin, zone->mctx, &zone->origin); + + if (zone->strnamerd != NULL) + isc_mem_free(zone->mctx, zone->strnamerd); + if (zone->strname != NULL) + isc_mem_free(zone->mctx, zone->strname); + + zone_namerd_tostr(zone, namebuf, sizeof namebuf); + zone->strnamerd = isc_mem_strdup(zone->mctx, namebuf); + zone_name_tostr(zone, namebuf, sizeof namebuf); + zone->strname = isc_mem_strdup(zone->mctx, namebuf); + UNLOCK_ZONE(zone); return (result); } +void +dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache) { + REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(acache != NULL); + + LOCK_ZONE(zone); + if (zone->acache != NULL) + dns_acache_detach(&zone->acache); + dns_acache_attach(acache, &zone->acache); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); + if (zone->db != NULL) { + isc_result_t result; + + /* + * If the zone reuses an existing DB, the DB needs to be + * set in the acache explicitly. We can safely ignore the + * case where the DB is already set. If other error happens, + * the acache will not work effectively. + */ + result = dns_acache_setdb(acache, zone->db); + if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "dns_acache_setdb() failed: %s", + isc_result_totext(result)); + } + } + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + UNLOCK_ZONE(zone); +} static isc_result_t dns_zone_setstring(dns_zone_t *zone, char **field, const char *value) { @@ -844,14 +1092,22 @@ dns_zone_setstring(dns_zone_t *zone, char **field, const char *value) { isc_result_t dns_zone_setfile(dns_zone_t *zone, const char *file) { + return (dns_zone_setfile2(zone, file, dns_masterformat_text)); +} + +isc_result_t +dns_zone_setfile2(dns_zone_t *zone, const char *file, + dns_masterformat_t format) { isc_result_t result = ISC_R_SUCCESS; REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); result = dns_zone_setstring(zone, &zone->masterfile, file); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { + zone->masterformat = format; result = default_journal(zone); + } UNLOCK_ZONE(zone); return (result); @@ -926,11 +1182,7 @@ zone_isdynamic(dns_zone_t *zone) { zone->type == dns_zone_stub || (!zone->update_disabled && zone->ssutable != NULL) || (!zone->update_disabled && zone->update_acl != NULL && - ! (zone->update_acl->length == 1 && - zone->update_acl->elements[0].negative == ISC_TRUE - && - zone->update_acl->elements[0].type == - dns_aclelementtype_any)))); + !dns_acl_isnone(zone->update_acl)))); } @@ -949,7 +1201,9 @@ zone_load(dns_zone_t *zone, unsigned int flags) { INSIST(zone->type != dns_zone_none); if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADING)) { - result = ISC_R_SUCCESS; + if ((flags & DNS_ZONELOADFLAG_THAW) != 0) + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_THAW); + result = DNS_R_CONTINUE; goto cleanup; } @@ -979,31 +1233,43 @@ zone_load(dns_zone_t *zone, unsigned int flags) { goto cleanup; } + + /* + * Store the current time before the zone is loaded, so that if the + * file changes between the time of the load and the time that + * zone->loadtime is set, then the file will still be reloaded + * the next time dns_zone_load is called. + */ + TIME_NOW(&loadtime); + /* * Don't do the load if the file that stores the zone is older * than the last time the zone was loaded. If the zone has not * been loaded yet, zone->loadtime will be the epoch. */ - if (zone->masterfile != NULL && ! isc_time_isepoch(&zone->loadtime)) { + if (zone->masterfile != NULL) { /* * The file is already loaded. If we are just doing a * "rndc reconfig", we are done. */ - if ((flags & DNS_ZONELOADFLAG_NOSTAT) != 0) { + if (!isc_time_isepoch(&zone->loadtime) && + (flags & DNS_ZONELOADFLAG_NOSTAT) != 0) { result = ISC_R_SUCCESS; goto cleanup; } - if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE)) { - result = isc_file_getmodtime(zone->masterfile, - &filetime); - if (result == ISC_R_SUCCESS && + + result = isc_file_getmodtime(zone->masterfile, &filetime); + if (result == ISC_R_SUCCESS) { + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) && + !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_HASINCLUDE) && isc_time_compare(&filetime, &zone->loadtime) <= 0) { dns_zone_log(zone, ISC_LOG_DEBUG(1), - "skipping load: master file older " - "than last load"); + "skipping load: master file " + "older than last load"); result = DNS_R_UPTODATE; goto cleanup; } + loadtime = filetime; } } @@ -1024,9 +1290,10 @@ zone_load(dns_zone_t *zone, unsigned int flags) { strcmp(zone->db_argv[0], "rbt64") == 0)) { if (zone->masterfile == NULL || !isc_file_exists(zone->masterfile)) { - if (zone->masterfile != NULL) + if (zone->masterfile != NULL) { dns_zone_log(zone, ISC_LOG_DEBUG(1), "no master file"); + } zone->refreshtime = now; if (zone->task != NULL) zone_settimer(zone, &now); @@ -1037,14 +1304,6 @@ zone_load(dns_zone_t *zone, unsigned int flags) { dns_zone_log(zone, ISC_LOG_DEBUG(1), "starting load"); - /* - * Store the current time before the zone is loaded, so that if the - * file changes between the time of the load and the time that - * zone->loadtime is set, then the file will still be reloaded - * the next time dns_zone_load is called. - */ - TIME_NOW(&loadtime); - result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, (zone->type == dns_zone_stub) ? dns_dbtype_stub : dns_dbtype_zone, @@ -1078,6 +1337,8 @@ zone_load(dns_zone_t *zone, unsigned int flags) { if (result == DNS_R_CONTINUE) { DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADING); + if ((flags & DNS_ZONELOADFLAG_THAW) != 0) + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_THAW); goto cleanup; } @@ -1100,6 +1361,30 @@ dns_zone_loadnew(dns_zone_t *zone) { return (zone_load(zone, DNS_ZONELOADFLAG_NOSTAT)); } +isc_result_t +dns_zone_loadandthaw(dns_zone_t *zone) { + isc_result_t result; + + result = zone_load(zone, DNS_ZONELOADFLAG_THAW); + switch (result) { + case DNS_R_CONTINUE: + /* Deferred thaw. */ + break; + case ISC_R_SUCCESS: + case DNS_R_UPTODATE: + case DNS_R_SEENINCLUDE: + zone->update_disabled = ISC_FALSE; + break; + case DNS_R_NOMASTERFILE: + zone->update_disabled = ISC_FALSE; + break; + default: + /* Error, remain in disabled state. */ + break; + } + return (result); +} + static void zone_gotreadhandle(isc_task_t *task, isc_event_t *event) { dns_load_t *load = event->ev_arg; @@ -1125,14 +1410,21 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) { options |= DNS_MASTER_CHECKNAMES; if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKNAMESFAIL)) options |= DNS_MASTER_CHECKNAMESFAIL; - result = dns_master_loadfileinc(load->zone->masterfile, - dns_db_origin(load->db), - dns_db_origin(load->db), - load->zone->rdclass, - options, - &load->callbacks, task, - zone_loaddone, load, - &load->zone->lctx, load->zone->mctx); + if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKMX)) + options |= DNS_MASTER_CHECKMX; + if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKMXFAIL)) + options |= DNS_MASTER_CHECKMXFAIL; + if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKWILDCARD)) + options |= DNS_MASTER_CHECKWILDCARD; + result = dns_master_loadfileinc2(load->zone->masterfile, + dns_db_origin(load->db), + dns_db_origin(load->db), + load->zone->rdclass, + options, + &load->callbacks, task, + zone_loaddone, load, + &load->zone->lctx, load->zone->mctx, + load->zone->masterformat); if (result != ISC_R_SUCCESS && result != DNS_R_CONTINUE && result != DNS_R_SEENINCLUDE) goto fail; @@ -1160,12 +1452,14 @@ zone_gotwritehandle(isc_task_t *task, isc_event_t *event) { goto fail; LOCK_ZONE(zone); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); dns_db_currentversion(zone->db, &version); - result = dns_master_dumpinc(zone->mctx, zone->db, version, - &dns_master_style_default, - zone->masterfile, zone->task, - dump_done, zone, &zone->dctx); + result = dns_master_dumpinc2(zone->mctx, zone->db, version, + &dns_master_style_default, + zone->masterfile, zone->task, dump_done, + zone, &zone->dctx, zone->masterformat); dns_db_closeversion(zone->db, &version, ISC_FALSE); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); UNLOCK_ZONE(zone); if (result != DNS_R_CONTINUE) goto fail; @@ -1195,6 +1489,12 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { options |= DNS_MASTER_CHECKNAMES; if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL)) options |= DNS_MASTER_CHECKNAMESFAIL; + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMX)) + options |= DNS_MASTER_CHECKMX; + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKMXFAIL)) + options |= DNS_MASTER_CHECKMXFAIL; + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD)) + options |= DNS_MASTER_CHECKWILDCARD; if (zone->zmgr != NULL && zone->db != NULL && zone->task != NULL) { load = isc_mem_get(zone->mctx, sizeof(*load)); @@ -1236,9 +1536,10 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { &callbacks.add_private); if (result != ISC_R_SUCCESS) return (result); - result = dns_master_loadfile(zone->masterfile, &zone->origin, - &zone->origin, zone->rdclass, - options, &callbacks, zone->mctx); + result = dns_master_loadfile2(zone->masterfile, &zone->origin, + &zone->origin, zone->rdclass, + options, &callbacks, zone->mctx, + zone->masterformat); tresult = dns_db_endload(db, &callbacks.add_private); if (result == ISC_R_SUCCESS) result = tresult; @@ -1255,12 +1556,489 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { return (result); } +static isc_boolean_t +zone_check_mx(dns_zone_t *zone, dns_db_t *db, dns_name_t *name, + dns_name_t *owner) +{ + isc_result_t result; + char ownerbuf[DNS_NAME_FORMATSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; + char altbuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fixed; + dns_name_t *foundname; + int level; + + /* + * Outside of zone. + */ + if (!dns_name_issubdomain(name, &zone->origin)) { + if (zone->checkmx != NULL) + return ((zone->checkmx)(zone, name, owner)); + return (ISC_TRUE); + } + + if (zone->type == dns_zone_master) + level = ISC_LOG_ERROR; + else + level = ISC_LOG_WARNING; + + dns_fixedname_init(&fixed); + foundname = dns_fixedname_name(&fixed); + + result = dns_db_find(db, name, NULL, dns_rdatatype_a, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + + if (result == DNS_R_NXRRSET) { + result = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + } + + dns_name_format(owner, ownerbuf, sizeof ownerbuf); + dns_name_format(name, namebuf, sizeof namebuf); + if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN || + result == DNS_R_EMPTYNAME) { + dns_zone_log(zone, level, + "%s/MX '%s' has no address records (A or AAAA)", + ownerbuf, namebuf); + /* XXX950 make fatal for 9.5.0. */ + return (ISC_TRUE); + } + + if (result == DNS_R_CNAME) { + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNMXCNAME) || + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME)) + level = ISC_LOG_WARNING; + if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME)) + dns_zone_log(zone, level, + "%s/MX '%s' is a CNAME (illegal)", + ownerbuf, namebuf); + return ((level == ISC_LOG_WARNING) ? ISC_TRUE : ISC_FALSE); + } + + if (result == DNS_R_DNAME) { + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNMXCNAME) || + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME)) + level = ISC_LOG_WARNING; + if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNOREMXCNAME)) { + dns_name_format(foundname, altbuf, sizeof altbuf); + dns_zone_log(zone, level, "%s/MX '%s' is below a DNAME" + " '%s' (illegal)", ownerbuf, namebuf, + altbuf); + } + return ((level == ISC_LOG_WARNING) ? ISC_TRUE : ISC_FALSE); + } + + if (zone->checkmx != NULL && result == DNS_R_DELEGATION) + return ((zone->checkmx)(zone, name, owner)); + + return (ISC_TRUE); +} + +static isc_boolean_t +zone_check_srv(dns_zone_t *zone, dns_db_t *db, dns_name_t *name, + dns_name_t *owner) +{ + isc_result_t result; + char ownerbuf[DNS_NAME_FORMATSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; + char altbuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fixed; + dns_name_t *foundname; + int level; + + /* + * "." means the services does not exist. + */ + if (dns_name_equal(name, dns_rootname)) + return (ISC_TRUE); + + /* + * Outside of zone. + */ + if (!dns_name_issubdomain(name, &zone->origin)) { + if (zone->checksrv != NULL) + return ((zone->checksrv)(zone, name, owner)); + return (ISC_TRUE); + } + + if (zone->type == dns_zone_master) + level = ISC_LOG_ERROR; + else + level = ISC_LOG_WARNING; + + dns_fixedname_init(&fixed); + foundname = dns_fixedname_name(&fixed); + + result = dns_db_find(db, name, NULL, dns_rdatatype_a, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + + if (result == DNS_R_NXRRSET) { + result = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + } + + dns_name_format(owner, ownerbuf, sizeof ownerbuf); + dns_name_format(name, namebuf, sizeof namebuf); + if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN || + result == DNS_R_EMPTYNAME) { + dns_zone_log(zone, level, + "%s/SRV '%s' has no address records (A or AAAA)", + ownerbuf, namebuf); + /* XXX950 make fatal for 9.5.0. */ + return (ISC_TRUE); + } + + if (result == DNS_R_CNAME) { + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNSRVCNAME) || + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME)) + level = ISC_LOG_WARNING; + if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME)) + dns_zone_log(zone, level, + "%s/SRV '%s' is a CNAME (illegal)", + ownerbuf, namebuf); + return ((level == ISC_LOG_WARNING) ? ISC_TRUE : ISC_FALSE); + } + + if (result == DNS_R_DNAME) { + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_WARNSRVCNAME) || + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME)) + level = ISC_LOG_WARNING; + if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IGNORESRVCNAME)) { + dns_name_format(foundname, altbuf, sizeof altbuf); + dns_zone_log(zone, level, "%s/SRV '%s' is below a " + "DNAME '%s' (illegal)", ownerbuf, namebuf, + altbuf); + } + return ((level == ISC_LOG_WARNING) ? ISC_TRUE : ISC_FALSE); + } + + if (zone->checksrv != NULL && result == DNS_R_DELEGATION) + return ((zone->checksrv)(zone, name, owner)); + + return (ISC_TRUE); +} + +static isc_boolean_t +zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name, + dns_name_t *owner) +{ + isc_boolean_t answer = ISC_TRUE; + isc_result_t result, tresult; + char ownerbuf[DNS_NAME_FORMATSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; + char altbuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fixed; + dns_name_t *foundname; + dns_rdataset_t a; + dns_rdataset_t aaaa; + int level; + + /* + * Outside of zone. + */ + if (!dns_name_issubdomain(name, &zone->origin)) { + if (zone->checkns != NULL) + return ((zone->checkns)(zone, name, owner, NULL, NULL)); + return (ISC_TRUE); + } + + if (zone->type == dns_zone_master) + level = ISC_LOG_ERROR; + else + level = ISC_LOG_WARNING; + + dns_fixedname_init(&fixed); + foundname = dns_fixedname_name(&fixed); + dns_rdataset_init(&a); + dns_rdataset_init(&aaaa); + + result = dns_db_find(db, name, NULL, dns_rdatatype_a, + DNS_DBFIND_GLUEOK, 0, NULL, + foundname, &a, NULL); + + if (result == ISC_R_SUCCESS) { + dns_rdataset_disassociate(&a); + return (ISC_TRUE); + } else if (result == DNS_R_DELEGATION) + dns_rdataset_disassociate(&a); + + if (result == DNS_R_NXRRSET || result == DNS_R_DELEGATION || + result == DNS_R_GLUE) { + tresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, + DNS_DBFIND_GLUEOK, 0, NULL, + foundname, &aaaa, NULL); + if (tresult == ISC_R_SUCCESS) { + dns_rdataset_disassociate(&aaaa); + return (ISC_TRUE); + } + if (tresult == DNS_R_DELEGATION) + dns_rdataset_disassociate(&aaaa); + if (result == DNS_R_GLUE || tresult == DNS_R_GLUE) { + /* + * Check glue against child zone. + */ + if (zone->checkns != NULL) + answer = (zone->checkns)(zone, name, owner, + &a, &aaaa); + if (dns_rdataset_isassociated(&a)) + dns_rdataset_disassociate(&a); + if (dns_rdataset_isassociated(&aaaa)) + dns_rdataset_disassociate(&aaaa); + return (answer); + } + } else + tresult = result; + + dns_name_format(owner, ownerbuf, sizeof ownerbuf); + dns_name_format(name, namebuf, sizeof namebuf); + if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN || + result == DNS_R_EMPTYNAME || result == DNS_R_DELEGATION) { + const char *what; + isc_boolean_t required = ISC_FALSE; + if (dns_name_issubdomain(name, owner)) { + what = "REQUIRED GLUE "; + required = ISC_TRUE; + } else if (result == DNS_R_DELEGATION) + what = "SIBLING GLUE "; + else + what = ""; + + if (result != DNS_R_DELEGATION || required || + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKSIBLING)) { + dns_zone_log(zone, level, "%s/NS '%s' has no %s" + "address records (A or AAAA)", + ownerbuf, namebuf, what); + /* + * Log missing address record. + */ + if (result == DNS_R_DELEGATION && zone->checkns != NULL) + (void)(zone->checkns)(zone, name, owner, + &a, &aaaa); + /* XXX950 make fatal for 9.5.0. */ + /* answer = ISC_FALSE; */ + } + } else if (result == DNS_R_CNAME) { + dns_zone_log(zone, level, "%s/NS '%s' is a CNAME (illegal)", + ownerbuf, namebuf); + /* XXX950 make fatal for 9.5.0. */ + /* answer = ISC_FALSE; */ + } else if (result == DNS_R_DNAME) { + dns_name_format(foundname, altbuf, sizeof altbuf); + dns_zone_log(zone, level, + "%s/NS '%s' is below a DNAME '%s' (illegal)", + ownerbuf, namebuf, altbuf); + /* XXX950 make fatal for 9.5.0. */ + /* answer = ISC_FALSE; */ + } + + if (dns_rdataset_isassociated(&a)) + dns_rdataset_disassociate(&a); + if (dns_rdataset_isassociated(&aaaa)) + dns_rdataset_disassociate(&aaaa); + return (answer); +} + +static isc_boolean_t +integrity_checks(dns_zone_t *zone, dns_db_t *db) { + dns_dbiterator_t *dbiterator = NULL; + dns_dbnode_t *node = NULL; + dns_rdataset_t rdataset; + dns_fixedname_t fixed; + dns_fixedname_t fixedbottom; + dns_rdata_mx_t mx; + dns_rdata_ns_t ns; + dns_rdata_in_srv_t srv; + dns_rdata_t rdata; + dns_name_t *name; + dns_name_t *bottom; + isc_result_t result; + isc_boolean_t ok = ISC_TRUE; + + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + dns_fixedname_init(&fixedbottom); + bottom = dns_fixedname_name(&fixedbottom); + dns_rdataset_init(&rdataset); + dns_rdata_init(&rdata); + + result = dns_db_createiterator(db, ISC_FALSE, &dbiterator); + if (result != ISC_R_SUCCESS) + return (ISC_TRUE); + + result = dns_dbiterator_first(dbiterator); + while (result == ISC_R_SUCCESS) { + result = dns_dbiterator_current(dbiterator, &node, name); + if (result != ISC_R_SUCCESS) + goto cleanup; + + /* + * Is this name visible in the zone? + */ + if (!dns_name_issubdomain(name, &zone->origin) || + (dns_name_countlabels(bottom) > 0 && + dns_name_issubdomain(name, bottom))) + goto next; + + /* + * Don't check the NS records at the origin. + */ + if (dns_name_equal(name, &zone->origin)) + goto checkmx; + + result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ns, + 0, 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) + goto checkmx; + /* + * Remember bottom of zone. + */ + dns_name_copy(name, bottom, NULL); + + result = dns_rdataset_first(&rdataset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (!zone_check_glue(zone, db, &ns.name, name)) + ok = ISC_FALSE; + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rdataset); + } + dns_rdataset_disassociate(&rdataset); + + checkmx: + result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_mx, + 0, 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) + goto checksrv; + result = dns_rdataset_first(&rdataset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &mx, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (!zone_check_mx(zone, db, &mx.mx, name)) + ok = ISC_FALSE; + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rdataset); + } + dns_rdataset_disassociate(&rdataset); + + checksrv: + if (zone->rdclass != dns_rdataclass_in) + goto next; + result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_srv, + 0, 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) + goto next; + result = dns_rdataset_first(&rdataset); + while (result == ISC_R_SUCCESS) { + dns_rdataset_current(&rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &srv, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (!zone_check_srv(zone, db, &srv.target, name)) + ok = ISC_FALSE; + dns_rdata_reset(&rdata); + result = dns_rdataset_next(&rdataset); + } + dns_rdataset_disassociate(&rdataset); + + next: + dns_db_detachnode(db, &node); + result = dns_dbiterator_next(dbiterator); + } + + cleanup: + if (node != NULL) + dns_db_detachnode(db, &node); + dns_dbiterator_destroy(&dbiterator); + + return (ok); +} + +/* + * OpenSSL verification of RSA keys with exponent 3 is known to be + * broken prior OpenSSL 0.9.8c/0.9.7k. Look for such keys and warn + * if they are in use. + */ +static void +zone_check_dnskeys(dns_zone_t *zone, dns_db_t *db) { + dns_dbnode_t *node = NULL; + dns_dbversion_t *version = NULL; + dns_rdata_dnskey_t dnskey; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdataset_t rdataset; + isc_result_t result; + isc_boolean_t logit, foundrsa = ISC_FALSE, foundmd5 = ISC_FALSE; + const char *algorithm; + + result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node); + if (result != ISC_R_SUCCESS) + goto cleanup; + + dns_db_currentversion(db, &version); + dns_rdataset_init(&rdataset); + result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey, + dns_rdatatype_none, 0, &rdataset, NULL); + if (result != ISC_R_SUCCESS) + goto cleanup; + + for (result = dns_rdataset_first(&rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(&rdataset)) + { + dns_rdataset_current(&rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &dnskey, NULL); + INSIST(result == ISC_R_SUCCESS); + + if ((dnskey.algorithm == DST_ALG_RSASHA1 || + dnskey.algorithm == DST_ALG_RSAMD5) && + dnskey.datalen > 1 && dnskey.data[0] == 1 && + dnskey.data[1] == 3) + { + if (dnskey.algorithm == DST_ALG_RSASHA1) { + logit = !foundrsa; + foundrsa = ISC_TRUE; + algorithm = "RSASHA1"; + } else { + logit = !foundmd5; + foundmd5 = ISC_TRUE; + algorithm = "RSAMD5"; + } + if (logit) + dns_zone_log(zone, ISC_LOG_WARNING, + "weak %s (%u) key found " + "(exponent=3)", algorithm, + dnskey.algorithm); + if (foundrsa && foundmd5) + break; + } + dns_rdata_reset(&rdata); + } + dns_rdataset_disassociate(&rdataset); + + cleanup: + if (node != NULL) + dns_db_detachnode(db, &node); + if (version != NULL) + dns_db_closeversion(db, &version, ISC_FALSE); + +} + static isc_result_t zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, isc_result_t result) { unsigned int soacount = 0; unsigned int nscount = 0; + unsigned int errors = 0; isc_uint32_t serial, refresh, retry, expire, minimum; isc_time_t now; isc_boolean_t needdump = ISC_FALSE; @@ -1281,12 +2059,13 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, "no master file"); else if (result != DNS_R_NOMASTERFILE) dns_zone_log(zone, ISC_LOG_ERROR, - "loading master file %s: %s", + "loading from master file %s " + "failed: %s", zone->masterfile, dns_result_totext(result)); } else dns_zone_log(zone, ISC_LOG_ERROR, - "loading master file %s: %s", + "loading from master file %s failed: %s", zone->masterfile, dns_result_totext(result)); goto cleanup; @@ -1337,14 +2116,12 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, dns_zone_log(zone, ISC_LOG_DEBUG(1), "loaded"); /* - * Obtain ns and soa counts for top of zone. + * Obtain ns, soa and cname counts for top of zone. */ - nscount = 0; - soacount = 0; INSIST(db != NULL); - result = zone_get_from_db(db, &zone->origin, &nscount, - &soacount, &serial, &refresh, &retry, - &expire, &minimum); + result = zone_get_from_db(zone, db, &nscount, &soacount, &serial, + &refresh, &retry, &expire, &minimum, + &errors); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "could not find NS and/or SOA records"); @@ -1371,6 +2148,17 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, } if (result != ISC_R_SUCCESS) goto cleanup; + if (zone->type == dns_zone_master && errors != 0) { + result = DNS_R_BADZONE; + goto cleanup; + } + if (zone->type == dns_zone_master && + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKINTEGRITY) && + !integrity_checks(zone, db)) { + result = DNS_R_BADZONE; + goto cleanup; + } + if (zone->db != NULL) { /* * This is checked in zone_replacedb() for slave zones @@ -1395,9 +2183,11 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, } else if (!isc_serial_ge(serial, zone->serial)) dns_zone_log(zone, ISC_LOG_ERROR, "zone serial has gone backwards"); - else if (serial == zone->serial && !hasinclude) + else if (serial == zone->serial && !hasinclude) dns_zone_log(zone, ISC_LOG_ERROR, - "zone serial unchanged"); + "zone serial unchanged. " + "zone may fail to transfer " + "to slaves."); } zone->serial = serial; zone->refresh = RANGE(refresh, @@ -1440,6 +2230,11 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, goto cleanup; } + /* + * Check for weak DNSKEY's. + */ + if (zone->type == dns_zone_master) + zone_check_dnskeys(zone, db); #if 0 /* destroy notification example. */ @@ -1453,12 +2248,15 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, } #endif + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write); if (zone->db != NULL) { result = zone_replacedb(zone, db, ISC_FALSE); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write); if (result != ISC_R_SUCCESS) goto cleanup; } else { - dns_db_attach(db, &zone->db); + zone_attachdb(zone, db); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write); DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED|DNS_ZONEFLG_NEEDNOTIFY); } @@ -1509,36 +2307,111 @@ exit_check(dns_zone_t *zone) { return (ISC_FALSE); } +static isc_boolean_t +zone_check_ns(dns_zone_t *zone, dns_db_t *db, dns_name_t *name) { + isc_result_t result; + char namebuf[DNS_NAME_FORMATSIZE]; + char altbuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fixed; + dns_name_t *foundname; + int level; + + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOCHECKNS)) + return (ISC_TRUE); + + if (zone->type == dns_zone_master) + level = ISC_LOG_ERROR; + else + level = ISC_LOG_WARNING; + + dns_fixedname_init(&fixed); + foundname = dns_fixedname_name(&fixed); + + result = dns_db_find(db, name, NULL, dns_rdatatype_a, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + + if (result == DNS_R_NXRRSET) { + result = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, + 0, 0, NULL, foundname, NULL, NULL); + if (result == ISC_R_SUCCESS) + return (ISC_TRUE); + } + + dns_name_format(name, namebuf, sizeof namebuf); + if (result == DNS_R_NXRRSET || result == DNS_R_NXDOMAIN || + result == DNS_R_EMPTYNAME) { + dns_zone_log(zone, level, + "NS '%s' has no address records (A or AAAA)", + namebuf); + /* XXX950 Make fatal ISC_FALSE for 9.5.0. */ + return (ISC_TRUE); + } + + if (result == DNS_R_CNAME) { + dns_zone_log(zone, level, "NS '%s' is a CNAME (illegal)", + namebuf); + /* XXX950 Make fatal ISC_FALSE for 9.5.0. */ + return (ISC_TRUE); + } + + if (result == DNS_R_DNAME) { + dns_name_format(foundname, altbuf, sizeof altbuf); + dns_zone_log(zone, level, + "NS '%s' is below a DNAME '%s' (illegal)", + namebuf, altbuf); + /* XXX950 Make fatal ISC_FALSE for 9.5.0. */ + return (ISC_TRUE); + } + + return (ISC_TRUE); +} + static isc_result_t -zone_count_ns_rr(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - unsigned int *nscount) +zone_count_ns_rr(dns_zone_t *zone, dns_db_t *db, dns_dbnode_t *node, + dns_dbversion_t *version, unsigned int *nscount, + unsigned int *errors) { isc_result_t result; - unsigned int count; + unsigned int count = 0; + unsigned int ecount = 0; dns_rdataset_t rdataset; - - REQUIRE(nscount != NULL); + dns_rdata_t rdata; + dns_rdata_ns_t ns; dns_rdataset_init(&rdataset); result = dns_db_findrdataset(db, node, version, dns_rdatatype_ns, dns_rdatatype_none, 0, &rdataset, NULL); - if (result == ISC_R_NOTFOUND) { - *nscount = 0; - result = ISC_R_SUCCESS; - goto invalidate_rdataset; - } + if (result == ISC_R_NOTFOUND) + goto success; if (result != ISC_R_SUCCESS) goto invalidate_rdataset; - count = 0; result = dns_rdataset_first(&rdataset); while (result == ISC_R_SUCCESS) { + if (errors != NULL && zone->rdclass == dns_rdataclass_in && + (zone->type == dns_zone_master || + zone->type == dns_zone_slave)) { + dns_rdata_init(&rdata); + dns_rdataset_current(&rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (dns_name_issubdomain(&ns.name, &zone->origin) && + !zone_check_ns(zone, db, &ns.name)) + ecount++; + } count++; result = dns_rdataset_next(&rdataset); } dns_rdataset_disassociate(&rdataset); - *nscount = count; + success: + if (nscount != NULL) + *nscount = count; + if (errors != NULL) + *errors = ecount; + result = ISC_R_SUCCESS; invalidate_rdataset: @@ -1626,10 +2499,11 @@ zone_load_soa_rr(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, * zone must be locked. */ static isc_result_t -zone_get_from_db(dns_db_t *db, dns_name_t *origin, unsigned int *nscount, +zone_get_from_db(dns_zone_t *zone, dns_db_t *db, unsigned int *nscount, unsigned int *soacount, isc_uint32_t *serial, isc_uint32_t *refresh, isc_uint32_t *retry, - isc_uint32_t *expire, isc_uint32_t *minimum) + isc_uint32_t *expire, isc_uint32_t *minimum, + unsigned int *errors) { dns_dbversion_t *version; isc_result_t result; @@ -1637,20 +2511,21 @@ zone_get_from_db(dns_db_t *db, dns_name_t *origin, unsigned int *nscount, dns_dbnode_t *node; REQUIRE(db != NULL); - REQUIRE(origin != NULL); + REQUIRE(zone != NULL); version = NULL; dns_db_currentversion(db, &version); node = NULL; - result = dns_db_findnode(db, origin, ISC_FALSE, &node); + result = dns_db_findnode(db, &zone->origin, ISC_FALSE, &node); if (result != ISC_R_SUCCESS) { answer = result; goto closeversion; } - if (nscount != NULL) { - result = zone_count_ns_rr(db, node, version, nscount); + if (nscount != NULL || errors != NULL) { + result = zone_count_ns_rr(zone, db, node, version, + nscount, errors); if (result != ISC_R_SUCCESS) answer = result; } @@ -1979,6 +2854,37 @@ dns_zone_setmasters(dns_zone_t *zone, const isc_sockaddr_t *masters, return (result); } +static isc_boolean_t +same_masters(const isc_sockaddr_t *old, const isc_sockaddr_t *new, + isc_uint32_t count) +{ + unsigned int i; + + for (i = 0; i < count; i++) + if (!isc_sockaddr_equal(&old[i], &new[i])) + return (ISC_FALSE); + return (ISC_TRUE); +} + +static isc_boolean_t +same_keynames(dns_name_t **old, dns_name_t **new, isc_uint32_t count) { + unsigned int i; + + if (old == NULL && new == NULL) + return (ISC_TRUE); + if (old == NULL || new == NULL) + return (ISC_FALSE); + + for (i = 0; i < count; i++) { + if (old[i] == NULL && new[i] == NULL) + continue; + if (old[i] == NULL || new[i] == NULL || + !dns_name_equal(old[i], new[i])) + return (ISC_FALSE); + } + return (ISC_TRUE); +} + isc_result_t dns_zone_setmasterswithkeys(dns_zone_t *zone, const isc_sockaddr_t *masters, @@ -1998,6 +2904,19 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, } LOCK_ZONE(zone); + /* + * The refresh code assumes that 'masters' wouldn't change under it. + * If it will change then kill off any current refresh in progress + * and update the masters info. If it won't change then we can just + * unlock and exit. + */ + if (count != zone->masterscnt || + !same_masters(zone->masters, masters, count) || + !same_keynames(zone->masterkeynames, keynames, count)) { + if (zone->request != NULL) + dns_request_cancel(zone->request); + } else + goto unlock; if (zone->masters != NULL) { isc_mem_put(zone->mctx, zone->masters, zone->masterscnt * sizeof(*new)); @@ -2032,7 +2951,7 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, goto unlock; /* - * masters must countain count elements! + * masters must contain count elements! */ new = isc_mem_get(zone->mctx, count * sizeof(*new)); if (new == NULL) { @@ -2040,7 +2959,7 @@ dns_zone_setmasterswithkeys(dns_zone_t *zone, goto unlock; } memcpy(new, masters, count * sizeof(*new)); - + /* * Similarly for mastersok. */ @@ -2115,12 +3034,12 @@ dns_zone_getdb(dns_zone_t *zone, dns_db_t **dpb) { REQUIRE(DNS_ZONE_VALID(zone)); - LOCK_ZONE(zone); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); if (zone->db == NULL) result = DNS_R_NOTLOADED; else dns_db_attach(zone->db, dpb); - UNLOCK_ZONE(zone); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); return (result); } @@ -2245,8 +3164,9 @@ zone_maintenance(dns_zone_t *zone) { switch (zone->type) { case dns_zone_master: case dns_zone_slave: - if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY)) - zone_notify(zone); + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY) && + isc_time_compare(&now, &zone->notifytime) >= 0) + zone_notify(zone, &now); break; default: break; @@ -2424,6 +3344,9 @@ dump_done(void *arg, isc_result_t result) { dns_db_t *db; dns_dbversion_t *version; isc_boolean_t again = ISC_FALSE; + isc_boolean_t compact = ISC_FALSE; + isc_uint32_t serial; + isc_result_t tresult; REQUIRE(DNS_ZONE_VALID(zone)); @@ -2431,8 +3354,6 @@ dump_done(void *arg, isc_result_t result) { if (result == ISC_R_SUCCESS && zone->journal != NULL && zone->journalsize != -1) { - isc_uint32_t serial; - isc_result_t tresult; /* * We don't own these, zone->dctx must stay valid. @@ -2441,7 +3362,11 @@ dump_done(void *arg, isc_result_t result) { version = dns_dumpctx_version(zone->dctx); tresult = dns_db_getsoaserial(db, version, &serial); - if (tresult == ISC_R_SUCCESS) { + /* + * Note: we are task locked here so we can test + * zone->xfr safely. + */ + if (tresult == ISC_R_SUCCESS && zone->xfr == NULL) { tresult = dns_journal_compact(zone->mctx, zone->journal, serial, @@ -2460,11 +3385,16 @@ dump_done(void *arg, isc_result_t result) { dns_result_totext(tresult)); break; } + } else if (tresult == ISC_R_SUCCESS) { + compact = ISC_TRUE; + zone->compact_serial = serial; } } LOCK_ZONE(zone); DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DUMPING); + if (compact) + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDCOMPACT); if (result != ISC_R_SUCCESS && result != ISC_R_CANCELED) { /* * Try again in a short while. @@ -2498,6 +3428,7 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) { isc_boolean_t again; dns_db_t *db = NULL; char *masterfile = NULL; + dns_masterformat_t masterformat = dns_masterformat_none; /* * 'compact' MUST only be set if we are task locked. @@ -2507,11 +3438,15 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) { ENTER; redo: - LOCK_ZONE(zone); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); if (zone->db != NULL) dns_db_attach(zone->db, &db); - if (zone->masterfile != NULL) + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + LOCK_ZONE(zone); + if (zone->masterfile != NULL) { masterfile = isc_mem_strdup(zone->mctx, zone->masterfile); + masterformat = zone->masterformat; + } UNLOCK_ZONE(zone); if (db == NULL) { result = DNS_R_NOTLOADED; @@ -2536,9 +3471,9 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) { UNLOCK_ZONE(zone); } else { dns_db_currentversion(db, &version); - result = dns_master_dump(zone->mctx, db, version, - &dns_master_style_default, - masterfile); + result = dns_master_dump2(zone->mctx, db, version, + &dns_master_style_default, + masterfile, masterformat); dns_db_closeversion(db, &version, ISC_FALSE); } fail: @@ -2576,35 +3511,46 @@ zone_dump(dns_zone_t *zone, isc_boolean_t compact) { } static isc_result_t -dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style) { +dumptostream(dns_zone_t *zone, FILE *fd, const dns_master_style_t *style, + dns_masterformat_t format) +{ isc_result_t result; dns_dbversion_t *version = NULL; dns_db_t *db = NULL; REQUIRE(DNS_ZONE_VALID(zone)); - LOCK_ZONE(zone); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); if (zone->db != NULL) dns_db_attach(zone->db, &db); - UNLOCK_ZONE(zone); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (db == NULL) return (DNS_R_NOTLOADED); dns_db_currentversion(db, &version); - result = dns_master_dumptostream(zone->mctx, db, version, style, fd); + result = dns_master_dumptostream2(zone->mctx, db, version, style, + format, fd); dns_db_closeversion(db, &version, ISC_FALSE); dns_db_detach(&db); return (result); } +isc_result_t +dns_zone_dumptostream2(dns_zone_t *zone, FILE *fd, dns_masterformat_t format, + const dns_master_style_t *style) { + return dumptostream(zone, fd, style, format); +} + isc_result_t dns_zone_dumptostream(dns_zone_t *zone, FILE *fd) { - return dumptostream(zone, fd, &dns_master_style_default); + return dumptostream(zone, fd, &dns_master_style_default, + dns_masterformat_text); } isc_result_t dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd) { - return dumptostream(zone, fd, &dns_master_style_full); + return dumptostream(zone, fd, &dns_master_style_full, + dns_masterformat_text); } void @@ -2645,7 +3591,9 @@ zone_unload(dns_zone_t *zone) { REQUIRE(LOCKED_ZONE(zone)); - dns_db_detach(&zone->db); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write); + zone_detachdb(zone); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write); DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_LOADED); DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDDUMP); } @@ -2700,6 +3648,46 @@ notify_isqueued(dns_zone_t *zone, dns_name_t *name, isc_sockaddr_t *addr) { return (ISC_FALSE); } +static isc_boolean_t +notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) { + dns_tsigkey_t *key = NULL; + isc_sockaddr_t src; + isc_sockaddr_t any; + isc_boolean_t isself; + isc_netaddr_t dstaddr; + + if (zone->view == NULL || zone->isself == NULL) + return (ISC_FALSE); + + switch (isc_sockaddr_pf(dst)) { + case PF_INET: + src = zone->notifysrc4; + isc_sockaddr_any(&any); + break; + case PF_INET6: + src = zone->notifysrc6; + isc_sockaddr_any6(&any); + break; + default: + return (ISC_FALSE); + } + + /* + * When sending from any the kernel will assign a source address + * that matches the destination address. + */ + if (isc_sockaddr_eqaddr(&any, &src)) + src = *dst; + + isc_netaddr_fromsockaddr(&dstaddr, dst); + (void)dns_view_getpeertsig(zone->view, &dstaddr, &key); + isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass, + zone->isselfarg); + if (key != NULL) + dns_tsigkey_detach(&key); + return (isself); +} + static void notify_destroy(dns_notify_t *notify, isc_boolean_t locked) { isc_mem_t *mctx; @@ -2800,7 +3788,7 @@ notify_find_address(dns_notify_t *notify) { result = dns_adb_createfind(notify->zone->view->adb, notify->zone->task, process_adb_event, notify, - ¬ify->ns, dns_rootname, + ¬ify->ns, dns_rootname, 0, options, 0, NULL, notify->zone->view->dstport, ¬ify->find); @@ -2853,6 +3841,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) { char addrbuf[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t src; int timeout; + isc_boolean_t have_notifysource = ISC_FALSE; notify = event->ev_arg; REQUIRE(DNS_NOTIFY_VALID(notify)); @@ -2880,7 +3869,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) { */ if (isc_sockaddr_pf(¬ify->dst) == PF_INET6 && IN6_IS_ADDR_V4MAPPED(¬ify->dst.type.sin6.sin6_addr)) { - isc_sockaddr_format(¬ify->dst, addrbuf, sizeof(addrbuf)); + isc_sockaddr_format(¬ify->dst, addrbuf, sizeof(addrbuf)); notify_log(notify->zone, ISC_LOG_DEBUG(3), "notify: ignoring IPv6 mapped IPV4 address: %s", addrbuf); @@ -2898,12 +3887,24 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) { isc_sockaddr_format(¬ify->dst, addrbuf, sizeof(addrbuf)); notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s", addrbuf); + if (notify->zone->view->peers != NULL) { + dns_peer_t *peer = NULL; + result = dns_peerlist_peerbyaddr(notify->zone->view->peers, + &dstip, &peer); + if (result == ISC_R_SUCCESS) { + result = dns_peer_getnotifysource(peer, &src); + if (result == ISC_R_SUCCESS) + have_notifysource = ISC_TRUE; + } + } switch (isc_sockaddr_pf(¬ify->dst)) { case PF_INET: - src = notify->zone->notifysrc4; + if (!have_notifysource) + src = notify->zone->notifysrc4; break; case PF_INET6: - src = notify->zone->notifysrc6; + if (!have_notifysource) + src = notify->zone->notifysrc6; break; default: result = ISC_R_NOTIMPLEMENTED; @@ -2917,6 +3918,16 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) { timeout * 3, timeout, notify->zone->task, notify_done, notify, ¬ify->request); + if (result == ISC_R_SUCCESS) { + if (isc_sockaddr_pf(¬ify->dst) == AF_INET) { + inc_stats(notify->zone, + dns_zonestatscounter_notifyoutv4); + } else { + inc_stats(notify->zone, + dns_zonestatscounter_notifyoutv6); + } + } + cleanup_key: if (key != NULL) dns_tsigkey_detach(&key); @@ -2947,6 +3958,8 @@ notify_send(dns_notify_t *notify) { dst = ai->sockaddr; if (notify_isqueued(notify->zone, NULL, &dst)) continue; + if (notify_isself(notify->zone, &dst)) + continue; new = NULL; result = notify_create(notify->mctx, (notify->flags & DNS_NOTIFY_NOSOA), @@ -2982,8 +3995,9 @@ dns_zone_notify(dns_zone_t *zone) { } static void -zone_notify(dns_zone_t *zone) { +zone_notify(dns_zone_t *zone, isc_time_t *now) { dns_dbnode_t *node = NULL; + dns_db_t *zonedb = NULL; dns_dbversion_t *version = NULL; dns_name_t *origin = NULL; dns_name_t master; @@ -3001,13 +4015,13 @@ zone_notify(dns_zone_t *zone) { dns_notifytype_t notifytype; unsigned int flags = 0; isc_boolean_t loggednotify = ISC_FALSE; - dns_db_t *db = NULL; REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); notifytype = zone->notifytype; + DNS_ZONE_TIME_ADD(now, zone->notifydelay, &zone->notifytime); UNLOCK_ZONE(zone); if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) @@ -3016,11 +4030,8 @@ zone_notify(dns_zone_t *zone) { if (notifytype == dns_notifytype_no) return; - LOCK_ZONE(zone); - if (zone->db != NULL) - dns_db_attach(zone->db, &db); - UNLOCK_ZONE(zone); - if (db == NULL) + if (notifytype == dns_notifytype_masteronly && + zone->type != dns_zone_master) return; origin = &zone->origin; @@ -3035,13 +4046,19 @@ zone_notify(dns_zone_t *zone) { /* * Get SOA RRset. */ - dns_db_currentversion(db, &version); - result = dns_db_findnode(db, origin, ISC_FALSE, &node); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); + if (zone->db != NULL) + dns_db_attach(zone->db, &zonedb); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + if (zonedb == NULL) + return; + dns_db_currentversion(zonedb, &version); + result = dns_db_findnode(zonedb, origin, ISC_FALSE, &node); if (result != ISC_R_SUCCESS) goto cleanup1; dns_rdataset_init(&soardset); - result = dns_db_findrdataset(db, node, version, dns_rdatatype_soa, + result = dns_db_findrdataset(zonedb, node, version, dns_rdatatype_soa, dns_rdatatype_none, 0, &soardset, NULL); if (result != ISC_R_SUCCESS) goto cleanup2; @@ -3098,7 +4115,7 @@ zone_notify(dns_zone_t *zone) { */ dns_rdataset_init(&nsrdset); - result = dns_db_findrdataset(db, node, version, dns_rdatatype_ns, + result = dns_db_findrdataset(zonedb, node, version, dns_rdatatype_ns, dns_rdatatype_none, 0, &nsrdset, NULL); if (result != ISC_R_SUCCESS) goto cleanup3; @@ -3110,9 +4127,11 @@ zone_notify(dns_zone_t *zone) { RUNTIME_CHECK(result == ISC_R_SUCCESS); dns_rdata_reset(&rdata); /* - * don't notify the master server. + * Don't notify the master server unless explicitly + * configured to do so. */ - if (dns_name_compare(&master, &ns.name) == 0) { + if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_NOTIFYTOSOA) && + dns_name_compare(&master, &ns.name) == 0) { result = dns_rdataset_next(&nsrdset); continue; } @@ -3155,10 +4174,10 @@ zone_notify(dns_zone_t *zone) { if (dns_name_dynamic(&master)) dns_name_free(&master, zone->mctx); cleanup2: - dns_db_detachnode(db, &node); + dns_db_detachnode(zonedb, &node); cleanup1: - dns_db_closeversion(db, &version, ISC_FALSE); - dns_db_detach(&db); + dns_db_closeversion(zonedb, &version, ISC_FALSE); + dns_db_detach(&zonedb); } /*** @@ -3298,6 +4317,8 @@ stub_callback(isc_task_t *task, isc_event_t *event) { master, source); goto same_master; } + dns_zonemgr_unreachableadd(zone->zmgr, &zone->masteraddr, + &zone->sourceaddr, &now); dns_zone_log(zone, ISC_LOG_INFO, "could not refresh stub from master %s" " (source %s): %s", master, source, @@ -3406,10 +4427,10 @@ stub_callback(isc_task_t *task, isc_event_t *event) { * Tidy up. */ dns_db_closeversion(stub->db, &stub->version, ISC_TRUE); - LOCK_ZONE(zone); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write); if (zone->db == NULL) - dns_db_attach(stub->db, &zone->db); - UNLOCK_ZONE(zone); + zone_attachdb(zone, stub->db); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write); dns_db_detach(&stub->db); if (zone->masterfile != NULL) { @@ -3559,12 +4580,23 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { "master %s exceeded (source %s)", master, source); /* Try with slave with TCP. */ - if (zone->type == dns_zone_slave) { - LOCK_ZONE(zone); - DNS_ZONE_SETFLAG(zone, - DNS_ZONEFLG_SOABEFOREAXFR); - UNLOCK_ZONE(zone); - goto tcp_transfer; + if (zone->type == dns_zone_slave && + DNS_ZONE_OPTION(zone, DNS_ZONEOPT_TRYTCPREFRESH)) { + if (!dns_zonemgr_unreachable(zone->zmgr, + &zone->masteraddr, + &zone->sourceaddr, + &now)) { + LOCK_ZONE(zone); + DNS_ZONE_SETFLAG(zone, + DNS_ZONEFLG_SOABEFOREAXFR); + UNLOCK_ZONE(zone); + goto tcp_transfer; + } + dns_zone_log(zone, ISC_LOG_DEBUG(1), + "refresh: skipped tcp fallback" + "as master %s (source %s) is " + "unreachable (cached)", + master, source); } } else dns_zone_log(zone, ISC_LOG_INFO, @@ -3614,7 +4646,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { "master %s (source %s)", (int)rb.used, rcode, master, source); /* - * Perhaps AXFR/IXFR is allowed even if SOA queries arn't. + * Perhaps AXFR/IXFR is allowed even if SOA queries aren't. */ if (msg->rcode == dns_rcode_refused && zone->type == dns_zone_slave) @@ -3740,6 +4772,16 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) || DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER) || isc_serial_gt(serial, zone->serial)) { + if (dns_zonemgr_unreachable(zone->zmgr, &zone->masteraddr, + &zone->sourceaddr, &now)) { + dns_zone_log(zone, ISC_LOG_INFO, + "refresh: skipping %s as master %s " + "(source %s) is unreachable (cached)", + zone->type == dns_zone_slave ? + "zone transfer" : "NS query", + master, source); + goto next_master; + } tcp_transfer: isc_event_free(&event); LOCK_ZONE(zone); @@ -3955,7 +4997,7 @@ create_query(dns_zone_t *zone, dns_rdatatype_t rdtype, } static isc_result_t -add_opt(dns_message_t *message) { +add_opt(dns_message_t *message, isc_uint16_t udpsize, isc_boolean_t reqnsid) { dns_rdataset_t *rdataset = NULL; dns_rdatalist_t *rdatalist = NULL; dns_rdata_t *rdata = NULL; @@ -3971,25 +5013,35 @@ add_opt(dns_message_t *message) { if (result != ISC_R_SUCCESS) goto cleanup; dns_rdataset_init(rdataset); - + rdatalist->type = dns_rdatatype_opt; rdatalist->covers = 0; /* * Set Maximum UDP buffer size. */ - rdatalist->rdclass = SEND_BUFFER_SIZE; + rdatalist->rdclass = udpsize; /* * Set EXTENDED-RCODE, VERSION, DO and Z to 0. */ rdatalist->ttl = 0; - /* - * No EDNS options. - */ - rdata->data = NULL; - rdata->length = 0; + /* Set EDNS options if applicable */ + if (reqnsid) { + unsigned char data[4]; + isc_buffer_t buf; + + isc_buffer_init(&buf, data, sizeof(data)); + isc_buffer_putuint16(&buf, DNS_OPT_NSID); + isc_buffer_putuint16(&buf, 0); + rdata->data = data; + rdata->length = sizeof(data); + } else { + rdata->data = NULL; + rdata->length = 0; + } + rdata->rdclass = rdatalist->rdclass; rdata->type = rdatalist->type; rdata->flags = 0; @@ -4008,7 +5060,7 @@ add_opt(dns_message_t *message) { dns_message_puttemprdataset(message, &rdataset); if (rdata != NULL) dns_message_puttemprdata(message, &rdata); - + return (result); } @@ -4024,7 +5076,8 @@ soa_query(isc_task_t *task, isc_event_t *event) { isc_uint32_t options; isc_boolean_t cancel = ISC_TRUE; int timeout; - isc_boolean_t have_xfrsource; + isc_boolean_t have_xfrsource, reqnsid; + isc_uint16_t udpsize = SEND_BUFFER_SIZE; REQUIRE(DNS_ZONE_VALID(zone)); @@ -4068,13 +5121,14 @@ soa_query(isc_task_t *task, isc_event_t *event) { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(keyname, namebuf, sizeof(namebuf)); dns_zone_log(zone, ISC_LOG_ERROR, - "unable to find key: %s", namebuf); + "unable to find key: %s", namebuf); } } if (key == NULL) (void)dns_view_getpeertsig(zone->view, &masterip, &key); have_xfrsource = ISC_FALSE; + reqnsid = zone->view->requestnsid; if (zone->view->peers != NULL) { dns_peer_t *peer = NULL; isc_boolean_t edns; @@ -4088,6 +5142,11 @@ soa_query(isc_task_t *task, isc_event_t *event) { &zone->sourceaddr); if (result == ISC_R_SUCCESS) have_xfrsource = ISC_TRUE; + if (zone->view->resolver != NULL) + udpsize = + dns_resolver_getudpsize(zone->view->resolver); + (void)dns_peer_getudpsize(peer, &udpsize); + (void)dns_peer_getrequestnsid(peer, &reqnsid); } } @@ -4119,7 +5178,7 @@ soa_query(isc_task_t *task, isc_event_t *event) { DNS_REQUESTOPT_TCP : 0; if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) { - result = add_opt(message); + result = add_opt(message, udpsize, reqnsid); if (result != ISC_R_SUCCESS) zone_debuglog(zone, me, 1, "unable to add opt record: %s", @@ -4141,6 +5200,11 @@ soa_query(isc_task_t *task, isc_event_t *event) { "dns_request_createvia2() failed: %s", dns_result_totext(result)); goto cleanup; + } else { + if (isc_sockaddr_pf(&zone->masteraddr) == PF_INET) + inc_stats(zone, dns_zonestatscounter_soaoutv4); + else + inc_stats(zone, dns_zonestatscounter_soaoutv6); } cancel = ISC_FALSE; @@ -4183,7 +5247,8 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { dns_tsigkey_t *key = NULL; dns_dbnode_t *node = NULL; int timeout; - isc_boolean_t have_xfrsource = ISC_FALSE; + isc_boolean_t have_xfrsource = ISC_FALSE, reqnsid; + isc_uint16_t udpsize = SEND_BUFFER_SIZE; REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE((soardataset != NULL && stub == NULL) || @@ -4213,9 +5278,13 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { * new one and attach it to the zone once we have the NS * RRset and glue. */ - if (zone->db != NULL) + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); + if (zone->db != NULL) { dns_db_attach(zone->db, &stub->db); - else { + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + } else { + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + INSIST(zone->db_argc >= 1); result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, dns_dbtype_stub, @@ -4284,12 +5353,13 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(keyname, namebuf, sizeof(namebuf)); dns_zone_log(zone, ISC_LOG_ERROR, - "unable to find key: %s", namebuf); + "unable to find key: %s", namebuf); } } if (key == NULL) - (void)dns_view_getpeertsig(zone->view, &masterip, &key); + (void)dns_view_getpeertsig(zone->view, &masterip, &key); + reqnsid = zone->view->requestnsid; if (zone->view->peers != NULL) { dns_peer_t *peer = NULL; isc_boolean_t edns; @@ -4303,11 +5373,16 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { &zone->sourceaddr); if (result == ISC_R_SUCCESS) have_xfrsource = ISC_TRUE; + if (zone->view->resolver != NULL) + udpsize = + dns_resolver_getudpsize(zone->view->resolver); + (void)dns_peer_getudpsize(peer, &udpsize); + (void)dns_peer_getrequestnsid(peer, &reqnsid); } - + } if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NOEDNS)) { - result = add_opt(message); + result = add_opt(message, udpsize, reqnsid); if (result != ISC_R_SUCCESS) zone_debuglog(zone, me, 1, "unable to add opt record: %s", @@ -4367,7 +5442,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { if (message != NULL) dns_message_destroy(&message); unlock: - if (key != NULL) + if (key != NULL) dns_tsigkey_detach(&key); UNLOCK_ZONE(zone); return; @@ -4438,7 +5513,7 @@ zone_shutdown(isc_task_t *task, isc_event_t *event) { if (zone->writeio != NULL) zonemgr_cancelio(zone->writeio); - if (zone->dctx != NULL) + if (zone->dctx != NULL) dns_dumpctx_cancel(zone->dctx); } @@ -4495,7 +5570,7 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) { switch (zone->type) { case dns_zone_master: if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY)) - next = *now; + next = zone->notifytime; if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDDUMP) && !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_DUMPING)) { INSIST(!isc_time_isepoch(&zone->dumptime)); @@ -4507,7 +5582,7 @@ zone_settimer(dns_zone_t *zone, isc_time_t *now) { case dns_zone_slave: if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDNOTIFY)) - next = *now; + next = zone->notifytime; /*FALLTHROUGH*/ case dns_zone_stub: @@ -4582,6 +5657,7 @@ static isc_result_t notify_createmessage(dns_zone_t *zone, unsigned int flags, dns_message_t **messagep) { + dns_db_t *zonedb = NULL; dns_dbnode_t *node = NULL; dns_dbversion_t *version = NULL; dns_message_t *message = NULL; @@ -4600,7 +5676,6 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE(messagep != NULL && *messagep == NULL); - message = NULL; result = dns_message_create(zone->mctx, DNS_MESSAGE_INTENTRENDER, &message); if (result != ISC_R_SUCCESS) @@ -4647,15 +5722,20 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, if (result != ISC_R_SUCCESS) goto soa_cleanup; + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); + INSIST(zone->db != NULL); /* XXXJT: is this assumption correct? */ + dns_db_attach(zone->db, &zonedb); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); + dns_name_init(tempname, NULL); dns_name_clone(&zone->origin, tempname); - dns_db_currentversion(zone->db, &version); - result = dns_db_findnode(zone->db, tempname, ISC_FALSE, &node); + dns_db_currentversion(zonedb, &version); + result = dns_db_findnode(zonedb, tempname, ISC_FALSE, &node); if (result != ISC_R_SUCCESS) goto soa_cleanup; dns_rdataset_init(&rdataset); - result = dns_db_findrdataset(zone->db, node, version, + result = dns_db_findrdataset(zonedb, node, version, dns_rdatatype_soa, dns_rdatatype_none, 0, &rdataset, NULL); @@ -4699,9 +5779,11 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, soa_cleanup: if (node != NULL) - dns_db_detachnode(zone->db, &node); + dns_db_detachnode(zonedb, &node); if (version != NULL) - dns_db_closeversion(zone->db, &version, ISC_FALSE); + dns_db_closeversion(zonedb, &version, ISC_FALSE); + if (zonedb != NULL) + dns_db_detach(&zonedb); if (tempname != NULL) dns_message_puttempname(message, &tempname); if (temprdata != NULL) @@ -4720,8 +5802,7 @@ notify_createmessage(dns_zone_t *zone, unsigned int flags, dns_message_puttempname(message, &tempname); if (temprdataset != NULL) dns_message_puttemprdataset(message, &temprdataset); - if (message != NULL) - dns_message_destroy(&message); + dns_message_destroy(&message); return (result); } @@ -4744,7 +5825,7 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, * If type != T_SOA return DNS_R_REFUSED. We don't yet support * ROLLOVER. * - * SOA: RFC 1996 + * SOA: RFC1996 * Check that 'from' is a valid notify source, (zone->masters). * Return DNS_R_REFUSED if not. * @@ -4766,6 +5847,10 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, * We only handle NOTIFY (SOA) at the present. */ LOCK_ZONE(zone); + if (isc_sockaddr_pf(from) == PF_INET) + inc_stats(zone, dns_zonestatscounter_notifyinv4); + else + inc_stats(zone, dns_zonestatscounter_notifyinv6); if (msg->counts[DNS_SECTION_QUESTION] == 0 || dns_message_findname(msg, DNS_SECTION_QUESTION, &zone->origin, dns_rdatatype_soa, dns_rdatatype_none, @@ -4820,6 +5905,7 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, UNLOCK_ZONE(zone); dns_zone_log(zone, ISC_LOG_INFO, "refused notify from non-master: %s", fromtext); + inc_stats(zone, dns_zonestatscounter_notifyrej); return (DNS_R_REFUSED); } @@ -4902,6 +5988,18 @@ dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl) { UNLOCK_ZONE(zone); } +void +dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl) { + + REQUIRE(DNS_ZONE_VALID(zone)); + + LOCK_ZONE(zone); + if (zone->queryon_acl != NULL) + dns_acl_detach(&zone->queryon_acl); + dns_acl_attach(acl, &zone->queryon_acl); + UNLOCK_ZONE(zone); +} + void dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl) { @@ -4954,6 +6052,14 @@ dns_zone_getqueryacl(dns_zone_t *zone) { return (zone->query_acl); } +dns_acl_t * +dns_zone_getqueryonacl(dns_zone_t *zone) { + + REQUIRE(DNS_ZONE_VALID(zone)); + + return (zone->queryon_acl); +} + dns_acl_t * dns_zone_getupdateacl(dns_zone_t *zone) { @@ -5022,6 +6128,17 @@ dns_zone_clearqueryacl(dns_zone_t *zone) { UNLOCK_ZONE(zone); } +void +dns_zone_clearqueryonacl(dns_zone_t *zone) { + + REQUIRE(DNS_ZONE_VALID(zone)); + + LOCK_ZONE(zone); + if (zone->queryon_acl != NULL) + dns_acl_detach(&zone->queryon_acl); + UNLOCK_ZONE(zone); +} + void dns_zone_clearxfracl(dns_zone_t *zone) { @@ -5046,6 +6163,19 @@ dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state) { zone->update_disabled = state; } +isc_boolean_t +dns_zone_getzeronosoattl(dns_zone_t *zone) { + REQUIRE(DNS_ZONE_VALID(zone)); + return (zone->zero_no_soa_ttl); + +} + +void +dns_zone_setzeronosoattl(dns_zone_t *zone, isc_boolean_t state) { + REQUIRE(DNS_ZONE_VALID(zone)); + zone->zero_no_soa_ttl = state; +} + void dns_zone_setchecknames(dns_zone_t *zone, dns_severity_t severity) { @@ -5079,7 +6209,7 @@ dns_zone_getjournalsize(dns_zone_t *zone) { } static void -zone_tostr(dns_zone_t *zone, char *buf, size_t length) { +zone_namerd_tostr(dns_zone_t *zone, char *buf, size_t length) { isc_result_t result = ISC_R_FAILURE; isc_buffer_t buffer; @@ -5110,29 +6240,88 @@ zone_tostr(dns_zone_t *zone, char *buf, size_t length) { buf[isc_buffer_usedlength(&buffer)] = '\0'; } +static void +zone_name_tostr(dns_zone_t *zone, char *buf, size_t length) { + isc_result_t result = ISC_R_FAILURE; + isc_buffer_t buffer; + + REQUIRE(buf != NULL); + REQUIRE(length > 1U); + + /* + * Leave space for terminating '\0'. + */ + isc_buffer_init(&buffer, buf, length - 1); + if (dns_name_dynamic(&zone->origin)) + result = dns_name_totext(&zone->origin, ISC_TRUE, &buffer); + if (result != ISC_R_SUCCESS && + isc_buffer_availablelength(&buffer) >= (sizeof("") - 1)) + isc_buffer_putstr(&buffer, ""); + + buf[isc_buffer_usedlength(&buffer)] = '\0'; +} + +static void +zone_rdclass_tostr(dns_zone_t *zone, char *buf, size_t length) { + isc_buffer_t buffer; + + REQUIRE(buf != NULL); + REQUIRE(length > 1U); + + /* + * Leave space for terminating '\0'. + */ + isc_buffer_init(&buffer, buf, length - 1); + (void)dns_rdataclass_totext(zone->rdclass, &buffer); + + buf[isc_buffer_usedlength(&buffer)] = '\0'; +} + +static void +zone_viewname_tostr(dns_zone_t *zone, char *buf, size_t length) { + isc_buffer_t buffer; + + REQUIRE(buf != NULL); + REQUIRE(length > 1U); + + + /* + * Leave space for terminating '\0'. + */ + isc_buffer_init(&buffer, buf, length - 1); + + if (zone->view == NULL) { + isc_buffer_putstr(&buffer, "_none"); + } else if (strlen(zone->view->name) + < isc_buffer_availablelength(&buffer)) { + isc_buffer_putstr(&buffer, zone->view->name); + } else { + isc_buffer_putstr(&buffer, "_toolong"); + } + + buf[isc_buffer_usedlength(&buffer)] = '\0'; +} + void dns_zone_name(dns_zone_t *zone, char *buf, size_t length) { REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE(buf != NULL); - zone_tostr(zone, buf, length); + zone_namerd_tostr(zone, buf, length); } static void notify_log(dns_zone_t *zone, int level, const char *fmt, ...) { va_list ap; char message[4096]; - char namebuf[1024+32]; if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; - zone_tostr(zone, namebuf, sizeof(namebuf)); - va_start(ap, fmt); vsnprintf(message, sizeof(message), fmt, ap); va_end(ap); isc_log_write(dns_lctx, DNS_LOGCATEGORY_NOTIFY, DNS_LOGMODULE_ZONE, - level, "zone %s: %s", namebuf, message); + level, "zone %s: %s", zone->strnamerd, message); } void @@ -5140,36 +6329,30 @@ dns_zone_logc(dns_zone_t *zone, isc_logcategory_t *category, int level, const char *fmt, ...) { va_list ap; char message[4096]; - char namebuf[1024+32]; if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; - zone_tostr(zone, namebuf, sizeof(namebuf)); - va_start(ap, fmt); vsnprintf(message, sizeof(message), fmt, ap); va_end(ap); isc_log_write(dns_lctx, category, DNS_LOGMODULE_ZONE, - level, "zone %s: %s", namebuf, message); + level, "zone %s: %s", zone->strnamerd, message); } void dns_zone_log(dns_zone_t *zone, int level, const char *fmt, ...) { va_list ap; char message[4096]; - char namebuf[1024+32]; if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; - zone_tostr(zone, namebuf, sizeof(namebuf)); - va_start(ap, fmt); vsnprintf(message, sizeof(message), fmt, ap); va_end(ap); isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE, - level, "zone %s: %s", namebuf, message); + level, "zone %s: %s", zone->strnamerd, message); } static void @@ -5178,19 +6361,16 @@ zone_debuglog(dns_zone_t *zone, const char *me, int debuglevel, { va_list ap; char message[4096]; - char namebuf[1024+32]; int level = ISC_LOG_DEBUG(debuglevel); if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE) return; - zone_tostr(zone, namebuf, sizeof(namebuf)); - va_start(ap, fmt); vsnprintf(message, sizeof(message), fmt, ap); va_end(ap); isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE, - level, "%s: zone %s: %s", me, namebuf, message); + level, "%s: zone %s: %s", me, zone->strnamerd, message); } static int @@ -5244,7 +6424,8 @@ dns_zone_getmaxxfrout(dns_zone_t *zone) { return (zone->maxxfrout); } -dns_zonetype_t dns_zone_gettype(dns_zone_t *zone) { +dns_zonetype_t +dns_zone_gettype(dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); return (zone->type); @@ -5265,8 +6446,10 @@ dns_zone_settask(dns_zone_t *zone, isc_task_t *task) { if (zone->task != NULL) isc_task_detach(&zone->task); isc_task_attach(task, &zone->task); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); if (zone->db != NULL) dns_db_settask(zone->db, zone->task); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); UNLOCK_ZONE(zone); } @@ -5371,7 +6554,9 @@ dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { REQUIRE(DNS_ZONE_VALID(zone)); LOCK_ZONE(zone); + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_write); result = zone_replacedb(zone, db, dump); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_write); UNLOCK_ZONE(zone); return (result); } @@ -5384,13 +6569,13 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { unsigned int nscount = 0; /* - * 'zone' locked by caller. + * 'zone' and 'zonedb' locked by caller. */ REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE(LOCKED_ZONE(zone)); - result = zone_get_from_db(db, &zone->origin, &nscount, &soacount, - NULL, NULL, NULL, NULL, NULL); + result = zone_get_from_db(zone, db, &nscount, &soacount, + NULL, NULL, NULL, NULL, NULL, NULL); if (result == ISC_R_SUCCESS) { if (soacount != 1) { dns_zone_log(zone, ISC_LOG_ERROR, @@ -5415,7 +6600,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { /* * The initial version of a slave zone is always dumped; - * subsequent versions may be journalled instead if this + * subsequent versions may be journaled instead if this * is enabled in the configuration. */ if (zone->db != NULL && zone->journal != NULL && @@ -5478,7 +6663,8 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(3), "dumping new zone version"); - result = dns_db_dump(db, ver, zone->masterfile); + result = dns_db_dump2(db, ver, zone->masterfile, + zone->masterformat); if (result != ISC_R_SUCCESS) goto fail; @@ -5497,7 +6683,7 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { * The in-memory database just changed, and * because 'dump' is set, it didn't change by * being loaded from disk. Also, we have not - * journalled diffs for this change. + * journaled diffs for this change. * Therefore, the on-disk journal is missing * the deltas for this change. Since it can * no longer be used to bring the zone @@ -5507,7 +6693,17 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE, ISC_LOG_DEBUG(3), "removing journal file"); - (void)remove(zone->journal); + if (remove(zone->journal) < 0 && errno != ENOENT) { + char strbuf[ISC_STRERRORSIZE]; + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(dns_lctx, + DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_ZONE, + ISC_LOG_WARNING, + "unable to remove journal " + "'%s': '%s'", + zone->journal, strbuf); + } } } @@ -5518,8 +6714,8 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { "replacing zone database"); if (zone->db != NULL) - dns_db_detach(&zone->db); - dns_db_attach(db, &zone->db); + zone_detachdb(zone); + zone_attachdb(zone, db); dns_db_settask(zone->db, zone->task); DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED|DNS_ZONEFLG_NEEDNOTIFY); return (ISC_R_SUCCESS); @@ -5529,6 +6725,33 @@ zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump) { return (result); } +/* The caller must hold the dblock as a writer. */ +static inline void +zone_attachdb(dns_zone_t *zone, dns_db_t *db) { + REQUIRE(zone->db == NULL && db != NULL); + + dns_db_attach(db, &zone->db); + if (zone->acache != NULL) { + isc_result_t result; + result = dns_acache_setdb(zone->acache, db); + if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "dns_acache_setdb() failed: %s", + isc_result_totext(result)); + } + } +} + +/* The caller must hold the dblock as a writer. */ +static inline void +zone_detachdb(dns_zone_t *zone) { + REQUIRE(zone->db != NULL); + + if (zone->acache != NULL) + (void)dns_acache_putdb(zone->acache, zone->db); + dns_db_detach(&zone->db); +} + static void zone_xfrdone(dns_zone_t *zone, isc_result_t result) { isc_time_t now; @@ -5559,8 +6782,11 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { /* * Has the zone expired underneath us? */ - if (zone->db == NULL) + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); + if (zone->db == NULL) { + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); goto same_master; + } /* * Update the zone structure's data from the actual @@ -5569,9 +6795,10 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { nscount = 0; soacount = 0; INSIST(zone->db != NULL); - result = zone_get_from_db(zone->db, &zone->origin, &nscount, + result = zone_get_from_db(zone, zone->db, &nscount, &soacount, &serial, &refresh, - &retry, &expire, &minimum); + &retry, &expire, &minimum, NULL); + ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); if (result == ISC_R_SUCCESS) { if (soacount != 1) dns_zone_log(zone, ISC_LOG_ERROR, @@ -5633,7 +6860,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { } /* - * This is not neccessary if we just performed a AXFR + * This is not necessary if we just performed a AXFR * however it is necessary for an IXFR / UPTODATE and * won't hurt with an AXFR. */ @@ -5657,6 +6884,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { dns_result_totext(result)); } + inc_stats(zone, dns_zonestatscounter_xfrsuccess); break; case DNS_R_BADIXFR: @@ -5691,6 +6919,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESH); again = ISC_TRUE; } + inc_stats(zone, dns_zonestatscounter_xfrfail); break; } zone_settimer(zone, &now); @@ -5708,6 +6937,30 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { if (zone->tsigkey != NULL) dns_tsigkey_detach(&zone->tsigkey); + /* + * Handle any deferred journal compaction. + */ + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_NEEDCOMPACT)) { + result = dns_journal_compact(zone->mctx, zone->journal, + zone->compact_serial, + zone->journalsize); + switch (result) { + case ISC_R_SUCCESS: + case ISC_R_NOSPACE: + case ISC_R_NOTFOUND: + dns_zone_log(zone, ISC_LOG_DEBUG(3), + "dns_journal_compact: %s", + dns_result_totext(result)); + break; + default: + dns_zone_log(zone, ISC_LOG_ERROR, + "dns_journal_compact failed: %s", + dns_result_totext(result)); + break; + } + DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_NEEDCOMPACT); + } + /* * This transfer finishing freed up a transfer quota slot. * Let any other zones waiting for quota have it. @@ -5745,7 +6998,7 @@ zone_loaddone(void *arg, isc_result_t result) { ENTER; tresult = dns_db_endload(load->db, &load->callbacks.add_private); - if (tresult != ISC_R_SUCCESS && + if (tresult != ISC_R_SUCCESS && (result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE)) result = tresult; @@ -5753,6 +7006,13 @@ zone_loaddone(void *arg, isc_result_t result) { (void)zone_postload(load->zone, load->db, load->loadtime, result); zonemgr_putio(&load->zone->readio); DNS_ZONE_CLRFLAG(load->zone, DNS_ZONEFLG_LOADING); + /* + * Leave the zone frozen if the reload fails. + */ + if ((result == ISC_R_SUCCESS || result == DNS_R_SEENINCLUDE) && + DNS_ZONE_FLAG(load->zone, DNS_ZONEFLG_THAW)) + zone->update_disabled = ISC_FALSE; + DNS_ZONE_CLRFLAG(load->zone, DNS_ZONEFLG_THAW); UNLOCK_ZONE(load->zone); load->magic = 0; @@ -5839,12 +7099,14 @@ static void got_transfer_quota(isc_task_t *task, isc_event_t *event) { isc_result_t result; dns_peer_t *peer = NULL; - char mastertext[256]; + char master[ISC_SOCKADDR_FORMATSIZE]; + char source[ISC_SOCKADDR_FORMATSIZE]; dns_rdatatype_t xfrtype; dns_zone_t *zone = event->ev_arg; isc_netaddr_t masterip; isc_sockaddr_t sourceaddr; isc_sockaddr_t masteraddr; + isc_time_t now; UNUSED(task); @@ -5855,34 +7117,44 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { goto cleanup; } - isc_sockaddr_format(&zone->masteraddr, mastertext, sizeof(mastertext)); + TIME_NOW(&now); + + isc_sockaddr_format(&zone->masteraddr, master, sizeof(master)); + if (dns_zonemgr_unreachable(zone->zmgr, &zone->masteraddr, + &zone->sourceaddr, &now)) { + isc_sockaddr_format(&zone->sourceaddr, source, sizeof(source)); + dns_zone_log(zone, ISC_LOG_INFO, + "got_transfer_quota: skipping zone transfer as " + "master %s (source %s) is unreachable (cached)", + master, source); + result = ISC_R_CANCELED; + goto cleanup; + } isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr); - (void)dns_peerlist_peerbyaddr(zone->view->peers, - &masterip, &peer); + (void)dns_peerlist_peerbyaddr(zone->view->peers, &masterip, &peer); /* * Decide whether we should request IXFR or AXFR. */ if (zone->db == NULL) { dns_zone_log(zone, ISC_LOG_DEBUG(1), - "no database exists yet, " - "requesting AXFR of " - "initial version from %s", mastertext); + "no database exists yet, requesting AXFR of " + "initial version from %s", master); xfrtype = dns_rdatatype_axfr; } else if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_IXFRFROMDIFFS)) { dns_zone_log(zone, ISC_LOG_DEBUG(1), "ixfr-from-differences " - "set, requesting AXFR from %s", mastertext); + "set, requesting AXFR from %s", master); xfrtype = dns_rdatatype_axfr; } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER)) { dns_zone_log(zone, ISC_LOG_DEBUG(1), "forced reload, requesting AXFR of " - "initial version from %s", mastertext); + "initial version from %s", master); xfrtype = dns_rdatatype_axfr; } else if (DNS_ZONE_FLAG(zone, DNS_ZONEFLAG_NOIXFR)) { dns_zone_log(zone, ISC_LOG_DEBUG(1), "retrying with AXFR from %s due to " - "previous IXFR failure", mastertext); + "previous IXFR failure", master); xfrtype = dns_rdatatype_axfr; LOCK_ZONE(zone); DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLAG_NOIXFR); @@ -5898,17 +7170,15 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { } if (use_ixfr == ISC_FALSE) { dns_zone_log(zone, ISC_LOG_DEBUG(1), - "IXFR disabled, " - "requesting AXFR from %s", - mastertext); + "IXFR disabled, requesting AXFR from %s", + master); if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_SOABEFOREAXFR)) xfrtype = dns_rdatatype_soa; else xfrtype = dns_rdatatype_axfr; } else { dns_zone_log(zone, ISC_LOG_DEBUG(1), - "requesting IXFR from %s", - mastertext); + "requesting IXFR from %s", master); xfrtype = dns_rdatatype_ixfr; } } @@ -5933,8 +7203,7 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { dns_zone_log(zone, ISC_LOG_ERROR, - "could not get TSIG key " - "for zone transfer: %s", + "could not get TSIG key for zone transfer: %s", isc_result_totext(result)); } @@ -5947,6 +7216,21 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { zone->tsigkey, zone->mctx, zone->zmgr->timermgr, zone->zmgr->socketmgr, zone->task, zone_xfrdone, &zone->xfr); + if (result == ISC_R_SUCCESS) { + LOCK_ZONE(zone); + if (xfrtype == dns_rdatatype_axfr) { + if (isc_sockaddr_pf(&masteraddr) == PF_INET) + inc_stats(zone, dns_zonestatscounter_axfrreqv4); + else + inc_stats(zone, dns_zonestatscounter_axfrreqv6); + } else if (xfrtype == dns_rdatatype_ixfr) { + if (isc_sockaddr_pf(&masteraddr) == PF_INET) + inc_stats(zone, dns_zonestatscounter_ixfrreqv4); + else + inc_stats(zone, dns_zonestatscounter_ixfrreqv6); + } + UNLOCK_ZONE(zone); + } cleanup: /* * Any failure in this function is handled like a failed @@ -6216,14 +7500,11 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, ISC_LIST_INIT(zmgr->zones); ISC_LIST_INIT(zmgr->waiting_for_xfrin); ISC_LIST_INIT(zmgr->xfrin_in_progress); + memset(zmgr->unreachable, 0, sizeof(zmgr->unreachable)); result = isc_rwlock_init(&zmgr->rwlock, 0, 0); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_rwlock_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto free_mem; - } + zmgr->transfersin = 10; zmgr->transfersperns = 2; @@ -6254,12 +7535,9 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, ISC_LIST_INIT(zmgr->low); result = isc_mutex_init(&zmgr->iolock); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() failed: %s", - isc_result_totext(result)); + if (result != ISC_R_SUCCESS) goto free_rl; - } + zmgr->magic = ZONEMGR_MAGIC; *zmgrp = zmgr; @@ -6312,8 +7590,10 @@ dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone) { NULL, NULL, zone->task, zone_timer, zone, &zone->timer); + if (result != ISC_R_SUCCESS) goto cleanup_task; + /* * The timer "holds" a iref. */ @@ -6775,7 +8055,7 @@ zone_saveunique(dns_zone_t *zone, const char *path, const char *templat) { if (result != ISC_R_SUCCESS) goto cleanup; - dns_zone_log(zone, ISC_LOG_INFO, "saved '%s' as '%s'", + dns_zone_log(zone, ISC_LOG_WARNING, "saved '%s' as '%s'", path, buf); cleanup: @@ -6783,7 +8063,7 @@ zone_saveunique(dns_zone_t *zone, const char *path, const char *templat) { } #if 0 -/* Hook for ondestroy notifcation from a database. */ +/* Hook for ondestroy notification from a database. */ static void dns_zonemgr_dbdestroyed(isc_task_t *task, isc_event_t *event) { @@ -6839,6 +8119,87 @@ dns_zonemgr_getserialqueryrate(dns_zonemgr_t *zmgr) { return (zmgr->serialqueryrate); } +static isc_boolean_t +dns_zonemgr_unreachable(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, + isc_sockaddr_t *local, isc_time_t *now) +{ + unsigned int i; + isc_rwlocktype_t locktype; + isc_result_t result; + isc_uint32_t seconds = isc_time_seconds(now); + + REQUIRE(DNS_ZONEMGR_VALID(zmgr)); + + locktype = isc_rwlocktype_read; + RWLOCK(&zmgr->rwlock, locktype); + for (i = 0; i < UNREACH_CHACHE_SIZE; i++) { + if (zmgr->unreachable[i].expire >= seconds && + isc_sockaddr_equal(&zmgr->unreachable[i].remote, remote) && + isc_sockaddr_equal(&zmgr->unreachable[i].local, local)) { + result = isc_rwlock_tryupgrade(&zmgr->rwlock); + if (result == ISC_R_SUCCESS) { + locktype = isc_rwlocktype_write; + zmgr->unreachable[i].last = seconds; + } + break; + } + } + RWUNLOCK(&zmgr->rwlock, locktype); + return (ISC_TF(i < UNREACH_CHACHE_SIZE)); +} + +void +dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, + isc_sockaddr_t *local, isc_time_t *now) +{ + isc_uint32_t seconds = isc_time_seconds(now); + isc_uint32_t last = seconds; + unsigned int i, slot = UNREACH_CHACHE_SIZE, oldest = 0; + + REQUIRE(DNS_ZONEMGR_VALID(zmgr)); + + RWLOCK(&zmgr->rwlock, isc_rwlocktype_write); + for (i = 0; i < UNREACH_CHACHE_SIZE; i++) { + /* Existing entry? */ + if (isc_sockaddr_equal(&zmgr->unreachable[i].remote, remote) && + isc_sockaddr_equal(&zmgr->unreachable[i].local, local)) + break; + /* Empty slot? */ + if (zmgr->unreachable[i].expire < seconds) + slot = i; + /* Least recently used slot? */ + if (zmgr->unreachable[i].last < last) { + last = zmgr->unreachable[i].last; + oldest = i; + } + } + if (i < UNREACH_CHACHE_SIZE) { + /* + * Found a existing entry. Update the expire timer and + * last usage timestamps. + */ + zmgr->unreachable[i].expire = seconds + UNREACH_HOLD_TIME; + zmgr->unreachable[i].last = seconds; + } else if (slot != UNREACH_CHACHE_SIZE) { + /* + * Found a empty slot. Add a new entry to the cache. + */ + zmgr->unreachable[slot].expire = seconds + UNREACH_HOLD_TIME; + zmgr->unreachable[slot].last = seconds; + zmgr->unreachable[slot].remote = *remote; + zmgr->unreachable[slot].local = *local; + } else { + /* + * Replace the least recently used entry in the cache. + */ + zmgr->unreachable[oldest].expire = seconds + UNREACH_HOLD_TIME; + zmgr->unreachable[oldest].last = seconds; + zmgr->unreachable[oldest].remote = *remote; + zmgr->unreachable[oldest].local = *local; + } + RWUNLOCK(&zmgr->rwlock, isc_rwlocktype_write); +} + void dns_zone_forcereload(dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); @@ -6861,26 +8222,66 @@ dns_zone_isforced(dns_zone_t *zone) { isc_result_t dns_zone_setstatistics(dns_zone_t *zone, isc_boolean_t on) { - isc_result_t result = ISC_R_SUCCESS; + /* + * This function is obsoleted. + */ + UNUSED(zone); + UNUSED(on); + return (ISC_R_NOTIMPLEMENTED); +} + +isc_uint64_t * +dns_zone_getstatscounters(dns_zone_t *zone) { + /* + * This function is obsoleted. + */ + UNUSED(zone); + return (NULL); +} + +void +dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats) { + REQUIRE(DNS_ZONE_VALID(zone)); + REQUIRE(zone->stats == NULL); LOCK_ZONE(zone); - if (on) { - if (zone->counters != NULL) - goto done; - result = dns_stats_alloccounters(zone->mctx, &zone->counters); - } else { - if (zone->counters == NULL) - goto done; - dns_stats_freecounters(zone->mctx, &zone->counters); + zone->stats = NULL; + isc_stats_attach(stats, &zone->stats); + UNLOCK_ZONE(zone); +} + +void +dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats) { + REQUIRE(DNS_ZONE_VALID(zone)); + + LOCK_ZONE(zone); + if (zone->requeststats_on && stats == NULL) + zone->requeststats_on = ISC_FALSE; + else if (!zone->requeststats_on && stats != NULL) { + if (zone->requeststats == NULL) { + isc_stats_attach(stats, &zone->requeststats); + zone->requeststats_on = ISC_TRUE; + } } - done: UNLOCK_ZONE(zone); - return (result); + + return; } -isc_uint64_t * -dns_zone_getstatscounters(dns_zone_t *zone) { - return (zone->counters); +isc_stats_t * +dns_zone_getrequeststats(dns_zone_t *zone) { + /* + * We don't lock zone for efficiency reason. This is not catastrophic + * because requeststats must always be valid when requeststats_on is + * true. + * Some counters may be incremented while requeststats_on is becoming + * false, or some cannot be incremented just after the statistics are + * installed, but it shouldn't matter much in practice. + */ + if (zone->requeststats_on) + return (zone->requeststats); + else + return (NULL); } void @@ -6955,6 +8356,7 @@ dns_zone_getkeydirectory(dns_zone_t *zone) { return (zone->keydirectory); } + unsigned int dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state) { dns_zone_t *zone; @@ -7046,3 +8448,47 @@ dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata) { return (ISC_R_SUCCESS); } + +void +dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx) { + REQUIRE(DNS_ZONE_VALID(zone)); + zone->checkmx = checkmx; +} + +void +dns_zone_setchecksrv(dns_zone_t *zone, dns_checksrvfunc_t checksrv) { + REQUIRE(DNS_ZONE_VALID(zone)); + zone->checksrv = checksrv; +} + +void +dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns) { + REQUIRE(DNS_ZONE_VALID(zone)); + zone->checkns = checkns; +} + +void +dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg) { + REQUIRE(DNS_ZONE_VALID(zone)); + + LOCK_ZONE(zone); + zone->isself = isself; + zone->isselfarg = arg; + UNLOCK_ZONE(zone); +} + +void +dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay) { + REQUIRE(DNS_ZONE_VALID(zone)); + + LOCK_ZONE(zone); + zone->notifydelay = delay; + UNLOCK_ZONE(zone); +} + +isc_uint32_t +dns_zone_getnotifydelay(dns_zone_t *zone) { + REQUIRE(DNS_ZONE_VALID(zone)); + + return (zone->notifydelay); +} diff --git a/contrib/bind-9.3/lib/dns/zonekey.c b/contrib/bind-9.5.2/lib/dns/zonekey.c similarity index 86% rename from contrib/bind-9.3/lib/dns/zonekey.c rename to contrib/bind-9.5.2/lib/dns/zonekey.c index dc7ae0f6c8..bf7474b86c 100644 --- a/contrib/bind-9.3/lib/dns/zonekey.c +++ b/contrib/bind-9.5.2/lib/dns/zonekey.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zonekey.c,v 1.3.206.3 2004/03/08 09:04:33 marka Exp $ */ +/* $Id: zonekey.c,v 1.9 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/zt.c b/contrib/bind-9.5.2/lib/dns/zt.c similarity index 69% rename from contrib/bind-9.3/lib/dns/zt.c rename to contrib/bind-9.5.2/lib/dns/zt.c index 7aa6a9f4c9..ed7f28a4a9 100644 --- a/contrib/bind-9.3/lib/dns/zt.c +++ b/contrib/bind-9.5.2/lib/dns/zt.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,16 +15,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zt.c,v 1.33.12.6 2004/03/08 21:06:28 marka Exp $ */ +/* $Id: zt.c,v 1.47 2007/06/19 23:47:16 tbox Exp $ */ + +/*! \file */ #include +#include #include #include +#include #include +#include +#include #include +#include #include +#include #include #include @@ -51,8 +59,12 @@ load(dns_zone_t *zone, void *uap); static isc_result_t loadnew(dns_zone_t *zone, void *uap); +static isc_result_t +freezezones(dns_zone_t *zone, void *uap); + isc_result_t -dns_zt_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_zt_t **ztp) { +dns_zt_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_zt_t **ztp) +{ dns_zt_t *zt; isc_result_t result; @@ -68,13 +80,8 @@ dns_zt_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, dns_zt_t **ztp) { goto cleanup_zt; result = isc_rwlock_init(&zt->rwlock, 0, 0); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_rwlock_init() failed: %s", - isc_result_totext(result)); - result = ISC_R_UNEXPECTED; + if (result != ISC_R_SUCCESS) goto cleanup_rbt; - } zt->mctx = mctx; zt->references = 1; @@ -265,13 +272,91 @@ loadnew(dns_zone_t *zone, void *uap) { return (result); } +isc_result_t +dns_zt_freezezones(dns_zt_t *zt, isc_boolean_t freeze) { + isc_result_t result, tresult; + + REQUIRE(VALID_ZT(zt)); + + RWLOCK(&zt->rwlock, isc_rwlocktype_read); + result = dns_zt_apply2(zt, ISC_FALSE, &tresult, freezezones, &freeze); + RWUNLOCK(&zt->rwlock, isc_rwlocktype_read); + return ((result == ISC_R_SUCCESS) ? tresult : result); +} + +static isc_result_t +freezezones(dns_zone_t *zone, void *uap) { + isc_boolean_t freeze = *(isc_boolean_t *)uap; + isc_boolean_t frozen; + isc_result_t result = ISC_R_SUCCESS; + char classstr[DNS_RDATACLASS_FORMATSIZE]; + char zonename[DNS_NAME_FORMATSIZE]; + dns_view_t *view; + char *journal; + const char *vname; + const char *sep; + int level; + + if (dns_zone_gettype(zone) != dns_zone_master) + return (ISC_R_SUCCESS); + + frozen = dns_zone_getupdatedisabled(zone); + if (freeze) { + if (frozen) + result = DNS_R_FROZEN; + if (result == ISC_R_SUCCESS) + result = dns_zone_flush(zone); + if (result == ISC_R_SUCCESS) { + journal = dns_zone_getjournal(zone); + if (journal != NULL) + (void)isc_file_remove(journal); + } + } else { + if (frozen) { + result = dns_zone_load(zone); + if (result == DNS_R_CONTINUE || + result == DNS_R_UPTODATE) + result = ISC_R_SUCCESS; + } + } + if (result == ISC_R_SUCCESS) + dns_zone_setupdatedisabled(zone, freeze); + view = dns_zone_getview(zone); + if (strcmp(view->name, "_bind") == 0 || + strcmp(view->name, "_default") == 0) + { + vname = ""; + sep = ""; + } else { + vname = view->name; + sep = " "; + } + dns_rdataclass_format(dns_zone_getclass(zone), classstr, + sizeof(classstr)); + dns_name_format(dns_zone_getorigin(zone), zonename, sizeof(zonename)); + level = (result != ISC_R_SUCCESS) ? ISC_LOG_ERROR : ISC_LOG_DEBUG(1); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE, + level, "%s zone '%s/%s'%s%s: %s", + freeze ? "freezing" : "thawing", + zonename, classstr, sep, vname, + isc_result_totext(result)); + return (result); +} + isc_result_t dns_zt_apply(dns_zt_t *zt, isc_boolean_t stop, isc_result_t (*action)(dns_zone_t *, void *), void *uap) +{ + return (dns_zt_apply2(zt, stop, NULL, action, uap)); +} + +isc_result_t +dns_zt_apply2(dns_zt_t *zt, isc_boolean_t stop, isc_result_t *sub, + isc_result_t (*action)(dns_zone_t *, void *), void *uap) { dns_rbtnode_t *node; dns_rbtnodechain_t chain; - isc_result_t result; + isc_result_t result, tresult = ISC_R_SUCCESS; dns_zone_t *zone; REQUIRE(VALID_ZT(zt)); @@ -292,8 +377,12 @@ dns_zt_apply(dns_zt_t *zt, isc_boolean_t stop, zone = node->data; if (zone != NULL) result = (action)(zone, uap); - if (result != ISC_R_SUCCESS && stop) + if (result != ISC_R_SUCCESS && stop) { + tresult = result; goto cleanup; /* don't break */ + } else if (result != ISC_R_SUCCESS && + tresult == ISC_R_SUCCESS) + tresult = result; } result = dns_rbtnodechain_next(&chain, NULL, NULL); } @@ -302,6 +391,8 @@ dns_zt_apply(dns_zt_t *zt, isc_boolean_t stop, cleanup: dns_rbtnodechain_invalidate(&chain); + if (sub != NULL) + *sub = tresult; return (result); } diff --git a/contrib/bind-9.5.2/lib/isc/alpha/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/alpha/include/isc/atomic.h new file mode 100644 index 0000000000..21f7597fd1 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/alpha/include/isc/atomic.h @@ -0,0 +1,184 @@ +/* + * Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.5.128.2 2009/04/08 06:47:03 tbox Exp $ */ + +/* + * This code was written based on FreeBSD's kernel source whose copyright + * follows: + */ + +/*- + * Copyright (c) 1998 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: src/sys/alpha/include/atomic.h,v 1.18.6.1 2004/09/13 21:52:04 wilko Exp $ + */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +#ifdef ISC_PLATFORM_USEOSFASM +#include + +#pragma intrinsic(asm) + +/* + * This routine atomically increments the value stored in 'p' by 'val', and + * returns the previous value. Memory access ordering around this function + * can be critical, so we add explicit memory block instructions at the + * beginning and the end of it (same for other functions). + */ +static inline isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + return (asm("mb;" + "1:" + "ldl_l %t0, 0(%a0);" /* load old value */ + "mov %t0, %v0;" /* copy the old value */ + "addl %t0, %a1, %t0;" /* calculate new value */ + "stl_c %t0, 0(%a0);" /* attempt to store */ + "beq %t0, 1b;" /* spin if failed */ + "mb;", + p, val)); +} + +/* + * This routine atomically stores the value 'val' in 'p'. + */ +static inline void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + (void)asm("mb;" + "1:" + "ldl_l %t0, 0(%a0);" /* load old value */ + "mov %a1, %t0;" /* value to store */ + "stl_c %t0, 0(%a0);" /* attempt to store */ + "beq %t0, 1b;" /* spin if failed */ + "mb;", + p, val); +} + +/* + * This routine atomically replaces the value in 'p' with 'val', if the + * original value is equal to 'cmpval'. The original value is returned in any + * case. + */ +static inline isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + + return(asm("mb;" + "1:" + "ldl_l %t0, 0(%a0);" /* load old value */ + "mov %t0, %v0;" /* copy the old value */ + "cmpeq %t0, %a1, %t0;" /* compare */ + "beq %t0, 2f;" /* exit if not equal */ + "mov %a2, %t0;" /* value to store */ + "stl_c %t0, 0(%a0);" /* attempt to store */ + "beq %t0, 1b;" /* if it failed, spin */ + "2:" + "mb;", + p, cmpval, val)); +} +#elif defined (ISC_PLATFORM_USEGCCASM) +static inline isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + isc_int32_t temp, prev; + + __asm__ volatile( + "mb;" + "1:" + "ldl_l %0, %1;" /* load old value */ + "mov %0, %2;" /* copy the old value */ + "addl %0, %3, %0;" /* calculate new value */ + "stl_c %0, %1;" /* attempt to store */ + "beq %0, 1b;" /* spin if failed */ + "mb;" + : "=&r"(temp), "+m"(*p), "=&r"(prev) + : "r"(val) + : "memory"); + + return (prev); +} + +static inline void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + isc_int32_t temp; + + __asm__ volatile( + "mb;" + "1:" + "ldl_l %0, %1;" /* load old value */ + "mov %2, %0;" /* value to store */ + "stl_c %0, %1;" /* attempt to store */ + "beq %0, 1b;" /* if it failed, spin */ + "mb;" + : "=&r"(temp), "+m"(*p) + : "r"(val) + : "memory"); +} + +static inline isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + isc_int32_t temp, prev; + + __asm__ volatile( + "mb;" + "1:" + "ldl_l %0, %1;" /* load old value */ + "mov %0, %2;" /* copy the old value */ + "cmpeq %0, %3, %0;" /* compare */ + "beq %0, 2f;" /* exit if not equal */ + "mov %4, %0;" /* value to store */ + "stl_c %0, %1;" /* attempt to store */ + "beq %0, 1b;" /* if it failed, spin */ + "2:" + "mb;" + : "=&r"(temp), "+m"(*p), "=&r"(prev) + : "r"(cmpval), "r"(val) + : "memory"); + + return (prev); +} +#else + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif + +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.3/lib/isc/api b/contrib/bind-9.5.2/lib/isc/api similarity index 60% rename from contrib/bind-9.3/lib/isc/api rename to contrib/bind-9.5.2/lib/isc/api index b4d017358a..9cc4a9c176 100644 --- a/contrib/bind-9.3/lib/isc/api +++ b/contrib/bind-9.5.2/lib/isc/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 12 +LIBINTERFACE = 46 LIBREVISION = 1 LIBAGE = 1 diff --git a/contrib/bind-9.3/lib/isc/assertions.c b/contrib/bind-9.5.2/lib/isc/assertions.c similarity index 87% rename from contrib/bind-9.3/lib/isc/assertions.c rename to contrib/bind-9.5.2/lib/isc/assertions.c index 94c6732fd8..23c83ffcff 100644 --- a/contrib/bind-9.3/lib/isc/assertions.c +++ b/contrib/bind-9.5.2/lib/isc/assertions.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: assertions.c,v 1.16.206.1 2004/03/06 08:14:27 marka Exp $ */ +/* $Id: assertions.c,v 1.21.128.2 2008/10/15 23:46:53 tbox Exp $ */ + +/*! \file */ #include @@ -25,20 +27,21 @@ #include #include -/* +/*% * Forward. */ - +/* coverity[+kill] */ static void default_callback(const char *, int, isc_assertiontype_t, const char *); -/* +/*% * Public. */ LIBISC_EXTERNAL_DATA isc_assertioncallback_t isc_assertion_failed = default_callback; +/*% Set callback. */ void isc_assertion_setcallback(isc_assertioncallback_t cb) { if (cb == NULL) @@ -47,6 +50,7 @@ isc_assertion_setcallback(isc_assertioncallback_t cb) { isc_assertion_failed = cb; } +/*% Type to Text */ const char * isc_assertion_typetotext(isc_assertiontype_t type) { const char *result; diff --git a/contrib/bind-9.3/lib/isc/base64.c b/contrib/bind-9.5.2/lib/isc/base64.c similarity index 92% rename from contrib/bind-9.3/lib/isc/base64.c rename to contrib/bind-9.5.2/lib/isc/base64.c index 445f8f5633..13ed6b5c5c 100644 --- a/contrib/bind-9.3/lib/isc/base64.c +++ b/contrib/bind-9.5.2/lib/isc/base64.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: base64.c,v 1.23.2.2.2.3 2004/03/06 08:14:27 marka Exp $ */ +/* $Id: base64.c,v 1.32 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -32,7 +34,8 @@ } while (0) -/* +/*@{*/ +/*! * These static functions are also present in lib/dns/rdata.c. I'm not * sure where they should go. -- bwelling */ @@ -44,6 +47,7 @@ mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length); static const char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; +/*@}*/ isc_result_t isc_base64_totext(isc_region_t *source, int wordlength, @@ -90,14 +94,14 @@ isc_base64_totext(isc_region_t *source, int wordlength, return (ISC_R_SUCCESS); } -/* +/*% * State of a base64 decoding process in progress. */ typedef struct { - int length; /* Desired length of binary data or -1 */ - isc_buffer_t *target; /* Buffer for resulting binary data */ - int digits; /* Number of buffered base64 digits */ - isc_boolean_t seen_end; /* True if "=" end marker seen */ + int length; /*%< Desired length of binary data or -1 */ + isc_buffer_t *target; /*%< Buffer for resulting binary data */ + int digits; /*%< Number of buffered base64 digits */ + isc_boolean_t seen_end; /*%< True if "=" end marker seen */ int val[4]; } base64_decode_ctx_t; diff --git a/contrib/bind-9.3/lib/isc/bitstring.c b/contrib/bind-9.5.2/lib/isc/bitstring.c similarity index 93% rename from contrib/bind-9.3/lib/isc/bitstring.c rename to contrib/bind-9.5.2/lib/isc/bitstring.c index e77ed39ba2..33c7c1fa6d 100644 --- a/contrib/bind-9.3/lib/isc/bitstring.c +++ b/contrib/bind-9.5.2/lib/isc/bitstring.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: bitstring.c,v 1.12.206.1 2004/03/06 08:14:27 marka Exp $ */ +/* $Id: bitstring.c,v 1.17 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/buffer.c b/contrib/bind-9.5.2/lib/isc/buffer.c similarity index 81% rename from contrib/bind-9.3/lib/isc/buffer.c rename to contrib/bind-9.5.2/lib/isc/buffer.c index 30ce529e50..ccf17b3c20 100644 --- a/contrib/bind-9.3/lib/isc/buffer.c +++ b/contrib/bind-9.5.2/lib/isc/buffer.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: buffer.c,v 1.36.12.2 2004/03/08 09:04:48 marka Exp $ */ +/* $Id: buffer.c,v 1.47 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -37,6 +39,35 @@ isc__buffer_init(isc_buffer_t *b, const void *base, unsigned int length) { ISC__BUFFER_INIT(b, base, length); } +void +isc__buffer_initnull(isc_buffer_t *b) { + /* + * Initialize a new buffer which has no backing store. This can + * later be grown as needed and swapped in place. + */ + + ISC__BUFFER_INIT(b, NULL, 0); +} + +void +isc_buffer_reinit(isc_buffer_t *b, void *base, unsigned int length) { + /* + * Re-initialize the buffer enough to reconfigure the base of the + * buffer. We will swap in the new buffer, after copying any + * data we contain into the new buffer and adjusting all of our + * internal pointers. + * + * The buffer must not be smaller than the length of the original + * buffer. + */ + REQUIRE(b->length <= length); + REQUIRE(base != NULL); + + (void)memmove(base, b->base, b->length); + b->base = base; + b->length = length; +} + void isc__buffer_invalidate(isc_buffer_t *b) { /* @@ -316,6 +347,45 @@ isc__buffer_putuint32(isc_buffer_t *b, isc_uint32_t val) { ISC__BUFFER_PUTUINT32(b, val); } +isc_uint64_t +isc_buffer_getuint48(isc_buffer_t *b) { + unsigned char *cp; + isc_uint64_t result; + + /* + * Read an unsigned 48-bit integer in network byte order from 'b', + * convert it to host byte order, and return it. + */ + + REQUIRE(ISC_BUFFER_VALID(b)); + REQUIRE(b->used - b->current >= 6); + + cp = isc_buffer_current(b); + b->current += 6; + result = ((isc_int64_t)(cp[0])) << 40; + result |= ((isc_int64_t)(cp[1])) << 32; + result |= ((isc_int64_t)(cp[2])) << 24; + result |= ((isc_int64_t)(cp[3])) << 16; + result |= ((isc_int64_t)(cp[4])) << 8; + result |= ((isc_int64_t)(cp[5])); + + return (result); +} + +void +isc__buffer_putuint48(isc_buffer_t *b, isc_uint64_t val) { + isc_uint16_t valhi; + isc_uint32_t vallo; + + REQUIRE(ISC_BUFFER_VALID(b)); + REQUIRE(b->used + 6 <= b->length); + + valhi = (isc_uint16_t)(val >> 32); + vallo = (isc_uint32_t)(val & 0xFFFFFFFF); + ISC__BUFFER_PUTUINT16(b, valhi); + ISC__BUFFER_PUTUINT32(b, vallo); +} + void isc__buffer_putmem(isc_buffer_t *b, const unsigned char *base, unsigned int length) diff --git a/contrib/bind-9.3/lib/isc/bufferlist.c b/contrib/bind-9.5.2/lib/isc/bufferlist.c similarity index 87% rename from contrib/bind-9.3/lib/isc/bufferlist.c rename to contrib/bind-9.5.2/lib/isc/bufferlist.c index 6d64a3f610..0e5c1251bf 100644 --- a/contrib/bind-9.3/lib/isc/bufferlist.c +++ b/contrib/bind-9.5.2/lib/isc/bufferlist.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: bufferlist.c,v 1.12.206.1 2004/03/06 08:14:28 marka Exp $ */ +/* $Id: bufferlist.c,v 1.17 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/commandline.c b/contrib/bind-9.5.2/lib/isc/commandline.c similarity index 91% rename from contrib/bind-9.3/lib/isc/commandline.c rename to contrib/bind-9.5.2/lib/isc/commandline.c index 4c8af7f0ec..8735d35e27 100644 --- a/contrib/bind-9.3/lib/isc/commandline.c +++ b/contrib/bind-9.5.2/lib/isc/commandline.c @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -48,9 +48,9 @@ * SUCH DAMAGE. */ -/* $Id: commandline.c,v 1.15.206.1 2004/03/06 08:14:28 marka Exp $ */ +/* $Id: commandline.c,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ -/* +/*! \file * This file was adapted from the NetBSD project's source tree, RCS ID: * NetBSD: getopt.c,v 1.15 1999/09/20 04:39:37 lukem Exp * @@ -59,8 +59,8 @@ */ /* - * Principal Authors: Computer Systems Research Group at UC Berkeley - * Principal ISC caretaker: DCL + * \author Principal Authors: Computer Systems Research Group at UC Berkeley + * \author Principal ISC caretaker: DCL */ #include @@ -72,17 +72,17 @@ #include #include -/* Index into parent argv vector. */ +/*% Index into parent argv vector. */ LIBISC_EXTERNAL_DATA int isc_commandline_index = 1; -/* Character checked for validity. */ +/*% Character checked for validity. */ LIBISC_EXTERNAL_DATA int isc_commandline_option; -/* Argument associated with option. */ +/*% Argument associated with option. */ LIBISC_EXTERNAL_DATA char *isc_commandline_argument; -/* For printing error messages. */ +/*% For printing error messages. */ LIBISC_EXTERNAL_DATA char *isc_commandline_progname; -/* Print error messages. */ +/*% Print error messages. */ LIBISC_EXTERNAL_DATA isc_boolean_t isc_commandline_errprint = ISC_TRUE; -/* Reset processing. */ +/*% Reset processing. */ LIBISC_EXTERNAL_DATA isc_boolean_t isc_commandline_reset = ISC_TRUE; static char endopt = '\0'; @@ -91,7 +91,7 @@ static char endopt = '\0'; #define BADARG ':' #define ENDOPT &endopt -/* +/*! * getopt -- * Parse argc/argv argument vector. */ diff --git a/contrib/bind-9.3/lib/isc/entropy.c b/contrib/bind-9.5.2/lib/isc/entropy.c similarity index 92% rename from contrib/bind-9.3/lib/isc/entropy.c rename to contrib/bind-9.5.2/lib/isc/entropy.c index 8834eefd17..5400e32ab1 100644 --- a/contrib/bind-9.3/lib/isc/entropy.c +++ b/contrib/bind-9.5.2/lib/isc/entropy.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,16 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: entropy.c,v 1.3.2.2.2.7 2004/03/08 09:04:48 marka Exp $ */ +/* $Id: entropy.c,v 1.18.128.2 2009/01/19 23:47:03 tbox Exp $ */ -/* +/*! \file + * \brief * This is the system independent part of the entropy module. It is * compiled via inclusion from the relevant OS source file, ie, - * unix/entropy.c or win32/entropy.c. + * \link unix/entropy.c unix/entropy.c \endlink or win32/entropy.c. + * + * \author Much of this code is modeled after the NetBSD /dev/random implementation, + * written by Michael Graff . */ #include @@ -42,10 +46,6 @@ #include #include -/* - * Much of this code is modeled after the NetBSD /dev/random implementation, - * written by Michael Graff . - */ #define ENTROPY_MAGIC ISC_MAGIC('E', 'n', 't', 'e') #define SOURCE_MAGIC ISC_MAGIC('E', 'n', 't', 's') @@ -58,26 +58,28 @@ *** you are doing. ***/ -/* - * size of entropy pool in 32-bit words. This _MUST_ be a power of 2. +/*% + * Size of entropy pool in 32-bit words. This _MUST_ be a power of 2. */ #define RND_POOLWORDS 128 +/*% Pool in bytes. */ #define RND_POOLBYTES (RND_POOLWORDS * 4) +/*% Pool in bits. */ #define RND_POOLBITS (RND_POOLWORDS * 32) -/* +/*% * Number of bytes returned per hash. This must be true: * threshold * 2 <= digest_size_in_bytes */ #define RND_ENTROPY_THRESHOLD 10 #define THRESHOLD_BITS (RND_ENTROPY_THRESHOLD * 8) -/* +/*% * Size of the input event queue in samples. */ #define RND_EVENTQSIZE 32 -/* +/*% * The number of times we'll "reseed" for pseudorandom seeds. This is an * extremely weak pseudorandom seed. If the caller is using lots of * pseudorandom data and they cannot provide a stronger random source, @@ -86,12 +88,13 @@ */ #define RND_INITIALIZE 128 +/*% Entropy Pool */ typedef struct { - isc_uint32_t cursor; /* current add point in the pool */ - isc_uint32_t entropy; /* current entropy estimate in bits */ - isc_uint32_t pseudo; /* bits extracted in pseudorandom */ - isc_uint32_t rotate; /* how many bits to rotate by */ - isc_uint32_t pool[RND_POOLWORDS]; /* random pool data */ + isc_uint32_t cursor; /*%< current add point in the pool */ + isc_uint32_t entropy; /*%< current entropy estimate in bits */ + isc_uint32_t pseudo; /*%< bits extracted in pseudorandom */ + isc_uint32_t rotate; /*%< how many bits to rotate by */ + isc_uint32_t pool[RND_POOLWORDS]; /*%< random pool data */ } isc_entropypool_t; struct isc_entropy { @@ -107,13 +110,14 @@ struct isc_entropy { ISC_LIST(isc_entropysource_t) sources; }; +/*% Sample Queue */ typedef struct { - isc_uint32_t last_time; /* last time recorded */ - isc_uint32_t last_delta; /* last delta value */ - isc_uint32_t last_delta2; /* last delta2 value */ - isc_uint32_t nsamples; /* number of samples filled in */ - isc_uint32_t *samples; /* the samples */ - isc_uint32_t *extra; /* extra samples added in */ + isc_uint32_t last_time; /*%< last time recorded */ + isc_uint32_t last_delta; /*%< last delta value */ + isc_uint32_t last_delta2; /*%< last delta2 value */ + isc_uint32_t nsamples; /*%< number of samples filled in */ + isc_uint32_t *samples; /*%< the samples */ + isc_uint32_t *extra; /*%< extra samples added in */ } sample_queue_t; typedef struct { @@ -137,7 +141,7 @@ struct isc_entropysource { unsigned int magic; unsigned int type; isc_entropy_t *ent; - isc_uint32_t total; /* entropy from this source */ + isc_uint32_t total; /*%< entropy from this source */ ISC_LINK(isc_entropysource_t) link; char name[32]; isc_boolean_t bad; @@ -151,12 +155,13 @@ struct isc_entropysource { } sources; }; -#define ENTROPY_SOURCETYPE_SAMPLE 1 /* Type is a sample source */ -#define ENTROPY_SOURCETYPE_FILE 2 /* Type is a file source */ -#define ENTROPY_SOURCETYPE_CALLBACK 3 /* Type is a callback source */ -#define ENTROPY_SOURCETYPE_USOCKET 4 /* Type is a Unix socket source */ +#define ENTROPY_SOURCETYPE_SAMPLE 1 /*%< Type is a sample source */ +#define ENTROPY_SOURCETYPE_FILE 2 /*%< Type is a file source */ +#define ENTROPY_SOURCETYPE_CALLBACK 3 /*%< Type is a callback source */ +#define ENTROPY_SOURCETYPE_USOCKET 4 /*%< Type is a Unix socket source */ -/* +/*@{*/ +/*% * The random pool "taps" */ #define TAP1 99 @@ -164,8 +169,10 @@ struct isc_entropysource { #define TAP3 31 #define TAP4 9 #define TAP5 7 +/*@}*/ -/* +/*@{*/ +/*% * Declarations for function provided by the system dependent sources that * include this file. */ @@ -181,6 +188,7 @@ destroyfilesource(isc_entropyfilesource_t *source); static void destroyusocketsource(isc_entropyusocketsource_t *source); +/*@}*/ static void samplequeue_release(isc_entropy_t *ent, sample_queue_t *sq) { @@ -211,7 +219,7 @@ samplesource_allocate(isc_entropy_t *ent, sample_queue_t *sq) { return (ISC_R_SUCCESS); } -/* +/*% * Add in entropy, even when the value we're adding in could be * very large. */ @@ -225,7 +233,7 @@ add_entropy(isc_entropy_t *ent, isc_uint32_t entropy) { ent->pool.entropy = ISC_MIN(entropy, RND_POOLBITS); } -/* +/*% * Decrement the amount of entropy the pool has. */ static inline void @@ -234,7 +242,7 @@ subtract_entropy(isc_entropy_t *ent, isc_uint32_t entropy) { ent->pool.entropy -= entropy; } -/* +/*! * Add in entropy, even when the value we're adding in could be * very large. */ @@ -248,7 +256,7 @@ add_pseudo(isc_entropy_t *ent, isc_uint32_t pseudo) { ent->pool.pseudo = ISC_MIN(pseudo, RND_POOLBITS * 8); } -/* +/*! * Decrement the amount of pseudo the pool has. */ static inline void @@ -257,7 +265,7 @@ subtract_pseudo(isc_entropy_t *ent, isc_uint32_t pseudo) { ent->pool.pseudo -= pseudo; } -/* +/*! * Add one word to the pool, rotating the input as needed. */ static inline void @@ -282,7 +290,7 @@ entropypool_add_word(isc_entropypool_t *rp, isc_uint32_t val) { * If we have looped around the pool, increment the rotate * variable so the next value will get xored in rotated to * a different position. - * Increment by a value that is relativly prime to the word size + * Increment by a value that is relatively prime to the word size * to try to spread the bits throughout the pool quickly when the * pool is empty. */ @@ -292,7 +300,7 @@ entropypool_add_word(isc_entropypool_t *rp, isc_uint32_t val) { } } -/* +/*! * Add a buffer's worth of data to the pool. * * Requires that the lock is held on the entropy pool. @@ -362,7 +370,7 @@ reseed(isc_entropy_t *ent) { entropypool_adddata(ent, &pid, sizeof(pid), 0); } - /* + /*! * After we've reseeded 100 times, only add new timing info every * 50 requests. This will keep us from using lots and lots of * CPU just to return bad pseudorandom data anyway. @@ -382,7 +390,7 @@ estimate_entropy(sample_queue_t *sq, isc_uint32_t t) { isc_int32_t delta2; isc_int32_t delta3; - /* + /*! * If the time counter has overflowed, calculate the real difference. * If it has not, it is simpler. */ @@ -661,7 +669,7 @@ isc_entropypool_invalidate(isc_entropypool_t *pool) { isc_result_t isc_entropy_create(isc_mem_t *mctx, isc_entropy_t **entp) { - isc_result_t ret; + isc_result_t result; isc_entropy_t *ent; REQUIRE(mctx != NULL); @@ -674,10 +682,9 @@ isc_entropy_create(isc_mem_t *mctx, isc_entropy_t **entp) { /* * We need a lock. */ - if (isc_mutex_init(&ent->lock) != ISC_R_SUCCESS) { - ret = ISC_R_UNEXPECTED; + result = isc_mutex_init(&ent->lock); + if (result != ISC_R_SUCCESS) goto errout; - } /* * From here down, no failures will/can occur. @@ -700,10 +707,10 @@ isc_entropy_create(isc_mem_t *mctx, isc_entropy_t **entp) { errout: isc_mem_put(mctx, ent, sizeof(isc_entropy_t)); - return (ret); + return (result); } -/* +/*! * Requires "ent" be locked. */ static void @@ -851,7 +858,7 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent, void *arg, isc_entropysource_t **sourcep) { - isc_result_t ret; + isc_result_t result; isc_entropysource_t *source; isc_cbsource_t *cbs; @@ -863,15 +870,15 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent, source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t)); if (source == NULL) { - ret = ISC_R_NOMEMORY; + result = ISC_R_NOMEMORY; goto errout; } source->bad = ISC_FALSE; cbs = &source->sources.callback; - ret = samplesource_allocate(ent, &cbs->samplequeue); - if (ret != ISC_R_SUCCESS) + result = samplesource_allocate(ent, &cbs->samplequeue); + if (result != ISC_R_SUCCESS) goto errout; cbs->start_called = ISC_FALSE; @@ -907,7 +914,7 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent, UNLOCK(&ent->lock); - return (ret); + return (result); } void @@ -939,7 +946,7 @@ isc_result_t isc_entropy_createsamplesource(isc_entropy_t *ent, isc_entropysource_t **sourcep) { - isc_result_t ret; + isc_result_t result; isc_entropysource_t *source; sample_queue_t *sq; @@ -950,13 +957,13 @@ isc_entropy_createsamplesource(isc_entropy_t *ent, source = isc_mem_get(ent->mctx, sizeof(isc_entropysource_t)); if (source == NULL) { - ret = ISC_R_NOMEMORY; + result = ISC_R_NOMEMORY; goto errout; } sq = &source->sources.sample.samplequeue; - ret = samplesource_allocate(ent, sq); - if (ret != ISC_R_SUCCESS) + result = samplesource_allocate(ent, sq); + if (result != ISC_R_SUCCESS) goto errout; /* @@ -986,10 +993,10 @@ isc_entropy_createsamplesource(isc_entropy_t *ent, UNLOCK(&ent->lock); - return (ret); + return (result); } -/* +/*! * Add a sample, and return ISC_R_SUCCESS if the queue has become full, * ISC_R_NOENTROPY if it has space remaining, and ISC_R_NOMORE if the * queue was full when this function was called. @@ -1095,6 +1102,17 @@ isc_entropy_stats(isc_entropy_t *ent, FILE *out) { UNLOCK(&ent->lock); } +unsigned int +isc_entropy_status(isc_entropy_t *ent) { + unsigned int estimate; + + LOCK(&ent->lock); + estimate = ent->pool.entropy; + UNLOCK(&ent->lock); + + return estimate; +} + void isc_entropy_attach(isc_entropy_t *ent, isc_entropy_t **entp) { REQUIRE(VALID_ENTROPY(ent)); @@ -1244,7 +1262,7 @@ isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, if (final_result != ISC_R_SUCCESS) final_result = result; - } + } /* * final_result is ISC_R_SUCCESS if at least one source of entropy diff --git a/contrib/bind-9.3/lib/isc/error.c b/contrib/bind-9.5.2/lib/isc/error.c similarity index 89% rename from contrib/bind-9.3/lib/isc/error.c rename to contrib/bind-9.5.2/lib/isc/error.c index ceb7d2a49d..095100a7c9 100644 --- a/contrib/bind-9.3/lib/isc/error.c +++ b/contrib/bind-9.5.2/lib/isc/error.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: error.c,v 1.16.206.1 2004/03/06 08:14:28 marka Exp $ */ +/* $Id: error.c,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -25,14 +27,17 @@ #include #include +/*% Default unexpected callback. */ static void default_unexpected_callback(const char *, int, const char *, va_list) ISC_FORMAT_PRINTF(3, 0); +/*% Default fatal callback. */ static void default_fatal_callback(const char *, int, const char *, va_list) ISC_FORMAT_PRINTF(3, 0); +/*% unexpected_callback */ static isc_errorcallback_t unexpected_callback = default_unexpected_callback; static isc_errorcallback_t fatal_callback = default_fatal_callback; diff --git a/contrib/bind-9.3/lib/isc/event.c b/contrib/bind-9.5.2/lib/isc/event.c similarity index 89% rename from contrib/bind-9.3/lib/isc/event.c rename to contrib/bind-9.5.2/lib/isc/event.c index f767870ee8..8ab75240dc 100644 --- a/contrib/bind-9.3/lib/isc/event.c +++ b/contrib/bind-9.5.2/lib/isc/event.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: event.c,v 1.15.12.3 2004/03/08 09:04:48 marka Exp $ */ +/* $Id: event.c,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ -/* - * Principal Author: Bob Halley +/*! + * \file + * \author Principal Author: Bob Halley */ #include diff --git a/contrib/bind-9.3/lib/isc/fsaccess.c b/contrib/bind-9.5.2/lib/isc/fsaccess.c similarity index 91% rename from contrib/bind-9.3/lib/isc/fsaccess.c rename to contrib/bind-9.5.2/lib/isc/fsaccess.c index 11934724fa..5c9718318e 100644 --- a/contrib/bind-9.3/lib/isc/fsaccess.c +++ b/contrib/bind-9.5.2/lib/isc/fsaccess.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,16 +15,17 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: fsaccess.c,v 1.5.206.1 2004/03/06 08:14:29 marka Exp $ */ +/* $Id: fsaccess.c,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ -/* +/*! \file + * \brief * This file contains the OS-independent functionality of the API. */ #include #include #include -/* +/*! * Shorthand. Maybe ISC__FSACCESS_PERMISSIONBITS should not even be in * . Could check consistency with sizeof(isc_fsaccess_t) * and the number of bits in each function. diff --git a/contrib/bind-9.3/lib/isc/hash.c b/contrib/bind-9.5.2/lib/isc/hash.c similarity index 91% rename from contrib/bind-9.3/lib/isc/hash.c rename to contrib/bind-9.5.2/lib/isc/hash.c index 1094206663..ce3c1d4216 100644 --- a/contrib/bind-9.3/lib/isc/hash.c +++ b/contrib/bind-9.5.2/lib/isc/hash.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,14 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hash.c,v 1.2.2.4.2.3 2006/01/04 00:37:22 marka Exp $ */ +/* $Id: hash.c,v 1.13.128.3 2009/05/07 23:46:32 tbox Exp $ */ -/* +/*! \file * Some portion of this code was derived from universal hash function - * libraries of Rice University. - */ - -/* "UH Universal Hashing Library" + * libraries of Rice University. +\section license UH Universal Hashing Library Copyright ((c)) 2002, Rice University All rights reserved. @@ -74,28 +72,31 @@ if advised of the possibility of such damage. #define HASH_MAGIC ISC_MAGIC('H', 'a', 's', 'h') #define VALID_HASH(h) ISC_MAGIC_VALID((h), HASH_MAGIC) -/* +/*% * A large 32-bit prime number that specifies the range of the hash output. */ #define PRIME32 0xFFFFFFFB /* 2^32 - 5 */ -/* +/*@{*/ +/*% * Types of random seed and hash accumulator. Perhaps they can be system * dependent. */ typedef isc_uint32_t hash_accum_t; typedef isc_uint16_t hash_random_t; +/*@}*/ +/*% isc hash structure */ struct isc_hash { unsigned int magic; isc_mem_t *mctx; isc_mutex_t lock; isc_boolean_t initialized; isc_refcount_t refcnt; - isc_entropy_t *entropy; /* entropy source */ - unsigned int limit; /* upper limit of key length */ - size_t vectorlen; /* size of the vector below */ - hash_random_t *rndvector; /* random vector for universal hashing */ + isc_entropy_t *entropy; /*%< entropy source */ + unsigned int limit; /*%< upper limit of key length */ + size_t vectorlen; /*%< size of the vector below */ + hash_random_t *rndvector; /*%< random vector for universal hashing */ }; static isc_mutex_t createlock; @@ -141,7 +142,7 @@ isc_result_t isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, unsigned int limit, isc_hash_t **hctxp) { - isc_result_t ret; + isc_result_t result; isc_hash_t *hctx; size_t vlen; hash_random_t *rv; @@ -167,17 +168,16 @@ isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, vlen = sizeof(hash_random_t) * (limit + 1); rv = isc_mem_get(mctx, vlen); if (rv == NULL) { - ret = ISC_R_NOMEMORY; + result = ISC_R_NOMEMORY; goto errout; } /* * We need a lock. */ - if (isc_mutex_init(&hctx->lock) != ISC_R_SUCCESS) { - ret = ISC_R_UNEXPECTED; + result = isc_mutex_init(&hctx->lock); + if (result != ISC_R_SUCCESS) goto errout; - } /* * From here down, no failures will/can occur. @@ -186,7 +186,9 @@ isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, hctx->mctx = NULL; isc_mem_attach(mctx, &hctx->mctx); hctx->initialized = ISC_FALSE; - isc_refcount_init(&hctx->refcnt, 1); + result = isc_refcount_init(&hctx->refcnt, 1); + if (result != ISC_R_SUCCESS) + goto cleanup_lock; hctx->entropy = NULL; hctx->limit = limit; hctx->vectorlen = vlen; @@ -198,12 +200,14 @@ isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, *hctxp = hctx; return (ISC_R_SUCCESS); + cleanup_lock: + DESTROYLOCK(&hctx->lock); errout: isc_mem_put(mctx, hctx, sizeof(isc_hash_t)); if (rv != NULL) isc_mem_put(mctx, rv, vlen); - return (ret); + return (result); } static void @@ -240,7 +244,7 @@ isc_hash_ctxinit(isc_hash_t *hctx) { goto out; if (hctx->entropy) { - result = isc_entropy_getdata(hctx->entropy, + result = isc_entropy_getdata(hctx->entropy, hctx->rndvector, hctx->vectorlen, NULL, 0); INSIST(result == ISC_R_SUCCESS); @@ -272,7 +276,7 @@ isc_hash_ctxinit(isc_hash_t *hctx) { void isc_hash_init() { INSIST(hash != NULL && VALID_HASH(hash)); - + isc_hash_ctxinit(hash); } diff --git a/contrib/bind-9.3/lib/isc/heap.c b/contrib/bind-9.5.2/lib/isc/heap.c similarity index 93% rename from contrib/bind-9.3/lib/isc/heap.c rename to contrib/bind-9.5.2/lib/isc/heap.c index fd67d7bd78..91d78c06d4 100644 --- a/contrib/bind-9.3/lib/isc/heap.c +++ b/contrib/bind-9.5.2/lib/isc/heap.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: heap.c,v 1.28.12.4 2006/04/17 18:27:20 explorer Exp $ */ +/* $Id: heap.c,v 1.37 2007/10/19 17:15:53 explorer Exp $ */ /*! \file * Heap implementation of priority queues adapted from the following: @@ -208,9 +208,13 @@ isc_heap_delete(isc_heap_t *heap, unsigned int index) { REQUIRE(index >= 1 && index <= heap->last); if (index == heap->last) { + heap->array[heap->last] = NULL; heap->last--; } else { - elt = heap->array[heap->last--]; + elt = heap->array[heap->last]; + heap->array[heap->last] = NULL; + heap->last--; + less = heap->compare(elt, heap->array[index]); heap->array[index] = elt; if (less) @@ -239,9 +243,11 @@ isc_heap_decreased(isc_heap_t *heap, unsigned int index) { void * isc_heap_element(isc_heap_t *heap, unsigned int index) { REQUIRE(VALID_HEAP(heap)); - REQUIRE(index >= 1 && index <= heap->last); + REQUIRE(index >= 1); - return (heap->array[index]); + if (index <= heap->last) + return (heap->array[index]); + return (NULL); } void diff --git a/contrib/bind-9.3/lib/isc/hex.c b/contrib/bind-9.5.2/lib/isc/hex.c similarity index 91% rename from contrib/bind-9.3/lib/isc/hex.c rename to contrib/bind-9.5.2/lib/isc/hex.c index a90f1ce078..4983a77ea9 100644 --- a/contrib/bind-9.3/lib/isc/hex.c +++ b/contrib/bind-9.5.2/lib/isc/hex.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hex.c,v 1.8.2.2.8.3 2004/03/06 08:14:30 marka Exp $ */ +/* $Id: hex.c,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -73,13 +75,13 @@ isc_hex_totext(isc_region_t *source, int wordlength, return (ISC_R_SUCCESS); } -/* +/*% * State of a hex decoding process in progress. */ typedef struct { - int length; /* Desired length of binary data or -1 */ - isc_buffer_t *target; /* Buffer for resulting binary data */ - int digits; /* Number of buffered hex digits */ + int length; /*%< Desired length of binary data or -1 */ + isc_buffer_t *target; /*%< Buffer for resulting binary data */ + int digits; /*%< Number of buffered hex digits */ int val[2]; } hex_decode_ctx_t; diff --git a/contrib/bind-9.3/lib/isc/hmacmd5.c b/contrib/bind-9.5.2/lib/isc/hmacmd5.c similarity index 84% rename from contrib/bind-9.3/lib/isc/hmacmd5.c rename to contrib/bind-9.5.2/lib/isc/hmacmd5.c index 5166a98cf6..63853dcd41 100644 --- a/contrib/bind-9.3/lib/isc/hmacmd5.c +++ b/contrib/bind-9.5.2/lib/isc/hmacmd5.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacmd5.c,v 1.5.12.5 2006/02/26 23:49:48 marka Exp $ */ +/* $Id: hmacmd5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */ -/* +/*! \file * This code implements the HMAC-MD5 keyed hash algorithm - * described in RFC 2104. + * described in RFC2104. */ #include "config.h" @@ -35,7 +35,7 @@ #define IPAD 0x36 #define OPAD 0x5C -/* +/*! * Start HMAC-MD5 process. Initialize an md5 context and digest the key. */ void @@ -67,7 +67,7 @@ isc_hmacmd5_invalidate(isc_hmacmd5_t *ctx) { memset(ctx->key, 0, sizeof(ctx->key)); } -/* +/*! * Update context to reflect the concatenation of another buffer full * of bytes. */ @@ -78,7 +78,7 @@ isc_hmacmd5_update(isc_hmacmd5_t *ctx, const unsigned char *buf, isc_md5_update(&ctx->md5ctx, buf, len); } -/* +/*! * Compute signature - finalize MD5 operation and reapply MD5. */ void @@ -99,14 +99,20 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest) { isc_hmacmd5_invalidate(ctx); } -/* +/*! * Verify signature - finalize MD5 operation and reapply MD5, then * compare to the supplied digest. */ isc_boolean_t isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest) { + return (isc_hmacmd5_verify2(ctx, digest, ISC_MD5_DIGESTLENGTH)); +} + +isc_boolean_t +isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len) { unsigned char newdigest[ISC_MD5_DIGESTLENGTH]; + REQUIRE(len <= ISC_MD5_DIGESTLENGTH); isc_hmacmd5_sign(ctx, newdigest); - return (ISC_TF(memcmp(digest, newdigest, ISC_MD5_DIGESTLENGTH) == 0)); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); } diff --git a/contrib/bind-9.5.2/lib/isc/hmacsha.c b/contrib/bind-9.5.2/lib/isc/hmacsha.c new file mode 100644 index 0000000000..dfcd8bf5a9 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/hmacsha.c @@ -0,0 +1,438 @@ +/* + * Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: hmacsha.c,v 1.8 2007/08/27 03:27:53 marka Exp $ */ + +/* + * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 + * and HMAC-SHA512 keyed hash algorithm described in RFC 2104 and + * draft-ietf-dnsext-tsig-sha-01.txt. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include + +#define IPAD 0x36 +#define OPAD 0x5C + +/* + * Start HMAC-SHA1 process. Initialize an sha1 context and digest the key. + */ +void +isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, + unsigned int len) +{ + unsigned char ipad[ISC_SHA1_BLOCK_LENGTH]; + unsigned int i; + + memset(ctx->key, 0, sizeof(ctx->key)); + if (len > sizeof(ctx->key)) { + isc_sha1_t sha1ctx; + isc_sha1_init(&sha1ctx); + isc_sha1_update(&sha1ctx, key, len); + isc_sha1_final(&sha1ctx, ctx->key); + } else + memcpy(ctx->key, key, len); + + isc_sha1_init(&ctx->sha1ctx); + memset(ipad, IPAD, sizeof(ipad)); + for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++) + ipad[i] ^= ctx->key[i]; + isc_sha1_update(&ctx->sha1ctx, ipad, sizeof(ipad)); +} + +void +isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) { + isc_sha1_invalidate(&ctx->sha1ctx); + memset(ctx->key, 0, sizeof(ctx->key)); + memset(ctx, 0, sizeof(ctx)); +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void +isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, + unsigned int len) +{ + isc_sha1_update(&ctx->sha1ctx, buf, len); +} + +/* + * Compute signature - finalize SHA1 operation and reapply SHA1. + */ +void +isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { + unsigned char opad[ISC_SHA1_BLOCK_LENGTH]; + unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; + unsigned int i; + + REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); + isc_sha1_final(&ctx->sha1ctx, newdigest); + + memset(opad, OPAD, sizeof(opad)); + for (i = 0; i < ISC_SHA1_BLOCK_LENGTH; i++) + opad[i] ^= ctx->key[i]; + + isc_sha1_init(&ctx->sha1ctx); + isc_sha1_update(&ctx->sha1ctx, opad, sizeof(opad)); + isc_sha1_update(&ctx->sha1ctx, newdigest, ISC_SHA1_DIGESTLENGTH); + isc_sha1_final(&ctx->sha1ctx, newdigest); + isc_hmacsha1_invalidate(ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +/* + * Verify signature - finalize SHA1 operation and reapply SHA1, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA1_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA1_DIGESTLENGTH); + isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Start HMAC-SHA224 process. Initialize an sha224 context and digest the key. + */ +void +isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, + unsigned int len) +{ + unsigned char ipad[ISC_SHA224_BLOCK_LENGTH]; + unsigned int i; + + memset(ctx->key, 0, sizeof(ctx->key)); + if (len > sizeof(ctx->key)) { + isc_sha224_t sha224ctx; + isc_sha224_init(&sha224ctx); + isc_sha224_update(&sha224ctx, key, len); + isc_sha224_final(ctx->key, &sha224ctx); + } else + memcpy(ctx->key, key, len); + + isc_sha224_init(&ctx->sha224ctx); + memset(ipad, IPAD, sizeof(ipad)); + for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++) + ipad[i] ^= ctx->key[i]; + isc_sha224_update(&ctx->sha224ctx, ipad, sizeof(ipad)); +} + +void +isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx) { + memset(ctx->key, 0, sizeof(ctx->key)); + memset(ctx, 0, sizeof(ctx)); +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void +isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, + unsigned int len) +{ + isc_sha224_update(&ctx->sha224ctx, buf, len); +} + +/* + * Compute signature - finalize SHA224 operation and reapply SHA224. + */ +void +isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { + unsigned char opad[ISC_SHA224_BLOCK_LENGTH]; + unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; + unsigned int i; + + REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); + isc_sha224_final(newdigest, &ctx->sha224ctx); + + memset(opad, OPAD, sizeof(opad)); + for (i = 0; i < ISC_SHA224_BLOCK_LENGTH; i++) + opad[i] ^= ctx->key[i]; + + isc_sha224_init(&ctx->sha224ctx); + isc_sha224_update(&ctx->sha224ctx, opad, sizeof(opad)); + isc_sha224_update(&ctx->sha224ctx, newdigest, ISC_SHA224_DIGESTLENGTH); + isc_sha224_final(newdigest, &ctx->sha224ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +/* + * Verify signature - finalize SHA224 operation and reapply SHA224, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA224_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA224_DIGESTLENGTH); + isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Start HMAC-SHA256 process. Initialize an sha256 context and digest the key. + */ +void +isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, + unsigned int len) +{ + unsigned char ipad[ISC_SHA256_BLOCK_LENGTH]; + unsigned int i; + + memset(ctx->key, 0, sizeof(ctx->key)); + if (len > sizeof(ctx->key)) { + isc_sha256_t sha256ctx; + isc_sha256_init(&sha256ctx); + isc_sha256_update(&sha256ctx, key, len); + isc_sha256_final(ctx->key, &sha256ctx); + } else + memcpy(ctx->key, key, len); + + isc_sha256_init(&ctx->sha256ctx); + memset(ipad, IPAD, sizeof(ipad)); + for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++) + ipad[i] ^= ctx->key[i]; + isc_sha256_update(&ctx->sha256ctx, ipad, sizeof(ipad)); +} + +void +isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx) { + memset(ctx->key, 0, sizeof(ctx->key)); + memset(ctx, 0, sizeof(ctx)); +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void +isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, + unsigned int len) +{ + isc_sha256_update(&ctx->sha256ctx, buf, len); +} + +/* + * Compute signature - finalize SHA256 operation and reapply SHA256. + */ +void +isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { + unsigned char opad[ISC_SHA256_BLOCK_LENGTH]; + unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; + unsigned int i; + + REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); + isc_sha256_final(newdigest, &ctx->sha256ctx); + + memset(opad, OPAD, sizeof(opad)); + for (i = 0; i < ISC_SHA256_BLOCK_LENGTH; i++) + opad[i] ^= ctx->key[i]; + + isc_sha256_init(&ctx->sha256ctx); + isc_sha256_update(&ctx->sha256ctx, opad, sizeof(opad)); + isc_sha256_update(&ctx->sha256ctx, newdigest, ISC_SHA256_DIGESTLENGTH); + isc_sha256_final(newdigest, &ctx->sha256ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +/* + * Verify signature - finalize SHA256 operation and reapply SHA256, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA256_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA256_DIGESTLENGTH); + isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Start HMAC-SHA384 process. Initialize an sha384 context and digest the key. + */ +void +isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, + unsigned int len) +{ + unsigned char ipad[ISC_SHA384_BLOCK_LENGTH]; + unsigned int i; + + memset(ctx->key, 0, sizeof(ctx->key)); + if (len > sizeof(ctx->key)) { + isc_sha384_t sha384ctx; + isc_sha384_init(&sha384ctx); + isc_sha384_update(&sha384ctx, key, len); + isc_sha384_final(ctx->key, &sha384ctx); + } else + memcpy(ctx->key, key, len); + + isc_sha384_init(&ctx->sha384ctx); + memset(ipad, IPAD, sizeof(ipad)); + for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++) + ipad[i] ^= ctx->key[i]; + isc_sha384_update(&ctx->sha384ctx, ipad, sizeof(ipad)); +} + +void +isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx) { + memset(ctx->key, 0, sizeof(ctx->key)); + memset(ctx, 0, sizeof(ctx)); +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void +isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, + unsigned int len) +{ + isc_sha384_update(&ctx->sha384ctx, buf, len); +} + +/* + * Compute signature - finalize SHA384 operation and reapply SHA384. + */ +void +isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { + unsigned char opad[ISC_SHA384_BLOCK_LENGTH]; + unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; + unsigned int i; + + REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); + isc_sha384_final(newdigest, &ctx->sha384ctx); + + memset(opad, OPAD, sizeof(opad)); + for (i = 0; i < ISC_SHA384_BLOCK_LENGTH; i++) + opad[i] ^= ctx->key[i]; + + isc_sha384_init(&ctx->sha384ctx); + isc_sha384_update(&ctx->sha384ctx, opad, sizeof(opad)); + isc_sha384_update(&ctx->sha384ctx, newdigest, ISC_SHA384_DIGESTLENGTH); + isc_sha384_final(newdigest, &ctx->sha384ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +/* + * Verify signature - finalize SHA384 operation and reapply SHA384, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA384_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA384_DIGESTLENGTH); + isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} + +/* + * Start HMAC-SHA512 process. Initialize an sha512 context and digest the key. + */ +void +isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, + unsigned int len) +{ + unsigned char ipad[ISC_SHA512_BLOCK_LENGTH]; + unsigned int i; + + memset(ctx->key, 0, sizeof(ctx->key)); + if (len > sizeof(ctx->key)) { + isc_sha512_t sha512ctx; + isc_sha512_init(&sha512ctx); + isc_sha512_update(&sha512ctx, key, len); + isc_sha512_final(ctx->key, &sha512ctx); + } else + memcpy(ctx->key, key, len); + + isc_sha512_init(&ctx->sha512ctx); + memset(ipad, IPAD, sizeof(ipad)); + for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++) + ipad[i] ^= ctx->key[i]; + isc_sha512_update(&ctx->sha512ctx, ipad, sizeof(ipad)); +} + +void +isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx) { + memset(ctx->key, 0, sizeof(ctx->key)); + memset(ctx, 0, sizeof(ctx)); +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void +isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, + unsigned int len) +{ + isc_sha512_update(&ctx->sha512ctx, buf, len); +} + +/* + * Compute signature - finalize SHA512 operation and reapply SHA512. + */ +void +isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { + unsigned char opad[ISC_SHA512_BLOCK_LENGTH]; + unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; + unsigned int i; + + REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); + isc_sha512_final(newdigest, &ctx->sha512ctx); + + memset(opad, OPAD, sizeof(opad)); + for (i = 0; i < ISC_SHA512_BLOCK_LENGTH; i++) + opad[i] ^= ctx->key[i]; + + isc_sha512_init(&ctx->sha512ctx); + isc_sha512_update(&ctx->sha512ctx, opad, sizeof(opad)); + isc_sha512_update(&ctx->sha512ctx, newdigest, ISC_SHA512_DIGESTLENGTH); + isc_sha512_final(newdigest, &ctx->sha512ctx); + memcpy(digest, newdigest, len); + memset(newdigest, 0, sizeof(newdigest)); +} + +/* + * Verify signature - finalize SHA512 operation and reapply SHA512, then + * compare to the supplied digest. + */ +isc_boolean_t +isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len) { + unsigned char newdigest[ISC_SHA512_DIGESTLENGTH]; + + REQUIRE(len <= ISC_SHA512_DIGESTLENGTH); + isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH); + return (ISC_TF(memcmp(digest, newdigest, len) == 0)); +} diff --git a/contrib/bind-9.5.2/lib/isc/httpd.c b/contrib/bind-9.5.2/lib/isc/httpd.c new file mode 100644 index 0000000000..9cccb1e47a --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/httpd.c @@ -0,0 +1,987 @@ +/* + * Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: httpd.c,v 1.12.12.3 2008/08/08 05:10:34 marka Exp $ */ + +/*! \file */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +/*% + * TODO: + * + * o Put in better checks to make certain things are passed in correctly. + * This includes a magic number for externally-visible structures, + * checking for NULL-ness before dereferencing, etc. + * o Make the URL processing external functions which will fill-in a buffer + * structure we provide, or return an error and we will render a generic + * page and close the client. + */ + +#define MSHUTTINGDOWN(cm) ((cm->flags & ISC_HTTPDMGR_FLAGSHUTTINGDOWN) != 0) +#define MSETSHUTTINGDOWN(cm) (cm->flags |= ISC_HTTPDMGR_FLAGSHUTTINGDOWN) + +#ifdef DEBUG_HTTPD +#define ENTER(x) do { fprintf(stderr, "ENTER %s\n", (x)); } while (0) +#define EXIT(x) do { fprintf(stderr, "EXIT %s\n", (x)); } while (0) +#define NOTICE(x) do { fprintf(stderr, "NOTICE %s\n", (x)); } while (0) +#else +#define ENTER(x) do { } while(0) +#define EXIT(x) do { } while(0) +#define NOTICE(x) do { } while(0) +#endif + +#define HTTP_RECVLEN 1024 +#define HTTP_SENDGROW 1024 +#define HTTP_SEND_MAXLEN 10240 + +/*% + * HTTP urls. These are the URLs we manage, and the function to call to + * provide the data for it. We pass in the base url (so the same function + * can handle multiple requests), and a structure to fill in to return a + * result to the client. We also pass in a pointer to be filled in for + * the data cleanup function. + */ +struct isc_httpdurl { + char *url; + isc_httpdaction_t *action; + void *action_arg; + ISC_LINK(isc_httpdurl_t) link; +}; + +#define HTTPD_CLOSE 0x0001 /* Got a Connection: close header */ +#define HTTPD_FOUNDHOST 0x0002 /* Got a Host: header */ + +/*% http client */ +struct isc_httpd { + isc_httpdmgr_t *mgr; /*%< our parent */ + ISC_LINK(isc_httpd_t) link; + unsigned int state; + isc_socket_t *sock; + + /*% + * Received data state. + */ + char recvbuf[HTTP_RECVLEN]; /*%< receive buffer */ + isc_uint32_t recvlen; /*%< length recv'd */ + unsigned int method; + char *url; + char *querystring; + char *protocol; + + /* + * Flags on the httpd client. + */ + int flags; + + /*% + * Transmit data state. + * + * This is the data buffer we will transmit. + * + * This free function pointer is filled in by the rendering function + * we call. The free function is called after the data is transmitted + * to the client. + * + * The bufflist is the list of buffers we are currently transmitting. + * The headerdata is where we render our headers to. If we run out of + * space when rendering a header, we will change the size of our + * buffer. We will not free it until we are finished, and will + * allocate an additional HTTP_SENDGROW bytes per header space grow. + * + * We currently use two buffers total, one for the headers (which + * we manage) and another for the client to fill in (which it manages, + * it provides the space for it, etc) -- we will pass that buffer + * structure back to the caller, who is responsible for managing the + * space it may have allocated as backing store for it. This second + * buffer is bodybuffer, and we only allocate the buffer itself, not + * the backing store. + */ + isc_bufferlist_t bufflist; + char *headerdata; /*%< send header buf */ + unsigned int headerlen; /*%< current header buffer size */ + isc_buffer_t headerbuffer; + + const char *mimetype; + unsigned int retcode; + const char *retmsg; + isc_buffer_t bodybuffer; + isc_httpdfree_t *freecb; + void *freecb_arg; +}; + +/*% lightweight socket manager for httpd output */ +struct isc_httpdmgr { + isc_mem_t *mctx; + isc_socket_t *sock; /*%< listening socket */ + isc_task_t *task; /*%< owning task */ + isc_timermgr_t *timermgr; + + isc_httpdclientok_t *client_ok; /*%< client validator */ + isc_httpdondestroy_t *ondestroy; /*%< cleanup callback */ + void *cb_arg; /*%< argument for the above */ + + unsigned int flags; + ISC_LIST(isc_httpd_t) running; /*%< running clients */ + + isc_mutex_t lock; + + ISC_LIST(isc_httpdurl_t) urls; /*%< urls we manage */ + isc_httpdaction_t *render_404; +}; + +/*% + * HTTP methods. + */ +#define ISC_HTTPD_METHODUNKNOWN 0 +#define ISC_HTTPD_METHODGET 1 +#define ISC_HTTPD_METHODPOST 2 + +/*% + * Client states. + * + * _IDLE The client is not doing anything at all. This state should + * only occur just after creation, and just before being + * destroyed. + * + * _RECV The client is waiting for data after issuing a socket recv(). + * + * _RECVDONE Data has been received, and is being processed. + * + * _SEND All data for a response has completed, and a reply was + * sent via a socket send() call. + * + * _SENDDONE Send is completed. + * + * Badly formatted state table: + * + * IDLE -> RECV when client has a recv() queued. + * + * RECV -> RECVDONE when recvdone event received. + * + * RECVDONE -> SEND if the data for a reply is at hand. + * + * SEND -> RECV when a senddone event was received. + * + * At any time -> RECV on error. If RECV fails, the client will + * self-destroy, closing the socket and freeing memory. + */ +#define ISC_HTTPD_STATEIDLE 0 +#define ISC_HTTPD_STATERECV 1 +#define ISC_HTTPD_STATERECVDONE 2 +#define ISC_HTTPD_STATESEND 3 +#define ISC_HTTPD_STATESENDDONE 4 + +#define ISC_HTTPD_ISRECV(c) ((c)->state == ISC_HTTPD_STATERECV) +#define ISC_HTTPD_ISRECVDONE(c) ((c)->state == ISC_HTTPD_STATERECVDONE) +#define ISC_HTTPD_ISSEND(c) ((c)->state == ISC_HTTPD_STATESEND) +#define ISC_HTTPD_ISSENDDONE(c) ((c)->state == ISC_HTTPD_STATESENDDONE) + +/*% + * Overall magic test that means we're not idle. + */ +#define ISC_HTTPD_SETRECV(c) ((c)->state = ISC_HTTPD_STATERECV) +#define ISC_HTTPD_SETRECVDONE(c) ((c)->state = ISC_HTTPD_STATERECVDONE) +#define ISC_HTTPD_SETSEND(c) ((c)->state = ISC_HTTPD_STATESEND) +#define ISC_HTTPD_SETSENDDONE(c) ((c)->state = ISC_HTTPD_STATESENDDONE) + +static void isc_httpd_accept(isc_task_t *, isc_event_t *); +static void isc_httpd_recvdone(isc_task_t *, isc_event_t *); +static void isc_httpd_senddone(isc_task_t *, isc_event_t *); +static void destroy_client(isc_httpd_t **); +static isc_result_t process_request(isc_httpd_t *, int); +static void httpdmgr_destroy(isc_httpdmgr_t *); +static isc_result_t grow_headerspace(isc_httpd_t *); +static void reset_client(isc_httpd_t *httpd); +static isc_result_t render_404(const char *, const char *, + void *, + unsigned int *, const char **, + const char **, isc_buffer_t *, + isc_httpdfree_t **, void **); + +static void +destroy_client(isc_httpd_t **httpdp) +{ + isc_httpd_t *httpd = *httpdp; + isc_httpdmgr_t *httpdmgr = httpd->mgr; + + *httpdp = NULL; + + LOCK(&httpdmgr->lock); + + isc_socket_detach(&httpd->sock); + ISC_LIST_UNLINK(httpdmgr->running, httpd, link); + + if (httpd->headerlen > 0) + isc_mem_put(httpdmgr->mctx, httpd->headerdata, + httpd->headerlen); + + isc_mem_put(httpdmgr->mctx, httpd, sizeof(isc_httpd_t)); + + UNLOCK(&httpdmgr->lock); + + httpdmgr_destroy(httpdmgr); +} + +isc_result_t +isc_httpdmgr_create(isc_mem_t *mctx, isc_socket_t *sock, isc_task_t *task, + isc_httpdclientok_t *client_ok, + isc_httpdondestroy_t *ondestroy, void *cb_arg, + isc_timermgr_t *tmgr, isc_httpdmgr_t **httpdp) +{ + isc_result_t result; + isc_httpdmgr_t *httpd; + + REQUIRE(mctx != NULL); + REQUIRE(sock != NULL); + REQUIRE(task != NULL); + REQUIRE(tmgr != NULL); + REQUIRE(httpdp != NULL && *httpdp == NULL); + + httpd = isc_mem_get(mctx, sizeof(isc_httpdmgr_t)); + if (httpd == NULL) + return (ISC_R_NOMEMORY); + + result = isc_mutex_init(&httpd->lock); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, httpd, sizeof(isc_httpdmgr_t)); + return (result); + } + httpd->mctx = NULL; + isc_mem_attach(mctx, &httpd->mctx); + httpd->sock = NULL; + isc_socket_attach(sock, &httpd->sock); + httpd->task = NULL; + isc_task_attach(task, &httpd->task); + httpd->timermgr = tmgr; /* XXXMLG no attach function? */ + httpd->client_ok = client_ok; + httpd->ondestroy = ondestroy; + httpd->cb_arg = cb_arg; + + ISC_LIST_INIT(httpd->running); + ISC_LIST_INIT(httpd->urls); + + /* XXXMLG ignore errors on isc_socket_listen() */ + result = isc_socket_listen(sock, SOMAXCONN); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_socket_listen() failed: %s", + isc_result_totext(result)); + goto cleanup; + } + + (void)isc_socket_filter(sock, "httpready"); + + result = isc_socket_accept(sock, task, isc_httpd_accept, httpd); + if (result != ISC_R_SUCCESS) + goto cleanup; + + httpd->render_404 = render_404; + + *httpdp = httpd; + return (ISC_R_SUCCESS); + + cleanup: + isc_task_detach(&httpd->task); + isc_socket_detach(&httpd->sock); + isc_mem_detach(&httpd->mctx); + isc_mutex_destroy(&httpd->lock); + isc_mem_put(mctx, httpd, sizeof(isc_httpdmgr_t)); + return (result); +} + +static void +httpdmgr_destroy(isc_httpdmgr_t *httpdmgr) +{ + isc_mem_t *mctx; + isc_httpdurl_t *url; + + ENTER("httpdmgr_destroy"); + + LOCK(&httpdmgr->lock); + + if (!MSHUTTINGDOWN(httpdmgr)) { + NOTICE("httpdmgr_destroy not shutting down yet"); + UNLOCK(&httpdmgr->lock); + return; + } + + /* + * If all clients are not shut down, don't do anything yet. + */ + if (!ISC_LIST_EMPTY(httpdmgr->running)) { + NOTICE("httpdmgr_destroy clients still active"); + UNLOCK(&httpdmgr->lock); + return; + } + + NOTICE("httpdmgr_destroy detaching socket, task, and timermgr"); + + isc_socket_detach(&httpdmgr->sock); + isc_task_detach(&httpdmgr->task); + httpdmgr->timermgr = NULL; + + /* + * Clear out the list of all actions we know about. Just free the + * memory. + */ + url = ISC_LIST_HEAD(httpdmgr->urls); + while (url != NULL) { + isc_mem_free(httpdmgr->mctx, url->url); + ISC_LIST_UNLINK(httpdmgr->urls, url, link); + isc_mem_put(httpdmgr->mctx, url, sizeof(isc_httpdurl_t)); + url = ISC_LIST_HEAD(httpdmgr->urls); + } + + UNLOCK(&httpdmgr->lock); + isc_mutex_destroy(&httpdmgr->lock); + + if (httpdmgr->ondestroy != NULL) + (httpdmgr->ondestroy)(httpdmgr->cb_arg); + + mctx = httpdmgr->mctx; + isc_mem_putanddetach(&mctx, httpdmgr, sizeof(isc_httpdmgr_t)); + + EXIT("httpdmgr_destroy"); +} + +#define LENGTHOK(s) (httpd->recvbuf - (s) < (int)httpd->recvlen) +#define BUFLENOK(s) (httpd->recvbuf - (s) < HTTP_RECVLEN) + +static isc_result_t +process_request(isc_httpd_t *httpd, int length) +{ + char *s; + char *p; + int delim; + + ENTER("request"); + + httpd->recvlen += length; + + httpd->recvbuf[httpd->recvlen] = 0; + + /* + * If we don't find a blank line in our buffer, return that we need + * more data. + */ + s = strstr(httpd->recvbuf, "\r\n\r\n"); + delim = 1; + if (s == NULL) { + s = strstr(httpd->recvbuf, "\n\n"); + delim = 2; + } + if (s == NULL) + return (ISC_R_NOTFOUND); + + /* + * Determine if this is a POST or GET method. Any other values will + * cause an error to be returned. + */ + if (strncmp(httpd->recvbuf, "GET ", 4) == 0) { + httpd->method = ISC_HTTPD_METHODGET; + p = httpd->recvbuf + 4; + } else if (strncmp(httpd->recvbuf, "POST ", 5) == 0) { + httpd->method = ISC_HTTPD_METHODPOST; + p = httpd->recvbuf + 5; + } else { + return (ISC_R_RANGE); + } + + /* + * From now on, p is the start of our buffer. + */ + + /* + * Extract the URL. + */ + s = p; + while (LENGTHOK(s) && BUFLENOK(s) && + (*s != '\n' && *s != '\r' && *s != '\0' && *s != ' ')) + s++; + if (!LENGTHOK(s)) + return (ISC_R_NOTFOUND); + if (!BUFLENOK(s)) + return (ISC_R_NOMEMORY); + *s = 0; + + /* + * Make the URL relative. + */ + if ((strncmp(p, "http:/", 6) == 0) + || (strncmp(p, "https:/", 7) == 0)) { + /* Skip first / */ + while (*p != '/' && *p != 0) + p++; + if (*p == 0) + return (ISC_R_RANGE); + p++; + /* Skip second / */ + while (*p != '/' && *p != 0) + p++; + if (*p == 0) + return (ISC_R_RANGE); + p++; + /* Find third / */ + while (*p != '/' && *p != 0) + p++; + if (*p == 0) { + p--; + *p = '/'; + } + } + + httpd->url = p; + p = s + delim; + s = p; + + /* + * Now, see if there is a ? mark in the URL. If so, this is + * part of the query string, and we will split it from the URL. + */ + httpd->querystring = strchr(httpd->url, '?'); + if (httpd->querystring != NULL) { + *(httpd->querystring) = 0; + httpd->querystring++; + } + + /* + * Extract the HTTP/1.X protocol. We will bounce on anything but + * HTTP/1.1 for now. + */ + while (LENGTHOK(s) && BUFLENOK(s) && + (*s != '\n' && *s != '\r' && *s != '\0')) + s++; + if (!LENGTHOK(s)) + return (ISC_R_NOTFOUND); + if (!BUFLENOK(s)) + return (ISC_R_NOMEMORY); + *s = 0; + if ((strncmp(p, "HTTP/1.0", 8) != 0) + && (strncmp(p, "HTTP/1.1", 8) != 0)) + return (ISC_R_RANGE); + httpd->protocol = p; + p = s + 1; + s = p; + + if (strstr(s, "Connection: close") != NULL) + httpd->flags |= HTTPD_CLOSE; + + if (strstr(s, "Host: ") != NULL) + httpd->flags |= HTTPD_FOUNDHOST; + + /* + * Standards compliance hooks here. + */ + if (strcmp(httpd->protocol, "HTTP/1.1") == 0 + && ((httpd->flags & HTTPD_FOUNDHOST) == 0)) + return (ISC_R_RANGE); + + EXIT("request"); + + return (ISC_R_SUCCESS); +} + +static void +isc_httpd_accept(isc_task_t *task, isc_event_t *ev) +{ + isc_result_t result; + isc_httpdmgr_t *httpdmgr = ev->ev_arg; + isc_httpd_t *httpd; + isc_region_t r; + isc_socket_newconnev_t *nev = (isc_socket_newconnev_t *)ev; + isc_sockaddr_t peeraddr; + + ENTER("accept"); + + LOCK(&httpdmgr->lock); + if (MSHUTTINGDOWN(httpdmgr)) { + NOTICE("accept shutting down, goto out"); + goto out; + } + + if (nev->result == ISC_R_CANCELED) { + NOTICE("accept canceled, goto out"); + goto out; + } + + if (nev->result != ISC_R_SUCCESS) { + /* XXXMLG log failure */ + NOTICE("accept returned failure, goto requeue"); + goto requeue; + } + + (void)isc_socket_getpeername(nev->newsocket, &peeraddr); + if (httpdmgr->client_ok != NULL && + !(httpdmgr->client_ok)(&peeraddr, httpdmgr->cb_arg)) { + isc_socket_detach(&nev->newsocket); + goto requeue; + } + + httpd = isc_mem_get(httpdmgr->mctx, sizeof(isc_httpd_t)); + if (httpd == NULL) { + /* XXXMLG log failure */ + NOTICE("accept failed to allocate memory, goto requeue"); + isc_socket_detach(&nev->newsocket); + goto requeue; + } + + httpd->mgr = httpdmgr; + ISC_LINK_INIT(httpd, link); + ISC_LIST_APPEND(httpdmgr->running, httpd, link); + ISC_HTTPD_SETRECV(httpd); + httpd->sock = nev->newsocket; + isc_socket_setname(httpd->sock, "httpd", NULL); + httpd->flags = 0; + + /* + * Initialize the buffer for our headers. + */ + httpd->headerdata = isc_mem_get(httpdmgr->mctx, HTTP_SENDGROW); + if (httpd->headerdata == NULL) { + isc_mem_put(httpdmgr->mctx, httpd, sizeof(isc_httpd_t)); + isc_socket_detach(&nev->newsocket); + goto requeue; + } + httpd->headerlen = HTTP_SENDGROW; + isc_buffer_init(&httpd->headerbuffer, httpd->headerdata, + httpd->headerlen); + + ISC_LIST_INIT(httpd->bufflist); + + isc_buffer_initnull(&httpd->bodybuffer); + reset_client(httpd); + + r.base = (unsigned char *)httpd->recvbuf; + r.length = HTTP_RECVLEN - 1; + result = isc_socket_recv(httpd->sock, &r, 1, task, isc_httpd_recvdone, + httpd); + NOTICE("accept queued recv on socket"); + + requeue: + result = isc_socket_accept(httpdmgr->sock, task, isc_httpd_accept, + httpdmgr); + if (result != ISC_R_SUCCESS) { + /* XXXMLG what to do? Log failure... */ + NOTICE("accept could not reaccept due to failure"); + } + + out: + UNLOCK(&httpdmgr->lock); + + httpdmgr_destroy(httpdmgr); + + isc_event_free(&ev); + + EXIT("accept"); +} + +static isc_result_t +render_404(const char *url, const char *querystring, + void *arg, + unsigned int *retcode, const char **retmsg, + const char **mimetype, isc_buffer_t *b, + isc_httpdfree_t **freecb, void **freecb_args) +{ + static char msg[] = "No such URL."; + + UNUSED(url); + UNUSED(querystring); + UNUSED(arg); + + *retcode = 404; + *retmsg = "No such URL"; + *mimetype = "text/plain"; + isc_buffer_reinit(b, msg, strlen(msg)); + isc_buffer_add(b, strlen(msg)); + *freecb = NULL; + *freecb_args = NULL; + + return (ISC_R_SUCCESS); +} + +static void +isc_httpd_recvdone(isc_task_t *task, isc_event_t *ev) +{ + isc_region_t r; + isc_result_t result; + isc_httpd_t *httpd = ev->ev_arg; + isc_socketevent_t *sev = (isc_socketevent_t *)ev; + isc_httpdurl_t *url; + isc_time_t now; + char datebuf[32]; /* Only need 30, but safety first */ + + ENTER("recv"); + + INSIST(ISC_HTTPD_ISRECV(httpd)); + + if (sev->result != ISC_R_SUCCESS) { + NOTICE("recv destroying client"); + destroy_client(&httpd); + goto out; + } + + result = process_request(httpd, sev->n); + if (result == ISC_R_NOTFOUND) { + if (httpd->recvlen >= HTTP_RECVLEN - 1) { + destroy_client(&httpd); + goto out; + } + r.base = (unsigned char *)httpd->recvbuf + httpd->recvlen; + r.length = HTTP_RECVLEN - httpd->recvlen - 1; + result = isc_socket_recv(httpd->sock, &r, 1, task, + isc_httpd_recvdone, httpd); + goto out; + } else if (result != ISC_R_SUCCESS) { + destroy_client(&httpd); + goto out; + } + + ISC_HTTPD_SETSEND(httpd); + + /* + * XXXMLG Call function here. Provide an add-header function + * which will append the common headers to a response we generate. + */ + isc_buffer_initnull(&httpd->bodybuffer); + isc_time_now(&now); + isc_time_formathttptimestamp(&now, datebuf, sizeof(datebuf)); + url = ISC_LIST_HEAD(httpd->mgr->urls); + while (url != NULL) { + if (strcmp(httpd->url, url->url) == 0) + break; + url = ISC_LIST_NEXT(url, link); + } + if (url == NULL) + result = httpd->mgr->render_404(httpd->url, httpd->querystring, + NULL, + &httpd->retcode, + &httpd->retmsg, + &httpd->mimetype, + &httpd->bodybuffer, + &httpd->freecb, + &httpd->freecb_arg); + else + result = url->action(httpd->url, httpd->querystring, + url->action_arg, + &httpd->retcode, &httpd->retmsg, + &httpd->mimetype, &httpd->bodybuffer, + &httpd->freecb, &httpd->freecb_arg); + if (result != ISC_R_SUCCESS) { + destroy_client(&httpd); + goto out; + } + + isc_httpd_response(httpd); + isc_httpd_addheader(httpd, "Content-Type", httpd->mimetype); + isc_httpd_addheader(httpd, "Date", datebuf); + isc_httpd_addheader(httpd, "Expires", datebuf); + isc_httpd_addheader(httpd, "Last-Modified", datebuf); + isc_httpd_addheader(httpd, "Pragma: no-cache", NULL); + isc_httpd_addheader(httpd, "Cache-Control: no-cache", NULL); + isc_httpd_addheader(httpd, "Server: libisc", NULL); + isc_httpd_addheaderuint(httpd, "Content-Length", + isc_buffer_usedlength(&httpd->bodybuffer)); + isc_httpd_endheaders(httpd); /* done */ + + ISC_LIST_APPEND(httpd->bufflist, &httpd->headerbuffer, link); + /* + * Link the data buffer into our send queue, should we have any data + * rendered into it. If no data is present, we won't do anything + * with the buffer. + */ + if (isc_buffer_length(&httpd->bodybuffer) > 0) + ISC_LIST_APPEND(httpd->bufflist, &httpd->bodybuffer, link); + + result = isc_socket_sendv(httpd->sock, &httpd->bufflist, task, + isc_httpd_senddone, httpd); + + out: + isc_event_free(&ev); + EXIT("recv"); +} + +void +isc_httpdmgr_shutdown(isc_httpdmgr_t **httpdmgrp) +{ + isc_httpdmgr_t *httpdmgr; + isc_httpd_t *httpd; + httpdmgr = *httpdmgrp; + *httpdmgrp = NULL; + + ENTER("isc_httpdmgr_shutdown"); + + LOCK(&httpdmgr->lock); + + MSETSHUTTINGDOWN(httpdmgr); + + isc_socket_cancel(httpdmgr->sock, httpdmgr->task, ISC_SOCKCANCEL_ALL); + + httpd = ISC_LIST_HEAD(httpdmgr->running); + while (httpd != NULL) { + isc_socket_cancel(httpd->sock, httpdmgr->task, + ISC_SOCKCANCEL_ALL); + httpd = ISC_LIST_NEXT(httpd, link); + } + + UNLOCK(&httpdmgr->lock); + + EXIT("isc_httpdmgr_shutdown"); +} + +static isc_result_t +grow_headerspace(isc_httpd_t *httpd) +{ + char *newspace; + unsigned int newlen; + isc_region_t r; + + newlen = httpd->headerlen + HTTP_SENDGROW; + if (newlen > HTTP_SEND_MAXLEN) + return (ISC_R_NOSPACE); + + newspace = isc_mem_get(httpd->mgr->mctx, newlen); + if (newspace == NULL) + return (ISC_R_NOMEMORY); + isc_buffer_region(&httpd->headerbuffer, &r); + isc_buffer_reinit(&httpd->headerbuffer, newspace, newlen); + + isc_mem_put(httpd->mgr->mctx, r.base, r.length); + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_httpd_response(isc_httpd_t *httpd) +{ + isc_result_t result; + unsigned int needlen; + + needlen = strlen(httpd->protocol) + 1; /* protocol + space */ + needlen += 3 + 1; /* room for response code, always 3 bytes */ + needlen += strlen(httpd->retmsg) + 2; /* return msg + CRLF */ + + if (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { + result = grow_headerspace(httpd); + if (result != ISC_R_SUCCESS) + return (result); + } + + sprintf(isc_buffer_used(&httpd->headerbuffer), "%s %03d %s\r\n", + httpd->protocol, httpd->retcode, httpd->retmsg); + isc_buffer_add(&httpd->headerbuffer, needlen); + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_httpd_addheader(isc_httpd_t *httpd, const char *name, + const char *val) +{ + isc_result_t result; + unsigned int needlen; + + needlen = strlen(name); /* name itself */ + if (val != NULL) + needlen += 2 + strlen(val); /* : and val */ + needlen += 2; /* CRLF */ + + if (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { + result = grow_headerspace(httpd); + if (result != ISC_R_SUCCESS) + return (result); + } + + if (val != NULL) + sprintf(isc_buffer_used(&httpd->headerbuffer), + "%s: %s\r\n", name, val); + else + sprintf(isc_buffer_used(&httpd->headerbuffer), + "%s\r\n", name); + + isc_buffer_add(&httpd->headerbuffer, needlen); + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_httpd_endheaders(isc_httpd_t *httpd) +{ + isc_result_t result; + + if (isc_buffer_availablelength(&httpd->headerbuffer) < 2) { + result = grow_headerspace(httpd); + if (result != ISC_R_SUCCESS) + return (result); + } + + sprintf(isc_buffer_used(&httpd->headerbuffer), "\r\n"); + isc_buffer_add(&httpd->headerbuffer, 2); + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_httpd_addheaderuint(isc_httpd_t *httpd, const char *name, int val) { + isc_result_t result; + unsigned int needlen; + char buf[sizeof "18446744073709551616"]; + + sprintf(buf, "%d", val); + + needlen = strlen(name); /* name itself */ + needlen += 2 + strlen(buf); /* : and val */ + needlen += 2; /* CRLF */ + + if (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { + result = grow_headerspace(httpd); + if (result != ISC_R_SUCCESS) + return (result); + } + + sprintf(isc_buffer_used(&httpd->headerbuffer), + "%s: %s\r\n", name, buf); + + isc_buffer_add(&httpd->headerbuffer, needlen); + + return (ISC_R_SUCCESS); +} + +static void +isc_httpd_senddone(isc_task_t *task, isc_event_t *ev) +{ + isc_httpd_t *httpd = ev->ev_arg; + isc_region_t r; + isc_result_t result; + isc_socketevent_t *sev = (isc_socketevent_t *)ev; + + ENTER("senddone"); + INSIST(ISC_HTTPD_ISSEND(httpd)); + + /* + * First, unlink our header buffer from the socket's bufflist. This + * is sort of an evil hack, since we know our buffer will be there, + * and we know it's address, so we can just remove it directly. + */ + NOTICE("senddone unlinked header"); + ISC_LIST_UNLINK(sev->bufferlist, &httpd->headerbuffer, link); + + /* + * We will always want to clean up our receive buffer, even if we + * got an error on send or we are shutting down. + * + * We will pass in the buffer only if there is data in it. If + * there is no data, we will pass in a NULL. + */ + if (httpd->freecb != NULL) { + isc_buffer_t *b = NULL; + if (isc_buffer_length(&httpd->bodybuffer) > 0) + b = &httpd->bodybuffer; + httpd->freecb(b, httpd->freecb_arg); + NOTICE("senddone free callback performed"); + } + if (ISC_LINK_LINKED(&httpd->bodybuffer, link)) { + ISC_LIST_UNLINK(sev->bufferlist, &httpd->bodybuffer, link); + NOTICE("senddone body buffer unlinked"); + } + + if (sev->result != ISC_R_SUCCESS) { + destroy_client(&httpd); + goto out; + } + + if ((httpd->flags & HTTPD_CLOSE) != 0) { + destroy_client(&httpd); + goto out; + } + + ISC_HTTPD_SETRECV(httpd); + + NOTICE("senddone restarting recv on socket"); + + reset_client(httpd); + + r.base = (unsigned char *)httpd->recvbuf; + r.length = HTTP_RECVLEN - 1; + result = isc_socket_recv(httpd->sock, &r, 1, task, isc_httpd_recvdone, + httpd); + +out: + isc_event_free(&ev); + EXIT("senddone"); +} + +static void +reset_client(isc_httpd_t *httpd) +{ + /* + * Catch errors here. We MUST be in RECV mode, and we MUST NOT have + * any outstanding buffers. If we have buffers, we have a leak. + */ + INSIST(ISC_HTTPD_ISRECV(httpd)); + INSIST(!ISC_LINK_LINKED(&httpd->headerbuffer, link)); + INSIST(!ISC_LINK_LINKED(&httpd->bodybuffer, link)); + + httpd->recvbuf[0] = 0; + httpd->recvlen = 0; + httpd->method = ISC_HTTPD_METHODUNKNOWN; + httpd->url = NULL; + httpd->querystring = NULL; + httpd->protocol = NULL; + httpd->flags = 0; + + isc_buffer_clear(&httpd->headerbuffer); + isc_buffer_invalidate(&httpd->bodybuffer); +} + +isc_result_t +isc_httpdmgr_addurl(isc_httpdmgr_t *httpdmgr, const char *url, + isc_httpdaction_t *func, void *arg) +{ + isc_httpdurl_t *item; + + if (url == NULL) { + httpdmgr->render_404 = func; + return (ISC_R_SUCCESS); + } + + item = isc_mem_get(httpdmgr->mctx, sizeof(isc_httpdurl_t)); + if (item == NULL) + return (ISC_R_NOMEMORY); + + item->url = isc_mem_strdup(httpdmgr->mctx, url); + if (item->url == NULL) { + isc_mem_put(httpdmgr->mctx, item, sizeof(isc_httpdurl_t)); + return (ISC_R_NOMEMORY); + } + + item->action = func; + item->action_arg = arg; + ISC_LINK_INIT(item, link); + ISC_LIST_APPEND(httpdmgr->urls, item, link); + + return (ISC_R_SUCCESS); +} diff --git a/contrib/bind-9.5.2/lib/isc/ia64/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/ia64/include/isc/atomic.h new file mode 100644 index 0000000000..1c6c396ba5 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/ia64/include/isc/atomic.h @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2006, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.4.122.3 2009/06/24 02:23:27 marka Exp $ */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +#ifdef ISC_PLATFORM_USEGCCASM +/* + * This routine atomically increments the value stored in 'p' by 'val', and + * returns the previous value. + * + * Open issue: can 'fetchadd' make the code faster for some particular values + * (e.g., 1 and -1)? + */ +static inline isc_int32_t +#ifdef __GNUC__ +__attribute__ ((unused)) +#endif +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) +{ + isc_int32_t prev, swapped; + + for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) { + swapped = prev + val; + __asm__ volatile( + "mov ar.ccv=%2;" + "cmpxchg4.acq %0=%4,%3,ar.ccv" + : "=r" (swapped), "=m" (*p) + : "r" (prev), "r" (swapped), "m" (*p) + : "memory"); + if (swapped == prev) + break; + } + + return (prev); +} + +/* + * This routine atomically stores the value 'val' in 'p'. + */ +static inline void +#ifdef __GNUC__ +__attribute__ ((unused)) +#endif +isc_atomic_store(isc_int32_t *p, isc_int32_t val) +{ + __asm__ volatile( + "st4.rel %0=%1" + : "=m" (*p) + : "r" (val) + : "memory" + ); +} + +/* + * This routine atomically replaces the value in 'p' with 'val', if the + * original value is equal to 'cmpval'. The original value is returned in any + * case. + */ +static inline isc_int32_t +#ifdef __GNUC__ +__attribute__ ((unused)) +#endif +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) +{ + isc_int32_t ret; + + __asm__ volatile( + "mov ar.ccv=%2;" + "cmpxchg4.acq %0=%4,%3,ar.ccv" + : "=r" (ret), "=m" (*p) + : "r" (cmpval), "r" (val), "m" (*p) + : "memory"); + + return (ret); +} +#else /* !ISC_PLATFORM_USEGCCASM */ + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/app.h b/contrib/bind-9.5.2/lib/isc/include/isc/app.h similarity index 65% rename from contrib/bind-9.3/lib/isc/include/isc/app.h rename to contrib/bind-9.5.2/lib/isc/include/isc/app.h index f77057b388..c4d54cbe44 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/app.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/app.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: app.h,v 1.1.206.1 2004/03/06 08:14:38 marka Exp $ */ +/* $Id: app.h,v 1.8 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_APP_H #define ISC_APP_H 1 @@ -24,18 +24,18 @@ ***** Module Info *****/ -/* - * ISC Application Support +/*! \file isc/app.h + * \brief ISC Application Support * * Dealing with program termination can be difficult, especially in a * multithreaded program. The routines in this module help coordinate * the shutdown process. They are used as follows by the initial (main) * thread of the application: * - * isc_app_start(); Call very early in main(), before + *\li isc_app_start(); Call very early in main(), before * any other threads have been created. * - * isc_app_run(); This will post any on-run events, + *\li isc_app_run(); This will post any on-run events, * and then block until application * shutdown is requested. A shutdown * request is made by calling @@ -44,7 +44,7 @@ * After isc_app_run() returns, the * application should shutdown itself. * - * isc_app_finish(); Call very late in main(). + *\li isc_app_finish(); Call very late in main(). * * Applications that want to use SIGHUP/isc_app_reload() to trigger reloading * should check the result of isc_app_run() and call the reload routine if @@ -54,22 +54,22 @@ * Use of this module is not required. In particular, isc_app_start() is * NOT an ISC library initialization routine. * - * MP: + * \li MP: * Clients must ensure that isc_app_start(), isc_app_run(), and * isc_app_finish() are called at most once. isc_app_shutdown() * is safe to use by any thread (provided isc_app_start() has been * called previously). * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: + * \li Resources: * None. * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -87,8 +87,8 @@ ISC_LANG_BEGINDECLS isc_result_t isc_app_start(void); -/* - * Start an ISC library application. +/*!< + * \brief Start an ISC library application. * * Notes: * This call should be made before any other ISC library call, and as @@ -98,8 +98,8 @@ isc_app_start(void); isc_result_t isc_app_onrun(isc_mem_t *mctx, isc_task_t *task, isc_taskaction_t action, void *arg); -/* - * Request delivery of an event when the application is run. +/*!< + * \brief Request delivery of an event when the application is run. * * Requires: * isc_app_start() has been called. @@ -111,99 +111,99 @@ isc_app_onrun(isc_mem_t *mctx, isc_task_t *task, isc_taskaction_t action, isc_result_t isc_app_run(void); -/* - * Run an ISC library application. +/*!< + * \brief Run an ISC library application. * * Notes: - * The caller (typically the initial thread of an application) will + *\li The caller (typically the initial thread of an application) will * block until shutdown is requested. When the call returns, the * caller should start shutting down the application. * * Requires: - * isc_app_start() has been called. + *\li isc_app_start() has been called. * * Ensures: - * Any events requested via isc_app_onrun() will have been posted (in + *\li Any events requested via isc_app_onrun() will have been posted (in * FIFO order) before isc_app_run() blocks. * * Returns: - * ISC_R_SUCCESS Shutdown has been requested. - * ISC_R_RELOAD Reload has been requested. + *\li ISC_R_SUCCESS Shutdown has been requested. + *\li ISC_R_RELOAD Reload has been requested. */ isc_result_t isc_app_shutdown(void); -/* - * Request application shutdown. +/*!< + * \brief Request application shutdown. * * Notes: - * It is safe to call isc_app_shutdown() multiple times. Shutdown will + *\li It is safe to call isc_app_shutdown() multiple times. Shutdown will * only be triggered once. * * Requires: - * isc_app_run() has been called. + *\li isc_app_run() has been called. * * Returns: - * ISC_R_SUCCESS - * ISC_R_UNEXPECTED + *\li ISC_R_SUCCESS + *\li ISC_R_UNEXPECTED */ isc_result_t isc_app_reload(void); -/* - * Request application reload. +/*!< + * \brief Request application reload. * * Requires: - * isc_app_run() has been called. + *\li isc_app_run() has been called. * * Returns: - * ISC_R_SUCCESS - * ISC_R_UNEXPECTED + *\li ISC_R_SUCCESS + *\li ISC_R_UNEXPECTED */ void isc_app_finish(void); -/* - * Finish an ISC library application. +/*!< + * \brief Finish an ISC library application. * * Notes: - * This call should be made at or near the end of main(). + *\li This call should be made at or near the end of main(). * * Requires: - * isc_app_start() has been called. + *\li isc_app_start() has been called. * * Ensures: - * Any resources allocated by isc_app_start() have been released. + *\li Any resources allocated by isc_app_start() have been released. */ void isc_app_block(void); -/* - * Indicate that a blocking operation will be performed. +/*!< + * \brief Indicate that a blocking operation will be performed. * * Notes: - * If a blocking operation is in process, a call to isc_app_shutdown() + *\li If a blocking operation is in process, a call to isc_app_shutdown() * or an external signal will abort the program, rather than allowing * clean shutdown. This is primarily useful for reading user input. * * Requires: - * isc_app_start() has been called. - * No other blocking operations are in progress. + * \li isc_app_start() has been called. + * \li No other blocking operations are in progress. */ void isc_app_unblock(void); -/* - * Indicate that a blocking operation is complete. +/*!< + * \brief Indicate that a blocking operation is complete. * * Notes: - * When a blocking operation has completed, return the program to a + * \li When a blocking operation has completed, return the program to a * state where a call to isc_app_shutdown() or an external signal will * shutdown normally. * * Requires: - * isc_app_start() has been called. - * isc_app_block() has been called by the same thread. + * \li isc_app_start() has been called. + * \li isc_app_block() has been called by the same thread. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/assertions.h b/contrib/bind-9.5.2/lib/isc/include/isc/assertions.h similarity index 87% rename from contrib/bind-9.3/lib/isc/include/isc/assertions.h rename to contrib/bind-9.5.2/lib/isc/include/isc/assertions.h index 6091de9a63..b7a9a73e4e 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/assertions.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/assertions.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +16,9 @@ */ /* - * $Id: assertions.h,v 1.17.206.1 2004/03/06 08:14:38 marka Exp $ + * $Id: assertions.h,v 1.24.128.2 2008/10/15 23:46:53 tbox Exp $ + */ +/*! \file isc/assertions.h */ #ifndef ISC_ASSERTIONS_H @@ -27,6 +29,7 @@ ISC_LANG_BEGINDECLS +/*% isc assertion type */ typedef enum { isc_assertiontype_require, isc_assertiontype_ensure, @@ -37,6 +40,7 @@ typedef enum { typedef void (*isc_assertioncallback_t)(const char *, int, isc_assertiontype_t, const char *); +/* coverity[+kill] */ LIBISC_EXTERNAL_DATA extern isc_assertioncallback_t isc_assertion_failed; void @@ -45,14 +49,14 @@ isc_assertion_setcallback(isc_assertioncallback_t); const char * isc_assertion_typetotext(isc_assertiontype_t type); -#ifdef ISC_CHECK_ALL +#if defined(ISC_CHECK_ALL) || defined(__COVERITY__) #define ISC_CHECK_REQUIRE 1 #define ISC_CHECK_ENSURE 1 #define ISC_CHECK_INSIST 1 #define ISC_CHECK_INVARIANT 1 #endif -#ifdef ISC_CHECK_NONE +#if defined(ISC_CHECK_NONE) && !defined(__COVERITY__) #define ISC_CHECK_REQUIRE 0 #define ISC_CHECK_ENSURE 0 #define ISC_CHECK_INSIST 0 diff --git a/contrib/bind-9.3/lib/isc/include/isc/base64.h b/contrib/bind-9.5.2/lib/isc/include/isc/base64.h similarity index 60% rename from contrib/bind-9.3/lib/isc/include/isc/base64.h rename to contrib/bind-9.5.2/lib/isc/include/isc/base64.h index 260dd1d2e9..e48ef2a400 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/base64.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/base64.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: base64.h,v 1.15.206.1 2004/03/06 08:14:38 marka Exp $ */ +/* $Id: base64.h,v 1.22 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_BASE64_H #define ISC_BASE64_H 1 +/*! \file isc/base64.h */ + #include #include @@ -32,59 +34,59 @@ ISC_LANG_BEGINDECLS isc_result_t isc_base64_totext(isc_region_t *source, int wordlength, const char *wordbreak, isc_buffer_t *target); -/* - * Convert data into base64 encoded text. +/*!< + * \brief Convert data into base64 encoded text. * * Notes: - * The base64 encoded text in 'target' will be divided into + *\li The base64 encoded text in 'target' will be divided into * words of at most 'wordlength' characters, separated by * the 'wordbreak' string. No parentheses will surround * the text. * * Requires: - * 'source' is a region containing binary data - * 'target' is a text buffer containing available space - * 'wordbreak' points to a null-terminated string of + *\li 'source' is a region containing binary data + *\li 'target' is a text buffer containing available space + *\li 'wordbreak' points to a null-terminated string of * zero or more whitespace characters * * Ensures: - * target will contain the base64 encoded version of the data + *\li target will contain the base64 encoded version of the data * in source. The 'used' pointer in target will be advanced as * necessary. */ isc_result_t isc_base64_decodestring(const char *cstr, isc_buffer_t *target); -/* - * Decode a null-terminated base64 string. +/*!< + * \brief Decode a null-terminated base64 string. * * Requires: - * 'cstr' is non-null. - * 'target' is a valid buffer. + *\li 'cstr' is non-null. + *\li 'target' is a valid buffer. * * Returns: - * ISC_R_SUCCESS -- the entire decoded representation of 'cstring' + *\li #ISC_R_SUCCESS -- the entire decoded representation of 'cstring' * fit in 'target'. - * ISC_R_BADBASE64 -- 'cstr' is not a valid base64 encoding. + *\li #ISC_R_BADBASE64 -- 'cstr' is not a valid base64 encoding. * * Other error returns are any possible error code from: - * isc_lex_create(), - * isc_lex_openbuffer(), - * isc_base64_tobuffer(). + *\li isc_lex_create(), + *\li isc_lex_openbuffer(), + *\li isc_base64_tobuffer(). */ isc_result_t isc_base64_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length); -/* - * Convert base64 encoded text from a lexer context into data. +/*!< + * \brief Convert base64 encoded text from a lexer context into data. * * Requires: - * 'lex' is a valid lexer context - * 'target' is a buffer containing binary data - * 'length' is an integer + *\li 'lex' is a valid lexer context + *\li 'target' is a buffer containing binary data + *\li 'length' is an integer * * Ensures: - * target will contain the data represented by the base64 encoded + *\li target will contain the data represented by the base64 encoded * string parsed by the lexer. No more than length bytes will be read, * if length is positive. The 'used' pointer in target will be * advanced as necessary. diff --git a/contrib/bind-9.3/lib/isc/include/isc/bitstring.h b/contrib/bind-9.5.2/lib/isc/include/isc/bitstring.h similarity index 75% rename from contrib/bind-9.3/lib/isc/include/isc/bitstring.h rename to contrib/bind-9.5.2/lib/isc/include/isc/bitstring.h index 6d6a555f23..252d1117a7 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/bitstring.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/bitstring.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: bitstring.h,v 1.7.206.1 2004/03/06 08:14:38 marka Exp $ */ +/* $Id: bitstring.h,v 1.14 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_BITSTRING_H #define ISC_BITSTRING_H 1 @@ -24,8 +24,9 @@ ***** Module Info *****/ -/* - * Bitstring +/*! \file isc/bitstring.h + * + * \brief Bitstring manipulation functions. * * A bitstring is a packed array of bits, stored in a contiguous * sequence of octets. The "most significant bit" (msb) of a bitstring @@ -46,21 +47,25 @@ * long and will take two octets. Let "p" denote a pad bit. In the msb0 * encoding, it would be * + * \verbatim * Octet 0 Octet 1 * | * 1 1 0 1 0 0 0 1 | 1 1 1 p p p p p * ^ | ^ * | | * bit 0 bit 15 + * \endverbatim * * In the lsb0 encoding, it would be * + * \verbatim * Octet 0 Octet 1 * | * p p p p p 1 1 0 | 1 0 0 0 1 1 1 1 * ^ | ^ * | | * bit 15 bit 0 + * \endverbatim */ /*** @@ -91,59 +96,59 @@ struct isc_bitstring { void isc_bitstring_init(isc_bitstring_t *bitstring, unsigned char *data, unsigned int length, unsigned int size, isc_boolean_t lsb0); -/* - * Make 'bitstring' refer to the bitstring of 'size' bits starting +/*!< + * \brief Make 'bitstring' refer to the bitstring of 'size' bits starting * at 'data'. 'length' bits of the bitstring are valid. If 'lsb0' * is set then, bit 0 refers to the least significant bit of the * bitstring. Otherwise bit 0 is the most significant bit. * * Requires: * - * 'bitstring' points to a isc_bitstring_t. + *\li 'bitstring' points to a isc_bitstring_t. * - * 'data' points to an array of unsigned char large enough to hold + *\li 'data' points to an array of unsigned char large enough to hold * 'size' bits. * - * 'length' <= 'size'. + *\li 'length' <= 'size'. * * Ensures: * - * 'bitstring' is a valid bitstring. + *\li 'bitstring' is a valid bitstring. */ void isc_bitstring_invalidate(isc_bitstring_t *bitstring); -/* - * Invalidate 'bitstring'. +/*!< + * \brief Invalidate 'bitstring'. * * Requires: * - * 'bitstring' is a valid bitstring. + *\li 'bitstring' is a valid bitstring. * * Ensures: * - * 'bitstring' is not a valid bitstring. + *\li 'bitstring' is not a valid bitstring. */ void isc_bitstring_copy(isc_bitstring_t *source, unsigned int sbitpos, isc_bitstring_t *target, unsigned int tbitpos, unsigned int n); -/* - * Starting at bit 'sbitpos', copy 'n' bits from 'source' to +/*!< + * \brief Starting at bit 'sbitpos', copy 'n' bits from 'source' to * the 'n' bits of 'target' starting at 'tbitpos'. * * Requires: * - * 'source' and target are valid bitstrings with the same lsb0 setting. + *\li 'source' and target are valid bitstrings with the same lsb0 setting. * - * 'sbitpos' + 'n' is less than or equal to the length of 'source'. + *\li 'sbitpos' + 'n' is less than or equal to the length of 'source'. * - * 'tbitpos' + 'n' is less than or equal to the size of 'target'. + *\li 'tbitpos' + 'n' is less than or equal to the size of 'target'. * * Ensures: * - * The specified bits have been copied, and the length of 'target' + *\li The specified bits have been copied, and the length of 'target' * adjusted (if required). */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/boolean.h b/contrib/bind-9.5.2/lib/isc/include/isc/boolean.h similarity index 80% rename from contrib/bind-9.3/lib/isc/include/isc/boolean.h rename to contrib/bind-9.5.2/lib/isc/include/isc/boolean.h index 0081447dec..348b096912 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/boolean.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/boolean.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: boolean.h,v 1.12.206.1 2004/03/06 08:14:39 marka Exp $ */ +/* $Id: boolean.h,v 1.19 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_BOOLEAN_H #define ISC_BOOLEAN_H 1 +/*! \file isc/boolean.h */ + typedef enum { isc_boolean_false = 0, isc_boolean_true = 1 } isc_boolean_t; #define ISC_FALSE isc_boolean_false diff --git a/contrib/bind-9.3/lib/isc/include/isc/buffer.h b/contrib/bind-9.5.2/lib/isc/include/isc/buffer.h similarity index 69% rename from contrib/bind-9.3/lib/isc/include/isc/buffer.h rename to contrib/bind-9.5.2/lib/isc/include/isc/buffer.h index 02b82bcbac..124239a2d4 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/buffer.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/buffer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: buffer.h,v 1.39.12.2 2004/03/08 09:04:51 marka Exp $ */ +/* $Id: buffer.h,v 1.51 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_BUFFER_H #define ISC_BUFFER_H 1 @@ -24,10 +24,9 @@ ***** Module Info *****/ -/* - * Buffers +/*! \file isc/buffer.h * - * A buffer is a region of memory, together with a set of related subregions. + * \brief A buffer is a region of memory, together with a set of related subregions. * Buffers are used for parsing and I/O operations. * * The 'used region' and the 'available' region are disjoint, and their @@ -51,6 +50,7 @@ * is empty. If the current offset advances beyond the chosen offset, the * active region will also be empty. * + * \verbatim * /------------entire length---------------\ * /----- used region -----\/-- available --\ * +----------------------------------------+ @@ -69,9 +69,11 @@ * a-b == consumed region. * b-d == remaining region. * b-c == optional active region. + *\endverbatim * * The following invariants are maintained by all routines: * + *\code * length > 0 * * base is a valid pointer to length bytes of memory @@ -82,21 +84,22 @@ * * 0 <= active <= used * (although active < current implies empty active region) + *\endcode * - * MP: + * \li MP: * Buffers have no synchronization. Clients must ensure exclusive * access. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: + * \li Resources: * Memory: 1 pointer + 6 unsigned integers per buffer. * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -108,19 +111,21 @@ #include #include -/* - * To make many functions be inline macros (via #define) define this. +/*! + * To make many functions be inline macros (via \#define) define this. * If it is undefined, a function will be used. */ /* #define ISC_BUFFER_USEINLINE */ ISC_LANG_BEGINDECLS -/*** +/*@{*/ +/*! *** Magic numbers ***/ #define ISC_BUFFER_MAGIC 0x42756621U /* Buf!. */ #define ISC_BUFFER_VALID(b) ISC_MAGIC_VALID(b, ISC_BUFFER_MAGIC) +/*@}*/ /* * The following macros MUST be used only on valid buffers. It is the @@ -129,7 +134,8 @@ ISC_LANG_BEGINDECLS * another macro.) */ -/* +/*@{*/ +/*! * Fundamental buffer elements. (A through E in the introductory comment.) */ #define isc_buffer_base(b) ((void *)(b)->base) /*a*/ @@ -140,8 +146,10 @@ ISC_LANG_BEGINDECLS #define isc_buffer_used(b) \ ((void *)((unsigned char *)(b)->base + (b)->used)) /*d*/ #define isc_buffer_length(b) ((b)->length) /*e*/ +/*@}*/ -/* +/*@{*/ +/*! * Derived lengths. (Described in the introductory comment.) */ #define isc_buffer_usedlength(b) ((b)->used) /* d-a */ @@ -149,8 +157,9 @@ ISC_LANG_BEGINDECLS #define isc_buffer_remaininglength(b) ((b)->used - (b)->current) /* d-b */ #define isc_buffer_activelength(b) ((b)->active - (b)->current) /* c-b */ #define isc_buffer_availablelength(b) ((b)->length - (b)->used) /* e-d */ +/*@}*/ -/* +/*! * Note that the buffer structure is public. This is principally so buffer * operations can be implemented using macros. Applications are strongly * discouraged from directly manipulating the structure. @@ -159,14 +168,16 @@ ISC_LANG_BEGINDECLS struct isc_buffer { unsigned int magic; void *base; - /* The following integers are byte offsets from 'base'. */ + /*@{*/ + /*! The following integers are byte offsets from 'base'. */ unsigned int length; unsigned int used; unsigned int current; unsigned int active; - /* linkable */ + /*@}*/ + /*! linkable */ ISC_LINK(isc_buffer_t) link; - /* private internal elements */ + /*! private internal elements */ isc_mem_t *mctx; }; @@ -177,397 +188,453 @@ struct isc_buffer { isc_result_t isc_buffer_allocate(isc_mem_t *mctx, isc_buffer_t **dynbuffer, unsigned int length); -/* - * Allocate a dynamic linkable buffer which has "length" bytes in the +/*!< + * \brief Allocate a dynamic linkable buffer which has "length" bytes in the * data region. * * Requires: - * "mctx" is valid. + *\li "mctx" is valid. * - * "dynbuffer" is non-NULL, and "*dynbuffer" is NULL. + *\li "dynbuffer" is non-NULL, and "*dynbuffer" is NULL. * * Returns: - * ISC_R_SUCCESS - success - * ISC_R_NOMEMORY - no memory available + *\li ISC_R_SUCCESS - success + *\li ISC_R_NOMEMORY - no memory available * * Note: - * Changing the buffer's length field is not permitted. + *\li Changing the buffer's length field is not permitted. */ void isc_buffer_free(isc_buffer_t **dynbuffer); -/* - * Release resources allocated for a dynamic buffer. +/*!< + * \brief Release resources allocated for a dynamic buffer. * * Requires: - * "dynbuffer" is not NULL. + *\li "dynbuffer" is not NULL. * - * "*dynbuffer" is a valid dynamic buffer. + *\li "*dynbuffer" is a valid dynamic buffer. * * Ensures: - * "*dynbuffer" will be NULL on return, and all memory associated with + *\li "*dynbuffer" will be NULL on return, and all memory associated with * the dynamic buffer is returned to the memory context used in * isc_buffer_allocate(). */ void isc__buffer_init(isc_buffer_t *b, const void *base, unsigned int length); -/* - * Make 'b' refer to the 'length'-byte region starting at base. +/*!< + * \brief Make 'b' refer to the 'length'-byte region starting at base. * * Requires: * - * 'length' > 0 + *\li 'length' > 0 * - * 'base' is a pointer to a sequence of 'length' bytes. + *\li 'base' is a pointer to a sequence of 'length' bytes. + * + */ + +void +isc__buffer_initnull(isc_buffer_t *b); +/*!< + *\brief Initialize a buffer 'b' with a null data and zero length/ + */ + +void +isc_buffer_reinit(isc_buffer_t *b, void *base, unsigned int length); +/*!< + * \brief Make 'b' refer to the 'length'-byte region starting at base. + * Any existing data will be copied. + * + * Requires: + * + *\li 'length' > 0 AND length >= previous length + * + *\li 'base' is a pointer to a sequence of 'length' bytes. * */ void isc__buffer_invalidate(isc_buffer_t *b); -/* - * Make 'b' an invalid buffer. +/*!< + * \brief Make 'b' an invalid buffer. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * * Ensures: - * If assertion checking is enabled, future attempts to use 'b' without + *\li If assertion checking is enabled, future attempts to use 'b' without * calling isc_buffer_init() on it will cause an assertion failure. */ void isc__buffer_region(isc_buffer_t *b, isc_region_t *r); -/* - * Make 'r' refer to the region of 'b'. +/*!< + * \brief Make 'r' refer to the region of 'b'. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' points to a region structure. + *\li 'r' points to a region structure. */ void isc__buffer_usedregion(isc_buffer_t *b, isc_region_t *r); -/* - * Make 'r' refer to the used region of 'b'. +/*!< + * \brief Make 'r' refer to the used region of 'b'. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' points to a region structure. + *\li 'r' points to a region structure. */ void isc__buffer_availableregion(isc_buffer_t *b, isc_region_t *r); -/* - * Make 'r' refer to the available region of 'b'. +/*!< + * \brief Make 'r' refer to the available region of 'b'. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' points to a region structure. + *\li 'r' points to a region structure. */ void isc__buffer_add(isc_buffer_t *b, unsigned int n); -/* - * Increase the 'used' region of 'b' by 'n' bytes. +/*!< + * \brief Increase the 'used' region of 'b' by 'n' bytes. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * - * used + n <= length + *\li used + n <= length * */ void isc__buffer_subtract(isc_buffer_t *b, unsigned int n); -/* - * Decrease the 'used' region of 'b' by 'n' bytes. +/*!< + * \brief Decrease the 'used' region of 'b' by 'n' bytes. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * - * used >= n + *\li used >= n * */ void isc__buffer_clear(isc_buffer_t *b); -/* - * Make the used region empty. +/*!< + * \brief Make the used region empty. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * * Ensures: * - * used = 0 + *\li used = 0 * */ void isc__buffer_consumedregion(isc_buffer_t *b, isc_region_t *r); -/* - * Make 'r' refer to the consumed region of 'b'. +/*!< + * \brief Make 'r' refer to the consumed region of 'b'. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' points to a region structure. + *\li 'r' points to a region structure. */ void isc__buffer_remainingregion(isc_buffer_t *b, isc_region_t *r); -/* - * Make 'r' refer to the remaining region of 'b'. +/*!< + * \brief Make 'r' refer to the remaining region of 'b'. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' points to a region structure. + *\li 'r' points to a region structure. */ void isc__buffer_activeregion(isc_buffer_t *b, isc_region_t *r); -/* - * Make 'r' refer to the active region of 'b'. +/*!< + * \brief Make 'r' refer to the active region of 'b'. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' points to a region structure. + *\li 'r' points to a region structure. */ void isc__buffer_setactive(isc_buffer_t *b, unsigned int n); -/* - * Sets the end of the active region 'n' bytes after current. +/*!< + * \brief Sets the end of the active region 'n' bytes after current. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * current + n <= used + *\li current + n <= used */ void isc__buffer_first(isc_buffer_t *b); -/* - * Make the consumed region empty. +/*!< + * \brief Make the consumed region empty. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * * Ensures: * - * current == 0 + *\li current == 0 * */ void isc__buffer_forward(isc_buffer_t *b, unsigned int n); -/* - * Increase the 'consumed' region of 'b' by 'n' bytes. +/*!< + * \brief Increase the 'consumed' region of 'b' by 'n' bytes. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * - * current + n <= used + *\li current + n <= used * */ void isc__buffer_back(isc_buffer_t *b, unsigned int n); -/* - * Decrease the 'consumed' region of 'b' by 'n' bytes. +/*!< + * \brief Decrease the 'consumed' region of 'b' by 'n' bytes. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * - * n <= current + *\li n <= current * */ void isc_buffer_compact(isc_buffer_t *b); -/* - * Compact the used region by moving the remaining region so it occurs +/*!< + * \brief Compact the used region by moving the remaining region so it occurs * at the start of the buffer. The used region is shrunk by the size of * the consumed region, and the consumed region is then made empty. * * Requires: * - * 'b' is a valid buffer + *\li 'b' is a valid buffer * * Ensures: * - * current == 0 + *\li current == 0 * - * The size of the used region is now equal to the size of the remaining + *\li The size of the used region is now equal to the size of the remaining * region (as it was before the call). The contents of the used region * are those of the remaining region (as it was before the call). */ isc_uint8_t isc_buffer_getuint8(isc_buffer_t *b); -/* - * Read an unsigned 8-bit integer from 'b' and return it. +/*!< + * \brief Read an unsigned 8-bit integer from 'b' and return it. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * The length of the available region of 'b' is at least 1. + *\li The length of the available region of 'b' is at least 1. * * Ensures: * - * The current pointer in 'b' is advanced by 1. + *\li The current pointer in 'b' is advanced by 1. * * Returns: * - * A 8-bit unsigned integer. + *\li A 8-bit unsigned integer. */ void isc__buffer_putuint8(isc_buffer_t *b, isc_uint8_t val); -/* - * Store an unsigned 8-bit integer from 'val' into 'b'. +/*!< + * \brief Store an unsigned 8-bit integer from 'val' into 'b'. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * The length of the unused region of 'b' is at least 1. + *\li The length of the unused region of 'b' is at least 1. * * Ensures: - * The used pointer in 'b' is advanced by 1. + *\li The used pointer in 'b' is advanced by 1. */ isc_uint16_t isc_buffer_getuint16(isc_buffer_t *b); -/* - * Read an unsigned 16-bit integer in network byte order from 'b', convert +/*!< + * \brief Read an unsigned 16-bit integer in network byte order from 'b', convert * it to host byte order, and return it. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * The length of the available region of 'b' is at least 2. + *\li The length of the available region of 'b' is at least 2. * * Ensures: * - * The current pointer in 'b' is advanced by 2. + *\li The current pointer in 'b' is advanced by 2. * * Returns: * - * A 16-bit unsigned integer. + *\li A 16-bit unsigned integer. */ void isc__buffer_putuint16(isc_buffer_t *b, isc_uint16_t val); -/* - * Store an unsigned 16-bit integer in host byte order from 'val' +/*!< + * \brief Store an unsigned 16-bit integer in host byte order from 'val' * into 'b' in network byte order. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * The length of the unused region of 'b' is at least 2. + *\li The length of the unused region of 'b' is at least 2. * * Ensures: - * The used pointer in 'b' is advanced by 2. + *\li The used pointer in 'b' is advanced by 2. */ isc_uint32_t isc_buffer_getuint32(isc_buffer_t *b); -/* - * Read an unsigned 32-bit integer in network byte order from 'b', convert +/*!< + * \brief Read an unsigned 32-bit integer in network byte order from 'b', convert * it to host byte order, and return it. * * Requires: * - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * The length of the available region of 'b' is at least 4. + *\li The length of the available region of 'b' is at least 4. * * Ensures: * - * The current pointer in 'b' is advanced by 4. + *\li The current pointer in 'b' is advanced by 4. * * Returns: * - * A 32-bit unsigned integer. + *\li A 32-bit unsigned integer. */ void isc__buffer_putuint32(isc_buffer_t *b, isc_uint32_t val); -/* - * Store an unsigned 32-bit integer in host byte order from 'val' +/*!< + * \brief Store an unsigned 32-bit integer in host byte order from 'val' * into 'b' in network byte order. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. + * + *\li The length of the unused region of 'b' is at least 4. + * + * Ensures: + *\li The used pointer in 'b' is advanced by 4. + */ + +isc_uint64_t +isc_buffer_getuint48(isc_buffer_t *b); +/*!< + * \brief Read an unsigned 48-bit integer in network byte order from 'b', + * convert it to host byte order, and return it. + * + * Requires: + * + *\li 'b' is a valid buffer. * - * The length of the unused region of 'b' is at least 4. + *\li The length of the available region of 'b' is at least 6. * * Ensures: - * The used pointer in 'b' is advanced by 4. + * + *\li The current pointer in 'b' is advanced by 6. + * + * Returns: + * + *\li A 48-bit unsigned integer (stored in a 64-bit integer). + */ + +void +isc__buffer_putuint48(isc_buffer_t *b, isc_uint64_t val); +/*!< + * \brief Store an unsigned 48-bit integer in host byte order from 'val' + * into 'b' in network byte order. + * + * Requires: + *\li 'b' is a valid buffer. + * + *\li The length of the unused region of 'b' is at least 6. + * + * Ensures: + *\li The used pointer in 'b' is advanced by 6. */ void isc__buffer_putmem(isc_buffer_t *b, const unsigned char *base, unsigned int length); -/* - * Copy 'length' bytes of memory at 'base' into 'b'. +/*!< + * \brief Copy 'length' bytes of memory at 'base' into 'b'. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'base' points to 'length' bytes of valid memory. + *\li 'base' points to 'length' bytes of valid memory. * */ void isc__buffer_putstr(isc_buffer_t *b, const char *source); -/* - * Copy 'source' into 'b', not including terminating NUL. +/*!< + * \brief Copy 'source' into 'b', not including terminating NUL. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'source' to be a valid NULL terminated string. + *\li 'source' to be a valid NULL terminated string. * - * strlen(source) <= isc_buffer_available(b) + *\li strlen(source) <= isc_buffer_available(b) */ isc_result_t isc_buffer_copyregion(isc_buffer_t *b, const isc_region_t *r); -/* - * Copy the contents of 'r' into 'b'. +/*!< + * \brief Copy the contents of 'r' into 'b'. * * Requires: - * 'b' is a valid buffer. + *\li 'b' is a valid buffer. * - * 'r' is a valid region. + *\li 'r' is a valid region. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOSPACE The available region of 'b' is not + *\li ISC_R_SUCCESS + *\li ISC_R_NOSPACE The available region of 'b' is not * big enough. */ @@ -580,7 +647,7 @@ ISC_LANG_ENDDECLS * ones beginning with "isc__" */ -/* +/*! \note * XXXDCL Something more could be done with initializing buffers that * point to const data. For example, a new function, isc_buffer_initconst, * could be used, and a new boolean flag in the buffer structure could @@ -614,6 +681,8 @@ ISC_LANG_ENDDECLS (_b)->magic = ISC_BUFFER_MAGIC; \ } while (0) +#define ISC__BUFFER_INITNULL(_b) ISC__BUFFER_INIT(_b, NULL, 0) + #define ISC__BUFFER_INVALIDATE(_b) \ do { \ (_b)->magic = 0; \ @@ -755,6 +824,7 @@ ISC_LANG_ENDDECLS #if defined(ISC_BUFFER_USEINLINE) #define isc_buffer_init ISC__BUFFER_INIT +#define isc_buffer_initnull ISC__BUFFER_INITNULL #define isc_buffer_invalidate ISC__BUFFER_INVALIDATE #define isc_buffer_region ISC__BUFFER_REGION #define isc_buffer_usedregion ISC__BUFFER_USEDREGION @@ -776,6 +846,7 @@ ISC_LANG_ENDDECLS #define isc_buffer_putuint32 ISC__BUFFER_PUTUINT32 #else #define isc_buffer_init isc__buffer_init +#define isc_buffer_initnull isc__buffer_initnull #define isc_buffer_invalidate isc__buffer_invalidate #define isc_buffer_region isc__buffer_region #define isc_buffer_usedregion isc__buffer_usedregion @@ -797,4 +868,9 @@ ISC_LANG_ENDDECLS #define isc_buffer_putuint32 isc__buffer_putuint32 #endif +/* + * No inline method for this one (yet). + */ +#define isc_buffer_putuint48 isc__buffer_putuint48 + #endif /* ISC_BUFFER_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/bufferlist.h b/contrib/bind-9.5.2/lib/isc/include/isc/bufferlist.h similarity index 65% rename from contrib/bind-9.3/lib/isc/include/isc/bufferlist.h rename to contrib/bind-9.5.2/lib/isc/include/isc/bufferlist.h index b24cde0cbf..54e00c76f6 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/bufferlist.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/bufferlist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: bufferlist.h,v 1.10.206.1 2004/03/06 08:14:39 marka Exp $ */ +/* $Id: bufferlist.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_BUFFERLIST_H #define ISC_BUFFERLIST_H 1 @@ -24,19 +24,19 @@ ***** Module Info *****/ -/* - * Buffer Lists +/*! \file isc/bufferlist.h + * * - * Buffer lists have no synchronization. Clients must ensure exclusive + *\brief Buffer lists have no synchronization. Clients must ensure exclusive * access. * - * Reliability: + * \li Reliability: * No anticipated impact. - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -55,30 +55,30 @@ ISC_LANG_BEGINDECLS unsigned int isc_bufferlist_usedcount(isc_bufferlist_t *bl); -/* - * Return the length of the sum of all used regions of all buffers in +/*!< + * \brief Return the length of the sum of all used regions of all buffers in * the buffer list 'bl' * * Requires: * - * 'bl' is not NULL. + *\li 'bl' is not NULL. * * Returns: - * sum of all used regions' lengths. + *\li sum of all used regions' lengths. */ unsigned int isc_bufferlist_availablecount(isc_bufferlist_t *bl); -/* - * Return the length of the sum of all available regions of all buffers in +/*!< + * \brief Return the length of the sum of all available regions of all buffers in * the buffer list 'bl' * * Requires: * - * 'bl' is not NULL. + *\li 'bl' is not NULL. * * Returns: - * sum of all available regions' lengths. + *\li sum of all available regions' lengths. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/commandline.h b/contrib/bind-9.5.2/lib/isc/include/isc/commandline.h similarity index 74% rename from contrib/bind-9.3/lib/isc/include/isc/commandline.h rename to contrib/bind-9.5.2/lib/isc/include/isc/commandline.h index 250f7f0f0d..384640a45b 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/commandline.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/commandline.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,30 +15,33 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: commandline.h,v 1.9.206.1 2004/03/06 08:14:39 marka Exp $ */ +/* $Id: commandline.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_COMMANDLINE_H #define ISC_COMMANDLINE_H 1 +/*! \file isc/commandline.h */ + #include #include #include -/* Index into parent argv vector. */ +/*% Index into parent argv vector. */ LIBISC_EXTERNAL_DATA extern int isc_commandline_index; -/* Character checked for validity. */ +/*% Character checked for validity. */ LIBISC_EXTERNAL_DATA extern int isc_commandline_option; -/* Argument associated with option. */ +/*% Argument associated with option. */ LIBISC_EXTERNAL_DATA extern char *isc_commandline_argument; -/* For printing error messages. */ +/*% For printing error messages. */ LIBISC_EXTERNAL_DATA extern char *isc_commandline_progname; -/* Print error message. */ +/*% Print error message. */ LIBISC_EXTERNAL_DATA extern isc_boolean_t isc_commandline_errprint; -/* Reset getopt. */ +/*% Reset getopt. */ LIBISC_EXTERNAL_DATA extern isc_boolean_t isc_commandline_reset; ISC_LANG_BEGINDECLS +/*% parse command line */ int isc_commandline_parse(int argc, char * const *argv, const char *options); diff --git a/contrib/bind-9.3/lib/isc/include/isc/entropy.h b/contrib/bind-9.5.2/lib/isc/include/isc/entropy.h similarity index 74% rename from contrib/bind-9.3/lib/isc/include/isc/entropy.h rename to contrib/bind-9.5.2/lib/isc/include/isc/entropy.h index 7200a127e6..be05c3fd71 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/entropy.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/entropy.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: entropy.h,v 1.23.2.1.10.1 2004/03/06 08:14:40 marka Exp $ */ +/* $Id: entropy.h,v 1.32.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_ENTROPY_H #define ISC_ENTROPY_H 1 @@ -24,33 +24,30 @@ ***** Module Info *****/ -/* - * Entropy - * - * The entropy API +/*! \file isc/entropy.h + * \brief The entropy API * - * MP: + * \li MP: * The entropy object is locked internally. All callbacks into * application-provided functions (for setup, gathering, and * shutdown of sources) are guaranteed to be called with the * entropy API lock held. This means these functions are * not permitted to call back into the entropy API. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: + * \li Resources: * A buffer, used as an entropy pool. * - * Security: + * \li Security: * While this code is believed to implement good entropy gathering * and distribution, it has not been reviewed by a cryptographic * expert. - * * Since the added entropy is only as good as the sources used, * this module could hand out bad data and never know it. * - * Standards: + * \li Standards: * None. */ @@ -63,31 +60,37 @@ #include #include -/* - * Entropy callback function. - */ +/*@{*/ +/*% Entropy callback function. */ typedef isc_result_t (*isc_entropystart_t)(isc_entropysource_t *source, void *arg, isc_boolean_t blocking); typedef isc_result_t (*isc_entropyget_t)(isc_entropysource_t *source, void *arg, isc_boolean_t blocking); typedef void (*isc_entropystop_t)(isc_entropysource_t *source, void *arg); +/*@}*/ /*** *** Flags. ***/ -/* - * _GOODONLY +/*! + * \brief * Extract only "good" data; return failure if there is not enough * data available and there are no sources which we can poll to get * data, or those sources are empty. * - * _PARTIAL + * + */ +#define ISC_ENTROPY_GOODONLY 0x00000001U +/*! + * \brief * Extract as much good data as possible, but if there isn't enough * at hand, return what is available. This flag only makes sense * when used with _GOODONLY. - * - * _BLOCKING + */ +#define ISC_ENTROPY_PARTIAL 0x00000002U +/*! + * \brief * Block the task until data is available. This is contrary to the * ISC task system, where tasks should never block. However, if * this is a special purpose application where blocking a task is @@ -95,14 +98,12 @@ typedef void (*isc_entropystop_t)(isc_entropysource_t *source, void *arg); * This flag only makes sense when used with _GOODONLY, and will * block regardless of the setting for _PARTIAL. */ -#define ISC_ENTROPY_GOODONLY 0x00000001U -#define ISC_ENTROPY_PARTIAL 0x00000002U #define ISC_ENTROPY_BLOCKING 0x00000004U -/* - * _ESTIMATE +/*! + * \brief * Estimate the amount of entropy contained in the sample pool. - * If this is not set, the source will be gathered and perodically + * If this is not set, the source will be gathered and periodically * mixed into the entropy pool, but no increment in contained entropy * will be assumed. This flag only makes sense on sample sources. */ @@ -110,17 +111,22 @@ typedef void (*isc_entropystop_t)(isc_entropysource_t *source, void *arg); /* * For use with isc_entropy_usebestsource(). - * - * _KEYBOARDYES + */ +/*! + * \brief * Use the keyboard as the only entropy source. - * _KEYBOARDNO + */ +#define ISC_ENTROPY_KEYBOARDYES 1 +/*! + * \brief * Never use the keyboard as an entropy source. - * _KEYBOARDMAYBE + */ +#define ISC_ENTROPY_KEYBOARDNO 2 +/*! + * \brief * Use the keyboard as an entropy source only if opening the * random device fails. */ -#define ISC_ENTROPY_KEYBOARDYES 1 -#define ISC_ENTROPY_KEYBOARDNO 2 #define ISC_ENTROPY_KEYBOARDMAYBE 3 ISC_LANG_BEGINDECLS @@ -131,26 +137,26 @@ ISC_LANG_BEGINDECLS isc_result_t isc_entropy_create(isc_mem_t *mctx, isc_entropy_t **entp); -/* - * Create a new entropy object. +/*!< + * \brief Create a new entropy object. */ void isc_entropy_attach(isc_entropy_t *ent, isc_entropy_t **entp); -/* +/*!< * Attaches to an entropy object. */ void isc_entropy_detach(isc_entropy_t **entp); -/* - * Detaches from an entropy object. +/*!< + * \brief Detaches from an entropy object. */ isc_result_t isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname); -/* - * Create a new entropy source from a file. +/*!< + * \brief Create a new entropy source from a file. * * The file is assumed to contain good randomness, and will be mixed directly * into the pool with every byte adding 8 bits of entropy. @@ -168,15 +174,15 @@ isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname); void isc_entropy_destroysource(isc_entropysource_t **sourcep); -/* - * Removes an entropy source from the entropy system. +/*!< + * \brief Removes an entropy source from the entropy system. */ isc_result_t isc_entropy_createsamplesource(isc_entropy_t *ent, isc_entropysource_t **sourcep); -/* - * Create an entropy source that consists of samples. Each sample is added +/*!< + * \brief Create an entropy source that consists of samples. Each sample is added * to the source via isc_entropy_addsamples(), below. */ @@ -187,8 +193,10 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent, isc_entropystop_t stop, void *arg, isc_entropysource_t **sourcep); -/* - * Create an entropy source that is polled via a callback. This would +/*!< + * \brief Create an entropy source that is polled via a callback. + * + * This would * be used when keyboard input is used, or a GUI input method. It can * also be used to hook in any external entropy source. * @@ -199,19 +207,22 @@ isc_entropy_createcallbacksource(isc_entropy_t *ent, void isc_entropy_stopcallbacksources(isc_entropy_t *ent); -/* - * Call the stop functions for callback sources that have had their +/*!< + * \brief Call the stop functions for callback sources that have had their * start functions called. */ +/*@{*/ isc_result_t isc_entropy_addcallbacksample(isc_entropysource_t *source, isc_uint32_t sample, isc_uint32_t extra); isc_result_t isc_entropy_addsample(isc_entropysource_t *source, isc_uint32_t sample, isc_uint32_t extra); -/* - * Add a sample to the sample source. The sample MUST be a timestamp +/*!< + * \brief Add a sample to the sample source. + * + * The sample MUST be a timestamp * that increases over time, with the exception of wrap-around for * extremely high resolution timers which will quickly wrap-around * a 32-bit integer. @@ -222,20 +233,28 @@ isc_entropy_addsample(isc_entropysource_t *source, isc_uint32_t sample, * When in an entropy API callback function, _addcallbacksource() must be * used. At all other times, _addsample() must be used. */ +/*@}*/ isc_result_t isc_entropy_getdata(isc_entropy_t *ent, void *data, unsigned int length, unsigned int *returned, unsigned int flags); -/* - * Extract data from the entropy pool. This may load the pool from various +/*!< + * \brief Extract data from the entropy pool. This may load the pool from various * sources. + * + * Do this by stiring the pool and returning a part of hash as randomness. + * Note that no secrets are given away here since parts of the hash are + * xored together before returned. + * + * Honor the request from the caller to only return good data, any data, + * etc. */ void isc_entropy_putdata(isc_entropy_t *ent, void *data, unsigned int length, isc_uint32_t entropy); -/* - * Add "length" bytes in "data" to the entropy pool, incrementing the pool's +/*!< + * \brief Add "length" bytes in "data" to the entropy pool, incrementing the pool's * entropy count by "entropy." * * These bytes will prime the pseudorandom portion even no entropy is actually @@ -244,42 +263,49 @@ isc_entropy_putdata(isc_entropy_t *ent, void *data, unsigned int length, void isc_entropy_stats(isc_entropy_t *ent, FILE *out); +/*!< + * \brief Dump some (trivial) stats to the stdio stream "out". + */ + +unsigned int +isc_entropy_status(isc_entropy_t *end); /* - * Dump some (trivial) stats to the stdio stream "out". + * Returns the number of bits the pool currently contains. This is just + * an estimate. */ isc_result_t isc_entropy_usebestsource(isc_entropy_t *ectx, isc_entropysource_t **source, const char *randomfile, int use_keyboard); -/* - * Use whatever source of entropy is best. +/*!< + * \brief Use whatever source of entropy is best. * * Notes: - * If "randomfile" is not NULL, open it with - * isc_entropy_createfilesource(). + *\li If "randomfile" is not NULL, open it with + * isc_entropy_createfilesource(). * - * If "randomfile" is NULL and the system's random device was detected + *\li If "randomfile" is NULL and the system's random device was detected * when the program was configured and built, open that device with - * isc_entropy_createfilesource(). + * isc_entropy_createfilesource(). * - * If "use_keyboard" is ISC_ENTROPY_KEYBOARDYES, then always open + *\li If "use_keyboard" is #ISC_ENTROPY_KEYBOARDYES, then always open * the keyboard as an entropy source (possibly in addition to * "randomfile" or the random device). * - * If "use_keyboard" is ISC_ENTROPY_KEYBOARDMAYBE, open the keyboard only + *\li If "use_keyboard" is #ISC_ENTROPY_KEYBOARDMAYBE, open the keyboard only * if opening the random file/device fails. A message will be * printed describing the need for keyboard input. * - * If "use_keyboard" is ISC_ENTROPY_KEYBOARDNO, the keyboard will + *\li If "use_keyboard" is #ISC_ENTROPY_KEYBOARDNO, the keyboard will * never be opened. * * Returns: - * ISC_R_SUCCESS if at least one source of entropy could be started. + *\li #ISC_R_SUCCESS if at least one source of entropy could be started. * - * ISC_R_NOENTROPY if use_keyboard is ISC_ENTROPY_KEYBOARDNO and + *\li #ISC_R_NOENTROPY if use_keyboard is #ISC_ENTROPY_KEYBOARDNO and * there is no random device pathname compiled into the program. * - * A return code from isc_entropy_createfilesource() or + *\li A return code from isc_entropy_createfilesource() or * isc_entropy_createcallbacksource(). */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/error.h b/contrib/bind-9.5.2/lib/isc/include/isc/error.h similarity index 80% rename from contrib/bind-9.3/lib/isc/include/isc/error.h rename to contrib/bind-9.5.2/lib/isc/include/isc/error.h index 6142926270..efb9b5f3a1 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/error.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/error.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: error.h,v 1.13.206.1 2004/03/06 08:14:40 marka Exp $ */ +/* $Id: error.h,v 1.20 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_ERROR_H #define ISC_ERROR_H 1 +/*! \file isc/error.h */ + #include #include @@ -29,20 +31,25 @@ ISC_LANG_BEGINDECLS typedef void (*isc_errorcallback_t)(const char *, int, const char *, va_list); +/*% set unexpected error */ void isc_error_setunexpected(isc_errorcallback_t); +/*% set fatal error */ void isc_error_setfatal(isc_errorcallback_t); +/*% unexpected error */ void isc_error_unexpected(const char *, int, const char *, ...) ISC_FORMAT_PRINTF(3, 4); +/*% fatal error */ void isc_error_fatal(const char *, int, const char *, ...) ISC_FORMAT_PRINTF(3, 4); +/*% runtimecheck error */ void isc_error_runtimecheck(const char *, int, const char *); diff --git a/contrib/bind-9.3/lib/isc/include/isc/event.h b/contrib/bind-9.5.2/lib/isc/include/isc/event.h similarity index 85% rename from contrib/bind-9.3/lib/isc/include/isc/event.h rename to contrib/bind-9.5.2/lib/isc/include/isc/event.h index 58ef2c3284..68fabb2fcc 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/event.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/event.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: event.h,v 1.24.2.2.8.2 2004/04/15 02:10:41 marka Exp $ */ +/* $Id: event.h,v 1.34 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_EVENT_H #define ISC_EVENT_H 1 +/*! \file isc/event.h */ + #include #include @@ -41,14 +43,14 @@ typedef void (*isc_eventdestructor_t)(isc_event_t *); void * ev_destroy_arg; \ ISC_LINK(ltype) ev_link -/* +/*% * Attributes matching a mask of 0x000000ff are reserved for the task library's * definition. Attributes of 0xffffff00 may be used by the application * or non-ISC libraries. */ #define ISC_EVENTATTR_NOPURGE 0x00000001 -/* +/*% * The ISC_EVENTATTR_CANCELED attribute is intended to indicate * that an event is delivered as a result of a canceled operation * rather than successful completion, by mutual agreement @@ -71,7 +73,7 @@ do { \ ISC_LINK_INIT((event), ev_link); \ } while (0) -/* +/*% * This structure is public because "subclassing" it may be useful when * defining new event types. */ @@ -89,22 +91,26 @@ ISC_LANG_BEGINDECLS isc_event_t * isc_event_allocate(isc_mem_t *mctx, void *sender, isc_eventtype_t type, isc_taskaction_t action, const void *arg, size_t size); -/* +/*%< + * Allocate an event structure. + * * Allocate and initialize in a structure with initial elements * defined by: * + * \code * struct { * ISC_EVENT_COMMON(struct isc_event); * ... * }; + * \endcode * * Requires: - * 'size' >= sizeof(struct isc_event) - * 'action' to be non NULL + *\li 'size' >= sizeof(struct isc_event) + *\li 'action' to be non NULL * * Returns: - * a pointer to a initialized structure of the requested size. - * NULL if unable to allocate memory. + *\li a pointer to a initialized structure of the requested size. + *\li NULL if unable to allocate memory. */ void diff --git a/contrib/bind-9.3/lib/isc/include/isc/eventclass.h b/contrib/bind-9.5.2/lib/isc/include/isc/eventclass.h similarity index 86% rename from contrib/bind-9.3/lib/isc/include/isc/eventclass.h rename to contrib/bind-9.5.2/lib/isc/include/isc/eventclass.h index a783d35cf4..9e6c145ac7 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/eventclass.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/eventclass.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,25 +15,28 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: eventclass.h,v 1.13.206.1 2004/03/06 08:14:40 marka Exp $ */ +/* $Id: eventclass.h,v 1.18 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_EVENTCLASS_H #define ISC_EVENTCLASS_H 1 -/***** +/*! \file isc/eventclass.h ***** Registry of Predefined Event Type Classes *****/ -/* +/*% * An event class is an unsigned 16 bit number. Each class may contain up * to 65536 events. An event type is formed by adding the event number * within the class to the class number. + * */ #define ISC_EVENTCLASS(eclass) ((eclass) << 16) -/* +/*@{*/ +/*! * Classes < 1024 are reserved for ISC use. + * Event classes >= 1024 and <= 65535 are reserved for application use. */ #define ISC_EVENTCLASS_TASK ISC_EVENTCLASS(0) @@ -45,9 +48,6 @@ #define ISC_EVENTCLASS_OMAPI ISC_EVENTCLASS(6) #define ISC_EVENTCLASS_RATELIMITER ISC_EVENTCLASS(7) #define ISC_EVENTCLASS_ISCCC ISC_EVENTCLASS(8) - -/* - * Event classes >= 1024 and <= 65535 are reserved for application use. - */ +/*@}*/ #endif /* ISC_EVENTCLASS_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/file.h b/contrib/bind-9.5.2/lib/isc/include/isc/file.h similarity index 68% rename from contrib/bind-9.3/lib/isc/include/isc/file.h rename to contrib/bind-9.5.2/lib/isc/include/isc/file.h index 6de6c8a82f..263ec14f06 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/file.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/file.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: file.h,v 1.24.12.3 2004/03/08 09:04:51 marka Exp $ */ +/* $Id: file.h,v 1.33.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_FILE_H #define ISC_FILE_H 1 +/*! \file isc/file.h */ + #include #include @@ -32,81 +34,81 @@ isc_file_settime(const char *file, isc_time_t *time); isc_result_t isc_file_getmodtime(const char *file, isc_time_t *time); -/* - * Get the time of last modication of a file. +/*!< + * \brief Get the time of last modification of a file. * * Notes: - * The time that is set is relative to the (OS-specific) epoch, as are + *\li The time that is set is relative to the (OS-specific) epoch, as are * all isc_time_t structures. * * Requires: - * file != NULL. - * time != NULL. + *\li file != NULL. + *\li time != NULL. * * Ensures: - * If the file could not be accessed, 'time' is unchanged. + *\li If the file could not be accessed, 'time' is unchanged. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * Success. - * ISC_R_NOTFOUND + *\li #ISC_R_NOTFOUND * No such file exists. - * ISC_R_INVALIDFILE + *\li #ISC_R_INVALIDFILE * The path specified was not usable by the operating system. - * ISC_R_NOPERM + *\li #ISC_R_NOPERM * The file's metainformation could not be retrieved because * permission was denied to some part of the file's path. - * ISC_R_EIO + *\li #ISC_R_EIO * Hardware error interacting with the filesystem. - * ISC_R_UNEXPECTED + *\li #ISC_R_UNEXPECTED * Something totally unexpected happened. * */ isc_result_t isc_file_mktemplate(const char *path, char *buf, size_t buflen); -/* - * Generate a template string suitable for use with isc_file_openunique. +/*!< + * \brief Generate a template string suitable for use with isc_file_openunique(). * * Notes: - * This function is intended to make creating temporary files + *\li This function is intended to make creating temporary files * portable between different operating systems. * - * The path is prepended to an implementation-defined string and + *\li The path is prepended to an implementation-defined string and * placed into buf. The string has no path characters in it, * and its maximum length is 14 characters plus a NUL. Thus * buflen should be at least strlen(path) + 15 characters or * an error will be returned. * * Requires: - * buf != NULL. + *\li buf != NULL. * * Ensures: - * If result == ISC_R_SUCCESS: + *\li If result == #ISC_R_SUCCESS: * buf contains a string suitable for use as the template argument - * to isc_file_openunique. + * to isc_file_openunique(). * - * If result != ISC_R_SUCCESS: + *\li If result != #ISC_R_SUCCESS: * buf is unchanged. * * Returns: - * ISC_R_SUCCESS Success. - * ISC_R_NOSPACE buflen indicates buf is too small for the catenation + *\li #ISC_R_SUCCESS Success. + *\li #ISC_R_NOSPACE buflen indicates buf is too small for the catenation * of the path with the internal template string. */ isc_result_t isc_file_openunique(char *templet, FILE **fp); -/* - * Create and open a file with a unique name based on 'templet'. +/*!< + * \brief Create and open a file with a unique name based on 'templet'. * * Notes: - * 'template' is a reserved work in C++. If you want to complain + *\li 'template' is a reserved work in C++. If you want to complain * about the spelling of 'templet', first look it up in the * Merriam-Webster English dictionary. (http://www.m-w.com/) * - * This function works by using the template to generate file names. + *\li This function works by using the template to generate file names. * The template must be a writable string, as it is modified in place. * Trailing X characters in the file name (full file name on Unix, * basename on Win32 -- eg, tmp-XXXXXX vs XXXXXX.tmp, respectively) @@ -114,95 +116,97 @@ isc_file_openunique(char *templet, FILE **fp); * is found. If the template does not include pathname information, * the files in the working directory of the program are searched. * - * isc_file_mktemplate is a good, portable way to get a template. + *\li isc_file_mktemplate is a good, portable way to get a template. * * Requires: - * 'fp' is non-NULL and '*fp' is NULL. + *\li 'fp' is non-NULL and '*fp' is NULL. * - * 'template' is non-NULL, and of a form suitable for use by + *\li 'template' is non-NULL, and of a form suitable for use by * the system as described above. * * Ensures: - * If result is ISC_R_SUCCESS: + *\li If result is #ISC_R_SUCCESS: * *fp points to an stream opening in stdio's "w+" mode. * - * If result is not ISC_R_SUCCESS: + *\li If result is not #ISC_R_SUCCESS: * *fp is NULL. * * No file is open. Even if one was created (but unable * to be reopened as a stdio FILE pointer) then it has been * removed. * - * This function does *not* ensure that the template string has not been + *\li This function does *not* ensure that the template string has not been * modified, even if the operation was unsuccessful. * * Returns: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * Success. - * ISC_R_EXISTS + *\li #ISC_R_EXISTS * No file with a unique name could be created based on the * template. - * ISC_R_INVALIDFILE + *\li #ISC_R_INVALIDFILE * The path specified was not usable by the operating system. - * ISC_R_NOPERM + *\li #ISC_R_NOPERM * The file could not be created because permission was denied * to some part of the file's path. - * ISC_R_EIO + *\li #ISC_R_IOERROR * Hardware error interacting with the filesystem. - * ISC_R_UNEXPECTED + *\li #ISC_R_UNEXPECTED * Something totally unexpected happened. */ isc_result_t isc_file_remove(const char *filename); -/* - * Remove the file named by 'filename'. +/*!< + * \brief Remove the file named by 'filename'. */ isc_result_t isc_file_rename(const char *oldname, const char *newname); -/* - * Rename the file 'oldname' to 'newname'. +/*!< + * \brief Rename the file 'oldname' to 'newname'. */ isc_boolean_t isc_file_exists(const char *pathname); -/* - * Return ISC_TRUE iff the calling process can tell that the given file exists. +/*!< + * \brief Return #ISC_TRUE if the calling process can tell that the given file exists. * Will not return true if the calling process has insufficient privileges * to search the entire path. */ isc_boolean_t isc_file_isabsolute(const char *filename); -/* - * Return ISC_TRUE iff the given file name is absolute. +/*!< + * \brief Return #ISC_TRUE if the given file name is absolute. */ isc_boolean_t isc_file_iscurrentdir(const char *filename); -/* - * Return ISC_TRUE iff the given file name is the current directory ("."). +/*!< + * \brief Return #ISC_TRUE if the given file name is the current directory ("."). */ isc_boolean_t isc_file_ischdiridempotent(const char *filename); -/* - * Return ISC_TRUE if calling chdir(filename) multiple times will give +/*%< + * Return #ISC_TRUE if calling chdir(filename) multiple times will give * the same result as calling it once. */ const char * isc_file_basename(const char *filename); -/* +/*%< * Return the final component of the path in the file name. */ isc_result_t isc_file_progname(const char *filename, char *buf, size_t buflen); -/* - * Given an operating system specific file name "filename" - * referring to a program, return the canonical program name. +/*!< + * \brief Given an operating system specific file name "filename" + * referring to a program, return the canonical program name. + * + * * Any directory prefix or executable file name extension (if * used on the OS in case) is stripped. On systems where program * names are case insensitive, the name is canonicalized to all @@ -210,14 +214,14 @@ isc_file_progname(const char *filename, char *buf, size_t buflen); * chars, and null terminated. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE The name did not fit in 'buf'. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE The name did not fit in 'buf'. */ isc_result_t isc_file_template(const char *path, const char *templet, char *buf, size_t buflen); -/* +/*%< * Create an OS specific template using 'path' to define the directory * 'templet' to describe the filename and store the result in 'buf' * such that path can be renamed to buf atomically. @@ -225,13 +229,13 @@ isc_file_template(const char *path, const char *templet, char *buf, isc_result_t isc_file_renameunique(const char *file, char *templet); -/* +/*%< * Rename 'file' using 'templet' as a template for the new file name. */ isc_result_t isc_file_absolutepath(const char *filename, char *path, size_t pathlen); -/* +/*%< * Given a file name, return the fully qualified path to the file. */ @@ -243,7 +247,7 @@ isc_file_absolutepath(const char *filename, char *path, size_t pathlen); isc_result_t isc_file_truncate(const char *filename, isc_offset_t size); -/* +/*%< * Truncate/extend the file specified to 'size' bytes. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/formatcheck.h b/contrib/bind-9.5.2/lib/isc/include/isc/formatcheck.h similarity index 67% rename from contrib/bind-9.3/lib/isc/include/isc/formatcheck.h rename to contrib/bind-9.5.2/lib/isc/include/isc/formatcheck.h index a7f26c15ac..51ce3cac25 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/formatcheck.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/formatcheck.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,15 +15,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: formatcheck.h,v 1.6.206.1 2004/03/06 08:14:41 marka Exp $ */ +/* $Id: formatcheck.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_FORMATCHECK_H #define ISC_FORMATCHECK_H 1 -/* - * fmt is the location of the format string parameter. - * args is the location of the first argument (or 0 for no argument checking). - * Note: the first parameter is 1, not 0. +/*! \file isc/formatcheck.h */ + +/*% + * ISC_FORMAT_PRINTF(). + * + * \li fmt is the location of the format string parameter. + * \li args is the location of the first argument (or 0 for no argument checking). + * + * Note: + * \li The first parameter is 1, not 0. */ #ifdef __GNUC__ #define ISC_FORMAT_PRINTF(fmt, args) __attribute__((__format__(__printf__, fmt, args))) diff --git a/contrib/bind-9.3/lib/isc/include/isc/fsaccess.h b/contrib/bind-9.5.2/lib/isc/include/isc/fsaccess.h similarity index 63% rename from contrib/bind-9.3/lib/isc/include/isc/fsaccess.h rename to contrib/bind-9.5.2/lib/isc/include/isc/fsaccess.h index 0f0c8ceb57..5ab647a3f8 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/fsaccess.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/fsaccess.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,18 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: fsaccess.h,v 1.7.206.1 2004/03/06 08:14:41 marka Exp $ */ +/* $Id: fsaccess.h,v 1.14.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_FSACCESS_H #define ISC_FSACCESS_H 1 -/* - * The ISC filesystem access module encapsulates the setting of file +/*! \file isc/fsaccess.h + * \brief The ISC filesystem access module encapsulates the setting of file * and directory access permissions into one API that is meant to be * portable to multiple operating systems. * - * The two primary operating system flavors that are initially accomodated are - * POSIX and Windows NT 4.0 and later. The Windows NT access model is + * The two primary operating system flavors that are initially accommodated + * are POSIX and Windows NT 4.0 and later. The Windows NT access model is * considerable more flexible than POSIX's model (as much as I am loathe to * admit it), and so the ISC API has a higher degree of complexity than would * be needed to simply address POSIX's needs. @@ -41,30 +41,30 @@ * * Some of the more notable dumbing down of NT for this API includes: * - * o Each of FILE_READ_DATA and FILE_READ_EA are set with ISC_FSACCESS_READ. + *\li Each of FILE_READ_DATA and FILE_READ_EA are set with #ISC_FSACCESS_READ. * - * o All of FILE_WRITE_DATA, FILE_WRITE_EA and FILE_APPEND_DATA are - * set with ISC_FSACCESS_WRITE. FILE_WRITE_ATTRIBUTES is not set + * \li All of FILE_WRITE_DATA, FILE_WRITE_EA and FILE_APPEND_DATA are + * set with #ISC_FSACCESS_WRITE. FILE_WRITE_ATTRIBUTES is not set * so as to be consistent with Unix, where only the owner of the file * or the superuser can change the attributes/mode of a file. * - * o Both of FILE_ADD_FILE and FILE_ADD_SUBDIRECTORY are set with - * ISC_FSACCESS_CREATECHILD. This is similar to setting the WRITE + * \li Both of FILE_ADD_FILE and FILE_ADD_SUBDIRECTORY are set with + * #ISC_FSACCESS_CREATECHILD. This is similar to setting the WRITE * permission on a Unix directory. * - * o SYNCHRONIZE is always set for files and directories, unless someone + * \li SYNCHRONIZE is always set for files and directories, unless someone * can give me a reason why this is a bad idea. * - * o READ_CONTROL and FILE_READ_ATTRIBUTES are always set; this is + * \li READ_CONTROL and FILE_READ_ATTRIBUTES are always set; this is * consistent with Unix, where any file or directory can be stat()'d * unless the directory path disallows complete access somewhere along * the way. * - * o WRITE_DAC is only set for the owner. This too is consistent with + * \li WRITE_DAC is only set for the owner. This too is consistent with * Unix, and is tighter security than allowing anyone else to be * able to set permissions. * - * o DELETE is only set for the owner. On Unix the ability to delete + * \li DELETE is only set for the owner. On Unix the ability to delete * a file is controlled by the directory permissions, but it isn't * currently clear to me what happens on NT if the directory has * FILE_DELETE_CHILD set but a file within it does not have DELETE @@ -72,23 +72,23 @@ * gives maximum flexibility to the owner without exposing the * file to deletion by others. * - * o WRITE_OWNER is never set. This too is consistent with Unix, + * \li WRITE_OWNER is never set. This too is consistent with Unix, * and is also tighter security than allowing anyone to change the * ownership of the file apart from the superu..ahem, Administrator. * - * o Inheritance is set to NO_INHERITANCE. + * \li Inheritance is set to NO_INHERITANCE. * * Unix's dumbing down includes: * - * o The sticky bit cannot be set. + * \li The sticky bit cannot be set. * - * o setuid and setgid cannot be set. + * \li setuid and setgid cannot be set. * - * o Only regular files and directories can be set. + * \li Only regular files and directories can be set. * * The rest of this comment discusses a few of the incompatibilities * between the two systems that need more thought if this API is to - * be extended to accomodate them. + * be extended to accommodate them. * * The Windows standard access right "DELETE" doesn't have a direct * equivalent in the Unix world, so it isn't clear what should be done @@ -98,29 +98,30 @@ * of allowing users to create files in a directory but not delete or * rename them, it does not have a concept of allowing them to be deleted * if they are owned by the user trying to delete/rename. While it is - * probable that something could be cobbled together in NT 5 with inheritence, + * probable that something could be cobbled together in NT 5 with inheritance, * it can't really be done in NT 4 as a single property that you could * set on a directory. You'd need to coordinate something with file creation * so that every file created had DELETE set for the owner but noone else. * - * On Unix systems, setting ISC_FSACCESS_LISTDIRECTORY sets READ. - * ... setting either of ISC_FSACCESS_(CREATE|DELETE)CHILD sets WRITE. - * ... setting ISC_FSACCESS_ACCESSCHILD sets EXECUTE. + * On Unix systems, setting #ISC_FSACCESS_LISTDIRECTORY sets READ. + * ... setting either #ISC_FSACCESS_CREATECHILD or #ISC_FSACCESS_DELETECHILD + * sets WRITE. + * ... setting #ISC_FSACCESS_ACCESSCHILD sets EXECUTE. * - * On NT systems, setting ISC_FSACCESS_LISTDIRECTORY sets FILE_LIST_DIRECTORY. - * ... setting ISC_FSACCESS_(CREATE|DELETE)CHILD sets - * FILE_(CREATE|DELETE)_CHILD independently. - * ... setting ISC_FSACCESS_ACCESSCHILD sets FILE_TRAVERSE. + * On NT systems, setting #ISC_FSACCESS_LISTDIRECTORY sets FILE_LIST_DIRECTORY. + * ... setting #ISC_FSACCESS_CREATECHILD sets FILE_CREATE_CHILD independently. + * ... setting #ISC_FSACCESS_DELETECHILD sets FILE_DELETE_CHILD independently. + * ... setting #ISC_FSACCESS_ACCESSCHILD sets FILE_TRAVERSE. * * Unresolved: XXXDCL - * What NT access right controls the ability to rename a file? - * How does DELETE work? If a directory has FILE_DELETE_CHILD but a + * \li What NT access right controls the ability to rename a file? + * \li How does DELETE work? If a directory has FILE_DELETE_CHILD but a * file or directory within it does not have DELETE, is that file * or directory deletable? - * To implement isc_fsaccess_get(), mapping an existing Unix permission + * \li To implement isc_fsaccess_get(), mapping an existing Unix permission * mode_t back to an isc_fsaccess_t is pretty trivial; however, mapping * an NT DACL could be impossible to do in a responsible way. - * Similarly, trying to implement the functionality of being able to + * \li Similarly, trying to implement the functionality of being able to * say "add group writability to whatever permissions already exist" * could be tricky on NT because of the order-of-entry issue combined * with possibly having one or more matching ACEs already explicitly @@ -135,27 +136,27 @@ /* * Trustees. */ -#define ISC_FSACCESS_OWNER 0x1 /* User account. */ -#define ISC_FSACCESS_GROUP 0x2 /* Primary group owner. */ -#define ISC_FSACCESS_OTHER 0x4 /* Not the owner or the group owner. */ -#define ISC_FSACCESS_WORLD 0x7 /* User, Group, Other. */ +#define ISC_FSACCESS_OWNER 0x1 /*%< User account. */ +#define ISC_FSACCESS_GROUP 0x2 /*%< Primary group owner. */ +#define ISC_FSACCESS_OTHER 0x4 /*%< Not the owner or the group owner. */ +#define ISC_FSACCESS_WORLD 0x7 /*%< User, Group, Other. */ /* * Types of permission. */ -#define ISC_FSACCESS_READ 0x00000001 /* File only. */ -#define ISC_FSACCESS_WRITE 0x00000002 /* File only. */ -#define ISC_FSACCESS_EXECUTE 0x00000004 /* File only. */ -#define ISC_FSACCESS_CREATECHILD 0x00000008 /* Dir only. */ -#define ISC_FSACCESS_DELETECHILD 0x00000010 /* Dir only. */ -#define ISC_FSACCESS_LISTDIRECTORY 0x00000020 /* Dir only. */ -#define ISC_FSACCESS_ACCESSCHILD 0x00000040 /* Dir only. */ +#define ISC_FSACCESS_READ 0x00000001 /*%< File only. */ +#define ISC_FSACCESS_WRITE 0x00000002 /*%< File only. */ +#define ISC_FSACCESS_EXECUTE 0x00000004 /*%< File only. */ +#define ISC_FSACCESS_CREATECHILD 0x00000008 /*%< Dir only. */ +#define ISC_FSACCESS_DELETECHILD 0x00000010 /*%< Dir only. */ +#define ISC_FSACCESS_LISTDIRECTORY 0x00000020 /*%< Dir only. */ +#define ISC_FSACCESS_ACCESSCHILD 0x00000040 /*%< Dir only. */ -/* +/*% * Adding any permission bits beyond 0x200 would mean typedef'ing * isc_fsaccess_t as isc_uint64_t, and redefining this value to * reflect the new range of permission types, Probably to 21 for - * maximum flexibility. The number of bits has to accomodate all of + * maximum flexibility. The number of bits has to accommodate all of * the permission types, and three full sets of them have to fit * within an isc_fsaccess_t. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/hash.h b/contrib/bind-9.5.2/lib/isc/include/isc/hash.h similarity index 85% rename from contrib/bind-9.3/lib/isc/include/isc/hash.h rename to contrib/bind-9.5.2/lib/isc/include/isc/hash.h index b94142b48e..ce8b6a2538 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/hash.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/hash.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hash.h,v 1.2.2.1.2.2 2004/03/06 08:14:41 marka Exp $ */ +/* $Id: hash.h,v 1.10.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_HASH_H #define ISC_HASH_H 1 @@ -24,12 +24,10 @@ ***** Module Info *****/ -/* - * Hash - * - * The hash API +/*! \file isc/hash.h * - * Provides an unpredictable hash value for variable length data. + * \brief The hash API + * provides an unpredictable hash value for variable length data. * A hash object contains a random vector (which is hidden from clients * of this API) to make the actual hash value unpredictable. * @@ -38,7 +36,7 @@ * in the random vector are unpredictable, the probability of hash * collision between arbitrary two different values is at most 1/2^16. * - * Altough the API is generic about the hash keys, it mainly expects + * Although the API is generic about the hash keys, it mainly expects * DNS names (and sometimes IPv4/v6 addresses) as inputs. It has an * upper limit of the input length, and may run slow to calculate the * hash values for large inputs. @@ -48,27 +46,27 @@ * it should be typical to have a single context for an entire system. * To support such cases, the API also provides a single-context mode. * - * MP: + * \li MP: * The hash object is almost read-only. Once the internal random vector * is initialized, no write operation will occur, and there will be no * need to lock the object to calculate actual hash values. * - * Reliability: + * \li Reliability: * In some cases this module uses low-level data copy to initialize the * random vector. Errors in this part are likely to crash the server or * corrupt memory. * - * Resources: + * \li Resources: * A buffer, used as a random vector for calculating hash values. * - * Security: + * \li Security: * This module intends to provide unpredictable hash values in * adversarial environments in order to avoid denial of service attacks * to hash buckets. * Its unpredictability relies on the quality of entropy to build the * random vector. * - * Standards: + * \li Standards: * None. */ @@ -88,10 +86,11 @@ isc_hash_ctxcreate(isc_mem_t *mctx, isc_entropy_t *entropy, unsigned int limit, isc_hash_t **hctx); isc_result_t isc_hash_create(isc_mem_t *mctx, isc_entropy_t *entropy, size_t limit); -/* - * Create a new hash object. +/*!< + * \brief Create a new hash object. * * isc_hash_ctxcreate() creates a different object. + * * isc_hash_create() creates a module-internal object to support the * single-context mode. It should be called only once. * @@ -105,15 +104,16 @@ isc_hash_create(isc_mem_t *mctx, isc_entropy_t *entropy, size_t limit); void isc_hash_ctxattach(isc_hash_t *hctx, isc_hash_t **hctxp); -/* - * Attach to a hash object. +/*!< + * \brief Attach to a hash object. + * * This function is only necessary for the multiple-context mode. */ void isc_hash_ctxdetach(isc_hash_t **hctxp); -/* - * Detach from a hash object. +/*!< + * \brief Detach from a hash object. * * This function is for the multiple-context mode, and takes a valid * hash object as an argument. @@ -121,19 +121,23 @@ isc_hash_ctxdetach(isc_hash_t **hctxp); void isc_hash_destroy(void); -/* - * This function is for the single-context mode, and is expected to be used +/*!< + * \brief This function is for the single-context mode, and is expected to be used * as a counterpart of isc_hash_create(). + * * A valid module-internal hash object must have been created, and this * function should be called only once. */ +/*@{*/ void isc_hash_ctxinit(isc_hash_t *hctx); void isc_hash_init(void); -/* - * Initialize a hash object. It fills in the random vector with a proper +/*!< + * \brief Initialize a hash object. + * + * It fills in the random vector with a proper * source of entropy, which is typically from the entropy object specified * at the creation. Thus, it is desirable to call these functions after * initializing the entropy object with some good entropy sources. @@ -142,26 +146,31 @@ isc_hash_init(void); * * isc_hash_ctxinit() is for the multiple-context mode, and takes a valid hash * object as an argument. + * * isc_hash_init() is for the single-context mode. A valid module-internal * hash object must have been created, and this function should be called only * once. */ +/*@}*/ +/*@{*/ unsigned int isc_hash_ctxcalc(isc_hash_t *hctx, const unsigned char *key, unsigned int keylen, isc_boolean_t case_sensitive); unsigned int isc_hash_calc(const unsigned char *key, unsigned int keylen, isc_boolean_t case_sensitive); -/* - * Calculate a hash value. +/*!< + * \brief Calculate a hash value. * * isc_hash_ctxinit() is for the multiple-context mode, and takes a valid hash * object as an argument. + * * isc_hash_init() is for the single-context mode. A valid module-internal * hash object must have been created. * * 'key' is the hash key, which is a variable length buffer. + * * 'keylen' specifies the key length, which must not be larger than the limit * specified for the corresponding hash object. * @@ -169,6 +178,7 @@ isc_hash_calc(const unsigned char *key, unsigned int keylen, * case_sensitive values. It should typically be ISC_FALSE if the hash key * is a DNS name. */ +/*@}*/ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/heap.h b/contrib/bind-9.5.2/lib/isc/include/isc/heap.h similarity index 94% rename from contrib/bind-9.3/lib/isc/include/isc/heap.h rename to contrib/bind-9.5.2/lib/isc/include/isc/heap.h index 7c7f3c2916..0ea601c7c5 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/heap.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/heap.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: heap.h,v 1.16.206.2 2006/04/17 18:27:20 explorer Exp $ */ +/* $Id: heap.h,v 1.24.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_HEAP_H #define ISC_HEAP_H 1 -/*! \file */ +/*! \file isc/heap.h */ #include #include @@ -28,7 +28,7 @@ ISC_LANG_BEGINDECLS /*% - * The comparision function returns ISC_TRUE if the first argument has + * The comparison function returns ISC_TRUE if the first argument has * higher priority than the second argument, and ISC_FALSE otherwise. */ typedef isc_boolean_t (*isc_heapcompare_t)(void *, void *); diff --git a/contrib/bind-9.3/lib/isc/include/isc/hex.h b/contrib/bind-9.5.2/lib/isc/include/isc/hex.h similarity index 63% rename from contrib/bind-9.3/lib/isc/include/isc/hex.h rename to contrib/bind-9.5.2/lib/isc/include/isc/hex.h index cf7dfd0e79..c865f072b5 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/hex.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/hex.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hex.h,v 1.4.206.1 2004/03/06 08:14:41 marka Exp $ */ +/* $Id: hex.h,v 1.11 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_HEX_H #define ISC_HEX_H 1 +/*! \file isc/hex.h */ + #include #include @@ -32,40 +34,40 @@ ISC_LANG_BEGINDECLS isc_result_t isc_hex_totext(isc_region_t *source, int wordlength, const char *wordbreak, isc_buffer_t *target); -/* - * Convert data into hex encoded text. +/*!< + * \brief Convert data into hex encoded text. * * Notes: - * The hex encoded text in 'target' will be divided into + *\li The hex encoded text in 'target' will be divided into * words of at most 'wordlength' characters, separated by * the 'wordbreak' string. No parentheses will surround * the text. * * Requires: - * 'source' is a region containing binary data - * 'target' is a text buffer containing available space - * 'wordbreak' points to a null-terminated string of + *\li 'source' is a region containing binary data + *\li 'target' is a text buffer containing available space + *\li 'wordbreak' points to a null-terminated string of * zero or more whitespace characters * * Ensures: - * target will contain the hex encoded version of the data + *\li target will contain the hex encoded version of the data * in source. The 'used' pointer in target will be advanced as * necessary. */ isc_result_t isc_hex_decodestring(char *cstr, isc_buffer_t *target); -/* - * Decode a null-terminated hex string. +/*!< + * \brief Decode a null-terminated hex string. * * Requires: - * 'cstr' is non-null. - * 'target' is a valid buffer. + *\li 'cstr' is non-null. + *\li 'target' is a valid buffer. * * Returns: - * ISC_R_SUCCESS -- the entire decoded representation of 'cstring' + *\li #ISC_R_SUCCESS -- the entire decoded representation of 'cstring' * fit in 'target'. - * ISC_R_BADHEX -- 'cstr' is not a valid hex encoding. + *\li #ISC_R_BADHEX -- 'cstr' is not a valid hex encoding. * * Other error returns are any possible error code from: * isc_lex_create(), @@ -75,16 +77,16 @@ isc_hex_decodestring(char *cstr, isc_buffer_t *target); isc_result_t isc_hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length); -/* - * Convert hex encoded text from a lexer context into data. +/*!< + * \brief Convert hex encoded text from a lexer context into data. * * Requires: - * 'lex' is a valid lexer context - * 'target' is a buffer containing binary data - * 'length' is an integer + *\li 'lex' is a valid lexer context + *\li 'target' is a buffer containing binary data + *\li 'length' is an integer * * Ensures: - * target will contain the data represented by the hex encoded + *\li target will contain the data represented by the hex encoded * string parsed by the lexer. No more than length bytes will be read, * if length is positive. The 'used' pointer in target will be * advanced as necessary. diff --git a/contrib/bind-9.3/lib/isc/include/isc/hmacmd5.h b/contrib/bind-9.5.2/lib/isc/include/isc/hmacmd5.h similarity index 77% rename from contrib/bind-9.3/lib/isc/include/isc/hmacmd5.h rename to contrib/bind-9.5.2/lib/isc/include/isc/hmacmd5.h index 6e8647fa53..fab9c580c5 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/hmacmd5.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/hmacmd5.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: hmacmd5.h,v 1.4.206.1 2004/03/06 08:14:42 marka Exp $ */ +/* $Id: hmacmd5.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */ -/* - * This is the header file for the HMAC-MD5 keyed hash algorithm - * described in RFC 2104. +/*! \file isc/hmacmd5.h + * \brief This is the header file for the HMAC-MD5 keyed hash algorithm + * described in RFC2104. */ #ifndef ISC_HMACMD5_H @@ -55,6 +55,9 @@ isc_hmacmd5_sign(isc_hmacmd5_t *ctx, unsigned char *digest); isc_boolean_t isc_hmacmd5_verify(isc_hmacmd5_t *ctx, unsigned char *digest); +isc_boolean_t +isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len); + ISC_LANG_ENDDECLS #endif /* ISC_HMACMD5_H */ diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/hmacsha.h b/contrib/bind-9.5.2/lib/isc/include/isc/hmacsha.h new file mode 100644 index 0000000000..362b37f81a --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/hmacsha.h @@ -0,0 +1,156 @@ +/* + * Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: hmacsha.h,v 1.7 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file isc/hmacsha.h + * This is the header file for the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, + * HMAC-SHA334 and HMAC-SHA512 hash algorithm described in RFC 2104. + */ + +#ifndef ISC_HMACSHA_H +#define ISC_HMACSHA_H 1 + +#include +#include +#include +#include + +#define ISC_HMACSHA1_KEYLENGTH ISC_SHA1_BLOCK_LENGTH +#define ISC_HMACSHA224_KEYLENGTH ISC_SHA224_BLOCK_LENGTH +#define ISC_HMACSHA256_KEYLENGTH ISC_SHA256_BLOCK_LENGTH +#define ISC_HMACSHA384_KEYLENGTH ISC_SHA384_BLOCK_LENGTH +#define ISC_HMACSHA512_KEYLENGTH ISC_SHA512_BLOCK_LENGTH + +typedef struct { + isc_sha1_t sha1ctx; + unsigned char key[ISC_HMACSHA1_KEYLENGTH]; +} isc_hmacsha1_t; + +typedef struct { + isc_sha224_t sha224ctx; + unsigned char key[ISC_HMACSHA224_KEYLENGTH]; +} isc_hmacsha224_t; + +typedef struct { + isc_sha256_t sha256ctx; + unsigned char key[ISC_HMACSHA256_KEYLENGTH]; +} isc_hmacsha256_t; + +typedef struct { + isc_sha384_t sha384ctx; + unsigned char key[ISC_HMACSHA384_KEYLENGTH]; +} isc_hmacsha384_t; + +typedef struct { + isc_sha512_t sha512ctx; + unsigned char key[ISC_HMACSHA512_KEYLENGTH]; +} isc_hmacsha512_t; + +ISC_LANG_BEGINDECLS + +void +isc_hmacsha1_init(isc_hmacsha1_t *ctx, const unsigned char *key, + unsigned int len); + +void +isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx); + +void +isc_hmacsha1_update(isc_hmacsha1_t *ctx, const unsigned char *buf, + unsigned int len); + +void +isc_hmacsha1_sign(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len); + +isc_boolean_t +isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len); + + +void +isc_hmacsha224_init(isc_hmacsha224_t *ctx, const unsigned char *key, + unsigned int len); + +void +isc_hmacsha224_invalidate(isc_hmacsha224_t *ctx); + +void +isc_hmacsha224_update(isc_hmacsha224_t *ctx, const unsigned char *buf, + unsigned int len); + +void +isc_hmacsha224_sign(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len); + +isc_boolean_t +isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len); + + +void +isc_hmacsha256_init(isc_hmacsha256_t *ctx, const unsigned char *key, + unsigned int len); + +void +isc_hmacsha256_invalidate(isc_hmacsha256_t *ctx); + +void +isc_hmacsha256_update(isc_hmacsha256_t *ctx, const unsigned char *buf, + unsigned int len); + +void +isc_hmacsha256_sign(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len); + +isc_boolean_t +isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len); + + +void +isc_hmacsha384_init(isc_hmacsha384_t *ctx, const unsigned char *key, + unsigned int len); + +void +isc_hmacsha384_invalidate(isc_hmacsha384_t *ctx); + +void +isc_hmacsha384_update(isc_hmacsha384_t *ctx, const unsigned char *buf, + unsigned int len); + +void +isc_hmacsha384_sign(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len); + +isc_boolean_t +isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len); + + +void +isc_hmacsha512_init(isc_hmacsha512_t *ctx, const unsigned char *key, + unsigned int len); + +void +isc_hmacsha512_invalidate(isc_hmacsha512_t *ctx); + +void +isc_hmacsha512_update(isc_hmacsha512_t *ctx, const unsigned char *buf, + unsigned int len); + +void +isc_hmacsha512_sign(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len); + +isc_boolean_t +isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len); + +ISC_LANG_ENDDECLS + +#endif /* ISC_HMACSHA_H */ diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/httpd.h b/contrib/bind-9.5.2/lib/isc/include/isc/httpd.h new file mode 100644 index 0000000000..ac088bac1a --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/httpd.h @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2006-2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: httpd.h,v 1.6.128.3 2008/08/08 05:10:34 marka Exp $ */ + +#ifndef ISC_HTTPD_H +#define ISC_HTTPD_H 1 + +/*! \file */ + +#include +#include +#include +#include +#include + +#define HTTPD_EVENTCLASS ISC_EVENTCLASS(4300) +#define HTTPD_SHUTDOWN (HTTPD_EVENTCLASS + 0x0001) + +#define ISC_HTTPDMGR_FLAGSHUTTINGDOWN 0x00000001 + +/* + * Create a new http daemon which will send, once every time period, + * a http-like header followed by HTTP data. + */ +isc_result_t +isc_httpdmgr_create(isc_mem_t *mctx, isc_socket_t *sock, isc_task_t *task, + isc_httpdclientok_t *client_ok, + isc_httpdondestroy_t *ondestory, void *cb_arg, + isc_timermgr_t *tmgr, isc_httpdmgr_t **httpdp); + +void +isc_httpdmgr_shutdown(isc_httpdmgr_t **httpdp); + +isc_result_t +isc_httpdmgr_addurl(isc_httpdmgr_t *httpdmgr, const char *url, + isc_httpdaction_t *func, void *arg); + +isc_result_t +isc_httpd_response(isc_httpd_t *httpd); + +isc_result_t +isc_httpd_addheader(isc_httpd_t *httpd, const char *name, + const char *val); + +isc_result_t +isc_httpd_addheaderuint(isc_httpd_t *httpd, const char *name, int val); + +isc_result_t isc_httpd_endheaders(isc_httpd_t *httpd); + +#endif /* ISC_HTTPD_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/interfaceiter.h b/contrib/bind-9.5.2/lib/isc/include/isc/interfaceiter.h similarity index 60% rename from contrib/bind-9.3/lib/isc/include/isc/interfaceiter.h rename to contrib/bind-9.5.2/lib/isc/include/isc/interfaceiter.h index 3a9b21bac3..26d5dfb853 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/interfaceiter.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/interfaceiter.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfaceiter.h,v 1.10.206.1 2004/03/06 08:14:42 marka Exp $ */ +/* $Id: interfaceiter.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_INTERFACEITER_H #define ISC_INTERFACEITER_H 1 @@ -24,10 +24,8 @@ ***** Module Info *****/ -/* - * Interface iterator - * - * Iterate over the list of network interfaces. +/*! \file isc/interfaceiter.h + * \brief Iterates over the list of network interfaces. * * Interfaces whose address family is not supported are ignored and never * returned by the iterator. Interfaces whose netmask, interface flags, @@ -46,25 +44,26 @@ #include #include -/* - * Public structure describing a network interface. +/*! + * \brief Public structure describing a network interface. */ struct isc_interface { - char name[32]; /* Interface name, null-terminated. */ - unsigned int af; /* Address family. */ - isc_netaddr_t address; /* Local address. */ - isc_netaddr_t netmask; /* Network mask. */ - isc_netaddr_t dstaddress; /* Destination address - (point-to-point only). */ - isc_uint32_t flags; /* Flags; see below. */ + char name[32]; /*%< Interface name, null-terminated. */ + unsigned int af; /*%< Address family. */ + isc_netaddr_t address; /*%< Local address. */ + isc_netaddr_t netmask; /*%< Network mask. */ + isc_netaddr_t dstaddress; /*%< Destination address (point-to-point only). */ + isc_uint32_t flags; /*%< Flags; see INTERFACE flags. */ }; -/* Interface flags. */ +/*@{*/ +/*! Interface flags. */ #define INTERFACE_F_UP 0x00000001U #define INTERFACE_F_POINTTOPOINT 0x00000002U #define INTERFACE_F_LOOPBACK 0x00000004U +/*@}*/ /*** *** Functions @@ -74,59 +73,59 @@ ISC_LANG_BEGINDECLS isc_result_t isc_interfaceiter_create(isc_mem_t *mctx, isc_interfaceiter_t **iterp); -/* - * Create an iterator for traversing the operating system's list +/*!< + * \brief Create an iterator for traversing the operating system's list * of network interfaces. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * Various network-related errors + *\li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY + *\li Various network-related errors */ isc_result_t isc_interfaceiter_first(isc_interfaceiter_t *iter); -/* - * Position the iterator on the first interface. +/*!< + * \brief Position the iterator on the first interface. * * Returns: - * ISC_R_SUCCESS Success. - * ISC_R_NOMORE There are no interfaces. + *\li #ISC_R_SUCCESS Success. + *\li #ISC_R_NOMORE There are no interfaces. */ isc_result_t isc_interfaceiter_current(isc_interfaceiter_t *iter, isc_interface_t *ifdata); -/* - * Get information about the interface the iterator is currently +/*!< + * \brief Get information about the interface the iterator is currently * positioned at and store it at *ifdata. * * Requires: - * The iterator has been successfully positioned using + *\li The iterator has been successfully positioned using * isc_interface_iter_first() / isc_interface_iter_next(). * * Returns: - * ISC_R_SUCCESS Success. + *\li #ISC_R_SUCCESS Success. */ isc_result_t isc_interfaceiter_next(isc_interfaceiter_t *iter); -/* - * Position the iterator on the next interface. +/*!< + * \brief Position the iterator on the next interface. * * Requires: - * The iterator has been successfully positioned using + * \li The iterator has been successfully positioned using * isc_interface_iter_first() / isc_interface_iter_next(). * * Returns: - * ISC_R_SUCCESS Success. - * ISC_R_NOMORE There are no more interfaces. + *\li #ISC_R_SUCCESS Success. + *\li #ISC_R_NOMORE There are no more interfaces. */ void isc_interfaceiter_destroy(isc_interfaceiter_t **iterp); -/* - * Destroy the iterator. +/*!< + * \brief Destroy the iterator. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/ipv6.h b/contrib/bind-9.5.2/lib/isc/include/isc/ipv6.h similarity index 88% rename from contrib/bind-9.3/lib/isc/include/isc/ipv6.h rename to contrib/bind-9.5.2/lib/isc/include/isc/ipv6.h index 8b4b0eb31f..8054c9e186 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/ipv6.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/ipv6.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ipv6.h,v 1.17.12.4 2004/03/09 05:21:09 marka Exp $ */ +/* $Id: ipv6.h,v 1.24 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_IPV6_H #define ISC_IPV6_H 1 -/* +/*! * Also define LWRES_IPV6_H to keep it from being included if liblwres is * being used, or redefinition errors will occur. */ @@ -30,23 +30,23 @@ ***** Module Info *****/ -/* - * IPv6 definitions for systems which do not support IPv6. +/*! \file isc/ipv6.h + * \brief IPv6 definitions for systems which do not support IPv6. * - * MP: + * \li MP: * No impact. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: + * \li Resources: * N/A. * - * Security: + * \li Security: * No anticipated impact. * - * Standards: - * RFC 2553. + * \li Standards: + * RFC2553. */ /*** @@ -95,7 +95,7 @@ struct sockaddr_in6 { #define SIN6_LEN 1 #endif -/* +/*% * Unspecified */ #define IN6_IS_ADDR_UNSPECIFIED(a) \ @@ -104,7 +104,7 @@ struct sockaddr_in6 { ((a)->s6_addr32[2] == 0) && \ ((a)->s6_addr32[3] == 0)) -/* +/*% * Loopback */ #define IN6_IS_ADDR_LOOPBACK(a) \ @@ -113,7 +113,7 @@ struct sockaddr_in6 { ((a)->s6_addr32[2] == 0) && \ ((a)->s6_addr32[3] == htonl(1))) -/* +/*% * IPv4 compatible */ #define IN6_IS_ADDR_V4COMPAT(a) \ @@ -123,7 +123,7 @@ struct sockaddr_in6 { ((a)->s6_addr32[3] != 0) && \ ((a)->s6_addr32[3] != htonl(1))) -/* +/*% * Mapped */ #define IN6_IS_ADDR_V4MAPPED(a) \ @@ -131,13 +131,13 @@ struct sockaddr_in6 { ((a)->s6_addr32[1] == 0) && \ ((a)->s6_addr32[2] == htonl(0x0000ffff))) -/* +/*% * Multicast */ #define IN6_IS_ADDR_MULTICAST(a) \ ((a)->s6_addr8[0] == 0xffU) -/* +/*% * Unicast link / site local. */ #define IN6_IS_ADDR_LINKLOCAL(a) \ diff --git a/contrib/bind-9.3/lib/isc/include/isc/lang.h b/contrib/bind-9.5.2/lib/isc/include/isc/lang.h similarity index 80% rename from contrib/bind-9.3/lib/isc/include/isc/lang.h rename to contrib/bind-9.5.2/lib/isc/include/isc/lang.h index f94f12310a..8c608669b2 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/lang.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/lang.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lang.h,v 1.6.206.1 2004/03/06 08:14:42 marka Exp $ */ +/* $Id: lang.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_LANG_H #define ISC_LANG_H 1 +/*! \file isc/lang.h */ + #ifdef __cplusplus #define ISC_LANG_BEGINDECLS extern "C" { #define ISC_LANG_ENDDECLS } diff --git a/contrib/bind-9.3/lib/isc/include/isc/lex.h b/contrib/bind-9.5.2/lib/isc/include/isc/lex.h similarity index 58% rename from contrib/bind-9.3/lib/isc/include/isc/lex.h rename to contrib/bind-9.5.2/lib/isc/include/isc/lex.h index 29bdb2fed7..e0c8cc8ec4 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/lex.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/lex.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lex.h,v 1.26.2.2.8.3 2004/03/08 09:04:51 marka Exp $ */ +/* $Id: lex.h,v 1.35.128.2 2008/05/30 23:46:31 tbox Exp $ */ #ifndef ISC_LEX_H #define ISC_LEX_H 1 @@ -24,28 +24,26 @@ ***** Module Info *****/ -/* - * Lex - * - * The "lex" module provides a lightweight tokenizer. It can operate +/*! \file isc/lex.h + * \brief The "lex" module provides a lightweight tokenizer. It can operate * on files or buffers, and can handle "include". It is designed for * parsing of DNS master files and the BIND configuration file, but * should be general enough to tokenize other things, e.g. HTTP. * - * MP: + * \li MP: * No synchronization is provided. Clients must ensure exclusive * access. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: - * + * \li Resources: + * TBS * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -65,31 +63,36 @@ ISC_LANG_BEGINDECLS *** Options ***/ -/* +/*@{*/ +/*! * Various options for isc_lex_gettoken(). */ -#define ISC_LEXOPT_EOL 0x01 /* Want end-of-line token. */ -#define ISC_LEXOPT_EOF 0x02 /* Want end-of-file token. */ -#define ISC_LEXOPT_INITIALWS 0x04 /* Want initial whitespace. */ -#define ISC_LEXOPT_NUMBER 0x08 /* Recognize numbers. */ -#define ISC_LEXOPT_QSTRING 0x10 /* Recognize qstrings. */ +#define ISC_LEXOPT_EOL 0x01 /*%< Want end-of-line token. */ +#define ISC_LEXOPT_EOF 0x02 /*%< Want end-of-file token. */ +#define ISC_LEXOPT_INITIALWS 0x04 /*%< Want initial whitespace. */ +#define ISC_LEXOPT_NUMBER 0x08 /*%< Recognize numbers. */ +#define ISC_LEXOPT_QSTRING 0x10 /*%< Recognize qstrings. */ +/*@}*/ -/* +/*@{*/ +/*! * The ISC_LEXOPT_DNSMULTILINE option handles the processing of '(' and ')' in * the DNS master file format. If this option is set, then the * ISC_LEXOPT_INITIALWS and ISC_LEXOPT_EOL options will be ignored when * the paren count is > 0. To use this option, '(' and ')' must be special * characters. */ -#define ISC_LEXOPT_DNSMULTILINE 0x20 /* Handle '(' and ')'. */ -#define ISC_LEXOPT_NOMORE 0x40 /* Want "no more" token. */ - -#define ISC_LEXOPT_CNUMBER 0x80 /* Regognise octal and hex */ -#define ISC_LEXOPT_ESCAPE 0x100 /* Recognize escapes. */ -#define ISC_LEXOPT_QSTRINGMULTILINE 0x200 /* Allow multiline "" strings */ - -/* +#define ISC_LEXOPT_DNSMULTILINE 0x20 /*%< Handle '(' and ')'. */ +#define ISC_LEXOPT_NOMORE 0x40 /*%< Want "no more" token. */ + +#define ISC_LEXOPT_CNUMBER 0x80 /*%< Recognize octal and hex. */ +#define ISC_LEXOPT_ESCAPE 0x100 /*%< Recognize escapes. */ +#define ISC_LEXOPT_QSTRINGMULTILINE 0x200 /*%< Allow multiline "" strings */ +#define ISC_LEXOPT_OCTAL 0x400 /*%< Expect a octal number. */ +/*@}*/ +/*@{*/ +/*! * Various commenting styles, which may be changed at any time with * isc_lex_setcomments(). */ @@ -98,12 +101,13 @@ ISC_LANG_BEGINDECLS #define ISC_LEXCOMMENT_CPLUSPLUS 0x02 #define ISC_LEXCOMMENT_SHELL 0x04 #define ISC_LEXCOMMENT_DNSMASTERFILE 0x08 +/*@}*/ /*** *** Types ***/ -/* Lex */ +/*! Lex */ typedef char isc_lexspecials_t[256]; @@ -140,268 +144,285 @@ typedef struct isc_token { isc_result_t isc_lex_create(isc_mem_t *mctx, size_t max_token, isc_lex_t **lexp); -/* +/*%< * Create a lexer. * * 'max_token' is a hint of the number of bytes in the largest token. * * Requires: - * '*lexp' is a valid lexer. + *\li '*lexp' is a valid lexer. * - * max_token > 0. + *\li max_token > 0. * * Ensures: - * On success, *lexp is attached to the newly created lexer. + *\li On success, *lexp is attached to the newly created lexer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY */ void isc_lex_destroy(isc_lex_t **lexp); -/* +/*%< * Destroy the lexer. * * Requires: - * '*lexp' is a valid lexer. + *\li '*lexp' is a valid lexer. * * Ensures: - * *lexp == NULL + *\li *lexp == NULL */ unsigned int isc_lex_getcomments(isc_lex_t *lex); -/* +/*%< * Return the current lexer commenting styles. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * * Returns: - * The commenting sytles which are currently allowed. + *\li The commenting sytles which are currently allowed. */ void isc_lex_setcomments(isc_lex_t *lex, unsigned int comments); -/* +/*%< * Set allowed lexer commenting styles. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'comments' has meaningful values. + *\li 'comments' has meaningful values. */ void isc_lex_getspecials(isc_lex_t *lex, isc_lexspecials_t specials); -/* +/*%< * Put the current list of specials into 'specials'. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. */ void isc_lex_setspecials(isc_lex_t *lex, isc_lexspecials_t specials); -/* +/*!< * The characters in 'specials' are returned as tokens. Along with * whitespace, they delimit strings and numbers. * * Note: - * Comment processing takes precedence over special character + *\li Comment processing takes precedence over special character * recognition. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. */ isc_result_t isc_lex_openfile(isc_lex_t *lex, const char *filename); -/* +/*%< * Open 'filename' and make it the current input source for 'lex'. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * filename is a valid C string. + *\li filename is a valid C string. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY Out of memory - * ISC_R_NOTFOUND File not found - * ISC_R_NOPERM No permission to open file - * ISC_R_FAILURE Couldn't open file, not sure why - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY Out of memory + *\li #ISC_R_NOTFOUND File not found + *\li #ISC_R_NOPERM No permission to open file + *\li #ISC_R_FAILURE Couldn't open file, not sure why + *\li #ISC_R_UNEXPECTED */ isc_result_t isc_lex_openstream(isc_lex_t *lex, FILE *stream); -/* +/*%< * Make 'stream' the current input source for 'lex'. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'stream' is a valid C stream. + *\li 'stream' is a valid C stream. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY Out of memory + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY Out of memory */ isc_result_t isc_lex_openbuffer(isc_lex_t *lex, isc_buffer_t *buffer); -/* +/*%< * Make 'buffer' the current input source for 'lex'. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'buffer' is a valid buffer. + *\li 'buffer' is a valid buffer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY Out of memory + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY Out of memory */ isc_result_t isc_lex_close(isc_lex_t *lex); -/* +/*%< * Close the most recently opened object (i.e. file or buffer). * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMORE No more input sources + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMORE No more input sources */ isc_result_t isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp); -/* +/*%< * Get the next token. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'lex' has an input source. + *\li 'lex' has an input source. * - * 'options' contains valid options. + *\li 'options' contains valid options. * - * '*tokenp' is a valid pointer. + *\li '*tokenp' is a valid pointer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_UNEXPECTEDEND - * ISC_R_NOMEMORY + *\li #ISC_R_SUCCESS + *\li #ISC_R_UNEXPECTEDEND + *\li #ISC_R_NOMEMORY * * These two results are returned only if their corresponding lexer * options are not set. * - * ISC_R_EOF End of input source - * ISC_R_NOMORE No more input sources + *\li #ISC_R_EOF End of input source + *\li #ISC_R_NOMORE No more input sources */ isc_result_t isc_lex_getmastertoken(isc_lex_t *lex, isc_token_t *token, isc_tokentype_t expect, isc_boolean_t eol); -/* +/*%< * Get the next token from a DNS master file type stream. This is a * convenience function that sets appropriate options and handles quoted * strings and end of line correctly for master files. It also ungets * unexpected tokens. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'token' is a valid pointer + *\li 'token' is a valid pointer * * Returns: * - * any return code from isc_lex_gettoken. + * \li any return code from isc_lex_gettoken(). + */ + +isc_result_t +isc_lex_getoctaltoken(isc_lex_t *lex, isc_token_t *token, isc_boolean_t eol); +/*%< + * Get the next token from a DNS master file type stream. This is a + * convenience function that sets appropriate options and handles end + * of line correctly for master files. It also ungets unexpected tokens. + * + * Requires: + *\li 'lex' is a valid lexer. + * + *\li 'token' is a valid pointer + * + * Returns: + * + * \li any return code from isc_lex_gettoken(). */ void isc_lex_ungettoken(isc_lex_t *lex, isc_token_t *tokenp); -/* +/*%< * Unget the current token. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'lex' has an input source. + *\li 'lex' has an input source. * - * 'tokenp' points to a valid token. + *\li 'tokenp' points to a valid token. * - * There is no ungotten token already. + *\li There is no ungotten token already. */ void isc_lex_getlasttokentext(isc_lex_t *lex, isc_token_t *tokenp, isc_region_t *r); -/* +/*%< * Returns a region containing the text of the last token returned. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * - * 'lex' has an input source. + *\li 'lex' has an input source. * - * 'tokenp' points to a valid token. + *\li 'tokenp' points to a valid token. * - * A token has been gotten and not ungotten. + *\li A token has been gotten and not ungotten. */ char * isc_lex_getsourcename(isc_lex_t *lex); -/* +/*%< * Return the input source name. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * * Returns: - * source name or NULL if no current source. - * result valid while current input source exists. + * \li source name or NULL if no current source. + *\li result valid while current input source exists. */ unsigned long isc_lex_getsourceline(isc_lex_t *lex); -/* +/*%< * Return the input source line number. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * * Returns: - * Current line number or 0 if no current source. + *\li Current line number or 0 if no current source. */ isc_result_t isc_lex_setsourcename(isc_lex_t *lex, const char *name); -/* +/*%< * Assigns a new name to the input source. * * Requires: * - * 'lex' is a valid lexer. + * \li 'lex' is a valid lexer. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NOTFOUND - there are no sources. + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY + * \li #ISC_R_NOTFOUND - there are no sources. */ isc_boolean_t isc_lex_isfile(isc_lex_t *lex); -/* +/*%< * Return whether the current input source is a file. * * Requires: - * 'lex' is a valid lexer. + *\li 'lex' is a valid lexer. * * Returns: - * ISC_TRUE if the current input is a file, - * ISC_FALSE otherwise. + * \li #ISC_TRUE if the current input is a file, + *\li #ISC_FALSE otherwise. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/lfsr.h b/contrib/bind-9.5.2/lib/isc/include/isc/lfsr.h similarity index 70% rename from contrib/bind-9.3/lib/isc/include/isc/lfsr.h rename to contrib/bind-9.5.2/lib/isc/include/isc/lfsr.h index e562380cf9..d4d9707000 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/lfsr.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/lfsr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,19 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lfsr.h,v 1.10.206.1 2004/03/06 08:14:43 marka Exp $ */ +/* $Id: lfsr.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_LFSR_H #define ISC_LFSR_H 1 +/*! \file isc/lfsr.h */ + #include #include typedef struct isc_lfsr isc_lfsr_t; -/* +/*% * This function is called when reseeding is needed. It is allowed to * modify any state in the LFSR in any way it sees fit OTHER THAN "bits". * @@ -36,96 +38,91 @@ typedef struct isc_lfsr isc_lfsr_t; */ typedef void (*isc_lfsrreseed_t)(isc_lfsr_t *, void *); -/* +/*% * The members of this structure can be used by the application, but care * needs to be taken to not change state once the lfsr is in operation. */ struct isc_lfsr { - isc_uint32_t state; /* previous state */ - unsigned int bits; /* length */ - isc_uint32_t tap; /* bit taps */ - unsigned int count; /* reseed count (in BITS!) */ - isc_lfsrreseed_t reseed; /* reseed function */ - void *arg; /* reseed function argument */ + isc_uint32_t state; /*%< previous state */ + unsigned int bits; /*%< length */ + isc_uint32_t tap; /*%< bit taps */ + unsigned int count; /*%< reseed count (in BITS!) */ + isc_lfsrreseed_t reseed; /*%< reseed function */ + void *arg; /*%< reseed function argument */ }; ISC_LANG_BEGINDECLS -/* - * In all these functions it is important that the caller only use as many - * bits as the LFSR has state. Also, it isn't guaranteed that an LFSR of - * bit length 32 will have 2^32 unique states before repeating. - */ void isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, isc_uint32_t tap, unsigned int count, isc_lfsrreseed_t reseed, void *arg); -/* +/*%< * Initialize an LFSR. * * Note: * - * Putting untrusted values into this function will cause the LFSR to + *\li Putting untrusted values into this function will cause the LFSR to * generate (perhaps) non-maximal length sequences. * * Requires: * - * lfsr != NULL + *\li lfsr != NULL * - * 8 <= bits <= 32 + *\li 8 <= bits <= 32 * - * tap != 0 + *\li tap != 0 */ void isc_lfsr_generate(isc_lfsr_t *lfsr, void *data, unsigned int count); -/* +/*%< * Returns "count" bytes of data from the LFSR. * * Requires: * - * lfsr be valid. + *\li lfsr be valid. * - * data != NULL. + *\li data != NULL. * - * count > 0. + *\li count > 0. */ void isc_lfsr_skip(isc_lfsr_t *lfsr, unsigned int skip); -/* +/*%< * Skip "skip" states. * * Requires: * - * lfsr be valid. + *\li lfsr be valid. */ isc_uint32_t isc_lfsr_generate32(isc_lfsr_t *lfsr1, isc_lfsr_t *lfsr2); -/* +/*%< * Given two LFSRs, use the current state from each to skip entries in the * other. The next states are then xor'd together and returned. * * WARNING: * - * This function is used only for very, very low security data, such + *\li This function is used only for very, very low security data, such * as DNS message IDs where it is desired to have an unpredictable * stream of bytes that are harder to predict than a simple flooding * attack. * * Notes: * - * Since the current state from each of the LFSRs is used to skip + *\li Since the current state from each of the LFSRs is used to skip * state in the other, it is important that no state be leaked * from either LFSR. * * Requires: * - * lfsr1 and lfsr2 be valid. + *\li lfsr1 and lfsr2 be valid. * - * 1 <= skipbits <= 31 + *\li 1 <= skipbits <= 31 */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/lib.h b/contrib/bind-9.5.2/lib/isc/include/isc/lib.h similarity index 76% rename from contrib/bind-9.3/lib/isc/include/isc/lib.h rename to contrib/bind-9.5.2/lib/isc/include/isc/lib.h index 1ad449311f..765cdfaa19 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/lib.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/lib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.h,v 1.6.12.3 2004/03/08 09:04:51 marka Exp $ */ +/* $Id: lib.h,v 1.14 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_LIB_H #define ISC_LIB_H 1 +/*! \file isc/lib.h */ + #include #include @@ -29,8 +31,8 @@ LIBISC_EXTERNAL_DATA extern isc_msgcat_t *isc_msgcat; void isc_lib_initmsgcat(void); -/* - * Initialize the ISC library's message catalog, isc_msgcat, if it +/*!< + * \brief Initialize the ISC library's message catalog, isc_msgcat, if it * has not already been initialized. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/list.h b/contrib/bind-9.5.2/lib/isc/include/isc/list.h similarity index 96% rename from contrib/bind-9.3/lib/isc/include/isc/list.h rename to contrib/bind-9.5.2/lib/isc/include/isc/list.h index 5fe82e3fe5..9338275c94 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/list.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/list.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: list.h,v 1.18.2.2.8.3 2006/06/06 00:11:40 marka Exp $ */ +/* $Id: list.h,v 1.24 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_LIST_H #define ISC_LIST_H 1 diff --git a/contrib/bind-9.3/lib/isc/include/isc/log.h b/contrib/bind-9.5.2/lib/isc/include/isc/log.h similarity index 64% rename from contrib/bind-9.3/lib/isc/include/isc/log.h rename to contrib/bind-9.5.2/lib/isc/include/isc/log.h index 97aeba0c24..607a58289c 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/log.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/log.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.39.2.4.2.7 2004/04/10 04:31:40 marka Exp $ */ +/* $Id: log.h,v 1.54.128.5 2009/02/16 02:10:58 marka Exp $ */ #ifndef ISC_LOG_H #define ISC_LOG_H 1 +/*! \file isc/log.h */ + #include #include #include /* XXXDCL NT */ @@ -29,29 +31,36 @@ #include #include -/* - * Severity levels, patterned after Unix's syslog levels. +/*@{*/ +/*! + * \brief Severity levels, patterned after Unix's syslog levels. * - * ISC_LOG_DYNAMIC can only be used for defining channels with - * isc_log_createchannel(), not to specify a level in isc_log_write(). */ #define ISC_LOG_DEBUG(level) (level) +/*! + * #ISC_LOG_DYNAMIC can only be used for defining channels with + * isc_log_createchannel(), not to specify a level in isc_log_write(). + */ #define ISC_LOG_DYNAMIC 0 #define ISC_LOG_INFO (-1) #define ISC_LOG_NOTICE (-2) #define ISC_LOG_WARNING (-3) #define ISC_LOG_ERROR (-4) #define ISC_LOG_CRITICAL (-5) +/*@}*/ -/* - * Destinations. +/*@{*/ +/*! + * \brief Destinations. */ #define ISC_LOG_TONULL 1 #define ISC_LOG_TOSYSLOG 2 #define ISC_LOG_TOFILE 3 #define ISC_LOG_TOFILEDESC 4 +/*@}*/ -/* +/*@{*/ +/*% * Channel flags. */ #define ISC_LOG_PRINTTIME 0x0001 @@ -62,18 +71,24 @@ #define ISC_LOG_PRINTALL 0x001F #define ISC_LOG_DEBUGONLY 0x1000 #define ISC_LOG_OPENERR 0x8000 /* internal */ +/*@}*/ -/* - * Other options. +/*@{*/ +/*! + * \brief Other options. + * * XXXDCL INFINITE doesn't yet work. Arguably it isn't needed, but * since I am intend to make large number of versions work efficiently, * INFINITE is going to be trivial to add to that. */ #define ISC_LOG_ROLLINFINITE (-1) #define ISC_LOG_ROLLNEVER (-2) +/*@}*/ -/* - * Used to name the categories used by a library. An array of isc_logcategory +/*! + * \brief Used to name the categories used by a library. + * + * An array of isc_logcategory * structures names each category, and the id value is initialized by calling * isc_log_registercategories. */ @@ -82,28 +97,30 @@ struct isc_logcategory { unsigned int id; }; -/* - * Similar to isc_logcategory above, but for all the modules a library defines. +/*% + * Similar to isc_logcategory, but for all the modules a library defines. */ struct isc_logmodule { const char *name; unsigned int id; }; -/* +/*% * The isc_logfile structure is initialized as part of an isc_logdestination - * before calling isc_log_createchannel(). When defining an ISC_LOG_TOFILE + * before calling isc_log_createchannel(). + * + * When defining an #ISC_LOG_TOFILE * channel the name, versions and maximum_size should be set before calling - * isc_log_createchannel(). To define an ISC_LOG_TOFILEDESC channel set only + * isc_log_createchannel(). To define an #ISC_LOG_TOFILEDESC channel set only * the stream before the call. - * + * * Setting maximum_size to zero implies no maximum. */ typedef struct isc_logfile { - FILE *stream; /* Initialized to NULL for ISC_LOG_TOFILE. */ - const char *name; /* NULL for ISC_LOG_TOFILEDESC. */ - int versions; /* >= 0, ISC_LOG_ROLLNEVER, ISC_LOG_ROLLINFINITE. */ - /* + FILE *stream; /*%< Initialized to NULL for #ISC_LOG_TOFILE. */ + const char *name; /*%< NULL for #ISC_LOG_TOFILEDESC. */ + int versions; /* >= 0, #ISC_LOG_ROLLNEVER, #ISC_LOG_ROLLINFINITE. */ + /*% * stdio's ftell is standardized to return a long, which may well not * be big enough for the largest file supportable by the operating * system (though it is _probably_ big enough for the largest log @@ -111,10 +128,10 @@ typedef struct isc_logfile { * to a size large enough for the largest possible file on a system. */ isc_offset_t maximum_size; - isc_boolean_t maximum_reached; /* Private. */ + isc_boolean_t maximum_reached; /*%< Private. */ } isc_logfile_t; -/* +/*% * Passed to isc_log_createchannel to define the attributes of either * a stdio or a syslog log. */ @@ -123,7 +140,8 @@ typedef union isc_logdestination { int facility; /* XXXDCL NT */ } isc_logdestination_t; -/* +/*@{*/ +/*% * The built-in categories of libisc. * * Each library registering categories should provide library_LOGCATEGORY_name @@ -133,50 +151,54 @@ typedef union isc_logdestination { LIBISC_EXTERNAL_DATA extern isc_logcategory_t isc_categories[]; LIBISC_EXTERNAL_DATA extern isc_log_t *isc_lctx; LIBISC_EXTERNAL_DATA extern isc_logmodule_t isc_modules[]; +/*@}*/ -/* +/*@{*/ +/*% * Do not log directly to DEFAULT. Use another category. When in doubt, * use GENERAL. */ #define ISC_LOGCATEGORY_DEFAULT (&isc_categories[0]) #define ISC_LOGCATEGORY_GENERAL (&isc_categories[1]) +/*@}*/ #define ISC_LOGMODULE_SOCKET (&isc_modules[0]) #define ISC_LOGMODULE_TIME (&isc_modules[1]) #define ISC_LOGMODULE_INTERFACE (&isc_modules[2]) #define ISC_LOGMODULE_TIMER (&isc_modules[3]) +#define ISC_LOGMODULE_FILE (&isc_modules[4]) ISC_LANG_BEGINDECLS isc_result_t isc_log_create(isc_mem_t *mctx, isc_log_t **lctxp, isc_logconfig_t **lcfgp); -/* +/*%< * Establish a new logging context, with default channels. * * Notes: - * isc_log_create calls isc_logconfig_create, so see its comment + *\li isc_log_create() calls isc_logconfig_create(), so see its comment * below for more information. * * Requires: - * mctx is a valid memory context. - * lctxp is not null and *lctxp is null. - * lcfgp is null or lcfgp is not null and *lcfgp is null. + *\li mctx is a valid memory context. + *\li lctxp is not null and *lctxp is null. + *\li lcfgp is null or lcfgp is not null and *lcfgp is null. * * Ensures: - * *lctxp will point to a valid logging context if all of the necessary + *\li *lctxp will point to a valid logging context if all of the necessary * memory was allocated, or NULL otherwise. - * *lcfgp will point to a valid logging configuration if all of the + *\li *lcfgp will point to a valid logging configuration if all of the * necessary memory was allocated, or NULL otherwise. - * On failure, no additional memory is allocated. + *\li On failure, no additional memory is allocated. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource limit: Out of memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of memory */ isc_result_t isc_logconfig_create(isc_log_t *lctx, isc_logconfig_t **lcfgp); -/* +/*%< * Create the data structure that holds all of the configurable information * about where messages are actually supposed to be sent -- the information * that could changed based on some configuration file, as opposed to the @@ -184,190 +206,192 @@ isc_logconfig_create(isc_log_t *lctx, isc_logconfig_t **lcfgp); * into a program, or the debug_level which is dynamic state information. * * Notes: - * It is necessary to specify the logging context the configuration + *\li It is necessary to specify the logging context the configuration * will be used with because the number of categories and modules * needs to be known in order to set the configuration. However, * the configuration is not used by the logging context until the * isc_logconfig_use function is called. * - * The memory context used for operations that allocate memory for + *\li The memory context used for operations that allocate memory for * the configuration is that of the logging context, as specified * in the isc_log_create call. * - * Four default channels are established: + *\li Four default channels are established: + *\verbatim * default_syslog - * - log to syslog's daemon facility ISC_LOG_INFO or higher + * - log to syslog's daemon facility #ISC_LOG_INFO or higher * default_stderr - * - log to stderr ISC_LOG_INFO or higher + * - log to stderr #ISC_LOG_INFO or higher * default_debug - * - log to stderr ISC_LOG_DEBUG dynamically + * - log to stderr #ISC_LOG_DEBUG dynamically * null * - log nothing + *\endverbatim * * Requires: - * lctx is a valid logging context. - * lcftp is not null and *lcfgp is null. + *\li lctx is a valid logging context. + *\li lcftp is not null and *lcfgp is null. * * Ensures: - * *lcfgp will point to a valid logging context if all of the necessary + *\li *lcfgp will point to a valid logging context if all of the necessary * memory was allocated, or NULL otherwise. - * On failure, no additional memory is allocated. + *\li On failure, no additional memory is allocated. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource limit: Out of memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of memory */ isc_logconfig_t * isc_logconfig_get(isc_log_t *lctx); -/* +/*%< * Returns a pointer to the configuration currently in use by the log context. * * Requires: - * lctx is a valid context. + *\li lctx is a valid context. * * Ensures: - * The configuration pointer is non-null. + *\li The configuration pointer is non-null. * * Returns: - * The configuration pointer. + *\li The configuration pointer. */ isc_result_t isc_logconfig_use(isc_log_t *lctx, isc_logconfig_t *lcfg); -/* +/*%< * Associate a new configuration with a logging context. * * Notes: - * This is thread safe. The logging context will lock a mutex + *\li This is thread safe. The logging context will lock a mutex * before attempting to swap in the new configuration, and isc_log_doit * (the internal function used by all of isc_log_[v]write[1]) locks * the same lock for the duration of its use of the configuration. * * Requires: - * lctx is a valid logging context. - * lcfg is a valid logging configuration. - * lctx is the same configuration given to isc_logconfig_create + *\li lctx is a valid logging context. + *\li lcfg is a valid logging configuration. + *\li lctx is the same configuration given to isc_logconfig_create * when the configuration was created. * * Ensures: - * Future calls to isc_log_write will use the new configuration. + *\li Future calls to isc_log_write will use the new configuration. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource limit: Out of memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of memory */ void isc_log_destroy(isc_log_t **lctxp); -/* +/*%< * Deallocate the memory associated with a logging context. * * Requires: - * *lctx is a valid logging context. + *\li *lctx is a valid logging context. * * Ensures: - * All of the memory associated with the logging context is returned + *\li All of the memory associated with the logging context is returned * to the free memory pool. * - * Any open files are closed. + *\li Any open files are closed. * - * The logging context is marked as invalid. + *\li The logging context is marked as invalid. */ void isc_logconfig_destroy(isc_logconfig_t **lcfgp); -/* +/*%< * Destroy a logging configuration. * * Notes: - * This function cannot be used directly with the return value of + *\li This function cannot be used directly with the return value of * isc_logconfig_get, because a logging context must always have * a valid configuration associated with it. * * Requires: - * lcfgp is not null and *lcfgp is a valid logging configuration. - * The logging configuration is not in use by an existing logging context. + *\li lcfgp is not null and *lcfgp is a valid logging configuration. + *\li The logging configuration is not in use by an existing logging context. * * Ensures: - * All memory allocated for the configuration is freed. + *\li All memory allocated for the configuration is freed. * - * The configuration is marked as invalid. + *\li The configuration is marked as invalid. */ void isc_log_registercategories(isc_log_t *lctx, isc_logcategory_t categories[]); -/* +/*%< * Identify logging categories a library will use. * * Notes: - * A category should only be registered once, but no mechanism enforces + *\li A category should only be registered once, but no mechanism enforces * this rule. * - * The end of the categories array is identified by a NULL name. + *\li The end of the categories array is identified by a NULL name. * - * Because the name is used by ISC_LOG_PRINTCATEGORY, it should not + *\li Because the name is used by #ISC_LOG_PRINTCATEGORY, it should not * be altered or destroyed after isc_log_registercategories(). * - * Because each element of the categories array is used by + *\li Because each element of the categories array is used by * isc_log_categorybyname, it should not be altered or destroyed * after registration. * - * The value of the id integer in each structure is overwritten + *\li The value of the id integer in each structure is overwritten * by this function, and so id need not be initialized to any particular * value prior to the function call. * - * A subsequent call to isc_log_registercategories with the same + *\li A subsequent call to isc_log_registercategories with the same * logging context (but new categories) will cause the last * element of the categories array from the prior call to have * its "name" member changed from NULL to point to the new * categories array, and its "id" member set to UINT_MAX. * * Requires: - * lctx is a valid logging context. - * categories != NULL. - * categories[0].name != NULL. + *\li lctx is a valid logging context. + *\li categories != NULL. + *\li categories[0].name != NULL. * * Ensures: - * There are references to each category in the logging context, + * \li There are references to each category in the logging context, * so they can be used with isc_log_usechannel() and isc_log_write(). */ void isc_log_registermodules(isc_log_t *lctx, isc_logmodule_t modules[]); -/* +/*%< * Identify logging categories a library will use. * * Notes: - * A module should only be registered once, but no mechanism enforces + *\li A module should only be registered once, but no mechanism enforces * this rule. * - * The end of the modules array is identified by a NULL name. + *\li The end of the modules array is identified by a NULL name. * - * Because the name is used by ISC_LOG_PRINTMODULE, it should not + *\li Because the name is used by #ISC_LOG_PRINTMODULE, it should not * be altered or destroyed after isc_log_registermodules(). * - * Because each element of the modules array is used by + *\li Because each element of the modules array is used by * isc_log_modulebyname, it should not be altered or destroyed * after registration. * - * The value of the id integer in each structure is overwritten + *\li The value of the id integer in each structure is overwritten * by this function, and so id need not be initialized to any particular * value prior to the function call. * - * A subsequent call to isc_log_registermodules with the same + *\li A subsequent call to isc_log_registermodules with the same * logging context (but new modules) will cause the last * element of the modules array from the prior call to have * its "name" member changed from NULL to point to the new * modules array, and its "id" member set to UINT_MAX. * * Requires: - * lctx is a valid logging context. - * modules != NULL. - * modules[0].name != NULL; + *\li lctx is a valid logging context. + *\li modules != NULL. + *\li modules[0].name != NULL; * * Ensures: - * Each module has a reference in the logging context, so they can be + *\li Each module has a reference in the logging context, so they can be * used with isc_log_usechannel() and isc_log_write(). */ @@ -376,68 +400,67 @@ isc_log_createchannel(isc_logconfig_t *lcfg, const char *name, unsigned int type, int level, const isc_logdestination_t *destination, unsigned int flags); -/* +/*%< * Specify the parameters of a logging channel. * * Notes: - * The name argument is copied to memory in the logging context, so + *\li The name argument is copied to memory in the logging context, so * it can be altered or destroyed after isc_log_createchannel(). * - * Defining a very large number of channels will have a performance + *\li Defining a very large number of channels will have a performance * impact on isc_log_usechannel(), since the names are searched * linearly until a match is made. This same issue does not affect * isc_log_write, however. * - * Channel names can be redefined; this is primarily useful for programs + *\li Channel names can be redefined; this is primarily useful for programs * that want their own definition of default_syslog, default_debug * and default_stderr. * - * Any channel that is redefined will not affect logging that was + *\li Any channel that is redefined will not affect logging that was * already directed to its original definition, _except_ for the * default_stderr channel. This case is handled specially so that * the default logging category can be changed by redefining * default_stderr. (XXXDCL Though now that I think of it, the default * logging category can be changed with only one additional function * call by defining a new channel and then calling isc_log_usechannel() - * for ISC_LOGCATEGORY_DEFAULT.) + * for #ISC_LOGCATEGORY_DEFAULT.) * - * Specifying ISC_LOG_PRINTTIME or ISC_LOG_PRINTTAG for syslog is allowed, + *\li Specifying #ISC_LOG_PRINTTIME or #ISC_LOG_PRINTTAG for syslog is allowed, * but probably not what you wanted to do. * - * ISC_LOG_DEBUGONLY will mark the channel as usable only when the + * #ISC_LOG_DEBUGONLY will mark the channel as usable only when the * debug level of the logging context (see isc_log_setdebuglevel) * is non-zero. * * Requires: - * lcfg is a valid logging configuration. + *\li lcfg is a valid logging configuration. * - * name is not NULL. + *\li name is not NULL. * - * type is ISC_LOG_TOSYSLOG, ISC_LOG_TOFILE, ISC_LOG_TOFILEDESC or - * ISC_LOG_TONULL. + *\li type is #ISC_LOG_TOSYSLOG, #ISC_LOG_TOFILE, #ISC_LOG_TOFILEDESC or + * #ISC_LOG_TONULL. * - * destination is not NULL unless type is ISC_LOG_TONULL. + *\li destination is not NULL unless type is #ISC_LOG_TONULL. * - * level is >= ISC_LOG_CRITICAL (the most negative logging level). + *\li level is >= #ISC_LOG_CRITICAL (the most negative logging level). * - * flags does not include any bits aside from the ISC_LOG_PRINT* bits - * or ISC_LOG_DEBUGONLY. + *\li flags does not include any bits aside from the ISC_LOG_PRINT* bits + * or #ISC_LOG_DEBUGONLY. * * Ensures: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * A channel with the given name is usable with * isc_log_usechannel(). * - * ISC_R_NOMEMORY or ISC_R_UNEXPECTED + *\li #ISC_R_NOMEMORY or #ISC_R_UNEXPECTED * No additional memory is being used by the logging context. - * * Any channel that previously existed with the given name * is not redefined. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource limit: Out of memory - * ISC_R_UNEXPECTED type was out of range and REQUIRE() + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of memory + *\li #ISC_R_UNEXPECTED type was out of range and REQUIRE() * was disabled. */ @@ -445,166 +468,186 @@ isc_result_t isc_log_usechannel(isc_logconfig_t *lcfg, const char *name, const isc_logcategory_t *category, const isc_logmodule_t *module); -/* +/*%< * Associate a named logging channel with a category and module that * will use it. * * Notes: - * The name is searched for linearly in the set of known channel names + *\li The name is searched for linearly in the set of known channel names * until a match is found. (Note the performance impact of a very large * number of named channels.) When multiple channels of the same * name are defined, the most recent definition is found. * - * Specifing a very large number of channels for a category will have + *\li Specifying a very large number of channels for a category will have * a moderate impact on performance in isc_log_write(), as each * call looks up the category for the start of a linked list, which * it follows all the way to the end to find matching modules. The * test for matching modules is integral, though. * - * If category is NULL, then the channel is associated with the indicated + *\li If category is NULL, then the channel is associated with the indicated * module for all known categories (including the "default" category). * - * If module is NULL, then the channel is associated with every module + *\li If module is NULL, then the channel is associated with every module * that uses that category. * - * Passing both category and module as NULL would make every log message + *\li Passing both category and module as NULL would make every log message * use the indicated channel. * - * Specifying a channel that is ISC_LOG_TONULL for a category/module pair + * \li Specifying a channel that is #ISC_LOG_TONULL for a category/module pair * has no effect on any other channels associated with that pair, * regardless of ordering. Thus you cannot use it to "mask out" one * category/module pair when you have specified some other channel that * is also used by that category/module pair. * * Requires: - * lcfg is a valid logging configuration. + *\li lcfg is a valid logging configuration. * - * category is NULL or has an id that is in the range of known ids. + *\li category is NULL or has an id that is in the range of known ids. * * module is NULL or has an id that is in the range of known ids. * * Ensures: - * ISC_R_SUCCESS + *\li #ISC_R_SUCCESS * The channel will be used by the indicated category/module * arguments. * - * ISC_R_NOMEMORY + *\li #ISC_R_NOMEMORY * If assignment for a specific category has been requested, * the channel has not been associated with the indicated * category/module arguments and no additional memory is * used by the logging context. - * * If assignment for all categories has been requested * then _some_ may have succeeded (starting with category * "default" and progressing through the order of categories - * passed to isc_log_registercategories) and additional memory + * passed to isc_log_registercategories()) and additional memory * is being used by whatever assignments succeeded. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource limit: Out of memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of memory */ -void -isc_log_write(isc_log_t *lctx, isc_logcategory_t *category, - isc_logmodule_t *module, int level, - const char *format, ...) -ISC_FORMAT_PRINTF(5, 6); -/* +/* Attention: next four comments PRECEED code */ +/*! + * \brief * Write a message to the log channels. * * Notes: - * Log messages containing natural language text should be logged with + *\li Log messages containing natural language text should be logged with * isc_log_iwrite() to allow for localization. * - * lctx can be NULL; this is allowed so that programs which use + *\li lctx can be NULL; this is allowed so that programs which use * libraries that use the ISC logging system are not required to * also use it. * - * The format argument is a printf(3) string, with additional arguments + *\li The format argument is a printf(3) string, with additional arguments * as necessary. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * - * The category and module arguments must have ids that are in the - * range of known ids, as estabished by isc_log_registercategories() + *\li The category and module arguments must have ids that are in the + * range of known ids, as established by isc_log_registercategories() * and isc_log_registermodules(). * - * level != ISC_LOG_DYNAMIC. ISC_LOG_DYNAMIC is used only to define + *\li level != #ISC_LOG_DYNAMIC. ISC_LOG_DYNAMIC is used only to define * channels, and explicit debugging level must be identified for * isc_log_write() via ISC_LOG_DEBUG(level). * - * format != NULL. + *\li format != NULL. * * Ensures: - * The log message is written to every channel associated with the + *\li The log message is written to every channel associated with the * indicated category/module pair. * * Returns: - * Nothing. Failure to log a message is not construed as a + *\li Nothing. Failure to log a message is not construed as a * meaningful error. */ - void -isc_log_vwrite(isc_log_t *lctx, isc_logcategory_t *category, +isc_log_write(isc_log_t *lctx, isc_logcategory_t *category, isc_logmodule_t *module, int level, - const char *format, va_list args) -ISC_FORMAT_PRINTF(5, 0); -/* + const char *format, ...) + +ISC_FORMAT_PRINTF(5, 6); + +/*% * Write a message to the log channels. * * Notes: - * lctx can be NULL; this is allowed so that programs which use + *\li lctx can be NULL; this is allowed so that programs which use * libraries that use the ISC logging system are not required to * also use it. * - * The format argument is a printf(3) string, with additional arguments + *\li The format argument is a printf(3) string, with additional arguments * as necessary. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * - * The category and module arguments must have ids that are in the - * range of known ids, as estabished by isc_log_registercategories() + *\li The category and module arguments must have ids that are in the + * range of known ids, as established by isc_log_registercategories() * and isc_log_registermodules(). * - * level != ISC_LOG_DYNAMIC. ISC_LOG_DYNAMIC is used only to define + *\li level != #ISC_LOG_DYNAMIC. ISC_LOG_DYNAMIC is used only to define * channels, and explicit debugging level must be identified for * isc_log_write() via ISC_LOG_DEBUG(level). * - * format != NULL. + *\li format != NULL. * * Ensures: - * The log message is written to every channel associated with the + *\li The log message is written to every channel associated with the * indicated category/module pair. * * Returns: - * Nothing. Failure to log a message is not construed as a + *\li Nothing. Failure to log a message is not construed as a * meaningful error. */ +void +isc_log_vwrite(isc_log_t *lctx, isc_logcategory_t *category, + isc_logmodule_t *module, int level, + const char *format, va_list args) +ISC_FORMAT_PRINTF(5, 0); + +/*% + * Write a message to the log channels, pruning duplicates that occur within + * a configurable amount of seconds (see isc_log_[sg]etduplicateinterval). + * This function is otherwise identical to isc_log_write(). + */ void isc_log_write1(isc_log_t *lctx, isc_logcategory_t *category, isc_logmodule_t *module, int level, const char *format, ...) + ISC_FORMAT_PRINTF(5, 6); -/* + +/*% * Write a message to the log channels, pruning duplicates that occur within * a configurable amount of seconds (see isc_log_[sg]etduplicateinterval). - * This function is otherwise identical to isc_log_write(). + * This function is otherwise identical to isc_log_vwrite(). */ - void isc_log_vwrite1(isc_log_t *lctx, isc_logcategory_t *category, isc_logmodule_t *module, int level, const char *format, va_list args) + ISC_FORMAT_PRINTF(5, 0); -/* - * Write a message to the log channels, pruning duplicates that occur within - * a configurable amount of seconds (see isc_log_[sg]etduplicateinterval). - * This function is otherwise identical to isc_log_vwrite(). - */ +/*% + * These are four internationalized versions of the isc_log_[v]write[1] + * functions. + * + * The only difference is that they take arguments for a message + * catalog, message set, and message number, all immediately preceding the + * format argument. The format argument becomes the default text, a la + * isc_msgcat_get. If the message catalog is NULL, no lookup is attempted + * for a message -- which makes the message set and message number irrelevant, + * and the non-internationalized call should have probably been used instead. + * + * Yes, that means there are now *eight* interfaces to logging a message. + * Sheesh. Make the madness stop! + */ +/*@{*/ void isc_log_iwrite(isc_log_t *lctx, isc_logcategory_t *category, isc_logmodule_t *module, int level, @@ -632,72 +675,61 @@ isc_log_ivwrite1(isc_log_t *lctx, isc_logcategory_t *category, isc_msgcat_t *msgcat, int msgset, int message, const char *format, va_list args) ISC_FORMAT_PRINTF(8, 0); -/* - * These are four internationalized versions of the the isc_log_[v]write[1] - * functions. The only difference is that they take arguments for a message - * catalog, message set, and message number, all immediately preceding the - * format argument. The format argument becomes the default text, a la - * isc_msgcat_get. If the message catalog is NULL, no lookup is attempted - * for a message -- which makes the message set and message number irrelevant, - * and the non-internationalized call should have probably been used instead. - * - * Yes, that means there are now *eight* interfaces to logging a message. - * Sheesh. Make the madness stop! - */ +/*@}*/ void isc_log_setdebuglevel(isc_log_t *lctx, unsigned int level); -/* +/*%< * Set the debugging level used for logging. * * Notes: - * Setting the debugging level to 0 disables debugging log messages. + *\li Setting the debugging level to 0 disables debugging log messages. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * * Ensures: - * The debugging level is set to the requested value. + *\li The debugging level is set to the requested value. */ unsigned int isc_log_getdebuglevel(isc_log_t *lctx); -/* +/*%< * Get the current debugging level. * * Notes: - * This is provided so that a program can have a notion of + *\li This is provided so that a program can have a notion of * "increment debugging level" or "decrement debugging level" * without needing to keep track of what the current level is. * - * A return value of 0 indicates that debugging messages are disabled. + *\li A return value of 0 indicates that debugging messages are disabled. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * * Ensures: - * The current logging debugging level is returned. + *\li The current logging debugging level is returned. */ isc_boolean_t isc_log_wouldlog(isc_log_t *lctx, int level); -/* +/*%< * Determine whether logging something to 'lctx' at 'level' would * actually cause something to be logged somewhere. * - * If ISC_FALSE is returned, it is guaranteed that nothing would + * If #ISC_FALSE is returned, it is guaranteed that nothing would * be logged, allowing the caller to omit unnecessary * isc_log_write() calls and possible message preformatting. */ void isc_log_setduplicateinterval(isc_logconfig_t *lcfg, unsigned int interval); -/* +/*%< * Set the interval over which duplicate log messages will be ignored * by isc_log_[v]write1(), in seconds. * * Notes: - * Increasing the duplicate interval from X to Y will not necessarily + *\li Increasing the duplicate interval from X to Y will not necessarily * filter out duplicates of messages logged in Y - X seconds since the * increase. (Example: Message1 is logged at midnight. Message2 * is logged at 00:01:00, when the interval is only 30 seconds, causing @@ -707,43 +739,43 @@ isc_log_setduplicateinterval(isc_logconfig_t *lcfg, unsigned int interval); * passed since the first occurrence. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. */ unsigned int isc_log_getduplicateinterval(isc_logconfig_t *lcfg); -/* +/*%< * Get the current duplicate filtering interval. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * * Returns: - * The current duplicate filtering interval. + *\li The current duplicate filtering interval. */ isc_result_t isc_log_settag(isc_logconfig_t *lcfg, const char *tag); -/* - * Set the program name or other identifier for ISC_LOG_PRINTTAG. +/*%< + * Set the program name or other identifier for #ISC_LOG_PRINTTAG. * * Requires: - * lcfg is a valid logging configuration. + *\li lcfg is a valid logging configuration. * * Notes: - * If this function has not set the tag to a non-NULL, non-empty value, - * then the ISC_LOG_PRINTTAG channel flag will not print anything. + *\li If this function has not set the tag to a non-NULL, non-empty value, + * then the #ISC_LOG_PRINTTAG channel flag will not print anything. * Unlike some implementations of syslog on Unix systems, you *must* set * the tag in order to get it logged. It is not implicitly derived from * the program name (which is pretty impossible to infer portably). * - * Setting the tag to NULL or the empty string will also cause the - * ISC_LOG_PRINTTAG channel flag to not print anything. If tag equals the + *\li Setting the tag to NULL or the empty string will also cause the + * #ISC_LOG_PRINTTAG channel flag to not print anything. If tag equals the * empty string, calls to isc_log_gettag will return NULL. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_NOMEMORY Resource Limit: Out of memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource Limit: Out of memory * * XXXDCL when creating a new isc_logconfig_t, it might be nice if the tag * of the currently active isc_logconfig_t was inherited. this does not @@ -752,33 +784,35 @@ isc_log_settag(isc_logconfig_t *lcfg, const char *tag); char * isc_log_gettag(isc_logconfig_t *lcfg); -/* - * Get the current identifier printed with ISC_LOG_PRINTTAG. +/*%< + * Get the current identifier printed with #ISC_LOG_PRINTTAG. * * Requires: - * lcfg is a valid logging configuration. + *\li lcfg is a valid logging configuration. * * Notes: - * Since isc_log_settag() will not associate a zero-length string + *\li Since isc_log_settag() will not associate a zero-length string * with the logging configuration, attempts to do so will cause * this function to return NULL. However, a determined programmer * will observe that (currently) a tag of length greater than zero * could be set, and then modified to be zero length. * * Returns: - * A pointer to the current identifier, or NULL if none has been set. + *\li A pointer to the current identifier, or NULL if none has been set. */ void isc_log_opensyslog(const char *tag, int options, int facility); -/* +/*%< * Initialize syslog logging. * * Notes: - * XXXDCL NT + *\li XXXDCL NT * This is currently equivalent to openlog(), but is not going to remain * that way. In the meantime, the arguments are all identical to * those used by openlog(3), as follows: + * + * \code * tag: The string to use in the position of the program * name in syslog messages. Most (all?) syslogs * will use basename(argv[0]) if tag is NULL. @@ -789,89 +823,90 @@ isc_log_opensyslog(const char *tag, int options, int facility); * facility: The default syslog facility. This is irrelevant * since isc_log_write will ALWAYS use the channel's * declared facility. + * \endcode * - * Zero effort has been made (yet) to accomodate systems with openlog() + *\li Zero effort has been made (yet) to accommodate systems with openlog() * that only takes two arguments, or to identify valid syslog * facilities or options for any given architecture. * - * It is necessary to call isc_log_opensyslog() to initialize + *\li It is necessary to call isc_log_opensyslog() to initialize * syslogging on machines which do not support network connections to * syslogd because they require a Unix domain socket to be used. Since * this is a chore to determine at run-time, it is suggested that it * always be called by programs using the ISC logging system. * * Requires: - * Nothing. + *\li Nothing. * * Ensures: - * openlog() is called to initialize the syslog system. + *\li openlog() is called to initialize the syslog system. */ void isc_log_closefilelogs(isc_log_t *lctx); -/* - * Close all open files used by ISC_LOG_TOFILE channels. +/*%< + * Close all open files used by #ISC_LOG_TOFILE channels. * * Notes: - * This function is provided for programs that want to use their own + *\li This function is provided for programs that want to use their own * log rolling mechanism rather than the one provided internally. * For example, a program that wanted to keep daily logs would define - * a channel which used ISC_LOG_ROLLNEVER, then once a day would + * a channel which used #ISC_LOG_ROLLNEVER, then once a day would * rename the log file and call isc_log_closefilelogs(). * - * ISC_LOG_TOFILEDESC channels are unaffected. + *\li #ISC_LOG_TOFILEDESC channels are unaffected. * * Requires: - * lctx is a valid context. + *\li lctx is a valid context. * * Ensures: - * The open files are closed and will be reopened when they are + *\li The open files are closed and will be reopened when they are * next needed. */ isc_logcategory_t * isc_log_categorybyname(isc_log_t *lctx, const char *name); -/* +/*%< * Find a category by its name. * * Notes: - * The string name of a category is not required to be unique. + *\li The string name of a category is not required to be unique. * * Requires: - * lctx is a valid context. - * name is not NULL. + *\li lctx is a valid context. + *\li name is not NULL. * * Returns: - * A pointer to the _first_ isc_logcategory_t structure used by "name". + *\li A pointer to the _first_ isc_logcategory_t structure used by "name". * - * NULL if no category exists by that name. + *\li NULL if no category exists by that name. */ isc_logmodule_t * isc_log_modulebyname(isc_log_t *lctx, const char *name); -/* +/*%< * Find a module by its name. * * Notes: - * The string name of a module is not required to be unique. + *\li The string name of a module is not required to be unique. * * Requires: - * lctx is a valid context. - * name is not NULL. + *\li lctx is a valid context. + *\li name is not NULL. * * Returns: - * A pointer to the _first_ isc_logmodule_t structure used by "name". + *\li A pointer to the _first_ isc_logmodule_t structure used by "name". * - * NULL if no module exists by that name. + *\li NULL if no module exists by that name. */ void isc_log_setcontext(isc_log_t *lctx); -/* +/*%< * Sets the context used by the libisc for logging. * * Requires: - * lctx be a valid context. + *\li lctx be a valid context. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/magic.h b/contrib/bind-9.5.2/lib/isc/include/isc/magic.h similarity index 84% rename from contrib/bind-9.3/lib/isc/include/isc/magic.h rename to contrib/bind-9.5.2/lib/isc/include/isc/magic.h index 729e5123c2..073de90dcc 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/magic.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/magic.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,20 +15,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: magic.h,v 1.11.206.1 2004/03/06 08:14:43 marka Exp $ */ +/* $Id: magic.h,v 1.18 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_MAGIC_H #define ISC_MAGIC_H 1 +/*! \file isc/magic.h */ + typedef struct { unsigned int magic; } isc__magic_t; -/* +/*% * To use this macro the magic number MUST be the first thing in the * structure, and MUST be of type "unsigned int". - * * The intent of this is to allow magic numbers to be checked even though * the object is otherwise opaque. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/md5.h b/contrib/bind-9.5.2/lib/isc/include/isc/md5.h similarity index 86% rename from contrib/bind-9.3/lib/isc/include/isc/md5.h rename to contrib/bind-9.5.2/lib/isc/include/isc/md5.h index c6c38258ff..5b0d785cd1 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/md5.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/md5.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: md5.h,v 1.8.206.1 2004/03/06 08:14:43 marka Exp $ */ +/* $Id: md5.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */ -/* - * This is the header file for the MD5 message-digest algorithm. +/*! \file isc/md5.h + * \brief This is the header file for the MD5 message-digest algorithm. + * * The algorithm is due to Ron Rivest. This code was * written by Colin Plumb in 1993, no copyright is claimed. * This code is in the public domain; do with it what you wish. @@ -45,7 +46,7 @@ #include #include -#define ISC_MD5_DIGESTLENGTH 16 +#define ISC_MD5_DIGESTLENGTH 16U typedef struct { isc_uint32_t buf[4]; diff --git a/contrib/bind-9.3/lib/isc/include/isc/mem.h b/contrib/bind-9.5.2/lib/isc/include/isc/mem.h similarity index 61% rename from contrib/bind-9.3/lib/isc/include/isc/mem.h rename to contrib/bind-9.5.2/lib/isc/include/isc/mem.h index 6455924080..4c17b63ab0 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/mem.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/mem.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,20 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mem.h,v 1.54.12.4 2004/10/11 05:55:51 marka Exp $ */ +/* $Id: mem.h,v 1.72.128.6 2009/02/11 03:09:55 jinmei Exp $ */ #ifndef ISC_MEM_H #define ISC_MEM_H 1 +/*! \file isc/mem.h */ + #include #include #include #include #include +#include ISC_LANG_BEGINDECLS @@ -36,7 +39,7 @@ typedef void (*isc_mem_water_t)(void *, int); typedef void * (*isc_memalloc_t)(void *, size_t); typedef void (*isc_memfree_t)(void *, void *); -/* +/*% * Define ISC_MEM_DEBUG=1 to make all functions that free memory * set the pointer being freed to NULL after being freed. * This is the default; set ISC_MEM_DEBUG=0 to disable it. @@ -45,7 +48,7 @@ typedef void (*isc_memfree_t)(void *, void *); #define ISC_MEM_DEBUG 1 #endif -/* +/*% * Define ISC_MEM_TRACKLINES=1 to turn on detailed tracing of memory * allocation and freeing by file and line number. */ @@ -53,7 +56,7 @@ typedef void (*isc_memfree_t)(void *, void *); #define ISC_MEM_TRACKLINES 1 #endif -/* +/*% * Define ISC_MEM_CHECKOVERRUN=1 to turn on checks for using memory outside * the requested space. This will increase the size of each allocation. */ @@ -61,7 +64,7 @@ typedef void (*isc_memfree_t)(void *, void *); #define ISC_MEM_CHECKOVERRUN 1 #endif -/* +/*% * Define ISC_MEM_FILL=1 to fill each block of memory returned to the system * with the byte string '0xbe'. This helps track down uninitialized pointers * and the like. On freeing memory, the space is filled with '0xde' for @@ -71,7 +74,7 @@ typedef void (*isc_memfree_t)(void *, void *); #define ISC_MEM_FILL 1 #endif -/* +/*% * Define ISC_MEMPOOL_NAMES=1 to make memory pools store a symbolic * name so that the leaking pool can be more readily identified in * case of a memory leak. @@ -81,27 +84,40 @@ typedef void (*isc_memfree_t)(void *, void *); #endif LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging; +/*@{*/ #define ISC_MEM_DEBUGTRACE 0x00000001U #define ISC_MEM_DEBUGRECORD 0x00000002U #define ISC_MEM_DEBUGUSAGE 0x00000004U -/* +#define ISC_MEM_DEBUGSIZE 0x00000008U +#define ISC_MEM_DEBUGCTX 0x00000010U +#define ISC_MEM_DEBUGALL 0x0000001FU +/*!< * The variable isc_mem_debugging holds a set of flags for * turning certain memory debugging options on or off at - * runtime. Its is intialized to the value ISC_MEM_DEGBUGGING, + * runtime. It is initialized to the value ISC_MEM_DEGBUGGING, * which is 0 by default but may be overridden at compile time. * The following flags can be specified: * - * ISC_MEM_DEBUGTRACE + * \li #ISC_MEM_DEBUGTRACE * Log each allocation and free to isc_lctx. * - * ISC_MEM_DEBUGRECORD + * \li #ISC_MEM_DEBUGRECORD * Remember each allocation, and match them up on free. * Crash if a free doesn't match an allocation. * - * ISC_MEM_DEBUGUSAGE - * If a hi_water mark is set, print the maximium inuse memory + * \li #ISC_MEM_DEBUGUSAGE + * If a hi_water mark is set, print the maximum inuse memory * every time it is raised once it exceeds the hi_water mark. + * + * \li #ISC_MEM_DEBUGSIZE + * Check the size argument being passed to isc_mem_put() matches + * that passed to isc_mem_get(). + * + * \li #ISC_MEM_DEBUGCTX + * Check the mctx argument being passed to isc_mem_put() matches + * that passed to isc_mem_get(). */ +/*@}*/ #if ISC_MEM_TRACKLINES #define _ISC_MEM_FILELINE , __FILE__, __LINE__ @@ -111,17 +127,44 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging; #define _ISC_MEM_FLARG #endif +/*! + * Define ISC_MEM_USE_INTERNAL_MALLOC=1 to use the internal malloc() + * implementation in preference to the system one. The internal malloc() + * is very space-efficient, and quite fast on uniprocessor systems. It + * performs poorly on multiprocessor machines. + * JT: we can overcome the performance issue on multiprocessor machines + * by carefully separating memory contexts. + */ + +#ifndef ISC_MEM_USE_INTERNAL_MALLOC +#define ISC_MEM_USE_INTERNAL_MALLOC 1 +#endif + +/* + * Flags for isc_mem_create2()calls. + */ +#define ISC_MEMFLAG_NOLOCK 0x00000001 /* no lock is necessary */ +#define ISC_MEMFLAG_INTERNAL 0x00000002 /* use internal malloc */ +#if ISC_MEM_USE_INTERNAL_MALLOC +#define ISC_MEMFLAG_DEFAULT ISC_MEMFLAG_INTERNAL +#else +#define ISC_MEMFLAG_DEFAULT 0 +#endif + + #define isc_mem_get(c, s) isc__mem_get((c), (s) _ISC_MEM_FILELINE) #define isc_mem_allocate(c, s) isc__mem_allocate((c), (s) _ISC_MEM_FILELINE) +#define isc_mem_reallocate(c, p, s) isc__mem_reallocate((c), (p), (s) _ISC_MEM_FILELINE) #define isc_mem_strdup(c, p) isc__mem_strdup((c), (p) _ISC_MEM_FILELINE) #define isc_mempool_get(c) isc__mempool_get((c) _ISC_MEM_FILELINE) -/* - * isc_mem_putanddetach() is a convienence function for use where you +/*% + * isc_mem_putanddetach() is a convenience function for use where you * have a structure with an attached memory context. * * Given: * + * \code * struct { * ... * isc_mem_t *mctx; @@ -131,14 +174,17 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging; * isc_mem_t *mctx; * * isc_mem_putanddetach(&ptr->mctx, ptr, sizeof(*ptr)); + * \endcode * * is the equivalent of: * + * \code * mctx = NULL; * isc_mem_attach(ptr->mctx, &mctx); * isc_mem_detach(&ptr->mctx); * isc_mem_put(mctx, ptr, sizeof(*ptr)); * isc_mem_detach(&mctx); + * \endcode */ #if ISC_MEM_DEBUG @@ -170,25 +216,35 @@ LIBISC_EXTERNAL_DATA extern unsigned int isc_mem_debugging; #define isc_mempool_put(c, p) isc__mempool_put((c), (p) _ISC_MEM_FILELINE) #endif -isc_result_t +/*@{*/ +isc_result_t isc_mem_create(size_t max_size, size_t target_size, isc_mem_t **mctxp); -isc_result_t +isc_result_t +isc_mem_create2(size_t max_size, size_t target_size, + isc_mem_t **mctxp, unsigned int flags); + +isc_result_t isc_mem_createx(size_t max_size, size_t target_size, isc_memalloc_t memalloc, isc_memfree_t memfree, void *arg, isc_mem_t **mctxp); -/* - * Create a memory context. + +isc_result_t +isc_mem_createx2(size_t max_size, size_t target_size, + isc_memalloc_t memalloc, isc_memfree_t memfree, + void *arg, isc_mem_t **mctxp, unsigned int flags); + +/*!< + * \brief Create a memory context. * * 'max_size' and 'target_size' are tuning parameters. When - * ISC_MEM_USE_INTERNAL_MALLOC is true, allocations smaller than - * 'max_size' will be satisfied by getting blocks of size - * 'target_size' from the system allocator and breaking them up into - * pieces; larger allocations will use the system allocator directly. - * If 'max_size' and/or 'target_size' are zero, default values will be - * used. When ISC_MEM_USE_INTERNAL_MALLOC is false, 'target_size' is - * ignored. + * ISC_MEMFLAG_INTERNAL is set, allocations smaller than 'max_size' + * will be satisfied by getting blocks of size 'target_size' from the + * system allocator and breaking them up into pieces; larger allocations + * will use the system allocator directly. If 'max_size' and/or + * 'target_size' are zero, default values will be * used. When + * ISC_MEMFLAG_INTERNAL is not set, 'target_size' is ignored. * * 'max_size' is also used to size the statistics arrays and the array * used to record active memory when ISC_MEM_DEBUGRECORD is set. Settin @@ -200,68 +256,79 @@ isc_mem_createx(size_t max_size, size_t target_size, * using isc_mem_create() will use the standard library malloc() * and free(). * + * If ISC_MEMFLAG_NOLOCK is set in 'flags', the corresponding memory context + * will be accessed without locking. The user who creates the context must + * ensure there be no race. Since this can be a source of bug, it is generally + * inadvisable to use this flag unless the user is very sure about the race + * condition and the access to the object is highly performance sensitive. + * * Requires: * mctxp != NULL && *mctxp == NULL */ +/*@}*/ -void +/*@{*/ +void isc_mem_attach(isc_mem_t *, isc_mem_t **); -void +void isc_mem_detach(isc_mem_t **); -/* - * Attach to / detach from a memory context. +/*!< + * \brief Attach to / detach from a memory context. * * This is intended for applications that use multiple memory contexts * in such a way that it is not obvious when the last allocations from * a given context has been freed and destroying the context is safe. - * + * * Most applications do not need to call these functions as they can * simply create a single memory context at the beginning of main() * and destroy it at the end of main(), thereby guaranteeing that it * is not destroyed while there are outstanding allocations. */ +/*@}*/ -void +void isc_mem_destroy(isc_mem_t **); -/* +/*%< * Destroy a memory context. */ -isc_result_t +isc_result_t isc_mem_ondestroy(isc_mem_t *ctx, isc_task_t *task, isc_event_t **event); -/* +/*%< * Request to be notified with an event when a memory context has * been successfully destroyed. */ -void +void isc_mem_stats(isc_mem_t *mctx, FILE *out); -/* +/*%< * Print memory usage statistics for 'mctx' on the stream 'out'. */ -void +void isc_mem_setdestroycheck(isc_mem_t *mctx, isc_boolean_t on); -/* - * Iff 'on' is ISC_TRUE, 'mctx' will check for memory leaks when +/*%< + * If 'on' is ISC_TRUE, 'mctx' will check for memory leaks when * destroyed and abort the program if any are present. */ -void +/*@{*/ +void isc_mem_setquota(isc_mem_t *, size_t); -size_t +size_t isc_mem_getquota(isc_mem_t *); -/* +/*%< * Set/get the memory quota of 'mctx'. This is a hard limit * on the amount of memory that may be allocated from mctx; * if it is exceeded, allocations will fail. */ +/*@}*/ -size_t +size_t isc_mem_inuse(isc_mem_t *mctx); -/* +/*%< * Get an estimate of the number of memory in use in 'mctx', in bytes. * This includes quantization overhead, but does not include memory * allocated from the system but not yet used. @@ -270,12 +337,30 @@ isc_mem_inuse(isc_mem_t *mctx); void isc_mem_setwater(isc_mem_t *mctx, isc_mem_water_t water, void *water_arg, size_t hiwater, size_t lowater); -/* - * Set high and low water marks for this memory context. When the memory - * usage of 'mctx' exceeds 'hiwater', '(water)(water_arg, ISC_MEM_HIWATER)' - * will be called. When the usage drops below 'lowater', 'water' will - * again be called, this time with ISC_MEM_LOWATER. - * +/*%< + * Set high and low water marks for this memory context. + * + * When the memory usage of 'mctx' exceeds 'hiwater', + * '(water)(water_arg, #ISC_MEM_HIWATER)' will be called. 'water' needs to + * call isc_mem_waterack() with #ISC_MEM_HIWATER to acknowledge the state + * change. 'water' may be called multiple times. + * + * When the usage drops below 'lowater', 'water' will again be called, this + * time with #ISC_MEM_LOWATER. 'water' need to calls isc_mem_waterack() with + * #ISC_MEM_LOWATER to acknowledge the change. + * + * static void + * water(void *arg, int mark) { + * struct foo *foo = arg; + * + * LOCK(&foo->marklock); + * if (foo->mark != mark) { + * foo->mark = mark; + * .... + * isc_mem_waterack(foo->mctx, mark); + * } + * UNLOCK(&foo->marklock); + * } * If 'water' is NULL then 'water_arg', 'hi_water' and 'lo_water' are * ignored and the state is reset. * @@ -285,60 +370,143 @@ isc_mem_setwater(isc_mem_t *mctx, isc_mem_water_t water, void *water_arg, * hi_water >= lo_water */ +void +isc_mem_waterack(isc_mem_t *ctx, int mark); +/*%< + * Called to acknowledge changes in signaled by calls to 'water'. + */ + +void +isc_mem_printactive(isc_mem_t *mctx, FILE *file); +/*%< + * Print to 'file' all active memory in 'mctx'. + * + * Requires ISC_MEM_DEBUGRECORD to have been set. + */ + +void +isc_mem_printallactive(FILE *file); +/*%< + * Print to 'file' all active memory in all contexts. + * + * Requires ISC_MEM_DEBUGRECORD to have been set. + */ + +void +isc_mem_checkdestroyed(FILE *file); +/*%< + * Check that all memory contexts have been destroyed. + * Prints out those that have not been. + * Fatally fails if there are still active contexts. + */ + +void +isc_mem_setname(isc_mem_t *ctx, const char *name, void *tag); +/*%< + * Name 'ctx'. + * + * Notes: + * + *\li Only the first 15 characters of 'name' will be copied. + * + *\li 'tag' is for debugging purposes only. + * + * Requires: + * + *\li 'ctx' is a valid ctx. + */ + +const char * +isc_mem_getname(isc_mem_t *ctx); +/*%< + * Get the name of 'ctx', as previously set using isc_mem_setname(). + * + * Requires: + *\li 'ctx' is a valid ctx. + * + * Returns: + *\li A non-NULL pointer to a null-terminated string. + * If the ctx has not been named, the string is + * empty. + */ + +void * +isc_mem_gettag(isc_mem_t *ctx); +/*%< + * Get the tag value for 'task', as previously set using isc_mem_setname(). + * + * Requires: + *\li 'ctx' is a valid ctx. + * + * Notes: + *\li This function is for debugging purposes only. + * + * Requires: + *\li 'ctx' is a valid task. + */ + +#ifdef HAVE_LIBXML2 +void +isc_mem_renderxml(xmlTextWriterPtr writer); +/*%< + * Render all contexts' statistics and status in XML for writer. + */ +#endif /* HAVE_LIBXML2 */ + /* * Memory pools */ isc_result_t isc_mempool_create(isc_mem_t *mctx, size_t size, isc_mempool_t **mpctxp); -/* +/*%< * Create a memory pool. * * Requires: - * mctx is a valid memory context. - * size > 0 - * mpctxp != NULL and *mpctxp == NULL + *\li mctx is a valid memory context. + *\li size > 0 + *\li mpctxp != NULL and *mpctxp == NULL * * Defaults: - * maxalloc = UINT_MAX - * freemax = 1 - * fillcount = 1 + *\li maxalloc = UINT_MAX + *\li freemax = 1 + *\li fillcount = 1 * * Returns: - * ISC_R_NOMEMORY -- not enough memory to create pool - * ISC_R_SUCCESS -- all is well. + *\li #ISC_R_NOMEMORY -- not enough memory to create pool + *\li #ISC_R_SUCCESS -- all is well. */ void isc_mempool_destroy(isc_mempool_t **mpctxp); -/* +/*%< * Destroy a memory pool. * * Requires: - * mpctxp != NULL && *mpctxp is a valid pool. - * The pool has no un"put" allocations outstanding + *\li mpctxp != NULL && *mpctxp is a valid pool. + *\li The pool has no un"put" allocations outstanding */ void isc_mempool_setname(isc_mempool_t *mpctx, const char *name); -/* +/*%< * Associate a name with a memory pool. At most 15 characters may be used. * * Requires: - * mpctx is a valid pool. - * name != NULL; + *\li mpctx is a valid pool. + *\li name != NULL; */ void isc_mempool_associatelock(isc_mempool_t *mpctx, isc_mutex_t *lock); -/* +/*%< * Associate a lock with this memory pool. * * This lock is used when getting or putting items using this memory pool, * and it is also used to set or get internal state via the isc_mempool_get*() * and isc_mempool_set*() set of functions. * - * Mutiple pools can each share a single lock. For instance, if "manager" + * Multiple pools can each share a single lock. For instance, if "manager" * type object contained pools for various sizes of events, and each of * these pools used a common lock. Note that this lock must NEVER be used * by other than mempool routines once it is given to a pool, since that can @@ -346,13 +514,13 @@ isc_mempool_associatelock(isc_mempool_t *mpctx, isc_mutex_t *lock); * * Requires: * - * mpctpx is a valid pool. + *\li mpctpx is a valid pool. * - * lock != NULL. + *\li lock != NULL. * - * No previous lock is assigned to this pool. + *\li No previous lock is assigned to this pool. * - * The lock is initialized before calling this function via the normal + *\li The lock is initialized before calling this function via the normal * means of doing that. */ @@ -372,79 +540,81 @@ isc_mempool_associatelock(isc_mempool_t *mpctx, isc_mutex_t *lock); unsigned int isc_mempool_getfreemax(isc_mempool_t *mpctx); -/* +/*%< * Returns the maximum allowed size of the free list. */ void isc_mempool_setfreemax(isc_mempool_t *mpctx, unsigned int limit); -/* +/*%< * Sets the maximum allowed size of the free list. */ unsigned int isc_mempool_getfreecount(isc_mempool_t *mpctx); -/* +/*%< * Returns current size of the free list. */ unsigned int isc_mempool_getmaxalloc(isc_mempool_t *mpctx); -/* +/*!< * Returns the maximum allowed number of allocations. */ void isc_mempool_setmaxalloc(isc_mempool_t *mpctx, unsigned int limit); -/* +/*%< * Sets the maximum allowed number of allocations. * * Additional requirements: - * limit > 0 + *\li limit > 0 */ unsigned int isc_mempool_getallocated(isc_mempool_t *mpctx); -/* +/*%< * Returns the number of items allocated from this pool. */ unsigned int isc_mempool_getfillcount(isc_mempool_t *mpctx); -/* +/*%< * Returns the number of items allocated as a block from the parent memory * context when the free list is empty. */ void isc_mempool_setfillcount(isc_mempool_t *mpctx, unsigned int limit); -/* +/*%< * Sets the fillcount. * * Additional requirements: - * limit > 0 + *\li limit > 0 */ /* * Pseudo-private functions for use via macros. Do not call directly. */ -void * +void * isc__mem_get(isc_mem_t *, size_t _ISC_MEM_FLARG); -void +void isc__mem_putanddetach(isc_mem_t **, void *, size_t _ISC_MEM_FLARG); -void +void isc__mem_put(isc_mem_t *, void *, size_t _ISC_MEM_FLARG); -void * +void * isc__mem_allocate(isc_mem_t *, size_t _ISC_MEM_FLARG); -void +void * +isc__mem_reallocate(isc_mem_t *, void *, size_t _ISC_MEM_FLARG); +void isc__mem_free(isc_mem_t *, void * _ISC_MEM_FLARG); -char * +char * isc__mem_strdup(isc_mem_t *, const char *_ISC_MEM_FLARG); -void * +void * isc__mempool_get(isc_mempool_t * _ISC_MEM_FLARG); -void +void isc__mempool_put(isc_mempool_t *, void * _ISC_MEM_FLARG); ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/msgcat.h b/contrib/bind-9.5.2/lib/isc/include/isc/msgcat.h similarity index 68% rename from contrib/bind-9.3/lib/isc/include/isc/msgcat.h rename to contrib/bind-9.5.2/lib/isc/include/isc/msgcat.h index 97839fad46..fe3d336825 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/msgcat.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/msgcat.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: msgcat.h,v 1.8.206.1 2004/03/06 08:14:44 marka Exp $ */ +/* $Id: msgcat.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_MSGCAT_H #define ISC_MSGCAT_H 1 @@ -24,34 +24,33 @@ ***** Module Info *****/ -/* - * ISC Message Catalog - * - * Message catalogs aid internationalization of applications by allowing +/*! \file isc/msgcat.h + * \brief The ISC Message Catalog + * aids internationalization of applications by allowing * messages to be retrieved from locale-specific files instead of * hardwiring them into the application. This allows translations of * messages appropriate to the locale to be supplied without recompiling * the application. * * Notes: - * It's very important that message catalogs work, even if only the + *\li It's very important that message catalogs work, even if only the * default_text can be used. * * MP: - * The caller must ensure appropriate synchronization of + *\li The caller must ensure appropriate synchronization of * isc_msgcat_open() and isc_msgcat_close(). isc_msgcat_get() * ensures appropriate synchronization. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * + *\li TBS * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -70,61 +69,61 @@ ISC_LANG_BEGINDECLS void isc_msgcat_open(const char *name, isc_msgcat_t **msgcatp); -/* +/*%< * Open a message catalog. * * Notes: * - * If memory cannot be allocated or other failures occur, *msgcatp + *\li If memory cannot be allocated or other failures occur, *msgcatp * will be set to NULL. If a NULL msgcat is given to isc_msgcat_get(), * the default_text will be returned, ensuring that some message text * will be available, no matter what's going wrong. * * Requires: * - * 'name' is a valid string. + *\li 'name' is a valid string. * - * msgcatp != NULL && *msgcatp == NULL + *\li msgcatp != NULL && *msgcatp == NULL */ void isc_msgcat_close(isc_msgcat_t **msgcatp); -/* +/*%< * Close a message catalog. * * Notes: * - * Any string pointers returned by prior calls to isc_msgcat_get() are + *\li Any string pointers returned by prior calls to isc_msgcat_get() are * invalid after isc_msgcat_close() has been called and must not be * used. * * Requires: * - * *msgcatp is a valid message catalog or is NULL. + *\li *msgcatp is a valid message catalog or is NULL. * * Ensures: * - * All resources associated with the message catalog are released. + *\li All resources associated with the message catalog are released. * - * *msgcatp == NULL + *\li *msgcatp == NULL */ const char * isc_msgcat_get(isc_msgcat_t *msgcat, int set, int message, const char *default_text); -/* +/*%< * Get message 'message' from message set 'set' in 'msgcat'. If it * is not available, use 'default_text'. * * Requires: * - * 'msgcat' is a valid message catalog or is NULL. + *\li 'msgcat' is a valid message catalog or is NULL. * - * set > 0 + *\li set > 0 * - * message > 0 + *\li message > 0 * - * 'default_text' is a valid string. + *\li 'default_text' is a valid string. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/msgs.h b/contrib/bind-9.5.2/lib/isc/include/isc/msgs.h new file mode 100644 index 0000000000..b6f10a2a7a --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/msgs.h @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: msgs.h,v 1.15.128.2 2008/08/08 06:28:28 tbox Exp $ */ + +#ifndef ISC_MSGS_H +#define ISC_MSGS_H 1 + +/*! \file isc/msgs.h */ + +#include /* Provide isc_msgcat global variable. */ +#include /* Provide isc_msgcat_*() functions. */ + +/*@{*/ +/*! + * \brief Message sets, named per source file, excepting "GENERAL". + * + * IMPORTANT: The original list is alphabetical, but any new sets must + * be added to the end. + */ +#define ISC_MSGSET_GENERAL 1 +/* ISC_RESULT_RESULTSET 2 */ /* XXX */ +/* ISC_RESULT_UNAVAILABLESET 3 */ /* XXX */ +#define ISC_MSGSET_APP 4 +#define ISC_MSGSET_COMMANDLINE 5 +#define ISC_MSGSET_ENTROPY 6 +#define ISC_MSGSET_IFITERIOCTL 7 +#define ISC_MSGSET_IFITERSYSCTL 8 +#define ISC_MSGSET_LEX 9 +#define ISC_MSGSET_LOG 10 +#define ISC_MSGSET_MEM 11 +#define ISC_MSGSET_NETADDR 12 +#define ISC_MSGSET_PRINT 13 +#define ISC_MSGSET_RESULT 14 +#define ISC_MSGSET_RWLOCK 15 +#define ISC_MSGSET_SOCKADDR 16 +#define ISC_MSGSET_SOCKET 17 +#define ISC_MSGSET_TASK 18 +#define ISC_MSGSET_TIMER 19 +#define ISC_MSGSET_UTIL 20 +#define ISC_MSGSET_IFITERGETIFADDRS 21 +/*@}*/ + +/*@{*/ +/*! + * Message numbers + * are only required to be unique per message set, + * but are unique throughout the entire catalog to not be as confusing when + * debugging. + * + * The initial numbering was done by multiply by 100 the set number the + * message appears in then adding the incremental message number. + */ +#define ISC_MSG_FAILED 101 /*%< "failed" */ +#define ISC_MSG_SUCCEEDED 102 /*%< Compatible with "failed" */ +#define ISC_MSG_SUCCESS 103 /*%< More usual way to say "success" */ +#define ISC_MSG_STARTING 104 /*%< As in "daemon: starting" */ +#define ISC_MSG_STOPING 105 /*%< As in "daemon: stopping" */ +#define ISC_MSG_ENTERING 106 /*%< As in "some_subr: entering" */ +#define ISC_MSG_EXITING 107 /*%< As in "some_subr: exiting" */ +#define ISC_MSG_CALLING 108 /*%< As in "calling some_subr()" */ +#define ISC_MSG_RETURNED 109 /*%< As in "some_subr: returned " */ +#define ISC_MSG_FATALERROR 110 /*%< "fatal error" */ +#define ISC_MSG_SHUTTINGDOWN 111 /*%< "shutting down" */ +#define ISC_MSG_RUNNING 112 /*%< "running" */ +#define ISC_MSG_WAIT 113 /*%< "wait" */ +#define ISC_MSG_WAITUNTIL 114 /*%< "waituntil" */ + +#define ISC_MSG_SIGNALSETUP 201 /*%< "handle_signal() %d setup: %s" */ + +#define ISC_MSG_ILLEGALOPT 301 /*%< "illegal option" */ +#define ISC_MSG_OPTNEEDARG 302 /*%< "option requires an argument" */ + +#define ISC_MSG_ENTROPYSTATS 401 /*%< "Entropy pool %p: refcnt %u ..." */ + +#define ISC_MSG_MAKESCANSOCKET 501 /*%< "making interface scan socket: %s" */ +#define ISC_MSG_GETIFCONFIG 502 /*%< "get interface configuration: %s" */ +#define ISC_MSG_BUFFERMAX 503 /*%< "... maximum buffer size exceeded" */ +#define ISC_MSG_GETDESTADDR 504 /*%< "%s: getting destination address: %s" */ +#define ISC_MSG_GETNETMASK 505 /*%< "%s: getting netmask: %s" */ + +#define ISC_MSG_GETIFLISTSIZE 601 /*%< "getting interface list size: ..." */ +#define ISC_MSG_GETIFLIST 602 /*%< "getting interface list: ..." */ +#define ISC_MSG_UNEXPECTEDTYPE 603 /*%< "... unexpected ... message type" */ + +#define ISC_MSG_UNEXPECTEDSTATE 701 /*%< "Unexpected state %d" */ + +#define ISC_MSG_BADTIME 801 /*%< "Bad 00 99:99:99.999 " */ +#define ISC_MSG_LEVEL 802 /*%< "level %d: " */ + +#define ISC_MSG_ADDTRACE 901 /*%< "add %p size %u " */ +#define ISC_MSG_DELTRACE 902 /*%< "del %p size %u " */ +#define ISC_MSG_POOLSTATS 903 /*%< "[Pool statistics]\n" */ +#define ISC_MSG_POOLNAME 904 /*%< "name" */ +#define ISC_MSG_POOLSIZE 905 /*%< "size" */ +#define ISC_MSG_POOLMAXALLOC 906 /*%< "maxalloc" */ +#define ISC_MSG_POOLALLOCATED 907 /*%< "allocated" */ +#define ISC_MSG_POOLFREECOUNT 908 /*%< "freecount" */ +#define ISC_MSG_POOLFREEMAX 909 /*%< "freemax" */ +#define ISC_MSG_POOLFILLCOUNT 910 /*%< "fillcount" */ +#define ISC_MSG_POOLGETS 911 /*%< "gets" */ +#define ISC_MSG_DUMPALLOC 912 /*%< "DUMP OF ALL OUTSTANDING MEMORY ..." */ +#define ISC_MSG_NONE 913 /*%< "\tNone.\n" */ +#define ISC_MSG_PTRFILELINE 914 /*%< "\tptr %p file %s line %u\n" */ + +#define ISC_MSG_UNKNOWNADDR 1001 /*%< "" */ + +#define ISC_MSG_NOLONGDBL 1104 /*%< "long doubles are not supported" */ + +#define ISC_MSG_PRINTLOCK 1201 /*%< "rwlock %p thread %lu ..." */ +#define ISC_MSG_READ 1202 /*%< "read" */ +#define ISC_MSG_WRITE 1203 /*%< "write" */ +#define ISC_MSG_READING 1204 /*%< "reading" */ +#define ISC_MSG_WRITING 1205 /*%< "writing" */ +#define ISC_MSG_PRELOCK 1206 /*%< "prelock" */ +#define ISC_MSG_POSTLOCK 1207 /*%< "postlock" */ +#define ISC_MSG_PREUNLOCK 1208 /*%< "preunlock" */ +#define ISC_MSG_POSTUNLOCK 1209 /*%< "postunlock" */ + +#define ISC_MSG_UNKNOWNFAMILY 1301 /*%< "unknown address family: %d" */ + +#define ISC_MSG_WRITEFAILED 1401 /*%< "write() failed during watcher ..." */ +#define ISC_MSG_READFAILED 1402 /*%< "read() failed during watcher ... " */ +#define ISC_MSG_PROCESSCMSG 1403 /*%< "processing cmsg %p" */ +#define ISC_MSG_IFRECEIVED 1404 /*%< "interface received on ifindex %u" */ +#define ISC_MSG_SENDTODATA 1405 /*%< "sendto pktinfo data, ifindex %u" */ +#define ISC_MSG_DOIORECV 1406 /*%< "doio_recv: recvmsg(%d) %d bytes ..." */ +#define ISC_MSG_PKTRECV 1407 /*%< "packet received correctly" */ +#define ISC_MSG_DESTROYING 1408 /*%< "destroying" */ +#define ISC_MSG_CREATED 1409 /*%< "created" */ +#define ISC_MSG_ACCEPTLOCK 1410 /*%< "internal_accept called, locked ..." */ +#define ISC_MSG_ACCEPTEDCXN 1411 /*%< "accepted connection, new socket %p" */ +#define ISC_MSG_INTERNALRECV 1412 /*%< "internal_recv: task %p got event %p" */ +#define ISC_MSG_INTERNALSEND 1413 /*%< "internal_send: task %p got event %p" */ +#define ISC_MSG_WATCHERMSG 1414 /*%< "watcher got message %d" */ +#define ISC_MSG_SOCKETSREMAIN 1415 /*%< "sockets exist" */ +#define ISC_MSG_PKTINFOPROVIDED 1416 /*%< "pktinfo structure provided, ..." */ +#define ISC_MSG_BOUND 1417 /*%< "bound" */ +#define ISC_MSG_ACCEPTRETURNED 1418 /*%< accept() returned %d/%s */ +#define ISC_MSG_TOOMANYFDS 1419 /*%< %s: too many open file descriptors */ +#define ISC_MSG_ZEROPORT 1420 /*%< dropping source port zero packet */ +#define ISC_MSG_FILTER 1421 /*%< setsockopt(SO_ACCEPTFILTER): %s */ + +#define ISC_MSG_TOOMANYHANDLES 1422 /*%< %s: too many open WSA event handles: %s */ + + +#define ISC_MSG_AWAKE 1502 /*%< "awake" */ +#define ISC_MSG_WORKING 1503 /*%< "working" */ +#define ISC_MSG_EXECUTE 1504 /*%< "execute action" */ +#define ISC_MSG_EMPTY 1505 /*%< "empty" */ +#define ISC_MSG_DONE 1506 /*%< "done" */ +#define ISC_MSG_QUANTUM 1507 /*%< "quantum" */ + +#define ISC_MSG_SCHEDULE 1601 /*%< "schedule" */ +#define ISC_MSG_SIGNALSCHED 1602 /*%< "signal (schedule)" */ +#define ISC_MSG_SIGNALDESCHED 1603 /*%< "signal (deschedule)" */ +#define ISC_MSG_SIGNALDESTROY 1604 /*%< "signal (destroy)" */ +#define ISC_MSG_IDLERESCHED 1605 /*%< "idle reschedule" */ +#define ISC_MSG_EVENTNOTALLOC 1606 /*%< "couldn't allocate event" */ +#define ISC_MSG_SCHEDFAIL 1607 /*%< "couldn't schedule timer: %u" */ +#define ISC_MSG_POSTING 1608 /*%< "posting" */ +#define ISC_MSG_WAKEUP 1609 /*%< "wakeup" */ + +#define ISC_MSG_LOCK 1701 /*%< "LOCK" */ +#define ISC_MSG_LOCKING 1702 /*%< "LOCKING" */ +#define ISC_MSG_LOCKED 1703 /*%< "LOCKED" */ +#define ISC_MSG_UNLOCKED 1704 /*%< "UNLOCKED" */ +#define ISC_MSG_RWLOCK 1705 /*%< "RWLOCK" */ +#define ISC_MSG_RWLOCKED 1706 /*%< "RWLOCKED" */ +#define ISC_MSG_RWUNLOCK 1707 /*%< "RWUNLOCK" */ +#define ISC_MSG_BROADCAST 1708 /*%< "BROADCAST" */ +#define ISC_MSG_SIGNAL 1709 /*%< "SIGNAL" */ +#define ISC_MSG_UTILWAIT 1710 /*%< "WAIT" */ +#define ISC_MSG_WAITED 1711 /*%< "WAITED" */ + +#define ISC_MSG_GETIFADDRS 1801 /*%< "getting interface addresses: ..." */ + +/*@}*/ + +#endif /* ISC_MSGS_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/mutexblock.h b/contrib/bind-9.5.2/lib/isc/include/isc/mutexblock.h similarity index 72% rename from contrib/bind-9.3/lib/isc/include/isc/mutexblock.h rename to contrib/bind-9.5.2/lib/isc/include/isc/mutexblock.h index 9bfd90ccce..65bf2bf27f 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/mutexblock.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/mutexblock.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutexblock.h,v 1.10.206.1 2004/03/06 08:14:44 marka Exp $ */ +/* $Id: mutexblock.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_MUTEXBLOCK_H #define ISC_MUTEXBLOCK_H 1 +/*! \file isc/mutexblock.h */ + #include #include #include @@ -28,39 +30,39 @@ ISC_LANG_BEGINDECLS isc_result_t isc_mutexblock_init(isc_mutex_t *block, unsigned int count); -/* +/*%< * Initialize a block of locks. If an error occurs all initialized locks * will be destroyed, if possible. * * Requires: * - * block != NULL + *\li block != NULL * - * count > 0 + *\li count > 0 * * Returns: * - * Any code isc_mutex_init() can return is a valid return for this + *\li Any code isc_mutex_init() can return is a valid return for this * function. */ isc_result_t isc_mutexblock_destroy(isc_mutex_t *block, unsigned int count); -/* +/*%< * Destroy a block of locks. * * Requires: * - * block != NULL + *\li block != NULL * - * count > 0 + *\li count > 0 * - * Each lock in the block be initialized via isc_mutex_init() or + *\li Each lock in the block be initialized via isc_mutex_init() or * the whole block was initialized via isc_mutex_initblock(). * * Returns: * - * Any code isc_mutex_init() can return is a valid return for this + *\li Any code isc_mutex_init() can return is a valid return for this * function. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/netaddr.h b/contrib/bind-9.5.2/lib/isc/include/isc/netaddr.h similarity index 68% rename from contrib/bind-9.3/lib/isc/include/isc/netaddr.h rename to contrib/bind-9.5.2/lib/isc/include/isc/netaddr.h index ad3328c47c..1ce83fd9ac 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/netaddr.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/netaddr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,22 +15,32 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: netaddr.h,v 1.18.12.9 2005/07/29 00:13:10 marka Exp $ */ +/* $Id: netaddr.h,v 1.35.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_NETADDR_H #define ISC_NETADDR_H 1 +/*! \file isc/netaddr.h */ + #include #include #include +#ifdef ISC_PLATFORM_HAVESYSUNH +#include +#include +#endif + ISC_LANG_BEGINDECLS struct isc_netaddr { unsigned int family; union { - struct in_addr in; + struct in_addr in; struct in6_addr in6; +#ifdef ISC_PLATFORM_HAVESYSUNH + char un[sizeof(((struct sockaddr_un *)0)->sun_path)]; +#endif } type; isc_uint32_t zone; }; @@ -38,43 +48,48 @@ struct isc_netaddr { isc_boolean_t isc_netaddr_equal(const isc_netaddr_t *a, const isc_netaddr_t *b); +/*%< + * Compare network addresses 'a' and 'b'. Return #ISC_TRUE if + * they are equal, #ISC_FALSE if not. + */ + isc_boolean_t isc_netaddr_eqprefix(const isc_netaddr_t *a, const isc_netaddr_t *b, unsigned int prefixlen); -/* +/*%< * Compare the 'prefixlen' most significant bits of the network - * addresses 'a' and 'b'. Return ISC_TRUE if they are equal, - * ISC_FALSE if not. + * addresses 'a' and 'b'. If 'b''s scope is zero then 'a''s scope is + * ignored. Return #ISC_TRUE if they are equal, #ISC_FALSE if not. */ isc_result_t isc_netaddr_masktoprefixlen(const isc_netaddr_t *s, unsigned int *lenp); -/* +/*%< * Convert a netmask in 's' into a prefix length in '*lenp'. * The mask should consist of zero or more '1' bits in the most * most significant part of the address, followed by '0' bits. - * If this is not the case, ISC_R_MASKNONCONTIG is returned. + * If this is not the case, #ISC_R_MASKNONCONTIG is returned. * * Returns: - * ISC_R_SUCCESS - * ISC_R_MASKNONCONTIG + *\li #ISC_R_SUCCESS + *\li #ISC_R_MASKNONCONTIG */ isc_result_t isc_netaddr_totext(const isc_netaddr_t *netaddr, isc_buffer_t *target); -/* +/*%< * Append a text representation of 'sockaddr' to the buffer 'target'. * The text is NOT null terminated. Handles IPv4 and IPv6 addresses. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE The text or the null termination did not fit. - * ISC_R_FAILURE Unspecified failure + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOSPACE The text or the null termination did not fit. + *\li #ISC_R_FAILURE Unspecified failure */ void isc_netaddr_format(const isc_netaddr_t *na, char *array, unsigned int size); -/* +/*%< * Format a human-readable representation of the network address '*na' * into the character array 'array', which is of size 'size'. * The resulting string is guaranteed to be null-terminated. @@ -82,7 +97,7 @@ isc_netaddr_format(const isc_netaddr_t *na, char *array, unsigned int size); #define ISC_NETADDR_FORMATSIZE \ sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:XXX.XXX.XXX.XXX%SSSSSSSSSS") -/* +/*%< * Minimum size of array to pass to isc_netaddr_format(). */ @@ -95,6 +110,9 @@ isc_netaddr_fromin(isc_netaddr_t *netaddr, const struct in_addr *ina); void isc_netaddr_fromin6(isc_netaddr_t *netaddr, const struct in6_addr *ina6); +isc_result_t +isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path); + void isc_netaddr_setzone(isc_netaddr_t *netaddr, isc_uint32_t zone); @@ -103,46 +121,59 @@ isc_netaddr_getzone(const isc_netaddr_t *netaddr); void isc_netaddr_any(isc_netaddr_t *netaddr); -/* +/*%< * Return the IPv4 wildcard address. */ void isc_netaddr_any6(isc_netaddr_t *netaddr); -/* +/*%< * Return the IPv6 wildcard address. */ isc_boolean_t isc_netaddr_ismulticast(isc_netaddr_t *na); -/* +/*%< * Returns ISC_TRUE if the address is a multicast address. */ isc_boolean_t isc_netaddr_isexperimental(isc_netaddr_t *na); -/* +/*%< * Returns ISC_TRUE if the address is a experimental (CLASS E) address. */ isc_boolean_t isc_netaddr_islinklocal(isc_netaddr_t *na); -/* - * Returns ISC_TRUE if the address is a link local address. +/*%< + * Returns #ISC_TRUE if the address is a link local address. */ isc_boolean_t isc_netaddr_issitelocal(isc_netaddr_t *na); -/* - * Returns ISC_TRUE if the address is a site local address. +/*%< + * Returns #ISC_TRUE if the address is a site local address. */ void isc_netaddr_fromv4mapped(isc_netaddr_t *t, const isc_netaddr_t *s); -/* +/*%< * Convert an IPv6 v4mapped address into an IPv4 address. */ +isc_result_t +isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen); +/* + * Test whether the netaddr 'na' and 'prefixlen' are consistant. + * e.g. prefixlen within range. + * na does not have bits set which are not covered by the prefixlen. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_RANGE prefixlen out of range + * ISC_R_NOTIMPLEMENTED unsupported family + * ISC_R_FAILURE extra bits. + */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/netscope.h b/contrib/bind-9.5.2/lib/isc/include/isc/netscope.h similarity index 75% rename from contrib/bind-9.3/lib/isc/include/isc/netscope.h rename to contrib/bind-9.5.2/lib/isc/include/isc/netscope.h index 7cc0f182d7..9f4aec2641 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/netscope.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/netscope.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,26 +15,29 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: netscope.h,v 1.4.142.5 2004/03/08 09:04:52 marka Exp $ */ +/* $Id: netscope.h,v 1.11.128.2 2009/06/25 23:46:43 tbox Exp $ */ #ifndef ISC_NETSCOPE_H #define ISC_NETSCOPE_H 1 +/*! \file isc/netscope.h */ + ISC_LANG_BEGINDECLS -/* +/*% * Convert a string of an IPv6 scope zone to zone index. If the conversion * succeeds, 'zoneid' will store the index value. + * * XXXJT: when a standard interface for this purpose is defined, * we should use it. * * Returns: - * ISC_R_SUCCESS: conversion succeeds - * ISC_R_FAILURE: conversion fails + * \li ISC_R_SUCCESS: conversion succeeds + * \li ISC_R_FAILURE: conversion fails */ isc_result_t isc_netscope_pton(int af, char *scopename, void *addr, isc_uint32_t *zoneid); ISC_LANG_ENDDECLS -#endif /* ISC_NETADDR_H */ +#endif /* ISC_NETSCOPE_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/ondestroy.h b/contrib/bind-9.5.2/lib/isc/include/isc/ondestroy.h similarity index 88% rename from contrib/bind-9.3/lib/isc/include/isc/ondestroy.h rename to contrib/bind-9.5.2/lib/isc/include/isc/ondestroy.h index a2c584a990..64bd643337 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/ondestroy.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/ondestroy.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ondestroy.h,v 1.7.206.1 2004/03/06 08:14:45 marka Exp $ */ +/* $Id: ondestroy.h,v 1.14 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_ONDESTROY_H #define ISC_ONDESTROY_H 1 @@ -25,33 +25,39 @@ ISC_LANG_BEGINDECLS -/* +/*! \file isc/ondestroy.h * ondestroy handling. * * Any class ``X'' of objects that wants to send out notifications * on its destruction should declare a field of type isc_ondestroy_t * (call it 'ondest'). * + * \code * typedef struct { * ... * isc_ondestroy_t ondest; * ... * } X; + * \endcode * * When an object ``A'' of type X is created * it must initialize the field ondest with a call to * + * \code * isc_ondestroy_init(&A->ondest). + * \endcode * * X should also provide a registration function for third-party * objects to call to register their interest in being told about * the destruction of a particular instance of X. * + * \code * isc_result_t * X_ondestroy(X *instance, isc_task_t *task, * isc_event_t **eventp) { * return(isc_ondestroy_register(&instance->ondest, task,eventp)); * } + * \endcode * * Note: locking of the ondestory structure embedded inside of X, is * X's responsibility. @@ -59,15 +65,17 @@ ISC_LANG_BEGINDECLS * When an instance of X is destroyed, a call to isc_ondestroy_notify() * sends the notifications: * + * \code * X *instance; * isc_ondestroy_t ondest = instance->ondest; * * ... completely cleanup 'instance' here... * * isc_ondestroy_notify(&ondest, instance); + * \endcode * * - * see dns/zone.c for an ifdef'd-out example. + * see lib/dns/zone.c for an ifdef'd-out example. */ struct isc_ondestroy { @@ -77,7 +85,7 @@ struct isc_ondestroy { void isc_ondestroy_init(isc_ondestroy_t *ondest); -/* +/*%< * Initialize the on ondest structure. *must* be called before first call * to isc_ondestroy_register(). */ @@ -86,7 +94,7 @@ isc_result_t isc_ondestroy_register(isc_ondestroy_t *ondest, isc_task_t *task, isc_event_t **eventp); -/* +/*%< * Stores task and *eventp away inside *ondest. Ownership of **event is * taken from the caller (and *eventp is set to NULL). The task is attached * to. @@ -94,7 +102,7 @@ isc_ondestroy_register(isc_ondestroy_t *ondest, isc_task_t *task, void isc_ondestroy_notify(isc_ondestroy_t *ondest, void *sender); -/* +/*%< * Dispatches the event(s) to the task(s) that were given in * isc_ondestroy_register call(s) (done via calls to * isc_task_sendanddetach()). Before dispatch, the sender value of each diff --git a/contrib/bind-9.3/lib/isc/include/isc/os.h b/contrib/bind-9.5.2/lib/isc/include/isc/os.h similarity index 80% rename from contrib/bind-9.3/lib/isc/include/isc/os.h rename to contrib/bind-9.5.2/lib/isc/include/isc/os.h index 5c3bd62061..3cf59e2cb6 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/os.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/os.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,18 +15,20 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.5.206.1 2004/03/06 08:14:45 marka Exp $ */ +/* $Id: os.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_OS_H #define ISC_OS_H 1 +/*! \file isc/os.h */ + #include ISC_LANG_BEGINDECLS unsigned int isc_os_ncpus(void); -/* +/*%< * Return the number of CPUs available on the system, or 1 if this cannot * be determined. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/parseint.h b/contrib/bind-9.5.2/lib/isc/include/isc/parseint.h similarity index 69% rename from contrib/bind-9.3/lib/isc/include/isc/parseint.h rename to contrib/bind-9.5.2/lib/isc/include/isc/parseint.h index c877131c94..5047676852 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/parseint.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/parseint.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: parseint.h,v 1.2.202.4 2004/03/08 09:04:52 marka Exp $ */ +/* $Id: parseint.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_PARSEINT_H #define ISC_PARSEINT_H 1 @@ -23,8 +23,8 @@ #include #include -/* - * Parse integers, in a saner way than atoi() or strtoul() do. +/*! \file isc/parseint.h + * \brief Parse integers, in a saner way than atoi() or strtoul() do. */ /*** @@ -41,21 +41,22 @@ isc_parse_uint16(isc_uint16_t *uip, const char *string, int base); isc_result_t isc_parse_uint8(isc_uint8_t *uip, const char *string, int base); -/* +/*%< * Parse the null-terminated string 'string' containing a base 'base' - * integer, storing the result in '*uip'. The base is interpreted + * integer, storing the result in '*uip'. + * The base is interpreted * as in strtoul(). Unlike strtoul(), leading whitespace, minus or * plus signs are not accepted, and all errors (including overflow) * are reported uniformly through the return value. * * Requires: - * 'string' points to a null-terminated string - * 0 <= 'base' <= 36 + *\li 'string' points to a null-terminated string + *\li 0 <= 'base' <= 36 * * Returns: - * ISC_R_SUCCESS - * ISC_R_BADNUMBER The string is not numeric (in the given base) - * ISC_R_RANGE The number is not representable as the requested type. + *\li #ISC_R_SUCCESS + *\li #ISC_R_BADNUMBER The string is not numeric (in the given base) + *\li #ISC_R_RANGE The number is not representable as the requested type. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/platform.h.in b/contrib/bind-9.5.2/lib/isc/include/isc/platform.h.in similarity index 71% rename from contrib/bind-9.3/lib/isc/include/isc/platform.h.in rename to contrib/bind-9.5.2/lib/isc/include/isc/platform.h.in index 7a803d7dfb..9d10d5533b 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/platform.h.in +++ b/contrib/bind-9.5.2/lib/isc/include/isc/platform.h.in @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: platform.h.in,v 1.24.2.1.10.11 2004/03/08 09:04:52 marka Exp $ */ +/* $Id: platform.h.in,v 1.45.60.5 2009/02/16 23:46:44 tbox Exp $ */ #ifndef ISC_PLATFORM_H #define ISC_PLATFORM_H 1 +/*! \file */ + /***** ***** Platform-dependent defines. *****/ @@ -28,131 +30,174 @@ *** Network. ***/ -/* +/*! \brief * Define if this system needs the header file included * for full IPv6 support (pretty much only UnixWare). */ @ISC_PLATFORM_NEEDNETINETIN6H@ -/* +/*! \brief * Define if this system needs the header file included * to support in6_pkinfo (pretty much only BSD/OS). */ @ISC_PLATFORM_NEEDNETINET6IN6H@ -/* +/*! \brief * If sockaddrs on this system have an sa_len field, ISC_PLATFORM_HAVESALEN * will be defined. */ @ISC_PLATFORM_HAVESALEN@ -/* +/*! \brief * If this system has the IPv6 structure definitions, ISC_PLATFORM_HAVEIPV6 * will be defined. */ @ISC_PLATFORM_HAVEIPV6@ -/* +/*! \brief * If this system is missing in6addr_any, ISC_PLATFORM_NEEDIN6ADDRANY will * be defined. */ @ISC_PLATFORM_NEEDIN6ADDRANY@ -/* +/*! \brief * If this system is missing in6addr_loopback, ISC_PLATFORM_NEEDIN6ADDRLOOPBACK * will be defined. */ @ISC_PLATFORM_NEEDIN6ADDRLOOPBACK@ -/* +/*! \brief * If this system has in6_pktinfo, ISC_PLATFORM_HAVEIN6PKTINFO will be * defined. */ @ISC_PLATFORM_HAVEIN6PKTINFO@ -/* +/*! \brief * If this system has in_addr6, rather than in6_addr, ISC_PLATFORM_HAVEINADDR6 * will be defined. */ @ISC_PLATFORM_HAVEINADDR6@ -/* +/*! \brief * If this system has sin6_scope_id, ISC_PLATFORM_HAVESCOPEID will be defined. */ @ISC_PLATFORM_HAVESCOPEID@ -/* +/*! \brief * If this system needs inet_ntop(), ISC_PLATFORM_NEEDNTOP will be defined. */ @ISC_PLATFORM_NEEDNTOP@ -/* +/*! \brief * If this system needs inet_pton(), ISC_PLATFORM_NEEDPTON will be defined. */ @ISC_PLATFORM_NEEDPTON@ -/* - * If this system needs inet_aton(), ISC_PLATFORM_NEEDATON will be defined. - */ -@ISC_PLATFORM_NEEDATON@ - -/* +/*! \brief * If this system needs in_port_t, ISC_PLATFORM_NEEDPORTT will be defined. */ @ISC_PLATFORM_NEEDPORTT@ -/* - * If the system needs strsep(), ISC_PLATFORM_NEEDSTRSEP will be defined. +/*! \brief + * Define if the system has struct lifconf which is a extended struct ifconf + * for IPv6. */ -@ISC_PLATFORM_NEEDSTRSEP@ +@ISC_PLATFORM_HAVELIFCONF@ -/* - * If the system needs strlcpy(), ISC_PLATFORM_NEEDSTRLCPY will be defined. +/*! \brief + * Define if the system has struct if_laddrconf which is a extended struct + * ifconf for IPv6. */ -@ISC_PLATFORM_NEEDSTRLCPY@ +@ISC_PLATFORM_HAVEIF_LADDRCONF@ -/* - * If the system needs strlcat(), ISC_PLATFORM_NEEDSTRLCAT will be defined. +/*! \brief + * Define if the system has struct if_laddrreq. */ -@ISC_PLATFORM_NEEDSTRLCAT@ +@ISC_PLATFORM_HAVEIF_LADDRREQ@ -/* +/*! \brief * Define either ISC_PLATFORM_BSD44MSGHDR or ISC_PLATFORM_BSD43MSGHDR. */ @ISC_PLATFORM_MSGHDRFLAVOR@ -/* - * Define if PTHREAD_ONCE_INIT should be surrounded by braces to - * prevent compiler warnings (such as with gcc on Solaris 2.8). +/*! \brief + * Define if the system supports if_nametoindex. */ -@ISC_PLATFORM_BRACEPTHREADONCEINIT@ +@ISC_PLATFORM_HAVEIFNAMETOINDEX@ -/* +/*! \brief * Define on some UnixWare systems to fix erroneous definitions of various * IN6_IS_ADDR_* macros. */ @ISC_PLATFORM_FIXIN6ISADDR@ -/*** +/*! \brief + * Define if the system supports kqueue multiplexing + */ +@ISC_PLATFORM_HAVEKQUEUE@ + +/*! \brief + * Define if the system supports epoll multiplexing + */ +@ISC_PLATFORM_HAVEEPOLL@ + +/*! \brief + * Define if the system supports /dev/poll multiplexing + */ +@ISC_PLATFORM_HAVEDEVPOLL@ + +/* *** Printing. ***/ -/* +/*! \brief * If this system needs vsnprintf() and snprintf(), ISC_PLATFORM_NEEDVSNPRINTF * will be defined. */ @ISC_PLATFORM_NEEDVSNPRINTF@ -/* +/*! \brief * If this system need a modern sprintf() that returns (int) not (char*). */ @ISC_PLATFORM_NEEDSPRINTF@ -/* +/*! \brief * The printf format string modifier to use with isc_uint64_t values. */ @ISC_PLATFORM_QUADFORMAT@ +/*** + *** String functions. + ***/ +/* + * If the system needs strsep(), ISC_PLATFORM_NEEDSTRSEP will be defined. + */ +@ISC_PLATFORM_NEEDSTRSEP@ + +/* + * If the system needs strlcpy(), ISC_PLATFORM_NEEDSTRLCPY will be defined. + */ +@ISC_PLATFORM_NEEDSTRLCPY@ + +/* + * If the system needs strlcat(), ISC_PLATFORM_NEEDSTRLCAT will be defined. + */ +@ISC_PLATFORM_NEEDSTRLCAT@ + +/* + * Define if this system needs strtoul. + */ +@ISC_PLATFORM_NEEDSTRTOUL@ + +/* + * Define if this system needs memmove. + */ +@ISC_PLATFORM_NEEDMEMMOVE@ + +/*** + *** Miscellaneous. + ***/ + /* * Defined if we are using threads. */ @@ -163,6 +208,12 @@ */ @ISC_PLATFORM_NEEDSYSSELECTH@ +/* + * Defined to or for how to include + * the GSSAPI header. + */ +@ISC_PLATFORM_GSSAPIHEADER@ + /* * Type used for resource limits. */ @@ -174,41 +225,74 @@ @ISC_PLATFORM_HAVELONGLONG@ /* - * Define if the system has struct lifconf which is a extended struct ifconf - * for IPv6. + * Define if PTHREAD_ONCE_INIT should be surrounded by braces to + * prevent compiler warnings (such as with gcc on Solaris 2.8). */ -@ISC_PLATFORM_HAVELIFCONF@ +@ISC_PLATFORM_BRACEPTHREADONCEINIT@ /* - * Define if the system has struct if_laddrconf which is a extended struct - * ifconf for IPv6. + * Used to control how extern data is linked; needed for Win32 platforms. */ -@ISC_PLATFORM_HAVEIF_LADDRCONF@ +@ISC_PLATFORM_USEDECLSPEC@ /* - * Define if the system has struct if_laddrreq. + * Define if the platform has . */ -@ISC_PLATFORM_HAVEIF_LADDRREQ@ +@ISC_PLATFORM_HAVESYSUNH@ /* - * Used to control how extern data is linked; needed for Win32 platforms. + * If the "xadd" operation is available on this architecture, + * ISC_PLATFORM_HAVEXADD will be defined. */ -@ISC_PLATFORM_USEDECLSPEC@ +@ISC_PLATFORM_HAVEXADD@ /* - * Define if the system supports if_nametoindex. + * If the "xaddq" operation (64bit xadd) is available on this architecture, + * ISC_PLATFORM_HAVEXADDQ will be defined. */ -@ISC_PLATFORM_HAVEIFNAMETOINDEX@ +@ISC_PLATFORM_HAVEXADDQ@ /* - * Define if this system needs strtoul. + * If the "atomic swap" operation is available on this architecture, + * ISC_PLATFORM_HAVEATOMICSTORE" will be defined. */ -@ISC_PLATFORM_NEEDSTRTOUL@ +@ISC_PLATFORM_HAVEATOMICSTORE@ /* - * Define if this system needs memmove. + * If the "compare-and-exchange" operation is available on this architecture, + * ISC_PLATFORM_HAVECMPXCHG will be defined. */ -@ISC_PLATFORM_NEEDMEMMOVE@ +@ISC_PLATFORM_HAVECMPXCHG@ + +/* + * Define if gcc ASM extension is available + */ +@ISC_PLATFORM_USEGCCASM@ + +/* + * Define if Tru64 style ASM syntax must be used. + */ +@ISC_PLATFORM_USEOSFASM@ + +/* + * Define if the standard __asm function must be used. + */ +@ISC_PLATFORM_USESTDASM@ + +/* + * Define if the platform has . + */ +@ISC_PLATFORM_HAVESTRINGSH@ + +/*** + *** Windows dll support. + ***/ + +/* + * Define if MacOS style of PPC assembly must be used. + * e.g. "r6", not "6", for register six. + */ +@ISC_PLATFORM_USEMACASM@ #ifndef ISC_PLATFORM_USEDECLSPEC #define LIBISC_EXTERNAL_DATA @@ -216,7 +300,7 @@ #define LIBISCCC_EXTERNAL_DATA #define LIBISCCFG_EXTERNAL_DATA #define LIBBIND9_EXTERNAL_DATA -#else /* ISC_PLATFORM_USEDECLSPEC */ +#else /*! \brief ISC_PLATFORM_USEDECLSPEC */ #ifdef LIBISC_EXPORTS #define LIBISC_EXTERNAL_DATA __declspec(dllexport) #else @@ -242,7 +326,7 @@ #else #define LIBBIND9_EXTERNAL_DATA __declspec(dllimport) #endif -#endif /* ISC_PLATFORM_USEDECLSPEC */ +#endif /*! \brief ISC_PLATFORM_USEDECLSPEC */ /* * Tell emacs to use C mode for this file. diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/portset.h b/contrib/bind-9.5.2/lib/isc/include/isc/portset.h new file mode 100644 index 0000000000..64bea01ee4 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/portset.h @@ -0,0 +1,141 @@ +/* + * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: portset.h,v 1.3.2.5 2009/06/25 05:33:17 marka Exp $ */ + +/*! \file isc/portset.h + * \brief Transport Protocol Port Manipulation Module + * + * This module provides simple utilities to handle a set of transport protocol + * (UDP or TCP) port numbers, e.g., for creating an ACL list. An isc_portset_t + * object is an opaque instance of a port set, for which the user can add or + * remove a specific port or a range of consecutive ports. This object is + * expected to be used as a temporary work space only, and does not protect + * simultaneous access from multiple threads. Therefore it must not be stored + * in a place that can be accessed from multiple threads. + */ + +#ifndef ISC_PORTSET_H +#define ISC_PORTSET_H 1 + +/*** + *** Imports + ***/ + +#include + +/*** + *** Functions + ***/ + +ISC_LANG_BEGINDECLS + +isc_result_t +isc_portset_create(isc_mem_t *mctx, isc_portset_t **portsetp); +/*%< + * Create a port set and initialize it as an empty set. + * + * Requires: + *\li 'mctx' to be valid. + *\li 'portsetp' to be non NULL and '*portsetp' to be NULL; + * + * Returns: + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + */ + +void +isc_portset_destroy(isc_mem_t *mctx, isc_portset_t **portsetp); +/*%< + * Destroy a port set. + * + * Requires: + *\li 'mctx' to be valid and must be the same context given when the port set + * was created. + *\li '*portsetp' to be a valid set. + */ + +isc_boolean_t +isc_portset_isset(isc_portset_t *portset, in_port_t port); +/*%< + * Test whether the given port is stored in the portset. + * + * Requires: + *\li 'portset' to be a valid set. + * + * Returns + * \li #ISC_TRUE if the port is found, ISC_FALSE otherwise. + */ + +unsigned int +isc_portset_nports(isc_portset_t *portset); +/*%< + * Provides the number of ports stored in the given portset. + * + * Requires: + *\li 'portset' to be a valid set. + * + * Returns + * \li the number of ports stored in portset. + */ + +void +isc_portset_add(isc_portset_t *portset, in_port_t port); +/*%< + * Add the given port to the portset. The port may or may not be stored in + * the portset. + * + * Requires: + *\li 'portlist' to be valid. + */ + +void +isc_portset_remove(isc_portset_t *portset, in_port_t port); +/*%< + * Remove the given port to the portset. The port may or may not be stored in + * the portset. + * + * Requires: + *\li 'portlist' to be valid. + */ + +void +isc_portset_addrange(isc_portset_t *portset, in_port_t port_lo, + in_port_t port_hi); +/*%< + * Add a subset of [port_lo, port_hi] (inclusive) to the portset. Ports in the + * subset may or may not be stored in portset. + * + * Requires: + *\li 'portlist' to be valid. + *\li port_lo <= port_hi + */ + +void +isc_portset_removerange(isc_portset_t *portset, in_port_t port_lo, + in_port_t port_hi); +/*%< + * Subtract a subset of [port_lo, port_hi] (inclusive) from the portset. Ports + * in the subset may or may not be stored in portset. + * + * Requires: + *\li 'portlist' to be valid. + *\li port_lo <= port_hi + */ + +ISC_LANG_ENDDECLS + +#endif /* ISC_PORTSET_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/print.h b/contrib/bind-9.5.2/lib/isc/include/isc/print.h similarity index 90% rename from contrib/bind-9.3/lib/isc/include/isc/print.h rename to contrib/bind-9.5.2/lib/isc/include/isc/print.h index 1bf3704a26..cd1e38eaf6 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/print.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/print.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print.h,v 1.17.188.4 2005/06/09 23:54:30 marka Exp $ */ +/* $Id: print.h,v 1.26 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_PRINT_H #define ISC_PRINT_H 1 +/*! \file isc/print.h */ + /*** *** Imports ***/ @@ -28,7 +30,7 @@ #include #include -/* +/*! * This block allows lib/isc/print.c to be cleanly compiled even if * the platform does not need it. The standard Makefile will still * not compile print.c or archive print.o, so this is just to make test diff --git a/contrib/bind-9.3/lib/isc/include/isc/quota.h b/contrib/bind-9.5.2/lib/isc/include/isc/quota.h similarity index 79% rename from contrib/bind-9.3/lib/isc/include/isc/quota.h rename to contrib/bind-9.5.2/lib/isc/include/isc/quota.h index 4044118747..7b0d0d9beb 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/quota.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/quota.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: quota.h,v 1.8.12.6 2005/08/11 15:00:08 marka Exp $ */ +/* $Id: quota.h,v 1.16 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_QUOTA_H #define ISC_QUOTA_H 1 @@ -24,10 +24,9 @@ ***** Module Info *****/ -/* - * Quota +/*! \file isc/quota.h * - * The isc_quota_t object is a simple helper object for implementing + * \brief The isc_quota_t object is a simple helper object for implementing * quotas on things like the number of simultaneous connections to * a server. It keeps track of the amount of quota in use, and * encapsulates the locking necessary to allow multiple tasks to @@ -48,9 +47,9 @@ ISC_LANG_BEGINDECLS +/*% isc_quota structure */ struct isc_quota { - isc_mutex_t lock; - /* Locked by lock. */ + isc_mutex_t lock; /*%< Locked by lock. */ int max; int used; int soft; @@ -58,7 +57,7 @@ struct isc_quota { isc_result_t isc_quota_init(isc_quota_t *quota, int max); -/* +/*%< * Initialize a quota object. * * Returns: @@ -68,49 +67,49 @@ isc_quota_init(isc_quota_t *quota, int max); void isc_quota_destroy(isc_quota_t *quota); -/* +/*%< * Destroy a quota object. */ void isc_quota_soft(isc_quota_t *quota, int soft); -/* - * Turn on/off soft quotas. +/*%< + * Set a soft quota. */ void isc_quota_max(isc_quota_t *quota, int max); -/* +/*%< * Re-set a maximum quota. */ isc_result_t isc_quota_reserve(isc_quota_t *quota); -/* +/*%< * Attempt to reserve one unit of 'quota'. * * Returns: - * ISC_R_SUCCESS Success - * ISC_R_SOFTQUOTA Success soft quota reached - * ISC_R_QUOTA Quota is full + * \li #ISC_R_SUCCESS Success + * \li #ISC_R_SOFTQUOTA Success soft quota reached + * \li #ISC_R_QUOTA Quota is full */ void isc_quota_release(isc_quota_t *quota); -/* +/*%< * Release one unit of quota. */ isc_result_t isc_quota_attach(isc_quota_t *quota, isc_quota_t **p); -/* +/*%< * Like isc_quota_reserve, and also attaches '*p' to the * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA). */ void isc_quota_detach(isc_quota_t **p); -/* +/*%< * Like isc_quota_release, and also detaches '*p' from the * quota. */ diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/radix.h b/contrib/bind-9.5.2/lib/isc/include/isc/radix.h new file mode 100644 index 0000000000..c9bdfb7589 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/radix.h @@ -0,0 +1,240 @@ +/* + * Copyright (C) 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: radix.h,v 1.5.46.7 2008/12/24 23:46:32 tbox Exp $ */ + +/* + * This source was adapted from MRT's RCS Ids: + * Id: radix.h,v 1.6 1999/08/03 03:32:53 masaki Exp + * Id: mrt.h,v 1.57.2.6 1999/12/28 23:41:27 labovit Exp + * Id: defs.h,v 1.5.2.2 2000/01/15 14:19:16 masaki Exp + */ + +#include +#include +#include +#include +#include + +#include + +#ifndef _RADIX_H +#define _RADIX_H + +#define NETADDR_TO_PREFIX_T(na,pt,bits) \ + do { \ + memset(&(pt), 0, sizeof(pt)); \ + if((na) != NULL) { \ + (pt).family = (na)->family; \ + (pt).bitlen = (bits); \ + if ((pt).family == AF_INET6) { \ + memcpy(&(pt).add.sin6, &(na)->type.in6, \ + ((bits)+7)/8); \ + } else \ + memcpy(&(pt).add.sin, &(na)->type.in, \ + ((bits)+7)/8); \ + } else { \ + (pt).family = AF_UNSPEC; \ + (pt).bitlen = 0; \ + } \ + isc_refcount_init(&(pt).refcount, 0); \ + } while(0) + +typedef struct isc_prefix { + unsigned int family; /* AF_INET | AF_INET6, or AF_UNSPEC for "any" */ + unsigned int bitlen; /* 0 for "any" */ + isc_refcount_t refcount; + union { + struct in_addr sin; + struct in6_addr sin6; + } add; +} isc_prefix_t; + +typedef void (*isc_radix_destroyfunc_t)(void *); +typedef void (*isc_radix_processfunc_t)(isc_prefix_t *, void **); + +#define isc_prefix_tochar(prefix) ((char *)&(prefix)->add.sin) +#define isc_prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin) + +#define BIT_TEST(f, b) ((f) & (b)) + +/* + * We need "first match" when we search the radix tree to preserve + * compatibility with the existing ACL implementation. Radix trees + * naturally lend themselves to "best match". In order to get "first match" + * behavior, we keep track of the order in which entries are added to the + * tree--and when a search is made, we find all matching entries, and + * return the one that was added first. + * + * An IPv4 prefix and an IPv6 prefix may share a radix tree node if they + * have the same length and bit pattern (e.g., 127/8 and 7f::/8). To + * disambiguate between them, node_num and data are two-element arrays; + * node_num[0] and data[0] are used for IPv4 addresses, node_num[1] + * and data[1] for IPv6 addresses. The only exception is a prefix of + * 0/0 (aka "any" or "none"), which is always stored as IPv4 but matches + * IPv6 addresses too. + */ + +#define ISC_IS6(family) ((family) == AF_INET6 ? 1 : 0) +typedef struct isc_radix_node { + isc_uint32_t bit; /* bit length of the prefix */ + isc_prefix_t *prefix; /* who we are in radix tree */ + struct isc_radix_node *l, *r; /* left and right children */ + struct isc_radix_node *parent; /* may be used */ + void *data[2]; /* pointers to IPv4 and IPV6 data */ + int node_num[2]; /* which node this was in the tree, + or -1 for glue nodes */ +} isc_radix_node_t; + +#define RADIX_TREE_MAGIC ISC_MAGIC('R','d','x','T'); +#define RADIX_TREE_VALID(a) ISC_MAGIC_VALID(a, RADIX_TREE_MAGIC); + +typedef struct isc_radix_tree { + unsigned int magic; + isc_mem_t *mctx; + isc_radix_node_t *head; + isc_uint32_t maxbits; /* for IP, 32 bit addresses */ + int num_active_node; /* for debugging purposes */ + int num_added_node; /* total number of nodes */ +} isc_radix_tree_t; + +isc_result_t +isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target, + isc_prefix_t *prefix); +/*%< + * Search 'radix' for the best match to 'prefix'. + * Return the node found in '*target'. + * + * Requires: + * \li 'radix' to be valid. + * \li 'target' is not NULL and "*target" is NULL. + * \li 'prefix' to be valid. + * + * Returns: + * \li ISC_R_NOTFOUND + * \li ISC_R_SUCCESS + */ + +isc_result_t +isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target, + isc_radix_node_t *source, isc_prefix_t *prefix); +/*%< + * Insert 'source' or 'prefix' into the radix tree 'radix'. + * Return the node added in 'target'. + * + * Requires: + * \li 'radix' to be valid. + * \li 'target' is not NULL and "*target" is NULL. + * \li 'prefix' to be valid or 'source' to be non NULL and contain + * a valid prefix. + * + * Returns: + * \li ISC_R_NOMEMORY + * \li ISC_R_SUCCESS + */ + +void +isc_radix_remove(isc_radix_tree_t *radix, isc_radix_node_t *node); +/*%< + * Remove the node 'node' from the radix tree 'radix'. + * + * Requires: + * \li 'radix' to be valid. + * \li 'node' to be valid. + */ + +isc_result_t +isc_radix_create(isc_mem_t *mctx, isc_radix_tree_t **target, int maxbits); +/*%< + * Create a radix tree with a maximum depth of 'maxbits'; + * + * Requires: + * \li 'mctx' to be valid. + * \li 'target' to be non NULL and '*target' to be NULL. + * \li 'maxbits' to be less than or equal to RADIX_MAXBITS. + * + * Returns: + * \li ISC_R_NOMEMORY + * \li ISC_R_SUCCESS + */ + +void +isc_radix_destroy(isc_radix_tree_t *radix, isc_radix_destroyfunc_t func); +/*%< + * Destroy a radix tree optionally calling 'func' to clean up node data. + * + * Requires: + * \li 'radix' to be valid. + */ + +void +isc_radix_process(isc_radix_tree_t *radix, isc_radix_processfunc_t func); +/*%< + * Walk a radix tree calling 'func' to process node data. + * + * Requires: + * \li 'radix' to be valid. + * \li 'func' to point to a function. + */ + +#define RADIX_MAXBITS 128 +#define RADIX_NBIT(x) (0x80 >> ((x) & 0x7f)) +#define RADIX_NBYTE(x) ((x) >> 3) + +#define RADIX_DATA_GET(node, type) (type *)((node)->data) +#define RADIX_DATA_SET(node, value) ((node)->data = (void *)(value)) + +#define RADIX_WALK(Xhead, Xnode) \ + do { \ + isc_radix_node_t *Xstack[RADIX_MAXBITS+1]; \ + isc_radix_node_t **Xsp = Xstack; \ + isc_radix_node_t *Xrn = (Xhead); \ + while ((Xnode = Xrn)) { \ + if (Xnode->prefix) + +#define RADIX_WALK_ALL(Xhead, Xnode) \ +do { \ + isc_radix_node_t *Xstack[RADIX_MAXBITS+1]; \ + isc_radix_node_t **Xsp = Xstack; \ + isc_radix_node_t *Xrn = (Xhead); \ + while ((Xnode = Xrn)) { \ + if (1) + +#define RADIX_WALK_BREAK { \ + if (Xsp != Xstack) { \ + Xrn = *(--Xsp); \ + } else { \ + Xrn = (radix_node_t *) 0; \ + } \ + continue; } + +#define RADIX_WALK_END \ + if (Xrn->l) { \ + if (Xrn->r) { \ + *Xsp++ = Xrn->r; \ + } \ + Xrn = Xrn->l; \ + } else if (Xrn->r) { \ + Xrn = Xrn->r; \ + } else if (Xsp != Xstack) { \ + Xrn = *(--Xsp); \ + } else { \ + Xrn = (isc_radix_node_t *) 0; \ + } \ + } \ + } while (0) + +#endif /* _RADIX_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/random.h b/contrib/bind-9.5.2/lib/isc/include/isc/random.h similarity index 77% rename from contrib/bind-9.3/lib/isc/include/isc/random.h rename to contrib/bind-9.5.2/lib/isc/include/isc/random.h index ee416c5b2f..82ba366eeb 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/random.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/random.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: random.h,v 1.11.206.1 2004/03/06 08:14:46 marka Exp $ */ +/* $Id: random.h,v 1.18.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_RANDOM_H #define ISC_RANDOM_H 1 @@ -23,9 +23,11 @@ #include #include -/* - * Implements a random state pool which will let the caller return a - * series of possibly non-reproducable random values. Note that the +/*! \file isc/random.h + * \brief Implements a random state pool which will let the caller return a + * series of possibly non-reproducible random values. + * + * Note that the * strength of these numbers is not all that high, and should not be * used in cryptography functions. It is useful for jittering values * a bit here and there, such as timeouts, etc. @@ -35,13 +37,13 @@ ISC_LANG_BEGINDECLS void isc_random_seed(isc_uint32_t seed); -/* +/*%< * Set the initial seed of the random state. */ void isc_random_get(isc_uint32_t *val); -/* +/*%< * Get a random value. * * Requires: @@ -50,7 +52,7 @@ isc_random_get(isc_uint32_t *val); isc_uint32_t isc_random_jitter(isc_uint32_t max, isc_uint32_t jitter); -/* +/*%< * Get a random value between (max - jitter) and (max). * This is useful for jittering timer values. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/ratelimiter.h b/contrib/bind-9.5.2/lib/isc/include/isc/ratelimiter.h similarity index 76% rename from contrib/bind-9.3/lib/isc/include/isc/ratelimiter.h rename to contrib/bind-9.5.2/lib/isc/include/isc/ratelimiter.h index 2acab34b5a..6fc954679a 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/ratelimiter.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/ratelimiter.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ratelimiter.h,v 1.13.14.3 2004/03/08 09:04:53 marka Exp $ */ +/* $Id: ratelimiter.h,v 1.21.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_RATELIMITER_H #define ISC_RATELIMITER_H 1 @@ -24,8 +24,8 @@ ***** Module Info *****/ -/* - * A rate limiter is a mechanism for dispatching events at a limited +/*! \file isc/ratelimiter.h + * \brief A rate limiter is a mechanism for dispatching events at a limited * rate. This is intended to be used when sending zone maintenance * SOA queries, NOTIFY messages, etc. */ @@ -46,14 +46,14 @@ ISC_LANG_BEGINDECLS isc_result_t isc_ratelimiter_create(isc_mem_t *mctx, isc_timermgr_t *timermgr, isc_task_t *task, isc_ratelimiter_t **ratelimiterp); -/* +/*%< * Create a rate limiter. The execution interval is initially undefined. */ isc_result_t isc_ratelimiter_setinterval(isc_ratelimiter_t *rl, isc_interval_t *interval); -/* - * Set the mininum interval between event executions. +/*!< + * Set the minimum interval between event executions. * The interval value is copied, so the caller need not preserve it. * * Requires: @@ -62,7 +62,7 @@ isc_ratelimiter_setinterval(isc_ratelimiter_t *rl, isc_interval_t *interval); void isc_ratelimiter_setpertic(isc_ratelimiter_t *rl, isc_uint32_t perint); -/* +/*%< * Set the number of events processed per interval timer tick. * If 'perint' is zero it is treated as 1. */ @@ -70,8 +70,10 @@ isc_ratelimiter_setpertic(isc_ratelimiter_t *rl, isc_uint32_t perint); isc_result_t isc_ratelimiter_enqueue(isc_ratelimiter_t *rl, isc_task_t *task, isc_event_t **eventp); -/* - * Queue an event for rate-limited execution. This is similar +/*%< + * Queue an event for rate-limited execution. + * + * This is similar * to doing an isc_task_send() to the 'task', except that the * execution may be delayed to achieve the desired rate of * execution. @@ -80,50 +82,50 @@ isc_ratelimiter_enqueue(isc_ratelimiter_t *rl, isc_task_t *task, * must ensure that the task exists until the event is delivered. * * Requires: - * An interval has been set by calling + *\li An interval has been set by calling * isc_ratelimiter_setinterval(). * - * 'task' to be non NULL. - * '(*eventp)->ev_sender' to be NULL. + *\li 'task' to be non NULL. + *\li '(*eventp)->ev_sender' to be NULL. */ void isc_ratelimiter_shutdown(isc_ratelimiter_t *ratelimiter); -/* +/*%< * Shut down a rate limiter. * * Ensures: - * All events that have not yet been + *\li All events that have not yet been * dispatched to the task are dispatched immediately with - * the ISC_EVENTATTR_CANCELED bit set in ev_attributes. + * the #ISC_EVENTATTR_CANCELED bit set in ev_attributes. * - * Further attempts to enqueue events will fail with - * ISC_R_SHUTTINGDOWN. + *\li Further attempts to enqueue events will fail with + * #ISC_R_SHUTTINGDOWN. * - * The reatelimiter is no longer attached to its task. + *\li The rate limiter is no longer attached to its task. */ void isc_ratelimiter_attach(isc_ratelimiter_t *source, isc_ratelimiter_t **target); -/* +/*%< * Attach to a rate limiter. */ void isc_ratelimiter_detach(isc_ratelimiter_t **ratelimiterp); -/* +/*%< * Detach from a rate limiter. */ isc_result_t isc_ratelimiter_stall(isc_ratelimiter_t *rl); -/* +/*%< * Stall event processing. */ isc_result_t isc_ratelimiter_release(isc_ratelimiter_t *rl); -/* +/*%< * Release a stalled rate limiter. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/refcount.h b/contrib/bind-9.5.2/lib/isc/include/isc/refcount.h similarity index 54% rename from contrib/bind-9.3/lib/isc/include/isc/refcount.h rename to contrib/bind-9.5.2/lib/isc/include/isc/refcount.h index d2c7b6f5ca..6ab14ae732 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/refcount.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/refcount.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: refcount.h,v 1.3.2.2.2.2 2004/04/14 05:12:25 marka Exp $ */ +/* $Id: refcount.h,v 1.15 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_REFCOUNT_H #define ISC_REFCOUNT_H 1 +#include #include #include #include #include #include -/* - * Implements a locked reference counter. These functions may actually be +/*! \file isc/refcount.h + * \brief Implements a locked reference counter. + * + * These functions may actually be * implemented using macros, and implementations of these macros are below. * The isc_refcount_t type should not be accessed directly, as its contents * depend on the implementation. @@ -39,8 +42,8 @@ ISC_LANG_BEGINDECLS * Function prototypes */ -/* - * void +/* + * isc_result_t * isc_refcount_init(isc_refcount_t *ref, unsigned int n); * * Initialize the reference counter. There will be 'n' initial references. @@ -63,9 +66,14 @@ ISC_LANG_BEGINDECLS /* * void * isc_refcount_increment(isc_refcount_t *ref, unsigned int *targetp); + * isc_refcount_increment0(isc_refcount_t *ref, unsigned int *targetp); * * Increments the reference count, returning the new value in targetp if it's - * not NULL. + * not NULL. The reference counter typically begins with the initial counter + * of 1, and will be destroyed once the counter reaches 0. Thus, + * isc_refcount_increment() additionally requires the previous counter be + * larger than 0 so that an error which violates the usage can be easily + * caught. isc_refcount_increment0() does not have this restriction. * * Requires: * ref != NULL. @@ -87,20 +95,54 @@ ISC_LANG_BEGINDECLS * Sample implementations */ #ifdef ISC_PLATFORM_USETHREADS +#ifdef ISC_PLATFORM_HAVEXADD + +#define ISC_REFCOUNT_HAVEATOMIC 1 typedef struct isc_refcount { - int refs; - isc_mutex_t lock; + isc_int32_t refs; } isc_refcount_t; -#define isc_refcount_init(rp, n) \ - do { \ - isc_result_t _r; \ - (rp)->refs = (n); \ - _r = isc_mutex_init(&(rp)->lock); \ - RUNTIME_CHECK(_r == ISC_R_SUCCESS); \ +#define isc_refcount_destroy(rp) (REQUIRE((rp)->refs == 0)) +#define isc_refcount_current(rp) ((unsigned int)((rp)->refs)) + +#define isc_refcount_increment0(rp, tp) \ + do { \ + unsigned int *_tmp = (unsigned int *)(tp); \ + isc_int32_t prev; \ + prev = isc_atomic_xadd(&(rp)->refs, 1); \ + if (_tmp != NULL) \ + *_tmp = prev + 1; \ } while (0) +#define isc_refcount_increment(rp, tp) \ + do { \ + unsigned int *_tmp = (unsigned int *)(tp); \ + isc_int32_t prev; \ + prev = isc_atomic_xadd(&(rp)->refs, 1); \ + REQUIRE(prev > 0); \ + if (_tmp != NULL) \ + *_tmp = prev + 1; \ + } while (0) + +#define isc_refcount_decrement(rp, tp) \ + do { \ + unsigned int *_tmp = (unsigned int *)(tp); \ + isc_int32_t prev; \ + prev = isc_atomic_xadd(&(rp)->refs, -1); \ + REQUIRE(prev > 0); \ + if (_tmp != NULL) \ + *_tmp = prev - 1; \ + } while (0) + +#else /* ISC_PLATFORM_HAVEXADD */ + +typedef struct isc_refcount { + int refs; + isc_mutex_t lock; +} isc_refcount_t; + +/*% Destroys a reference counter. */ #define isc_refcount_destroy(rp) \ do { \ REQUIRE((rp)->refs == 0); \ @@ -109,6 +151,17 @@ typedef struct isc_refcount { #define isc_refcount_current(rp) ((unsigned int)((rp)->refs)) +/*% Increments the reference count, returning the new value in targetp if it's not NULL. */ +#define isc_refcount_increment0(rp, tp) \ + do { \ + unsigned int *_tmp = (unsigned int *)(tp); \ + LOCK(&(rp)->lock); \ + ++((rp)->refs); \ + if (_tmp != NULL) \ + *_tmp = ((rp)->refs); \ + UNLOCK(&(rp)->lock); \ + } while (0) + #define isc_refcount_increment(rp, tp) \ do { \ unsigned int *_tmp = (unsigned int *)(tp); \ @@ -120,6 +173,7 @@ typedef struct isc_refcount { UNLOCK(&(rp)->lock); \ } while (0) +/*% Decrements the reference count, returning the new value in targetp if it's not NULL. */ #define isc_refcount_decrement(rp, tp) \ do { \ unsigned int *_tmp = (unsigned int *)(tp); \ @@ -131,17 +185,17 @@ typedef struct isc_refcount { UNLOCK(&(rp)->lock); \ } while (0) -#else +#endif /* ISC_PLATFORM_HAVEXADD */ +#else /* ISC_PLATFORM_USETHREADS */ typedef struct isc_refcount { int refs; } isc_refcount_t; -#define isc_refcount_init(rp, n) ((rp)->refs = (n)) #define isc_refcount_destroy(rp) (REQUIRE((rp)->refs == 0)) #define isc_refcount_current(rp) ((unsigned int)((rp)->refs)) -#define isc_refcount_increment(rp, tp) \ +#define isc_refcount_increment0(rp, tp) \ do { \ unsigned int *_tmp = (unsigned int *)(tp); \ int _n = ++(rp)->refs; \ @@ -149,15 +203,30 @@ typedef struct isc_refcount { *_tmp = _n; \ } while (0) +#define isc_refcount_increment(rp, tp) \ + do { \ + unsigned int *_tmp = (unsigned int *)(tp); \ + int _n; \ + REQUIRE((rp)->refs > 0); \ + _n = ++(rp)->refs; \ + if (_tmp != NULL) \ + *_tmp = _n; \ + } while (0) + #define isc_refcount_decrement(rp, tp) \ do { \ unsigned int *_tmp = (unsigned int *)(tp); \ - int _n = --(rp)->refs; \ + int _n; \ + REQUIRE((rp)->refs > 0); \ + _n = --(rp)->refs; \ if (_tmp != NULL) \ *_tmp = _n; \ } while (0) -#endif +#endif /* ISC_PLATFORM_USETHREADS */ + +isc_result_t +isc_refcount_init(isc_refcount_t *ref, unsigned int n); ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/region.h b/contrib/bind-9.5.2/lib/isc/include/isc/region.h similarity index 81% rename from contrib/bind-9.3/lib/isc/include/isc/region.h rename to contrib/bind-9.5.2/lib/isc/include/isc/region.h index 5622394aaf..43d8f8f2d3 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/region.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/region.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: region.h,v 1.16.12.3 2004/03/08 09:04:53 marka Exp $ */ +/* $Id: region.h,v 1.25 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_REGION_H #define ISC_REGION_H 1 +/*! \file isc/region.h */ + #include struct isc_region { @@ -45,7 +47,8 @@ struct isc_consttextregion { unsigned int length; }; -/* +/*@{*/ +/*! * The region structure is not opaque, and is usually directly manipulated. * Some macros are defined below for convenience. */ @@ -76,20 +79,21 @@ struct isc_consttextregion { _r->base += _l; \ _r->length -= _l; \ } while (0) +/*@}*/ int isc_region_compare(isc_region_t *r1, isc_region_t *r2); -/* +/*%< * Compares the contents of two regions * * Requires: - * 'r1' is a valid region - * 'r2' is a valid region + *\li 'r1' is a valid region + *\li 'r2' is a valid region * * Returns: - * < 0 if r1 is lexicographically less than r2 - * = 0 if r1 is lexicographically identical to r2 - * > 0 if r1 is lexicographically greater than r2 + *\li < 0 if r1 is lexicographically less than r2 + *\li = 0 if r1 is lexicographically identical to r2 + *\li > 0 if r1 is lexicographically greater than r2 */ #endif /* ISC_REGION_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/resource.h b/contrib/bind-9.5.2/lib/isc/include/isc/resource.h similarity index 57% rename from contrib/bind-9.3/lib/isc/include/isc/resource.h rename to contrib/bind-9.5.2/lib/isc/include/isc/resource.h index 2c2a82981c..61dcafffca 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/resource.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/resource.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resource.h,v 1.4.206.1 2004/03/06 08:14:47 marka Exp $ */ +/* $Id: resource.h,v 1.11.128.2 2008/08/01 23:46:30 tbox Exp $ */ #ifndef ISC_RESOURCE_H #define ISC_RESOURCE_H 1 +/*! \file isc/resource.h */ + #include #include @@ -29,40 +31,40 @@ ISC_LANG_BEGINDECLS isc_result_t isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value); -/* +/*%< * Set the maximum limit for a system resource. * * Notes: - * If 'value' exceeds the maximum possible on the operating system, + *\li If 'value' exceeds the maximum possible on the operating system, * it is silently limited to that maximum -- or to "infinity", if - * the operating system has that concept. ISC_RESOURCE_UNLIMITED + * the operating system has that concept. #ISC_RESOURCE_UNLIMITED * can be used to explicitly ask for the maximum. * * Requires: - * 'resource' is a valid member of the isc_resource_t enumeration. + *\li 'resource' is a valid member of the isc_resource_t enumeration. * * Returns: - * ISC_R_SUCCESS Success. - * ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. - * ISC_R_NOPERM The calling process did not have adequate permission + *\li #ISC_R_SUCCESS Success. + *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. + *\li #ISC_R_NOPERM The calling process did not have adequate permission * to change the resource limit. */ isc_result_t isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value); -/* +/*%< * Get the maximum limit for a system resource. * * Notes: - * 'value' is set to the maximum limit. + *\li 'value' is set to the maximum limit. * - * ISC_RESOURCE_UNLIMITED is the maximum value of isc_resourcevalue_t. + *\li #ISC_RESOURCE_UNLIMITED is the maximum value of isc_resourcevalue_t. * - * On many (all?) Unix systems, RLIM_INFINITY is a valid value that is - * significantly less than ISC_RESOURCE_UNLIMITED, but which in practice + *\li On many (all?) Unix systems, RLIM_INFINITY is a valid value that is + * significantly less than #ISC_RESOURCE_UNLIMITED, but which in practice * behaves the same. * - * The current ISC libdns configuration file parser assigns a value + *\li The current ISC libdns configuration file parser assigns a value * of ISC_UINT32_MAX for a size_spec of "unlimited" and ISC_UNIT32_MAX - 1 * for "default", the latter of which is supposed to represent "the * limit that was in force when the server started". Since these are @@ -72,11 +74,21 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value); * discrete integral values or generalized concepts. * * Requires: - * 'resource' is a valid member of the isc_resource_t enumeration. + *\li 'resource' is a valid member of the isc_resource_t enumeration. + * + * Returns: + *\li #ISC_R_SUCCESS Success. + *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. + */ + +isc_result_t +isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value); +/*%< + * Same as isc_resource_getlimit(), but returns the current (soft) limit. * * Returns: - * ISC_R_SUCCESS Success. - * ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. + *\li #ISC_R_SUCCESS Success. + *\li #ISC_R_NOTIMPLEMENTED 'resource' is not a type known by the OS. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/result.h b/contrib/bind-9.5.2/lib/isc/include/isc/result.h new file mode 100644 index 0000000000..5b650851e4 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/result.h @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1998-2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: result.h,v 1.69 2007/06/19 23:47:18 tbox Exp $ */ + +#ifndef ISC_RESULT_H +#define ISC_RESULT_H 1 + +/*! \file isc/result.h */ + +#include +#include + +#define ISC_R_SUCCESS 0 /*%< success */ +#define ISC_R_NOMEMORY 1 /*%< out of memory */ +#define ISC_R_TIMEDOUT 2 /*%< timed out */ +#define ISC_R_NOTHREADS 3 /*%< no available threads */ +#define ISC_R_ADDRNOTAVAIL 4 /*%< address not available */ +#define ISC_R_ADDRINUSE 5 /*%< address in use */ +#define ISC_R_NOPERM 6 /*%< permission denied */ +#define ISC_R_NOCONN 7 /*%< no pending connections */ +#define ISC_R_NETUNREACH 8 /*%< network unreachable */ +#define ISC_R_HOSTUNREACH 9 /*%< host unreachable */ +#define ISC_R_NETDOWN 10 /*%< network down */ +#define ISC_R_HOSTDOWN 11 /*%< host down */ +#define ISC_R_CONNREFUSED 12 /*%< connection refused */ +#define ISC_R_NORESOURCES 13 /*%< not enough free resources */ +#define ISC_R_EOF 14 /*%< end of file */ +#define ISC_R_BOUND 15 /*%< socket already bound */ +#define ISC_R_RELOAD 16 /*%< reload */ +#define ISC_R_LOCKBUSY 17 /*%< lock busy */ +#define ISC_R_EXISTS 18 /*%< already exists */ +#define ISC_R_NOSPACE 19 /*%< ran out of space */ +#define ISC_R_CANCELED 20 /*%< operation canceled */ +#define ISC_R_NOTBOUND 21 /*%< socket is not bound */ +#define ISC_R_SHUTTINGDOWN 22 /*%< shutting down */ +#define ISC_R_NOTFOUND 23 /*%< not found */ +#define ISC_R_UNEXPECTEDEND 24 /*%< unexpected end of input */ +#define ISC_R_FAILURE 25 /*%< generic failure */ +#define ISC_R_IOERROR 26 /*%< I/O error */ +#define ISC_R_NOTIMPLEMENTED 27 /*%< not implemented */ +#define ISC_R_UNBALANCED 28 /*%< unbalanced parentheses */ +#define ISC_R_NOMORE 29 /*%< no more */ +#define ISC_R_INVALIDFILE 30 /*%< invalid file */ +#define ISC_R_BADBASE64 31 /*%< bad base64 encoding */ +#define ISC_R_UNEXPECTEDTOKEN 32 /*%< unexpected token */ +#define ISC_R_QUOTA 33 /*%< quota reached */ +#define ISC_R_UNEXPECTED 34 /*%< unexpected error */ +#define ISC_R_ALREADYRUNNING 35 /*%< already running */ +#define ISC_R_IGNORE 36 /*%< ignore */ +#define ISC_R_MASKNONCONTIG 37 /*%< addr mask not contiguous */ +#define ISC_R_FILENOTFOUND 38 /*%< file not found */ +#define ISC_R_FILEEXISTS 39 /*%< file already exists */ +#define ISC_R_NOTCONNECTED 40 /*%< socket is not connected */ +#define ISC_R_RANGE 41 /*%< out of range */ +#define ISC_R_NOENTROPY 42 /*%< out of entropy */ +#define ISC_R_MULTICAST 43 /*%< invalid use of multicast */ +#define ISC_R_NOTFILE 44 /*%< not a file */ +#define ISC_R_NOTDIRECTORY 45 /*%< not a directory */ +#define ISC_R_QUEUEFULL 46 /*%< queue is full */ +#define ISC_R_FAMILYMISMATCH 47 /*%< address family mismatch */ +#define ISC_R_FAMILYNOSUPPORT 48 /*%< AF not supported */ +#define ISC_R_BADHEX 49 /*%< bad hex encoding */ +#define ISC_R_TOOMANYOPENFILES 50 /*%< too many open files */ +#define ISC_R_NOTBLOCKING 51 /*%< not blocking */ +#define ISC_R_UNBALANCEDQUOTES 52 /*%< unbalanced quotes */ +#define ISC_R_INPROGRESS 53 /*%< operation in progress */ +#define ISC_R_CONNECTIONRESET 54 /*%< connection reset */ +#define ISC_R_SOFTQUOTA 55 /*%< soft quota reached */ +#define ISC_R_BADNUMBER 56 /*%< not a valid number */ +#define ISC_R_DISABLED 57 /*%< disabled */ +#define ISC_R_MAXSIZE 58 /*%< max size */ +#define ISC_R_BADADDRESSFORM 59 /*%< invalid address format */ + +/*% Not a result code: the number of results. */ +#define ISC_R_NRESULTS 60 + +ISC_LANG_BEGINDECLS + +const char * +isc_result_totext(isc_result_t); +/*%< + * Convert an isc_result_t into a string message describing the result. + */ + +isc_result_t +isc_result_register(unsigned int base, unsigned int nresults, + const char **text, isc_msgcat_t *msgcat, int set); + +ISC_LANG_ENDDECLS + +#endif /* ISC_RESULT_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/resultclass.h b/contrib/bind-9.5.2/lib/isc/include/isc/resultclass.h similarity index 85% rename from contrib/bind-9.3/lib/isc/include/isc/resultclass.h rename to contrib/bind-9.5.2/lib/isc/include/isc/resultclass.h index adb53383a6..b32426fee2 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/resultclass.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/resultclass.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,21 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resultclass.h,v 1.11.206.1 2004/03/06 08:14:47 marka Exp $ */ +/* $Id: resultclass.h,v 1.18 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_RESULTCLASS_H #define ISC_RESULTCLASS_H 1 -/***** - ***** Registry of Predefined Result Type Classes - *****/ -/* +/*! \file isc/resultclass.h + * \brief Registry of Predefined Result Type Classes + * * A result class number is an unsigned 16 bit number. Each class may * contain up to 65536 results. A result code is formed by adding the * result number within the class to the class number multiplied by 65536. + * + * Classes < 1024 are reserved for ISC use. + * Result classes >= 1024 and <= 65535 are reserved for application use. */ #define ISC_RESULTCLASS_FROMNUM(num) ((num) << 16) @@ -36,9 +38,6 @@ #define ISC_RESULTCLASS_INCLASS(rclass, result) \ ((rclass) == ((result) & 0xFFFF0000)) -/* - * Classes < 1024 are reserved for ISC use. - */ #define ISC_RESULTCLASS_ISC ISC_RESULTCLASS_FROMNUM(0) #define ISC_RESULTCLASS_DNS ISC_RESULTCLASS_FROMNUM(1) @@ -47,8 +46,5 @@ #define ISC_RESULTCLASS_OMAPI ISC_RESULTCLASS_FROMNUM(4) #define ISC_RESULTCLASS_ISCCC ISC_RESULTCLASS_FROMNUM(5) -/* - * Result classes >= 1024 and <= 65535 are reserved for application use. - */ #endif /* ISC_RESULTCLASS_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/rwlock.h b/contrib/bind-9.5.2/lib/isc/include/isc/rwlock.h similarity index 59% rename from contrib/bind-9.3/lib/isc/include/isc/rwlock.h rename to contrib/bind-9.5.2/lib/isc/include/isc/rwlock.h index 44edfcc68b..28052cdd7f 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/rwlock.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/rwlock.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rwlock.h,v 1.18.2.3.2.1 2004/03/06 08:14:47 marka Exp $ */ +/* $Id: rwlock.h,v 1.28 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_RWLOCK_H #define ISC_RWLOCK_H 1 +/*! \file isc/rwlock.h */ + #include #include #include @@ -34,19 +36,56 @@ typedef enum { } isc_rwlocktype_t; #ifdef ISC_PLATFORM_USETHREADS +#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG) +#define ISC_RWLOCK_USEATOMIC 1 +#endif + struct isc_rwlock { /* Unlocked. */ unsigned int magic; isc_mutex_t lock; + +#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG) + /* + * When some atomic instructions with hardware assistance are + * available, rwlock will use those so that concurrent readers do not + * interfere with each other through mutex as long as no writers + * appear, massively reducing the lock overhead in the typical case. + * + * The basic algorithm of this approach is the "simple + * writer-preference lock" shown in the following URL: + * http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html + * but our implementation does not rely on the spin lock unlike the + * original algorithm to be more portable as a user space application. + */ + + /* Read or modified atomically. */ + isc_int32_t write_requests; + isc_int32_t write_completions; + isc_int32_t cnt_and_flag; + /* Locked by lock. */ isc_condition_t readable; isc_condition_t writeable; + unsigned int readers_waiting; + + /* Locked by rwlock itself. */ + unsigned int write_granted; + + /* Unlocked. */ + unsigned int write_quota; + +#else /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */ + + /*%< Locked by lock. */ + isc_condition_t readable; + isc_condition_t writeable; isc_rwlocktype_t type; - /* The number of threads that have the lock. */ + /*% The number of threads that have the lock. */ unsigned int active; - /* + /*% * The number of lock grants made since the lock was last switched * from reading to writing or vice versa; used in determining * when the quota is reached and it is time to switch. @@ -58,6 +97,7 @@ struct isc_rwlock { unsigned int read_quota; unsigned int write_quota; isc_rwlocktype_t original; +#endif /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */ }; #else /* ISC_PLATFORM_USETHREADS */ struct isc_rwlock { diff --git a/contrib/bind-9.3/lib/isc/include/isc/serial.h b/contrib/bind-9.5.2/lib/isc/include/isc/serial.h similarity index 82% rename from contrib/bind-9.3/lib/isc/include/isc/serial.h rename to contrib/bind-9.5.2/lib/isc/include/isc/serial.h index cb054a6f7d..93d9a2b50b 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/serial.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/serial.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: serial.h,v 1.9.206.1 2004/03/06 08:14:48 marka Exp $ */ +/* $Id: serial.h,v 1.16.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_SERIAL_H #define ISC_SERIAL_H 1 @@ -23,9 +23,8 @@ #include #include -/* - * Implement 32 bit serial space arithmetic comparision functions. - * +/*! \file isc/serial.h + * \brief Implement 32 bit serial space arithmetic comparison functions. * Note: Undefined results are returned as ISC_FALSE. */ @@ -37,37 +36,37 @@ ISC_LANG_BEGINDECLS isc_boolean_t isc_serial_lt(isc_uint32_t a, isc_uint32_t b); -/* +/*%< * Return true if 'a' < 'b' otherwise false. */ isc_boolean_t isc_serial_gt(isc_uint32_t a, isc_uint32_t b); -/* +/*%< * Return true if 'a' > 'b' otherwise false. */ isc_boolean_t isc_serial_le(isc_uint32_t a, isc_uint32_t b); -/* +/*%< * Return true if 'a' <= 'b' otherwise false. */ isc_boolean_t isc_serial_ge(isc_uint32_t a, isc_uint32_t b); -/* +/*%< * Return true if 'a' >= 'b' otherwise false. */ isc_boolean_t isc_serial_eq(isc_uint32_t a, isc_uint32_t b); -/* +/*%< * Return true if 'a' == 'b' otherwise false. */ isc_boolean_t isc_serial_ne(isc_uint32_t a, isc_uint32_t b); -/* +/*%< * Return true if 'a' != 'b' otherwise false. */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/sha1.h b/contrib/bind-9.5.2/lib/isc/include/isc/sha1.h similarity index 74% rename from contrib/bind-9.3/lib/isc/include/isc/sha1.h rename to contrib/bind-9.5.2/lib/isc/include/isc/sha1.h index 935578b23b..63f12bb1e0 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/sha1.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/sha1.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,25 +18,26 @@ #ifndef ISC_SHA1_H #define ISC_SHA1_H 1 -/* $Id: sha1.h,v 1.8.206.1 2004/03/06 08:14:48 marka Exp $ */ +/* $Id: sha1.h,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ /* $NetBSD: sha1.h,v 1.2 1998/05/29 22:55:44 thorpej Exp $ */ -/* - * SHA-1 in C - * By Steve Reid - * 100% Public Domain +/*! \file isc/sha1.h + * \brief SHA-1 in C + * \author By Steve Reid + * \note 100% Public Domain */ #include #include -#define ISC_SHA1_DIGESTLENGTH 20 +#define ISC_SHA1_DIGESTLENGTH 20U +#define ISC_SHA1_BLOCK_LENGTH 64U typedef struct { isc_uint32_t state[5]; isc_uint32_t count[2]; - unsigned char buffer[64]; + unsigned char buffer[ISC_SHA1_BLOCK_LENGTH]; } isc_sha1_t; ISC_LANG_BEGINDECLS diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/sha2.h b/contrib/bind-9.5.2/lib/isc/include/isc/sha2.h new file mode 100644 index 0000000000..203600fda3 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/sha2.h @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: sha2.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */ + +/* $FreeBSD: src/sys/crypto/sha2/sha2.h,v 1.1.2.1 2001/07/03 11:01:36 ume Exp $ */ +/* $KAME: sha2.h,v 1.3 2001/03/12 08:27:48 itojun Exp $ */ + +/* + * sha2.h + * + * Version 1.0.0beta1 + * + * Written by Aaron D. Gifford + * + * Copyright 2000 Aaron D. Gifford. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#ifndef ISC_SHA2_H +#define ISC_SHA2_H + +#include +#include + +/*** SHA-224/256/384/512 Various Length Definitions ***********************/ + +#define ISC_SHA224_BLOCK_LENGTH 64U +#define ISC_SHA224_DIGESTLENGTH 28U +#define ISC_SHA224_DIGESTSTRINGLENGTH (ISC_SHA224_DIGESTLENGTH * 2 + 1) +#define ISC_SHA256_BLOCK_LENGTH 64U +#define ISC_SHA256_DIGESTLENGTH 32U +#define ISC_SHA256_DIGESTSTRINGLENGTH (ISC_SHA256_DIGESTLENGTH * 2 + 1) +#define ISC_SHA384_BLOCK_LENGTH 128 +#define ISC_SHA384_DIGESTLENGTH 48U +#define ISC_SHA384_DIGESTSTRINGLENGTH (ISC_SHA384_DIGESTLENGTH * 2 + 1) +#define ISC_SHA512_BLOCK_LENGTH 128U +#define ISC_SHA512_DIGESTLENGTH 64U +#define ISC_SHA512_DIGESTSTRINGLENGTH (ISC_SHA512_DIGESTLENGTH * 2 + 1) + + +ISC_LANG_BEGINDECLS + +/*** SHA-256/384/512 Context Structures *******************************/ + +/* + * Keep buffer immediately after bitcount to preserve alignment. + */ +typedef struct { + isc_uint32_t state[8]; + isc_uint64_t bitcount; + isc_uint8_t buffer[ISC_SHA256_BLOCK_LENGTH]; +} isc_sha256_t; + +/* + * Keep buffer immediately after bitcount to preserve alignment. + */ +typedef struct { + isc_uint64_t state[8]; + isc_uint64_t bitcount[2]; + isc_uint8_t buffer[ISC_SHA512_BLOCK_LENGTH]; +} isc_sha512_t; + +typedef isc_sha256_t isc_sha224_t; +typedef isc_sha512_t isc_sha384_t; + +/*** SHA-224/256/384/512 Function Prototypes ******************************/ + +void isc_sha224_init (isc_sha224_t *); +void isc_sha224_update (isc_sha224_t *, const isc_uint8_t *, size_t); +void isc_sha224_final (isc_uint8_t[ISC_SHA224_DIGESTLENGTH], isc_sha224_t *); +char *isc_sha224_end (isc_sha224_t *, char[ISC_SHA224_DIGESTSTRINGLENGTH]); +char *isc_sha224_data (const isc_uint8_t *, size_t, char[ISC_SHA224_DIGESTSTRINGLENGTH]); + +void isc_sha256_init (isc_sha256_t *); +void isc_sha256_update (isc_sha256_t *, const isc_uint8_t *, size_t); +void isc_sha256_final (isc_uint8_t[ISC_SHA256_DIGESTLENGTH], isc_sha256_t *); +char *isc_sha256_end (isc_sha256_t *, char[ISC_SHA256_DIGESTSTRINGLENGTH]); +char *isc_sha256_data (const isc_uint8_t *, size_t, char[ISC_SHA256_DIGESTSTRINGLENGTH]); + +void isc_sha384_init (isc_sha384_t *); +void isc_sha384_update (isc_sha384_t *, const isc_uint8_t *, size_t); +void isc_sha384_final (isc_uint8_t[ISC_SHA384_DIGESTLENGTH], isc_sha384_t *); +char *isc_sha384_end (isc_sha384_t *, char[ISC_SHA384_DIGESTSTRINGLENGTH]); +char *isc_sha384_data (const isc_uint8_t *, size_t, char[ISC_SHA384_DIGESTSTRINGLENGTH]); + +void isc_sha512_init (isc_sha512_t *); +void isc_sha512_update (isc_sha512_t *, const isc_uint8_t *, size_t); +void isc_sha512_final (isc_uint8_t[ISC_SHA512_DIGESTLENGTH], isc_sha512_t *); +char *isc_sha512_end (isc_sha512_t *, char[ISC_SHA512_DIGESTSTRINGLENGTH]); +char *isc_sha512_data (const isc_uint8_t *, size_t, char[ISC_SHA512_DIGESTSTRINGLENGTH]); + +ISC_LANG_ENDDECLS + +#endif /* ISC_SHA2_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/sockaddr.h b/contrib/bind-9.5.2/lib/isc/include/isc/sockaddr.h similarity index 71% rename from contrib/bind-9.3/lib/isc/include/isc/sockaddr.h rename to contrib/bind-9.5.2/lib/isc/include/isc/sockaddr.h index 88e45940ca..13e07214f4 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/sockaddr.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/sockaddr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,20 +15,28 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sockaddr.h,v 1.35.12.10 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: sockaddr.h,v 1.55.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_SOCKADDR_H #define ISC_SOCKADDR_H 1 +/*! \file isc/sockaddr.h */ + #include #include #include +#ifdef ISC_PLATFORM_HAVESYSUNH +#include +#endif struct isc_sockaddr { union { struct sockaddr sa; struct sockaddr_in sin; struct sockaddr_in6 sin6; +#ifdef ISC_PLATFORM_HAVESYSUNH + struct sockaddr_un sunix; +#endif } type; unsigned int length; /* XXXRTH beginning? */ ISC_LINK(struct isc_sockaddr) link; @@ -36,17 +44,36 @@ struct isc_sockaddr { typedef ISC_LIST(struct isc_sockaddr) isc_sockaddrlist_t; +#define ISC_SOCKADDR_CMPADDR 0x0001 /*%< compare the address + * sin_addr/sin6_addr */ +#define ISC_SOCKADDR_CMPPORT 0x0002 /*%< compare the port + * sin_port/sin6_port */ +#define ISC_SOCKADDR_CMPSCOPE 0x0004 /*%< compare the scope + * sin6_scope */ +#define ISC_SOCKADDR_CMPSCOPEZERO 0x0008 /*%< when comparing scopes + * zero scopes always match */ + ISC_LANG_BEGINDECLS +isc_boolean_t +isc_sockaddr_compare(const isc_sockaddr_t *a, const isc_sockaddr_t *b, + unsigned int flags); +/*%< + * Compare the elements of the two address ('a' and 'b') as specified + * by 'flags' and report if they are equal or not. + * + * 'flags' is set from ISC_SOCKADDR_CMP*. + */ + isc_boolean_t isc_sockaddr_equal(const isc_sockaddr_t *a, const isc_sockaddr_t *b); -/* +/*%< * Return ISC_TRUE iff the socket addresses 'a' and 'b' are equal. */ isc_boolean_t isc_sockaddr_eqaddr(const isc_sockaddr_t *a, const isc_sockaddr_t *b); -/* +/*%< * Return ISC_TRUE iff the address parts of the socket addresses * 'a' and 'b' are equal, ignoring the ports. */ @@ -54,14 +81,15 @@ isc_sockaddr_eqaddr(const isc_sockaddr_t *a, const isc_sockaddr_t *b); isc_boolean_t isc_sockaddr_eqaddrprefix(const isc_sockaddr_t *a, const isc_sockaddr_t *b, unsigned int prefixlen); -/* +/*%< * Return ISC_TRUE iff the most significant 'prefixlen' bits of the * socket addresses 'a' and 'b' are equal, ignoring the ports. + * If 'b''s scope is zero then 'a''s scope will be ignored. */ unsigned int isc_sockaddr_hash(const isc_sockaddr_t *sockaddr, isc_boolean_t address_only); -/* +/*%< * Return a hash value for the socket address 'sockaddr'. If 'address_only' * is ISC_TRUE, the hash value will not depend on the port. * @@ -71,97 +99,97 @@ isc_sockaddr_hash(const isc_sockaddr_t *sockaddr, isc_boolean_t address_only); void isc_sockaddr_any(isc_sockaddr_t *sockaddr); -/* +/*%< * Return the IPv4 wildcard address. */ void isc_sockaddr_any6(isc_sockaddr_t *sockaddr); -/* +/*%< * Return the IPv6 wildcard address. */ void isc_sockaddr_anyofpf(isc_sockaddr_t *sockaddr, int family); -/* +/*%< * Set '*sockaddr' to the wildcard address of protocol family * 'family'. * * Requires: - * 'family' is AF_INET or AF_INET6. + * \li 'family' is AF_INET or AF_INET6. */ void isc_sockaddr_fromin(isc_sockaddr_t *sockaddr, const struct in_addr *ina, in_port_t port); -/* +/*%< * Construct an isc_sockaddr_t from an IPv4 address and port. */ void isc_sockaddr_fromin6(isc_sockaddr_t *sockaddr, const struct in6_addr *ina6, in_port_t port); -/* +/*%< * Construct an isc_sockaddr_t from an IPv6 address and port. */ void isc_sockaddr_v6fromin(isc_sockaddr_t *sockaddr, const struct in_addr *ina, in_port_t port); -/* +/*%< * Construct an IPv6 isc_sockaddr_t representing a mapped IPv4 address. */ void isc_sockaddr_fromnetaddr(isc_sockaddr_t *sockaddr, const isc_netaddr_t *na, in_port_t port); -/* +/*%< * Construct an isc_sockaddr_t from an isc_netaddr_t and port. */ int isc_sockaddr_pf(const isc_sockaddr_t *sockaddr); -/* +/*%< * Get the protocol family of 'sockaddr'. * * Requires: * - * 'sockaddr' is a valid sockaddr with an address family of AF_INET + *\li 'sockaddr' is a valid sockaddr with an address family of AF_INET * or AF_INET6. * * Returns: * - * The protocol family of 'sockaddr', e.g. PF_INET or PF_INET6. + *\li The protocol family of 'sockaddr', e.g. PF_INET or PF_INET6. */ void isc_sockaddr_setport(isc_sockaddr_t *sockaddr, in_port_t port); -/* +/*%< * Set the port of 'sockaddr' to 'port'. */ in_port_t isc_sockaddr_getport(const isc_sockaddr_t *sockaddr); -/* +/*%< * Get the port stored in 'sockaddr'. */ isc_result_t isc_sockaddr_totext(const isc_sockaddr_t *sockaddr, isc_buffer_t *target); -/* +/*%< * Append a text representation of 'sockaddr' to the buffer 'target'. * The text will include both the IP address (v4 or v6) and the port. * The text is null terminated, but the terminating null is not * part of the buffer's used region. * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOSPACE The text or the null termination did not fit. + * \li ISC_R_SUCCESS + * \li ISC_R_NOSPACE The text or the null termination did not fit. */ void isc_sockaddr_format(const isc_sockaddr_t *sa, char *array, unsigned int size); -/* +/*%< * Format a human-readable representation of the socket address '*sa' * into the character array 'array', which is of size 'size'. * The resulting string is guaranteed to be null-terminated. @@ -169,8 +197,8 @@ isc_sockaddr_format(const isc_sockaddr_t *sa, char *array, unsigned int size); isc_boolean_t isc_sockaddr_ismulticast(const isc_sockaddr_t *sa); -/* - * Returns ISC_TRUE if the address is a multicast address. +/*%< + * Returns #ISC_TRUE if the address is a multicast address. */ isc_boolean_t @@ -181,19 +209,30 @@ isc_sockaddr_isexperimental(const isc_sockaddr_t *sa); isc_boolean_t isc_sockaddr_islinklocal(const isc_sockaddr_t *sa); -/* - * Returns ISC_TRUE if the address is a link local addresss. +/*%< + * Returns ISC_TRUE if the address is a link local address. */ isc_boolean_t isc_sockaddr_issitelocal(const isc_sockaddr_t *sa); -/* +/*%< * Returns ISC_TRUE if the address is a sitelocal address. */ -#define ISC_SOCKADDR_FORMATSIZE \ - sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:XXX.XXX.XXX.XXX#YYYYY%SSSSSSSSSS") +isc_result_t +isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path); /* + * Create a UNIX domain sockaddr that refers to path. + * + * Returns: + * \li ISC_R_NOSPACE + * \li ISC_R_NOTIMPLEMENTED + * \li ISC_R_SUCCESS + */ + +#define ISC_SOCKADDR_FORMATSIZE \ + sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:XXX.XXX.XXX.XXX%SSSSSSSSSS#YYYYY") +/*%< * Minimum size of array to pass to isc_sockaddr_format(). */ diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/socket.h b/contrib/bind-9.5.2/lib/isc/include/isc/socket.h new file mode 100644 index 0000000000..f21faa9f5f --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/socket.h @@ -0,0 +1,1007 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1998-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: socket.h,v 1.72.128.15 2009/01/29 22:41:45 jinmei Exp $ */ + +#ifndef ISC_SOCKET_H +#define ISC_SOCKET_H 1 + +/***** + ***** Module Info + *****/ + +/*! \file isc/socket.h + * \brief Provides TCP and UDP sockets for network I/O. The sockets are event + * sources in the task system. + * + * When I/O completes, a completion event for the socket is posted to the + * event queue of the task which requested the I/O. + * + * \li MP: + * The module ensures appropriate synchronization of data structures it + * creates and manipulates. + * Clients of this module must not be holding a socket's task's lock when + * making a call that affects that socket. Failure to follow this rule + * can result in deadlock. + * The caller must ensure that isc_socketmgr_destroy() is called only + * once for a given manager. + * + * \li Reliability: + * No anticipated impact. + * + * \li Resources: + * TBS + * + * \li Security: + * No anticipated impact. + * + * \li Standards: + * None. + */ + +/*** + *** Imports + ***/ + +#include +#include +#include +#include +#include +#include +#include +#include + +ISC_LANG_BEGINDECLS + +/*** + *** Constants + ***/ + +/*% + * Maximum number of buffers in a scatter/gather read/write. The operating + * system in use must support at least this number (plus one on some.) + */ +#define ISC_SOCKET_MAXSCATTERGATHER 8 + +/*% + * In isc_socket_bind() set socket option SO_REUSEADDR prior to calling + * bind() if a non zero port is specified (AF_INET and AF_INET6). + */ +#define ISC_SOCKET_REUSEADDRESS 0x01U + +/*% + * Statistics counters. Used as isc_statscounter_t values. + */ +enum { + isc_sockstatscounter_udp4open = 0, + isc_sockstatscounter_udp6open = 1, + isc_sockstatscounter_tcp4open = 2, + isc_sockstatscounter_tcp6open = 3, + isc_sockstatscounter_unixopen = 4, + + isc_sockstatscounter_udp4openfail = 5, + isc_sockstatscounter_udp6openfail = 6, + isc_sockstatscounter_tcp4openfail = 7, + isc_sockstatscounter_tcp6openfail = 8, + isc_sockstatscounter_unixopenfail = 9, + + isc_sockstatscounter_udp4close = 10, + isc_sockstatscounter_udp6close = 11, + isc_sockstatscounter_tcp4close = 12, + isc_sockstatscounter_tcp6close = 13, + isc_sockstatscounter_unixclose = 14, + isc_sockstatscounter_fdwatchclose = 15, + + isc_sockstatscounter_udp4bindfail = 16, + isc_sockstatscounter_udp6bindfail = 17, + isc_sockstatscounter_tcp4bindfail = 18, + isc_sockstatscounter_tcp6bindfail = 19, + isc_sockstatscounter_unixbindfail = 20, + isc_sockstatscounter_fdwatchbindfail = 21, + + isc_sockstatscounter_udp4connect = 22, + isc_sockstatscounter_udp6connect = 23, + isc_sockstatscounter_tcp4connect = 24, + isc_sockstatscounter_tcp6connect = 25, + isc_sockstatscounter_unixconnect = 26, + isc_sockstatscounter_fdwatchconnect = 27, + + isc_sockstatscounter_udp4connectfail = 28, + isc_sockstatscounter_udp6connectfail = 29, + isc_sockstatscounter_tcp4connectfail = 30, + isc_sockstatscounter_tcp6connectfail = 31, + isc_sockstatscounter_unixconnectfail = 32, + isc_sockstatscounter_fdwatchconnectfail = 33, + + isc_sockstatscounter_tcp4accept = 34, + isc_sockstatscounter_tcp6accept = 35, + isc_sockstatscounter_unixaccept = 36, + + isc_sockstatscounter_tcp4acceptfail = 37, + isc_sockstatscounter_tcp6acceptfail = 38, + isc_sockstatscounter_unixacceptfail = 39, + + isc_sockstatscounter_udp4sendfail = 40, + isc_sockstatscounter_udp6sendfail = 41, + isc_sockstatscounter_tcp4sendfail = 42, + isc_sockstatscounter_tcp6sendfail = 43, + isc_sockstatscounter_unixsendfail = 44, + isc_sockstatscounter_fdwatchsendfail = 45, + + isc_sockstatscounter_udp4recvfail = 46, + isc_sockstatscounter_udp6recvfail = 47, + isc_sockstatscounter_tcp4recvfail = 48, + isc_sockstatscounter_tcp6recvfail = 49, + isc_sockstatscounter_unixrecvfail = 50, + isc_sockstatscounter_fdwatchrecvfail = 51, + + isc_sockstatscounter_max = 52 +}; + +/*** + *** Types + ***/ + +struct isc_socketevent { + ISC_EVENT_COMMON(isc_socketevent_t); + isc_result_t result; /*%< OK, EOF, whatever else */ + unsigned int minimum; /*%< minimum i/o for event */ + unsigned int n; /*%< bytes read or written */ + unsigned int offset; /*%< offset into buffer list */ + isc_region_t region; /*%< for single-buffer i/o */ + isc_bufferlist_t bufferlist; /*%< list of buffers */ + isc_sockaddr_t address; /*%< source address */ + isc_time_t timestamp; /*%< timestamp of packet recv */ + struct in6_pktinfo pktinfo; /*%< ipv6 pktinfo */ + isc_uint32_t attributes; /*%< see below */ + isc_eventdestructor_t destroy; /*%< original destructor */ +}; + +typedef struct isc_socket_newconnev isc_socket_newconnev_t; +struct isc_socket_newconnev { + ISC_EVENT_COMMON(isc_socket_newconnev_t); + isc_socket_t * newsocket; + isc_result_t result; /*%< OK, EOF, whatever else */ + isc_sockaddr_t address; /*%< source address */ +}; + +typedef struct isc_socket_connev isc_socket_connev_t; +struct isc_socket_connev { + ISC_EVENT_COMMON(isc_socket_connev_t); + isc_result_t result; /*%< OK, EOF, whatever else */ +}; + +/*@{*/ +/*! + * _ATTACHED: Internal use only. + * _TRUNC: Packet was truncated on receive. + * _CTRUNC: Packet control information was truncated. This can + * indicate that the packet is not complete, even though + * all the data is valid. + * _TIMESTAMP: The timestamp member is valid. + * _PKTINFO: The pktinfo member is valid. + * _MULTICAST: The UDP packet was received via a multicast transmission. + */ +#define ISC_SOCKEVENTATTR_ATTACHED 0x80000000U /* internal */ +#define ISC_SOCKEVENTATTR_TRUNC 0x00800000U /* public */ +#define ISC_SOCKEVENTATTR_CTRUNC 0x00400000U /* public */ +#define ISC_SOCKEVENTATTR_TIMESTAMP 0x00200000U /* public */ +#define ISC_SOCKEVENTATTR_PKTINFO 0x00100000U /* public */ +#define ISC_SOCKEVENTATTR_MULTICAST 0x00080000U /* public */ +/*@}*/ + +#define ISC_SOCKEVENT_ANYEVENT (0) +#define ISC_SOCKEVENT_RECVDONE (ISC_EVENTCLASS_SOCKET + 1) +#define ISC_SOCKEVENT_SENDDONE (ISC_EVENTCLASS_SOCKET + 2) +#define ISC_SOCKEVENT_NEWCONN (ISC_EVENTCLASS_SOCKET + 3) +#define ISC_SOCKEVENT_CONNECT (ISC_EVENTCLASS_SOCKET + 4) + +/* + * Internal events. + */ +#define ISC_SOCKEVENT_INTR (ISC_EVENTCLASS_SOCKET + 256) +#define ISC_SOCKEVENT_INTW (ISC_EVENTCLASS_SOCKET + 257) + +typedef enum { + isc_sockettype_udp = 1, + isc_sockettype_tcp = 2, + isc_sockettype_unix = 3, + isc_sockettype_fdwatch = 4 +} isc_sockettype_t; + +/*@{*/ +/*! + * How a socket should be shutdown in isc_socket_shutdown() calls. + */ +#define ISC_SOCKSHUT_RECV 0x00000001 /*%< close read side */ +#define ISC_SOCKSHUT_SEND 0x00000002 /*%< close write side */ +#define ISC_SOCKSHUT_ALL 0x00000003 /*%< close them all */ +/*@}*/ + +/*@{*/ +/*! + * What I/O events to cancel in isc_socket_cancel() calls. + */ +#define ISC_SOCKCANCEL_RECV 0x00000001 /*%< cancel recv */ +#define ISC_SOCKCANCEL_SEND 0x00000002 /*%< cancel send */ +#define ISC_SOCKCANCEL_ACCEPT 0x00000004 /*%< cancel accept */ +#define ISC_SOCKCANCEL_CONNECT 0x00000008 /*%< cancel connect */ +#define ISC_SOCKCANCEL_ALL 0x0000000f /*%< cancel everything */ +/*@}*/ + +/*@{*/ +/*! + * Flags for isc_socket_send() and isc_socket_recv() calls. + */ +#define ISC_SOCKFLAG_IMMEDIATE 0x00000001 /*%< send event only if needed */ +#define ISC_SOCKFLAG_NORETRY 0x00000002 /*%< drop failed UDP sends */ +/*@}*/ + +/*@{*/ +/*! + * Flags for fdwatchcreate. + */ +#define ISC_SOCKFDWATCH_READ 0x00000001 /*%< watch for readable */ +#define ISC_SOCKFDWATCH_WRITE 0x00000002 /*%< watch for writable */ +/*@}*/ + +/*** + *** Socket and Socket Manager Functions + *** + *** Note: all Ensures conditions apply only if the result is success for + *** those functions which return an isc_result. + ***/ + +isc_result_t +isc_socket_fdwatchcreate(isc_socketmgr_t *manager, + int fd, + int flags, + isc_sockfdwatch_t callback, + void *cbarg, + isc_task_t *task, + isc_socket_t **socketp); +/*%< + * Create a new file descriptor watch socket managed by 'manager'. + * + * Note: + * + *\li 'fd' is the already-opened file descriptor. + *\li This function is not available on Windows. + *\li The callback function is called "in-line" - this means the function + * needs to return as fast as possible, as all other I/O will be suspended + * until the callback completes. + * + * Requires: + * + *\li 'manager' is a valid manager + * + *\li 'socketp' is a valid pointer, and *socketp == NULL + * + *\li 'fd' be opened. + * + * Ensures: + * + * '*socketp' is attached to the newly created fdwatch socket + * + * Returns: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_NORESOURCES + *\li #ISC_R_UNEXPECTED + */ + +isc_result_t +isc_socket_create(isc_socketmgr_t *manager, + int pf, + isc_sockettype_t type, + isc_socket_t **socketp); +/*%< + * Create a new 'type' socket managed by 'manager'. + * + * For isc_sockettype_fdwatch sockets you should use isc_socket_fdwatchcreate() + * rather than isc_socket_create(). + * + * Note: + * + *\li 'pf' is the desired protocol family, e.g. PF_INET or PF_INET6. + * + * Requires: + * + *\li 'manager' is a valid manager + * + *\li 'socketp' is a valid pointer, and *socketp == NULL + * + *\li 'type' is not isc_sockettype_fdwatch + * + * Ensures: + * + * '*socketp' is attached to the newly created socket + * + * Returns: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_NORESOURCES + *\li #ISC_R_UNEXPECTED + */ + +void +isc_socket_cancel(isc_socket_t *sock, isc_task_t *task, + unsigned int how); +/*%< + * Cancel pending I/O of the type specified by "how". + * + * Note: if "task" is NULL, then the cancel applies to all tasks using the + * socket. + * + * Requires: + * + * \li "socket" is a valid socket + * + * \li "task" is NULL or a valid task + * + * "how" is a bitmask describing the type of cancelation to perform. + * The type ISC_SOCKCANCEL_ALL will cancel all pending I/O on this + * socket. + * + * \li ISC_SOCKCANCEL_RECV: + * Cancel pending isc_socket_recv() calls. + * + * \li ISC_SOCKCANCEL_SEND: + * Cancel pending isc_socket_send() and isc_socket_sendto() calls. + * + * \li ISC_SOCKCANCEL_ACCEPT: + * Cancel pending isc_socket_accept() calls. + * + * \li ISC_SOCKCANCEL_CONNECT: + * Cancel pending isc_socket_connect() call. + */ + +void +isc_socket_shutdown(isc_socket_t *sock, unsigned int how); +/*%< + * Shutdown 'socket' according to 'how'. + * + * Requires: + * + * \li 'socket' is a valid socket. + * + * \li 'task' is NULL or is a valid task. + * + * \li If 'how' is 'ISC_SOCKSHUT_RECV' or 'ISC_SOCKSHUT_ALL' then + * + * The read queue must be empty. + * + * No further read requests may be made. + * + * \li If 'how' is 'ISC_SOCKSHUT_SEND' or 'ISC_SOCKSHUT_ALL' then + * + * The write queue must be empty. + * + * No further write requests may be made. + */ + +void +isc_socket_attach(isc_socket_t *sock, isc_socket_t **socketp); +/*%< + * Attach *socketp to socket. + * + * Requires: + * + * \li 'socket' is a valid socket. + * + * \li 'socketp' points to a NULL socket. + * + * Ensures: + * + * \li *socketp is attached to socket. + */ + +void +isc_socket_detach(isc_socket_t **socketp); +/*%< + * Detach *socketp from its socket. + * + * Requires: + * + * \li 'socketp' points to a valid socket. + * + * \li If '*socketp' is the last reference to the socket, + * then: + * + * There must be no pending I/O requests. + * + * Ensures: + * + * \li *socketp is NULL. + * + * \li If '*socketp' is the last reference to the socket, + * then: + * + * The socket will be shutdown (both reading and writing) + * for all tasks. + * + * All resources used by the socket have been freed + */ + +isc_result_t +isc_socket_open(isc_socket_t *sock); +/*%< + * Open a new socket file descriptor of the given socket structure. It simply + * opens a new descriptor; all of the other parameters including the socket + * type are inherited from the existing socket. This function is provided to + * avoid overhead of destroying and creating sockets when many short-lived + * sockets are frequently opened and closed. When the efficiency is not an + * issue, it should be safer to detach the unused socket and re-create a new + * one. This optimization may not be available for some systems, in which + * case this function will return ISC_R_NOTIMPLEMENTED and must not be used. + * + * isc_socket_open() should not be called on sockets created by + * isc_socket_fdwatchcreate(). + * + * Requires: + * + * \li there must be no other reference to this socket. + * + * \li 'socket' is a valid and previously closed by isc_socket_close() + * + * \li 'sock->type' is not isc_sockettype_fdwatch + * + * Returns: + * Same as isc_socket_create(). + * \li ISC_R_NOTIMPLEMENTED + */ + +isc_result_t +isc_socket_close(isc_socket_t *sock); +/*%< + * Close a socket file descriptor of the given socket structure. This function + * is provided as an alternative to destroying an unused socket when overhead + * destroying/re-creating sockets can be significant, and is expected to be + * used with isc_socket_open(). This optimization may not be available for some + * systems, in which case this function will return ISC_R_NOTIMPLEMENTED and + * must not be used. + * + * isc_socket_close() should not be called on sockets created by + * isc_socket_fdwatchcreate(). + * + * Requires: + * + * \li The socket must have a valid descriptor. + * + * \li There must be no other reference to this socket. + * + * \li There must be no pending I/O requests. + * + * \li 'sock->type' is not isc_sockettype_fdwatch + * + * Returns: + * \li #ISC_R_NOTIMPLEMENTED + */ + +isc_result_t +isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp, + unsigned int options); +/*%< + * Bind 'socket' to '*addressp'. + * + * Requires: + * + * \li 'socket' is a valid socket + * + * \li 'addressp' points to a valid isc_sockaddr. + * + * Returns: + * + * \li ISC_R_SUCCESS + * \li ISC_R_NOPERM + * \li ISC_R_ADDRNOTAVAIL + * \li ISC_R_ADDRINUSE + * \li ISC_R_BOUND + * \li ISC_R_UNEXPECTED + */ + +isc_result_t +isc_socket_filter(isc_socket_t *sock, const char *filter); +/*%< + * Inform the kernel that it should perform accept filtering. + * If filter is NULL the current filter will be removed.:w + */ + +isc_result_t +isc_socket_listen(isc_socket_t *sock, unsigned int backlog); +/*%< + * Set listen mode on the socket. After this call, the only function that + * can be used (other than attach and detach) is isc_socket_accept(). + * + * Notes: + * + * \li 'backlog' is as in the UNIX system call listen() and may be + * ignored by non-UNIX implementations. + * + * \li If 'backlog' is zero, a reasonable system default is used, usually + * SOMAXCONN. + * + * Requires: + * + * \li 'socket' is a valid, bound TCP socket or a valid, bound UNIX socket. + * + * Returns: + * + * \li ISC_R_SUCCESS + * \li ISC_R_UNEXPECTED + */ + +isc_result_t +isc_socket_accept(isc_socket_t *sock, + isc_task_t *task, isc_taskaction_t action, const void *arg); +/*%< + * Queue accept event. When a new connection is received, the task will + * get an ISC_SOCKEVENT_NEWCONN event with the sender set to the listen + * socket. The new socket structure is sent inside the isc_socket_newconnev_t + * event type, and is attached to the task 'task'. + * + * REQUIRES: + * \li 'socket' is a valid TCP socket that isc_socket_listen() was called + * on. + * + * \li 'task' is a valid task + * + * \li 'action' is a valid action + * + * RETURNS: + * \li ISC_R_SUCCESS + * \li ISC_R_NOMEMORY + * \li ISC_R_UNEXPECTED + */ + +isc_result_t +isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addressp, + isc_task_t *task, isc_taskaction_t action, + const void *arg); +/*%< + * Connect 'socket' to peer with address *saddr. When the connection + * succeeds, or when an error occurs, a CONNECT event with action 'action' + * and arg 'arg' will be posted to the event queue for 'task'. + * + * Requires: + * + * \li 'socket' is a valid TCP socket + * + * \li 'addressp' points to a valid isc_sockaddr + * + * \li 'task' is a valid task + * + * \li 'action' is a valid action + * + * Returns: + * + * \li ISC_R_SUCCESS + * \li ISC_R_NOMEMORY + * \li ISC_R_UNEXPECTED + * + * Posted event's result code: + * + * \li ISC_R_SUCCESS + * \li ISC_R_TIMEDOUT + * \li ISC_R_CONNREFUSED + * \li ISC_R_NETUNREACH + * \li ISC_R_UNEXPECTED + */ + +isc_result_t +isc_socket_getpeername(isc_socket_t *sock, isc_sockaddr_t *addressp); +/*%< + * Get the name of the peer connected to 'socket'. + * + * Requires: + * + * \li 'socket' is a valid TCP socket. + * + * Returns: + * + * \li ISC_R_SUCCESS + * \li ISC_R_TOOSMALL + * \li ISC_R_UNEXPECTED + */ + +isc_result_t +isc_socket_getsockname(isc_socket_t *sock, isc_sockaddr_t *addressp); +/*%< + * Get the name of 'socket'. + * + * Requires: + * + * \li 'socket' is a valid socket. + * + * Returns: + * + * \li ISC_R_SUCCESS + * \li ISC_R_TOOSMALL + * \li ISC_R_UNEXPECTED + */ + +/*@{*/ +isc_result_t +isc_socket_recv(isc_socket_t *sock, isc_region_t *region, + unsigned int minimum, + isc_task_t *task, isc_taskaction_t action, const void *arg); +isc_result_t +isc_socket_recvv(isc_socket_t *sock, isc_bufferlist_t *buflist, + unsigned int minimum, + isc_task_t *task, isc_taskaction_t action, const void *arg); + +isc_result_t +isc_socket_recv2(isc_socket_t *sock, isc_region_t *region, + unsigned int minimum, isc_task_t *task, + isc_socketevent_t *event, unsigned int flags); + +/*! + * Receive from 'socket', storing the results in region. + * + * Notes: + * + *\li Let 'length' refer to the length of 'region' or to the sum of all + * available regions in the list of buffers '*buflist'. + * + *\li If 'minimum' is non-zero and at least that many bytes are read, + * the completion event will be posted to the task 'task.' If minimum + * is zero, the exact number of bytes requested in the region must + * be read for an event to be posted. This only makes sense for TCP + * connections, and is always set to 1 byte for UDP. + * + *\li The read will complete when the desired number of bytes have been + * read, if end-of-input occurs, or if an error occurs. A read done + * event with the given 'action' and 'arg' will be posted to the + * event queue of 'task'. + * + *\li The caller may not modify 'region', the buffers which are passed + * into this function, or any data they refer to until the completion + * event is received. + * + *\li For isc_socket_recvv(): + * On successful completion, '*buflist' will be empty, and the list of + * all buffers will be returned in the done event's 'bufferlist' + * member. On error return, '*buflist' will be unchanged. + * + *\li For isc_socket_recv2(): + * 'event' is not NULL, and the non-socket specific fields are + * expected to be initialized. + * + *\li For isc_socket_recv2(): + * The only defined value for 'flags' is ISC_SOCKFLAG_IMMEDIATE. If + * set and the operation completes, the return value will be + * ISC_R_SUCCESS and the event will be filled in and not sent. If the + * operation does not complete, the return value will be + * ISC_R_INPROGRESS and the event will be sent when the operation + * completes. + * + * Requires: + * + *\li 'socket' is a valid, bound socket. + * + *\li For isc_socket_recv(): + * 'region' is a valid region + * + *\li For isc_socket_recvv(): + * 'buflist' is non-NULL, and '*buflist' contain at least one buffer. + * + *\li 'task' is a valid task + * + *\li For isc_socket_recv() and isc_socket_recvv(): + * action != NULL and is a valid action + * + *\li For isc_socket_recv2(): + * event != NULL + * + * Returns: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_INPROGRESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED + * + * Event results: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_UNEXPECTED + *\li XXX needs other net-type errors + */ +/*@}*/ + +/*@{*/ +isc_result_t +isc_socket_send(isc_socket_t *sock, isc_region_t *region, + isc_task_t *task, isc_taskaction_t action, const void *arg); +isc_result_t +isc_socket_sendto(isc_socket_t *sock, isc_region_t *region, + isc_task_t *task, isc_taskaction_t action, const void *arg, + isc_sockaddr_t *address, struct in6_pktinfo *pktinfo); +isc_result_t +isc_socket_sendv(isc_socket_t *sock, isc_bufferlist_t *buflist, + isc_task_t *task, isc_taskaction_t action, const void *arg); +isc_result_t +isc_socket_sendtov(isc_socket_t *sock, isc_bufferlist_t *buflist, + isc_task_t *task, isc_taskaction_t action, const void *arg, + isc_sockaddr_t *address, struct in6_pktinfo *pktinfo); +isc_result_t +isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region, + isc_task_t *task, + isc_sockaddr_t *address, struct in6_pktinfo *pktinfo, + isc_socketevent_t *event, unsigned int flags); + +/*! + * Send the contents of 'region' to the socket's peer. + * + * Notes: + * + *\li Shutting down the requestor's task *may* result in any + * still pending writes being dropped or completed, depending on the + * underlying OS implementation. + * + *\li If 'action' is NULL, then no completion event will be posted. + * + *\li The caller may not modify 'region', the buffers which are passed + * into this function, or any data they refer to until the completion + * event is received. + * + *\li For isc_socket_sendv() and isc_socket_sendtov(): + * On successful completion, '*buflist' will be empty, and the list of + * all buffers will be returned in the done event's 'bufferlist' + * member. On error return, '*buflist' will be unchanged. + * + *\li For isc_socket_sendto2(): + * 'event' is not NULL, and the non-socket specific fields are + * expected to be initialized. + * + *\li For isc_socket_sendto2(): + * The only defined values for 'flags' are ISC_SOCKFLAG_IMMEDIATE + * and ISC_SOCKFLAG_NORETRY. + * + *\li If ISC_SOCKFLAG_IMMEDIATE is set and the operation completes, the + * return value will be ISC_R_SUCCESS and the event will be filled + * in and not sent. If the operation does not complete, the return + * value will be ISC_R_INPROGRESS and the event will be sent when + * the operation completes. + * + *\li ISC_SOCKFLAG_NORETRY can only be set for UDP sockets. If set + * and the send operation fails due to a transient error, the send + * will not be retried and the error will be indicated in the event. + * Using this option along with ISC_SOCKFLAG_IMMEDIATE allows the caller + * to specify a region that is allocated on the stack. + * + * Requires: + * + *\li 'socket' is a valid, bound socket. + * + *\li For isc_socket_send(): + * 'region' is a valid region + * + *\li For isc_socket_sendv() and isc_socket_sendtov(): + * 'buflist' is non-NULL, and '*buflist' contain at least one buffer. + * + *\li 'task' is a valid task + * + *\li For isc_socket_sendv(), isc_socket_sendtov(), isc_socket_send(), and + * isc_socket_sendto(): + * action == NULL or is a valid action + * + *\li For isc_socket_sendto2(): + * event != NULL + * + * Returns: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_INPROGRESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED + * + * Event results: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_UNEXPECTED + *\li XXX needs other net-type errors + */ +/*@}*/ + +isc_result_t +isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp); + +isc_result_t +isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp, + unsigned int maxsocks); +/*%< + * Create a socket manager. If "maxsocks" is non-zero, it specifies the + * maximum number of sockets that the created manager should handle. + * isc_socketmgr_create() is equivalent of isc_socketmgr_create2() with + * "maxsocks" being zero. + * + * Notes: + * + *\li All memory will be allocated in memory context 'mctx'. + * + * Requires: + * + *\li 'mctx' is a valid memory context. + * + *\li 'managerp' points to a NULL isc_socketmgr_t. + * + * Ensures: + * + *\li '*managerp' is a valid isc_socketmgr_t. + * + * Returns: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED + *\li #ISC_R_NOTIMPLEMENTED + */ + +isc_result_t +isc_socketmgr_getmaxsockets(isc_socketmgr_t *manager, unsigned int *nsockp); +/*%< + * Returns in "*nsockp" the maximum number of sockets this manager may open. + * + * Requires: + * + *\li '*manager' is a valid isc_socketmgr_t. + *\li 'nsockp' is not NULL. + * + * Returns: + * + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOTIMPLEMENTED + */ + +void +isc_socketmgr_setstats(isc_socketmgr_t *manager, isc_stats_t *stats); +/*%< + * Set a general socket statistics counter set 'stats' for 'manager'. + * + * Requires: + * \li 'manager' is valid, hasn't opened any socket, and doesn't have + * stats already set. + * + *\li stats is a valid statistics supporting socket statistics counters + * (see above). + */ + +void +isc_socketmgr_destroy(isc_socketmgr_t **managerp); +/*%< + * Destroy a socket manager. + * + * Notes: + * + *\li This routine blocks until there are no sockets left in the manager, + * so if the caller holds any socket references using the manager, it + * must detach them before calling isc_socketmgr_destroy() or it will + * block forever. + * + * Requires: + * + *\li '*managerp' is a valid isc_socketmgr_t. + * + *\li All sockets managed by this manager are fully detached. + * + * Ensures: + * + *\li *managerp == NULL + * + *\li All resources used by the manager have been freed. + */ + +isc_sockettype_t +isc_socket_gettype(isc_socket_t *sock); +/*%< + * Returns the socket type for "sock." + * + * Requires: + * + *\li "sock" is a valid socket. + */ + +/*@{*/ +isc_boolean_t +isc_socket_isbound(isc_socket_t *sock); + +void +isc_socket_ipv6only(isc_socket_t *sock, isc_boolean_t yes); +/*%< + * If the socket is an IPv6 socket set/clear the IPV6_IPV6ONLY socket + * option if the host OS supports this option. + * + * Requires: + *\li 'sock' is a valid socket. + */ +/*@}*/ + +void +isc_socket_cleanunix(isc_sockaddr_t *addr, isc_boolean_t active); + +/*%< + * Cleanup UNIX domain sockets in the file-system. If 'active' is true + * then just unlink the socket. If 'active' is false try to determine + * if there is a listener of the socket or not. If no listener is found + * then unlink socket. + * + * Prior to unlinking the path is tested to see if it a socket. + * + * Note: there are a number of race conditions which cannot be avoided + * both in the filesystem and any application using UNIX domain + * sockets (e.g. socket is tested between bind() and listen(), + * the socket is deleted and replaced in the file-system between + * stat() and unlink()). + */ + +isc_result_t +isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm, + isc_uint32_t owner, isc_uint32_t group); +/*%< + * Set ownership and file permissions on the UNIX domain socket. + * + * Note: On Solaris and SunOS this secures the directory containing + * the socket as Solaris and SunOS do not honour the filesystem + * permissions on the socket. + * + * Requires: + * \li 'sockaddr' to be a valid UNIX domain sockaddr. + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_FAILURE + */ + +void isc_socket_setname(isc_socket_t *socket, const char *name, void *tag); +/*%< + * Set the name and optional tag for a socket. This allows tracking of the + * owner or purpose for this socket, and is useful for tracing and statistics + * reporting. + */ + +const char *isc_socket_getname(isc_socket_t *socket); +/*%< + * Get the name associated with a socket, if any. + */ + +void *isc_socket_gettag(isc_socket_t *socket); +/*%< + * Get the tag associated with a socket, if any. + */ + +void +isc__socketmgr_setreserved(isc_socketmgr_t *mgr, isc_uint32_t); +/*%< + * Temporary. For use by named only. + */ + +#ifdef HAVE_LIBXML2 + +void +isc_socketmgr_renderxml(isc_socketmgr_t *mgr, xmlTextWriterPtr writer); +/*%< + * Render internal statistics and other state into the XML document. + */ + +#endif /* HAVE_LIBXML2 */ + +ISC_LANG_ENDDECLS + +#endif /* ISC_SOCKET_H */ diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/stats.h b/contrib/bind-9.5.2/lib/isc/include/isc/stats.h new file mode 100644 index 0000000000..3255bc7468 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/stats.h @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: stats.h,v 1.4.4.2 2009/01/29 23:47:14 tbox Exp $ */ + +#ifndef ISC_STATS_H +#define ISC_STATS_H 1 + +/*! \file isc/stats.h */ + +#include + +ISC_LANG_BEGINDECLS + +/*%< + * Flag(s) for isc_stats_dump(). + */ +#define ISC_STATSDUMP_VERBOSE 0x00000001 /*%< dump 0-value counters */ + +/*%< + * Dump callback type. + */ +typedef void (*isc_stats_dumper_t)(isc_statscounter_t, isc_uint64_t, void *); + +isc_result_t +isc_stats_create(isc_mem_t *mctx, isc_stats_t **statsp, int ncounters); +/*%< + * Create a statistics counter structure of general type. It counts a general + * set of counters indexed by an ID between 0 and ncounters -1. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +void +isc_stats_attach(isc_stats_t *stats, isc_stats_t **statsp); +/*%< + * Attach to a statistics set. + * + * Requires: + *\li 'stats' is a valid isc_stats_t. + * + *\li 'statsp' != NULL && '*statsp' == NULL + */ + +void +isc_stats_detach(isc_stats_t **statsp); +/*%< + * Detaches from the statistics set. + * + * Requires: + *\li 'statsp' != NULL and '*statsp' is a valid isc_stats_t. + */ + +int +isc_stats_ncounters(isc_stats_t *stats); +/*%< + * Returns the number of counters contained in stats. + * + * Requires: + *\li 'stats' is a valid isc_stats_t. + * + */ + +void +isc_stats_increment(isc_stats_t *stats, isc_statscounter_t counter); +/*%< + * Increment the counter-th counter of stats. + * + * Requires: + *\li 'stats' is a valid isc_stats_t. + * + *\li counter is less than the maximum available ID for the stats specified + * on creation. + */ + +void +isc_stats_decrement(isc_stats_t *stats, isc_statscounter_t counter); +/*%< + * Decrement the counter-th counter of stats. + * + * Requires: + *\li 'stats' is a valid isc_stats_t. + */ + +void +isc_stats_dump(isc_stats_t *stats, isc_stats_dumper_t dump_fn, void *arg, + unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with its current value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * Requires: + *\li 'stats' is a valid isc_stats_t. + */ + +ISC_LANG_ENDDECLS + +#endif /* ISC_STATS_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/stdio.h b/contrib/bind-9.5.2/lib/isc/include/isc/stdio.h similarity index 81% rename from contrib/bind-9.3/lib/isc/include/isc/stdio.h rename to contrib/bind-9.5.2/lib/isc/include/isc/stdio.h index 7dad28483e..1a7ae642d5 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/stdio.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/stdio.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdio.h,v 1.6.206.1 2004/03/06 08:14:48 marka Exp $ */ +/* $Id: stdio.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_STDIO_H #define ISC_STDIO_H 1 +/*! \file isc/stdio.h */ + +/*% + * These functions are wrappers around the corresponding stdio functions. + * + * They return a detailed error code in the form of an an isc_result_t. ANSI C + * does not guarantee that stdio functions set errno, hence these functions + * must use platform dependent methods (e.g., the POSIX errno) to construct the + * error code. + */ + #include #include @@ -27,36 +38,35 @@ ISC_LANG_BEGINDECLS +/*% Open */ isc_result_t isc_stdio_open(const char *filename, const char *mode, FILE **fp); +/*% Close */ isc_result_t isc_stdio_close(FILE *f); +/*% Seek */ isc_result_t isc_stdio_seek(FILE *f, long offset, int whence); +/*% Read */ isc_result_t isc_stdio_read(void *ptr, size_t size, size_t nmemb, FILE *f, size_t *nret); +/*% Write */ isc_result_t isc_stdio_write(const void *ptr, size_t size, size_t nmemb, FILE *f, size_t *nret); +/*% Flush */ isc_result_t isc_stdio_flush(FILE *f); -/* - * These functions are wrappers around the corresponding stdio functions, - * returning a detailed error code in the form of an an isc_result_t. ANSI C - * does not guarantee that stdio functions set errno, hence these functions - * must use platform dependent methods (e.g., the POSIX errno) to construct the - * error code. - */ isc_result_t isc_stdio_sync(FILE *f); -/* +/*%< * Invoke fsync() on the file descriptor underlying an stdio stream, or an * equivalent system-dependent operation. Note that this function has no * direct counterpart in the stdio library. diff --git a/contrib/bind-9.3/lib/isc/include/isc/stdlib.h b/contrib/bind-9.5.2/lib/isc/include/isc/stdlib.h similarity index 81% rename from contrib/bind-9.3/lib/isc/include/isc/stdlib.h rename to contrib/bind-9.5.2/lib/isc/include/isc/stdlib.h index 7b75584a3c..02243f0863 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/stdlib.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/stdlib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdlib.h,v 1.1.32.2 2004/03/06 08:14:48 marka Exp $ */ +/* $Id: stdlib.h,v 1.8 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_STDLIB_H #define ISC_STDLIB_H 1 +/*! \file isc/stdlib.h */ + #include #include diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/string.h b/contrib/bind-9.5.2/lib/isc/include/isc/string.h new file mode 100644 index 0000000000..b49fdbc327 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/string.h @@ -0,0 +1,231 @@ +/* + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: string.h,v 1.23 2007/09/13 04:48:16 each Exp $ */ + +#ifndef ISC_STRING_H +#define ISC_STRING_H 1 + +/*! \file isc/string.h */ + +#include +#include +#include +#include +#include + +#include + +#ifdef ISC_PLATFORM_HAVESTRINGSH +#include +#endif + +#define ISC_STRING_MAGIC 0x5e + +ISC_LANG_BEGINDECLS + +isc_uint64_t +isc_string_touint64(char *source, char **endp, int base); +/*%< + * Convert the string pointed to by 'source' to isc_uint64_t. + * + * On successful conversion 'endp' points to the first character + * after conversion is complete. + * + * 'base': 0 or 2..36 + * + * If base is 0 the base is computed from the string type. + * + * On error 'endp' points to 'source'. + */ + +isc_result_t +isc_string_copy(char *target, size_t size, const char *source); +/* + * Copy the string pointed to by 'source' to 'target' which is a + * pointer to a string of at least 'size' bytes. + * + * Requires: + * 'target' is a pointer to a char[] of at least 'size' bytes. + * 'size' an integer > 0. + * 'source' == NULL or points to a NUL terminated string. + * + * Ensures: + * If result == ISC_R_SUCCESS + * 'target' will be a NUL terminated string of no more + * than 'size' bytes (including NUL). + * + * If result == ISC_R_NOSPACE + * 'target' is undefined. + * + * Returns: + * ISC_R_SUCCESS -- 'source' was successfully copied to 'target'. + * ISC_R_NOSPACE -- 'source' could not be copied since 'target' + * is too small. + */ + +void +isc_string_copy_truncate(char *target, size_t size, const char *source); +/* + * Copy the string pointed to by 'source' to 'target' which is a + * pointer to a string of at least 'size' bytes. + * + * Requires: + * 'target' is a pointer to a char[] of at least 'size' bytes. + * 'size' an integer > 0. + * 'source' == NULL or points to a NUL terminated string. + * + * Ensures: + * 'target' will be a NUL terminated string of no more + * than 'size' bytes (including NUL). + */ + +isc_result_t +isc_string_append(char *target, size_t size, const char *source); +/* + * Append the string pointed to by 'source' to 'target' which is a + * pointer to a NUL terminated string of at least 'size' bytes. + * + * Requires: + * 'target' is a pointer to a NUL terminated char[] of at + * least 'size' bytes. + * 'size' an integer > 0. + * 'source' == NULL or points to a NUL terminated string. + * + * Ensures: + * If result == ISC_R_SUCCESS + * 'target' will be a NUL terminated string of no more + * than 'size' bytes (including NUL). + * + * If result == ISC_R_NOSPACE + * 'target' is undefined. + * + * Returns: + * ISC_R_SUCCESS -- 'source' was successfully appended to 'target'. + * ISC_R_NOSPACE -- 'source' could not be appended since 'target' + * is too small. + */ + +void +isc_string_append_truncate(char *target, size_t size, const char *source); +/* + * Append the string pointed to by 'source' to 'target' which is a + * pointer to a NUL terminated string of at least 'size' bytes. + * + * Requires: + * 'target' is a pointer to a NUL terminated char[] of at + * least 'size' bytes. + * 'size' an integer > 0. + * 'source' == NULL or points to a NUL terminated string. + * + * Ensures: + * 'target' will be a NUL terminated string of no more + * than 'size' bytes (including NUL). + */ + +isc_result_t +isc_string_printf(char *target, size_t size, const char *format, ...) + ISC_FORMAT_PRINTF(3, 4); +/* + * Print 'format' to 'target' which is a pointer to a string of at least + * 'size' bytes. + * + * Requires: + * 'target' is a pointer to a char[] of at least 'size' bytes. + * 'size' an integer > 0. + * 'format' == NULL or points to a NUL terminated string. + * + * Ensures: + * If result == ISC_R_SUCCESS + * 'target' will be a NUL terminated string of no more + * than 'size' bytes (including NUL). + * + * If result == ISC_R_NOSPACE + * 'target' is undefined. + * + * Returns: + * ISC_R_SUCCESS -- 'format' was successfully printed to 'target'. + * ISC_R_NOSPACE -- 'format' could not be printed to 'target' since it + * is too small. + */ + +void +isc_string_printf_truncate(char *target, size_t size, const char *format, ...) + ISC_FORMAT_PRINTF(3, 4); +/* + * Print 'format' to 'target' which is a pointer to a string of at least + * 'size' bytes. + * + * Requires: + * 'target' is a pointer to a char[] of at least 'size' bytes. + * 'size' an integer > 0. + * 'format' == NULL or points to a NUL terminated string. + * + * Ensures: + * 'target' will be a NUL terminated string of no more + * than 'size' bytes (including NUL). + */ + + +char * +isc_string_regiondup(isc_mem_t *mctx, const isc_region_t *source); +/* + * Copy the region pointed to by r to a NUL terminated string + * allocated from the memory context pointed to by mctx. + * + * The result should be deallocated using isc_mem_free() + * + * Requires: + * 'mctx' is a point to a valid memory context. + * 'source' is a pointer to a valid region. + * + * Returns: + * a pointer to a NUL terminated string or + * NULL if memory for the copy could not be allocated + * + */ + +char * +isc_string_separate(char **stringp, const char *delim); + +#ifdef ISC_PLATFORM_NEEDSTRSEP +#define strsep isc_string_separate +#endif + +#ifdef ISC_PLATFORM_NEEDMEMMOVE +#define memmove(a,b,c) bcopy(b,a,c) +#endif + +size_t +isc_string_strlcpy(char *dst, const char *src, size_t size); + + +#ifdef ISC_PLATFORM_NEEDSTRLCPY +#define strlcpy isc_string_strlcpy +#endif + + +size_t +isc_string_strlcat(char *dst, const char *src, size_t size); + +#ifdef ISC_PLATFORM_NEEDSTRLCAT +#define strlcat isc_string_strlcat +#endif + +ISC_LANG_ENDDECLS + +#endif /* ISC_STRING_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/symtab.h b/contrib/bind-9.5.2/lib/isc/include/isc/symtab.h similarity index 75% rename from contrib/bind-9.3/lib/isc/include/isc/symtab.h rename to contrib/bind-9.5.2/lib/isc/include/isc/symtab.h index b22fe81596..5f38704537 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/symtab.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/symtab.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: symtab.h,v 1.16.206.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: symtab.h,v 1.24.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_SYMTAB_H #define ISC_SYMTAB_H 1 @@ -24,12 +24,10 @@ ***** Module Info *****/ -/* - * Symbol Table - * - * Provides a simple memory-based symbol table. +/*! \file isc/symtab.h + * \brief Provides a simple memory-based symbol table. * - * Keys are C strings, and key comparisons are case-insenstive. A type may + * Keys are C strings, and key comparisons are case-insensitive. A type may * be specified when looking up, defining, or undefining. A type value of * 0 means "match any type"; any other value will only match the given * type. @@ -38,11 +36,11 @@ * tuple when a tuple with the given key and type already exists in the table. * What to do in this case is specified by the client. Possible policies are: * - * isc_symexists_reject Disallow the define, returning ISC_R_EXISTS - * isc_symexists_replace Replace the old value with the new. The + *\li #isc_symexists_reject Disallow the define, returning #ISC_R_EXISTS + *\li #isc_symexists_replace Replace the old value with the new. The * undefine action (if provided) will be called * with the old tuple. - * isc_symexists_add Add the new tuple, leaving the old tuple in + *\li #isc_symexists_add Add the new tuple, leaving the old tuple in * the table. Subsequent lookups will retrieve * the most-recently-defined tuple. * @@ -59,19 +57,19 @@ * undefined. It can be used to free memory associated with keys and/or * values. * - * MP: + * \li MP: * The callers of this module must ensure any required synchronization. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: - * + * \li Resources: + * TBS * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -82,10 +80,10 @@ #include #include -/*** +/* *** Symbol Tables. ***/ - +/*% Symbol table value. */ typedef union isc_symvalue { void * as_pointer; const void * as_cpointer; @@ -95,31 +93,36 @@ typedef union isc_symvalue { typedef void (*isc_symtabaction_t)(char *key, unsigned int type, isc_symvalue_t value, void *userarg); - +/*% Symbol table exists. */ typedef enum { - isc_symexists_reject = 0, - isc_symexists_replace = 1, - isc_symexists_add = 2 + isc_symexists_reject = 0, /*%< Disallow the define */ + isc_symexists_replace = 1, /*%< Replace the old value with the new */ + isc_symexists_add = 2 /*%< Add the new tuple */ } isc_symexists_t; ISC_LANG_BEGINDECLS +/*% Create a symbol table. */ isc_result_t isc_symtab_create(isc_mem_t *mctx, unsigned int size, isc_symtabaction_t undefine_action, void *undefine_arg, isc_boolean_t case_sensitive, isc_symtab_t **symtabp); +/*% Destroy a symbol table. */ void isc_symtab_destroy(isc_symtab_t **symtabp); +/*% Lookup a symbol table. */ isc_result_t isc_symtab_lookup(isc_symtab_t *symtab, const char *key, unsigned int type, isc_symvalue_t *value); +/*% Define a symbol table. */ isc_result_t isc_symtab_define(isc_symtab_t *symtab, const char *key, unsigned int type, isc_symvalue_t value, isc_symexists_t exists_policy); +/*% Undefine a symbol table. */ isc_result_t isc_symtab_undefine(isc_symtab_t *symtab, const char *key, unsigned int type); diff --git a/contrib/bind-9.3/lib/isc/include/isc/task.h b/contrib/bind-9.5.2/lib/isc/include/isc/task.h similarity index 62% rename from contrib/bind-9.3/lib/isc/include/isc/task.h rename to contrib/bind-9.5.2/lib/isc/include/isc/task.h index 0e8190a32e..331d38625d 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/task.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/task.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: task.h,v 1.49.206.3 2004/03/09 05:21:09 marka Exp $ */ +/* $Id: task.h,v 1.61.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISC_TASK_H #define ISC_TASK_H 1 @@ -24,33 +24,55 @@ ***** Module Info *****/ -/* - * Task System - * - * The task system provides a lightweight execution context, which is - * basically an event queue. When a task's event queue is non-empty, the +/*! \file isc/task.h + * \brief The task system provides a lightweight execution context, which is + * basically an event queue. + + * When a task's event queue is non-empty, the * task is runnable. A small work crew of threads, typically one per CPU, * execute runnable tasks by dispatching the events on the tasks' event * queues. Context switching between tasks is fast. * - * MP: + * \li MP: * The module ensures appropriate synchronization of data structures it * creates and manipulates. - * * The caller must ensure that isc_taskmgr_destroy() is called only * once for a given manager. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: - * + * \li Resources: + * TBS * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. + * + * \section purge Purging and Unsending + * + * Events which have been queued for a task but not delivered may be removed + * from the task's event queue by purging or unsending. + * + * With both types, the caller specifies a matching pattern that selects + * events based upon their sender, type, and tag. + * + * Purging calls isc_event_free() on the matching events. + * + * Unsending returns a list of events that matched the pattern. + * The caller is then responsible for them. + * + * Consumers of events should purge, not unsend. + * + * Producers of events often want to remove events when the caller indicates + * it is no longer interested in the object, e.g. by canceling a timer. + * Sometimes this can be done by purging, but for some event types, the + * calls to isc_event_free() cause deadlock because the event free routine + * wants to acquire a lock the caller is already holding. Unsending instead + * of purging solves this problem. As a general rule, producers should only + * unsend events which they have sent. */ @@ -62,6 +84,7 @@ #include #include #include +#include #define ISC_TASKEVENT_FIRSTEVENT (ISC_EVENTCLASS_TASK + 0) #define ISC_TASKEVENT_SHUTDOWN (ISC_EVENTCLASS_TASK + 1) @@ -76,355 +99,335 @@ ISC_LANG_BEGINDECLS isc_result_t isc_task_create(isc_taskmgr_t *manager, unsigned int quantum, isc_task_t **taskp); -/* +/*%< * Create a task. * * Notes: * - * If 'quantum' is non-zero, then only that many events can be dispatched + *\li If 'quantum' is non-zero, then only that many events can be dispatched * before the task must yield to other tasks waiting to execute. If * quantum is zero, then the default quantum of the task manager will * be used. * - * The 'quantum' option may be removed from isc_task_create() in the + *\li The 'quantum' option may be removed from isc_task_create() in the * future. If this happens, isc_task_getquantum() and * isc_task_setquantum() will be provided. * * Requires: * - * 'manager' is a valid task manager. + *\li 'manager' is a valid task manager. * - * taskp != NULL && *taskp == NULL + *\li taskp != NULL && *taskp == NULL * * Ensures: * - * On success, '*taskp' is bound to the new task. + *\li On success, '*taskp' is bound to the new task. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED - * ISC_R_SHUTTINGDOWN + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED + *\li #ISC_R_SHUTTINGDOWN */ void isc_task_attach(isc_task_t *source, isc_task_t **targetp); -/* +/*%< * Attach *targetp to source. * * Requires: * - * 'source' is a valid task. + *\li 'source' is a valid task. * - * 'targetp' points to a NULL isc_task_t *. + *\li 'targetp' points to a NULL isc_task_t *. * * Ensures: * - * *targetp is attached to source. + *\li *targetp is attached to source. */ void isc_task_detach(isc_task_t **taskp); -/* +/*%< * Detach *taskp from its task. * * Requires: * - * '*taskp' is a valid task. + *\li '*taskp' is a valid task. * * Ensures: * - * *taskp is NULL. + *\li *taskp is NULL. * - * If '*taskp' is the last reference to the task, the task is idle (has + *\li If '*taskp' is the last reference to the task, the task is idle (has * an empty event queue), and has not been shutdown, the task will be * shutdown. * - * If '*taskp' is the last reference to the task and + *\li If '*taskp' is the last reference to the task and * the task has been shutdown, - * - * All resources used by the task will be freed. + * all resources used by the task will be freed. */ void isc_task_send(isc_task_t *task, isc_event_t **eventp); -/* +/*%< * Send '*event' to 'task'. * * Requires: * - * 'task' is a valid task. - * eventp != NULL && *eventp != NULL. + *\li 'task' is a valid task. + *\li eventp != NULL && *eventp != NULL. * * Ensures: * - * *eventp == NULL. + *\li *eventp == NULL. */ void isc_task_sendanddetach(isc_task_t **taskp, isc_event_t **eventp); -/* +/*%< * Send '*event' to '*taskp' and then detach '*taskp' from its * task. * * Requires: * - * '*taskp' is a valid task. - * eventp != NULL && *eventp != NULL. + *\li '*taskp' is a valid task. + *\li eventp != NULL && *eventp != NULL. * * Ensures: * - * *eventp == NULL. + *\li *eventp == NULL. * - * *taskp == NULL. + *\li *taskp == NULL. * - * If '*taskp' is the last reference to the task, the task is + *\li If '*taskp' is the last reference to the task, the task is * idle (has an empty event queue), and has not been shutdown, * the task will be shutdown. * - * If '*taskp' is the last reference to the task and + *\li If '*taskp' is the last reference to the task and * the task has been shutdown, - * - * All resources used by the task will be freed. + * all resources used by the task will be freed. */ -/* - * Purging and Unsending - * - * Events which have been queued for a task but not delivered may be removed - * from the task's event queue by purging or unsending. - * - * With both types, the caller specifies a matching pattern that selects - * events based upon their sender, type, and tag. - * - * Purging calls isc_event_free() on the matching events. - * - * Unsending returns a list of events that matched the pattern. - * The caller is then responsible for them. - * - * Consumers of events should purge, not unsend. - * - * Producers of events often want to remove events when the caller indicates - * it is no longer interested in the object, e.g. by cancelling a timer. - * Sometimes this can be done by purging, but for some event types, the - * calls to isc_event_free() cause deadlock because the event free routine - * wants to acquire a lock the caller is already holding. Unsending instead - * of purging solves this problem. As a general rule, producers should only - * unsend events which they have sent. - */ unsigned int isc_task_purgerange(isc_task_t *task, void *sender, isc_eventtype_t first, isc_eventtype_t last, void *tag); -/* +/*%< * Purge events from a task's event queue. * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * last >= first + *\li last >= first * * Ensures: * - * Events in the event queue of 'task' whose sender is 'sender', whose + *\li Events in the event queue of 'task' whose sender is 'sender', whose * type is >= first and <= last, and whose tag is 'tag' will be purged, * unless they are marked as unpurgable. * - * A sender of NULL will match any sender. A NULL tag matches any + *\li A sender of NULL will match any sender. A NULL tag matches any * tag. * * Returns: * - * The number of events purged. + *\li The number of events purged. */ unsigned int isc_task_purge(isc_task_t *task, void *sender, isc_eventtype_t type, void *tag); -/* +/*%< * Purge events from a task's event queue. * * Notes: * - * This function is equivalent to + *\li This function is equivalent to * + *\code * isc_task_purgerange(task, sender, type, type, tag); + *\endcode * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * * Ensures: * - * Events in the event queue of 'task' whose sender is 'sender', whose + *\li Events in the event queue of 'task' whose sender is 'sender', whose * type is 'type', and whose tag is 'tag' will be purged, unless they * are marked as unpurgable. * - * A sender of NULL will match any sender. A NULL tag matches any + *\li A sender of NULL will match any sender. A NULL tag matches any * tag. * * Returns: * - * The number of events purged. + *\li The number of events purged. */ isc_boolean_t isc_task_purgeevent(isc_task_t *task, isc_event_t *event); -/* +/*%< * Purge 'event' from a task's event queue. * * XXXRTH: WARNING: This method may be removed before beta. * * Notes: * - * If 'event' is on the task's event queue, it will be purged, + *\li If 'event' is on the task's event queue, it will be purged, * unless it is marked as unpurgeable. 'event' does not have to be * on the task's event queue; in fact, it can even be an invalid * pointer. Purging only occurs if the event is actually on the task's * event queue. * - * Purging never changes the state of the task. + * \li Purging never changes the state of the task. * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * * Ensures: * - * 'event' is not in the event queue for 'task'. + *\li 'event' is not in the event queue for 'task'. * * Returns: * - * ISC_TRUE The event was purged. - * ISC_FALSE The event was not in the event queue, + *\li #ISC_TRUE The event was purged. + *\li #ISC_FALSE The event was not in the event queue, * or was marked unpurgeable. */ unsigned int isc_task_unsendrange(isc_task_t *task, void *sender, isc_eventtype_t first, isc_eventtype_t last, void *tag, isc_eventlist_t *events); -/* +/*%< * Remove events from a task's event queue. * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * last >= first. + *\li last >= first. * - * *events is a valid list. + *\li *events is a valid list. * * Ensures: * - * Events in the event queue of 'task' whose sender is 'sender', whose + *\li Events in the event queue of 'task' whose sender is 'sender', whose * type is >= first and <= last, and whose tag is 'tag' will be dequeued * and appended to *events. * - * A sender of NULL will match any sender. A NULL tag matches any + *\li A sender of NULL will match any sender. A NULL tag matches any * tag. * * Returns: * - * The number of events unsent. + *\li The number of events unsent. */ unsigned int isc_task_unsend(isc_task_t *task, void *sender, isc_eventtype_t type, void *tag, isc_eventlist_t *events); -/* +/*%< * Remove events from a task's event queue. * * Notes: * - * This function is equivalent to + *\li This function is equivalent to * + *\code * isc_task_unsendrange(task, sender, type, type, tag, events); + *\endcode * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * *events is a valid list. + *\li *events is a valid list. * * Ensures: * - * Events in the event queue of 'task' whose sender is 'sender', whose + *\li Events in the event queue of 'task' whose sender is 'sender', whose * type is 'type', and whose tag is 'tag' will be dequeued and appended * to *events. * * Returns: * - * The number of events unsent. + *\li The number of events unsent. */ isc_result_t isc_task_onshutdown(isc_task_t *task, isc_taskaction_t action, const void *arg); -/* +/*%< * Send a shutdown event with action 'action' and argument 'arg' when * 'task' is shutdown. * * Notes: * - * Shutdown events are posted in LIFO order. + *\li Shutdown events are posted in LIFO order. * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * - * 'action' is a valid task action. + *\li 'action' is a valid task action. * * Ensures: * - * When the task is shutdown, shutdown events requested with + *\li When the task is shutdown, shutdown events requested with * isc_task_onshutdown() will be appended to the task's event queue. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_TASKSHUTTINGDOWN Task is shutting down. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_TASKSHUTTINGDOWN Task is shutting down. */ void isc_task_shutdown(isc_task_t *task); -/* +/*%< * Shutdown 'task'. * * Notes: * - * Shutting down a task causes any shutdown events requested with + *\li Shutting down a task causes any shutdown events requested with * isc_task_onshutdown() to be posted (in LIFO order). The task * moves into a "shutting down" mode which prevents further calls * to isc_task_onshutdown(). * - * Trying to shutdown a task that has already been shutdown has no + *\li Trying to shutdown a task that has already been shutdown has no * effect. * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. * * Ensures: * - * Any shutdown events requested with isc_task_onshutdown() have been + *\li Any shutdown events requested with isc_task_onshutdown() have been * posted (in LIFO order). */ void isc_task_destroy(isc_task_t **taskp); -/* +/*%< * Destroy '*taskp'. * * Notes: * - * This call is equivalent to: + *\li This call is equivalent to: * + *\code * isc_task_shutdown(*taskp); * isc_task_detach(taskp); + *\endcode * * Requires: * @@ -432,45 +435,44 @@ isc_task_destroy(isc_task_t **taskp); * * Ensures: * - * Any shutdown events requested with isc_task_onshutdown() have been + *\li Any shutdown events requested with isc_task_onshutdown() have been * posted (in LIFO order). * - * *taskp == NULL - * - * If '*taskp' is the last reference to the task, + *\li *taskp == NULL * - * All resources used by the task will be freed. + *\li If '*taskp' is the last reference to the task, + * all resources used by the task will be freed. */ void isc_task_setname(isc_task_t *task, const char *name, void *tag); -/* +/*%< * Name 'task'. * * Notes: * - * Only the first 15 characters of 'name' will be copied. + *\li Only the first 15 characters of 'name' will be copied. * - * Naming a task is currently only useful for debugging purposes. + *\li Naming a task is currently only useful for debugging purposes. * * Requires: * - * 'task' is a valid task. + *\li 'task' is a valid task. */ const char * isc_task_getname(isc_task_t *task); -/* +/*%< * Get the name of 'task', as previously set using isc_task_setname(). * * Notes: - * This function is for debugging purposes only. + *\li This function is for debugging purposes only. * * Requires: - * 'task' is a valid task. + *\li 'task' is a valid task. * * Returns: - * A non-NULL pointer to a null-terminated string. + *\li A non-NULL pointer to a null-terminated string. * If the task has not been named, the string is * empty. * @@ -478,59 +480,59 @@ isc_task_getname(isc_task_t *task); void * isc_task_gettag(isc_task_t *task); -/* +/*%< * Get the tag value for 'task', as previously set using isc_task_settag(). * * Notes: - * This function is for debugging purposes only. + *\li This function is for debugging purposes only. * * Requires: - * 'task' is a valid task. + *\li 'task' is a valid task. */ isc_result_t isc_task_beginexclusive(isc_task_t *task); -/* +/*%< * Request exclusive access for 'task', which must be the calling * task. Waits for any other concurrently executing tasks to finish their * current event, and prevents any new events from executing in any of the * tasks sharing a task manager with 'task'. * - * The exclusive access must be relinquished by calling + * The exclusive access must be relinquished by calling * isc_task_endexclusive() before returning from the current event handler. * * Requires: - * 'task' is the calling task. + *\li 'task' is the calling task. * * Returns: - * ISC_R_SUCCESS The current task now has exclusive access. - * ISC_R_LOCKBUSY Another task has already requested exclusive + *\li #ISC_R_SUCCESS The current task now has exclusive access. + *\li #ISC_R_LOCKBUSY Another task has already requested exclusive * access. */ void isc_task_endexclusive(isc_task_t *task); -/* - * Relinquish the exclusive access obtained by isc_task_beginexclusive(), +/*%< + * Relinquish the exclusive access obtained by isc_task_beginexclusive(), * allowing other tasks to execute. * * Requires: - * 'task' is the calling task, and has obtained + *\li 'task' is the calling task, and has obtained * exclusive access by calling isc_task_spl(). */ void isc_task_getcurrenttime(isc_task_t *task, isc_stdtime_t *t); -/* +/*%< * Provide the most recent timestamp on the task. The timestamp is considered * as the "current time" in the second-order granularity. * * Requires: - * 'task' is a valid task. - * 't' is a valid non NULL pointer. + *\li 'task' is a valid task. + *\li 't' is a valid non NULL pointer. * * Ensures: - * '*t' has the "current time". + *\li '*t' has the "current time". */ /***** @@ -540,76 +542,83 @@ isc_task_getcurrenttime(isc_task_t *task, isc_stdtime_t *t); isc_result_t isc_taskmgr_create(isc_mem_t *mctx, unsigned int workers, unsigned int default_quantum, isc_taskmgr_t **managerp); -/* +/*%< * Create a new task manager. * * Notes: * - * 'workers' in the number of worker threads to create. In general, + *\li 'workers' in the number of worker threads to create. In general, * the value should be close to the number of processors in the system. * The 'workers' value is advisory only. An attempt will be made to * create 'workers' threads, but if at least one thread creation * succeeds, isc_taskmgr_create() may return ISC_R_SUCCESS. * - * If 'default_quantum' is non-zero, then it will be used as the default + *\li If 'default_quantum' is non-zero, then it will be used as the default * quantum value when tasks are created. If zero, then an implementation * defined default quantum will be used. * * Requires: * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * - * workers > 0 + *\li workers > 0 * - * managerp != NULL && *managerp == NULL + *\li managerp != NULL && *managerp == NULL * * Ensures: * - * On success, '*managerp' will be attached to the newly created task + *\li On success, '*managerp' will be attached to the newly created task * manager. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_NOTHREADS No threads could be created. - * ISC_R_UNEXPECTED An unexpected error occurred. + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_NOTHREADS No threads could be created. + *\li #ISC_R_UNEXPECTED An unexpected error occurred. */ void isc_taskmgr_destroy(isc_taskmgr_t **managerp); -/* +/*%< * Destroy '*managerp'. * * Notes: * - * Calling isc_taskmgr_destroy() will shutdown all tasks managed by + *\li Calling isc_taskmgr_destroy() will shutdown all tasks managed by * *managerp that haven't already been shutdown. The call will block * until all tasks have entered the done state. * - * isc_taskmgr_destroy() must not be called by a task event action, + *\li isc_taskmgr_destroy() must not be called by a task event action, * because it would block forever waiting for the event action to * complete. An event action that wants to cause task manager shutdown * should request some non-event action thread of execution to do the - * shutdown, e.g. by signalling a condition variable or using + * shutdown, e.g. by signaling a condition variable or using * isc_app_shutdown(). * - * Task manager references are not reference counted, so the caller + *\li Task manager references are not reference counted, so the caller * must ensure that no attempt will be made to use the manager after * isc_taskmgr_destroy() returns. * * Requires: * - * '*managerp' is a valid task manager. + *\li '*managerp' is a valid task manager. * - * isc_taskmgr_destroy() has not be called previously on '*managerp'. + *\li isc_taskmgr_destroy() has not be called previously on '*managerp'. * * Ensures: * - * All resources used by the task manager, and any tasks it managed, + *\li All resources used by the task manager, and any tasks it managed, * have been freed. */ +#ifdef HAVE_LIBXML2 + +void +isc_taskmgr_renderxml(isc_taskmgr_t *mgr, xmlTextWriterPtr writer); + +#endif + ISC_LANG_ENDDECLS #endif /* ISC_TASK_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/taskpool.h b/contrib/bind-9.5.2/lib/isc/include/isc/taskpool.h similarity index 77% rename from contrib/bind-9.3/lib/isc/include/isc/taskpool.h rename to contrib/bind-9.5.2/lib/isc/include/isc/taskpool.h index 42066d21b9..fd07bfd5b1 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/taskpool.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/taskpool.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: taskpool.h,v 1.8.206.1 2004/03/06 08:14:49 marka Exp $ */ +/* $Id: taskpool.h,v 1.15 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_TASKPOOL_H #define ISC_TASKPOOL_H 1 @@ -24,10 +24,8 @@ ***** Module Info *****/ -/* - * Task Pool - * - * A task pool is a mechanism for sharing a small number of tasks +/*! \file isc/taskpool.h + * \brief A task pool is a mechanism for sharing a small number of tasks * among a large number of objects such that each object is * assigned a unique task, but each task may be shared by several * objects. @@ -62,44 +60,44 @@ isc_result_t isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, unsigned int ntasks, unsigned int quantum, isc_taskpool_t **poolp); -/* +/*%< * Create a task pool of "ntasks" tasks, each with quantum * "quantum". * * Requires: * - * 'tmgr' is a valid task manager. + *\li 'tmgr' is a valid task manager. * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * - * poolp != NULL && *poolp == NULL + *\li poolp != NULL && *poolp == NULL * * Ensures: * - * On success, '*taskp' points to the new task pool. + *\li On success, '*taskp' points to the new task pool. * * Returns: * - * ISC_R_SUCCESS - * ISC_R_NOMEMORY - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS + *\li #ISC_R_NOMEMORY + *\li #ISC_R_UNEXPECTED */ void isc_taskpool_gettask(isc_taskpool_t *pool, unsigned int hash, isc_task_t **targetp); -/* +/*%< * Attach to the task corresponding to the hash value "hash". */ void isc_taskpool_destroy(isc_taskpool_t **poolp); -/* +/*%< * Destroy a task pool. The tasks in the pool are detached but not * shut down. * * Requires: - * '*poolp' is a valid task pool. + * \li '*poolp' is a valid task pool. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/include/isc/timer.h b/contrib/bind-9.5.2/lib/isc/include/isc/timer.h similarity index 66% rename from contrib/bind-9.3/lib/isc/include/isc/timer.h rename to contrib/bind-9.5.2/lib/isc/include/isc/timer.h index 439c943dad..03570460d7 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/timer.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/timer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.h,v 1.28.12.6 2005/10/27 00:27:30 marka Exp $ */ +/* $Id: timer.h,v 1.38.128.2 2008/06/24 23:46:26 tbox Exp $ */ #ifndef ISC_TIMER_H #define ISC_TIMER_H 1 @@ -24,50 +24,46 @@ ***** Module Info *****/ -/* - * Timers - * - * Provides timers which are event sources in the task system. +/*! \file isc/timer.h + * \brief Provides timers which are event sources in the task system. * * Three types of timers are supported: * - * 'ticker' timers generate a periodic tick event. + *\li 'ticker' timers generate a periodic tick event. * - * 'once' timers generate an idle timeout event if they are idle for too + *\li 'once' timers generate an idle timeout event if they are idle for too * long, and generate a life timeout event if their lifetime expires. * They are used to implement both (possibly expiring) idle timers and * 'one-shot' timers. * - * 'limited' timers generate a periodic tick event until they reach + *\li 'limited' timers generate a periodic tick event until they reach * their lifetime when they generate a life timeout event. * - * 'inactive' timers generate no events. + *\li 'inactive' timers generate no events. * * Timers can change type. It is typical to create a timer as * an 'inactive' timer and then change it into a 'ticker' or * 'once' timer. * - * MP: + *\li MP: * The module ensures appropriate synchronization of data structures it * creates and manipulates. - * * Clients of this module must not be holding a timer's task's lock when * making a call that affects that timer. Failure to follow this rule * can result in deadlock. - * * The caller must ensure that isc_timermgr_destroy() is called only * once for a given manager. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: - * + * \li Resources: + * TBS * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ @@ -80,6 +76,7 @@ #include #include #include +#include ISC_LANG_BEGINDECLS @@ -87,15 +84,17 @@ ISC_LANG_BEGINDECLS *** Types ***/ +/*% Timer Type */ typedef enum { - isc_timertype_ticker = 0, - isc_timertype_once = 1, - isc_timertype_limited = 2, - isc_timertype_inactive = 3 + isc_timertype_ticker = 0, /*%< Ticker */ + isc_timertype_once = 1, /*%< Once */ + isc_timertype_limited = 2, /*%< Limited */ + isc_timertype_inactive = 3 /*%< Inactive */ } isc_timertype_t; typedef struct isc_timerevent { struct isc_event common; + isc_time_t due; } isc_timerevent_t; #define ISC_TIMEREVENT_FIRSTEVENT (ISC_EVENTCLASS_TIMER + 0) @@ -120,7 +119,7 @@ isc_timer_create(isc_timermgr_t *manager, isc_taskaction_t action, const void *arg, isc_timer_t **timerp); -/* +/*%< * Create a new 'type' timer managed by 'manager'. The timers parameters * are specified by 'expires' and 'interval'. Events will be posted to * 'task' and when dispatched 'action' will be called with 'arg' as the @@ -128,51 +127,51 @@ isc_timer_create(isc_timermgr_t *manager, * * Notes: * - * For ticker timers, the timer will generate a 'tick' event every + *\li For ticker timers, the timer will generate a 'tick' event every * 'interval' seconds. The value of 'expires' is ignored. * - * For once timers, 'expires' specifies the time when a life timeout + *\li For once timers, 'expires' specifies the time when a life timeout * event should be generated. If 'expires' is 0 (the epoch), then no life * timeout will be generated. 'interval' specifies how long the timer * can be idle before it generates an idle timeout. If 0, then no * idle timeout will be generated. * - * If 'expires' is NULL, the epoch will be used. + *\li If 'expires' is NULL, the epoch will be used. * * If 'interval' is NULL, the zero interval will be used. * * Requires: * - * 'manager' is a valid manager + *\li 'manager' is a valid manager * - * 'task' is a valid task + *\li 'task' is a valid task * - * 'action' is a valid action + *\li 'action' is a valid action * - * 'expires' points to a valid time, or is NULL. + *\li 'expires' points to a valid time, or is NULL. * - * 'interval' points to a valid interval, or is NULL. + *\li 'interval' points to a valid interval, or is NULL. * - * type == isc_timertype_inactive || + *\li type == isc_timertype_inactive || * ('expires' and 'interval' are not both 0) * - * 'timerp' is a valid pointer, and *timerp == NULL + *\li 'timerp' is a valid pointer, and *timerp == NULL * * Ensures: * - * '*timerp' is attached to the newly created timer + *\li '*timerp' is attached to the newly created timer * - * The timer is attached to the task + *\li The timer is attached to the task * - * An idle timeout will not be generated until at least Now + the + *\li An idle timeout will not be generated until at least Now + the * timer's interval if 'timer' is a once timer with a non-zero * interval. * * Returns: * - * Success - * No memory - * Unexpected error + *\li Success + *\li No memory + *\li Unexpected error */ isc_result_t @@ -181,90 +180,91 @@ isc_timer_reset(isc_timer_t *timer, isc_time_t *expires, isc_interval_t *interval, isc_boolean_t purge); -/* +/*%< * Change the timer's type, expires, and interval values to the given * values. If 'purge' is TRUE, any pending events from this timer * are purged from its task's event queue. * * Notes: * - * If 'expires' is NULL, the epoch will be used. + *\li If 'expires' is NULL, the epoch will be used. * - * If 'interval' is NULL, the zero interval will be used. + *\li If 'interval' is NULL, the zero interval will be used. * * Requires: * - * 'timer' is a valid timer + *\li 'timer' is a valid timer * - * The same requirements that isc_timer_create() imposes on 'type', + *\li The same requirements that isc_timer_create() imposes on 'type', * 'expires' and 'interval' apply. * * Ensures: * - * An idle timeout will not be generated until at least Now + the + *\li An idle timeout will not be generated until at least Now + the * timer's interval if 'timer' is a once timer with a non-zero * interval. * * Returns: * - * Success - * No memory - * Unexpected error + *\li Success + *\li No memory + *\li Unexpected error */ isc_result_t isc_timer_touch(isc_timer_t *timer); -/* +/*%< * Set the last-touched time of 'timer' to the current time. * * Requires: * - * 'timer' is a valid once timer. + *\li 'timer' is a valid once timer. * * Ensures: * - * An idle timeout will not be generated until at least Now + the + *\li An idle timeout will not be generated until at least Now + the * timer's interval if 'timer' is a once timer with a non-zero * interval. * * Returns: * - * Success - * Unexpected error + *\li Success + *\li Unexpected error */ void isc_timer_attach(isc_timer_t *timer, isc_timer_t **timerp); -/* +/*%< * Attach *timerp to timer. * * Requires: * - * 'timer' is a valid timer. + *\li 'timer' is a valid timer. * - * 'timerp' points to a NULL timer. + *\li 'timerp' points to a NULL timer. * * Ensures: * - * *timerp is attached to timer. + *\li *timerp is attached to timer. */ void isc_timer_detach(isc_timer_t **timerp); -/* +/*%< * Detach *timerp from its timer. * * Requires: * - * 'timerp' points to a valid timer. + *\li 'timerp' points to a valid timer. * * Ensures: * - * *timerp is NULL. + *\li *timerp is NULL. * - * If '*timerp' is the last reference to the timer, + *\li If '*timerp' is the last reference to the timer, * then: * + *\code * The timer will be shutdown * * The timer will detach from its task @@ -275,6 +275,7 @@ isc_timer_detach(isc_timer_t **timerp); * Therefore, if isc_timer_detach() is called in the context * of the timer's task, it is guaranteed that no more * timer event callbacks will run after the call. + *\endcode */ isc_timertype_t @@ -289,51 +290,51 @@ isc_timer_gettype(isc_timer_t *timer); isc_result_t isc_timermgr_create(isc_mem_t *mctx, isc_timermgr_t **managerp); -/* +/*%< * Create a timer manager. * * Notes: * - * All memory will be allocated in memory context 'mctx'. + *\li All memory will be allocated in memory context 'mctx'. * * Requires: * - * 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * - * 'managerp' points to a NULL isc_timermgr_t. + *\li 'managerp' points to a NULL isc_timermgr_t. * * Ensures: * - * '*managerp' is a valid isc_timermgr_t. + *\li '*managerp' is a valid isc_timermgr_t. * * Returns: * - * Success - * No memory - * Unexpected error + *\li Success + *\li No memory + *\li Unexpected error */ void isc_timermgr_destroy(isc_timermgr_t **managerp); -/* +/*%< * Destroy a timer manager. * * Notes: * - * This routine blocks until there are no timers left in the manager, + *\li This routine blocks until there are no timers left in the manager, * so if the caller holds any timer references using the manager, it * must detach them before calling isc_timermgr_destroy() or it will * block forever. * * Requires: * - * '*managerp' is a valid isc_timermgr_t. + *\li '*managerp' is a valid isc_timermgr_t. * * Ensures: * - * *managerp == NULL + *\li *managerp == NULL * - * All resources used by the manager have been freed. + *\li All resources used by the manager have been freed. */ void isc_timermgr_poke(isc_timermgr_t *m); diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/types.h b/contrib/bind-9.5.2/lib/isc/include/isc/types.h new file mode 100644 index 0000000000..fe448eb517 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/types.h @@ -0,0 +1,124 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: types.h,v 1.43.128.5 2009/01/29 23:47:14 tbox Exp $ */ + +#ifndef ISC_TYPES_H +#define ISC_TYPES_H 1 + +/*! \file isc/types.h + * \brief + * OS-specific types, from the OS-specific include directories. + */ +#include +#include + +/* + * XXXDCL should isc_boolean_t be moved here, requiring an explicit include + * of when ISC_TRUE/ISC_FALSE/ISC_TF() are desired? + */ +#include +/* + * XXXDCL This is just for ISC_LIST and ISC_LINK, but gets all of the other + * list macros too. + */ +#include + +/* Core Types. Alphabetized by defined type. */ + +typedef struct isc_bitstring isc_bitstring_t; /*%< Bitstring */ +typedef struct isc_buffer isc_buffer_t; /*%< Buffer */ +typedef ISC_LIST(isc_buffer_t) isc_bufferlist_t; /*%< Buffer List */ +typedef struct isc_constregion isc_constregion_t; /*%< Const region */ +typedef struct isc_consttextregion isc_consttextregion_t; /*%< Const Text Region */ +typedef struct isc_entropy isc_entropy_t; /*%< Entropy */ +typedef struct isc_entropysource isc_entropysource_t; /*%< Entropy Source */ +typedef struct isc_event isc_event_t; /*%< Event */ +typedef ISC_LIST(isc_event_t) isc_eventlist_t; /*%< Event List */ +typedef unsigned int isc_eventtype_t; /*%< Event Type */ +typedef isc_uint32_t isc_fsaccess_t; /*%< FS Access */ +typedef struct isc_hash isc_hash_t; /*%< Hash */ +typedef struct isc_httpd isc_httpd_t; /*%< HTTP client */ +typedef void (isc_httpdfree_t)(isc_buffer_t *, void *); /*%< HTTP free function */ +typedef struct isc_httpdmgr isc_httpdmgr_t; /*%< HTTP manager */ +typedef struct isc_httpdurl isc_httpdurl_t; /*%< HTTP URL */ +typedef void (isc_httpdondestroy_t)(void *); /*%< Callback on destroying httpd */ +typedef struct isc_interface isc_interface_t; /*%< Interface */ +typedef struct isc_interfaceiter isc_interfaceiter_t; /*%< Interface Iterator */ +typedef struct isc_interval isc_interval_t; /*%< Interval */ +typedef struct isc_lex isc_lex_t; /*%< Lex */ +typedef struct isc_log isc_log_t; /*%< Log */ +typedef struct isc_logcategory isc_logcategory_t; /*%< Log Category */ +typedef struct isc_logconfig isc_logconfig_t; /*%< Log Configuration */ +typedef struct isc_logmodule isc_logmodule_t; /*%< Log Module */ +typedef struct isc_mem isc_mem_t; /*%< Memory */ +typedef struct isc_mempool isc_mempool_t; /*%< Memory Pool */ +typedef struct isc_msgcat isc_msgcat_t; /*%< Message Catalog */ +typedef struct isc_ondestroy isc_ondestroy_t; /*%< On Destroy */ +typedef struct isc_netaddr isc_netaddr_t; /*%< Net Address */ +typedef struct isc_portset isc_portset_t; /*%< Port Set */ +typedef struct isc_quota isc_quota_t; /*%< Quota */ +typedef struct isc_random isc_random_t; /*%< Random */ +typedef struct isc_ratelimiter isc_ratelimiter_t; /*%< Rate Limiter */ +typedef struct isc_region isc_region_t; /*%< Region */ +typedef isc_uint64_t isc_resourcevalue_t; /*%< Resource Value */ +typedef unsigned int isc_result_t; /*%< Result */ +typedef struct isc_rwlock isc_rwlock_t; /*%< Read Write Lock */ +typedef struct isc_sockaddr isc_sockaddr_t; /*%< Socket Address */ +typedef struct isc_socket isc_socket_t; /*%< Socket */ +typedef struct isc_socketevent isc_socketevent_t; /*%< Socket Event */ +typedef struct isc_socketmgr isc_socketmgr_t; /*%< Socket Manager */ +typedef struct isc_stats isc_stats_t; /*%< Statistics */ +typedef int isc_statscounter_t; /*%< Statistics Counter */ +typedef struct isc_symtab isc_symtab_t; /*%< Symbol Table */ +typedef struct isc_task isc_task_t; /*%< Task */ +typedef ISC_LIST(isc_task_t) isc_tasklist_t; /*%< Task List */ +typedef struct isc_taskmgr isc_taskmgr_t; /*%< Task Manager */ +typedef struct isc_textregion isc_textregion_t; /*%< Text Region */ +typedef struct isc_time isc_time_t; /*%< Time */ +typedef struct isc_timer isc_timer_t; /*%< Timer */ +typedef struct isc_timermgr isc_timermgr_t; /*%< Timer Manager */ + +typedef void (*isc_taskaction_t)(isc_task_t *, isc_event_t *); +typedef int (*isc_sockfdwatch_t)(isc_task_t *, isc_socket_t *, void *); + +/* The following cannot be listed alphabetically due to forward reference */ +typedef isc_result_t (isc_httpdaction_t)(const char *url, + const char *querystring, + void *arg, + unsigned int *retcode, + const char **retmsg, + const char **mimetype, + isc_buffer_t *body, + isc_httpdfree_t **freecb, + void **freecb_args); +typedef isc_boolean_t (isc_httpdclientok_t)(const isc_sockaddr_t *, void *); + +/*% Resource */ +typedef enum { + isc_resource_coresize = 1, + isc_resource_cputime, + isc_resource_datasize, + isc_resource_filesize, + isc_resource_lockedmemory, + isc_resource_openfiles, + isc_resource_processes, + isc_resource_residentsize, + isc_resource_stacksize +} isc_resource_t; + +#endif /* ISC_TYPES_H */ diff --git a/contrib/bind-9.3/lib/isc/include/isc/util.h b/contrib/bind-9.5.2/lib/isc/include/isc/util.h similarity index 94% rename from contrib/bind-9.3/lib/isc/include/isc/util.h rename to contrib/bind-9.5.2/lib/isc/include/isc/util.h index c2798d6df0..8a3b95d9da 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/util.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/util.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.h,v 1.21.12.5 2004/03/08 09:04:53 marka Exp $ */ +/* $Id: util.h,v 1.30 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_UTIL_H #define ISC_UTIL_H 1 -/* +/*! \file isc/util.h * NOTE: * * This file is not to be included from any (or other) library * files. * + * \brief * Including this file puts several macros in your name space that are * not protected (as all the other ISC functions/macros do) by prepending * ISC_ or isc_ to the name. @@ -35,21 +36,22 @@ *** General Macros. ***/ -/* +/*% * Use this to hide unused function arguments. - * + * \code * int * foo(char *bar) * { * UNUSED(bar); * } + * \endcode */ #define UNUSED(x) (void)(x) #define ISC_MAX(a, b) ((a) > (b) ? (a) : (b)) #define ISC_MIN(a, b) ((a) < (b) ? (a) : (b)) -/* +/*% * Use this to remove the const qualifier of a variable to assign it to * a non-const variable or pass it as a non-const function argument ... * but only when you are sure it won't then be changed! @@ -64,16 +66,15 @@ var = _u.v; \ } while (0) -/* +/*% * Use this in translation units that would otherwise be empty, to * suppress compiler warnings. */ #define EMPTY_TRANSLATION_UNIT static void isc__empty(void) { isc__empty(); } -/* +/*% * We use macros instead of calling the routines directly because * the capital letters make the locking stand out. - * * We RUNTIME_CHECK for success since in general there's no way * for us to continue if they fail. */ @@ -203,9 +204,13 @@ */ #include /* Contractual promise. */ +/*% Require Assertion */ #define REQUIRE(e) ISC_REQUIRE(e) +/*% Ensure Assertion */ #define ENSURE(e) ISC_ENSURE(e) +/*% Insist Assertion */ #define INSIST(e) ISC_INSIST(e) +/*% Invariant Assertion */ #define INVARIANT(e) ISC_INVARIANT(e) /* @@ -213,11 +218,14 @@ */ #include /* Contractual promise. */ +/*% Unexpected Error */ #define UNEXPECTED_ERROR isc_error_unexpected +/*% Fatal Error */ #define FATAL_ERROR isc_error_fatal +/*% Runtime Check */ #define RUNTIME_CHECK(cond) ISC_ERROR_RUNTIMECHECK(cond) -/* +/*% * Time */ #define TIME_NOW(tp) RUNTIME_CHECK(isc_time_now((tp)) == ISC_R_SUCCESS) diff --git a/contrib/bind-9.3/lib/isc/include/isc/version.h b/contrib/bind-9.5.2/lib/isc/include/isc/version.h similarity index 80% rename from contrib/bind-9.3/lib/isc/include/isc/version.h rename to contrib/bind-9.5.2/lib/isc/include/isc/version.h index 3da836c3e8..ec00bdea7b 100644 --- a/contrib/bind-9.3/lib/isc/include/isc/version.h +++ b/contrib/bind-9.5.2/lib/isc/include/isc/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.2.220.3 2004/03/08 09:04:54 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file isc/version.h */ #include diff --git a/contrib/bind-9.5.2/lib/isc/include/isc/xml.h b/contrib/bind-9.5.2/lib/isc/include/isc/xml.h new file mode 100644 index 0000000000..d31a31a7f0 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/include/isc/xml.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: xml.h,v 1.4 2007/06/19 23:47:18 tbox Exp $ */ + +#ifndef ISC_XML_H +#define ISC_XML_H 1 + +/* + * This file is here mostly to make it easy to add additional libxml header + * files as needed across all the users of this file. Rather than place + * these libxml includes in each file, one include makes it easy to handle + * the ifdef as well as adding the ability to add additional functions + * which may be useful. + */ + +#ifdef HAVE_LIBXML2 +#include +#include +#endif + +#define ISC_XMLCHAR (const xmlChar *) + +#define ISC_XML_RENDERCONFIG 0x00000001 /* render config data */ +#define ISC_XML_RENDERSTATS 0x00000002 /* render stats */ +#define ISC_XML_RENDERALL 0x000000ff /* render everything */ + +#endif /* ISC_XML_H */ diff --git a/contrib/bind-9.3/lib/isc/inet_aton.c b/contrib/bind-9.5.2/lib/isc/inet_aton.c similarity index 94% rename from contrib/bind-9.3/lib/isc/inet_aton.c rename to contrib/bind-9.5.2/lib/isc/inet_aton.c index 530b0103ba..342aa26d73 100644 --- a/contrib/bind-9.3/lib/isc/inet_aton.c +++ b/contrib/bind-9.5.2/lib/isc/inet_aton.c @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1996-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -67,10 +67,11 @@ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ +/*! \file */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static char rcsid[] = "$Id: inet_aton.c,v 1.15.12.3 2004/03/08 09:04:49 marka Exp $"; +static char rcsid[] = "$Id: inet_aton.c,v 1.21.128.2 2009/03/05 23:46:34 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -81,7 +82,7 @@ static char rcsid[] = "$Id: inet_aton.c,v 1.15.12.3 2004/03/08 09:04:49 marka Ex #include #include -/* +/*% * Check whether "cp" is a valid ascii representation * of an Internet address and convert to a binary address. * Returns 1 if the address is valid, 0 if not. @@ -144,7 +145,7 @@ isc_net_aton(const char *cp, struct in_addr *addr) { * a.b.c (with c treated as 16 bits) * a.b (with b treated as 24 bits) */ - if (pp >= parts + 3 || val > 0xff) + if (pp >= parts + 3 || val > 0xffU) return (0); *pp++ = (isc_uint8_t)val; c = *++cp; @@ -171,19 +172,19 @@ isc_net_aton(const char *cp, struct in_addr *addr) { break; case 2: /* a.b -- 8.24 bits */ - if (val > 0xffffff) + if (val > 0xffffffU) return (0); val |= parts[0] << 24; break; case 3: /* a.b.c -- 8.8.16 bits */ - if (val > 0xffff) + if (val > 0xffffU) return (0); val |= (parts[0] << 24) | (parts[1] << 16); break; case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if (val > 0xff) + if (val > 0xffU) return (0); val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); break; diff --git a/contrib/bind-9.3/lib/isc/inet_ntop.c b/contrib/bind-9.5.2/lib/isc/inet_ntop.c similarity index 90% rename from contrib/bind-9.3/lib/isc/inet_ntop.c rename to contrib/bind-9.5.2/lib/isc/inet_ntop.c index 6dadd736e9..c441cdc622 100644 --- a/contrib/bind-9.3/lib/isc/inet_ntop.c +++ b/contrib/bind-9.5.2/lib/isc/inet_ntop.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/*! \file */ + #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = - "$Id: inet_ntop.c,v 1.12.12.4 2004/08/28 06:25:21 marka Exp $"; + "$Id: inet_ntop.c,v 1.19.128.2 2009/07/18 23:46:53 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -45,12 +47,12 @@ static const char *inet_ntop6(const unsigned char *src, char *dst, size_t size); #endif -/* char * +/*! char * * isc_net_ntop(af, src, dst, size) * convert a network format address to presentation format. - * return: + * \return * pointer to presentation format address (`dst'), or NULL (see errno). - * author: + * \author * Paul Vixie, 1996. */ const char * @@ -70,15 +72,16 @@ isc_net_ntop(int af, const void *src, char *dst, size_t size) /* NOTREACHED */ } -/* const char * +/*! const char * * inet_ntop4(src, dst, size) * format an IPv4 address - * return: + * \return * `dst' (as a const) - * notes: + * \note * (1) uses no statics + * \note * (2) takes a unsigned char* not an in_addr as input - * author: + * \author * Paul Vixie, 1996. */ static const char * @@ -97,10 +100,10 @@ inet_ntop4(const unsigned char *src, char *dst, size_t size) return (dst); } -/* const char * +/*! const char * * isc_inet_ntop6(src, dst, size) * convert IPv6 binary address into presentation (printable) format - * author: + * \author * Paul Vixie, 1996. */ #ifdef AF_INET6 @@ -166,8 +169,9 @@ inet_ntop6(const unsigned char *src, char *dst, size_t size) if (i != 0) *tp++ = ':'; /* Is this address an encapsulated IPv4? */ - if (i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { + if (i == 6 && best.base == 0 && (best.len == 6 || + (best.len == 7 && words[7] != 0x0001) || + (best.len == 5 && words[5] == 0xffff))) { if (!inet_ntop4(src+12, tp, sizeof(tmp) - (tp - tmp))) return (NULL); diff --git a/contrib/bind-9.3/lib/isc/inet_pton.c b/contrib/bind-9.5.2/lib/isc/inet_pton.c similarity index 91% rename from contrib/bind-9.3/lib/isc/inet_pton.c rename to contrib/bind-9.5.2/lib/isc/inet_pton.c index 026fedf23c..6bada239e0 100644 --- a/contrib/bind-9.3/lib/isc/inet_pton.c +++ b/contrib/bind-9.5.2/lib/isc/inet_pton.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/*! \file */ + #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = - "$Id: inet_pton.c,v 1.10.2.4.2.3 2005/03/31 23:56:14 marka Exp $"; + "$Id: inet_pton.c,v 1.19 2007/06/19 23:47:17 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -27,8 +29,11 @@ static char rcsid[] = #include +/*% INT16 Size */ #define NS_INT16SZ 2 +/*% IPv4 Address Size */ #define NS_INADDRSZ 4 +/*% IPv6 Address Size */ #define NS_IN6ADDRSZ 16 /* @@ -39,15 +44,14 @@ static char rcsid[] = static int inet_pton4(const char *src, unsigned char *dst); static int inet_pton6(const char *src, unsigned char *dst); -/* int - * isc_net_pton(af, src, dst) +/*% * convert from presentation format (which usually means ASCII printable) * to network format (which is usually some kind of binary format). - * return: + * \return * 1 if the address was valid for the specified address family * 0 if the address wasn't valid (`dst' is untouched in this case) * -1 if some other error occurred (`dst' is untouched in this case, too) - * author: + * \author * Paul Vixie, 1996. */ int @@ -64,14 +68,14 @@ isc_net_pton(int af, const char *src, void *dst) { /* NOTREACHED */ } -/* int - * inet_pton4(src, dst) +/*!\fn static int inet_pton4(const char *src, unsigned char *dst) + * \brief * like inet_aton() but without all the hexadecimal and shorthand. - * return: + * \return * 1 if `src' is a valid dotted quad, else 0. - * notice: + * \note * does not touch `dst' unless it's returning 1. - * author: + * \author * Paul Vixie, 1996. */ static int @@ -113,17 +117,17 @@ inet_pton4(const char *src, unsigned char *dst) { return (1); } -/* int - * inet_pton6(src, dst) +/*% * convert presentation level address to network order binary form. - * return: + * \return * 1 if `src' is a valid [RFC1884 2.2] address, else 0. - * notice: + * \note * (1) does not touch `dst' unless it's returning 1. + * \note * (2) :: in a full address is silently ignored. - * credit: + * \author * inspired by Mark Andrews. - * author: + * \author * Paul Vixie, 1996. */ static int diff --git a/contrib/bind-9.3/lib/isc/lex.c b/contrib/bind-9.5.2/lib/isc/lex.c similarity index 93% rename from contrib/bind-9.3/lib/isc/lex.c rename to contrib/bind-9.5.2/lib/isc/lex.c index 3511d6bd0e..8749ed0b0b 100644 --- a/contrib/bind-9.3/lib/isc/lex.c +++ b/contrib/bind-9.5.2/lib/isc/lex.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lex.c,v 1.66.2.6.2.10 2006/01/04 23:50:21 marka Exp $ */ +/* $Id: lex.c,v 1.86 2007/09/17 09:56:29 shane Exp $ */ + +/*! \file */ #include @@ -563,7 +565,11 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { } else if (isdigit((unsigned char)c) && (options & ISC_LEXOPT_NUMBER) != 0) { lex->last_was_eol = ISC_FALSE; - state = lexstate_number; + if ((options & ISC_LEXOPT_OCTAL) != 0 && + (c == '8' || c == '9')) + state = lexstate_string; + else + state = lexstate_number; goto no_read; } else { lex->last_was_eol = ISC_FALSE; @@ -584,7 +590,9 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { c == '\n' || c == EOF || lex->specials[c]) { int base; - if ((options & ISC_LEXOPT_CNUMBER) != 0) + if ((options & ISC_LEXOPT_OCTAL) != 0) + base = 8; + else if ((options & ISC_LEXOPT_CNUMBER) != 0) base = 0; else base = 10; @@ -620,6 +628,9 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { /* Above test supports hex numbers */ state = lexstate_string; } + } else if ((options & ISC_LEXOPT_OCTAL) != 0 && + (c == '8' || c == '9')) { + state = lexstate_string; } if (remaining == 0U) { result = grow_data(lex, &remaining, @@ -709,11 +720,7 @@ isc_lex_gettoken(isc_lex_t *lex, unsigned int options, isc_token_t *tokenp) { state = lexstate_ccomment; break; case lexstate_eatline: - if (c == EOF) { - result = ISC_R_UNEXPECTEDEND; - goto done; - } - if (c == '\n') { + if ((c == '\n') || (c == EOF)) { no_comments = ISC_FALSE; state = saved_state; goto no_read; @@ -821,6 +828,33 @@ isc_lex_getmastertoken(isc_lex_t *lex, isc_token_t *token, return (ISC_R_SUCCESS); } +isc_result_t +isc_lex_getoctaltoken(isc_lex_t *lex, isc_token_t *token, isc_boolean_t eol) +{ + unsigned int options = ISC_LEXOPT_EOL | ISC_LEXOPT_EOF | + ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE| + ISC_LEXOPT_NUMBER | ISC_LEXOPT_OCTAL; + isc_result_t result; + + result = isc_lex_gettoken(lex, options, token); + if (result == ISC_R_RANGE) + isc_lex_ungettoken(lex, token); + if (result != ISC_R_SUCCESS) + return (result); + + if (eol && ((token->type == isc_tokentype_eol) || + (token->type == isc_tokentype_eof))) + return (ISC_R_SUCCESS); + if (token->type != isc_tokentype_number) { + isc_lex_ungettoken(lex, token); + if (token->type == isc_tokentype_eol || + token->type == isc_tokentype_eof) + return (ISC_R_UNEXPECTEDEND); + return (ISC_R_BADNUMBER); + } + return (ISC_R_SUCCESS); +} + void isc_lex_ungettoken(isc_lex_t *lex, isc_token_t *tokenp) { inputsource *source; diff --git a/contrib/bind-9.3/lib/isc/lfsr.c b/contrib/bind-9.5.2/lib/isc/lfsr.c similarity index 93% rename from contrib/bind-9.3/lib/isc/lfsr.c rename to contrib/bind-9.5.2/lib/isc/lfsr.c index 6d5b7ff823..0b8d782ec3 100644 --- a/contrib/bind-9.3/lib/isc/lfsr.c +++ b/contrib/bind-9.5.2/lib/isc/lfsr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lfsr.c,v 1.11.2.2.2.6 2005/10/14 01:38:50 marka Exp $ */ +/* $Id: lfsr.c,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -50,7 +52,7 @@ isc_lfsr_init(isc_lfsr_t *lfsr, isc_uint32_t state, unsigned int bits, lfsr->state = 0xffffffffU >> (32 - lfsr->bits); } -/* +/*! * Return the next state of the lfsr. */ static inline isc_uint32_t diff --git a/contrib/bind-9.3/lib/isc/lib.c b/contrib/bind-9.5.2/lib/isc/lib.c similarity index 89% rename from contrib/bind-9.3/lib/isc/lib.c rename to contrib/bind-9.5.2/lib/isc/lib.c index fa30abf13a..f3a2c2dc79 100644 --- a/contrib/bind-9.3/lib/isc/lib.c +++ b/contrib/bind-9.5.2/lib/isc/lib.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.c,v 1.8.12.3 2004/03/08 09:04:49 marka Exp $ */ +/* $Id: lib.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -53,7 +55,7 @@ void isc_lib_initmsgcat(void) { isc_result_t result; - /* + /*! * Initialize the ISC library's message catalog, isc_msgcat, if it * has not already been initialized. */ diff --git a/contrib/bind-9.3/lib/isc/log.c b/contrib/bind-9.5.2/lib/isc/log.c similarity index 98% rename from contrib/bind-9.3/lib/isc/log.c rename to contrib/bind-9.5.2/lib/isc/log.c index 511573bcc3..03d9624110 100644 --- a/contrib/bind-9.3/lib/isc/log.c +++ b/contrib/bind-9.5.2/lib/isc/log.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.70.2.8.2.14 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: log.c,v 1.94.128.5 2009/02/16 02:10:58 marka Exp $ */ -/* Principal Authors: DCL */ +/*! \file + * \author Principal Authors: DCL */ #include @@ -56,11 +57,11 @@ #define PATH_MAX 1024 /* AIX and others don't define this. */ #endif -/* +/*! * This is the structure that holds each named channel. A simple linked * list chains all of the channels together, so an individual channel is * found by doing strcmp()s with the names down the list. Their should - * be no peformance penalty from this as it is expected that the number + * be no performance penalty from this as it is expected that the number * of named channels will be no more than a dozen or so, and name lookups * from the head of the list are only done when isc_log_usechannel() is * called, which should also be very infrequent. @@ -76,7 +77,7 @@ struct isc_logchannel { ISC_LINK(isc_logchannel_t) link; }; -/* +/*! * The logchannellist structure associates categories and modules with * channels. First the appropriate channellist is found based on the * category, and then each structure in the linked list is checked for @@ -92,7 +93,7 @@ struct isc_logchannellist { ISC_LINK(isc_logchannellist_t) link; }; -/* +/*! * This structure is used to remember messages for pruning via * isc_log_[v]write1(). */ @@ -104,7 +105,7 @@ struct isc_logmessage { ISC_LINK(isc_logmessage_t) link; }; -/* +/*! * The isc_logconfig structure is used to store the configurable information * about where messages are actually supposed to be sent -- the information * that could changed based on some configuration file, as opposed to the @@ -123,11 +124,11 @@ struct isc_logconfig { isc_boolean_t dynamic; }; -/* +/*! * This isc_log structure provides the context for the isc_log functions. * The log context locks itself in isc_log_doit, the internal backend to * isc_log_write. The locking is necessary both to provide exclusive access - * to the the buffer into which the message is formatted and to guard against + * to the buffer into which the message is formatted and to guard against * competing threads trying to write to the same syslog resource. (On * some systems, such as BSD/OS, stdio is thread safe but syslog is not.) * Unfortunately, the lock cannot guard against a _different_ logging @@ -156,7 +157,7 @@ struct isc_log { ISC_LIST(isc_logmessage_t) messages; }; -/* +/*! * Used when ISC_LOG_PRINTLEVEL is enabled for a channel. */ static const char *log_level_strings[] = { @@ -168,7 +169,7 @@ static const char *log_level_strings[] = { "critical" }; -/* +/*! * Used to convert ISC_LOG_* priorities into syslog priorities. * XXXDCL This will need modification for NT. */ @@ -181,7 +182,7 @@ static const int syslog_map[] = { LOG_CRIT }; -/* +/*! * When adding new categories, a corresponding ISC_LOGCATEGORY_foo * definition needs to be added to . * @@ -195,30 +196,31 @@ LIBISC_EXTERNAL_DATA isc_logcategory_t isc_categories[] = { { NULL, 0 } }; -/* - * See above comment for categories, and apply it to modules. +/*! + * See above comment for categories on LIBISC_EXTERNAL_DATA, and apply it to modules. */ LIBISC_EXTERNAL_DATA isc_logmodule_t isc_modules[] = { { "socket", 0 }, { "time", 0 }, { "interface", 0 }, { "timer", 0 }, + { "file", 0 }, { NULL, 0 } }; -/* +/*! * This essentially constant structure must be filled in at run time, * because its channel member is pointed to a channel that is created * dynamically with isc_log_createchannel. */ static isc_logchannellist_t default_channel; -/* +/*! * libisc logs to this context. */ LIBISC_EXTERNAL_DATA isc_log_t *isc_lctx = NULL; -/* +/*! * Forward declarations. */ static isc_result_t @@ -241,7 +243,8 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, const char *format, va_list args) ISC_FORMAT_PRINTF(9, 0); -/* +/*@{*/ +/*! * Convenience macros. */ @@ -252,6 +255,7 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, #define FILE_MAXSIZE(channel) (channel->destination.file.maximum_size) #define FILE_MAXREACHED(channel) (channel->destination.file.maximum_reached) +/*@}*/ /**** **** Public interfaces. ****/ @@ -280,7 +284,11 @@ isc_log_create(isc_mem_t *mctx, isc_log_t **lctxp, isc_logconfig_t **lcfgp) { ISC_LIST_INIT(lctx->messages); - RUNTIME_CHECK(isc_mutex_init(&lctx->lock) == ISC_R_SUCCESS); + result = isc_mutex_init(&lctx->lock); + if (result != ISC_R_SUCCESS) { + isc_mem_put(mctx, lctx, sizeof(*lctx)); + return (result); + } /* * Normally setting the magic number is the last step done @@ -1441,7 +1449,7 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, LOCK(&lctx->lock); lctx->buffer[0] = '\0'; - + lcfg = lctx->logconfig; category_channels = ISC_LIST_HEAD(lcfg->channellists[category->id]); @@ -1500,7 +1508,7 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, if ((channel->flags & ISC_LOG_PRINTTIME) != 0 && time_string[0] == '\0') { isc_time_t isctime; - + TIME_NOW(&isctime); isc_time_formattimestamp(&isctime, time_string, sizeof(time_string)); @@ -1511,9 +1519,9 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, if (level < ISC_LOG_CRITICAL) snprintf(level_string, sizeof(level_string), isc_msgcat_get(isc_msgcat, - ISC_MSGSET_LOG, - ISC_MSG_LEVEL, - "level %d: "), + ISC_MSGSET_LOG, + ISC_MSG_LEVEL, + "level %d: "), level); else if (level > ISC_LOG_DYNAMIC) snprintf(level_string, sizeof(level_string), @@ -1693,8 +1701,8 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, printcategory ? category->name : "", printcategory ? ": " : "", printmodule ? (module != NULL ? module->name - : "no_module") - : "", + : "no_module") + : "", printmodule ? ": " : "", printlevel ? level_string : "", lctx->buffer); @@ -1736,8 +1744,8 @@ isc_log_doit(isc_log_t *lctx, isc_logcategory_t *category, printcategory ? category->name : "", printcategory ? ": " : "", printmodule ? (module != NULL ? module->name - : "no_module") - : "", + : "no_module") + : "", printmodule ? ": " : "", printlevel ? level_string : "", lctx->buffer); diff --git a/contrib/bind-9.3/lib/isc/md5.c b/contrib/bind-9.5.2/lib/isc/md5.c similarity index 95% rename from contrib/bind-9.3/lib/isc/md5.c rename to contrib/bind-9.5.2/lib/isc/md5.c index 863612b9ec..5004c3e4db 100644 --- a/contrib/bind-9.3/lib/isc/md5.c +++ b/contrib/bind-9.5.2/lib/isc/md5.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: md5.c,v 1.9.206.1 2004/03/06 08:14:32 marka Exp $ */ +/* $Id: md5.c,v 1.14 2007/06/19 23:47:17 tbox Exp $ */ -/* +/*! \file * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was * written by Colin Plumb in 1993, no copyright is claimed. @@ -54,7 +54,7 @@ byteSwap(isc_uint32_t *buf, unsigned words) } while (--words); } -/* +/*! * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * initialization constants. */ @@ -74,19 +74,21 @@ isc_md5_invalidate(isc_md5_t *ctx) { memset(ctx, 0, sizeof(isc_md5_t)); } -/* The four core functions - F1 is optimized somewhat */ +/*@{*/ +/*! The four core functions - F1 is optimized somewhat */ /* #define F1(x, y, z) (x & y | ~x & z) */ #define F1(x, y, z) (z ^ (x & (y ^ z))) #define F2(x, y, z) F1(z, x, y) #define F3(x, y, z) (x ^ y ^ z) #define F4(x, y, z) (y ^ (x | ~z)) +/*@}*/ -/* This is the central step in the MD5 algorithm. */ +/*! This is the central step in the MD5 algorithm. */ #define MD5STEP(f,w,x,y,z,in,s) \ (w += f(x,y,z) + in, w = (w<>(32-s)) + x) -/* +/*! * The core of the MD5 algorithm, this alters an existing MD5 hash to * reflect the addition of 16 longwords of new data. MD5Update blocks * the data and converts bytes into longwords for this routine. @@ -174,7 +176,7 @@ transform(isc_uint32_t buf[4], isc_uint32_t const in[16]) { buf[3] += d; } -/* +/*! * Update context to reflect the concatenation of another buffer full * of bytes. */ @@ -213,7 +215,7 @@ isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) { memcpy(ctx->in, buf, len); } -/* +/*! * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ diff --git a/contrib/bind-9.3/lib/isc/mem.c b/contrib/bind-9.5.2/lib/isc/mem.c similarity index 63% rename from contrib/bind-9.3/lib/isc/mem.c rename to contrib/bind-9.5.2/lib/isc/mem.c index f5069fb7dc..5bcd561727 100644 --- a/contrib/bind-9.3/lib/isc/mem.c +++ b/contrib/bind-9.5.2/lib/isc/mem.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mem.c,v 1.98.2.7.2.7 2005/03/17 03:58:32 marka Exp $ */ +/* $Id: mem.c,v 1.137.16.8 2009/02/16 03:17:29 marka Exp $ */ + +/*! \file */ #include @@ -28,35 +30,30 @@ #include #include #include +#include #include #include - #include +#include #include +#include + +#define MCTXLOCK(m, l) if (((m)->flags & ISC_MEMFLAG_NOLOCK) == 0) LOCK(l) +#define MCTXUNLOCK(m, l) if (((m)->flags & ISC_MEMFLAG_NOLOCK) == 0) UNLOCK(l) #ifndef ISC_MEM_DEBUGGING #define ISC_MEM_DEBUGGING 0 #endif LIBISC_EXTERNAL_DATA unsigned int isc_mem_debugging = ISC_MEM_DEBUGGING; -/* - * Define ISC_MEM_USE_INTERNAL_MALLOC=1 to use the internal malloc() - * implementation in preference to the system one. The internal malloc() - * is very space-efficient, and quite fast on uniprocessor systems. It - * performs poorly on multiprocessor machines. - */ -#ifndef ISC_MEM_USE_INTERNAL_MALLOC -#define ISC_MEM_USE_INTERNAL_MALLOC 0 -#endif - /* * Constants. */ #define DEF_MAX_SIZE 1100 #define DEF_MEM_TARGET 4096 -#define ALIGNMENT_SIZE 8 /* must be a power of 2 */ -#define NUM_BASIC_BLOCKS 64 /* must be > 1 */ +#define ALIGNMENT_SIZE 8U /*%< must be a power of 2 */ +#define NUM_BASIC_BLOCKS 64 /*%< must be > 1 */ #define TABLE_INCREMENT 1024 #define DEBUGLIST_COUNT 1024 @@ -87,11 +84,12 @@ struct element { }; typedef struct { - /* + /*! * This structure must be ALIGNMENT_SIZE bytes. */ union { size_t size; + isc_mem_t *ctx; char bytes[ALIGNMENT_SIZE]; } u; } size_info; @@ -99,10 +97,8 @@ typedef struct { struct stats { unsigned long gets; unsigned long totalgets; -#if ISC_MEM_USE_INTERNAL_MALLOC unsigned long blocks; unsigned long freefrags; -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ }; #define MEM_MAGIC ISC_MAGIC('M', 'e', 'm', 'C') @@ -112,9 +108,22 @@ struct stats { typedef ISC_LIST(debuglink_t) debuglist_t; #endif +/* List of all active memory contexts. */ + +static ISC_LIST(isc_mem_t) contexts; +static isc_once_t once = ISC_ONCE_INIT; +static isc_mutex_t lock; + +/*% + * Total size of lost memory due to a bug of external library. + * Locked by the global lock. + */ +static isc_uint64_t totallost; + struct isc_mem { unsigned int magic; isc_ondestroy_t ondestroy; + unsigned int flags; isc_mutex_t lock; isc_memalloc_t memalloc; isc_memfree_t memfree; @@ -123,6 +132,8 @@ struct isc_mem { isc_boolean_t checkfree; struct stats * stats; unsigned int references; + char name[16]; + void * tag; size_t quota; size_t total; size_t inuse; @@ -133,8 +144,9 @@ struct isc_mem { isc_mem_water_t water; void * water_arg; ISC_LIST(isc_mempool_t) pools; + unsigned int poolcnt; -#if ISC_MEM_USE_INTERNAL_MALLOC + /* ISC_MEMFLAG_INTERNAL */ size_t mem_target; element ** freelists; element * basic_blocks; @@ -143,13 +155,14 @@ struct isc_mem { unsigned int basic_table_size; unsigned char * lowest; unsigned char * highest; -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ #if ISC_MEM_TRACKLINES debuglist_t * debuglist; + unsigned int debuglistcnt; #endif unsigned int memalloc_failures; + ISC_LINK(isc_mem_t) link; }; #define MEMPOOL_MAGIC ISC_MAGIC('M', 'E', 'M', 'p') @@ -157,24 +170,24 @@ struct isc_mem { struct isc_mempool { /* always unlocked */ - unsigned int magic; /* magic number */ - isc_mutex_t *lock; /* optional lock */ - isc_mem_t *mctx; /* our memory context */ - /* locked via the memory context's lock */ - ISC_LINK(isc_mempool_t) link; /* next pool in this mem context */ - /* optionally locked from here down */ - element *items; /* low water item list */ - size_t size; /* size of each item on this pool */ - unsigned int maxalloc; /* max number of items allowed */ - unsigned int allocated; /* # of items currently given out */ - unsigned int freecount; /* # of items on reserved list */ - unsigned int freemax; /* # of items allowed on free list */ - unsigned int fillcount; /* # of items to fetch on each fill */ - /* Stats only. */ - unsigned int gets; /* # of requests to this pool */ - /* Debugging only. */ + unsigned int magic; /*%< magic number */ + isc_mutex_t *lock; /*%< optional lock */ + isc_mem_t *mctx; /*%< our memory context */ + /*%< locked via the memory context's lock */ + ISC_LINK(isc_mempool_t) link; /*%< next pool in this mem context */ + /*%< optionally locked from here down */ + element *items; /*%< low water item list */ + size_t size; /*%< size of each item on this pool */ + unsigned int maxalloc; /*%< max number of items allowed */ + unsigned int allocated; /*%< # of items currently given out */ + unsigned int freecount; /*%< # of items on reserved list */ + unsigned int freemax; /*%< # of items allowed on free list */ + unsigned int fillcount; /*%< # of items to fetch on each fill */ + /*%< Stats only. */ + unsigned int gets; /*%< # of requests to this pool */ + /*%< Debugging only. */ #if ISC_MEMPOOL_NAMES - char name[16]; /* printed name in stats reports */ + char name[16]; /*%< printed name in stats reports */ #endif }; @@ -191,14 +204,14 @@ struct isc_mempool { if ((isc_mem_debugging & (ISC_MEM_DEBUGTRACE | \ ISC_MEM_DEBUGRECORD)) != 0 && \ b != NULL) \ - add_trace_entry(a, b, c, d, e); \ + add_trace_entry(a, b, c, d, e); \ } while (0) #define DELETE_TRACE(a, b, c, d, e) delete_trace_entry(a, b, c, d, e) static void print_active(isc_mem_t *ctx, FILE *out); -/* +/*! * mctx must be locked. */ static inline void @@ -257,6 +270,7 @@ add_trace_entry(isc_mem_t *mctx, const void *ptr, unsigned int size dl->count = 1; ISC_LIST_PREPEND(mctx->debuglist[size], dl, link); + mctx->debuglistcnt++; } static inline void @@ -309,24 +323,23 @@ delete_trace_entry(isc_mem_t *mctx, const void *ptr, unsigned int size, } #endif /* ISC_MEM_TRACKLINES */ -#if ISC_MEM_USE_INTERNAL_MALLOC static inline size_t rmsize(size_t size) { /* - * round down to ALIGNMENT_SIZE + * round down to ALIGNMENT_SIZE */ return (size & (~(ALIGNMENT_SIZE - 1))); } static inline size_t quantize(size_t size) { - /* + /*! * Round up the result in order to get a size big * enough to satisfy the request and be aligned on ALIGNMENT_SIZE * byte boundaries. */ - if (size == 0) + if (size == 0U) return (ALIGNMENT_SIZE); return ((size + ALIGNMENT_SIZE - 1) & (~(ALIGNMENT_SIZE - 1))); } @@ -347,7 +360,7 @@ more_basic_blocks(isc_mem_t *ctx) { * Did we hit the quota for this context? */ increment = NUM_BASIC_BLOCKS * ctx->mem_target; - if (ctx->quota != 0 && ctx->total + increment > ctx->quota) + if (ctx->quota != 0U && ctx->total + increment > ctx->quota) return (ISC_FALSE); INSIST(ctx->basic_table_count <= ctx->basic_table_size); @@ -408,7 +421,7 @@ more_frags(isc_mem_t *ctx, size_t new_size) { void *new; unsigned char *curr, *next; - /* + /*! * Try to get more fragments by chopping up a basic block. */ @@ -448,7 +461,7 @@ more_frags(isc_mem_t *ctx, size_t new_size) { * Add the remaining fragment of the basic block to a free list. */ total_size = rmsize(total_size); - if (total_size > 0) { + if (total_size > 0U) { ((element *)next)->next = ctx->freelists[total_size]; ctx->freelists[total_size] = (element *)next; ctx->stats[total_size].freefrags++; @@ -472,7 +485,7 @@ mem_getunlocked(isc_mem_t *ctx, size_t size) { /* * memget() was called on something beyond our upper limit. */ - if (ctx->quota != 0 && ctx->total + size > ctx->quota) { + if (ctx->quota != 0U && ctx->total + size > ctx->quota) { ret = NULL; goto done; } @@ -556,7 +569,7 @@ mem_putunlocked(isc_mem_t *ctx, void *mem, size_t size) { memset(mem, 0xde, size); /* Mnemonic for "dead". */ #endif (ctx->memfree)(ctx->arg, mem); - INSIST(ctx->stats[ctx->max_size].gets != 0); + INSIST(ctx->stats[ctx->max_size].gets != 0U); ctx->stats[ctx->max_size].gets--; INSIST(size <= ctx->total); ctx->inuse -= size; @@ -583,15 +596,13 @@ mem_putunlocked(isc_mem_t *ctx, void *mem, size_t size) { * max. size (max_size) ends up getting recorded as a call to * max_size. */ - INSIST(ctx->stats[size].gets != 0); + INSIST(ctx->stats[size].gets != 0U); ctx->stats[size].gets--; ctx->stats[new_size].freefrags++; ctx->inuse -= new_size; } -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - -/* +/*! * Perform a malloc, doing memory filling and overrun detection as necessary. */ static inline void * @@ -604,7 +615,7 @@ mem_get(isc_mem_t *ctx, size_t size) { ret = (ctx->memalloc)(ctx->arg, size); if (ret == NULL) - ctx->memalloc_failures++; + ctx->memalloc_failures++; #if ISC_MEM_FILL if (ret != NULL) @@ -619,7 +630,7 @@ mem_get(isc_mem_t *ctx, size_t size) { return (ret); } -/* +/*! * Perform a free, doing memory filling and overrun detection as necessary. */ static inline void @@ -635,7 +646,7 @@ mem_put(isc_mem_t *ctx, void *mem, size_t size) { (ctx->memfree)(ctx->arg, mem); } -/* +/*! * Update internal counters after a memory get. */ static inline void @@ -652,7 +663,7 @@ mem_getstats(isc_mem_t *ctx, size_t size) { } } -/* +/*! * Update internal counters after a memory put. */ static inline void @@ -671,8 +682,6 @@ mem_putstats(isc_mem_t *ctx, void *ptr, size_t size) { } } -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ - /* * Private. */ @@ -691,6 +700,13 @@ default_memfree(void *arg, void *ptr) { free(ptr); } +static void +initialize_action(void) { + RUNTIME_CHECK(isc_mutex_init(&lock) == ISC_R_SUCCESS); + ISC_LIST_INIT(contexts); + totallost = 0; +} + /* * Public. */ @@ -699,6 +715,16 @@ isc_result_t isc_mem_createx(size_t init_max_size, size_t target_size, isc_memalloc_t memalloc, isc_memfree_t memfree, void *arg, isc_mem_t **ctxp) +{ + return (isc_mem_createx2(init_max_size, target_size, memalloc, memfree, + arg, ctxp, ISC_MEMFLAG_DEFAULT)); + +} + +isc_result_t +isc_mem_createx2(size_t init_max_size, size_t target_size, + isc_memalloc_t memalloc, isc_memfree_t memfree, void *arg, + isc_mem_t **ctxp, unsigned int flags) { isc_mem_t *ctx; isc_result_t result; @@ -709,28 +735,28 @@ isc_mem_createx(size_t init_max_size, size_t target_size, INSIST((ALIGNMENT_SIZE & (ALIGNMENT_SIZE - 1)) == 0); -#if !ISC_MEM_USE_INTERNAL_MALLOC - UNUSED(target_size); -#endif + RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); ctx = (memalloc)(arg, sizeof(*ctx)); if (ctx == NULL) return (ISC_R_NOMEMORY); - if (isc_mutex_init(&ctx->lock) != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - (memfree)(arg, ctx); - return (ISC_R_UNEXPECTED); + if ((flags & ISC_MEMFLAG_NOLOCK) == 0) { + result = isc_mutex_init(&ctx->lock); + if (result != ISC_R_SUCCESS) { + (memfree)(arg, ctx); + return (result); + } } if (init_max_size == 0U) ctx->max_size = DEF_MAX_SIZE; else ctx->max_size = init_max_size; + ctx->flags = flags; ctx->references = 1; + memset(ctx->name, 0, sizeof(ctx->name)); + ctx->tag = NULL; ctx->quota = 0; ctx->total = 0; ctx->inuse = 0; @@ -749,12 +775,17 @@ isc_mem_createx(size_t init_max_size, size_t target_size, ctx->checkfree = ISC_TRUE; #if ISC_MEM_TRACKLINES ctx->debuglist = NULL; + ctx->debuglistcnt = 0; #endif ISC_LIST_INIT(ctx->pools); - -#if ISC_MEM_USE_INTERNAL_MALLOC + ctx->poolcnt = 0; ctx->freelists = NULL; -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + ctx->basic_blocks = NULL; + ctx->basic_table = NULL; + ctx->basic_table_count = 0; + ctx->basic_table_size = 0; + ctx->lowest = NULL; + ctx->highest = NULL; ctx->stats = (memalloc)(arg, (ctx->max_size+1) * sizeof(struct stats)); @@ -764,25 +795,20 @@ isc_mem_createx(size_t init_max_size, size_t target_size, } memset(ctx->stats, 0, (ctx->max_size + 1) * sizeof(struct stats)); -#if ISC_MEM_USE_INTERNAL_MALLOC - if (target_size == 0) - ctx->mem_target = DEF_MEM_TARGET; - else - ctx->mem_target = target_size; - ctx->freelists = (memalloc)(arg, ctx->max_size * sizeof(element *)); - if (ctx->freelists == NULL) { - result = ISC_R_NOMEMORY; - goto error; + if ((flags & ISC_MEMFLAG_INTERNAL) != 0) { + if (target_size == 0U) + ctx->mem_target = DEF_MEM_TARGET; + else + ctx->mem_target = target_size; + ctx->freelists = (memalloc)(arg, ctx->max_size * + sizeof(element *)); + if (ctx->freelists == NULL) { + result = ISC_R_NOMEMORY; + goto error; + } + memset(ctx->freelists, 0, + ctx->max_size * sizeof(element *)); } - memset(ctx->freelists, 0, - ctx->max_size * sizeof(element *)); - ctx->basic_blocks = NULL; - ctx->basic_table = NULL; - ctx->basic_table_count = 0; - ctx->basic_table_size = 0; - ctx->lowest = NULL; - ctx->highest = NULL; -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ #if ISC_MEM_TRACKLINES if ((isc_mem_debugging & ISC_MEM_DEBUGRECORD) != 0) { @@ -801,6 +827,10 @@ isc_mem_createx(size_t init_max_size, size_t target_size, ctx->memalloc_failures = 0; + LOCK(&lock); + ISC_LIST_INITANDAPPEND(contexts, ctx, link); + UNLOCK(&lock); + *ctxp = ctx; return (ISC_R_SUCCESS); @@ -808,15 +838,14 @@ isc_mem_createx(size_t init_max_size, size_t target_size, if (ctx != NULL) { if (ctx->stats != NULL) (memfree)(arg, ctx->stats); -#if ISC_MEM_USE_INTERNAL_MALLOC if (ctx->freelists != NULL) (memfree)(arg, ctx->freelists); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ #if ISC_MEM_TRACKLINES if (ctx->debuglist != NULL) (ctx->memfree)(ctx->arg, ctx->debuglist); #endif /* ISC_MEM_TRACKLINES */ - DESTROYLOCK(&ctx->lock); + if ((ctx->flags & ISC_MEMFLAG_NOLOCK) == 0) + DESTROYLOCK(&ctx->lock); (memfree)(arg, ctx); } @@ -827,9 +856,18 @@ isc_result_t isc_mem_create(size_t init_max_size, size_t target_size, isc_mem_t **ctxp) { - return (isc_mem_createx(init_max_size, target_size, - default_memalloc, default_memfree, NULL, - ctxp)); + return (isc_mem_createx2(init_max_size, target_size, + default_memalloc, default_memfree, NULL, + ctxp, ISC_MEMFLAG_DEFAULT)); +} + +isc_result_t +isc_mem_create2(size_t init_max_size, size_t target_size, + isc_mem_t **ctxp, unsigned int flags) +{ + return (isc_mem_createx2(init_max_size, target_size, + default_memalloc, default_memfree, NULL, + ctxp, flags)); } static void @@ -839,9 +877,12 @@ destroy(isc_mem_t *ctx) { ctx->magic = 0; -#if ISC_MEM_USE_INTERNAL_MALLOC + LOCK(&lock); + ISC_LIST_UNLINK(contexts, ctx, link); + totallost += ctx->inuse; + UNLOCK(&lock); + INSIST(ISC_LIST_EMPTY(ctx->pools)); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ #if ISC_MEM_TRACKLINES if (ctx->debuglist != NULL) { @@ -859,7 +900,7 @@ destroy(isc_mem_t *ctx) { dl != NULL; dl = ISC_LIST_HEAD(ctx->debuglist[i])) { ISC_LIST_UNLINK(ctx->debuglist[i], - dl, link); + dl, link); free(dl); } } @@ -880,16 +921,18 @@ destroy(isc_mem_t *ctx) { (ctx->memfree)(ctx->arg, ctx->stats); -#if ISC_MEM_USE_INTERNAL_MALLOC - for (i = 0; i < ctx->basic_table_count; i++) - (ctx->memfree)(ctx->arg, ctx->basic_table[i]); - (ctx->memfree)(ctx->arg, ctx->freelists); - (ctx->memfree)(ctx->arg, ctx->basic_table); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + for (i = 0; i < ctx->basic_table_count; i++) + (ctx->memfree)(ctx->arg, ctx->basic_table[i]); + (ctx->memfree)(ctx->arg, ctx->freelists); + if (ctx->basic_table != NULL) + (ctx->memfree)(ctx->arg, ctx->basic_table); + } ondest = ctx->ondestroy; - DESTROYLOCK(&ctx->lock); + if ((ctx->flags & ISC_MEMFLAG_NOLOCK) == 0) + DESTROYLOCK(&ctx->lock); (ctx->memfree)(ctx->arg, ctx); isc_ondestroy_notify(&ondest, ctx); @@ -900,9 +943,9 @@ isc_mem_attach(isc_mem_t *source, isc_mem_t **targetp) { REQUIRE(VALID_CONTEXT(source)); REQUIRE(targetp != NULL && *targetp == NULL); - LOCK(&source->lock); + MCTXLOCK(source, &source->lock); source->references++; - UNLOCK(&source->lock); + MCTXUNLOCK(source, &source->lock); *targetp = source; } @@ -916,12 +959,12 @@ isc_mem_detach(isc_mem_t **ctxp) { ctx = *ctxp; REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); INSIST(ctx->references > 0); ctx->references--; if (ctx->references == 0) want_destroy = ISC_TRUE; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); if (want_destroy) destroy(ctx); @@ -943,6 +986,8 @@ void isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) { isc_mem_t *ctx; isc_boolean_t want_destroy = ISC_FALSE; + size_info *si; + size_t oldsize; REQUIRE(ctxp != NULL); ctx = *ctxp; @@ -955,14 +1000,35 @@ isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) { */ *ctxp = NULL; -#if ISC_MEM_USE_INTERNAL_MALLOC - LOCK(&ctx->lock); - mem_putunlocked(ctx, ptr, size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - mem_put(ctx, ptr, size); - LOCK(&ctx->lock); - mem_putstats(ctx, ptr, size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0) { + if ((isc_mem_debugging & ISC_MEM_DEBUGSIZE) != 0) { + si = &(((size_info *)ptr)[-1]); + oldsize = si->u.size - ALIGNMENT_SIZE; + if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) + oldsize -= ALIGNMENT_SIZE; + INSIST(oldsize == size); + } + isc__mem_free(ctx, ptr FLARG_PASS); + + MCTXLOCK(ctx, &ctx->lock); + ctx->references--; + if (ctx->references == 0) + want_destroy = ISC_TRUE; + MCTXUNLOCK(ctx, &ctx->lock); + if (want_destroy) + destroy(ctx); + + return; + } + + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + MCTXLOCK(ctx, &ctx->lock); + mem_putunlocked(ctx, ptr, size); + } else { + mem_put(ctx, ptr, size); + MCTXLOCK(ctx, &ctx->lock); + mem_putstats(ctx, ptr, size); + } DELETE_TRACE(ctx, ptr, size, file, line); INSIST(ctx->references > 0); @@ -970,7 +1036,7 @@ isc__mem_putanddetach(isc_mem_t **ctxp, void *ptr, size_t size FLARG) { if (ctx->references == 0) want_destroy = ISC_TRUE; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); if (want_destroy) destroy(ctx); @@ -989,14 +1055,14 @@ isc_mem_destroy(isc_mem_t **ctxp) { ctx = *ctxp; REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); #if ISC_MEM_TRACKLINES if (ctx->references != 1) print_active(ctx, stderr); #endif REQUIRE(ctx->references == 1); ctx->references--; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); destroy(ctx); @@ -1007,9 +1073,9 @@ isc_result_t isc_mem_ondestroy(isc_mem_t *ctx, isc_task_t *task, isc_event_t **event) { isc_result_t res; - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); res = isc_ondestroy_register(&ctx->ondestroy, task, event); - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); return (res); } @@ -1022,20 +1088,22 @@ isc__mem_get(isc_mem_t *ctx, size_t size FLARG) { REQUIRE(VALID_CONTEXT(ctx)); -#if ISC_MEM_USE_INTERNAL_MALLOC - LOCK(&ctx->lock); - ptr = mem_getunlocked(ctx, size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - ptr = mem_get(ctx, size); - LOCK(&ctx->lock); - if (ptr != NULL) - mem_getstats(ctx, size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0) + return (isc__mem_allocate(ctx, size FLARG_PASS)); + + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + MCTXLOCK(ctx, &ctx->lock); + ptr = mem_getunlocked(ctx, size); + } else { + ptr = mem_get(ctx, size); + MCTXLOCK(ctx, &ctx->lock); + if (ptr != NULL) + mem_getstats(ctx, size); + } ADD_TRACE(ctx, ptr, size, file, line); if (ctx->hi_water != 0U && !ctx->hi_called && ctx->inuse > ctx->hi_water) { - ctx->hi_called = ISC_TRUE; call_water = ISC_TRUE; } if (ctx->inuse > ctx->maxinuse) { @@ -1045,7 +1113,7 @@ isc__mem_get(isc_mem_t *ctx, size_t size FLARG) { fprintf(stderr, "maxinuse = %lu\n", (unsigned long)ctx->inuse); } - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); if (call_water) (ctx->water)(ctx->water_arg, ISC_MEM_HIWATER); @@ -1057,18 +1125,32 @@ void isc__mem_put(isc_mem_t *ctx, void *ptr, size_t size FLARG) { isc_boolean_t call_water = ISC_FALSE; + size_info *si; + size_t oldsize; REQUIRE(VALID_CONTEXT(ctx)); REQUIRE(ptr != NULL); -#if ISC_MEM_USE_INTERNAL_MALLOC - LOCK(&ctx->lock); - mem_putunlocked(ctx, ptr, size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - mem_put(ctx, ptr, size); - LOCK(&ctx->lock); - mem_putstats(ctx, ptr, size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((isc_mem_debugging & (ISC_MEM_DEBUGSIZE|ISC_MEM_DEBUGCTX)) != 0) { + if ((isc_mem_debugging & ISC_MEM_DEBUGSIZE) != 0) { + si = &(((size_info *)ptr)[-1]); + oldsize = si->u.size - ALIGNMENT_SIZE; + if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) + oldsize -= ALIGNMENT_SIZE; + INSIST(oldsize == size); + } + isc__mem_free(ctx, ptr FLARG_PASS); + return; + } + + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + MCTXLOCK(ctx, &ctx->lock); + mem_putunlocked(ctx, ptr, size); + } else { + mem_put(ctx, ptr, size); + MCTXLOCK(ctx, &ctx->lock); + mem_putstats(ctx, ptr, size); + } DELETE_TRACE(ctx, ptr, size, file, line); @@ -1077,19 +1159,29 @@ isc__mem_put(isc_mem_t *ctx, void *ptr, size_t size FLARG) * when the context was pushed over hi_water but then had * isc_mem_setwater() called with 0 for hi_water and lo_water. */ - if (ctx->hi_called && + if (ctx->hi_called && (ctx->inuse < ctx->lo_water || ctx->lo_water == 0U)) { - ctx->hi_called = ISC_FALSE; - if (ctx->water != NULL) call_water = ISC_TRUE; } - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); if (call_water) (ctx->water)(ctx->water_arg, ISC_MEM_LOWATER); } +void +isc_mem_waterack(isc_mem_t *ctx, int flag) { + REQUIRE(VALID_CONTEXT(ctx)); + + MCTXLOCK(ctx, &ctx->lock); + if (flag == ISC_MEM_LOWATER) + ctx->hi_called = ISC_FALSE; + else if (flag == ISC_MEM_HIWATER) + ctx->hi_called = ISC_TRUE; + MCTXUNLOCK(ctx, &ctx->lock); +} + #if ISC_MEM_TRACKLINES static void print_active(isc_mem_t *mctx, FILE *out) { @@ -1099,17 +1191,17 @@ print_active(isc_mem_t *mctx, FILE *out) { const char *format; isc_boolean_t found; - fprintf(out, isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, + fprintf(out, "%s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, ISC_MSG_DUMPALLOC, "Dump of all outstanding " "memory allocations:\n")); found = ISC_FALSE; format = isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, - ISC_MSG_PTRFILELINE, + ISC_MSG_PTRFILELINE, "\tptr %p size %u file %s line %u\n"); for (i = 0; i <= mctx->max_size; i++) { dl = ISC_LIST_HEAD(mctx->debuglist[i]); - + if (dl != NULL) found = ISC_TRUE; @@ -1125,7 +1217,7 @@ print_active(isc_mem_t *mctx, FILE *out) { } } if (!found) - fprintf(out, isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, + fprintf(out, "%s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, ISC_MSG_NONE, "\tNone.\n")); } } @@ -1141,7 +1233,7 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) { const isc_mempool_t *pool; REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); for (i = 0; i <= ctx->max_size; i++) { s = &ctx->stats[i]; @@ -1151,11 +1243,10 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) { fprintf(out, "%s%5lu: %11lu gets, %11lu rem", (i == ctx->max_size) ? ">=" : " ", (unsigned long) i, s->totalgets, s->gets); -#if ISC_MEM_USE_INTERNAL_MALLOC - if (s->blocks != 0 || s->freefrags != 0) + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0 && + (s->blocks != 0U || s->freefrags != 0U)) fprintf(out, " (%lu bl, %lu ff)", s->blocks, s->freefrags); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ fputc('\n', out); } @@ -1168,7 +1259,7 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) { */ pool = ISC_LIST_HEAD(ctx->pools); if (pool != NULL) { - fprintf(out, isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, + fprintf(out, "%s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_MEM, ISC_MSG_POOLSTATS, "[Pool statistics]\n")); fprintf(out, "%15s %10s %10s %10s %10s %10s %10s %10s %1s\n", @@ -1203,7 +1294,7 @@ isc_mem_stats(isc_mem_t *ctx, FILE *out) { print_active(ctx, out); #endif - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); } /* @@ -1216,13 +1307,20 @@ isc__mem_allocateunlocked(isc_mem_t *ctx, size_t size) { size_info *si; size += ALIGNMENT_SIZE; -#if ISC_MEM_USE_INTERNAL_MALLOC - si = mem_getunlocked(ctx, size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - si = mem_get(ctx, size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) + size += ALIGNMENT_SIZE; + + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) + si = mem_getunlocked(ctx, size); + else + si = mem_get(ctx, size); + if (si == NULL) return (NULL); + if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) { + si->u.ctx = ctx; + si++; + } si->u.size = size; return (&si[1]); } @@ -1230,51 +1328,122 @@ isc__mem_allocateunlocked(isc_mem_t *ctx, size_t size) { void * isc__mem_allocate(isc_mem_t *ctx, size_t size FLARG) { size_info *si; + isc_boolean_t call_water = ISC_FALSE; REQUIRE(VALID_CONTEXT(ctx)); -#if ISC_MEM_USE_INTERNAL_MALLOC - LOCK(&ctx->lock); - si = isc__mem_allocateunlocked(ctx, size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - si = isc__mem_allocateunlocked(ctx, size); - LOCK(&ctx->lock); - if (si != NULL) - mem_getstats(ctx, si[-1].u.size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + MCTXLOCK(ctx, &ctx->lock); + si = isc__mem_allocateunlocked(ctx, size); + } else { + si = isc__mem_allocateunlocked(ctx, size); + MCTXLOCK(ctx, &ctx->lock); + if (si != NULL) + mem_getstats(ctx, si[-1].u.size); + } #if ISC_MEM_TRACKLINES ADD_TRACE(ctx, si, si[-1].u.size, file, line); #endif + if (ctx->hi_water != 0U && !ctx->hi_called && + ctx->inuse > ctx->hi_water) { + ctx->hi_called = ISC_TRUE; + call_water = ISC_TRUE; + } + if (ctx->inuse > ctx->maxinuse) { + ctx->maxinuse = ctx->inuse; + if (ctx->hi_water != 0U && ctx->inuse > ctx->hi_water && + (isc_mem_debugging & ISC_MEM_DEBUGUSAGE) != 0) + fprintf(stderr, "maxinuse = %lu\n", + (unsigned long)ctx->inuse); + } + MCTXUNLOCK(ctx, &ctx->lock); - UNLOCK(&ctx->lock); + if (call_water) + (ctx->water)(ctx->water_arg, ISC_MEM_HIWATER); return (si); } +void * +isc__mem_reallocate(isc_mem_t *ctx, void *ptr, size_t size FLARG) { + void *new_ptr = NULL; + size_t oldsize, copysize; + + REQUIRE(VALID_CONTEXT(ctx)); + + /* + * This function emulates the realloc(3) standard library function: + * - if size > 0, allocate new memory; and if ptr is non NULL, copy + * as much of the old contents to the new buffer and free the old one. + * Note that when allocation fails the original pointer is intact; + * the caller must free it. + * - if size is 0 and ptr is non NULL, simply free the given ptr. + * - this function returns: + * pointer to the newly allocated memory, or + * NULL if allocation fails or doesn't happen. + */ + if (size > 0U) { + new_ptr = isc__mem_allocate(ctx, size FLARG_PASS); + if (new_ptr != NULL && ptr != NULL) { + oldsize = (((size_info *)ptr)[-1]).u.size; + INSIST(oldsize >= ALIGNMENT_SIZE); + oldsize -= ALIGNMENT_SIZE; + copysize = oldsize > size ? size : oldsize; + memcpy(new_ptr, ptr, copysize); + isc__mem_free(ctx, ptr FLARG_PASS); + } + } else if (ptr != NULL) + isc__mem_free(ctx, ptr FLARG_PASS); + + return (new_ptr); +} + void isc__mem_free(isc_mem_t *ctx, void *ptr FLARG) { size_info *si; size_t size; + isc_boolean_t call_water= ISC_FALSE; REQUIRE(VALID_CONTEXT(ctx)); REQUIRE(ptr != NULL); - si = &(((size_info *)ptr)[-1]); - size = si->u.size; + if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) { + si = &(((size_info *)ptr)[-2]); + REQUIRE(si->u.ctx == ctx); + size = si[1].u.size; + } else { + si = &(((size_info *)ptr)[-1]); + size = si->u.size; + } -#if ISC_MEM_USE_INTERNAL_MALLOC - LOCK(&ctx->lock); - mem_putunlocked(ctx, si, size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - mem_put(ctx, si, size); - LOCK(&ctx->lock); - mem_putstats(ctx, si, size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + MCTXLOCK(ctx, &ctx->lock); + mem_putunlocked(ctx, si, size); + } else { + mem_put(ctx, si, size); + MCTXLOCK(ctx, &ctx->lock); + mem_putstats(ctx, si, size); + } DELETE_TRACE(ctx, ptr, size, file, line); - UNLOCK(&ctx->lock); + /* + * The check against ctx->lo_water == 0 is for the condition + * when the context was pushed over hi_water but then had + * isc_mem_setwater() called with 0 for hi_water and lo_water. + */ + if (ctx->hi_called && + (ctx->inuse < ctx->lo_water || ctx->lo_water == 0U)) { + ctx->hi_called = ISC_FALSE; + + if (ctx->water != NULL) + call_water = ISC_TRUE; + } + MCTXUNLOCK(ctx, &ctx->lock); + + if (call_water) + (ctx->water)(ctx->water_arg, ISC_MEM_LOWATER); } @@ -1303,11 +1472,11 @@ isc__mem_strdup(isc_mem_t *mctx, const char *s FLARG) { void isc_mem_setdestroycheck(isc_mem_t *ctx, isc_boolean_t flag) { REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); ctx->checkfree = flag; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); } /* @@ -1317,11 +1486,11 @@ isc_mem_setdestroycheck(isc_mem_t *ctx, isc_boolean_t flag) { void isc_mem_setquota(isc_mem_t *ctx, size_t quota) { REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); ctx->quota = quota; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); } size_t @@ -1329,11 +1498,11 @@ isc_mem_getquota(isc_mem_t *ctx) { size_t quota; REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); quota = ctx->quota; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); return (quota); } @@ -1343,39 +1512,78 @@ isc_mem_inuse(isc_mem_t *ctx) { size_t inuse; REQUIRE(VALID_CONTEXT(ctx)); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); inuse = ctx->inuse; - UNLOCK(&ctx->lock); + MCTXUNLOCK(ctx, &ctx->lock); return (inuse); } void isc_mem_setwater(isc_mem_t *ctx, isc_mem_water_t water, void *water_arg, - size_t hiwater, size_t lowater) + size_t hiwater, size_t lowater) { + isc_boolean_t callwater = ISC_FALSE; + isc_mem_water_t oldwater; + void *oldwater_arg; + REQUIRE(VALID_CONTEXT(ctx)); REQUIRE(hiwater >= lowater); - LOCK(&ctx->lock); + MCTXLOCK(ctx, &ctx->lock); + oldwater = ctx->water; + oldwater_arg = ctx->water_arg; if (water == NULL) { + callwater = ctx->hi_called; ctx->water = NULL; ctx->water_arg = NULL; ctx->hi_water = 0; ctx->lo_water = 0; ctx->hi_called = ISC_FALSE; } else { + if (ctx->hi_called && + (ctx->water != water || ctx->water_arg != water_arg || + ctx->inuse < lowater || lowater == 0U)) + callwater = ISC_TRUE; ctx->water = water; ctx->water_arg = water_arg; ctx->hi_water = hiwater; ctx->lo_water = lowater; ctx->hi_called = ISC_FALSE; } + MCTXUNLOCK(ctx, &ctx->lock); + + if (callwater && oldwater != NULL) + (oldwater)(oldwater_arg, ISC_MEM_LOWATER); +} + +void +isc_mem_setname(isc_mem_t *ctx, const char *name, void *tag) { + REQUIRE(VALID_CONTEXT(ctx)); + + LOCK(&ctx->lock); + memset(ctx->name, 0, sizeof(ctx->name)); + strncpy(ctx->name, name, sizeof(ctx->name) - 1); + ctx->tag = tag; UNLOCK(&ctx->lock); } +const char * +isc_mem_getname(isc_mem_t *ctx) { + REQUIRE(VALID_CONTEXT(ctx)); + + return (ctx->name); +} + +void * +isc_mem_gettag(isc_mem_t *ctx) { + REQUIRE(VALID_CONTEXT(ctx)); + + return (ctx->tag); +} + /* * Memory pool stuff */ @@ -1413,9 +1621,10 @@ isc_mempool_create(isc_mem_t *mctx, size_t size, isc_mempool_t **mpctxp) { *mpctxp = mpctx; - LOCK(&mctx->lock); + MCTXLOCK(mctx, &mctx->lock); ISC_LIST_INITANDAPPEND(mctx->pools, mpctx, link); - UNLOCK(&mctx->lock); + mctx->poolcnt++; + MCTXUNLOCK(mctx, &mctx->lock); return (ISC_R_SUCCESS); } @@ -1468,28 +1677,29 @@ isc_mempool_destroy(isc_mempool_t **mpctxp) { /* * Return any items on the free list */ - LOCK(&mctx->lock); + MCTXLOCK(mctx, &mctx->lock); while (mpctx->items != NULL) { INSIST(mpctx->freecount > 0); mpctx->freecount--; item = mpctx->items; mpctx->items = item->next; -#if ISC_MEM_USE_INTERNAL_MALLOC - mem_putunlocked(mctx, item, mpctx->size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - mem_put(mctx, item, mpctx->size); - mem_putstats(mctx, item, mpctx->size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + mem_putunlocked(mctx, item, mpctx->size); + } else { + mem_put(mctx, item, mpctx->size); + mem_putstats(mctx, item, mpctx->size); + } } - UNLOCK(&mctx->lock); + MCTXUNLOCK(mctx, &mctx->lock); /* * Remove our linked list entry from the memory context. */ - LOCK(&mctx->lock); + MCTXLOCK(mctx, &mctx->lock); ISC_LIST_UNLINK(mctx->pools, mpctx, link); - UNLOCK(&mctx->lock); + mctx->poolcnt--; + MCTXUNLOCK(mctx, &mctx->lock); mpctx->magic = 0; @@ -1548,22 +1758,22 @@ isc__mempool_get(isc_mempool_t *mpctx FLARG) { * We need to dip into the well. Lock the memory context here and * fill up our free list. */ - LOCK(&mctx->lock); + MCTXLOCK(mctx, &mctx->lock); for (i = 0; i < mpctx->fillcount; i++) { -#if ISC_MEM_USE_INTERNAL_MALLOC - item = mem_getunlocked(mctx, mpctx->size); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - item = mem_get(mctx, mpctx->size); - if (item != NULL) - mem_getstats(mctx, mpctx->size); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + item = mem_getunlocked(mctx, mpctx->size); + } else { + item = mem_get(mctx, mpctx->size); + if (item != NULL) + mem_getstats(mctx, mpctx->size); + } if (item == NULL) break; item->next = mpctx->items; mpctx->items = item; mpctx->freecount++; } - UNLOCK(&mctx->lock); + MCTXUNLOCK(mctx, &mctx->lock); /* * If we didn't get any items, return NULL. @@ -1583,9 +1793,9 @@ isc__mempool_get(isc_mempool_t *mpctx FLARG) { #if ISC_MEM_TRACKLINES if (item != NULL) { - LOCK(&mctx->lock); + MCTXLOCK(mctx, &mctx->lock); ADD_TRACE(mctx, item, mpctx->size, file, line); - UNLOCK(&mctx->lock); + MCTXUNLOCK(mctx, &mctx->lock); } #endif /* ISC_MEM_TRACKLINES */ @@ -1609,25 +1819,25 @@ isc__mempool_put(isc_mempool_t *mpctx, void *mem FLARG) { mpctx->allocated--; #if ISC_MEM_TRACKLINES - LOCK(&mctx->lock); + MCTXLOCK(mctx, &mctx->lock); DELETE_TRACE(mctx, mem, mpctx->size, file, line); - UNLOCK(&mctx->lock); + MCTXUNLOCK(mctx, &mctx->lock); #endif /* ISC_MEM_TRACKLINES */ /* * If our free list is full, return this to the mctx directly. */ if (mpctx->freecount >= mpctx->freemax) { -#if ISC_MEM_USE_INTERNAL_MALLOC - LOCK(&mctx->lock); - mem_putunlocked(mctx, mem, mpctx->size); - UNLOCK(&mctx->lock); -#else /* ISC_MEM_USE_INTERNAL_MALLOC */ - mem_put(mctx, mem, mpctx->size); - LOCK(&mctx->lock); - mem_putstats(mctx, mem, mpctx->size); - UNLOCK(&mctx->lock); -#endif /* ISC_MEM_USE_INTERNAL_MALLOC */ + if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + MCTXLOCK(mctx, &mctx->lock); + mem_putunlocked(mctx, mem, mpctx->size); + MCTXUNLOCK(mctx, &mctx->lock); + } else { + mem_put(mctx, mem, mpctx->size); + MCTXLOCK(mctx, &mctx->lock); + mem_putstats(mctx, mem, mpctx->size); + MCTXUNLOCK(mctx, &mctx->lock); + } if (mpctx->lock != NULL) UNLOCK(mpctx->lock); return; @@ -1775,3 +1985,209 @@ isc_mempool_getfillcount(isc_mempool_t *mpctx) { return (fillcount); } + +void +isc_mem_printactive(isc_mem_t *ctx, FILE *file) { + + REQUIRE(VALID_CONTEXT(ctx)); + REQUIRE(file != NULL); + +#if !ISC_MEM_TRACKLINES + UNUSED(ctx); + UNUSED(file); +#else + print_active(ctx, file); +#endif +} + +void +isc_mem_printallactive(FILE *file) { +#if !ISC_MEM_TRACKLINES + UNUSED(file); +#else + isc_mem_t *ctx; + + RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); + + LOCK(&lock); + for (ctx = ISC_LIST_HEAD(contexts); + ctx != NULL; + ctx = ISC_LIST_NEXT(ctx, link)) { + fprintf(file, "context: %p\n", ctx); + print_active(ctx, file); + } + UNLOCK(&lock); +#endif +} + +void +isc_mem_checkdestroyed(FILE *file) { + + RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); + + LOCK(&lock); + if (!ISC_LIST_EMPTY(contexts)) { +#if ISC_MEM_TRACKLINES + isc_mem_t *ctx; + + for (ctx = ISC_LIST_HEAD(contexts); + ctx != NULL; + ctx = ISC_LIST_NEXT(ctx, link)) { + fprintf(file, "context: %p\n", ctx); + print_active(ctx, file); + } + fflush(file); +#endif + INSIST(0); + } + UNLOCK(&lock); +} + +#ifdef HAVE_LIBXML2 + +typedef struct summarystat { + isc_uint64_t total; + isc_uint64_t inuse; + isc_uint64_t blocksize; + isc_uint64_t contextsize; +} summarystat_t; + +static void +renderctx(isc_mem_t *ctx, summarystat_t *summary, xmlTextWriterPtr writer) { + REQUIRE(VALID_CONTEXT(ctx)); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "context"); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "id"); + xmlTextWriterWriteFormatString(writer, "%p", ctx); + xmlTextWriterEndElement(writer); /* id */ + + if (ctx->name[0] != 0) { + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteFormatString(writer, "%s", ctx->name); + xmlTextWriterEndElement(writer); /* name */ + } + + REQUIRE(VALID_CONTEXT(ctx)); + MCTXLOCK(ctx, &ctx->lock); + + summary->contextsize += sizeof(*ctx) + + (ctx->max_size + 1) * sizeof(struct stats) + + ctx->max_size * sizeof(element *) + + ctx->basic_table_count * sizeof(char *); +#if ISC_MEM_TRACKLINES + if (ctx->debuglist != NULL) { + summary->contextsize += + (ctx->max_size + 1) * sizeof(debuglist_t) + + ctx->debuglistcnt * sizeof(debuglink_t); + } +#endif + xmlTextWriterStartElement(writer, ISC_XMLCHAR "references"); + xmlTextWriterWriteFormatString(writer, "%d", ctx->references); + xmlTextWriterEndElement(writer); /* references */ + + summary->total += ctx->total; + xmlTextWriterStartElement(writer, ISC_XMLCHAR "total"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + (isc_uint64_t)ctx->total); + xmlTextWriterEndElement(writer); /* total */ + + summary->inuse += ctx->inuse; + xmlTextWriterStartElement(writer, ISC_XMLCHAR "inuse"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + (isc_uint64_t)ctx->inuse); + xmlTextWriterEndElement(writer); /* inuse */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "maxinuse"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + (isc_uint64_t)ctx->maxinuse); + xmlTextWriterEndElement(writer); /* maxinuse */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "blocksize"); + if ((ctx->flags & ISC_MEMFLAG_INTERNAL) != 0) { + summary->blocksize += ctx->basic_table_count * + NUM_BASIC_BLOCKS * ctx->mem_target; + xmlTextWriterWriteFormatString(writer, + "%" ISC_PRINT_QUADFORMAT "u", + (isc_uint64_t) + ctx->basic_table_count * + NUM_BASIC_BLOCKS * + ctx->mem_target); + } else + xmlTextWriterWriteFormatString(writer, "%s", "-"); + xmlTextWriterEndElement(writer); /* blocksize */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "pools"); + xmlTextWriterWriteFormatString(writer, "%u", ctx->poolcnt); + xmlTextWriterEndElement(writer); /* pools */ + summary->contextsize += ctx->poolcnt * sizeof(isc_mempool_t); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "hiwater"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + (isc_uint64_t)ctx->hi_water); + xmlTextWriterEndElement(writer); /* hiwater */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "lowater"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + (isc_uint64_t)ctx->lo_water); + xmlTextWriterEndElement(writer); /* lowater */ + + MCTXUNLOCK(ctx, &ctx->lock); + + xmlTextWriterEndElement(writer); /* context */ +} + +void +isc_mem_renderxml(xmlTextWriterPtr writer) { + isc_mem_t *ctx; + summarystat_t summary; + isc_uint64_t lost; + + memset(&summary, 0, sizeof(summary)); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "contexts"); + + RUNTIME_CHECK(isc_once_do(&once, initialize_action) == ISC_R_SUCCESS); + + LOCK(&lock); + lost = totallost; + for (ctx = ISC_LIST_HEAD(contexts); + ctx != NULL; + ctx = ISC_LIST_NEXT(ctx, link)) { + renderctx(ctx, &summary, writer); + } + UNLOCK(&lock); + + xmlTextWriterEndElement(writer); /* contexts */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "summary"); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "TotalUse"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + summary.total); + xmlTextWriterEndElement(writer); /* TotalUse */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "InUse"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + summary.inuse); + xmlTextWriterEndElement(writer); /* InUse */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "BlockSize"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + summary.blocksize); + xmlTextWriterEndElement(writer); /* BlockSize */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "ContextSize"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + summary.contextsize); + xmlTextWriterEndElement(writer); /* ContextSize */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "Lost"); + xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", + lost); + xmlTextWriterEndElement(writer); /* Lost */ + + xmlTextWriterEndElement(writer); /* summary */ +} + +#endif /* HAVE_LIBXML2 */ diff --git a/contrib/bind-9.5.2/lib/isc/mips/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/mips/include/isc/atomic.h new file mode 100644 index 0000000000..bb739f7404 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/mips/include/isc/atomic.h @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.3 2007/06/19 23:47:18 tbox Exp $ */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +#ifdef ISC_PLATFORM_USEGCCASM +/* + * This routine atomically increments the value stored in 'p' by 'val', and + * returns the previous value. + */ +static inline isc_int32_t +isc_atomic_xadd(isc_int32_t *p, int val) { + isc_int32_t orig; + + /* add is a cheat, since MIPS has no mov instruction */ + __asm__ volatile ( + "1:" + "ll $3, %1\n" + "add %0, $0, $3\n" + "add $3, $3, %2\n" + "sc $3, %1\n" + "beq $3, 0, 1b" + : "=&r"(orig) + : "m"(*p), "r"(val) + : "memory", "$3" + ); + + return (orig); +} + +/* + * This routine atomically stores the value 'val' in 'p'. + */ +static inline void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + __asm__ volatile ( + "1:" + "ll $3, %0\n" + "add $3, $0, %1\n" + "sc $3, %0\n" + "beq $3, 0, 1b" + : + : "m"(*p), "r"(val) + : "memory", "$3" + ); +} + +/* + * This routine atomically replaces the value in 'p' with 'val', if the + * original value is equal to 'cmpval'. The original value is returned in any + * case. + */ +static inline isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) { + isc_int32_t orig; + + __asm__ volatile( + "1:" + "ll $3, %1\n" + "add %0, $0, $3\n" + "bne $3, %2, 2f\n" + "add $3, $0, %3\n" + "sc $3, %1\n" + "beq $3, 0, 1b\n" + "2:" + : "=&r"(orig) + : "m"(*p), "r"(cmpval), "r"(val) + : "memory", "$3" + ); + + return (orig); +} + +#else /* !ISC_PLATFORM_USEGCCASM */ + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.3/lib/isc/mutexblock.c b/contrib/bind-9.5.2/lib/isc/mutexblock.c similarity index 85% rename from contrib/bind-9.3/lib/isc/mutexblock.c rename to contrib/bind-9.5.2/lib/isc/mutexblock.c index dc7c23d868..d45ad0e1e4 100644 --- a/contrib/bind-9.3/lib/isc/mutexblock.c +++ b/contrib/bind-9.5.2/lib/isc/mutexblock.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutexblock.c,v 1.14.12.3 2004/03/08 09:04:49 marka Exp $ */ +/* $Id: mutexblock.c,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/netaddr.c b/contrib/bind-9.5.2/lib/isc/netaddr.c similarity index 79% rename from contrib/bind-9.3/lib/isc/netaddr.c rename to contrib/bind-9.5.2/lib/isc/netaddr.c index 712ad2c134..85dd53e03e 100644 --- a/contrib/bind-9.3/lib/isc/netaddr.c +++ b/contrib/bind-9.5.2/lib/isc/netaddr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: netaddr.c,v 1.18.12.9 2004/05/15 03:46:12 jinmei Exp $ */ +/* $Id: netaddr.c,v 1.38 2007/06/18 23:47:44 tbox Exp $ */ + +/*! \file */ #include @@ -51,6 +53,12 @@ isc_netaddr_equal(const isc_netaddr_t *a, const isc_netaddr_t *b) { a->zone != b->zone) return (ISC_FALSE); break; +#ifdef ISC_PLATFORM_HAVESYSUNH + case AF_UNIX: + if (strcmp(a->type.un, b->type.un) != 0) + return (ISC_FALSE); + break; +#endif default: return (ISC_FALSE); } @@ -71,7 +79,7 @@ isc_netaddr_eqprefix(const isc_netaddr_t *a, const isc_netaddr_t *b, if (a->family != b->family) return (ISC_FALSE); - if (a->zone != b->zone) + if (a->zone != b->zone && b->zone != 0) return (ISC_FALSE); switch (a->family) { @@ -135,6 +143,16 @@ isc_netaddr_totext(const isc_netaddr_t *netaddr, isc_buffer_t *target) { case AF_INET6: type = &netaddr->type.in6; break; +#ifdef ISC_PLATFORM_HAVESYSUNH + case AF_UNIX: + alen = strlen(netaddr->type.un); + if (alen > isc_buffer_availablelength(target)) + return (ISC_R_NOSPACE); + isc_buffer_putmem(target, + (const unsigned char *)(netaddr->type.un), + alen); + return (ISC_R_SUCCESS); +#endif default: return (ISC_R_FAILURE); } @@ -190,6 +208,42 @@ isc_netaddr_format(const isc_netaddr_t *na, char *array, unsigned int size) { } } + +isc_result_t +isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) { + static const unsigned char zeros[16]; + unsigned int nbits, nbytes, ipbytes; + const unsigned char *p; + + switch (na->family) { + case AF_INET: + p = (const unsigned char *) &na->type.in; + ipbytes = 4; + if (prefixlen > 32) + return (ISC_R_RANGE); + break; + case AF_INET6: + p = (const unsigned char *) &na->type.in6; + ipbytes = 16; + if (prefixlen > 128) + return (ISC_R_RANGE); + break; + default: + ipbytes = 0; + return (ISC_R_NOTIMPLEMENTED); + } + nbytes = prefixlen / 8; + nbits = prefixlen % 8; + if (nbits != 0) { + if ((p[nbytes] & (0xff>>nbits)) != 0U) + return (ISC_R_FAILURE); + nbytes++; + } + if (memcmp(p + nbytes, zeros, ipbytes - nbytes) != 0) + return (ISC_R_FAILURE); + return (ISC_R_SUCCESS); +} + isc_result_t isc_netaddr_masktoprefixlen(const isc_netaddr_t *s, unsigned int *lenp) { unsigned int nbits, nbytes, ipbytes, i; @@ -246,6 +300,25 @@ isc_netaddr_fromin6(isc_netaddr_t *netaddr, const struct in6_addr *ina6) { netaddr->type.in6 = *ina6; } +isc_result_t +isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path) { +#ifdef ISC_PLATFORM_HAVESYSUNH + if (strlen(path) > sizeof(netaddr->type.un) - 1) + return (ISC_R_NOSPACE); + + memset(netaddr, 0, sizeof(*netaddr)); + netaddr->family = AF_UNIX; + strcpy(netaddr->type.un, path); + netaddr->zone = 0; + return (ISC_R_SUCCESS); +#else + UNUSED(netaddr); + UNUSED(path); + return (ISC_R_NOTIMPLEMENTED); +#endif +} + + void isc_netaddr_setzone(isc_netaddr_t *netaddr, isc_uint32_t zone) { /* we currently only support AF_INET6. */ @@ -276,6 +349,12 @@ isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) { t->zone = 0; #endif break; +#ifdef ISC_PLATFORM_HAVESYSUNH + case AF_UNIX: + memcpy(t->type.un, s->type.sunix.sun_path, sizeof(t->type.un)); + t->zone = 0; + break; +#endif default: INSIST(0); } diff --git a/contrib/bind-9.3/lib/isc/netscope.c b/contrib/bind-9.5.2/lib/isc/netscope.c similarity index 90% rename from contrib/bind-9.3/lib/isc/netscope.c rename to contrib/bind-9.5.2/lib/isc/netscope.c index 8df448399c..9aa11db9a8 100644 --- a/contrib/bind-9.3/lib/isc/netscope.c +++ b/contrib/bind-9.5.2/lib/isc/netscope.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/*! \file */ + #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = - "$Id: netscope.c,v 1.5.142.9 2006/08/25 05:25:50 marka Exp $"; + "$Id: netscope.c,v 1.13 2007/06/19 23:47:17 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include diff --git a/contrib/bind-9.3/lib/isc/nls/msgcat.c b/contrib/bind-9.5.2/lib/isc/nls/msgcat.c similarity index 91% rename from contrib/bind-9.3/lib/isc/nls/msgcat.c rename to contrib/bind-9.5.2/lib/isc/nls/msgcat.c index 906e26e907..3d6b6764d5 100644 --- a/contrib/bind-9.3/lib/isc/nls/msgcat.c +++ b/contrib/bind-9.5.2/lib/isc/nls/msgcat.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: msgcat.c,v 1.10.12.6 2005/06/09 23:54:31 marka Exp $ */ +/* $Id: msgcat.c,v 1.18 2007/06/19 23:47:18 tbox Exp $ */ -/* - * Principal Author: Bob Halley +/*! \file msgcat.c + * + * \author Principal Author: Bob Halley */ #include diff --git a/contrib/bind-9.3/lib/dns/rbtdb64.c b/contrib/bind-9.5.2/lib/isc/noatomic/include/isc/atomic.h similarity index 67% rename from contrib/bind-9.3/lib/dns/rbtdb64.c rename to contrib/bind-9.5.2/lib/isc/noatomic/include/isc/atomic.h index f41ab37c4a..942ba036e2 100644 --- a/contrib/bind-9.3/lib/dns/rbtdb64.c +++ b/contrib/bind-9.5.2/lib/isc/noatomic/include/isc/atomic.h @@ -1,8 +1,7 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +14,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb64.c,v 1.6.206.1 2004/03/06 08:13:42 marka Exp $ */ +/* $Id: atomic.h,v 1.4 2007/06/19 23:47:18 tbox Exp $ */ -#define DNS_RBTDB_VERSION64 1 -#include "rbtdb.c" +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +/* This file is inherently empty. */ + +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.3/lib/isc/nothreads/condition.c b/contrib/bind-9.5.2/lib/isc/nothreads/condition.c similarity index 78% rename from contrib/bind-9.3/lib/isc/nothreads/condition.c rename to contrib/bind-9.5.2/lib/isc/nothreads/condition.c index 395d52f7d3..9be8f835f4 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/condition.c +++ b/contrib/bind-9.5.2/lib/isc/nothreads/condition.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: condition.c,v 1.4.12.5 2006/08/25 05:25:50 marka Exp $ */ +/* $Id: condition.c,v 1.10 2007/06/19 23:47:18 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/isc/nothreads/include/isc/condition.h b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/condition.h similarity index 90% rename from contrib/bind-9.3/lib/isc/nothreads/include/isc/condition.h rename to contrib/bind-9.5.2/lib/isc/nothreads/include/isc/condition.h index b899a82679..b269f82fc0 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/include/isc/condition.h +++ b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/condition.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: condition.h,v 1.3.206.1 2004/03/06 08:14:52 marka Exp $ */ +/* $Id: condition.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */ /* * This provides a limited subset of the isc_condition_t diff --git a/contrib/bind-9.3/lib/isc/nothreads/include/isc/mutex.h b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/mutex.h similarity index 86% rename from contrib/bind-9.3/lib/isc/nothreads/include/isc/mutex.h rename to contrib/bind-9.5.2/lib/isc/nothreads/include/isc/mutex.h index c80a945b83..1f2187b8b5 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/include/isc/mutex.h +++ b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/mutex.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutex.h,v 1.3.206.1 2004/03/06 08:14:53 marka Exp $ */ +/* $Id: mutex.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_MUTEX_H #define ISC_MUTEX_H 1 diff --git a/contrib/bind-9.3/lib/isc/nothreads/include/isc/once.h b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/once.h similarity index 82% rename from contrib/bind-9.3/lib/isc/nothreads/include/isc/once.h rename to contrib/bind-9.5.2/lib/isc/nothreads/include/isc/once.h index 9f54ac8fda..ab705a4a47 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/include/isc/once.h +++ b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/once.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: once.h,v 1.3.206.1 2004/03/06 08:14:53 marka Exp $ */ +/* $Id: once.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_ONCE_H #define ISC_ONCE_H 1 diff --git a/contrib/bind-9.3/lib/isc/nothreads/include/isc/thread.h b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/thread.h similarity index 82% rename from contrib/bind-9.3/lib/isc/nothreads/include/isc/thread.h rename to contrib/bind-9.5.2/lib/isc/nothreads/include/isc/thread.h index e045b98b5b..313bc5f959 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/include/isc/thread.h +++ b/contrib/bind-9.5.2/lib/isc/nothreads/include/isc/thread.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: thread.h,v 1.3.206.1 2004/03/06 08:14:53 marka Exp $ */ +/* $Id: thread.h,v 1.6 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_THREAD_H #define ISC_THREAD_H 1 diff --git a/contrib/bind-9.3/lib/isc/nothreads/mutex.c b/contrib/bind-9.5.2/lib/isc/nothreads/mutex.c similarity index 78% rename from contrib/bind-9.3/lib/isc/nothreads/mutex.c rename to contrib/bind-9.5.2/lib/isc/nothreads/mutex.c index a707947fe9..50ba0f4d65 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/mutex.c +++ b/contrib/bind-9.5.2/lib/isc/nothreads/mutex.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutex.c,v 1.4.12.5 2006/08/25 05:25:50 marka Exp $ */ +/* $Id: mutex.c,v 1.10 2007/06/19 23:47:18 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/isc/nothreads/thread.c b/contrib/bind-9.5.2/lib/isc/nothreads/thread.c similarity index 80% rename from contrib/bind-9.3/lib/isc/nothreads/thread.c rename to contrib/bind-9.5.2/lib/isc/nothreads/thread.c index 1aea72ad85..9075e25513 100644 --- a/contrib/bind-9.3/lib/isc/nothreads/thread.c +++ b/contrib/bind-9.5.2/lib/isc/nothreads/thread.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: thread.c,v 1.2.206.1 2004/03/06 08:14:52 marka Exp $ */ +/* $Id: thread.c,v 1.5 2007/06/19 23:47:18 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/isc/ondestroy.c b/contrib/bind-9.5.2/lib/isc/ondestroy.c similarity index 89% rename from contrib/bind-9.3/lib/isc/ondestroy.c rename to contrib/bind-9.5.2/lib/isc/ondestroy.c index aacb8f2db6..32a75e1f94 100644 --- a/contrib/bind-9.3/lib/isc/ondestroy.c +++ b/contrib/bind-9.5.2/lib/isc/ondestroy.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ondestroy.c,v 1.11.206.1 2004/03/06 08:14:33 marka Exp $ */ +/* $Id: ondestroy.c,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/parseint.c b/contrib/bind-9.5.2/lib/isc/parseint.c similarity index 89% rename from contrib/bind-9.3/lib/isc/parseint.c rename to contrib/bind-9.5.2/lib/isc/parseint.c index fe74e57c3e..266d44cec5 100644 --- a/contrib/bind-9.3/lib/isc/parseint.c +++ b/contrib/bind-9.5.2/lib/isc/parseint.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: parseint.c,v 1.3.26.5 2004/03/08 09:04:49 marka Exp $ */ +/* $Id: parseint.c,v 1.8 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/isc/portset.c b/contrib/bind-9.5.2/lib/isc/portset.c new file mode 100644 index 0000000000..ad154f3502 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/portset.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: portset.c,v 1.2.2.3 2008/06/24 23:26:49 marka Exp $ */ + +/*! \file */ + +#include + +#include +#include +#include +#include +#include + +#define ISC_PORTSET_BUFSIZE (65536 / (sizeof(isc_uint32_t) * 8)) + +/*% + * Internal representation of portset. It's an array of 32-bit integers, each + * bit corresponding to a single port in the ascending order. For example, + * the second most significant bit of buf[0] corresponds to port 1. + */ +struct isc_portset { + unsigned int nports; /*%< number of ports in the set */ + isc_uint32_t buf[ISC_PORTSET_BUFSIZE]; +}; + +static inline isc_boolean_t +portset_isset(isc_portset_t *portset, in_port_t port) { + return (ISC_TF((portset->buf[port >> 5] & (1 << (port & 31))) != 0)); +} + +static inline void +portset_add(isc_portset_t *portset, in_port_t port) { + if (!portset_isset(portset, port)) { + portset->nports++; + portset->buf[port >> 5] |= (1 << (port & 31)); + } +} + +static inline void +portset_remove(isc_portset_t *portset, in_port_t port) { + if (portset_isset(portset, port)) { + portset->nports--; + portset->buf[port >> 5] &= ~(1 << (port & 31)); + } +} + +isc_result_t +isc_portset_create(isc_mem_t *mctx, isc_portset_t **portsetp) { + isc_portset_t *portset; + + REQUIRE(portsetp != NULL && *portsetp == NULL); + + portset = isc_mem_get(mctx, sizeof(*portset)); + if (portset == NULL) + return (ISC_R_NOMEMORY); + + /* Make the set 'empty' by default */ + memset(portset, 0, sizeof(*portset)); + *portsetp = portset; + + return (ISC_R_SUCCESS); +} + +void +isc_portset_destroy(isc_mem_t *mctx, isc_portset_t **portsetp) { + isc_portset_t *portset; + + REQUIRE(portsetp != NULL); + portset = *portsetp; + + isc_mem_put(mctx, portset, sizeof(*portset)); +} + +isc_boolean_t +isc_portset_isset(isc_portset_t *portset, in_port_t port) { + REQUIRE(portset != NULL); + + return (portset_isset(portset, port)); +} + +unsigned int +isc_portset_nports(isc_portset_t *portset) { + REQUIRE(portset != NULL); + + return (portset->nports); +} + +void +isc_portset_add(isc_portset_t *portset, in_port_t port) { + REQUIRE(portset != NULL); + + portset_add(portset, port); +} + +void +isc_portset_remove(isc_portset_t *portset, in_port_t port) { + portset_remove(portset, port); +} + +void +isc_portset_addrange(isc_portset_t *portset, in_port_t port_lo, + in_port_t port_hi) +{ + in_port_t p; + + REQUIRE(portset != NULL); + REQUIRE(port_lo <= port_hi); + + p = port_lo; + do { + portset_add(portset, p); + } while (p++ < port_hi); +} + +void +isc_portset_removerange(isc_portset_t *portset, in_port_t port_lo, + in_port_t port_hi) +{ + in_port_t p; + + REQUIRE(portset != NULL); + REQUIRE(port_lo <= port_hi); + + p = port_lo; + do { + portset_remove(portset, p); + } while (p++ < port_hi); +} diff --git a/contrib/bind-9.5.2/lib/isc/powerpc/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/powerpc/include/isc/atomic.h new file mode 100644 index 0000000000..765cb6d72a --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/powerpc/include/isc/atomic.h @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.6 2007/06/18 23:47:47 tbox Exp $ */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +/*!\file + * static inline isc_int32_t + * isc_atomic_xadd(isc_int32_t *p, isc_int32_t val); + * + * This routine atomically increments the value stored in 'p' by 'val', and + * returns the previous value. + * + * static inline void + * isc_atomic_store(void *p, isc_int32_t val); + * + * This routine atomically stores the value 'val' in 'p'. + * + * static inline isc_int32_t + * isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val); + * + * This routine atomically replaces the value in 'p' with 'val', if the + * original value is equal to 'cmpval'. The original value is returned in any + * case. + */ + +#if defined(_AIX) + +#include + +#define isc_atomic_xadd(p, v) fetch_and_add(p, v) +#define isc_atomic_store(p, v) _clear_lock(p, v) + +#ifdef __GNUC__ +static inline int +#else +static int +#endif +isc_atomic_cmpxchg(atomic_p p, int old, int new) { + int orig = old; + +#ifdef __GNUC__ + asm("ics"); +#else + __isync(); +#endif + if (compare_and_swap(p, &orig, new)) + return (old); + return (orig); +} + +#elif defined(ISC_PLATFORM_USEGCCASM) || defined(ISC_PLATFORM_USEMACASM) +static inline isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + isc_int32_t orig; + + __asm__ volatile ( +#ifdef ISC_PLATFORM_USEMACASM + "1:" + "lwarx r6, 0, %1\n" + "mr %0, r6\n" + "add r6, r6, %2\n" + "stwcx. r6, 0, %1\n" + "bne- 1b" +#else + "1:" + "lwarx 6, 0, %1\n" + "mr %0, 6\n" + "add 6, 6, %2\n" + "stwcx. 6, 0, %1\n" + "bne- 1b" +#endif + : "=&r"(orig) + : "r"(p), "r"(val) + : "r6", "memory" + ); + + return (orig); +} + +static inline void +isc_atomic_store(void *p, isc_int32_t val) { + __asm__ volatile ( +#ifdef ISC_PLATFORM_USEMACASM + "1:" + "lwarx r6, 0, %0\n" + "lwz r6, %1\n" + "stwcx. r6, 0, %0\n" + "bne- 1b" +#else + "1:" + "lwarx 6, 0, %0\n" + "lwz 6, %1\n" + "stwcx. 6, 0, %0\n" + "bne- 1b" +#endif + : + : "r"(p), "m"(val) + : "r6", "memory" + ); +} + +static inline isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + isc_int32_t orig; + + __asm__ volatile ( +#ifdef ISC_PLATFORM_USEMACASM + "1:" + "lwarx r6, 0, %1\n" + "mr %0,r6\n" + "cmpw r6, %2\n" + "bne 2f\n" + "mr r6, %3\n" + "stwcx. r6, 0, %1\n" + "bne- 1b\n" + "2:" +#else + "1:" + "lwarx 6, 0, %1\n" + "mr %0,6\n" + "cmpw 6, %2\n" + "bne 2f\n" + "mr 6, %3\n" + "stwcx. 6, 0, %1\n" + "bne- 1b\n" + "2:" +#endif + : "=&r" (orig) + : "r"(p), "r"(cmpval), "r"(val) + : "r6", "memory" + ); + + return (orig); +} + +#else + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.3/lib/isc/print.c b/contrib/bind-9.5.2/lib/isc/print.c similarity index 82% rename from contrib/bind-9.3/lib/isc/print.c rename to contrib/bind-9.5.2/lib/isc/print.c index ee50b29e5d..a64aaf536a 100644 --- a/contrib/bind-9.3/lib/isc/print.c +++ b/contrib/bind-9.5.2/lib/isc/print.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print.c,v 1.22.2.3.2.4 2006/04/17 18:27:20 explorer Exp $ */ +/* $Id: print.c,v 1.33.128.2 2008/02/18 23:46:30 tbox Exp $ */ /*! \file */ @@ -246,8 +246,24 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { head = ""; tmpui = tmpi; } - sprintf(buf, "%" ISC_PRINT_QUADFORMAT "u", - tmpui); + if (tmpui <= 0xffffffffU) + sprintf(buf, "%lu", + (unsigned long)tmpui); + else { + unsigned long mid; + unsigned long lo; + unsigned long hi; + lo = tmpui % 1000000000; + tmpui /= 1000000000; + mid = tmpui % 1000000000; + hi = tmpui / 1000000000; + if (hi != 0) + sprintf(buf, "%lu", hi); + else + buf[0] = '\n'; + sprintf(buf + strlen(buf), "%lu", mid); + sprintf(buf + strlen(buf), "%lu", lo); + } goto printint; case 'o': if (q) @@ -256,10 +272,29 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { tmpui = va_arg(ap, long int); else tmpui = va_arg(ap, int); - sprintf(buf, - alt ? "%#" ISC_PRINT_QUADFORMAT "o" - : "%" ISC_PRINT_QUADFORMAT "o", - tmpui); + if (tmpui <= 0xffffffffU) + sprintf(buf, alt ? "%#lo" : "%lo", + (unsigned long)tmpui); + else { + unsigned long mid; + unsigned long lo; + unsigned long hi; + lo = tmpui % 010000000000; + tmpui /= 010000000000; + mid = tmpui % 010000000000; + hi = tmpui / 010000000000; + if (hi != 0) { + sprintf(buf, + alt ? "%#lo" : "%lo", + hi); + sprintf(buf + strlen(buf), + "%lo", mid); + } else + sprintf(buf, + alt ? "%#lo" : "%lo", + mid); + sprintf(buf + strlen(buf), "%lo", lo); + } goto printint; case 'u': if (q) @@ -268,8 +303,24 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { tmpui = va_arg(ap, unsigned long int); else tmpui = va_arg(ap, unsigned int); - sprintf(buf, "%" ISC_PRINT_QUADFORMAT "u", - tmpui); + if (tmpui <= 0xffffffffU) + sprintf(buf, "%lu", + (unsigned long)tmpui); + else { + unsigned long mid; + unsigned long lo; + unsigned long hi; + lo = tmpui % 1000000000; + tmpui /= 1000000000; + mid = tmpui % 1000000000; + hi = tmpui / 1000000000; + if (hi != 0) + sprintf(buf, "%lu", hi); + else + buf[0] = '\n'; + sprintf(buf + strlen(buf), "%lu", mid); + sprintf(buf + strlen(buf), "%lu", lo); + } goto printint; case 'x': if (q) @@ -283,8 +334,15 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { if (precision > 2) precision -= 2; } - sprintf(buf, "%" ISC_PRINT_QUADFORMAT "x", - tmpui); + if (tmpui <= 0xffffffffU) + sprintf(buf, "%lx", + (unsigned long)tmpui); + else { + unsigned long hi = tmpui>>32; + unsigned long lo = tmpui & 0xffffffff; + sprintf(buf, "%lx", hi); + sprintf(buf + strlen(buf), "%lx", lo); + } goto printint; case 'X': if (q) @@ -298,8 +356,15 @@ isc_print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { if (precision > 2) precision -= 2; } - sprintf(buf, "%" ISC_PRINT_QUADFORMAT "X", - tmpui); + if (tmpui <= 0xffffffffU) + sprintf(buf, "%lX", + (unsigned long)tmpui); + else { + unsigned long hi = tmpui>>32; + unsigned long lo = tmpui & 0xffffffff; + sprintf(buf, "%lX", hi); + sprintf(buf + strlen(buf), "%lX", lo); + } goto printint; printint: if (precision != 0 || width != 0) { diff --git a/contrib/bind-9.3/lib/isc/pthreads/condition.c b/contrib/bind-9.5.2/lib/isc/pthreads/condition.c similarity index 89% rename from contrib/bind-9.3/lib/isc/pthreads/condition.c rename to contrib/bind-9.5.2/lib/isc/pthreads/condition.c index 489980c1f5..50281a2b87 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/condition.c +++ b/contrib/bind-9.5.2/lib/isc/pthreads/condition.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: condition.c,v 1.30.2.1.10.1 2004/03/06 08:14:53 marka Exp $ */ +/* $Id: condition.c,v 1.36 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file */ #include @@ -44,7 +46,7 @@ isc_condition_waituntil(isc_condition_t *c, isc_mutex_t *m, isc_time_t *t) { if (result != ISC_R_SUCCESS) return (result); - /* + /*! * POSIX defines a timespec's tv_nsec as long. isc_time_nanoseconds * ensures its return value is < 1 billion, which will fit in a long. */ diff --git a/contrib/bind-9.3/lib/isc/pthreads/include/isc/condition.h b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/condition.h similarity index 88% rename from contrib/bind-9.3/lib/isc/pthreads/include/isc/condition.h rename to contrib/bind-9.5.2/lib/isc/pthreads/include/isc/condition.h index c33772f1a1..04a61185d1 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/include/isc/condition.h +++ b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/condition.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: condition.h,v 1.21.206.1 2004/03/06 08:14:56 marka Exp $ */ +/* $Id: condition.h,v 1.26 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_CONDITION_H #define ISC_CONDITION_H 1 +/*! \file */ + #include #include #include diff --git a/contrib/bind-9.3/lib/isc/pthreads/include/isc/mutex.h b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/mutex.h similarity index 87% rename from contrib/bind-9.3/lib/isc/pthreads/include/isc/mutex.h rename to contrib/bind-9.5.2/lib/isc/pthreads/include/isc/mutex.h index f6e526d8b2..dd7d326872 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/include/isc/mutex.h +++ b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/mutex.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutex.h,v 1.23.26.3 2004/03/08 09:04:55 marka Exp $ */ +/* $Id: mutex.h,v 1.30 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_MUTEX_H #define ISC_MUTEX_H 1 +/*! \file */ + #include #include +#include #include /* for ISC_R_ codes */ -/* +ISC_LANG_BEGINDECLS + +/*! * Supply mutex attributes that enable deadlock detection * (helpful when debugging). This is system dependent and * currently only supported on NetBSD. @@ -39,7 +44,7 @@ extern pthread_mutexattr_t isc__mutex_attrs; /* XXX We could do fancier error handling... */ -/* +/*! * Define ISC_MUTEX_PROFILE to turn on profiling of mutexes by line. When * enabled, isc_mutex_stats() can be used to print a table showing the * number of times each type of mutex was locked and the amount of time @@ -53,8 +58,8 @@ extern pthread_mutexattr_t isc__mutex_attrs; typedef struct isc_mutexstats isc_mutexstats_t; typedef struct { - pthread_mutex_t mutex; /* The actual mutex. */ - isc_mutexstats_t * stats; /* Mutex statistics. */ + pthread_mutex_t mutex; /*%< The actual mutex. */ + isc_mutexstats_t * stats; /*%< Mutex statistics. */ } isc_mutex_t; #else typedef pthread_mutex_t isc_mutex_t; @@ -70,8 +75,8 @@ typedef pthread_mutex_t isc_mutex_t; isc_mutex_init_errcheck((mp)) #else #define isc_mutex_init(mp) \ - ((pthread_mutex_init((mp), ISC__MUTEX_ATTRS) == 0) ? \ - ISC_R_SUCCESS : ISC_R_UNEXPECTED) + isc__mutex_init((mp), __FILE__, __LINE__) +isc_result_t isc__mutex_init(isc_mutex_t *mp, const char *file, unsigned int line); #endif #endif @@ -136,4 +141,5 @@ isc_mutex_init_errcheck(isc_mutex_t *mp); #endif /* ISC_MUTEX_PROFILE */ +ISC_LANG_ENDDECLS #endif /* ISC_MUTEX_H */ diff --git a/contrib/bind-9.3/lib/isc/pthreads/include/isc/once.h b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/once.h similarity index 84% rename from contrib/bind-9.3/lib/isc/pthreads/include/isc/once.h rename to contrib/bind-9.5.2/lib/isc/pthreads/include/isc/once.h index 39b4885a85..31d76fb6f2 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/include/isc/once.h +++ b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/once.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: once.h,v 1.8.206.1 2004/03/06 08:14:57 marka Exp $ */ +/* $Id: once.h,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_ONCE_H #define ISC_ONCE_H 1 +/*! \file */ + #include #include @@ -28,12 +30,12 @@ typedef pthread_once_t isc_once_t; #ifdef ISC_PLATFORM_BRACEPTHREADONCEINIT -/* +/*! * This accomodates systems that define PTHRAD_ONCE_INIT improperly. */ #define ISC_ONCE_INIT { PTHREAD_ONCE_INIT } #else -/* +/*! * This is the usual case. */ #define ISC_ONCE_INIT PTHREAD_ONCE_INIT diff --git a/contrib/bind-9.3/lib/isc/pthreads/include/isc/thread.h b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/thread.h similarity index 74% rename from contrib/bind-9.3/lib/isc/pthreads/include/isc/thread.h rename to contrib/bind-9.5.2/lib/isc/pthreads/include/isc/thread.h index 6287dcd07e..7dcc9527cf 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/include/isc/thread.h +++ b/contrib/bind-9.5.2/lib/isc/pthreads/include/isc/thread.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: thread.h,v 1.19.206.1 2004/03/06 08:14:57 marka Exp $ */ +/* $Id: thread.h,v 1.26 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_THREAD_H #define ISC_THREAD_H 1 +/*! \file */ + #include #include @@ -31,6 +33,7 @@ typedef pthread_t isc_thread_t; typedef void * isc_threadresult_t; typedef void * isc_threadarg_t; typedef isc_threadresult_t (*isc_threadfunc_t)(isc_threadarg_t); +typedef pthread_key_t isc_thread_key_t; isc_result_t isc_thread_create(isc_threadfunc_t, isc_threadarg_t, isc_thread_t *); @@ -47,6 +50,11 @@ isc_thread_setconcurrency(unsigned int level); #define isc_thread_self \ (unsigned long)pthread_self +#define isc_thread_key_create pthread_key_create +#define isc_thread_key_getspecific pthread_getspecific +#define isc_thread_key_setspecific pthread_setspecific +#define isc_thread_key_delete pthread_key_delete + ISC_LANG_ENDDECLS #endif /* ISC_THREAD_H */ diff --git a/contrib/bind-9.3/lib/isc/pthreads/mutex.c b/contrib/bind-9.5.2/lib/isc/pthreads/mutex.c similarity index 62% rename from contrib/bind-9.3/lib/isc/pthreads/mutex.c rename to contrib/bind-9.5.2/lib/isc/pthreads/mutex.c index 71db669661..794803b243 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/mutex.c +++ b/contrib/bind-9.5.2/lib/isc/pthreads/mutex.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,39 +15,46 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: mutex.c,v 1.6.26.5 2005/03/17 03:58:32 marka Exp $ */ +/* $Id: mutex.c,v 1.14.128.2 2008/04/04 23:46:31 tbox Exp $ */ + +/*! \file */ #include #include #include #include +#include #include #include +#include #if ISC_MUTEX_PROFILE -/* Operations on timevals; adapted from FreeBSD's sys/time.h */ +/*@{*/ +/*% Operations on timevals; adapted from FreeBSD's sys/time.h */ #define timevalclear(tvp) ((tvp)->tv_sec = (tvp)->tv_usec = 0) #define timevaladd(vvp, uvp) \ - do { \ - (vvp)->tv_sec += (uvp)->tv_sec; \ - (vvp)->tv_usec += (uvp)->tv_usec; \ - if ((vvp)->tv_usec >= 1000000) { \ - (vvp)->tv_sec++; \ - (vvp)->tv_usec -= 1000000; \ - } \ - } while (0) + do { \ + (vvp)->tv_sec += (uvp)->tv_sec; \ + (vvp)->tv_usec += (uvp)->tv_usec; \ + if ((vvp)->tv_usec >= 1000000) { \ + (vvp)->tv_sec++; \ + (vvp)->tv_usec -= 1000000; \ + } \ + } while (0) #define timevalsub(vvp, uvp) \ - do { \ - (vvp)->tv_sec -= (uvp)->tv_sec; \ - (vvp)->tv_usec -= (uvp)->tv_usec; \ - if ((vvp)->tv_usec < 0) { \ - (vvp)->tv_sec--; \ - (vvp)->tv_usec += 1000000; \ - } \ - } while (0) + do { \ + (vvp)->tv_sec -= (uvp)->tv_sec; \ + (vvp)->tv_usec -= (uvp)->tv_usec; \ + if ((vvp)->tv_usec < 0) { \ + (vvp)->tv_sec--; \ + (vvp)->tv_usec += 1000000; \ + } \ + } while (0) + +/*@}*/ #define ISC_MUTEX_MAX_LOCKERS 32 @@ -60,8 +67,8 @@ typedef struct { } isc_mutexlocker_t; struct isc_mutexstats { - const char * file; /* File mutex was created in. */ - int line; /* Line mutex was created on. */ + const char * file; /*%< File mutex was created in. */ + int line; /*%< Line mutex was created on. */ unsigned count; struct timeval lock_t; struct timeval locked_total; @@ -70,36 +77,40 @@ struct isc_mutexstats { isc_mutexlocker_t lockers[ISC_MUTEX_MAX_LOCKERS]; }; -#define TABLESIZE (8 * 1024) -static isc_mutexstats_t stats[TABLESIZE]; +#ifndef ISC_MUTEX_PROFTABLESIZE +#define ISC_MUTEX_PROFTABLESIZE (16 * 1024) +#endif +static isc_mutexstats_t stats[ISC_MUTEX_PROFTABLESIZE]; +static int stats_next = 0; static isc_boolean_t stats_init = ISC_FALSE; static pthread_mutex_t statslock = PTHREAD_MUTEX_INITIALIZER; isc_result_t isc_mutex_init_profile(isc_mutex_t *mp, const char *file, int line) { - int i; + int i, err; - if (pthread_mutex_init(&mp->mutex, NULL) != 0) - return ISC_R_UNEXPECTED; + err = pthread_mutex_init(&mp->mutex, NULL); + if (err == ENOMEM) + return (ISC_R_NOMEMORY); + if (err != 0) + return (ISC_R_UNEXPECTED); RUNTIME_CHECK(pthread_mutex_lock(&statslock) == 0); - if (stats_init == ISC_FALSE) { - for (i = 0; i < TABLESIZE; i++) { - stats[i].file = NULL; - } + if (stats_init == ISC_FALSE) stats_init = ISC_TRUE; - } - mp->stats = NULL; - for (i = 0; i < TABLESIZE; i++) { - if (stats[i].file == NULL) { - mp->stats = &stats[i]; - break; - } - } - RUNTIME_CHECK(mp->stats != NULL); + /* + * If all statistics entries have been used, give up and trigger an + * assertion failure. There would be no other way to deal with this + * because we'd like to keep record of all locks for the purpose of + * debugging and the number of necessary locks is unpredictable. + * If this failure is triggered while debugging, named should be + * rebuilt with an increased ISC_MUTEX_PROFTABLESIZE. + */ + RUNTIME_CHECK(stats_next < ISC_MUTEX_PROFTABLESIZE); + mp->stats = &stats[stats_next++]; RUNTIME_CHECK(pthread_mutex_unlock(&statslock) == 0); @@ -116,7 +127,7 @@ isc_mutex_init_profile(isc_mutex_t *mp, const char *file, int line) { timevalclear(&mp->stats->lockers[i].wait_total); } - return ISC_R_SUCCESS; + return (ISC_R_SUCCESS); } isc_result_t @@ -159,7 +170,7 @@ isc_mutex_lock_profile(isc_mutex_t *mp, const char *file, int line) { mp->stats->cur_locker = locker; - return ISC_R_SUCCESS; + return (ISC_R_SUCCESS); } isc_result_t @@ -186,10 +197,9 @@ void isc_mutex_statsprofile(FILE *fp) { isc_mutexlocker_t *locker; int i, j; + fprintf(fp, "Mutex stats (in us)\n"); - for (i = 0; i < TABLESIZE; i++) { - if (stats[i].file == NULL) - continue; + for (i = 0; i < stats_next; i++) { fprintf(fp, "%-12s %4d: %10u %lu.%06lu %lu.%06lu\n", stats[i].file, stats[i].line, stats[i].count, stats[i].locked_total.tv_sec, @@ -219,17 +229,18 @@ isc_result_t isc_mutex_init_errcheck(isc_mutex_t *mp) { pthread_mutexattr_t attr; + int err; if (pthread_mutexattr_init(&attr) != 0) - return ISC_R_UNEXPECTED; + return (ISC_R_UNEXPECTED); if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK) != 0) - return ISC_R_UNEXPECTED; - - if (pthread_mutex_init(mp, &attr) != 0) - return ISC_R_UNEXPECTED; + return (ISC_R_UNEXPECTED); - return ISC_R_SUCCESS; + err = pthread_mutex_init(mp, &attr) != 0) + if (err == ENOMEM) + return (ISC_R_NOMEMORY); + return ((err == 0) ? ISC_R_SUCCESS : ISC_R_UNEXPECTED); } #endif @@ -239,3 +250,23 @@ pthread_mutexattr_t isc__mutex_attrs = { 0 /* m_flags, which appears to be unused. */ }; #endif + +#if !(ISC_MUTEX_DEBUG && defined(PTHREAD_MUTEX_ERRORCHECK)) && !ISC_MUTEX_PROFILE +isc_result_t +isc__mutex_init(isc_mutex_t *mp, const char *file, unsigned int line) { + char strbuf[ISC_STRERRORSIZE]; + isc_result_t result = ISC_R_SUCCESS; + int err; + + err = pthread_mutex_init(mp, ISC__MUTEX_ATTRS); + if (err == ENOMEM) + return (ISC_R_NOMEMORY); + if (err != 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(file, line, "isc_mutex_init() failed: %s", + strbuf); + result = ISC_R_UNEXPECTED; + } + return (result); +} +#endif diff --git a/contrib/bind-9.3/lib/isc/pthreads/thread.c b/contrib/bind-9.5.2/lib/isc/pthreads/thread.c similarity index 89% rename from contrib/bind-9.3/lib/isc/pthreads/thread.c rename to contrib/bind-9.5.2/lib/isc/pthreads/thread.c index a07daf804a..4b5b4919b2 100644 --- a/contrib/bind-9.3/lib/isc/pthreads/thread.c +++ b/contrib/bind-9.5.2/lib/isc/pthreads/thread.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: thread.c,v 1.9.2.2.2.2 2004/12/04 06:50:03 marka Exp $ */ +/* $Id: thread.c,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/quota.c b/contrib/bind-9.5.2/lib/isc/quota.c similarity index 90% rename from contrib/bind-9.3/lib/isc/quota.c rename to contrib/bind-9.5.2/lib/isc/quota.c index 273a1b2ac6..5e5c50c0ed 100644 --- a/contrib/bind-9.3/lib/isc/quota.c +++ b/contrib/bind-9.5.2/lib/isc/quota.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: quota.c,v 1.11.12.5 2005/07/29 00:13:09 marka Exp $ */ +/* $Id: quota.c,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/isc/radix.c b/contrib/bind-9.5.2/lib/isc/radix.c new file mode 100644 index 0000000000..82a569de68 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/radix.c @@ -0,0 +1,705 @@ +/* + * Copyright (C) 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: radix.c,v 1.9.6.14 2009/01/19 23:47:03 tbox Exp $ */ + +/* + * This source was adapted from MRT's RCS Ids: + * Id: radix.c,v 1.10.2.1 1999/11/29 05:16:24 masaki Exp + * Id: prefix.c,v 1.37.2.9 2000/03/10 02:53:19 labovit Exp + */ + +#include + +#include +#include +#include +#include + +static isc_result_t +_new_prefix(isc_mem_t *mctx, isc_prefix_t **target, int family, + void *dest, int bitlen); + +static void +_deref_prefix(isc_mem_t *mctx, isc_prefix_t *prefix); + +static isc_result_t +_ref_prefix(isc_mem_t *mctx, isc_prefix_t **target, isc_prefix_t *prefix); + +static int +_comp_with_mask(void *addr, void *dest, u_int mask); + +static void +_clear_radix(isc_radix_tree_t *radix, isc_radix_destroyfunc_t func); + +static isc_result_t +_new_prefix(isc_mem_t *mctx, isc_prefix_t **target, int family, void *dest, + int bitlen) +{ + isc_prefix_t *prefix; + + REQUIRE(target != NULL); + + if (family != AF_INET6 && family != AF_INET && family != AF_UNSPEC) + return (ISC_R_NOTIMPLEMENTED); + + prefix = isc_mem_get(mctx, sizeof(isc_prefix_t)); + if (prefix == NULL) + return (ISC_R_NOMEMORY); + + if (family == AF_INET6) { + prefix->bitlen = (bitlen >= 0) ? bitlen : 128; + memcpy(&prefix->add.sin6, dest, 16); + } else { + /* AF_UNSPEC is "any" or "none"--treat it as AF_INET */ + prefix->bitlen = (bitlen >= 0) ? bitlen : 32; + memcpy(&prefix->add.sin, dest, 4); + } + + prefix->family = family; + + isc_refcount_init(&prefix->refcount, 1); + + *target = prefix; + return (ISC_R_SUCCESS); +} + +static void +_deref_prefix(isc_mem_t *mctx, isc_prefix_t *prefix) { + int refs; + + if (prefix == NULL) + return; + + isc_refcount_decrement(&prefix->refcount, &refs); + + if (refs <= 0) { + isc_refcount_destroy(&prefix->refcount); + isc_mem_put(mctx, prefix, sizeof(isc_prefix_t)); + } +} + +static isc_result_t +_ref_prefix(isc_mem_t *mctx, isc_prefix_t **target, isc_prefix_t *prefix) { + INSIST(prefix != NULL); + INSIST((prefix->family == AF_INET && prefix->bitlen <= 32) || + (prefix->family == AF_INET6 && prefix->bitlen <= 128) || + (prefix->family == AF_UNSPEC && prefix->bitlen == 0)); + REQUIRE(target != NULL && *target == NULL); + + /* + * If this prefix is a static allocation, copy it into new memory. + * (Note, the refcount still has to be destroyed by the calling + * routine.) + */ + if (isc_refcount_current(&prefix->refcount) == 0) { + isc_result_t ret; + ret = _new_prefix(mctx, target, prefix->family, + &prefix->add, prefix->bitlen); + return ret; + } + + isc_refcount_increment(&prefix->refcount, NULL); + + *target = prefix; + return (ISC_R_SUCCESS); +} + +static int +_comp_with_mask(void *addr, void *dest, u_int mask) { + + /* Mask length of zero matches everything */ + if (mask == 0) + return (1); + + if (memcmp(addr, dest, mask / 8) == 0) { + int n = mask / 8; + int m = ((~0) << (8 - (mask % 8))); + + if ((mask % 8) == 0 || + (((u_char *)addr)[n] & m) == (((u_char *)dest)[n] & m)) + return (1); + } + return (0); +} + +isc_result_t +isc_radix_create(isc_mem_t *mctx, isc_radix_tree_t **target, int maxbits) { + isc_radix_tree_t *radix; + + REQUIRE(target != NULL && *target == NULL); + + radix = isc_mem_get(mctx, sizeof(isc_radix_tree_t)); + if (radix == NULL) + return (ISC_R_NOMEMORY); + + radix->mctx = mctx; + radix->maxbits = maxbits; + radix->head = NULL; + radix->num_active_node = 0; + radix->num_added_node = 0; + RUNTIME_CHECK(maxbits <= RADIX_MAXBITS); /* XXX */ + radix->magic = RADIX_TREE_MAGIC; + *target = radix; + return (ISC_R_SUCCESS); +} + +/* + * if func is supplied, it will be called as func(node->data) + * before deleting the node + */ + +static void +_clear_radix(isc_radix_tree_t *radix, isc_radix_destroyfunc_t func) { + + REQUIRE(radix != NULL); + + if (radix->head != NULL) { + + isc_radix_node_t *Xstack[RADIX_MAXBITS+1]; + isc_radix_node_t **Xsp = Xstack; + isc_radix_node_t *Xrn = radix->head; + + while (Xrn != NULL) { + isc_radix_node_t *l = Xrn->l; + isc_radix_node_t *r = Xrn->r; + + if (Xrn->prefix != NULL) { + _deref_prefix(radix->mctx, Xrn->prefix); + if (func != NULL && (Xrn->data[0] != NULL || + Xrn->data[1] != NULL)) + func(Xrn->data); + } else { + INSIST(Xrn->data[0] == NULL && + Xrn->data[1] == NULL); + } + + isc_mem_put(radix->mctx, Xrn, sizeof(*Xrn)); + radix->num_active_node--; + + if (l != NULL) { + if (r != NULL) { + *Xsp++ = r; + } + Xrn = l; + } else if (r != NULL) { + Xrn = r; + } else if (Xsp != Xstack) { + Xrn = *(--Xsp); + } else { + Xrn = NULL; + } + } + } + RUNTIME_CHECK(radix->num_active_node == 0); +} + + +void +isc_radix_destroy(isc_radix_tree_t *radix, isc_radix_destroyfunc_t func) +{ + REQUIRE(radix != NULL); + _clear_radix(radix, func); + isc_mem_put(radix->mctx, radix, sizeof(*radix)); +} + + +/* + * func will be called as func(node->prefix, node->data) + */ +void +isc_radix_process(isc_radix_tree_t *radix, isc_radix_processfunc_t func) +{ + isc_radix_node_t *node; + + REQUIRE(func != NULL); + + RADIX_WALK(radix->head, node) { + func(node->prefix, node->data); + } RADIX_WALK_END; +} + +isc_result_t +isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target, + isc_prefix_t *prefix) +{ + isc_radix_node_t *node; + isc_radix_node_t *stack[RADIX_MAXBITS + 1]; + u_char *addr; + isc_uint32_t bitlen; + int tfamily = -1; + int cnt = 0; + + REQUIRE(radix != NULL); + REQUIRE(prefix != NULL); + REQUIRE(target != NULL && *target == NULL); + RUNTIME_CHECK(prefix->bitlen <= radix->maxbits); + + *target = NULL; + + if (radix->head == NULL) { + return (ISC_R_NOTFOUND); + } + + node = radix->head; + addr = isc_prefix_touchar(prefix); + bitlen = prefix->bitlen; + + while (node->bit < bitlen) { + if (node->prefix) + stack[cnt++] = node; + + if (BIT_TEST(addr[node->bit >> 3], 0x80 >> (node->bit & 0x07))) + node = node->r; + else + node = node->l; + + if (node == NULL) + break; + } + + if (node && node->prefix) + stack[cnt++] = node; + + while (--cnt >= 0) { + node = stack[cnt]; + + if (_comp_with_mask(isc_prefix_tochar(node->prefix), + isc_prefix_tochar(prefix), + node->prefix->bitlen)) { + if (node->node_num[ISC_IS6(prefix->family)] != -1 && + ((*target == NULL) || + (*target)->node_num[ISC_IS6(tfamily)] > + node->node_num[ISC_IS6(prefix->family)])) { + *target = node; + tfamily = prefix->family; + } + } + } + + if (*target == NULL) { + return (ISC_R_NOTFOUND); + } else { + return (ISC_R_SUCCESS); + } +} + +isc_result_t +isc_radix_insert(isc_radix_tree_t *radix, isc_radix_node_t **target, + isc_radix_node_t *source, isc_prefix_t *prefix) +{ + isc_radix_node_t *node, *new_node, *parent, *glue = NULL; + u_char *addr, *test_addr; + isc_uint32_t bitlen, fam, check_bit, differ_bit; + isc_uint32_t i, j, r; + isc_result_t result; + + REQUIRE(radix != NULL); + REQUIRE(target != NULL && *target == NULL); + REQUIRE(prefix != NULL || (source != NULL && source->prefix != NULL)); + RUNTIME_CHECK(prefix == NULL || prefix->bitlen <= radix->maxbits); + + if (prefix == NULL) + prefix = source->prefix; + + INSIST(prefix != NULL); + + bitlen = prefix->bitlen; + fam = prefix->family; + + if (radix->head == NULL) { + node = isc_mem_get(radix->mctx, sizeof(isc_radix_node_t)); + if (node == NULL) + return (ISC_R_NOMEMORY); + node->bit = bitlen; + node->node_num[0] = node->node_num[1] = -1; + node->prefix = NULL; + result = _ref_prefix(radix->mctx, &node->prefix, prefix); + if (result != ISC_R_SUCCESS) { + isc_mem_put(radix->mctx, node, + sizeof(isc_radix_node_t)); + return (result); + } + node->parent = NULL; + node->l = node->r = NULL; + if (source != NULL) { + /* + * If source is non-NULL, then we're merging in a + * node from an existing radix tree. To keep + * the node_num values consistent, the calling + * function will add the total number of nodes + * added to num_added_node at the end of + * the merge operation--we don't do it here. + */ + if (source->node_num[0] != -1) + node->node_num[0] = radix->num_added_node + + source->node_num[0]; + if (source->node_num[1] != -1) + node->node_num[1] = radix->num_added_node + + source->node_num[1]; + node->data[0] = source->data[0]; + node->data[1] = source->data[1]; + } else { + if (fam == AF_UNSPEC) { + /* "any" or "none" */ + node->node_num[0] = node->node_num[1] = + ++radix->num_added_node; + } else { + node->node_num[ISC_IS6(fam)] = + ++radix->num_added_node; + } + node->data[0] = NULL; + node->data[1] = NULL; + } + radix->head = node; + radix->num_active_node++; + *target = node; + return (ISC_R_SUCCESS); + } + + addr = isc_prefix_touchar(prefix); + node = radix->head; + + while (node->bit < bitlen || node->prefix == NULL) { + if (node->bit < radix->maxbits && + BIT_TEST(addr[node->bit >> 3], 0x80 >> (node->bit & 0x07))) + { + if (node->r == NULL) + break; + node = node->r; + } else { + if (node->l == NULL) + break; + node = node->l; + } + + INSIST(node != NULL); + } + + INSIST(node->prefix != NULL); + + test_addr = isc_prefix_touchar(node->prefix); + /* Find the first bit different. */ + check_bit = (node->bit < bitlen) ? node->bit : bitlen; + differ_bit = 0; + for (i = 0; i*8 < check_bit; i++) { + if ((r = (addr[i] ^ test_addr[i])) == 0) { + differ_bit = (i + 1) * 8; + continue; + } + /* I know the better way, but for now. */ + for (j = 0; j < 8; j++) { + if (BIT_TEST (r, (0x80 >> j))) + break; + } + /* Must be found. */ + INSIST(j < 8); + differ_bit = i * 8 + j; + break; + } + + if (differ_bit > check_bit) + differ_bit = check_bit; + + parent = node->parent; + while (parent != NULL && parent->bit >= differ_bit) { + node = parent; + parent = node->parent; + } + + if (differ_bit == bitlen && node->bit == bitlen) { + if (node->prefix != NULL) { + /* Set node_num only if it hasn't been set before */ + if (source != NULL) { + /* Merging node */ + if (node->node_num[0] == -1 && + source->node_num[0] != -1) { + node->node_num[0] = + radix->num_added_node + + source->node_num[0]; + node->data[0] = source->data[0]; + } + if (node->node_num[1] == -1 && + source->node_num[0] != -1) { + node->node_num[1] = + radix->num_added_node + + source->node_num[1]; + node->data[1] = source->data[1]; + } + } else { + if (fam == AF_UNSPEC) { + /* "any" or "none" */ + int next = radix->num_added_node + 1; + if (node->node_num[0] == -1) { + node->node_num[0] = next; + radix->num_added_node = next; + } + if (node->node_num[1] == -1) { + node->node_num[1] = next; + radix->num_added_node = next; + } + } else { + if (node->node_num[ISC_IS6(fam)] == -1) + node->node_num[ISC_IS6(fam)] + = ++radix->num_added_node; + } + } + *target = node; + return (ISC_R_SUCCESS); + } else { + result = + _ref_prefix(radix->mctx, &node->prefix, prefix); + if (result != ISC_R_SUCCESS) + return (result); + } + INSIST(node->data[0] == NULL && node->node_num[0] == -1 && + node->data[1] == NULL && node->node_num[1] == -1); + if (source != NULL) { + /* Merging node */ + if (source->node_num[0] != -1) { + node->node_num[0] = radix->num_added_node + + source->node_num[0]; + node->data[0] = source->data[0]; + } + if (source->node_num[1] != -1) { + node->node_num[1] = radix->num_added_node + + source->node_num[1]; + node->data[1] = source->data[1]; + } + } else { + if (fam == AF_UNSPEC) { + /* "any" or "none" */ + node->node_num[0] = node->node_num[1] = + ++radix->num_added_node; + } else { + node->node_num[ISC_IS6(fam)] = + ++radix->num_added_node; + } + } + *target = node; + return (ISC_R_SUCCESS); + } + + new_node = isc_mem_get(radix->mctx, sizeof(isc_radix_node_t)); + if (new_node == NULL) + return (ISC_R_NOMEMORY); + if (node->bit != differ_bit && bitlen != differ_bit) { + glue = isc_mem_get(radix->mctx, sizeof(isc_radix_node_t)); + if (glue == NULL) { + isc_mem_put(radix->mctx, new_node, + sizeof(isc_radix_node_t)); + return (ISC_R_NOMEMORY); + } + } + new_node->bit = bitlen; + new_node->prefix = NULL; + result = _ref_prefix(radix->mctx, &new_node->prefix, prefix); + if (result != ISC_R_SUCCESS) { + isc_mem_put(radix->mctx, new_node, sizeof(isc_radix_node_t)); + if (glue != NULL) + isc_mem_put(radix->mctx, glue, + sizeof(isc_radix_node_t)); + return (result); + } + new_node->parent = NULL; + new_node->l = new_node->r = NULL; + new_node->node_num[0] = new_node->node_num[1] = -1; + radix->num_active_node++; + + if (source != NULL) { + /* Merging node */ + if (source->node_num[0] != -1) + new_node->node_num[0] = radix->num_added_node + + source->node_num[0]; + if (source->node_num[1] != -1) + new_node->node_num[1] = radix->num_added_node + + source->node_num[1]; + new_node->data[0] = source->data[0]; + new_node->data[1] = source->data[1]; + } else { + if (fam == AF_UNSPEC) { + /* "any" or "none" */ + new_node->node_num[0] = new_node->node_num[1] = + ++radix->num_added_node; + } else { + new_node->node_num[ISC_IS6(fam)] = + ++radix->num_added_node; + } + new_node->data[0] = NULL; + new_node->data[1] = NULL; + } + + if (node->bit == differ_bit) { + INSIST(glue == NULL); + new_node->parent = node; + if (node->bit < radix->maxbits && + BIT_TEST(addr[node->bit >> 3], 0x80 >> (node->bit & 0x07))) + { + INSIST(node->r == NULL); + node->r = new_node; + } else { + INSIST(node->l == NULL); + node->l = new_node; + } + *target = new_node; + return (ISC_R_SUCCESS); + } + + if (bitlen == differ_bit) { + INSIST(glue == NULL); + if (bitlen < radix->maxbits && + BIT_TEST(test_addr[bitlen >> 3], 0x80 >> (bitlen & 0x07))) { + new_node->r = node; + } else { + new_node->l = node; + } + new_node->parent = node->parent; + if (node->parent == NULL) { + INSIST(radix->head == node); + radix->head = new_node; + } else if (node->parent->r == node) { + node->parent->r = new_node; + } else { + node->parent->l = new_node; + } + node->parent = new_node; + } else { + INSIST(glue != NULL); + glue->bit = differ_bit; + glue->prefix = NULL; + glue->parent = node->parent; + glue->data[0] = glue->data[1] = NULL; + glue->node_num[0] = glue->node_num[1] = -1; + radix->num_active_node++; + if (differ_bit < radix->maxbits && + BIT_TEST(addr[differ_bit>>3], 0x80 >> (differ_bit & 07))) { + glue->r = new_node; + glue->l = node; + } else { + glue->r = node; + glue->l = new_node; + } + new_node->parent = glue; + + if (node->parent == NULL) { + INSIST(radix->head == node); + radix->head = glue; + } else if (node->parent->r == node) { + node->parent->r = glue; + } else { + node->parent->l = glue; + } + node->parent = glue; + } + + *target = new_node; + return (ISC_R_SUCCESS); +} + +void +isc_radix_remove(isc_radix_tree_t *radix, isc_radix_node_t *node) { + isc_radix_node_t *parent, *child; + + REQUIRE(radix != NULL); + REQUIRE(node != NULL); + + if (node->r && node->l) { + /* + * This might be a placeholder node -- have to check and + * make sure there is a prefix associated with it! + */ + if (node->prefix != NULL) + _deref_prefix(radix->mctx, node->prefix); + + node->prefix = NULL; + node->data[0] = node->data[1] = NULL; + return; + } + + if (node->r == NULL && node->l == NULL) { + parent = node->parent; + _deref_prefix(radix->mctx, node->prefix); + isc_mem_put(radix->mctx, node, sizeof(*node)); + radix->num_active_node--; + + if (parent == NULL) { + INSIST(radix->head == node); + radix->head = NULL; + return; + } + + if (parent->r == node) { + parent->r = NULL; + child = parent->l; + } else { + INSIST(parent->l == node); + parent->l = NULL; + child = parent->r; + } + + if (parent->prefix) + return; + + /* We need to remove parent too. */ + + if (parent->parent == NULL) { + INSIST(radix->head == parent); + radix->head = child; + } else if (parent->parent->r == parent) { + parent->parent->r = child; + } else { + INSIST(parent->parent->l == parent); + parent->parent->l = child; + } + child->parent = parent->parent; + isc_mem_put(radix->mctx, parent, sizeof(*parent)); + radix->num_active_node--; + return; + } + + if (node->r) { + child = node->r; + } else { + INSIST(node->l != NULL); + child = node->l; + } + parent = node->parent; + child->parent = parent; + + _deref_prefix(radix->mctx, node->prefix); + isc_mem_put(radix->mctx, node, sizeof(*node)); + radix->num_active_node--; + + if (parent == NULL) { + INSIST(radix->head == node); + radix->head = child; + return; + } + + if (parent->r == node) { + parent->r = child; + } else { + INSIST(parent->l == node); + parent->l = child; + } +} + +/* +Local Variables: +c-basic-offset: 4 +indent-tabs-mode: t +End: +*/ diff --git a/contrib/bind-9.3/lib/isc/random.c b/contrib/bind-9.5.2/lib/isc/random.c similarity index 76% rename from contrib/bind-9.3/lib/isc/random.c rename to contrib/bind-9.5.2/lib/isc/random.c index e5c4d3118f..cc48828ca7 100644 --- a/contrib/bind-9.3/lib/isc/random.c +++ b/contrib/bind-9.5.2/lib/isc/random.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: random.c,v 1.15.74.5 2004/03/08 09:04:49 marka Exp $ */ +/* $Id: random.c,v 1.25.128.2 2009/07/16 23:46:44 tbox Exp $ */ + +/*! \file */ #include @@ -41,7 +43,7 @@ initialize_rand(void) { #ifndef HAVE_ARC4RANDOM unsigned int pid = getpid(); - + /* * The low bits of pid generally change faster. * Xor them with the high bits of time which change slowly. @@ -82,7 +84,16 @@ isc_random_get(isc_uint32_t *val) * rand()'s lower bits are not random. * rand()'s upper bit is zero. */ +#if RAND_MAX >= 0xfffff + /* We have at least 20 bits. Use lower 16 excluding lower most 4 */ *val = ((rand() >> 4) & 0xffff) | ((rand() << 12) & 0xffff0000); +#elif RAND_MAX >= 0x7fff + /* We have at least 15 bits. Use lower 10/11 excluding lower most 4 */ + *val = ((rand() >> 4) & 0x000007ff) | ((rand() << 7) & 0x003ff800) | + ((rand() << 18) & 0xffc00000); +#else +#error RAND_MAX is too small +#endif #else *val = arc4random(); #endif @@ -90,13 +101,13 @@ isc_random_get(isc_uint32_t *val) isc_uint32_t isc_random_jitter(isc_uint32_t max, isc_uint32_t jitter) { + isc_uint32_t rnd; + REQUIRE(jitter < max); + if (jitter == 0) return (max); - else -#ifndef HAVE_ARC4RANDOM - return (max - rand() % jitter); -#else - return (max - arc4random() % jitter); -#endif + + isc_random_get(&rnd); + return (max - rnd % jitter); } diff --git a/contrib/bind-9.3/lib/isc/ratelimiter.c b/contrib/bind-9.5.2/lib/isc/ratelimiter.c similarity index 97% rename from contrib/bind-9.3/lib/isc/ratelimiter.c rename to contrib/bind-9.5.2/lib/isc/ratelimiter.c index 211363ccf0..07bcc7c7af 100644 --- a/contrib/bind-9.3/lib/isc/ratelimiter.c +++ b/contrib/bind-9.5.2/lib/isc/ratelimiter.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ratelimiter.c,v 1.18.14.4 2004/03/08 09:04:50 marka Exp $ */ +/* $Id: ratelimiter.c,v 1.25 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/dns/dst_openssl.h b/contrib/bind-9.5.2/lib/isc/refcount.c similarity index 56% rename from contrib/bind-9.3/lib/dns/dst_openssl.h rename to contrib/bind-9.5.2/lib/isc/refcount.c index 8dbc35073b..36dfff297b 100644 --- a/contrib/bind-9.3/lib/dns/dst_openssl.h +++ b/contrib/bind-9.5.2/lib/isc/refcount.c @@ -1,8 +1,7 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2002 Internet Software Consortium. + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +14,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_openssl.h,v 1.1.2.1 2004/12/09 04:07:17 marka Exp $ */ +/* $Id: refcount.c,v 1.5 2007/06/19 23:47:17 tbox Exp $ */ -#ifndef DST_OPENSSL_H -#define DST_OPENSSL_H 1 +#include -#include -#include +#include -ISC_LANG_BEGINDECLS +#include +#include +#include isc_result_t -dst__openssl_toresult(isc_result_t fallback); - -ISC_LANG_ENDDECLS +isc_refcount_init(isc_refcount_t *ref, unsigned int n) { + REQUIRE(ref != NULL); -#endif /* DST_OPENSSL_H */ + ref->refs = n; +#if defined(ISC_PLATFORM_USETHREADS) && !defined(ISC_PLATFORM_HAVEXADD) + return (isc_mutex_init(&ref->lock)); +#else + return (ISC_R_SUCCESS); +#endif +} diff --git a/contrib/bind-9.3/lib/isc/region.c b/contrib/bind-9.5.2/lib/isc/region.c similarity index 84% rename from contrib/bind-9.3/lib/isc/region.c rename to contrib/bind-9.5.2/lib/isc/region.c index 92f4f027f3..cf64979003 100644 --- a/contrib/bind-9.3/lib/isc/region.c +++ b/contrib/bind-9.5.2/lib/isc/region.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: region.c,v 1.2.202.3 2004/03/08 09:04:50 marka Exp $ */ +/* $Id: region.c,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/result.c b/contrib/bind-9.5.2/lib/isc/result.c similarity index 62% rename from contrib/bind-9.3/lib/isc/result.c rename to contrib/bind-9.5.2/lib/isc/result.c index fd4e5c6cb9..39a777978f 100644 --- a/contrib/bind-9.3/lib/isc/result.c +++ b/contrib/bind-9.5.2/lib/isc/result.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.c,v 1.56.2.2.8.9 2005/06/09 23:54:30 marka Exp $ */ +/* $Id: result.c,v 1.69 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -39,66 +41,66 @@ typedef struct resulttable { } resulttable; static const char *text[ISC_R_NRESULTS] = { - "success", /* 0 */ - "out of memory", /* 1 */ - "timed out", /* 2 */ - "no available threads", /* 3 */ - "address not available", /* 4 */ - "address in use", /* 5 */ - "permission denied", /* 6 */ - "no pending connections", /* 7 */ - "network unreachable", /* 8 */ - "host unreachable", /* 9 */ - "network down", /* 10 */ - "host down", /* 11 */ - "connection refused", /* 12 */ - "not enough free resources", /* 13 */ - "end of file", /* 14 */ - "socket already bound", /* 15 */ - "reload", /* 16 */ - "lock busy", /* 17 */ - "already exists", /* 18 */ - "ran out of space", /* 19 */ - "operation canceled", /* 20 */ - "socket is not bound", /* 21 */ - "shutting down", /* 22 */ - "not found", /* 23 */ - "unexpected end of input", /* 24 */ - "failure", /* 25 */ - "I/O error", /* 26 */ - "not implemented", /* 27 */ - "unbalanced parentheses", /* 28 */ - "no more", /* 29 */ - "invalid file", /* 30 */ - "bad base64 encoding", /* 31 */ - "unexpected token", /* 32 */ - "quota reached", /* 33 */ - "unexpected error", /* 34 */ - "already running", /* 35 */ - "ignore", /* 36 */ - "address mask not contiguous", /* 37 */ - "file not found", /* 38 */ - "file already exists", /* 39 */ - "socket is not connected", /* 40 */ - "out of range", /* 41 */ - "out of entropy", /* 42 */ - "invalid use of multicast address", /* 43 */ - "not a file", /* 44 */ - "not a directory", /* 45 */ - "queue is full", /* 46 */ - "address family mismatch", /* 47 */ - "address family not supported", /* 48 */ - "bad hex encoding", /* 49 */ - "too many open files", /* 50 */ - "not blocking", /* 51 */ - "unbalanced quotes", /* 52 */ - "operation in progress", /* 53 */ - "connection reset", /* 54 */ - "soft quota reached", /* 55 */ - "not a valid number", /* 56 */ - "disabled", /* 57 */ - "max size", /* 58 */ - "invalid address format" /* 59 */ + "success", /*%< 0 */ + "out of memory", /*%< 1 */ + "timed out", /*%< 2 */ + "no available threads", /*%< 3 */ + "address not available", /*%< 4 */ + "address in use", /*%< 5 */ + "permission denied", /*%< 6 */ + "no pending connections", /*%< 7 */ + "network unreachable", /*%< 8 */ + "host unreachable", /*%< 9 */ + "network down", /*%< 10 */ + "host down", /*%< 11 */ + "connection refused", /*%< 12 */ + "not enough free resources", /*%< 13 */ + "end of file", /*%< 14 */ + "socket already bound", /*%< 15 */ + "reload", /*%< 16 */ + "lock busy", /*%< 17 */ + "already exists", /*%< 18 */ + "ran out of space", /*%< 19 */ + "operation canceled", /*%< 20 */ + "socket is not bound", /*%< 21 */ + "shutting down", /*%< 22 */ + "not found", /*%< 23 */ + "unexpected end of input", /*%< 24 */ + "failure", /*%< 25 */ + "I/O error", /*%< 26 */ + "not implemented", /*%< 27 */ + "unbalanced parentheses", /*%< 28 */ + "no more", /*%< 29 */ + "invalid file", /*%< 30 */ + "bad base64 encoding", /*%< 31 */ + "unexpected token", /*%< 32 */ + "quota reached", /*%< 33 */ + "unexpected error", /*%< 34 */ + "already running", /*%< 35 */ + "ignore", /*%< 36 */ + "address mask not contiguous", /*%< 37 */ + "file not found", /*%< 38 */ + "file already exists", /*%< 39 */ + "socket is not connected", /*%< 40 */ + "out of range", /*%< 41 */ + "out of entropy", /*%< 42 */ + "invalid use of multicast address", /*%< 43 */ + "not a file", /*%< 44 */ + "not a directory", /*%< 45 */ + "queue is full", /*%< 46 */ + "address family mismatch", /*%< 47 */ + "address family not supported", /*%< 48 */ + "bad hex encoding", /*%< 49 */ + "too many open files", /*%< 50 */ + "not blocking", /*%< 51 */ + "unbalanced quotes", /*%< 52 */ + "operation in progress", /*%< 53 */ + "connection reset", /*%< 54 */ + "soft quota reached", /*%< 55 */ + "not a valid number", /*%< 56 */ + "disabled", /*%< 57 */ + "max size", /*%< 58 */ + "invalid address format" /*%< 59 */ }; #define ISC_RESULT_RESULTSET 2 diff --git a/contrib/bind-9.5.2/lib/isc/rwlock.c b/contrib/bind-9.5.2/lib/isc/rwlock.c new file mode 100644 index 0000000000..3c16e208c6 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/rwlock.c @@ -0,0 +1,808 @@ +/* + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1998-2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: rwlock.c,v 1.44.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +/*! \file */ + +#include + +#include + +#include +#include +#include +#include +#include +#include + +#define RWLOCK_MAGIC ISC_MAGIC('R', 'W', 'L', 'k') +#define VALID_RWLOCK(rwl) ISC_MAGIC_VALID(rwl, RWLOCK_MAGIC) + +#ifdef ISC_PLATFORM_USETHREADS + +#ifndef RWLOCK_DEFAULT_READ_QUOTA +#define RWLOCK_DEFAULT_READ_QUOTA 4 +#endif + +#ifndef RWLOCK_DEFAULT_WRITE_QUOTA +#define RWLOCK_DEFAULT_WRITE_QUOTA 4 +#endif + +#ifdef ISC_RWLOCK_TRACE +#include /* Required for fprintf/stderr. */ +#include /* Required for isc_thread_self(). */ + +static void +print_lock(const char *operation, isc_rwlock_t *rwl, isc_rwlocktype_t type) { + fprintf(stderr, + isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_PRINTLOCK, + "rwlock %p thread %lu %s(%s): %s, %u active, " + "%u granted, %u rwaiting, %u wwaiting\n"), + rwl, isc_thread_self(), operation, + (type == isc_rwlocktype_read ? + isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_READ, "read") : + isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_WRITE, "write")), + (rwl->type == isc_rwlocktype_read ? + isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_READING, "reading") : + isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_WRITING, "writing")), + rwl->active, rwl->granted, rwl->readers_waiting, + rwl->writers_waiting); +} +#endif + +isc_result_t +isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota, + unsigned int write_quota) +{ + isc_result_t result; + + REQUIRE(rwl != NULL); + + /* + * In case there's trouble initializing, we zero magic now. If all + * goes well, we'll set it to RWLOCK_MAGIC. + */ + rwl->magic = 0; + +#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG) + rwl->write_requests = 0; + rwl->write_completions = 0; + rwl->cnt_and_flag = 0; + rwl->readers_waiting = 0; + rwl->write_granted = 0; + if (read_quota != 0) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "read quota is not supported"); + } + if (write_quota == 0) + write_quota = RWLOCK_DEFAULT_WRITE_QUOTA; + rwl->write_quota = write_quota; +#else + rwl->type = isc_rwlocktype_read; + rwl->original = isc_rwlocktype_none; + rwl->active = 0; + rwl->granted = 0; + rwl->readers_waiting = 0; + rwl->writers_waiting = 0; + if (read_quota == 0) + read_quota = RWLOCK_DEFAULT_READ_QUOTA; + rwl->read_quota = read_quota; + if (write_quota == 0) + write_quota = RWLOCK_DEFAULT_WRITE_QUOTA; + rwl->write_quota = write_quota; +#endif + + result = isc_mutex_init(&rwl->lock); + if (result != ISC_R_SUCCESS) + return (result); + + result = isc_condition_init(&rwl->readable); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_condition_init(readable) %s: %s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + isc_result_totext(result)); + result = ISC_R_UNEXPECTED; + goto destroy_lock; + } + result = isc_condition_init(&rwl->writeable); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "isc_condition_init(writeable) %s: %s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + isc_result_totext(result)); + result = ISC_R_UNEXPECTED; + goto destroy_rcond; + } + + rwl->magic = RWLOCK_MAGIC; + + return (ISC_R_SUCCESS); + + destroy_rcond: + (void)isc_condition_destroy(&rwl->readable); + destroy_lock: + DESTROYLOCK(&rwl->lock); + + return (result); +} + +void +isc_rwlock_destroy(isc_rwlock_t *rwl) { + REQUIRE(VALID_RWLOCK(rwl)); + +#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG) + REQUIRE(rwl->write_requests == rwl->write_completions && + rwl->cnt_and_flag == 0 && rwl->readers_waiting == 0); +#else + LOCK(&rwl->lock); + REQUIRE(rwl->active == 0 && + rwl->readers_waiting == 0 && + rwl->writers_waiting == 0); + UNLOCK(&rwl->lock); +#endif + + rwl->magic = 0; + (void)isc_condition_destroy(&rwl->readable); + (void)isc_condition_destroy(&rwl->writeable); + DESTROYLOCK(&rwl->lock); +} + +#if defined(ISC_PLATFORM_HAVEXADD) && defined(ISC_PLATFORM_HAVECMPXCHG) + +/* + * When some architecture-dependent atomic operations are available, + * rwlock can be more efficient than the generic algorithm defined below. + * The basic algorithm is described in the following URL: + * http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html + * + * The key is to use the following integer variables modified atomically: + * write_requests, write_completions, and cnt_and_flag. + * + * write_requests and write_completions act as a waiting queue for writers + * in order to ensure the FIFO order. Both variables begin with the initial + * value of 0. When a new writer tries to get a write lock, it increments + * write_requests and gets the previous value of the variable as a "ticket". + * When write_completions reaches the ticket number, the new writer can start + * writing. When the writer completes its work, it increments + * write_completions so that another new writer can start working. If the + * write_requests is not equal to write_completions, it means a writer is now + * working or waiting. In this case, a new readers cannot start reading, or + * in other words, this algorithm basically prefers writers. + * + * cnt_and_flag is a "lock" shared by all readers and writers. This integer + * variable is a kind of structure with two members: writer_flag (1 bit) and + * reader_count (31 bits). The writer_flag shows whether a writer is working, + * and the reader_count shows the number of readers currently working or almost + * ready for working. A writer who has the current "ticket" tries to get the + * lock by exclusively setting the writer_flag to 1, provided that the whole + * 32-bit is 0 (meaning no readers or writers working). On the other hand, + * a new reader tries to increment the "reader_count" field provided that + * the writer_flag is 0 (meaning there is no writer working). + * + * If some of the above operations fail, the reader or the writer sleeps + * until the related condition changes. When a working reader or writer + * completes its work, some readers or writers are sleeping, and the condition + * that suspended the reader or writer has changed, it wakes up the sleeping + * readers or writers. + * + * As already noted, this algorithm basically prefers writers. In order to + * prevent readers from starving, however, the algorithm also introduces the + * "writer quota" (Q). When Q consecutive writers have completed their work, + * suspending readers, the last writer will wake up the readers, even if a new + * writer is waiting. + * + * Implementation specific note: due to the combination of atomic operations + * and a mutex lock, ordering between the atomic operation and locks can be + * very sensitive in some cases. In particular, it is generally very important + * to check the atomic variable that requires a reader or writer to sleep after + * locking the mutex and before actually sleeping; otherwise, it could be very + * likely to cause a deadlock. For example, assume "var" is a variable + * atomically modified, then the corresponding code would be: + * if (var == need_sleep) { + * LOCK(lock); + * if (var == need_sleep) + * WAIT(cond, lock); + * UNLOCK(lock); + * } + * The second check is important, since "var" is protected by the atomic + * operation, not by the mutex, and can be changed just before sleeping. + * (The first "if" could be omitted, but this is also important in order to + * make the code efficient by avoiding the use of the mutex unless it is + * really necessary.) + */ + +#define WRITER_ACTIVE 0x1 +#define READER_INCR 0x2 + +isc_result_t +isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + isc_int32_t cntflag; + + REQUIRE(VALID_RWLOCK(rwl)); + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_PRELOCK, "prelock"), rwl, type); +#endif + + if (type == isc_rwlocktype_read) { + if (rwl->write_requests != rwl->write_completions) { + /* there is a waiting or active writer */ + LOCK(&rwl->lock); + if (rwl->write_requests != rwl->write_completions) { + rwl->readers_waiting++; + WAIT(&rwl->readable, &rwl->lock); + rwl->readers_waiting--; + } + UNLOCK(&rwl->lock); + } + + cntflag = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR); + while (1) { + if ((rwl->cnt_and_flag & WRITER_ACTIVE) == 0) + break; + + /* A writer is still working */ + LOCK(&rwl->lock); + rwl->readers_waiting++; + if ((rwl->cnt_and_flag & WRITER_ACTIVE) != 0) + WAIT(&rwl->readable, &rwl->lock); + rwl->readers_waiting--; + UNLOCK(&rwl->lock); + + /* + * Typically, the reader should be able to get a lock + * at this stage: + * (1) there should have been no pending writer when + * the reader was trying to increment the + * counter; otherwise, the writer should be in + * the waiting queue, preventing the reader from + * proceeding to this point. + * (2) once the reader increments the counter, no + * more writer can get a lock. + * Still, it is possible another writer can work at + * this point, e.g. in the following scenario: + * A previous writer unlocks the writer lock. + * This reader proceeds to point (1). + * A new writer appears, and gets a new lock before + * the reader increments the counter. + * The reader then increments the counter. + * The previous writer notices there is a waiting + * reader who is almost ready, and wakes it up. + * So, the reader needs to confirm whether it can now + * read explicitly (thus we loop). Note that this is + * not an infinite process, since the reader has + * incremented the counter at this point. + */ + } + + /* + * If we are temporarily preferred to writers due to the writer + * quota, reset the condition (race among readers doesn't + * matter). + */ + rwl->write_granted = 0; + } else { + isc_int32_t prev_writer; + + /* enter the waiting queue, and wait for our turn */ + prev_writer = isc_atomic_xadd(&rwl->write_requests, 1); + while (rwl->write_completions != prev_writer) { + LOCK(&rwl->lock); + if (rwl->write_completions != prev_writer) { + WAIT(&rwl->writeable, &rwl->lock); + UNLOCK(&rwl->lock); + continue; + } + UNLOCK(&rwl->lock); + break; + } + + while (1) { + cntflag = isc_atomic_cmpxchg(&rwl->cnt_and_flag, 0, + WRITER_ACTIVE); + if (cntflag == 0) + break; + + /* Another active reader or writer is working. */ + LOCK(&rwl->lock); + if (rwl->cnt_and_flag != 0) + WAIT(&rwl->writeable, &rwl->lock); + UNLOCK(&rwl->lock); + } + + INSIST((rwl->cnt_and_flag & WRITER_ACTIVE) != 0); + rwl->write_granted++; + } + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_POSTLOCK, "postlock"), rwl, type); +#endif + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + isc_int32_t cntflag; + + REQUIRE(VALID_RWLOCK(rwl)); + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_PRELOCK, "prelock"), rwl, type); +#endif + + if (type == isc_rwlocktype_read) { + /* If a writer is waiting or working, we fail. */ + if (rwl->write_requests != rwl->write_completions) + return (ISC_R_LOCKBUSY); + + /* Otherwise, be ready for reading. */ + cntflag = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR); + if ((cntflag & WRITER_ACTIVE) != 0) { + /* + * A writer is working. We lose, and cancel the read + * request. + */ + cntflag = isc_atomic_xadd(&rwl->cnt_and_flag, + -READER_INCR); + /* + * If no other readers are waiting and we've suspended + * new writers in this short period, wake them up. + */ + if (cntflag == READER_INCR && + rwl->write_completions != rwl->write_requests) { + LOCK(&rwl->lock); + BROADCAST(&rwl->writeable); + UNLOCK(&rwl->lock); + } + + return (ISC_R_LOCKBUSY); + } + } else { + /* Try locking without entering the waiting queue. */ + cntflag = isc_atomic_cmpxchg(&rwl->cnt_and_flag, 0, + WRITER_ACTIVE); + if (cntflag != 0) + return (ISC_R_LOCKBUSY); + + /* + * XXXJT: jump into the queue, possibly breaking the writer + * order. + */ + (void)isc_atomic_xadd(&rwl->write_completions, -1); + + rwl->write_granted++; + } + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_POSTLOCK, "postlock"), rwl, type); +#endif + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_rwlock_tryupgrade(isc_rwlock_t *rwl) { + isc_int32_t prevcnt; + + REQUIRE(VALID_RWLOCK(rwl)); + + /* Try to acquire write access. */ + prevcnt = isc_atomic_cmpxchg(&rwl->cnt_and_flag, + READER_INCR, WRITER_ACTIVE); + /* + * There must have been no writer, and there must have been at least + * one reader. + */ + INSIST((prevcnt & WRITER_ACTIVE) == 0 && + (prevcnt & ~WRITER_ACTIVE) != 0); + + if (prevcnt == READER_INCR) { + /* + * We are the only reader and have been upgraded. + * Now jump into the head of the writer waiting queue. + */ + (void)isc_atomic_xadd(&rwl->write_completions, -1); + } else + return (ISC_R_LOCKBUSY); + + return (ISC_R_SUCCESS); + +} + +void +isc_rwlock_downgrade(isc_rwlock_t *rwl) { + isc_int32_t prev_readers; + + REQUIRE(VALID_RWLOCK(rwl)); + + /* Become an active reader. */ + prev_readers = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR); + /* We must have been a writer. */ + INSIST((prev_readers & WRITER_ACTIVE) != 0); + + /* Complete write */ + (void)isc_atomic_xadd(&rwl->cnt_and_flag, -WRITER_ACTIVE); + (void)isc_atomic_xadd(&rwl->write_completions, 1); + + /* Resume other readers */ + LOCK(&rwl->lock); + if (rwl->readers_waiting > 0) + BROADCAST(&rwl->readable); + UNLOCK(&rwl->lock); +} + +isc_result_t +isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + isc_int32_t prev_cnt; + + REQUIRE(VALID_RWLOCK(rwl)); + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_PREUNLOCK, "preunlock"), rwl, type); +#endif + + if (type == isc_rwlocktype_read) { + prev_cnt = isc_atomic_xadd(&rwl->cnt_and_flag, -READER_INCR); + + /* + * If we're the last reader and any writers are waiting, wake + * them up. We need to wake up all of them to ensure the + * FIFO order. + */ + if (prev_cnt == READER_INCR && + rwl->write_completions != rwl->write_requests) { + LOCK(&rwl->lock); + BROADCAST(&rwl->writeable); + UNLOCK(&rwl->lock); + } + } else { + isc_boolean_t wakeup_writers = ISC_TRUE; + + /* + * Reset the flag, and (implicitly) tell other writers + * we are done. + */ + (void)isc_atomic_xadd(&rwl->cnt_and_flag, -WRITER_ACTIVE); + (void)isc_atomic_xadd(&rwl->write_completions, 1); + + if (rwl->write_granted >= rwl->write_quota || + rwl->write_requests == rwl->write_completions || + (rwl->cnt_and_flag & ~WRITER_ACTIVE) != 0) { + /* + * We have passed the write quota, no writer is + * waiting, or some readers are almost ready, pending + * possible writers. Note that the last case can + * happen even if write_requests != write_completions + * (which means a new writer in the queue), so we need + * to catch the case explicitly. + */ + LOCK(&rwl->lock); + if (rwl->readers_waiting > 0) { + wakeup_writers = ISC_FALSE; + BROADCAST(&rwl->readable); + } + UNLOCK(&rwl->lock); + } + + if (rwl->write_requests != rwl->write_completions && + wakeup_writers) { + LOCK(&rwl->lock); + BROADCAST(&rwl->writeable); + UNLOCK(&rwl->lock); + } + } + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_POSTUNLOCK, "postunlock"), + rwl, type); +#endif + + return (ISC_R_SUCCESS); +} + +#else /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */ + +static isc_result_t +doit(isc_rwlock_t *rwl, isc_rwlocktype_t type, isc_boolean_t nonblock) { + isc_boolean_t skip = ISC_FALSE; + isc_boolean_t done = ISC_FALSE; + isc_result_t result = ISC_R_SUCCESS; + + REQUIRE(VALID_RWLOCK(rwl)); + + LOCK(&rwl->lock); + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_PRELOCK, "prelock"), rwl, type); +#endif + + if (type == isc_rwlocktype_read) { + if (rwl->readers_waiting != 0) + skip = ISC_TRUE; + while (!done) { + if (!skip && + ((rwl->active == 0 || + (rwl->type == isc_rwlocktype_read && + (rwl->writers_waiting == 0 || + rwl->granted < rwl->read_quota))))) + { + rwl->type = isc_rwlocktype_read; + rwl->active++; + rwl->granted++; + done = ISC_TRUE; + } else if (nonblock) { + result = ISC_R_LOCKBUSY; + done = ISC_TRUE; + } else { + skip = ISC_FALSE; + rwl->readers_waiting++; + WAIT(&rwl->readable, &rwl->lock); + rwl->readers_waiting--; + } + } + } else { + if (rwl->writers_waiting != 0) + skip = ISC_TRUE; + while (!done) { + if (!skip && rwl->active == 0) { + rwl->type = isc_rwlocktype_write; + rwl->active = 1; + rwl->granted++; + done = ISC_TRUE; + } else if (nonblock) { + result = ISC_R_LOCKBUSY; + done = ISC_TRUE; + } else { + skip = ISC_FALSE; + rwl->writers_waiting++; + WAIT(&rwl->writeable, &rwl->lock); + rwl->writers_waiting--; + } + } + } + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_POSTLOCK, "postlock"), rwl, type); +#endif + + UNLOCK(&rwl->lock); + + return (result); +} + +isc_result_t +isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + return (doit(rwl, type, ISC_FALSE)); +} + +isc_result_t +isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + return (doit(rwl, type, ISC_TRUE)); +} + +isc_result_t +isc_rwlock_tryupgrade(isc_rwlock_t *rwl) { + isc_result_t result = ISC_R_SUCCESS; + + REQUIRE(VALID_RWLOCK(rwl)); + LOCK(&rwl->lock); + REQUIRE(rwl->type == isc_rwlocktype_read); + REQUIRE(rwl->active != 0); + + /* If we are the only reader then succeed. */ + if (rwl->active == 1) { + rwl->original = (rwl->original == isc_rwlocktype_none) ? + isc_rwlocktype_read : isc_rwlocktype_none; + rwl->type = isc_rwlocktype_write; + } else + result = ISC_R_LOCKBUSY; + + UNLOCK(&rwl->lock); + return (result); +} + +void +isc_rwlock_downgrade(isc_rwlock_t *rwl) { + + REQUIRE(VALID_RWLOCK(rwl)); + LOCK(&rwl->lock); + REQUIRE(rwl->type == isc_rwlocktype_write); + REQUIRE(rwl->active == 1); + + rwl->type = isc_rwlocktype_read; + rwl->original = (rwl->original == isc_rwlocktype_none) ? + isc_rwlocktype_write : isc_rwlocktype_none; + /* + * Resume processing any read request that were blocked when + * we upgraded. + */ + if (rwl->original == isc_rwlocktype_none && + (rwl->writers_waiting == 0 || rwl->granted < rwl->read_quota) && + rwl->readers_waiting > 0) + BROADCAST(&rwl->readable); + + UNLOCK(&rwl->lock); +} + +isc_result_t +isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + + REQUIRE(VALID_RWLOCK(rwl)); + LOCK(&rwl->lock); + REQUIRE(rwl->type == type); + + UNUSED(type); + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_PREUNLOCK, "preunlock"), rwl, type); +#endif + + INSIST(rwl->active > 0); + rwl->active--; + if (rwl->active == 0) { + if (rwl->original != isc_rwlocktype_none) { + rwl->type = rwl->original; + rwl->original = isc_rwlocktype_none; + } + if (rwl->type == isc_rwlocktype_read) { + rwl->granted = 0; + if (rwl->writers_waiting > 0) { + rwl->type = isc_rwlocktype_write; + SIGNAL(&rwl->writeable); + } else if (rwl->readers_waiting > 0) { + /* Does this case ever happen? */ + BROADCAST(&rwl->readable); + } + } else { + if (rwl->readers_waiting > 0) { + if (rwl->writers_waiting > 0 && + rwl->granted < rwl->write_quota) { + SIGNAL(&rwl->writeable); + } else { + rwl->granted = 0; + rwl->type = isc_rwlocktype_read; + BROADCAST(&rwl->readable); + } + } else if (rwl->writers_waiting > 0) { + rwl->granted = 0; + SIGNAL(&rwl->writeable); + } else { + rwl->granted = 0; + } + } + } + INSIST(rwl->original == isc_rwlocktype_none); + +#ifdef ISC_RWLOCK_TRACE + print_lock(isc_msgcat_get(isc_msgcat, ISC_MSGSET_RWLOCK, + ISC_MSG_POSTUNLOCK, "postunlock"), + rwl, type); +#endif + + UNLOCK(&rwl->lock); + + return (ISC_R_SUCCESS); +} + +#endif /* ISC_PLATFORM_HAVEXADD && ISC_PLATFORM_HAVECMPXCHG */ +#else /* ISC_PLATFORM_USETHREADS */ + +isc_result_t +isc_rwlock_init(isc_rwlock_t *rwl, unsigned int read_quota, + unsigned int write_quota) +{ + REQUIRE(rwl != NULL); + + UNUSED(read_quota); + UNUSED(write_quota); + + rwl->type = isc_rwlocktype_read; + rwl->active = 0; + rwl->magic = RWLOCK_MAGIC; + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + REQUIRE(VALID_RWLOCK(rwl)); + + if (type == isc_rwlocktype_read) { + if (rwl->type != isc_rwlocktype_read && rwl->active != 0) + return (ISC_R_LOCKBUSY); + rwl->type = isc_rwlocktype_read; + rwl->active++; + } else { + if (rwl->active != 0) + return (ISC_R_LOCKBUSY); + rwl->type = isc_rwlocktype_write; + rwl->active = 1; + } + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_rwlock_trylock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + return (isc_rwlock_lock(rwl, type)); +} + +isc_result_t +isc_rwlock_tryupgrade(isc_rwlock_t *rwl) { + isc_result_t result = ISC_R_SUCCESS; + + REQUIRE(VALID_RWLOCK(rwl)); + REQUIRE(rwl->type == isc_rwlocktype_read); + REQUIRE(rwl->active != 0); + + /* If we are the only reader then succeed. */ + if (rwl->active == 1) + rwl->type = isc_rwlocktype_write; + else + result = ISC_R_LOCKBUSY; + return (result); +} + +void +isc_rwlock_downgrade(isc_rwlock_t *rwl) { + + REQUIRE(VALID_RWLOCK(rwl)); + REQUIRE(rwl->type == isc_rwlocktype_write); + REQUIRE(rwl->active == 1); + + rwl->type = isc_rwlocktype_read; +} + +isc_result_t +isc_rwlock_unlock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { + REQUIRE(VALID_RWLOCK(rwl)); + REQUIRE(rwl->type == type); + + UNUSED(type); + + INSIST(rwl->active > 0); + rwl->active--; + + return (ISC_R_SUCCESS); +} + +void +isc_rwlock_destroy(isc_rwlock_t *rwl) { + REQUIRE(rwl != NULL); + REQUIRE(rwl->active == 0); + rwl->magic = 0; +} + +#endif /* ISC_PLATFORM_USETHREADS */ diff --git a/contrib/bind-9.3/lib/isc/serial.c b/contrib/bind-9.5.2/lib/isc/serial.c similarity index 87% rename from contrib/bind-9.3/lib/isc/serial.c rename to contrib/bind-9.5.2/lib/isc/serial.c index 4fe0ee592a..b43aac7ed2 100644 --- a/contrib/bind-9.3/lib/isc/serial.c +++ b/contrib/bind-9.5.2/lib/isc/serial.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: serial.c,v 1.7.206.1 2004/03/06 08:14:35 marka Exp $ */ +/* $Id: serial.c,v 1.12 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ + #include #include diff --git a/contrib/bind-9.3/lib/isc/sha1.c b/contrib/bind-9.5.2/lib/isc/sha1.c similarity index 96% rename from contrib/bind-9.3/lib/isc/sha1.c rename to contrib/bind-9.5.2/lib/isc/sha1.c index 0549e887ab..3575288481 100644 --- a/contrib/bind-9.3/lib/isc/sha1.c +++ b/contrib/bind-9.5.2/lib/isc/sha1.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,16 +15,16 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha1.c,v 1.10.2.2.2.3 2004/03/06 08:14:35 marka Exp $ */ +/* $Id: sha1.c,v 1.18 2007/06/19 23:47:17 tbox Exp $ */ /* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */ /* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */ -/* +/*! \file * SHA-1 in C - * By Steve Reid + * \author By Steve Reid * 100% Public Domain - * + * \verbatim * Test Vectors (from FIPS PUB 180-1) * "abc" * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D @@ -32,6 +32,7 @@ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 * A million repetitions of "a" * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F + * \endverbatim */ #include "config.h" @@ -44,7 +45,8 @@ #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) -/* +/*@{*/ +/*! * blk0() and blk() perform the initial expand. * I got the idea of expanding during the round function from SSLeay */ @@ -61,7 +63,9 @@ ^ block->l[(i + 2) & 15] \ ^ block->l[i & 15], 1)) -/* +/*@}*/ +/*@{*/ +/*! * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1 */ #define R0(v,w,x,y,z,i) \ @@ -80,6 +84,8 @@ z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ w = rol(w, 30); +/*@}*/ + typedef union { unsigned char c[64]; unsigned int l[16]; @@ -154,7 +160,7 @@ do_R4(isc_uint32_t *a, isc_uint32_t *b, isc_uint32_t *c, isc_uint32_t *d, } #endif -/* +/*! * Hash a single 512-bit block. This is the core of the algorithm. */ static void @@ -217,7 +223,7 @@ transform(isc_uint32_t state[5], const unsigned char buffer[64]) { } -/* +/*! * isc_sha1_init - Initialize new context */ void @@ -240,7 +246,7 @@ isc_sha1_invalidate(isc_sha1_t *context) { memset(context, 0, sizeof(isc_sha1_t)); } -/* +/*! * Run your data through this. */ void @@ -270,7 +276,7 @@ isc_sha1_update(isc_sha1_t *context, const unsigned char *data, } -/* +/*! * Add padding and return the message digest. */ diff --git a/contrib/bind-9.5.2/lib/isc/sha2.c b/contrib/bind-9.5.2/lib/isc/sha2.c new file mode 100644 index 0000000000..76aa711457 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/sha2.c @@ -0,0 +1,1234 @@ +/* + * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: sha2.c,v 1.13.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */ +/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ + +/* + * sha2.c + * + * Version 1.0.0beta1 + * + * Written by Aaron D. Gifford + * + * Copyright 2000 Aaron D. Gifford. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + + +#include + +#include +#include +#include +#include + +/* + * UNROLLED TRANSFORM LOOP NOTE: + * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform + * loop version for the hash transform rounds (defined using macros + * later in this file). Either define on the command line, for example: + * + * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c + * + * or define below: + * + * \#define ISC_SHA2_UNROLL_TRANSFORM + * + */ + +/*** SHA-256/384/512 Machine Architecture Definitions *****************/ +/* + * BYTE_ORDER NOTE: + * + * Please make sure that your system defines BYTE_ORDER. If your + * architecture is little-endian, make sure it also defines + * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are + * equivalent. + * + * If your system does not define the above, then you can do so by + * hand like this: + * + * \#define LITTLE_ENDIAN 1234 + * \#define BIG_ENDIAN 4321 + * + * And for little-endian machines, add: + * + * \#define BYTE_ORDER LITTLE_ENDIAN + * + * Or for big-endian machines: + * + * \#define BYTE_ORDER BIG_ENDIAN + * + * The FreeBSD machine this was written on defines BYTE_ORDER + * appropriately by including (which in turn includes + * where the appropriate definitions are actually + * made). + */ +#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#ifndef BYTE_ORDER +#ifndef BIG_ENDIAN +#define BIG_ENDIAN 4321 +#endif +#ifndef LITTLE_ENDIAN +#define LITTLE_ENDIAN 1234 +#endif +#ifdef WORDS_BIGENDIAN +#define BYTE_ORDER BIG_ENDIAN +#else +#define BYTE_ORDER LITTLE_ENDIAN +#endif +#else +#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN +#endif +#endif + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +/* NOTE: Most of these are in sha2.h */ +#define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8) +#define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16) +#define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16) + + +/*** ENDIAN REVERSAL MACROS *******************************************/ +#if BYTE_ORDER == LITTLE_ENDIAN +#define REVERSE32(w,x) { \ + isc_uint32_t tmp = (w); \ + tmp = (tmp >> 16) | (tmp << 16); \ + (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ +} +#ifdef WIN32 +#define REVERSE64(w,x) { \ + isc_uint64_t tmp = (w); \ + tmp = (tmp >> 32) | (tmp << 32); \ + tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \ + ((tmp & 0x00ff00ff00ff00ffUL) << 8); \ + (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \ + ((tmp & 0x0000ffff0000ffffUL) << 16); \ +} +#else +#define REVERSE64(w,x) { \ + isc_uint64_t tmp = (w); \ + tmp = (tmp >> 32) | (tmp << 32); \ + tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ + ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ + (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ + ((tmp & 0x0000ffff0000ffffULL) << 16); \ +} +#endif +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +/* + * Macro for incrementally adding the unsigned 64-bit integer n to the + * unsigned 128-bit integer (represented using a two-element array of + * 64-bit words): + */ +#define ADDINC128(w,n) { \ + (w)[0] += (isc_uint64_t)(n); \ + if ((w)[0] < (n)) { \ + (w)[1]++; \ + } \ +} + +/*** THE SIX LOGICAL FUNCTIONS ****************************************/ +/* + * Bit shifting and rotation (used by the six SHA-XYZ logical functions: + * + * NOTE: The naming of R and S appears backwards here (R is a SHIFT and + * S is a ROTATION) because the SHA-256/384/512 description document + * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this + * same "backwards" definition. + */ +/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ +#define R(b,x) ((x) >> (b)) +/* 32-bit Rotate-right (used in SHA-256): */ +#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) +/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ +#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) + +/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +/* Four of six logical functions used in SHA-256: */ +#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) +#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) +#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) +#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) + +/* Four of six logical functions used in SHA-384 and SHA-512: */ +#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) +#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) +#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) +#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) + +/*** INTERNAL FUNCTION PROTOTYPES *************************************/ +/* NOTE: These should not be accessed directly from outside this + * library -- they are intended for private internal visibility/use + * only. + */ +void isc_sha512_last(isc_sha512_t *); +void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*); +void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*); + + +/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ +/* Hash constant words K for SHA-224 and SHA-256: */ +static const isc_uint32_t K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* Initial hash value H for SHA-224: */ +static const isc_uint32_t sha224_initial_hash_value[8] = { + 0xc1059ed8UL, + 0x367cd507UL, + 0x3070dd17UL, + 0xf70e5939UL, + 0xffc00b31UL, + 0x68581511UL, + 0x64f98fa7UL, + 0xbefa4fa4UL +}; + +/* Initial hash value H for SHA-256: */ +static const isc_uint32_t sha256_initial_hash_value[8] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +#ifdef WIN32 +/* Hash constant words K for SHA-384 and SHA-512: */ +static const isc_uint64_t K512[80] = { + 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, + 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, + 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, + 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL, + 0xd807aa98a3030242UL, 0x12835b0145706fbeUL, + 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL, + 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL, + 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL, + 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL, + 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL, + 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL, + 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL, + 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL, + 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL, + 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL, + 0x06ca6351e003826fUL, 0x142929670a0e6e70UL, + 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL, + 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL, + 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL, + 0x81c2c92e47edaee6UL, 0x92722c851482353bUL, + 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL, + 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL, + 0xd192e819d6ef5218UL, 0xd69906245565a910UL, + 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL, + 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL, + 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL, + 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL, + 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL, + 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL, + 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL, + 0x90befffa23631e28UL, 0xa4506cebde82bde9UL, + 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL, + 0xca273eceea26619cUL, 0xd186b8c721c0c207UL, + 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL, + 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL, + 0x113f9804bef90daeUL, 0x1b710b35131c471bUL, + 0x28db77f523047d84UL, 0x32caab7b40c72493UL, + 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL, + 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL, + 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL +}; + +/* Initial hash value H for SHA-384: */ +static const isc_uint64_t sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8UL, + 0x629a292a367cd507UL, + 0x9159015a3070dd17UL, + 0x152fecd8f70e5939UL, + 0x67332667ffc00b31UL, + 0x8eb44a8768581511UL, + 0xdb0c2e0d64f98fa7UL, + 0x47b5481dbefa4fa4UL +}; + +/* Initial hash value H for SHA-512: */ +static const isc_uint64_t sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908U, + 0xbb67ae8584caa73bUL, + 0x3c6ef372fe94f82bUL, + 0xa54ff53a5f1d36f1UL, + 0x510e527fade682d1UL, + 0x9b05688c2b3e6c1fUL, + 0x1f83d9abfb41bd6bUL, + 0x5be0cd19137e2179UL +}; +#else +/* Hash constant words K for SHA-384 and SHA-512: */ +static const isc_uint64_t K512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* Initial hash value H for SHA-384: */ +static const isc_uint64_t sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8ULL, + 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, + 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, + 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, + 0x47b5481dbefa4fa4ULL +}; + +/* Initial hash value H for SHA-512: */ +static const isc_uint64_t sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908ULL, + 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, + 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, + 0x5be0cd19137e2179ULL +}; +#endif + +/* + * Constant used by SHA256/384/512_End() functions for converting the + * digest to a readable hexadecimal character string: + */ +static const char *sha2_hex_digits = "0123456789abcdef"; + + + +/*** SHA-224: *********************************************************/ +void +isc_sha224_init(isc_sha224_t *context) { + if (context == (isc_sha256_t *)0) { + return; + } + memcpy(context->state, sha224_initial_hash_value, + ISC_SHA256_DIGESTLENGTH); + memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); + context->bitcount = 0; +} + +void +isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { + isc_sha256_update((isc_sha256_t *)context, data, len); +} + +void +isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { + isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH]; + isc_sha256_final(sha256_digest, (isc_sha256_t *)context); + memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH); + memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH); +} + +char * +isc_sha224_end(isc_sha224_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha224_t *)0); + + if (buffer != (char*)0) { + isc_sha224_final(digest, context); + + for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { + memset(context, 0, sizeof(context)); + } + memset(digest, 0, ISC_SHA224_DIGESTLENGTH); + return buffer; +} + +char* +isc_sha224_data(const isc_uint8_t *data, size_t len, + char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) +{ + isc_sha224_t context; + + isc_sha224_init(&context); + isc_sha224_update(&context, data, len); + return (isc_sha224_end(&context, digest)); +} + +/*** SHA-256: *********************************************************/ +void +isc_sha256_init(isc_sha256_t *context) { + if (context == (isc_sha256_t *)0) { + return; + } + memcpy(context->state, sha256_initial_hash_value, + ISC_SHA256_DIGESTLENGTH); + memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); + context->bitcount = 0; +} + +#ifdef ISC_SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-256 round macros: */ + +#if BYTE_ORDER == LITTLE_ENDIAN + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ + REVERSE32(*data++, W256[j]); \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ + K256[j] + W256[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + + +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ + K256[j] + (W256[j] = *data++); \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND256(a,b,c,d,e,f,g,h) \ + s0 = W256[(j+1)&0x0f]; \ + s0 = sigma0_256(s0); \ + s1 = W256[(j+14)&0x0f]; \ + s1 = sigma1_256(s1); \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + +void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { + isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; + isc_uint32_t T1, *W256; + int j; + + W256 = (isc_uint32_t*)context->buffer; + + /* Initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND256_0_TO_15(a,b,c,d,e,f,g,h); + ROUND256_0_TO_15(h,a,b,c,d,e,f,g); + ROUND256_0_TO_15(g,h,a,b,c,d,e,f); + ROUND256_0_TO_15(f,g,h,a,b,c,d,e); + ROUND256_0_TO_15(e,f,g,h,a,b,c,d); + ROUND256_0_TO_15(d,e,f,g,h,a,b,c); + ROUND256_0_TO_15(c,d,e,f,g,h,a,b); + ROUND256_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds to 64: */ + do { + ROUND256(a,b,c,d,e,f,g,h); + ROUND256(h,a,b,c,d,e,f,g); + ROUND256(g,h,a,b,c,d,e,f); + ROUND256(f,g,h,a,b,c,d,e); + ROUND256(e,f,g,h,a,b,c,d); + ROUND256(d,e,f,g,h,a,b,c); + ROUND256(c,d,e,f,g,h,a,b); + ROUND256(b,c,d,e,f,g,h,a); + } while (j < 64); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* ISC_SHA2_UNROLL_TRANSFORM */ + +void +isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { + isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; + isc_uint32_t T1, T2, *W256; + int j; + + W256 = (isc_uint32_t*)context->buffer; + + /* Initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { +#if BYTE_ORDER == LITTLE_ENDIAN + /* Copy data while converting to host byte order */ + REVERSE32(*data++,W256[j]); + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + /* Apply the SHA-256 compression function to update a..h with copy */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W256[(j+1)&0x0f]; + s0 = sigma0_256(s0); + s1 = W256[(j+14)&0x0f]; + s1 = sigma1_256(s1); + + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 64); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* ISC_SHA2_UNROLL_TRANSFORM */ + +void +isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { + unsigned int freespace, usedspace; + + if (len == 0U) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); + + usedspace = (unsigned int)((context->bitcount >> 3) % + ISC_SHA256_BLOCK_LENGTH); + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = ISC_SHA256_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + context->bitcount += freespace << 3; + len -= freespace; + data += freespace; + isc_sha256_transform(context, + (isc_uint32_t*)context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + context->bitcount += len << 3; + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= ISC_SHA256_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH); + isc_sha256_transform(context, (isc_uint32_t*)context->buffer); + context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3; + len -= ISC_SHA256_BLOCK_LENGTH; + data += ISC_SHA256_BLOCK_LENGTH; + } + if (len > 0U) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + context->bitcount += len << 3; + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void +isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { + isc_uint32_t *d = (isc_uint32_t*)digest; + unsigned int usedspace; + + /* Sanity check: */ + REQUIRE(context != (isc_sha256_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + usedspace = (unsigned int)((context->bitcount >> 3) % + ISC_SHA256_BLOCK_LENGTH); +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert FROM host byte order */ + REVERSE64(context->bitcount,context->bitcount); +#endif + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, + ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < ISC_SHA256_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, + ISC_SHA256_BLOCK_LENGTH - + usedspace); + } + /* Do second-to-last transform: */ + isc_sha256_transform(context, + (isc_uint32_t*)context->buffer); + + /* And set-up for the last transform: */ + memset(context->buffer, 0, + ISC_SHA256_SHORT_BLOCK_LENGTH); + } + } else { + /* Set-up for the last transform: */ + memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Set the bit count: */ + *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; + + /* Final transform: */ + isc_sha256_transform(context, (isc_uint32_t*)context->buffer); + +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 8; j++) { + REVERSE32(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH); +#endif + } + + /* Clean up state data: */ + memset(context, 0, sizeof(context)); + usedspace = 0; +} + +char * +isc_sha256_end(isc_sha256_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha256_t *)0); + + if (buffer != (char*)0) { + isc_sha256_final(digest, context); + + for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { + memset(context, 0, sizeof(context)); + } + memset(digest, 0, ISC_SHA256_DIGESTLENGTH); + return buffer; +} + +char * +isc_sha256_data(const isc_uint8_t* data, size_t len, + char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) +{ + isc_sha256_t context; + + isc_sha256_init(&context); + isc_sha256_update(&context, data, len); + return (isc_sha256_end(&context, digest)); +} + + +/*** SHA-512: *********************************************************/ +void +isc_sha512_init(isc_sha512_t *context) { + if (context == (isc_sha512_t *)0) { + return; + } + memcpy(context->state, sha512_initial_hash_value, + ISC_SHA512_DIGESTLENGTH); + memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH); + context->bitcount[0] = context->bitcount[1] = 0; +} + +#ifdef ISC_SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-512 round macros: */ +#if BYTE_ORDER == LITTLE_ENDIAN + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ + REVERSE64(*data++, W512[j]); \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ + K512[j] + W512[j]; \ + (d) += T1, \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ + j++ + + +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ + K512[j] + (W512[j] = *data++); \ + (d) += T1; \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ + j++ + +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND512(a,b,c,d,e,f,g,h) \ + s0 = W512[(j+1)&0x0f]; \ + s0 = sigma0_512(s0); \ + s1 = W512[(j+14)&0x0f]; \ + s1 = sigma1_512(s1); \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ + j++ + +void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { + isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; + isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { + ROUND512_0_TO_15(a,b,c,d,e,f,g,h); + ROUND512_0_TO_15(h,a,b,c,d,e,f,g); + ROUND512_0_TO_15(g,h,a,b,c,d,e,f); + ROUND512_0_TO_15(f,g,h,a,b,c,d,e); + ROUND512_0_TO_15(e,f,g,h,a,b,c,d); + ROUND512_0_TO_15(d,e,f,g,h,a,b,c); + ROUND512_0_TO_15(c,d,e,f,g,h,a,b); + ROUND512_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 79: */ + do { + ROUND512(a,b,c,d,e,f,g,h); + ROUND512(h,a,b,c,d,e,f,g); + ROUND512(g,h,a,b,c,d,e,f); + ROUND512(f,g,h,a,b,c,d,e); + ROUND512(e,f,g,h,a,b,c,d); + ROUND512(d,e,f,g,h,a,b,c); + ROUND512(c,d,e,f,g,h,a,b); + ROUND512(b,c,d,e,f,g,h,a); + } while (j < 80); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* ISC_SHA2_UNROLL_TRANSFORM */ + +void +isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { + isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; + isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer; + int j; + + /* Initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert TO host byte order */ + REVERSE64(*data++, W512[j]); + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + /* Apply the SHA-512 compression function to update a..h with copy */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W512[(j+1)&0x0f]; + s0 = sigma0_512(s0); + s1 = W512[(j+14)&0x0f]; + s1 = sigma1_512(s1); + + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 80); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* ISC_SHA2_UNROLL_TRANSFORM */ + +void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { + unsigned int freespace, usedspace; + + if (len == 0U) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); + + usedspace = (unsigned int)((context->bitcount[0] >> 3) % + ISC_SHA512_BLOCK_LENGTH); + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = ISC_SHA512_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + memcpy(&context->buffer[usedspace], data, freespace); + ADDINC128(context->bitcount, freespace << 3); + len -= freespace; + data += freespace; + isc_sha512_transform(context, + (isc_uint64_t*)context->buffer); + } else { + /* The buffer is not yet full */ + memcpy(&context->buffer[usedspace], data, len); + ADDINC128(context->bitcount, len << 3); + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= ISC_SHA512_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH); + isc_sha512_transform(context, (isc_uint64_t*)context->buffer); + ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3); + len -= ISC_SHA512_BLOCK_LENGTH; + data += ISC_SHA512_BLOCK_LENGTH; + } + if (len > 0U) { + /* There's left-overs, so save 'em */ + memcpy(context->buffer, data, len); + ADDINC128(context->bitcount, len << 3); + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void isc_sha512_last(isc_sha512_t *context) { + unsigned int usedspace; + + usedspace = (unsigned int)((context->bitcount[0] >> 3) % + ISC_SHA512_BLOCK_LENGTH); +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert FROM host byte order */ + REVERSE64(context->bitcount[0],context->bitcount[0]); + REVERSE64(context->bitcount[1],context->bitcount[1]); +#endif + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + memset(&context->buffer[usedspace], 0, + ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < ISC_SHA512_BLOCK_LENGTH) { + memset(&context->buffer[usedspace], 0, + ISC_SHA512_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + isc_sha512_transform(context, + (isc_uint64_t*)context->buffer); + + /* And set-up for the last transform: */ + memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2); + } + } else { + /* Prepare for final transform: */ + memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits): */ + *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; + *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; + + /* Final transform: */ + isc_sha512_transform(context, (isc_uint64_t*)context->buffer); +} + +void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { + isc_uint64_t *d = (isc_uint64_t*)digest; + + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + isc_sha512_last(context); + + /* Save the hash data for output: */ +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 8; j++) { + REVERSE64(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH); +#endif + } + + /* Zero out state data */ + memset(context, 0, sizeof(context)); +} + +char * +isc_sha512_end(isc_sha512_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha512_t *)0); + + if (buffer != (char*)0) { + isc_sha512_final(digest, context); + + for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { + memset(context, 0, sizeof(context)); + } + memset(digest, 0, ISC_SHA512_DIGESTLENGTH); + return buffer; +} + +char * +isc_sha512_data(const isc_uint8_t *data, size_t len, + char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) +{ + isc_sha512_t context; + + isc_sha512_init(&context); + isc_sha512_update(&context, data, len); + return (isc_sha512_end(&context, digest)); +} + + +/*** SHA-384: *********************************************************/ +void +isc_sha384_init(isc_sha384_t *context) { + if (context == (isc_sha384_t *)0) { + return; + } + memcpy(context->state, sha384_initial_hash_value, + ISC_SHA512_DIGESTLENGTH); + memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH); + context->bitcount[0] = context->bitcount[1] = 0; +} + +void +isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { + isc_sha512_update((isc_sha512_t *)context, data, len); +} + +void +isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { + isc_uint64_t *d = (isc_uint64_t*)digest; + + /* Sanity check: */ + REQUIRE(context != (isc_sha384_t *)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (isc_uint8_t*)0) { + isc_sha512_last((isc_sha512_t *)context); + + /* Save the hash data for output: */ +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 6; j++) { + REVERSE64(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH); +#endif + } + + /* Zero out state data */ + memset(context, 0, sizeof(context)); +} + +char * +isc_sha384_end(isc_sha384_t *context, char buffer[]) { + isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest; + unsigned int i; + + /* Sanity check: */ + REQUIRE(context != (isc_sha384_t *)0); + + if (buffer != (char*)0) { + isc_sha384_final(digest, context); + + for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) { + *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; + *buffer++ = sha2_hex_digits[*d & 0x0f]; + d++; + } + *buffer = (char)0; + } else { + memset(context, 0, sizeof(context)); + } + memset(digest, 0, ISC_SHA384_DIGESTLENGTH); + return buffer; +} + +char* +isc_sha384_data(const isc_uint8_t *data, size_t len, + char digest[ISC_SHA384_DIGESTSTRINGLENGTH]) +{ + isc_sha384_t context; + + isc_sha384_init(&context); + isc_sha384_update(&context, data, len); + return (isc_sha384_end(&context, digest)); +} diff --git a/contrib/bind-9.3/lib/isc/sockaddr.c b/contrib/bind-9.5.2/lib/isc/sockaddr.c similarity index 81% rename from contrib/bind-9.3/lib/isc/sockaddr.c rename to contrib/bind-9.5.2/lib/isc/sockaddr.c index a40f0c9ccf..62975df34d 100644 --- a/contrib/bind-9.3/lib/isc/sockaddr.c +++ b/contrib/bind-9.5.2/lib/isc/sockaddr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sockaddr.c,v 1.48.2.1.2.12 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: sockaddr.c,v 1.70 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include @@ -33,6 +35,21 @@ isc_boolean_t isc_sockaddr_equal(const isc_sockaddr_t *a, const isc_sockaddr_t *b) { + return (isc_sockaddr_compare(a, b, ISC_SOCKADDR_CMPADDR| + ISC_SOCKADDR_CMPPORT| + ISC_SOCKADDR_CMPSCOPE)); +} + +isc_boolean_t +isc_sockaddr_eqaddr(const isc_sockaddr_t *a, const isc_sockaddr_t *b) { + return (isc_sockaddr_compare(a, b, ISC_SOCKADDR_CMPADDR| + ISC_SOCKADDR_CMPSCOPE)); +} + +isc_boolean_t +isc_sockaddr_compare(const isc_sockaddr_t *a, const isc_sockaddr_t *b, + unsigned int flags) +{ REQUIRE(a != NULL && b != NULL); if (a->length != b->length) @@ -47,21 +64,33 @@ isc_sockaddr_equal(const isc_sockaddr_t *a, const isc_sockaddr_t *b) { return (ISC_FALSE); switch (a->type.sa.sa_family) { case AF_INET: - if (memcmp(&a->type.sin.sin_addr, &b->type.sin.sin_addr, + if ((flags & ISC_SOCKADDR_CMPADDR) != 0 && + memcmp(&a->type.sin.sin_addr, &b->type.sin.sin_addr, sizeof(a->type.sin.sin_addr)) != 0) return (ISC_FALSE); - if (a->type.sin.sin_port != b->type.sin.sin_port) + if ((flags & ISC_SOCKADDR_CMPPORT) != 0 && + a->type.sin.sin_port != b->type.sin.sin_port) return (ISC_FALSE); break; case AF_INET6: - if (memcmp(&a->type.sin6.sin6_addr, &b->type.sin6.sin6_addr, + if ((flags & ISC_SOCKADDR_CMPADDR) != 0 && + memcmp(&a->type.sin6.sin6_addr, &b->type.sin6.sin6_addr, sizeof(a->type.sin6.sin6_addr)) != 0) return (ISC_FALSE); #ifdef ISC_PLATFORM_HAVESCOPEID - if (a->type.sin6.sin6_scope_id != b->type.sin6.sin6_scope_id) + /* + * If ISC_SOCKADDR_CMPSCOPEZERO is set then don't return + * ISC_FALSE if one of the scopes in zero. + */ + if ((flags & ISC_SOCKADDR_CMPSCOPE) != 0 && + a->type.sin6.sin6_scope_id != b->type.sin6.sin6_scope_id && + ((flags & ISC_SOCKADDR_CMPSCOPEZERO) == 0 || + (a->type.sin6.sin6_scope_id != 0 && + b->type.sin6.sin6_scope_id != 0))) return (ISC_FALSE); #endif - if (a->type.sin6.sin6_port != b->type.sin6.sin6_port) + if ((flags & ISC_SOCKADDR_CMPPORT) != 0 && + a->type.sin6.sin6_port != b->type.sin6.sin6_port) return (ISC_FALSE); break; default: @@ -71,37 +100,6 @@ isc_sockaddr_equal(const isc_sockaddr_t *a, const isc_sockaddr_t *b) { return (ISC_TRUE); } -isc_boolean_t -isc_sockaddr_eqaddr(const isc_sockaddr_t *a, const isc_sockaddr_t *b) { - REQUIRE(a != NULL && b != NULL); - - if (a->length != b->length) - return (ISC_FALSE); - - if (a->type.sa.sa_family != b->type.sa.sa_family) - return (ISC_FALSE); - switch (a->type.sa.sa_family) { - case AF_INET: - if (memcmp(&a->type.sin.sin_addr, &b->type.sin.sin_addr, - sizeof(a->type.sin.sin_addr)) != 0) - return (ISC_FALSE); - break; - case AF_INET6: - if (memcmp(&a->type.sin6.sin6_addr, &b->type.sin6.sin6_addr, - sizeof(a->type.sin6.sin6_addr)) != 0) - return (ISC_FALSE); -#ifdef ISC_PLATFORM_HAVESCOPEID - if (a->type.sin6.sin6_scope_id != b->type.sin6.sin6_scope_id) - return (ISC_FALSE); -#endif - break; - default: - if (memcmp(&a->type, &b->type, a->length) != 0) - return (ISC_FALSE); - } - return (ISC_TRUE); -} - isc_boolean_t isc_sockaddr_eqaddrprefix(const isc_sockaddr_t *a, const isc_sockaddr_t *b, unsigned int prefixlen) @@ -134,6 +132,23 @@ isc_sockaddr_totext(const isc_sockaddr_t *sockaddr, isc_buffer_t *target) { case AF_INET6: snprintf(pbuf, sizeof(pbuf), "%u", ntohs(sockaddr->type.sin6.sin6_port)); break; +#ifdef ISC_PLAFORM_HAVESYSUNH + case AF_UNIX: + plen = strlen(sockaddr->type.sunix.sun_path); + if (plen >= isc_buffer_availablelength(target)) + return (ISC_R_NOSPACE); + + isc_buffer_putmem(target, sockaddr->type.sunix.sun_path, plen); + + /* + * Null terminate after used region. + */ + isc_buffer_availableregion(target, &avail); + INSIST(avail.length >= 1); + avail.base[0] = '\0'; + + return (ISC_R_SUCCESS); +#endif default: return (ISC_R_FAILURE); } @@ -425,8 +440,12 @@ isc_boolean_t isc_sockaddr_ismulticast(const isc_sockaddr_t *sockaddr) { isc_netaddr_t netaddr; - isc_netaddr_fromsockaddr(&netaddr, sockaddr); - return (isc_netaddr_ismulticast(&netaddr)); + if (sockaddr->type.sa.sa_family == AF_INET || + sockaddr->type.sa.sa_family == AF_INET6) { + isc_netaddr_fromsockaddr(&netaddr, sockaddr); + return (isc_netaddr_ismulticast(&netaddr)); + } + return (ISC_FALSE); } isc_boolean_t @@ -461,3 +480,24 @@ isc_sockaddr_islinklocal(const isc_sockaddr_t *sockaddr) { } return (ISC_FALSE); } + +isc_result_t +isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) { +#ifdef ISC_PLATFORM_HAVESYSUNH + if (strlen(path) >= sizeof(sockaddr->type.sunix.sun_path)) + return (ISC_R_NOSPACE); + memset(sockaddr, 0, sizeof(*sockaddr)); + sockaddr->length = sizeof(sockaddr->type.sunix); + sockaddr->type.sunix.sun_family = AF_UNIX; +#ifdef ISC_PLATFORM_HAVESALEN + sockaddr->type.sunix.sun_len = + (unsigned char)sizeof(sockaddr->type.sunix); +#endif + strcpy(sockaddr->type.sunix.sun_path, path); + return (ISC_R_SUCCESS); +#else + UNUSED(sockaddr); + UNUSED(path); + return (ISC_R_NOTIMPLEMENTED); +#endif +} diff --git a/contrib/bind-9.5.2/lib/isc/sparc64/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/sparc64/include/isc/atomic.h new file mode 100644 index 0000000000..5533ddb0cc --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/sparc64/include/isc/atomic.h @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.5 2007/06/19 23:47:18 tbox Exp $ */ + +/* + * This code was written based on FreeBSD's kernel source whose copyright + * follows: + */ + +/*- + * Copyright (c) 1998 Doug Rabson. + * Copyright (c) 2001 Jake Burkholder. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * from: FreeBSD: src/sys/i386/include/atomic.h,v 1.20 2001/02/11 + * $FreeBSD: src/sys/sparc64/include/atomic.h,v 1.8 2004/05/22 00:52:16 marius Exp $ + */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +#define ASI_P 0x80 /* Primary Address Space Identifier */ + +#ifdef ISC_PLATFORM_USEGCCASM + +/* + * This routine atomically increments the value stored in 'p' by 'val', and + * returns the previous value. + */ +static inline isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + isc_int32_t prev, swapped; + + for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) { + swapped = prev + val; + __asm__ volatile( + "casa [%1] %2, %3, %0" + : "+r"(swapped) + : "r"(p), "n"(ASI_P), "r"(prev)); + if (swapped == prev) + break; + } + + return (prev); +} + +/* + * This routine atomically stores the value 'val' in 'p'. + */ +static inline void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + isc_int32_t prev, swapped; + + for (prev = *(volatile isc_int32_t *)p; ; prev = swapped) { + swapped = val; + __asm__ volatile( + "casa [%1] %2, %3, %0" + : "+r"(swapped) + : "r"(p), "n"(ASI_P), "r"(prev) + : "memory"); + if (swapped == prev) + break; + } +} + +/* + * This routine atomically replaces the value in 'p' with 'val', if the + * original value is equal to 'cmpval'. The original value is returned in any + * case. + */ +static inline isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + isc_int32_t temp = val; + + __asm__ volatile( + "casa [%1] %2, %3, %0" + : "+r"(temp) + : "r"(p), "n"(ASI_P), "r"(cmpval)); + + return (temp); +} + +#else /* ISC_PLATFORM_USEGCCASM */ + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif /* ISC_PLATFORM_USEGCCASM */ + +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.5.2/lib/isc/stats.c b/contrib/bind-9.5.2/lib/isc/stats.c new file mode 100644 index 0000000000..b3b6bc1789 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/stats.c @@ -0,0 +1,326 @@ +/* + * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: stats.c,v 1.3.8.2 2009/01/29 23:47:14 tbox Exp $ */ + +/*! \file */ + +#include + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define ISC_STATS_MAGIC ISC_MAGIC('S', 't', 'a', 't') +#define ISC_STATS_VALID(x) ISC_MAGIC_VALID(x, ISC_STATS_MAGIC) + +#ifndef ISC_STATS_USEMULTIFIELDS +#if defined(ISC_RWLOCK_USEATOMIC) && defined(ISC_PLATFORM_HAVEXADD) && !defined(ISC_PLATFORM_HAVEXADDQ) +#define ISC_STATS_USEMULTIFIELDS 1 +#else +#define ISC_STATS_USEMULTIFIELDS 0 +#endif +#endif /* ISC_STATS_USEMULTIFIELDS */ + +#if ISC_STATS_USEMULTIFIELDS +typedef struct { + isc_uint32_t hi; + isc_uint32_t lo; +} isc_stat_t; +#else +typedef isc_uint64_t isc_stat_t; +#endif + +struct isc_stats { + /*% Unlocked */ + unsigned int magic; + isc_mem_t *mctx; + int ncounters; + + isc_mutex_t lock; + unsigned int references; /* locked by lock */ + + /*% + * Locked by counterlock or unlocked if efficient rwlock is not + * available. + */ +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_t counterlock; +#endif + isc_stat_t *counters; + + /*% + * We don't want to lock the counters while we are dumping, so we first + * copy the current counter values into a local array. This buffer + * will be used as the copy destination. It's allocated on creation + * of the stats structure so that the dump operation won't fail due + * to memory allocation failure. + * XXX: this approach is weird for non-threaded build because the + * additional memory and the copy overhead could be avoided. We prefer + * simplicity here, however, under the assumption that this function + * should be only rarely called. + */ + isc_uint64_t *copiedcounters; +}; + +static isc_result_t +create_stats(isc_mem_t *mctx, int ncounters, isc_stats_t **statsp) { + isc_stats_t *stats; + isc_result_t result = ISC_R_SUCCESS; + + REQUIRE(statsp != NULL && *statsp == NULL); + + stats = isc_mem_get(mctx, sizeof(*stats)); + if (stats == NULL) + return (ISC_R_NOMEMORY); + + result = isc_mutex_init(&stats->lock); + if (result != ISC_R_SUCCESS) + goto clean_stats; + + stats->counters = isc_mem_get(mctx, sizeof(isc_stat_t) * ncounters); + if (stats->counters == NULL) { + result = ISC_R_NOMEMORY; + goto clean_mutex; + } + stats->copiedcounters = isc_mem_get(mctx, + sizeof(isc_uint64_t) * ncounters); + if (stats->copiedcounters == NULL) { + result = ISC_R_NOMEMORY; + goto clean_counters; + } + +#ifdef ISC_RWLOCK_USEATOMIC + result = isc_rwlock_init(&stats->counterlock, 0, 0); + if (result != ISC_R_SUCCESS) + goto clean_copiedcounters; +#endif + + stats->references = 1; + memset(stats->counters, 0, sizeof(isc_stat_t) * ncounters); + stats->mctx = NULL; + isc_mem_attach(mctx, &stats->mctx); + stats->ncounters = ncounters; + stats->magic = ISC_STATS_MAGIC; + + *statsp = stats; + + return (result); + +clean_counters: + isc_mem_put(mctx, stats->counters, sizeof(isc_stat_t) * ncounters); + +#ifdef ISC_RWLOCK_USEATOMIC +clean_copiedcounters: + isc_mem_put(mctx, stats->copiedcounters, + sizeof(isc_stat_t) * ncounters); +#endif + +clean_mutex: + DESTROYLOCK(&stats->lock); + +clean_stats: + isc_mem_put(mctx, stats, sizeof(*stats)); + + return (result); +} + +void +isc_stats_attach(isc_stats_t *stats, isc_stats_t **statsp) { + REQUIRE(ISC_STATS_VALID(stats)); + REQUIRE(statsp != NULL && *statsp == NULL); + + LOCK(&stats->lock); + stats->references++; + UNLOCK(&stats->lock); + + *statsp = stats; +} + +void +isc_stats_detach(isc_stats_t **statsp) { + isc_stats_t *stats; + + REQUIRE(statsp != NULL && ISC_STATS_VALID(*statsp)); + + stats = *statsp; + *statsp = NULL; + + LOCK(&stats->lock); + stats->references--; + UNLOCK(&stats->lock); + + if (stats->references == 0) { + isc_mem_put(stats->mctx, stats->copiedcounters, + sizeof(isc_stat_t) * stats->ncounters); + isc_mem_put(stats->mctx, stats->counters, + sizeof(isc_stat_t) * stats->ncounters); + DESTROYLOCK(&stats->lock); +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_destroy(&stats->counterlock); +#endif + isc_mem_putanddetach(&stats->mctx, stats, sizeof(*stats)); + } +} + +int +isc_stats_ncounters(isc_stats_t *stats) { + REQUIRE(ISC_STATS_VALID(stats)); + + return (stats->ncounters); +} + +static inline void +incrementcounter(isc_stats_t *stats, int counter) { + isc_int32_t prev; + +#ifdef ISC_RWLOCK_USEATOMIC + /* + * We use a "read" lock to prevent other threads from reading the + * counter while we "writing" a counter field. The write access itself + * is protected by the atomic operation. + */ + isc_rwlock_lock(&stats->counterlock, isc_rwlocktype_read); +#endif + +#if ISC_STATS_USEMULTIFIELDS + prev = isc_atomic_xadd((isc_int32_t *)&stats->counters[counter].lo, 1); + /* + * If the lower 32-bit field overflows, increment the higher field. + * Note that it's *theoretically* possible that the lower field + * overlaps again before the higher field is incremented. It doesn't + * matter, however, because we don't read the value until + * isc_stats_copy() is called where the whole process is protected + * by the write (exclusive) lock. + */ + if (prev == (isc_int32_t)0xffffffff) + isc_atomic_xadd((isc_int32_t *)&stats->counters[counter].hi, 1); +#elif defined(ISC_PLATFORM_HAVEXADDQ) + UNUSED(prev); + isc_atomic_xaddq((isc_int64_t *)&stats->counters[counter], 1); +#else + UNUSED(prev); + stats->counters[counter]++; +#endif + +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_unlock(&stats->counterlock, isc_rwlocktype_read); +#endif +} + +static inline void +decrementcounter(isc_stats_t *stats, int counter) { + isc_int32_t prev; + +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_lock(&stats->counterlock, isc_rwlocktype_read); +#endif + +#if ISC_STATS_USEMULTIFIELDS + prev = isc_atomic_xadd((isc_int32_t *)&stats->counters[counter].lo, -1); + if (prev == 0) + isc_atomic_xadd((isc_int32_t *)&stats->counters[counter].hi, + -1); +#elif defined(ISC_PLATFORM_HAVEXADDQ) + UNUSED(prev); + isc_atomic_xaddq((isc_int64_t *)&stats->counters[counter], -1); +#else + UNUSED(prev); + stats->counters[counter]--; +#endif + +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_unlock(&stats->counterlock, isc_rwlocktype_read); +#endif +} + +static void +copy_counters(isc_stats_t *stats) { + int i; + +#ifdef ISC_RWLOCK_USEATOMIC + /* + * We use a "write" lock before "reading" the statistics counters as + * an exclusive lock. + */ + isc_rwlock_lock(&stats->counterlock, isc_rwlocktype_write); +#endif + +#if ISC_STATS_USEMULTIFIELDS + for (i = 0; i < stats->ncounters; i++) { + stats->copiedcounters[i] = + (isc_uint64_t)(stats->counters[i].hi) << 32 | + stats->counters[i].lo; + } +#else + UNUSED(i); + memcpy(stats->copiedcounters, stats->counters, + stats->ncounters * sizeof(isc_stat_t)); +#endif + +#ifdef ISC_RWLOCK_USEATOMIC + isc_rwlock_unlock(&stats->counterlock, isc_rwlocktype_write); +#endif +} + +isc_result_t +isc_stats_create(isc_mem_t *mctx, isc_stats_t **statsp, int ncounters) { + REQUIRE(statsp != NULL && *statsp == NULL); + + return (create_stats(mctx, ncounters, statsp)); +} + +void +isc_stats_increment(isc_stats_t *stats, isc_statscounter_t counter) { + REQUIRE(ISC_STATS_VALID(stats)); + REQUIRE(counter < stats->ncounters); + + incrementcounter(stats, (int)counter); +} + +void +isc_stats_decrement(isc_stats_t *stats, isc_statscounter_t counter) { + REQUIRE(ISC_STATS_VALID(stats)); + REQUIRE(counter < stats->ncounters); + + decrementcounter(stats, (int)counter); +} + +void +isc_stats_dump(isc_stats_t *stats, isc_stats_dumper_t dump_fn, + void *arg, unsigned int options) +{ + int i; + + REQUIRE(ISC_STATS_VALID(stats)); + + copy_counters(stats); + + for (i = 0; i < stats->ncounters; i++) { + if ((options & ISC_STATSDUMP_VERBOSE) == 0 && + stats->copiedcounters[i] == 0) + continue; + dump_fn((isc_statscounter_t)i, stats->copiedcounters[i], arg); + } +} diff --git a/contrib/bind-9.3/lib/isc/string.c b/contrib/bind-9.5.2/lib/isc/string.c similarity index 59% rename from contrib/bind-9.3/lib/isc/string.c rename to contrib/bind-9.5.2/lib/isc/string.c index 2a1e557bd0..b9c43e7bb1 100644 --- a/contrib/bind-9.3/lib/isc/string.c +++ b/contrib/bind-9.5.2/lib/isc/string.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,19 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: string.c,v 1.6.164.5 2004/09/16 01:00:58 marka Exp $ */ +/* $Id: string.c,v 1.20 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include #include +#include +#include +#include #include +#include static char digits[] = "0123456789abcdefghijklmnoprstuvwxyz"; @@ -89,6 +95,105 @@ isc_string_touint64(char *source, char **end, int base) { return (tmp); } +isc_result_t +isc_string_copy(char *target, size_t size, const char *source) { + REQUIRE(size > 0U); + + if (strlcpy(target, source, size) >= size) { + memset(target, ISC_STRING_MAGIC, size); + return (ISC_R_NOSPACE); + } + + ENSURE(strlen(target) < size); + + return (ISC_R_SUCCESS); +} + +void +isc_string_copy_truncate(char *target, size_t size, const char *source) { + REQUIRE(size > 0U); + + strlcpy(target, source, size); + + ENSURE(strlen(target) < size); +} + +isc_result_t +isc_string_append(char *target, size_t size, const char *source) { + REQUIRE(size > 0U); + REQUIRE(strlen(target) < size); + + if (strlcat(target, source, size) >= size) { + memset(target, ISC_STRING_MAGIC, size); + return (ISC_R_NOSPACE); + } + + ENSURE(strlen(target) < size); + + return (ISC_R_SUCCESS); +} + +void +isc_string_append_truncate(char *target, size_t size, const char *source) { + REQUIRE(size > 0U); + REQUIRE(strlen(target) < size); + + strlcat(target, source, size); + + ENSURE(strlen(target) < size); +} + +isc_result_t +isc_string_printf(char *target, size_t size, const char *format, ...) { + va_list args; + size_t n; + + REQUIRE(size > 0U); + + va_start(args, format); + n = vsnprintf(target, size, format, args); + va_end(args); + + if (n >= size) { + memset(target, ISC_STRING_MAGIC, size); + return (ISC_R_NOSPACE); + } + + ENSURE(strlen(target) < size); + + return (ISC_R_SUCCESS); +} + +void +isc_string_printf_truncate(char *target, size_t size, const char *format, ...) { + va_list args; + size_t n; + + REQUIRE(size > 0U); + + va_start(args, format); + n = vsnprintf(target, size, format, args); + va_end(args); + + ENSURE(strlen(target) < size); +} + +char * +isc_string_regiondup(isc_mem_t *mctx, const isc_region_t *source) { + char *target; + + REQUIRE(mctx != NULL); + REQUIRE(source != NULL); + + target = (char *) isc_mem_allocate(mctx, source->length + 1); + if (target != NULL) { + memcpy(source->base, target, source->length); + target[source->length] = '\0'; + } + + return (target); +} + char * isc_string_separate(char **stringp, const char *delim) { char *string = *stringp; diff --git a/contrib/bind-9.3/lib/isc/strtoul.c b/contrib/bind-9.5.2/lib/isc/strtoul.c similarity index 94% rename from contrib/bind-9.3/lib/isc/strtoul.c rename to contrib/bind-9.5.2/lib/isc/strtoul.c index b3d7e499ee..18d93e21ce 100644 --- a/contrib/bind-9.3/lib/isc/strtoul.c +++ b/contrib/bind-9.5.2/lib/isc/strtoul.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -48,11 +48,12 @@ * SUCH DAMAGE. */ +/*! \file */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ -/* $Id: strtoul.c,v 1.2.14.3 2004/03/06 08:14:36 marka Exp $ */ +/* $Id: strtoul.c,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ #include @@ -63,7 +64,7 @@ static char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93"; #include #include -/* +/*! * Convert a string to an unsigned long integer. * * Ignores `locale' stuff. Assumes that the upper and lower case diff --git a/contrib/bind-9.3/lib/isc/symtab.c b/contrib/bind-9.5.2/lib/isc/symtab.c similarity index 96% rename from contrib/bind-9.3/lib/isc/symtab.c rename to contrib/bind-9.5.2/lib/isc/symtab.c index 8b2b8c46bc..9f8e798df3 100644 --- a/contrib/bind-9.3/lib/isc/symtab.c +++ b/contrib/bind-9.5.2/lib/isc/symtab.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: symtab.c,v 1.24.12.3 2004/03/08 09:04:50 marka Exp $ */ +/* $Id: symtab.c,v 1.30 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/task.c b/contrib/bind-9.5.2/lib/isc/task.c similarity index 89% rename from contrib/bind-9.3/lib/isc/task.c rename to contrib/bind-9.5.2/lib/isc/task.c index 9b31523496..4b5a5a3c7a 100644 --- a/contrib/bind-9.3/lib/isc/task.c +++ b/contrib/bind-9.5.2/lib/isc/task.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: task.c,v 1.85.2.3.8.5 2004/10/15 00:45:45 marka Exp $ */ +/* $Id: task.c,v 1.105.128.2 2008/03/27 23:46:28 tbox Exp $ */ -/* - * Principal Author: Bob Halley +/*! \file + * \author Principal Author: Bob Halley */ /* @@ -38,13 +38,12 @@ #include #include #include +#include #ifndef ISC_PLATFORM_USETHREADS #include "task_p.h" #endif /* ISC_PLATFORM_USETHREADS */ -#define ISC_TASK_NAMES 1 - #ifdef ISC_TASK_TRACE #define XTRACE(m) fprintf(stderr, "task %p thread %lu: %s\n", \ task, isc_thread_self(), (m)) @@ -67,6 +66,12 @@ typedef enum { task_state_done } task_state_t; +#ifdef HAVE_LIBXML2 +static const char *statenames[] = { + "idle", "ready", "running", "done", +}; +#endif + #define TASK_MAGIC ISC_MAGIC('T', 'A', 'S', 'K') #define VALID_TASK(t) ISC_MAGIC_VALID(t, TASK_MAGIC) @@ -83,10 +88,8 @@ struct isc_task { unsigned int quantum; unsigned int flags; isc_stdtime_t now; -#ifdef ISC_TASK_NAMES char name[16]; void * tag; -#endif /* Locked by task manager lock. */ LINK(isc_task_t) link; LINK(isc_task_t) ready_link; @@ -174,6 +177,7 @@ isc_task_create(isc_taskmgr_t *manager, unsigned int quantum, { isc_task_t *task; isc_boolean_t exiting; + isc_result_t result; REQUIRE(VALID_MANAGER(manager)); REQUIRE(taskp != NULL && *taskp == NULL); @@ -183,13 +187,10 @@ isc_task_create(isc_taskmgr_t *manager, unsigned int quantum, return (ISC_R_NOMEMORY); XTRACE("isc_task_create"); task->manager = manager; - if (isc_mutex_init(&task->lock) != ISC_R_SUCCESS) { + result = isc_mutex_init(&task->lock); + if (result != ISC_R_SUCCESS) { isc_mem_put(manager->mctx, task, sizeof(*task)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - return (ISC_R_UNEXPECTED); + return (result); } task->state = task_state_idle; task->references = 1; @@ -198,10 +199,8 @@ isc_task_create(isc_taskmgr_t *manager, unsigned int quantum, task->quantum = quantum; task->flags = 0; task->now = 0; -#ifdef ISC_TASK_NAMES memset(task->name, 0, sizeof(task->name)); task->tag = NULL; -#endif INIT_LINK(task, link); INIT_LINK(task, ready_link); @@ -696,17 +695,11 @@ isc_task_setname(isc_task_t *task, const char *name, void *tag) { REQUIRE(VALID_TASK(task)); -#ifdef ISC_TASK_NAMES LOCK(&task->lock); memset(task->name, 0, sizeof(task->name)); strncpy(task->name, name, sizeof(task->name) - 1); task->tag = tag; UNLOCK(&task->lock); -#else - UNUSED(name); - UNUSED(tag); -#endif - } const char * @@ -808,9 +801,9 @@ dispatch(isc_taskmgr_t *manager) { * task lock. */ while ((EMPTY(manager->ready_tasks) || - manager->exclusive_requested) && - !FINISHED(manager)) - { + manager->exclusive_requested) && + !FINISHED(manager)) + { XTHREADTRACE(isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_WAIT, "wait")); @@ -1023,7 +1016,7 @@ manager_free(isc_taskmgr_t *manager) { isc_mem_t *mctx; #ifdef ISC_PLATFORM_USETHREADS - (void)isc_condition_destroy(&manager->exclusive_granted); + (void)isc_condition_destroy(&manager->exclusive_granted); (void)isc_condition_destroy(&manager->work_available); isc_mem_free(manager->mctx, manager->threads); #endif /* ISC_PLATFORM_USETHREADS */ @@ -1066,14 +1059,10 @@ isc_taskmgr_create(isc_mem_t *mctx, unsigned int workers, return (ISC_R_NOMEMORY); manager->magic = TASK_MANAGER_MAGIC; manager->mctx = NULL; - if (isc_mutex_init(&manager->lock) != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - result = ISC_R_UNEXPECTED; + result = isc_mutex_init(&manager->lock); + if (result != ISC_R_SUCCESS) goto cleanup_mgr; - } + #ifdef ISC_PLATFORM_USETHREADS manager->workers = 0; manager->threads = isc_mem_allocate(mctx, @@ -1235,6 +1224,8 @@ isc_taskmgr_destroy(isc_taskmgr_t **managerp) { UNLOCK(&manager->lock); while (isc__taskmgr_ready()) (void)isc__taskmgr_dispatch(); + if (!ISC_LIST_EMPTY(manager->tasks)) + isc_mem_printallactive(stderr); INSIST(ISC_LIST_EMPTY(manager->tasks)); #endif /* ISC_PLATFORM_USETHREADS */ @@ -1267,19 +1258,19 @@ isc__taskmgr_dispatch(void) { isc_result_t isc_task_beginexclusive(isc_task_t *task) { -#ifdef ISC_PLATFORM_USETHREADS +#ifdef ISC_PLATFORM_USETHREADS isc_taskmgr_t *manager = task->manager; REQUIRE(task->state == task_state_running); LOCK(&manager->lock); if (manager->exclusive_requested) { - UNLOCK(&manager->lock); + UNLOCK(&manager->lock); return (ISC_R_LOCKBUSY); } manager->exclusive_requested = ISC_TRUE; while (manager->tasks_running > 1) { WAIT(&manager->exclusive_granted, &manager->lock); } - UNLOCK(&manager->lock); + UNLOCK(&manager->lock); #else UNUSED(task); #endif @@ -1288,7 +1279,7 @@ isc_task_beginexclusive(isc_task_t *task) { void isc_task_endexclusive(isc_task_t *task) { -#ifdef ISC_PLATFORM_USETHREADS +#ifdef ISC_PLATFORM_USETHREADS isc_taskmgr_t *manager = task->manager; REQUIRE(task->state == task_state_running); LOCK(&manager->lock); @@ -1300,3 +1291,86 @@ isc_task_endexclusive(isc_task_t *task) { UNUSED(task); #endif } + +#ifdef HAVE_LIBXML2 + +void +isc_taskmgr_renderxml(isc_taskmgr_t *mgr, xmlTextWriterPtr writer) +{ + isc_task_t *task; + + LOCK(&mgr->lock); + + /* + * Write out the thread-model, and some details about each depending + * on which type is enabled. + */ + xmlTextWriterStartElement(writer, ISC_XMLCHAR "thread-model"); +#ifdef ISC_PLATFORM_USETHREADS + xmlTextWriterStartElement(writer, ISC_XMLCHAR "type"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR "threaded"); + xmlTextWriterEndElement(writer); /* type */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "worker-threads"); + xmlTextWriterWriteFormatString(writer, "%d", mgr->workers); + xmlTextWriterEndElement(writer); /* worker-threads */ +#else /* ISC_PLATFORM_USETHREADS */ + xmlTextWriterStartElement(writer, ISC_XMLCHAR "type"); + xmlTextWriterWriteString(writer, ISC_XMLCHAR "non-threaded"); + xmlTextWriterEndElement(writer); /* type */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "references"); + xmlTextWriterWriteFormatString(writer, "%d", mgr->refs); + xmlTextWriterEndElement(writer); /* references */ +#endif /* ISC_PLATFORM_USETHREADS */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "default-quantum"); + xmlTextWriterWriteFormatString(writer, "%d", mgr->default_quantum); + xmlTextWriterEndElement(writer); /* default-quantum */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "tasks-running"); + xmlTextWriterWriteFormatString(writer, "%d", mgr->tasks_running); + xmlTextWriterEndElement(writer); /* tasks-running */ + + xmlTextWriterEndElement(writer); /* thread-model */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "tasks"); + task = ISC_LIST_HEAD(mgr->tasks); + while (task != NULL) { + LOCK(&task->lock); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "task"); + + if (task->name[0] != 0) { + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteFormatString(writer, "%s", + task->name); + xmlTextWriterEndElement(writer); /* name */ + } + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "references"); + xmlTextWriterWriteFormatString(writer, "%d", task->references); + xmlTextWriterEndElement(writer); /* references */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "id"); + xmlTextWriterWriteFormatString(writer, "%p", task); + xmlTextWriterEndElement(writer); /* id */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "state"); + xmlTextWriterWriteFormatString(writer, "%s", + statenames[task->state]); + xmlTextWriterEndElement(writer); /* state */ + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "quantum"); + xmlTextWriterWriteFormatString(writer, "%d", task->quantum); + xmlTextWriterEndElement(writer); /* quantum */ + + xmlTextWriterEndElement(writer); + + UNLOCK(&task->lock); + task = ISC_LIST_NEXT(task, link); + } + xmlTextWriterEndElement(writer); /* tasks */ + + UNLOCK(&mgr->lock); +} +#endif /* HAVE_LIBXML2 */ diff --git a/contrib/bind-9.3/lib/isc/task_p.h b/contrib/bind-9.5.2/lib/isc/task_p.h similarity index 79% rename from contrib/bind-9.3/lib/isc/task_p.h rename to contrib/bind-9.5.2/lib/isc/task_p.h index f842c5bf71..c888103908 100644 --- a/contrib/bind-9.3/lib/isc/task_p.h +++ b/contrib/bind-9.5.2/lib/isc/task_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: task_p.h,v 1.6.206.1 2004/03/06 08:14:36 marka Exp $ */ +/* $Id: task_p.h,v 1.11 2007/06/19 23:47:17 tbox Exp $ */ #ifndef ISC_TASK_P_H #define ISC_TASK_P_H +/*! \file */ + isc_boolean_t isc__taskmgr_ready(void); diff --git a/contrib/bind-9.3/lib/isc/taskpool.c b/contrib/bind-9.5.2/lib/isc/taskpool.c similarity index 89% rename from contrib/bind-9.3/lib/isc/taskpool.c rename to contrib/bind-9.5.2/lib/isc/taskpool.c index a3931a9fb9..d9c2fbe2f3 100644 --- a/contrib/bind-9.3/lib/isc/taskpool.c +++ b/contrib/bind-9.5.2/lib/isc/taskpool.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: taskpool.c,v 1.10.12.5 2006/01/04 23:50:21 marka Exp $ */ +/* $Id: taskpool.c,v 1.18 2007/06/18 23:47:44 tbox Exp $ */ + +/*! \file */ #include @@ -64,6 +66,7 @@ isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, isc_taskpool_destroy(&pool); return (result); } + isc_task_setname(pool->tasks[i], "taskpool", NULL); } *poolp = pool; return (ISC_R_SUCCESS); diff --git a/contrib/bind-9.3/lib/isc/timer.c b/contrib/bind-9.5.2/lib/isc/timer.c similarity index 93% rename from contrib/bind-9.3/lib/isc/timer.c rename to contrib/bind-9.5.2/lib/isc/timer.c index 6a6acf6bb0..dd5a17963c 100644 --- a/contrib/bind-9.3/lib/isc/timer.c +++ b/contrib/bind-9.5.2/lib/isc/timer.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.c,v 1.64.12.13 2006/01/04 23:50:21 marka Exp $ */ +/* $Id: timer.c,v 1.81.32.7 2009/01/23 23:46:44 tbox Exp $ */ + +/*! \file */ #include @@ -57,14 +59,14 @@ #define VALID_TIMER(t) ISC_MAGIC_VALID(t, TIMER_MAGIC) struct isc_timer { - /* Not locked. */ + /*! Not locked. */ unsigned int magic; isc_timermgr_t * manager; isc_mutex_t lock; - /* Locked by timer lock. */ + /*! Locked by timer lock. */ unsigned int references; isc_time_t idle; - /* Locked by manager lock. */ + /*! Locked by manager lock. */ isc_timertype_t type; isc_time_t expires; isc_interval_t interval; @@ -99,7 +101,7 @@ struct isc_timermgr { }; #ifndef ISC_PLATFORM_USETHREADS -/* +/*! * If threads are not in use, there can be only one. */ static isc_timermgr_t *timermgr = NULL; @@ -115,7 +117,7 @@ schedule(isc_timer_t *timer, isc_time_t *now, isc_boolean_t signal_ok) { isc_boolean_t timedwait; #endif - /* + /*! * Note: the caller must ensure locking. */ @@ -128,7 +130,7 @@ schedule(isc_timer_t *timer, isc_time_t *now, isc_boolean_t signal_ok) { manager = timer->manager; #ifdef ISC_PLATFORM_USETHREADS - /* + /*! * If the manager was timed wait, we may need to signal the * manager to force a wakeup. */ @@ -223,7 +225,7 @@ schedule(isc_timer_t *timer, isc_time_t *now, isc_boolean_t signal_ok) { "*** POKED TIMER ***"); } } - + if (timer->index == 1 && signal_ok) { XTRACE(isc_msgcat_get(isc_msgcat, ISC_MSGSET_TIMER, ISC_MSG_SIGNALSCHED, @@ -373,14 +375,11 @@ isc_timer_create(isc_timermgr_t *manager, isc_timertype_t type, */ DE_CONST(arg, timer->arg); timer->index = 0; - if (isc_mutex_init(&timer->lock) != ISC_R_SUCCESS) { + result = isc_mutex_init(&timer->lock); + if (result != ISC_R_SUCCESS) { isc_task_detach(&timer->task); isc_mem_put(manager->mctx, timer, sizeof(*timer)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - return (ISC_R_UNEXPECTED); + return (result); } ISC_LINK_INIT(timer, link); timer->magic = TIMER_MAGIC; @@ -578,12 +577,13 @@ isc_timer_detach(isc_timer_t **timerp) { static void dispatch(isc_timermgr_t *manager, isc_time_t *now) { isc_boolean_t done = ISC_FALSE, post_event, need_schedule; - isc_event_t *event; + isc_timerevent_t *event; isc_eventtype_t type = 0; isc_timer_t *timer; isc_result_t result; + isc_boolean_t idle; - /* + /*! * The caller must be holding the manager lock. */ @@ -613,23 +613,33 @@ dispatch(isc_timermgr_t *manager, isc_time_t *now) { type = ISC_TIMEREVENT_LIFE; post_event = ISC_TRUE; need_schedule = ISC_FALSE; - } else if (!isc_time_isepoch(&timer->idle) && - isc_time_compare(now, - &timer->idle) >= 0) { - type = ISC_TIMEREVENT_IDLE; - post_event = ISC_TRUE; - need_schedule = ISC_FALSE; } else { - /* - * Idle timer has been touched; reschedule. - */ - XTRACEID(isc_msgcat_get(isc_msgcat, - ISC_MSGSET_TIMER, - ISC_MSG_IDLERESCHED, - "idle reschedule"), - timer); - post_event = ISC_FALSE; - need_schedule = ISC_TRUE; + idle = ISC_FALSE; + + LOCK(&timer->lock); + if (!isc_time_isepoch(&timer->idle) && + isc_time_compare(now, + &timer->idle) >= 0) { + idle = ISC_TRUE; + } + UNLOCK(&timer->lock); + if (idle) { + type = ISC_TIMEREVENT_IDLE; + post_event = ISC_TRUE; + need_schedule = ISC_FALSE; + } else { + /* + * Idle timer has been touched; + * reschedule. + */ + XTRACEID(isc_msgcat_get(isc_msgcat, + ISC_MSGSET_TIMER, + ISC_MSG_IDLERESCHED, + "idle reschedule"), + timer); + post_event = ISC_FALSE; + need_schedule = ISC_TRUE; + } } if (post_event) { @@ -640,17 +650,19 @@ dispatch(isc_timermgr_t *manager, isc_time_t *now) { /* * XXX We could preallocate this event. */ - event = isc_event_allocate(manager->mctx, + event = (isc_timerevent_t *)isc_event_allocate(manager->mctx, timer, type, timer->action, timer->arg, sizeof(*event)); - if (event != NULL) - isc_task_send(timer->task, &event); - else - UNEXPECTED_ERROR(__FILE__, __LINE__, + if (event != NULL) { + event->due = timer->due; + isc_task_send(timer->task, + ISC_EVENT_PTR(&event)); + } else + UNEXPECTED_ERROR(__FILE__, __LINE__, "%s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_TIMER, ISC_MSG_EVENTNOTALLOC, @@ -666,11 +678,12 @@ dispatch(isc_timermgr_t *manager, isc_time_t *now) { result = schedule(timer, now, ISC_FALSE); if (result != ISC_R_SUCCESS) UNEXPECTED_ERROR(__FILE__, __LINE__, + "%s: %u", isc_msgcat_get(isc_msgcat, ISC_MSGSET_TIMER, ISC_MSG_SCHEDFAIL, - "couldn't " - "schedule timer: %u"), + "couldn't schedule " + "timer"), result); } } else { @@ -783,14 +796,11 @@ isc_timermgr_create(isc_mem_t *mctx, isc_timermgr_t **managerp) { isc_mem_put(mctx, manager, sizeof(*manager)); return (ISC_R_NOMEMORY); } - if (isc_mutex_init(&manager->lock) != ISC_R_SUCCESS) { + result = isc_mutex_init(&manager->lock); + if (result != ISC_R_SUCCESS) { isc_heap_destroy(&manager->heap); isc_mem_put(mctx, manager, sizeof(*manager)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - return (ISC_R_UNEXPECTED); + return (result); } isc_mem_attach(mctx, &manager->mctx); #ifdef ISC_PLATFORM_USETHREADS diff --git a/contrib/bind-9.3/lib/isc/timer_p.h b/contrib/bind-9.5.2/lib/isc/timer_p.h similarity index 79% rename from contrib/bind-9.3/lib/isc/timer_p.h rename to contrib/bind-9.5.2/lib/isc/timer_p.h index ad7a5d042b..ec8e2e0b78 100644 --- a/contrib/bind-9.3/lib/isc/timer_p.h +++ b/contrib/bind-9.5.2/lib/isc/timer_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer_p.h,v 1.4.12.3 2004/03/08 09:04:50 marka Exp $ */ +/* $Id: timer_p.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ #ifndef ISC_TIMER_P_H #define ISC_TIMER_P_H +/*! \file */ + isc_result_t isc__timermgr_nextevent(isc_time_t *when); diff --git a/contrib/bind-9.3/lib/isc/unix/app.c b/contrib/bind-9.5.2/lib/isc/unix/app.c similarity index 95% rename from contrib/bind-9.3/lib/isc/unix/app.c rename to contrib/bind-9.5.2/lib/isc/unix/app.c index 811d67be1f..6b36017602 100644 --- a/contrib/bind-9.3/lib/isc/unix/app.c +++ b/contrib/bind-9.5.2/lib/isc/unix/app.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: app.c,v 1.43.2.3.8.5 2004/03/08 02:08:05 marka Exp $ */ +/* $Id: app.c,v 1.54.128.6 2008/10/15 03:41:17 marka Exp $ */ + +/*! \file */ #include @@ -28,6 +30,9 @@ #include #include #include +#ifdef HAVE_EPOLL +#include +#endif #include #include @@ -54,14 +59,14 @@ static isc_eventlist_t on_run; static isc_mutex_t lock; static isc_boolean_t shutdown_requested = ISC_FALSE; static isc_boolean_t running = ISC_FALSE; -/* +/*! * We assume that 'want_shutdown' can be read and written atomically. */ -static isc_boolean_t want_shutdown = ISC_FALSE; +static volatile isc_boolean_t want_shutdown = ISC_FALSE; /* * We assume that 'want_reload' can be read and written atomically. */ -static isc_boolean_t want_reload = ISC_FALSE; +static volatile isc_boolean_t want_reload = ISC_FALSE; static isc_boolean_t blocked = ISC_FALSE; #ifdef ISC_PLATFORM_USETHREADS @@ -69,14 +74,14 @@ static pthread_t blockedthread; #endif /* ISC_PLATFORM_USETHREADS */ #ifdef HAVE_LINUXTHREADS -/* +/*! * Linux has sigwait(), but it appears to prevent signal handlers from * running, even if they're not in the set being waited for. This makes * it impossible to get the default actions for SIGILL, SIGSEGV, etc. * Instead of messing with it, we just use sigsuspend() instead. */ #undef HAVE_SIGWAIT -/* +/*! * We need to remember which thread is the main thread... */ static pthread_t main_thread; @@ -85,13 +90,13 @@ static pthread_t main_thread; #ifndef HAVE_SIGWAIT static void exit_action(int arg) { - UNUSED(arg); + UNUSED(arg); want_shutdown = ISC_TRUE; } static void reload_action(int arg) { - UNUSED(arg); + UNUSED(arg); want_reload = ISC_TRUE; } #endif @@ -291,18 +296,17 @@ isc_app_onrun(isc_mem_t *mctx, isc_task_t *task, isc_taskaction_t action, } #ifndef ISC_PLATFORM_USETHREADS -/* +/*! * Event loop for nonthreaded programs. */ static isc_result_t -evloop() { +evloop(void) { isc_result_t result; while (!want_shutdown) { int n; isc_time_t when, now; struct timeval tv, *tvp; - fd_set readfds, writefds; - int maxfd; + isc_socketwait_t *swait; isc_boolean_t readytasks; isc_boolean_t call_timer_dispatch = ISC_FALSE; @@ -329,15 +333,15 @@ evloop() { } } - isc__socketmgr_getfdsets(&readfds, &writefds, &maxfd); - n = select(maxfd, &readfds, &writefds, NULL, tvp); + swait = NULL; + n = isc__socketmgr_waitevents(tvp, &swait); if (n == 0 || call_timer_dispatch) { /* * We call isc__timermgr_dispatch() only when * necessary, in order to reduce overhead. If the * select() call indicates a timeout, we need the - * dispatch. Even if not, if we set the 0-timeout + * dispatch. Even if not, if we set the 0-timeout * for the select() call, we need to check the timer * events. In the 'readytasks' case, there may be no * timeout event actually, but there is no other way @@ -350,8 +354,7 @@ evloop() { isc__timermgr_dispatch(); } if (n > 0) - (void)isc__socketmgr_dispatch(&readfds, &writefds, - maxfd); + (void)isc__socketmgr_dispatch(swait); (void)isc__taskmgr_dispatch(); if (want_reload) { @@ -371,14 +374,14 @@ evloop() { * is set by isc_condition_signal(). */ -/* - * True iff we are currently executing in the recursive +/*! + * \brief True if we are currently executing in the recursive * event loop. */ static isc_boolean_t in_recursive_evloop = ISC_FALSE; -/* - * True iff we are exiting the event loop as the result of +/*! + * \brief True if we are exiting the event loop as the result of * a call to isc_condition_signal() rather than a shutdown * or reload. */ @@ -421,7 +424,7 @@ isc__nothread_signal_hack(isc_condition_t *cp) { signalled = ISC_TRUE; return (ISC_R_SUCCESS); } - + #endif /* ISC_PLATFORM_USETHREADS */ isc_result_t @@ -432,10 +435,10 @@ isc_app_run(void) { #ifdef ISC_PLATFORM_USETHREADS sigset_t sset; char strbuf[ISC_STRERRORSIZE]; -#endif /* ISC_PLATFORM_USETHREADS */ #ifdef HAVE_SIGWAIT int sig; #endif +#endif /* ISC_PLATFORM_USETHREADS */ #ifdef HAVE_LINUXTHREADS REQUIRE(main_thread == pthread_self()); @@ -674,7 +677,7 @@ isc_app_unblock(void) { REQUIRE(blockedthread == pthread_self()); RUNTIME_CHECK(sigemptyset(&sset) == 0 && - sigaddset(&sset, SIGINT) == 0 && + sigaddset(&sset, SIGINT) == 0 && sigaddset(&sset, SIGTERM) == 0); RUNTIME_CHECK(pthread_sigmask(SIG_BLOCK, &sset, NULL) == 0); #endif /* ISC_PLATFORM_USETHREADS */ diff --git a/contrib/bind-9.3/lib/isc/unix/dir.c b/contrib/bind-9.5.2/lib/isc/unix/dir.c similarity index 76% rename from contrib/bind-9.3/lib/isc/unix/dir.c rename to contrib/bind-9.5.2/lib/isc/unix/dir.c index 85a121739b..8afc9eb65d 100644 --- a/contrib/bind-9.3/lib/isc/unix/dir.c +++ b/contrib/bind-9.5.2/lib/isc/unix/dir.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dir.c,v 1.18.2.1.2.3 2004/03/08 09:04:55 marka Exp $ */ +/* $Id: dir.c,v 1.25.128.3 2009/02/16 23:46:44 tbox Exp $ */ -/* Principal Authors: DCL */ +/*! \file + * \author Principal Authors: DCL */ #include @@ -50,17 +51,36 @@ isc_dir_init(isc_dir_t *dir) { dir->magic = ISC_DIR_MAGIC; } -/* - * Allocate workspace and open directory stream. If either one fails, +/*! + * \brief Allocate workspace and open directory stream. If either one fails, * NULL will be returned. */ isc_result_t isc_dir_open(isc_dir_t *dir, const char *dirname) { + char *p; isc_result_t result = ISC_R_SUCCESS; REQUIRE(VALID_DIR(dir)); REQUIRE(dirname != NULL); + /* + * Copy directory name. Need to have enough space for the name, + * a possible path separator, the wildcard, and the final NUL. + */ + if (strlen(dirname) + 3 > sizeof(dir->dirname)) + /* XXXDCL ? */ + return (ISC_R_NOSPACE); + strcpy(dir->dirname, dirname); + + /* + * Append path separator, if needed, and "*". + */ + p = dir->dirname + strlen(dir->dirname); + if (dir->dirname < p && *(p - 1) != '/') + *p++ = '/'; + *p++ = '*'; + *p++ = '\0'; + /* * Open stream. */ @@ -72,8 +92,10 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) { return (result); } -/* - * Return previously retrieved file or get next one. Unix's dirent has +/*! + * \brief Return previously retrieved file or get next one. + + * Unix's dirent has * separate open and read functions, but the Win32 and DOS interfaces open * the dir stream and reads the first file in one operation. */ @@ -107,8 +129,8 @@ isc_dir_read(isc_dir_t *dir) { return (ISC_R_SUCCESS); } -/* - * Close directory stream. +/*! + * \brief Close directory stream. */ void isc_dir_close(isc_dir_t *dir) { @@ -118,8 +140,8 @@ isc_dir_close(isc_dir_t *dir) { dir->handle = NULL; } -/* - * Reposition directory stream at start. +/*! + * \brief Reposition directory stream at start. */ isc_result_t isc_dir_reset(isc_dir_t *dir) { @@ -132,8 +154,8 @@ isc_dir_reset(isc_dir_t *dir) { isc_result_t isc_dir_chdir(const char *dirname) { - /* - * Change the current directory to 'dirname'. + /*! + * \brief Change the current directory to 'dirname'. */ REQUIRE(dirname != NULL); @@ -149,10 +171,14 @@ isc_dir_chroot(const char *dirname) { REQUIRE(dirname != NULL); - if (chroot(dirname) < 0) +#ifdef HAVE_CHROOT + if (chroot(dirname) < 0 || chdir("/") < 0) return (isc__errno2result(errno)); return (ISC_R_SUCCESS); +#else + return (ISC_R_NOTIMPLEMENTED); +#endif } isc_result_t @@ -165,8 +191,8 @@ isc_dir_createunique(char *templet) { REQUIRE(templet != NULL); - /* - * mkdtemp is not portable, so this emulates it. + /*! + * \brief mkdtemp is not portable, so this emulates it. */ pid = getpid(); diff --git a/contrib/bind-9.3/lib/isc/unix/entropy.c b/contrib/bind-9.5.2/lib/isc/unix/entropy.c similarity index 95% rename from contrib/bind-9.3/lib/isc/unix/entropy.c rename to contrib/bind-9.5.2/lib/isc/unix/entropy.c index d52849aa35..67853ffe74 100644 --- a/contrib/bind-9.3/lib/isc/unix/entropy.c +++ b/contrib/bind-9.5.2/lib/isc/unix/entropy.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: entropy.c,v 1.60.2.3.8.14 2006/03/02 23:29:17 marka Exp $ */ +/* $Id: entropy.c,v 1.80.128.2 2009/02/16 23:46:44 tbox Exp $ */ -/* - * This is the system depenedent part of the ISC entropy API. +/* \file unix/entropy.c + * \brief + * This is the system dependent part of the ISC entropy API. */ #include @@ -30,6 +31,9 @@ #include #include +#ifdef HAVE_NANOSLEEP +#include +#endif #include #include @@ -41,7 +45,7 @@ #include "errno2result.h" -/* +/*% * There is only one variable in the entropy data structures that is not * system independent, but pulling the structure that uses it into this file * ultimately means pulling several other independent structures here also to @@ -152,12 +156,12 @@ get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) { source->sources.usocket.status = isc_usocketsource_ndesired; goto eagain_loop; - } + } INSIST(n == 2); source->sources.usocket.status = isc_usocketsource_wrote; /*FALLTHROUGH*/ - + case isc_usocketsource_wrote: if (recvfrom(fd, buf, 1, 0, NULL, NULL) != 1) { if (errno == EAGAIN) { @@ -165,15 +169,23 @@ get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) { * The problem of EAGAIN (try again * later) is a major issue on HP-UX. * Solaris actually tries the recvfrom - * call again, while HP-UX just dies. + * call again, while HP-UX just dies. * This code is an attempt to let the * entropy pool fill back up (at least * that's what I think the problem is.) - * We go to eagain_loop because if we + * We go to eagain_loop because if we * just "break", then the "desired" * amount gets borked. */ +#ifdef HAVE_NANOSLEEP + struct timespec ts; + + ts.tv_sec = 0; + ts.tv_nsec = 1000000; + nanosleep(&ts, NULL); +#else usleep(1000); +#endif goto eagain_loop; } if (errno == EWOULDBLOCK || errno == EINTR) @@ -200,7 +212,7 @@ get_from_usocketsource(isc_entropysource_t *source, isc_uint32_t desired) { } else n = 0; break; - + default: goto err; } @@ -486,13 +498,11 @@ isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) { LOCK(&ent->lock); - source = NULL; - if (stat(fname, &_stat) < 0) { ret = isc__errno2result(errno); goto errout; } - /* + /* * Solaris 2.5.1 does not have support for sockets (S_IFSOCK), * but it does return type S_IFIFO (the OS believes that * the socket is a fifo). This may be an issue if we tell @@ -589,9 +599,6 @@ isc_entropy_createfilesource(isc_entropy_t *ent, const char *fname) { (void)close(fd); errout: - if (source != NULL) - isc_mem_put(ent->mctx, source, sizeof(isc_entropysource_t)); - UNLOCK(&ent->lock); return (ret); diff --git a/contrib/bind-9.3/lib/isc/unix/errno2result.c b/contrib/bind-9.5.2/lib/isc/unix/errno2result.c similarity index 92% rename from contrib/bind-9.3/lib/isc/unix/errno2result.c rename to contrib/bind-9.5.2/lib/isc/unix/errno2result.c index 66a4e916d7..606c5600c2 100644 --- a/contrib/bind-9.3/lib/isc/unix/errno2result.c +++ b/contrib/bind-9.5.2/lib/isc/unix/errno2result.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: errno2result.c,v 1.8.2.4.8.1 2004/03/06 08:14:59 marka Exp $ */ +/* $Id: errno2result.c,v 1.17 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file */ #include @@ -25,7 +27,7 @@ #include "errno2result.h" -/* +/*% * Convert a POSIX errno value into an isc_result_t. The * list of supported errno values is not complete; new users * of this function should add any expected errors that are diff --git a/contrib/bind-9.3/lib/isc/unix/errno2result.h b/contrib/bind-9.5.2/lib/isc/unix/errno2result.h similarity index 82% rename from contrib/bind-9.3/lib/isc/unix/errno2result.h rename to contrib/bind-9.5.2/lib/isc/unix/errno2result.h index 9a8d07c6d4..b5b658d500 100644 --- a/contrib/bind-9.3/lib/isc/unix/errno2result.h +++ b/contrib/bind-9.5.2/lib/isc/unix/errno2result.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: errno2result.h,v 1.7.206.1 2004/03/06 08:14:59 marka Exp $ */ +/* $Id: errno2result.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */ #ifndef UNIX_ERRNO2RESULT_H #define UNIX_ERRNO2RESULT_H 1 +/*! \file */ + /* XXXDCL this should be moved to lib/isc/include/isc/errno2result.h. */ #include /* Provides errno. */ diff --git a/contrib/bind-9.3/lib/isc/unix/file.c b/contrib/bind-9.5.2/lib/isc/unix/file.c similarity index 94% rename from contrib/bind-9.3/lib/isc/unix/file.c rename to contrib/bind-9.5.2/lib/isc/unix/file.c index 7ed6272efb..d91a1c407a 100644 --- a/contrib/bind-9.3/lib/isc/unix/file.c +++ b/contrib/bind-9.5.2/lib/isc/unix/file.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -48,7 +48,9 @@ * SUCH DAMAGE. */ -/* $Id: file.c,v 1.38.12.8 2004/03/16 05:50:25 marka Exp $ */ +/* $Id: file.c,v 1.51.128.2 2009/02/16 23:46:44 tbox Exp $ */ + +/*! \file */ #include @@ -65,6 +67,7 @@ #include #include +#include #include #include #include @@ -154,7 +157,7 @@ isc_file_settime(const char *file, isc_time_t *time) { } #undef TEMPLATE -#define TEMPLATE "tmp-XXXXXXXXXX" /* 14 characters. */ +#define TEMPLATE "tmp-XXXXXXXXXX" /*%< 14 characters. */ isc_result_t isc_file_mktemplate(const char *path, char *buf, size_t buflen) { @@ -233,7 +236,9 @@ isc_file_renameunique(const char *file, char *templet) { } } } - (void)unlink(file); + if (unlink(file) < 0) + if (errno != ENOENT) + return (isc__errno2result(errno)); return (ISC_R_SUCCESS); } @@ -285,7 +290,11 @@ isc_file_openunique(char *templet, FILE **fp) { f = fdopen(fd, "w+"); if (f == NULL) { result = isc__errno2result(errno); - (void)remove(templet); + if (remove(templet) < 0) { + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_FILE, ISC_LOG_ERROR, + "remove '%s': failed", templet); + } (void)close(fd); } else *fp = f; @@ -384,7 +393,7 @@ isc_file_progname(const char *filename, char *buf, size_t buflen) { /* * Put the absolute name of the current directory into 'dirname', which is - * a buffer of at least 'length' characters. End the string with the + * a buffer of at least 'length' characters. End the string with the * appropriate path separator, such that the final product could be * concatenated with a relative pathname to make a valid pathname string. */ @@ -429,7 +438,7 @@ isc_result_t isc_file_truncate(const char *filename, isc_offset_t size) { isc_result_t result = ISC_R_SUCCESS; - if (truncate(filename, size) < 0) + if (truncate(filename, size) < 0) result = isc__errno2result(errno); return (result); } diff --git a/contrib/bind-9.3/lib/isc/unix/fsaccess.c b/contrib/bind-9.5.2/lib/isc/unix/fsaccess.c similarity index 90% rename from contrib/bind-9.3/lib/isc/unix/fsaccess.c rename to contrib/bind-9.5.2/lib/isc/unix/fsaccess.c index 3745ca227f..a2bd89ad71 100644 --- a/contrib/bind-9.3/lib/isc/unix/fsaccess.c +++ b/contrib/bind-9.5.2/lib/isc/unix/fsaccess.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: fsaccess.c,v 1.6.206.3 2006/08/25 05:25:50 marka Exp $ */ +/* $Id: fsaccess.c,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #include @@ -26,7 +26,8 @@ #include "errno2result.h" -/* +/*! \file + * \brief * The OS-independent part of the API is in lib/isc. */ #include "../fsaccess.c" diff --git a/contrib/bind-9.3/lib/isc/unix/ifiter_getifaddrs.c b/contrib/bind-9.5.2/lib/isc/unix/ifiter_getifaddrs.c similarity index 86% rename from contrib/bind-9.3/lib/isc/unix/ifiter_getifaddrs.c rename to contrib/bind-9.5.2/lib/isc/unix/ifiter_getifaddrs.c index ad6e1e0b04..4eaba33979 100644 --- a/contrib/bind-9.3/lib/isc/unix/ifiter_getifaddrs.c +++ b/contrib/bind-9.5.2/lib/isc/unix/ifiter_getifaddrs.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,28 +15,33 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ifiter_getifaddrs.c,v 1.2.68.3 2004/03/06 08:14:59 marka Exp $ */ +/* $Id: ifiter_getifaddrs.c,v 1.9 2007/06/18 23:47:48 tbox Exp $ */ -/* +/*! \file + * \brief * Obtain the list of network interfaces using the getifaddrs(3) library. */ #include +/*% Iterator Magic */ #define IFITER_MAGIC ISC_MAGIC('I', 'F', 'I', 'G') +/*% Valid Iterator */ #define VALID_IFITER(t) ISC_MAGIC_VALID(t, IFITER_MAGIC) +/*% Iterator structure */ struct isc_interfaceiter { - unsigned int magic; /* Magic number. */ + unsigned int magic; /*%< Magic number. */ isc_mem_t *mctx; - void *buf; /* (unused) */ - unsigned int bufsize; /* (always 0) */ - struct ifaddrs *ifaddrs; /* List of ifaddrs */ - struct ifaddrs *pos; /* Ptr to current ifaddr */ - isc_interface_t current; /* Current interface data. */ - isc_result_t result; /* Last result code. */ + void *buf; /*%< (unused) */ + unsigned int bufsize; /*%< (always 0) */ + struct ifaddrs *ifaddrs; /*%< List of ifaddrs */ + struct ifaddrs *pos; /*%< Ptr to current ifaddr */ + isc_interface_t current; /*%< Current interface data. */ + isc_result_t result; /*%< Last result code. */ }; + isc_result_t isc_interfaceiter_create(isc_mem_t *mctx, isc_interfaceiter_t **iterp) { isc_interfaceiter_t *iter; @@ -106,7 +111,9 @@ internal_current(isc_interfaceiter_t *iter) { INSIST(ifa != NULL); INSIST(ifa->ifa_name != NULL); - INSIST(ifa->ifa_addr != NULL); + + if (ifa->ifa_addr == NULL) + return (ISC_R_IGNORE); family = ifa->ifa_addr->sa_family; if (family != AF_INET && family != AF_INET6) diff --git a/contrib/bind-9.3/lib/isc/unix/ifiter_ioctl.c b/contrib/bind-9.5.2/lib/isc/unix/ifiter_ioctl.c similarity index 96% rename from contrib/bind-9.3/lib/isc/unix/ifiter_ioctl.c rename to contrib/bind-9.5.2/lib/isc/unix/ifiter_ioctl.c index 68a13651bc..1096e3e82b 100644 --- a/contrib/bind-9.3/lib/isc/unix/ifiter_ioctl.c +++ b/contrib/bind-9.5.2/lib/isc/unix/ifiter_ioctl.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ifiter_ioctl.c,v 1.19.2.5.2.19 2006/02/03 23:51:37 marka Exp $ */ +/* $Id: ifiter_ioctl.c,v 1.58.90.3 2009/02/16 00:53:58 marka Exp $ */ -/* +/*! \file + * \brief * Obtain the list of network interfaces using the SIOCGLIFCONF ioctl. * See netintro(4). */ @@ -93,7 +94,7 @@ struct isc_interfaceiter { #endif -/* +/*% * Size of buffer for SIOCGLIFCONF, in bytes. We assume no sane system * will have more than a megabyte of interface configuration data. */ @@ -103,7 +104,7 @@ struct isc_interfaceiter { #ifdef __linux #ifndef IF_NAMESIZE # ifdef IFNAMSIZ -# define IF_NAMESIZE IFNAMSIZ +# define IF_NAMESIZE IFNAMSIZ # else # define IF_NAMESIZE 16 # endif @@ -125,7 +126,7 @@ getbuf4(isc_interfaceiter_t *iter) { iter->ifc.ifc_len = iter->bufsize; iter->ifc.ifc_buf = iter->buf; /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion". It comes from its own macro definition, * and is really hard to shut up. */ @@ -205,7 +206,7 @@ getbuf6(isc_interfaceiter_t *iter) { iter->lifc.lifc_len = iter->bufsize6; iter->lifc.lifc_buf = iter->buf6; /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion". It comes from its own macro definition, * and is really hard to shut up. */ @@ -393,7 +394,7 @@ isc_interfaceiter_create(isc_mem_t *mctx, isc_interfaceiter_t **iterp) { (void) close(iter->socket6); socket6_failure: #endif - + isc_mem_put(mctx, iter, sizeof(*iter)); return (result); } @@ -478,8 +479,8 @@ linux_if_inet6_current(isc_interfaceiter_t *iter) { for (i = 0; i < 16; i++) { unsigned char byte; static const char hex[] = "0123456789abcdef"; - byte = ((index(hex, address[i * 2]) - hex) << 4) | - (index(hex, address[i * 2 + 1]) - hex); + byte = ((strchr(hex, address[i * 2]) - hex) << 4) | + (strchr(hex, address[i * 2 + 1]) - hex); addr6.s6_addr[i] = byte; } iter->current.af = AF_INET6; @@ -587,7 +588,7 @@ internal_current4(isc_interfaceiter_t *iter) { iter->current.flags = 0; /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion. It comes from its own macro definition, * and is really hard to shut up. */ @@ -665,7 +666,7 @@ internal_current4(isc_interfaceiter_t *iter) { */ if ((iter->current.flags & INTERFACE_F_POINTTOPOINT) != 0) { /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion. It comes from its own macro definition, * and is really hard to shut up. */ @@ -692,7 +693,7 @@ internal_current4(isc_interfaceiter_t *iter) { memset(&ifreq, 0, sizeof(ifreq)); memcpy(&ifreq, ifrp, sizeof(ifreq)); /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion. It comes from its own macro definition, * and is really hard to shut up. */ @@ -775,7 +776,7 @@ internal_current6(isc_interfaceiter_t *iter) { fd = iter->socket; /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion. It comes from its own macro definition, * and is really hard to shut up. */ @@ -804,7 +805,7 @@ internal_current6(isc_interfaceiter_t *iter) { */ if ((iter->current.flags & INTERFACE_F_POINTTOPOINT) != 0) { /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion. It comes from its own macro definition, * and is really hard to shut up. */ @@ -854,7 +855,7 @@ internal_current6(isc_interfaceiter_t *iter) { #endif /* - * Ignore the HP/UX warning about "interger overflow during + * Ignore the HP/UX warning about "integer overflow during * conversion. It comes from its own macro definition, * and is really hard to shut up. */ @@ -904,7 +905,8 @@ internal_next4(isc_interfaceiter_t *iter) { struct ifreq *ifrp; #endif - REQUIRE (iter->pos < (unsigned int) iter->ifc.ifc_len); + REQUIRE(iter->ifc.ifc_len == 0 || + iter->pos < (unsigned int) iter->ifc.ifc_len); #ifdef __linux if (linux_if_inet6_next(iter) == ISC_R_SUCCESS) @@ -912,6 +914,10 @@ internal_next4(isc_interfaceiter_t *iter) { if (!iter->first) return (ISC_R_SUCCESS); #endif + + if (iter->ifc.ifc_len == 0) + return (ISC_R_NOMORE); + #ifdef ISC_PLATFORM_HAVESALEN ifrp = (struct ifreq *)((char *) iter->ifc.ifc_req + iter->pos); @@ -933,7 +939,7 @@ internal_next6(isc_interfaceiter_t *iter) { #ifdef ISC_PLATFORM_HAVESALEN struct LIFREQ *ifrp; #endif - + if (iter->result6 != ISC_R_SUCCESS && iter->result6 != ISC_R_IGNORE) return (iter->result6); diff --git a/contrib/bind-9.3/lib/isc/unix/ifiter_sysctl.c b/contrib/bind-9.5.2/lib/isc/unix/ifiter_sysctl.c similarity index 97% rename from contrib/bind-9.3/lib/isc/unix/ifiter_sysctl.c rename to contrib/bind-9.5.2/lib/isc/unix/ifiter_sysctl.c index b10a2d2090..9d5bf6d9e7 100644 --- a/contrib/bind-9.3/lib/isc/unix/ifiter_sysctl.c +++ b/contrib/bind-9.5.2/lib/isc/unix/ifiter_sysctl.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ifiter_sysctl.c,v 1.14.12.9 2005/03/17 03:58:33 marka Exp $ */ +/* $Id: ifiter_sysctl.c,v 1.25 2007/06/19 23:47:18 tbox Exp $ */ -/* +/*! \file + * \brief * Obtain the list of network interfaces using sysctl. * See TCP/IP Illustrated Volume 2, sections 19.8, 19.14, * and 19.16. diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/dir.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/dir.h similarity index 89% rename from contrib/bind-9.3/lib/isc/unix/include/isc/dir.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/dir.h index 53b51df087..e4a2ad0fb7 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/dir.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/dir.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dir.h,v 1.15.12.3 2004/03/08 09:04:57 marka Exp $ */ +/* $Id: dir.h,v 1.21 2007/06/19 23:47:19 tbox Exp $ */ /* Principal Authors: DCL */ #ifndef ISC_DIR_H #define ISC_DIR_H 1 +/*! \file */ + #include /* Required on some systems. */ #include @@ -31,8 +33,9 @@ #define ISC_DIR_NAMEMAX 256 #define ISC_DIR_PATHMAX 1024 +/*% Directory Entry */ typedef struct isc_direntry { - /* + /*! * Ideally, this should be NAME_MAX, but AIX does not define it by * default and dynamically allocating the space based on pathconf() * complicates things undesirably, as does adding special conditionals @@ -42,9 +45,10 @@ typedef struct isc_direntry { unsigned int length; } isc_direntry_t; +/*% Directory */ typedef struct isc_dir { unsigned int magic; - /* + /*! * As with isc_direntry_t->name, making this "right" for all systems * is slightly problematic because AIX does not define PATH_MAX. */ @@ -78,7 +82,7 @@ isc_dir_chroot(const char *dirname); isc_result_t isc_dir_createunique(char *templet); -/* +/*!< * Use a templet (such as from isc_file_mktemplate()) to create a uniquely * named, empty directory. The templet string is modified in place. * If result == ISC_R_SUCCESS, it is the name of the directory that was diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/int.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/int.h similarity index 87% rename from contrib/bind-9.3/lib/isc/unix/include/isc/int.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/int.h index be36ccb1a1..73feb3b65b 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/int.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/int.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: int.h,v 1.11.206.1 2004/03/06 08:15:04 marka Exp $ */ +/* $Id: int.h,v 1.16 2007/06/19 23:47:19 tbox Exp $ */ #ifndef ISC_INT_H #define ISC_INT_H 1 +/*! \file */ + typedef char isc_int8_t; typedef unsigned char isc_uint8_t; typedef short isc_int16_t; @@ -37,7 +39,7 @@ typedef unsigned long long isc_uint64_t; #define ISC_INT16_MAX 32767 #define ISC_UINT16_MAX 65535 -/* +/*% * Note that "int" is 32 bits on all currently supported Unix-like operating * systems, but "long" can be either 32 bits or 64 bits, thus the 32 bit * constants are not qualified with "L". diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/keyboard.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/keyboard.h similarity index 85% rename from contrib/bind-9.3/lib/isc/unix/include/isc/keyboard.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/keyboard.h index 31005b10e6..43f5e7eec2 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/keyboard.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/keyboard.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keyboard.h,v 1.6.206.1 2004/03/06 08:15:04 marka Exp $ */ +/* $Id: keyboard.h,v 1.11 2007/06/19 23:47:19 tbox Exp $ */ #ifndef ISC_KEYBOARD_H #define ISC_KEYBOARD_H 1 +/*! \file */ + #include #include diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/net.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/net.h similarity index 74% rename from contrib/bind-9.3/lib/isc/unix/include/isc/net.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/net.h index f1a015f5bb..1499d5ea1a 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/net.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/net.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: net.h,v 1.31.2.2.10.8 2004/04/29 01:31:23 marka Exp $ */ +/* $Id: net.h,v 1.46.128.5 2009/02/16 23:46:44 tbox Exp $ */ #ifndef ISC_NET_H #define ISC_NET_H 1 @@ -24,19 +24,20 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * Basic Networking Types * * This module is responsible for defining the following basic networking * types: * - * struct in_addr - * struct in6_addr - * struct in6_pktinfo - * struct sockaddr - * struct sockaddr_in - * struct sockaddr_in6 - * in_port_t + *\li struct in_addr + *\li struct in6_addr + *\li struct in6_pktinfo + *\li struct sockaddr + *\li struct sockaddr_in + *\li struct sockaddr_in6 + *\li in_port_t * * It ensures that the AF_ and PF_ macros are defined. * @@ -44,27 +45,27 @@ * * It declares inet_aton(), inet_ntop(), and inet_pton(). * - * It ensures that INADDR_LOOPBACK, INADDR_ANY, IN6ADDR_ANY_INIT, + * It ensures that #INADDR_LOOPBACK, #INADDR_ANY, #IN6ADDR_ANY_INIT, * in6addr_any, and in6addr_loopback are available. * * It ensures that IN_MULTICAST() is available to check for multicast * addresses. * * MP: - * No impact. + *\li No impact. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * N/A. + *\li N/A. * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * BSD Socket API - * RFC 2553 + *\li BSD Socket API + *\li RFC2553 */ /*** @@ -94,19 +95,19 @@ #include #ifdef ISC_PLATFORM_HAVEINADDR6 -#define in6_addr in_addr6 /* Required for pre RFC2133 implementations. */ +#define in6_addr in_addr6 /*%< Required for pre RFC2133 implementations. */ #endif #ifdef ISC_PLATFORM_HAVEIPV6 -/* +#ifndef IN6ADDR_ANY_INIT +#ifdef s6_addr +/*% * Required for some pre RFC2133 implementations. * IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT were added in - * draft-ietf-ipngwg-bsd-api-04.txt or draft-ietf-ipngwg-bsd-api-05.txt. + * draft-ietf-ipngwg-bsd-api-04.txt or draft-ietf-ipngwg-bsd-api-05.txt. * If 's6_addr' is defined then assume that there is a union and three * levels otherwise assume two levels required. */ -#ifndef IN6ADDR_ANY_INIT -#ifdef s6_addr #define IN6ADDR_ANY_INIT { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } } #else #define IN6ADDR_ANY_INIT { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } @@ -115,6 +116,7 @@ #ifndef IN6ADDR_LOOPBACK_INIT #ifdef s6_addr +/*% IPv6 address loopback init */ #define IN6ADDR_LOOPBACK_INIT { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } } } #else #define IN6ADDR_LOOPBACK_INIT { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } } @@ -122,12 +124,14 @@ #endif #ifndef IN6_IS_ADDR_V4MAPPED +/*% Is IPv6 address V4 mapped? */ #define IN6_IS_ADDR_V4MAPPED(x) \ (memcmp((x)->s6_addr, in6addr_any.s6_addr, 10) == 0 && \ (x)->s6_addr[10] == 0xff && (x)->s6_addr[11] == 0xff) #endif #ifndef IN6_IS_ADDR_V4COMPAT +/*% Is IPv6 address V4 compatible? */ #define IN6_IS_ADDR_V4COMPAT(x) \ (memcmp((x)->s6_addr, in6addr_any.s6_addr, 12) == 0 && \ ((x)->s6_addr[12] != 0 || (x)->s6_addr[13] != 0 || \ @@ -136,50 +140,58 @@ #endif #ifndef IN6_IS_ADDR_MULTICAST +/*% Is IPv6 address multicast? */ #define IN6_IS_ADDR_MULTICAST(a) ((a)->s6_addr[0] == 0xff) #endif #ifndef IN6_IS_ADDR_LINKLOCAL +/*% Is IPv6 address linklocal? */ #define IN6_IS_ADDR_LINKLOCAL(a) \ (((a)->s6_addr[0] == 0xfe) && (((a)->s6_addr[1] & 0xc0) == 0x80)) #endif #ifndef IN6_IS_ADDR_SITELOCAL +/*% is IPv6 address sitelocal? */ #define IN6_IS_ADDR_SITELOCAL(a) \ (((a)->s6_addr[0] == 0xfe) && (((a)->s6_addr[1] & 0xc0) == 0xc0)) #endif #ifndef IN6_IS_ADDR_LOOPBACK +/*% is IPv6 address loopback? */ #define IN6_IS_ADDR_LOOPBACK(x) \ (memcmp((x)->s6_addr, in6addr_loopback.s6_addr, 16) == 0) #endif #endif #ifndef AF_INET6 +/*% IPv6 */ #define AF_INET6 99 #endif #ifndef PF_INET6 +/*% IPv6 */ #define PF_INET6 AF_INET6 #endif #ifndef INADDR_LOOPBACK +/*% inaddr loopback */ #define INADDR_LOOPBACK 0x7f000001UL #endif #ifndef ISC_PLATFORM_HAVEIN6PKTINFO +/*% IPv6 packet info */ struct in6_pktinfo { - struct in6_addr ipi6_addr; /* src/dst IPv6 address */ - unsigned int ipi6_ifindex; /* send/recv interface index */ + struct in6_addr ipi6_addr; /*%< src/dst IPv6 address */ + unsigned int ipi6_ifindex; /*%< send/recv interface index */ }; #endif -/* - * Cope with a missing in6addr_any and in6addr_loopback. - */ #if defined(ISC_PLATFORM_HAVEIPV6) && defined(ISC_PLATFORM_NEEDIN6ADDRANY) extern const struct in6_addr isc_net_in6addrany; +/*% + * Cope with a missing in6addr_any and in6addr_loopback. + */ #define in6addr_any isc_net_in6addrany #endif @@ -188,11 +200,12 @@ extern const struct in6_addr isc_net_in6addrloop; #define in6addr_loopback isc_net_in6addrloop #endif -/* - * Fix UnixWare 7.1.1's broken IN6_IS_ADDR_* definitions. - */ #ifdef ISC_PLATFORM_FIXIN6ISADDR #undef IN6_IS_ADDR_GEOGRAPHIC +/*! + * \brief + * Fix UnixWare 7.1.1's broken IN6_IS_ADDR_* definitions. + */ #define IN6_IS_ADDR_GEOGRAPHIC(a) (((a)->S6_un.S6_l[0] & 0xE0) == 0x80) #undef IN6_IS_ADDR_IPX #define IN6_IS_ADDR_IPX(a) (((a)->S6_un.S6_l[0] & 0xFE) == 0x04) @@ -208,24 +221,26 @@ extern const struct in6_addr isc_net_in6addrloop; #define IN6_IS_ADDR_SITELOCAL(a) (((a)->S6_un.S6_l[0] & 0xC0FF) == 0xC0FE) #endif /* ISC_PLATFORM_FIXIN6ISADDR */ -/* +#ifdef ISC_PLATFORM_NEEDPORTT +/*% * Ensure type in_port_t is defined. */ -#ifdef ISC_PLATFORM_NEEDPORTT typedef isc_uint16_t in_port_t; #endif -/* +#ifndef MSG_TRUNC +/*% * If this system does not have MSG_TRUNC (as returned from recvmsg()) * ISC_PLATFORM_RECVOVERFLOW will be defined. This will enable the MSG_TRUNC * faking code in socket.c. */ -#ifndef MSG_TRUNC #define ISC_PLATFORM_RECVOVERFLOW #endif +/*% IP address. */ #define ISC__IPADDR(x) ((isc_uint32_t)htonl((isc_uint32_t)(x))) +/*% Is IP address multicast? */ #define ISC_IPADDR_ISMULTICAST(i) \ (((isc_uint32_t)(i) & ISC__IPADDR(0xf0000000)) \ == ISC__IPADDR(0xe0000000)) @@ -242,40 +257,40 @@ ISC_LANG_BEGINDECLS isc_result_t isc_net_probeipv4(void); -/* +/*%< * Check if the system's kernel supports IPv4. * * Returns: * - * ISC_R_SUCCESS IPv4 is supported. - * ISC_R_NOTFOUND IPv4 is not supported. - * ISC_R_DISABLED IPv4 is disabled. - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS IPv4 is supported. + *\li #ISC_R_NOTFOUND IPv4 is not supported. + *\li #ISC_R_DISABLED IPv4 is disabled. + *\li #ISC_R_UNEXPECTED */ isc_result_t isc_net_probeipv6(void); -/* +/*%< * Check if the system's kernel supports IPv6. * * Returns: * - * ISC_R_SUCCESS IPv6 is supported. - * ISC_R_NOTFOUND IPv6 is not supported. - * ISC_R_DISABLED IPv6 is disabled. - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS IPv6 is supported. + *\li #ISC_R_NOTFOUND IPv6 is not supported. + *\li #ISC_R_DISABLED IPv6 is disabled. + *\li #ISC_R_UNEXPECTED */ isc_result_t isc_net_probe_ipv6only(void); -/* +/*%< * Check if the system's kernel supports the IPV6_V6ONLY socket option. * * Returns: * - * ISC_R_SUCCESS the option is supported for both TCP and UDP. - * ISC_R_NOTFOUND IPv6 itself or the option is not supported. - * ISC_R_UNEXPECTED + *\li #ISC_R_SUCCESS the option is supported for both TCP and UDP. + *\li #ISC_R_NOTFOUND IPv6 itself or the option is not supported. + *\li #ISC_R_UNEXPECTED */ isc_result_t @@ -286,9 +301,9 @@ isc_net_probe_ipv6pktinfo(void); * * Returns: * - * ISC_R_SUCCESS the option is supported. - * ISC_R_NOTFOUND IPv6 itself or the option is not supported. - * ISC_R_UNEXPECTED + * \li #ISC_R_SUCCESS the option is supported. + * \li #ISC_R_NOTFOUND IPv6 itself or the option is not supported. + * \li #ISC_R_UNEXPECTED */ void @@ -303,6 +318,29 @@ isc_net_enableipv4(void); void isc_net_enableipv6(void); +isc_result_t +isc_net_probeunix(void); +/* + * Returns whether UNIX domain sockets are supported. + */ + +isc_result_t +isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high); +/*%< + * Returns system's default range of ephemeral UDP ports, if defined. + * If the range is not available or unknown, ISC_NET_PORTRANGELOW and + * ISC_NET_PORTRANGEHIGH will be returned. + * + * Requires: + * + *\li 'low' and 'high' must be non NULL. + * + * Returns: + * + *\li *low and *high will be the ports specifying the low and high ends of + * the range. + */ + #ifdef ISC_PLATFORM_NEEDNTOP const char * isc_net_ntop(int af, const void *src, char *dst, size_t size); @@ -316,11 +354,10 @@ isc_net_pton(int af, const char *src, void *dst); #define inet_pton isc_net_pton #endif -#ifdef ISC_PLATFORM_NEEDATON int isc_net_aton(const char *cp, struct in_addr *addr); +#undef inet_aton #define inet_aton isc_net_aton -#endif ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/netdb.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/netdb.h similarity index 76% rename from contrib/bind-9.3/lib/isc/unix/include/isc/netdb.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/netdb.h index beb91375ae..ff12a26e22 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/netdb.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/netdb.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: netdb.h,v 1.6.206.1 2004/03/06 08:15:04 marka Exp $ */ +/* $Id: netdb.h,v 1.11 2007/06/19 23:47:19 tbox Exp $ */ #ifndef ISC_NETDB_H #define ISC_NETDB_H 1 @@ -24,25 +24,26 @@ ***** Module Info *****/ -/* +/*! \file + * \brief * Portable netdb.h support. * * This module is responsible for defining the getby APIs. * * MP: - * No impact. + *\li No impact. * * Reliability: - * No anticipated impact. + *\li No anticipated impact. * * Resources: - * N/A. + *\li N/A. * * Security: - * No anticipated impact. + *\li No anticipated impact. * * Standards: - * BSD API + *\li BSD API */ /*** diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/offset.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/offset.h similarity index 84% rename from contrib/bind-9.3/lib/isc/unix/include/isc/offset.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/offset.h index 0ea136258f..b01edba343 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/offset.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/offset.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,20 +15,22 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: offset.h,v 1.10.206.1 2004/03/06 08:15:04 marka Exp $ */ +/* $Id: offset.h,v 1.15.128.2 2009/02/16 23:46:44 tbox Exp $ */ #ifndef ISC_OFFSET_H #define ISC_OFFSET_H 1 -/* +/*! \file + * \brief * File offsets are operating-system dependent. */ #include /* Required for CHAR_BIT. */ #include +#include /* For Linux Standard Base. */ typedef off_t isc_offset_t; -/* +/*% * POSIX says "Additionally, blkcnt_t and off_t are extended signed integral * types", so the maximum value is all 1s except for the high bit. * This definition is more complex than it really needs to be because it was diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/stat.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/stat.h similarity index 80% rename from contrib/bind-9.3/lib/isc/unix/include/isc/stat.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/stat.h index 430420865d..b7a7986492 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/stat.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/stat.h @@ -1,8 +1,7 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2003 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stat.h,v 1.1.2.1.4.1 2004/03/06 08:15:05 marka Exp $ */ +/* $Id: stat.h,v 1.5 2007/06/19 23:47:19 tbox Exp $ */ #ifndef ISC_STAT_H #define ISC_STAT_H 1 diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/stdtime.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/stdtime.h similarity index 67% rename from contrib/bind-9.3/lib/isc/unix/include/isc/stdtime.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/stdtime.h index 9b855c70eb..4cb9e81fa6 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/stdtime.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/stdtime.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,31 +15,44 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdtime.h,v 1.8.206.1 2004/03/06 08:15:05 marka Exp $ */ +/* $Id: stdtime.h,v 1.14 2007/06/19 23:47:19 tbox Exp $ */ #ifndef ISC_STDTIME_H #define ISC_STDTIME_H 1 +/*! \file */ + #include #include -/* +/*% * It's public information that 'isc_stdtime_t' is an unsigned integral type. * Applications that want maximum portability should not assume anything * about its size. */ typedef isc_uint32_t isc_stdtime_t; +/* + * isc_stdtime32_t is a 32-bit version of isc_stdtime_t. A variable of this + * type should only be used as an opaque integer (e.g.,) to compare two + * time values. + */ +typedef isc_uint32_t isc_stdtime32_t; ISC_LANG_BEGINDECLS - +/* */ void isc_stdtime_get(isc_stdtime_t *t); -/* +/*%< * Set 't' to the number of seconds since 00:00:00 UTC, January 1, 1970. * * Requires: * - * 't' is a valid pointer. + *\li 't' is a valid pointer. + */ + +#define isc_stdtime_convert32(t, t32p) (*(t32p) = t) +/* + * Convert the standard time to its 32-bit version. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/strerror.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/strerror.h similarity index 76% rename from contrib/bind-9.3/lib/isc/unix/include/isc/strerror.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/strerror.h index f51fbdc2d0..e61e5b9b6c 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/strerror.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/strerror.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,21 +15,24 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: strerror.h,v 1.2.12.3 2004/03/08 09:04:57 marka Exp $ */ +/* $Id: strerror.h,v 1.8.128.2 2009/02/16 23:46:44 tbox Exp $ */ #ifndef ISC_STRERROR_H #define ISC_STRERROR_H +/*! \file */ + #include #include ISC_LANG_BEGINDECLS +/*% String Error Size */ #define ISC_STRERRORSIZE 128 -/* - * Provide a thread safe wrapper to strerrror(). +/*% + * Provide a thread safe wrapper to strerror(). * * Requires: * 'buf' to be non NULL. diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/syslog.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/syslog.h similarity index 76% rename from contrib/bind-9.3/lib/isc/unix/include/isc/syslog.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/syslog.h index 2c0625eb27..7e0c88cb3b 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/syslog.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/syslog.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: syslog.h,v 1.2.206.1 2004/03/06 08:15:05 marka Exp $ */ +/* $Id: syslog.h,v 1.7 2007/06/19 23:47:19 tbox Exp $ */ #ifndef ISC_SYSLOG_H #define ISC_SYSLOG_H 1 +/*! \file */ + #include #include @@ -27,17 +29,17 @@ ISC_LANG_BEGINDECLS isc_result_t isc_syslog_facilityfromstring(const char *str, int *facilityp); -/* +/*%< * Convert 'str' to the appropriate syslog facility constant. * * Requires: * - * 'str' is not NULL - * 'facilityp' is not NULL + *\li 'str' is not NULL + *\li 'facilityp' is not NULL * * Returns: - * ISC_R_SUCCESS - * ISC_R_NOTFOUND + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isc/unix/include/isc/time.h b/contrib/bind-9.5.2/lib/isc/unix/include/isc/time.h similarity index 68% rename from contrib/bind-9.3/lib/isc/unix/include/isc/time.h rename to contrib/bind-9.5.2/lib/isc/unix/include/isc/time.h index 6021c13d92..c06956d065 100644 --- a/contrib/bind-9.3/lib/isc/unix/include/isc/time.h +++ b/contrib/bind-9.5.2/lib/isc/unix/include/isc/time.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.h,v 1.25.2.1.10.4 2004/03/08 09:04:58 marka Exp $ */ +/* $Id: time.h,v 1.36.128.3 2009/01/06 23:46:48 tbox Exp $ */ #ifndef ISC_TIME_H #define ISC_TIME_H 1 +/*! \file */ + #include #include @@ -27,7 +29,8 @@ *** Intervals ***/ -/* +/*! + * \brief * The contents of this structure are private, and MUST NOT be accessed * directly by callers. * @@ -45,32 +48,32 @@ ISC_LANG_BEGINDECLS void isc_interval_set(isc_interval_t *i, unsigned int seconds, unsigned int nanoseconds); -/* +/*%< * Set 'i' to a value representing an interval of 'seconds' seconds and * 'nanoseconds' nanoseconds, suitable for use in isc_time_add() and * isc_time_subtract(). * * Requires: * - * 't' is a valid pointer. - * nanoseconds < 1000000000. + *\li 't' is a valid pointer. + *\li nanoseconds < 1000000000. */ isc_boolean_t isc_interval_iszero(const isc_interval_t *i); -/* +/*%< * Returns ISC_TRUE iff. 'i' is the zero interval. * * Requires: * - * 'i' is a valid pointer. + *\li 'i' is a valid pointer. */ /*** *** Absolute Times ***/ -/* +/*% * The contents of this structure are private, and MUST NOT be accessed * directly by callers. * @@ -86,116 +89,118 @@ extern isc_time_t *isc_time_epoch; void isc_time_set(isc_time_t *t, unsigned int seconds, unsigned int nanoseconds); -/* +/*%< * Set 't' to a particular number of seconds + nanoseconds since the epoch. * * Notes: - * This call is equivalent to: - * + *\li This call is equivalent to: + *\code * isc_time_settoepoch(t); * isc_interval_set(i, seconds, nanoseconds); * isc_time_add(t, i, t); - * + *\endcode * Requires: - * 't' is a valid pointer. - * nanoseconds < 1000000000. + *\li 't' is a valid pointer. + *\li nanoseconds < 1000000000. */ void isc_time_settoepoch(isc_time_t *t); -/* +/*%< * Set 't' to the time of the epoch. * * Notes: - * The date of the epoch is platform-dependent. + *\li The date of the epoch is platform-dependent. * * Requires: * - * 't' is a valid pointer. + *\li 't' is a valid pointer. */ isc_boolean_t isc_time_isepoch(const isc_time_t *t); -/* +/*%< * Returns ISC_TRUE iff. 't' is the epoch ("time zero"). * * Requires: * - * 't' is a valid pointer. + *\li 't' is a valid pointer. */ isc_result_t isc_time_now(isc_time_t *t); -/* +/*%< * Set 't' to the current absolute time. * * Requires: * - * 't' is a valid pointer. + *\li 't' is a valid pointer. * * Returns: * - * Success - * Unexpected error + *\li Success + *\li Unexpected error * Getting the time from the system failed. - * Out of range + *\li Out of range * The time from the system is too large to be represented * in the current definition of isc_time_t. */ isc_result_t isc_time_nowplusinterval(isc_time_t *t, const isc_interval_t *i); -/* +/*%< * Set *t to the current absolute time + i. * * Note: - * This call is equivalent to: + *\li This call is equivalent to: * + *\code * isc_time_now(t); * isc_time_add(t, i, t); + *\endcode * * Requires: * - * 't' and 'i' are valid pointers. + *\li 't' and 'i' are valid pointers. * * Returns: * - * Success - * Unexpected error + *\li Success + *\li Unexpected error * Getting the time from the system failed. - * Out of range + *\li Out of range * The interval added to the time from the system is too large to * be represented in the current definition of isc_time_t. */ int isc_time_compare(const isc_time_t *t1, const isc_time_t *t2); -/* +/*%< * Compare the times referenced by 't1' and 't2' * * Requires: * - * 't1' and 't2' are valid pointers. + *\li 't1' and 't2' are valid pointers. * * Returns: * - * -1 t1 < t2 (comparing times, not pointers) - * 0 t1 = t2 - * 1 t1 > t2 + *\li -1 t1 < t2 (comparing times, not pointers) + *\li 0 t1 = t2 + *\li 1 t1 > t2 */ isc_result_t isc_time_add(const isc_time_t *t, const isc_interval_t *i, isc_time_t *result); -/* +/*%< * Add 'i' to 't', storing the result in 'result'. * * Requires: * - * 't', 'i', and 'result' are valid pointers. + *\li 't', 'i', and 'result' are valid pointers. * * Returns: - * Success - * Out of range + *\li Success + *\li Out of range * The interval added to the time is too large to * be represented in the current definition of isc_time_t. */ @@ -203,50 +208,50 @@ isc_time_add(const isc_time_t *t, const isc_interval_t *i, isc_time_t *result); isc_result_t isc_time_subtract(const isc_time_t *t, const isc_interval_t *i, isc_time_t *result); -/* +/*%< * Subtract 'i' from 't', storing the result in 'result'. * * Requires: * - * 't', 'i', and 'result' are valid pointers. + *\li 't', 'i', and 'result' are valid pointers. * * Returns: - * Success - * Out of range + *\li Success + *\li Out of range * The interval is larger than the time since the epoch. */ isc_uint64_t isc_time_microdiff(const isc_time_t *t1, const isc_time_t *t2); -/* +/*%< * Find the difference in microseconds between time t1 and time t2. * t2 is the subtrahend of t1; ie, difference = t1 - t2. * * Requires: * - * 't1' and 't2' are valid pointers. + *\li 't1' and 't2' are valid pointers. * * Returns: - * The difference of t1 - t2, or 0 if t1 <= t2. + *\li The difference of t1 - t2, or 0 if t1 <= t2. */ isc_uint32_t isc_time_seconds(const isc_time_t *t); -/* +/*%< * Return the number of seconds since the epoch stored in a time structure. * * Requires: * - * 't' is a valid pointer. + *\li 't' is a valid pointer. */ isc_result_t isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp); -/* +/*%< * Ensure the number of seconds in an isc_time_t is representable by a time_t. * * Notes: - * The number of seconds stored in an isc_time_t might be larger + *\li The number of seconds stored in an isc_time_t might be larger * than the number of seconds a time_t is able to handle. Since * time_t is mostly opaque according to the ANSI/ISO standard * (essentially, all you can be sure of is that it is an arithmetic type, @@ -256,41 +261,69 @@ isc_time_secondsastimet(const isc_time_t *t, time_t *secondsp); * time_t from an isc_time_t. * * Requires: - * 't' is a valid pointer. + *\li 't' is a valid pointer. * * Returns: - * Success - * Out of range + *\li Success + *\li Out of range */ isc_uint32_t isc_time_nanoseconds(const isc_time_t *t); -/* +/*%< * Return the number of nanoseconds stored in a time structure. * * Notes: - * This is the number of nanoseconds in excess of the the number + *\li This is the number of nanoseconds in excess of the number * of seconds since the epoch; it will always be less than one * full second. * * Requires: - * 't' is a valid pointer. + *\li 't' is a valid pointer. * * Ensures: - * The returned value is less than 1*10^9. + *\li The returned value is less than 1*10^9. */ void isc_time_formattimestamp(const isc_time_t *t, char *buf, unsigned int len); -/* +/*%< * Format the time 't' into the buffer 'buf' of length 'len', * using a format like "30-Aug-2000 04:06:47.997" and the local time zone. * If the text does not fit in the buffer, the result is indeterminate, * but is always guaranteed to be null terminated. * * Requires: - * 'len' > 0 - * 'buf' points to an array of at least len chars + *\li 'len' > 0 + *\li 'buf' points to an array of at least len chars + * + */ + +void +isc_time_formathttptimestamp(const isc_time_t *t, char *buf, unsigned int len); +/*%< + * Format the time 't' into the buffer 'buf' of length 'len', + * using a format like "Mon, 30 Aug 2000 04:06:47 GMT" + * If the text does not fit in the buffer, the result is indeterminate, + * but is always guaranteed to be null terminated. + * + * Requires: + *\li 'len' > 0 + *\li 'buf' points to an array of at least len chars + * + */ + +void +isc_time_formatISO8601(const isc_time_t *t, char *buf, unsigned int len); +/*%< + * Format the time 't' into the buffer 'buf' of length 'len', + * using the ISO8601 format: "yyyy-mm-ddThh:mm:ssZ" + * If the text does not fit in the buffer, the result is indeterminate, + * but is always guaranteed to be null terminated. + * + * Requires: + *\li 'len' > 0 + *\li 'buf' points to an array of at least len chars * */ diff --git a/contrib/bind-9.3/lib/isc/unix/interfaceiter.c b/contrib/bind-9.5.2/lib/isc/unix/interfaceiter.c similarity index 95% rename from contrib/bind-9.3/lib/isc/unix/interfaceiter.c rename to contrib/bind-9.5.2/lib/isc/unix/interfaceiter.c index 9520bdeb56..359e363a98 100644 --- a/contrib/bind-9.3/lib/isc/unix/interfaceiter.c +++ b/contrib/bind-9.5.2/lib/isc/unix/interfaceiter.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfaceiter.c,v 1.22.2.1.10.14 2004/08/28 06:25:22 marka Exp $ */ +/* $Id: interfaceiter.c,v 1.42 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file */ #include @@ -51,9 +53,9 @@ /* Common utility functions */ -/* +/*% * Extract the network address part from a "struct sockaddr". - * + * \brief * The address family is given explicitly * instead of using src->sa_family, because the latter does not work * for copying a network mask obtained by SIOCGIFNETMASK (it does diff --git a/contrib/bind-9.3/lib/isc/unix/ipv6.c b/contrib/bind-9.5.2/lib/isc/unix/ipv6.c similarity index 80% rename from contrib/bind-9.3/lib/isc/unix/ipv6.c rename to contrib/bind-9.5.2/lib/isc/unix/ipv6.c index f11262f599..61e984f09d 100644 --- a/contrib/bind-9.3/lib/isc/unix/ipv6.c +++ b/contrib/bind-9.5.2/lib/isc/unix/ipv6.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ipv6.c,v 1.7.206.3 2006/08/25 05:25:50 marka Exp $ */ +/* $Id: ipv6.c,v 1.14 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/unix/keyboard.c b/contrib/bind-9.5.2/lib/isc/unix/keyboard.c similarity index 93% rename from contrib/bind-9.3/lib/isc/unix/keyboard.c rename to contrib/bind-9.5.2/lib/isc/unix/keyboard.c index 146338aebe..8ee62d3f59 100644 --- a/contrib/bind-9.3/lib/isc/unix/keyboard.c +++ b/contrib/bind-9.5.2/lib/isc/unix/keyboard.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keyboard.c,v 1.9.12.3 2004/03/08 09:04:56 marka Exp $ */ +/* $Id: keyboard.c,v 1.13 2007/06/19 23:47:18 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/isc/unix/net.c b/contrib/bind-9.5.2/lib/isc/unix/net.c similarity index 59% rename from contrib/bind-9.3/lib/isc/unix/net.c rename to contrib/bind-9.5.2/lib/isc/unix/net.c index e0aeccbbbf..fc2217eb49 100644 --- a/contrib/bind-9.3/lib/isc/unix/net.c +++ b/contrib/bind-9.5.2/lib/isc/unix/net.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,19 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: net.c,v 1.22.2.2.10.9 2005/03/17 03:58:33 marka Exp $ */ +/* $Id: net.c,v 1.36.60.4 2008/07/04 05:52:16 each Exp $ */ #include +#include + +#if defined(HAVE_SYS_SYSCTL_H) +#if defined(HAVE_SYS_PARAM_H) +#include +#endif +#include +#endif + #include #include @@ -30,19 +39,82 @@ #include #include -#if defined(ISC_PLATFORM_HAVEIPV6) && defined(ISC_PLATFORM_NEEDIN6ADDRANY) -const struct in6_addr isc_net_in6addrany = IN6ADDR_ANY_INIT; +/*% + * Definitions about UDP port range specification. This is a total mess of + * portability variants: some use sysctl (but the sysctl names vary), some use + * system-specific interfaces, some have the same interface for IPv4 and IPv6, + * some separate them, etc... + */ + +/*% + * The last resort defaults: use all non well known port space + */ +#ifndef ISC_NET_PORTRANGELOW +#define ISC_NET_PORTRANGELOW 1024 +#endif /* ISC_NET_PORTRANGELOW */ +#ifndef ISC_NET_PORTRANGEHIGH +#define ISC_NET_PORTRANGEHIGH 65535 +#endif /* ISC_NET_PORTRANGEHIGH */ + +#ifdef HAVE_SYSCTLBYNAME + +/*% + * sysctl variants + */ +#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__) +#define USE_SYSCTL_PORTRANGE +#define SYSCTL_V4PORTRANGE_LOW "net.inet.ip.portrange.hifirst" +#define SYSCTL_V4PORTRANGE_HIGH "net.inet.ip.portrange.hilast" +#define SYSCTL_V6PORTRANGE_LOW "net.inet.ip.portrange.hifirst" +#define SYSCTL_V6PORTRANGE_HIGH "net.inet.ip.portrange.hilast" #endif -#if defined(ISC_PLATFORM_HAVEIPV6) && defined(ISC_PLATFORM_NEEDIN6ADDRLOOPBACK) -const struct in6_addr isc_net_in6addrloop = IN6ADDR_LOOPBACK_INIT; +#ifdef __NetBSD__ +#define USE_SYSCTL_PORTRANGE +#define SYSCTL_V4PORTRANGE_LOW "net.inet.ip.anonportmin" +#define SYSCTL_V4PORTRANGE_HIGH "net.inet.ip.anonportmax" +#define SYSCTL_V6PORTRANGE_LOW "net.inet6.ip6.anonportmin" +#define SYSCTL_V6PORTRANGE_HIGH "net.inet6.ip6.anonportmax" #endif -static isc_once_t once = ISC_ONCE_INIT; +#else /* !HAVE_SYSCTLBYNAME */ + +#ifdef __OpenBSD__ +#define USE_SYSCTL_PORTRANGE +#define SYSCTL_V4PORTRANGE_LOW { CTL_NET, PF_INET, IPPROTO_IP, \ + IPCTL_IPPORT_HIFIRSTAUTO } +#define SYSCTL_V4PORTRANGE_HIGH { CTL_NET, PF_INET, IPPROTO_IP, \ + IPCTL_IPPORT_HILASTAUTO } +/* Same for IPv6 */ +#define SYSCTL_V6PORTRANGE_LOW SYSCTL_V4PORTRANGE_LOW +#define SYSCTL_V6PORTRANGE_HIGH SYSCTL_V4PORTRANGE_HIGH +#endif + +#endif /* HAVE_SYSCTLBYNAME */ + +#if defined(ISC_PLATFORM_HAVEIPV6) +# if defined(ISC_PLATFORM_NEEDIN6ADDRANY) +const struct in6_addr isc_net_in6addrany = IN6ADDR_ANY_INIT; +# endif + +# if defined(ISC_PLATFORM_NEEDIN6ADDRLOOPBACK) +const struct in6_addr isc_net_in6addrloop = IN6ADDR_LOOPBACK_INIT; +# endif + +# if defined(WANT_IPV6) static isc_once_t once_ipv6only = ISC_ONCE_INIT; +# endif + +# if defined(ISC_PLATFORM_HAVEIN6PKTINFO) static isc_once_t once_ipv6pktinfo = ISC_ONCE_INIT; +# endif +#endif /* ISC_PLATFORM_HAVEIPV6 */ + +static isc_once_t once = ISC_ONCE_INIT; + static isc_result_t ipv4_result = ISC_R_NOTFOUND; static isc_result_t ipv6_result = ISC_R_NOTFOUND; +static isc_result_t unix_result = ISC_R_NOTFOUND; static isc_result_t ipv6only_result = ISC_R_NOTFOUND; static isc_result_t ipv6pktinfo_result = ISC_R_NOTFOUND; @@ -137,6 +209,9 @@ initialize_action(void) { #endif #endif #endif +#ifdef ISC_PLATFORM_HAVESYSUNH + unix_result = try_proto(PF_UNIX); +#endif } static void @@ -156,6 +231,12 @@ isc_net_probeipv6(void) { return (ipv6_result); } +isc_result_t +isc_net_probeunix(void) { + initialize(); + return (unix_result); +} + #ifdef ISC_PLATFORM_HAVEIPV6 #ifdef WANT_IPV6 static void @@ -235,7 +316,7 @@ initialize_ipv6only(void) { RUNTIME_CHECK(isc_once_do(&once_ipv6only, try_ipv6only) == ISC_R_SUCCESS); } -#endif /* IPV6_V6ONLY */ +#endif /* WANT_IPV6 */ #ifdef ISC_PLATFORM_HAVEIN6PKTINFO static void @@ -291,7 +372,7 @@ initialize_ipv6pktinfo(void) { try_ipv6pktinfo) == ISC_R_SUCCESS); } #endif /* ISC_PLATFORM_HAVEIN6PKTINFO */ -#endif /* WANT_IPV6 */ +#endif /* ISC_PLATFORM_HAVEIPV6 */ isc_result_t isc_net_probe_ipv6only(void) { @@ -319,6 +400,101 @@ isc_net_probe_ipv6pktinfo(void) { return (ipv6pktinfo_result); } +#if defined(USE_SYSCTL_PORTRANGE) +#if defined(HAVE_SYSCTLBYNAME) +static isc_result_t +getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) { + int port_low, port_high; + size_t portlen; + const char *sysctlname_lowport, *sysctlname_hiport; + + if (af == AF_INET) { + sysctlname_lowport = SYSCTL_V4PORTRANGE_LOW; + sysctlname_hiport = SYSCTL_V4PORTRANGE_HIGH; + } else { + sysctlname_lowport = SYSCTL_V6PORTRANGE_LOW; + sysctlname_hiport = SYSCTL_V6PORTRANGE_HIGH; + } + portlen = sizeof(portlen); + if (sysctlbyname(sysctlname_lowport, &port_low, &portlen, + NULL, 0) < 0) { + return (ISC_R_FAILURE); + } + portlen = sizeof(portlen); + if (sysctlbyname(sysctlname_hiport, &port_high, &portlen, + NULL, 0) < 0) { + return (ISC_R_FAILURE); + } + if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0) + return (ISC_R_RANGE); + + *low = (in_port_t)port_low; + *high = (in_port_t)port_high; + + return (ISC_R_SUCCESS); +} +#else /* !HAVE_SYSCTLBYNAME */ +static isc_result_t +getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) { + int mib_lo4[4] = SYSCTL_V4PORTRANGE_LOW; + int mib_hi4[4] = SYSCTL_V4PORTRANGE_HIGH; + int mib_lo6[4] = SYSCTL_V6PORTRANGE_LOW; + int mib_hi6[4] = SYSCTL_V6PORTRANGE_HIGH; + int *mib_lo, *mib_hi, miblen; + int port_low, port_high; + size_t portlen; + + if (af == AF_INET) { + mib_lo = mib_lo4; + mib_hi = mib_hi4; + miblen = sizeof(mib_lo4) / sizeof(mib_lo4[0]); + } else { + mib_lo = mib_lo6; + mib_hi = mib_hi6; + miblen = sizeof(mib_lo6) / sizeof(mib_lo6[0]); + } + + portlen = sizeof(portlen); + if (sysctl(mib_lo, miblen, &port_low, &portlen, NULL, 0) < 0) { + return (ISC_R_FAILURE); + } + + portlen = sizeof(portlen); + if (sysctl(mib_hi, miblen, &port_high, &portlen, NULL, 0) < 0) { + return (ISC_R_FAILURE); + } + + if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0) + return (ISC_R_RANGE); + + *low = (in_port_t) port_low; + *high = (in_port_t) port_high; + + return (ISC_R_SUCCESS); +} +#endif /* HAVE_SYSCTLBYNAME */ +#endif /* USE_SYSCTL_PORTRANGE */ + +isc_result_t +isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high) { + int result = ISC_R_FAILURE; + + REQUIRE(low != NULL && high != NULL); + +#if defined(USE_SYSCTL_PORTRANGE) + result = getudpportrange_sysctl(af, low, high); +#else + UNUSED(af); +#endif + + if (result != ISC_R_SUCCESS) { + *low = ISC_NET_PORTRANGELOW; + *high = ISC_NET_PORTRANGEHIGH; + } + + return (ISC_R_SUCCESS); /* we currently never fail in this function */ +} + void isc_net_disableipv4(void) { initialize(); diff --git a/contrib/bind-9.3/lib/isc/unix/os.c b/contrib/bind-9.5.2/lib/isc/unix/os.c similarity index 90% rename from contrib/bind-9.3/lib/isc/unix/os.c rename to contrib/bind-9.5.2/lib/isc/unix/os.c index 4d34d8ce6f..c050d14c3b 100644 --- a/contrib/bind-9.3/lib/isc/unix/os.c +++ b/contrib/bind-9.5.2/lib/isc/unix/os.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.11.12.6 2005/10/14 02:13:07 marka Exp $ */ +/* $Id: os.c,v 1.18 2007/06/19 23:47:18 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/isc/unix/resource.c b/contrib/bind-9.5.2/lib/isc/unix/resource.c similarity index 59% rename from contrib/bind-9.3/lib/isc/unix/resource.c rename to contrib/bind-9.5.2/lib/isc/unix/resource.c index b6faf32a5e..c401b3d570 100644 --- a/contrib/bind-9.3/lib/isc/unix/resource.c +++ b/contrib/bind-9.5.2/lib/isc/unix/resource.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resource.c,v 1.11.206.1 2004/03/06 08:15:01 marka Exp $ */ +/* $Id: resource.c,v 1.14.128.9 2009/02/13 23:46:42 tbox Exp $ */ #include @@ -28,6 +28,14 @@ #include #include +#ifdef __linux__ +#include /* To get the large NR_OPEN. */ +#endif + +#if defined(__hpux) && defined(HAVE_SYS_DYNTUNE_H) +#include +#endif + #include "errno2result.h" static isc_result_t @@ -40,13 +48,13 @@ resource2rlim(isc_resource_t resource, int *rlim_resource) { break; case isc_resource_cputime: *rlim_resource = RLIMIT_CPU; - break; + break; case isc_resource_datasize: *rlim_resource = RLIMIT_DATA; - break; + break; case isc_resource_filesize: *rlim_resource = RLIMIT_FSIZE; - break; + break; case isc_resource_lockedmemory: #ifdef RLIMIT_MEMLOCK *rlim_resource = RLIMIT_MEMLOCK; @@ -79,7 +87,7 @@ resource2rlim(isc_resource_t resource, int *rlim_resource) { *rlim_resource = RLIMIT_STACK; break; default: - /* + /* * This test is not very robust if isc_resource_t * changes, but generates a clear assertion message. */ @@ -132,58 +140,60 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) { rlim_value = value; } - /* - * The BIND 8 documentation reports: - * - * Note: on some operating systems the server cannot set an - * unlimited value and cannot determine the maximum number of - * open files the kernel can support. On such systems, choosing - * unlimited will cause the server to use the larger of the - * rlim_max for RLIMIT_NOFILE and the value returned by - * sysconf(_SC_OPEN_MAX). If the actual kernel limit is larger - * than this value, use limit files to specify the limit - * explicitly. - * - * The CHANGES for 8.1.2-T3A also mention: - * - * 352. [bug] Because of problems with setting an infinite - * rlim_max for RLIMIT_NOFILE on some systems, previous versions - * of the server implemented "limit files unlimited" by setting - * the limit to the value returned by sysconf(_SC_OPEN_MAX). The - * server will now use RLIM_INFINITY on systems which allow it. - * - * At some point the BIND 8 server stopped using SC_OPEN_MAX for this - * purpose at all, but it isn't clear to me when or why, as my access - * to the CVS archive is limited at the time of this writing. What - * BIND 8 *does* do is to set RLIMIT_NOFILE to either RLIMIT_INFINITY - * on a half dozen operating systems or to FD_SETSIZE on the rest, - * the latter of which is probably fewer than the real limit. (Note - * that libisc's socket module will have problems with any fd over - * FD_SETSIZE. This should be fixed in the socket module, not a - * limitation here. BIND 8's eventlib also has a problem, making - * its RLIMIT_INFINITY setting useless, because it closes and ignores - * any fd over FD_SETSIZE.) - * - * More troubling is the reference to some operating systems not being - * able to set an unlimited value for the number of open files. I'd - * hate to put in code that is really only there to support archaic - * systems that the rest of libisc won't work on anyway. So what this - * extremely verbose comment is here to say is the following: - * - * I'm aware there might be an issue with not limiting the value - * for RLIMIT_NOFILE on some systems, but since I don't know yet - * what those systems are and what the best workaround is (use - * sysconf()? rlim_max from getrlimit()? FD_SETSIZE?) so nothing - * is currently being done to clamp the value for open files. - */ - rl.rlim_cur = rl.rlim_max = rlim_value; unixresult = setrlimit(unixresource, &rl); if (unixresult == 0) return (ISC_R_SUCCESS); - else - return (isc__errno2result(errno)); + +#if defined(OPEN_MAX) && defined(__APPLE__) + /* + * The Darwin kernel doesn't accept RLIM_INFINITY for rlim_cur; the + * maximum possible value is OPEN_MAX. BIND8 used to use + * sysconf(_SC_OPEN_MAX) for such a case, but this value is much + * smaller than OPEN_MAX and is not really effective. + */ + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + rl.rlim_cur = OPEN_MAX; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } +#elif defined(__linux__) +#ifndef NR_OPEN +#define NR_OPEN (1024*1024) +#endif + + /* + * Some Linux kernels don't accept RLIM_INFINIT; the maximum + * possible value is the NR_OPEN defined in linux/fs.h. + */ + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + rl.rlim_cur = rl.rlim_max = NR_OPEN; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } +#elif defined(__hpux) && defined(HAVE_SYS_DYNTUNE_H) + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + uint64_t maxfiles; + if (gettune("maxfiles_lim", &maxfiles) == 0) { + rl.rlim_cur = rl.rlim_max = maxfiles; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } + } +#endif + if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) { + if (getrlimit(unixresource, &rl) == 0) { + rl.rlim_cur = rl.rlim_max; + unixresult = setrlimit(unixresource, &rl); + if (unixresult == 0) + return (ISC_R_SUCCESS); + } + } + return (isc__errno2result(errno)); } isc_result_t @@ -202,3 +212,20 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value) { return (result); } + +isc_result_t +isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value) { + int unixresult; + int unixresource; + struct rlimit rl; + isc_result_t result; + + result = resource2rlim(resource, &unixresource); + if (result == ISC_R_SUCCESS) { + unixresult = getrlimit(unixresource, &rl); + INSIST(unixresult == 0); + *value = rl.rlim_cur; + } + + return (result); +} diff --git a/contrib/bind-9.3/lib/isc/unix/socket.c b/contrib/bind-9.5.2/lib/isc/unix/socket.c similarity index 55% rename from contrib/bind-9.3/lib/isc/unix/socket.c rename to contrib/bind-9.5.2/lib/isc/unix/socket.c index f95e3c8f75..b750b506a7 100644 --- a/contrib/bind-9.3/lib/isc/unix/socket.c +++ b/contrib/bind-9.5.2/lib/isc/unix/socket.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,13 +15,16 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket.c,v 1.207.2.19.2.26 2006/05/19 02:53:36 marka Exp $ */ +/* $Id: socket.c,v 1.275.10.42 2009/09/07 02:14:40 marka Exp $ */ + +/*! \file */ #include #include #include #include +#include #include #include @@ -42,14 +45,30 @@ #include #include #include +#include #include #include #include #include +#include #include #include #include #include +#include + +#ifdef ISC_PLATFORM_HAVESYSUNH +#include +#endif +#ifdef ISC_PLATFORM_HAVEKQUEUE +#include +#endif +#ifdef ISC_PLATFORM_HAVEEPOLL +#include +#endif +#ifdef ISC_PLATFORM_HAVEDEVPOLL +#include +#endif #include "errno2result.h" @@ -57,7 +76,130 @@ #include "socket_p.h" #endif /* ISC_PLATFORM_USETHREADS */ -/* +#if defined(SO_BSDCOMPAT) && defined(__linux__) +#include +#endif + +/*% + * Choose the most preferable multiplex method. + */ +#ifdef ISC_PLATFORM_HAVEKQUEUE +#define USE_KQUEUE +#elif defined (ISC_PLATFORM_HAVEEPOLL) +#define USE_EPOLL +#elif defined (ISC_PLATFORM_HAVEDEVPOLL) +#define USE_DEVPOLL +typedef struct { + unsigned int want_read : 1, + want_write : 1; +} pollinfo_t; +#else +#define USE_SELECT +#endif /* ISC_PLATFORM_HAVEKQUEUE */ + +#ifndef ISC_PLATFORM_USETHREADS +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) +struct isc_socketwait { + int nevents; +}; +#elif defined (USE_SELECT) +struct isc_socketwait { + fd_set *readset; + fd_set *writeset; + int nfds; + int maxfd; +}; +#endif /* USE_KQUEUE */ +#endif /* !ISC_PLATFORM_USETHREADS */ + +/*% + * Maximum number of allowable open sockets. This is also the maximum + * allowable socket file descriptor. + * + * Care should be taken before modifying this value for select(): + * The API standard doesn't ensure select() accept more than (the system default + * of) FD_SETSIZE descriptors, and the default size should in fact be fine in + * the vast majority of cases. This constant should therefore be increased only + * when absolutely necessary and possible, i.e., the server is exhausting all + * available file descriptors (up to FD_SETSIZE) and the select() function + * and FD_xxx macros support larger values than FD_SETSIZE (which may not + * always by true, but we keep using some of them to ensure as much + * portability as possible). Note also that overall server performance + * may be rather worsened with a larger value of this constant due to + * inherent scalability problems of select(). + * + * As a special note, this value shouldn't have to be touched if + * this is a build for an authoritative only DNS server. + */ +#ifndef ISC_SOCKET_MAXSOCKETS +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) +#define ISC_SOCKET_MAXSOCKETS 4096 +#elif defined(USE_SELECT) +#define ISC_SOCKET_MAXSOCKETS FD_SETSIZE +#endif /* USE_KQUEUE... */ +#endif /* ISC_SOCKET_MAXSOCKETS */ + +#ifdef USE_SELECT +/*% + * Mac OS X needs a special definition to support larger values in select(). + * We always define this because a larger value can be specified run-time. + */ +#ifdef __APPLE__ +#define _DARWIN_UNLIMITED_SELECT +#endif /* __APPLE__ */ +#endif /* USE_SELECT */ + +#ifdef ISC_SOCKET_USE_POLLWATCH +/*% + * If this macro is defined, enable workaround for a Solaris /dev/poll kernel + * bug: DP_POLL ioctl could keep sleeping even if socket I/O is possible for + * some of the specified FD. The idea is based on the observation that it's + * likely for a busy server to keep receiving packets. It specifically works + * as follows: the socket watcher is first initialized with the state of + * "poll_idle". While it's in the idle state it keeps sleeping until a socket + * event occurs. When it wakes up for a socket I/O event, it moves to the + * poll_active state, and sets the poll timeout to a short period + * (ISC_SOCKET_POLLWATCH_TIMEOUT msec). If timeout occurs in this state, the + * watcher goes to the poll_checking state with the same timeout period. + * In this state, the watcher tries to detect whether this is a break + * during intermittent events or the kernel bug is triggered. If the next + * polling reports an event within the short period, the previous timeout is + * likely to be a kernel bug, and so the watcher goes back to the active state. + * Otherwise, it moves to the idle state again. + * + * It's not clear whether this is a thread-related bug, but since we've only + * seen this with threads, this workaround is used only when enabling threads. + */ + +typedef enum { poll_idle, poll_active, poll_checking } pollstate_t; + +#ifndef ISC_SOCKET_POLLWATCH_TIMEOUT +#define ISC_SOCKET_POLLWATCH_TIMEOUT 10 +#endif /* ISC_SOCKET_POLLWATCH_TIMEOUT */ +#endif /* ISC_SOCKET_USE_POLLWATCH */ + +/*% + * Size of per-FD lock buckets. + */ +#ifdef ISC_PLATFORM_USETHREADS +#define FDLOCK_COUNT 1024 +#define FDLOCK_ID(fd) ((fd) % FDLOCK_COUNT) +#else +#define FDLOCK_COUNT 1 +#define FDLOCK_ID(fd) 0 +#endif /* ISC_PLATFORM_USETHREADS */ + +/*% + * Maximum number of events communicated with the kernel. There should normally + * be no need for having a large number. + */ +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) +#ifndef ISC_SOCKET_MAXEVENTS +#define ISC_SOCKET_MAXEVENTS 64 +#endif +#endif + +/*% * Some systems define the socket length argument as an int, some as size_t, * some as socklen_t. This is here so it can be easily changed if needed. */ @@ -65,7 +207,7 @@ #define ISC_SOCKADDR_LEN_T unsigned int #endif -/* +/*% * Define what the possible "soft" errors can be. These are non-fatal returns * of various network related functions, like recv() and so on. * @@ -80,7 +222,7 @@ #define DLVL(x) ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_DEBUG(x) -/* +/*!< * DLVL(90) -- Function entry/exit and other tracing. * DLVL(70) -- Socket "correctness" -- including returning of events, etc. * DLVL(60) -- Socket data send/receive @@ -104,7 +246,7 @@ typedef isc_event_t intev_t; #define SOCKET_MAGIC ISC_MAGIC('I', 'O', 'i', 'o') #define VALID_SOCKET(t) ISC_MAGIC_VALID(t, SOCKET_MAGIC) -/* +/*! * IPv6 control information. If the socket is an IPv6 socket we want * to collect the destination address and interface so the client can * set them on outgoing packets. @@ -115,7 +257,7 @@ typedef isc_event_t intev_t; #endif #endif -/* +/*% * NetBSD and FreeBSD can timestamp packets. XXXMLG Should we have * a setsockopt() like interface to request timestamps, and if the OS * doesn't do it for us, call gettimeofday() on every UDP receive? @@ -126,7 +268,12 @@ typedef isc_event_t intev_t; #endif #endif -/* +/*% + * The size to raise the receive buffer to (from BIND 8). + */ +#define RCVBUFSIZE (32*1024) + +/*% * The number of times a send operation is repeated if the result is EINTR. */ #define NRETRIES 10 @@ -137,12 +284,15 @@ struct isc_socket { isc_socketmgr_t *manager; isc_mutex_t lock; isc_sockettype_t type; + const isc_statscounter_t *statsindex; /* Locked by socket lock. */ ISC_LINK(isc_socket_t) link; unsigned int references; int fd; int pf; + char name[16]; + void * tag; ISC_LIST(isc_socketevent_t) send_list; ISC_LIST(isc_socketevent_t) recv_list; @@ -157,7 +307,7 @@ struct isc_socket { intev_t readable_ev; intev_t writable_ev; - isc_sockaddr_t address; /* remote address */ + isc_sockaddr_t peer_address; /* remote address */ unsigned int pending_recv : 1, pending_send : 1, @@ -175,6 +325,11 @@ struct isc_socket { ISC_SOCKADDR_LEN_T recvcmsgbuflen; char *sendcmsgbuf; ISC_SOCKADDR_LEN_T sendcmsgbuflen; + + void *fdwatcharg; + isc_sockfdwatch_t fdwatchcb; + int fdwatchflags; + isc_task_t *fdwatchtask; }; #define SOCKET_MANAGER_MAGIC ISC_MAGIC('I', 'O', 'm', 'g') @@ -185,17 +340,51 @@ struct isc_socketmgr { unsigned int magic; isc_mem_t *mctx; isc_mutex_t lock; + isc_mutex_t *fdlock; + isc_stats_t *stats; +#ifdef USE_KQUEUE + int kqueue_fd; + int nevents; + struct kevent *events; +#endif /* USE_KQUEUE */ +#ifdef USE_EPOLL + int epoll_fd; + int nevents; + struct epoll_event *events; +#endif /* USE_EPOLL */ +#ifdef USE_DEVPOLL + int devpoll_fd; + int nevents; + struct pollfd *events; +#endif /* USE_DEVPOLL */ +#ifdef USE_SELECT + int fd_bufsize; +#endif /* USE_SELECT */ + unsigned int maxsocks; +#ifdef ISC_PLATFORM_USETHREADS + int pipe_fds[2]; +#endif + + /* Locked by fdlock. */ + isc_socket_t **fds; + int *fdstate; +#ifdef USE_DEVPOLL + pollinfo_t *fdpollinfo; +#endif + /* Locked by manager lock. */ ISC_LIST(isc_socket_t) socklist; - fd_set read_fds; - fd_set write_fds; - isc_socket_t *fds[FD_SETSIZE]; - int fdstate[FD_SETSIZE]; +#ifdef USE_SELECT + fd_set *read_fds; + fd_set *read_fds_copy; + fd_set *write_fds; + fd_set *write_fds_copy; int maxfd; +#endif /* USE_SELECT */ + int reserved; /* unlocked */ #ifdef ISC_PLATFORM_USETHREADS isc_thread_t watcher; isc_condition_t shutdown_ok; - int pipe_fds[2]; #else /* ISC_PLATFORM_USETHREADS */ unsigned int refs; #endif /* ISC_PLATFORM_USETHREADS */ @@ -205,9 +394,9 @@ struct isc_socketmgr { static isc_socketmgr_t *socketmgr = NULL; #endif /* ISC_PLATFORM_USETHREADS */ -#define CLOSED 0 /* this one must be zero */ -#define MANAGED 1 -#define CLOSE_PENDING 2 +#define CLOSED 0 /* this one must be zero */ +#define MANAGED 1 +#define CLOSE_PENDING 2 /* * send() and recv() iovec counts @@ -229,22 +418,115 @@ static void internal_accept(isc_task_t *, isc_event_t *); static void internal_connect(isc_task_t *, isc_event_t *); static void internal_recv(isc_task_t *, isc_event_t *); static void internal_send(isc_task_t *, isc_event_t *); +static void internal_fdwatch_write(isc_task_t *, isc_event_t *); +static void internal_fdwatch_read(isc_task_t *, isc_event_t *); static void process_cmsg(isc_socket_t *, struct msghdr *, isc_socketevent_t *); static void build_msghdr_send(isc_socket_t *, isc_socketevent_t *, struct msghdr *, struct iovec *, size_t *); static void build_msghdr_recv(isc_socket_t *, isc_socketevent_t *, struct msghdr *, struct iovec *, size_t *); +#ifdef ISC_PLATFORM_USETHREADS +static isc_boolean_t process_ctlfd(isc_socketmgr_t *manager); +#endif #define SELECT_POKE_SHUTDOWN (-1) #define SELECT_POKE_NOTHING (-2) #define SELECT_POKE_READ (-3) -#define SELECT_POKE_ACCEPT (-3) /* Same as _READ */ +#define SELECT_POKE_ACCEPT (-3) /*%< Same as _READ */ #define SELECT_POKE_WRITE (-4) -#define SELECT_POKE_CONNECT (-4) /* Same as _WRITE */ +#define SELECT_POKE_CONNECT (-4) /*%< Same as _WRITE */ #define SELECT_POKE_CLOSE (-5) #define SOCK_DEAD(s) ((s)->references == 0) +/*% + * Shortcut index arrays to get access to statistics counters. + */ +enum { + STATID_OPEN = 0, + STATID_OPENFAIL = 1, + STATID_CLOSE = 2, + STATID_BINDFAIL = 3, + STATID_CONNECTFAIL = 4, + STATID_CONNECT = 5, + STATID_ACCEPTFAIL = 6, + STATID_ACCEPT = 7, + STATID_SENDFAIL = 8, + STATID_RECVFAIL = 9 +}; +static const isc_statscounter_t upd4statsindex[] = { + isc_sockstatscounter_udp4open, + isc_sockstatscounter_udp4openfail, + isc_sockstatscounter_udp4close, + isc_sockstatscounter_udp4bindfail, + isc_sockstatscounter_udp4connectfail, + isc_sockstatscounter_udp4connect, + -1, + -1, + isc_sockstatscounter_udp4sendfail, + isc_sockstatscounter_udp4recvfail +}; +static const isc_statscounter_t upd6statsindex[] = { + isc_sockstatscounter_udp6open, + isc_sockstatscounter_udp6openfail, + isc_sockstatscounter_udp6close, + isc_sockstatscounter_udp6bindfail, + isc_sockstatscounter_udp6connectfail, + isc_sockstatscounter_udp6connect, + -1, + -1, + isc_sockstatscounter_udp6sendfail, + isc_sockstatscounter_udp6recvfail +}; +static const isc_statscounter_t tcp4statsindex[] = { + isc_sockstatscounter_tcp4open, + isc_sockstatscounter_tcp4openfail, + isc_sockstatscounter_tcp4close, + isc_sockstatscounter_tcp4bindfail, + isc_sockstatscounter_tcp4connectfail, + isc_sockstatscounter_tcp4connect, + isc_sockstatscounter_tcp4acceptfail, + isc_sockstatscounter_tcp4accept, + isc_sockstatscounter_tcp4sendfail, + isc_sockstatscounter_tcp4recvfail +}; +static const isc_statscounter_t tcp6statsindex[] = { + isc_sockstatscounter_tcp6open, + isc_sockstatscounter_tcp6openfail, + isc_sockstatscounter_tcp6close, + isc_sockstatscounter_tcp6bindfail, + isc_sockstatscounter_tcp6connectfail, + isc_sockstatscounter_tcp6connect, + isc_sockstatscounter_tcp6acceptfail, + isc_sockstatscounter_tcp6accept, + isc_sockstatscounter_tcp6sendfail, + isc_sockstatscounter_tcp6recvfail +}; +static const isc_statscounter_t unixstatsindex[] = { + isc_sockstatscounter_unixopen, + isc_sockstatscounter_unixopenfail, + isc_sockstatscounter_unixclose, + isc_sockstatscounter_unixbindfail, + isc_sockstatscounter_unixconnectfail, + isc_sockstatscounter_unixconnect, + isc_sockstatscounter_unixacceptfail, + isc_sockstatscounter_unixaccept, + isc_sockstatscounter_unixsendfail, + isc_sockstatscounter_unixrecvfail +}; +static const isc_statscounter_t fdwatchstatsindex[] = { + -1, + -1, + isc_sockstatscounter_fdwatchclose, + isc_sockstatscounter_fdwatchbindfail, + isc_sockstatscounter_fdwatchconnectfail, + isc_sockstatscounter_fdwatchconnect, + -1, + -1, + isc_sockstatscounter_fdwatchsendfail, + isc_sockstatscounter_fdwatchrecvfail +}; + static void manager_log(isc_socketmgr_t *sockmgr, isc_logcategory_t *category, isc_logmodule_t *module, int level, @@ -302,9 +584,206 @@ socket_log(isc_socket_t *sock, isc_sockaddr_t *address, } } +#if defined(_AIX) && defined(ISC_NET_BSD44MSGHDR) && \ + defined(USE_CMSG) && defined(IPV6_RECVPKTINFO) +/* + * AIX has a kernel bug where IPV6_RECVPKTINFO gets cleared by + * setting IPV6_V6ONLY. + */ +static void +FIX_IPV6_RECVPKTINFO(isc_socket_t *sock) +{ + char strbuf[ISC_STRERRORSIZE]; + int on = 1; + + if (sock->pf != AF_INET6 || sock->type != isc_sockettype_udp) + return; + + if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, + (void *)&on, sizeof(on)) < 0) { + + UNEXPECTED_ERROR(__FILE__, __LINE__, + "setsockopt(%d, IPV6_RECVPKTINFO) " + "%s: %s", sock->fd, + isc_msgcat_get(isc_msgcat, + ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, + "failed"), + strbuf); + } +} +#else +#define FIX_IPV6_RECVPKTINFO(sock) (void)0 +#endif + +/*% + * Increment socket-related statistics counters. + */ +static inline void +inc_stats(isc_stats_t *stats, isc_statscounter_t counterid) { + REQUIRE(counterid != -1); + + if (stats != NULL) + isc_stats_increment(stats, counterid); +} + +static inline isc_result_t +watch_fd(isc_socketmgr_t *manager, int fd, int msg) { + isc_result_t result = ISC_R_SUCCESS; + +#ifdef USE_KQUEUE + struct kevent evchange; + + memset(&evchange, 0, sizeof(evchange)); + if (msg == SELECT_POKE_READ) + evchange.filter = EVFILT_READ; + else + evchange.filter = EVFILT_WRITE; + evchange.flags = EV_ADD; + evchange.ident = fd; + if (kevent(manager->kqueue_fd, &evchange, 1, NULL, 0, NULL) != 0) + result = isc__errno2result(errno); + + return (result); +#elif defined(USE_EPOLL) + struct epoll_event event; + + if (msg == SELECT_POKE_READ) + event.events = EPOLLIN; + else + event.events = EPOLLOUT; + event.data.fd = fd; + if (epoll_ctl(manager->epoll_fd, EPOLL_CTL_ADD, fd, &event) == -1 && + errno != EEXIST) { + result = isc__errno2result(errno); + } + + return (result); +#elif defined(USE_DEVPOLL) + struct pollfd pfd; + int lockid = FDLOCK_ID(fd); + + memset(&pfd, 0, sizeof(pfd)); + if (msg == SELECT_POKE_READ) + pfd.events = POLLIN; + else + pfd.events = POLLOUT; + pfd.fd = fd; + pfd.revents = 0; + LOCK(&manager->fdlock[lockid]); + if (write(manager->devpoll_fd, &pfd, sizeof(pfd)) == -1) + result = isc__errno2result(errno); + else { + if (msg == SELECT_POKE_READ) + manager->fdpollinfo[fd].want_read = 1; + else + manager->fdpollinfo[fd].want_write = 1; + } + UNLOCK(&manager->fdlock[lockid]); + + return (result); +#elif defined(USE_SELECT) + LOCK(&manager->lock); + if (msg == SELECT_POKE_READ) + FD_SET(fd, manager->read_fds); + if (msg == SELECT_POKE_WRITE) + FD_SET(fd, manager->write_fds); + UNLOCK(&manager->lock); + + return (result); +#endif +} + +static inline isc_result_t +unwatch_fd(isc_socketmgr_t *manager, int fd, int msg) { + isc_result_t result = ISC_R_SUCCESS; + +#ifdef USE_KQUEUE + struct kevent evchange; + + memset(&evchange, 0, sizeof(evchange)); + if (msg == SELECT_POKE_READ) + evchange.filter = EVFILT_READ; + else + evchange.filter = EVFILT_WRITE; + evchange.flags = EV_DELETE; + evchange.ident = fd; + if (kevent(manager->kqueue_fd, &evchange, 1, NULL, 0, NULL) != 0) + result = isc__errno2result(errno); + + return (result); +#elif defined(USE_EPOLL) + struct epoll_event event; + + if (msg == SELECT_POKE_READ) + event.events = EPOLLIN; + else + event.events = EPOLLOUT; + event.data.fd = fd; + if (epoll_ctl(manager->epoll_fd, EPOLL_CTL_DEL, fd, &event) == -1 && + errno != ENOENT) { + char strbuf[ISC_STRERRORSIZE]; + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "epoll_ctl(DEL), %d: %s", fd, strbuf); + result = ISC_R_UNEXPECTED; + } + return (result); +#elif defined(USE_DEVPOLL) + struct pollfd pfds[2]; + size_t writelen = sizeof(pfds[0]); + int lockid = FDLOCK_ID(fd); + + memset(pfds, 0, sizeof(pfds)); + pfds[0].events = POLLREMOVE; + pfds[0].fd = fd; + + /* + * Canceling read or write polling via /dev/poll is tricky. Since it + * only provides a way of canceling per FD, we may need to re-poll the + * socket for the other operation. + */ + LOCK(&manager->fdlock[lockid]); + if (msg == SELECT_POKE_READ && + manager->fdpollinfo[fd].want_write == 1) { + pfds[1].events = POLLOUT; + pfds[1].fd = fd; + writelen += sizeof(pfds[1]); + } + if (msg == SELECT_POKE_WRITE && + manager->fdpollinfo[fd].want_read == 1) { + pfds[1].events = POLLIN; + pfds[1].fd = fd; + writelen += sizeof(pfds[1]); + } + + if (write(manager->devpoll_fd, pfds, writelen) == -1) + result = isc__errno2result(errno); + else { + if (msg == SELECT_POKE_READ) + manager->fdpollinfo[fd].want_read = 0; + else + manager->fdpollinfo[fd].want_write = 0; + } + UNLOCK(&manager->fdlock[lockid]); + + return (result); +#elif defined(USE_SELECT) + LOCK(&manager->lock); + if (msg == SELECT_POKE_READ) + FD_CLR(fd, manager->read_fds); + else if (msg == SELECT_POKE_WRITE) + FD_CLR(fd, manager->write_fds); + UNLOCK(&manager->lock); + + return (result); +#endif +} + static void wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) { - isc_socket_t *sock; + isc_result_t result; + int lockid = FDLOCK_ID(fd); /* * This is a wakeup on a socket. If the socket is not in the @@ -312,27 +791,55 @@ wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) { * or writes. */ - INSIST(fd >= 0 && fd < (int)FD_SETSIZE); + INSIST(fd >= 0 && fd < (int)manager->maxsocks); - if (manager->fdstate[fd] == CLOSE_PENDING) { + if (msg == SELECT_POKE_CLOSE) { + /* No one should be updating fdstate, so no need to lock it */ + INSIST(manager->fdstate[fd] == CLOSE_PENDING); manager->fdstate[fd] = CLOSED; - FD_CLR(fd, &manager->read_fds); - FD_CLR(fd, &manager->write_fds); + (void)unwatch_fd(manager, fd, SELECT_POKE_READ); + (void)unwatch_fd(manager, fd, SELECT_POKE_WRITE); (void)close(fd); return; } - if (manager->fdstate[fd] != MANAGED) - return; - sock = manager->fds[fd]; + LOCK(&manager->fdlock[lockid]); + if (manager->fdstate[fd] == CLOSE_PENDING) { + UNLOCK(&manager->fdlock[lockid]); + + /* + * We accept (and ignore) any error from unwatch_fd() as we are + * closing the socket, hoping it doesn't leave dangling state in + * the kernel. + * Note that unwatch_fd() must be called after releasing the + * fdlock; otherwise it could cause deadlock due to a lock order + * reversal. + */ + (void)unwatch_fd(manager, fd, SELECT_POKE_READ); + (void)unwatch_fd(manager, fd, SELECT_POKE_WRITE); + return; + } + if (manager->fdstate[fd] != MANAGED) { + UNLOCK(&manager->fdlock[lockid]); + return; + } + UNLOCK(&manager->fdlock[lockid]); /* * Set requested bit. */ - if (msg == SELECT_POKE_READ) - FD_SET(sock->fd, &manager->read_fds); - if (msg == SELECT_POKE_WRITE) - FD_SET(sock->fd, &manager->write_fds); + result = watch_fd(manager, fd, msg); + if (result != ISC_R_SUCCESS) { + /* + * XXXJT: what should we do? Ignoring the failure of watching + * a socket will make the application dysfunctional, but there + * seems to be no reasonable recovery process. + */ + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + "failed to start watching FD (%d): %s", + fd, isc_result_totext(result)); + } } #ifdef ISC_PLATFORM_USETHREADS @@ -400,7 +907,7 @@ select_readmsg(isc_socketmgr_t *mgr, int *fd, int *msg) { "read() failed " "during watcher poke: %s"), strbuf); - + return; } INSIST(cc == sizeof(buf)); @@ -505,7 +1012,7 @@ cmsg_space(ISC_SOCKADDR_LEN_T len) { return ((char *)cmsgp - (char *)msg.msg_control); else return (0); -#endif +#endif } #endif /* USE_CMSG */ @@ -579,7 +1086,7 @@ process_cmsg(isc_socket_t *sock, struct msghdr *msg, isc_socketevent_t *dev) { "interface received on ifindex %u", dev->pktinfo.ipi6_ifindex); if (IN6_IS_ADDR_MULTICAST(&pktinfop->ipi6_addr)) - dev->attributes |= ISC_SOCKEVENTATTR_MULTICAST; + dev->attributes |= ISC_SOCKEVENTATTR_MULTICAST; goto next; } #endif @@ -627,7 +1134,7 @@ build_msghdr_send(isc_socket_t *sock, isc_socketevent_t *dev, memset(msg, 0, sizeof(*msg)); - if (sock->type == isc_sockettype_udp) { + if (!sock->connected) { msg->msg_name = (void *)&dev->address.type.sa; msg->msg_namelen = dev->address.length; } else { @@ -724,7 +1231,7 @@ build_msghdr_send(isc_socket_t *sock, isc_socketevent_t *dev, /* * Construct an iov array and attach it to the msghdr passed in. This is - * the RECV constructor, which will use the avialable region of the buffer + * the RECV constructor, which will use the available region of the buffer * (if using a buffer list) or will use the internal region (if a single * buffer I/O is requested). * @@ -774,7 +1281,7 @@ build_msghdr_recv(isc_socket_t *sock, isc_socketevent_t *dev, } else { /* TCP */ msg->msg_name = NULL; msg->msg_namelen = 0; - dev->address = sock->address; + dev->address = sock->peer_address; } buffer = ISC_LIST_HEAD(dev->bufferlist); @@ -863,13 +1370,22 @@ set_dev_address(isc_sockaddr_t *address, isc_socket_t *sock, if (address != NULL) dev->address = *address; else - dev->address = sock->address; + dev->address = sock->peer_address; } else if (sock->type == isc_sockettype_tcp) { INSIST(address == NULL); - dev->address = sock->address; + dev->address = sock->peer_address; } } +static void +destroy_socketevent(isc_event_t *event) { + isc_socketevent_t *ev = (isc_socketevent_t *)event; + + INSIST(ISC_LIST_EMPTY(ev->bufferlist)); + + (ev->destroy)(event); +} + static isc_socketevent_t * allocate_socketevent(isc_socket_t *sock, isc_eventtype_t eventtype, isc_taskaction_t action, const void *arg) @@ -891,6 +1407,8 @@ allocate_socketevent(isc_socket_t *sock, isc_eventtype_t eventtype, ev->n = 0; ev->offset = 0; ev->attributes = 0; + ev->destroy = ev->ev_destroy; + ev->ev_destroy = destroy_socketevent; return (ev); } @@ -901,15 +1419,17 @@ dump_msg(struct msghdr *msg) { unsigned int i; printf("MSGHDR %p\n", msg); - printf("\tname %p, namelen %d\n", msg->msg_name, msg->msg_namelen); - printf("\tiov %p, iovlen %d\n", msg->msg_iov, msg->msg_iovlen); + printf("\tname %p, namelen %ld\n", msg->msg_name, + (long) msg->msg_namelen); + printf("\tiov %p, iovlen %ld\n", msg->msg_iov, + (long) msg->msg_iovlen); for (i = 0; i < (unsigned int)msg->msg_iovlen; i++) - printf("\t\t%d\tbase %p, len %d\n", i, + printf("\t\t%d\tbase %p, len %ld\n", i, msg->msg_iov[i].iov_base, - msg->msg_iov[i].iov_len); + (long) msg->msg_iov[i].iov_len); #ifdef ISC_NET_BSD44MSGHDR - printf("\tcontrol %p, controllen %d\n", msg->msg_control, - msg->msg_controllen); + printf("\tcontrol %p, controllen %ld\n", msg->msg_control, + (long) msg->msg_controllen); #endif } #endif @@ -951,7 +1471,7 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) { isc__strerror(recv_errno, strbuf, sizeof(strbuf)); socket_log(sock, NULL, IOEVENT, isc_msgcat, ISC_MSGSET_SOCKET, - ISC_MSG_DOIORECV, + ISC_MSG_DOIORECV, "doio_recv: recvmsg(%d) %d bytes, err %d/%s", sock->fd, cc, recv_errno, strbuf); } @@ -960,6 +1480,8 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) { if (recv_errno == _system) { \ if (sock->connected) { \ dev->result = _isc; \ + inc_stats(sock->manager->stats, \ + sock->statsindex[STATID_RECVFAIL]); \ return (DOIO_HARD); \ } \ return (DOIO_SOFT); \ @@ -967,6 +1489,8 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) { #define ALWAYS_HARD(_system, _isc) \ if (recv_errno == _system) { \ dev->result = _isc; \ + inc_stats(sock->manager->stats, \ + sock->statsindex[STATID_RECVFAIL]); \ return (DOIO_HARD); \ } @@ -977,11 +1501,21 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) { /* HPUX 11.11 can return EADDRNOTAVAIL. */ SOFT_OR_HARD(EADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL); ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES); + /* + * HPUX returns EPROTO and EINVAL on receiving some ICMP/ICMPv6 + * errors. + */ +#ifdef EPROTO + SOFT_OR_HARD(EPROTO, ISC_R_HOSTUNREACH); +#endif + SOFT_OR_HARD(EINVAL, ISC_R_HOSTUNREACH); #undef SOFT_OR_HARD #undef ALWAYS_HARD dev->result = isc__errno2result(recv_errno); + inc_stats(sock->manager->stats, + sock->statsindex[STATID_RECVFAIL]); return (DOIO_HARD); } @@ -999,7 +1533,7 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) { if (isc_log_wouldlog(isc_lctx, IOEVENT_LEVEL)) { socket_log(sock, &dev->address, IOEVENT, isc_msgcat, ISC_MSGSET_SOCKET, - ISC_MSG_ZEROPORT, + ISC_MSG_ZEROPORT, "dropping source port zero packet"); } return (DOIO_SOFT); @@ -1110,6 +1644,8 @@ doio_send(isc_socket_t *sock, isc_socketevent_t *dev) { if (send_errno == _system) { \ if (sock->connected) { \ dev->result = _isc; \ + inc_stats(sock->manager->stats, \ + sock->statsindex[STATID_SENDFAIL]); \ return (DOIO_HARD); \ } \ return (DOIO_SOFT); \ @@ -1117,6 +1653,8 @@ doio_send(isc_socket_t *sock, isc_socketevent_t *dev) { #define ALWAYS_HARD(_system, _isc) \ if (send_errno == _system) { \ dev->result = _isc; \ + inc_stats(sock->manager->stats, \ + sock->statsindex[STATID_SENDFAIL]); \ return (DOIO_HARD); \ } @@ -1151,14 +1689,19 @@ doio_send(isc_socket_t *sock, isc_socketevent_t *dev) { UNEXPECTED_ERROR(__FILE__, __LINE__, "internal_send: %s: %s", addrbuf, strbuf); dev->result = isc__errno2result(send_errno); + inc_stats(sock->manager->stats, + sock->statsindex[STATID_SENDFAIL]); return (DOIO_HARD); } - if (cc == 0) + if (cc == 0) { + inc_stats(sock->manager->stats, + sock->statsindex[STATID_SENDFAIL]); UNEXPECTED_ERROR(__FILE__, __LINE__, - "internal_send: send() %s 0", + "doio_send: send() %s 0", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_RETURNED, "returned")); + } /* * If we write less than we expected, update counters, poke. @@ -1181,8 +1724,72 @@ doio_send(isc_socket_t *sock, isc_socketevent_t *dev) { * Caller must ensure that the socket is not locked and no external * references exist. */ +static void +closesocket(isc_socketmgr_t *manager, isc_socket_t *sock, int fd) { + isc_sockettype_t type = sock->type; + int lockid = FDLOCK_ID(fd); + + /* + * No one has this socket open, so the watcher doesn't have to be + * poked, and the socket doesn't have to be locked. + */ + LOCK(&manager->fdlock[lockid]); + manager->fds[fd] = NULL; + if (type == isc_sockettype_fdwatch) + manager->fdstate[fd] = CLOSED; + else + manager->fdstate[fd] = CLOSE_PENDING; + UNLOCK(&manager->fdlock[lockid]); + if (type == isc_sockettype_fdwatch) { + /* + * The caller may close the socket once this function returns, + * and `fd' may be reassigned for a new socket. So we do + * unwatch_fd() here, rather than defer it via select_poke(). + * Note: this may complicate data protection among threads and + * may reduce performance due to additional locks. One way to + * solve this would be to dup() the watched descriptor, but we + * take a simpler approach at this moment. + */ + (void)unwatch_fd(manager, fd, SELECT_POKE_READ); + (void)unwatch_fd(manager, fd, SELECT_POKE_WRITE); + } else + select_poke(manager, fd, SELECT_POKE_CLOSE); + + inc_stats(manager->stats, sock->statsindex[STATID_CLOSE]); + + /* + * update manager->maxfd here (XXX: this should be implemented more + * efficiently) + */ +#ifdef USE_SELECT + LOCK(&manager->lock); + if (manager->maxfd == fd) { + int i; + + manager->maxfd = 0; + for (i = fd - 1; i >= 0; i--) { + lockid = FDLOCK_ID(i); + + LOCK(&manager->fdlock[lockid]); + if (manager->fdstate[i] == MANAGED) { + manager->maxfd = i; + UNLOCK(&manager->fdlock[lockid]); + break; + } + UNLOCK(&manager->fdlock[lockid]); + } +#ifdef ISC_PLATFORM_USETHREADS + if (manager->maxfd < manager->pipe_fds[0]) + manager->maxfd = manager->pipe_fds[0]; +#endif + } + UNLOCK(&manager->lock); +#endif /* USE_SELECT */ +} + static void destroy(isc_socket_t **sockp) { + int fd; isc_socket_t *sock = *sockp; isc_socketmgr_t *manager = sock->manager; @@ -1193,17 +1800,16 @@ destroy(isc_socket_t **sockp) { INSIST(ISC_LIST_EMPTY(sock->recv_list)); INSIST(ISC_LIST_EMPTY(sock->send_list)); INSIST(sock->connect_ev == NULL); - REQUIRE(sock->fd >= 0 && sock->fd < (int)FD_SETSIZE); + REQUIRE(sock->fd == -1 || sock->fd < (int)manager->maxsocks); + + if (sock->fd >= 0) { + fd = sock->fd; + sock->fd = -1; + closesocket(manager, sock, fd); + } LOCK(&manager->lock); - /* - * No one has this socket open, so the watcher doesn't have to be - * poked, and the socket doesn't have to be locked. - */ - manager->fds[sock->fd] = NULL; - manager->fdstate[sock->fd] = CLOSE_PENDING; - select_poke(manager, sock->fd, SELECT_POKE_CLOSE); ISC_LIST_UNLINK(manager->socklist, sock, link); #ifdef ISC_PLATFORM_USETHREADS @@ -1211,10 +1817,6 @@ destroy(isc_socket_t **sockp) { SIGNAL(&manager->shutdown_ok); #endif /* ISC_PLATFORM_USETHREADS */ - /* - * XXX should reset manager->maxfd here - */ - UNLOCK(&manager->lock); free_socket(sockp); @@ -1225,7 +1827,7 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type, isc_socket_t **socketp) { isc_socket_t *sock; - isc_result_t ret; + isc_result_t result; ISC_SOCKADDR_LEN_T cmsgbuflen; sock = isc_mem_get(manager->mctx, sizeof(*sock)); @@ -1233,7 +1835,7 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type, if (sock == NULL) return (ISC_R_NOMEMORY); - ret = ISC_R_UNEXPECTED; + result = ISC_R_UNEXPECTED; sock->magic = 0; sock->references = 0; @@ -1241,6 +1843,7 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type, sock->manager = manager; sock->type = type; sock->fd = -1; + sock->statsindex = NULL; ISC_LINK_INIT(sock, link); @@ -1275,6 +1878,11 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type, goto error; } + memset(sock->name, 0, sizeof(sock->name)); + + memset(sock->name, 0, sizeof(sock->name)); + sock->tag = NULL; + /* * set up list of readers and writers to be initially empty */ @@ -1293,13 +1901,9 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type, /* * initialize the lock */ - if (isc_mutex_init(&sock->lock) != ISC_R_SUCCESS) { + result = isc_mutex_init(&sock->lock); + if (result != ISC_R_SUCCESS) { sock->magic = 0; - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - ret = ISC_R_UNEXPECTED; goto error; } @@ -1327,7 +1931,7 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type, sock->sendcmsgbuflen); isc_mem_put(manager->mctx, sock, sizeof(*sock)); - return (ret); + return (result); } /* @@ -1368,46 +1972,92 @@ free_socket(isc_socket_t **socketp) { *socketp = NULL; } +#ifdef SO_BSDCOMPAT /* - * Create a new 'type' socket managed by 'manager'. Events - * will be posted to 'task' and when dispatched 'action' will be - * called with 'arg' as the arg value. The new socket is returned - * in 'socketp'. + * This really should not be necessary to do. Having to workout + * which kernel version we are on at run time so that we don't cause + * the kernel to issue a warning about us using a deprecated socket option. + * Such warnings should *never* be on by default in production kernels. + * + * We can't do this a build time because executables are moved between + * machines and hence kernels. + * + * We can't just not set SO_BSDCOMAT because some kernels require it. */ -isc_result_t -isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, - isc_socket_t **socketp) -{ - isc_socket_t *sock = NULL; - isc_result_t ret; -#if defined(USE_CMSG) || defined(SO_BSDCOMPAT) - int on = 1; + +static isc_once_t bsdcompat_once = ISC_ONCE_INIT; +isc_boolean_t bsdcompat = ISC_TRUE; + +static void +clear_bsdcompat(void) { +#ifdef __linux__ + struct utsname buf; + char *endp; + long int major; + long int minor; + + uname(&buf); /* Can only fail if buf is bad in Linux. */ + + /* Paranoia in parsing can be increased, but we trust uname(). */ + major = strtol(buf.release, &endp, 10); + if (*endp == '.') { + minor = strtol(endp+1, &endp, 10); + if ((major > 2) || ((major == 2) && (minor >= 4))) { + bsdcompat = ISC_FALSE; + } + } +#endif /* __linux __ */ +} #endif + +static isc_result_t +opensocket(isc_socketmgr_t *manager, isc_socket_t *sock) { char strbuf[ISC_STRERRORSIZE]; const char *err = "socket"; + int tries = 0; +#if defined(USE_CMSG) || defined(SO_BSDCOMPAT) + int on = 1; +#endif +#if defined(SO_RCVBUF) + ISC_SOCKADDR_LEN_T optlen; + int size; +#endif - REQUIRE(VALID_MANAGER(manager)); - REQUIRE(socketp != NULL && *socketp == NULL); - - ret = allocate_socket(manager, type, &sock); - if (ret != ISC_R_SUCCESS) - return (ret); - - sock->pf = pf; - switch (type) { + again: + switch (sock->type) { case isc_sockettype_udp: - sock->fd = socket(pf, SOCK_DGRAM, IPPROTO_UDP); + sock->fd = socket(sock->pf, SOCK_DGRAM, IPPROTO_UDP); break; case isc_sockettype_tcp: - sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP); + sock->fd = socket(sock->pf, SOCK_STREAM, IPPROTO_TCP); break; - } - -#ifdef F_DUPFD + case isc_sockettype_unix: + sock->fd = socket(sock->pf, SOCK_STREAM, 0); + break; + case isc_sockettype_fdwatch: + /* + * We should not be called for isc_sockettype_fdwatch sockets. + */ + INSIST(0); + break; + } + if (sock->fd == -1 && errno == EINTR && tries++ < 42) + goto again; + +#ifdef F_DUPFD /* - * Leave a space for stdio to work in. + * Leave a space for stdio and TCP to work in. */ - if (sock->fd >= 0 && sock->fd < 20) { + if (manager->reserved != 0 && sock->type == isc_sockettype_udp && + sock->fd >= 0 && sock->fd < manager->reserved) { + int new, tmp; + new = fcntl(sock->fd, F_DUPFD, manager->reserved); + tmp = errno; + (void)close(sock->fd); + errno = tmp; + sock->fd = new; + err = "isc_socket_create: fcntl/reserved"; + } else if (sock->fd >= 0 && sock->fd < 20) { int new, tmp; new = fcntl(sock->fd, F_DUPFD, 20); tmp = errno; @@ -1418,23 +2068,28 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, } #endif - if (sock->fd >= (int)FD_SETSIZE) { + if (sock->fd >= (int)manager->maxsocks) { (void)close(sock->fd); isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_TOOMANYFDS, - "%s: too many open file descriptors", "socket"); - free_socket(&sock); + "socket: file descriptor exceeds limit (%d/%u)", + sock->fd, manager->maxsocks); return (ISC_R_NORESOURCES); } - - if (sock->fd < 0) { - free_socket(&sock); + if (sock->fd < 0) { switch (errno) { case EMFILE: case ENFILE: + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + isc_msgcat, ISC_MSGSET_SOCKET, + ISC_MSG_TOOMANYFDS, + "%s: %s", err, strbuf); + /* fallthrough */ case ENOBUFS: return (ISC_R_NORESOURCES); @@ -1463,12 +2118,14 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, if (make_nonblock(sock->fd) != ISC_R_SUCCESS) { (void)close(sock->fd); - free_socket(&sock); return (ISC_R_UNEXPECTED); } #ifdef SO_BSDCOMPAT - if (setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT, + RUNTIME_CHECK(isc_once_do(&bsdcompat_once, + clear_bsdcompat) == ISC_R_SUCCESS); + if (sock->type != isc_sockettype_unix && bsdcompat && + setsockopt(sock->fd, SOL_SOCKET, SO_BSDCOMPAT, (void *)&on, sizeof(on)) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -1481,9 +2138,24 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, } #endif -#if defined(USE_CMSG) - if (type == isc_sockettype_udp) { +#ifdef SO_NOSIGPIPE + if (setsockopt(sock->fd, SOL_SOCKET, SO_NOSIGPIPE, + (void *)&on, sizeof(on)) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "setsockopt(%d, SO_NOSIGPIPE) %s: %s", + sock->fd, + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + strbuf); + /* Press on... */ + } +#endif +#if defined(USE_CMSG) || defined(SO_RCVBUF) + if (sock->type == isc_sockettype_udp) { + +#if defined(USE_CMSG) #if defined(SO_TIMESTAMP) if (setsockopt(sock->fd, SOL_SOCKET, SO_TIMESTAMP, (void *)&on, sizeof(on)) < 0 @@ -1491,7 +2163,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "setsockopt(%d, SO_TIMESTAMP) %s: %s", - sock->fd, + sock->fd, isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, @@ -1502,7 +2174,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, #endif /* SO_TIMESTAMP */ #if defined(ISC_PLATFORM_HAVEIPV6) - if (pf == AF_INET6 && sock->recvcmsgbuflen == 0U) { + if (sock->pf == AF_INET6 && sock->recvcmsgbuflen == 0U) { /* * Warn explicitly because this anomaly can be hidden * in usual operation (and unexpectedly appear later). @@ -1513,8 +2185,8 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, } #ifdef ISC_PLATFORM_HAVEIN6PKTINFO #ifdef IPV6_RECVPKTINFO - /* 2292bis */ - if ((pf == AF_INET6) + /* RFC 3542 */ + if ((sock->pf == AF_INET6) && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, (void *)&on, sizeof(on)) < 0)) { isc__strerror(errno, strbuf, sizeof(strbuf)); @@ -1528,8 +2200,8 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, strbuf); } #else - /* 2292 */ - if ((pf == AF_INET6) + /* RFC 2292 */ + if ((sock->pf == AF_INET6) && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_PKTINFO, (void *)&on, sizeof(on)) < 0)) { isc__strerror(errno, strbuf, sizeof(strbuf)); @@ -1544,39 +2216,245 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, } #endif /* IPV6_RECVPKTINFO */ #endif /* ISC_PLATFORM_HAVEIN6PKTINFO */ -#ifdef IPV6_USE_MIN_MTU /*2292bis, not too common yet*/ +#ifdef IPV6_USE_MIN_MTU /* RFC 3542, not too common yet*/ /* use minimum MTU */ - if (pf == AF_INET6) { + if (sock->pf == AF_INET6) { (void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU, (void *)&on, sizeof(on)); } #endif #endif /* ISC_PLATFORM_HAVEIPV6 */ +#endif /* defined(USE_CMSG) */ + +#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) + /* + * Turn off Path MTU discovery on IPv4/UDP sockets. + */ + if (sock->pf == AF_INET) { + int action = IP_PMTUDISC_DONT; + (void)setsockopt(sock->fd, IPPROTO_IP, IP_MTU_DISCOVER, + &action, sizeof(action)); + } +#endif +#if defined(IP_DONTFRAG) + /* + * Turn off Path MTU discovery on IPv4/UDP sockets. + */ + if (sock->pf == AF_INET) { + int off = 0; + (void)setsockopt(sock->fd, IPPROTO_IP, IP_DONTFRAG, + &off, sizeof(off)); + } +#endif +#if defined(SO_RCVBUF) + optlen = sizeof(size); + if (getsockopt(sock->fd, SOL_SOCKET, SO_RCVBUF, + (void *)&size, &optlen) >= 0 && + size < RCVBUFSIZE) { + size = RCVBUFSIZE; + if (setsockopt(sock->fd, SOL_SOCKET, SO_RCVBUF, + (void *)&size, sizeof(size)) == -1) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "setsockopt(%d, SO_RCVBUF, %d) %s: %s", + sock->fd, size, + isc_msgcat_get(isc_msgcat, + ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, + "failed"), + strbuf); + } + } +#endif + } +#endif /* defined(USE_CMSG) || defined(SO_RCVBUF) */ + + inc_stats(manager->stats, sock->statsindex[STATID_OPEN]); + + return (ISC_R_SUCCESS); +} + +/*% + * Create a new 'type' socket managed by 'manager'. Events + * will be posted to 'task' and when dispatched 'action' will be + * called with 'arg' as the arg value. The new socket is returned + * in 'socketp'. + */ +isc_result_t +isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type, + isc_socket_t **socketp) +{ + isc_socket_t *sock = NULL; + isc_result_t result; + int lockid; + + REQUIRE(VALID_MANAGER(manager)); + REQUIRE(socketp != NULL && *socketp == NULL); + REQUIRE(type != isc_sockettype_fdwatch); + + result = allocate_socket(manager, type, &sock); + if (result != ISC_R_SUCCESS) + return (result); + + switch (sock->type) { + case isc_sockettype_udp: + sock->statsindex = + (pf == AF_INET) ? upd4statsindex : upd6statsindex; + break; + case isc_sockettype_tcp: + sock->statsindex = + (pf == AF_INET) ? tcp4statsindex : tcp6statsindex; + break; + case isc_sockettype_unix: + sock->statsindex = unixstatsindex; + break; + default: + INSIST(0); + } + + sock->pf = pf; + result = opensocket(manager, sock); + if (result != ISC_R_SUCCESS) { + inc_stats(manager->stats, sock->statsindex[STATID_OPENFAIL]); + free_socket(&sock); + return (result); } -#endif /* USE_CMSG */ sock->references = 1; *socketp = sock; + /* + * Note we don't have to lock the socket like we normally would because + * there are no external references to it yet. + */ + + lockid = FDLOCK_ID(sock->fd); + LOCK(&manager->fdlock[lockid]); + manager->fds[sock->fd] = sock; + manager->fdstate[sock->fd] = MANAGED; +#ifdef USE_DEVPOLL + INSIST(sock->manager->fdpollinfo[sock->fd].want_read == 0 && + sock->manager->fdpollinfo[sock->fd].want_write == 0); +#endif + UNLOCK(&manager->fdlock[lockid]); + LOCK(&manager->lock); + ISC_LIST_APPEND(manager->socklist, sock, link); +#ifdef USE_SELECT + if (manager->maxfd < sock->fd) + manager->maxfd = sock->fd; +#endif + UNLOCK(&manager->lock); + + socket_log(sock, NULL, CREATION, isc_msgcat, ISC_MSGSET_SOCKET, + ISC_MSG_CREATED, "created"); + + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_socket_open(isc_socket_t *sock) { + isc_result_t result; + + REQUIRE(VALID_SOCKET(sock)); + + LOCK(&sock->lock); + REQUIRE(sock->references == 1); + REQUIRE(sock->type != isc_sockettype_fdwatch); + UNLOCK(&sock->lock); + /* + * We don't need to retain the lock hereafter, since no one else has + * this socket. + */ + REQUIRE(sock->fd == -1); + + result = opensocket(sock->manager, sock); + if (result != ISC_R_SUCCESS) + sock->fd = -1; + + if (result == ISC_R_SUCCESS) { + int lockid = FDLOCK_ID(sock->fd); + + LOCK(&sock->manager->fdlock[lockid]); + sock->manager->fds[sock->fd] = sock; + sock->manager->fdstate[sock->fd] = MANAGED; +#ifdef USE_DEVPOLL + INSIST(sock->manager->fdpollinfo[sock->fd].want_read == 0 && + sock->manager->fdpollinfo[sock->fd].want_write == 0); +#endif + UNLOCK(&sock->manager->fdlock[lockid]); + +#ifdef USE_SELECT + LOCK(&sock->manager->lock); + if (sock->manager->maxfd < sock->fd) + sock->manager->maxfd = sock->fd; + UNLOCK(&sock->manager->lock); +#endif + } + + return (result); +} + +/* + * Create a new 'type' socket managed by 'manager'. Events + * will be posted to 'task' and when dispatched 'action' will be + * called with 'arg' as the arg value. The new socket is returned + * in 'socketp'. + */ +isc_result_t +isc_socket_fdwatchcreate(isc_socketmgr_t *manager, int fd, int flags, + isc_sockfdwatch_t callback, void *cbarg, + isc_task_t *task, isc_socket_t **socketp) +{ + isc_socket_t *sock = NULL; + isc_result_t result; + int lockid; + + REQUIRE(VALID_MANAGER(manager)); + REQUIRE(socketp != NULL && *socketp == NULL); + + result = allocate_socket(manager, isc_sockettype_fdwatch, &sock); + if (result != ISC_R_SUCCESS) + return (result); + + sock->fd = fd; + sock->fdwatcharg = cbarg; + sock->fdwatchcb = callback; + sock->fdwatchflags = flags; + sock->fdwatchtask = task; + sock->statsindex = fdwatchstatsindex; + + sock->references = 1; + *socketp = sock; /* * Note we don't have to lock the socket like we normally would because * there are no external references to it yet. */ + lockid = FDLOCK_ID(sock->fd); + LOCK(&manager->fdlock[lockid]); manager->fds[sock->fd] = sock; manager->fdstate[sock->fd] = MANAGED; + UNLOCK(&manager->fdlock[lockid]); + + LOCK(&manager->lock); ISC_LIST_APPEND(manager->socklist, sock, link); +#ifdef USE_SELECT if (manager->maxfd < sock->fd) manager->maxfd = sock->fd; - +#endif UNLOCK(&manager->lock); + if (flags & ISC_SOCKFDWATCH_READ) + select_poke(sock->manager, sock->fd, SELECT_POKE_READ); + if (flags & ISC_SOCKFDWATCH_WRITE) + select_poke(sock->manager, sock->fd, SELECT_POKE_WRITE); + socket_log(sock, NULL, CREATION, isc_msgcat, ISC_MSGSET_SOCKET, - ISC_MSG_CREATED, "created"); + ISC_MSG_CREATED, "fdwatch-created"); return (ISC_R_SUCCESS); } @@ -1622,6 +2500,48 @@ isc_socket_detach(isc_socket_t **socketp) { *socketp = NULL; } +isc_result_t +isc_socket_close(isc_socket_t *sock) { + int fd; + isc_socketmgr_t *manager; + isc_sockettype_t type; + + REQUIRE(VALID_SOCKET(sock)); + + LOCK(&sock->lock); + + REQUIRE(sock->references == 1); + REQUIRE(sock->type != isc_sockettype_fdwatch); + REQUIRE(sock->fd >= 0 && sock->fd < (int)sock->manager->maxsocks); + + INSIST(!sock->connecting); + INSIST(!sock->pending_recv); + INSIST(!sock->pending_send); + INSIST(!sock->pending_accept); + INSIST(ISC_LIST_EMPTY(sock->recv_list)); + INSIST(ISC_LIST_EMPTY(sock->send_list)); + INSIST(ISC_LIST_EMPTY(sock->accept_list)); + INSIST(sock->connect_ev == NULL); + + manager = sock->manager; + type = sock->type; + fd = sock->fd; + sock->fd = -1; + memset(sock->name, 0, sizeof(sock->name)); + sock->tag = NULL; + sock->listener = 0; + sock->connected = 0; + sock->connecting = 0; + sock->bound = 0; + isc_sockaddr_any(&sock->peer_address); + + UNLOCK(&sock->lock); + + closesocket(manager, sock, fd); + + return (ISC_R_SUCCESS); +} + /* * I/O is possible on a given socket. Schedule an event to this task that * will call an internal function to do the I/O. This will charge the @@ -1634,50 +2554,68 @@ static void dispatch_recv(isc_socket_t *sock) { intev_t *iev; isc_socketevent_t *ev; + isc_task_t *sender; INSIST(!sock->pending_recv); - ev = ISC_LIST_HEAD(sock->recv_list); - if (ev == NULL) - return; + if (sock->type != isc_sockettype_fdwatch) { + ev = ISC_LIST_HEAD(sock->recv_list); + if (ev == NULL) + return; + socket_log(sock, NULL, EVENT, NULL, 0, 0, + "dispatch_recv: event %p -> task %p", + ev, ev->ev_sender); + sender = ev->ev_sender; + } else { + sender = sock->fdwatchtask; + } sock->pending_recv = 1; iev = &sock->readable_ev; - socket_log(sock, NULL, EVENT, NULL, 0, 0, - "dispatch_recv: event %p -> task %p", ev, ev->ev_sender); - sock->references++; iev->ev_sender = sock; - iev->ev_action = internal_recv; + if (sock->type == isc_sockettype_fdwatch) + iev->ev_action = internal_fdwatch_read; + else + iev->ev_action = internal_recv; iev->ev_arg = sock; - isc_task_send(ev->ev_sender, (isc_event_t **)&iev); + isc_task_send(sender, (isc_event_t **)&iev); } static void dispatch_send(isc_socket_t *sock) { intev_t *iev; isc_socketevent_t *ev; + isc_task_t *sender; INSIST(!sock->pending_send); - ev = ISC_LIST_HEAD(sock->send_list); - if (ev == NULL) - return; + if (sock->type != isc_sockettype_fdwatch) { + ev = ISC_LIST_HEAD(sock->send_list); + if (ev == NULL) + return; + socket_log(sock, NULL, EVENT, NULL, 0, 0, + "dispatch_send: event %p -> task %p", + ev, ev->ev_sender); + sender = ev->ev_sender; + } else { + sender = sock->fdwatchtask; + } sock->pending_send = 1; iev = &sock->writable_ev; - socket_log(sock, NULL, EVENT, NULL, 0, 0, - "dispatch_send: event %p -> task %p", ev, ev->ev_sender); - sock->references++; iev->ev_sender = sock; - iev->ev_action = internal_send; + if (sock->type == isc_sockettype_fdwatch) + iev->ev_action = internal_fdwatch_write; + else + iev->ev_action = internal_send; iev->ev_arg = sock; - isc_task_send(ev->ev_sender, (isc_event_t **)&iev); + isc_task_send(sender, (isc_event_t **)&iev); } /* @@ -1847,12 +2785,12 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { * a documented error for accept(). ECONNABORTED has been * reported for Solaris 8. The rest are thrown in not because * we have seen them but because they are ignored by other - * deamons such as BIND 8 and Apache. + * daemons such as BIND 8 and Apache. */ - addrlen = sizeof(dev->newsocket->address.type); - memset(&dev->newsocket->address.type.sa, 0, addrlen); - fd = accept(sock->fd, &dev->newsocket->address.type.sa, + addrlen = sizeof(dev->newsocket->peer_address.type); + memset(&dev->newsocket->peer_address.type, 0, addrlen); + fd = accept(sock->fd, &dev->newsocket->peer_address.type.sa, (void *)&addrlen); #ifdef F_DUPFD @@ -1866,7 +2804,7 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { (void)close(fd); errno = tmp; fd = new; - err = "fcntl"; + err = "accept/fcntl"; } #endif @@ -1874,8 +2812,17 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { if (SOFT_ERROR(errno)) goto soft_error; switch (errno) { - case ENOBUFS: case ENFILE: + case EMFILE: + isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + isc_msgcat, ISC_MSGSET_SOCKET, + ISC_MSG_TOOMANYFDS, + "%s: too many open file descriptors", + err); + goto soft_error; + + case ENOBUFS: case ENOMEM: case ECONNRESET: case ECONNABORTED: @@ -1913,32 +2860,33 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { (void)close(fd); goto soft_error; - } else if (dev->newsocket->address.type.sa.sa_family != + } else if (dev->newsocket->peer_address.type.sa.sa_family != sock->pf) { UNEXPECTED_ERROR(__FILE__, __LINE__, "internal_accept(): " "accept() returned peer address " - "family %u (expected %u)", - dev->newsocket->address. + "family %u (expected %u)", + dev->newsocket->peer_address. type.sa.sa_family, sock->pf); (void)close(fd); goto soft_error; - } else if (fd >= (int)FD_SETSIZE) { + } else if (fd >= (int)manager->maxsocks) { isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_TOOMANYFDS, - "%s: too many open file descriptors", - "accept"); + "accept: " + "file descriptor exceeds limit (%d/%u)", + fd, manager->maxsocks); (void)close(fd); goto soft_error; } } if (fd != -1) { - dev->newsocket->address.length = addrlen; + dev->newsocket->peer_address.length = addrlen; dev->newsocket->pf = sock->pf; } @@ -1965,6 +2913,13 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { * -1 means the new socket didn't happen. */ if (fd != -1) { + int lockid = FDLOCK_ID(fd); + + LOCK(&manager->fdlock[lockid]); + manager->fds[fd] = dev->newsocket; + manager->fdstate[fd] = MANAGED; + UNLOCK(&manager->fdlock[lockid]); + LOCK(&manager->lock); ISC_LIST_APPEND(manager->socklist, dev->newsocket, link); @@ -1975,24 +2930,27 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { /* * Save away the remote address */ - dev->address = dev->newsocket->address; + dev->address = dev->newsocket->peer_address; - manager->fds[fd] = dev->newsocket; - manager->fdstate[fd] = MANAGED; +#ifdef USE_SELECT if (manager->maxfd < fd) manager->maxfd = fd; +#endif - socket_log(sock, &dev->newsocket->address, CREATION, + socket_log(sock, &dev->newsocket->peer_address, CREATION, isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTEDCXN, "accepted connection, new socket %p", dev->newsocket); UNLOCK(&manager->lock); + + inc_stats(manager->stats, sock->statsindex[STATID_ACCEPT]); } else { + inc_stats(manager->stats, sock->statsindex[STATID_ACCEPTFAIL]); dev->newsocket->references--; free_socket(&dev->newsocket); } - + /* * Fill in the done event details and send it off. */ @@ -2006,6 +2964,8 @@ internal_accept(isc_task_t *me, isc_event_t *ev) { soft_error: select_poke(sock->manager, sock->fd, SELECT_POKE_ACCEPT); UNLOCK(&sock->lock); + + inc_stats(manager->stats, sock->statsindex[STATID_ACCEPTFAIL]); return; } @@ -2130,76 +3090,343 @@ internal_send(isc_task_t *me, isc_event_t *ev) { } static void -process_fds(isc_socketmgr_t *manager, int maxfd, - fd_set *readfds, fd_set *writefds) +internal_fdwatch_write(isc_task_t *me, isc_event_t *ev) { + isc_socket_t *sock; + int more_data; + + INSIST(ev->ev_type == ISC_SOCKEVENT_INTW); + + /* + * Find out what socket this is and lock it. + */ + sock = (isc_socket_t *)ev->ev_sender; + INSIST(VALID_SOCKET(sock)); + + LOCK(&sock->lock); + socket_log(sock, NULL, IOEVENT, + isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALSEND, + "internal_fdwatch_write: task %p got event %p", me, ev); + + INSIST(sock->pending_send == 1); + + UNLOCK(&sock->lock); + more_data = (sock->fdwatchcb)(me, sock, sock->fdwatcharg); + LOCK(&sock->lock); + + sock->pending_send = 0; + + INSIST(sock->references > 0); + sock->references--; /* the internal event is done with this socket */ + if (sock->references == 0) { + UNLOCK(&sock->lock); + destroy(&sock); + return; + } + + if (more_data) + select_poke(sock->manager, sock->fd, SELECT_POKE_WRITE); + + UNLOCK(&sock->lock); +} + +static void +internal_fdwatch_read(isc_task_t *me, isc_event_t *ev) { + isc_socket_t *sock; + int more_data; + + INSIST(ev->ev_type == ISC_SOCKEVENT_INTR); + + /* + * Find out what socket this is and lock it. + */ + sock = (isc_socket_t *)ev->ev_sender; + INSIST(VALID_SOCKET(sock)); + + LOCK(&sock->lock); + socket_log(sock, NULL, IOEVENT, + isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALRECV, + "internal_fdwatch_read: task %p got event %p", me, ev); + + INSIST(sock->pending_recv == 1); + + UNLOCK(&sock->lock); + more_data = (sock->fdwatchcb)(me, sock, sock->fdwatcharg); + LOCK(&sock->lock); + + sock->pending_recv = 0; + + INSIST(sock->references > 0); + sock->references--; /* the internal event is done with this socket */ + if (sock->references == 0) { + UNLOCK(&sock->lock); + destroy(&sock); + return; + } + + if (more_data) + select_poke(sock->manager, sock->fd, SELECT_POKE_READ); + + UNLOCK(&sock->lock); +} + +/* + * Process read/writes on each fd here. Avoid locking + * and unlocking twice if both reads and writes are possible. + */ +static void +process_fd(isc_socketmgr_t *manager, int fd, isc_boolean_t readable, + isc_boolean_t writeable) { - int i; isc_socket_t *sock; isc_boolean_t unlock_sock; - - REQUIRE(maxfd <= (int)FD_SETSIZE); + isc_boolean_t unwatch_read = ISC_FALSE, unwatch_write = ISC_FALSE; + int lockid = FDLOCK_ID(fd); /* - * Process read/writes on other fds here. Avoid locking - * and unlocking twice if both reads and writes are possible. + * If the socket is going to be closed, don't do more I/O. */ - for (i = 0; i < maxfd; i++) { + LOCK(&manager->fdlock[lockid]); + if (manager->fdstate[fd] == CLOSE_PENDING) { + UNLOCK(&manager->fdlock[lockid]); + + (void)unwatch_fd(manager, fd, SELECT_POKE_READ); + (void)unwatch_fd(manager, fd, SELECT_POKE_WRITE); + return; + } + + sock = manager->fds[fd]; + unlock_sock = ISC_FALSE; + if (readable) { + if (sock == NULL) { + unwatch_read = ISC_TRUE; + goto check_write; + } + unlock_sock = ISC_TRUE; + LOCK(&sock->lock); + if (!SOCK_DEAD(sock)) { + if (sock->listener) + dispatch_accept(sock); + else + dispatch_recv(sock); + } + unwatch_read = ISC_TRUE; + } +check_write: + if (writeable) { + if (sock == NULL) { + unwatch_write = ISC_TRUE; + goto unlock_fd; + } + if (!unlock_sock) { + unlock_sock = ISC_TRUE; + LOCK(&sock->lock); + } + if (!SOCK_DEAD(sock)) { + if (sock->connecting) + dispatch_connect(sock); + else + dispatch_send(sock); + } + unwatch_write = ISC_TRUE; + } + if (unlock_sock) + UNLOCK(&sock->lock); + + unlock_fd: + UNLOCK(&manager->fdlock[lockid]); + if (unwatch_read) + (void)unwatch_fd(manager, fd, SELECT_POKE_READ); + if (unwatch_write) + (void)unwatch_fd(manager, fd, SELECT_POKE_WRITE); + +} + +#ifdef USE_KQUEUE +static isc_boolean_t +process_fds(isc_socketmgr_t *manager, struct kevent *events, int nevents) { + int i; + isc_boolean_t readable, writable; + isc_boolean_t done = ISC_FALSE; #ifdef ISC_PLATFORM_USETHREADS - if (i == manager->pipe_fds[0] || i == manager->pipe_fds[1]) + isc_boolean_t have_ctlevent = ISC_FALSE; +#endif + + if (nevents == manager->nevents) { + /* + * This is not an error, but something unexpected. If this + * happens, it may indicate the need for increasing + * ISC_SOCKET_MAXEVENTS. + */ + manager_log(manager, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_INFO, + "maximum number of FD events (%d) received", + nevents); + } + + for (i = 0; i < nevents; i++) { + REQUIRE(events[i].ident < manager->maxsocks); +#ifdef ISC_PLATFORM_USETHREADS + if (events[i].ident == (uintptr_t)manager->pipe_fds[0]) { + have_ctlevent = ISC_TRUE; continue; -#endif /* ISC_PLATFORM_USETHREADS */ + } +#endif + readable = ISC_TF(events[i].filter == EVFILT_READ); + writable = ISC_TF(events[i].filter == EVFILT_WRITE); + process_fd(manager, events[i].ident, readable, writable); + } - if (manager->fdstate[i] == CLOSE_PENDING) { - manager->fdstate[i] = CLOSED; - FD_CLR(i, &manager->read_fds); - FD_CLR(i, &manager->write_fds); +#ifdef ISC_PLATFORM_USETHREADS + if (have_ctlevent) + done = process_ctlfd(manager); +#endif - (void)close(i); + return (done); +} +#elif defined(USE_EPOLL) +static isc_boolean_t +process_fds(isc_socketmgr_t *manager, struct epoll_event *events, int nevents) { + int i; + isc_boolean_t done = ISC_FALSE; +#ifdef ISC_PLATFORM_USETHREADS + isc_boolean_t have_ctlevent = ISC_FALSE; +#endif + if (nevents == manager->nevents) { + manager_log(manager, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_INFO, + "maximum number of FD events (%d) received", + nevents); + } + + for (i = 0; i < nevents; i++) { + REQUIRE(events[i].data.fd < (int)manager->maxsocks); +#ifdef ISC_PLATFORM_USETHREADS + if (events[i].data.fd == manager->pipe_fds[0]) { + have_ctlevent = ISC_TRUE; continue; } - - sock = manager->fds[i]; - unlock_sock = ISC_FALSE; - if (FD_ISSET(i, readfds)) { - if (sock == NULL) { - FD_CLR(i, &manager->read_fds); - goto check_write; - } - unlock_sock = ISC_TRUE; - LOCK(&sock->lock); - if (!SOCK_DEAD(sock)) { - if (sock->listener) - dispatch_accept(sock); - else - dispatch_recv(sock); - } - FD_CLR(i, &manager->read_fds); +#endif + if ((events[i].events & EPOLLERR) != 0 || + (events[i].events & EPOLLHUP) != 0) { + /* + * epoll does not set IN/OUT bits on an erroneous + * condition, so we need to try both anyway. This is a + * bit inefficient, but should be okay for such rare + * events. Note also that the read or write attempt + * won't block because we use non-blocking sockets. + */ + events[i].events |= (EPOLLIN | EPOLLOUT); } - check_write: - if (FD_ISSET(i, writefds)) { - if (sock == NULL) { - FD_CLR(i, &manager->write_fds); - continue; - } - if (!unlock_sock) { - unlock_sock = ISC_TRUE; - LOCK(&sock->lock); - } - if (!SOCK_DEAD(sock)) { - if (sock->connecting) - dispatch_connect(sock); - else - dispatch_send(sock); - } - FD_CLR(i, &manager->write_fds); + process_fd(manager, events[i].data.fd, + (events[i].events & EPOLLIN) != 0, + (events[i].events & EPOLLOUT) != 0); + } + +#ifdef ISC_PLATFORM_USETHREADS + if (have_ctlevent) + done = process_ctlfd(manager); +#endif + + return (done); +} +#elif defined(USE_DEVPOLL) +static isc_boolean_t +process_fds(isc_socketmgr_t *manager, struct pollfd *events, int nevents) { + int i; + isc_boolean_t done = ISC_FALSE; +#ifdef ISC_PLATFORM_USETHREADS + isc_boolean_t have_ctlevent = ISC_FALSE; +#endif + + if (nevents == manager->nevents) { + manager_log(manager, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_INFO, + "maximum number of FD events (%d) received", + nevents); + } + + for (i = 0; i < nevents; i++) { + REQUIRE(events[i].fd < (int)manager->maxsocks); +#ifdef ISC_PLATFORM_USETHREADS + if (events[i].fd == manager->pipe_fds[0]) { + have_ctlevent = ISC_TRUE; + continue; } - if (unlock_sock) - UNLOCK(&sock->lock); +#endif + process_fd(manager, events[i].fd, + (events[i].events & POLLIN) != 0, + (events[i].events & POLLOUT) != 0); } + +#ifdef ISC_PLATFORM_USETHREADS + if (have_ctlevent) + done = process_ctlfd(manager); +#endif + + return (done); } +#elif defined(USE_SELECT) +static void +process_fds(isc_socketmgr_t *manager, int maxfd, + fd_set *readfds, fd_set *writefds) +{ + int i; + REQUIRE(maxfd <= (int)manager->maxsocks); + + for (i = 0; i < maxfd; i++) { #ifdef ISC_PLATFORM_USETHREADS + if (i == manager->pipe_fds[0] || i == manager->pipe_fds[1]) + continue; +#endif /* ISC_PLATFORM_USETHREADS */ + process_fd(manager, i, FD_ISSET(i, readfds), + FD_ISSET(i, writefds)); + } +} +#endif + +#ifdef ISC_PLATFORM_USETHREADS +static isc_boolean_t +process_ctlfd(isc_socketmgr_t *manager) { + int msg, fd; + + for (;;) { + select_readmsg(manager, &fd, &msg); + + manager_log(manager, IOEVENT, + isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET, + ISC_MSG_WATCHERMSG, + "watcher got message %d " + "for socket %d"), msg, fd); + + /* + * Nothing to read? + */ + if (msg == SELECT_POKE_NOTHING) + break; + + /* + * Handle shutdown message. We really should + * jump out of this loop right away, but + * it doesn't matter if we have to do a little + * more work first. + */ + if (msg == SELECT_POKE_SHUTDOWN) + return (ISC_TRUE); + + /* + * This is a wakeup on a socket. Look + * at the event queue for both read and write, + * and decide if we need to watch on it now + * or not. + */ + wakeup_socket(manager, fd, msg); + } + + return (ISC_FALSE); +} + /* * This is the thread that will loop forever, always in a select or poll * call. @@ -2213,145 +3440,427 @@ watcher(void *uap) { isc_boolean_t done; int ctlfd; int cc; - fd_set readfds; - fd_set writefds; - int msg, fd; +#ifdef USE_KQUEUE + const char *fnname = "kevent()"; +#elif defined (USE_EPOLL) + const char *fnname = "epoll_wait()"; +#elif defined(USE_DEVPOLL) + const char *fnname = "ioctl(DP_POLL)"; + struct dvpoll dvp; +#elif defined (USE_SELECT) + const char *fnname = "select()"; int maxfd; +#endif char strbuf[ISC_STRERRORSIZE]; +#ifdef ISC_SOCKET_USE_POLLWATCH + pollstate_t pollstate = poll_idle; +#endif /* * Get the control fd here. This will never change. */ - LOCK(&manager->lock); ctlfd = manager->pipe_fds[0]; - done = ISC_FALSE; while (!done) { do { - readfds = manager->read_fds; - writefds = manager->write_fds; +#ifdef USE_KQUEUE + cc = kevent(manager->kqueue_fd, NULL, 0, + manager->events, manager->nevents, NULL); +#elif defined(USE_EPOLL) + cc = epoll_wait(manager->epoll_fd, manager->events, + manager->nevents, -1); +#elif defined(USE_DEVPOLL) + dvp.dp_fds = manager->events; + dvp.dp_nfds = manager->nevents; +#ifndef ISC_SOCKET_USE_POLLWATCH + dvp.dp_timeout = -1; +#else + if (pollstate == poll_idle) + dvp.dp_timeout = -1; + else + dvp.dp_timeout = ISC_SOCKET_POLLWATCH_TIMEOUT; +#endif /* ISC_SOCKET_USE_POLLWATCH */ + cc = ioctl(manager->devpoll_fd, DP_POLL, &dvp); +#elif defined(USE_SELECT) + LOCK(&manager->lock); + memcpy(manager->read_fds_copy, manager->read_fds, + manager->fd_bufsize); + memcpy(manager->write_fds_copy, manager->write_fds, + manager->fd_bufsize); maxfd = manager->maxfd + 1; - UNLOCK(&manager->lock); - cc = select(maxfd, &readfds, &writefds, NULL, NULL); - if (cc < 0) { - if (!SOFT_ERROR(errno)) { - isc__strerror(errno, strbuf, - sizeof(strbuf)); - FATAL_ERROR(__FILE__, __LINE__, - "select() %s: %s", - isc_msgcat_get(isc_msgcat, - ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, - "failed"), - strbuf); - } + cc = select(maxfd, manager->read_fds_copy, + manager->write_fds_copy, NULL, NULL); +#endif /* USE_KQUEUE */ + + if (cc < 0 && !SOFT_ERROR(errno)) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + FATAL_ERROR(__FILE__, __LINE__, + "%s %s: %s", fnname, + isc_msgcat_get(isc_msgcat, + ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, + "failed"), strbuf); } - LOCK(&manager->lock); +#if defined(USE_DEVPOLL) && defined(ISC_SOCKET_USE_POLLWATCH) + if (cc == 0) { + if (pollstate == poll_active) + pollstate = poll_checking; + else if (pollstate == poll_checking) + pollstate = poll_idle; + } else if (cc > 0) { + if (pollstate == poll_checking) { + /* + * XXX: We'd like to use a more + * verbose log level as it's actually an + * unexpected event, but the kernel bug + * reportedly happens pretty frequently + * (and it can also be a false positive) + * so it would be just too noisy. + */ + manager_log(manager, + ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, + ISC_LOG_DEBUG(1), + "unexpected POLL timeout"); + } + pollstate = poll_active; + } +#endif } while (cc < 0); +#if defined(USE_KQUEUE) || defined (USE_EPOLL) || defined (USE_DEVPOLL) + done = process_fds(manager, manager->events, cc); +#elif defined(USE_SELECT) + process_fds(manager, maxfd, manager->read_fds_copy, + manager->write_fds_copy); /* * Process reads on internal, control fd. */ - if (FD_ISSET(ctlfd, &readfds)) { - for (;;) { - select_readmsg(manager, &fd, &msg); + if (FD_ISSET(ctlfd, manager->read_fds_copy)) + done = process_ctlfd(manager); +#endif + } - manager_log(manager, IOEVENT, - isc_msgcat_get(isc_msgcat, - ISC_MSGSET_SOCKET, - ISC_MSG_WATCHERMSG, - "watcher got message %d"), - msg); - - /* - * Nothing to read? - */ - if (msg == SELECT_POKE_NOTHING) - break; - - /* - * Handle shutdown message. We really should - * jump out of this loop right away, but - * it doesn't matter if we have to do a little - * more work first. - */ - if (msg == SELECT_POKE_SHUTDOWN) { - done = ISC_TRUE; - - break; - } + manager_log(manager, TRACE, "%s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_EXITING, "watcher exiting")); + + return ((isc_threadresult_t)0); +} +#endif /* ISC_PLATFORM_USETHREADS */ + +void +isc__socketmgr_setreserved(isc_socketmgr_t *manager, isc_uint32_t reserved) { + + REQUIRE(VALID_MANAGER(manager)); + + manager->reserved = reserved; +} + +/* + * Create a new socket manager. + */ + +static isc_result_t +setup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) { + isc_result_t result; +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) + char strbuf[ISC_STRERRORSIZE]; +#endif + +#ifdef USE_KQUEUE + manager->nevents = ISC_SOCKET_MAXEVENTS; + manager->events = isc_mem_get(mctx, sizeof(struct kevent) * + manager->nevents); + if (manager->events == NULL) + return (ISC_R_NOMEMORY); + manager->kqueue_fd = kqueue(); + if (manager->kqueue_fd == -1) { + result = isc__errno2result(errno); + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "kqueue %s: %s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + strbuf); + isc_mem_put(mctx, manager->events, + sizeof(struct kevent) * manager->nevents); + return (result); + } + +#ifdef ISC_PLATFORM_USETHREADS + result = watch_fd(manager, manager->pipe_fds[0], SELECT_POKE_READ); + if (result != ISC_R_SUCCESS) { + close(manager->kqueue_fd); + isc_mem_put(mctx, manager->events, + sizeof(struct kevent) * manager->nevents); + return (result); + } +#endif /* ISC_PLATFORM_USETHREADS */ +#elif defined(USE_EPOLL) + manager->nevents = ISC_SOCKET_MAXEVENTS; + manager->events = isc_mem_get(mctx, sizeof(struct epoll_event) * + manager->nevents); + if (manager->events == NULL) + return (ISC_R_NOMEMORY); + manager->epoll_fd = epoll_create(manager->nevents); + if (manager->epoll_fd == -1) { + result = isc__errno2result(errno); + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "epoll_create %s: %s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + strbuf); + isc_mem_put(mctx, manager->events, + sizeof(struct epoll_event) * manager->nevents); + return (result); + } +#ifdef ISC_PLATFORM_USETHREADS + result = watch_fd(manager, manager->pipe_fds[0], SELECT_POKE_READ); + if (result != ISC_R_SUCCESS) { + close(manager->epoll_fd); + isc_mem_put(mctx, manager->events, + sizeof(struct epoll_event) * manager->nevents); + return (result); + } +#endif /* ISC_PLATFORM_USETHREADS */ +#elif defined(USE_DEVPOLL) + /* + * XXXJT: /dev/poll seems to reject large numbers of events, + * so we should be careful about redefining ISC_SOCKET_MAXEVENTS. + */ + manager->nevents = ISC_SOCKET_MAXEVENTS; + manager->events = isc_mem_get(mctx, sizeof(struct pollfd) * + manager->nevents); + if (manager->events == NULL) + return (ISC_R_NOMEMORY); + /* + * Note: fdpollinfo should be able to support all possible FDs, so + * it must have maxsocks entries (not nevents). + */ + manager->fdpollinfo = isc_mem_get(mctx, sizeof(pollinfo_t) * + manager->maxsocks); + if (manager->fdpollinfo == NULL) { + isc_mem_put(mctx, manager->events, + sizeof(struct pollfd) * manager->nevents); + return (ISC_R_NOMEMORY); + } + memset(manager->fdpollinfo, 0, sizeof(pollinfo_t) * manager->maxsocks); + manager->devpoll_fd = open("/dev/poll", O_RDWR); + if (manager->devpoll_fd == -1) { + result = isc__errno2result(errno); + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "open(/dev/poll) %s: %s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed"), + strbuf); + isc_mem_put(mctx, manager->events, + sizeof(struct pollfd) * manager->nevents); + isc_mem_put(mctx, manager->fdpollinfo, + sizeof(pollinfo_t) * manager->maxsocks); + return (result); + } +#ifdef ISC_PLATFORM_USETHREADS + result = watch_fd(manager, manager->pipe_fds[0], SELECT_POKE_READ); + if (result != ISC_R_SUCCESS) { + close(manager->devpoll_fd); + isc_mem_put(mctx, manager->events, + sizeof(struct pollfd) * manager->nevents); + isc_mem_put(mctx, manager->fdpollinfo, + sizeof(pollinfo_t) * manager->maxsocks); + return (result); + } +#endif /* ISC_PLATFORM_USETHREADS */ +#elif defined(USE_SELECT) + UNUSED(result); + +#if ISC_SOCKET_MAXSOCKETS > FD_SETSIZE + /* + * Note: this code should also cover the case of MAXSOCKETS <= + * FD_SETSIZE, but we separate the cases to avoid possible portability + * issues regarding howmany() and the actual representation of fd_set. + */ + manager->fd_bufsize = howmany(manager->maxsocks, NFDBITS) * + sizeof(fd_mask); +#else + manager->fd_bufsize = sizeof(fd_set); +#endif - /* - * This is a wakeup on a socket. Look - * at the event queue for both read and write, - * and decide if we need to watch on it now - * or not. - */ - wakeup_socket(manager, fd, msg); - } + manager->read_fds = NULL; + manager->read_fds_copy = NULL; + manager->write_fds = NULL; + manager->write_fds_copy = NULL; + + manager->read_fds = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->read_fds != NULL) + manager->read_fds_copy = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->read_fds_copy != NULL) + manager->write_fds = isc_mem_get(mctx, manager->fd_bufsize); + if (manager->write_fds != NULL) { + manager->write_fds_copy = isc_mem_get(mctx, + manager->fd_bufsize); + } + if (manager->write_fds_copy == NULL) { + if (manager->write_fds != NULL) { + isc_mem_put(mctx, manager->write_fds, + manager->fd_bufsize); } - - process_fds(manager, maxfd, &readfds, &writefds); + if (manager->read_fds_copy != NULL) { + isc_mem_put(mctx, manager->read_fds_copy, + manager->fd_bufsize); + } + if (manager->read_fds != NULL) { + isc_mem_put(mctx, manager->read_fds, + manager->fd_bufsize); + } + return (ISC_R_NOMEMORY); } + memset(manager->read_fds, 0, manager->fd_bufsize); + memset(manager->write_fds, 0, manager->fd_bufsize); - manager_log(manager, TRACE, - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_EXITING, "watcher exiting")); +#ifdef ISC_PLATFORM_USETHREADS + (void)watch_fd(manager, manager->pipe_fds[0], SELECT_POKE_READ); + manager->maxfd = manager->pipe_fds[0]; +#else /* ISC_PLATFORM_USETHREADS */ + manager->maxfd = 0; +#endif /* ISC_PLATFORM_USETHREADS */ +#endif /* USE_KQUEUE */ - UNLOCK(&manager->lock); - return ((isc_threadresult_t)0); + return (ISC_R_SUCCESS); +} + +static void +cleanup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) { +#ifdef ISC_PLATFORM_USETHREADS + isc_result_t result; + + result = unwatch_fd(manager, manager->pipe_fds[0], SELECT_POKE_READ); + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "epoll_ctl(DEL) %s", + isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, "failed")); + } +#endif /* ISC_PLATFORM_USETHREADS */ + +#ifdef USE_KQUEUE + close(manager->kqueue_fd); + isc_mem_put(mctx, manager->events, + sizeof(struct kevent) * manager->nevents); +#elif defined(USE_EPOLL) + close(manager->epoll_fd); + isc_mem_put(mctx, manager->events, + sizeof(struct epoll_event) * manager->nevents); +#elif defined(USE_DEVPOLL) + close(manager->devpoll_fd); + isc_mem_put(mctx, manager->events, + sizeof(struct pollfd) * manager->nevents); + isc_mem_put(mctx, manager->fdpollinfo, + sizeof(pollinfo_t) * manager->maxsocks); +#elif defined(USE_SELECT) + if (manager->read_fds != NULL) + isc_mem_put(mctx, manager->read_fds, manager->fd_bufsize); + if (manager->read_fds_copy != NULL) + isc_mem_put(mctx, manager->read_fds_copy, manager->fd_bufsize); + if (manager->write_fds != NULL) + isc_mem_put(mctx, manager->write_fds, manager->fd_bufsize); + if (manager->write_fds_copy != NULL) + isc_mem_put(mctx, manager->write_fds_copy, manager->fd_bufsize); +#endif /* USE_KQUEUE */ } -#endif /* ISC_PLATFORM_USETHREADS */ -/* - * Create a new socket manager. - */ isc_result_t isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { + return (isc_socketmgr_create2(mctx, managerp, 0)); +} + +isc_result_t +isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp, + unsigned int maxsocks) +{ + int i; isc_socketmgr_t *manager; #ifdef ISC_PLATFORM_USETHREADS char strbuf[ISC_STRERRORSIZE]; #endif + isc_result_t result; REQUIRE(managerp != NULL && *managerp == NULL); #ifndef ISC_PLATFORM_USETHREADS if (socketmgr != NULL) { + /* Don't allow maxsocks to be updated */ + if (maxsocks > 0 && socketmgr->maxsocks != maxsocks) + return (ISC_R_EXISTS); + socketmgr->refs++; *managerp = socketmgr; return (ISC_R_SUCCESS); } #endif /* ISC_PLATFORM_USETHREADS */ + if (maxsocks == 0) + maxsocks = ISC_SOCKET_MAXSOCKETS; + manager = isc_mem_get(mctx, sizeof(*manager)); if (manager == NULL) return (ISC_R_NOMEMORY); + /* zero-clear so that necessary cleanup on failure will be easy */ + memset(manager, 0, sizeof(*manager)); + manager->maxsocks = maxsocks; + manager->reserved = 0; + manager->fds = isc_mem_get(mctx, + manager->maxsocks * sizeof(isc_socket_t *)); + if (manager->fds == NULL) { + result = ISC_R_NOMEMORY; + goto free_manager; + } + manager->fdstate = isc_mem_get(mctx, manager->maxsocks * sizeof(int)); + if (manager->fdstate == NULL) { + result = ISC_R_NOMEMORY; + goto free_manager; + } + manager->stats = NULL; + manager->magic = SOCKET_MANAGER_MAGIC; manager->mctx = NULL; - memset(manager->fds, 0, sizeof(manager->fds)); + memset(manager->fds, 0, manager->maxsocks * sizeof(isc_socket_t *)); ISC_LIST_INIT(manager->socklist); - if (isc_mutex_init(&manager->lock) != ISC_R_SUCCESS) { - isc_mem_put(mctx, manager, sizeof(*manager)); - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_mutex_init() %s", - isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, - ISC_MSG_FAILED, "failed")); - return (ISC_R_UNEXPECTED); + result = isc_mutex_init(&manager->lock); + if (result != ISC_R_SUCCESS) + goto free_manager; + manager->fdlock = isc_mem_get(mctx, FDLOCK_COUNT * sizeof(isc_mutex_t)); + if (manager->fdlock == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup_lock; } + for (i = 0; i < FDLOCK_COUNT; i++) { + result = isc_mutex_init(&manager->fdlock[i]); + if (result != ISC_R_SUCCESS) { + while (--i >= 0) + DESTROYLOCK(&manager->fdlock[i]); + isc_mem_put(mctx, manager->fdlock, + FDLOCK_COUNT * sizeof(isc_mutex_t)); + manager->fdlock = NULL; + goto cleanup_lock; + } + } + #ifdef ISC_PLATFORM_USETHREADS if (isc_condition_init(&manager->shutdown_ok) != ISC_R_SUCCESS) { - DESTROYLOCK(&manager->lock); - isc_mem_put(mctx, manager, sizeof(*manager)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_condition_init() %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, "failed")); - return (ISC_R_UNEXPECTED); + result = ISC_R_UNEXPECTED; + goto cleanup_lock; } /* @@ -2359,16 +3868,14 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { * select/poll loop when something internal needs to be done. */ if (pipe(manager->pipe_fds) != 0) { - DESTROYLOCK(&manager->lock); - isc_mem_put(mctx, manager, sizeof(*manager)); isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "pipe() %s: %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, "failed"), strbuf); - - return (ISC_R_UNEXPECTED); + result = ISC_R_UNEXPECTED; + goto cleanup_condition; } RUNTIME_CHECK(make_nonblock(manager->pipe_fds[0]) == ISC_R_SUCCESS); @@ -2382,31 +3889,23 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { /* * Set up initial state for the select loop */ - FD_ZERO(&manager->read_fds); - FD_ZERO(&manager->write_fds); -#ifdef ISC_PLATFORM_USETHREADS - FD_SET(manager->pipe_fds[0], &manager->read_fds); - manager->maxfd = manager->pipe_fds[0]; -#else /* ISC_PLATFORM_USETHREADS */ - manager->maxfd = 0; -#endif /* ISC_PLATFORM_USETHREADS */ - memset(manager->fdstate, 0, sizeof(manager->fdstate)); - + result = setup_watcher(mctx, manager); + if (result != ISC_R_SUCCESS) + goto cleanup; + memset(manager->fdstate, 0, manager->maxsocks * sizeof(int)); #ifdef ISC_PLATFORM_USETHREADS /* * Start up the select/poll thread. */ if (isc_thread_create(watcher, manager, &manager->watcher) != ISC_R_SUCCESS) { - (void)close(manager->pipe_fds[0]); - (void)close(manager->pipe_fds[1]); - DESTROYLOCK(&manager->lock); - isc_mem_put(mctx, manager, sizeof(*manager)); UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_thread_create() %s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL, ISC_MSG_FAILED, "failed")); - return (ISC_R_UNEXPECTED); + cleanup_watcher(mctx, manager); + result = ISC_R_UNEXPECTED; + goto cleanup; } #endif /* ISC_PLATFORM_USETHREADS */ isc_mem_attach(mctx, &manager->mctx); @@ -2417,6 +3916,62 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) { *managerp = manager; return (ISC_R_SUCCESS); + +cleanup: +#ifdef ISC_PLATFORM_USETHREADS + (void)close(manager->pipe_fds[0]); + (void)close(manager->pipe_fds[1]); +#endif /* ISC_PLATFORM_USETHREADS */ + +#ifdef ISC_PLATFORM_USETHREADS +cleanup_condition: + (void)isc_condition_destroy(&manager->shutdown_ok); +#endif /* ISC_PLATFORM_USETHREADS */ + + +cleanup_lock: + if (manager->fdlock != NULL) { + for (i = 0; i < FDLOCK_COUNT; i++) + DESTROYLOCK(&manager->fdlock[i]); + } + DESTROYLOCK(&manager->lock); + +free_manager: + if (manager->fdlock != NULL) { + isc_mem_put(mctx, manager->fdlock, + FDLOCK_COUNT * sizeof(isc_mutex_t)); + } + if (manager->fdstate != NULL) { + isc_mem_put(mctx, manager->fdstate, + manager->maxsocks * sizeof(int)); + } + if (manager->fds != NULL) { + isc_mem_put(mctx, manager->fds, + manager->maxsocks * sizeof(isc_socket_t *)); + } + isc_mem_put(mctx, manager, sizeof(*manager)); + + return (result); +} + +isc_result_t +isc_socketmgr_getmaxsockets(isc_socketmgr_t *manager, unsigned int *nsockp) { + REQUIRE(VALID_MANAGER(manager)); + REQUIRE(nsockp != NULL); + + *nsockp = manager->maxsocks; + + return (ISC_R_SUCCESS); +} + +void +isc_socketmgr_setstats(isc_socketmgr_t *manager, isc_stats_t *stats) { + REQUIRE(VALID_MANAGER(manager)); + REQUIRE(ISC_LIST_EMPTY(manager->socklist)); + REQUIRE(manager->stats == NULL); + REQUIRE(isc_stats_ncounters(stats) == isc_sockstatscounter_max); + + isc_stats_attach(stats, &manager->stats); } void @@ -2448,7 +4003,7 @@ isc_socketmgr_destroy(isc_socketmgr_t **managerp) { * Wait for all sockets to be destroyed. */ while (!ISC_LIST_EMPTY(manager->socklist)) { - manager_log(manager, CREATION, + manager_log(manager, CREATION, "%s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_SOCKETSREMAIN, "sockets exist")); @@ -2459,7 +4014,7 @@ isc_socketmgr_destroy(isc_socketmgr_t **managerp) { * Hope all sockets have been destroyed. */ if (!ISC_LIST_EMPTY(manager->socklist)) { - manager_log(manager, CREATION, + manager_log(manager, CREATION, "%s", isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_SOCKETSREMAIN, "sockets exist")); @@ -2490,16 +4045,32 @@ isc_socketmgr_destroy(isc_socketmgr_t **managerp) { /* * Clean up. */ + cleanup_watcher(manager->mctx, manager); + #ifdef ISC_PLATFORM_USETHREADS (void)close(manager->pipe_fds[0]); (void)close(manager->pipe_fds[1]); (void)isc_condition_destroy(&manager->shutdown_ok); #endif /* ISC_PLATFORM_USETHREADS */ - for (i = 0; i < (int)FD_SETSIZE; i++) - if (manager->fdstate[i] == CLOSE_PENDING) + for (i = 0; i < (int)manager->maxsocks; i++) + if (manager->fdstate[i] == CLOSE_PENDING) /* no need to lock */ (void)close(i); + isc_mem_put(manager->mctx, manager->fds, + manager->maxsocks * sizeof(isc_socket_t *)); + isc_mem_put(manager->mctx, manager->fdstate, + manager->maxsocks * sizeof(int)); + + if (manager->stats != NULL) + isc_stats_detach(&manager->stats); + + if (manager->fdlock != NULL) { + for (i = 0; i < FDLOCK_COUNT; i++) + DESTROYLOCK(&manager->fdlock[i]); + isc_mem_put(manager->mctx, manager->fdlock, + FDLOCK_COUNT * sizeof(isc_mutex_t)); + } DESTROYLOCK(&manager->lock); manager->magic = 0; mctx= manager->mctx; @@ -2553,7 +4124,7 @@ socket_recv(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task, * Enqueue the request. If the socket was previously not being * watched, poke the watcher to start paying attention to it. */ - if (ISC_LIST_EMPTY(sock->recv_list)) + if (ISC_LIST_EMPTY(sock->recv_list) && !sock->pending_recv) select_poke(sock->manager, sock->fd, SELECT_POKE_READ); ISC_LIST_ENQUEUE(sock->recv_list, dev, ev_link); @@ -2750,7 +4321,8 @@ socket_send(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task, * not being watched, poke the watcher to start * paying attention to it. */ - if (ISC_LIST_EMPTY(sock->send_list)) + if (ISC_LIST_EMPTY(sock->send_list) && + !sock->pending_send) select_poke(sock->manager, sock->fd, SELECT_POKE_WRITE); ISC_LIST_ENQUEUE(sock->send_list, dev, ev_link); @@ -2884,8 +4456,193 @@ isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region, return (socket_send(sock, event, task, address, pktinfo, flags)); } +void +isc_socket_cleanunix(isc_sockaddr_t *sockaddr, isc_boolean_t active) { +#ifdef ISC_PLATFORM_HAVESYSUNH + int s; + struct stat sb; + char strbuf[ISC_STRERRORSIZE]; + + if (sockaddr->type.sa.sa_family != AF_UNIX) + return; + +#ifndef S_ISSOCK +#if defined(S_IFMT) && defined(S_IFSOCK) +#define S_ISSOCK(mode) ((mode & S_IFMT)==S_IFSOCK) +#elif defined(_S_IFMT) && defined(S_IFSOCK) +#define S_ISSOCK(mode) ((mode & _S_IFMT)==S_IFSOCK) +#endif +#endif + +#ifndef S_ISFIFO +#if defined(S_IFMT) && defined(S_IFIFO) +#define S_ISFIFO(mode) ((mode & S_IFMT)==S_IFIFO) +#elif defined(_S_IFMT) && defined(S_IFIFO) +#define S_ISFIFO(mode) ((mode & _S_IFMT)==S_IFIFO) +#endif +#endif + +#if !defined(S_ISFIFO) && !defined(S_ISSOCK) +#error You need to define S_ISFIFO and S_ISSOCK as appropriate for your platform. See . +#endif + +#ifndef S_ISFIFO +#define S_ISFIFO(mode) 0 +#endif + +#ifndef S_ISSOCK +#define S_ISSOCK(mode) 0 +#endif + + if (active) { + if (stat(sockaddr->type.sunix.sun_path, &sb) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + "isc_socket_cleanunix: stat(%s): %s", + sockaddr->type.sunix.sun_path, strbuf); + return; + } + if (!(S_ISSOCK(sb.st_mode) || S_ISFIFO(sb.st_mode))) { + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + "isc_socket_cleanunix: %s: not a socket", + sockaddr->type.sunix.sun_path); + return; + } + if (unlink(sockaddr->type.sunix.sun_path) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + "isc_socket_cleanunix: unlink(%s): %s", + sockaddr->type.sunix.sun_path, strbuf); + } + return; + } + + s = socket(AF_UNIX, SOCK_STREAM, 0); + if (s < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_WARNING, + "isc_socket_cleanunix: socket(%s): %s", + sockaddr->type.sunix.sun_path, strbuf); + return; + } + + if (stat(sockaddr->type.sunix.sun_path, &sb) < 0) { + switch (errno) { + case ENOENT: /* We exited cleanly last time */ + break; + default: + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_WARNING, + "isc_socket_cleanunix: stat(%s): %s", + sockaddr->type.sunix.sun_path, strbuf); + break; + } + goto cleanup; + } + + if (!(S_ISSOCK(sb.st_mode) || S_ISFIFO(sb.st_mode))) { + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_WARNING, + "isc_socket_cleanunix: %s: not a socket", + sockaddr->type.sunix.sun_path); + goto cleanup; + } + + if (connect(s, (struct sockaddr *)&sockaddr->type.sunix, + sizeof(sockaddr->type.sunix)) < 0) { + switch (errno) { + case ECONNREFUSED: + case ECONNRESET: + if (unlink(sockaddr->type.sunix.sun_path) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, + ISC_LOG_WARNING, + "isc_socket_cleanunix: " + "unlink(%s): %s", + sockaddr->type.sunix.sun_path, + strbuf); + } + break; + default: + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_WARNING, + "isc_socket_cleanunix: connect(%s): %s", + sockaddr->type.sunix.sun_path, strbuf); + break; + } + } + cleanup: + close(s); +#else + UNUSED(sockaddr); + UNUSED(active); +#endif +} + +isc_result_t +isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm, + isc_uint32_t owner, isc_uint32_t group) +{ +#ifdef ISC_PLATFORM_HAVESYSUNH + isc_result_t result = ISC_R_SUCCESS; + char strbuf[ISC_STRERRORSIZE]; + char path[sizeof(sockaddr->type.sunix.sun_path)]; +#ifdef NEED_SECURE_DIRECTORY + char *slash; +#endif + + REQUIRE(sockaddr->type.sa.sa_family == AF_UNIX); + INSIST(strlen(sockaddr->type.sunix.sun_path) < sizeof(path)); + strcpy(path, sockaddr->type.sunix.sun_path); + +#ifdef NEED_SECURE_DIRECTORY + slash = strrchr(path, '/'); + if (slash != NULL) { + if (slash != path) + *slash = '\0'; + else + strcpy(path, "/"); + } else + strcpy(path, "."); +#endif + + if (chmod(path, perm) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + "isc_socket_permunix: chmod(%s, %d): %s", + path, perm, strbuf); + result = ISC_R_FAILURE; + } + if (chown(path, owner, group) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL, + ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR, + "isc_socket_permunix: chown(%s, %d, %d): %s", + path, owner, group, + strbuf); + result = ISC_R_FAILURE; + } + return (result); +#else + UNUSED(sockaddr); + UNUSED(perm); + UNUSED(owner); + UNUSED(group); + return (ISC_R_NOTIMPLEMENTED); +#endif +} + isc_result_t -isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) { +isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, + unsigned int options) { char strbuf[ISC_STRERRORSIZE]; int on = 1; @@ -2900,7 +4657,12 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) { /* * Only set SO_REUSEADDR when we want a specific port. */ - if (isc_sockaddr_getport(sockaddr) != (in_port_t)0 && +#ifdef AF_UNIX + if (sock->pf == AF_UNIX) + goto bind_socket; +#endif + if ((options & ISC_SOCKET_REUSEADDRESS) != 0 && + isc_sockaddr_getport(sockaddr) != (in_port_t)0 && setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)) < 0) { UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -2909,7 +4671,13 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) { ISC_MSG_FAILED, "failed")); /* Press on... */ } +#ifdef AF_UNIX + bind_socket: +#endif if (bind(sock->fd, &sockaddr->type.sa, sockaddr->length) < 0) { + inc_stats(sock->manager->stats, + sock->statsindex[STATID_BINDFAIL]); + UNLOCK(&sock->lock); switch (errno) { case EACCES: @@ -2985,7 +4753,8 @@ isc_socket_listen(isc_socket_t *sock, unsigned int backlog) { REQUIRE(!sock->listener); REQUIRE(sock->bound); - REQUIRE(sock->type == isc_sockettype_tcp); + REQUIRE(sock->type == isc_sockettype_tcp || + sock->type == isc_sockettype_unix); if (backlog == 0) backlog = SOMAXCONN; @@ -3006,7 +4775,7 @@ isc_socket_listen(isc_socket_t *sock, unsigned int backlog) { } /* - * This should try to do agressive accept() XXXMLG + * This should try to do aggressive accept() XXXMLG */ isc_result_t isc_socket_accept(isc_socket_t *sock, @@ -3016,7 +4785,7 @@ isc_socket_accept(isc_socket_t *sock, isc_socketmgr_t *manager; isc_task_t *ntask = NULL; isc_socket_t *nsock; - isc_result_t ret; + isc_result_t result; isc_boolean_t do_poke = ISC_FALSE; REQUIRE(VALID_SOCKET(sock)); @@ -3041,11 +4810,11 @@ isc_socket_accept(isc_socket_t *sock, } ISC_LINK_INIT(dev, ev_link); - ret = allocate_socket(manager, sock->type, &nsock); - if (ret != ISC_R_SUCCESS) { + result = allocate_socket(manager, sock->type, &nsock); + if (result != ISC_R_SUCCESS) { isc_event_free(ISC_EVENT_PTR(&dev)); UNLOCK(&sock->lock); - return (ret); + return (result); } /* @@ -3053,6 +4822,7 @@ isc_socket_accept(isc_socket_t *sock, */ isc_task_attach(task, &ntask); nsock->references++; + nsock->statsindex = sock->statsindex; dev->ev_sender = ntask; dev->newsocket = nsock; @@ -3083,6 +4853,7 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr, isc_socketmgr_t *manager; int cc; char strbuf[ISC_STRERRORSIZE]; + char addrbuf[ISC_SOCKADDR_FORMATSIZE]; REQUIRE(VALID_SOCKET(sock)); REQUIRE(addr != NULL); @@ -3114,9 +4885,19 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr, * Try to do the connect right away, as there can be only one * outstanding, and it might happen to complete. */ - sock->address = *addr; + sock->peer_address = *addr; cc = connect(sock->fd, &addr->type.sa, addr->length); if (cc < 0) { + /* + * HP-UX "fails" to connect a UDP socket and sets errno to + * EINPROGRESS if it's non-blocking. We'd rather regard this as + * a success and let the user detect it if it's really an error + * at the time of sending a packet on the socket. + */ + if (sock->type == isc_sockettype_udp && errno == EINPROGRESS) { + cc = 0; + goto success; + } if (SOFT_ERROR(errno) || errno == EINPROGRESS) goto queue; @@ -3141,9 +4922,13 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr, sock->connected = 0; isc__strerror(errno, strbuf, sizeof(strbuf)); - UNEXPECTED_ERROR(__FILE__, __LINE__, "%d/%s", errno, strbuf); + isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, "connect(%s) %d/%s", + addrbuf, errno, strbuf); UNLOCK(&sock->lock); + inc_stats(sock->manager->stats, + sock->statsindex[STATID_CONNECTFAIL]); isc_event_free(ISC_EVENT_PTR(&dev)); return (ISC_R_UNEXPECTED); @@ -3152,12 +4937,15 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr, isc_task_send(task, ISC_EVENT_PTR(&dev)); UNLOCK(&sock->lock); + inc_stats(sock->manager->stats, + sock->statsindex[STATID_CONNECTFAIL]); return (ISC_R_SUCCESS); } /* * If connect completed, fire off the done event. */ + success: if (cc == 0) { sock->connected = 1; sock->bound = 1; @@ -3165,6 +4953,10 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr, isc_task_send(task, ISC_EVENT_PTR(&dev)); UNLOCK(&sock->lock); + + inc_stats(sock->manager->stats, + sock->statsindex[STATID_CONNECT]); + return (ISC_R_SUCCESS); } @@ -3263,6 +5055,9 @@ internal_connect(isc_task_t *me, isc_event_t *ev) { return; } + inc_stats(sock->manager->stats, + sock->statsindex[STATID_CONNECTFAIL]); + /* * Translate other errors into ISC_R_* flavors. */ @@ -3285,7 +5080,7 @@ internal_connect(isc_task_t *me, isc_event_t *ev) { #undef ERROR_MATCH default: dev->result = ISC_R_UNEXPECTED; - isc_sockaddr_format(&sock->address, peerbuf, + isc_sockaddr_format(&sock->peer_address, peerbuf, sizeof(peerbuf)); isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -3293,6 +5088,8 @@ internal_connect(isc_task_t *me, isc_event_t *ev) { peerbuf, strbuf); } } else { + inc_stats(sock->manager->stats, + sock->statsindex[STATID_CONNECT]); dev->result = ISC_R_SUCCESS; sock->connected = 1; sock->bound = 1; @@ -3309,7 +5106,7 @@ internal_connect(isc_task_t *me, isc_event_t *ev) { isc_result_t isc_socket_getpeername(isc_socket_t *sock, isc_sockaddr_t *addressp) { - isc_result_t ret; + isc_result_t result; REQUIRE(VALID_SOCKET(sock)); REQUIRE(addressp != NULL); @@ -3317,21 +5114,21 @@ isc_socket_getpeername(isc_socket_t *sock, isc_sockaddr_t *addressp) { LOCK(&sock->lock); if (sock->connected) { - *addressp = sock->address; - ret = ISC_R_SUCCESS; + *addressp = sock->peer_address; + result = ISC_R_SUCCESS; } else { - ret = ISC_R_NOTCONNECTED; + result = ISC_R_NOTCONNECTED; } UNLOCK(&sock->lock); - return (ret); + return (result); } isc_result_t isc_socket_getsockname(isc_socket_t *sock, isc_sockaddr_t *addressp) { ISC_SOCKADDR_LEN_T len; - isc_result_t ret; + isc_result_t result; char strbuf[ISC_STRERRORSIZE]; REQUIRE(VALID_SOCKET(sock)); @@ -3340,18 +5137,18 @@ isc_socket_getsockname(isc_socket_t *sock, isc_sockaddr_t *addressp) { LOCK(&sock->lock); if (!sock->bound) { - ret = ISC_R_NOTBOUND; + result = ISC_R_NOTBOUND; goto out; } - ret = ISC_R_SUCCESS; + result = ISC_R_SUCCESS; len = sizeof(addressp->type); if (getsockname(sock->fd, &addressp->type.sa, (void *)&len) < 0) { isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "getsockname: %s", strbuf); - ret = ISC_R_UNEXPECTED; + result = ISC_R_UNEXPECTED; goto out; } addressp->length = (unsigned int)len; @@ -3359,7 +5156,7 @@ isc_socket_getsockname(isc_socket_t *sock, isc_sockaddr_t *addressp) { out: UNLOCK(&sock->lock); - return (ret); + return (result); } /* @@ -3517,32 +5314,242 @@ isc_socket_ipv6only(isc_socket_t *sock, isc_boolean_t yes) { #ifdef IPV6_V6ONLY if (sock->pf == AF_INET6) { - (void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_V6ONLY, - (void *)&onoff, sizeof(onoff)); + if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_V6ONLY, + (void *)&onoff, sizeof(int)) < 0) { + char strbuf[ISC_STRERRORSIZE]; + + UNEXPECTED_ERROR(__FILE__, __LINE__, + "setsockopt(%d, IPV6_V6ONLY) " + "%s: %s", sock->fd, + isc_msgcat_get(isc_msgcat, + ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, + "failed"), + strbuf); + } } + FIX_IPV6_RECVPKTINFO(sock); /* AIX */ #endif } #ifndef ISC_PLATFORM_USETHREADS -void -isc__socketmgr_getfdsets(fd_set *readset, fd_set *writeset, int *maxfd) { +/* In our assumed scenario, we can simply use a single static object. */ +static isc_socketwait_t swait_private; + +int +isc__socketmgr_waitevents(struct timeval *tvp, isc_socketwait_t **swaitp) { + int n; +#ifdef USE_KQUEUE + struct timespec ts, *tsp; +#endif +#ifdef USE_EPOLL + int timeout; +#endif +#ifdef USE_DEVPOLL + struct dvpoll dvp; +#endif + + REQUIRE(swaitp != NULL && *swaitp == NULL); + if (socketmgr == NULL) - *maxfd = 0; - else { - *readset = socketmgr->read_fds; - *writeset = socketmgr->write_fds; - *maxfd = socketmgr->maxfd + 1; - } + return (0); + +#ifdef USE_KQUEUE + if (tvp != NULL) { + ts.tv_sec = tvp->tv_sec; + ts.tv_nsec = tvp->tv_usec * 1000; + tsp = &ts; + } else + tsp = NULL; + swait_private.nevents = kevent(socketmgr->kqueue_fd, NULL, 0, + socketmgr->events, socketmgr->nevents, + tsp); + n = swait_private.nevents; +#elif defined(USE_EPOLL) + if (tvp != NULL) + timeout = tvp->tv_sec * 1000 + (tvp->tv_usec + 999) / 1000; + else + timeout = -1; + swait_private.nevents = epoll_wait(socketmgr->epoll_fd, + socketmgr->events, + socketmgr->nevents, timeout); + n = swait_private.nevents; +#elif defined(USE_DEVPOLL) + dvp.dp_fds = socketmgr->events; + dvp.dp_nfds = socketmgr->nevents; + if (tvp != NULL) { + dvp.dp_timeout = tvp->tv_sec * 1000 + + (tvp->tv_usec + 999) / 1000; + } else + dvp.dp_timeout = -1; + swait_private.nevents = ioctl(socketmgr->devpoll_fd, DP_POLL, &dvp); + n = swait_private.nevents; +#elif defined(USE_SELECT) + memcpy(socketmgr->read_fds_copy, socketmgr->read_fds, + socketmgr->fd_bufsize); + memcpy(socketmgr->write_fds_copy, socketmgr->write_fds, + socketmgr->fd_bufsize); + + swait_private.readset = socketmgr->read_fds_copy; + swait_private.writeset = socketmgr->write_fds_copy; + swait_private.maxfd = socketmgr->maxfd + 1; + + n = select(swait_private.maxfd, swait_private.readset, + swait_private.writeset, NULL, tvp); +#endif + + *swaitp = &swait_private; + return (n); } isc_result_t -isc__socketmgr_dispatch(fd_set *readset, fd_set *writeset, int maxfd) { - isc_socketmgr_t *manager = socketmgr; +isc__socketmgr_dispatch(isc_socketwait_t *swait) { + REQUIRE(swait == &swait_private); - if (manager == NULL) + if (socketmgr == NULL) return (ISC_R_NOTFOUND); - process_fds(manager, maxfd, readset, writeset); +#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL) + (void)process_fds(socketmgr, socketmgr->events, swait->nevents); + return (ISC_R_SUCCESS); +#elif defined(USE_SELECT) + process_fds(socketmgr, swait->maxfd, swait->readset, swait->writeset); return (ISC_R_SUCCESS); +#endif } #endif /* ISC_PLATFORM_USETHREADS */ + +void +isc_socket_setname(isc_socket_t *socket, const char *name, void *tag) { + + /* + * Name 'socket'. + */ + + REQUIRE(VALID_SOCKET(socket)); + + LOCK(&socket->lock); + memset(socket->name, 0, sizeof(socket->name)); + strncpy(socket->name, name, sizeof(socket->name) - 1); + socket->tag = tag; + UNLOCK(&socket->lock); +} + +const char * +isc_socket_getname(isc_socket_t *socket) { + return (socket->name); +} + +void * +isc_socket_gettag(isc_socket_t *socket) { + return (socket->tag); +} + +#ifdef HAVE_LIBXML2 + +static const char * +_socktype(isc_sockettype_t type) +{ + if (type == isc_sockettype_udp) + return ("udp"); + else if (type == isc_sockettype_tcp) + return ("tcp"); + else if (type == isc_sockettype_unix) + return ("unix"); + else if (type == isc_sockettype_fdwatch) + return ("fdwatch"); + else + return ("not-initialized"); +} + +void +isc_socketmgr_renderxml(isc_socketmgr_t *mgr, xmlTextWriterPtr writer) +{ + isc_socket_t *sock; + char peerbuf[ISC_SOCKADDR_FORMATSIZE]; + isc_sockaddr_t addr; + ISC_SOCKADDR_LEN_T len; + + LOCK(&mgr->lock); + +#ifndef ISC_PLATFORM_USETHREADS + xmlTextWriterStartElement(writer, ISC_XMLCHAR "references"); + xmlTextWriterWriteFormatString(writer, "%d", mgr->refs); + xmlTextWriterEndElement(writer); +#endif + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "sockets"); + sock = ISC_LIST_HEAD(mgr->socklist); + while (sock != NULL) { + LOCK(&sock->lock); + xmlTextWriterStartElement(writer, ISC_XMLCHAR "socket"); + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "id"); + xmlTextWriterWriteFormatString(writer, "%p", sock); + xmlTextWriterEndElement(writer); + + if (sock->name[0] != 0) { + xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); + xmlTextWriterWriteFormatString(writer, "%s", + sock->name); + xmlTextWriterEndElement(writer); /* name */ + } + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "references"); + xmlTextWriterWriteFormatString(writer, "%d", sock->references); + xmlTextWriterEndElement(writer); + + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "type", + ISC_XMLCHAR _socktype(sock->type)); + + if (sock->connected) { + isc_sockaddr_format(&sock->peer_address, peerbuf, + sizeof(peerbuf)); + xmlTextWriterWriteElement(writer, + ISC_XMLCHAR "peer-address", + ISC_XMLCHAR peerbuf); + } + + len = sizeof(addr); + if (getsockname(sock->fd, &addr.type.sa, (void *)&len) == 0) { + isc_sockaddr_format(&addr, peerbuf, sizeof(peerbuf)); + xmlTextWriterWriteElement(writer, + ISC_XMLCHAR "local-address", + ISC_XMLCHAR peerbuf); + } + + xmlTextWriterStartElement(writer, ISC_XMLCHAR "states"); + if (sock->pending_recv) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "pending-receive"); + if (sock->pending_send) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "pending-send"); + if (sock->pending_accept) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "pending_accept"); + if (sock->listener) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "listener"); + if (sock->connected) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "connected"); + if (sock->connecting) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "connecting"); + if (sock->bound) + xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state", + ISC_XMLCHAR "bound"); + + xmlTextWriterEndElement(writer); /* states */ + + xmlTextWriterEndElement(writer); /* socket */ + + UNLOCK(&sock->lock); + sock = ISC_LIST_NEXT(sock, link); + } + xmlTextWriterEndElement(writer); /* sockets */ + + UNLOCK(&mgr->lock); +} +#endif /* HAVE_LIBXML2 */ diff --git a/contrib/bind-9.3/lib/isc/unix/socket_p.h b/contrib/bind-9.5.2/lib/isc/unix/socket_p.h similarity index 67% rename from contrib/bind-9.3/lib/isc/unix/socket_p.h rename to contrib/bind-9.5.2/lib/isc/unix/socket_p.h index f430bf22e1..1a34c9e042 100644 --- a/contrib/bind-9.3/lib/isc/unix/socket_p.h +++ b/contrib/bind-9.5.2/lib/isc/unix/socket_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,18 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket_p.h,v 1.6.206.1 2004/03/06 08:15:02 marka Exp $ */ +/* $Id: socket_p.h,v 1.11.128.2 2008/06/24 23:46:27 tbox Exp $ */ #ifndef ISC_SOCKET_P_H #define ISC_SOCKET_P_H +/*! \file */ + #ifdef ISC_PLATFORM_NEEDSYSSELECTH #include #endif -void -isc__socketmgr_getfdsets(fd_set *readset, fd_set *writeset, int *maxfd); - -isc_result_t -isc__socketmgr_dispatch(fd_set *readset, fd_set *writeset, int maxfd); - +typedef struct isc_socketwait isc_socketwait_t; +int isc__socketmgr_waitevents(struct timeval *, isc_socketwait_t **); +isc_result_t isc__socketmgr_dispatch(isc_socketwait_t *); #endif /* ISC_SOCKET_P_H */ diff --git a/contrib/bind-9.3/lib/isc/unix/stdio.c b/contrib/bind-9.5.2/lib/isc/unix/stdio.c similarity index 92% rename from contrib/bind-9.3/lib/isc/unix/stdio.c rename to contrib/bind-9.5.2/lib/isc/unix/stdio.c index 794164e73a..4e294dbc2f 100644 --- a/contrib/bind-9.3/lib/isc/unix/stdio.c +++ b/contrib/bind-9.5.2/lib/isc/unix/stdio.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdio.c,v 1.5.206.1 2004/03/06 08:15:02 marka Exp $ */ +/* $Id: stdio.c,v 1.8 2007/06/19 23:47:18 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/isc/unix/stdtime.c b/contrib/bind-9.5.2/lib/isc/unix/stdtime.c similarity index 89% rename from contrib/bind-9.3/lib/isc/unix/stdtime.c rename to contrib/bind-9.5.2/lib/isc/unix/stdtime.c index b8d818dcfd..c5d0c47df1 100644 --- a/contrib/bind-9.3/lib/isc/unix/stdtime.c +++ b/contrib/bind-9.5.2/lib/isc/unix/stdtime.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdtime.c,v 1.11.2.1.10.5 2005/06/09 23:54:31 marka Exp $ */ +/* $Id: stdtime.c,v 1.19 2007/06/19 23:47:18 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isc/unix/strerror.c b/contrib/bind-9.5.2/lib/isc/unix/strerror.c similarity index 84% rename from contrib/bind-9.3/lib/isc/unix/strerror.c rename to contrib/bind-9.5.2/lib/isc/unix/strerror.c index 863867e159..9d24d2b3a5 100644 --- a/contrib/bind-9.3/lib/isc/unix/strerror.c +++ b/contrib/bind-9.5.2/lib/isc/unix/strerror.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: strerror.c,v 1.1.2.1.10.3 2004/03/08 09:04:57 marka Exp $ */ +/* $Id: strerror.c,v 1.8.128.2 2009/02/16 23:46:44 tbox Exp $ */ + +/*! \file */ #include @@ -29,7 +31,7 @@ #include #ifdef HAVE_STRERROR -/* +/*% * We need to do this this way for profiled locks. */ static isc_mutex_t isc_strerror_lock; @@ -45,7 +47,7 @@ void isc__strerror(int num, char *buf, size_t size) { #ifdef HAVE_STRERROR char *msg; - unsigned int unum = num; + unsigned int unum = (unsigned int)num; static isc_once_t once = ISC_ONCE_INIT; REQUIRE(buf != NULL); @@ -60,7 +62,7 @@ isc__strerror(int num, char *buf, size_t size) { snprintf(buf, size, "Unknown error: %u", unum); UNLOCK(&isc_strerror_lock); #else - unsigned int unum = num; + unsigned int unum = (unsigned int)num; REQUIRE(buf != NULL); diff --git a/contrib/bind-9.3/lib/isc/unix/syslog.c b/contrib/bind-9.5.2/lib/isc/unix/syslog.c similarity index 88% rename from contrib/bind-9.3/lib/isc/unix/syslog.c rename to contrib/bind-9.5.2/lib/isc/unix/syslog.c index e531544522..997508e32b 100644 --- a/contrib/bind-9.3/lib/isc/unix/syslog.c +++ b/contrib/bind-9.5.2/lib/isc/unix/syslog.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,15 +15,17 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: syslog.c,v 1.1.12.3 2004/03/08 09:04:57 marka Exp $ */ +/* $Id: syslog.c,v 1.8 2007/09/13 04:45:18 each Exp $ */ + +/*! \file */ #include #include -#include #include #include +#include #include #include diff --git a/contrib/bind-9.3/lib/isc/unix/time.c b/contrib/bind-9.5.2/lib/isc/unix/time.c similarity index 91% rename from contrib/bind-9.3/lib/isc/unix/time.c rename to contrib/bind-9.5.2/lib/isc/unix/time.c index 39c851cebe..2697d8363f 100644 --- a/contrib/bind-9.3/lib/isc/unix/time.c +++ b/contrib/bind-9.5.2/lib/isc/unix/time.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.c,v 1.34.2.6.2.4 2004/03/06 08:15:03 marka Exp $ */ +/* $Id: time.c,v 1.54.128.2 2008/02/18 23:46:30 tbox Exp $ */ + +/*! \file */ #include @@ -33,9 +35,9 @@ #include #include -#define NS_PER_S 1000000000 /* Nanoseconds per second. */ -#define NS_PER_US 1000 /* Nanoseconds per microsecond. */ -#define US_PER_S 1000000 /* Microseconds per second. */ +#define NS_PER_S 1000000000 /*%< Nanoseconds per second. */ +#define NS_PER_US 1000 /*%< Nanoseconds per microsecond. */ +#define US_PER_S 1000000 /*%< Microseconds per second. */ /* * All of the INSIST()s checks of nanoseconds < NS_PER_S are for @@ -48,7 +50,7 @@ #define ISC_FIX_TV_USEC 1 #endif -/*** +/*% *** Intervals ***/ @@ -225,7 +227,7 @@ isc_time_nowplusinterval(isc_time_t *t, const isc_interval_t *i) { t->seconds = tv.tv_sec + i->seconds; t->nanoseconds = tv.tv_usec * NS_PER_US + i->nanoseconds; - if (t->nanoseconds > NS_PER_S) { + if (t->nanoseconds >= NS_PER_S) { t->seconds++; t->nanoseconds -= NS_PER_S; } @@ -408,5 +410,29 @@ isc_time_formattimestamp(const isc_time_t *t, char *buf, unsigned int len) { snprintf(buf + flen, len - flen, ".%03u", t->nanoseconds / 1000000); else - snprintf(buf, len, "99-Bad-9999 99:99:99.999"); + snprintf(buf, len, "99-Bad-9999 99:99:99.999"); +} + +void +isc_time_formathttptimestamp(const isc_time_t *t, char *buf, unsigned int len) { + time_t now; + unsigned int flen; + + REQUIRE(len > 0); + + now = (time_t)t->seconds; + flen = strftime(buf, len, "%a, %d %b %Y %H:%M:%S GMT", gmtime(&now)); + INSIST(flen < len); +} + +void +isc_time_formatISO8601(const isc_time_t *t, char *buf, unsigned int len) { + time_t now; + unsigned int flen; + + REQUIRE(len > 0); + + now = (time_t)t->seconds; + flen = strftime(buf, len, "%Y-%m-%dT%H:%M:%SZ", gmtime(&now)); + INSIST(flen < len); } diff --git a/contrib/bind-9.3/lib/isc/version.c b/contrib/bind-9.5.2/lib/isc/version.c similarity index 80% rename from contrib/bind-9.3/lib/isc/version.c rename to contrib/bind-9.5.2/lib/isc/version.c index d0f270d4a4..bfe4d6d6e1 100644 --- a/contrib/bind-9.3/lib/isc/version.c +++ b/contrib/bind-9.5.2/lib/isc/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.9.12.3 2004/03/08 09:04:51 marka Exp $ */ +/* $Id: version.c,v 1.15 2007/06/19 23:47:17 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/isc/x86_32/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/x86_32/include/isc/atomic.h new file mode 100644 index 0000000000..6b9cf29b83 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/x86_32/include/isc/atomic.h @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.8.118.2 2008/01/24 23:46:26 tbox Exp $ */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +#ifdef ISC_PLATFORM_USEGCCASM +/* + * This routine atomically increments the value stored in 'p' by 'val', and + * returns the previous value. + */ +static __inline__ isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + isc_int32_t prev = val; + + __asm__ volatile( +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xadd %0, %1" + :"=q"(prev) + :"m"(*p), "0"(prev) + :"memory", "cc"); + + return (prev); +} + +#ifdef ISC_PLATFORM_HAVEXADDQ +static __inline__ isc_int64_t +isc_atomic_xaddq(isc_int64_t *p, isc_int64_t val) { + isc_int64_t prev = val; + + __asm__ volatile( +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xaddq %0, %1" + :"=q"(prev) + :"m"(*p), "0"(prev) + :"memory", "cc"); + + return (prev); +} +#endif /* ISC_PLATFORM_HAVEXADDQ */ + +/* + * This routine atomically stores the value 'val' in 'p'. + */ +static __inline__ void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + __asm__ volatile( +#ifdef ISC_PLATFORM_USETHREADS + /* + * xchg should automatically lock memory, but we add it + * explicitly just in case (it at least doesn't harm) + */ + "lock;" +#endif + + "xchgl %1, %0" + : + : "r"(val), "m"(*p) + : "memory"); +} + +/* + * This routine atomically replaces the value in 'p' with 'val', if the + * original value is equal to 'cmpval'. The original value is returned in any + * case. + */ +static __inline__ isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + __asm__ volatile( +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "cmpxchgl %1, %2" + : "=a"(cmpval) + : "r"(val), "m"(*p), "a"(cmpval) + : "memory"); + + return (cmpval); +} + +#elif defined(ISC_PLATFORM_USESTDASM) +/* + * The followings are "generic" assembly code which implements the same + * functionality in case the gcc extension cannot be used. It should be + * better to avoid inlining below, since we directly refer to specific + * positions of the stack frame, which would not actually point to the + * intended address in the embedded mnemonic. + */ +#include /* for 'UNUSED' macro */ + +static isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + UNUSED(p); + UNUSED(val); + + __asm ( + "movl 8(%ebp), %ecx\n" + "movl 12(%ebp), %edx\n" +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xadd %edx, (%ecx)\n" + + /* + * set the return value directly in the register so that we + * can avoid guessing the correct position in the stack for a + * local variable. + */ + "movl %edx, %eax" + ); +} + +static void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + UNUSED(p); + UNUSED(val); + + __asm ( + "movl 8(%ebp), %ecx\n" + "movl 12(%ebp), %edx\n" +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xchgl (%ecx), %edx\n" + ); +} + +static isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + UNUSED(p); + UNUSED(cmpval); + UNUSED(val); + + __asm ( + "movl 8(%ebp), %ecx\n" + "movl 12(%ebp), %eax\n" /* must be %eax for cmpxchgl */ + "movl 16(%ebp), %edx\n" +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + + /* + * If (%ecx) == %eax then (%ecx) := %edx. + % %eax is set to old (%ecx), which will be the return value. + */ + "cmpxchgl %edx, (%ecx)" + ); +} +#else /* !ISC_PLATFORM_USEGCCASM && !ISC_PLATFORM_USESTDASM */ + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.5.2/lib/isc/x86_64/include/isc/atomic.h b/contrib/bind-9.5.2/lib/isc/x86_64/include/isc/atomic.h new file mode 100644 index 0000000000..f66359405f --- /dev/null +++ b/contrib/bind-9.5.2/lib/isc/x86_64/include/isc/atomic.h @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: atomic.h,v 1.4.128.2 2008/01/24 23:46:26 tbox Exp $ */ + +#ifndef ISC_ATOMIC_H +#define ISC_ATOMIC_H 1 + +#include +#include + +#ifdef ISC_PLATFORM_USEGCCASM + +/* We share the gcc-version with x86_32 */ +#error "impossible case. check build configuration" + +#elif defined(ISC_PLATFORM_USESTDASM) +/* + * The followings are "generic" assembly code which implements the same + * functionality in case the gcc extension cannot be used. It should be + * better to avoid inlining below, since we directly refer to specific + * registers for arguments, which would not actually correspond to the + * intended address or value in the embedded mnemonic. + */ +#include /* for 'UNUSED' macro */ + +static isc_int32_t +isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { + UNUSED(p); + UNUSED(val); + + __asm ( + "movq %rdi, %rdx\n" + "movl %esi, %eax\n" +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xadd %eax, (%rdx)\n" + /* + * XXX: assume %eax will be used as the return value. + */ + ); +} + +#ifdef ISC_PLATFORM_HAVEXADDQ +static isc_int64_t +isc_atomic_xaddq(isc_int64_t *p, isc_int64_t val) { + UNUSED(p); + UNUSED(val); + + __asm ( + "movq %rdi, %rdx\n" + "movq %rsi, %rax\n" +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xaddq %rax, (%rdx)\n" + /* + * XXX: assume %rax will be used as the return value. + */ + ); +} +#endif + +static void +isc_atomic_store(isc_int32_t *p, isc_int32_t val) { + UNUSED(p); + UNUSED(val); + + __asm ( + "movq %rdi, %rax\n" + "movl %esi, %edx\n" +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + "xchgl (%rax), %edx\n" + /* + * XXX: assume %rax will be used as the return value. + */ + ); +} + +static isc_int32_t +isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { + UNUSED(p); + UNUSED(cmpval); + UNUSED(val); + + __asm ( + "movl %edx, %ecx\n" + "movl %esi, %eax\n" + "movq %rdi, %rdx\n" + +#ifdef ISC_PLATFORM_USETHREADS + "lock;" +#endif + /* + * If (%rdi) == %eax then (%rdi) := %edx. + * %eax is set to old (%ecx), which will be the return value. + */ + "cmpxchgl %ecx, (%rdx)" + ); +} + +#else /* !ISC_PLATFORM_USEGCCASM && !ISC_PLATFORM_USESTDASM */ + +#error "unsupported compiler. disable atomic ops by --disable-atomic" + +#endif +#endif /* ISC_ATOMIC_H */ diff --git a/contrib/bind-9.3/lib/isccc/alist.c b/contrib/bind-9.5.2/lib/isccc/alist.c similarity index 87% rename from contrib/bind-9.3/lib/isccc/alist.c rename to contrib/bind-9.5.2/lib/isccc/alist.c index 21b14a25bf..4f1743ed49 100644 --- a/contrib/bind-9.3/lib/isccc/alist.c +++ b/contrib/bind-9.5.2/lib/isccc/alist.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: alist.c,v 1.2.206.1 2004/03/06 08:15:18 marka Exp $ */ +/* $Id: alist.c,v 1.8 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/isccc/api b/contrib/bind-9.5.2/lib/isccc/api new file mode 100644 index 0000000000..ad57a71f9e --- /dev/null +++ b/contrib/bind-9.5.2/lib/isccc/api @@ -0,0 +1,3 @@ +LIBINTERFACE = 40 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/contrib/bind-9.3/lib/isccc/base64.c b/contrib/bind-9.5.2/lib/isccc/base64.c similarity index 65% rename from contrib/bind-9.3/lib/isccc/base64.c rename to contrib/bind-9.5.2/lib/isccc/base64.c index 81d356c8ac..78b34edf4f 100644 --- a/contrib/bind-9.3/lib/isccc/base64.c +++ b/contrib/bind-9.5.2/lib/isccc/base64.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: base64.c,v 1.2.206.1 2004/03/06 08:15:19 marka Exp $ */ +/* $Id: base64.c,v 1.8 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isccc/cc.c b/contrib/bind-9.5.2/lib/isccc/cc.c similarity index 92% rename from contrib/bind-9.3/lib/isccc/cc.c rename to contrib/bind-9.5.2/lib/isccc/cc.c index ccf8c686ae..cfa1db662e 100644 --- a/contrib/bind-9.3/lib/isccc/cc.c +++ b/contrib/bind-9.5.2/lib/isccc/cc.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cc.c,v 1.4.2.3.2.5 2004/08/28 06:25:23 marka Exp $ */ +/* $Id: cc.c,v 1.18 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include @@ -44,12 +59,12 @@ typedef isccc_sexpr_t *sexpr_ptr; static unsigned char auth_hmd5[] = { - 0x05, 0x5f, 0x61, 0x75, 0x74, 0x68, /* len + _auth */ - ISCCC_CCMSGTYPE_TABLE, /* message type */ - 0x00, 0x00, 0x00, 0x20, /* length == 32 */ - 0x04, 0x68, 0x6d, 0x64, 0x35, /* len + hmd5 */ - ISCCC_CCMSGTYPE_BINARYDATA, /* message type */ - 0x00, 0x00, 0x00, 0x16, /* length == 22 */ + 0x05, 0x5f, 0x61, 0x75, 0x74, 0x68, /*%< len + _auth */ + ISCCC_CCMSGTYPE_TABLE, /*%< message type */ + 0x00, 0x00, 0x00, 0x20, /*%< length == 32 */ + 0x04, 0x68, 0x6d, 0x64, 0x35, /*%< len + hmd5 */ + ISCCC_CCMSGTYPE_BINARYDATA, /*%< message type */ + 0x00, 0x00, 0x00, 0x16, /*%< length == 22 */ /* * The base64 encoding of one of our HMAC-MD5 signatures is * 22 bytes. @@ -59,7 +74,7 @@ static unsigned char auth_hmd5[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -#define HMD5_OFFSET 21 /* 6 + 1 + 4 + 5 + 1 + 4 */ +#define HMD5_OFFSET 21 /*%< 21 = 6 + 1 + 4 + 5 + 1 + 4 */ #define HMD5_LENGTH 22 static isc_result_t @@ -466,12 +481,21 @@ createmessage(isc_uint32_t version, const char *from, const char *to, result = ISC_R_NOMEMORY; _ctrl = isccc_alist_create(); + if (_ctrl == NULL) + goto bad; + if (isccc_alist_define(alist, "_ctrl", _ctrl) == NULL) { + isccc_sexpr_free(&_ctrl); + goto bad; + } + _data = isccc_alist_create(); - if (_ctrl == NULL || _data == NULL) + if (_data == NULL) goto bad; - if (isccc_alist_define(alist, "_ctrl", _ctrl) == NULL || - isccc_alist_define(alist, "_data", _data) == NULL) + if (isccc_alist_define(alist, "_data", _data) == NULL) { + isccc_sexpr_free(&_data); goto bad; + } + if (isccc_cc_defineuint32(_ctrl, "_ser", serial) == NULL || isccc_cc_defineuint32(_ctrl, "_tim", now) == NULL || (want_expires && diff --git a/contrib/bind-9.3/lib/isccc/ccmsg.c b/contrib/bind-9.5.2/lib/isccc/ccmsg.c similarity index 84% rename from contrib/bind-9.3/lib/isccc/ccmsg.c rename to contrib/bind-9.5.2/lib/isccc/ccmsg.c index fc5fae8aa3..298fc22d34 100644 --- a/contrib/bind-9.3/lib/isccc/ccmsg.c +++ b/contrib/bind-9.5.2/lib/isccc/ccmsg.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ccmsg.c,v 1.4.206.1 2004/03/06 08:15:19 marka Exp $ */ +/* $Id: ccmsg.c,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/alist.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/alist.h similarity index 66% rename from contrib/bind-9.3/lib/isccc/include/isccc/alist.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/alist.h index 409c48b817..29147a625b 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/alist.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/alist.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,11 +29,13 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: alist.h,v 1.2.206.1 2004/03/06 08:15:21 marka Exp $ */ +/* $Id: alist.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_ALIST_H #define ISCCC_ALIST_H 1 +/*! \file isccc/alist.h */ + #include #include diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/base64.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/base64.h similarity index 50% rename from contrib/bind-9.3/lib/isccc/include/isccc/base64.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/base64.h index 14fbe577b7..795b0449dc 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/base64.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/base64.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,11 +29,13 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: base64.h,v 1.2.206.1 2004/03/06 08:15:21 marka Exp $ */ +/* $Id: base64.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_BASE64_H #define ISCCC_BASE64_H 1 +/*! \file isccc/base64.h */ + #include #include @@ -33,36 +48,36 @@ ISC_LANG_BEGINDECLS isc_result_t isccc_base64_encode(isccc_region_t *source, int wordlength, const char *wordbreak, isccc_region_t *target); -/* +/*%< * Convert data into base64 encoded text. * * Notes: - * The base64 encoded text in 'target' will be divided into + *\li The base64 encoded text in 'target' will be divided into * words of at most 'wordlength' characters, separated by * the 'wordbreak' string. No parentheses will surround * the text. * * Requires: - * 'source' is a region containing binary data. - * 'target' is a text region containing available space. - * 'wordbreak' points to a null-terminated string of + *\li 'source' is a region containing binary data. + *\li 'target' is a text region containing available space. + *\li 'wordbreak' points to a null-terminated string of * zero or more whitespace characters. */ isc_result_t isccc_base64_decode(const char *cstr, isccc_region_t *target); -/* +/*%< * Decode a null-terminated base64 string. * * Requires: - * 'cstr' is non-null. - * 'target' is a valid region. + *\li 'cstr' is non-null. + *\li 'target' is a valid region. * * Returns: - * ISC_R_SUCCESS -- the entire decoded representation of 'cstring' + *\li #ISC_R_SUCCESS -- the entire decoded representation of 'cstring' * fit in 'target'. - * ISC_R_BADBASE64 -- 'cstr' is not a valid base64 encoding. - * ISC_R_NOSPACE -- 'target' is not big enough. + *\li #ISC_R_BADBASE64 -- 'cstr' is not a valid base64 encoding. + *\li #ISC_R_NOSPACE -- 'target' is not big enough. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/cc.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/cc.h similarity index 63% rename from contrib/bind-9.3/lib/isccc/include/isccc/cc.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/cc.h index aedf1f7570..79393be7b1 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/cc.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/cc.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,69 +29,90 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cc.h,v 1.3.206.1 2004/03/06 08:15:21 marka Exp $ */ +/* $Id: cc.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_CC_H #define ISCCC_CC_H 1 +/*! \file isccc/cc.h */ + #include #include ISC_LANG_BEGINDECLS +/*% Maximum Datagram Package */ #define ISCCC_CC_MAXDGRAMPACKET 4096 +/*% Message Type String */ #define ISCCC_CCMSGTYPE_STRING 0x00 +/*% Message Type Binary Data */ #define ISCCC_CCMSGTYPE_BINARYDATA 0x01 +/*% Message Type Table */ #define ISCCC_CCMSGTYPE_TABLE 0x02 +/*% Message Type List */ #define ISCCC_CCMSGTYPE_LIST 0x03 +/*% Send to Wire */ isc_result_t isccc_cc_towire(isccc_sexpr_t *alist, isccc_region_t *target, isccc_region_t *secret); +/*% Get From Wire */ isc_result_t isccc_cc_fromwire(isccc_region_t *source, isccc_sexpr_t **alistp, isccc_region_t *secret); +/*% Create Message */ isc_result_t isccc_cc_createmessage(isc_uint32_t version, const char *from, const char *to, isc_uint32_t serial, isccc_time_t now, isccc_time_t expires, isccc_sexpr_t **alistp); +/*% Create Acknowledgment */ isc_result_t isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok, isccc_sexpr_t **ackp); +/*% Is Ack? */ isc_boolean_t isccc_cc_isack(isccc_sexpr_t *message); +/*% Is Reply? */ isc_boolean_t isccc_cc_isreply(isccc_sexpr_t *message); +/*% Create Response */ isc_result_t isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now, isccc_time_t expires, isccc_sexpr_t **alistp); +/*% Define String */ isccc_sexpr_t * isccc_cc_definestring(isccc_sexpr_t *alist, const char *key, const char *str); +/*% Define uint 32 */ isccc_sexpr_t * isccc_cc_defineuint32(isccc_sexpr_t *alist, const char *key, isc_uint32_t i); +/*% Lookup String */ isc_result_t isccc_cc_lookupstring(isccc_sexpr_t *alist, const char *key, char **strp); +/*% Lookup uint 32 */ isc_result_t isccc_cc_lookupuint32(isccc_sexpr_t *alist, const char *key, isc_uint32_t *uintp); +/*% Create Symbol Table */ isc_result_t isccc_cc_createsymtab(isccc_symtab_t **symtabp); +/*% Clean up Symbol Table */ void isccc_cc_cleansymtab(isccc_symtab_t *symtab, isccc_time_t now); +/*% Check for Duplicates */ isc_result_t isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message, isccc_time_t now); diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/ccmsg.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/ccmsg.h similarity index 60% rename from contrib/bind-9.3/lib/isccc/include/isccc/ccmsg.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/ccmsg.h index 54734bb22f..e25aa510b2 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/ccmsg.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/ccmsg.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,15 +29,18 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ccmsg.h,v 1.3.206.1 2004/03/06 08:15:21 marka Exp $ */ +/* $Id: ccmsg.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_CCMSG_H #define ISCCC_CCMSG_H 1 +/*! \file isccc/ccmsg.h */ + #include #include #include +/*% ISCCC Message Structure */ typedef struct isccc_ccmsg { /* private (don't touch!) */ unsigned int magic; @@ -46,56 +62,56 @@ ISC_LANG_BEGINDECLS void isccc_ccmsg_init(isc_mem_t *mctx, isc_socket_t *sock, isccc_ccmsg_t *ccmsg); -/* +/*% * Associate a cc message state with a given memory context and * TCP socket. * * Requires: * - * "mctx" and "sock" be non-NULL and valid types. + *\li "mctx" and "sock" be non-NULL and valid types. * - * "sock" be a read/write TCP socket. + *\li "sock" be a read/write TCP socket. * - * "ccmsg" be non-NULL and an uninitialized or invalidated structure. + *\li "ccmsg" be non-NULL and an uninitialized or invalidated structure. * * Ensures: * - * "ccmsg" is a valid structure. + *\li "ccmsg" is a valid structure. */ void isccc_ccmsg_setmaxsize(isccc_ccmsg_t *ccmsg, unsigned int maxsize); -/* +/*% * Set the maximum packet size to "maxsize" * * Requires: * - * "ccmsg" be valid. + *\li "ccmsg" be valid. * - * 512 <= "maxsize" <= 4294967296 + *\li 512 <= "maxsize" <= 4294967296 */ isc_result_t isccc_ccmsg_readmessage(isccc_ccmsg_t *ccmsg, isc_task_t *task, isc_taskaction_t action, void *arg); -/* +/*% * Schedule an event to be delivered when a command channel message is * readable, or when an error occurs on the socket. * * Requires: * - * "ccmsg" be valid. + *\li "ccmsg" be valid. * - * "task", "taskaction", and "arg" be valid. + *\li "task", "taskaction", and "arg" be valid. * * Returns: * - * ISC_R_SUCCESS -- no error - * Anything that the isc_socket_recv() call can return. XXXMLG + *\li #ISC_R_SUCCESS -- no error + *\li Anything that the isc_socket_recv() call can return. XXXMLG * * Notes: * - * The event delivered is a fully generic event. It will contain no + *\li The event delivered is a fully generic event. It will contain no * actual data. The sender will be a pointer to the isccc_ccmsg_t. * The result code inside that structure should be checked to see * what the final result was. @@ -103,27 +119,27 @@ isccc_ccmsg_readmessage(isccc_ccmsg_t *ccmsg, void isccc_ccmsg_cancelread(isccc_ccmsg_t *ccmsg); -/* +/*% * Cancel a readmessage() call. The event will still be posted with a * CANCELED result code. * * Requires: * - * "ccmsg" be valid. + *\li "ccmsg" be valid. */ void isccc_ccmsg_invalidate(isccc_ccmsg_t *ccmsg); -/* +/*% * Clean up all allocated state, and invalidate the structure. * * Requires: * - * "ccmsg" be valid. + *\li "ccmsg" be valid. * * Ensures: * - * "ccmsg" is invalidated and disassociated with all memory contexts, + *\li "ccmsg" is invalidated and disassociated with all memory contexts, * sockets, etc. */ diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/events.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/events.h similarity index 52% rename from contrib/bind-9.3/lib/isccc/include/isccc/events.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/events.h index b78fc6581e..a3e14703d4 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/events.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/events.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,14 +29,16 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: events.h,v 1.2.206.1 2004/03/06 08:15:22 marka Exp $ */ +/* $Id: events.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_EVENTS_H #define ISCCC_EVENTS_H 1 +/*! \file isccc/events.h */ + #include -/* +/*% * Registry of ISCCC event numbers. */ diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/lib.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/lib.h similarity index 53% rename from contrib/bind-9.3/lib/isccc/include/isccc/lib.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/lib.h index a57357d280..de74666b01 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/lib.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/lib.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,11 +29,13 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.h,v 1.2.12.3 2004/03/08 09:05:05 marka Exp $ */ +/* $Id: lib.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_LIB_H #define ISCCC_LIB_H 1 +/*! \file isccc/lib.h */ + #include #include @@ -30,7 +45,7 @@ LIBISCCC_EXTERNAL_DATA extern isc_msgcat_t *isccc_msgcat; void isccc_lib_initmsgcat(void); -/* +/*% * Initialize the ISCCC library's message catalog, isccc_msgcat, if it * has not already been initialized. */ diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/result.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/result.h similarity index 56% rename from contrib/bind-9.3/lib/isccc/include/isccc/result.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/result.h index 33bbb4fc0c..2d54969d71 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/result.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/result.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,31 +29,39 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.3.2.2.2.1 2004/03/06 08:15:22 marka Exp $ */ +/* $Id: result.h,v 1.12 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_RESULT_H #define ISCCC_RESULT_H 1 +/*! \file isccc/result.h */ + #include #include #include #include +/*% Unknown Version */ #define ISCCC_R_UNKNOWNVERSION (ISC_RESULTCLASS_ISCCC + 0) +/*% Syntax Error */ #define ISCCC_R_SYNTAX (ISC_RESULTCLASS_ISCCC + 1) +/*% Bad Authorization */ #define ISCCC_R_BADAUTH (ISC_RESULTCLASS_ISCCC + 2) +/*% Expired */ #define ISCCC_R_EXPIRED (ISC_RESULTCLASS_ISCCC + 3) +/*% Clock Skew */ #define ISCCC_R_CLOCKSKEW (ISC_RESULTCLASS_ISCCC + 4) +/*% Duplicate */ #define ISCCC_R_DUPLICATE (ISC_RESULTCLASS_ISCCC + 5) -#define ISCCC_R_NRESULTS 6 /* Number of results */ +#define ISCCC_R_NRESULTS 6 /*%< Number of results */ ISC_LANG_BEGINDECLS const char * isccc_result_totext(isc_result_t result); -/* +/*% * Convert a isccc_result_t into a string message describing the result. */ diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/sexpr.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/sexpr.h similarity index 69% rename from contrib/bind-9.3/lib/isccc/include/isccc/sexpr.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/sexpr.h index 0195a94694..6112631cb0 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/sexpr.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/sexpr.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,11 +29,13 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sexpr.h,v 1.3.206.1 2004/03/06 08:15:22 marka Exp $ */ +/* $Id: sexpr.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_SEXPR_H #define ISCCC_SEXPR_H 1 +/*! \file isccc/sexpr.h */ + #include #include @@ -28,11 +43,13 @@ ISC_LANG_BEGINDECLS +/*% dotted pair structure */ struct isccc_dottedpair { isccc_sexpr_t *car; isccc_sexpr_t *cdr; }; +/*% iscc_sexpr structure */ struct isccc_sexpr { unsigned int type; union { @@ -42,7 +59,7 @@ struct isccc_sexpr { } value; }; -#define ISCCC_SEXPRTYPE_NONE 0x00 /* Illegal. */ +#define ISCCC_SEXPRTYPE_NONE 0x00 /*%< Illegal. */ #define ISCCC_SEXPRTYPE_T 0x01 #define ISCCC_SEXPRTYPE_STRING 0x02 #define ISCCC_SEXPRTYPE_DOTTEDPAIR 0x03 diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/symtab.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/symtab.h similarity index 74% rename from contrib/bind-9.3/lib/isccc/include/isccc/symtab.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/symtab.h index 53f30e7abd..77a188ac42 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/symtab.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/symtab.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: symtab.h,v 1.2.206.1 2004/03/06 08:15:22 marka Exp $ */ +/* $Id: symtab.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_SYMTAB_H #define ISCCC_SYMTAB_H 1 @@ -25,9 +38,8 @@ ***** Module Info *****/ -/* - * Symbol Table - * +/*! \file isccc/symtab.h + * \brief * Provides a simple memory-based symbol table. * * Keys are C strings. A type may be specified when looking up, @@ -39,11 +51,11 @@ * exists in the table. What to do in this case is specified by the * client. Possible policies are: * - * isccc_symexists_reject Disallow the define, returning ISC_R_EXISTS - * isccc_symexists_replace Replace the old value with the new. The + *\li isccc_symexists_reject Disallow the define, returning #ISC_R_EXISTS + *\li isccc_symexists_replace Replace the old value with the new. The * undefine action (if provided) will be called * with the old tuple. - * isccc_symexists_add Add the new tuple, leaving the old tuple in + *\li isccc_symexists_add Add the new tuple, leaving the old tuple in * the table. Subsequent lookups will retrieve * the most-recently-defined tuple. * diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/symtype.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/symtype.h similarity index 51% rename from contrib/bind-9.3/lib/isccc/include/isccc/symtype.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/symtype.h index 2c15603ec3..c8e6868c37 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/symtype.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/symtype.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,11 +29,13 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: symtype.h,v 1.2.206.1 2004/03/06 08:15:22 marka Exp $ */ +/* $Id: symtype.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_SYMTYPE_H #define ISCCC_SYMTYPE_H 1 +/*! \file isccc/symtype.h */ + #define ISCCC_SYMTYPE_ZONESTATS 0x0001 #define ISCCC_SYMTYPE_CCDUP 0x0002 #define ISCCC_SYMTYPE_TELLSERVICE 0x0003 diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/types.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/types.h similarity index 51% rename from contrib/bind-9.3/lib/isccc/include/isccc/types.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/types.h index 9b21ca1524..fd5c9f3e1f 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/types.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/types.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,20 +29,28 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.2.206.1 2004/03/06 08:15:23 marka Exp $ */ +/* $Id: types.h,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_TYPES_H #define ISCCC_TYPES_H 1 +/*! \file isccc/types.h */ + #include #include #include +/*% isccc_time_t typedef */ typedef isc_uint32_t isccc_time_t; + +/*% isccc_sexpr_t typedef */ typedef struct isccc_sexpr isccc_sexpr_t; +/*% isccc_dottedpair_t typedef */ typedef struct isccc_dottedpair isccc_dottedpair_t; +/*% isccc_symtab_t typedef */ typedef struct isccc_symtab isccc_symtab_t; +/*% iscc region structure */ typedef struct isccc_region { unsigned char * rstart; unsigned char * rend; diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/util.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/util.h similarity index 81% rename from contrib/bind-9.3/lib/isccc/include/isccc/util.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/util.h index 84425867d6..2e36b6e32d 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/util.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/util.h @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,17 +29,18 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.h,v 1.3.206.1 2004/03/06 08:15:23 marka Exp $ */ +/* $Id: util.h,v 1.11 2007/08/28 07:20:43 tbox Exp $ */ #ifndef ISCCC_UTIL_H #define ISCCC_UTIL_H 1 #include -/* +/*! \file isccc/util.h + * \brief * Macros for dealing with unaligned numbers. * - * Note: no side effects are allowed when invoking these macros! + * \note no side effects are allowed when invoking these macros! */ #define GET8(v, w) \ @@ -193,7 +207,7 @@ (r).rend = (r).rstart + strlen(s); \ } while (0) -/* +/*% * Use this to remove the const qualifier of a variable to assign it to * a non-const variable or pass it as a non-const function argument ... * but only when you are sure it won't then be changed! diff --git a/contrib/bind-9.3/lib/isccc/include/isccc/version.h b/contrib/bind-9.5.2/lib/isccc/include/isccc/version.h similarity index 80% rename from contrib/bind-9.3/lib/isccc/include/isccc/version.h rename to contrib/bind-9.5.2/lib/isccc/include/isccc/version.h index 36a909c514..869316c273 100644 --- a/contrib/bind-9.3/lib/isccc/include/isccc/version.h +++ b/contrib/bind-9.5.2/lib/isccc/include/isccc/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.2.222.3 2004/03/08 09:05:05 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file isccc/version.h */ #include diff --git a/contrib/bind-9.3/lib/isccc/lib.c b/contrib/bind-9.5.2/lib/isccc/lib.c similarity index 59% rename from contrib/bind-9.3/lib/isccc/lib.c rename to contrib/bind-9.5.2/lib/isccc/lib.c index d37e28c768..17170f5dde 100644 --- a/contrib/bind-9.3/lib/isccc/lib.c +++ b/contrib/bind-9.5.2/lib/isccc/lib.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.c,v 1.2.12.3 2004/03/08 09:05:04 marka Exp $ */ +/* $Id: lib.c,v 1.9 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isccc/result.c b/contrib/bind-9.5.2/lib/isccc/result.c similarity index 64% rename from contrib/bind-9.3/lib/isccc/result.c rename to contrib/bind-9.5.2/lib/isccc/result.c index e63e85fa14..cbedc16fb0 100644 --- a/contrib/bind-9.3/lib/isccc/result.c +++ b/contrib/bind-9.5.2/lib/isccc/result.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.c,v 1.3.2.2.2.1 2004/03/06 08:15:19 marka Exp $ */ +/* $Id: result.c,v 1.10 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isccc/sexpr.c b/contrib/bind-9.5.2/lib/isccc/sexpr.c similarity index 87% rename from contrib/bind-9.3/lib/isccc/sexpr.c rename to contrib/bind-9.5.2/lib/isccc/sexpr.c index a372a7d2aa..e96536dfce 100644 --- a/contrib/bind-9.3/lib/isccc/sexpr.c +++ b/contrib/bind-9.5.2/lib/isccc/sexpr.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +29,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sexpr.c,v 1.2.12.3 2004/03/08 09:05:04 marka Exp $ */ +/* $Id: sexpr.c,v 1.9 2007/08/28 07:20:43 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.3/lib/isccc/symtab.c b/contrib/bind-9.5.2/lib/isccc/symtab.c similarity index 86% rename from contrib/bind-9.3/lib/isccc/symtab.c rename to contrib/bind-9.5.2/lib/isccc/symtab.c index 6aca4850f4..d7ae68790d 100644 --- a/contrib/bind-9.3/lib/isccc/symtab.c +++ b/contrib/bind-9.5.2/lib/isccc/symtab.c @@ -1,9 +1,22 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NOMINUM DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * * Portions Copyright (C) 2001 Nominum, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,16 +29,18 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: symtab.c,v 1.3.12.3 2004/03/08 09:05:04 marka Exp $ */ +/* $Id: symtab.c,v 1.11 2007/09/13 04:45:18 each Exp $ */ + +/*! \file */ #include #include #include -#include #include #include +#include #include #include diff --git a/contrib/bind-9.3/lib/isccc/version.c b/contrib/bind-9.5.2/lib/isccc/version.c similarity index 80% rename from contrib/bind-9.3/lib/isccc/version.c rename to contrib/bind-9.5.2/lib/isccc/version.c index 08cda2f33d..c9d912405b 100644 --- a/contrib/bind-9.3/lib/isccc/version.c +++ b/contrib/bind-9.5.2/lib/isccc/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.1.12.3 2004/03/08 09:05:04 marka Exp $ */ +/* $Id: version.c,v 1.7 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/isccfg/aclconf.c b/contrib/bind-9.5.2/lib/isccfg/aclconf.c new file mode 100644 index 0000000000..1bdb4e8f55 --- /dev/null +++ b/contrib/bind-9.5.2/lib/isccfg/aclconf.c @@ -0,0 +1,437 @@ +/* + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2002 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: aclconf.c,v 1.17.2.7 2009/01/19 23:47:03 tbox Exp $ */ + +#include + +#include +#include /* Required for HP/UX (and others?) */ +#include + +#include +#include + +#include +#include +#include +#include + +#define LOOP_MAGIC ISC_MAGIC('L','O','O','P') + +void +cfg_aclconfctx_init(cfg_aclconfctx_t *ctx) { + ISC_LIST_INIT(ctx->named_acl_cache); +} + +void +cfg_aclconfctx_destroy(cfg_aclconfctx_t *ctx) { + dns_acl_t *dacl, *next; + + for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); + dacl != NULL; + dacl = next) + { + next = ISC_LIST_NEXT(dacl, nextincache); + dns_acl_detach(&dacl); + } +} + +/* + * Find the definition of the named acl whose name is "name". + */ +static isc_result_t +get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) { + isc_result_t result; + const cfg_obj_t *acls = NULL; + const cfg_listelt_t *elt; + + result = cfg_map_get(cctx, "acl", &acls); + if (result != ISC_R_SUCCESS) + return (result); + for (elt = cfg_list_first(acls); + elt != NULL; + elt = cfg_list_next(elt)) { + const cfg_obj_t *acl = cfg_listelt_value(elt); + const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); + if (strcasecmp(aclname, name) == 0) { + if (ret != NULL) { + *ret = cfg_tuple_get(acl, "value"); + } + return (ISC_R_SUCCESS); + } + } + return (ISC_R_NOTFOUND); +} + +static isc_result_t +convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx, + isc_log_t *lctx, cfg_aclconfctx_t *ctx, + isc_mem_t *mctx, unsigned int nest_level, + dns_acl_t **target) +{ + isc_result_t result; + const cfg_obj_t *cacl = NULL; + dns_acl_t *dacl; + dns_acl_t loop; + const char *aclname = cfg_obj_asstring(nameobj); + + /* Look for an already-converted version. */ + for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); + dacl != NULL; + dacl = ISC_LIST_NEXT(dacl, nextincache)) + { + if (strcasecmp(aclname, dacl->name) == 0) { + if (ISC_MAGIC_VALID(dacl, LOOP_MAGIC)) { + cfg_obj_log(nameobj, lctx, ISC_LOG_ERROR, + "acl loop detected: %s", aclname); + return (ISC_R_FAILURE); + } + dns_acl_attach(dacl, target); + return (ISC_R_SUCCESS); + } + } + /* Not yet converted. Convert now. */ + result = get_acl_def(cctx, aclname, &cacl); + if (result != ISC_R_SUCCESS) { + cfg_obj_log(nameobj, lctx, ISC_LOG_WARNING, + "undefined ACL '%s'", aclname); + return (result); + } + /* + * Add a loop detection element. + */ + memset(&loop, 0, sizeof(loop)); + ISC_LINK_INIT(&loop, nextincache); + DE_CONST(aclname, loop.name); + loop.magic = LOOP_MAGIC; + ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache); + result = cfg_acl_fromconfig(cacl, cctx, lctx, ctx, mctx, + nest_level, &dacl); + ISC_LIST_UNLINK(ctx->named_acl_cache, &loop, nextincache); + loop.magic = 0; + loop.name = NULL; + if (result != ISC_R_SUCCESS) + return (result); + dacl->name = isc_mem_strdup(dacl->mctx, aclname); + if (dacl->name == NULL) + return (ISC_R_NOMEMORY); + ISC_LIST_APPEND(ctx->named_acl_cache, dacl, nextincache); + dns_acl_attach(dacl, target); + return (ISC_R_SUCCESS); +} + +static isc_result_t +convert_keyname(const cfg_obj_t *keyobj, isc_log_t *lctx, isc_mem_t *mctx, + dns_name_t *dnsname) +{ + isc_result_t result; + isc_buffer_t buf; + dns_fixedname_t fixname; + unsigned int keylen; + const char *txtname = cfg_obj_asstring(keyobj); + + keylen = strlen(txtname); + isc_buffer_init(&buf, txtname, keylen); + isc_buffer_add(&buf, keylen); + dns_fixedname_init(&fixname); + result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf, + dns_rootname, ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) { + cfg_obj_log(keyobj, lctx, ISC_LOG_WARNING, + "key name '%s' is not a valid domain name", + txtname); + return (result); + } + return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname)); +} + +/* + * Recursively pre-parse an ACL definition to find the total number + * of non-IP-prefix elements (localhost, localnets, key) in all nested + * ACLs, so that the parent will have enough space allocated for the + * elements table after all the nested ACLs have been merged in to the + * parent. + */ +static int +count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx) +{ + const cfg_listelt_t *elt; + const cfg_obj_t *cacl = NULL; + isc_result_t result; + int n = 0; + + for (elt = cfg_list_first(caml); + elt != NULL; + elt = cfg_list_next(elt)) { + const cfg_obj_t *ce = cfg_listelt_value(elt); + + /* negated element; just get the value. */ + if (cfg_obj_istuple(ce)) + ce = cfg_tuple_get(ce, "value"); + + if (cfg_obj_istype(ce, &cfg_type_keyref)) { + n++; + } else if (cfg_obj_islist(ce)) { + n += count_acl_elements(ce, cctx); + } else if (cfg_obj_isstring(ce)) { + const char *name = cfg_obj_asstring(ce); + if (strcasecmp(name, "localhost") == 0 || + strcasecmp(name, "localnets") == 0) { + n++; + } else if (strcasecmp(name, "any") != 0 && + strcasecmp(name, "none") != 0) { + result = get_acl_def(cctx, name, &cacl); + if (result == ISC_R_SUCCESS) + n += count_acl_elements(cacl, cctx) + 1; + } + } + } + + return n; +} + +isc_result_t +cfg_acl_fromconfig(const cfg_obj_t *caml, + const cfg_obj_t *cctx, + isc_log_t *lctx, + cfg_aclconfctx_t *ctx, + isc_mem_t *mctx, + unsigned int nest_level, + dns_acl_t **target) +{ + isc_result_t result; + dns_acl_t *dacl = NULL, *inneracl = NULL; + dns_aclelement_t *de; + const cfg_listelt_t *elt; + dns_iptable_t *iptab; + int new_nest_level = 0; + + if (nest_level != 0) + new_nest_level = nest_level - 1; + + REQUIRE(target != NULL); + REQUIRE(*target == NULL || DNS_ACL_VALID(*target)); + + if (*target != NULL) { + /* + * If target already points to an ACL, then we're being + * called recursively to configure a nested ACL. The + * nested ACL's contents should just be absorbed into its + * parent ACL. + */ + dns_acl_attach(*target, &dacl); + dns_acl_detach(target); + } else { + /* + * Need to allocate a new ACL structure. Count the items + * in the ACL definition that will require space in the + * elements table. (Note that if nest_level is nonzero, + * *everything* goes in the elements table.) + */ + int nelem; + + if (nest_level == 0) + nelem = count_acl_elements(caml, cctx); + else + nelem = cfg_list_length(caml, ISC_FALSE); + + result = dns_acl_create(mctx, nelem, &dacl); + if (result != ISC_R_SUCCESS) + return (result); + } + + de = dacl->elements; + for (elt = cfg_list_first(caml); + elt != NULL; + elt = cfg_list_next(elt)) { + const cfg_obj_t *ce = cfg_listelt_value(elt); + isc_boolean_t neg; + + if (cfg_obj_istuple(ce)) { + /* This must be a negated element. */ + ce = cfg_tuple_get(ce, "value"); + neg = ISC_TRUE; + dacl->has_negatives = ISC_TRUE; + } else + neg = ISC_FALSE; + + /* + * If nest_level is nonzero, then every element is + * to be stored as a separate, nested ACL rather than + * merged into the main iptable. + */ + iptab = dacl->iptable; + + if (nest_level != 0) { + result = dns_acl_create(mctx, + cfg_list_length(ce, ISC_FALSE), + &de->nestedacl); + if (result != ISC_R_SUCCESS) + goto cleanup; + iptab = de->nestedacl->iptable; + } + + if (cfg_obj_isnetprefix(ce)) { + /* Network prefix */ + isc_netaddr_t addr; + unsigned int bitlen; + + cfg_obj_asnetprefix(ce, &addr, &bitlen); + + /* + * If nesting ACLs (nest_level != 0), we negate + * the nestedacl element, not the iptable entry. + */ + result = dns_iptable_addprefix(iptab, &addr, bitlen, + ISC_TF(nest_level != 0 || !neg)); + if (result != ISC_R_SUCCESS) + goto cleanup; + + if (nest_level > 0) { + de->type = dns_aclelementtype_nestedacl; + de->negative = neg; + } else + continue; + } else if (cfg_obj_islist(ce)) { + /* + * If we're nesting ACLs, put the nested + * ACL onto the elements list; otherwise + * merge it into *this* ACL. We nest ACLs + * in two cases: 1) sortlist, 2) if the + * nested ACL contains negated members. + */ + if (inneracl != NULL) + dns_acl_detach(&inneracl); + result = cfg_acl_fromconfig(ce, cctx, lctx, + ctx, mctx, new_nest_level, + &inneracl); + if (result != ISC_R_SUCCESS) + goto cleanup; +nested_acl: + if (nest_level > 0 || inneracl->has_negatives) { + de->type = dns_aclelementtype_nestedacl; + de->negative = neg; + if (de->nestedacl != NULL) + dns_acl_detach(&de->nestedacl); + dns_acl_attach(inneracl, + &de->nestedacl); + dns_acl_detach(&inneracl); + /* Fall through. */ + } else { + dns_acl_merge(dacl, inneracl, + ISC_TF(!neg)); + de += inneracl->length; /* elements added */ + dns_acl_detach(&inneracl); + continue; + } + } else if (cfg_obj_istype(ce, &cfg_type_keyref)) { + /* Key name. */ + de->type = dns_aclelementtype_keyname; + de->negative = neg; + dns_name_init(&de->keyname, NULL); + result = convert_keyname(ce, lctx, mctx, + &de->keyname); + if (result != ISC_R_SUCCESS) + goto cleanup; + } else if (cfg_obj_isstring(ce)) { + /* ACL name. */ + const char *name = cfg_obj_asstring(ce); + if (strcasecmp(name, "any") == 0) { + /* Iptable entry with zero bit length. */ + result = dns_iptable_addprefix(iptab, NULL, 0, + ISC_TF(nest_level != 0 || !neg)); + if (result != ISC_R_SUCCESS) + goto cleanup; + + if (nest_level != 0) { + de->type = dns_aclelementtype_nestedacl; + de->negative = neg; + } else + continue; + } else if (strcasecmp(name, "none") == 0) { + /* none == !any */ + /* + * We don't unconditional set + * dacl->has_negatives and + * de->negative to true so we can handle + * "!none;". + */ + result = dns_iptable_addprefix(iptab, NULL, 0, + ISC_TF(nest_level != 0 || neg)); + if (result != ISC_R_SUCCESS) + goto cleanup; + + if (!neg) + dacl->has_negatives = !neg; + + if (nest_level != 0) { + de->type = dns_aclelementtype_nestedacl; + de->negative = !neg; + } else + continue; + } else if (strcasecmp(name, "localhost") == 0) { + de->type = dns_aclelementtype_localhost; + de->negative = neg; + } else if (strcasecmp(name, "localnets") == 0) { + de->type = dns_aclelementtype_localnets; + de->negative = neg; + } else { + if (inneracl != NULL) + dns_acl_detach(&inneracl); + result = convert_named_acl(ce, cctx, lctx, ctx, + mctx, new_nest_level, + &inneracl); + if (result != ISC_R_SUCCESS) + goto cleanup; + + goto nested_acl; + } + } else { + cfg_obj_log(ce, lctx, ISC_LOG_WARNING, + "address match list contains " + "unsupported element type"); + result = ISC_R_FAILURE; + goto cleanup; + } + + /* + * This should only be reached for localhost, localnets + * and keyname elements, and nested ACLs if nest_level is + * nonzero (i.e., in sortlists). + */ + if (de->nestedacl != NULL && + de->type != dns_aclelementtype_nestedacl) + dns_acl_detach(&de->nestedacl); + + dacl->node_count++; + de->node_num = dacl->node_count; + + dacl->length++; + de++; + INSIST(dacl->length <= dacl->alloc); + } + + dns_acl_attach(dacl, target); + result = ISC_R_SUCCESS; + + cleanup: + if (inneracl != NULL) + dns_acl_detach(&inneracl); + dns_acl_detach(&dacl); + return (result); +} diff --git a/contrib/bind-9.3/lib/isccfg/api b/contrib/bind-9.5.2/lib/isccfg/api similarity index 60% rename from contrib/bind-9.3/lib/isccfg/api rename to contrib/bind-9.5.2/lib/isccfg/api index 59ed93b011..9758da41d8 100644 --- a/contrib/bind-9.3/lib/isccfg/api +++ b/contrib/bind-9.5.2/lib/isccfg/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 1 +LIBINTERFACE = 40 LIBREVISION = 6 LIBAGE = 0 diff --git a/contrib/bind-9.3/bin/named/include/named/aclconf.h b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/aclconf.h similarity index 66% rename from contrib/bind-9.3/bin/named/include/named/aclconf.h rename to contrib/bind-9.5.2/lib/isccfg/include/isccfg/aclconf.h index a5b333a9fa..7ad4351f34 100644 --- a/contrib/bind-9.3/bin/named/include/named/aclconf.h +++ b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/aclconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,10 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.h,v 1.12.208.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: aclconf.h,v 1.10 2007/10/12 04:17:18 each Exp $ */ -#ifndef NS_ACLCONF_H -#define NS_ACLCONF_H 1 +#ifndef ISCCFG_ACLCONF_H +#define ISCCFG_ACLCONF_H 1 #include @@ -26,9 +26,10 @@ #include -typedef struct ns_aclconfctx { +typedef struct cfg_aclconfctx { ISC_LIST(dns_acl_t) named_acl_cache; -} ns_aclconfctx_t; + ISC_LIST(dns_iptable_t) named_iptable_cache; +} cfg_aclconfctx_t; /*** *** Functions @@ -37,29 +38,31 @@ typedef struct ns_aclconfctx { ISC_LANG_BEGINDECLS void -ns_aclconfctx_init(ns_aclconfctx_t *ctx); +cfg_aclconfctx_init(cfg_aclconfctx_t *ctx); /* * Initialize an ACL configuration context. */ void -ns_aclconfctx_destroy(ns_aclconfctx_t *ctx); +cfg_aclconfctx_destroy(cfg_aclconfctx_t *ctx); /* * Destroy an ACL configuration context. */ isc_result_t -ns_acl_fromconfig(const cfg_obj_t *caml, - const cfg_obj_t *cctx, - ns_aclconfctx_t *ctx, - isc_mem_t *mctx, - dns_acl_t **target); +cfg_acl_fromconfig(const cfg_obj_t *caml, + const cfg_obj_t *cctx, + isc_log_t *lctx, + cfg_aclconfctx_t *ctx, + isc_mem_t *mctx, + unsigned int nest_level, + dns_acl_t **target); /* * Construct a new dns_acl_t from configuration data in 'caml' and * 'cctx'. Memory is allocated through 'mctx'. * * Any named ACLs referred to within 'caml' will be be converted - * inte nested dns_acl_t objects. Multiple references to the same + * into nested dns_acl_t objects. Multiple references to the same * named ACLs will be converted into shared references to a single * nested dns_acl_t object when the referring objects were created * passing the same ACL configuration context 'ctx'. @@ -69,4 +72,4 @@ ns_acl_fromconfig(const cfg_obj_t *caml, ISC_LANG_ENDDECLS -#endif /* NS_ACLCONF_H */ +#endif /* ISCCFG_ACLCONF_H */ diff --git a/contrib/bind-9.3/lib/isccfg/include/isccfg/cfg.h b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/cfg.h similarity index 74% rename from contrib/bind-9.3/lib/isccfg/include/isccfg/cfg.h rename to contrib/bind-9.5.2/lib/isccfg/include/isccfg/cfg.h index c4867199b9..d0ed94b8f6 100644 --- a/contrib/bind-9.3/lib/isccfg/include/isccfg/cfg.h +++ b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/cfg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cfg.h,v 1.30.12.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: cfg.h,v 1.44 2007/10/12 04:17:18 each Exp $ */ #ifndef ISCCFG_CFG_H #define ISCCFG_CFG_H 1 @@ -24,7 +24,8 @@ ***** Module Info *****/ -/* +/*! \file isccfg/cfg.h + * \brief * This is the new, table-driven, YACC-free configuration file parser. */ @@ -42,19 +43,19 @@ *** Types ***/ -typedef struct cfg_parser cfg_parser_t; -/* +/*% * A configuration parser. */ +typedef struct cfg_parser cfg_parser_t; -/* +/*% * A configuration type definition object. There is a single * static cfg_type_t object for each data type supported by * the configuration parser. */ typedef struct cfg_type cfg_type_t; -/* +/*% * A configuration object. This is the basic building block of the * configuration parse tree. It contains a value (which may be * of one of several types) and information identifying the file @@ -63,12 +64,12 @@ typedef struct cfg_type cfg_type_t; */ typedef struct cfg_obj cfg_obj_t; -/* +/*% * A configuration object list element. */ typedef struct cfg_listelt cfg_listelt_t; -/* +/*% * A callback function to be called when parsing an option * that needs to be interpreted at parsing time, like * "directory". @@ -84,7 +85,7 @@ ISC_LANG_BEGINDECLS isc_result_t cfg_parser_create(isc_mem_t *mctx, isc_log_t *lctx, cfg_parser_t **ret); -/* +/*%< * Create a configuration file parser. Any warning and error * messages will be logged to 'lctx'. * @@ -97,7 +98,7 @@ void cfg_parser_setcallback(cfg_parser_t *pctx, cfg_parsecallback_t callback, void *arg); -/* +/*%< * Make the parser call 'callback' whenever it encounters * a configuration clause with the callback attribute, * passing it the clause name, the clause value, @@ -113,7 +114,7 @@ cfg_parse_file(cfg_parser_t *pctx, const char *filename, isc_result_t cfg_parse_buffer(cfg_parser_t *pctx, isc_buffer_t *buffer, const cfg_type_t *type, cfg_obj_t **ret); -/* +/*%< * Read a configuration containing data of type 'type' * and make '*ret' point to its parse tree. * @@ -124,246 +125,254 @@ cfg_parse_buffer(cfg_parser_t *pctx, isc_buffer_t *buffer, * Returns an error if the file does not parse correctly. * * Requires: - * "filename" is valid. - * "mem" is valid. - * "type" is valid. - * "cfg" is non-NULL and "*cfg" is NULL. + *\li "filename" is valid. + *\li "mem" is valid. + *\li "type" is valid. + *\li "cfg" is non-NULL and "*cfg" is NULL. * * Returns: - * ISC_R_SUCCESS - success - * ISC_R_NOMEMORY - no memory available - * ISC_R_INVALIDFILE - file doesn't exist or is unreadable - * others - file contains errors + * \li #ISC_R_SUCCESS - success + *\li #ISC_R_NOMEMORY - no memory available + *\li #ISC_R_INVALIDFILE - file doesn't exist or is unreadable + *\li others - file contains errors */ void cfg_parser_destroy(cfg_parser_t **pctxp); -/* +/*%< * Destroy a configuration parser. */ isc_boolean_t cfg_obj_isvoid(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of void type (e.g., an optional * value not specified). */ isc_boolean_t cfg_obj_ismap(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of a map type. */ isc_result_t cfg_map_get(const cfg_obj_t *mapobj, const char* name, const cfg_obj_t **obj); -/* +/*%< * Extract an element from a configuration object, which * must be of a map type. * * Requires: - * 'mapobj' points to a valid configuration object of a map type. - * 'name' points to a null-terminated string. - * 'obj' is non-NULL and '*obj' is NULL. + * \li 'mapobj' points to a valid configuration object of a map type. + * \li 'name' points to a null-terminated string. + * \li 'obj' is non-NULL and '*obj' is NULL. * * Returns: - * ISC_R_SUCCESS - success - * ISC_R_NOTFOUND - name not found in map + * \li #ISC_R_SUCCESS - success + * \li #ISC_R_NOTFOUND - name not found in map */ const cfg_obj_t * cfg_map_getname(const cfg_obj_t *mapobj); -/* +/*%< * Get the name of a named map object, like a server "key" clause. * * Requires: - * 'mapobj' points to a valid configuration object of a map type. + * \li 'mapobj' points to a valid configuration object of a map type. * * Returns: - * A pointer to a configuration object naming the map object, + * \li A pointer to a configuration object naming the map object, * or NULL if the map object does not have a name. */ isc_boolean_t cfg_obj_istuple(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of a map type. */ const cfg_obj_t * cfg_tuple_get(const cfg_obj_t *tupleobj, const char *name); -/* +/*%< * Extract an element from a configuration object, which * must be of a tuple type. * * Requires: - * 'tupleobj' points to a valid configuration object of a tuple type. - * 'name' points to a null-terminated string naming one of the - * fields of said tuple type. + * \li 'tupleobj' points to a valid configuration object of a tuple type. + * \li 'name' points to a null-terminated string naming one of the + *\li fields of said tuple type. */ isc_boolean_t cfg_obj_isuint32(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of integer type. */ isc_uint32_t cfg_obj_asuint32(const cfg_obj_t *obj); -/* +/*%< * Returns the value of a configuration object of 32-bit integer type. * * Requires: - * 'obj' points to a valid configuration object of 32-bit integer type. + * \li 'obj' points to a valid configuration object of 32-bit integer type. * * Returns: - * A 32-bit unsigned integer. + * \li A 32-bit unsigned integer. */ isc_boolean_t cfg_obj_isuint64(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of integer type. */ isc_uint64_t cfg_obj_asuint64(const cfg_obj_t *obj); -/* +/*%< * Returns the value of a configuration object of 64-bit integer type. * * Requires: - * 'obj' points to a valid configuration object of 64-bit integer type. + * \li 'obj' points to a valid configuration object of 64-bit integer type. * * Returns: - * A 64-bit unsigned integer. + * \li A 64-bit unsigned integer. */ isc_boolean_t cfg_obj_isstring(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of string type. */ const char * cfg_obj_asstring(const cfg_obj_t *obj); -/* +/*%< * Returns the value of a configuration object of a string type * as a null-terminated string. * * Requires: - * 'obj' points to a valid configuration object of a string type. + * \li 'obj' points to a valid configuration object of a string type. * * Returns: - * A pointer to a null terminated string. + * \li A pointer to a null terminated string. */ isc_boolean_t cfg_obj_isboolean(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of a boolean type. */ isc_boolean_t cfg_obj_asboolean(const cfg_obj_t *obj); -/* +/*%< * Returns the value of a configuration object of a boolean type. * * Requires: - * 'obj' points to a valid configuration object of a boolean type. + * \li 'obj' points to a valid configuration object of a boolean type. * * Returns: - * A boolean value. + * \li A boolean value. */ isc_boolean_t cfg_obj_issockaddr(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is a socket address. */ const isc_sockaddr_t * cfg_obj_assockaddr(const cfg_obj_t *obj); -/* +/*%< * Returns the value of a configuration object representing a socket address. * * Requires: - * 'obj' points to a valid configuration object of a socket address type. + * \li 'obj' points to a valid configuration object of a socket address type. * * Returns: - * A pointer to a sockaddr. The sockaddr must be copied by the caller + * \li A pointer to a sockaddr. The sockaddr must be copied by the caller * if necessary. */ isc_boolean_t cfg_obj_isnetprefix(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is a network prefix. */ void cfg_obj_asnetprefix(const cfg_obj_t *obj, isc_netaddr_t *netaddr, unsigned int *prefixlen); -/* +/*%< * Gets the value of a configuration object representing a network * prefix. The network address is returned through 'netaddr' and the * prefix length in bits through 'prefixlen'. * * Requires: - * 'obj' points to a valid configuration object of network prefix type. - * 'netaddr' and 'prefixlen' are non-NULL. + * \li 'obj' points to a valid configuration object of network prefix type. + *\li 'netaddr' and 'prefixlen' are non-NULL. */ isc_boolean_t cfg_obj_islist(const cfg_obj_t *obj); -/* +/*%< * Return true iff 'obj' is of list type. */ const cfg_listelt_t * cfg_list_first(const cfg_obj_t *obj); -/* +/*%< * Returns the first list element in a configuration object of a list type. * * Requires: - * 'obj' points to a valid configuration object of a list type or NULL. + * \li 'obj' points to a valid configuration object of a list type or NULL. * * Returns: - * A pointer to a cfg_listelt_t representing the first list element, + * \li A pointer to a cfg_listelt_t representing the first list element, * or NULL if the list is empty or nonexistent. */ const cfg_listelt_t * cfg_list_next(const cfg_listelt_t *elt); -/* +/*%< * Returns the next element of a list of configuration objects. * * Requires: - * 'elt' points to cfg_listelt_t obtained from cfg_list_first() or + * \li 'elt' points to cfg_listelt_t obtained from cfg_list_first() or * a previous call to cfg_list_next(). * * Returns: - * A pointer to a cfg_listelt_t representing the next element, + * \li A pointer to a cfg_listelt_t representing the next element, * or NULL if there are no more elements. */ +unsigned int +cfg_list_length(const cfg_obj_t *obj, isc_boolean_t recurse); +/*%< + * Returns the length of a list of configure objects. If obj is + * not a list, returns 0. If recurse is true, add in the length of + * all contained lists. + */ + const cfg_obj_t * cfg_listelt_value(const cfg_listelt_t *elt); -/* +/*%< * Returns the configuration object associated with cfg_listelt_t. * * Requires: - * 'elt' points to cfg_listelt_t obtained from cfg_list_first() or + * \li 'elt' points to cfg_listelt_t obtained from cfg_list_first() or * cfg_list_next(). * * Returns: - * A non-NULL pointer to a configuration object. + * \li A non-NULL pointer to a configuration object. */ void cfg_print(const cfg_obj_t *obj, void (*f)(void *closure, const char *text, int textlen), void *closure); -/* +/*%< * Print the configuration object 'obj' by repeatedly calling the * function 'f', passing 'closure' and a region of text starting * at 'text' and comprising 'textlen' characters. @@ -373,18 +382,18 @@ void cfg_print_grammar(const cfg_type_t *type, void (*f)(void *closure, const char *text, int textlen), void *closure); -/* +/*%< * Print a summary of the grammar of the configuration type 'type'. */ isc_boolean_t cfg_obj_istype(const cfg_obj_t *obj, const cfg_type_t *type); -/* +/*%< * Return true iff 'obj' is of type 'type'. */ void cfg_obj_destroy(cfg_parser_t *pctx, cfg_obj_t **obj); -/* +/*%< * Destroy a configuration object. */ @@ -392,7 +401,7 @@ void cfg_obj_log(const cfg_obj_t *obj, isc_log_t *lctx, int level, const char *fmt, ...) ISC_FORMAT_PRINTF(4, 5); -/* +/*%< * Log a message concerning configuration object 'obj' to the logging * channel of 'pctx', at log level 'level'. The message will be prefixed * with the file name(s) and line number where 'obj' was defined. @@ -400,13 +409,13 @@ cfg_obj_log(const cfg_obj_t *obj, isc_log_t *lctx, int level, const char * cfg_obj_file(const cfg_obj_t *obj); -/* +/*%< * Return the file that defined this object. */ unsigned int cfg_obj_line(const cfg_obj_t *obj); -/* +/*%< * Return the line in file where this object was defined. */ diff --git a/contrib/bind-9.3/lib/isccfg/include/isccfg/grammar.h b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/grammar.h similarity index 82% rename from contrib/bind-9.3/lib/isccfg/include/isccfg/grammar.h rename to contrib/bind-9.5.2/lib/isccfg/include/isccfg/grammar.h index 4aaeb4ff47..be65d48748 100644 --- a/contrib/bind-9.3/lib/isccfg/include/isccfg/grammar.h +++ b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/grammar.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: grammar.h,v 1.3.50.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: grammar.h,v 1.15 2007/06/19 23:47:22 tbox Exp $ */ #ifndef ISCCFG_GRAMMAR_H #define ISCCFG_GRAMMAR_H 1 +/*! \file isccfg/grammar.h */ + #include #include #include @@ -33,17 +35,17 @@ * and the grammars; not visible to users of the parser. */ -/* Clause may occur multiple times (e.g., "zone") */ +/*% Clause may occur multiple times (e.g., "zone") */ #define CFG_CLAUSEFLAG_MULTI 0x00000001 -/* Clause is obsolete */ +/*% Clause is obsolete */ #define CFG_CLAUSEFLAG_OBSOLETE 0x00000002 -/* Clause is not implemented, and may never be */ +/*% Clause is not implemented, and may never be */ #define CFG_CLAUSEFLAG_NOTIMP 0x00000004 -/* Clause is not implemented yet */ +/*% Clause is not implemented yet */ #define CFG_CLAUSEFLAG_NYI 0x00000008 -/* Default value has changed since earlier release */ +/*% Default value has changed since earlier release */ #define CFG_CLAUSEFLAG_NEWDEFAULT 0x00000010 -/* +/*% * Clause needs to be interpreted during parsing * by calling a callback function, like the * "directory" option. @@ -71,7 +73,7 @@ typedef void (*cfg_freefunc_t)(cfg_parser_t *, cfg_obj_t *); * Structure definitions */ -/* +/*% * A configuration printer object. This is an abstract * interface to a destination to which text can be printed * by calling the function 'f'. @@ -82,42 +84,39 @@ struct cfg_printer { int indent; }; -/* A clause definition. */ - +/*% A clause definition. */ struct cfg_clausedef { const char *name; cfg_type_t *type; unsigned int flags; }; -/* A tuple field definition. */ - +/*% A tuple field definition. */ struct cfg_tuplefielddef { const char *name; cfg_type_t *type; unsigned int flags; }; -/* A configuration object type definition. */ +/*% A configuration object type definition. */ struct cfg_type { - const char *name; /* For debugging purposes only */ + const char *name; /*%< For debugging purposes only */ cfg_parsefunc_t parse; cfg_printfunc_t print; - cfg_docfunc_t doc; /* Print grammar description */ - cfg_rep_t * rep; /* Data representation */ - const void * of; /* Additional data for meta-types */ + cfg_docfunc_t doc; /*%< Print grammar description */ + cfg_rep_t * rep; /*%< Data representation */ + const void * of; /*%< Additional data for meta-types */ }; -/* A keyword-type definition, for things like "port ". */ - +/*% A keyword-type definition, for things like "port ". */ typedef struct { const char *name; const cfg_type_t *type; } keyword_type_t; struct cfg_map { - cfg_obj_t *id; /* Used for 'named maps' like keys, zones, &c */ - const cfg_clausedef_t * const *clausesets; /* The clauses that + cfg_obj_t *id; /*%< Used for 'named maps' like keys, zones, &c */ + const cfg_clausedef_t * const *clausesets; /*%< The clauses that can occur in this map; used for printing */ isc_symtab_t *symtab; @@ -130,15 +129,15 @@ struct cfg_netprefix { unsigned int prefixlen; }; -/* +/*% * A configuration data representation. */ struct cfg_rep { - const char * name; /* For debugging only */ - cfg_freefunc_t free; /* How to free this kind of data. */ + const char * name; /*%< For debugging only */ + cfg_freefunc_t free; /*%< How to free this kind of data. */ }; -/* +/*% * A configuration object. This is the main building block * of the configuration parse tree. */ @@ -148,7 +147,7 @@ struct cfg_obj { union { isc_uint32_t uint32; isc_uint64_t uint64; - isc_textregion_t string; /* null terminated, too */ + isc_textregion_t string; /*%< null terminated, too */ isc_boolean_t boolean; cfg_map_t map; cfg_list_t list; @@ -161,14 +160,13 @@ struct cfg_obj { }; -/* A list element. */ - +/*% A list element. */ struct cfg_listelt { cfg_obj_t *obj; ISC_LINK(cfg_listelt_t) link; }; -/* The parser object. */ +/*% The parser object. */ struct cfg_parser { isc_mem_t * mctx; isc_log_t * lctx; @@ -177,13 +175,13 @@ struct cfg_parser { unsigned int warnings; isc_token_t token; - /* We are at the end of all input. */ + /*% We are at the end of all input. */ isc_boolean_t seen_eof; - /* The current token has been pushed back. */ + /*% The current token has been pushed back. */ isc_boolean_t ungotten; - /* + /*% * The stack of currently active files, represented * as a configuration list of configuration strings. * The head is the top-level file, subsequent elements @@ -192,7 +190,7 @@ struct cfg_parser { */ cfg_obj_t * open_files; - /* + /*% * Names of files that we have parsed and closed * and were previously on the open_file list. * We keep these objects around after closing @@ -203,7 +201,7 @@ struct cfg_parser { */ cfg_obj_t * closed_files; - /* + /*% * Current line number. We maintain our own * copy of this so that it is available even * when a file has just been closed. @@ -215,15 +213,19 @@ struct cfg_parser { }; -/* +/*@{*/ +/*% * Flags defining whether to accept certain types of network addresses. */ #define CFG_ADDR_V4OK 0x00000001 #define CFG_ADDR_V4PREFIXOK 0x00000002 #define CFG_ADDR_V6OK 0x00000004 #define CFG_ADDR_WILDOK 0x00000008 +#define CFG_ADDR_MASK (CFG_ADDR_V6OK|CFG_ADDR_V4OK) +/*@}*/ -/* +/*@{*/ +/*% * Predefined data representation types. */ LIBISCCFG_EXTERNAL_DATA extern cfg_rep_t cfg_rep_uint32; @@ -236,8 +238,10 @@ LIBISCCFG_EXTERNAL_DATA extern cfg_rep_t cfg_rep_tuple; LIBISCCFG_EXTERNAL_DATA extern cfg_rep_t cfg_rep_sockaddr; LIBISCCFG_EXTERNAL_DATA extern cfg_rep_t cfg_rep_netprefix; LIBISCCFG_EXTERNAL_DATA extern cfg_rep_t cfg_rep_void; +/*@}*/ -/* +/*@{*/ +/*% * Predefined configuration object types. */ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_boolean; @@ -248,10 +252,15 @@ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_astring; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_ustring; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_sockaddr; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr; +LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr4; +LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr4wild; +LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr6; +LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr6wild; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netprefix; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_void; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_token; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_unsupported; +/*@}*/ isc_result_t cfg_gettoken(cfg_parser_t *pctx, int options); @@ -314,7 +323,7 @@ cfg_parse_netprefix(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) isc_result_t cfg_parse_special(cfg_parser_t *pctx, int special); -/* Parse a required special character 'special'. */ +/*%< Parse a required special character 'special'. */ isc_result_t cfg_create_tuple(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **objp); @@ -358,11 +367,11 @@ cfg_doc_enum(cfg_printer_t *pctx, const cfg_type_t *type); void cfg_print_chars(cfg_printer_t *pctx, const char *text, int len); -/* Print 'len' characters at 'text' */ +/*%< Print 'len' characters at 'text' */ void cfg_print_cstr(cfg_printer_t *pctx, const char *s); -/* Print the null-terminated string 's' */ +/*%< Print the null-terminated string 's' */ isc_result_t cfg_parse_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); @@ -373,6 +382,10 @@ cfg_parse_named_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) isc_result_t cfg_parse_addressed_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); +isc_result_t +cfg_parse_netprefix_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t ** +ret); + void cfg_print_map(cfg_printer_t *pctx, const cfg_obj_t *obj); @@ -405,28 +418,28 @@ cfg_print_obj(cfg_printer_t *pctx, const cfg_obj_t *obj); void cfg_doc_obj(cfg_printer_t *pctx, const cfg_type_t *type); -/* +/*%< * Print a description of the grammar of an arbitrary configuration * type 'type' */ void cfg_doc_terminal(cfg_printer_t *pctx, const cfg_type_t *type); -/* +/*%< * Document the type 'type' as a terminal by printing its - * name in angle brackets, e.g., . + * name in angle brackets, e.g., <uint32>. */ void cfg_parser_error(cfg_parser_t *pctx, unsigned int flags, const char *fmt, ...) ISC_FORMAT_PRINTF(3, 4); -/* +/*! * Pass one of these flags to cfg_parser_error() to include the * token text in log message. */ -#define CFG_LOG_NEAR 0x00000001 /* Say "near " */ -#define CFG_LOG_BEFORE 0x00000002 /* Say "before " */ -#define CFG_LOG_NOPREP 0x00000004 /* Say just "" */ +#define CFG_LOG_NEAR 0x00000001 /*%< Say "near " */ +#define CFG_LOG_BEFORE 0x00000002 /*%< Say "before " */ +#define CFG_LOG_NOPREP 0x00000004 /*%< Say just "" */ void cfg_parser_warning(cfg_parser_t *pctx, unsigned int flags, @@ -434,6 +447,6 @@ cfg_parser_warning(cfg_parser_t *pctx, unsigned int flags, isc_boolean_t cfg_is_enum(const char *s, const char *const *enums); -/* Return true iff the string 's' is one of the strings in 'enums' */ +/*%< Return true iff the string 's' is one of the strings in 'enums' */ #endif /* ISCCFG_GRAMMAR_H */ diff --git a/contrib/bind-9.3/lib/isccfg/include/isccfg/log.h b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/log.h similarity index 77% rename from contrib/bind-9.3/lib/isccfg/include/isccfg/log.h rename to contrib/bind-9.5.2/lib/isccfg/include/isccfg/log.h index b3d2da7d72..b644f9df12 100644 --- a/contrib/bind-9.3/lib/isccfg/include/isccfg/log.h +++ b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/log.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.3.2.1.10.3 2004/03/08 09:05:07 marka Exp $ */ +/* $Id: log.h,v 1.12.128.2 2009/01/19 23:47:03 tbox Exp $ */ #ifndef ISCCFG_LOG_H #define ISCCFG_LOG_H 1 +/*! \file isccfg/log.h */ + #include #include @@ -34,17 +36,17 @@ ISC_LANG_BEGINDECLS void cfg_log_init(isc_log_t *lctx); -/* +/*%< * Make the libisccfg categories and modules available for use with the * ISC logging library. * * Requires: - * lctx is a valid logging context. + *\li lctx is a valid logging context. * - * cfg_log_init() is called only once. + *\li cfg_log_init() is called only once. * * Ensures: - * The catgories and modules defined above are available for + * \li The categories and modules defined above are available for * use by isc_log_usechannnel() and isc_log_write(). */ diff --git a/contrib/bind-9.3/lib/isccfg/include/isccfg/namedconf.h b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/namedconf.h similarity index 72% rename from contrib/bind-9.3/lib/isccfg/include/isccfg/namedconf.h rename to contrib/bind-9.5.2/lib/isccfg/include/isccfg/namedconf.h index 4d5bd0b270..0d53af0930 100644 --- a/contrib/bind-9.3/lib/isccfg/include/isccfg/namedconf.h +++ b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/namedconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.h,v 1.2.202.3 2004/03/08 09:05:07 marka Exp $ */ +/* $Id: namedconf.h,v 1.9.128.2 2009/06/25 23:46:43 tbox Exp $ */ #ifndef ISCCFG_NAMEDCONF_H #define ISCCFG_NAMEDCONF_H 1 -/* +/*! \file isccfg/namedconf.h + * \brief * This module defines the named.conf, rndc.conf, and rndc.key grammars. */ @@ -30,15 +31,15 @@ * Configuration object types. */ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_namedconf; -/* A complete named.conf file. */ +/*%< A complete named.conf file. */ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_rndcconf; -/* A complete rndc.conf file. */ +/*%< A complete rndc.conf file. */ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_rndckey; -/* A complete rndc.key file. */ +/*%< A complete rndc.key file. */ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_keyref; -/* A key reference, used as an ACL element */ +/*%< A key reference, used as an ACL element */ -#endif /* ISCCFG_CFG_H */ +#endif /* ISCCFG_NAMEDCONF_H */ diff --git a/contrib/bind-9.3/lib/isccfg/include/isccfg/version.h b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/version.h similarity index 80% rename from contrib/bind-9.3/lib/isccfg/include/isccfg/version.h rename to contrib/bind-9.5.2/lib/isccfg/include/isccfg/version.h index d02a814b01..8aed111c8d 100644 --- a/contrib/bind-9.3/lib/isccfg/include/isccfg/version.h +++ b/contrib/bind-9.5.2/lib/isccfg/include/isccfg/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.2.222.3 2004/03/08 09:05:08 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file isccfg/version.h */ #include diff --git a/contrib/bind-9.3/lib/isccfg/log.c b/contrib/bind-9.5.2/lib/isccfg/log.c similarity index 81% rename from contrib/bind-9.3/lib/isccfg/log.c rename to contrib/bind-9.5.2/lib/isccfg/log.c index b16b4d3b3a..8747fc0b23 100644 --- a/contrib/bind-9.3/lib/isccfg/log.c +++ b/contrib/bind-9.5.2/lib/isccfg/log.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.2.2.1.10.3 2004/03/08 09:05:06 marka Exp $ */ +/* $Id: log.c,v 1.11 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ #include @@ -23,18 +25,18 @@ #include -/* +/*% * When adding a new category, be sure to add the appropriate - * #define to . + * \#define to . */ LIBISCCFG_EXTERNAL_DATA isc_logcategory_t cfg_categories[] = { { "config", 0 }, { NULL, 0 } }; -/* +/*% * When adding a new module, be sure to add the appropriate - * #define to . + * \#define to . */ LIBISCCFG_EXTERNAL_DATA isc_logmodule_t cfg_modules[] = { { "isccfg/parser", 0 }, diff --git a/contrib/bind-9.3/lib/isccfg/namedconf.c b/contrib/bind-9.5.2/lib/isccfg/namedconf.c similarity index 80% rename from contrib/bind-9.3/lib/isccfg/namedconf.c rename to contrib/bind-9.5.2/lib/isccfg/namedconf.c index d54bbe23c4..a9af412d4a 100644 --- a/contrib/bind-9.3/lib/isccfg/namedconf.c +++ b/contrib/bind-9.5.2/lib/isccfg/namedconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.c,v 1.21.44.34 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: namedconf.c,v 1.78.46.11 2008/09/27 23:39:42 jinmei Exp $ */ + +/*! \file */ #include @@ -32,18 +34,18 @@ #define TOKEN_STRING(pctx) (pctx->token.value.as_textregion.base) -/* Check a return value. */ +/*% Check a return value. */ #define CHECK(op) \ - do { result = (op); \ + do { result = (op); \ if (result != ISC_R_SUCCESS) goto cleanup; \ } while (0) -/* Clean up a configuration object if non-NULL. */ +/*% Clean up a configuration object if non-NULL. */ #define CLEANUP_OBJ(obj) \ do { if ((obj) != NULL) cfg_obj_destroy(pctx, &(obj)); } while (0) -/* +/*% * Forward declarations of static functions. */ @@ -71,10 +73,12 @@ static cfg_type_t cfg_type_addrmatchelt; static cfg_type_t cfg_type_bracketed_aml; static cfg_type_t cfg_type_bracketed_namesockaddrkeylist; static cfg_type_t cfg_type_bracketed_sockaddrlist; +static cfg_type_t cfg_type_bracketed_sockaddrnameportlist; static cfg_type_t cfg_type_controls; static cfg_type_t cfg_type_controls_sockaddr; static cfg_type_t cfg_type_destinationlist; static cfg_type_t cfg_type_dialuptype; +static cfg_type_t cfg_type_ixfrdifftype; static cfg_type_t cfg_type_key; static cfg_type_t cfg_type_logfile; static cfg_type_t cfg_type_logging; @@ -84,9 +88,9 @@ static cfg_type_t cfg_type_masterselement; static cfg_type_t cfg_type_nameportiplist; static cfg_type_t cfg_type_negated; static cfg_type_t cfg_type_notifytype; +static cfg_type_t cfg_type_optional_allow; static cfg_type_t cfg_type_optional_class; static cfg_type_t cfg_type_optional_facility; -static cfg_type_t cfg_type_optional_facility; static cfg_type_t cfg_type_optional_keyref; static cfg_type_t cfg_type_optional_port; static cfg_type_t cfg_type_options; @@ -100,12 +104,40 @@ static cfg_type_t cfg_type_size; static cfg_type_t cfg_type_sizenodefault; static cfg_type_t cfg_type_sockaddr4wild; static cfg_type_t cfg_type_sockaddr6wild; +static cfg_type_t cfg_type_statschannels; static cfg_type_t cfg_type_view; static cfg_type_t cfg_type_viewopts; static cfg_type_t cfg_type_zone; static cfg_type_t cfg_type_zoneopts; +static cfg_type_t cfg_type_dynamically_loadable_zones; +static cfg_type_t cfg_type_dynamically_loadable_zones_opts; + +/* + * Clauses that can be found in a 'dynamically loadable zones' statement + */ +static cfg_clausedef_t +dynamically_loadable_zones_clauses[] = { + { "database", &cfg_type_astring, 0 }, + { NULL, NULL, 0 } +}; + +/* + * A dynamically loadable zones statement. + */ +static cfg_tuplefielddef_t dynamically_loadable_zones_fields[] = { + { "name", &cfg_type_astring, 0 }, + { "options", &cfg_type_dynamically_loadable_zones_opts, 0 }, + { NULL, NULL, 0 } +}; + +static cfg_type_t cfg_type_dynamically_loadable_zones = { + "dlz", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, + &cfg_rep_tuple, + dynamically_loadable_zones_fields + }; + -/* tkey-dhkey */ +/*% tkey-dhkey */ static cfg_tuplefielddef_t tkey_dhkey_fields[] = { { "name", &cfg_type_qstring, 0 }, @@ -118,7 +150,7 @@ static cfg_type_t cfg_type_tkey_dhkey = { tkey_dhkey_fields }; -/* listen-on */ +/*% listen-on */ static cfg_tuplefielddef_t listenon_fields[] = { { "port", &cfg_type_optional_port, 0 }, @@ -128,7 +160,7 @@ static cfg_tuplefielddef_t listenon_fields[] = { static cfg_type_t cfg_type_listenon = { "listenon", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, listenon_fields }; -/* acl */ +/*% acl */ static cfg_tuplefielddef_t acl_fields[] = { { "name", &cfg_type_astring, 0 }, @@ -139,7 +171,7 @@ static cfg_tuplefielddef_t acl_fields[] = { static cfg_type_t cfg_type_acl = { "acl", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, acl_fields }; -/* masters */ +/*% masters */ static cfg_tuplefielddef_t masters_fields[] = { { "name", &cfg_type_astring, 0 }, { "port", &cfg_type_optional_port, 0 }, @@ -150,7 +182,7 @@ static cfg_tuplefielddef_t masters_fields[] = { static cfg_type_t cfg_type_masters = { "masters", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, masters_fields }; -/* +/*% * "sockaddrkeylist", a list of socket addresses with optional keys * and an optional default port, as used in the masters option. * E.g., @@ -183,7 +215,7 @@ static cfg_type_t cfg_type_namesockaddrkeylist = { namesockaddrkeylist_fields }; -/* +/*% * A list of socket addresses with an optional default port, * as used in the also-notify option. E.g., * "port 1234 { 10.0.0.1; 1::2 port 69; }" @@ -198,7 +230,7 @@ static cfg_type_t cfg_type_portiplist = { portiplist_fields }; -/* +/*% * A public key, as in the "pubkey" statement. */ static cfg_tuplefielddef_t pubkey_fields[] = { @@ -211,12 +243,12 @@ static cfg_tuplefielddef_t pubkey_fields[] = { static cfg_type_t cfg_type_pubkey = { "pubkey", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, pubkey_fields }; -/* +/*% * A list of RR types, used in grant statements. * Note that the old parser allows quotes around the RR type names. */ static cfg_type_t cfg_type_rrtypelist = { - "rrtypelist", cfg_parse_spacelist, cfg_print_spacelist, cfg_doc_terminal, + "rrtypelist", cfg_parse_spacelist, cfg_print_spacelist, cfg_doc_terminal, &cfg_rep_list, &cfg_type_astring }; @@ -227,18 +259,19 @@ static cfg_type_t cfg_type_mode = { }; static const char *matchtype_enums[] = { - "name", "subdomain", "wildcard", "self", NULL }; + "name", "subdomain", "wildcard", "self", "selfsub", "selfwild", + "krb5-self", "ms-self", "krb5-subdomain", "ms-subdomain", NULL }; static cfg_type_t cfg_type_matchtype = { "matchtype", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, &cfg_rep_string, &matchtype_enums }; -/* +/*% * A grant statement, used in the update policy. */ static cfg_tuplefielddef_t grant_fields[] = { { "mode", &cfg_type_mode, 0 }, - { "identity", &cfg_type_astring, 0 }, /* domain name */ + { "identity", &cfg_type_astring, 0 }, /* domain name */ { "matchtype", &cfg_type_matchtype, 0 }, { "name", &cfg_type_astring, 0 }, /* domain name */ { "types", &cfg_type_rrtypelist, 0 }, @@ -252,7 +285,7 @@ static cfg_type_t cfg_type_updatepolicy = { &cfg_rep_list, &cfg_type_grant }; -/* +/*% * A view statement. */ static cfg_tuplefielddef_t view_fields[] = { @@ -264,7 +297,7 @@ static cfg_tuplefielddef_t view_fields[] = { static cfg_type_t cfg_type_view = { "view", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, view_fields }; -/* +/*% * A zone statement. */ static cfg_tuplefielddef_t zone_fields[] = { @@ -276,7 +309,7 @@ static cfg_tuplefielddef_t zone_fields[] = { static cfg_type_t cfg_type_zone = { "zone", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, zone_fields }; -/* +/*% * A "category" clause in the "logging" statement. */ static cfg_tuplefielddef_t category_fields[] = { @@ -288,7 +321,7 @@ static cfg_type_t cfg_type_category = { "category", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, category_fields }; -/* +/*% * A trusted key, as used in the "trusted-keys" statement. */ static cfg_tuplefielddef_t trustedkey_fields[] = { @@ -325,14 +358,14 @@ static cfg_type_t cfg_type_optional_wild_name = { print_keyvalue, doc_optional_keyvalue, &cfg_rep_string, &wild_name_kw }; -/* +/*% * An rrset ordering element. */ static cfg_tuplefielddef_t rrsetorderingelement_fields[] = { { "class", &cfg_type_optional_wild_class, 0 }, { "type", &cfg_type_optional_wild_type, 0 }, { "name", &cfg_type_optional_wild_name, 0 }, - { "order", &cfg_type_ustring, 0 }, /* must be literal "order" */ + { "order", &cfg_type_ustring, 0 }, /* must be literal "order" */ { "ordering", &cfg_type_ustring, 0 }, { NULL, NULL, 0 } }; @@ -341,7 +374,7 @@ static cfg_type_t cfg_type_rrsetorderingelement = { rrsetorderingelement_fields }; -/* +/*% * A global or view "check-names" option. Note that the zone * "check-names" option has a different syntax. */ @@ -385,7 +418,7 @@ static cfg_type_t cfg_type_optional_port = { doc_optional_keyvalue, &cfg_rep_uint32, &port_kw }; -/* A list of keys, as in the "key" clause of the controls statement. */ +/*% A list of keys, as in the "key" clause of the controls statement. */ static cfg_type_t cfg_type_keylist = { "keylist", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_astring @@ -405,8 +438,8 @@ static cfg_type_t cfg_type_forwardtype = { static const char *zonetype_enums[] = { "master", "slave", "stub", "hint", "forward", "delegation-only", NULL }; static cfg_type_t cfg_type_zonetype = { - "zonetype", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, &cfg_rep_string, - &zonetype_enums + "zonetype", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, + &cfg_rep_string, &zonetype_enums }; static const char *loglevel_enums[] = { @@ -423,7 +456,7 @@ static cfg_type_t cfg_type_transferformat = { &transferformat_enums }; -/* +/*% * The special keyword "none", as used in the pid-file option. */ @@ -437,7 +470,7 @@ static cfg_type_t cfg_type_none = { "none", NULL, print_none, NULL, &cfg_rep_void, NULL }; -/* +/*% * A quoted string or the special keyword "none". Used in the pid-file option. */ static isc_result_t @@ -464,7 +497,7 @@ doc_qstringornone(cfg_printer_t *pctx, const cfg_type_t *type) { static cfg_type_t cfg_type_qstringornone = { "qstringornone", parse_qstringornone, NULL, doc_qstringornone, NULL, NULL }; -/* +/*% * keyword hostname */ @@ -478,7 +511,7 @@ static cfg_type_t cfg_type_hostname = { "hostname", NULL, print_hostname, NULL, &cfg_rep_boolean, NULL }; -/* +/*% * "server-id" argument. */ @@ -510,14 +543,22 @@ doc_serverid(cfg_printer_t *pctx, const cfg_type_t *type) { static cfg_type_t cfg_type_serverid = { "serverid", parse_serverid, NULL, doc_serverid, NULL, NULL }; -/* +/*% * Port list. */ +static cfg_tuplefielddef_t porttuple_fields[] = { + { "loport", &cfg_type_uint32, 0 }, + { "hiport", &cfg_type_uint32, 0 }, + { NULL, NULL, 0 } +}; +static cfg_type_t cfg_type_porttuple = { + "porttuple", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, + &cfg_rep_tuple, porttuple_fields +}; + static isc_result_t -parse_port(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { +parse_port(cfg_parser_t *pctx, cfg_obj_t **ret) { isc_result_t result; - - UNUSED(type); CHECK(cfg_parse_uint32(pctx, NULL, ret)); if ((*ret)->value.uint32 > 0xffff) { @@ -525,21 +566,63 @@ parse_port(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { cfg_obj_destroy(pctx, ret); result = ISC_R_RANGE; } + cleanup: return (result); } -static cfg_type_t cfg_type_port = { - "port", parse_port, NULL, cfg_doc_terminal, +static isc_result_t +parse_portrange(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { + isc_result_t result; + cfg_obj_t *obj = NULL; + + UNUSED(type); + + CHECK(cfg_peektoken(pctx, ISC_LEXOPT_NUMBER | ISC_LEXOPT_CNUMBER)); + if (pctx->token.type == isc_tokentype_number) + CHECK(parse_port(pctx, ret)); + else { + CHECK(cfg_gettoken(pctx, 0)); + if (pctx->token.type != isc_tokentype_string || + strcasecmp(TOKEN_STRING(pctx), "range") != 0) { + cfg_parser_error(pctx, CFG_LOG_NEAR, + "expected integer or 'range'"); + return (ISC_R_UNEXPECTEDTOKEN); + } + CHECK(cfg_create_tuple(pctx, &cfg_type_porttuple, &obj)); + CHECK(parse_port(pctx, &obj->value.tuple[0])); + CHECK(parse_port(pctx, &obj->value.tuple[1])); + if (obj->value.tuple[0]->value.uint32 > + obj->value.tuple[1]->value.uint32) { + cfg_parser_error(pctx, CFG_LOG_NOPREP, + "low port '%u' must not be larger " + "than high port", + obj->value.tuple[0]->value.uint32); + result = ISC_R_RANGE; + goto cleanup; + } + *ret = obj; + obj = NULL; + } + + cleanup: + if (obj != NULL) + cfg_obj_destroy(pctx, &obj); + return (result); +} + +static cfg_type_t cfg_type_portrange = { + "portrange", parse_portrange, NULL, cfg_doc_terminal, NULL, NULL }; static cfg_type_t cfg_type_bracketed_portlist = { - "bracketed_sockaddrlist", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list, - &cfg_rep_list, &cfg_type_port + "bracketed_sockaddrlist", cfg_parse_bracketed_list, + cfg_print_bracketed_list, cfg_doc_bracketed_list, + &cfg_rep_list, &cfg_type_portrange }; -/* +/*% * Clauses that can be found within the top level of the named.conf * file only. */ @@ -552,10 +635,12 @@ namedconf_clauses[] = { { "logging", &cfg_type_logging, 0 }, { "view", &cfg_type_view, CFG_CLAUSEFLAG_MULTI }, { "lwres", &cfg_type_lwres, CFG_CLAUSEFLAG_MULTI }, + { "statistics-channels", &cfg_type_statschannels, + CFG_CLAUSEFLAG_MULTI }, { NULL, NULL, 0 } }; -/* +/*% * Clauses that can occur at the top level or in the view * statement, but not in the options block. */ @@ -563,16 +648,20 @@ static cfg_clausedef_t namedconf_or_view_clauses[] = { { "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI }, { "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI }, + /* only 1 DLZ per view allowed */ + { "dlz", &cfg_type_dynamically_loadable_zones, 0 }, { "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI }, { "trusted-keys", &cfg_type_trustedkeys, CFG_CLAUSEFLAG_MULTI }, { NULL, NULL, 0 } }; -/* +/*% * Clauses that can be found within the 'options' statement. */ static cfg_clausedef_t options_clauses[] = { + { "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, + { "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 }, { "blackhole", &cfg_type_bracketed_aml, 0 }, @@ -593,6 +682,7 @@ options_clauses[] = { { "listen-on-v6", &cfg_type_listenon, CFG_CLAUSEFLAG_MULTI }, { "match-mapped-addresses", &cfg_type_boolean, 0 }, { "memstatistics-file", &cfg_type_qstring, 0 }, + { "memstatistics", &cfg_type_boolean, 0 }, { "multiple-cnames", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "named-xfer", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE }, { "pid-file", &cfg_type_qstringornone, 0 }, @@ -601,6 +691,7 @@ options_clauses[] = { { "recursing-file", &cfg_type_qstring, 0 }, { "random-device", &cfg_type_qstring, 0 }, { "recursive-clients", &cfg_type_uint32, 0 }, + { "reserved-sockets", &cfg_type_uint32, 0 }, { "serial-queries", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, { "serial-query-rate", &cfg_type_uint32, 0 }, { "server-id", &cfg_type_serverid, 0 }, @@ -650,9 +741,9 @@ static cfg_type_t cfg_type_disablealgorithm = { }; static cfg_tuplefielddef_t mustbesecure_fields[] = { - { "name", &cfg_type_astring, 0 }, - { "value", &cfg_type_boolean, 0 }, - { NULL, NULL, 0 } + { "name", &cfg_type_astring, 0 }, + { "value", &cfg_type_boolean, 0 }, + { NULL, NULL, 0 } }; static cfg_type_t cfg_type_mustbesecure = { @@ -660,7 +751,13 @@ static cfg_type_t cfg_type_mustbesecure = { &cfg_rep_tuple, mustbesecure_fields }; -/* +static const char *masterformat_enums[] = { "text", "raw", NULL }; +static cfg_type_t cfg_type_masterformat = { + "masterformat", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, + &cfg_rep_string, &masterformat_enums +}; + +/*% * dnssec-lookaside */ @@ -682,58 +779,80 @@ static cfg_type_t cfg_type_lookaside = { &cfg_rep_tuple, lookaside_fields }; -/* +/*% * Clauses that can be found within the 'view' statement, * with defaults in the 'options' statement. */ static cfg_clausedef_t view_clauses[] = { + { "acache-cleaning-interval", &cfg_type_uint32, 0 }, + { "acache-enable", &cfg_type_boolean, 0 }, + { "additional-from-auth", &cfg_type_boolean, 0 }, + { "additional-from-cache", &cfg_type_boolean, 0 }, + { "allow-query-cache", &cfg_type_bracketed_aml, 0 }, + { "allow-query-cache-on", &cfg_type_bracketed_aml, 0 }, { "allow-recursion", &cfg_type_bracketed_aml, 0 }, + { "allow-recursion-on", &cfg_type_bracketed_aml, 0 }, { "allow-v6-synthesis", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_OBSOLETE }, - { "sortlist", &cfg_type_bracketed_aml, 0 }, - { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP }, { "auth-nxdomain", &cfg_type_boolean, CFG_CLAUSEFLAG_NEWDEFAULT }, + { "cache-file", &cfg_type_qstring, 0 }, + { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI }, + { "cleaning-interval", &cfg_type_uint32, 0 }, + { "clients-per-query", &cfg_type_uint32, 0 }, + { "disable-algorithms", &cfg_type_disablealgorithm, + CFG_CLAUSEFLAG_MULTI }, + { "disable-empty-zone", &cfg_type_astring, CFG_CLAUSEFLAG_MULTI }, + { "dnssec-accept-expired", &cfg_type_boolean, 0 }, + { "dnssec-enable", &cfg_type_boolean, 0 }, + { "dnssec-lookaside", &cfg_type_lookaside, CFG_CLAUSEFLAG_MULTI }, + { "dnssec-must-be-secure", &cfg_type_mustbesecure, + CFG_CLAUSEFLAG_MULTI }, + { "dnssec-validation", &cfg_type_boolean, 0 }, + { "dual-stack-servers", &cfg_type_nameportiplist, 0 }, + { "edns-udp-size", &cfg_type_uint32, 0 }, + { "empty-contact", &cfg_type_astring, 0 }, + { "empty-server", &cfg_type_astring, 0 }, + { "empty-zones-enable", &cfg_type_boolean, 0 }, + { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "ixfr-from-differences", &cfg_type_ixfrdifftype, 0 }, + { "lame-ttl", &cfg_type_uint32, 0 }, + { "max-acache-size", &cfg_type_sizenodefault, 0 }, + { "max-cache-size", &cfg_type_sizenodefault, 0 }, + { "max-cache-ttl", &cfg_type_uint32, 0 }, + { "max-clients-per-query", &cfg_type_uint32, 0 }, + { "max-ncache-ttl", &cfg_type_uint32, 0 }, + { "max-udp-size", &cfg_type_uint32, 0 }, + { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, { "minimal-responses", &cfg_type_boolean, 0 }, - { "recursion", &cfg_type_boolean, 0 }, - { "rrset-order", &cfg_type_rrsetorder, 0 }, + { "preferred-glue", &cfg_type_astring, 0 }, { "provide-ixfr", &cfg_type_boolean, 0 }, - { "request-ixfr", &cfg_type_boolean, 0 }, - { "fetch-glue", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, - { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, - { "additional-from-auth", &cfg_type_boolean, 0 }, - { "additional-from-cache", &cfg_type_boolean, 0 }, /* * Note that the query-source option syntax is different * from the other -source options. */ { "query-source", &cfg_type_querysource4, 0 }, { "query-source-v6", &cfg_type_querysource6, 0 }, - { "cleaning-interval", &cfg_type_uint32, 0 }, - { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP }, - { "lame-ttl", &cfg_type_uint32, 0 }, - { "max-ncache-ttl", &cfg_type_uint32, 0 }, - { "max-cache-ttl", &cfg_type_uint32, 0 }, - { "transfer-format", &cfg_type_transferformat, 0 }, - { "max-cache-size", &cfg_type_sizenodefault, 0 }, - { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI }, - { "cache-file", &cfg_type_qstring, 0 }, - { "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, - { "preferred-glue", &cfg_type_astring, 0 }, - { "dual-stack-servers", &cfg_type_nameportiplist, 0 }, - { "edns-udp-size", &cfg_type_uint32, 0 }, + { "queryport-pool-ports", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, + { "queryport-pool-updateinterval", &cfg_type_uint32, + CFG_CLAUSEFLAG_OBSOLETE}, + { "recursion", &cfg_type_boolean, 0 }, + { "request-ixfr", &cfg_type_boolean, 0 }, + { "request-nsid", &cfg_type_boolean, 0 }, + { "rfc2308-type1", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, { "root-delegation-only", &cfg_type_optional_exclude, 0 }, - { "disable-algorithms", &cfg_type_disablealgorithm, - CFG_CLAUSEFLAG_MULTI }, - { "dnssec-enable", &cfg_type_boolean, 0 }, - { "dnssec-lookaside", &cfg_type_lookaside, CFG_CLAUSEFLAG_MULTI }, - { "dnssec-must-be-secure", &cfg_type_mustbesecure, - CFG_CLAUSEFLAG_MULTI }, + { "rrset-order", &cfg_type_rrsetorder, 0 }, + { "sortlist", &cfg_type_bracketed_aml, 0 }, + { "suppress-initial-notify", &cfg_type_boolean, CFG_CLAUSEFLAG_NYI }, + { "topology", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_NOTIMP }, + { "transfer-format", &cfg_type_transferformat, 0 }, + { "use-queryport-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "zero-no-soa-ttl-cache", &cfg_type_boolean, 0 }, { NULL, NULL, 0 } }; -/* +/*% * Clauses that can be found within the 'view' statement only. */ static cfg_clausedef_t @@ -744,56 +863,69 @@ view_only_clauses[] = { { NULL, NULL, 0 } }; -/* +/*% * Clauses that can be found in a 'zone' statement, * with defaults in the 'view' or 'options' statement. */ static cfg_clausedef_t zone_clauses[] = { + { "allow-notify", &cfg_type_bracketed_aml, 0 }, { "allow-query", &cfg_type_bracketed_aml, 0 }, + { "allow-query-on", &cfg_type_bracketed_aml, 0 }, { "allow-transfer", &cfg_type_bracketed_aml, 0 }, + { "allow-update", &cfg_type_bracketed_aml, 0 }, { "allow-update-forwarding", &cfg_type_bracketed_aml, 0 }, - { "allow-notify", &cfg_type_bracketed_aml, 0 }, - { "notify", &cfg_type_notifytype, 0 }, - { "notify-source", &cfg_type_sockaddr4wild, 0 }, - { "notify-source-v6", &cfg_type_sockaddr6wild, 0 }, { "also-notify", &cfg_type_portiplist, 0 }, + { "alt-transfer-source", &cfg_type_sockaddr4wild, 0 }, + { "alt-transfer-source-v6", &cfg_type_sockaddr6wild, 0 }, + { "check-integrity", &cfg_type_boolean, 0 }, + { "check-mx", &cfg_type_checkmode, 0 }, + { "check-mx-cname", &cfg_type_checkmode, 0 }, + { "check-sibling", &cfg_type_boolean, 0 }, + { "check-srv-cname", &cfg_type_checkmode, 0 }, + { "check-wildcard", &cfg_type_boolean, 0 }, { "dialup", &cfg_type_dialuptype, 0 }, { "forward", &cfg_type_forwardtype, 0 }, { "forwarders", &cfg_type_portiplist, 0 }, - { "ixfr-from-differences", &cfg_type_boolean, 0 }, + { "key-directory", &cfg_type_qstring, 0 }, { "maintain-ixfr-base", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "masterfile-format", &cfg_type_masterformat, 0 }, { "max-ixfr-log-size", &cfg_type_size, CFG_CLAUSEFLAG_OBSOLETE }, { "max-journal-size", &cfg_type_sizenodefault, 0 }, - { "max-transfer-time-in", &cfg_type_uint32, 0 }, - { "max-transfer-time-out", &cfg_type_uint32, 0 }, + { "max-refresh-time", &cfg_type_uint32, 0 }, + { "max-retry-time", &cfg_type_uint32, 0 }, { "max-transfer-idle-in", &cfg_type_uint32, 0 }, { "max-transfer-idle-out", &cfg_type_uint32, 0 }, - { "max-retry-time", &cfg_type_uint32, 0 }, - { "min-retry-time", &cfg_type_uint32, 0 }, - { "max-refresh-time", &cfg_type_uint32, 0 }, + { "max-transfer-time-in", &cfg_type_uint32, 0 }, + { "max-transfer-time-out", &cfg_type_uint32, 0 }, { "min-refresh-time", &cfg_type_uint32, 0 }, + { "min-retry-time", &cfg_type_uint32, 0 }, { "multi-master", &cfg_type_boolean, 0 }, + { "notify", &cfg_type_notifytype, 0 }, + { "notify-delay", &cfg_type_uint32, 0 }, + { "notify-source", &cfg_type_sockaddr4wild, 0 }, + { "notify-source-v6", &cfg_type_sockaddr6wild, 0 }, + { "notify-to-soa", &cfg_type_boolean, 0 }, { "sig-validity-interval", &cfg_type_uint32, 0 }, { "transfer-source", &cfg_type_sockaddr4wild, 0 }, { "transfer-source-v6", &cfg_type_sockaddr6wild, 0 }, - { "alt-transfer-source", &cfg_type_sockaddr4wild, 0 }, - { "alt-transfer-source-v6", &cfg_type_sockaddr6wild, 0 }, + { "try-tcp-refresh", &cfg_type_boolean, 0 }, + { "update-check-ksk", &cfg_type_boolean, 0 }, { "use-alt-transfer-source", &cfg_type_boolean, 0 }, + { "zero-no-soa-ttl", &cfg_type_boolean, 0 }, { "zone-statistics", &cfg_type_boolean, 0 }, - { "key-directory", &cfg_type_qstring, 0 }, { NULL, NULL, 0 } }; -/* +/*% * Clauses that can be found in a 'zone' statement * only. */ static cfg_clausedef_t zone_only_clauses[] = { { "type", &cfg_type_zonetype, 0 }, - { "allow-update", &cfg_type_bracketed_aml, 0 }, { "file", &cfg_type_qstring, 0 }, + { "journal", &cfg_type_qstring, 0 }, { "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE }, { "ixfr-tmp-file", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE }, { "masters", &cfg_type_namesockaddrkeylist, 0 }, @@ -807,11 +939,12 @@ zone_only_clauses[] = { * the zone options and the global/view options. Ugh. */ { "check-names", &cfg_type_checkmode, 0 }, + { "ixfr-from-differences", &cfg_type_boolean, 0 }, { NULL, NULL, 0 } }; -/* The top-level named.conf syntax. */ +/*% The top-level named.conf syntax. */ static cfg_clausedef_t * namedconf_clausesets[] = { @@ -825,7 +958,7 @@ LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_namedconf = { &cfg_rep_map, namedconf_clausesets }; -/* The "options" statement syntax. */ +/*% The "options" statement syntax. */ static cfg_clausedef_t * options_clausesets[] = { @@ -837,7 +970,7 @@ options_clausesets[] = { static cfg_type_t cfg_type_options = { "options", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, options_clausesets }; -/* The "view" statement syntax. */ +/*% The "view" statement syntax. */ static cfg_clausedef_t * view_clausesets[] = { @@ -845,12 +978,13 @@ view_clausesets[] = { namedconf_or_view_clauses, view_clauses, zone_clauses, + dynamically_loadable_zones_clauses, NULL }; static cfg_type_t cfg_type_viewopts = { "view", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, view_clausesets }; -/* The "zone" statement syntax. */ +/*% The "zone" statement syntax. */ static cfg_clausedef_t * zone_clausesets[] = { @@ -859,9 +993,23 @@ zone_clausesets[] = { NULL }; static cfg_type_t cfg_type_zoneopts = { - "zoneopts", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, zone_clausesets }; + "zoneopts", cfg_parse_map, cfg_print_map, + cfg_doc_map, &cfg_rep_map, zone_clausesets }; -/* +/*% The "dynamically loadable zones" statement syntax. */ + +static cfg_clausedef_t * +dynamically_loadable_zones_clausesets[] = { + dynamically_loadable_zones_clauses, + NULL +}; +static cfg_type_t cfg_type_dynamically_loadable_zones_opts = { + "dynamically_loadable_zones_opts", cfg_parse_map, + cfg_print_map, cfg_doc_map, &cfg_rep_map, + dynamically_loadable_zones_clausesets +}; + +/*% * Clauses that can be found within the 'key' statement. */ static cfg_clausedef_t @@ -877,10 +1025,12 @@ key_clausesets[] = { NULL }; static cfg_type_t cfg_type_key = { - "key", cfg_parse_named_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, key_clausesets }; + "key", cfg_parse_named_map, cfg_print_map, + cfg_doc_map, &cfg_rep_map, key_clausesets +}; -/* +/*% * Clauses that can be found in a 'server' statement. */ static cfg_clausedef_t @@ -893,6 +1043,12 @@ server_clauses[] = { { "transfer-format", &cfg_type_transferformat, 0 }, { "keys", &cfg_type_server_key_kludge, 0 }, { "edns", &cfg_type_boolean, 0 }, + { "edns-udp-size", &cfg_type_uint32, 0 }, + { "max-udp-size", &cfg_type_uint32, 0 }, + { "notify-source", &cfg_type_sockaddr4wild, 0 }, + { "notify-source-v6", &cfg_type_sockaddr6wild, 0 }, + { "query-source", &cfg_type_querysource4, 0 }, + { "query-source-v6", &cfg_type_querysource6, 0 }, { "transfer-source", &cfg_type_sockaddr4wild, 0 }, { "transfer-source-v6", &cfg_type_sockaddr6wild, 0 }, { NULL, NULL, 0 } @@ -903,12 +1059,12 @@ server_clausesets[] = { NULL }; static cfg_type_t cfg_type_server = { - "server", cfg_parse_addressed_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, + "server", cfg_parse_netprefix_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, server_clausesets }; -/* +/*% * Clauses that can be found in a 'channel' clause in the * 'logging' statement. * @@ -941,12 +1097,12 @@ static cfg_type_t cfg_type_channel = { &cfg_rep_map, channel_clausesets }; -/* A list of log destination, used in the "category" clause. */ +/*% A list of log destination, used in the "category" clause. */ static cfg_type_t cfg_type_destinationlist = { "destinationlist", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_astring }; -/* +/*% * Clauses that can be found in a 'logging' statement. */ static cfg_clausedef_t @@ -1028,14 +1184,14 @@ parse_sizeval(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (result); } -/* +/*% * A size value (number + optional unit). */ static cfg_type_t cfg_type_sizeval = { "sizeval", parse_sizeval, cfg_print_uint64, cfg_doc_terminal, &cfg_rep_uint64, NULL }; -/* +/*% * A size, "unlimited", or "default". */ @@ -1050,7 +1206,7 @@ static cfg_type_t cfg_type_size = { &cfg_rep_string, size_enums }; -/* +/*% * A size or "unlimited", but not "default". */ static const char *sizenodefault_enums[] = { "unlimited", NULL }; @@ -1059,14 +1215,14 @@ static cfg_type_t cfg_type_sizenodefault = { &cfg_rep_string, sizenodefault_enums }; -/* +/*% * optional_keyvalue */ static isc_result_t parse_maybe_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, isc_boolean_t optional, cfg_obj_t **ret) { - isc_result_t result; + isc_result_t result; cfg_obj_t *obj = NULL; const keyword_type_t *kw = type->of; @@ -1095,7 +1251,7 @@ static isc_result_t parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype, const cfg_type_t *othertype, cfg_obj_t **ret) { - isc_result_t result; + isc_result_t result; CHECK(cfg_peektoken(pctx, 0)); if (pctx->token.type == isc_tokentype_string && cfg_is_enum(TOKEN_STRING(pctx), enumtype->of)) { @@ -1163,14 +1319,24 @@ static cfg_type_t cfg_type_dialuptype = { &cfg_rep_string, dialup_enums }; -static const char *notify_enums[] = { "explicit", NULL }; +static const char *notify_enums[] = { "explicit", "master-only", NULL }; static isc_result_t parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static cfg_type_t cfg_type_notifytype = { "notifytype", parse_notify_type, cfg_print_ustring, doc_enum_or_other, - &cfg_rep_string, notify_enums, + &cfg_rep_string, notify_enums, +}; + +static const char *ixfrdiff_enums[] = { "master", "slave", NULL }; +static isc_result_t +parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { + return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); +} +static cfg_type_t cfg_type_ixfrdifftype = { + "ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring, doc_enum_or_other, + &cfg_rep_string, ixfrdiff_enums, }; static keyword_type_t key_kw = { "key", &cfg_type_astring }; @@ -1185,14 +1351,14 @@ static cfg_type_t cfg_type_optional_keyref = { doc_optional_keyvalue, &cfg_rep_string, &key_kw }; -/* +/*% * A "controls" statement is represented as a map with the multivalued - * "inet" and "unix" clauses. Inet controls are tuples; unix controls - * are cfg_unsupported_t objects. + * "inet" and "unix" clauses. */ static keyword_type_t controls_allow_kw = { "allow", &cfg_type_bracketed_aml }; + static cfg_type_t cfg_type_controls_allow = { "controls_allow", parse_keyvalue, print_keyvalue, doc_keyvalue, @@ -1201,6 +1367,7 @@ static cfg_type_t cfg_type_controls_allow = { static keyword_type_t controls_keys_kw = { "keys", &cfg_type_keylist }; + static cfg_type_t cfg_type_controls_keys = { "controls_keys", parse_optional_keyvalue, print_keyvalue, doc_optional_keyvalue, @@ -1213,16 +1380,57 @@ static cfg_tuplefielddef_t inetcontrol_fields[] = { { "keys", &cfg_type_controls_keys, 0 }, { NULL, NULL, 0 } }; + static cfg_type_t cfg_type_inetcontrol = { "inetcontrol", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, inetcontrol_fields }; +static keyword_type_t controls_perm_kw = { + "perm", &cfg_type_uint32 }; + +static cfg_type_t cfg_type_controls_perm = { + "controls_perm", parse_keyvalue, + print_keyvalue, doc_keyvalue, + &cfg_rep_uint32, &controls_perm_kw +}; + +static keyword_type_t controls_owner_kw = { + "owner", &cfg_type_uint32 }; + +static cfg_type_t cfg_type_controls_owner = { + "controls_owner", parse_keyvalue, + print_keyvalue, doc_keyvalue, + &cfg_rep_uint32, &controls_owner_kw +}; + +static keyword_type_t controls_group_kw = { + "group", &cfg_type_uint32 }; + +static cfg_type_t cfg_type_controls_group = { + "controls_allow", parse_keyvalue, + print_keyvalue, doc_keyvalue, + &cfg_rep_uint32, &controls_group_kw +}; + +static cfg_tuplefielddef_t unixcontrol_fields[] = { + { "path", &cfg_type_qstring, 0 }, + { "perm", &cfg_type_controls_perm, 0 }, + { "owner", &cfg_type_controls_owner, 0 }, + { "group", &cfg_type_controls_group, 0 }, + { "keys", &cfg_type_controls_keys, 0 }, + { NULL, NULL, 0 } +}; + +static cfg_type_t cfg_type_unixcontrol = { + "unixcontrol", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, &cfg_rep_tuple, + unixcontrol_fields +}; + static cfg_clausedef_t controls_clauses[] = { { "inet", &cfg_type_inetcontrol, CFG_CLAUSEFLAG_MULTI }, - { "unix", &cfg_type_unsupported, - CFG_CLAUSEFLAG_MULTI|CFG_CLAUSEFLAG_NOTIMP }, + { "unix", &cfg_type_unixcontrol, CFG_CLAUSEFLAG_MULTI }, { NULL, NULL, 0 } }; @@ -1235,7 +1443,54 @@ static cfg_type_t cfg_type_controls = { "controls", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, &controls_clausesets }; -/* +/*% + * A "statistics-channels" statement is represented as a map with the + * multivalued "inet" clauses. + */ +static void +doc_optional_bracketed_list(cfg_printer_t *pctx, const cfg_type_t *type) { + const keyword_type_t *kw = type->of; + cfg_print_chars(pctx, "[ ", 2); + cfg_print_cstr(pctx, kw->name); + cfg_print_chars(pctx, " ", 1); + cfg_doc_obj(pctx, kw->type); + cfg_print_chars(pctx, " ]", 2); +} + +static cfg_type_t cfg_type_optional_allow = { + "optional_allow", parse_optional_keyvalue, print_keyvalue, + doc_optional_bracketed_list, &cfg_rep_list, &controls_allow_kw +}; + +static cfg_tuplefielddef_t statserver_fields[] = { + { "address", &cfg_type_controls_sockaddr, 0 }, /* reuse controls def */ + { "allow", &cfg_type_optional_allow, 0 }, + { NULL, NULL, 0 } +}; + +static cfg_type_t cfg_type_statschannel = { + "statschannel", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, + &cfg_rep_tuple, statserver_fields +}; + +static cfg_clausedef_t +statservers_clauses[] = { + { "inet", &cfg_type_statschannel, CFG_CLAUSEFLAG_MULTI }, + { NULL, NULL, 0 } +}; + +static cfg_clausedef_t * +statservers_clausesets[] = { + statservers_clauses, + NULL +}; + +static cfg_type_t cfg_type_statschannels = { + "statistics-channels", cfg_parse_map, cfg_print_map, cfg_doc_map, + &cfg_rep_map, &statservers_clausesets +}; + +/*% * An optional class, as used in view and zone statements. */ static isc_result_t @@ -1257,24 +1512,24 @@ static cfg_type_t cfg_type_optional_class = { }; static isc_result_t -parse_querysource(cfg_parser_t *pctx, int flags, cfg_obj_t **ret) { +parse_querysource(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { isc_result_t result; cfg_obj_t *obj = NULL; isc_netaddr_t netaddr; in_port_t port; unsigned int have_address = 0; unsigned int have_port = 0; + const unsigned int *flagp = type->of; - if ((flags & CFG_ADDR_V4OK) != 0) + if ((*flagp & CFG_ADDR_V4OK) != 0) isc_netaddr_any(&netaddr); - else if ((flags & CFG_ADDR_V6OK) != 0) + else if ((*flagp & CFG_ADDR_V6OK) != 0) isc_netaddr_any6(&netaddr); else INSIST(0); port = 0; - CHECK(cfg_create_obj(pctx, &cfg_type_querysource, &obj)); for (;;) { CHECK(cfg_peektoken(pctx, 0)); if (pctx->token.type == isc_tokentype_string) { @@ -1282,19 +1537,20 @@ parse_querysource(cfg_parser_t *pctx, int flags, cfg_obj_t **ret) { "address") == 0) { /* read "address" */ - CHECK(cfg_gettoken(pctx, 0)); - CHECK(cfg_parse_rawaddr(pctx, - flags | CFG_ADDR_WILDOK, + CHECK(cfg_gettoken(pctx, 0)); + CHECK(cfg_parse_rawaddr(pctx, *flagp, &netaddr)); have_address++; } else if (strcasecmp(TOKEN_STRING(pctx), "port") == 0) { /* read "port" */ - CHECK(cfg_gettoken(pctx, 0)); + CHECK(cfg_gettoken(pctx, 0)); CHECK(cfg_parse_rawport(pctx, CFG_ADDR_WILDOK, &port)); have_port++; + } else if (have_port == 0 && have_address == 0) { + return (cfg_parse_sockaddr(pctx, type, ret)); } else { cfg_parser_error(pctx, CFG_LOG_NEAR, "expected 'address' or 'port'"); @@ -1309,6 +1565,7 @@ parse_querysource(cfg_parser_t *pctx, int flags, cfg_obj_t **ret) { return (ISC_R_UNEXPECTEDTOKEN); } + CHECK(cfg_create_obj(pctx, &cfg_type_querysource, &obj)); isc_sockaddr_fromnetaddr(&obj->value.sockaddr, &netaddr, port); *ret = obj; return (ISC_R_SUCCESS); @@ -1319,18 +1576,6 @@ parse_querysource(cfg_parser_t *pctx, int flags, cfg_obj_t **ret) { return (result); } -static isc_result_t -parse_querysource4(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - UNUSED(type); - return (parse_querysource(pctx, CFG_ADDR_V4OK, ret)); -} - -static isc_result_t -parse_querysource6(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - UNUSED(type); - return (parse_querysource(pctx, CFG_ADDR_V6OK, ret)); -} - static void print_querysource(cfg_printer_t *pctx, const cfg_obj_t *obj) { isc_netaddr_t na; @@ -1341,22 +1586,28 @@ print_querysource(cfg_printer_t *pctx, const cfg_obj_t *obj) { cfg_print_rawuint(pctx, isc_sockaddr_getport(&obj->value.sockaddr)); } +static unsigned int sockaddr4wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V4OK; +static unsigned int sockaddr6wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V6OK; + static cfg_type_t cfg_type_querysource4 = { - "querysource4", parse_querysource4, NULL, cfg_doc_terminal, - NULL, NULL + "querysource4", parse_querysource, NULL, cfg_doc_terminal, + NULL, &sockaddr4wild_flags }; + static cfg_type_t cfg_type_querysource6 = { - "querysource6", parse_querysource6, NULL, cfg_doc_terminal, - NULL, NULL + "querysource6", parse_querysource, NULL, cfg_doc_terminal, + NULL, &sockaddr6wild_flags }; + static cfg_type_t cfg_type_querysource = { - "querysource", NULL, print_querysource, NULL, &cfg_rep_sockaddr, NULL }; + "querysource", NULL, print_querysource, NULL, &cfg_rep_sockaddr, NULL +}; -/* addrmatchelt */ +/*% addrmatchelt */ static isc_result_t parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - isc_result_t result; + isc_result_t result; UNUSED(type); CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING)); @@ -1396,7 +1647,7 @@ parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) return (result); } -/* +/*% * A negated address match list element (like "! 10.0.0.1"). * Somewhat sneakily, the caller is expected to parse the * "!", but not to print it. @@ -1418,21 +1669,21 @@ static cfg_type_t cfg_type_negated = { &negated_fields }; -/* An address match list element */ +/*% An address match list element */ static cfg_type_t cfg_type_addrmatchelt = { "address_match_element", parse_addrmatchelt, NULL, cfg_doc_terminal, NULL, NULL }; -/* A bracketed address match list */ +/*% A bracketed address match list */ static cfg_type_t cfg_type_bracketed_aml = { "bracketed_aml", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_addrmatchelt }; -/* +/*% * The socket address syntax in the "controls" statement is silly. * It allows both socket address families, but also allows "*", * whis is gratuitously interpreted as the IPv4 wildcard address. @@ -1444,7 +1695,7 @@ static cfg_type_t cfg_type_controls_sockaddr = { cfg_doc_sockaddr, &cfg_rep_sockaddr, &controls_sockaddr_flags }; -/* +/*% * Handle the special kludge syntax of the "keys" clause in the "server" * statement, which takes a single key with or without braces and semicolon. */ @@ -1483,7 +1734,7 @@ static cfg_type_t cfg_type_server_key_kludge = { }; -/* +/*% * An optional logging facility. */ @@ -1509,7 +1760,7 @@ static cfg_type_t cfg_type_optional_facility = { NULL, NULL }; -/* +/*% * A log severity. Return as a string, except "debug N", * which is returned as a keyword object. */ @@ -1554,7 +1805,7 @@ static cfg_type_t cfg_type_logseverity = { "log_severity", parse_logseverity, NULL, cfg_doc_terminal, NULL, NULL }; -/* +/*% * The "file" clause of the "channel" statement. * This is yet another special case. */ @@ -1564,6 +1815,7 @@ static isc_result_t parse_logversions(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (parse_enum_or_other(pctx, type, &cfg_type_uint32, ret)); } + static cfg_type_t cfg_type_logversions = { "logversions", parse_logversions, cfg_print_ustring, cfg_doc_terminal, &cfg_rep_string, logversions_enums @@ -1580,9 +1832,9 @@ static isc_result_t parse_logfile(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { isc_result_t result; cfg_obj_t *obj = NULL; - const cfg_tuplefielddef_t *fields = type->of; + const cfg_tuplefielddef_t *fields = type->of; - CHECK(cfg_create_tuple(pctx, type, &obj)); + CHECK(cfg_create_tuple(pctx, type, &obj)); /* Parse the mandatory "file" field */ CHECK(cfg_parse_obj(pctx, fields[0].type, &obj->value.tuple[0])); @@ -1591,7 +1843,7 @@ parse_logfile(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { for (;;) { CHECK(cfg_peektoken(pctx, 0)); if (pctx->token.type == isc_tokentype_string) { - CHECK(cfg_gettoken(pctx, 0)); + CHECK(cfg_gettoken(pctx, 0)); if (strcasecmp(TOKEN_STRING(pctx), "versions") == 0 && obj->value.tuple[1] == NULL) { @@ -1620,7 +1872,7 @@ parse_logfile(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (ISC_R_SUCCESS); cleanup: - CLEANUP_OBJ(obj); + CLEANUP_OBJ(obj); return (result); } @@ -1637,25 +1889,35 @@ print_logfile(cfg_printer_t *pctx, const cfg_obj_t *obj) { } } + +static void +doc_logfile(cfg_printer_t *pctx, const cfg_type_t *type) { + UNUSED(type); + cfg_print_cstr(pctx, ""); + cfg_print_chars(pctx, " ", 1); + cfg_print_cstr(pctx, "[ versions ( \"unlimited\" | ) ]"); + cfg_print_chars(pctx, " ", 1); + cfg_print_cstr(pctx, "[ size ]"); +} + static cfg_type_t cfg_type_logfile = { - "log_file", parse_logfile, print_logfile, cfg_doc_terminal, + "log_file", parse_logfile, print_logfile, doc_logfile, &cfg_rep_tuple, logfile_fields }; -/* An IPv4/IPv6 address with optional port, "*" accepted as wildcard. */ -static unsigned int sockaddr4wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V4OK; +/*% An IPv4 address with optional port, "*" accepted as wildcard. */ static cfg_type_t cfg_type_sockaddr4wild = { "sockaddr4wild", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr4wild_flags }; -static unsigned int sockaddr6wild_flags = CFG_ADDR_WILDOK | CFG_ADDR_V6OK; +/*% An IPv6 address with optional port, "*" accepted as wildcard. */ static cfg_type_t cfg_type_sockaddr6wild = { "v6addrportwild", cfg_parse_sockaddr, cfg_print_sockaddr, cfg_doc_sockaddr, &cfg_rep_sockaddr, &sockaddr6wild_flags }; -/* +/*% * lwres */ @@ -1670,8 +1932,8 @@ static cfg_type_t cfg_type_lwres_view = { }; static cfg_type_t cfg_type_lwres_searchlist = { - "lwres_searchlist", cfg_parse_bracketed_list, cfg_print_bracketed_list, cfg_doc_bracketed_list, - &cfg_rep_list, &cfg_type_astring }; + "lwres_searchlist", cfg_parse_bracketed_list, cfg_print_bracketed_list, + cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_astring }; static cfg_clausedef_t lwres_clauses[] = { @@ -1688,17 +1950,21 @@ lwres_clausesets[] = { NULL }; static cfg_type_t cfg_type_lwres = { - "lwres", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, lwres_clausesets }; + "lwres", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, + lwres_clausesets +}; -/* +/*% * rndc */ static cfg_clausedef_t rndcconf_options_clauses[] = { - { "default-server", &cfg_type_astring, 0 }, { "default-key", &cfg_type_astring, 0 }, { "default-port", &cfg_type_uint32, 0 }, + { "default-server", &cfg_type_astring, 0 }, + { "default-source-address", &cfg_type_netaddr4wild, 0 }, + { "default-source-address-v6", &cfg_type_netaddr6wild, 0 }, { NULL, NULL, 0 } }; @@ -1709,14 +1975,17 @@ rndcconf_options_clausesets[] = { }; static cfg_type_t cfg_type_rndcconf_options = { - "rndcconf_options", cfg_parse_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, - rndcconf_options_clausesets + "rndcconf_options", cfg_parse_map, cfg_print_map, cfg_doc_map, + &cfg_rep_map, rndcconf_options_clausesets }; static cfg_clausedef_t rndcconf_server_clauses[] = { { "key", &cfg_type_astring, 0 }, { "port", &cfg_type_uint32, 0 }, + { "source-address", &cfg_type_netaddr4wild, 0 }, + { "source-address-v6", &cfg_type_netaddr6wild, 0 }, + { "addresses", &cfg_type_bracketed_sockaddrnameportlist, 0 }, { NULL, NULL, 0 } }; @@ -1727,8 +1996,8 @@ rndcconf_server_clausesets[] = { }; static cfg_type_t cfg_type_rndcconf_server = { - "rndcconf_server", cfg_parse_named_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, - rndcconf_server_clausesets + "rndcconf_server", cfg_parse_named_map, cfg_print_map, cfg_doc_map, + &cfg_rep_map, rndcconf_server_clausesets }; static cfg_clausedef_t @@ -1783,15 +2052,15 @@ doc_sockaddrnameport(cfg_printer_t *pctx, const cfg_type_t *type) { cfg_print_chars(pctx, "( ", 2); cfg_print_cstr(pctx, ""); cfg_print_chars(pctx, " ", 1); - cfg_print_cstr(pctx, "[port ]"); + cfg_print_cstr(pctx, "[ port ]"); cfg_print_chars(pctx, " | ", 3); cfg_print_cstr(pctx, ""); cfg_print_chars(pctx, " ", 1); - cfg_print_cstr(pctx, "[port ]"); + cfg_print_cstr(pctx, "[ port ]"); cfg_print_chars(pctx, " | ", 3); cfg_print_cstr(pctx, ""); cfg_print_chars(pctx, " ", 1); - cfg_print_cstr(pctx, "[port ]"); + cfg_print_cstr(pctx, "[ port ]"); cfg_print_chars(pctx, " )", 2); } @@ -1799,7 +2068,7 @@ static isc_result_t parse_sockaddrnameport(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - isc_result_t result; + isc_result_t result; cfg_obj_t *obj = NULL; UNUSED(type); @@ -1810,9 +2079,9 @@ parse_sockaddrnameport(cfg_parser_t *pctx, const cfg_type_t *type, CHECK(cfg_parse_sockaddr(pctx, &cfg_type_sockaddr, ret)); else { const cfg_tuplefielddef_t *fields = - cfg_type_nameport.of; + cfg_type_nameport.of; CHECK(cfg_create_tuple(pctx, &cfg_type_nameport, - &obj)); + &obj)); CHECK(cfg_parse_obj(pctx, fields[0].type, &obj->value.tuple[0])); CHECK(cfg_parse_obj(pctx, fields[1].type, @@ -1826,7 +2095,7 @@ parse_sockaddrnameport(cfg_parser_t *pctx, const cfg_type_t *type, return (ISC_R_UNEXPECTEDTOKEN); } cleanup: - CLEANUP_OBJ(obj); + CLEANUP_OBJ(obj); return (result); } @@ -1841,7 +2110,7 @@ static cfg_type_t cfg_type_bracketed_sockaddrnameportlist = { &cfg_rep_list, &cfg_type_sockaddrnameport }; -/* +/*% * A list of socket addresses or name with an optional default port, * as used in the dual-stack-servers option. E.g., * "port 1234 { dual-stack-servers.net; 10.0.0.1; 1::2 port 69; }" @@ -1857,7 +2126,7 @@ static cfg_type_t cfg_type_nameportiplist = { &cfg_rep_tuple, nameportiplist_fields }; -/* +/*% * masters element. */ @@ -1869,11 +2138,11 @@ doc_masterselement(cfg_printer_t *pctx, const cfg_type_t *type) { cfg_print_chars(pctx, " | ", 3); cfg_print_cstr(pctx, ""); cfg_print_chars(pctx, " ", 1); - cfg_print_cstr(pctx, "[port ]"); + cfg_print_cstr(pctx, "[ port ]"); cfg_print_chars(pctx, " | ", 3); cfg_print_cstr(pctx, ""); cfg_print_chars(pctx, " ", 1); - cfg_print_cstr(pctx, "[port ]"); + cfg_print_cstr(pctx, "[ port ]"); cfg_print_chars(pctx, " )", 2); } @@ -1881,7 +2150,7 @@ static isc_result_t parse_masterselement(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - isc_result_t result; + isc_result_t result; cfg_obj_t *obj = NULL; UNUSED(type); @@ -1898,7 +2167,7 @@ parse_masterselement(cfg_parser_t *pctx, const cfg_type_t *type, return (ISC_R_UNEXPECTEDTOKEN); } cleanup: - CLEANUP_OBJ(obj); + CLEANUP_OBJ(obj); return (result); } diff --git a/contrib/bind-9.3/lib/isccfg/parser.c b/contrib/bind-9.5.2/lib/isccfg/parser.c similarity index 94% rename from contrib/bind-9.3/lib/isccfg/parser.c rename to contrib/bind-9.5.2/lib/isccfg/parser.c index 42ce9f0c03..79c7c48914 100644 --- a/contrib/bind-9.3/lib/isccfg/parser.c +++ b/contrib/bind-9.5.2/lib/isccfg/parser.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: parser.c,v 1.70.2.20.2.21 2006/02/28 06:32:54 marka Exp $ */ +/* $Id: parser.c,v 1.127 2007/10/12 04:17:18 each Exp $ */ + +/*! \file */ #include @@ -125,7 +127,7 @@ cfg_rep_t cfg_rep_void = { "void", free_noop }; * Configuration type definitions. */ -/* +/*% * An implicit list. These are formed by clauses that occur multiple times. */ static cfg_type_t cfg_type_implicitlist = { @@ -1087,7 +1089,6 @@ cfg_print_spacelist(cfg_printer_t *pctx, const cfg_obj_t *obj) { } } - isc_boolean_t cfg_obj_islist(const cfg_obj_t *obj) { REQUIRE(obj != NULL); @@ -1108,6 +1109,29 @@ cfg_list_next(const cfg_listelt_t *elt) { return (ISC_LIST_NEXT(elt, link)); } +/* + * Return the length of a list object. If obj is NULL or is not + * a list, return 0. + */ +unsigned int +cfg_list_length(const cfg_obj_t *obj, isc_boolean_t recurse) { + const cfg_listelt_t *elt; + unsigned int count = 0; + + if (obj == NULL || !cfg_obj_islist(obj)) + return (0U); + for (elt = cfg_list_first(obj); + elt != NULL; + elt = cfg_list_next(elt)) { + if (recurse && cfg_obj_islist(elt->obj)) { + count += cfg_list_length(elt->obj, recurse); + } else { + count++; + } + } + return (count); +} + const cfg_obj_t * cfg_listelt_value(const cfg_listelt_t *elt) { REQUIRE(elt != NULL); @@ -1360,13 +1384,22 @@ cfg_parse_named_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) /* * Parse a map identified by a network address. - * Used for the "server" statement. + * Used to be used for the "server" statement. */ isc_result_t cfg_parse_addressed_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (parse_any_named_map(pctx, &cfg_type_netaddr, type, ret)); } +/* + * Parse a map identified by a network prefix. + * Used for the "server" statement. + */ +isc_result_t +cfg_parse_netprefix_map(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { + return (parse_any_named_map(pctx, &cfg_type_netprefix, type, ret)); +} + void cfg_print_mapbody(cfg_printer_t *pctx, const cfg_obj_t *obj) { isc_result_t result = ISC_R_SUCCESS; @@ -1485,6 +1518,9 @@ cfg_doc_map(cfg_printer_t *pctx, const cfg_type_t *type) { } else if (type->parse == cfg_parse_addressed_map) { cfg_doc_obj(pctx, &cfg_type_netaddr); cfg_print_chars(pctx, " ", 1); + } else if (type->parse == cfg_parse_netprefix_map) { + cfg_doc_obj(pctx, &cfg_type_netprefix); + cfg_print_chars(pctx, " ", 1); } print_open(pctx); @@ -1717,10 +1753,29 @@ token_addr(cfg_parser_t *pctx, unsigned int flags, isc_netaddr_t *na) { isc_result_t cfg_parse_rawaddr(cfg_parser_t *pctx, unsigned int flags, isc_netaddr_t *na) { isc_result_t result; + const char *wild = ""; + const char *prefix = ""; + CHECK(cfg_gettoken(pctx, 0)); result = token_addr(pctx, flags, na); - if (result == ISC_R_UNEXPECTEDTOKEN) - cfg_parser_error(pctx, CFG_LOG_NEAR, "expected IP address"); + if (result == ISC_R_UNEXPECTEDTOKEN) { + if ((flags & CFG_ADDR_WILDOK) != 0) + wild = " or '*'"; + if ((flags & CFG_ADDR_V4PREFIXOK) != 0) + wild = " or IPv4 prefix"; + if ((flags & CFG_ADDR_MASK) == CFG_ADDR_V4OK) + cfg_parser_error(pctx, CFG_LOG_NEAR, + "expected IPv4 address%s%s", + prefix, wild); + else if ((flags & CFG_ADDR_MASK) == CFG_ADDR_V6OK) + cfg_parser_error(pctx, CFG_LOG_NEAR, + "expected IPv6 address%s%s", + prefix, wild); + else + cfg_parser_error(pctx, CFG_LOG_NEAR, + "expected IP address%s%s", + prefix, wild); + } cleanup: return (result); } @@ -1775,14 +1830,21 @@ cfg_print_rawaddr(cfg_printer_t *pctx, const isc_netaddr_t *na) { /* netaddr */ +static unsigned int netaddr_flags = CFG_ADDR_V4OK | CFG_ADDR_V6OK; +static unsigned int netaddr4_flags = CFG_ADDR_V4OK; +static unsigned int netaddr4wild_flags = CFG_ADDR_V4OK | CFG_ADDR_WILDOK; +static unsigned int netaddr6_flags = CFG_ADDR_V6OK; +static unsigned int netaddr6wild_flags = CFG_ADDR_V6OK | CFG_ADDR_WILDOK; + static isc_result_t parse_netaddr(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { isc_result_t result; cfg_obj_t *obj = NULL; isc_netaddr_t netaddr; - UNUSED(type); + unsigned int flags = *(const unsigned int *)type->of; + CHECK(cfg_create_obj(pctx, type, &obj)); - CHECK(cfg_parse_rawaddr(pctx, CFG_ADDR_V4OK | CFG_ADDR_V6OK, &netaddr)); + CHECK(cfg_parse_rawaddr(pctx, flags, &netaddr)); isc_sockaddr_fromnetaddr(&obj->value.sockaddr, &netaddr, 0); *ret = obj; return (ISC_R_SUCCESS); @@ -1791,9 +1853,55 @@ parse_netaddr(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (result); } +static void +cfg_doc_netaddr(cfg_printer_t *pctx, const cfg_type_t *type) { + const unsigned int *flagp = type->of; + int n = 0; + if (*flagp != CFG_ADDR_V4OK && *flagp != CFG_ADDR_V6OK) + cfg_print_chars(pctx, "( ", 2); + if (*flagp & CFG_ADDR_V4OK) { + cfg_print_cstr(pctx, ""); + n++; + } + if (*flagp & CFG_ADDR_V6OK) { + if (n != 0) + cfg_print_chars(pctx, " | ", 3); + cfg_print_cstr(pctx, ""); + n++; + } + if (*flagp & CFG_ADDR_WILDOK) { + if (n != 0) + cfg_print_chars(pctx, " | ", 3); + cfg_print_chars(pctx, "*", 1); + n++; + } + if (*flagp != CFG_ADDR_V4OK && *flagp != CFG_ADDR_V6OK) + cfg_print_chars(pctx, " )", 2); +} + cfg_type_t cfg_type_netaddr = { - "netaddr", parse_netaddr, cfg_print_sockaddr, cfg_doc_terminal, - &cfg_rep_sockaddr, NULL + "netaddr", parse_netaddr, cfg_print_sockaddr, cfg_doc_netaddr, + &cfg_rep_sockaddr, &netaddr_flags +}; + +cfg_type_t cfg_type_netaddr4 = { + "netaddr4", parse_netaddr, cfg_print_sockaddr, cfg_doc_netaddr, + &cfg_rep_sockaddr, &netaddr4_flags +}; + +cfg_type_t cfg_type_netaddr4wild = { + "netaddr4wild", parse_netaddr, cfg_print_sockaddr, cfg_doc_netaddr, + &cfg_rep_sockaddr, &netaddr4wild_flags +}; + +cfg_type_t cfg_type_netaddr6 = { + "netaddr6", parse_netaddr, cfg_print_sockaddr, cfg_doc_netaddr, + &cfg_rep_sockaddr, &netaddr6_flags +}; + +cfg_type_t cfg_type_netaddr6wild = { + "netaddr6wild", parse_netaddr, cfg_print_sockaddr, cfg_doc_netaddr, + &cfg_rep_sockaddr, &netaddr6wild_flags }; /* netprefix */ diff --git a/contrib/bind-9.3/lib/isccfg/version.c b/contrib/bind-9.5.2/lib/isccfg/version.c similarity index 80% rename from contrib/bind-9.3/lib/isccfg/version.c rename to contrib/bind-9.5.2/lib/isccfg/version.c index fe001d7434..25b98c6941 100644 --- a/contrib/bind-9.3/lib/isccfg/version.c +++ b/contrib/bind-9.5.2/lib/isccfg/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.1.12.3 2004/03/08 09:05:06 marka Exp $ */ +/* $Id: version.c,v 1.7 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/lib/lwres/api b/contrib/bind-9.5.2/lib/lwres/api new file mode 100644 index 0000000000..e12275504e --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/api @@ -0,0 +1,3 @@ +LIBINTERFACE = 40 +LIBREVISION = 1 +LIBAGE = 0 diff --git a/contrib/bind-9.3/lib/lwres/assert_p.h b/contrib/bind-9.5.2/lib/lwres/assert_p.h similarity index 82% rename from contrib/bind-9.3/lib/lwres/assert_p.h rename to contrib/bind-9.5.2/lib/lwres/assert_p.h index 78b4b7927a..f8d6e221a2 100644 --- a/contrib/bind-9.3/lib/lwres/assert_p.h +++ b/contrib/bind-9.5.2/lib/lwres/assert_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: assert_p.h,v 1.9.206.1 2004/03/06 08:15:30 marka Exp $ */ +/* $Id: assert_p.h,v 1.14 2007/06/19 23:47:22 tbox Exp $ */ #ifndef LWRES_ASSERT_P_H #define LWRES_ASSERT_P_H 1 +/*! \file */ + #include /* Required for assert() prototype. */ #define REQUIRE(x) assert(x) diff --git a/contrib/bind-9.3/lib/lwres/context.c b/contrib/bind-9.5.2/lib/lwres/context.c similarity index 64% rename from contrib/bind-9.3/lib/lwres/context.c rename to contrib/bind-9.5.2/lib/lwres/context.c index b606b9d21a..daf31b16ee 100644 --- a/contrib/bind-9.3/lib/lwres/context.c +++ b/contrib/bind-9.5.2/lib/lwres/context.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,8 +15,76 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: context.c,v 1.41.2.1.2.4 2004/09/17 05:50:31 marka Exp $ */ - +/* $Id: context.c,v 1.50.128.5 2009/09/01 23:46:36 tbox Exp $ */ + +/*! \file context.c + lwres_context_create() creates a #lwres_context_t structure for use in + lightweight resolver operations. It holds a socket and other data + needed for communicating with a resolver daemon. The new + lwres_context_t is returned through contextp, a pointer to a + lwres_context_t pointer. This lwres_context_t pointer must initially + be NULL, and is modified to point to the newly created + lwres_context_t. + + When the lightweight resolver needs to perform dynamic memory + allocation, it will call malloc_function to allocate memory and + free_function to free it. If malloc_function and free_function are + NULL, memory is allocated using malloc and free. It is not + permitted to have a NULL malloc_function and a non-NULL free_function + or vice versa. arg is passed as the first parameter to the memory + allocation functions. If malloc_function and free_function are NULL, + arg is unused and should be passed as NULL. + + Once memory for the structure has been allocated, it is initialized + using lwres_conf_init() and returned via *contextp. + + lwres_context_destroy() destroys a #lwres_context_t, closing its + socket. contextp is a pointer to a pointer to the context that is to + be destroyed. The pointer will be set to NULL when the context has + been destroyed. + + The context holds a serial number that is used to identify resolver + request packets and associate responses with the corresponding + requests. This serial number is controlled using + lwres_context_initserial() and lwres_context_nextserial(). + lwres_context_initserial() sets the serial number for context *ctx to + serial. lwres_context_nextserial() increments the serial number and + returns the previous value. + + Memory for a lightweight resolver context is allocated and freed using + lwres_context_allocmem() and lwres_context_freemem(). These use + whatever allocations were defined when the context was created with + lwres_context_create(). lwres_context_allocmem() allocates len bytes + of memory and if successful returns a pointer to the allocated + storage. lwres_context_freemem() frees len bytes of space starting at + location mem. + + lwres_context_sendrecv() performs I/O for the context ctx. Data are + read and written from the context's socket. It writes data from + sendbase -- typically a lightweight resolver query packet -- and waits + for a reply which is copied to the receive buffer at recvbase. The + number of bytes that were written to this receive buffer is returned + in *recvd_len. + +\section context_return Return Values + + lwres_context_create() returns #LWRES_R_NOMEMORY if memory for the + struct lwres_context could not be allocated, #LWRES_R_SUCCESS + otherwise. + + Successful calls to the memory allocator lwres_context_allocmem() + return a pointer to the start of the allocated space. It returns NULL + if memory could not be allocated. + + #LWRES_R_SUCCESS is returned when lwres_context_sendrecv() completes + successfully. #LWRES_R_IOERROR is returned if an I/O error occurs and + #LWRES_R_TIMEOUT is returned if lwres_context_sendrecv() times out + waiting for a response. + +\section context_see See Also + + lwres_conf_init(), malloc, free. + */ #include #include @@ -37,7 +105,7 @@ #include "context_p.h" #include "assert_p.h" -/* +/*! * Some systems define the socket length argument as an int, some as size_t, * some as socklen_t. The last is what the current POSIX standard mandates. * This definition is here so it can be portable but easily changed if needed. @@ -46,7 +114,7 @@ #define LWRES_SOCKADDR_LEN_T unsigned int #endif -/* +/*! * Make a socket nonblocking. */ #ifndef MAKE_NONBLOCKING @@ -69,9 +137,16 @@ lwres_malloc(void *, size_t); static void lwres_free(void *, void *, size_t); +/*! + * lwres_result_t + */ static lwres_result_t context_connect(lwres_context_t *); +/*% + * Creates a #lwres_context_t structure for use in + * lightweight resolver operations. + */ lwres_result_t lwres_context_create(lwres_context_t **contextp, void *arg, lwres_malloc_t malloc_function, @@ -81,7 +156,6 @@ lwres_context_create(lwres_context_t **contextp, void *arg, lwres_context_t *ctx; REQUIRE(contextp != NULL && *contextp == NULL); - UNUSED(flags); /* * If we were not given anything special to use, use our own @@ -109,6 +183,17 @@ lwres_context_create(lwres_context_t **contextp, void *arg, ctx->timeout = LWRES_DEFAULT_TIMEOUT; ctx->serial = time(NULL); /* XXXMLG or BEW */ + ctx->use_ipv4 = 1; + ctx->use_ipv6 = 1; + if ((flags & (LWRES_CONTEXT_USEIPV4 | LWRES_CONTEXT_USEIPV6)) == + LWRES_CONTEXT_USEIPV6) { + ctx->use_ipv4 = 0; + } + if ((flags & (LWRES_CONTEXT_USEIPV4 | LWRES_CONTEXT_USEIPV6)) == + LWRES_CONTEXT_USEIPV4) { + ctx->use_ipv6 = 0; + } + /* * Init resolv.conf bits. */ @@ -118,6 +203,12 @@ lwres_context_create(lwres_context_t **contextp, void *arg, return (LWRES_R_SUCCESS); } +/*% +Destroys a #lwres_context_t, closing its socket. +contextp is a pointer to a pointer to the context that is +to be destroyed. The pointer will be set to NULL +when the context has been destroyed. + */ void lwres_context_destroy(lwres_context_t **contextp) { lwres_context_t *ctx; @@ -128,13 +219,16 @@ lwres_context_destroy(lwres_context_t **contextp) { *contextp = NULL; if (ctx->sock != -1) { +#ifdef WIN32 + DestroySockets(); +#endif (void)close(ctx->sock); ctx->sock = -1; } CTXFREE(ctx, sizeof(lwres_context_t)); } - +/*% Increments the serial number and returns the previous value. */ lwres_uint32_t lwres_context_nextserial(lwres_context_t *ctx) { REQUIRE(ctx != NULL); @@ -142,6 +236,7 @@ lwres_context_nextserial(lwres_context_t *ctx) { return (ctx->serial++); } +/*% Sets the serial number for context *ctx to serial. */ void lwres_context_initserial(lwres_context_t *ctx, lwres_uint32_t serial) { REQUIRE(ctx != NULL); @@ -149,6 +244,7 @@ lwres_context_initserial(lwres_context_t *ctx, lwres_uint32_t serial) { ctx->serial = serial; } +/*% Frees len bytes of space starting at location mem. */ void lwres_context_freemem(lwres_context_t *ctx, void *mem, size_t len) { REQUIRE(mem != NULL); @@ -157,6 +253,7 @@ lwres_context_freemem(lwres_context_t *ctx, void *mem, size_t len) { CTXFREE(mem, len); } +/*% Allocates len bytes of memory and if successful returns a pointer to the allocated storage. */ void * lwres_context_allocmem(lwres_context_t *ctx, size_t len) { REQUIRE(len != 0U); @@ -231,19 +328,34 @@ context_connect(lwres_context_t *ctx) { } else return (LWRES_R_IOERROR); +#ifdef WIN32 + InitSockets(); +#endif s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); - if (s < 0) + if (s < 0) { +#ifdef WIN32 + DestroySockets(); +#endif return (LWRES_R_IOERROR); + } ret = connect(s, sa, salen); if (ret != 0) { +#ifdef WIN32 + DestroySockets(); +#endif (void)close(s); return (LWRES_R_IOERROR); } MAKE_NONBLOCKING(s, ret); - if (ret < 0) + if (ret < 0) { +#ifdef WIN32 + DestroySockets(); +#endif + (void)close(s); return (LWRES_R_IOERROR); + } ctx->sock = s; @@ -334,6 +446,7 @@ lwres_context_recv(lwres_context_t *ctx, return (LWRES_R_SUCCESS); } +/*% performs I/O for the context ctx. */ lwres_result_t lwres_context_sendrecv(lwres_context_t *ctx, void *sendbase, int sendlen, @@ -346,7 +459,7 @@ lwres_context_sendrecv(lwres_context_t *ctx, struct timeval timeout; /* - * Type of tv_sec is 32 bits long. + * Type of tv_sec is 32 bits long. */ if (ctx->timeout <= 0x7FFFFFFFU) timeout.tv_sec = (int)ctx->timeout; @@ -362,7 +475,7 @@ lwres_context_sendrecv(lwres_context_t *ctx, FD_ZERO(&readfds); FD_SET(ctx->sock, &readfds); ret2 = select(ctx->sock + 1, &readfds, NULL, NULL, &timeout); - + /* * What happened with select? */ @@ -374,6 +487,6 @@ lwres_context_sendrecv(lwres_context_t *ctx, result = lwres_context_recv(ctx, recvbase, recvlen, recvd_len); if (result == LWRES_R_RETRY) goto again; - + return (result); } diff --git a/contrib/bind-9.3/lib/lwres/context_p.h b/contrib/bind-9.5.2/lib/lwres/context_p.h similarity index 71% rename from contrib/bind-9.3/lib/lwres/context_p.h rename to contrib/bind-9.5.2/lib/lwres/context_p.h index 3e22bc00d4..3c34d2ed2e 100644 --- a/contrib/bind-9.3/lib/lwres/context_p.h +++ b/contrib/bind-9.5.2/lib/lwres/context_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,42 +15,50 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: context_p.h,v 1.12.206.1 2004/03/06 08:15:30 marka Exp $ */ +/* $Id: context_p.h,v 1.17.128.2 2008/12/17 23:46:34 tbox Exp $ */ #ifndef LWRES_CONTEXT_P_H #define LWRES_CONTEXT_P_H 1 -/* +/*! \file */ + +/*@{*/ +/** * Helper functions, assuming the context is always called "ctx" in * the scope these functions are called from. */ #define CTXMALLOC(len) ctx->malloc(ctx->arg, (len)) #define CTXFREE(addr, len) ctx->free(ctx->arg, (addr), (len)) +/*@}*/ #define LWRES_DEFAULT_TIMEOUT 120 /* 120 seconds for a reply */ -/* +/** * Not all the attributes here are actually settable by the application at * this time. */ struct lwres_context { - unsigned int timeout; /* time to wait for reply */ - lwres_uint32_t serial; /* serial number state */ + unsigned int timeout; /*%< time to wait for reply */ + lwres_uint32_t serial; /*%< serial number state */ /* * For network I/O. */ - int sock; /* socket to send on */ - lwres_addr_t address; /* address to send to */ + int sock; /*%< socket to send on */ + lwres_addr_t address; /*%< address to send to */ + int use_ipv4; /*%< use IPv4 transaction */ + int use_ipv6; /*%< use IPv6 transaction */ + /*@{*/ /* * Function pointers for allocating memory. */ lwres_malloc_t malloc; lwres_free_t free; void *arg; + /*@}*/ - /* + /*% * resolv.conf-like data */ lwres_conf_t confdata; diff --git a/contrib/bind-9.3/lib/lwres/gai_strerror.c b/contrib/bind-9.5.2/lib/lwres/gai_strerror.c similarity index 51% rename from contrib/bind-9.3/lib/lwres/gai_strerror.c rename to contrib/bind-9.5.2/lib/lwres/gai_strerror.c index 06b7fbe1ef..70b35b0d80 100644 --- a/contrib/bind-9.3/lib/lwres/gai_strerror.c +++ b/contrib/bind-9.5.2/lib/lwres/gai_strerror.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,40 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gai_strerror.c,v 1.14.2.1.10.3 2006/08/25 05:25:50 marka Exp $ */ +/* $Id: gai_strerror.c,v 1.22 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file gai_strerror.c + * lwres_gai_strerror() returns an error message corresponding to an + * error code returned by getaddrinfo(). The following error codes and + * their meaning are defined in \link netdb.h include/lwres/netdb.h.\endlink + * + * \li #EAI_ADDRFAMILY address family for hostname not supported + * \li #EAI_AGAIN temporary failure in name resolution + * \li #EAI_BADFLAGS invalid value for #ai_flags + * \li #EAI_FAIL non-recoverable failure in name resolution + * \li #EAI_FAMILY ai_family not supported + * \li #EAI_MEMORY memory allocation failure + * \li #EAI_NODATA no address associated with hostname + * \li #EAI_NONAME hostname or servname not provided, or not known + * \li #EAI_SERVICE servname not supported for ai_socktype + * \li #EAI_SOCKTYPE ai_socktype not supported + * \li #EAI_SYSTEM system error returned in errno + * + * The message invalid error code is returned if ecode is out of range. + * + * ai_flags, ai_family and ai_socktype are elements of the struct + * addrinfo used by lwres_getaddrinfo(). + * + * \section gai_strerror_see See Also + * + * strerror, lwres_getaddrinfo(), getaddrinfo(), RFC2133. + */ #include #include +/*% Text of error messages. */ static const char *gai_messages[] = { "no error", "address family for hostname not supported", @@ -38,6 +66,7 @@ static const char *gai_messages[] = { "bad protocol" }; +/*% Returns an error message corresponding to an error code returned by getaddrinfo() */ char * lwres_gai_strerror(int ecode) { union { diff --git a/contrib/bind-9.3/lib/lwres/getaddrinfo.c b/contrib/bind-9.5.2/lib/lwres/getaddrinfo.c similarity index 72% rename from contrib/bind-9.3/lib/lwres/getaddrinfo.c rename to contrib/bind-9.5.2/lib/lwres/getaddrinfo.c index 9ad10dfd7e..cd43b3f228 100644 --- a/contrib/bind-9.3/lib/lwres/getaddrinfo.c +++ b/contrib/bind-9.5.2/lib/lwres/getaddrinfo.c @@ -1,11 +1,11 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * This code is derived from software contributed to ISC by * Berkeley Software Design, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -18,13 +18,125 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getaddrinfo.c,v 1.41.206.6 2006/11/13 11:57:41 marka Exp $ */ +/* $Id: getaddrinfo.c,v 1.52.60.2 2008/11/25 23:46:36 tbox Exp $ */ + +/*! \file */ + +/** + * lwres_getaddrinfo() is used to get a list of IP addresses and port + * numbers for host hostname and service servname. The function is the + * lightweight resolver's implementation of getaddrinfo() as defined in + * RFC2133. hostname and servname are pointers to null-terminated strings + * or NULL. hostname is either a host name or a numeric host address + * string: a dotted decimal IPv4 address or an IPv6 address. servname is + * either a decimal port number or a service name as listed in + * /etc/services. + * + * If the operating system does not provide a struct addrinfo, the + * following structure is used: + * + * \code + * struct addrinfo { + * int ai_flags; // AI_PASSIVE, AI_CANONNAME + * int ai_family; // PF_xxx + * int ai_socktype; // SOCK_xxx + * int ai_protocol; // 0 or IPPROTO_xxx for IPv4 and IPv6 + * size_t ai_addrlen; // length of ai_addr + * char *ai_canonname; // canonical name for hostname + * struct sockaddr *ai_addr; // binary address + * struct addrinfo *ai_next; // next structure in linked list + * }; + * \endcode + * + * + * hints is an optional pointer to a struct addrinfo. This structure can + * be used to provide hints concerning the type of socket that the caller + * supports or wishes to use. The caller can supply the following + * structure elements in *hints: + * + *
    + *
  • ai_family: + * The protocol family that should be used. When ai_family is set + * to PF_UNSPEC, it means the caller will accept any protocol + * family supported by the operating system.
    • + * + *
  • ai_socktype: + * denotes the type of socket -- SOCK_STREAM, SOCK_DGRAM or + * SOCK_RAW -- that is wanted. When ai_socktype is zero the caller + * will accept any socket type.
    • + * + *
  • ai_protocol: + * indicates which transport protocol is wanted: IPPROTO_UDP or + * IPPROTO_TCP. If ai_protocol is zero the caller will accept any + * protocol.
    • + * + *
  • ai_flags: + * Flag bits. If the AI_CANONNAME bit is set, a successful call to + * lwres_getaddrinfo() will return a null-terminated string + * containing the canonical name of the specified hostname in + * ai_canonname of the first addrinfo structure returned. Setting + * the AI_PASSIVE bit indicates that the returned socket address + * structure is intended for used in a call to bind(2). In this + * case, if the hostname argument is a NULL pointer, then the IP + * address portion of the socket address structure will be set to + * INADDR_ANY for an IPv4 address or IN6ADDR_ANY_INIT for an IPv6 + * address.

    + * + * When ai_flags does not set the AI_PASSIVE bit, the returned + * socket address structure will be ready for use in a call to + * connect(2) for a connection-oriented protocol or connect(2), + * sendto(2), or sendmsg(2) if a connectionless protocol was + * chosen. The IP address portion of the socket address structure + * will be set to the loopback address if hostname is a NULL + * pointer and AI_PASSIVE is not set in ai_flags.

    + * + * If ai_flags is set to AI_NUMERICHOST it indicates that hostname + * should be treated as a numeric string defining an IPv4 or IPv6 + * address and no name resolution should be attempted. + *
+ * + * All other elements of the struct addrinfo passed via hints must be + * zero. + * + * A hints of NULL is treated as if the caller provided a struct addrinfo + * initialized to zero with ai_familyset to PF_UNSPEC. + * + * After a successful call to lwres_getaddrinfo(), *res is a pointer to a + * linked list of one or more addrinfo structures. Each struct addrinfo + * in this list cn be processed by following the ai_next pointer, until a + * NULL pointer is encountered. The three members ai_family, ai_socktype, + * and ai_protocol in each returned addrinfo structure contain the + * corresponding arguments for a call to socket(2). For each addrinfo + * structure in the list, the ai_addr member points to a filled-in socket + * address structure of length ai_addrlen. + * + * All of the information returned by lwres_getaddrinfo() is dynamically + * allocated: the addrinfo structures, and the socket address structures + * and canonical host name strings pointed to by the addrinfostructures. + * Memory allocated for the dynamically allocated structures created by a + * successful call to lwres_getaddrinfo() is released by + * lwres_freeaddrinfo(). ai is a pointer to a struct addrinfo created by + * a call to lwres_getaddrinfo(). + * + * \section lwresreturn RETURN VALUES + * + * lwres_getaddrinfo() returns zero on success or one of the error codes + * listed in gai_strerror() if an error occurs. If both hostname and + * servname are NULL lwres_getaddrinfo() returns #EAI_NONAME. + * + * \section lwressee SEE ALSO + * + * lwres(3), lwres_getaddrinfo(), lwres_freeaddrinfo(), + * lwres_gai_strerror(), RFC2133, getservbyname(3), connect(2), + * sendto(2), sendmsg(2), socket(2). + */ #include -#include #include +#include + #include #include #include @@ -33,8 +145,10 @@ #define SA(addr) ((struct sockaddr *)(addr)) #define SIN(addr) ((struct sockaddr_in *)(addr)) #define SIN6(addr) ((struct sockaddr_in6 *)(addr)) -#define SUN(addr) ((struct sockaddr_un *)(addr)) +#define SLOCAL(addr) ((struct sockaddr_un *)(addr)) +/*! \struct addrinfo + */ static struct addrinfo *ai_reverse(struct addrinfo *oai), *ai_clone(struct addrinfo *oai, int family), @@ -48,14 +162,14 @@ static int add_ipv4(const char *hostname, int flags, struct addrinfo **aip, static int add_ipv6(const char *hostname, int flags, struct addrinfo **aip, int socktype, int port); static void set_order(int, int (**)(const char *, int, struct addrinfo **, - int, int)); + int, int)); #define FOUND_IPV4 0x1 #define FOUND_IPV6 0x2 #define FOUND_MAX 2 #define ISC_AI_MASK (AI_PASSIVE|AI_CANONNAME|AI_NUMERICHOST) - +/*% Get a list of IP addresses and port numbers for host hostname and service servname. */ int lwres_getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res) @@ -137,7 +251,7 @@ lwres_getaddrinfo(const char *hostname, const char *servname, } #ifdef AF_LOCAL - /* + /*! * First, deal with AF_LOCAL. If the family was not set, * then assume AF_LOCAL if the first character of the * hostname/servname is '/'. @@ -270,7 +384,7 @@ lwres_getaddrinfo(const char *hostname, const char *servname, scopeid = 0; #endif - if (lwres_net_pton(AF_INET, hostname, (struct in_addr *)abuf) + if (lwres_net_pton(AF_INET, hostname, (struct in_addr *)abuf) == 1) { if (family == AF_INET6) { @@ -575,6 +689,7 @@ add_ipv6(const char *hostname, int flags, struct addrinfo **aip, return (result); } +/*% Free address info. */ void lwres_freeaddrinfo(struct addrinfo *ai) { struct addrinfo *ai_next; @@ -594,17 +709,17 @@ lwres_freeaddrinfo(struct addrinfo *ai) { static int get_local(const char *name, int socktype, struct addrinfo **res) { struct addrinfo *ai; - struct sockaddr_un *sun; + struct sockaddr_un *slocal; if (socktype == 0) return (EAI_SOCKTYPE); - ai = ai_alloc(AF_LOCAL, sizeof(*sun)); + ai = ai_alloc(AF_LOCAL, sizeof(*slocal)); if (ai == NULL) return (EAI_MEMORY); - sun = SUN(ai->ai_addr); - strncpy(sun->sun_path, name, sizeof(sun->sun_path)); + slocal = SLOCAL(ai->ai_addr); + strncpy(slocal->sun_path, name, sizeof(slocal->sun_path)); ai->ai_socktype = socktype; /* @@ -617,7 +732,7 @@ get_local(const char *name, int socktype, struct addrinfo **res) { } #endif -/* +/*! * Allocate an addrinfo structure, and a sockaddr structure * of the specificed length. We initialize: * ai_addrlen diff --git a/contrib/bind-9.5.2/lib/lwres/gethost.c b/contrib/bind-9.5.2/lib/lwres/gethost.c new file mode 100644 index 0000000000..1a1efd4653 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/gethost.c @@ -0,0 +1,362 @@ +/* + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: gethost.c,v 1.34 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ + +/** + * These functions provide hostname-to-address and address-to-hostname + * lookups by means of the lightweight resolver. They are similar to the + * standard gethostent(3) functions provided by most operating systems. + * They use a struct hostent which is usually defined in . + * + * \code + * struct hostent { + * char *h_name; // official name of host + * char **h_aliases; // alias list + * int h_addrtype; // host address type + * int h_length; // length of address + * char **h_addr_list; // list of addresses from name server + * }; + * #define h_addr h_addr_list[0] // address, for backward compatibility + * \endcode + * + * The members of this structure are: + * + * \li h_name: + * The official (canonical) name of the host. + * + * \li h_aliases: + * A NULL-terminated array of alternate names (nicknames) for the + * host. + * + * \li h_addrtype: + * The type of address being returned -- PF_INET or PF_INET6. + * + * \li h_length: + * The length of the address in bytes. + * + * \li h_addr_list: + * A NULL terminated array of network addresses for the host. Host + * addresses are returned in network byte order. + * + * For backward compatibility with very old software, h_addr is the first + * address in h_addr_list. + * + * lwres_gethostent(), lwres_sethostent(), lwres_endhostent(), + * lwres_gethostent_r(), lwres_sethostent_r() and lwres_endhostent_r() + * provide iteration over the known host entries on systems that provide + * such functionality through facilities like /etc/hosts or NIS. The + * lightweight resolver does not currently implement these functions; it + * only provides them as stub functions that always return failure. + * + * lwres_gethostbyname() and lwres_gethostbyname2() look up the hostname + * name. lwres_gethostbyname() always looks for an IPv4 address while + * lwres_gethostbyname2() looks for an address of protocol family af: + * either PF_INET or PF_INET6 -- IPv4 or IPV6 addresses respectively. + * Successful calls of the functions return a struct hostent for the name + * that was looked up. NULL is returned if the lookups by + * lwres_gethostbyname() or lwres_gethostbyname2() fail. + * + * Reverse lookups of addresses are performed by lwres_gethostbyaddr(). + * addr is an address of length len bytes and protocol family type -- + * PF_INET or PF_INET6. lwres_gethostbyname_r() is a thread-safe function + * for forward lookups. If an error occurs, an error code is returned in + * *error. resbuf is a pointer to a struct hostent which is initialised + * by a successful call to lwres_gethostbyname_r() . buf is a buffer of + * length len bytes which is used to store the h_name, h_aliases, and + * h_addr_list elements of the struct hostent returned in resbuf. + * Successful calls to lwres_gethostbyname_r() return resbuf, which is a + * pointer to the struct hostent it created. + * + * lwres_gethostbyaddr_r() is a thread-safe function that performs a + * reverse lookup of address addr which is len bytes long and is of + * protocol family type -- PF_INET or PF_INET6. If an error occurs, the + * error code is returned in *error. The other function parameters are + * identical to those in lwres_gethostbyname_r(). resbuf is a pointer to + * a struct hostent which is initialised by a successful call to + * lwres_gethostbyaddr_r(). buf is a buffer of length len bytes which is + * used to store the h_name, h_aliases, and h_addr_list elements of the + * struct hostent returned in resbuf. Successful calls to + * lwres_gethostbyaddr_r() return resbuf, which is a pointer to the + * struct hostent it created. + * + * \section gethost_return Return Values + * + * The functions lwres_gethostbyname(), lwres_gethostbyname2(), + * lwres_gethostbyaddr(), and lwres_gethostent() return NULL to indicate + * an error. In this case the global variable lwres_h_errno will contain + * one of the following error codes defined in \link netdb.h :\endlink + * + * \li #HOST_NOT_FOUND: + * The host or address was not found. + * + * \li #TRY_AGAIN: + * A recoverable error occurred, e.g., a timeout. Retrying the + * lookup may succeed. + * + * \li #NO_RECOVERY: + * A non-recoverable error occurred. + * + * \li #NO_DATA: + * The name exists, but has no address information associated with + * it (or vice versa in the case of a reverse lookup). The code + * NO_ADDRESS is accepted as a synonym for NO_DATA for backwards + * compatibility. + * + * lwres_hstrerror() translates these error codes to suitable error + * messages. + * + * lwres_gethostent() and lwres_gethostent_r() always return NULL. + * + * Successful calls to lwres_gethostbyname_r() and + * lwres_gethostbyaddr_r() return resbuf, a pointer to the struct hostent + * that was initialised by these functions. They return NULL if the + * lookups fail or if buf was too small to hold the list of addresses and + * names referenced by the h_name, h_aliases, and h_addr_list elements of + * the struct hostent. If buf was too small, both lwres_gethostbyname_r() + * and lwres_gethostbyaddr_r() set the global variable errno to ERANGE. + * + * \section gethost_see See Also + * + * gethostent(), \link getipnode.c getipnode\endlink, lwres_hstrerror() + * + * \section gethost_bugs Bugs + * + * lwres_gethostbyname(), lwres_gethostbyname2(), lwres_gethostbyaddr() + * and lwres_endhostent() are not thread safe; they return pointers to + * static data and provide error codes through a global variable. + * Thread-safe versions for name and address lookup are provided by + * lwres_gethostbyname_r(), and lwres_gethostbyaddr_r() respectively. + * + * The resolver daemon does not currently support any non-DNS name + * services such as /etc/hosts or NIS, consequently the above functions + * don't, either. + */ + +#include + +#include +#include + +#include +#include + +#include "assert_p.h" + +#define LWRES_ALIGNBYTES (sizeof(char *) - 1) +#define LWRES_ALIGN(p) \ + (((unsigned long)(p) + LWRES_ALIGNBYTES) &~ LWRES_ALIGNBYTES) + +static struct hostent *he = NULL; +static int copytobuf(struct hostent *, struct hostent *, char *, int); + +/*% Always looks for an IPv4 address. */ +struct hostent * +lwres_gethostbyname(const char *name) { + + if (he != NULL) + lwres_freehostent(he); + + he = lwres_getipnodebyname(name, AF_INET, 0, &lwres_h_errno); + return (he); +} + +/*% Looks for either an IPv4 or IPv6 address. */ +struct hostent * +lwres_gethostbyname2(const char *name, int af) { + if (he != NULL) + lwres_freehostent(he); + + he = lwres_getipnodebyname(name, af, 0, &lwres_h_errno); + return (he); +} + +/*% Reverse lookup of addresses. */ +struct hostent * +lwres_gethostbyaddr(const char *addr, int len, int type) { + + if (he != NULL) + lwres_freehostent(he); + + he = lwres_getipnodebyaddr(addr, len, type, &lwres_h_errno); + return (he); +} + +/*% Stub function. Always returns failure. */ +struct hostent * +lwres_gethostent(void) { + if (he != NULL) + lwres_freehostent(he); + + return (NULL); +} + +/*% Stub function. Always returns failure. */ +void +lwres_sethostent(int stayopen) { + /* + * Empty. + */ + UNUSED(stayopen); +} + +/*% Stub function. Always returns failure. */ +void +lwres_endhostent(void) { + /* + * Empty. + */ +} + +/*% Thread-safe function for forward lookups. */ +struct hostent * +lwres_gethostbyname_r(const char *name, struct hostent *resbuf, + char *buf, int buflen, int *error) +{ + struct hostent *he; + int res; + + he = lwres_getipnodebyname(name, AF_INET, 0, error); + if (he == NULL) + return (NULL); + res = copytobuf(he, resbuf, buf, buflen); + lwres_freehostent(he); + if (res != 0) { + errno = ERANGE; + return (NULL); + } + return (resbuf); +} + +/*% Thread-safe reverse lookup. */ +struct hostent * +lwres_gethostbyaddr_r(const char *addr, int len, int type, + struct hostent *resbuf, char *buf, int buflen, + int *error) +{ + struct hostent *he; + int res; + + he = lwres_getipnodebyaddr(addr, len, type, error); + if (he == NULL) + return (NULL); + res = copytobuf(he, resbuf, buf, buflen); + lwres_freehostent(he); + if (res != 0) { + errno = ERANGE; + return (NULL); + } + return (resbuf); +} + +/*% Stub function. Always returns failure. */ +struct hostent * +lwres_gethostent_r(struct hostent *resbuf, char *buf, int buflen, int *error) { + UNUSED(resbuf); + UNUSED(buf); + UNUSED(buflen); + *error = 0; + return (NULL); +} + +/*% Stub function. Always returns failure. */ +void +lwres_sethostent_r(int stayopen) { + /* + * Empty. + */ + UNUSED(stayopen); +} + +/*% Stub function. Always returns failure. */ +void +lwres_endhostent_r(void) { + /* + * Empty. + */ +} + +static int +copytobuf(struct hostent *he, struct hostent *hptr, char *buf, int buflen) { + char *cp; + char **ptr; + int i, n; + int nptr, len; + + /* + * Find out the amount of space required to store the answer. + */ + nptr = 2; /* NULL ptrs */ + len = (char *)LWRES_ALIGN(buf) - buf; + for (i = 0; he->h_addr_list[i]; i++, nptr++) { + len += he->h_length; + } + for (i = 0; he->h_aliases[i]; i++, nptr++) { + len += strlen(he->h_aliases[i]) + 1; + } + len += strlen(he->h_name) + 1; + len += nptr * sizeof(char*); + + if (len > buflen) { + return (-1); + } + + /* + * Copy address size and type. + */ + hptr->h_addrtype = he->h_addrtype; + n = hptr->h_length = he->h_length; + + ptr = (char **)LWRES_ALIGN(buf); + cp = (char *)LWRES_ALIGN(buf) + nptr * sizeof(char *); + + /* + * Copy address list. + */ + hptr->h_addr_list = ptr; + for (i = 0; he->h_addr_list[i]; i++, ptr++) { + memcpy(cp, he->h_addr_list[i], n); + hptr->h_addr_list[i] = cp; + cp += n; + } + hptr->h_addr_list[i] = NULL; + ptr++; + + /* + * Copy official name. + */ + n = strlen(he->h_name) + 1; + strcpy(cp, he->h_name); + hptr->h_name = cp; + cp += n; + + /* + * Copy aliases. + */ + hptr->h_aliases = ptr; + for (i = 0; he->h_aliases[i]; i++) { + n = strlen(he->h_aliases[i]) + 1; + strcpy(cp, he->h_aliases[i]); + hptr->h_aliases[i] = cp; + cp += n; + } + hptr->h_aliases[i] = NULL; + + return (0); +} diff --git a/contrib/bind-9.3/lib/lwres/getipnode.c b/contrib/bind-9.5.2/lib/lwres/getipnode.c similarity index 81% rename from contrib/bind-9.3/lib/lwres/getipnode.c rename to contrib/bind-9.5.2/lib/lwres/getipnode.c index 9b1a07bdda..513c568cc3 100644 --- a/contrib/bind-9.3/lib/lwres/getipnode.c +++ b/contrib/bind-9.5.2/lib/lwres/getipnode.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,110 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getipnode.c,v 1.30.2.4.2.6 2005/04/29 00:03:32 marka Exp $ */ +/* $Id: getipnode.c,v 1.42.128.3 2009/09/01 23:46:36 tbox Exp $ */ + +/*! \file */ + +/** + * These functions perform thread safe, protocol independent + * nodename-to-address and address-to-nodename translation as defined in + * RFC2553. This use a struct hostent which is defined in namedb.h: + * + * \code + * struct hostent { + * char *h_name; // official name of host + * char **h_aliases; // alias list + * int h_addrtype; // host address type + * int h_length; // length of address + * char **h_addr_list; // list of addresses from name server + * }; + * #define h_addr h_addr_list[0] // address, for backward compatibility + * \endcode + * + * The members of this structure are: + * + * \li h_name: + * The official (canonical) name of the host. + * + * \li h_aliases: + * A NULL-terminated array of alternate names (nicknames) for the + * host. + * + * \li h_addrtype: + * The type of address being returned - usually PF_INET or + * PF_INET6. + * + * \li h_length: + * The length of the address in bytes. + * + * \li h_addr_list: + * A NULL terminated array of network addresses for the host. Host + * addresses are returned in network byte order. + * + * lwres_getipnodebyname() looks up addresses of protocol family af for + * the hostname name. The flags parameter contains ORed flag bits to + * specify the types of addresses that are searched for, and the types of + * addresses that are returned. The flag bits are: + * + * \li #AI_V4MAPPED: + * This is used with an af of #AF_INET6, and causes IPv4 addresses + * to be returned as IPv4-mapped IPv6 addresses. + * + * \li #AI_ALL: + * This is used with an af of #AF_INET6, and causes all known + * addresses (IPv6 and IPv4) to be returned. If #AI_V4MAPPED is + * also set, the IPv4 addresses are return as mapped IPv6 + * addresses. + * + * \li #AI_ADDRCONFIG: + * Only return an IPv6 or IPv4 address if here is an active + * network interface of that type. This is not currently + * implemented in the BIND 9 lightweight resolver, and the flag is + * ignored. + * + * \li #AI_DEFAULT: + * This default sets the #AI_V4MAPPED and #AI_ADDRCONFIG flag bits. + * + * lwres_getipnodebyaddr() performs a reverse lookup of address src which + * is len bytes long. af denotes the protocol family, typically PF_INET + * or PF_INET6. + * + * lwres_freehostent() releases all the memory associated with the struct + * hostent pointer. Any memory allocated for the h_name, h_addr_list + * and h_aliases is freed, as is the memory for the hostent structure + * itself. + * + * \section getipnode_return Return Values + * + * If an error occurs, lwres_getipnodebyname() and + * lwres_getipnodebyaddr() set *error_num to an appropriate error code + * and the function returns a NULL pointer. The error codes and their + * meanings are defined in \link netdb.h \endlink: + * + * \li #HOST_NOT_FOUND: + * No such host is known. + * + * \li #NO_ADDRESS: + * The server recognised the request and the name but no address + * is available. Another type of request to the name server for + * the domain might return an answer. + * + * \li #TRY_AGAIN: + * A temporary and possibly transient error occurred, such as a + * failure of a server to respond. The request may succeed if + * retried. + * + * \li #NO_RECOVERY: + * An unexpected failure occurred, and retrying the request is + * pointless. + * + * lwres_hstrerror() translates these error codes to suitable error + * messages. + * + * \section getipnode_see See Also + * + * getaddrinfo.c, gethost.c, getnameinfo.c, herror.c, RFC2553 + */ #include @@ -43,21 +146,21 @@ LIBLWRES_EXTERNAL_DATA const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; #ifndef IN6_IS_ADDR_V4COMPAT static const unsigned char in6addr_compat[12] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; #define IN6_IS_ADDR_V4COMPAT(x) (!memcmp((x)->s6_addr, in6addr_compat, 12) && \ - ((x)->s6_addr[12] != 0 || \ - (x)->s6_addr[13] != 0 || \ - (x)->s6_addr[14] != 0 || \ - ((x)->s6_addr[15] != 0 && \ - (x)->s6_addr[15] != 1))) + ((x)->s6_addr[12] != 0 || \ + (x)->s6_addr[13] != 0 || \ + (x)->s6_addr[14] != 0 || \ + ((x)->s6_addr[15] != 0 && \ + (x)->s6_addr[15] != 1))) #endif #ifndef IN6_IS_ADDR_V4MAPPED #define IN6_IS_ADDR_V4MAPPED(x) (!memcmp((x)->s6_addr, in6addr_mapped, 12)) #endif static const unsigned char in6addr_mapped[12] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff }; /*** @@ -80,7 +183,7 @@ hostfromname(lwres_gabnresponse_t *name, int af); *** Public functions. ***/ -/* +/*! * AI_V4MAPPED + AF_INET6 * If no IPv6 address then a query for IPv4 and map returned values. * @@ -222,6 +325,7 @@ lwres_getipnodebyname(const char *name, int af, int flags, int *error_num) { return (he3); } +/*% performs a reverse lookup of address src which is len bytes long. af denotes the protocol family, typically #PF_INET or PF_INET6. */ struct hostent * lwres_getipnodebyaddr(const void *src, size_t len, int af, int *error_num) { struct hostent *he1, *he2; @@ -345,6 +449,7 @@ lwres_getipnodebyaddr(const void *src, size_t len, int af, int *error_num) { return (he1); } +/*% releases all the memory associated with the struct hostent pointer */ void lwres_freehostent(struct hostent *he) { char **cpp; @@ -387,7 +492,7 @@ lwres_freehostent(struct hostent *he) { */ #if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \ - !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) + !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) #ifdef __hpux #define lifc_len iflc_len @@ -399,7 +504,7 @@ lwres_freehostent(struct hostent *he) { #define ISC_HAVE_LIFC_FLAGS 1 #define LIFCONF lifconf #endif - + #ifdef __hpux #define lifr_addr iflr_addr #define lifr_name iflr_name @@ -452,7 +557,7 @@ scan_interfaces6(int *have_v4, int *have_v6) { /* * Some OS's just return what will fit rather * than set EINVAL if the buffer is too small - * to fit all the interfaces in. If + * to fit all the interfaces in. If * lifc.lifc_len is too near to the end of the * buffer we will grow it just in case and * retry. @@ -514,13 +619,13 @@ scan_interfaces6(int *have_v4, int *have_v6) { if ((lifreq.lifr_flags & IFF_UP) == 0) break; *have_v4 = 1; - } + } break; case AF_INET6: if (*have_v6 == 0) { memcpy(&in6, &((struct sockaddr_in6 *) - &lifreq.lifr_addr)->sin6_addr, + &lifreq.lifr_addr)->sin6_addr, sizeof(in6)); if (memcmp(&in6, &in6addr_any, sizeof(in6)) == 0) @@ -566,13 +671,20 @@ scan_interfaces(int *have_v4, int *have_v6) { int s, n; size_t cpsize; +#ifdef WIN32 + InitSockets(); +#endif #if defined(SIOCGLIFCONF) && defined(SIOCGLIFADDR) && \ - !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) + !defined(IRIX_EMUL_IOCTL_SIOCGIFCONF) /* * Try to scan the interfaces using IPv6 ioctls(). */ - if (!scan_interfaces6(have_v4, have_v6)) + if (!scan_interfaces6(have_v4, have_v6)) { +#ifdef WIN32 + DestroySockets(); +#endif return (0); + } #endif /* @@ -609,7 +721,7 @@ scan_interfaces(int *have_v4, int *have_v6) { /* * Some OS's just return what will fit rather * than set EINVAL if the buffer is too small - * to fit all the interfaces in. If + * to fit all the interfaces in. If * ifc.ifc_len is too near to the end of the * buffer we will grow it just in case and * retry. @@ -674,7 +786,7 @@ scan_interfaces(int *have_v4, int *have_v6) { if ((u.ifreq.ifr_flags & IFF_UP) == 0) break; *have_v4 = 1; - } + } break; case AF_INET6: if (*have_v6 == 0) { @@ -697,13 +809,20 @@ scan_interfaces(int *have_v4, int *have_v6) { } if (buf != NULL) free(buf); +#ifdef WIN32 + DestroySockets(); +#endif close(s); return (0); + err_ret: if (buf != NULL) free(buf); if (s != -1) close(s); +#ifdef WIN32 + DestroySockets(); +#endif return (-1); #endif } diff --git a/contrib/bind-9.3/lib/lwres/getnameinfo.c b/contrib/bind-9.5.2/lib/lwres/getnameinfo.c similarity index 75% rename from contrib/bind-9.3/lib/lwres/getnameinfo.c rename to contrib/bind-9.5.2/lib/lwres/getnameinfo.c index 059c5291bd..74a5b858b8 100644 --- a/contrib/bind-9.3/lib/lwres/getnameinfo.c +++ b/contrib/bind-9.5.2/lib/lwres/getnameinfo.c @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getnameinfo.c,v 1.30.2.3.2.4 2004/08/28 06:25:24 marka Exp $ */ +/* $Id: getnameinfo.c,v 1.39 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -53,6 +55,62 @@ * but INRIA implementation returns EAI_xxx defined for getaddrinfo(). */ + +/** + * This function is equivalent to the getnameinfo(3) function defined in + * RFC2133. lwres_getnameinfo() returns the hostname for the struct + * sockaddr sa which is salen bytes long. The hostname is of length + * hostlen and is returned via *host. The maximum length of the hostname + * is 1025 bytes: #NI_MAXHOST. + * + * The name of the service associated with the port number in sa is + * returned in *serv. It is servlen bytes long. The maximum length of the + * service name is #NI_MAXSERV - 32 bytes. + * + * The flags argument sets the following bits: + * + * \li #NI_NOFQDN: + * A fully qualified domain name is not required for local hosts. + * The local part of the fully qualified domain name is returned + * instead. + * + * \li #NI_NUMERICHOST + * Return the address in numeric form, as if calling inet_ntop(), + * instead of a host name. + * + * \li #NI_NAMEREQD + * A name is required. If the hostname cannot be found in the DNS + * and this flag is set, a non-zero error code is returned. If the + * hostname is not found and the flag is not set, the address is + * returned in numeric form. + * + * \li #NI_NUMERICSERV + * The service name is returned as a digit string representing the + * port number. + * + * \li #NI_DGRAM + * Specifies that the service being looked up is a datagram + * service, and causes getservbyport() to be called with a second + * argument of "udp" instead of its default of "tcp". This is + * required for the few ports (512-514) that have different + * services for UDP and TCP. + * + * \section getnameinfo_return Return Values + * + * lwres_getnameinfo() returns 0 on success or a non-zero error code if + * an error occurs. + * + * \section getname_see See Also + * + * RFC2133, getservbyport(), + * lwres_getnamebyaddr(). lwres_net_ntop(). + * + * \section getnameinfo_bugs Bugs + * + * RFC2133 fails to define what the nonzero return values of + * getnameinfo() are. + */ + #include #include @@ -67,12 +125,13 @@ #define SUCCESS 0 +/*% afd structure definition */ static struct afd { int a_af; size_t a_addrlen; size_t a_socklen; } afdl [] = { - /* + /*! * First entry is linked last... */ { AF_INET, sizeof(struct in_addr), sizeof(struct sockaddr_in) }, @@ -88,7 +147,7 @@ static struct afd { #define ENI_SALEN 6 #define ENI_NOSOCKET 7 -/* +/*! * The test against 0 is there to keep the Solaris compiler * from complaining about "end-of-loop code not reached". */ @@ -97,6 +156,7 @@ static struct afd { if (result != 0) goto cleanup; \ } while (0) +/*% lightweight resolver socket address structure to hostname and service name */ int lwres_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags) diff --git a/contrib/bind-9.3/lib/lwres/getrrset.c b/contrib/bind-9.5.2/lib/lwres/getrrset.c similarity index 61% rename from contrib/bind-9.3/lib/lwres/getrrset.c rename to contrib/bind-9.5.2/lib/lwres/getrrset.c index 6160039bf4..d8b6cc3fd9 100644 --- a/contrib/bind-9.3/lib/lwres/getrrset.c +++ b/contrib/bind-9.5.2/lib/lwres/getrrset.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,77 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getrrset.c,v 1.11.2.3.2.2 2004/03/06 08:15:31 marka Exp $ */ +/* $Id: getrrset.c,v 1.18 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ + +/** + * DESCRIPTION + * + * lwres_getrrsetbyname() gets a set of resource records associated with + * a hostname, class, and type. hostname is a pointer a to + * null-terminated string. The flags field is currently unused and must + * be zero. + * + * After a successful call to lwres_getrrsetbyname(), *res is a pointer + * to an #rrsetinfo structure, containing a list of one or more #rdatainfo + * structures containing resource records and potentially another list of + * rdatainfo structures containing SIG resource records associated with + * those records. The members #rri_rdclass and #rri_rdtype are copied from + * the parameters. #rri_ttl and #rri_name are properties of the obtained + * rrset. The resource records contained in #rri_rdatas and #rri_sigs are + * in uncompressed DNS wire format. Properties of the rdataset are + * represented in the #rri_flags bitfield. If the #RRSET_VALIDATED bit is + * set, the data has been DNSSEC validated and the signatures verified. + * + * All of the information returned by lwres_getrrsetbyname() is + * dynamically allocated: the rrsetinfo and rdatainfo structures, and the + * canonical host name strings pointed to by the rrsetinfostructure. + * Memory allocated for the dynamically allocated structures created by a + * successful call to lwres_getrrsetbyname() is released by + * lwres_freerrset(). rrset is a pointer to a struct rrset created by a + * call to lwres_getrrsetbyname(). + * + * The following structures are used: + * + * \code + * struct rdatainfo { + * unsigned int rdi_length; // length of data + * unsigned char *rdi_data; // record data + * }; + * + * struct rrsetinfo { + * unsigned int rri_flags; // RRSET_VALIDATED... + * unsigned int rri_rdclass; // class number + * unsigned int rri_rdtype; // RR type number + * unsigned int rri_ttl; // time to live + * unsigned int rri_nrdatas; // size of rdatas array + * unsigned int rri_nsigs; // size of sigs array + * char *rri_name; // canonical name + * struct rdatainfo *rri_rdatas; // individual records + * struct rdatainfo *rri_sigs; // individual signatures + * }; + * \endcode + * + * \section getrrset_return Return Values + * + * lwres_getrrsetbyname() returns zero on success, and one of the + * following error codes if an error occurred: + * + * \li #ERRSET_NONAME: the name does not exist + * + * \li #ERRSET_NODATA: + * the name exists, but does not have data of the desired type + * + * \li #ERRSET_NOMEMORY: + * memory could not be allocated + * + * \li #ERRSET_INVAL: + * a parameter is invalid + * + * \li #ERRSET_FAIL: + * other failure + */ #include @@ -29,6 +99,9 @@ #include "assert_p.h" +/*! + * Structure to map results + */ static unsigned int lwresult_to_result(lwres_result_t lwresult) { switch (lwresult) { @@ -40,7 +113,8 @@ lwresult_to_result(lwres_result_t lwresult) { } } -/* +/*@{*/ +/*! * malloc / calloc functions that guarantee to only * return NULL if there is an error, like they used * to before the ANSI C committee broke them. @@ -61,7 +135,9 @@ sane_calloc(size_t number, size_t size) { memset(mem, 0, len); return (mem); } +/*@}*/ +/*% Returns a set of resource records associated with a hostname, class, and type. hostname is a pointer a to null-terminated string. */ int lwres_getrrsetbyname(const char *hostname, unsigned int rdclass, unsigned int rdtype, unsigned int flags, @@ -191,6 +267,7 @@ lwres_getrrsetbyname(const char *hostname, unsigned int rdclass, return (result); } +/*% Releases memory allocated for the dynamically allocated structures created by a successful call to lwres_getrrsetbyname(). */ void lwres_freerrset(struct rrsetinfo *rrset) { unsigned int i; diff --git a/contrib/bind-9.3/lib/lwres/herror.c b/contrib/bind-9.5.2/lib/lwres/herror.c similarity index 76% rename from contrib/bind-9.3/lib/lwres/herror.c rename to contrib/bind-9.5.2/lib/lwres/herror.c index 1d0756a05b..cf5b892c7f 100644 --- a/contrib/bind-9.3/lib/lwres/herror.c +++ b/contrib/bind-9.5.2/lib/lwres/herror.c @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -48,10 +48,31 @@ * SUCH DAMAGE. */ +/*! \file herror.c + lwres_herror() prints the string s on stderr followed by the string + generated by lwres_hstrerror() for the error code stored in the global + variable lwres_h_errno. + + lwres_hstrerror() returns an appropriate string for the error code + gievn by err. The values of the error codes and messages are as + follows: + +\li #NETDB_SUCCESS: Resolver Error 0 (no error) + +\li #HOST_NOT_FOUND: Unknown host + +\li #TRY_AGAIN: Host name lookup failure + +\li #NO_RECOVERY: Unknown server error + +\li #NO_DATA: No address associated with name + + */ + #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)herror.c 8.1 (Berkeley) 6/4/93"; static const char rcsid[] = - "$Id: herror.c,v 1.10.12.2 2004/03/06 08:15:31 marka Exp $"; + "$Id: herror.c,v 1.17 2007/06/19 23:47:22 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -63,22 +84,22 @@ static const char rcsid[] = LIBLWRES_EXTERNAL_DATA int lwres_h_errno; -/* +/*! * these have never been declared in any header file so make them static */ static const char *h_errlist[] = { - "Resolver Error 0 (no error)", - "Unknown host", /* 1 HOST_NOT_FOUND */ - "Host name lookup failure", /* 2 TRY_AGAIN */ - "Unknown server error", /* 3 NO_RECOVERY */ - "No address associated with name", /* 4 NO_ADDRESS */ + "Resolver Error 0 (no error)", /*%< 0 no error */ + "Unknown host", /*%< 1 HOST_NOT_FOUND */ + "Host name lookup failure", /*%< 2 TRY_AGAIN */ + "Unknown server error", /*%< 3 NO_RECOVERY */ + "No address associated with name", /*%< 4 NO_ADDRESS */ }; static int h_nerr = { sizeof(h_errlist) / sizeof(h_errlist[0]) }; -/* +/*! * herror -- * print the error indicated by the h_errno value. */ @@ -87,7 +108,7 @@ lwres_herror(const char *s) { fprintf(stderr, "%s: %s\n", s, lwres_hstrerror(lwres_h_errno)); } -/* +/*! * hstrerror -- * return the string associated with a given "host" errno value. */ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/context.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/context.h similarity index 82% rename from contrib/bind-9.3/lib/lwres/include/lwres/context.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/context.h index 962b142ec1..7f751fd693 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/context.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/context.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,18 +15,20 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: context.h,v 1.14.206.1 2004/03/06 08:15:34 marka Exp $ */ +/* $Id: context.h,v 1.21.128.2 2008/12/17 23:46:34 tbox Exp $ */ #ifndef LWRES_CONTEXT_H #define LWRES_CONTEXT_H 1 +/*! \file lwres/context.h */ + #include #include #include #include -/* +/*! * Used to set various options such as timeout, authentication, etc */ typedef struct lwres_context lwres_context_t; @@ -51,19 +53,26 @@ typedef void (*lwres_free_t)(void *arg, void *mem, size_t length); * Share /etc/resolv.conf data between contexts. */ -/* +/*! * _SERVERMODE * Don't allocate and connect a socket to the server, since the * caller _is_ a server. + * + * _USEIPV4, _USEIPV6 + * Use IPv4 and IPv6 transactions with remote servers, respectively. + * For backward compatibility, regard both flags as being set when both + * are cleared. */ #define LWRES_CONTEXT_SERVERMODE 0x00000001U +#define LWRES_CONTEXT_USEIPV4 0x00000002U +#define LWRES_CONTEXT_USEIPV6 0x00000004U lwres_result_t lwres_context_create(lwres_context_t **contextp, void *arg, lwres_malloc_t malloc_function, lwres_free_t free_function, unsigned int flags); -/* +/**< * Allocate a lwres context. This is used in all lwres calls. * * Memory management can be replaced here by passing in two functions. @@ -75,28 +84,22 @@ lwres_context_create(lwres_context_t **contextp, void *arg, * * If they are NULL, the standard malloc() and free() will be used. * - * Requires: + *\pre contextp != NULL && contextp == NULL. * - * contextp != NULL && contextp == NULL. - * - * Returns: - * - * Returns 0 on success, non-zero on failure. + *\return Returns 0 on success, non-zero on failure. */ void lwres_context_destroy(lwres_context_t **contextp); -/* +/**< * Frees all memory associated with a lwres context. * - * Requires: - * - * contextp != NULL && contextp == NULL. + *\pre contextp != NULL && contextp == NULL. */ lwres_uint32_t lwres_context_nextserial(lwres_context_t *ctx); -/* +/**< * XXXMLG Document */ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/int.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/int.h similarity index 82% rename from contrib/bind-9.3/lib/lwres/include/lwres/int.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/int.h index 2523924e18..3fb0c4f362 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/int.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/int.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: int.h,v 1.7.206.1 2004/03/06 08:15:34 marka Exp $ */ +/* $Id: int.h,v 1.14 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_INT_H #define LWRES_INT_H 1 +/*! \file lwres/int.h */ + typedef char lwres_int8_t; typedef unsigned char lwres_uint8_t; typedef short lwres_int16_t; diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/ipv6.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/ipv6.h similarity index 84% rename from contrib/bind-9.3/lib/lwres/include/lwres/ipv6.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/ipv6.h index 5dc06d6a25..5d54b296f1 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/ipv6.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/ipv6.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ipv6.h,v 1.9.206.1 2004/03/06 08:15:34 marka Exp $ */ +/* $Id: ipv6.h,v 1.16 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_IPV6_H #define LWRES_IPV6_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/* +/*! \file lwres/ipv6.h * IPv6 definitions for systems which do not support IPv6. */ @@ -39,6 +39,7 @@ *** Types. ***/ +/*% in6_addr structure */ struct in6_addr { union { lwres_uint8_t _S6_u8[16]; @@ -46,10 +47,13 @@ struct in6_addr { lwres_uint32_t _S6_u32[4]; } _S6_un; }; +/*@{*/ +/*% IP v6 types */ #define s6_addr _S6_un._S6_u8 #define s6_addr8 _S6_un._S6_u8 #define s6_addr16 _S6_un._S6_u16 #define s6_addr32 _S6_un._S6_u32 +/*@}*/ #define IN6ADDR_ANY_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}} #define IN6ADDR_LOOPBACK_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}} @@ -57,6 +61,7 @@ struct in6_addr { LIBLWRES_EXTERNAL_DATA extern const struct in6_addr in6addr_any; LIBLWRES_EXTERNAL_DATA extern const struct in6_addr in6addr_loopback; +/*% used in getaddrinfo.c and getnameinfo.c */ struct sockaddr_in6 { #ifdef LWRES_PLATFORM_HAVESALEN lwres_uint8_t sin6_len; @@ -74,13 +79,14 @@ struct sockaddr_in6 { #define SIN6_LEN 1 #endif +/*% in6_pktinfo structure */ struct in6_pktinfo { - struct in6_addr ipi6_addr; /* src/dst IPv6 address */ - unsigned int ipi6_ifindex; /* send/recv interface index */ + struct in6_addr ipi6_addr; /*%< src/dst IPv6 address */ + unsigned int ipi6_ifindex; /*%< send/recv interface index */ }; -/* - * Unspecified +/*! + * Unspecified IPv6 address */ #define IN6_IS_ADDR_UNSPECIFIED(a) \ (((a)->s6_addr32[0] == 0) && \ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/lang.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/lang.h similarity index 80% rename from contrib/bind-9.3/lib/lwres/include/lwres/lang.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/lang.h index bd99ec017e..b680e4b565 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/lang.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/lang.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lang.h,v 1.6.206.1 2004/03/06 08:15:35 marka Exp $ */ +/* $Id: lang.h,v 1.13 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_LANG_H #define LWRES_LANG_H 1 +/*! \file lwres/lang.h */ + #ifdef __cplusplus #define LWRES_LANG_BEGINDECLS extern "C" { #define LWRES_LANG_ENDDECLS } diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/list.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/list.h similarity index 93% rename from contrib/bind-9.3/lib/lwres/include/lwres/list.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/list.h index 9b61787993..c6ab0966ec 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/list.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/list.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: list.h,v 1.7.206.1 2004/03/06 08:15:35 marka Exp $ */ +/* $Id: list.h,v 1.14 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_LIST_H #define LWRES_LIST_H 1 +/*! \file lwres/list.h */ + #define LWRES_LIST(type) struct { type *head, *tail; } #define LWRES_LIST_INIT(list) \ do { (list).head = NULL; (list).tail = NULL; } while (0) diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/lwbuffer.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/lwbuffer.h similarity index 94% rename from contrib/bind-9.3/lib/lwres/include/lwres/lwbuffer.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/lwbuffer.h index 97f7b9d98d..e3cf343761 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/lwbuffer.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/lwbuffer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,10 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwbuffer.h,v 1.15.206.1 2004/03/06 08:15:35 marka Exp $ */ +/* $Id: lwbuffer.h,v 1.22 2007/06/19 23:47:23 tbox Exp $ */ -#ifndef LWRES_LWBUFFER_H -#define LWRES_LWBUFFER_H 1 -/***** - ***** Module Info - *****/ - -/* - * Buffers +/*! \file lwres/lwbuffer.h * * A buffer is a region of memory, together with a set of related subregions. * Buffers are used for parsing and I/O operations. @@ -51,6 +44,7 @@ * region is empty. If the current offset advances beyond the chosen offset, * the active region will also be empty. * + * \verbatim * /----- used region -----\/-- available --\ * +----------------------------------------+ * | consumed | remaining | | @@ -68,9 +62,11 @@ * a-b == consumed region. * b-d == remaining region. * b-c == optional active region. + * \endverbatim * * The following invariants are maintained by all routines: * + *\verbatim * length > 0 * * base is a valid pointer to length bytes of memory @@ -81,24 +77,28 @@ * * 0 <= active <= used * (although active < current implies empty active region) + *\endverbatim * - * MP: + * \li MP: * Buffers have no synchronization. Clients must ensure exclusive * access. * - * Reliability: + * \li Reliability: * No anticipated impact. * - * Resources: + * \li Resources: * Memory: 1 pointer + 6 unsigned integers per buffer. * - * Security: + * \li Security: * No anticipated impact. * - * Standards: + * \li Standards: * None. */ +#ifndef LWRES_LWBUFFER_H +#define LWRES_LWBUFFER_H 1 + /*** *** Imports ***/ @@ -116,32 +116,35 @@ LWRES_LANG_BEGINDECLS #define LWRES_BUFFER_VALID(b) ((b) != NULL && \ (b)->magic == LWRES_BUFFER_MAGIC) -/* +/*! * The following macros MUST be used only on valid buffers. It is the * caller's responsibility to ensure this by using the LWRES_BUFFER_VALID * check above, or by calling another lwres_buffer_*() function (rather than * another macro.) */ -/* +/*! * Get the length of the used region of buffer "b" */ #define LWRES_BUFFER_USEDCOUNT(b) ((b)->used) -/* +/*! * Get the length of the available region of buffer "b" */ #define LWRES_BUFFER_AVAILABLECOUNT(b) ((b)->length - (b)->used) #define LWRES_BUFFER_REMAINING(b) ((b)->used - (b)->current) -/* +/*! * Note that the buffer structure is public. This is principally so buffer * operations can be implemented using macros. Applications are strongly * discouraged from directly manipulating the structure. */ typedef struct lwres_buffer lwres_buffer_t; +/*! + * Buffer data structure + */ struct lwres_buffer { unsigned int magic; unsigned char *base; @@ -158,7 +161,7 @@ struct lwres_buffer { void lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length); -/* +/**< * Make 'b' refer to the 'length'-byte region starting at base. * * Requires: @@ -171,7 +174,7 @@ lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length); void lwres_buffer_invalidate(lwres_buffer_t *b); -/* +/**< * Make 'b' an invalid buffer. * * Requires: @@ -184,7 +187,7 @@ lwres_buffer_invalidate(lwres_buffer_t *b); void lwres_buffer_add(lwres_buffer_t *b, unsigned int n); -/* +/**< * Increase the 'used' region of 'b' by 'n' bytes. * * Requires: @@ -197,7 +200,7 @@ lwres_buffer_add(lwres_buffer_t *b, unsigned int n); void lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n); -/* +/**< * Decrease the 'used' region of 'b' by 'n' bytes. * * Requires: @@ -210,7 +213,7 @@ lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n); void lwres_buffer_clear(lwres_buffer_t *b); -/* +/**< * Make the used region empty. * * Requires: @@ -223,9 +226,10 @@ lwres_buffer_clear(lwres_buffer_t *b); * */ + void lwres_buffer_first(lwres_buffer_t *b); -/* +/**< * Make the consumed region empty. * * Requires: @@ -240,7 +244,7 @@ lwres_buffer_first(lwres_buffer_t *b); void lwres_buffer_forward(lwres_buffer_t *b, unsigned int n); -/* +/**< * Increase the 'consumed' region of 'b' by 'n' bytes. * * Requires: @@ -253,7 +257,7 @@ lwres_buffer_forward(lwres_buffer_t *b, unsigned int n); void lwres_buffer_back(lwres_buffer_t *b, unsigned int n); -/* +/**< * Decrease the 'consumed' region of 'b' by 'n' bytes. * * Requires: @@ -266,7 +270,7 @@ lwres_buffer_back(lwres_buffer_t *b, unsigned int n); lwres_uint8_t lwres_buffer_getuint8(lwres_buffer_t *b); -/* +/**< * Read an unsigned 8-bit integer from 'b' and return it. * * Requires: @@ -286,7 +290,7 @@ lwres_buffer_getuint8(lwres_buffer_t *b); void lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val); -/* +/**< * Store an unsigned 8-bit integer from 'val' into 'b'. * * Requires: @@ -300,7 +304,7 @@ lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val); lwres_uint16_t lwres_buffer_getuint16(lwres_buffer_t *b); -/* +/**< * Read an unsigned 16-bit integer in network byte order from 'b', convert * it to host byte order, and return it. * @@ -321,7 +325,7 @@ lwres_buffer_getuint16(lwres_buffer_t *b); void lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val); -/* +/**< * Store an unsigned 16-bit integer in host byte order from 'val' * into 'b' in network byte order. * @@ -336,7 +340,7 @@ lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val); lwres_uint32_t lwres_buffer_getuint32(lwres_buffer_t *b); -/* +/**< * Read an unsigned 32-bit integer in network byte order from 'b', convert * it to host byte order, and return it. * @@ -357,7 +361,7 @@ lwres_buffer_getuint32(lwres_buffer_t *b); void lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val); -/* +/**< * Store an unsigned 32-bit integer in host byte order from 'val' * into 'b' in network byte order. * @@ -373,7 +377,7 @@ lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val); void lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, unsigned int length); -/* +/**< * Copy 'length' bytes of memory at 'base' into 'b'. * * Requires: @@ -386,7 +390,7 @@ lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, void lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, unsigned int length); -/* +/**< * Copy 'length' bytes of memory from 'b' into 'base'. * * Requires: diff --git a/contrib/bind-9.5.2/lib/lwres/include/lwres/lwpacket.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/lwpacket.h new file mode 100644 index 0000000000..96f8e5454a --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/lwpacket.h @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: lwpacket.h,v 1.24 2007/06/19 23:47:23 tbox Exp $ */ + +#ifndef LWRES_LWPACKET_H +#define LWRES_LWPACKET_H 1 + +#include +#include +#include + +/*% lwres_lwpacket_t */ +typedef struct lwres_lwpacket lwres_lwpacket_t; + +/*% lwres_lwpacket structure */ +struct lwres_lwpacket { + /*! The overall packet length, including the + * entire packet header. + * This field is filled in by the + * \link lwres_gabn.c lwres_gabn_*()\endlink + * and \link lwres_gnba.c lwres_gnba_*()\endlink calls. + */ + lwres_uint32_t length; + /*! Specifies the header format. Currently, + * there is only one format, #LWRES_LWPACKETVERSION_0. + * This field is filled in by the + * \link lwres_gabn.c lwres_gabn_*()\endlink + * and \link lwres_gnba.c lwres_gnba_*()\endlink calls. + */ + lwres_uint16_t version; + /*! Specifies library-defined flags for this packet, such as + * whether the packet is a request or a reply. None of + * these are definable by the caller, but library-defined values + * can be set by the caller. For example, one bit in this field + * indicates if the packet is a request or a response. + * This field is filled in by + * the application wits the exception of the + * #LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library + * in the + * \link lwres_gabn.c lwres_gabn_*()\endlink + * and \link lwres_gnba.c lwres_gnba_*()\endlink calls. + */ + lwres_uint16_t pktflags; + /*! Set by the requestor and is returned in all replies. + * If two packets from the same source have the same serial + * number and are from the same source, they are assumed to + * be duplicates and the latter ones may be dropped. + * (The library does not do this by default on replies, but + * does so on requests.) + */ + lwres_uint32_t serial; + /*! Opcodes between 0x04000000 and 0xffffffff + * are application defined. Opcodes between + * 0x00000000 and 0x03ffffff are + * reserved for library use. + * This field is filled in by the + * \link lwres_gabn.c lwres_gabn_*()\endlink + * and \link lwres_gnba.c lwres_gnba_*()\endlink calls. + */ + lwres_uint32_t opcode; + /*! Only valid for results. + * Results between 0x04000000 and 0xffffffff are application + * defined. + * Results between 0x00000000 and 0x03ffffff are reserved for + * library use. + * (This is the same reserved range defined in , + * so it + * would be trivial to map ISC_R_* result codes into packet result + * codes when appropriate.) + * This field is filled in by the + * \link lwres_gabn.c lwres_gabn_*()\endlink + * and \link lwres_gnba.c lwres_gnba_*()\endlink calls. + */ + lwres_uint32_t result; + /*! Set to the maximum buffer size that the receiver can + * handle on requests, and the size of the buffer needed to + * satisfy a request + * when the buffer is too large for replies. + * This field is supplied by the application. + */ + lwres_uint32_t recvlength; + /*! The packet level auth type used. + * Authtypes between 0x1000 and 0xffff are application defined. + * Authtypes + * between 0x0000 and 0x0fff are reserved for library use. + * This is currently + * unused and MUST be set to zero. + */ + lwres_uint16_t authtype; + /*! The length of the authentication data. + * See the specific + * authtypes for more information on what is contained + * in this field. This is currently unused, and + * MUST be set to zero. + */ + lwres_uint16_t authlength; +}; + +#define LWRES_LWPACKET_LENGTH (4 * 5 + 2 * 4) /*%< Overall length. */ + +#define LWRES_LWPACKETFLAG_RESPONSE 0x0001U /*%< If set, pkt is a response. */ + + +#define LWRES_LWPACKETVERSION_0 0 /*%< Header format. */ + +/*! \file lwres/lwpacket.h + * + * + * The remainder of the packet consists of two regions, one described by + * "authlen" and one of "length - authlen - sizeof(lwres_lwpacket_t)". + * + * That is: + * + * \code + * pkt header + * authlen bytes of auth information + * data bytes + * \endcode + * + * Currently defined opcodes: + * + *\li #LWRES_OPCODE_NOOP. Success is always returned, with the packet contents echoed. + * + *\li #LWRES_OPCODE_GETADDRSBYNAME. Return all known addresses for a given name. + * This may return NIS or /etc/hosts info as well as DNS + * information. Flags will be provided to indicate ip4/ip6 + * addresses are desired. + * + *\li #LWRES_OPCODE_GETNAMEBYADDR. Return the hostname for the given address. Once + * again, it will return data from multiple sources. + */ + +LWRES_LANG_BEGINDECLS + +/* XXXMLG document */ +lwres_result_t +lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); + +lwres_result_t +lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); + +LWRES_LANG_ENDDECLS + +#endif /* LWRES_LWPACKET_H */ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/lwres.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/lwres.h similarity index 78% rename from contrib/bind-9.3/lib/lwres/include/lwres/lwres.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/lwres.h index 7260b00f11..6912448cf9 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/lwres.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/lwres.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwres.h,v 1.49.12.3 2004/03/08 09:05:11 marka Exp $ */ +/* $Id: lwres.h,v 1.57 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_LWRES_H #define LWRES_LWRES_H 1 @@ -28,14 +28,16 @@ #include #include -/* +/*! \file lwres/lwres.h */ + +/*! * Design notes: * * Each opcode has two structures and three functions which operate on each * structure. For example, using the "no operation/ping" opcode as an * example: * - * lwres_nooprequest_t: + *
  • lwres_nooprequest_t: * * lwres_nooprequest_render() takes a lwres_nooprequest_t and * and renders it into wire format, storing the allocated @@ -43,20 +45,20 @@ * is no longer needed, it must be freed by * lwres_context_freemem(). All other memory used by the * caller must be freed manually, including the - * lwres_nooprequest_t passed in. + * lwres_nooprequest_t passed in.

    * * lwres_nooprequest_parse() takes a wire format message and * breaks it out into a lwres_nooprequest_t. The structure * must be freed via lwres_nooprequest_free() when it is no longer - * needed. + * needed.

    * * lwres_nooprequest_free() releases into the lwres_context_t - * any space allocated during parsing. + * any space allocated during parsing.
    • * - * lwres_noopresponse_t: + *
  • lwres_noopresponse_t: * * The functions used are similar to the three used for - * requests, just with different names. + * requests, just with different names.
* * Typically, the client will use request_render, response_parse, and * response_free, while the daemon will use request_parse, response_render, @@ -64,62 +66,57 @@ * * The basic flow of a typical client is: * - * fill in a request_t, and call the render function. + * \li fill in a request_t, and call the render function. * - * Transmit the buffer returned to the daemon. + * \li Transmit the buffer returned to the daemon. * - * Wait for a response. + * \li Wait for a response. * - * When a response is received, parse it into a response_t. + * \li When a response is received, parse it into a response_t. * - * free the request buffer using lwres_context_freemem(). + * \li free the request buffer using lwres_context_freemem(). * - * free the response structure and its associated buffer using + * \li free the response structure and its associated buffer using * response_free(). */ -#define LWRES_UDP_PORT 921 -#define LWRES_RECVLENGTH 16384 -#define LWRES_ADDR_MAXLEN 16 /* changing this breaks ABI */ -#define LWRES_RESOLV_CONF "/etc/resolv.conf" +#define LWRES_UDP_PORT 921 /*%< UDP Port Number */ +#define LWRES_RECVLENGTH 16384 /*%< Maximum Packet Length */ +#define LWRES_ADDR_MAXLEN 16 /*%< changing this breaks ABI */ +#define LWRES_RESOLV_CONF "/etc/resolv.conf" /*%< Location of resolv.conf */ -/* - * Flags. - * - * These flags are only relevant to rrset queries. - * - * TRUSTNOTREQUIRED: DNSSEC is not required (input) - * SECUREDATA: The data was crypto-verified with DNSSEC (output) - * - */ +/*% DNSSEC is not required (input). Only relevant to rrset queries. */ #define LWRES_FLAG_TRUSTNOTREQUIRED 0x00000001U +/*% The data was crypto-verified with DNSSEC (output). */ #define LWRES_FLAG_SECUREDATA 0x00000002U -/* - * no-op - */ +/*% no-op */ #define LWRES_OPCODE_NOOP 0x00000000U +/*% lwres_nooprequest_t */ typedef struct { /* public */ lwres_uint16_t datalength; unsigned char *data; } lwres_nooprequest_t; +/*% lwres_noopresponse_t */ typedef struct { /* public */ lwres_uint16_t datalength; unsigned char *data; } lwres_noopresponse_t; -/* - * get addresses by name - */ +/*% get addresses by name */ #define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U +/*% lwres_addr_t */ typedef struct lwres_addr lwres_addr_t; + +/*% LWRES_LIST */ typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t; +/*% lwres_addr */ struct lwres_addr { lwres_uint32_t family; lwres_uint16_t length; @@ -127,6 +124,7 @@ struct lwres_addr { LWRES_LINK(lwres_addr_t) link; }; +/*% lwres_gabnrequest_t */ typedef struct { /* public */ lwres_uint32_t flags; @@ -135,6 +133,7 @@ typedef struct { char *name; } lwres_gabnrequest_t; +/*% lwres_gabnresponse_t */ typedef struct { /* public */ lwres_uint32_t flags; @@ -145,21 +144,22 @@ typedef struct { lwres_uint16_t realnamelen; lwres_uint16_t *aliaslen; lwres_addrlist_t addrs; - /* if base != NULL, it will be freed when this structure is freed. */ + /*! if base != NULL, it will be freed when this structure is freed. */ void *base; size_t baselen; } lwres_gabnresponse_t; -/* - * get name by address - */ +/*% get name by address */ #define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U + +/*% lwres_gnbarequest_t */ typedef struct { /* public */ lwres_uint32_t flags; lwres_addr_t addr; } lwres_gnbarequest_t; +/*% lwres_gnbaresponse_t */ typedef struct { /* public */ lwres_uint32_t flags; @@ -168,16 +168,15 @@ typedef struct { char **aliases; lwres_uint16_t realnamelen; lwres_uint16_t *aliaslen; - /* if base != NULL, it will be freed when this structure is freed. */ + /*! if base != NULL, it will be freed when this structure is freed. */ void *base; size_t baselen; } lwres_gnbaresponse_t; -/* - * get rdata by name - */ +/*% get rdata by name */ #define LWRES_OPCODE_GETRDATABYNAME 0x00010003U +/*% lwres_grbnrequest_t */ typedef struct { /* public */ lwres_uint32_t flags; @@ -187,6 +186,7 @@ typedef struct { char *name; } lwres_grbnrequest_t; +/*% lwres_grbnresponse_t */ typedef struct { /* public */ lwres_uint32_t flags; @@ -201,58 +201,59 @@ typedef struct { lwres_uint16_t *rdatalen; unsigned char **sigs; lwres_uint16_t *siglen; - /* if base != NULL, it will be freed when this structure is freed. */ + /*% if base != NULL, it will be freed when this structure is freed. */ void *base; size_t baselen; } lwres_grbnresponse_t; +/*% Used by lwres_getrrsetbyname() */ #define LWRDATA_VALIDATED 0x00000001 -/* +/*! * resolv.conf data */ -#define LWRES_CONFMAXNAMESERVERS 3 /* max 3 "nameserver" entries */ -#define LWRES_CONFMAXLWSERVERS 1 /* max 1 "lwserver" entry */ -#define LWRES_CONFMAXSEARCH 8 /* max 8 domains in "search" entry */ -#define LWRES_CONFMAXLINELEN 256 /* max size of a line */ -#define LWRES_CONFMAXSORTLIST 10 +#define LWRES_CONFMAXNAMESERVERS 3 /*%< max 3 "nameserver" entries */ +#define LWRES_CONFMAXLWSERVERS 1 /*%< max 1 "lwserver" entry */ +#define LWRES_CONFMAXSEARCH 8 /*%< max 8 domains in "search" entry */ +#define LWRES_CONFMAXLINELEN 256 /*%< max size of a line */ +#define LWRES_CONFMAXSORTLIST 10 /*%< max 10 */ + +/*% lwres_conf_t */ typedef struct { lwres_context_t *lwctx; lwres_addr_t nameservers[LWRES_CONFMAXNAMESERVERS]; - lwres_uint8_t nsnext; /* index for next free slot */ + lwres_uint8_t nsnext; /*%< index for next free slot */ lwres_addr_t lwservers[LWRES_CONFMAXLWSERVERS]; - lwres_uint8_t lwnext; /* index for next free slot */ + lwres_uint8_t lwnext; /*%< index for next free slot */ char *domainname; char *search[LWRES_CONFMAXSEARCH]; - lwres_uint8_t searchnxt; /* index for next free slot */ + lwres_uint8_t searchnxt; /*%< index for next free slot */ struct { lwres_addr_t addr; - /* mask has a non-zero 'family' and 'length' if set */ + /*% mask has a non-zero 'family' and 'length' if set */ lwres_addr_t mask; } sortlist[LWRES_CONFMAXSORTLIST]; lwres_uint8_t sortlistnxt; - lwres_uint8_t resdebug; /* non-zero if 'options debug' set */ - lwres_uint8_t ndots; /* set to n in 'options ndots:n' */ - lwres_uint8_t no_tld_query; /* non-zero if 'options no_tld_query' */ + lwres_uint8_t resdebug; /*%< non-zero if 'options debug' set */ + lwres_uint8_t ndots; /*%< set to n in 'options ndots:n' */ + lwres_uint8_t no_tld_query; /*%< non-zero if 'options no_tld_query' */ } lwres_conf_t; -#define LWRES_ADDRTYPE_V4 0x00000001U /* ipv4 */ -#define LWRES_ADDRTYPE_V6 0x00000002U /* ipv6 */ +#define LWRES_ADDRTYPE_V4 0x00000001U /*%< ipv4 */ +#define LWRES_ADDRTYPE_V6 0x00000002U /*%< ipv6 */ -#define LWRES_MAX_ALIASES 16 /* max # of aliases */ -#define LWRES_MAX_ADDRS 64 /* max # of addrs */ +#define LWRES_MAX_ALIASES 16 /*%< max # of aliases */ +#define LWRES_MAX_ADDRS 64 /*%< max # of addrs */ LWRES_LANG_BEGINDECLS -/* - * This is in host byte order. - */ +/*% This is in host byte order. */ LIBLWRES_EXTERNAL_DATA extern lwres_uint16_t lwres_udp_port; LIBLWRES_EXTERNAL_DATA extern const char *lwres_resolv_conf; @@ -276,12 +277,12 @@ lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, void lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -295,12 +296,12 @@ lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp); void lwres_gabnresponse_free(lwres_context_t *ctx, lwres_gabnresponse_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -332,12 +333,12 @@ lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, void lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -351,12 +352,12 @@ lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp); void lwres_gnbaresponse_free(lwres_context_t *ctx, lwres_gnbaresponse_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -387,12 +388,12 @@ lwres_grbnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, void lwres_grbnrequest_free(lwres_context_t *ctx, lwres_grbnrequest_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -406,12 +407,12 @@ lwres_grbnrequest_free(lwres_context_t *ctx, lwres_grbnrequest_t **structp); void lwres_grbnresponse_free(lwres_context_t *ctx, lwres_grbnresponse_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -426,12 +427,12 @@ lwres_grbnresponse_free(lwres_context_t *ctx, lwres_grbnresponse_t **structp); lwres_result_t lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b); -/* +/**< * Allocate space and render into wire format a noop request packet. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * b != NULL, and points to a lwres_buffer_t. The contents of the * buffer structure will be initialized to contain the wire-format @@ -455,7 +456,7 @@ lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, lwres_result_t lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_nooprequest_t **structp); -/* +/**< * Parse a noop request. Note that to get here, the lwpacket must have * already been parsed and removed by the caller, otherwise it would be * pretty hard for it to know this is the right function to call. @@ -474,12 +475,12 @@ lwres_nooprequest_free(lwres_context_t *ctx, lwres_nooprequest_t **structp); void lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp); -/* +/**< * Frees any dynamically allocated memory for this structure. * * Requires: * - * ctx != NULL, and be a context returned via lwres_contextcreate(). + * ctx != NULL, and be a context returned via lwres_context_create(). * * structp != NULL && *structp != NULL. * @@ -493,7 +494,7 @@ lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp); lwres_result_t lwres_conf_parse(lwres_context_t *ctx, const char *filename); -/* +/**< * parses a resolv.conf-format file and stores the results in the structure * pointed to by *ctx. * @@ -509,7 +510,7 @@ lwres_conf_parse(lwres_context_t *ctx, const char *filename); lwres_result_t lwres_conf_print(lwres_context_t *ctx, FILE *fp); -/* +/**< * Prints a resolv.conf-format of confdata output to fp. * * Requires: @@ -518,7 +519,7 @@ lwres_conf_print(lwres_context_t *ctx, FILE *fp); void lwres_conf_init(lwres_context_t *ctx); -/* +/**< * sets all internal fields to a default state. Used to initialize a new * lwres_conf_t structure (not reset a used on). * @@ -528,7 +529,7 @@ lwres_conf_init(lwres_context_t *ctx); void lwres_conf_clear(lwres_context_t *ctx); -/* +/**< * frees all internally allocated memory in confdata. Uses the memory * routines supplied by ctx. * @@ -538,8 +539,7 @@ lwres_conf_clear(lwres_context_t *ctx); lwres_conf_t * lwres_conf_get(lwres_context_t *ctx); -/* - * returns a pointer to the current config structure. +/**< * Be extremely cautions in modifying the contents of this structure; it * needs an API to return the various bits of data, walk lists, etc. * diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/netdb.h.in b/contrib/bind-9.5.2/lib/lwres/include/lwres/netdb.h.in similarity index 97% rename from contrib/bind-9.3/lib/lwres/include/lwres/netdb.h.in rename to contrib/bind-9.5.2/lib/lwres/include/lwres/netdb.h.in index 7bf545f4e2..1558336fa5 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/netdb.h.in +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/netdb.h.in @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: netdb.h.in,v 1.34.206.1 2004/03/06 08:15:35 marka Exp $ */ +/* $Id: netdb.h.in,v 1.39.128.2 2009/01/19 23:47:03 tbox Exp $ */ + +/*! \file */ #ifndef LWRES_NETDB_H #define LWRES_NETDB_H 1 @@ -64,7 +66,7 @@ struct addrinfo { #define NETDB_INTERNAL -1 /* see errno */ #define NETDB_SUCCESS 0 /* no problem */ #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ -#define TRY_AGAIN 2 /* Non-Authoritive Host not found, or SERVERFAIL */ +#define TRY_AGAIN 2 /* Non-Authoritative Host not found, or SERVERFAIL */ #define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */ #define NO_DATA 4 /* Valid name, no data record of requested type */ #define NO_ADDRESS NO_DATA /* no address, look for MX record */ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/platform.h.in b/contrib/bind-9.5.2/lib/lwres/include/lwres/platform.h.in similarity index 89% rename from contrib/bind-9.3/lib/lwres/include/lwres/platform.h.in rename to contrib/bind-9.5.2/lib/lwres/include/lwres/platform.h.in index e995aa46c0..bb4f6ee235 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/platform.h.in +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/platform.h.in @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: platform.h.in,v 1.12.2.1.10.5 2005/06/08 02:08:32 marka Exp $ */ +/* $Id: platform.h.in,v 1.21 2007/06/19 23:47:23 tbox Exp $ */ + +/*! \file */ #ifndef LWRES_PLATFORM_H #define LWRES_PLATFORM_H 1 @@ -108,4 +110,11 @@ #endif #endif +/* + * Tell Emacs to use C mode on this file. + * Local Variables: + * mode: c + * End: + */ + #endif /* LWRES_PLATFORM_H */ diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/result.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/result.h similarity index 84% rename from contrib/bind-9.3/lib/lwres/include/lwres/result.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/result.h index 617ae32225..cfcf166d3e 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/result.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/result.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.14.206.1 2004/03/06 08:15:36 marka Exp $ */ +/* $Id: result.h,v 1.21 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_RESULT_H #define LWRES_RESULT_H 1 +/*! \file lwres/result.h */ + typedef unsigned int lwres_result_t; #define LWRES_R_SUCCESS 0 diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/stdlib.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/stdlib.h similarity index 81% rename from contrib/bind-9.3/lib/lwres/include/lwres/stdlib.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/stdlib.h index f5d4db2818..25a109ee30 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/stdlib.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/stdlib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdlib.h,v 1.2.4.1 2005/06/08 02:08:32 marka Exp $ */ +/* $Id: stdlib.h,v 1.6 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_STDLIB_H #define LWRES_STDLIB_H 1 -/*! \file */ +/*! \file lwres/stdlib.h */ #include diff --git a/contrib/bind-9.3/lib/lwres/include/lwres/version.h b/contrib/bind-9.5.2/lib/lwres/include/lwres/version.h similarity index 81% rename from contrib/bind-9.3/lib/lwres/include/lwres/version.h rename to contrib/bind-9.5.2/lib/lwres/include/lwres/version.h index 1b291ceeae..9efc86d590 100644 --- a/contrib/bind-9.3/lib/lwres/include/lwres/version.h +++ b/contrib/bind-9.5.2/lib/lwres/include/lwres/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.2.224.3 2004/03/08 09:05:11 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:23 tbox Exp $ */ + +/*! \file lwres/version.h */ #include diff --git a/contrib/bind-9.5.2/lib/lwres/lwbuffer.c b/contrib/bind-9.5.2/lib/lwres/lwbuffer.c new file mode 100644 index 0000000000..49aaeb7bc9 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/lwbuffer.c @@ -0,0 +1,361 @@ +/* + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: lwbuffer.c,v 1.15 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ + +/** + * These functions provide bounds checked access to a region of memory + * where data is being read or written. They are based on, and similar + * to, the isc_buffer_ functions in the ISC library. + * + * A buffer is a region of memory, together with a set of related + * subregions. The used region and the available region are disjoint, and + * their union is the buffer's region. The used region extends from the + * beginning of the buffer region to the last used byte. The available + * region extends from one byte greater than the last used byte to the + * end of the buffer's region. The size of the used region can be changed + * using various buffer commands. Initially, the used region is empty. + * + * The used region is further subdivided into two disjoint regions: the + * consumed region and the remaining region. The union of these two + * regions is the used region. The consumed region extends from the + * beginning of the used region to the byte before the current offset (if + * any). The remaining region the current pointer to the end of the used + * region. The size of the consumed region can be changed using various + * buffer commands. Initially, the consumed region is empty. + * + * The active region is an (optional) subregion of the remaining region. + * It extends from the current offset to an offset in the remaining + * region. Initially, the active region is empty. If the current offset + * advances beyond the chosen offset, the active region will also be + * empty. + * + * + * \verbatim + * /------------entire length---------------\\ + * /----- used region -----\\/-- available --\\ + * +----------------------------------------+ + * | consumed | remaining | | + * +----------------------------------------+ + * a b c d e + * + * a == base of buffer. + * b == current pointer. Can be anywhere between a and d. + * c == active pointer. Meaningful between b and d. + * d == used pointer. + * e == length of buffer. + * + * a-e == entire length of buffer. + * a-d == used region. + * a-b == consumed region. + * b-d == remaining region. + * b-c == optional active region. + * \endverbatim + * + * lwres_buffer_init() initializes the lwres_buffer_t *b and assocates it + * with the memory region of size length bytes starting at location base. + * + * lwres_buffer_invalidate() marks the buffer *b as invalid. Invalidating + * a buffer after use is not required, but makes it possible to catch its + * possible accidental use. + * + * The functions lwres_buffer_add() and lwres_buffer_subtract() + * respectively increase and decrease the used space in buffer *b by n + * bytes. lwres_buffer_add() checks for buffer overflow and + * lwres_buffer_subtract() checks for underflow. These functions do not + * allocate or deallocate memory. They just change the value of used. + * + * A buffer is re-initialised by lwres_buffer_clear(). The function sets + * used , current and active to zero. + * + * lwres_buffer_first() makes the consumed region of buffer *p empty by + * setting current to zero (the start of the buffer). + * + * lwres_buffer_forward() increases the consumed region of buffer *b by n + * bytes, checking for overflow. Similarly, lwres_buffer_back() decreases + * buffer b's consumed region by n bytes and checks for underflow. + * + * lwres_buffer_getuint8() reads an unsigned 8-bit integer from *b and + * returns it. lwres_buffer_putuint8() writes the unsigned 8-bit integer + * val to buffer *b. + * + * lwres_buffer_getuint16() and lwres_buffer_getuint32() are identical to + * lwres_buffer_putuint8() except that they respectively read an unsigned + * 16-bit or 32-bit integer in network byte order from b. Similarly, + * lwres_buffer_putuint16() and lwres_buffer_putuint32() writes the + * unsigned 16-bit or 32-bit integer val to buffer b, in network byte + * order. + * + * Arbitrary amounts of data are read or written from a lightweight + * resolver buffer with lwres_buffer_getmem() and lwres_buffer_putmem() + * respectively. lwres_buffer_putmem() copies length bytes of memory at + * base to b. Conversely, lwres_buffer_getmem() copies length bytes of + * memory from b to base. + */ + +#include + +#include + +#include + +#include "assert_p.h" + +void +lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length) +{ + /* + * Make 'b' refer to the 'length'-byte region starting at base. + */ + + REQUIRE(b != NULL); + + b->magic = LWRES_BUFFER_MAGIC; + b->base = base; + b->length = length; + b->used = 0; + b->current = 0; + b->active = 0; +} + +/* Make 'b' an invalid buffer. */ +void +lwres_buffer_invalidate(lwres_buffer_t *b) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + + b->magic = 0; + b->base = NULL; + b->length = 0; + b->used = 0; + b->current = 0; + b->active = 0; +} + +/* Increase the 'used' region of 'b' by 'n' bytes. */ +void +lwres_buffer_add(lwres_buffer_t *b, unsigned int n) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used + n <= b->length); + + b->used += n; +} + +/* Decrease the 'used' region of 'b' by 'n' bytes. */ +void +lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used >= n); + + b->used -= n; + if (b->current > b->used) + b->current = b->used; + if (b->active > b->used) + b->active = b->used; +} + +/* Make the used region empty. */ +void +lwres_buffer_clear(lwres_buffer_t *b) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + + b->used = 0; + b->current = 0; + b->active = 0; +} + +/* Make the consumed region empty. */ +void +lwres_buffer_first(lwres_buffer_t *b) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + + b->current = 0; +} + +/* Increase the 'consumed' region of 'b' by 'n' bytes. */ +void +lwres_buffer_forward(lwres_buffer_t *b, unsigned int n) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->current + n <= b->used); + + b->current += n; +} + +/* Decrease the 'consumed' region of 'b' by 'n' bytes. */ +void +lwres_buffer_back(lwres_buffer_t *b, unsigned int n) +{ + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(n <= b->current); + + b->current -= n; +} + +/* Read an unsigned 8-bit integer from 'b' and return it. */ +lwres_uint8_t +lwres_buffer_getuint8(lwres_buffer_t *b) +{ + unsigned char *cp; + lwres_uint8_t result; + + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used - b->current >= 1); + + cp = b->base; + cp += b->current; + b->current += 1; + result = ((unsigned int)(cp[0])); + + return (result); +} + +/* Put an unsigned 8-bit integer */ +void +lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val) +{ + unsigned char *cp; + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used + 1 <= b->length); + + cp = b->base; + cp += b->used; + b->used += 1; + cp[0] = (val & 0x00ff); +} + +/* Read an unsigned 16-bit integer in network byte order from 'b', convert it to host byte order, and return it. */ +lwres_uint16_t +lwres_buffer_getuint16(lwres_buffer_t *b) +{ + unsigned char *cp; + lwres_uint16_t result; + + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used - b->current >= 2); + + cp = b->base; + cp += b->current; + b->current += 2; + result = ((unsigned int)(cp[0])) << 8; + result |= ((unsigned int)(cp[1])); + + return (result); +} + +/* Put an unsigned 16-bit integer. */ +void +lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val) +{ + unsigned char *cp; + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used + 2 <= b->length); + + cp = b->base; + cp += b->used; + b->used += 2; + cp[0] = (val & 0xff00) >> 8; + cp[1] = (val & 0x00ff); +} + +/* Read an unsigned 32-bit integer in network byte order from 'b', convert it to host byte order, and return it. */ +lwres_uint32_t +lwres_buffer_getuint32(lwres_buffer_t *b) +{ + unsigned char *cp; + lwres_uint32_t result; + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used - b->current >= 4); + + cp = b->base; + cp += b->current; + b->current += 4; + result = ((unsigned int)(cp[0])) << 24; + result |= ((unsigned int)(cp[1])) << 16; + result |= ((unsigned int)(cp[2])) << 8; + result |= ((unsigned int)(cp[3])); + + return (result); +} + +/* Put an unsigned 32-bit integer. */ +void +lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val) +{ + unsigned char *cp; + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used + 4 <= b->length); + + cp = b->base; + cp += b->used; + b->used += 4; + cp[0] = (unsigned char)((val & 0xff000000) >> 24); + cp[1] = (unsigned char)((val & 0x00ff0000) >> 16); + cp[2] = (unsigned char)((val & 0x0000ff00) >> 8); + cp[3] = (unsigned char)(val & 0x000000ff); +} + +/* copies length bytes of memory at base to b */ +void +lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, + unsigned int length) +{ + unsigned char *cp; + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used + length <= b->length); + + cp = (unsigned char *)b->base + b->used; + memcpy(cp, base, length); + b->used += length; +} + +/* copies length bytes of memory at b to base */ +void +lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, + unsigned int length) +{ + unsigned char *cp; + + REQUIRE(LWRES_BUFFER_VALID(b)); + REQUIRE(b->used - b->current >= length); + + cp = b->base; + cp += b->current; + b->current += length; + + memcpy(base, cp, length); +} diff --git a/contrib/bind-9.3/lib/lwres/lwconfig.c b/contrib/bind-9.5.2/lib/lwres/lwconfig.c similarity index 89% rename from contrib/bind-9.3/lib/lwres/lwconfig.c rename to contrib/bind-9.5.2/lib/lwres/lwconfig.c index 4b4886bf0e..7309cea3d4 100644 --- a/contrib/bind-9.3/lib/lwres/lwconfig.c +++ b/contrib/bind-9.5.2/lib/lwres/lwconfig.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,26 +15,43 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwconfig.c,v 1.33.2.1.2.10 2006/10/03 23:50:50 marka Exp $ */ - -/*** - *** Module for parsing resolv.conf files. - *** - *** entry points are: - *** lwres_conf_init(lwres_context_t *ctx) - *** intializes data structure for subsequent config parsing. - *** - *** lwres_conf_parse(lwres_context_t *ctx, const char *filename) - *** parses a file and fills in the data structure. - *** - *** lwres_conf_print(lwres_context_t *ctx, FILE *fp) - *** prints the config data structure to the FILE. - *** - *** lwres_conf_clear(lwres_context_t *ctx) - *** frees up all the internal memory used by the config data - *** structure, returning it to the lwres_context_t. - *** - ***/ +/* $Id: lwconfig.c,v 1.46.128.2 2008/12/17 23:46:34 tbox Exp $ */ + +/*! \file */ + +/** + * Module for parsing resolv.conf files. + * + * lwres_conf_init() creates an empty lwres_conf_t structure for + * lightweight resolver context ctx. + * + * lwres_conf_clear() frees up all the internal memory used by that + * lwres_conf_t structure in resolver context ctx. + * + * lwres_conf_parse() opens the file filename and parses it to initialise + * the resolver context ctx's lwres_conf_t structure. + * + * lwres_conf_print() prints the lwres_conf_t structure for resolver + * context ctx to the FILE fp. + * + * \section lwconfig_return Return Values + * + * lwres_conf_parse() returns #LWRES_R_SUCCESS if it successfully read and + * parsed filename. It returns #LWRES_R_FAILURE if filename could not be + * opened or contained incorrect resolver statements. + * + * lwres_conf_print() returns #LWRES_R_SUCCESS unless an error occurred + * when converting the network addresses to a numeric host address + * string. If this happens, the function returns #LWRES_R_FAILURE. + * + * \section lwconfig_see See Also + * + * stdio(3), \link resolver resolver \endlink + * + * \section files Files + * + * /etc/resolv.conf + */ #include @@ -109,7 +126,7 @@ lwresaddr2af(int lwresaddrtype) } -/* +/*! * Eat characters from FP until EOL or EOF. Returns EOF or '\n' */ static int @@ -124,7 +141,7 @@ eatline(FILE *fp) { } -/* +/*! * Eats white space up to next newline or non-whitespace character (of * EOF). Returns the last character read. Comments are considered white * space. @@ -144,7 +161,7 @@ eatwhite(FILE *fp) { } -/* +/*! * Skip over any leading whitespace and then read in the next sequence of * non-whitespace characters. In this context newline is not considered * whitespace. Returns EOF on end-of-file, or the character @@ -203,6 +220,7 @@ lwres_strdup(lwres_context_t *ctx, const char *str) { return (p); } +/*% intializes data structure for subsequent config parsing. */ void lwres_conf_init(lwres_context_t *ctx) { int i; @@ -232,6 +250,7 @@ lwres_conf_init(lwres_context_t *ctx) { } } +/*% Frees up all the internal memory used by the config data structure, returning it to the lwres_context_t. */ void lwres_conf_clear(lwres_context_t *ctx) { int i; @@ -294,8 +313,11 @@ lwres_conf_parsenameserver(lwres_context_t *ctx, FILE *fp) { return (LWRES_R_FAILURE); /* Extra junk on line. */ res = lwres_create_addr(word, &address, 1); - if (res == LWRES_R_SUCCESS) + if (res == LWRES_R_SUCCESS && + ((address.family == LWRES_ADDRTYPE_V4 && ctx->use_ipv4 == 1) || + (address.family == LWRES_ADDRTYPE_V6 && ctx->use_ipv6 == 1))) { confdata->nameservers[confdata->nsnext++] = address; + } return (LWRES_R_SUCCESS); } @@ -542,6 +564,7 @@ lwres_conf_parseoption(lwres_context_t *ctx, FILE *fp) { return (LWRES_R_SUCCESS); } +/*% parses a file and fills in the data structure. */ lwres_result_t lwres_conf_parse(lwres_context_t *ctx, const char *filename) { FILE *fp = NULL; @@ -600,6 +623,7 @@ lwres_conf_parse(lwres_context_t *ctx, const char *filename) { return (ret); } +/*% Prints the config data structure to the FILE. */ lwres_result_t lwres_conf_print(lwres_context_t *ctx, FILE *fp) { int i; @@ -695,6 +719,7 @@ lwres_conf_print(lwres_context_t *ctx, FILE *fp) { return (LWRES_R_SUCCESS); } +/*% Returns a pointer to the current config structure. */ lwres_conf_t * lwres_conf_get(lwres_context_t *ctx) { REQUIRE(ctx != NULL); diff --git a/contrib/bind-9.3/lib/lwres/lwinetaton.c b/contrib/bind-9.5.2/lib/lwres/lwinetaton.c similarity index 95% rename from contrib/bind-9.3/lib/lwres/lwinetaton.c rename to contrib/bind-9.5.2/lib/lwres/lwinetaton.c index aa630271e8..e40c28f7ac 100644 --- a/contrib/bind-9.3/lib/lwres/lwinetaton.c +++ b/contrib/bind-9.5.2/lib/lwres/lwinetaton.c @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1996-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -68,9 +68,11 @@ * SOFTWARE. */ +/*! \file lwinetaton.c + */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static char rcsid[] = "$Id: lwinetaton.c,v 1.10.2.1.2.1 2004/03/06 08:15:32 marka Exp $"; +static char rcsid[] = "$Id: lwinetaton.c,v 1.16 2007/06/19 23:47:22 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -84,7 +86,7 @@ static char rcsid[] = "$Id: lwinetaton.c,v 1.10.2.1.2.1 2004/03/06 08:15:32 mark #include "assert_p.h" -/* +/*! * Check whether "cp" is a valid ascii representation * of an Internet address and convert to a binary address. * Returns 1 if the address is valid, 0 if not. diff --git a/contrib/bind-9.3/lib/lwres/lwinetntop.c b/contrib/bind-9.5.2/lib/lwres/lwinetntop.c similarity index 94% rename from contrib/bind-9.3/lib/lwres/lwinetntop.c rename to contrib/bind-9.5.2/lib/lwres/lwinetntop.c index 78cd0b033e..cf3bdfe803 100644 --- a/contrib/bind-9.3/lib/lwres/lwinetntop.c +++ b/contrib/bind-9.5.2/lib/lwres/lwinetntop.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/*! \file lwinetntop.c + */ #if defined(LIBC_SCCS) && !defined(lint) static char rcsid[] = - "$Id: lwinetntop.c,v 1.9.12.5 2005/11/04 00:16:34 marka Exp $"; + "$Id: lwinetntop.c,v 1.18 2007/06/19 23:47:22 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -45,7 +47,7 @@ static const char *inet_ntop6(const unsigned char *src, char *dst, size_t size); #endif -/* char * +/*! char * * lwres_net_ntop(af, src, dst, size) * convert a network format address to presentation format. * return: @@ -69,7 +71,7 @@ lwres_net_ntop(int af, const void *src, char *dst, size_t size) { /* NOTREACHED */ } -/* const char * +/*! const char * * inet_ntop4(src, dst, size) * format an IPv4 address * return: @@ -96,7 +98,7 @@ inet_ntop4(const unsigned char *src, char *dst, size_t size) { return (dst); } -/* const char * +/*! const char * * inet_ntop6(src, dst, size) * convert IPv6 binary address into presentation (printable) format * author: @@ -105,7 +107,7 @@ inet_ntop4(const unsigned char *src, char *dst, size_t size) { #ifdef AF_INET6 static const char * inet_ntop6(const unsigned char *src, char *dst, size_t size) { - /* + /*! * Note that int32_t and int16_t need only be "at least" large enough * to contain a value of the specified size. On some systems, like * Crays, there is no such thing as an integer variable with 16 bits. diff --git a/contrib/bind-9.3/lib/lwres/lwinetpton.c b/contrib/bind-9.5.2/lib/lwres/lwinetpton.c similarity index 94% rename from contrib/bind-9.3/lib/lwres/lwinetpton.c rename to contrib/bind-9.5.2/lib/lwres/lwinetpton.c index e24334b1c8..5bbef08395 100644 --- a/contrib/bind-9.3/lib/lwres/lwinetpton.c +++ b/contrib/bind-9.5.2/lib/lwres/lwinetpton.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1996-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,8 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/*! \file lwinetpton.c + */ + #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$Id: lwinetpton.c,v 1.6.206.3 2005/03/31 23:56:15 marka Exp $"; +static char rcsid[] = "$Id: lwinetpton.c,v 1.12 2007/06/19 23:47:22 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -38,7 +41,8 @@ static char rcsid[] = "$Id: lwinetpton.c,v 1.6.206.3 2005/03/31 23:56:15 marka E static int inet_pton4(const char *src, unsigned char *dst); static int inet_pton6(const char *src, unsigned char *dst); -/* int +/*! + * int * lwres_net_pton(af, src, dst) * convert from presentation format (which usually means ASCII printable) * to network format (which is usually some kind of binary format). @@ -63,7 +67,7 @@ lwres_net_pton(int af, const char *src, void *dst) { /* NOTREACHED */ } -/* int +/*! int * inet_pton4(src, dst) * like inet_aton() but without all the hexadecimal and shorthand. * return: @@ -110,7 +114,7 @@ inet_pton4(const char *src, unsigned char *dst) { return (1); } -/* int +/*! int * inet_pton6(src, dst) * convert presentation level address to network order binary form. * return: diff --git a/contrib/bind-9.3/lib/lwres/lwpacket.c b/contrib/bind-9.5.2/lib/lwres/lwpacket.c similarity index 53% rename from contrib/bind-9.3/lib/lwres/lwpacket.c rename to contrib/bind-9.5.2/lib/lwres/lwpacket.c index 6e28df02d6..cfa27230af 100644 --- a/contrib/bind-9.3/lib/lwres/lwpacket.c +++ b/contrib/bind-9.5.2/lib/lwres/lwpacket.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,46 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwpacket.c,v 1.13.206.1 2004/03/06 08:15:32 marka Exp $ */ +/* $Id: lwpacket.c,v 1.18 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ + +/** + * These functions rely on a struct lwres_lwpacket which is defined in + * \link lwpacket.h lwres/lwpacket.h.\endlink + * + * The following opcodes are currently defined: + * + * \li #LWRES_OPCODE_NOOP + * Success is always returned and the packet contents are + * echoed. The \link lwres_noop.c lwres_noop_*()\endlink functions should be used for this + * type. + * + * \li #LWRES_OPCODE_GETADDRSBYNAME + * returns all known addresses for a given name. The + * \link lwres_gabn.c lwres_gabn_*()\endlink functions should be used for this type. + * + * \li #LWRES_OPCODE_GETNAMEBYADDR + * return the hostname for the given address. The + * \link lwres_gnba.c lwres_gnba_*() \endlink functions should be used for this type. + * + * lwres_lwpacket_renderheader() transfers the contents of lightweight + * resolver packet structure #lwres_lwpacket_t *pkt in network byte + * order to the lightweight resolver buffer, *b. + * + * lwres_lwpacket_parseheader() performs the converse operation. It + * transfers data in network byte order from buffer *b to resolver + * packet *pkt. The contents of the buffer b should correspond to a + * #lwres_lwpacket_t. + * + * \section lwpacket_return Return Values + * + * Successful calls to lwres_lwpacket_renderheader() and + * lwres_lwpacket_parseheader() return #LWRES_R_SUCCESS. If there is + * insufficient space to copy data between the buffer *b and + * lightweight resolver packet *pkt both functions return + * #LWRES_R_UNEXPECTEDEND. + */ #include @@ -29,9 +68,12 @@ #include "assert_p.h" +/*% Length of Packet */ #define LWPACKET_LENGTH \ (sizeof(lwres_uint16_t) * 4 + sizeof(lwres_uint32_t) * 5) +/*% transfers the contents of lightweight resolver packet structure lwres_lwpacket_t *pkt in network byte order to the lightweight resolver buffer, *b. */ + lwres_result_t lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt) { REQUIRE(b != NULL); @@ -53,6 +95,8 @@ lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt) { return (LWRES_R_SUCCESS); } +/*% transfers data in network byte order from buffer *b to resolver packet *pkt. The contents of the buffer b should correspond to a lwres_lwpacket_t. */ + lwres_result_t lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt) { lwres_uint32_t space; diff --git a/contrib/bind-9.3/lib/lwres/lwres_gabn.c b/contrib/bind-9.5.2/lib/lwres/lwres_gabn.c similarity index 67% rename from contrib/bind-9.3/lib/lwres/lwres_gabn.c rename to contrib/bind-9.5.2/lib/lwres/lwres_gabn.c index 9df87ce670..3363e66b89 100644 --- a/contrib/bind-9.3/lib/lwres/lwres_gabn.c +++ b/contrib/bind-9.5.2/lib/lwres/lwres_gabn.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,92 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwres_gabn.c,v 1.27.12.3 2004/03/08 09:05:10 marka Exp $ */ +/* $Id: lwres_gabn.c,v 1.33 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file lwres_gabn.c + These are low-level routines for creating and parsing lightweight + resolver name-to-address lookup request and response messages. + + There are four main functions for the getaddrbyname opcode. One render + function converts a getaddrbyname request structure -- + lwres_gabnrequest_t -- to the lighweight resolver's canonical format. + It is complemented by a parse function that converts a packet in this + canonical format to a getaddrbyname request structure. Another render + function converts the getaddrbyname response structure -- + lwres_gabnresponse_t -- to the canonical format. This is complemented + by a parse function which converts a packet in canonical format to a + getaddrbyname response structure. + + These structures are defined in \link lwres.h .\endlink They are shown below. + +\code +#define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U + +typedef struct lwres_addr lwres_addr_t; +typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t; + +typedef struct { + lwres_uint32_t flags; + lwres_uint32_t addrtypes; + lwres_uint16_t namelen; + char *name; +} lwres_gabnrequest_t; + +typedef struct { + lwres_uint32_t flags; + lwres_uint16_t naliases; + lwres_uint16_t naddrs; + char *realname; + char **aliases; + lwres_uint16_t realnamelen; + lwres_uint16_t *aliaslen; + lwres_addrlist_t addrs; + void *base; + size_t baselen; +} lwres_gabnresponse_t; +\endcode + + lwres_gabnrequest_render() uses resolver context ctx to convert + getaddrbyname request structure req to canonical format. The packet + header structure pkt is initialised and transferred to buffer b. The + contents of *req are then appended to the buffer in canonical format. + lwres_gabnresponse_render() performs the same task, except it converts + a getaddrbyname response structure lwres_gabnresponse_t to the + lightweight resolver's canonical format. + + lwres_gabnrequest_parse() uses context ctx to convert the contents of + packet pkt to a lwres_gabnrequest_t structure. Buffer b provides space + to be used for storing this structure. When the function succeeds, the + resulting lwres_gabnrequest_t is made available through *structp. + lwres_gabnresponse_parse() offers the same semantics as + lwres_gabnrequest_parse() except it yields a lwres_gabnresponse_t + structure. + + lwres_gabnresponse_free() and lwres_gabnrequest_free() release the + memory in resolver context ctx that was allocated to the + lwres_gabnresponse_t or lwres_gabnrequest_t structures referenced via + structp. Any memory associated with ancillary buffers and strings for + those structures is also discarded. + +\section lwres_gabn_return Return Values + + The getaddrbyname opcode functions lwres_gabnrequest_render(), + lwres_gabnresponse_render() lwres_gabnrequest_parse() and + lwres_gabnresponse_parse() all return #LWRES_R_SUCCESS on success. They + return #LWRES_R_NOMEMORY if memory allocation fails. + #LWRES_R_UNEXPECTEDEND is returned if the available space in the buffer + b is too small to accommodate the packet header or the + lwres_gabnrequest_t and lwres_gabnresponse_t structures. + lwres_gabnrequest_parse() and lwres_gabnresponse_parse() will return + #LWRES_R_UNEXPECTEDEND if the buffer is not empty after decoding the + received packet. These functions will return #LWRES_R_FAILURE if + pktflags in the packet header structure #lwres_lwpacket_t indicate that + the packet is not a response to an earlier query. + +\section lwres_gabn_see See Also + + \link lwpacket.c lwres_lwpacket \endlink + */ #include @@ -31,6 +116,7 @@ #include "context_p.h" #include "assert_p.h" +/*% uses resolver context ctx to convert getaddrbyname request structure req to canonical format. */ lwres_result_t lwres_gabnrequest_render(lwres_context_t *ctx, lwres_gabnrequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -97,7 +183,7 @@ lwres_gabnrequest_render(lwres_context_t *ctx, lwres_gabnrequest_t *req, return (LWRES_R_SUCCESS); } - +/*% converts a getaddrbyname response structure lwres_gabnresponse_t to the lightweight resolver's canonical format. */ lwres_result_t lwres_gabnresponse_render(lwres_context_t *ctx, lwres_gabnresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -194,7 +280,7 @@ lwres_gabnresponse_render(lwres_context_t *ctx, lwres_gabnresponse_t *req, return (LWRES_R_SUCCESS); } - +/*% Uses context ctx to convert the contents of packet pkt to a lwres_gabnrequest_t structure. */ lwres_result_t lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gabnrequest_t **structp) @@ -243,6 +329,8 @@ lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (LWRES_R_SUCCESS); } +/*% Offers the same semantics as lwres_gabnrequest_parse() except it yields a lwres_gabnresponse_t structure. */ + lwres_result_t lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gabnresponse_t **structp) @@ -372,6 +460,7 @@ lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (ret); } +/*% Release the memory in resolver context ctx that was allocated to the lwres_gabnrequest_t. */ void lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp) { @@ -386,6 +475,7 @@ lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp) CTXFREE(gabn, sizeof(lwres_gabnrequest_t)); } +/*% Release the memory in resolver context ctx that was allocated to the lwres_gabnresponse_t. */ void lwres_gabnresponse_free(lwres_context_t *ctx, lwres_gabnresponse_t **structp) { diff --git a/contrib/bind-9.3/lib/lwres/lwres_gnba.c b/contrib/bind-9.5.2/lib/lwres/lwres_gnba.c similarity index 64% rename from contrib/bind-9.3/lib/lwres/lwres_gnba.c rename to contrib/bind-9.5.2/lib/lwres/lwres_gnba.c index a11c066579..d18ae153f2 100644 --- a/contrib/bind-9.3/lib/lwres/lwres_gnba.c +++ b/contrib/bind-9.5.2/lib/lwres/lwres_gnba.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,88 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwres_gnba.c,v 1.20.2.2.8.4 2004/03/08 09:05:11 marka Exp $ */ +/* $Id: lwres_gnba.c,v 1.28 2007/09/24 17:18:25 each Exp $ */ + +/*! \file lwres_gnba.c + These are low-level routines for creating and parsing lightweight + resolver address-to-name lookup request and response messages. + + There are four main functions for the getnamebyaddr opcode. One + render function converts a getnamebyaddr request structure -- + lwres_gnbarequest_t -- to the lightweight resolver's canonical + format. It is complemented by a parse function that converts a + packet in this canonical format to a getnamebyaddr request + structure. Another render function converts the getnamebyaddr + response structure -- lwres_gnbaresponse_t to the canonical format. + This is complemented by a parse function which converts a packet in + canonical format to a getnamebyaddr response structure. + + These structures are defined in \link lwres.h \endlink They are shown + below. + +\code +#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U + +typedef struct { + lwres_uint32_t flags; + lwres_addr_t addr; +} lwres_gnbarequest_t; + +typedef struct { + lwres_uint32_t flags; + lwres_uint16_t naliases; + char *realname; + char **aliases; + lwres_uint16_t realnamelen; + lwres_uint16_t *aliaslen; + void *base; + size_t baselen; +} lwres_gnbaresponse_t; +\endcode + + lwres_gnbarequest_render() uses resolver context ctx to convert + getnamebyaddr request structure req to canonical format. The packet + header structure pkt is initialised and transferred to buffer b. + The contents of *req are then appended to the buffer in canonical + format. lwres_gnbaresponse_render() performs the same task, except + it converts a getnamebyaddr response structure lwres_gnbaresponse_t + to the lightweight resolver's canonical format. + + lwres_gnbarequest_parse() uses context ctx to convert the contents + of packet pkt to a lwres_gnbarequest_t structure. Buffer b provides + space to be used for storing this structure. When the function + succeeds, the resulting lwres_gnbarequest_t is made available + through *structp. lwres_gnbaresponse_parse() offers the same +semantics as lwres_gnbarequest_parse() except it yields a + lwres_gnbaresponse_t structure. + + lwres_gnbaresponse_free() and lwres_gnbarequest_free() release the + memory in resolver context ctx that was allocated to the + lwres_gnbaresponse_t or lwres_gnbarequest_t structures referenced + via structp. Any memory associated with ancillary buffers and + strings for those structures is also discarded. + +\section lwres_gbna_return Return Values + + The getnamebyaddr opcode functions lwres_gnbarequest_render(), + lwres_gnbaresponse_render() lwres_gnbarequest_parse() and + lwres_gnbaresponse_parse() all return #LWRES_R_SUCCESS on success. + They return #LWRES_R_NOMEMORY if memory allocation fails. + #LWRES_R_UNEXPECTEDEND is returned if the available space in the + buffer b is too small to accommodate the packet header or the + lwres_gnbarequest_t and lwres_gnbaresponse_t structures. + lwres_gnbarequest_parse() and lwres_gnbaresponse_parse() will + return #LWRES_R_UNEXPECTEDEND if the buffer is not empty after + decoding the received packet. These functions will return + #LWRES_R_FAILURE if pktflags in the packet header structure + #lwres_lwpacket_t indicate that the packet is not a response to an + earlier query. + +\section lwres_gbna_see See Also + + \link lwpacket.c lwres_packet\endlink + + */ #include @@ -31,6 +112,7 @@ #include "context_p.h" #include "assert_p.h" +/*% Uses resolver context ctx to convert getnamebyaddr request structure req to canonical format. */ lwres_result_t lwres_gnbarequest_render(lwres_context_t *ctx, lwres_gnbarequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -44,7 +126,6 @@ lwres_gnbarequest_render(lwres_context_t *ctx, lwres_gnbarequest_t *req, REQUIRE(req != NULL); REQUIRE(req->addr.family != 0); REQUIRE(req->addr.length != 0); - REQUIRE(req->addr.address != NULL); REQUIRE(pkt != NULL); REQUIRE(b != NULL); @@ -88,6 +169,7 @@ lwres_gnbarequest_render(lwres_context_t *ctx, lwres_gnbarequest_t *req, return (LWRES_R_SUCCESS); } +/*% Converts a getnamebyaddr response structure lwres_gnbaresponse_t to the lightweight resolver's canonical format. */ lwres_result_t lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -159,6 +241,7 @@ lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, return (LWRES_R_SUCCESS); } +/*% Uses context ctx to convert the contents of packet pkt to a lwres_gnbarequest_t structure. */ lwres_result_t lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gnbarequest_t **structp) @@ -202,6 +285,8 @@ lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (ret); } +/*% Offers the same semantics as lwres_gnbarequest_parse() except it yields a lwres_gnbaresponse_t structure. */ + lwres_result_t lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gnbaresponse_t **structp) @@ -292,6 +377,7 @@ lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (ret); } +/*% Release the memory in resolver context ctx that was allocated to the lwres_gnbarequest_t. */ void lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp) { @@ -306,6 +392,7 @@ lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp) CTXFREE(gnba, sizeof(lwres_gnbarequest_t)); } +/*% Release the memory in resolver context ctx that was allocated to the lwres_gnbaresponse_t. */ void lwres_gnbaresponse_free(lwres_context_t *ctx, lwres_gnbaresponse_t **structp) { diff --git a/contrib/bind-9.3/lib/lwres/lwres_grbn.c b/contrib/bind-9.5.2/lib/lwres/lwres_grbn.c similarity index 92% rename from contrib/bind-9.3/lib/lwres/lwres_grbn.c rename to contrib/bind-9.5.2/lib/lwres/lwres_grbn.c index f8147fc622..72718bad0c 100644 --- a/contrib/bind-9.3/lib/lwres/lwres_grbn.c +++ b/contrib/bind-9.5.2/lib/lwres/lwres_grbn.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwres_grbn.c,v 1.4.12.3 2004/03/08 09:05:11 marka Exp $ */ +/* $Id: lwres_grbn.c,v 1.10 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file lwres_grbn.c + + */ #include @@ -31,6 +35,7 @@ #include "context_p.h" #include "assert_p.h" +/*% Thread-save equivalent to \link lwres_gabn.c lwres_gabn* \endlink routines. */ lwres_result_t lwres_grbnrequest_render(lwres_context_t *ctx, lwres_grbnrequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -103,6 +108,7 @@ lwres_grbnrequest_render(lwres_context_t *ctx, lwres_grbnrequest_t *req, return (LWRES_R_SUCCESS); } +/*% Thread-save equivalent to \link lwres_gabn.c lwres_gabn* \endlink routines. */ lwres_result_t lwres_grbnresponse_render(lwres_context_t *ctx, lwres_grbnresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -190,6 +196,7 @@ lwres_grbnresponse_render(lwres_context_t *ctx, lwres_grbnresponse_t *req, return (LWRES_R_SUCCESS); } +/*% Thread-save equivalent to \link lwres_gabn.c lwres_gabn* \endlink routines. */ lwres_result_t lwres_grbnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_grbnrequest_t **structp) @@ -243,6 +250,7 @@ lwres_grbnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (LWRES_R_SUCCESS); } +/*% Thread-save equivalent to \link lwres_gabn.c lwres_gabn* \endlink routines. */ lwres_result_t lwres_grbnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_grbnresponse_t **structp) @@ -376,6 +384,7 @@ lwres_grbnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (ret); } +/*% Thread-save equivalent to \link lwres_gabn.c lwres_gabn* \endlink routines. */ void lwres_grbnrequest_free(lwres_context_t *ctx, lwres_grbnrequest_t **structp) { @@ -390,6 +399,7 @@ lwres_grbnrequest_free(lwres_context_t *ctx, lwres_grbnrequest_t **structp) CTXFREE(grbn, sizeof(lwres_grbnrequest_t)); } +/*% Thread-save equivalent to \link lwres_gabn.c lwres_gabn* \endlink routines. */ void lwres_grbnresponse_free(lwres_context_t *ctx, lwres_grbnresponse_t **structp) { diff --git a/contrib/bind-9.3/lib/lwres/lwres_noop.c b/contrib/bind-9.5.2/lib/lwres/lwres_noop.c similarity index 57% rename from contrib/bind-9.3/lib/lwres/lwres_noop.c rename to contrib/bind-9.5.2/lib/lwres/lwres_noop.c index f67c2b3cb0..369fe4e18f 100644 --- a/contrib/bind-9.3/lib/lwres/lwres_noop.c +++ b/contrib/bind-9.5.2/lib/lwres/lwres_noop.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,87 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwres_noop.c,v 1.14.206.1 2004/03/06 08:15:33 marka Exp $ */ +/* $Id: lwres_noop.c,v 1.19 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ + +/** + * These are low-level routines for creating and parsing lightweight + * resolver no-op request and response messages. + * + * The no-op message is analogous to a ping packet: a packet is sent to + * the resolver daemon and is simply echoed back. The opcode is intended + * to allow a client to determine if the server is operational or not. + * + * There are four main functions for the no-op opcode. One render + * function converts a no-op request structure -- lwres_nooprequest_t -- + * to the lighweight resolver's canonical format. It is complemented by a + * parse function that converts a packet in this canonical format to a + * no-op request structure. Another render function converts the no-op + * response structure -- lwres_noopresponse_t to the canonical format. + * This is complemented by a parse function which converts a packet in + * canonical format to a no-op response structure. + * + * These structures are defined in \link lwres.h \endlink They are shown below. + * + * \code + * #define LWRES_OPCODE_NOOP 0x00000000U + * + * typedef struct { + * lwres_uint16_t datalength; + * unsigned char *data; + * } lwres_nooprequest_t; + * + * typedef struct { + * lwres_uint16_t datalength; + * unsigned char *data; + * } lwres_noopresponse_t; + * \endcode + * + * Although the structures have different types, they are identical. This + * is because the no-op opcode simply echos whatever data was sent: the + * response is therefore identical to the request. + * + * lwres_nooprequest_render() uses resolver context ctx to convert no-op + * request structure req to canonical format. The packet header structure + * pkt is initialised and transferred to buffer b. The contents of *req + * are then appended to the buffer in canonical format. + * lwres_noopresponse_render() performs the same task, except it converts + * a no-op response structure lwres_noopresponse_t to the lightweight + * resolver's canonical format. + * + * lwres_nooprequest_parse() uses context ctx to convert the contents of + * packet pkt to a lwres_nooprequest_t structure. Buffer b provides space + * to be used for storing this structure. When the function succeeds, the + * resulting lwres_nooprequest_t is made available through *structp. + * lwres_noopresponse_parse() offers the same semantics as + * lwres_nooprequest_parse() except it yields a lwres_noopresponse_t + * structure. + * + * lwres_noopresponse_free() and lwres_nooprequest_free() release the + * memory in resolver context ctx that was allocated to the + * lwres_noopresponse_t or lwres_nooprequest_t structures referenced via + * structp. + * + * \section lwres_noop_return Return Values + * + * The no-op opcode functions lwres_nooprequest_render(), + * lwres_noopresponse_render() lwres_nooprequest_parse() and + * lwres_noopresponse_parse() all return #LWRES_R_SUCCESS on success. They + * return #LWRES_R_NOMEMORY if memory allocation fails. + * #LWRES_R_UNEXPECTEDEND is returned if the available space in the buffer + * b is too small to accommodate the packet header or the + * lwres_nooprequest_t and lwres_noopresponse_t structures. + * lwres_nooprequest_parse() and lwres_noopresponse_parse() will return + * #LWRES_R_UNEXPECTEDEND if the buffer is not empty after decoding the + * received packet. These functions will return #LWRES_R_FAILURE if + * pktflags in the packet header structure #lwres_lwpacket_t indicate that + * the packet is not a response to an earlier query. + * + * \section lwres_noop_see See Also + * + * lwpacket.c + */ #include @@ -31,6 +111,7 @@ #include "context_p.h" #include "assert_p.h" +/*% Uses resolver context ctx to convert no-op request structure req to canonical format. */ lwres_result_t lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -82,6 +163,8 @@ lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, return (LWRES_R_SUCCESS); } +/*% Converts a no-op response structure lwres_noopresponse_t to the lightweight resolver's canonical format. */ + lwres_result_t lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b) @@ -132,6 +215,7 @@ lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, return (LWRES_R_SUCCESS); } +/*% Uses context ctx to convert the contents of packet pkt to a lwres_nooprequest_t structure. */ lwres_result_t lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_nooprequest_t **structp) @@ -179,6 +263,7 @@ lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (ret); } +/*% Offers the same semantics as lwres_nooprequest_parse() except it yields a lwres_noopresponse_t structure. */ lwres_result_t lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_noopresponse_t **structp) @@ -226,6 +311,7 @@ lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, return (ret); } +/*% Release the memory in resolver context ctx. */ void lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp) { @@ -240,6 +326,7 @@ lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp) CTXFREE(noop, sizeof(lwres_noopresponse_t)); } +/*% Release the memory in resolver context ctx. */ void lwres_nooprequest_free(lwres_context_t *ctx, lwres_nooprequest_t **structp) { diff --git a/contrib/bind-9.3/lib/lwres/lwresutil.c b/contrib/bind-9.5.2/lib/lwres/lwresutil.c similarity index 73% rename from contrib/bind-9.3/lib/lwres/lwresutil.c rename to contrib/bind-9.5.2/lib/lwres/lwresutil.c index 1035f17057..3bf5660f3d 100644 --- a/contrib/bind-9.3/lib/lwres/lwresutil.c +++ b/contrib/bind-9.5.2/lib/lwres/lwresutil.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,86 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresutil.c,v 1.29.206.1 2004/03/06 08:15:33 marka Exp $ */ +/* $Id: lwresutil.c,v 1.34 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ + +/** + * lwres_string_parse() retrieves a DNS-encoded string starting the + * current pointer of lightweight resolver buffer b: i.e. b->current. + * When the function returns, the address of the first byte of the + * encoded string is returned via *c and the length of that string is + * given by *len. The buffer's current pointer is advanced to point at + * the character following the string length, the encoded string, and + * the trailing NULL character. + * + * lwres_addr_parse() extracts an address from the buffer b. The + * buffer's current pointer b->current is presumed to point at an + * encoded address: the address preceded by a 32-bit protocol family + * identifier and a 16-bit length field. The encoded address is copied + * to addr->address and addr->length indicates the size in bytes of + * the address that was copied. b->current is advanced to point at the + * next byte of available data in the buffer following the encoded + * address. + * + * lwres_getaddrsbyname() and lwres_getnamebyaddr() use the + * lwres_gnbaresponse_t structure defined below: + * + * \code + * typedef struct { + * lwres_uint32_t flags; + * lwres_uint16_t naliases; + * lwres_uint16_t naddrs; + * char *realname; + * char **aliases; + * lwres_uint16_t realnamelen; + * lwres_uint16_t *aliaslen; + * lwres_addrlist_t addrs; + * void *base; + * size_t baselen; + * } lwres_gabnresponse_t; + * \endcode + * + * The contents of this structure are not manipulated directly but + * they are controlled through the \link lwres_gabn.c lwres_gabn*\endlink functions. + * + * The lightweight resolver uses lwres_getaddrsbyname() to perform + * foward lookups. Hostname name is looked up using the resolver + * context ctx for memory allocation. addrtypes is a bitmask + * indicating which type of addresses are to be looked up. Current + * values for this bitmask are #LWRES_ADDRTYPE_V4 for IPv4 addresses + * and #LWRES_ADDRTYPE_V6 for IPv6 addresses. Results of the lookup are + * returned in *structp. + * + * lwres_getnamebyaddr() performs reverse lookups. Resolver context + * ctx is used for memory allocation. The address type is indicated by + * addrtype: #LWRES_ADDRTYPE_V4 or #LWRES_ADDRTYPE_V6. The address to be + * looked up is given by addr and its length is addrlen bytes. The + * result of the function call is made available through *structp. + * + * \section lwresutil_return Return Values + * + * Successful calls to lwres_string_parse() and lwres_addr_parse() + * return #LWRES_R_SUCCESS. Both functions return #LWRES_R_FAILURE if + * the buffer is corrupt or #LWRES_R_UNEXPECTEDEND if the buffer has + * less space than expected for the components of the encoded string + * or address. + * + * lwres_getaddrsbyname() returns #LWRES_R_SUCCESS on success and it + * returns #LWRES_R_NOTFOUND if the hostname name could not be found. + * + * #LWRES_R_SUCCESS is returned by a successful call to + * lwres_getnamebyaddr(). + * + * Both lwres_getaddrsbyname() and lwres_getnamebyaddr() return + * #LWRES_R_NOMEMORY when memory allocation requests fail and + * #LWRES_R_UNEXPECTEDEND if the buffers used for sending queries and + * receiving replies are too small. + * + * \section lwresutil_see See Also + * + * lwbuffer.c, lwres_gabn.c + */ #include @@ -31,7 +110,8 @@ #include "assert_p.h" #include "context_p.h" -/* +/*% Parse data. */ +/*! * Requires: * * The "current" pointer in "b" points to encoded raw data. @@ -78,7 +158,8 @@ lwres_data_parse(lwres_buffer_t *b, unsigned char **p, lwres_uint16_t *len) return (LWRES_R_SUCCESS); } -/* +/*% Retrieves a DNS-encoded string. */ +/*! * Requires: * * The "current" pointer in "b" point to an encoded string. @@ -133,6 +214,7 @@ lwres_string_parse(lwres_buffer_t *b, char **c, lwres_uint16_t *len) return (LWRES_R_SUCCESS); } +/*% Extracts an address from the buffer b. */ lwres_result_t lwres_addr_parse(lwres_buffer_t *b, lwres_addr_t *addr) { @@ -154,6 +236,7 @@ lwres_addr_parse(lwres_buffer_t *b, lwres_addr_t *addr) return (LWRES_R_SUCCESS); } +/*% Used to perform forward lookups. */ lwres_result_t lwres_getaddrsbyname(lwres_context_t *ctx, const char *name, lwres_uint32_t addrtypes, lwres_gabnresponse_t **structp) @@ -268,6 +351,7 @@ lwres_getaddrsbyname(lwres_context_t *ctx, const char *name, } +/*% Used to perform reverse lookups. */ lwres_result_t lwres_getnamebyaddr(lwres_context_t *ctx, lwres_uint32_t addrtype, lwres_uint16_t addrlen, const unsigned char *addr, @@ -376,6 +460,7 @@ lwres_getnamebyaddr(lwres_context_t *ctx, lwres_uint32_t addrtype, return (ret); } +/*% Get rdata by name. */ lwres_result_t lwres_getrdatabyname(lwres_context_t *ctx, const char *name, lwres_uint16_t rdclass, lwres_uint16_t rdtype, diff --git a/contrib/bind-9.3/lib/lwres/man/lwres.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres.3 similarity index 93% rename from contrib/bind-9.3/lib/lwres/man/lwres.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres.3 index 886f1f1b1a..f7d9cd2019 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres.3,v 1.15.206.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres.3,v 1.28.214.1 2009/07/11 01:43:33 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -159,4 +159,7 @@ bit should be set. \fBresolver\fR(5), \fBlwresd\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres.html b/contrib/bind-9.5.2/lib/lwres/man/lwres.html new file mode 100644 index 0000000000..ddad8611fd --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres.html @@ -0,0 +1,218 @@ + + + + + +lwres + + +
+
+
+

Name

+

lwres — introduction to the lightweight resolver library

+
+
+

Synopsis

+
#include <lwres/lwres.h>
+
+
+

DESCRIPTION

+

+ The BIND 9 lightweight resolver library is a simple, name service + independent stub resolver library. It provides hostname-to-address + and address-to-hostname lookup services to applications by + transmitting lookup requests to a resolver daemon + lwresd + running on the local host. The resover daemon performs the + lookup using the DNS or possibly other name service protocols, + and returns the results to the application through the library. + The library and resolver daemon communicate using a simple + UDP-based protocol. +

+
+
+

OVERVIEW

+

+ The lwresd library implements multiple name service APIs. + The standard + gethostbyname(), + gethostbyaddr(), + gethostbyname_r(), + gethostbyaddr_r(), + getaddrinfo(), + getipnodebyname(), + and + getipnodebyaddr() + functions are all supported. To allow the lwres library to coexist + with system libraries that define functions of the same name, + the library defines these functions with names prefixed by + lwres_. + To define the standard names, applications must include the + header file + <lwres/netdb.h> + which contains macro definitions mapping the standard function names + into + lwres_ + prefixed ones. Operating system vendors who integrate the lwres + library into their base distributions should rename the functions + in the library proper so that the renaming macros are not needed. +

+

+ The library also provides a native API consisting of the functions + lwres_getaddrsbyname() + and + lwres_getnamebyaddr(). + These may be called by applications that require more detailed + control over the lookup process than the standard functions + provide. +

+

+ In addition to these name service independent address lookup + functions, the library implements a new, experimental API + for looking up arbitrary DNS resource records, using the + lwres_getaddrsbyname() + function. +

+

+ Finally, there is a low-level API for converting lookup + requests and responses to and from raw lwres protocol packets. + This API can be used by clients requiring nonblocking operation, + and is also used when implementing the server side of the lwres + protocol, for example in the + lwresd + resolver daemon. The use of this low-level API in clients + and servers is outlined in the following sections. +

+
+
+

CLIENT-SIDE LOW-LEVEL API CALL FLOW

+

+ When a client program wishes to make an lwres request using the + native low-level API, it typically performs the following + sequence of actions. +

+

+ (1) Allocate or use an existing lwres_packet_t, + called pkt below. +

+

+ (2) Set pkt.recvlength to the maximum length + we will accept. + This is done so the receiver of our packets knows how large our receive + buffer is. The "default" is a constant in + lwres.h: LWRES_RECVLENGTH = 4096. +

+

+ (3) Set pkt.serial + to a unique serial number. This value is echoed + back to the application by the remote server. +

+

+ (4) Set pkt.pktflags. Usually this is set to + 0. +

+

+ (5) Set pkt.result to 0. +

+

+ (6) Call lwres_*request_render(), + or marshall in the data using the primitives + such as lwres_packet_render() + and storing the packet data. +

+

+ (7) Transmit the resulting buffer. +

+

+ (8) Call lwres_*response_parse() + to parse any packets received. +

+

+ (9) Verify that the opcode and serial match a request, and process the + packet specific information contained in the body. +

+
+
+

SERVER-SIDE LOW-LEVEL API CALL FLOW

+

+ When implementing the server side of the lightweight resolver + protocol using the lwres library, a sequence of actions like the + following is typically involved in processing each request packet. +

+

+ Note that the same lwres_packet_t is used + in both the _parse() and _render() calls, + with only a few modifications made + to the packet header's contents between uses. This method is + recommended + as it keeps the serial, opcode, and other fields correct. +

+

+ (1) When a packet is received, call lwres_*request_parse() to + unmarshall it. This returns a lwres_packet_t (also called pkt, below) + as well as a data specific type, such as lwres_gabnrequest_t. +

+

+ (2) Process the request in the data specific type. +

+

+ (3) Set the pkt.result, + pkt.recvlength as above. All other fields + can + be left untouched since they were filled in by the *_parse() call + above. If using lwres_*response_render(), + pkt.pktflags will be set up + properly. Otherwise, the LWRES_LWPACKETFLAG_RESPONSE bit should be + set. +

+

+ (4) Call the data specific rendering function, such as + lwres_gabnresponse_render(). +

+

+ (5) Send the resulting packet to the client. +

+

+
+
+

SEE ALSO

+

lwres_gethostent(3), + + lwres_getipnode(3), + + lwres_getnameinfo(3), + + lwres_noop(3), + + lwres_gabn(3), + + lwres_gnba(3), + + lwres_context(3), + + lwres_config(3), + + resolver(5), + + lwresd(8). + +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_buffer.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.3 similarity index 76% rename from contrib/bind-9.3/lib/lwres/man/lwres_buffer.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.3 index 62312379c1..9f26a5628c 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_buffer.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_buffer.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_buffer.3,v 1.26.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_buffer .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,37 +36,37 @@ lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtr #include .fi .HP 23 -.BI "void lwres_buffer_init(lwres_buffer_t\ *b, void\ *base, unsigned\ int\ length);" +.BI "void lwres_buffer_init(lwres_buffer_t\ *" "b" ", void\ *" "base" ", unsigned\ int\ " "length" ");" .HP 29 -.BI "void lwres_buffer_invalidate(lwres_buffer_t\ *b);" +.BI "void lwres_buffer_invalidate(lwres_buffer_t\ *" "b" ");" .HP 22 -.BI "void lwres_buffer_add(lwres_buffer_t\ *b, unsigned\ int\ n);" +.BI "void lwres_buffer_add(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");" .HP 27 -.BI "void lwres_buffer_subtract(lwres_buffer_t\ *b, unsigned\ int\ n);" +.BI "void lwres_buffer_subtract(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");" .HP 24 -.BI "void lwres_buffer_clear(lwres_buffer_t\ *b);" +.BI "void lwres_buffer_clear(lwres_buffer_t\ *" "b" ");" .HP 24 -.BI "void lwres_buffer_first(lwres_buffer_t\ *b);" +.BI "void lwres_buffer_first(lwres_buffer_t\ *" "b" ");" .HP 26 -.BI "void lwres_buffer_forward(lwres_buffer_t\ *b, unsigned\ int\ n);" +.BI "void lwres_buffer_forward(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");" .HP 23 -.BI "void lwres_buffer_back(lwres_buffer_t\ *b, unsigned\ int\ n);" +.BI "void lwres_buffer_back(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");" .HP 36 -.BI "lwres_uint8_t lwres_buffer_getuint8(lwres_buffer_t\ *b);" +.BI "lwres_uint8_t lwres_buffer_getuint8(lwres_buffer_t\ *" "b" ");" .HP 27 -.BI "void lwres_buffer_putuint8(lwres_buffer_t\ *b, lwres_uint8_t\ val);" +.BI "void lwres_buffer_putuint8(lwres_buffer_t\ *" "b" ", lwres_uint8_t\ " "val" ");" .HP 38 -.BI "lwres_uint16_t lwres_buffer_getuint16(lwres_buffer_t\ *b);" +.BI "lwres_uint16_t lwres_buffer_getuint16(lwres_buffer_t\ *" "b" ");" .HP 28 -.BI "void lwres_buffer_putuint16(lwres_buffer_t\ *b, lwres_uint16_t\ val);" +.BI "void lwres_buffer_putuint16(lwres_buffer_t\ *" "b" ", lwres_uint16_t\ " "val" ");" .HP 38 -.BI "lwres_uint32_t lwres_buffer_getuint32(lwres_buffer_t\ *b);" +.BI "lwres_uint32_t lwres_buffer_getuint32(lwres_buffer_t\ *" "b" ");" .HP 28 -.BI "void lwres_buffer_putuint32(lwres_buffer_t\ *b, lwres_uint32_t\ val);" +.BI "void lwres_buffer_putuint32(lwres_buffer_t\ *" "b" ", lwres_uint32_t\ " "val" ");" .HP 25 -.BI "void lwres_buffer_putmem(lwres_buffer_t\ *b, const\ unsigned\ char\ *base, unsigned\ int\ length);" +.BI "void lwres_buffer_putmem(lwres_buffer_t\ *" "b" ", const\ unsigned\ char\ *" "base" ", unsigned\ int\ " "length" ");" .HP 25 -.BI "void lwres_buffer_getmem(lwres_buffer_t\ *b, unsigned\ char\ *base, unsigned\ int\ length);" +.BI "void lwres_buffer_getmem(lwres_buffer_t\ *" "b" ", unsigned\ char\ *" "base" ", unsigned\ int\ " "length" ");" .SH "DESCRIPTION" .PP These functions provide bounds checked access to a region of memory where data is being read or written. They are based on, and similar to, the @@ -92,8 +92,7 @@ The \fIactive region\fR is an (optional) subregion of the remaining region. It extends from the current offset to an offset in the remaining region. Initially, the active region is empty. If the current offset advances beyond the chosen offset, the active region will also be empty. .PP -.sp -.RS 3n +.RS 4 .nf /\-\-\-\-\-\-\-\-\-\-\-\-entire length\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\\\\ /\-\-\-\-\- used region \-\-\-\-\-\\\\/\-\- available \-\-\\\\ @@ -101,11 +100,23 @@ is an (optional) subregion of the remaining region. It extends from the current | consumed | remaining | | +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ a b c d e +.fi +.RE +.sp +.PP +.RS 4 +.nf a == base of buffer. b == current pointer. Can be anywhere between a and d. c == active pointer. Meaningful between b and d. d == used pointer. e == length of buffer. +.fi +.RE +.sp +.PP +.RS 4 +.nf a\-e == entire length of buffer. a\-d == used region. a\-b == consumed region. @@ -146,8 +157,7 @@ used. .PP A buffer is re\-initialised by \fBlwres_buffer_clear()\fR. The function sets -used -, +used, current and active @@ -217,4 +227,7 @@ bytes of memory from to \fIbase\fR. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.html new file mode 100644 index 0000000000..8cf21d7cb3 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_buffer.html @@ -0,0 +1,455 @@ + + + + + +lwres_buffer + + +
+
+
+

Name

+

lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management

+
+
+

Synopsis

+
+
+#include <lwres/lwbuffer.h>
+
+ + + + + + + + + + + + + + + + +
+void +lwres_buffer_init(lwres_buffer_t *  +b,
 void *  +base,
 unsigned int   +length);
+ + + + +
+void +lwres_buffer_invalidate(lwres_buffer_t *  +b);
+ + + + + + + + + + + +
+void +lwres_buffer_add(lwres_buffer_t *  +b,
 unsigned int   +n);
+ + + + + + + + + + + +
+void +lwres_buffer_subtract(lwres_buffer_t *  +b,
 unsigned int   +n);
+ + + + +
+void +lwres_buffer_clear(lwres_buffer_t *  +b);
+ + + + +
+void +lwres_buffer_first(lwres_buffer_t *  +b);
+ + + + + + + + + + + +
+void +lwres_buffer_forward(lwres_buffer_t *  +b,
 unsigned int   +n);
+ + + + + + + + + + + +
+void +lwres_buffer_back(lwres_buffer_t *  +b,
 unsigned int   +n);
+ + + + +
+lwres_uint8_t +lwres_buffer_getuint8(lwres_buffer_t *  +b);
+ + + + + + + + + + + +
+void +lwres_buffer_putuint8(lwres_buffer_t *  +b,
 lwres_uint8_t   +val);
+ + + + +
+lwres_uint16_t +lwres_buffer_getuint16(lwres_buffer_t *  +b);
+ + + + + + + + + + + +
+void +lwres_buffer_putuint16(lwres_buffer_t *  +b,
 lwres_uint16_t   +val);
+ + + + +
+lwres_uint32_t +lwres_buffer_getuint32(lwres_buffer_t *  +b);
+ + + + + + + + + + + +
+void +lwres_buffer_putuint32(lwres_buffer_t *  +b,
 lwres_uint32_t   +val);
+ + + + + + + + + + + + + + + + +
+void +lwres_buffer_putmem(lwres_buffer_t *  +b,
 const unsigned char *  +base,
 unsigned int   +length);
+ + + + + + + + + + + + + + + + +
+void +lwres_buffer_getmem(lwres_buffer_t *  +b,
 unsigned char *  +base,
 unsigned int   +length);
+
+
+
+

DESCRIPTION

+

+ These functions provide bounds checked access to a region of memory + where data is being read or written. + They are based on, and similar to, the + isc_buffer_ + functions in the ISC library. +

+

+ A buffer is a region of memory, together with a set of related + subregions. + The used region and the + available region are disjoint, and + their union is the buffer's region. + The used region extends from the beginning of the buffer region to the + last used byte. + The available region extends from one byte greater than the last used + byte to the end of the buffer's region. + The size of the used region can be changed using various + buffer commands. + Initially, the used region is empty. +

+

+ The used region is further subdivided into two disjoint regions: the + consumed region and the remaining region. + The union of these two regions is the used region. + The consumed region extends from the beginning of the used region to + the byte before the current offset (if any). + The remaining region the current pointer to the end + of the used + region. + The size of the consumed region can be changed using various + buffer commands. + Initially, the consumed region is empty. +

+

+ The active region is an (optional) subregion of the + remaining + region. + It extends from the current offset to an offset in the + remaining region. + Initially, the active region is empty. + If the current offset advances beyond the chosen offset, + the active region will also be empty. +

+
+   /------------entire length---------------\\
+   /----- used region -----\\/-- available --\\
+   +----------------------------------------+
+   | consumed  | remaining |                |
+   +----------------------------------------+
+   a           b     c     d                e
+
+

+

+
+  a == base of buffer.
+  b == current pointer.  Can be anywhere between a and d.
+  c == active pointer.  Meaningful between b and d.
+  d == used pointer.
+  e == length of buffer.
+
+

+

+
+  a-e == entire length of buffer.
+  a-d == used region.
+  a-b == consumed region.
+  b-d == remaining region.
+  b-c == optional active region.
+
+

+

+

lwres_buffer_init() + initializes the + lwres_buffer_t + *b + and assocates it with the memory region of size + length + bytes starting at location + base. +

+

lwres_buffer_invalidate() + marks the buffer *b + as invalid. Invalidating a buffer after use is not required, + but makes it possible to catch its possible accidental use. +

+

+ The functions + lwres_buffer_add() + and + lwres_buffer_subtract() + respectively increase and decrease the used space in + buffer + *b + by + n + bytes. + lwres_buffer_add() + checks for buffer overflow and + lwres_buffer_subtract() + checks for underflow. + These functions do not allocate or deallocate memory. + They just change the value of + used. +

+

+ A buffer is re-initialised by + lwres_buffer_clear(). + The function sets + used, + current + and + active + to zero. +

+

lwres_buffer_first + makes the consumed region of buffer + *p + empty by setting + current + to zero (the start of the buffer). +

+

lwres_buffer_forward() + increases the consumed region of buffer + *b + by + n + bytes, checking for overflow. + Similarly, + lwres_buffer_back() + decreases buffer + b's + consumed region by + n + bytes and checks for underflow. +

+

lwres_buffer_getuint8() + reads an unsigned 8-bit integer from + *b + and returns it. + lwres_buffer_putuint8() + writes the unsigned 8-bit integer + val + to buffer + *b. +

+

lwres_buffer_getuint16() + and + lwres_buffer_getuint32() + are identical to + lwres_buffer_putuint8() + except that they respectively read an unsigned 16-bit or 32-bit integer + in network byte order from + b. + Similarly, + lwres_buffer_putuint16() + and + lwres_buffer_putuint32() + writes the unsigned 16-bit or 32-bit integer + val + to buffer + b, + in network byte order. +

+

+ Arbitrary amounts of data are read or written from a lightweight + resolver buffer with + lwres_buffer_getmem() + and + lwres_buffer_putmem() + respectively. + lwres_buffer_putmem() + copies + length + bytes of memory at + base + to + b. + Conversely, + lwres_buffer_getmem() + copies + length + bytes of memory from + b + to + base. +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_config.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_config.3 similarity index 74% rename from contrib/bind-9.3/lib/lwres/man/lwres_config.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_config.3 index 0a23923514..918d420e0e 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_config.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_config.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_config.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_config.3,v 1.26.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_config .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,15 +36,15 @@ lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_con #include .fi .HP 21 -.BI "void lwres_conf_init(lwres_context_t\ *ctx);" +.BI "void lwres_conf_init(lwres_context_t\ *" "ctx" ");" .HP 22 -.BI "void lwres_conf_clear(lwres_context_t\ *ctx);" +.BI "void lwres_conf_clear(lwres_context_t\ *" "ctx" ");" .HP 32 -.BI "lwres_result_t lwres_conf_parse(lwres_context_t\ *ctx, const\ char\ *filename);" +.BI "lwres_result_t lwres_conf_parse(lwres_context_t\ *" "ctx" ", const\ char\ *" "filename" ");" .HP 32 -.BI "lwres_result_t lwres_conf_print(lwres_context_t\ *ctx, FILE\ *fp);" +.BI "lwres_result_t lwres_conf_print(lwres_context_t\ *" "ctx" ", FILE\ *" "fp" ");" .HP 30 -.BI "lwres_conf_t * lwres_conf_get(lwres_context_t\ *ctx);" +.BI "lwres_conf_t * lwres_conf_get(lwres_context_t\ *" "ctx" ");" .SH "DESCRIPTION" .PP \fBlwres_conf_init()\fR @@ -100,4 +100,7 @@ unless an error occurred when converting the network addresses to a numeric host .PP \fI/etc/resolv.conf\fR .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_config.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_config.html new file mode 100644 index 0000000000..26c2ead52e --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_config.html @@ -0,0 +1,156 @@ + + + + + +lwres_config + + +
+
+
+

Name

+

lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration

+
+
+

Synopsis

+
+
#include <lwres/lwres.h>
+ + + + +
+void +lwres_conf_init(lwres_context_t *  +ctx);
+ + + + +
+void +lwres_conf_clear(lwres_context_t *  +ctx);
+ + + + + + + + + + + +
+lwres_result_t +lwres_conf_parse(lwres_context_t *  +ctx,
 const char *  +filename);
+ + + + + + + + + + + +
+lwres_result_t +lwres_conf_print(lwres_context_t *  +ctx,
 FILE *  +fp);
+ + + + +
+lwres_conf_t * +lwres_conf_get(lwres_context_t *  +ctx);
+
+
+
+

DESCRIPTION

+

lwres_conf_init() + creates an empty + lwres_conf_t + structure for lightweight resolver context + ctx. +

+

lwres_conf_clear() + frees up all the internal memory used by + that + lwres_conf_t + structure in resolver context + ctx. +

+

lwres_conf_parse() + opens the file + filename + and parses it to initialise the resolver context + ctx's + lwres_conf_t + structure. +

+

lwres_conf_print() + prints the + lwres_conf_t + structure for resolver context + ctx + to the + FILE + fp. +

+
+
+

RETURN VALUES

+

lwres_conf_parse() + returns LWRES_R_SUCCESS + if it successfully read and parsed + filename. + It returns LWRES_R_FAILURE + if filename + could not be opened or contained incorrect + resolver statements. +

+

lwres_conf_print() + returns LWRES_R_SUCCESS + unless an error occurred when converting the network addresses to a + numeric host address string. + If this happens, the function returns + LWRES_R_FAILURE. +

+
+
+

SEE ALSO

+

stdio(3), + resolver(5). +

+
+
+

FILES

+

/etc/resolv.conf +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_context.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_context.3 similarity index 78% rename from contrib/bind-9.3/lib/lwres/man/lwres_context.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_context.3 index ba68e408cc..55ac270aa5 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_context.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_context.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_context.3,v 1.13.2.2.2.7 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_context.3,v 1.28.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_context .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,19 +36,19 @@ lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_con #include .fi .HP 36 -.BI "lwres_result_t lwres_context_create(lwres_context_t\ **contextp, void\ *arg, lwres_malloc_t\ malloc_function, lwres_free_t\ free_function);" +.BI "lwres_result_t lwres_context_create(lwres_context_t\ **" "contextp" ", void\ *" "arg" ", lwres_malloc_t\ " "malloc_function" ", lwres_free_t\ " "free_function" ");" .HP 37 -.BI "lwres_result_t lwres_context_destroy(lwres_context_t\ **contextp);" +.BI "lwres_result_t lwres_context_destroy(lwres_context_t\ **" "contextp" ");" .HP 30 -.BI "void lwres_context_initserial(lwres_context_t\ *ctx, lwres_uint32_t\ serial);" +.BI "void lwres_context_initserial(lwres_context_t\ *" "ctx" ", lwres_uint32_t\ " "serial" ");" .HP 40 -.BI "lwres_uint32_t lwres_context_nextserial(lwres_context_t\ *ctx);" +.BI "lwres_uint32_t lwres_context_nextserial(lwres_context_t\ *" "ctx" ");" .HP 27 -.BI "void lwres_context_freemem(lwres_context_t\ *ctx, void\ *mem, size_t\ len);" +.BI "void lwres_context_freemem(lwres_context_t\ *" "ctx" ", void\ *" "mem" ", size_t\ " "len" ");" .HP 28 -.BI "void lwres_context_allocmem(lwres_context_t\ *ctx, size_t\ len);" +.BI "void lwres_context_allocmem(lwres_context_t\ *" "ctx" ", size_t\ " "len" ");" .HP 30 -.BI "void * lwres_context_sendrecv(lwres_context_t\ *ctx, void\ *sendbase, int\ sendlen, void\ *recvbase, int\ recvlen, int\ *recvd_len);" +.BI "void * lwres_context_sendrecv(lwres_context_t\ *" "ctx" ", void\ *" "sendbase" ", int\ " "sendlen" ", void\ *" "recvbase" ", int\ " "recvlen" ", int\ *" "recvd_len" ");" .SH "DESCRIPTION" .PP \fBlwres_context_create()\fR @@ -72,7 +72,8 @@ to free it. If \fImalloc_function\fR and \fIfree_function\fR -are NULL, memory is allocated using .Xr malloc 3 and +are NULL, memory is allocated using +\fBmalloc\fR(3). and \fBfree\fR(3). It is not permitted to have a NULL \fImalloc_function\fR and a non\-NULL @@ -161,6 +162,9 @@ times out waiting for a response. .PP \fBlwres_conf_init\fR(3), \fBmalloc\fR(3), -\fBfree\fR(3 ). +\fBfree\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_context.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_context.html new file mode 100644 index 0000000000..0797e817da --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_context.html @@ -0,0 +1,295 @@ + + + + + +lwres_context + + +
+
+
+

Name

+

lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management

+
+
+

Synopsis

+
+
#include <lwres/lwres.h>
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_context_create(lwres_context_t **  +contextp,
 void *  +arg,
 lwres_malloc_t   +malloc_function,
 lwres_free_t   +free_function);
+ + + + +
+lwres_result_t +lwres_context_destroy(lwres_context_t **  +contextp);
+ + + + + + + + + + + +
+void +lwres_context_initserial(lwres_context_t *  +ctx,
 lwres_uint32_t   +serial);
+ + + + +
+lwres_uint32_t +lwres_context_nextserial(lwres_context_t *  +ctx);
+ + + + + + + + + + + + + + + + +
+void +lwres_context_freemem(lwres_context_t *  +ctx,
 void *  +mem,
 size_t   +len);
+ + + + + + + + + + + +
+void +lwres_context_allocmem(lwres_context_t *  +ctx,
 size_t   +len);
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+void * +lwres_context_sendrecv(lwres_context_t *  +ctx,
 void *  +sendbase,
 int   +sendlen,
 void *  +recvbase,
 int   +recvlen,
 int *  +recvd_len);
+
+
+
+

DESCRIPTION

+

lwres_context_create() + creates a lwres_context_t structure for use in + lightweight resolver operations. It holds a socket and other + data needed for communicating with a resolver daemon. The new + lwres_context_t is returned through + contextp, a pointer to a + lwres_context_t pointer. This + lwres_context_t pointer must initially be NULL, and + is modified to point to the newly created + lwres_context_t. +

+

+ When the lightweight resolver needs to perform dynamic memory + allocation, it will call + malloc_function + to allocate memory and + free_function + to free it. If + malloc_function + and + free_function + are NULL, memory is allocated using + malloc(3). + and + free(3). + + It is not permitted to have a NULL + malloc_function and a non-NULL + free_function or vice versa. + arg is passed as the first parameter to + the memory allocation functions. If + malloc_function and + free_function are NULL, + arg is unused and should be passed as + NULL. +

+

+ Once memory for the structure has been allocated, + it is initialized using + lwres_conf_init(3) + and returned via *contextp. +

+

lwres_context_destroy() + destroys a lwres_context_t, closing its socket. + contextp is a pointer to a pointer to the + context that is to be destroyed. The pointer will be set to + NULL when the context has been destroyed. +

+

+ The context holds a serial number that is used to identify + resolver request packets and associate responses with the + corresponding requests. This serial number is controlled using + lwres_context_initserial() and + lwres_context_nextserial(). + lwres_context_initserial() sets the serial + number for context *ctx to + serial. + lwres_context_nextserial() increments the + serial number and returns the previous value. +

+

+ Memory for a lightweight resolver context is allocated and freed + using lwres_context_allocmem() and + lwres_context_freemem(). These use + whatever allocations were defined when the context was created + with lwres_context_create(). + lwres_context_allocmem() allocates + len bytes of memory and if successful + returns a pointer to the allocated storage. + lwres_context_freemem() frees + len bytes of space starting at location + mem. +

+

lwres_context_sendrecv() + performs I/O for the context ctx. Data + are read and written from the context's socket. It writes data + from sendbase — typically a + lightweight resolver query packet — and waits for a reply + which is copied to the receive buffer at + recvbase. The number of bytes that were + written to this receive buffer is returned in + *recvd_len. +

+
+
+

RETURN VALUES

+

lwres_context_create() + returns LWRES_R_NOMEMORY if memory for + the struct lwres_context could not be allocated, + LWRES_R_SUCCESS otherwise. +

+

+ Successful calls to the memory allocator + lwres_context_allocmem() + return a pointer to the start of the allocated space. + It returns NULL if memory could not be allocated. +

+

LWRES_R_SUCCESS + is returned when + lwres_context_sendrecv() + completes successfully. + LWRES_R_IOERROR + is returned if an I/O error occurs and + LWRES_R_TIMEOUT + is returned if + lwres_context_sendrecv() + times out waiting for a response. +

+
+
+

SEE ALSO

+

lwres_conf_init(3), + + malloc(3), + + free(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gabn.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.3 similarity index 79% rename from contrib/bind-9.3/lib/lwres/man/lwres_gabn.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.3 index 593ebc5cb3..2f9f0ad327 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gabn.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gabn.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_gabn.3,v 1.27.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_gabn .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,17 +36,17 @@ lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lw #include .fi .HP 40 -.BI "lwres_result_t lwres_gabnrequest_render(lwres_context_t\ *ctx, lwres_gabnrequest_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" +.BI "lwres_result_t lwres_gabnrequest_render(lwres_context_t\ *" "ctx" ", lwres_gabnrequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 41 -.BI "lwres_result_t lwres_gabnresponse_render(lwres_context_t\ *ctx, lwres_gabnresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" +.BI "lwres_result_t lwres_gabnresponse_render(lwres_context_t\ *" "ctx" ", lwres_gabnresponse_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 39 -.BI "lwres_result_t lwres_gabnrequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gabnrequest_t\ **structp);" +.BI "lwres_result_t lwres_gabnrequest_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gabnrequest_t\ **" "structp" ");" .HP 40 -.BI "lwres_result_t lwres_gabnresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gabnresponse_t\ **structp);" +.BI "lwres_result_t lwres_gabnresponse_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gabnresponse_t\ **" "structp" ");" .HP 29 -.BI "void lwres_gabnresponse_free(lwres_context_t\ *ctx, lwres_gabnresponse_t\ **structp);" +.BI "void lwres_gabnresponse_free(lwres_context_t\ *" "ctx" ", lwres_gabnresponse_t\ **" "structp" ");" .HP 28 -.BI "void lwres_gabnrequest_free(lwres_context_t\ *ctx, lwres_gabnrequest_t\ **structp);" +.BI "void lwres_gabnrequest_free(lwres_context_t\ *" "ctx" ", lwres_gabnrequest_t\ **" "structp" ");" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver name\-to\-address lookup request and response messages. @@ -59,18 +59,36 @@ There are four main functions for the getaddrbyname opcode. One render function .PP These structures are defined in \fI\fR. They are shown below. -.sp -.RS 3n +.PP +.RS 4 .nf #define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct lwres_addr lwres_addr_t; typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t; +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct { lwres_uint32_t flags; lwres_uint32_t addrtypes; lwres_uint16_t namelen; char *name; } lwres_gabnrequest_t; +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct { lwres_uint32_t flags; lwres_uint16_t naliases; @@ -169,6 +187,9 @@ in the packet header structure indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP -\fBlwres_packet\fR(3 ) +\fBlwres_packet\fR(3) .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.html new file mode 100644 index 0000000000..b12e6de943 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gabn.html @@ -0,0 +1,324 @@ + + + + + +lwres_gabn + + +
+
+
+

Name

+

lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling

+
+
+

Synopsis

+
+
#include <lwres/lwres.h>
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gabnrequest_render(lwres_context_t *  +ctx,
 lwres_gabnrequest_t *  +req,
 lwres_lwpacket_t *  +pkt,
 lwres_buffer_t *  +b);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gabnresponse_render(lwres_context_t *  +ctx,
 lwres_gabnresponse_t *  +req,
 lwres_lwpacket_t *  +pkt,
 lwres_buffer_t *  +b);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gabnrequest_parse(lwres_context_t *  +ctx,
 lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt,
 lwres_gabnrequest_t **  +structp);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gabnresponse_parse(lwres_context_t *  +ctx,
 lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt,
 lwres_gabnresponse_t **  +structp);
+ + + + + + + + + + + +
+void +lwres_gabnresponse_free(lwres_context_t *  +ctx,
 lwres_gabnresponse_t **  +structp);
+ + + + + + + + + + + +
+void +lwres_gabnrequest_free(lwres_context_t *  +ctx,
 lwres_gabnrequest_t **  +structp);
+
+
+
+

DESCRIPTION

+

+ These are low-level routines for creating and parsing + lightweight resolver name-to-address lookup request and + response messages. +

+

+ There are four main functions for the getaddrbyname opcode. + One render function converts a getaddrbyname request structure — + lwres_gabnrequest_t — + to the lighweight resolver's canonical format. + It is complemented by a parse function that converts a packet in this + canonical format to a getaddrbyname request structure. + Another render function converts the getaddrbyname response structure + — lwres_gabnresponse_t — + to the canonical format. + This is complemented by a parse function which converts a packet in + canonical format to a getaddrbyname response structure. +

+

+ These structures are defined in + <lwres/lwres.h>. + They are shown below. +

+
+#define LWRES_OPCODE_GETADDRSBYNAME     0x00010001U
+
+

+

+
+typedef struct lwres_addr lwres_addr_t;
+typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t;
+
+

+

+
+typedef struct {
+        lwres_uint32_t  flags;
+        lwres_uint32_t  addrtypes;
+        lwres_uint16_t  namelen;
+        char           *name;
+} lwres_gabnrequest_t;
+
+

+

+
+typedef struct {
+        lwres_uint32_t          flags;
+        lwres_uint16_t          naliases;
+        lwres_uint16_t          naddrs;
+        char                   *realname;
+        char                  **aliases;
+        lwres_uint16_t          realnamelen;
+        lwres_uint16_t         *aliaslen;
+        lwres_addrlist_t        addrs;
+        void                   *base;
+        size_t                  baselen;
+} lwres_gabnresponse_t;
+
+

+

+

lwres_gabnrequest_render() + uses resolver context ctx to convert + getaddrbyname request structure req to + canonical format. The packet header structure + pkt is initialised and transferred to + buffer b. + + The contents of *req are then appended to + the buffer in canonical format. + lwres_gabnresponse_render() performs the + same task, except it converts a getaddrbyname response structure + lwres_gabnresponse_t to the lightweight resolver's + canonical format. +

+

lwres_gabnrequest_parse() + uses context ctx to convert the contents + of packet pkt to a + lwres_gabnrequest_t structure. Buffer + b provides space to be used for storing + this structure. When the function succeeds, the resulting + lwres_gabnrequest_t is made available through + *structp. + + lwres_gabnresponse_parse() offers the same + semantics as lwres_gabnrequest_parse() + except it yields a lwres_gabnresponse_t structure. +

+

lwres_gabnresponse_free() + and lwres_gabnrequest_free() release the + memory in resolver context ctx that was + allocated to the lwres_gabnresponse_t or + lwres_gabnrequest_t structures referenced via + structp. + + Any memory associated with ancillary buffers and strings for + those structures is also discarded. +

+
+
+

RETURN VALUES

+

+ The getaddrbyname opcode functions + lwres_gabnrequest_render(), + lwres_gabnresponse_render() + lwres_gabnrequest_parse() + and + lwres_gabnresponse_parse() + all return + LWRES_R_SUCCESS + on success. + They return + LWRES_R_NOMEMORY + if memory allocation fails. + LWRES_R_UNEXPECTEDEND + is returned if the available space in the buffer + b + is too small to accommodate the packet header or the + lwres_gabnrequest_t + and + lwres_gabnresponse_t + structures. + lwres_gabnrequest_parse() + and + lwres_gabnresponse_parse() + will return + LWRES_R_UNEXPECTEDEND + if the buffer is not empty after decoding the received packet. + These functions will return + LWRES_R_FAILURE + if + pktflags + in the packet header structure + lwres_lwpacket_t + indicate that the packet is not a response to an earlier query. +

+
+
+

SEE ALSO

+

lwres_packet(3) +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.3 similarity index 76% rename from contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.3 index e6efcd09a8..4cf51c1639 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gai_strerror.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gai_strerror.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_gai_strerror.3,v 1.27.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_gai_strerror .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -30,56 +30,78 @@ .\" disable justification (adjust text to left margin only) .ad l .SH "NAME" -gai_strerror \- print suitable error string +lwres_gai_strerror \- print suitable error string .SH "SYNOPSIS" .nf #include .fi .HP 20 -.BI "char * gai_strerror(int\ ecode);" +.BI "char * gai_strerror(int\ " "ecode" ");" .SH "DESCRIPTION" .PP \fBlwres_gai_strerror()\fR returns an error message corresponding to an error code returned by \fBgetaddrinfo()\fR. The following error codes and their meaning are defined in \fIinclude/lwres/netdb.h\fR. -.TP 3n +.PP \fBEAI_ADDRFAMILY\fR +.RS 4 address family for hostname not supported -.TP 3n +.RE +.PP \fBEAI_AGAIN\fR +.RS 4 temporary failure in name resolution -.TP 3n +.RE +.PP \fBEAI_BADFLAGS\fR +.RS 4 invalid value for \fBai_flags\fR -.TP 3n +.RE +.PP \fBEAI_FAIL\fR +.RS 4 non\-recoverable failure in name resolution -.TP 3n +.RE +.PP \fBEAI_FAMILY\fR +.RS 4 \fBai_family\fR not supported -.TP 3n +.RE +.PP \fBEAI_MEMORY\fR +.RS 4 memory allocation failure -.TP 3n +.RE +.PP \fBEAI_NODATA\fR +.RS 4 no address associated with hostname -.TP 3n +.RE +.PP \fBEAI_NONAME\fR +.RS 4 hostname or servname not provided, or not known -.TP 3n +.RE +.PP \fBEAI_SERVICE\fR +.RS 4 servname not supported for \fBai_socktype\fR -.TP 3n +.RE +.PP \fBEAI_SOCKTYPE\fR +.RS 4 \fBai_socktype\fR not supported -.TP 3n +.RE +.PP \fBEAI_SYSTEM\fR +.RS 4 system error returned in errno +.RE The message invalid error code is returned if @@ -101,4 +123,7 @@ used by \fBgetaddrinfo\fR(3), \fBRFC2133\fR(). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.html new file mode 100644 index 0000000000..2370962418 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gai_strerror.html @@ -0,0 +1,124 @@ + + + + + +lwres_gai_strerror + + +
+
+
+

Name

+

lwres_gai_strerror — print suitable error string

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + +
+char * +gai_strerror(int   +ecode);
+
+
+
+

DESCRIPTION

+

lwres_gai_strerror() + returns an error message corresponding to an error code returned by + getaddrinfo(). + The following error codes and their meaning are defined in + include/lwres/netdb.h. +

+
+
EAI_ADDRFAMILY
+

+ address family for hostname not supported +

+
EAI_AGAIN
+

+ temporary failure in name resolution +

+
EAI_BADFLAGS
+

+ invalid value for + ai_flags +

+
EAI_FAIL
+

+ non-recoverable failure in name resolution +

+
EAI_FAMILY
+

ai_family not supported +

+
EAI_MEMORY
+

+ memory allocation failure +

+
EAI_NODATA
+

+ no address associated with hostname +

+
EAI_NONAME
+

+ hostname or servname not provided, or not known +

+
EAI_SERVICE
+

+ servname not supported for ai_socktype +

+
EAI_SOCKTYPE
+

ai_socktype not supported +

+
EAI_SYSTEM
+

+ system error returned in errno +

+
+

+ The message invalid error code is returned if + ecode + is out of range. +

+

ai_flags, + ai_family + and + ai_socktype + are elements of the + struct addrinfo + used by + lwres_getaddrinfo(). +

+
+
+

SEE ALSO

+

strerror(3), + + lwres_getaddrinfo(3), + + getaddrinfo(3), + + RFC2133. +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.3 similarity index 89% rename from contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.3 index fe52cd52cf..ac16acdc1a 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getaddrinfo.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getaddrinfo.3,v 1.16.2.1.8.7 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_getaddrinfo.3,v 1.31.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_getaddrinfo .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,14 +36,14 @@ lwres_getaddrinfo, lwres_freeaddrinfo \- socket address structure to host and se #include .fi .HP 22 -.BI "int lwres_getaddrinfo(const\ char\ *hostname, const\ char\ *servname, const\ struct\ addrinfo\ *hints, struct\ addrinfo\ **res);" +.BI "int lwres_getaddrinfo(const\ char\ *" "hostname" ", const\ char\ *" "servname" ", const\ struct\ addrinfo\ *" "hints" ", struct\ addrinfo\ **" "res" ");" .HP 24 -.BI "void lwres_freeaddrinfo(struct\ addrinfo\ *ai);" +.BI "void lwres_freeaddrinfo(struct\ addrinfo\ *" "ai" ");" .PP If the operating system does not provide a \fBstruct addrinfo\fR, the following structure is used: -.sp -.RS 3n +.PP +.RS 4 .nf struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ @@ -82,14 +82,17 @@ is either a decimal port number or a service name as listed in is an optional pointer to a \fBstruct addrinfo\fR. This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use. The caller can supply the following structure elements in \fI*hints\fR: -.TP 3n +.PP \fBai_family\fR +.RS 4 The protocol family that should be used. When \fBai_family\fR is set to \fBPF_UNSPEC\fR, it means the caller will accept any protocol family supported by the operating system. -.TP 3n +.RE +.PP \fBai_socktype\fR +.RS 4 denotes the type of socket \(em \fBSOCK_STREAM\fR, \fBSOCK_DGRAM\fR @@ -98,13 +101,17 @@ or \(em that is wanted. When \fBai_socktype\fR is zero the caller will accept any socket type. -.TP 3n +.RE +.PP \fBai_protocol\fR +.RS 4 indicates which transport protocol is wanted: IPPROTO_UDP or IPPROTO_TCP. If \fBai_protocol\fR is zero the caller will accept any protocol. -.TP 3n +.RE +.PP \fBai_flags\fR +.RS 4 Flag bits. If the \fBAI_CANONNAME\fR bit is set, a successful call to @@ -129,11 +136,11 @@ When does not set the \fBAI_PASSIVE\fR bit, the returned socket address structure will be ready for use in a call to -\fBconnect\fR(2 ) +\fBconnect\fR(2) for a connection\-oriented protocol or \fBconnect\fR(2), \fBsendto\fR(2), or -\fBsendmsg\fR(2 ) +\fBsendmsg\fR(2) if a connectionless protocol was chosen. The IP address portion of the socket address structure will be set to the loopback address if \fIhostname\fR is a @@ -150,6 +157,7 @@ is set to it indicates that \fIhostname\fR should be treated as a numeric string defining an IPv4 or IPv6 address and no name resolution should be attempted. +.RE .PP All other elements of the \fBstruct addrinfo\fR @@ -208,7 +216,7 @@ created by a call to .PP \fBlwres_getaddrinfo()\fR returns zero on success or one of the error codes listed in -\fBgai_strerror\fR(3 ) +\fBgai_strerror\fR(3) if an error occurs. If both \fIhostname\fR and @@ -232,4 +240,7 @@ returns \fBsendmsg\fR(2), \fBsocket\fR(2). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.html new file mode 100644 index 0000000000..652bc6b7ad --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getaddrinfo.html @@ -0,0 +1,322 @@ + + + + + +lwres_getaddrinfo + + +
+
+
+

Name

+

lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + + + + + + + + + + + + + + + + + + +
+int +lwres_getaddrinfo(const char *  +hostname,
 const char *  +servname,
 const struct addrinfo *  +hints,
 struct addrinfo **  +res);
+ + + + +
+void +lwres_freeaddrinfo(struct addrinfo *  +ai);
+
+

+ If the operating system does not provide a + struct addrinfo, + the following structure is used: +

+
+struct  addrinfo {
+        int             ai_flags;       /* AI_PASSIVE, AI_CANONNAME */
+        int             ai_family;      /* PF_xxx */
+        int             ai_socktype;    /* SOCK_xxx */
+        int             ai_protocol;    /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
+        size_t          ai_addrlen;     /* length of ai_addr */
+        char            *ai_canonname;  /* canonical name for hostname */
+        struct sockaddr *ai_addr;       /* binary address */
+        struct addrinfo *ai_next;       /* next structure in linked list */
+};
+
+

+

+
+
+

DESCRIPTION

+

lwres_getaddrinfo() + is used to get a list of IP addresses and port numbers for host + hostname and service + servname. + + The function is the lightweight resolver's implementation of + getaddrinfo() as defined in RFC2133. + hostname and + servname are pointers to null-terminated + strings or NULL. + + hostname is either a host name or a + numeric host address string: a dotted decimal IPv4 address or an + IPv6 address. servname is either a + decimal port number or a service name as listed in + /etc/services. +

+

hints + is an optional pointer to a + struct addrinfo. + This structure can be used to provide hints concerning the type of + socket + that the caller supports or wishes to use. + The caller can supply the following structure elements in + *hints: + +

+
+
ai_family
+

+ The protocol family that should be used. + When + ai_family + is set to + PF_UNSPEC, + it means the caller will accept any protocol family supported by + the + operating system. +

+
ai_socktype
+

+ denotes the type of socket — + SOCK_STREAM, + SOCK_DGRAM + or + SOCK_RAW + — that is wanted. + When + ai_socktype + is zero the caller will accept any socket type. +

+
ai_protocol
+

+ indicates which transport protocol is wanted: IPPROTO_UDP or + IPPROTO_TCP. + If + ai_protocol + is zero the caller will accept any protocol. +

+
ai_flags
+
+

+ Flag bits. + If the + AI_CANONNAME + bit is set, a successful call to + lwres_getaddrinfo() + will return a null-terminated string containing the canonical + name + of the specified hostname in + ai_canonname + of the first + addrinfo + structure returned. + Setting the + AI_PASSIVE + bit indicates that the returned socket address structure is + intended + for used in a call to + bind(2). + + In this case, if the hostname argument is a + NULL + pointer, then the IP address portion of the socket + address structure will be set to + INADDR_ANY + for an IPv4 address or + IN6ADDR_ANY_INIT + for an IPv6 address. +

+

+ When + ai_flags + does not set the + AI_PASSIVE + bit, the returned socket address structure will be ready + for use in a call to + connect(2) + for a connection-oriented protocol or + connect(2), + + sendto(2), + + or + sendmsg(2) + if a connectionless protocol was chosen. + The IP address portion of the socket address structure will be + set to the loopback address if + hostname + is a + NULL + pointer and + AI_PASSIVE + is not set in + ai_flags. +

+

+ If + ai_flags + is set to + AI_NUMERICHOST + it indicates that + hostname + should be treated as a numeric string defining an IPv4 or IPv6 + address + and no name resolution should be attempted. +

+
+
+

+

+

+ All other elements of the struct addrinfo passed + via hints must be zero. +

+

+ A hints of NULL is + treated as if + the caller provided a struct addrinfo initialized to zero + with ai_familyset to + PF_UNSPEC. +

+

+ After a successful call to + lwres_getaddrinfo(), + *res + is a pointer to a linked list of one or more + addrinfo + structures. + Each + struct addrinfo + in this list cn be processed by following + the + ai_next + pointer, until a + NULL + pointer is encountered. + The three members + ai_family, + ai_socktype, + and + ai_protocol + in each + returned + addrinfo + structure contain the corresponding arguments for a call to + socket(2). + For each + addrinfo + structure in the list, the + ai_addr + member points to a filled-in socket address structure of length + ai_addrlen. +

+

+ All of the information returned by + lwres_getaddrinfo() + is dynamically allocated: the addrinfo structures, and the socket + address structures and canonical host name strings pointed to by the + addrinfostructures. + Memory allocated for the dynamically allocated structures created by + a successful call to + lwres_getaddrinfo() + is released by + lwres_freeaddrinfo(). + ai + is a pointer to a + struct addrinfo + created by a call to + lwres_getaddrinfo(). +

+
+
+

RETURN VALUES

+

lwres_getaddrinfo() + returns zero on success or one of the error codes listed in + gai_strerror(3) + if an error occurs. If both hostname and + servname are NULL + lwres_getaddrinfo() returns + EAI_NONAME. +

+
+
+

SEE ALSO

+

lwres(3), + + lwres_getaddrinfo(3), + + lwres_freeaddrinfo(3), + + lwres_gai_strerror(3), + + RFC2133, + + getservbyname(3), + + bind(2), + + connect(2), + + sendto(2), + + sendmsg(2), + + socket(2). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gethostent.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.3 similarity index 83% rename from contrib/bind-9.3/lib/lwres/man/lwres_gethostent.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.3 index 6fe933d753..61001e1046 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gethostent.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gethostent.3,v 1.16.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_gethostent.3,v 1.29.214.1 2009/07/11 01:43:33 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_gethostent .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,37 +36,37 @@ lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent #include .fi .HP 37 -.BI "struct hostent * lwres_gethostbyname(const\ char\ *name);" +.BI "struct hostent * lwres_gethostbyname(const\ char\ *" "name" ");" .HP 38 -.BI "struct hostent * lwres_gethostbyname2(const\ char\ *name, int\ af);" +.BI "struct hostent * lwres_gethostbyname2(const\ char\ *" "name" ", int\ " "af" ");" .HP 37 -.BI "struct hostent * lwres_gethostbyaddr(const\ char\ *addr, int\ len, int\ type);" +.BI "struct hostent * lwres_gethostbyaddr(const\ char\ *" "addr" ", int\ " "len" ", int\ " "type" ");" .HP 34 .BI "struct hostent * lwres_gethostent(void);" .HP 22 -.BI "void lwres_sethostent(int\ stayopen);" +.BI "void lwres_sethostent(int\ " "stayopen" ");" .HP 22 .BI "void lwres_endhostent(void);" .HP 39 -.BI "struct hostent * lwres_gethostbyname_r(const\ char\ *name, struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" +.BI "struct hostent * lwres_gethostbyname_r(const\ char\ *" "name" ", struct\ hostent\ *" "resbuf" ", char\ *" "buf" ", int\ " "buflen" ", int\ *" "error" ");" .HP 39 -.BI "struct hostent * lwres_gethostbyaddr_r(const\ char\ *addr, int\ len, int\ type, struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" +.BI "struct hostent * lwres_gethostbyaddr_r(const\ char\ *" "addr" ", int\ " "len" ", int\ " "type" ", struct\ hostent\ *" "resbuf" ", char\ *" "buf" ", int\ " "buflen" ", int\ *" "error" ");" .HP 36 -.BI "struct hostent * lwres_gethostent_r(struct\ hostent\ *resbuf, char\ *buf, int\ buflen, int\ *error);" +.BI "struct hostent * lwres_gethostent_r(struct\ hostent\ *" "resbuf" ", char\ *" "buf" ", int\ " "buflen" ", int\ *" "error" ");" .HP 24 -.BI "void lwres_sethostent_r(int\ stayopen);" +.BI "void lwres_sethostent_r(int\ " "stayopen" ");" .HP 24 .BI "void lwres_endhostent_r(void);" .SH "DESCRIPTION" .PP These functions provide hostname\-to\-address and address\-to\-hostname lookups by means of the lightweight resolver. They are similar to the standard -\fBgethostent\fR(3 ) +\fBgethostent\fR(3) functions provided by most operating systems. They use a \fBstruct hostent\fR which is usually defined in \fI\fR. -.sp -.RS 3n +.PP +.RS 4 .nf struct hostent { char *h_name; /* official name of host */ @@ -81,26 +81,36 @@ struct hostent { .sp .PP The members of this structure are: -.TP 3n +.PP \fBh_name\fR +.RS 4 The official (canonical) name of the host. -.TP 3n +.RE +.PP \fBh_aliases\fR +.RS 4 A NULL\-terminated array of alternate names (nicknames) for the host. -.TP 3n +.RE +.PP \fBh_addrtype\fR +.RS 4 The type of address being returned \(em \fBPF_INET\fR or \fBPF_INET6\fR. -.TP 3n +.RE +.PP \fBh_length\fR +.RS 4 The length of the address in bytes. -.TP 3n +.RE +.PP \fBh_addr_list\fR +.RS 4 A \fBNULL\fR terminated array of network addresses for the host. Host addresses are returned in network byte order. +.RE .PP For backward compatibility with very old software, \fBh_addr\fR @@ -158,8 +168,7 @@ is a thread\-safe function for forward lookups. If an error occurs, an error cod is a pointer to a \fBstruct hostent\fR which is initialised by a successful call to -\fBlwres_gethostbyname_r()\fR -. +\fBlwres_gethostbyname_r()\fR. \fIbuf\fR is a buffer of length \fIlen\fR @@ -222,20 +231,28 @@ return NULL to indicate an error. In this case the global variable \fBlwres_h_errno\fR will contain one of the following error codes defined in \fI\fR: -.TP 3n +.PP \fBHOST_NOT_FOUND\fR +.RS 4 The host or address was not found. -.TP 3n +.RE +.PP \fBTRY_AGAIN\fR +.RS 4 A recoverable error occurred, e.g., a timeout. Retrying the lookup may succeed. -.TP 3n +.RE +.PP \fBNO_RECOVERY\fR +.RS 4 A non\-recoverable error occurred. -.TP 3n +.RE +.PP \fBNO_DATA\fR +.RS 4 The name exists, but has no address information associated with it (or vice versa in the case of a reverse lookup). The code NO_ADDRESS is accepted as a synonym for NO_DATA for backwards compatibility. +.RE .PP -\fBlwres_hstrerror\fR(3 ) +\fBlwres_hstrerror\fR(3) translates these error codes to suitable error messages. .PP \fBlwres_gethostent()\fR @@ -274,7 +291,7 @@ to .PP \fBgethostent\fR(3), \fBlwres_getipnode\fR(3), -\fBlwres_hstrerror\fR(3 ) +\fBlwres_hstrerror\fR(3) .SH "BUGS" .PP \fBlwres_gethostbyname()\fR, @@ -292,4 +309,7 @@ The resolver daemon does not currently support any non\-DNS name services such a or \fBNIS\fR, consequently the above functions don't, either. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.html new file mode 100644 index 0000000000..ff600f4c34 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gethostent.html @@ -0,0 +1,466 @@ + + + + + +lwres_gethostent + + +
+
+
+

Name

+

lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + +
+struct hostent * +lwres_gethostbyname(const char *  +name);
+ + + + + + + + + + + +
+struct hostent * +lwres_gethostbyname2(const char *  +name,
 int   +af);
+ + + + + + + + + + + + + + + + +
+struct hostent * +lwres_gethostbyaddr(const char *  +addr,
 int   +len,
 int   +type);
+ + + + +
+struct hostent * +lwres_gethostent(  +);
+ + + + +
+void +lwres_sethostent(int   +stayopen);
+ + + + +
+void +lwres_endhostent(  +);
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+struct hostent * +lwres_gethostbyname_r(const char *  +name,
 struct hostent *  +resbuf,
 char *  +buf,
 int   +buflen,
 int *  +error);
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+struct hostent * +lwres_gethostbyaddr_r(const char *  +addr,
 int   +len,
 int   +type,
 struct hostent *  +resbuf,
 char *  +buf,
 int   +buflen,
 int *  +error);
+ + + + + + + + + + + + + + + + + + + + + +
+struct hostent * +lwres_gethostent_r(struct hostent *  +resbuf,
 char *  +buf,
 int   +buflen,
 int *  +error);
+ + + + +
+void +lwres_sethostent_r(int   +stayopen);
+ + + + +
+void +lwres_endhostent_r(  +);
+
+
+
+

DESCRIPTION

+

+ These functions provide hostname-to-address and + address-to-hostname lookups by means of the lightweight resolver. + They are similar to the standard + gethostent(3) + functions provided by most operating systems. + They use a + struct hostent + which is usually defined in + <namedb.h>. +

+
+struct  hostent {
+        char    *h_name;        /* official name of host */
+        char    **h_aliases;    /* alias list */
+        int     h_addrtype;     /* host address type */
+        int     h_length;       /* length of address */
+        char    **h_addr_list;  /* list of addresses from name server */
+};
+#define h_addr  h_addr_list[0]  /* address, for backward compatibility */
+
+

+

+

+ The members of this structure are: +

+
+
h_name
+

+ The official (canonical) name of the host. +

+
h_aliases
+

+ A NULL-terminated array of alternate names (nicknames) for the + host. +

+
h_addrtype
+

+ The type of address being returned — + PF_INET + or + PF_INET6. +

+
h_length
+

+ The length of the address in bytes. +

+
h_addr_list
+

+ A NULL + terminated array of network addresses for the host. + Host addresses are returned in network byte order. +

+
+

+

+

+ For backward compatibility with very old software, + h_addr + is the first address in + h_addr_list. +

+

lwres_gethostent(), + lwres_sethostent(), + lwres_endhostent(), + lwres_gethostent_r(), + lwres_sethostent_r() + and + lwres_endhostent_r() + provide iteration over the known host entries on systems that + provide such functionality through facilities like + /etc/hosts + or NIS. The lightweight resolver does not currently implement + these functions; it only provides them as stub functions that always + return failure. +

+

lwres_gethostbyname() + and lwres_gethostbyname2() look up the + hostname name. + lwres_gethostbyname() always looks for an + IPv4 address while lwres_gethostbyname2() + looks for an address of protocol family + af: either PF_INET or + PF_INET6 — IPv4 or IPV6 addresses + respectively. Successful calls of the functions return a + struct hostentfor the name that was looked up. + NULL is returned if the lookups by + lwres_gethostbyname() or + lwres_gethostbyname2() fail. +

+

+ Reverse lookups of addresses are performed by + lwres_gethostbyaddr(). + addr is an address of length + len bytes and protocol family + typePF_INET or + PF_INET6. + lwres_gethostbyname_r() is a + thread-safe function + for forward lookups. If an error occurs, an error code is returned in + *error. + resbuf is a pointer to a + struct hostent which is initialised by a successful call to + lwres_gethostbyname_r(). + buf is a buffer of length + len bytes which is used to store the + h_name, h_aliases, and + h_addr_list elements of the + struct hostent returned in resbuf. + Successful calls to lwres_gethostbyname_r() + return resbuf, + which is a pointer to the struct hostent it created. +

+

lwres_gethostbyaddr_r() + is a thread-safe function + that performs a reverse lookup of address addr + which is len bytes long and is of + protocol + family typePF_INET or + PF_INET6. If an error occurs, the error code is returned + in *error. The other function + parameters are + identical to those in lwres_gethostbyname_r(). + resbuf is a pointer to a + struct hostent which is initialised by a successful call to + lwres_gethostbyaddr_r(). + buf is a buffer of length + len bytes which is used to store the + h_name, h_aliases, and + h_addr_list elements of the + struct hostent returned in resbuf. + Successful calls to lwres_gethostbyaddr_r() return + resbuf, which is a pointer to the + struct hostent() it created. +

+
+
+

RETURN VALUES

+

+ The functions + lwres_gethostbyname(), + lwres_gethostbyname2(), + lwres_gethostbyaddr(), + and + lwres_gethostent() + return NULL to indicate an error. In this case the global variable + lwres_h_errno + will contain one of the following error codes defined in + <lwres/netdb.h>: + +

+
+
HOST_NOT_FOUND
+

+ The host or address was not found. +

+
TRY_AGAIN
+

+ A recoverable error occurred, e.g., a timeout. + Retrying the lookup may succeed. +

+
NO_RECOVERY
+

+ A non-recoverable error occurred. +

+
NO_DATA
+

+ The name exists, but has no address information + associated with it (or vice versa in the case + of a reverse lookup). The code NO_ADDRESS + is accepted as a synonym for NO_DATA for backwards + compatibility. +

+
+

+

+

lwres_hstrerror(3) + translates these error codes to suitable error messages. +

+

lwres_gethostent() + and lwres_gethostent_r() + always return NULL. +

+

+ Successful calls to lwres_gethostbyname_r() and + lwres_gethostbyaddr_r() return + resbuf, a pointer to the + struct hostent that was initialised by these functions. They return + NULL if the lookups fail or if buf + was too small to hold the list of addresses and names referenced by + the h_name, h_aliases, and + h_addr_list elements of the + struct hostent. + If buf was too small, both + lwres_gethostbyname_r() and + lwres_gethostbyaddr_r() set the global + variable + errno to ERANGE. +

+
+
+

SEE ALSO

+

gethostent(3), + + lwres_getipnode(3), + + lwres_hstrerror(3) +

+
+
+

BUGS

+

lwres_gethostbyname(), + lwres_gethostbyname2(), + lwres_gethostbyaddr() + and + lwres_endhostent() + are not thread safe; they return pointers to static data and + provide error codes through a global variable. + Thread-safe versions for name and address lookup are provided by + lwres_gethostbyname_r(), + and + lwres_gethostbyaddr_r() + respectively. +

+

+ The resolver daemon does not currently support any non-DNS + name services such as + /etc/hosts + or + NIS, + consequently the above functions don't, either. +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getipnode.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.3 similarity index 82% rename from contrib/bind-9.3/lib/lwres/man/lwres_getipnode.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.3 index f7ab62b581..8ca46e9db0 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getipnode.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getipnode.3,v 1.13.2.2.4.7 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_getipnode.3,v 1.28.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_getipnode .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,11 +36,11 @@ lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent \- lightweight r #include .fi .HP 39 -.BI "struct hostent * lwres_getipnodebyname(const\ char\ *name, int\ af, int\ flags, int\ *error_num);" +.BI "struct hostent * lwres_getipnodebyname(const\ char\ *" "name" ", int\ " "af" ", int\ " "flags" ", int\ *" "error_num" ");" .HP 39 -.BI "struct hostent * lwres_getipnodebyaddr(const\ void\ *src, size_t\ len, int\ af, int\ *error_num);" +.BI "struct hostent * lwres_getipnodebyaddr(const\ void\ *" "src" ", size_t\ " "len" ", int\ " "af" ", int\ *" "error_num" ");" .HP 23 -.BI "void lwres_freehostent(struct\ hostent\ *he);" +.BI "void lwres_freehostent(struct\ hostent\ *" "he" ");" .SH "DESCRIPTION" .PP These functions perform thread safe, protocol independent nodename\-to\-address and address\-to\-nodename translation as defined in RFC2553. @@ -49,8 +49,8 @@ They use a \fBstruct hostent\fR which is defined in \fInamedb.h\fR: -.sp -.RS 3n +.PP +.RS 4 .nf struct hostent { char *h_name; /* official name of host */ @@ -65,26 +65,36 @@ struct hostent { .sp .PP The members of this structure are: -.TP 3n +.PP \fBh_name\fR +.RS 4 The official (canonical) name of the host. -.TP 3n +.RE +.PP \fBh_aliases\fR +.RS 4 A NULL\-terminated array of alternate names (nicknames) for the host. -.TP 3n +.RE +.PP \fBh_addrtype\fR +.RS 4 The type of address being returned \- usually \fBPF_INET\fR or \fBPF_INET6\fR. -.TP 3n +.RE +.PP \fBh_length\fR +.RS 4 The length of the address in bytes. -.TP 3n +.RE +.PP \fBh_addr_list\fR +.RS 4 A \fBNULL\fR terminated array of network addresses for the host. Host addresses are returned in network byte order. +.RE .PP \fBlwres_getipnodebyname()\fR looks up addresses of protocol family @@ -93,26 +103,34 @@ for the hostname \fIname\fR. The \fIflags\fR parameter contains ORed flag bits to specify the types of addresses that are searched for, and the types of addresses that are returned. The flag bits are: -.TP 3n +.PP \fBAI_V4MAPPED\fR +.RS 4 This is used with an \fIaf\fR of AF_INET6, and causes IPv4 addresses to be returned as IPv4\-mapped IPv6 addresses. -.TP 3n +.RE +.PP \fBAI_ALL\fR +.RS 4 This is used with an \fIaf\fR of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped IPv6 addresses. -.TP 3n +.RE +.PP \fBAI_ADDRCONFIG\fR +.RS 4 Only return an IPv6 or IPv4 address if here is an active network interface of that type. This is not currently implemented in the BIND 9 lightweight resolver, and the flag is ignored. -.TP 3n +.RE +.PP \fBAI_DEFAULT\fR +.RS 4 This default sets the \fBAI_V4MAPPED\fR and \fBAI_ADDRCONFIG\fR flag bits. +.RE .PP \fBlwres_getipnodebyaddr()\fR performs a reverse lookup of address @@ -150,20 +168,28 @@ to an appropriate error code and the function returns a \fBNULL\fR pointer. The error codes and their meanings are defined in \fI\fR: -.TP 3n +.PP \fBHOST_NOT_FOUND\fR +.RS 4 No such host is known. -.TP 3n +.RE +.PP \fBNO_ADDRESS\fR +.RS 4 The server recognised the request and the name but no address is available. Another type of request to the name server for the domain might return an answer. -.TP 3n +.RE +.PP \fBTRY_AGAIN\fR +.RS 4 A temporary and possibly transient error occurred, such as a failure of a server to respond. The request may succeed if retried. -.TP 3n +.RE +.PP \fBNO_RECOVERY\fR +.RS 4 An unexpected failure occurred, and retrying the request is pointless. +.RE .PP -\fBlwres_hstrerror\fR(3 ) +\fBlwres_hstrerror\fR(3) translates these error codes to suitable error messages. .SH "SEE ALSO" .PP @@ -174,4 +200,7 @@ translates these error codes to suitable error messages. \fBlwres_getnameinfo\fR(3), \fBlwres_hstrerror\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.html new file mode 100644 index 0000000000..b042795cec --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getipnode.html @@ -0,0 +1,279 @@ + + + + + +lwres_getipnode + + +
+
+
+

Name

+

lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + + + + + + + + + + + + + + + + + + +
+struct hostent * +lwres_getipnodebyname(const char *  +name,
 int   +af,
 int   +flags,
 int *  +error_num);
+ + + + + + + + + + + + + + + + + + + + + +
+struct hostent * +lwres_getipnodebyaddr(const void *  +src,
 size_t   +len,
 int   +af,
 int *  +error_num);
+ + + + +
+void +lwres_freehostent(struct hostent *  +he);
+
+
+
+

DESCRIPTION

+

+ These functions perform thread safe, protocol independent + nodename-to-address and address-to-nodename + translation as defined in RFC2553. +

+

+ They use a + struct hostent + which is defined in + namedb.h: +

+
+struct  hostent {
+        char    *h_name;        /* official name of host */
+        char    **h_aliases;    /* alias list */
+        int     h_addrtype;     /* host address type */
+        int     h_length;       /* length of address */
+        char    **h_addr_list;  /* list of addresses from name server */
+};
+#define h_addr  h_addr_list[0]  /* address, for backward compatibility */
+
+

+

+

+ The members of this structure are: +

+
+
h_name
+

+ The official (canonical) name of the host. +

+
h_aliases
+

+ A NULL-terminated array of alternate names (nicknames) for the + host. +

+
h_addrtype
+

+ The type of address being returned - usually + PF_INET + or + PF_INET6. + +

+
h_length
+

+ The length of the address in bytes. +

+
h_addr_list
+

+ A + NULL + terminated array of network addresses for the host. + Host addresses are returned in network byte order. +

+
+

+

+

lwres_getipnodebyname() + looks up addresses of protocol family af + for the hostname name. The + flags parameter contains ORed flag bits + to specify the types of addresses that are searched for, and the + types of addresses that are returned. The flag bits are: + +

+
+
AI_V4MAPPED
+

+ This is used with an + af + of AF_INET6, and causes IPv4 addresses to be returned as + IPv4-mapped + IPv6 addresses. +

+
AI_ALL
+

+ This is used with an + af + of AF_INET6, and causes all known addresses (IPv6 and IPv4) to + be returned. + If AI_V4MAPPED is also set, the IPv4 addresses are return as + mapped + IPv6 addresses. +

+
AI_ADDRCONFIG
+

+ Only return an IPv6 or IPv4 address if here is an active network + interface of that type. This is not currently implemented + in the BIND 9 lightweight resolver, and the flag is ignored. +

+
AI_DEFAULT
+

+ This default sets the + AI_V4MAPPED + and + AI_ADDRCONFIG + flag bits. +

+
+

+

+

lwres_getipnodebyaddr() + performs a reverse lookup of address src + which is len bytes long. + af denotes the protocol family, typically + PF_INET or PF_INET6. +

+

lwres_freehostent() + releases all the memory associated with the struct + hostent pointer he. Any memory + allocated for the h_name, + h_addr_list and + h_aliases is freed, as is the memory for + the hostent structure itself. +

+
+
+

RETURN VALUES

+

+ If an error occurs, + lwres_getipnodebyname() + and + lwres_getipnodebyaddr() + set + *error_num + to an appropriate error code and the function returns a + NULL + pointer. + The error codes and their meanings are defined in + <lwres/netdb.h>: +

+
+
HOST_NOT_FOUND
+

+ No such host is known. +

+
NO_ADDRESS
+

+ The server recognised the request and the name but no address is + available. Another type of request to the name server for the + domain might return an answer. +

+
TRY_AGAIN
+

+ A temporary and possibly transient error occurred, such as a + failure of a server to respond. The request may succeed if + retried. +

+
NO_RECOVERY
+

+ An unexpected failure occurred, and retrying the request + is pointless. +

+
+

+

+

lwres_hstrerror(3) + translates these error codes to suitable error messages. +

+
+
+

SEE ALSO

+

RFC2553, + + lwres(3), + + lwres_gethostent(3), + + lwres_getaddrinfo(3), + + lwres_getnameinfo(3), + + lwres_hstrerror(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.3 similarity index 81% rename from contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.3 index a9af04be54..6dd2a7bbbe 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getnameinfo.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getnameinfo.3,v 1.15.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_getnameinfo.3,v 1.29.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_getnameinfo .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,7 +36,7 @@ lwres_getnameinfo \- lightweight resolver socket address structure to hostname a #include .fi .HP 22 -.BI "int lwres_getnameinfo(const\ struct\ sockaddr\ *sa, size_t\ salen, char\ *host, size_t\ hostlen, char\ *serv, size_t\ servlen, int\ flags);" +.BI "int lwres_getnameinfo(const\ struct\ sockaddr\ *" "sa" ", size_t\ " "salen" ", char\ *" "host" ", size_t\ " "hostlen" ", char\ *" "serv" ", size_t\ " "servlen" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP This function is equivalent to the @@ -68,21 +68,31 @@ bytes long. The maximum length of the service name is The \fIflags\fR argument sets the following bits: -.TP 3n +.PP \fBNI_NOFQDN\fR +.RS 4 A fully qualified domain name is not required for local hosts. The local part of the fully qualified domain name is returned instead. -.TP 3n +.RE +.PP \fBNI_NUMERICHOST\fR +.RS 4 Return the address in numeric form, as if calling inet_ntop(), instead of a host name. -.TP 3n +.RE +.PP \fBNI_NAMEREQD\fR +.RS 4 A name is required. If the hostname cannot be found in the DNS and this flag is set, a non\-zero error code is returned. If the hostname is not found and the flag is not set, the address is returned in numeric form. -.TP 3n +.RE +.PP \fBNI_NUMERICSERV\fR +.RS 4 The service name is returned as a digit string representing the port number. -.TP 3n +.RE +.PP \fBNI_DGRAM\fR +.RS 4 Specifies that the service being looked up is a datagram service, and causes getservbyport() to be called with a second argument of "udp" instead of its default of "tcp". This is required for the few ports (512\-514) that have different services for UDP and TCP. +.RE .SH "RETURN VALUES" .PP \fBlwres_getnameinfo()\fR @@ -101,4 +111,7 @@ RFC2133 fails to define what the nonzero return values of \fBgetnameinfo\fR(3) are. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.html new file mode 100644 index 0000000000..a564721086 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getnameinfo.html @@ -0,0 +1,176 @@ + + + + + +lwres_getnameinfo + + +
+
+
+

Name

+

lwres_getnameinfo — lightweight resolver socket address structure to hostname and + service name +

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+int +lwres_getnameinfo(const struct sockaddr *  +sa,
 size_t   +salen,
 char *  +host,
 size_t   +hostlen,
 char *  +serv,
 size_t   +servlen,
 int   +flags);
+
+
+
+

DESCRIPTION

+

+ This function is equivalent to the + getnameinfo(3) function defined in RFC2133. + lwres_getnameinfo() returns the + hostname for the + struct sockaddr sa which + is + salen bytes long. The hostname is of + length + hostlen and is returned via + *host. The maximum length of the + hostname is + 1025 bytes: NI_MAXHOST. +

+

The name of the service associated with the port number in + sa is returned in *serv. + It is servlen bytes long. The + maximum length + of the service name is NI_MAXSERV - 32 + bytes. +

+

+ The flags argument sets the + following + bits: +

+
+
NI_NOFQDN
+

+ A fully qualified domain name is not required for local hosts. + The local part of the fully qualified domain name is returned + instead. +

+
NI_NUMERICHOST
+

+ Return the address in numeric form, as if calling inet_ntop(), + instead of a host name. +

+
NI_NAMEREQD
+

+ A name is required. If the hostname cannot be found in the DNS + and + this flag is set, a non-zero error code is returned. + If the hostname is not found and the flag is not set, the + address is returned in numeric form. +

+
NI_NUMERICSERV
+

+ The service name is returned as a digit string representing the + port number. +

+
NI_DGRAM
+

+ Specifies that the service being looked up is a datagram + service, and causes getservbyport() to be called with a second + argument of "udp" instead of its default of "tcp". This is + required + for the few ports (512-514) that have different services for UDP + and + TCP. +

+
+

+

+
+
+

RETURN VALUES

+

lwres_getnameinfo() + returns 0 on success or a non-zero error code if an error occurs. +

+
+
+

SEE ALSO

+

RFC2133, + getservbyport(3), + lwres(3), + lwres_getnameinfo(3), + lwres_getnamebyaddr(3). + lwres_net_ntop(3). +

+
+
+

BUGS

+

+ RFC2133 fails to define what the nonzero return values of + getnameinfo(3) + are. +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.3 similarity index 83% rename from contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.3 index 1aeca283cd..5fb273fe41 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_getrrsetbyname.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_getrrsetbyname.3,v 1.11.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_getrrsetbyname.3,v 1.25.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_getrrsetbyname .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Oct 18, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,18 +36,24 @@ lwres_getrrsetbyname, lwres_freerrset \- retrieve DNS records #include .fi .HP 25 -.BI "int lwres_getrrsetbyname(const\ char\ *hostname, unsigned\ int\ rdclass, unsigned\ int\ rdtype, unsigned\ int\ flags, struct\ rrsetinfo\ **res);" +.BI "int lwres_getrrsetbyname(const\ char\ *" "hostname" ", unsigned\ int\ " "rdclass" ", unsigned\ int\ " "rdtype" ", unsigned\ int\ " "flags" ", struct\ rrsetinfo\ **" "res" ");" .HP 21 -.BI "void lwres_freerrset(struct\ rrsetinfo\ *rrset);" +.BI "void lwres_freerrset(struct\ rrsetinfo\ *" "rrset" ");" .PP The following structures are used: -.sp -.RS 3n +.PP +.RS 4 .nf struct rdatainfo { unsigned int rdi_length; /* length of data */ unsigned char *rdi_data; /* record data */ }; +.fi +.RE +.sp +.PP +.RS 4 +.nf struct rrsetinfo { unsigned int rri_flags; /* RRSET_VALIDATED... */ unsigned int rri_rdclass; /* class number */ @@ -120,24 +126,39 @@ created by a call to .PP \fBlwres_getrrsetbyname()\fR returns zero on success, and one of the following error codes if an error occurred: -.TP 3n +.PP \fBERRSET_NONAME\fR +.RS 4 the name does not exist -.TP 3n +.RE +.PP \fBERRSET_NODATA\fR +.RS 4 the name exists, but does not have data of the desired type -.TP 3n +.RE +.PP \fBERRSET_NOMEMORY\fR +.RS 4 memory could not be allocated -.TP 3n +.RE +.PP \fBERRSET_INVAL\fR +.RS 4 a parameter is invalid -.TP 3n +.RE +.PP \fBERRSET_FAIL\fR +.RS 4 other failure -.TP 3n +.RE +.PP +.RS 4 +.RE .SH "SEE ALSO" .PP \fBlwres\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.html new file mode 100644 index 0000000000..21f6634ac1 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_getrrsetbyname.html @@ -0,0 +1,192 @@ + + + + + +lwres_getrrsetbyname + + +
+
+
+

Name

+

lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+int +lwres_getrrsetbyname(const char *  +hostname,
 unsigned int   +rdclass,
 unsigned int   +rdtype,
 unsigned int   +flags,
 struct rrsetinfo **  +res);
+ + + + +
+void +lwres_freerrset(struct rrsetinfo *  +rrset);
+
+

+ The following structures are used: +

+
+struct  rdatainfo {
+        unsigned int            rdi_length;     /* length of data */
+        unsigned char           *rdi_data;      /* record data */
+};
+
+

+

+
+struct  rrsetinfo {
+        unsigned int            rri_flags;      /* RRSET_VALIDATED... */
+        unsigned int            rri_rdclass;    /* class number */
+        unsigned int            rri_rdtype;     /* RR type number */
+        unsigned int            rri_ttl;        /* time to live */
+        unsigned int            rri_nrdatas;    /* size of rdatas array */
+        unsigned int            rri_nsigs;      /* size of sigs array */
+        char                    *rri_name;      /* canonical name */
+        struct rdatainfo        *rri_rdatas;    /* individual records */
+        struct rdatainfo        *rri_sigs;      /* individual signatures */
+};
+
+

+

+
+
+

DESCRIPTION

+

lwres_getrrsetbyname() + gets a set of resource records associated with a + hostname, class, + and type. + hostname is a pointer a to + null-terminated string. The flags field + is currently unused and must be zero. +

+

+ After a successful call to + lwres_getrrsetbyname(), + *res is a pointer to an + rrsetinfo structure, containing a list of one or + more rdatainfo structures containing resource + records and potentially another list of rdatainfo + structures containing SIG resource records associated with those + records. The members rri_rdclass and + rri_rdtype are copied from the parameters. + rri_ttl and rri_name + are properties of the obtained rrset. The resource records + contained in rri_rdatas and + rri_sigs are in uncompressed DNS wire + format. Properties of the rdataset are represented in the + rri_flags bitfield. If the RRSET_VALIDATED + bit is set, the data has been DNSSEC validated and the + signatures verified. +

+

+ All of the information returned by + lwres_getrrsetbyname() is dynamically + allocated: the rrsetinfo and + rdatainfo structures, and the canonical + host name strings pointed to by the + rrsetinfostructure. + + Memory allocated for the dynamically allocated structures + created by a successful call to + lwres_getrrsetbyname() is released by + lwres_freerrset(). + + rrset is a pointer to a struct + rrset created by a call to + lwres_getrrsetbyname(). +

+

+
+
+

RETURN VALUES

+

lwres_getrrsetbyname() + returns zero on success, and one of the following error codes if + an error occurred: +

+
+
ERRSET_NONAME
+

+ the name does not exist +

+
ERRSET_NODATA
+

+ the name exists, but does not have data of the desired type +

+
ERRSET_NOMEMORY
+

+ memory could not be allocated +

+
ERRSET_INVAL
+

+ a parameter is invalid +

+
ERRSET_FAIL
+

+ other failure +

+
+

+
+

+ +

+
+
+

SEE ALSO

+

lwres(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_gnba.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.3 similarity index 81% rename from contrib/bind-9.3/lib/lwres/man/lwres_gnba.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.3 index dc546d2ab2..9aa4606612 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_gnba.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_gnba.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_gnba.3,v 1.27.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_gnba .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -38,15 +38,15 @@ lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lw .HP 40 .BI "lwres_result_t lwres_gnbarequest_render(lwres_context_t\ *" "ctx" ", lwres_gnbarequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 41 -.BI "lwres_result_t lwres_gnbaresponse_render(lwres_context_t\ *ctx, lwres_gnbaresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" +.BI "lwres_result_t lwres_gnbaresponse_render(lwres_context_t\ *" "ctx" ", lwres_gnbaresponse_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 39 -.BI "lwres_result_t lwres_gnbarequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gnbarequest_t\ **structp);" +.BI "lwres_result_t lwres_gnbarequest_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gnbarequest_t\ **" "structp" ");" .HP 40 -.BI "lwres_result_t lwres_gnbaresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_gnbaresponse_t\ **structp);" +.BI "lwres_result_t lwres_gnbaresponse_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gnbaresponse_t\ **" "structp" ");" .HP 29 -.BI "void lwres_gnbaresponse_free(lwres_context_t\ *ctx, lwres_gnbaresponse_t\ **structp);" +.BI "void lwres_gnbaresponse_free(lwres_context_t\ *" "ctx" ", lwres_gnbaresponse_t\ **" "structp" ");" .HP 28 -.BI "void lwres_gnbarequest_free(lwres_context_t\ *ctx, lwres_gnbarequest_t\ **structp);" +.BI "void lwres_gnbarequest_free(lwres_context_t\ *" "ctx" ", lwres_gnbarequest_t\ **" "structp" ");" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver address\-to\-name lookup request and response messages. @@ -59,14 +59,26 @@ to the canonical format. This is complemented by a parse function which converts .PP These structures are defined in \fIlwres/lwres.h\fR. They are shown below. -.sp -.RS 3n +.PP +.RS 4 .nf #define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct { lwres_uint32_t flags; lwres_addr_t addr; } lwres_gnbarequest_t; +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct { lwres_uint32_t flags; lwres_uint16_t naliases; @@ -165,4 +177,7 @@ indicate that the packet is not a response to an earlier query. .PP \fBlwres_packet\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.html new file mode 100644 index 0000000000..45e5ac31c3 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_gnba.html @@ -0,0 +1,316 @@ + + + + + +lwres_gnba + + +
+
+
+

Name

+

lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling

+
+
+

Synopsis

+
+
+#include <lwres/lwres.h>
+
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gnbarequest_render +(lwres_context_t *  +ctx,
 lwres_gnbarequest_t *  +req,
 lwres_lwpacket_t *  +pkt,
 lwres_buffer_t *  +b);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gnbaresponse_render +(lwres_context_t *  +ctx,
 lwres_gnbaresponse_t *  +req,
 lwres_lwpacket_t *  +pkt,
 lwres_buffer_t *  +b);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gnbarequest_parse(lwres_context_t *  +ctx,
 lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt,
 lwres_gnbarequest_t **  +structp);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_gnbaresponse_parse(lwres_context_t *  +ctx,
 lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt,
 lwres_gnbaresponse_t **  +structp);
+ + + + + + + + + + + +
+void +lwres_gnbaresponse_free +(lwres_context_t *  +ctx,
 lwres_gnbaresponse_t **  +structp);
+ + + + + + + + + + + +
+void +lwres_gnbarequest_free(lwres_context_t *  +ctx,
 lwres_gnbarequest_t **  +structp);
+
+
+
+

DESCRIPTION

+

+ These are low-level routines for creating and parsing + lightweight resolver address-to-name lookup request and + response messages. +

+

+ There are four main functions for the getnamebyaddr opcode. + One render function converts a getnamebyaddr request structure — + lwres_gnbarequest_t — + to the lightweight resolver's canonical format. + It is complemented by a parse function that converts a packet in this + canonical format to a getnamebyaddr request structure. + Another render function converts the getnamebyaddr response structure + — + lwres_gnbaresponse_t + to the canonical format. + This is complemented by a parse function which converts a packet in + canonical format to a getnamebyaddr response structure. +

+

+ These structures are defined in + lwres/lwres.h. + They are shown below. +

+
+#define LWRES_OPCODE_GETNAMEBYADDR      0x00010002U
+
+

+

+
+typedef struct {
+        lwres_uint32_t  flags;
+        lwres_addr_t    addr;
+} lwres_gnbarequest_t;
+
+

+

+
+typedef struct {
+        lwres_uint32_t  flags;
+        lwres_uint16_t  naliases;
+        char           *realname;
+        char          **aliases;
+        lwres_uint16_t  realnamelen;
+        lwres_uint16_t *aliaslen;
+        void           *base;
+        size_t          baselen;
+} lwres_gnbaresponse_t;
+
+

+

+

lwres_gnbarequest_render() + uses resolver context ctx to convert + getnamebyaddr request structure req to + canonical format. The packet header structure + pkt is initialised and transferred to buffer + b. The contents of *req + are then appended to the buffer in canonical format. + lwres_gnbaresponse_render() performs the + same task, except it converts a getnamebyaddr response structure + lwres_gnbaresponse_t to the lightweight resolver's + canonical format. +

+

lwres_gnbarequest_parse() + uses context ctx to convert the contents of + packet pkt to a + lwres_gnbarequest_t structure. Buffer + b provides space to be used for storing this + structure. When the function succeeds, the resulting + lwres_gnbarequest_t is made available through + *structp. + lwres_gnbaresponse_parse() offers the same + semantics as lwres_gnbarequest_parse() + except it yields a lwres_gnbaresponse_t structure. +

+

lwres_gnbaresponse_free() + and lwres_gnbarequest_free() release the + memory in resolver context ctx that was + allocated to the lwres_gnbaresponse_t or + lwres_gnbarequest_t structures referenced via + structp. Any memory associated with + ancillary buffers and strings for those structures is also + discarded. +

+
+
+

RETURN VALUES

+

+ The getnamebyaddr opcode functions + lwres_gnbarequest_render(), + lwres_gnbaresponse_render() + lwres_gnbarequest_parse() + and + lwres_gnbaresponse_parse() + all return + LWRES_R_SUCCESS + on success. + They return + LWRES_R_NOMEMORY + if memory allocation fails. + LWRES_R_UNEXPECTEDEND + is returned if the available space in the buffer + b + is too small to accommodate the packet header or the + lwres_gnbarequest_t + and + lwres_gnbaresponse_t + structures. + lwres_gnbarequest_parse() + and + lwres_gnbaresponse_parse() + will return + LWRES_R_UNEXPECTEDEND + if the buffer is not empty after decoding the received packet. + These functions will return + LWRES_R_FAILURE + if + pktflags + in the packet header structure + lwres_lwpacket_t + indicate that the packet is not a response to an earlier query. +

+
+
+

SEE ALSO

+

lwres_packet(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.3 similarity index 76% rename from contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.3 index d6fc8f5feb..9f6a81b573 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_hstrerror.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_hstrerror.3,v 1.13.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_hstrerror.3,v 1.27.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_hstrerror .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,9 +36,9 @@ lwres_herror, lwres_hstrerror \- lightweight resolver error message generation #include .fi .HP 18 -.BI "void lwres_herror(const\ char\ *s);" +.BI "void lwres_herror(const\ char\ *" "s" ");" .HP 29 -.BI "const char * lwres_hstrerror(int\ err);" +.BI "const char * lwres_hstrerror(int\ " "err" ");" .SH "DESCRIPTION" .PP \fBlwres_herror()\fR @@ -54,21 +54,31 @@ for the error code stored in the global variable \fBlwres_hstrerror()\fR returns an appropriate string for the error code gievn by \fIerr\fR. The values of the error codes and messages are as follows: -.TP 3n +.PP \fBNETDB_SUCCESS\fR +.RS 4 Resolver Error 0 (no error) -.TP 3n +.RE +.PP \fBHOST_NOT_FOUND\fR +.RS 4 Unknown host -.TP 3n +.RE +.PP \fBTRY_AGAIN\fR +.RS 4 Host name lookup failure -.TP 3n +.RE +.PP \fBNO_RECOVERY\fR +.RS 4 Unknown server error -.TP 3n +.RE +.PP \fBNO_DATA\fR +.RS 4 No address associated with name +.RE .SH "RETURN VALUES" .PP The string @@ -83,4 +93,7 @@ is not a valid error code. \fBherror\fR(3), \fBlwres_hstrerror\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.html new file mode 100644 index 0000000000..54ac6cc034 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_hstrerror.html @@ -0,0 +1,104 @@ + + + + + +lwres_hstrerror + + +
+
+
+

Name

+

lwres_herror, lwres_hstrerror — lightweight resolver error message generation

+
+
+

Synopsis

+
+
#include <lwres/netdb.h>
+ + + + +
+void +lwres_herror(const char *  +s);
+ + + + +
+const char * +lwres_hstrerror(int   +err);
+
+
+
+

DESCRIPTION

+

lwres_herror() + prints the string s on + stderr followed by the string generated by + lwres_hstrerror() for the error code stored + in the global variable lwres_h_errno. +

+

lwres_hstrerror() + returns an appropriate string for the error code gievn by + err. The values of the error codes and + messages are as follows: + +

+
+
NETDB_SUCCESS
+

Resolver Error 0 (no error) +

+
HOST_NOT_FOUND
+

Unknown host +

+
TRY_AGAIN
+

Host name lookup failure +

+
NO_RECOVERY
+

Unknown server error +

+
NO_DATA
+

No address associated with name +

+
+

+

+
+
+

RETURN VALUES

+

+ The string Unknown resolver error is returned by + lwres_hstrerror() + when the value of + lwres_h_errno + is not a valid error code. +

+
+
+

SEE ALSO

+

herror(3), + + lwres_hstrerror(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_inetntop.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.3 similarity index 79% rename from contrib/bind-9.3/lib/lwres/man/lwres_inetntop.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.3 index 6395e60099..67c0ba4f64 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_inetntop.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_inetntop.3,v 1.12.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_inetntop.3,v 1.26.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_inetntop .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,7 +36,7 @@ lwres_net_ntop \- lightweight resolver IP address presentation #include .fi .HP 28 -.BI "const char * lwres_net_ntop(int\ af, const\ void\ *src, char\ *dst, size_t\ size);" +.BI "const char * lwres_net_ntop(int\ " "af" ", const\ void\ *" "src" ", char\ *" "dst" ", size_t\ " "size" ");" .SH "DESCRIPTION" .PP \fBlwres_net_ntop()\fR @@ -71,4 +71,7 @@ is not supported. \fBinet_ntop\fR(3), \fBerrno\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.html new file mode 100644 index 0000000000..307093bd9b --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_inetntop.html @@ -0,0 +1,103 @@ + + + + + +lwres_inetntop + + +
+
+
+

Name

+

lwres_net_ntop — lightweight resolver IP address presentation

+
+
+

Synopsis

+
+
#include <lwres/net.h>
+ + + + + + + + + + + + + + + + + + + + + +
+const char * +lwres_net_ntop(int   +af,
 const void *  +src,
 char *  +dst,
 size_t   +size);
+
+
+
+

DESCRIPTION

+

lwres_net_ntop() + converts an IP address of protocol family + af — IPv4 or IPv6 — at + location src from network format to its + conventional representation as a string. For IPv4 addresses, + that string would be a dotted-decimal. An IPv6 address would be + represented in colon notation as described in RFC1884. +

+

+ The generated string is copied to dst + provided + size indicates it is long enough to + store the + ASCII representation of the address. +

+
+
+

RETURN VALUES

+

+ If successful, the function returns dst: + a pointer to a string containing the presentation format of the + address. lwres_net_ntop() returns + NULL and sets the global variable + errno to EAFNOSUPPORT if + the protocol family given in af is + not + supported. +

+
+
+

SEE ALSO

+

RFC1884, + inet_ntop(3), + errno(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_noop.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_noop.3 similarity index 78% rename from contrib/bind-9.3/lib/lwres/man/lwres_noop.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_noop.3 index e32c2f8020..658aaff80d 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_noop.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_noop.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_noop.3,v 1.14.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_noop.3,v 1.28.214.1 2009/07/11 01:43:31 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_noop .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,17 +36,17 @@ lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lw #include .fi .HP 40 -.BI "lwres_result_t lwres_nooprequest_render(lwres_context_t\ *ctx, lwres_nooprequest_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" +.BI "lwres_result_t lwres_nooprequest_render(lwres_context_t\ *" "ctx" ", lwres_nooprequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 41 -.BI "lwres_result_t lwres_noopresponse_render(lwres_context_t\ *ctx, lwres_noopresponse_t\ *req, lwres_lwpacket_t\ *pkt, lwres_buffer_t\ *b);" +.BI "lwres_result_t lwres_noopresponse_render(lwres_context_t\ *" "ctx" ", lwres_noopresponse_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");" .HP 39 -.BI "lwres_result_t lwres_nooprequest_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_nooprequest_t\ **structp);" +.BI "lwres_result_t lwres_nooprequest_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_nooprequest_t\ **" "structp" ");" .HP 40 -.BI "lwres_result_t lwres_noopresponse_parse(lwres_context_t\ *ctx, lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt, lwres_noopresponse_t\ **structp);" +.BI "lwres_result_t lwres_noopresponse_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_noopresponse_t\ **" "structp" ");" .HP 29 -.BI "void lwres_noopresponse_free(lwres_context_t\ *ctx, lwres_noopresponse_t\ **structp);" +.BI "void lwres_noopresponse_free(lwres_context_t\ *" "ctx" ", lwres_noopresponse_t\ **" "structp" ");" .HP 28 -.BI "void lwres_nooprequest_free(lwres_context_t\ *ctx, lwres_nooprequest_t\ **structp);" +.BI "void lwres_nooprequest_free(lwres_context_t\ *" "ctx" ", lwres_nooprequest_t\ **" "structp" ");" .SH "DESCRIPTION" .PP These are low\-level routines for creating and parsing lightweight resolver no\-op request and response messages. @@ -63,14 +63,26 @@ to the canonical format. This is complemented by a parse function which converts .PP These structures are defined in \fIlwres/lwres.h\fR. They are shown below. -.sp -.RS 3n +.PP +.RS 4 .nf #define LWRES_OPCODE_NOOP 0x00000000U +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct { lwres_uint16_t datalength; unsigned char *data; } lwres_nooprequest_t; +.fi +.RE +.sp +.PP +.RS 4 +.nf typedef struct { lwres_uint16_t datalength; unsigned char *data; @@ -78,6 +90,7 @@ typedef struct { .fi .RE .sp +.PP Although the structures have different types, they are identical. This is because the no\-op opcode simply echos whatever data was sent: the response is therefore identical to the request. .PP \fBlwres_nooprequest_render()\fR @@ -162,6 +175,9 @@ in the packet header structure indicate that the packet is not a response to an earlier query. .SH "SEE ALSO" .PP -\fBlwres_packet\fR(3 ) +\fBlwres_packet\fR(3) .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_noop.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_noop.html new file mode 100644 index 0000000000..53ccdf8ebf --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_noop.html @@ -0,0 +1,317 @@ + + + + + +lwres_noop + + +
+
+
+

Name

+

lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling

+
+
+

Synopsis

+
+
+#include <lwres/lwres.h>
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_nooprequest_render(lwres_context_t *  +ctx,
 lwres_nooprequest_t *  +req,
 lwres_lwpacket_t *  +pkt,
 lwres_buffer_t *  +b);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_noopresponse_render(lwres_context_t *  +ctx,
 lwres_noopresponse_t *  +req,
 lwres_lwpacket_t *  +pkt,
 lwres_buffer_t *  +b);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_nooprequest_parse(lwres_context_t *  +ctx,
 lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt,
 lwres_nooprequest_t **  +structp);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_noopresponse_parse(lwres_context_t *  +ctx,
 lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt,
 lwres_noopresponse_t **  +structp);
+ + + + + + + + + + + +
+void +lwres_noopresponse_free(lwres_context_t *  +ctx,
 lwres_noopresponse_t **  +structp);
+ + + + + + + + + + + +
+void +lwres_nooprequest_free(lwres_context_t *  +ctx,
 lwres_nooprequest_t **  +structp);
+
+
+
+

DESCRIPTION

+

+ These are low-level routines for creating and parsing + lightweight resolver no-op request and response messages. +

+

+ The no-op message is analogous to a ping + packet: + a packet is sent to the resolver daemon and is simply echoed back. + The opcode is intended to allow a client to determine if the server is + operational or not. +

+

+ There are four main functions for the no-op opcode. + One render function converts a no-op request structure — + lwres_nooprequest_t — + to the lighweight resolver's canonical format. + It is complemented by a parse function that converts a packet in this + canonical format to a no-op request structure. + Another render function converts the no-op response structure — + lwres_noopresponse_t + to the canonical format. + This is complemented by a parse function which converts a packet in + canonical format to a no-op response structure. +

+

+ These structures are defined in + lwres/lwres.h. + + They are shown below. +

+
+#define LWRES_OPCODE_NOOP       0x00000000U
+
+

+

+
+typedef struct {
+        lwres_uint16_t  datalength;
+        unsigned char   *data;
+} lwres_nooprequest_t;
+
+

+

+
+typedef struct {
+        lwres_uint16_t  datalength;
+        unsigned char   *data;
+} lwres_noopresponse_t;
+
+

+

+

+ Although the structures have different types, they are identical. + This is because the no-op opcode simply echos whatever data was sent: + the response is therefore identical to the request. +

+

lwres_nooprequest_render() + uses resolver context ctx to convert + no-op request structure req to canonical + format. The packet header structure pkt + is initialised and transferred to buffer + b. The contents of + *req are then appended to the buffer in + canonical format. + lwres_noopresponse_render() performs the + same task, except it converts a no-op response structure + lwres_noopresponse_t to the lightweight resolver's + canonical format. +

+

lwres_nooprequest_parse() + uses context ctx to convert the contents + of packet pkt to a + lwres_nooprequest_t structure. Buffer + b provides space to be used for storing + this structure. When the function succeeds, the resulting + lwres_nooprequest_t is made available through + *structp. + lwres_noopresponse_parse() offers the same + semantics as lwres_nooprequest_parse() + except it yields a lwres_noopresponse_t structure. +

+

lwres_noopresponse_free() + and lwres_nooprequest_free() release the + memory in resolver context ctx that was + allocated to the lwres_noopresponse_t or + lwres_nooprequest_t structures referenced via + structp. +

+
+
+

RETURN VALUES

+

+ The no-op opcode functions + lwres_nooprequest_render(), + + lwres_noopresponse_render() + lwres_nooprequest_parse() + and + lwres_noopresponse_parse() + all return + LWRES_R_SUCCESS + on success. + They return + LWRES_R_NOMEMORY + if memory allocation fails. + LWRES_R_UNEXPECTEDEND + is returned if the available space in the buffer + b + is too small to accommodate the packet header or the + lwres_nooprequest_t + and + lwres_noopresponse_t + structures. + lwres_nooprequest_parse() + and + lwres_noopresponse_parse() + will return + LWRES_R_UNEXPECTEDEND + if the buffer is not empty after decoding the received packet. + These functions will return + LWRES_R_FAILURE + if + pktflags + in the packet header structure + lwres_lwpacket_t + indicate that the packet is not a response to an earlier query. +

+
+
+

SEE ALSO

+

lwres_packet(3) +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_packet.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_packet.3 similarity index 88% rename from contrib/bind-9.3/lib/lwres/man/lwres_packet.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_packet.3 index 35a8f10ca8..86c25cc587 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_packet.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_packet.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_packet.3,v 1.15.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_packet.3,v 1.29.214.1 2009/07/11 01:43:32 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_packet .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,19 +36,25 @@ lwres_lwpacket_renderheader, lwres_lwpacket_parseheader \- lightweight resolver #include .fi .HP 43 -.BI "lwres_result_t lwres_lwpacket_renderheader(lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt);" +.BI "lwres_result_t lwres_lwpacket_renderheader(lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ");" .HP 42 -.BI "lwres_result_t lwres_lwpacket_parseheader(lwres_buffer_t\ *b, lwres_lwpacket_t\ *pkt);" +.BI "lwres_result_t lwres_lwpacket_parseheader(lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ");" .SH "DESCRIPTION" .PP These functions rely on a \fBstruct lwres_lwpacket\fR which is defined in \fIlwres/lwpacket.h\fR. -.sp -.RS 3n +.PP +.RS 4 .nf typedef struct lwres_lwpacket lwres_lwpacket_t; +.fi +.RE +.sp +.PP +.RS 4 +.nf struct lwres_lwpacket { lwres_uint32_t length; lwres_uint16_t version; @@ -65,45 +71,69 @@ struct lwres_lwpacket { .sp .PP The elements of this structure are: -.TP 3n +.PP \fBlength\fR +.RS 4 the overall packet length, including the entire packet header. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP 3n +.RE +.PP \fBversion\fR +.RS 4 the header format. There is currently only one format, \fBLWRES_LWPACKETVERSION_0\fR. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP 3n +.RE +.PP \fBpktflags\fR +.RS 4 library\-defined flags for this packet: for instance whether the packet is a request or a reply. Flag values can be set, but not defined by the caller. This field is filled in by the application wit the exception of the LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the lwres_gabn_*() and lwres_gnba_*() calls. -.TP 3n +.RE +.PP \fBserial\fR +.RS 4 is set by the requestor and is returned in all replies. If two or more packets from the same source have the same serial number and are from the same source, they are assumed to be duplicates and the latter ones may be dropped. This field must be set by the application. -.TP 3n +.RE +.PP \fBopcode\fR +.RS 4 indicates the operation. Opcodes between 0x00000000 and 0x03ffffff are reserved for use by the lightweight resolver library. Opcodes between 0x04000000 and 0xffffffff are application defined. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP 3n +.RE +.PP \fBresult\fR +.RS 4 is only valid for replies. Results between 0x04000000 and 0xffffffff are application defined. Results between 0x00000000 and 0x03ffffff are reserved for library use. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls. -.TP 3n +.RE +.PP \fBrecvlength\fR +.RS 4 is the maximum buffer size that the receiver can handle on requests and the size of the buffer needed to satisfy a request when the buffer is too large for replies. This field is supplied by the application. -.TP 3n +.RE +.PP \fBauthtype\fR +.RS 4 defines the packet level authentication that is used. Authorisation types between 0x1000 and 0xffff are application defined and types between 0x0000 and 0x0fff are reserved for library use. Currently these are not used and must be zero. -.TP 3n +.RE +.PP \fBauthlen\fR +.RS 4 gives the length of the authentication data. Since packet authentication is currently not used, this must be zero. +.RE .PP The following opcodes are currently defined: -.TP 3n +.PP \fBNOOP\fR +.RS 4 Success is always returned and the packet contents are echoed. The lwres_noop_*() functions should be used for this type. -.TP 3n +.RE +.PP \fBGETADDRSBYNAME\fR +.RS 4 returns all known addresses for a given name. The lwres_gabn_*() functions should be used for this type. -.TP 3n +.RE +.PP \fBGETNAMEBYADDR\fR +.RS 4 return the hostname for the given address. The lwres_gnba_*() functions should be used for this type. +.RE .PP \fBlwres_lwpacket_renderheader()\fR transfers the contents of lightweight resolver packet structure @@ -134,4 +164,7 @@ and lightweight resolver packet both functions return \fBLWRES_R_UNEXPECTEDEND\fR. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_packet.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_packet.html new file mode 100644 index 0000000000..ed5ff818a9 --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_packet.html @@ -0,0 +1,235 @@ + + + + + +lwres_packet + + +
+
+
+

Name

+

lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions

+
+
+

Synopsis

+
+
#include <lwres/lwpacket.h>
+ + + + + + + + + + + +
+lwres_result_t +lwres_lwpacket_renderheader(lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt);
+ + + + + + + + + + + +
+lwres_result_t +lwres_lwpacket_parseheader(lwres_buffer_t *  +b,
 lwres_lwpacket_t *  +pkt);
+
+
+
+

DESCRIPTION

+

+ These functions rely on a + struct lwres_lwpacket + which is defined in + lwres/lwpacket.h. +

+
+typedef struct lwres_lwpacket lwres_lwpacket_t;
+
+

+

+
+struct lwres_lwpacket {
+        lwres_uint32_t          length;
+        lwres_uint16_t          version;
+        lwres_uint16_t          pktflags;
+        lwres_uint32_t          serial;
+        lwres_uint32_t          opcode;
+        lwres_uint32_t          result;
+        lwres_uint32_t          recvlength;
+        lwres_uint16_t          authtype;
+        lwres_uint16_t          authlength;
+};
+
+

+

+

+ The elements of this structure are: +

+
+
length
+

+ the overall packet length, including the entire packet header. + This field is filled in by the lwres_gabn_*() and lwres_gnba_*() + calls. +

+
version
+

+ the header format. There is currently only one format, + LWRES_LWPACKETVERSION_0. + + This field is filled in by the lwres_gabn_*() and lwres_gnba_*() + calls. +

+
pktflags
+

+ library-defined flags for this packet: for instance whether the + packet + is a request or a reply. Flag values can be set, but not defined + by + the caller. + This field is filled in by the application wit the exception of + the + LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in + the + lwres_gabn_*() and lwres_gnba_*() calls. +

+
serial
+

+ is set by the requestor and is returned in all replies. If two + or more + packets from the same source have the same serial number and are + from + the same source, they are assumed to be duplicates and the + latter ones + may be dropped. + This field must be set by the application. +

+
opcode
+

+ indicates the operation. + Opcodes between 0x00000000 and 0x03ffffff are + reserved for use by the lightweight resolver library. Opcodes + between + 0x04000000 and 0xffffffff are application defined. + This field is filled in by the lwres_gabn_*() and lwres_gnba_*() + calls. +

+
result
+

+ is only valid for replies. + Results between 0x04000000 and 0xffffffff are application + defined. + Results between 0x00000000 and 0x03ffffff are reserved for + library use. + This field is filled in by the lwres_gabn_*() and lwres_gnba_*() + calls. +

+
recvlength
+

+ is the maximum buffer size that the receiver can handle on + requests + and the size of the buffer needed to satisfy a request when the + buffer + is too large for replies. + This field is supplied by the application. +

+
authtype
+

+ defines the packet level authentication that is used. + Authorisation types between 0x1000 and 0xffff are application + defined + and types between 0x0000 and 0x0fff are reserved for library + use. + Currently these are not used and must be zero. +

+
authlen
+

+ gives the length of the authentication data. + Since packet authentication is currently not used, this must be + zero. +

+
+

+

+

+ The following opcodes are currently defined: +

+
+
NOOP
+

+ Success is always returned and the packet contents are echoed. + The lwres_noop_*() functions should be used for this type. +

+
GETADDRSBYNAME
+

+ returns all known addresses for a given name. + The lwres_gabn_*() functions should be used for this type. +

+
GETNAMEBYADDR
+

+ return the hostname for the given address. + The lwres_gnba_*() functions should be used for this type. +

+
+

+

+

lwres_lwpacket_renderheader() + transfers the contents of lightweight resolver packet structure + lwres_lwpacket_t *pkt in + network byte order to the lightweight resolver buffer, + *b. +

+

lwres_lwpacket_parseheader() + performs the converse operation. It transfers data in network + byte order from buffer *b to resolver + packet *pkt. The contents of the buffer + b should correspond to a + lwres_lwpacket_t. +

+
+
+

RETURN VALUES

+

+ Successful calls to + lwres_lwpacket_renderheader() and + lwres_lwpacket_parseheader() return + LWRES_R_SUCCESS. If there is insufficient + space to copy data between the buffer *b and + lightweight resolver packet *pkt both + functions + return LWRES_R_UNEXPECTEDEND. +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/man/lwres_resutil.3 b/contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.3 similarity index 81% rename from contrib/bind-9.3/lib/lwres/man/lwres_resutil.3 rename to contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.3 index 907706c424..bd12191ff3 100644 --- a/contrib/bind-9.3/lib/lwres/man/lwres_resutil.3 +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.3 @@ -1,7 +1,7 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Permission to use, copy, modify, and distribute this software for any +.\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwres_resutil.3,v 1.14.2.1.8.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: lwres_resutil.3,v 1.28.214.1 2009/07/11 01:43:30 tbox Exp $ .\" .hy 0 .ad l .\" Title: lwres_resutil .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 +.\" Generator: DocBook XSL Stylesheets v1.71.1 .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -36,13 +36,13 @@ lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr #include .fi .HP 34 -.BI "lwres_result_t lwres_string_parse(lwres_buffer_t\ *b, char\ **c, lwres_uint16_t\ *len);" +.BI "lwres_result_t lwres_string_parse(lwres_buffer_t\ *" "b" ", char\ **" "c" ", lwres_uint16_t\ *" "len" ");" .HP 32 -.BI "lwres_result_t lwres_addr_parse(lwres_buffer_t\ *b, lwres_addr_t\ *addr);" +.BI "lwres_result_t lwres_addr_parse(lwres_buffer_t\ *" "b" ", lwres_addr_t\ *" "addr" ");" .HP 36 -.BI "lwres_result_t lwres_getaddrsbyname(lwres_context_t\ *ctx, const\ char\ *name, lwres_uint32_t\ addrtypes, lwres_gabnresponse_t\ **structp);" +.BI "lwres_result_t lwres_getaddrsbyname(lwres_context_t\ *" "ctx" ", const\ char\ *" "name" ", lwres_uint32_t\ " "addrtypes" ", lwres_gabnresponse_t\ **" "structp" ");" .HP 35 -.BI "lwres_result_t lwres_getnamebyaddr(lwres_context_t\ *ctx, lwres_uint32_t\ addrtype, lwres_uint16_t\ addrlen, const\ unsigned\ char\ *addr, lwres_gnbaresponse_t\ **structp);" +.BI "lwres_result_t lwres_getnamebyaddr(lwres_context_t\ *" "ctx" ", lwres_uint32_t\ " "addrtype" ", lwres_uint16_t\ " "addrlen" ", const\ unsigned\ char\ *" "addr" ", lwres_gnbaresponse_t\ **" "structp" ");" .SH "DESCRIPTION" .PP \fBlwres_string_parse()\fR @@ -73,8 +73,8 @@ and use the \fBlwres_gnbaresponse_t\fR structure defined below: -.sp -.RS 3n +.PP +.RS 4 .nf typedef struct { lwres_uint32_t flags; @@ -90,9 +90,9 @@ typedef struct { } lwres_gabnresponse_t; .fi .RE -.sp +.PP The contents of this structure are not manipulated directly but they are controlled through the -\fBlwres_gabn\fR(3 ) +\fBlwres_gabn\fR(3) functions. .PP The lightweight resolver uses @@ -164,4 +164,7 @@ if the buffers used for sending queries and receiving replies are too small. \fBlwres_buffer\fR(3), \fBlwres_gabn\fR(3). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.html b/contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.html new file mode 100644 index 0000000000..df58af7d5b --- /dev/null +++ b/contrib/bind-9.5.2/lib/lwres/man/lwres_resutil.html @@ -0,0 +1,258 @@ + + + + + +lwres_resutil + + +
+
+
+

Name

+

lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions

+
+
+

Synopsis

+
+
#include <lwres/lwres.h>
+ + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_string_parse(lwres_buffer_t *  +b,
 char **  +c,
 lwres_uint16_t *  +len);
+ + + + + + + + + + + +
+lwres_result_t +lwres_addr_parse(lwres_buffer_t *  +b,
 lwres_addr_t *  +addr);
+ + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_getaddrsbyname(lwres_context_t *  +ctx,
 const char *  +name,
 lwres_uint32_t   +addrtypes,
 lwres_gabnresponse_t **  +structp);
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+lwres_result_t +lwres_getnamebyaddr(lwres_context_t *  +ctx,
 lwres_uint32_t   +addrtype,
 lwres_uint16_t   +addrlen,
 const unsigned char *  +addr,
 lwres_gnbaresponse_t **  +structp);
+
+
+
+

DESCRIPTION

+

lwres_string_parse() + retrieves a DNS-encoded string starting the current pointer of + lightweight resolver buffer b: i.e. + b->current. When the function returns, + the address of the first byte of the encoded string is returned + via *c and the length of that string is + given by *len. The buffer's current + pointer is advanced to point at the character following the + string length, the encoded string, and the trailing + NULL character. +

+

lwres_addr_parse() + extracts an address from the buffer b. + The buffer's current pointer b->current + is presumed to point at an encoded address: the address preceded + by a 32-bit protocol family identifier and a 16-bit length + field. The encoded address is copied to + addr->address and + addr->length indicates the size in bytes + of the address that was copied. + b->current is advanced to point at the + next byte of available data in the buffer following the encoded + address. +

+

lwres_getaddrsbyname() + and lwres_getnamebyaddr() use the + lwres_gnbaresponse_t structure defined below: +

+
+typedef struct {
+        lwres_uint32_t          flags;
+        lwres_uint16_t          naliases;
+        lwres_uint16_t          naddrs;
+        char                   *realname;
+        char                  **aliases;
+        lwres_uint16_t          realnamelen;
+        lwres_uint16_t         *aliaslen;
+        lwres_addrlist_t        addrs;
+        void                   *base;
+        size_t                  baselen;
+} lwres_gabnresponse_t;
+
+

+ The contents of this structure are not manipulated directly but + they are controlled through the + lwres_gabn(3) + functions. +

+

+ The lightweight resolver uses + lwres_getaddrsbyname() to perform + foward lookups. + Hostname name is looked up using the + resolver + context ctx for memory allocation. + addrtypes is a bitmask indicating + which type of + addresses are to be looked up. Current values for this bitmask are + LWRES_ADDRTYPE_V4 for IPv4 addresses and + LWRES_ADDRTYPE_V6 for IPv6 addresses. Results of the + lookup are returned in *structp. +

+

lwres_getnamebyaddr() + performs reverse lookups. Resolver context + ctx is used for memory allocation. The + address type is indicated by addrtype: + LWRES_ADDRTYPE_V4 or + LWRES_ADDRTYPE_V6. The address to be looked up is + given by addr and its length is + addrlen bytes. The result of the + function call is made available through + *structp. +

+
+
+

RETURN VALUES

+

+ Successful calls to + lwres_string_parse() + and + lwres_addr_parse() + return + LWRES_R_SUCCESS. + Both functions return + LWRES_R_FAILURE + if the buffer is corrupt or + LWRES_R_UNEXPECTEDEND + if the buffer has less space than expected for the components of the + encoded string or address. +

+

lwres_getaddrsbyname() + returns LWRES_R_SUCCESS on success and it + returns LWRES_R_NOTFOUND if the hostname + name could not be found. +

+

LWRES_R_SUCCESS + is returned by a successful call to + lwres_getnamebyaddr(). +

+

+ Both + lwres_getaddrsbyname() + and + lwres_getnamebyaddr() + return + LWRES_R_NOMEMORY + when memory allocation requests fail and + LWRES_R_UNEXPECTEDEND + if the buffers used for sending queries and receiving replies are too + small. +

+
+
+

SEE ALSO

+

lwres_buffer(3), + + lwres_gabn(3). +

+
+
+ diff --git a/contrib/bind-9.3/lib/lwres/print.c b/contrib/bind-9.5.2/lib/lwres/print.c similarity index 98% rename from contrib/bind-9.3/lib/lwres/print.c rename to contrib/bind-9.5.2/lib/lwres/print.c index 15522284e5..5245d29cb3 100644 --- a/contrib/bind-9.3/lib/lwres/print.c +++ b/contrib/bind-9.5.2/lib/lwres/print.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print.c,v 1.2.4.7 2005/10/14 01:38:51 marka Exp $ */ +/* $Id: print.c,v 1.10 2007/06/19 23:47:22 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/lwres/print_p.h b/contrib/bind-9.5.2/lib/lwres/print_p.h similarity index 91% rename from contrib/bind-9.3/lib/lwres/print_p.h rename to contrib/bind-9.5.2/lib/lwres/print_p.h index 4e27e5519d..c22b44a18e 100644 --- a/contrib/bind-9.3/lib/lwres/print_p.h +++ b/contrib/bind-9.5.2/lib/lwres/print_p.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print_p.h,v 1.2.4.1 2004/08/28 06:25:25 marka Exp $ */ +/* $Id: print_p.h,v 1.4 2007/06/19 23:47:22 tbox Exp $ */ #ifndef LWRES_PRINT_P_H #define LWRES_PRINT_P_H 1 diff --git a/contrib/bind-9.3/lib/lwres/strtoul.c b/contrib/bind-9.5.2/lib/lwres/strtoul.c similarity index 95% rename from contrib/bind-9.3/lib/lwres/strtoul.c rename to contrib/bind-9.5.2/lib/lwres/strtoul.c index 9cda194772..f16896c1dc 100644 --- a/contrib/bind-9.3/lib/lwres/strtoul.c +++ b/contrib/bind-9.5.2/lib/lwres/strtoul.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -53,7 +53,7 @@ static char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ -/* $Id: strtoul.c,v 1.2.4.1 2005/06/08 02:08:31 marka Exp $ */ +/* $Id: strtoul.c,v 1.4 2007/06/19 23:47:22 tbox Exp $ */ #include diff --git a/contrib/bind-9.3/lib/lwres/unix/include/lwres/net.h b/contrib/bind-9.5.2/lib/lwres/unix/include/lwres/net.h similarity index 84% rename from contrib/bind-9.3/lib/lwres/unix/include/lwres/net.h rename to contrib/bind-9.5.2/lib/lwres/unix/include/lwres/net.h index b214de6b1e..0b16178c28 100644 --- a/contrib/bind-9.3/lib/lwres/unix/include/lwres/net.h +++ b/contrib/bind-9.5.2/lib/lwres/unix/include/lwres/net.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: net.h,v 1.3.12.3 2004/03/08 09:05:12 marka Exp $ */ +/* $Id: net.h,v 1.9 2007/06/19 23:47:23 tbox Exp $ */ #ifndef LWRES_NET_H #define LWRES_NET_H 1 @@ -24,17 +24,15 @@ ***** Module Info *****/ -/* - * Basic Networking Types - * +/*! \file net.h * This module is responsible for defining the following basic networking * types: * - * struct in_addr - * struct in6_addr - * struct sockaddr - * struct sockaddr_in - * struct sockaddr_in6 + *\li struct in_addr + *\li struct in6_addr + *\li struct sockaddr + *\li struct sockaddr_in + *\li struct sockaddr_in6 * * It ensures that the AF_ and PF_ macros are defined. * @@ -42,7 +40,7 @@ * * It declares lwres_net_aton(), lwres_net_ntop(), and lwres_net_pton(). * - * It ensures that INADDR_LOOPBACK, INADDR_ANY and IN6ADDR_ANY_INIT + * It ensures that #INADDR_LOOPBACK, #INADDR_ANY and #IN6ADDR_ANY_INIT * are defined. */ @@ -79,7 +77,7 @@ #define in6_addr in_addr6 /* Required for pre RFC2133 implementations. */ #endif -/* +/*! * Required for some pre RFC2133 implementations. * IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT were added in * draft-ietf-ipngwg-bsd-api-04.txt or draft-ietf-ipngwg-bsd-api-05.txt. @@ -94,6 +92,9 @@ #endif #endif +/*! + * Initialize address loopback. See IN6ADDR_ANY_INIT + */ #ifndef IN6ADDR_LOOPBACK_INIT #ifdef s6_addr #define IN6ADDR_LOOPBACK_INIT { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } } } @@ -102,14 +103,18 @@ #endif #endif +/*% Used by AI_ALL */ #ifndef AF_INET6 #define AF_INET6 99 #endif + +/*% Used to return IPV6 address types. */ #ifndef PF_INET6 #define PF_INET6 AF_INET6 #endif +/*% inaddr Loopback */ #ifndef INADDR_LOOPBACK #define INADDR_LOOPBACK 0x7f000001UL #endif diff --git a/contrib/bind-9.3/lib/lwres/version.c b/contrib/bind-9.5.2/lib/lwres/version.c similarity index 80% rename from contrib/bind-9.3/lib/lwres/version.c rename to contrib/bind-9.5.2/lib/lwres/version.c index ac3e6c8089..cc52c51003 100644 --- a/contrib/bind-9.3/lib/lwres/version.c +++ b/contrib/bind-9.5.2/lib/lwres/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.6.12.3 2004/03/08 09:05:11 marka Exp $ */ +/* $Id: version.c,v 1.12 2007/06/19 23:47:22 tbox Exp $ */ + +/*! \file */ #include diff --git a/contrib/bind-9.5.2/version b/contrib/bind-9.5.2/version new file mode 100644 index 0000000000..a54a9d8d11 --- /dev/null +++ b/contrib/bind-9.5.2/version @@ -0,0 +1,10 @@ +# $Id: version,v 1.39.18.13 2009/09/21 01:51:10 marka Exp $ +# +# This file must follow /bin/sh rules. It is imported directly via +# configure. +# +MAJORVER=9 +MINORVER=5 +PATCHVER=2 +RELEASETYPE= +RELEASEVER= diff --git a/include/osreldate.h b/include/osreldate.h new file mode 100644 index 0000000000..8a215f73c5 --- /dev/null +++ b/include/osreldate.h @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2009 The DragonFly Project + * All rights reserved. + * + */ + +#ifdef _KERNEL +#error "osreldate.h must not be used in the kernel, use sys/param.h" +#else +#undef __DragonFly_version +#define __DragonFly_version 200500 +#ifdef __FreeBSD__ +#undef __FreeBSD_version +#define __FreeBSD_version 480101 +#endif +#endif diff --git a/include/rpc/rpcb_prot.h b/include/rpc/rpcb_prot.h new file mode 100644 index 0000000000..9c318188fa --- /dev/null +++ b/include/rpc/rpcb_prot.h @@ -0,0 +1,577 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _RPCB_PROT_H_RPCGEN +#define _RPCB_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * $FreeBSD: src/include/rpc/rpcb_prot.x,v 1.3 2002/03/13 10:29:06 obrien Exp $ + * + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + */ +/* + * Copyright (c) 1988 by Sun Microsystems, Inc. + */ +/* from rpcb_prot.x */ + +/* #pragma ident "@(#)rpcb_prot.x 1.5 94/04/29 SMI" */ + +#ifndef _KERNEL + + +/* + * The following procedures are supported by the protocol in version 3: + * + * RPCBPROC_NULL() returns () + * takes nothing, returns nothing + * + * RPCBPROC_SET(rpcb) returns (bool_t) + * TRUE is success, FALSE is failure. Registers the tuple + * [prog, vers, address, owner, netid]. + * Finds out owner and netid information on its own. + * + * RPCBPROC_UNSET(rpcb) returns (bool_t) + * TRUE is success, FALSE is failure. Un-registers tuple + * [prog, vers, netid]. addresses is ignored. + * If netid is NULL, unregister all. + * + * RPCBPROC_GETADDR(rpcb) returns (string). + * 0 is failure. Otherwise returns the universal address where the + * triple [prog, vers, netid] is registered. Ignore address and owner. + * + * RPCBPROC_DUMP() RETURNS (rpcblist_ptr) + * used to dump the entire rpcbind maps + * + * RPCBPROC_CALLIT(rpcb_rmtcallargs) + * RETURNS (rpcb_rmtcallres); + * Calls the procedure on the remote machine. If it is not registered, + * this procedure is quiet; i.e. it does not return error information!!! + * This routine only passes null authentication parameters. + * It has no interface to xdr routines for RPCBPROC_CALLIT. + * + * RPCBPROC_GETTIME() returns (int). + * Gets the remote machines time + * + * RPCBPROC_UADDR2TADDR(strint) RETURNS (struct netbuf) + * Returns the netbuf address from universal address. + * + * RPCBPROC_TADDR2UADDR(struct netbuf) RETURNS (string) + * Returns the universal address from netbuf address. + * + * END OF RPCBIND VERSION 3 PROCEDURES + */ +/* + * Except for RPCBPROC_CALLIT, the procedures above are carried over to + * rpcbind version 4. Those below are added or modified for version 4. + * NOTE: RPCBPROC_BCAST HAS THE SAME FUNCTIONALITY AND PROCEDURE NUMBER + * AS RPCBPROC_CALLIT. + * + * RPCBPROC_BCAST(rpcb_rmtcallargs) + * RETURNS (rpcb_rmtcallres); + * Calls the procedure on the remote machine. If it is not registered, + * this procedure IS quiet; i.e. it DOES NOT return error information!!! + * This routine should be used for broadcasting and nothing else. + * + * RPCBPROC_GETVERSADDR(rpcb) returns (string). + * 0 is failure. Otherwise returns the universal address where the + * triple [prog, vers, netid] is registered. Ignore address and owner. + * Same as RPCBPROC_GETADDR except that if the given version number + * is not available, the address is not returned. + * + * RPCBPROC_INDIRECT(rpcb_rmtcallargs) + * RETURNS (rpcb_rmtcallres); + * Calls the procedure on the remote machine. If it is not registered, + * this procedure is NOT quiet; i.e. it DOES return error information!!! + * as any normal application would expect. + * + * RPCBPROC_GETADDRLIST(rpcb) returns (rpcb_entry_list_ptr). + * Same as RPCBPROC_GETADDR except that it returns a list of all the + * addresses registered for the combination (prog, vers) (for all + * transports). + * + * RPCBPROC_GETSTAT(void) returns (rpcb_stat_byvers) + * Returns the statistics about the kind of requests received by rpcbind. + */ + +/* + * A mapping of (program, version, network ID) to address + */ + +struct rpcb { + rpcprog_t r_prog; + rpcvers_t r_vers; + char *r_netid; + char *r_addr; + char *r_owner; +}; +typedef struct rpcb rpcb; + +typedef rpcb RPCB; + + +/* + * A list of mappings + * + * Below are two definitions for the rpcblist structure. This is done because + * xdr_rpcblist() is specified to take a struct rpcblist **, rather than a + * struct rpcblist * that rpcgen would produce. One version of the rpcblist + * structure (actually called rp__list) is used with rpcgen, and the other is + * defined only in the header file for compatibility with the specified + * interface. + */ + +struct rp__list { + rpcb rpcb_map; + struct rp__list *rpcb_next; +}; +typedef struct rp__list rp__list; + +typedef rp__list *rpcblist_ptr; + +typedef struct rp__list rpcblist; +typedef struct rp__list RPCBLIST; + +#ifndef __cplusplus +struct rpcblist { + RPCB rpcb_map; + struct rpcblist *rpcb_next; +}; +#endif + +#ifdef __cplusplus +extern "C" { +#endif +extern bool_t xdr_rpcblist(XDR *, rpcblist**); +#ifdef __cplusplus +} +#endif + + +/* + * Arguments of remote calls + */ + +struct rpcb_rmtcallargs { + rpcprog_t prog; + rpcvers_t vers; + rpcproc_t proc; + struct { + u_int args_len; + char *args_val; + } args; +}; +typedef struct rpcb_rmtcallargs rpcb_rmtcallargs; + +/* + * Client-side only representation of rpcb_rmtcallargs structure. + * + * The routine that XDRs the rpcb_rmtcallargs structure must deal with the + * opaque arguments in the "args" structure. xdr_rpcb_rmtcallargs() needs to + * be passed the XDR routine that knows the args' structure. This routine + * doesn't need to go over-the-wire (and it wouldn't make sense anyway) since + * the application being called already knows the args structure. So we use a + * different "XDR" structure on the client side, r_rpcb_rmtcallargs, which + * includes the args' XDR routine. + */ +struct r_rpcb_rmtcallargs { + rpcprog_t prog; + rpcvers_t vers; + rpcproc_t proc; + struct { + u_int args_len; + char *args_val; + } args; + xdrproc_t xdr_args; /* encodes args */ +}; + + +/* + * Results of the remote call + */ + +struct rpcb_rmtcallres { + char *addr; + struct { + u_int results_len; + char *results_val; + } results; +}; +typedef struct rpcb_rmtcallres rpcb_rmtcallres; + +/* + * Client-side only representation of rpcb_rmtcallres structure. + */ +struct r_rpcb_rmtcallres { + char *addr; + struct { + u_int32_t results_len; + char *results_val; + } results; + xdrproc_t xdr_res; /* decodes results */ +}; + +/* + * rpcb_entry contains a merged address of a service on a particular + * transport, plus associated netconfig information. A list of rpcb_entrys + * is returned by RPCBPROC_GETADDRLIST. See netconfig.h for values used + * in r_nc_* fields. + */ + +struct rpcb_entry { + char *r_maddr; + char *r_nc_netid; + u_int r_nc_semantics; + char *r_nc_protofmly; + char *r_nc_proto; +}; +typedef struct rpcb_entry rpcb_entry; + +/* + * A list of addresses supported by a service. + */ + +struct rpcb_entry_list { + rpcb_entry rpcb_entry_map; + struct rpcb_entry_list *rpcb_entry_next; +}; +typedef struct rpcb_entry_list rpcb_entry_list; + +typedef rpcb_entry_list *rpcb_entry_list_ptr; + +/* + * rpcbind statistics + */ + +#define rpcb_highproc_2 RPCBPROC_CALLIT +#define rpcb_highproc_3 RPCBPROC_TADDR2UADDR +#define rpcb_highproc_4 RPCBPROC_GETSTAT +#define RPCBSTAT_HIGHPROC 13 +#define RPCBVERS_STAT 3 +#define RPCBVERS_4_STAT 2 +#define RPCBVERS_3_STAT 1 +#define RPCBVERS_2_STAT 0 + +/* Link list of all the stats about getport and getaddr */ + +struct rpcbs_addrlist { + rpcprog_t prog; + rpcvers_t vers; + int success; + int failure; + char *netid; + struct rpcbs_addrlist *next; +}; +typedef struct rpcbs_addrlist rpcbs_addrlist; + +/* Link list of all the stats about rmtcall */ + +struct rpcbs_rmtcalllist { + rpcprog_t prog; + rpcvers_t vers; + rpcproc_t proc; + int success; + int failure; + int indirect; + char *netid; + struct rpcbs_rmtcalllist *next; +}; +typedef struct rpcbs_rmtcalllist rpcbs_rmtcalllist; + +typedef int rpcbs_proc[RPCBSTAT_HIGHPROC]; + +typedef rpcbs_addrlist *rpcbs_addrlist_ptr; + +typedef rpcbs_rmtcalllist *rpcbs_rmtcalllist_ptr; + +struct rpcb_stat { + rpcbs_proc info; + int setinfo; + int unsetinfo; + rpcbs_addrlist_ptr addrinfo; + rpcbs_rmtcalllist_ptr rmtinfo; +}; +typedef struct rpcb_stat rpcb_stat; + +/* + * One rpcb_stat structure is returned for each version of rpcbind + * being monitored. + */ + +typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT]; + +/* + * We don't define netbuf in RPCL, since it would contain structure member + * names that would conflict with the definition of struct netbuf in + * . Instead we merely declare the XDR routine xdr_netbuf() here, + * and implement it ourselves in rpc/rpcb_prot.c. + */ +#ifdef __cplusplus +extern "C" bool_t xdr_netbuf(XDR *, struct netbuf *); + +#else /* __STDC__ */ +extern bool_t xdr_netbuf(XDR *, struct netbuf *); + +#endif + +#define RPCBVERS_3 RPCBVERS +#define RPCBVERS_4 RPCBVERS4 + +#define _PATH_RPCBINDSOCK "/var/run/rpcbind.sock" + +#else /* ndef _KERNEL */ +#ifdef __cplusplus +extern "C" { +#endif + +/* + * A mapping of (program, version, network ID) to address + */ +struct rpcb { + rpcprog_t r_prog; /* program number */ + rpcvers_t r_vers; /* version number */ + char *r_netid; /* network id */ + char *r_addr; /* universal address */ + char *r_owner; /* owner of the mapping */ +}; +typedef struct rpcb RPCB; + +/* + * A list of mappings + */ +struct rpcblist { + RPCB rpcb_map; + struct rpcblist *rpcb_next; +}; +typedef struct rpcblist RPCBLIST; +typedef struct rpcblist *rpcblist_ptr; + +/* + * Remote calls arguments + */ +struct rpcb_rmtcallargs { + rpcprog_t prog; /* program number */ + rpcvers_t vers; /* version number */ + rpcproc_t proc; /* procedure number */ + u_int32_t arglen; /* arg len */ + caddr_t args_ptr; /* argument */ + xdrproc_t xdr_args; /* XDR routine for argument */ +}; +typedef struct rpcb_rmtcallargs rpcb_rmtcallargs; + +/* + * Remote calls results + */ +struct rpcb_rmtcallres { + char *addr_ptr; /* remote universal address */ + u_int32_t resultslen; /* results length */ + caddr_t results_ptr; /* results */ + xdrproc_t xdr_results; /* XDR routine for result */ +}; +typedef struct rpcb_rmtcallres rpcb_rmtcallres; + +struct rpcb_entry { + char *r_maddr; + char *r_nc_netid; + unsigned int r_nc_semantics; + char *r_nc_protofmly; + char *r_nc_proto; +}; +typedef struct rpcb_entry rpcb_entry; + +/* + * A list of addresses supported by a service. + */ + +struct rpcb_entry_list { + rpcb_entry rpcb_entry_map; + struct rpcb_entry_list *rpcb_entry_next; +}; +typedef struct rpcb_entry_list rpcb_entry_list; + +typedef rpcb_entry_list *rpcb_entry_list_ptr; + +/* + * rpcbind statistics + */ + +#define rpcb_highproc_2 RPCBPROC_CALLIT +#define rpcb_highproc_3 RPCBPROC_TADDR2UADDR +#define rpcb_highproc_4 RPCBPROC_GETSTAT +#define RPCBSTAT_HIGHPROC 13 +#define RPCBVERS_STAT 3 +#define RPCBVERS_4_STAT 2 +#define RPCBVERS_3_STAT 1 +#define RPCBVERS_2_STAT 0 + +/* Link list of all the stats about getport and getaddr */ + +struct rpcbs_addrlist { + rpcprog_t prog; + rpcvers_t vers; + int success; + int failure; + char *netid; + struct rpcbs_addrlist *next; +}; +typedef struct rpcbs_addrlist rpcbs_addrlist; + +/* Link list of all the stats about rmtcall */ + +struct rpcbs_rmtcalllist { + rpcprog_t prog; + rpcvers_t vers; + rpcproc_t proc; + int success; + int failure; + int indirect; + char *netid; + struct rpcbs_rmtcalllist *next; +}; +typedef struct rpcbs_rmtcalllist rpcbs_rmtcalllist; + +typedef int rpcbs_proc[RPCBSTAT_HIGHPROC]; + +typedef rpcbs_addrlist *rpcbs_addrlist_ptr; + +typedef rpcbs_rmtcalllist *rpcbs_rmtcalllist_ptr; + +struct rpcb_stat { + rpcbs_proc info; + int setinfo; + int unsetinfo; + rpcbs_addrlist_ptr addrinfo; + rpcbs_rmtcalllist_ptr rmtinfo; +}; +typedef struct rpcb_stat rpcb_stat; + +/* + * One rpcb_stat structure is returned for each version of rpcbind + * being monitored. + */ + +typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT]; + +#ifdef __cplusplus +} +#endif + +#endif /* ndef _KERNEL */ + +#define RPCBPROG ((unsigned long)(100000)) +#define RPCBVERS ((unsigned long)(3)) + +extern void rpcbprog_3(struct svc_req *rqstp, SVCXPRT *transp); +#define RPCBPROC_SET ((unsigned long)(1)) +extern bool_t * rpcbproc_set_3(rpcb *, CLIENT *); +extern bool_t * rpcbproc_set_3_svc(rpcb *, struct svc_req *); +#define RPCBPROC_UNSET ((unsigned long)(2)) +extern bool_t * rpcbproc_unset_3(rpcb *, CLIENT *); +extern bool_t * rpcbproc_unset_3_svc(rpcb *, struct svc_req *); +#define RPCBPROC_GETADDR ((unsigned long)(3)) +extern char ** rpcbproc_getaddr_3(rpcb *, CLIENT *); +extern char ** rpcbproc_getaddr_3_svc(rpcb *, struct svc_req *); +#define RPCBPROC_DUMP ((unsigned long)(4)) +extern rpcblist_ptr * rpcbproc_dump_3(void *, CLIENT *); +extern rpcblist_ptr * rpcbproc_dump_3_svc(void *, struct svc_req *); +#define RPCBPROC_CALLIT ((unsigned long)(5)) +extern rpcb_rmtcallres * rpcbproc_callit_3(rpcb_rmtcallargs *, CLIENT *); +extern rpcb_rmtcallres * rpcbproc_callit_3_svc(rpcb_rmtcallargs *, struct svc_req *); +#define RPCBPROC_GETTIME ((unsigned long)(6)) +extern u_int * rpcbproc_gettime_3(void *, CLIENT *); +extern u_int * rpcbproc_gettime_3_svc(void *, struct svc_req *); +#define RPCBPROC_UADDR2TADDR ((unsigned long)(7)) +extern struct netbuf * rpcbproc_uaddr2taddr_3(char **, CLIENT *); +extern struct netbuf * rpcbproc_uaddr2taddr_3_svc(char **, struct svc_req *); +#define RPCBPROC_TADDR2UADDR ((unsigned long)(8)) +extern char ** rpcbproc_taddr2uaddr_3(struct netbuf *, CLIENT *); +extern char ** rpcbproc_taddr2uaddr_3_svc(struct netbuf *, struct svc_req *); +extern int rpcbprog_3_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define RPCBVERS4 ((unsigned long)(4)) + +extern void rpcbprog_4(struct svc_req *rqstp, SVCXPRT *transp); +extern bool_t * rpcbproc_set_4(rpcb *, CLIENT *); +extern bool_t * rpcbproc_set_4_svc(rpcb *, struct svc_req *); +extern bool_t * rpcbproc_unset_4(rpcb *, CLIENT *); +extern bool_t * rpcbproc_unset_4_svc(rpcb *, struct svc_req *); +extern char ** rpcbproc_getaddr_4(rpcb *, CLIENT *); +extern char ** rpcbproc_getaddr_4_svc(rpcb *, struct svc_req *); +extern rpcblist_ptr * rpcbproc_dump_4(void *, CLIENT *); +extern rpcblist_ptr * rpcbproc_dump_4_svc(void *, struct svc_req *); +#define RPCBPROC_BCAST ((unsigned long)(RPCBPROC_CALLIT)) +extern rpcb_rmtcallres * rpcbproc_bcast_4(rpcb_rmtcallargs *, CLIENT *); +extern rpcb_rmtcallres * rpcbproc_bcast_4_svc(rpcb_rmtcallargs *, struct svc_req *); +extern u_int * rpcbproc_gettime_4(void *, CLIENT *); +extern u_int * rpcbproc_gettime_4_svc(void *, struct svc_req *); +extern struct netbuf * rpcbproc_uaddr2taddr_4(char **, CLIENT *); +extern struct netbuf * rpcbproc_uaddr2taddr_4_svc(char **, struct svc_req *); +extern char ** rpcbproc_taddr2uaddr_4(struct netbuf *, CLIENT *); +extern char ** rpcbproc_taddr2uaddr_4_svc(struct netbuf *, struct svc_req *); +#define RPCBPROC_GETVERSADDR ((unsigned long)(9)) +extern char ** rpcbproc_getversaddr_4(rpcb *, CLIENT *); +extern char ** rpcbproc_getversaddr_4_svc(rpcb *, struct svc_req *); +#define RPCBPROC_INDIRECT ((unsigned long)(10)) +extern rpcb_rmtcallres * rpcbproc_indirect_4(rpcb_rmtcallargs *, CLIENT *); +extern rpcb_rmtcallres * rpcbproc_indirect_4_svc(rpcb_rmtcallargs *, struct svc_req *); +#define RPCBPROC_GETADDRLIST ((unsigned long)(11)) +extern rpcb_entry_list_ptr * rpcbproc_getaddrlist_4(rpcb *, CLIENT *); +extern rpcb_entry_list_ptr * rpcbproc_getaddrlist_4_svc(rpcb *, struct svc_req *); +#define RPCBPROC_GETSTAT ((unsigned long)(12)) +extern rpcb_stat * rpcbproc_getstat_4(void *, CLIENT *); +extern rpcb_stat * rpcbproc_getstat_4_svc(void *, struct svc_req *); +extern int rpcbprog_4_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_rpcb(XDR *, rpcb*); +extern bool_t xdr_rp__list(XDR *, rp__list*); +extern bool_t xdr_rpcblist_ptr(XDR *, rpcblist_ptr*); +extern bool_t xdr_rpcb_rmtcallargs(XDR *, rpcb_rmtcallargs*); +extern bool_t xdr_rpcb_rmtcallres(XDR *, rpcb_rmtcallres*); +extern bool_t xdr_rpcb_entry(XDR *, rpcb_entry*); +extern bool_t xdr_rpcb_entry_list(XDR *, rpcb_entry_list*); +extern bool_t xdr_rpcb_entry_list_ptr(XDR *, rpcb_entry_list_ptr*); +extern bool_t xdr_rpcbs_addrlist(XDR *, rpcbs_addrlist*); +extern bool_t xdr_rpcbs_rmtcalllist(XDR *, rpcbs_rmtcalllist*); +extern bool_t xdr_rpcbs_proc(XDR *, rpcbs_proc); +extern bool_t xdr_rpcbs_addrlist_ptr(XDR *, rpcbs_addrlist_ptr*); +extern bool_t xdr_rpcbs_rmtcalllist_ptr(XDR *, rpcbs_rmtcalllist_ptr*); +extern bool_t xdr_rpcb_stat(XDR *, rpcb_stat*); +extern bool_t xdr_rpcb_stat_byvers(XDR *, rpcb_stat_byvers); + +#ifdef __cplusplus +} +#endif + +#endif /* !_RPCB_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/bootparam_prot.h b/include/rpcsvc/bootparam_prot.h new file mode 100644 index 0000000000..7ddad2cbcc --- /dev/null +++ b/include/rpcsvc/bootparam_prot.h @@ -0,0 +1,99 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _BOOTPARAM_PROT_H_RPCGEN +#define _BOOTPARAM_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include +#define MAX_MACHINE_NAME 255 +#define MAX_PATH_LEN 1024 +#define MAX_FILEID 32 +#define IP_ADDR_TYPE 1 + +typedef char *bp_machine_name_t; + +typedef char *bp_path_t; + +typedef char *bp_fileid_t; + +struct ip_addr_t { + char net; + char host; + char lh; + char impno; +}; +typedef struct ip_addr_t ip_addr_t; + +struct bp_address { + int address_type; + union { + ip_addr_t ip_addr; + } bp_address_u; +}; +typedef struct bp_address bp_address; + +struct bp_whoami_arg { + bp_address client_address; +}; +typedef struct bp_whoami_arg bp_whoami_arg; + +struct bp_whoami_res { + bp_machine_name_t client_name; + bp_machine_name_t domain_name; + bp_address router_address; +}; +typedef struct bp_whoami_res bp_whoami_res; + +struct bp_getfile_arg { + bp_machine_name_t client_name; + bp_fileid_t file_id; +}; +typedef struct bp_getfile_arg bp_getfile_arg; + +struct bp_getfile_res { + bp_machine_name_t server_name; + bp_address server_address; + bp_path_t server_path; +}; +typedef struct bp_getfile_res bp_getfile_res; + +#define BOOTPARAMPROG ((unsigned long)(100026)) +#define BOOTPARAMVERS ((unsigned long)(1)) + +extern void bootparamprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define BOOTPARAMPROC_WHOAMI ((unsigned long)(1)) +extern bp_whoami_res * bootparamproc_whoami_1(bp_whoami_arg *, CLIENT *); +extern bp_whoami_res * bootparamproc_whoami_1_svc(bp_whoami_arg *, struct svc_req *); +#define BOOTPARAMPROC_GETFILE ((unsigned long)(2)) +extern bp_getfile_res * bootparamproc_getfile_1(bp_getfile_arg *, CLIENT *); +extern bp_getfile_res * bootparamproc_getfile_1_svc(bp_getfile_arg *, struct svc_req *); +extern int bootparamprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_bp_machine_name_t(XDR *, bp_machine_name_t*); +extern bool_t xdr_bp_path_t(XDR *, bp_path_t*); +extern bool_t xdr_bp_fileid_t(XDR *, bp_fileid_t*); +extern bool_t xdr_ip_addr_t(XDR *, ip_addr_t*); +extern bool_t xdr_bp_address(XDR *, bp_address*); +extern bool_t xdr_bp_whoami_arg(XDR *, bp_whoami_arg*); +extern bool_t xdr_bp_whoami_res(XDR *, bp_whoami_res*); +extern bool_t xdr_bp_getfile_arg(XDR *, bp_getfile_arg*); +extern bool_t xdr_bp_getfile_res(XDR *, bp_getfile_res*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_BOOTPARAM_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/crypt.h b/include/rpcsvc/crypt.h new file mode 100644 index 0000000000..6ab0078edf --- /dev/null +++ b/include/rpcsvc/crypt.h @@ -0,0 +1,69 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _CRYPT_H_RPCGEN +#define _CRYPT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +enum des_dir { + ENCRYPT_DES = 0, + DECRYPT_DES = 1 +}; +typedef enum des_dir des_dir; + +enum des_mode { + CBC_DES = 0, + ECB_DES = 1 +}; +typedef enum des_mode des_mode; + +struct desargs { + u_char des_key[8]; + des_dir des_dir; + des_mode des_mode; + u_char des_ivec[8]; + struct { + u_int desbuf_len; + char *desbuf_val; + } desbuf; +}; +typedef struct desargs desargs; + +struct desresp { + struct { + u_int desbuf_len; + char *desbuf_val; + } desbuf; + u_char des_ivec[8]; + int stat; +}; +typedef struct desresp desresp; + +#define CRYPT_PROG ((unsigned long)(600100029)) +#define CRYPT_VERS ((unsigned long)(1)) + +extern void crypt_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define DES_CRYPT ((unsigned long)(1)) +extern desresp * des_crypt_1(desargs *, CLIENT *); +extern desresp * des_crypt_1_svc(desargs *, struct svc_req *); +extern int crypt_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_des_dir(XDR *, des_dir*); +extern bool_t xdr_des_mode(XDR *, des_mode*); +extern bool_t xdr_desargs(XDR *, desargs*); +extern bool_t xdr_desresp(XDR *, desresp*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_CRYPT_H_RPCGEN */ diff --git a/include/rpcsvc/key_prot.h b/include/rpcsvc/key_prot.h new file mode 100644 index 0000000000..5711eb96ea --- /dev/null +++ b/include/rpcsvc/key_prot.h @@ -0,0 +1,199 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _KEY_PROT_H_RPCGEN +#define _KEY_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + * + * @(#)key_prot.x 1.7 94/04/29 SMI + * $DragonFly: src/include/rpcsvc/key_prot.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ + +/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ + +/* + * Compiled from key_prot.x using rpcgen. + * DO NOT EDIT THIS FILE! + * This is NOT source code! + */ +#define PROOT 3 +#define HEXMODULUS "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b" +#define HEXKEYBYTES 48 +#define KEYSIZE 192 +#define KEYBYTES 24 +#define KEYCHECKSUMSIZE 16 + +enum keystatus { + KEY_SUCCESS = 0, + KEY_NOSECRET = 1, + KEY_UNKNOWN = 2, + KEY_SYSTEMERR = 3 +}; +typedef enum keystatus keystatus; + +typedef char keybuf[HEXKEYBYTES]; + +typedef char *netnamestr; + +struct cryptkeyarg { + netnamestr remotename; + des_block deskey; +}; +typedef struct cryptkeyarg cryptkeyarg; + +struct cryptkeyarg2 { + netnamestr remotename; + netobj remotekey; + des_block deskey; +}; +typedef struct cryptkeyarg2 cryptkeyarg2; + +struct cryptkeyres { + keystatus status; + union { + des_block deskey; + } cryptkeyres_u; +}; +typedef struct cryptkeyres cryptkeyres; +#define MAXGIDS 16 + +struct unixcred { + u_int uid; + u_int gid; + struct { + u_int gids_len; + u_int *gids_val; + } gids; +}; +typedef struct unixcred unixcred; + +struct getcredres { + keystatus status; + union { + unixcred cred; + } getcredres_u; +}; +typedef struct getcredres getcredres; + +struct key_netstarg { + keybuf st_priv_key; + keybuf st_pub_key; + netnamestr st_netname; +}; +typedef struct key_netstarg key_netstarg; + +struct key_netstres { + keystatus status; + union { + key_netstarg knet; + } key_netstres_u; +}; +typedef struct key_netstres key_netstres; + +#ifndef opaque +#define opaque char +#endif + + +#define KEY_PROG ((unsigned long)(100029)) +#define KEY_VERS ((unsigned long)(1)) + +extern void key_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define KEY_SET ((unsigned long)(1)) +extern keystatus * key_set_1(char *, CLIENT *); +extern keystatus * key_set_1_svc(char *, struct svc_req *); +#define KEY_ENCRYPT ((unsigned long)(2)) +extern cryptkeyres * key_encrypt_1(cryptkeyarg *, CLIENT *); +extern cryptkeyres * key_encrypt_1_svc(cryptkeyarg *, struct svc_req *); +#define KEY_DECRYPT ((unsigned long)(3)) +extern cryptkeyres * key_decrypt_1(cryptkeyarg *, CLIENT *); +extern cryptkeyres * key_decrypt_1_svc(cryptkeyarg *, struct svc_req *); +#define KEY_GEN ((unsigned long)(4)) +extern des_block * key_gen_1(void *, CLIENT *); +extern des_block * key_gen_1_svc(void *, struct svc_req *); +#define KEY_GETCRED ((unsigned long)(5)) +extern getcredres * key_getcred_1(netnamestr *, CLIENT *); +extern getcredres * key_getcred_1_svc(netnamestr *, struct svc_req *); +extern int key_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define KEY_VERS2 ((unsigned long)(2)) + +extern void key_prog_2(struct svc_req *rqstp, SVCXPRT *transp); +extern keystatus * key_set_2(char *, CLIENT *); +extern keystatus * key_set_2_svc(char *, struct svc_req *); +extern cryptkeyres * key_encrypt_2(cryptkeyarg *, CLIENT *); +extern cryptkeyres * key_encrypt_2_svc(cryptkeyarg *, struct svc_req *); +extern cryptkeyres * key_decrypt_2(cryptkeyarg *, CLIENT *); +extern cryptkeyres * key_decrypt_2_svc(cryptkeyarg *, struct svc_req *); +extern des_block * key_gen_2(void *, CLIENT *); +extern des_block * key_gen_2_svc(void *, struct svc_req *); +extern getcredres * key_getcred_2(netnamestr *, CLIENT *); +extern getcredres * key_getcred_2_svc(netnamestr *, struct svc_req *); +#define KEY_ENCRYPT_PK ((unsigned long)(6)) +extern cryptkeyres * key_encrypt_pk_2(cryptkeyarg2 *, CLIENT *); +extern cryptkeyres * key_encrypt_pk_2_svc(cryptkeyarg2 *, struct svc_req *); +#define KEY_DECRYPT_PK ((unsigned long)(7)) +extern cryptkeyres * key_decrypt_pk_2(cryptkeyarg2 *, CLIENT *); +extern cryptkeyres * key_decrypt_pk_2_svc(cryptkeyarg2 *, struct svc_req *); +#define KEY_NET_PUT ((unsigned long)(8)) +extern keystatus * key_net_put_2(key_netstarg *, CLIENT *); +extern keystatus * key_net_put_2_svc(key_netstarg *, struct svc_req *); +#define KEY_NET_GET ((unsigned long)(9)) +extern key_netstres * key_net_get_2(void *, CLIENT *); +extern key_netstres * key_net_get_2_svc(void *, struct svc_req *); +#define KEY_GET_CONV ((unsigned long)(10)) +extern cryptkeyres * key_get_conv_2(char *, CLIENT *); +extern cryptkeyres * key_get_conv_2_svc(char *, struct svc_req *); +extern int key_prog_2_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_keystatus(XDR *, keystatus*); +extern bool_t xdr_keybuf(XDR *, keybuf); +extern bool_t xdr_netnamestr(XDR *, netnamestr*); +extern bool_t xdr_cryptkeyarg(XDR *, cryptkeyarg*); +extern bool_t xdr_cryptkeyarg2(XDR *, cryptkeyarg2*); +extern bool_t xdr_cryptkeyres(XDR *, cryptkeyres*); +extern bool_t xdr_unixcred(XDR *, unixcred*); +extern bool_t xdr_getcredres(XDR *, getcredres*); +extern bool_t xdr_key_netstarg(XDR *, key_netstarg*); +extern bool_t xdr_key_netstres(XDR *, key_netstres*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_KEY_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/klm_prot.h b/include/rpcsvc/klm_prot.h new file mode 100644 index 0000000000..0d60bb2033 --- /dev/null +++ b/include/rpcsvc/klm_prot.h @@ -0,0 +1,105 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _KLM_PROT_H_RPCGEN +#define _KLM_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LM_MAXSTRLEN 1024 + +enum klm_stats { + klm_granted = 0, + klm_denied = 1, + klm_denied_nolocks = 2, + klm_working = 3 +}; +typedef enum klm_stats klm_stats; + +struct klm_lock { + char *server_name; + netobj fh; + int pid; + u_int l_offset; + u_int l_len; +}; +typedef struct klm_lock klm_lock; + +struct klm_holder { + bool_t exclusive; + int svid; + u_int l_offset; + u_int l_len; +}; +typedef struct klm_holder klm_holder; + +struct klm_stat { + klm_stats stat; +}; +typedef struct klm_stat klm_stat; + +struct klm_testrply { + klm_stats stat; + union { + struct klm_holder holder; + } klm_testrply_u; +}; +typedef struct klm_testrply klm_testrply; + +struct klm_lockargs { + bool_t block; + bool_t exclusive; + struct klm_lock alock; +}; +typedef struct klm_lockargs klm_lockargs; + +struct klm_testargs { + bool_t exclusive; + struct klm_lock alock; +}; +typedef struct klm_testargs klm_testargs; + +struct klm_unlockargs { + struct klm_lock alock; +}; +typedef struct klm_unlockargs klm_unlockargs; + +#define KLM_PROG ((unsigned long)(100020)) +#define KLM_VERS ((unsigned long)(1)) + +extern void klm_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define KLM_TEST ((unsigned long)(1)) +extern klm_testrply * klm_test_1(struct klm_testargs *, CLIENT *); +extern klm_testrply * klm_test_1_svc(struct klm_testargs *, struct svc_req *); +#define KLM_LOCK ((unsigned long)(2)) +extern klm_stat * klm_lock_1(struct klm_lockargs *, CLIENT *); +extern klm_stat * klm_lock_1_svc(struct klm_lockargs *, struct svc_req *); +#define KLM_CANCEL ((unsigned long)(3)) +extern klm_stat * klm_cancel_1(struct klm_lockargs *, CLIENT *); +extern klm_stat * klm_cancel_1_svc(struct klm_lockargs *, struct svc_req *); +#define KLM_UNLOCK ((unsigned long)(4)) +extern klm_stat * klm_unlock_1(struct klm_unlockargs *, CLIENT *); +extern klm_stat * klm_unlock_1_svc(struct klm_unlockargs *, struct svc_req *); +extern int klm_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_klm_stats(XDR *, klm_stats*); +extern bool_t xdr_klm_lock(XDR *, klm_lock*); +extern bool_t xdr_klm_holder(XDR *, klm_holder*); +extern bool_t xdr_klm_stat(XDR *, klm_stat*); +extern bool_t xdr_klm_testrply(XDR *, klm_testrply*); +extern bool_t xdr_klm_lockargs(XDR *, klm_lockargs*); +extern bool_t xdr_klm_testargs(XDR *, klm_testargs*); +extern bool_t xdr_klm_unlockargs(XDR *, klm_unlockargs*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_KLM_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/mount.h b/include/rpcsvc/mount.h new file mode 100644 index 0000000000..153a892471 --- /dev/null +++ b/include/rpcsvc/mount.h @@ -0,0 +1,159 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _MOUNT_H_RPCGEN +#define _MOUNT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define MNTPATHLEN 1024 +#define MNTNAMLEN 255 +#define FHSIZE 32 +#define FHSIZE3 64 + +typedef char fhandle[FHSIZE]; + +typedef struct { + u_int fhandle3_len; + char *fhandle3_val; +} fhandle3; + +struct fhstatus { + u_int fhs_status; + union { + fhandle fhs_fhandle; + } fhstatus_u; +}; +typedef struct fhstatus fhstatus; + +enum mountstat3 { + MNT3_OK = 0, + MNT3ERR_PERM = 1, + MNT3ERR_NOENT = 2, + MNT3ERR_IO = 5, + MNT3ERR_ACCES = 13, + MNT3ERR_NOTDIR = 20, + MNT3ERR_INVAL = 22, + MNT3ERR_NAMETOOLONG = 63, + MNT3ERR_NOTSUPP = 10004, + MNT3ERR_SERVERFAULT = 10006 +}; +typedef enum mountstat3 mountstat3; + +struct mountres3_ok { + fhandle3 fhandle; + struct { + u_int auth_flavors_len; + int *auth_flavors_val; + } auth_flavors; +}; +typedef struct mountres3_ok mountres3_ok; + +struct mountres3 { + mountstat3 fhs_status; + union { + mountres3_ok mountinfo; + } mountres3_u; +}; +typedef struct mountres3 mountres3; + +typedef char *dirpath; + +typedef char *name; + +typedef struct mountbody *mountlist; + +struct mountbody { + name ml_hostname; + dirpath ml_directory; + mountlist ml_next; +}; +typedef struct mountbody mountbody; + +typedef struct groupnode *groups; + +struct groupnode { + name gr_name; + groups gr_next; +}; +typedef struct groupnode groupnode; + +typedef struct exportnode *exports; + +struct exportnode { + dirpath ex_dir; + groups ex_groups; + exports ex_next; +}; +typedef struct exportnode exportnode; + +#define MOUNTPROG ((unsigned long)(100005)) +#define MOUNTVERS ((unsigned long)(1)) + +extern void mountprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define MOUNTPROC_NULL ((unsigned long)(0)) +extern void * mountproc_null_1(void *, CLIENT *); +extern void * mountproc_null_1_svc(void *, struct svc_req *); +#define MOUNTPROC_MNT ((unsigned long)(1)) +extern fhstatus * mountproc_mnt_1(dirpath *, CLIENT *); +extern fhstatus * mountproc_mnt_1_svc(dirpath *, struct svc_req *); +#define MOUNTPROC_DUMP ((unsigned long)(2)) +extern mountlist * mountproc_dump_1(void *, CLIENT *); +extern mountlist * mountproc_dump_1_svc(void *, struct svc_req *); +#define MOUNTPROC_UMNT ((unsigned long)(3)) +extern void * mountproc_umnt_1(dirpath *, CLIENT *); +extern void * mountproc_umnt_1_svc(dirpath *, struct svc_req *); +#define MOUNTPROC_UMNTALL ((unsigned long)(4)) +extern void * mountproc_umntall_1(void *, CLIENT *); +extern void * mountproc_umntall_1_svc(void *, struct svc_req *); +#define MOUNTPROC_EXPORT ((unsigned long)(5)) +extern exports * mountproc_export_1(void *, CLIENT *); +extern exports * mountproc_export_1_svc(void *, struct svc_req *); +#define MOUNTPROC_EXPORTALL ((unsigned long)(6)) +extern exports * mountproc_exportall_1(void *, CLIENT *); +extern exports * mountproc_exportall_1_svc(void *, struct svc_req *); +extern int mountprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define MOUNTVERS3 ((unsigned long)(3)) + +extern void mountprog_3(struct svc_req *rqstp, SVCXPRT *transp); +extern void * mountproc_null_3(void *, CLIENT *); +extern void * mountproc_null_3_svc(void *, struct svc_req *); +extern mountres3 * mountproc_mnt_3(dirpath *, CLIENT *); +extern mountres3 * mountproc_mnt_3_svc(dirpath *, struct svc_req *); +extern mountlist * mountproc_dump_3(void *, CLIENT *); +extern mountlist * mountproc_dump_3_svc(void *, struct svc_req *); +extern void * mountproc_umnt_3(dirpath *, CLIENT *); +extern void * mountproc_umnt_3_svc(dirpath *, struct svc_req *); +extern void * mountproc_umntall_3(void *, CLIENT *); +extern void * mountproc_umntall_3_svc(void *, struct svc_req *); +extern exports * mountproc_export_3(void *, CLIENT *); +extern exports * mountproc_export_3_svc(void *, struct svc_req *); +extern int mountprog_3_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_fhandle(XDR *, fhandle); +extern bool_t xdr_fhandle3(XDR *, fhandle3*); +extern bool_t xdr_fhstatus(XDR *, fhstatus*); +extern bool_t xdr_mountstat3(XDR *, mountstat3*); +extern bool_t xdr_mountres3_ok(XDR *, mountres3_ok*); +extern bool_t xdr_mountres3(XDR *, mountres3*); +extern bool_t xdr_dirpath(XDR *, dirpath*); +extern bool_t xdr_name(XDR *, name*); +extern bool_t xdr_mountlist(XDR *, mountlist*); +extern bool_t xdr_mountbody(XDR *, mountbody*); +extern bool_t xdr_groups(XDR *, groups*); +extern bool_t xdr_groupnode(XDR *, groupnode*); +extern bool_t xdr_exports(XDR *, exports*); +extern bool_t xdr_exportnode(XDR *, exportnode*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_MOUNT_H_RPCGEN */ diff --git a/include/rpcsvc/nfs_prot.h b/include/rpcsvc/nfs_prot.h new file mode 100644 index 0000000000..18da79a579 --- /dev/null +++ b/include/rpcsvc/nfs_prot.h @@ -0,0 +1,1456 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _NFS_PROT_H_RPCGEN +#define _NFS_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define NFS_PORT 2049 +#define NFS_MAXDATA 8192 +#define NFS_MAXPATHLEN 1024 +#define NFS_MAXNAMLEN 255 +#define NFS_FHSIZE 32 +#define NFS_COOKIESIZE 4 +#define NFS_FIFO_DEV -1 +#define NFSMODE_FMT 0170000 +#define NFSMODE_DIR 0040000 +#define NFSMODE_CHR 0020000 +#define NFSMODE_BLK 0060000 +#define NFSMODE_REG 0100000 +#define NFSMODE_LNK 0120000 +#define NFSMODE_SOCK 0140000 +#define NFSMODE_FIFO 0010000 + +enum nfsstat { + NFS_OK = 0, + NFSERR_PERM = 1, + NFSERR_NOENT = 2, + NFSERR_IO = 5, + NFSERR_NXIO = 6, + NFSERR_ACCES = 13, + NFSERR_EXIST = 17, + NFSERR_NODEV = 19, + NFSERR_NOTDIR = 20, + NFSERR_ISDIR = 21, + NFSERR_FBIG = 27, + NFSERR_NOSPC = 28, + NFSERR_ROFS = 30, + NFSERR_NAMETOOLONG = 63, + NFSERR_NOTEMPTY = 66, + NFSERR_DQUOT = 69, + NFSERR_STALE = 70, + NFSERR_WFLUSH = 99 +}; +typedef enum nfsstat nfsstat; + +enum ftype { + NFNON = 0, + NFREG = 1, + NFDIR = 2, + NFBLK = 3, + NFCHR = 4, + NFLNK = 5, + NFSOCK = 6, + NFBAD = 7, + NFFIFO = 8 +}; +typedef enum ftype ftype; + +struct nfs_fh { + char data[NFS_FHSIZE]; +}; +typedef struct nfs_fh nfs_fh; + +struct nfstime { + u_int seconds; + u_int useconds; +}; +typedef struct nfstime nfstime; + +struct fattr { + ftype type; + u_int mode; + u_int nlink; + u_int uid; + u_int gid; + u_int size; + u_int blocksize; + u_int rdev; + u_int blocks; + u_int fsid; + u_int fileid; + nfstime atime; + nfstime mtime; + nfstime ctime; +}; +typedef struct fattr fattr; + +struct sattr { + u_int mode; + u_int uid; + u_int gid; + u_int size; + nfstime atime; + nfstime mtime; +}; +typedef struct sattr sattr; + +typedef char *filename; + +typedef char *nfspath; + +struct attrstat { + nfsstat status; + union { + fattr attributes; + } attrstat_u; +}; +typedef struct attrstat attrstat; + +struct sattrargs { + nfs_fh file; + sattr attributes; +}; +typedef struct sattrargs sattrargs; + +struct diropargs { + nfs_fh dir; + filename name; +}; +typedef struct diropargs diropargs; + +struct diropokres { + nfs_fh file; + fattr attributes; +}; +typedef struct diropokres diropokres; + +struct diropres { + nfsstat status; + union { + diropokres diropres; + } diropres_u; +}; +typedef struct diropres diropres; + +struct readlinkres { + nfsstat status; + union { + nfspath data; + } readlinkres_u; +}; +typedef struct readlinkres readlinkres; + +struct readargs { + nfs_fh file; + u_int offset; + u_int count; + u_int totalcount; +}; +typedef struct readargs readargs; + +struct readokres { + fattr attributes; + struct { + u_int data_len; + char *data_val; + } data; +}; +typedef struct readokres readokres; + +struct readres { + nfsstat status; + union { + readokres reply; + } readres_u; +}; +typedef struct readres readres; + +struct writeargs { + nfs_fh file; + u_int beginoffset; + u_int offset; + u_int totalcount; + struct { + u_int data_len; + char *data_val; + } data; +}; +typedef struct writeargs writeargs; + +struct createargs { + diropargs where; + sattr attributes; +}; +typedef struct createargs createargs; + +struct renameargs { + diropargs from; + diropargs to; +}; +typedef struct renameargs renameargs; + +struct linkargs { + nfs_fh from; + diropargs to; +}; +typedef struct linkargs linkargs; + +struct symlinkargs { + diropargs from; + nfspath to; + sattr attributes; +}; +typedef struct symlinkargs symlinkargs; + +typedef char nfscookie[NFS_COOKIESIZE]; + +struct readdirargs { + nfs_fh dir; + nfscookie cookie; + u_int count; +}; +typedef struct readdirargs readdirargs; + +struct entry { + u_int fileid; + filename name; + nfscookie cookie; + struct entry *nextentry; +}; +typedef struct entry entry; + +struct dirlist { + entry *entries; + bool_t eof; +}; +typedef struct dirlist dirlist; + +struct readdirres { + nfsstat status; + union { + dirlist reply; + } readdirres_u; +}; +typedef struct readdirres readdirres; + +struct statfsokres { + u_int tsize; + u_int bsize; + u_int blocks; + u_int bfree; + u_int bavail; +}; +typedef struct statfsokres statfsokres; + +struct statfsres { + nfsstat status; + union { + statfsokres reply; + } statfsres_u; +}; +typedef struct statfsres statfsres; +#define NFS3_FHSIZE 64 +#define NFS3_COOKIEVERFSIZE 8 +#define NFS3_CREATEVERFSIZE 8 +#define NFS3_WRITEVERFSIZE 8 + +typedef u_int64_t uint64; + +typedef int64_t int64; + +typedef u_long uint32; + +typedef long int32; + +typedef char *filename3; + +typedef char *nfspath3; + +typedef uint64 fileid3; + +typedef uint64 cookie3; + +typedef char cookieverf3[NFS3_COOKIEVERFSIZE]; + +typedef char createverf3[NFS3_CREATEVERFSIZE]; + +typedef char writeverf3[NFS3_WRITEVERFSIZE]; + +typedef uint32 uid3; + +typedef uint32 gid3; + +typedef uint64 size3; + +typedef uint64 offset3; + +typedef uint32 mode3; + +typedef uint32 count3; + +enum nfsstat3 { + NFS3_OK = 0, + NFS3ERR_PERM = 1, + NFS3ERR_NOENT = 2, + NFS3ERR_IO = 5, + NFS3ERR_NXIO = 6, + NFS3ERR_ACCES = 13, + NFS3ERR_EXIST = 17, + NFS3ERR_XDEV = 18, + NFS3ERR_NODEV = 19, + NFS3ERR_NOTDIR = 20, + NFS3ERR_ISDIR = 21, + NFS3ERR_INVAL = 22, + NFS3ERR_FBIG = 27, + NFS3ERR_NOSPC = 28, + NFS3ERR_ROFS = 30, + NFS3ERR_MLINK = 31, + NFS3ERR_NAMETOOLONG = 63, + NFS3ERR_NOTEMPTY = 66, + NFS3ERR_DQUOT = 69, + NFS3ERR_STALE = 70, + NFS3ERR_REMOTE = 71, + NFS3ERR_BADHANDLE = 10001, + NFS3ERR_NOT_SYNC = 10002, + NFS3ERR_BAD_COOKIE = 10003, + NFS3ERR_NOTSUPP = 10004, + NFS3ERR_TOOSMALL = 10005, + NFS3ERR_SERVERFAULT = 10006, + NFS3ERR_BADTYPE = 10007, + NFS3ERR_JUKEBOX = 10008 +}; +typedef enum nfsstat3 nfsstat3; + +enum ftype3 { + NF3REG = 1, + NF3DIR = 2, + NF3BLK = 3, + NF3CHR = 4, + NF3LNK = 5, + NF3SOCK = 6, + NF3FIFO = 7 +}; +typedef enum ftype3 ftype3; + +struct specdata3 { + uint32 specdata1; + uint32 specdata2; +}; +typedef struct specdata3 specdata3; + +struct nfs_fh3 { + struct { + u_int data_len; + char *data_val; + } data; +}; +typedef struct nfs_fh3 nfs_fh3; + +struct nfstime3 { + uint32 seconds; + uint32 nseconds; +}; +typedef struct nfstime3 nfstime3; + +struct fattr3 { + ftype3 type; + mode3 mode; + uint32 nlink; + uid3 uid; + gid3 gid; + size3 size; + size3 used; + specdata3 rdev; + uint64 fsid; + fileid3 fileid; + nfstime3 atime; + nfstime3 mtime; + nfstime3 ctime; +}; +typedef struct fattr3 fattr3; + +struct post_op_attr { + bool_t attributes_follow; + union { + fattr3 attributes; + } post_op_attr_u; +}; +typedef struct post_op_attr post_op_attr; + +struct wcc_attr { + size3 size; + nfstime3 mtime; + nfstime3 ctime; +}; +typedef struct wcc_attr wcc_attr; + +struct pre_op_attr { + bool_t attributes_follow; + union { + wcc_attr attributes; + } pre_op_attr_u; +}; +typedef struct pre_op_attr pre_op_attr; + +struct wcc_data { + pre_op_attr before; + post_op_attr after; +}; +typedef struct wcc_data wcc_data; + +struct post_op_fh3 { + bool_t handle_follows; + union { + nfs_fh3 handle; + } post_op_fh3_u; +}; +typedef struct post_op_fh3 post_op_fh3; + +enum time_how { + DONT_CHANGE = 0, + SET_TO_SERVER_TIME = 1, + SET_TO_CLIENT_TIME = 2 +}; +typedef enum time_how time_how; + +struct set_mode3 { + bool_t set_it; + union { + mode3 mode; + } set_mode3_u; +}; +typedef struct set_mode3 set_mode3; + +struct set_uid3 { + bool_t set_it; + union { + uid3 uid; + } set_uid3_u; +}; +typedef struct set_uid3 set_uid3; + +struct set_gid3 { + bool_t set_it; + union { + gid3 gid; + } set_gid3_u; +}; +typedef struct set_gid3 set_gid3; + +struct set_size3 { + bool_t set_it; + union { + size3 size; + } set_size3_u; +}; +typedef struct set_size3 set_size3; + +struct set_atime { + time_how set_it; + union { + nfstime3 atime; + } set_atime_u; +}; +typedef struct set_atime set_atime; + +struct set_mtime { + time_how set_it; + union { + nfstime3 mtime; + } set_mtime_u; +}; +typedef struct set_mtime set_mtime; + +struct sattr3 { + set_mode3 mode; + set_uid3 uid; + set_gid3 gid; + set_size3 size; + set_atime atime; + set_mtime mtime; +}; +typedef struct sattr3 sattr3; + +struct diropargs3 { + nfs_fh3 dir; + filename3 name; +}; +typedef struct diropargs3 diropargs3; + +struct GETATTR3args { + nfs_fh3 object; +}; +typedef struct GETATTR3args GETATTR3args; + +struct GETATTR3resok { + fattr3 obj_attributes; +}; +typedef struct GETATTR3resok GETATTR3resok; + +struct GETATTR3res { + nfsstat3 status; + union { + GETATTR3resok resok; + } GETATTR3res_u; +}; +typedef struct GETATTR3res GETATTR3res; + +struct sattrguard3 { + bool_t check; + union { + nfstime3 obj_ctime; + } sattrguard3_u; +}; +typedef struct sattrguard3 sattrguard3; + +struct SETATTR3args { + nfs_fh3 object; + sattr3 new_attributes; + sattrguard3 guard; +}; +typedef struct SETATTR3args SETATTR3args; + +struct SETATTR3resok { + wcc_data obj_wcc; +}; +typedef struct SETATTR3resok SETATTR3resok; + +struct SETATTR3resfail { + wcc_data obj_wcc; +}; +typedef struct SETATTR3resfail SETATTR3resfail; + +struct SETATTR3res { + nfsstat3 status; + union { + SETATTR3resok resok; + SETATTR3resfail resfail; + } SETATTR3res_u; +}; +typedef struct SETATTR3res SETATTR3res; + +struct LOOKUP3args { + diropargs3 what; +}; +typedef struct LOOKUP3args LOOKUP3args; + +struct LOOKUP3resok { + nfs_fh3 object; + post_op_attr obj_attributes; + post_op_attr dir_attributes; +}; +typedef struct LOOKUP3resok LOOKUP3resok; + +struct LOOKUP3resfail { + post_op_attr dir_attributes; +}; +typedef struct LOOKUP3resfail LOOKUP3resfail; + +struct LOOKUP3res { + nfsstat3 status; + union { + LOOKUP3resok resok; + LOOKUP3resfail resfail; + } LOOKUP3res_u; +}; +typedef struct LOOKUP3res LOOKUP3res; +#define ACCESS3_READ 0x0001 +#define ACCESS3_LOOKUP 0x0002 +#define ACCESS3_MODIFY 0x0004 +#define ACCESS3_EXTEND 0x0008 +#define ACCESS3_DELETE 0x0010 +#define ACCESS3_EXECUTE 0x0020 + +struct ACCESS3args { + nfs_fh3 object; + uint32 access; +}; +typedef struct ACCESS3args ACCESS3args; + +struct ACCESS3resok { + post_op_attr obj_attributes; + uint32 access; +}; +typedef struct ACCESS3resok ACCESS3resok; + +struct ACCESS3resfail { + post_op_attr obj_attributes; +}; +typedef struct ACCESS3resfail ACCESS3resfail; + +struct ACCESS3res { + nfsstat3 status; + union { + ACCESS3resok resok; + ACCESS3resfail resfail; + } ACCESS3res_u; +}; +typedef struct ACCESS3res ACCESS3res; + +struct READLINK3args { + nfs_fh3 symlink; +}; +typedef struct READLINK3args READLINK3args; + +struct READLINK3resok { + post_op_attr symlink_attributes; + nfspath3 data; +}; +typedef struct READLINK3resok READLINK3resok; + +struct READLINK3resfail { + post_op_attr symlink_attributes; +}; +typedef struct READLINK3resfail READLINK3resfail; + +struct READLINK3res { + nfsstat3 status; + union { + READLINK3resok resok; + READLINK3resfail resfail; + } READLINK3res_u; +}; +typedef struct READLINK3res READLINK3res; + +struct READ3args { + nfs_fh3 file; + offset3 offset; + count3 count; +}; +typedef struct READ3args READ3args; + +struct READ3resok { + post_op_attr file_attributes; + count3 count; + bool_t eof; + struct { + u_int data_len; + char *data_val; + } data; +}; +typedef struct READ3resok READ3resok; + +struct READ3resfail { + post_op_attr file_attributes; +}; +typedef struct READ3resfail READ3resfail; + +struct READ3res { + nfsstat3 status; + union { + READ3resok resok; + READ3resfail resfail; + } READ3res_u; +}; +typedef struct READ3res READ3res; + +enum stable_how { + UNSTABLE = 0, + DATA_SYNC = 1, + FILE_SYNC = 2 +}; +typedef enum stable_how stable_how; + +struct WRITE3args { + nfs_fh3 file; + offset3 offset; + count3 count; + stable_how stable; + struct { + u_int data_len; + char *data_val; + } data; +}; +typedef struct WRITE3args WRITE3args; + +struct WRITE3resok { + wcc_data file_wcc; + count3 count; + stable_how committed; + writeverf3 verf; +}; +typedef struct WRITE3resok WRITE3resok; + +struct WRITE3resfail { + wcc_data file_wcc; +}; +typedef struct WRITE3resfail WRITE3resfail; + +struct WRITE3res { + nfsstat3 status; + union { + WRITE3resok resok; + WRITE3resfail resfail; + } WRITE3res_u; +}; +typedef struct WRITE3res WRITE3res; + +enum createmode3 { + UNCHECKED = 0, + GUARDED = 1, + EXCLUSIVE = 2 +}; +typedef enum createmode3 createmode3; + +struct createhow3 { + createmode3 mode; + union { + sattr3 obj_attributes; + createverf3 verf; + } createhow3_u; +}; +typedef struct createhow3 createhow3; + +struct CREATE3args { + diropargs3 where; + createhow3 how; +}; +typedef struct CREATE3args CREATE3args; + +struct CREATE3resok { + post_op_fh3 obj; + post_op_attr obj_attributes; + wcc_data dir_wcc; +}; +typedef struct CREATE3resok CREATE3resok; + +struct CREATE3resfail { + wcc_data dir_wcc; +}; +typedef struct CREATE3resfail CREATE3resfail; + +struct CREATE3res { + nfsstat3 status; + union { + CREATE3resok resok; + CREATE3resfail resfail; + } CREATE3res_u; +}; +typedef struct CREATE3res CREATE3res; + +struct MKDIR3args { + diropargs3 where; + sattr3 attributes; +}; +typedef struct MKDIR3args MKDIR3args; + +struct MKDIR3resok { + post_op_fh3 obj; + post_op_attr obj_attributes; + wcc_data dir_wcc; +}; +typedef struct MKDIR3resok MKDIR3resok; + +struct MKDIR3resfail { + wcc_data dir_wcc; +}; +typedef struct MKDIR3resfail MKDIR3resfail; + +struct MKDIR3res { + nfsstat3 status; + union { + MKDIR3resok resok; + MKDIR3resfail resfail; + } MKDIR3res_u; +}; +typedef struct MKDIR3res MKDIR3res; + +struct symlinkdata3 { + sattr3 symlink_attributes; + nfspath3 symlink_data; +}; +typedef struct symlinkdata3 symlinkdata3; + +struct SYMLINK3args { + diropargs3 where; + symlinkdata3 symlink; +}; +typedef struct SYMLINK3args SYMLINK3args; + +struct SYMLINK3resok { + post_op_fh3 obj; + post_op_attr obj_attributes; + wcc_data dir_wcc; +}; +typedef struct SYMLINK3resok SYMLINK3resok; + +struct SYMLINK3resfail { + wcc_data dir_wcc; +}; +typedef struct SYMLINK3resfail SYMLINK3resfail; + +struct SYMLINK3res { + nfsstat3 status; + union { + SYMLINK3resok resok; + SYMLINK3resfail resfail; + } SYMLINK3res_u; +}; +typedef struct SYMLINK3res SYMLINK3res; + +struct devicedata3 { + sattr3 dev_attributes; + specdata3 spec; +}; +typedef struct devicedata3 devicedata3; + +struct mknoddata3 { + ftype3 type; + union { + devicedata3 device; + sattr3 pipe_attributes; + } mknoddata3_u; +}; +typedef struct mknoddata3 mknoddata3; + +struct MKNOD3args { + diropargs3 where; + mknoddata3 what; +}; +typedef struct MKNOD3args MKNOD3args; + +struct MKNOD3resok { + post_op_fh3 obj; + post_op_attr obj_attributes; + wcc_data dir_wcc; +}; +typedef struct MKNOD3resok MKNOD3resok; + +struct MKNOD3resfail { + wcc_data dir_wcc; +}; +typedef struct MKNOD3resfail MKNOD3resfail; + +struct MKNOD3res { + nfsstat3 status; + union { + MKNOD3resok resok; + MKNOD3resfail resfail; + } MKNOD3res_u; +}; +typedef struct MKNOD3res MKNOD3res; + +struct REMOVE3args { + diropargs3 object; +}; +typedef struct REMOVE3args REMOVE3args; + +struct REMOVE3resok { + wcc_data dir_wcc; +}; +typedef struct REMOVE3resok REMOVE3resok; + +struct REMOVE3resfail { + wcc_data dir_wcc; +}; +typedef struct REMOVE3resfail REMOVE3resfail; + +struct REMOVE3res { + nfsstat3 status; + union { + REMOVE3resok resok; + REMOVE3resfail resfail; + } REMOVE3res_u; +}; +typedef struct REMOVE3res REMOVE3res; + +struct RMDIR3args { + diropargs3 object; +}; +typedef struct RMDIR3args RMDIR3args; + +struct RMDIR3resok { + wcc_data dir_wcc; +}; +typedef struct RMDIR3resok RMDIR3resok; + +struct RMDIR3resfail { + wcc_data dir_wcc; +}; +typedef struct RMDIR3resfail RMDIR3resfail; + +struct RMDIR3res { + nfsstat3 status; + union { + RMDIR3resok resok; + RMDIR3resfail resfail; + } RMDIR3res_u; +}; +typedef struct RMDIR3res RMDIR3res; + +struct RENAME3args { + diropargs3 from; + diropargs3 to; +}; +typedef struct RENAME3args RENAME3args; + +struct RENAME3resok { + wcc_data fromdir_wcc; + wcc_data todir_wcc; +}; +typedef struct RENAME3resok RENAME3resok; + +struct RENAME3resfail { + wcc_data fromdir_wcc; + wcc_data todir_wcc; +}; +typedef struct RENAME3resfail RENAME3resfail; + +struct RENAME3res { + nfsstat3 status; + union { + RENAME3resok resok; + RENAME3resfail resfail; + } RENAME3res_u; +}; +typedef struct RENAME3res RENAME3res; + +struct LINK3args { + nfs_fh3 file; + diropargs3 link; +}; +typedef struct LINK3args LINK3args; + +struct LINK3resok { + post_op_attr file_attributes; + wcc_data linkdir_wcc; +}; +typedef struct LINK3resok LINK3resok; + +struct LINK3resfail { + post_op_attr file_attributes; + wcc_data linkdir_wcc; +}; +typedef struct LINK3resfail LINK3resfail; + +struct LINK3res { + nfsstat3 status; + union { + LINK3resok resok; + LINK3resfail resfail; + } LINK3res_u; +}; +typedef struct LINK3res LINK3res; + +struct READDIR3args { + nfs_fh3 dir; + cookie3 cookie; + cookieverf3 cookieverf; + count3 count; +}; +typedef struct READDIR3args READDIR3args; + +struct entry3 { + fileid3 fileid; + filename3 name; + cookie3 cookie; + struct entry3 *nextentry; +}; +typedef struct entry3 entry3; + +struct dirlist3 { + entry3 *entries; + bool_t eof; +}; +typedef struct dirlist3 dirlist3; + +struct READDIR3resok { + post_op_attr dir_attributes; + cookieverf3 cookieverf; + dirlist3 reply; +}; +typedef struct READDIR3resok READDIR3resok; + +struct READDIR3resfail { + post_op_attr dir_attributes; +}; +typedef struct READDIR3resfail READDIR3resfail; + +struct READDIR3res { + nfsstat3 status; + union { + READDIR3resok resok; + READDIR3resfail resfail; + } READDIR3res_u; +}; +typedef struct READDIR3res READDIR3res; + +struct READDIRPLUS3args { + nfs_fh3 dir; + cookie3 cookie; + cookieverf3 cookieverf; + count3 dircount; + count3 maxcount; +}; +typedef struct READDIRPLUS3args READDIRPLUS3args; + +struct entryplus3 { + fileid3 fileid; + filename3 name; + cookie3 cookie; + post_op_attr name_attributes; + post_op_fh3 name_handle; + struct entryplus3 *nextentry; +}; +typedef struct entryplus3 entryplus3; + +struct dirlistplus3 { + entryplus3 *entries; + bool_t eof; +}; +typedef struct dirlistplus3 dirlistplus3; + +struct READDIRPLUS3resok { + post_op_attr dir_attributes; + cookieverf3 cookieverf; + dirlistplus3 reply; +}; +typedef struct READDIRPLUS3resok READDIRPLUS3resok; + +struct READDIRPLUS3resfail { + post_op_attr dir_attributes; +}; +typedef struct READDIRPLUS3resfail READDIRPLUS3resfail; + +struct READDIRPLUS3res { + nfsstat3 status; + union { + READDIRPLUS3resok resok; + READDIRPLUS3resfail resfail; + } READDIRPLUS3res_u; +}; +typedef struct READDIRPLUS3res READDIRPLUS3res; + +struct FSSTAT3args { + nfs_fh3 fsroot; +}; +typedef struct FSSTAT3args FSSTAT3args; + +struct FSSTAT3resok { + post_op_attr obj_attributes; + size3 tbytes; + size3 fbytes; + size3 abytes; + size3 tfiles; + size3 ffiles; + size3 afiles; + uint32 invarsec; +}; +typedef struct FSSTAT3resok FSSTAT3resok; + +struct FSSTAT3resfail { + post_op_attr obj_attributes; +}; +typedef struct FSSTAT3resfail FSSTAT3resfail; + +struct FSSTAT3res { + nfsstat3 status; + union { + FSSTAT3resok resok; + FSSTAT3resfail resfail; + } FSSTAT3res_u; +}; +typedef struct FSSTAT3res FSSTAT3res; +#define FSF3_LINK 0x0001 +#define FSF3_SYMLINK 0x0002 +#define FSF3_HOMOGENEOUS 0x0008 +#define FSF3_CANSETTIME 0x0010 + +struct FSINFO3args { + nfs_fh3 fsroot; +}; +typedef struct FSINFO3args FSINFO3args; + +struct FSINFO3resok { + post_op_attr obj_attributes; + uint32 rtmax; + uint32 rtpref; + uint32 rtmult; + uint32 wtmax; + uint32 wtpref; + uint32 wtmult; + uint32 dtpref; + size3 maxfilesize; + nfstime3 time_delta; + uint32 properties; +}; +typedef struct FSINFO3resok FSINFO3resok; + +struct FSINFO3resfail { + post_op_attr obj_attributes; +}; +typedef struct FSINFO3resfail FSINFO3resfail; + +struct FSINFO3res { + nfsstat3 status; + union { + FSINFO3resok resok; + FSINFO3resfail resfail; + } FSINFO3res_u; +}; +typedef struct FSINFO3res FSINFO3res; + +struct PATHCONF3args { + nfs_fh3 object; +}; +typedef struct PATHCONF3args PATHCONF3args; + +struct PATHCONF3resok { + post_op_attr obj_attributes; + uint32 linkmax; + uint32 name_max; + bool_t no_trunc; + bool_t chown_restricted; + bool_t case_insensitive; + bool_t case_preserving; +}; +typedef struct PATHCONF3resok PATHCONF3resok; + +struct PATHCONF3resfail { + post_op_attr obj_attributes; +}; +typedef struct PATHCONF3resfail PATHCONF3resfail; + +struct PATHCONF3res { + nfsstat3 status; + union { + PATHCONF3resok resok; + PATHCONF3resfail resfail; + } PATHCONF3res_u; +}; +typedef struct PATHCONF3res PATHCONF3res; + +struct COMMIT3args { + nfs_fh3 file; + offset3 offset; + count3 count; +}; +typedef struct COMMIT3args COMMIT3args; + +struct COMMIT3resok { + wcc_data file_wcc; + writeverf3 verf; +}; +typedef struct COMMIT3resok COMMIT3resok; + +struct COMMIT3resfail { + wcc_data file_wcc; +}; +typedef struct COMMIT3resfail COMMIT3resfail; + +struct COMMIT3res { + nfsstat3 status; + union { + COMMIT3resok resok; + COMMIT3resfail resfail; + } COMMIT3res_u; +}; +typedef struct COMMIT3res COMMIT3res; + +#define NFS_PROGRAM ((unsigned long)(100003)) +#define NFS_VERSION ((unsigned long)(2)) + +extern void nfs_program_2(struct svc_req *rqstp, SVCXPRT *transp); +#define NFSPROC_NULL ((unsigned long)(0)) +extern void * nfsproc_null_2(void *, CLIENT *); +extern void * nfsproc_null_2_svc(void *, struct svc_req *); +#define NFSPROC_GETATTR ((unsigned long)(1)) +extern attrstat * nfsproc_getattr_2(nfs_fh *, CLIENT *); +extern attrstat * nfsproc_getattr_2_svc(nfs_fh *, struct svc_req *); +#define NFSPROC_SETATTR ((unsigned long)(2)) +extern attrstat * nfsproc_setattr_2(sattrargs *, CLIENT *); +extern attrstat * nfsproc_setattr_2_svc(sattrargs *, struct svc_req *); +#define NFSPROC_ROOT ((unsigned long)(3)) +extern void * nfsproc_root_2(void *, CLIENT *); +extern void * nfsproc_root_2_svc(void *, struct svc_req *); +#define NFSPROC_LOOKUP ((unsigned long)(4)) +extern diropres * nfsproc_lookup_2(diropargs *, CLIENT *); +extern diropres * nfsproc_lookup_2_svc(diropargs *, struct svc_req *); +#define NFSPROC_READLINK ((unsigned long)(5)) +extern readlinkres * nfsproc_readlink_2(nfs_fh *, CLIENT *); +extern readlinkres * nfsproc_readlink_2_svc(nfs_fh *, struct svc_req *); +#define NFSPROC_READ ((unsigned long)(6)) +extern readres * nfsproc_read_2(readargs *, CLIENT *); +extern readres * nfsproc_read_2_svc(readargs *, struct svc_req *); +#define NFSPROC_WRITECACHE ((unsigned long)(7)) +extern void * nfsproc_writecache_2(void *, CLIENT *); +extern void * nfsproc_writecache_2_svc(void *, struct svc_req *); +#define NFSPROC_WRITE ((unsigned long)(8)) +extern attrstat * nfsproc_write_2(writeargs *, CLIENT *); +extern attrstat * nfsproc_write_2_svc(writeargs *, struct svc_req *); +#define NFSPROC_CREATE ((unsigned long)(9)) +extern diropres * nfsproc_create_2(createargs *, CLIENT *); +extern diropres * nfsproc_create_2_svc(createargs *, struct svc_req *); +#define NFSPROC_REMOVE ((unsigned long)(10)) +extern nfsstat * nfsproc_remove_2(diropargs *, CLIENT *); +extern nfsstat * nfsproc_remove_2_svc(diropargs *, struct svc_req *); +#define NFSPROC_RENAME ((unsigned long)(11)) +extern nfsstat * nfsproc_rename_2(renameargs *, CLIENT *); +extern nfsstat * nfsproc_rename_2_svc(renameargs *, struct svc_req *); +#define NFSPROC_LINK ((unsigned long)(12)) +extern nfsstat * nfsproc_link_2(linkargs *, CLIENT *); +extern nfsstat * nfsproc_link_2_svc(linkargs *, struct svc_req *); +#define NFSPROC_SYMLINK ((unsigned long)(13)) +extern nfsstat * nfsproc_symlink_2(symlinkargs *, CLIENT *); +extern nfsstat * nfsproc_symlink_2_svc(symlinkargs *, struct svc_req *); +#define NFSPROC_MKDIR ((unsigned long)(14)) +extern diropres * nfsproc_mkdir_2(createargs *, CLIENT *); +extern diropres * nfsproc_mkdir_2_svc(createargs *, struct svc_req *); +#define NFSPROC_RMDIR ((unsigned long)(15)) +extern nfsstat * nfsproc_rmdir_2(diropargs *, CLIENT *); +extern nfsstat * nfsproc_rmdir_2_svc(diropargs *, struct svc_req *); +#define NFSPROC_READDIR ((unsigned long)(16)) +extern readdirres * nfsproc_readdir_2(readdirargs *, CLIENT *); +extern readdirres * nfsproc_readdir_2_svc(readdirargs *, struct svc_req *); +#define NFSPROC_STATFS ((unsigned long)(17)) +extern statfsres * nfsproc_statfs_2(nfs_fh *, CLIENT *); +extern statfsres * nfsproc_statfs_2_svc(nfs_fh *, struct svc_req *); +extern int nfs_program_2_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +#define NFS3_PROGRAM ((unsigned long)(100003)) +#define NFS_V3 ((unsigned long)(3)) + +extern void nfs3_program_3(struct svc_req *rqstp, SVCXPRT *transp); +#define NFSPROC3_NULL ((unsigned long)(0)) +extern void * nfsproc3_null_3(void *, CLIENT *); +extern void * nfsproc3_null_3_svc(void *, struct svc_req *); +#define NFSPROC3_GETATTR ((unsigned long)(1)) +extern GETATTR3res * nfsproc3_getattr_3(GETATTR3args *, CLIENT *); +extern GETATTR3res * nfsproc3_getattr_3_svc(GETATTR3args *, struct svc_req *); +#define NFSPROC3_SETATTR ((unsigned long)(2)) +extern SETATTR3res * nfsproc3_setattr_3(SETATTR3args *, CLIENT *); +extern SETATTR3res * nfsproc3_setattr_3_svc(SETATTR3args *, struct svc_req *); +#define NFSPROC3_LOOKUP ((unsigned long)(3)) +extern LOOKUP3res * nfsproc3_lookup_3(LOOKUP3args *, CLIENT *); +extern LOOKUP3res * nfsproc3_lookup_3_svc(LOOKUP3args *, struct svc_req *); +#define NFSPROC3_ACCESS ((unsigned long)(4)) +extern ACCESS3res * nfsproc3_access_3(ACCESS3args *, CLIENT *); +extern ACCESS3res * nfsproc3_access_3_svc(ACCESS3args *, struct svc_req *); +#define NFSPROC3_READLINK ((unsigned long)(5)) +extern READLINK3res * nfsproc3_readlink_3(READLINK3args *, CLIENT *); +extern READLINK3res * nfsproc3_readlink_3_svc(READLINK3args *, struct svc_req *); +#define NFSPROC3_READ ((unsigned long)(6)) +extern READ3res * nfsproc3_read_3(READ3args *, CLIENT *); +extern READ3res * nfsproc3_read_3_svc(READ3args *, struct svc_req *); +#define NFSPROC3_WRITE ((unsigned long)(7)) +extern WRITE3res * nfsproc3_write_3(WRITE3args *, CLIENT *); +extern WRITE3res * nfsproc3_write_3_svc(WRITE3args *, struct svc_req *); +#define NFSPROC3_CREATE ((unsigned long)(8)) +extern CREATE3res * nfsproc3_create_3(CREATE3args *, CLIENT *); +extern CREATE3res * nfsproc3_create_3_svc(CREATE3args *, struct svc_req *); +#define NFSPROC3_MKDIR ((unsigned long)(9)) +extern MKDIR3res * nfsproc3_mkdir_3(MKDIR3args *, CLIENT *); +extern MKDIR3res * nfsproc3_mkdir_3_svc(MKDIR3args *, struct svc_req *); +#define NFSPROC3_SYMLINK ((unsigned long)(10)) +extern SYMLINK3res * nfsproc3_symlink_3(SYMLINK3args *, CLIENT *); +extern SYMLINK3res * nfsproc3_symlink_3_svc(SYMLINK3args *, struct svc_req *); +#define NFSPROC3_MKNOD ((unsigned long)(11)) +extern MKNOD3res * nfsproc3_mknod_3(MKNOD3args *, CLIENT *); +extern MKNOD3res * nfsproc3_mknod_3_svc(MKNOD3args *, struct svc_req *); +#define NFSPROC3_REMOVE ((unsigned long)(12)) +extern REMOVE3res * nfsproc3_remove_3(REMOVE3args *, CLIENT *); +extern REMOVE3res * nfsproc3_remove_3_svc(REMOVE3args *, struct svc_req *); +#define NFSPROC3_RMDIR ((unsigned long)(13)) +extern RMDIR3res * nfsproc3_rmdir_3(RMDIR3args *, CLIENT *); +extern RMDIR3res * nfsproc3_rmdir_3_svc(RMDIR3args *, struct svc_req *); +#define NFSPROC3_RENAME ((unsigned long)(14)) +extern RENAME3res * nfsproc3_rename_3(RENAME3args *, CLIENT *); +extern RENAME3res * nfsproc3_rename_3_svc(RENAME3args *, struct svc_req *); +#define NFSPROC3_LINK ((unsigned long)(15)) +extern LINK3res * nfsproc3_link_3(LINK3args *, CLIENT *); +extern LINK3res * nfsproc3_link_3_svc(LINK3args *, struct svc_req *); +#define NFSPROC3_READDIR ((unsigned long)(16)) +extern READDIR3res * nfsproc3_readdir_3(READDIR3args *, CLIENT *); +extern READDIR3res * nfsproc3_readdir_3_svc(READDIR3args *, struct svc_req *); +#define NFSPROC3_READDIRPLUS ((unsigned long)(17)) +extern READDIRPLUS3res * nfsproc3_readdirplus_3(READDIRPLUS3args *, CLIENT *); +extern READDIRPLUS3res * nfsproc3_readdirplus_3_svc(READDIRPLUS3args *, struct svc_req *); +#define NFSPROC3_FSSTAT ((unsigned long)(18)) +extern FSSTAT3res * nfsproc3_fsstat_3(FSSTAT3args *, CLIENT *); +extern FSSTAT3res * nfsproc3_fsstat_3_svc(FSSTAT3args *, struct svc_req *); +#define NFSPROC3_FSINFO ((unsigned long)(19)) +extern FSINFO3res * nfsproc3_fsinfo_3(FSINFO3args *, CLIENT *); +extern FSINFO3res * nfsproc3_fsinfo_3_svc(FSINFO3args *, struct svc_req *); +#define NFSPROC3_PATHCONF ((unsigned long)(20)) +extern PATHCONF3res * nfsproc3_pathconf_3(PATHCONF3args *, CLIENT *); +extern PATHCONF3res * nfsproc3_pathconf_3_svc(PATHCONF3args *, struct svc_req *); +#define NFSPROC3_COMMIT ((unsigned long)(21)) +extern COMMIT3res * nfsproc3_commit_3(COMMIT3args *, CLIENT *); +extern COMMIT3res * nfsproc3_commit_3_svc(COMMIT3args *, struct svc_req *); +extern int nfs3_program_3_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_nfsstat(XDR *, nfsstat*); +extern bool_t xdr_ftype(XDR *, ftype*); +extern bool_t xdr_nfs_fh(XDR *, nfs_fh*); +extern bool_t xdr_nfstime(XDR *, nfstime*); +extern bool_t xdr_fattr(XDR *, fattr*); +extern bool_t xdr_sattr(XDR *, sattr*); +extern bool_t xdr_filename(XDR *, filename*); +extern bool_t xdr_nfspath(XDR *, nfspath*); +extern bool_t xdr_attrstat(XDR *, attrstat*); +extern bool_t xdr_sattrargs(XDR *, sattrargs*); +extern bool_t xdr_diropargs(XDR *, diropargs*); +extern bool_t xdr_diropokres(XDR *, diropokres*); +extern bool_t xdr_diropres(XDR *, diropres*); +extern bool_t xdr_readlinkres(XDR *, readlinkres*); +extern bool_t xdr_readargs(XDR *, readargs*); +extern bool_t xdr_readokres(XDR *, readokres*); +extern bool_t xdr_readres(XDR *, readres*); +extern bool_t xdr_writeargs(XDR *, writeargs*); +extern bool_t xdr_createargs(XDR *, createargs*); +extern bool_t xdr_renameargs(XDR *, renameargs*); +extern bool_t xdr_linkargs(XDR *, linkargs*); +extern bool_t xdr_symlinkargs(XDR *, symlinkargs*); +extern bool_t xdr_nfscookie(XDR *, nfscookie); +extern bool_t xdr_readdirargs(XDR *, readdirargs*); +extern bool_t xdr_entry(XDR *, entry*); +extern bool_t xdr_dirlist(XDR *, dirlist*); +extern bool_t xdr_readdirres(XDR *, readdirres*); +extern bool_t xdr_statfsokres(XDR *, statfsokres*); +extern bool_t xdr_statfsres(XDR *, statfsres*); +extern bool_t xdr_uint64(XDR *, uint64*); +extern bool_t xdr_int64(XDR *, int64*); +extern bool_t xdr_uint32(XDR *, uint32*); +extern bool_t xdr_int32(XDR *, int32*); +extern bool_t xdr_filename3(XDR *, filename3*); +extern bool_t xdr_nfspath3(XDR *, nfspath3*); +extern bool_t xdr_fileid3(XDR *, fileid3*); +extern bool_t xdr_cookie3(XDR *, cookie3*); +extern bool_t xdr_cookieverf3(XDR *, cookieverf3); +extern bool_t xdr_createverf3(XDR *, createverf3); +extern bool_t xdr_writeverf3(XDR *, writeverf3); +extern bool_t xdr_uid3(XDR *, uid3*); +extern bool_t xdr_gid3(XDR *, gid3*); +extern bool_t xdr_size3(XDR *, size3*); +extern bool_t xdr_offset3(XDR *, offset3*); +extern bool_t xdr_mode3(XDR *, mode3*); +extern bool_t xdr_count3(XDR *, count3*); +extern bool_t xdr_nfsstat3(XDR *, nfsstat3*); +extern bool_t xdr_ftype3(XDR *, ftype3*); +extern bool_t xdr_specdata3(XDR *, specdata3*); +extern bool_t xdr_nfs_fh3(XDR *, nfs_fh3*); +extern bool_t xdr_nfstime3(XDR *, nfstime3*); +extern bool_t xdr_fattr3(XDR *, fattr3*); +extern bool_t xdr_post_op_attr(XDR *, post_op_attr*); +extern bool_t xdr_wcc_attr(XDR *, wcc_attr*); +extern bool_t xdr_pre_op_attr(XDR *, pre_op_attr*); +extern bool_t xdr_wcc_data(XDR *, wcc_data*); +extern bool_t xdr_post_op_fh3(XDR *, post_op_fh3*); +extern bool_t xdr_time_how(XDR *, time_how*); +extern bool_t xdr_set_mode3(XDR *, set_mode3*); +extern bool_t xdr_set_uid3(XDR *, set_uid3*); +extern bool_t xdr_set_gid3(XDR *, set_gid3*); +extern bool_t xdr_set_size3(XDR *, set_size3*); +extern bool_t xdr_set_atime(XDR *, set_atime*); +extern bool_t xdr_set_mtime(XDR *, set_mtime*); +extern bool_t xdr_sattr3(XDR *, sattr3*); +extern bool_t xdr_diropargs3(XDR *, diropargs3*); +extern bool_t xdr_GETATTR3args(XDR *, GETATTR3args*); +extern bool_t xdr_GETATTR3resok(XDR *, GETATTR3resok*); +extern bool_t xdr_GETATTR3res(XDR *, GETATTR3res*); +extern bool_t xdr_sattrguard3(XDR *, sattrguard3*); +extern bool_t xdr_SETATTR3args(XDR *, SETATTR3args*); +extern bool_t xdr_SETATTR3resok(XDR *, SETATTR3resok*); +extern bool_t xdr_SETATTR3resfail(XDR *, SETATTR3resfail*); +extern bool_t xdr_SETATTR3res(XDR *, SETATTR3res*); +extern bool_t xdr_LOOKUP3args(XDR *, LOOKUP3args*); +extern bool_t xdr_LOOKUP3resok(XDR *, LOOKUP3resok*); +extern bool_t xdr_LOOKUP3resfail(XDR *, LOOKUP3resfail*); +extern bool_t xdr_LOOKUP3res(XDR *, LOOKUP3res*); +extern bool_t xdr_ACCESS3args(XDR *, ACCESS3args*); +extern bool_t xdr_ACCESS3resok(XDR *, ACCESS3resok*); +extern bool_t xdr_ACCESS3resfail(XDR *, ACCESS3resfail*); +extern bool_t xdr_ACCESS3res(XDR *, ACCESS3res*); +extern bool_t xdr_READLINK3args(XDR *, READLINK3args*); +extern bool_t xdr_READLINK3resok(XDR *, READLINK3resok*); +extern bool_t xdr_READLINK3resfail(XDR *, READLINK3resfail*); +extern bool_t xdr_READLINK3res(XDR *, READLINK3res*); +extern bool_t xdr_READ3args(XDR *, READ3args*); +extern bool_t xdr_READ3resok(XDR *, READ3resok*); +extern bool_t xdr_READ3resfail(XDR *, READ3resfail*); +extern bool_t xdr_READ3res(XDR *, READ3res*); +extern bool_t xdr_stable_how(XDR *, stable_how*); +extern bool_t xdr_WRITE3args(XDR *, WRITE3args*); +extern bool_t xdr_WRITE3resok(XDR *, WRITE3resok*); +extern bool_t xdr_WRITE3resfail(XDR *, WRITE3resfail*); +extern bool_t xdr_WRITE3res(XDR *, WRITE3res*); +extern bool_t xdr_createmode3(XDR *, createmode3*); +extern bool_t xdr_createhow3(XDR *, createhow3*); +extern bool_t xdr_CREATE3args(XDR *, CREATE3args*); +extern bool_t xdr_CREATE3resok(XDR *, CREATE3resok*); +extern bool_t xdr_CREATE3resfail(XDR *, CREATE3resfail*); +extern bool_t xdr_CREATE3res(XDR *, CREATE3res*); +extern bool_t xdr_MKDIR3args(XDR *, MKDIR3args*); +extern bool_t xdr_MKDIR3resok(XDR *, MKDIR3resok*); +extern bool_t xdr_MKDIR3resfail(XDR *, MKDIR3resfail*); +extern bool_t xdr_MKDIR3res(XDR *, MKDIR3res*); +extern bool_t xdr_symlinkdata3(XDR *, symlinkdata3*); +extern bool_t xdr_SYMLINK3args(XDR *, SYMLINK3args*); +extern bool_t xdr_SYMLINK3resok(XDR *, SYMLINK3resok*); +extern bool_t xdr_SYMLINK3resfail(XDR *, SYMLINK3resfail*); +extern bool_t xdr_SYMLINK3res(XDR *, SYMLINK3res*); +extern bool_t xdr_devicedata3(XDR *, devicedata3*); +extern bool_t xdr_mknoddata3(XDR *, mknoddata3*); +extern bool_t xdr_MKNOD3args(XDR *, MKNOD3args*); +extern bool_t xdr_MKNOD3resok(XDR *, MKNOD3resok*); +extern bool_t xdr_MKNOD3resfail(XDR *, MKNOD3resfail*); +extern bool_t xdr_MKNOD3res(XDR *, MKNOD3res*); +extern bool_t xdr_REMOVE3args(XDR *, REMOVE3args*); +extern bool_t xdr_REMOVE3resok(XDR *, REMOVE3resok*); +extern bool_t xdr_REMOVE3resfail(XDR *, REMOVE3resfail*); +extern bool_t xdr_REMOVE3res(XDR *, REMOVE3res*); +extern bool_t xdr_RMDIR3args(XDR *, RMDIR3args*); +extern bool_t xdr_RMDIR3resok(XDR *, RMDIR3resok*); +extern bool_t xdr_RMDIR3resfail(XDR *, RMDIR3resfail*); +extern bool_t xdr_RMDIR3res(XDR *, RMDIR3res*); +extern bool_t xdr_RENAME3args(XDR *, RENAME3args*); +extern bool_t xdr_RENAME3resok(XDR *, RENAME3resok*); +extern bool_t xdr_RENAME3resfail(XDR *, RENAME3resfail*); +extern bool_t xdr_RENAME3res(XDR *, RENAME3res*); +extern bool_t xdr_LINK3args(XDR *, LINK3args*); +extern bool_t xdr_LINK3resok(XDR *, LINK3resok*); +extern bool_t xdr_LINK3resfail(XDR *, LINK3resfail*); +extern bool_t xdr_LINK3res(XDR *, LINK3res*); +extern bool_t xdr_READDIR3args(XDR *, READDIR3args*); +extern bool_t xdr_entry3(XDR *, entry3*); +extern bool_t xdr_dirlist3(XDR *, dirlist3*); +extern bool_t xdr_READDIR3resok(XDR *, READDIR3resok*); +extern bool_t xdr_READDIR3resfail(XDR *, READDIR3resfail*); +extern bool_t xdr_READDIR3res(XDR *, READDIR3res*); +extern bool_t xdr_READDIRPLUS3args(XDR *, READDIRPLUS3args*); +extern bool_t xdr_entryplus3(XDR *, entryplus3*); +extern bool_t xdr_dirlistplus3(XDR *, dirlistplus3*); +extern bool_t xdr_READDIRPLUS3resok(XDR *, READDIRPLUS3resok*); +extern bool_t xdr_READDIRPLUS3resfail(XDR *, READDIRPLUS3resfail*); +extern bool_t xdr_READDIRPLUS3res(XDR *, READDIRPLUS3res*); +extern bool_t xdr_FSSTAT3args(XDR *, FSSTAT3args*); +extern bool_t xdr_FSSTAT3resok(XDR *, FSSTAT3resok*); +extern bool_t xdr_FSSTAT3resfail(XDR *, FSSTAT3resfail*); +extern bool_t xdr_FSSTAT3res(XDR *, FSSTAT3res*); +extern bool_t xdr_FSINFO3args(XDR *, FSINFO3args*); +extern bool_t xdr_FSINFO3resok(XDR *, FSINFO3resok*); +extern bool_t xdr_FSINFO3resfail(XDR *, FSINFO3resfail*); +extern bool_t xdr_FSINFO3res(XDR *, FSINFO3res*); +extern bool_t xdr_PATHCONF3args(XDR *, PATHCONF3args*); +extern bool_t xdr_PATHCONF3resok(XDR *, PATHCONF3resok*); +extern bool_t xdr_PATHCONF3resfail(XDR *, PATHCONF3resfail*); +extern bool_t xdr_PATHCONF3res(XDR *, PATHCONF3res*); +extern bool_t xdr_COMMIT3args(XDR *, COMMIT3args*); +extern bool_t xdr_COMMIT3resok(XDR *, COMMIT3resok*); +extern bool_t xdr_COMMIT3resfail(XDR *, COMMIT3resfail*); +extern bool_t xdr_COMMIT3res(XDR *, COMMIT3res*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_NFS_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/nis.h b/include/rpcsvc/nis.h new file mode 100644 index 0000000000..20b28efe87 --- /dev/null +++ b/include/rpcsvc/nis.h @@ -0,0 +1,693 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _NIS_H_RPCGEN +#define _NIS_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + * + * $FreeBSD: src/include/rpcsvc/nis.x,v 1.6 2003/05/04 02:51:42 obrien Exp $ + * $DragonFly: src/include/rpcsvc/nis.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ +/* + * nis.h + * + * This file is the main include file for NIS clients. It contains + * both the client library function defines and the various data + * structures used by the NIS service. It includes the file nis_tags.h + * which defines the tag values. This allows the tags to change without + * having to change the nis.x file. + * + * NOTE : DO NOT EDIT THIS FILE! It is automatically generated when + * rpcgen is run on the nis.x file. Note that there is a + * simple sed script to remove some unneeded lines. (See the + * Makefile target nis.h) + * + */ +#include +#include +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + * + * @(#)nis_object.x 1.10 94/05/03 SMI + * $DragonFly: src/include/rpcsvc/nis_object.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ + +#ifndef __nis_object_h +#define __nis_object_h + +#define NIS_MAXSTRINGLEN 255 +#define NIS_MAXNAMELEN 1024 +#define NIS_MAXATTRNAME 32 +#define NIS_MAXATTRVAL 2048 +#define NIS_MAXCOLUMNS 64 +#define NIS_MAXATTR 16 +#define NIS_MAXPATH 1024 +#define NIS_MAXREPLICAS 128 +#define NIS_MAXLINKS 16 +#define NIS_PK_NONE 0 +#define NIS_PK_DH 1 +#define NIS_PK_RSA 2 +#define NIS_PK_KERB 3 + +struct nis_attr { + char *zattr_ndx; + struct { + u_int zattr_val_len; + char *zattr_val_val; + } zattr_val; +}; +typedef struct nis_attr nis_attr; + +typedef char *nis_name; + +enum zotypes { + BOGUS_OBJ = 0, + NO_OBJ = 1, + DIRECTORY_OBJ = 2, + GROUP_OBJ = 3, + TABLE_OBJ = 4, + ENTRY_OBJ = 5, + LINK_OBJ = 6, + PRIVATE_OBJ = 7 +}; +typedef enum zotypes zotypes; + +enum nstype { + UNKNOWN = 0, + NIS = 1, + SUNYP = 2, + IVY = 3, + DNS = 4, + X500 = 5, + DNANS = 6, + XCHS = 7, + CDS = 8 +}; +typedef enum nstype nstype; + +struct oar_mask { + u_long oa_rights; + zotypes oa_otype; +}; +typedef struct oar_mask oar_mask; + +struct endpoint { + char *uaddr; + char *family; + char *proto; +}; +typedef struct endpoint endpoint; + +struct nis_server { + nis_name name; + struct { + u_int ep_len; + endpoint *ep_val; + } ep; + u_long key_type; + netobj pkey; +}; +typedef struct nis_server nis_server; + +struct directory_obj { + nis_name do_name; + nstype do_type; + struct { + u_int do_servers_len; + nis_server *do_servers_val; + } do_servers; + u_long do_ttl; + struct { + u_int do_armask_len; + oar_mask *do_armask_val; + } do_armask; +}; +typedef struct directory_obj directory_obj; +#define EN_BINARY 1 +#define EN_CRYPT 2 +#define EN_XDR 4 +#define EN_MODIFIED 8 +#define EN_ASN1 64 + +struct entry_col { + u_long ec_flags; + struct { + u_int ec_value_len; + char *ec_value_val; + } ec_value; +}; +typedef struct entry_col entry_col; + +struct entry_obj { + char *en_type; + struct { + u_int en_cols_len; + entry_col *en_cols_val; + } en_cols; +}; +typedef struct entry_obj entry_obj; + +struct group_obj { + u_long gr_flags; + struct { + u_int gr_members_len; + nis_name *gr_members_val; + } gr_members; +}; +typedef struct group_obj group_obj; + +struct link_obj { + zotypes li_rtype; + struct { + u_int li_attrs_len; + nis_attr *li_attrs_val; + } li_attrs; + nis_name li_name; +}; +typedef struct link_obj link_obj; +#define TA_BINARY 1 +#define TA_CRYPT 2 +#define TA_XDR 4 +#define TA_SEARCHABLE 8 +#define TA_CASE 16 +#define TA_MODIFIED 32 +#define TA_ASN1 64 + +struct table_col { + char *tc_name; + u_long tc_flags; + u_long tc_rights; +}; +typedef struct table_col table_col; + +struct table_obj { + char *ta_type; + int ta_maxcol; + u_char ta_sep; + struct { + u_int ta_cols_len; + table_col *ta_cols_val; + } ta_cols; + char *ta_path; +}; +typedef struct table_obj table_obj; + +struct objdata { + zotypes zo_type; + union { + struct directory_obj di_data; + struct group_obj gr_data; + struct table_obj ta_data; + struct entry_obj en_data; + struct link_obj li_data; + struct { + u_int po_data_len; + char *po_data_val; + } po_data; + } objdata_u; +}; +typedef struct objdata objdata; + +struct nis_oid { + u_long ctime; + u_long mtime; +}; +typedef struct nis_oid nis_oid; + +struct nis_object { + nis_oid zo_oid; + nis_name zo_name; + nis_name zo_owner; + nis_name zo_group; + nis_name zo_domain; + u_long zo_access; + u_long zo_ttl; + objdata zo_data; +}; +typedef struct nis_object nis_object; + +#endif /* if __nis_object_h */ + + +enum nis_error { + NIS_SUCCESS = 0, + NIS_S_SUCCESS = 1, + NIS_NOTFOUND = 2, + NIS_S_NOTFOUND = 3, + NIS_CACHEEXPIRED = 4, + NIS_NAMEUNREACHABLE = 5, + NIS_UNKNOWNOBJ = 6, + NIS_TRYAGAIN = 7, + NIS_SYSTEMERROR = 8, + NIS_CHAINBROKEN = 9, + NIS_PERMISSION = 10, + NIS_NOTOWNER = 11, + NIS_NOT_ME = 12, + NIS_NOMEMORY = 13, + NIS_NAMEEXISTS = 14, + NIS_NOTMASTER = 15, + NIS_INVALIDOBJ = 16, + NIS_BADNAME = 17, + NIS_NOCALLBACK = 18, + NIS_CBRESULTS = 19, + NIS_NOSUCHNAME = 20, + NIS_NOTUNIQUE = 21, + NIS_IBMODERROR = 22, + NIS_NOSUCHTABLE = 23, + NIS_TYPEMISMATCH = 24, + NIS_LINKNAMEERROR = 25, + NIS_PARTIAL = 26, + NIS_TOOMANYATTRS = 27, + NIS_RPCERROR = 28, + NIS_BADATTRIBUTE = 29, + NIS_NOTSEARCHABLE = 30, + NIS_CBERROR = 31, + NIS_FOREIGNNS = 32, + NIS_BADOBJECT = 33, + NIS_NOTSAMEOBJ = 34, + NIS_MODFAIL = 35, + NIS_BADREQUEST = 36, + NIS_NOTEMPTY = 37, + NIS_COLDSTART_ERR = 38, + NIS_RESYNC = 39, + NIS_FAIL = 40, + NIS_UNAVAIL = 41, + NIS_RES2BIG = 42, + NIS_SRVAUTH = 43, + NIS_CLNTAUTH = 44, + NIS_NOFILESPACE = 45, + NIS_NOPROC = 46, + NIS_DUMPLATER = 47 +}; +typedef enum nis_error nis_error; + +struct nis_result { + nis_error status; + struct { + u_int objects_len; + nis_object *objects_val; + } objects; + netobj cookie; + u_long zticks; + u_long dticks; + u_long aticks; + u_long cticks; +}; +typedef struct nis_result nis_result; + +struct ns_request { + nis_name ns_name; + struct { + u_int ns_object_len; + nis_object *ns_object_val; + } ns_object; +}; +typedef struct ns_request ns_request; + +struct ib_request { + nis_name ibr_name; + struct { + u_int ibr_srch_len; + nis_attr *ibr_srch_val; + } ibr_srch; + u_long ibr_flags; + struct { + u_int ibr_obj_len; + nis_object *ibr_obj_val; + } ibr_obj; + struct { + u_int ibr_cbhost_len; + nis_server *ibr_cbhost_val; + } ibr_cbhost; + u_long ibr_bufsize; + netobj ibr_cookie; +}; +typedef struct ib_request ib_request; + +struct ping_args { + nis_name dir; + u_long stamp; +}; +typedef struct ping_args ping_args; + +enum log_entry_t { + LOG_NOP = 0, + ADD_NAME = 1, + REM_NAME = 2, + MOD_NAME_OLD = 3, + MOD_NAME_NEW = 4, + ADD_IBASE = 5, + REM_IBASE = 6, + MOD_IBASE = 7, + UPD_STAMP = 8 +}; +typedef enum log_entry_t log_entry_t; + +struct log_entry { + u_long le_time; + log_entry_t le_type; + nis_name le_princp; + nis_name le_name; + struct { + u_int le_attrs_len; + nis_attr *le_attrs_val; + } le_attrs; + nis_object le_object; +}; +typedef struct log_entry log_entry; + +struct log_result { + nis_error lr_status; + netobj lr_cookie; + struct { + u_int lr_entries_len; + log_entry *lr_entries_val; + } lr_entries; +}; +typedef struct log_result log_result; + +struct cp_result { + nis_error cp_status; + u_long cp_zticks; + u_long cp_dticks; +}; +typedef struct cp_result cp_result; + +struct nis_tag { + u_long tag_type; + char *tag_val; +}; +typedef struct nis_tag nis_tag; + +struct nis_taglist { + struct { + u_int tags_len; + nis_tag *tags_val; + } tags; +}; +typedef struct nis_taglist nis_taglist; + +struct dump_args { + nis_name da_dir; + u_long da_time; + struct { + u_int da_cbhost_len; + nis_server *da_cbhost_val; + } da_cbhost; +}; +typedef struct dump_args dump_args; + +struct fd_args { + nis_name dir_name; + nis_name requester; +}; +typedef struct fd_args fd_args; + +struct fd_result { + nis_error status; + nis_name source; + struct { + u_int dir_data_len; + char *dir_data_val; + } dir_data; + struct { + u_int signature_len; + char *signature_val; + } signature; +}; +typedef struct fd_result fd_result; +/* + * Generic "hash" datastructures, used by all types of hashed data. + */ +struct nis_hash_data { + nis_name name; /* NIS name of hashed item */ + int keychain; /* It's hash key (for pop) */ + struct nis_hash_data *next; /* Hash collision pointer */ + struct nis_hash_data *prv_item; /* A serial, doubly linked list */ + struct nis_hash_data *nxt_item; /* of items in the hash table */ +}; +typedef struct nis_hash_data NIS_HASH_ITEM; + +struct nis_hash_table { + NIS_HASH_ITEM *keys[64]; /* A hash table of items */ + NIS_HASH_ITEM *first; /* The first "item" in serial list */ +}; +typedef struct nis_hash_table NIS_HASH_TABLE; + +/* Structure for storing dynamically allocated static data */ +struct nis_sdata { + void *buf; /* Memory allocation pointer */ + u_long size; /* Buffer size */ +}; + +/* Generic client creating flags */ +#define ZMH_VC 1 +#define ZMH_DG 2 +#define ZMH_AUTH 4 + +/* Testing Access rights for objects */ + +#define NIS_READ_ACC 1 +#define NIS_MODIFY_ACC 2 +#define NIS_CREATE_ACC 4 +#define NIS_DESTROY_ACC 8 +/* Test macros. a == access rights, m == desired rights. */ +#define WORLD(a, m) (((a) & (m)) != 0) +#define GROUP(a, m) (((a) & ((m) << 8)) != 0) +#define OWNER(a, m) (((a) & ((m) << 16)) != 0) +#define NOBODY(a, m) (((a) & ((m) << 24)) != 0) + +#define OATYPE(d, n) (((d)->do_armask.do_armask_val+n)->oa_otype) +#define OARIGHTS(d, n) (((d)->do_armask.do_armask_val+n)->oa_rights) +#define WORLD_DEFAULT (NIS_READ_ACC) +#define GROUP_DEFAULT (NIS_READ_ACC << 8) +#define OWNER_DEFAULT ((NIS_READ_ACC + NIS_MODIFY_ACC + NIS_CREATE_ACC + NIS_DESTROY_ACC) << 16) +#define DEFAULT_RIGHTS (WORLD_DEFAULT | GROUP_DEFAULT | OWNER_DEFAULT) + +/* Result manipulation defines ... */ +#define NIS_RES_NUMOBJ(x) ((x)->objects.objects_len) +#define NIS_RES_OBJECT(x) ((x)->objects.objects_val) +#define NIS_RES_COOKIE(x) ((x)->cookie) +#define NIS_RES_STATUS(x) ((x)->status) + +/* These defines make getting at the variant part of the object easier. */ +#define TA_data zo_data.objdata_u.ta_data +#define EN_data zo_data.objdata_u.en_data +#define DI_data zo_data.objdata_u.di_data +#define LI_data zo_data.objdata_u.li_data +#define GR_data zo_data.objdata_u.gr_data + +#define __type_of(o) ((o)->zo_data.zo_type) + +/* Declarations for the internal subroutines in nislib.c */ +enum name_pos {SAME_NAME, HIGHER_NAME, LOWER_NAME, NOT_SEQUENTIAL, BAD_NAME}; +typedef enum name_pos name_pos; + +/* + * Defines for getting at column data in entry objects. Because RPCGEN + * generates some rather wordy structures, we create some defines that + * collapse the needed keystrokes to access a particular value using + * these definitions they take an nis_object *, and an int and return + * a u_char * for Value, and an int for length. + */ +#define ENTRY_VAL(obj, col) (obj)->EN_data.en_cols.en_cols_val[col].ec_value.ec_value_val +#define ENTRY_LEN(obj, col) (obj)->EN_data.en_cols.en_cols_val[col].ec_value.ec_value_len + +#ifdef __cplusplus +} +#endif + +/* Prototypes, and extern declarations for the NIS library functions. */ +#include +#endif /* __NIS_RPCGEN_H */ +/* EDIT_START */ + +/* + * nis_3.h + * + * This file contains definitions that are only of interest to the actual + * service daemon and client stubs. Normal users of NIS will not include + * this file. + * + * NOTE : This include file is automatically created by a combination + * of rpcgen and sed. DO NOT EDIT IT, change the nis.x file instead + * and then remake this file. + */ +#ifndef __nis_3_h +#define __nis_3_h +#ifdef __cplusplus +extern "C" { +#endif + +#define NIS_PROG ((unsigned long)(100300)) +#define NIS_VERSION ((unsigned long)(3)) + +extern void nis_prog_3(struct svc_req *rqstp, SVCXPRT *transp); +#define NIS_LOOKUP ((unsigned long)(1)) +extern nis_result * nis_lookup_3(ns_request *, CLIENT *); +extern nis_result * nis_lookup_3_svc(ns_request *, struct svc_req *); +#define NIS_ADD ((unsigned long)(2)) +extern nis_result * nis_add_3(ns_request *, CLIENT *); +extern nis_result * nis_add_3_svc(ns_request *, struct svc_req *); +#define NIS_MODIFY ((unsigned long)(3)) +extern nis_result * nis_modify_3(ns_request *, CLIENT *); +extern nis_result * nis_modify_3_svc(ns_request *, struct svc_req *); +#define NIS_REMOVE ((unsigned long)(4)) +extern nis_result * nis_remove_3(ns_request *, CLIENT *); +extern nis_result * nis_remove_3_svc(ns_request *, struct svc_req *); +#define NIS_IBLIST ((unsigned long)(5)) +extern nis_result * nis_iblist_3(ib_request *, CLIENT *); +extern nis_result * nis_iblist_3_svc(ib_request *, struct svc_req *); +#define NIS_IBADD ((unsigned long)(6)) +extern nis_result * nis_ibadd_3(ib_request *, CLIENT *); +extern nis_result * nis_ibadd_3_svc(ib_request *, struct svc_req *); +#define NIS_IBMODIFY ((unsigned long)(7)) +extern nis_result * nis_ibmodify_3(ib_request *, CLIENT *); +extern nis_result * nis_ibmodify_3_svc(ib_request *, struct svc_req *); +#define NIS_IBREMOVE ((unsigned long)(8)) +extern nis_result * nis_ibremove_3(ib_request *, CLIENT *); +extern nis_result * nis_ibremove_3_svc(ib_request *, struct svc_req *); +#define NIS_IBFIRST ((unsigned long)(9)) +extern nis_result * nis_ibfirst_3(ib_request *, CLIENT *); +extern nis_result * nis_ibfirst_3_svc(ib_request *, struct svc_req *); +#define NIS_IBNEXT ((unsigned long)(10)) +extern nis_result * nis_ibnext_3(ib_request *, CLIENT *); +extern nis_result * nis_ibnext_3_svc(ib_request *, struct svc_req *); +#define NIS_FINDDIRECTORY ((unsigned long)(12)) +extern fd_result * nis_finddirectory_3(fd_args *, CLIENT *); +extern fd_result * nis_finddirectory_3_svc(fd_args *, struct svc_req *); +#define NIS_STATUS ((unsigned long)(14)) +extern nis_taglist * nis_status_3(nis_taglist *, CLIENT *); +extern nis_taglist * nis_status_3_svc(nis_taglist *, struct svc_req *); +#define NIS_DUMPLOG ((unsigned long)(15)) +extern log_result * nis_dumplog_3(dump_args *, CLIENT *); +extern log_result * nis_dumplog_3_svc(dump_args *, struct svc_req *); +#define NIS_DUMP ((unsigned long)(16)) +extern log_result * nis_dump_3(dump_args *, CLIENT *); +extern log_result * nis_dump_3_svc(dump_args *, struct svc_req *); +#define NIS_CALLBACK ((unsigned long)(17)) +extern bool_t * nis_callback_3(netobj *, CLIENT *); +extern bool_t * nis_callback_3_svc(netobj *, struct svc_req *); +#define NIS_CPTIME ((unsigned long)(18)) +extern u_long * nis_cptime_3(nis_name *, CLIENT *); +extern u_long * nis_cptime_3_svc(nis_name *, struct svc_req *); +#define NIS_CHECKPOINT ((unsigned long)(19)) +extern cp_result * nis_checkpoint_3(nis_name *, CLIENT *); +extern cp_result * nis_checkpoint_3_svc(nis_name *, struct svc_req *); +#define NIS_PING ((unsigned long)(20)) +extern void * nis_ping_3(ping_args *, CLIENT *); +extern void * nis_ping_3_svc(ping_args *, struct svc_req *); +#define NIS_SERVSTATE ((unsigned long)(21)) +extern nis_taglist * nis_servstate_3(nis_taglist *, CLIENT *); +extern nis_taglist * nis_servstate_3_svc(nis_taglist *, struct svc_req *); +#define NIS_MKDIR ((unsigned long)(22)) +extern nis_error * nis_mkdir_3(nis_name *, CLIENT *); +extern nis_error * nis_mkdir_3_svc(nis_name *, struct svc_req *); +#define NIS_RMDIR ((unsigned long)(23)) +extern nis_error * nis_rmdir_3(nis_name *, CLIENT *); +extern nis_error * nis_rmdir_3_svc(nis_name *, struct svc_req *); +#define NIS_UPDKEYS ((unsigned long)(24)) +extern nis_error * nis_updkeys_3(nis_name *, CLIENT *); +extern nis_error * nis_updkeys_3_svc(nis_name *, struct svc_req *); +extern int nis_prog_3_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_nis_attr(XDR *, nis_attr*); +extern bool_t xdr_nis_name(XDR *, nis_name*); +extern bool_t xdr_zotypes(XDR *, zotypes*); +extern bool_t xdr_nstype(XDR *, nstype*); +extern bool_t xdr_oar_mask(XDR *, oar_mask*); +extern bool_t xdr_endpoint(XDR *, endpoint*); +extern bool_t xdr_nis_server(XDR *, nis_server*); +extern bool_t xdr_directory_obj(XDR *, directory_obj*); +extern bool_t xdr_entry_col(XDR *, entry_col*); +extern bool_t xdr_entry_obj(XDR *, entry_obj*); +extern bool_t xdr_group_obj(XDR *, group_obj*); +extern bool_t xdr_link_obj(XDR *, link_obj*); +extern bool_t xdr_table_col(XDR *, table_col*); +extern bool_t xdr_table_obj(XDR *, table_obj*); +extern bool_t xdr_objdata(XDR *, objdata*); +extern bool_t xdr_nis_oid(XDR *, nis_oid*); +extern bool_t xdr_nis_object(XDR *, nis_object*); +extern bool_t xdr_nis_error(XDR *, nis_error*); +extern bool_t xdr_nis_result(XDR *, nis_result*); +extern bool_t xdr_ns_request(XDR *, ns_request*); +extern bool_t xdr_ib_request(XDR *, ib_request*); +extern bool_t xdr_ping_args(XDR *, ping_args*); +extern bool_t xdr_log_entry_t(XDR *, log_entry_t*); +extern bool_t xdr_log_entry(XDR *, log_entry*); +extern bool_t xdr_log_result(XDR *, log_result*); +extern bool_t xdr_cp_result(XDR *, cp_result*); +extern bool_t xdr_nis_tag(XDR *, nis_tag*); +extern bool_t xdr_nis_taglist(XDR *, nis_taglist*); +extern bool_t xdr_dump_args(XDR *, dump_args*); +extern bool_t xdr_fd_args(XDR *, fd_args*); +extern bool_t xdr_fd_result(XDR *, fd_result*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_NIS_H_RPCGEN */ diff --git a/include/rpcsvc/nis_cache.h b/include/rpcsvc/nis_cache.h new file mode 100644 index 0000000000..3dd127f55e --- /dev/null +++ b/include/rpcsvc/nis_cache.h @@ -0,0 +1,93 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _NIS_CACHE_H_RPCGEN +#define _NIS_CACHE_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + * + * @(#)nis_cache.x 1.11 94/05/03 SMI + * $FreeBSD: src/include/rpcsvc/nis_cache.x,v 1.3 1999/08/27 23:45:09 peter Exp $ + * $DragonFly: src/include/rpcsvc/nis_cache.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ +#include +#include + +/* default cache file */ +#define CACHEFILE "/var/nis/NIS_SHARED_DIRCACHE" + +/* clients have to read-lock the cache file, and SVR4 locking requires that */ +/* the file be writable, but we don't want a world-writable cache file. */ +/* So... everyone agrees to use a different, world-writable file for the */ +/* locking operations, but the data is in CACHEFILE. */ +#define CACHELOCK "/usr/tmp/.NIS_DIR_CACHELOCK" + +/* the file containing one trusted XDR'ed directory object. + * This has to be present for the system to work. + */ +#define COLD_START_FILE "/var/nis/NIS_COLD_START" + +enum pc_status {HIT, MISS, NEAR_MISS}; + +extern int __nis_debuglevel; + + + +#define CACHEPROG ((unsigned long)(100301)) +#define CACHE_VER_1 ((unsigned long)(1)) + +extern void cacheprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define NIS_CACHE_ADD_ENTRY ((unsigned long)(1)) +extern void * nis_cache_add_entry_1(fd_result *, CLIENT *); +extern void * nis_cache_add_entry_1_svc(fd_result *, struct svc_req *); +#define NIS_CACHE_REMOVE_ENTRY ((unsigned long)(2)) +extern void * nis_cache_remove_entry_1(directory_obj *, CLIENT *); +extern void * nis_cache_remove_entry_1_svc(directory_obj *, struct svc_req *); +#define NIS_CACHE_READ_COLDSTART ((unsigned long)(3)) +extern void * nis_cache_read_coldstart_1(void *, CLIENT *); +extern void * nis_cache_read_coldstart_1_svc(void *, struct svc_req *); +#define NIS_CACHE_REFRESH_ENTRY ((unsigned long)(4)) +extern void * nis_cache_refresh_entry_1(char **, CLIENT *); +extern void * nis_cache_refresh_entry_1_svc(char **, struct svc_req *); +extern int cacheprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +#ifdef __cplusplus +} +#endif + +#endif /* !_NIS_CACHE_H_RPCGEN */ diff --git a/include/rpcsvc/nis_callback.h b/include/rpcsvc/nis_callback.h new file mode 100644 index 0000000000..c120a58dff --- /dev/null +++ b/include/rpcsvc/nis_callback.h @@ -0,0 +1,83 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _NIS_CALLBACK_H_RPCGEN +#define _NIS_CALLBACK_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + * + * @(#)nis_callback.x 1.7 94/05/03 SMI + * $FreeBSD: src/include/rpcsvc/nis_callback.x,v 1.3 1999/08/27 23:45:09 peter Exp $ + * $DragonFly: src/include/rpcsvc/nis_callback.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ +#include + +typedef nis_object *obj_p; + +struct cback_data { + struct { + u_int entries_len; + obj_p *entries_val; + } entries; +}; +typedef struct cback_data cback_data; + +#define CB_PROG ((unsigned long)(100302)) +#define CB_VERS ((unsigned long)(1)) + +extern void cb_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define CBPROC_RECEIVE ((unsigned long)(1)) +extern bool_t * cbproc_receive_1(cback_data *, CLIENT *); +extern bool_t * cbproc_receive_1_svc(cback_data *, struct svc_req *); +#define CBPROC_FINISH ((unsigned long)(2)) +extern void * cbproc_finish_1(void *, CLIENT *); +extern void * cbproc_finish_1_svc(void *, struct svc_req *); +#define CBPROC_ERROR ((unsigned long)(3)) +extern void * cbproc_error_1(nis_error *, CLIENT *); +extern void * cbproc_error_1_svc(nis_error *, struct svc_req *); +extern int cb_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_obj_p(XDR *, obj_p*); +extern bool_t xdr_cback_data(XDR *, cback_data*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_NIS_CALLBACK_H_RPCGEN */ diff --git a/include/rpcsvc/nlm_prot.h b/include/rpcsvc/nlm_prot.h new file mode 100644 index 0000000000..7ba503768d --- /dev/null +++ b/include/rpcsvc/nlm_prot.h @@ -0,0 +1,451 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _NLM_PROT_H_RPCGEN +#define _NLM_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * @(#)nlm_prot.x 1.8 87/09/21 Copyr 1987 Sun Micro + * @(#)nlm_prot.x 2.1 88/08/01 4.0 RPCSRC + * $NetBSD: nlm_prot.x,v 1.6 2000/06/07 14:30:15 bouyer Exp $ + * $FreeBSD: src/include/rpcsvc/nlm_prot.x,v 1.9 2001/03/19 12:49:48 alfred Exp $ + * $DragonFly: src/include/rpcsvc/nlm_prot.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ +#define LM_MAXSTRLEN 1024 +#define MAXNAMELEN LM_MAXSTRLEN+1 + +enum nlm_stats { + nlm_granted = 0, + nlm_denied = 1, + nlm_denied_nolocks = 2, + nlm_blocked = 3, + nlm_denied_grace_period = 4 +}; +typedef enum nlm_stats nlm_stats; + +struct nlm_holder { + bool_t exclusive; + int svid; + netobj oh; + u_int l_offset; + u_int l_len; +}; +typedef struct nlm_holder nlm_holder; + +struct nlm_testrply { + nlm_stats stat; + union { + struct nlm_holder holder; + } nlm_testrply_u; +}; +typedef struct nlm_testrply nlm_testrply; + +struct nlm_stat { + nlm_stats stat; +}; +typedef struct nlm_stat nlm_stat; + +struct nlm_res { + netobj cookie; + nlm_stat stat; +}; +typedef struct nlm_res nlm_res; + +struct nlm_testres { + netobj cookie; + nlm_testrply stat; +}; +typedef struct nlm_testres nlm_testres; + +struct nlm_lock { + char *caller_name; + netobj fh; + netobj oh; + int svid; + u_int l_offset; + u_int l_len; +}; +typedef struct nlm_lock nlm_lock; + +struct nlm_lockargs { + netobj cookie; + bool_t block; + bool_t exclusive; + struct nlm_lock alock; + bool_t reclaim; + int state; +}; +typedef struct nlm_lockargs nlm_lockargs; + +struct nlm_cancargs { + netobj cookie; + bool_t block; + bool_t exclusive; + struct nlm_lock alock; +}; +typedef struct nlm_cancargs nlm_cancargs; + +struct nlm_testargs { + netobj cookie; + bool_t exclusive; + struct nlm_lock alock; +}; +typedef struct nlm_testargs nlm_testargs; + +struct nlm_unlockargs { + netobj cookie; + struct nlm_lock alock; +}; +typedef struct nlm_unlockargs nlm_unlockargs; +/* + * The following enums are actually bit encoded for efficient + * boolean algebra.... DON'T change them..... + */ + +enum fsh_mode { + fsm_DN = 0, + fsm_DR = 1, + fsm_DW = 2, + fsm_DRW = 3 +}; +typedef enum fsh_mode fsh_mode; + +enum fsh_access { + fsa_NONE = 0, + fsa_R = 1, + fsa_W = 2, + fsa_RW = 3 +}; +typedef enum fsh_access fsh_access; + +struct nlm_share { + char *caller_name; + netobj fh; + netobj oh; + fsh_mode mode; + fsh_access access; +}; +typedef struct nlm_share nlm_share; + +struct nlm_shareargs { + netobj cookie; + nlm_share share; + bool_t reclaim; +}; +typedef struct nlm_shareargs nlm_shareargs; + +struct nlm_shareres { + netobj cookie; + nlm_stats stat; + int sequence; +}; +typedef struct nlm_shareres nlm_shareres; + +struct nlm_notify { + char *name; + long state; +}; +typedef struct nlm_notify nlm_notify; +/* definitions for NLM version 4 */ + +enum nlm4_stats { + nlm4_granted = 0, + nlm4_denied = 1, + nlm4_denied_nolock = 2, + nlm4_blocked = 3, + nlm4_denied_grace_period = 4, + nlm4_deadlck = 5, + nlm4_rofs = 6, + nlm4_stale_fh = 7, + nlm4_fbig = 8, + nlm4_failed = 9 +}; +typedef enum nlm4_stats nlm4_stats; + +struct nlm4_stat { + nlm4_stats stat; +}; +typedef struct nlm4_stat nlm4_stat; + +struct nlm4_holder { + bool_t exclusive; + u_int32_t svid; + netobj oh; + u_int64_t l_offset; + u_int64_t l_len; +}; +typedef struct nlm4_holder nlm4_holder; + +struct nlm4_lock { + char *caller_name; + netobj fh; + netobj oh; + u_int32_t svid; + u_int64_t l_offset; + u_int64_t l_len; +}; +typedef struct nlm4_lock nlm4_lock; + +struct nlm4_share { + char *caller_name; + netobj fh; + netobj oh; + fsh_mode mode; + fsh_access access; +}; +typedef struct nlm4_share nlm4_share; + +struct nlm4_testrply { + nlm4_stats stat; + union { + struct nlm4_holder holder; + } nlm4_testrply_u; +}; +typedef struct nlm4_testrply nlm4_testrply; + +struct nlm4_testres { + netobj cookie; + nlm4_testrply stat; +}; +typedef struct nlm4_testres nlm4_testres; + +struct nlm4_testargs { + netobj cookie; + bool_t exclusive; + struct nlm4_lock alock; +}; +typedef struct nlm4_testargs nlm4_testargs; + +struct nlm4_res { + netobj cookie; + nlm4_stat stat; +}; +typedef struct nlm4_res nlm4_res; + +struct nlm4_lockargs { + netobj cookie; + bool_t block; + bool_t exclusive; + struct nlm4_lock alock; + bool_t reclaim; + int state; +}; +typedef struct nlm4_lockargs nlm4_lockargs; + +struct nlm4_cancargs { + netobj cookie; + bool_t block; + bool_t exclusive; + struct nlm4_lock alock; +}; +typedef struct nlm4_cancargs nlm4_cancargs; + +struct nlm4_unlockargs { + netobj cookie; + struct nlm4_lock alock; +}; +typedef struct nlm4_unlockargs nlm4_unlockargs; + +struct nlm4_shareargs { + netobj cookie; + nlm4_share share; + bool_t reclaim; +}; +typedef struct nlm4_shareargs nlm4_shareargs; + +struct nlm4_shareres { + netobj cookie; + nlm4_stats stat; + int sequence; +}; +typedef struct nlm4_shareres nlm4_shareres; + +struct nlm_sm_status { + char *mon_name; + int state; + char priv[16]; +}; +typedef struct nlm_sm_status nlm_sm_status; + +#define NLM_PROG ((unsigned long)(100021)) +#define NLM_SM ((unsigned long)(0)) + +extern void nlm_prog_0(struct svc_req *rqstp, SVCXPRT *transp); +#define NLM_SM_NOTIFY ((unsigned long)(1)) +extern void * nlm_sm_notify_0(struct nlm_sm_status *, CLIENT *); +extern void * nlm_sm_notify_0_svc(struct nlm_sm_status *, struct svc_req *); +extern int nlm_prog_0_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define NLM_VERS ((unsigned long)(1)) + +extern void nlm_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define NLM_TEST ((unsigned long)(1)) +extern nlm_testres * nlm_test_1(struct nlm_testargs *, CLIENT *); +extern nlm_testres * nlm_test_1_svc(struct nlm_testargs *, struct svc_req *); +#define NLM_LOCK ((unsigned long)(2)) +extern nlm_res * nlm_lock_1(struct nlm_lockargs *, CLIENT *); +extern nlm_res * nlm_lock_1_svc(struct nlm_lockargs *, struct svc_req *); +#define NLM_CANCEL ((unsigned long)(3)) +extern nlm_res * nlm_cancel_1(struct nlm_cancargs *, CLIENT *); +extern nlm_res * nlm_cancel_1_svc(struct nlm_cancargs *, struct svc_req *); +#define NLM_UNLOCK ((unsigned long)(4)) +extern nlm_res * nlm_unlock_1(struct nlm_unlockargs *, CLIENT *); +extern nlm_res * nlm_unlock_1_svc(struct nlm_unlockargs *, struct svc_req *); +#define NLM_GRANTED ((unsigned long)(5)) +extern nlm_res * nlm_granted_1(struct nlm_testargs *, CLIENT *); +extern nlm_res * nlm_granted_1_svc(struct nlm_testargs *, struct svc_req *); +#define NLM_TEST_MSG ((unsigned long)(6)) +extern void * nlm_test_msg_1(struct nlm_testargs *, CLIENT *); +extern void * nlm_test_msg_1_svc(struct nlm_testargs *, struct svc_req *); +#define NLM_LOCK_MSG ((unsigned long)(7)) +extern void * nlm_lock_msg_1(struct nlm_lockargs *, CLIENT *); +extern void * nlm_lock_msg_1_svc(struct nlm_lockargs *, struct svc_req *); +#define NLM_CANCEL_MSG ((unsigned long)(8)) +extern void * nlm_cancel_msg_1(struct nlm_cancargs *, CLIENT *); +extern void * nlm_cancel_msg_1_svc(struct nlm_cancargs *, struct svc_req *); +#define NLM_UNLOCK_MSG ((unsigned long)(9)) +extern void * nlm_unlock_msg_1(struct nlm_unlockargs *, CLIENT *); +extern void * nlm_unlock_msg_1_svc(struct nlm_unlockargs *, struct svc_req *); +#define NLM_GRANTED_MSG ((unsigned long)(10)) +extern void * nlm_granted_msg_1(struct nlm_testargs *, CLIENT *); +extern void * nlm_granted_msg_1_svc(struct nlm_testargs *, struct svc_req *); +#define NLM_TEST_RES ((unsigned long)(11)) +extern void * nlm_test_res_1(nlm_testres *, CLIENT *); +extern void * nlm_test_res_1_svc(nlm_testres *, struct svc_req *); +#define NLM_LOCK_RES ((unsigned long)(12)) +extern void * nlm_lock_res_1(nlm_res *, CLIENT *); +extern void * nlm_lock_res_1_svc(nlm_res *, struct svc_req *); +#define NLM_CANCEL_RES ((unsigned long)(13)) +extern void * nlm_cancel_res_1(nlm_res *, CLIENT *); +extern void * nlm_cancel_res_1_svc(nlm_res *, struct svc_req *); +#define NLM_UNLOCK_RES ((unsigned long)(14)) +extern void * nlm_unlock_res_1(nlm_res *, CLIENT *); +extern void * nlm_unlock_res_1_svc(nlm_res *, struct svc_req *); +#define NLM_GRANTED_RES ((unsigned long)(15)) +extern void * nlm_granted_res_1(nlm_res *, CLIENT *); +extern void * nlm_granted_res_1_svc(nlm_res *, struct svc_req *); +extern int nlm_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define NLM_VERSX ((unsigned long)(3)) + +extern void nlm_prog_3(struct svc_req *rqstp, SVCXPRT *transp); +#define NLM_SHARE ((unsigned long)(20)) +extern nlm_shareres * nlm_share_3(nlm_shareargs *, CLIENT *); +extern nlm_shareres * nlm_share_3_svc(nlm_shareargs *, struct svc_req *); +#define NLM_UNSHARE ((unsigned long)(21)) +extern nlm_shareres * nlm_unshare_3(nlm_shareargs *, CLIENT *); +extern nlm_shareres * nlm_unshare_3_svc(nlm_shareargs *, struct svc_req *); +#define NLM_NM_LOCK ((unsigned long)(22)) +extern nlm_res * nlm_nm_lock_3(nlm_lockargs *, CLIENT *); +extern nlm_res * nlm_nm_lock_3_svc(nlm_lockargs *, struct svc_req *); +#define NLM_FREE_ALL ((unsigned long)(23)) +extern void * nlm_free_all_3(nlm_notify *, CLIENT *); +extern void * nlm_free_all_3_svc(nlm_notify *, struct svc_req *); +extern int nlm_prog_3_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define NLM_VERS4 ((unsigned long)(4)) + +extern void nlm_prog_4(struct svc_req *rqstp, SVCXPRT *transp); +#define NLM4_TEST ((unsigned long)(1)) +extern nlm4_testres * nlm4_test_4(nlm4_testargs *, CLIENT *); +extern nlm4_testres * nlm4_test_4_svc(nlm4_testargs *, struct svc_req *); +#define NLM4_LOCK ((unsigned long)(2)) +extern nlm4_res * nlm4_lock_4(nlm4_lockargs *, CLIENT *); +extern nlm4_res * nlm4_lock_4_svc(nlm4_lockargs *, struct svc_req *); +#define NLM4_CANCEL ((unsigned long)(3)) +extern nlm4_res * nlm4_cancel_4(nlm4_cancargs *, CLIENT *); +extern nlm4_res * nlm4_cancel_4_svc(nlm4_cancargs *, struct svc_req *); +#define NLM4_UNLOCK ((unsigned long)(4)) +extern nlm4_res * nlm4_unlock_4(nlm4_unlockargs *, CLIENT *); +extern nlm4_res * nlm4_unlock_4_svc(nlm4_unlockargs *, struct svc_req *); +#define NLM4_GRANTED ((unsigned long)(5)) +extern nlm4_res * nlm4_granted_4(nlm4_testargs *, CLIENT *); +extern nlm4_res * nlm4_granted_4_svc(nlm4_testargs *, struct svc_req *); +#define NLM4_TEST_MSG ((unsigned long)(6)) +extern void * nlm4_test_msg_4(nlm4_testargs *, CLIENT *); +extern void * nlm4_test_msg_4_svc(nlm4_testargs *, struct svc_req *); +#define NLM4_LOCK_MSG ((unsigned long)(7)) +extern void * nlm4_lock_msg_4(nlm4_lockargs *, CLIENT *); +extern void * nlm4_lock_msg_4_svc(nlm4_lockargs *, struct svc_req *); +#define NLM4_CANCEL_MSG ((unsigned long)(8)) +extern void * nlm4_cancel_msg_4(nlm4_cancargs *, CLIENT *); +extern void * nlm4_cancel_msg_4_svc(nlm4_cancargs *, struct svc_req *); +#define NLM4_UNLOCK_MSG ((unsigned long)(9)) +extern void * nlm4_unlock_msg_4(nlm4_unlockargs *, CLIENT *); +extern void * nlm4_unlock_msg_4_svc(nlm4_unlockargs *, struct svc_req *); +#define NLM4_GRANTED_MSG ((unsigned long)(10)) +extern void * nlm4_granted_msg_4(nlm4_testargs *, CLIENT *); +extern void * nlm4_granted_msg_4_svc(nlm4_testargs *, struct svc_req *); +#define NLM4_TEST_RES ((unsigned long)(11)) +extern void * nlm4_test_res_4(nlm4_testres *, CLIENT *); +extern void * nlm4_test_res_4_svc(nlm4_testres *, struct svc_req *); +#define NLM4_LOCK_RES ((unsigned long)(12)) +extern void * nlm4_lock_res_4(nlm4_res *, CLIENT *); +extern void * nlm4_lock_res_4_svc(nlm4_res *, struct svc_req *); +#define NLM4_CANCEL_RES ((unsigned long)(13)) +extern void * nlm4_cancel_res_4(nlm4_res *, CLIENT *); +extern void * nlm4_cancel_res_4_svc(nlm4_res *, struct svc_req *); +#define NLM4_UNLOCK_RES ((unsigned long)(14)) +extern void * nlm4_unlock_res_4(nlm4_res *, CLIENT *); +extern void * nlm4_unlock_res_4_svc(nlm4_res *, struct svc_req *); +#define NLM4_GRANTED_RES ((unsigned long)(15)) +extern void * nlm4_granted_res_4(nlm4_res *, CLIENT *); +extern void * nlm4_granted_res_4_svc(nlm4_res *, struct svc_req *); +#define NLM4_SHARE ((unsigned long)(20)) +extern nlm4_shareres * nlm4_share_4(nlm4_shareargs *, CLIENT *); +extern nlm4_shareres * nlm4_share_4_svc(nlm4_shareargs *, struct svc_req *); +#define NLM4_UNSHARE ((unsigned long)(21)) +extern nlm4_shareres * nlm4_unshare_4(nlm4_shareargs *, CLIENT *); +extern nlm4_shareres * nlm4_unshare_4_svc(nlm4_shareargs *, struct svc_req *); +#define NLM4_NM_LOCK ((unsigned long)(22)) +extern nlm4_res * nlm4_nm_lock_4(nlm4_lockargs *, CLIENT *); +extern nlm4_res * nlm4_nm_lock_4_svc(nlm4_lockargs *, struct svc_req *); +#define NLM4_FREE_ALL ((unsigned long)(23)) +extern void * nlm4_free_all_4(nlm_notify *, CLIENT *); +extern void * nlm4_free_all_4_svc(nlm_notify *, struct svc_req *); +extern int nlm_prog_4_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_nlm_stats(XDR *, nlm_stats*); +extern bool_t xdr_nlm_holder(XDR *, nlm_holder*); +extern bool_t xdr_nlm_testrply(XDR *, nlm_testrply*); +extern bool_t xdr_nlm_stat(XDR *, nlm_stat*); +extern bool_t xdr_nlm_res(XDR *, nlm_res*); +extern bool_t xdr_nlm_testres(XDR *, nlm_testres*); +extern bool_t xdr_nlm_lock(XDR *, nlm_lock*); +extern bool_t xdr_nlm_lockargs(XDR *, nlm_lockargs*); +extern bool_t xdr_nlm_cancargs(XDR *, nlm_cancargs*); +extern bool_t xdr_nlm_testargs(XDR *, nlm_testargs*); +extern bool_t xdr_nlm_unlockargs(XDR *, nlm_unlockargs*); +extern bool_t xdr_fsh_mode(XDR *, fsh_mode*); +extern bool_t xdr_fsh_access(XDR *, fsh_access*); +extern bool_t xdr_nlm_share(XDR *, nlm_share*); +extern bool_t xdr_nlm_shareargs(XDR *, nlm_shareargs*); +extern bool_t xdr_nlm_shareres(XDR *, nlm_shareres*); +extern bool_t xdr_nlm_notify(XDR *, nlm_notify*); +extern bool_t xdr_nlm4_stats(XDR *, nlm4_stats*); +extern bool_t xdr_nlm4_stat(XDR *, nlm4_stat*); +extern bool_t xdr_nlm4_holder(XDR *, nlm4_holder*); +extern bool_t xdr_nlm4_lock(XDR *, nlm4_lock*); +extern bool_t xdr_nlm4_share(XDR *, nlm4_share*); +extern bool_t xdr_nlm4_testrply(XDR *, nlm4_testrply*); +extern bool_t xdr_nlm4_testres(XDR *, nlm4_testres*); +extern bool_t xdr_nlm4_testargs(XDR *, nlm4_testargs*); +extern bool_t xdr_nlm4_res(XDR *, nlm4_res*); +extern bool_t xdr_nlm4_lockargs(XDR *, nlm4_lockargs*); +extern bool_t xdr_nlm4_cancargs(XDR *, nlm4_cancargs*); +extern bool_t xdr_nlm4_unlockargs(XDR *, nlm4_unlockargs*); +extern bool_t xdr_nlm4_shareargs(XDR *, nlm4_shareargs*); +extern bool_t xdr_nlm4_shareres(XDR *, nlm4_shareres*); +extern bool_t xdr_nlm_sm_status(XDR *, nlm_sm_status*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_NLM_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/rex.h b/include/rpcsvc/rex.h new file mode 100644 index 0000000000..ca8f7c358e --- /dev/null +++ b/include/rpcsvc/rex.h @@ -0,0 +1,193 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _REX_H_RPCGEN +#define _REX_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define STRINGSIZE 1024 + +typedef char *rexstring; +#define SIGINT 2 +#define REX_INTERACTIVE 1 + +struct rex_start { + struct { + u_int rst_cmd_len; + rexstring *rst_cmd_val; + } rst_cmd; + rexstring rst_host; + rexstring rst_fsname; + rexstring rst_dirwithin; + struct { + u_int rst_env_len; + rexstring *rst_env_val; + } rst_env; + u_int rst_port0; + u_int rst_port1; + u_int rst_port2; + u_int rst_flags; +}; +typedef struct rex_start rex_start; + +struct rex_result { + int rlt_stat; + rexstring rlt_message; +}; +typedef struct rex_result rex_result; + +struct sgttyb { + u_int four; + char chars[4]; + u_int flags; +}; +typedef struct sgttyb sgttyb; +#define B0 0 +#define B50 1 +#define B75 2 +#define B110 3 +#define B134 4 +#define B150 5 +#define B200 6 +#define B300 7 +#define B600 8 +#define B1200 9 +#define B1800 10 +#define B2400 11 +#define B4800 12 +#define B9600 13 +#define B19200 14 +#define B38400 15 +#define TANDEM 0x00000001 +#define CBREAK 0x00000002 +#define LCASE 0x00000004 +#define ECHO 0x00000008 +#define CRMOD 0x00000010 +#define RAW 0x00000020 +#define ODDP 0x00000040 +#define EVENP 0x00000080 +#define ANYP 0x000000c0 +#define NLDELAY 0x00000300 +#define NL0 0x00000000 +#define NL1 0x00000100 +#define NL2 0x00000200 +#define NL3 0x00000300 +#define TBDELAY 0x00000c00 +#define TAB0 0x00000000 +#define TAB1 0x00000400 +#define TAB2 0x00000800 +#define XTABS 0x00000c00 +#define CRDELAY 0x00003000 +#define CR0 0x00000000 +#define CR1 0x00001000 +#define CR2 0x00002000 +#define CR3 0x00003000 +#define VTDELAY 0x00004000 +#define FF0 0x00000000 +#define FF1 0x00004000 +#define BSDELAY 0x00008000 +#define BS0 0x00000000 +#define BS1 0x00008000 +#define CRTBS 0x00010000 +#define PRTERA 0x00020000 +#define CRTERA 0x00040000 +#define TILDE 0x00080000 +#define MDMBUF 0x00100000 +#define LITOUT 0x00200000 +#define TOSTOP 0x00400000 +#define FLUSHO 0x00800000 +#define NOHANG 0x01000000 +#define L001000 0x02000000 +#define CRTKIL 0x04000000 +#define PASS8 0x08000000 +#define CTLECH 0x10000000 +#define PENDIN 0x20000000 +#define DECCTQ 0x40000000 +#define NOFLSH 0x80000000 + +struct tchars { + u_int six; + char chars[6]; +}; +typedef struct tchars tchars; + +struct ltchars { + u_int six; + char chars[6]; + u_int mode; +}; +typedef struct ltchars ltchars; + +struct rex_ttysize { + int ts_lines; + int ts_cols; +}; +typedef struct rex_ttysize rex_ttysize; + +struct rex_ttymode { + sgttyb basic; + tchars more; + ltchars yetmore; + u_int andmore; +}; +typedef struct rex_ttymode rex_ttymode; +#define LCRTBS 0x0001 +#define LPRTERA 0x0002 +#define LCRTERA 0x0004 +#define LTILDE 0x0008 +#define LMDMBUF 0x0010 +#define LLITOUT 0x0020 +#define LTOSTOP 0x0040 +#define LFLUSHO 0x0080 +#define LNOHANG 0x0100 +#define LL001000 0x0200 +#define LCRTKIL 0x0400 +#define LPASS8 0x0800 +#define LCTLECH 0x1000 +#define LPENDIN 0x2000 +#define LDECCTQ 0x4000 +#define LNOFLSH 0x8000 + +#define REXPROG ((unsigned long)(100017)) +#define REXVERS ((unsigned long)(1)) + +extern void rexprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define REXPROC_START ((unsigned long)(1)) +extern rex_result * rexproc_start_1(rex_start *, CLIENT *); +extern rex_result * rexproc_start_1_svc(rex_start *, struct svc_req *); +#define REXPROC_WAIT ((unsigned long)(2)) +extern rex_result * rexproc_wait_1(void *, CLIENT *); +extern rex_result * rexproc_wait_1_svc(void *, struct svc_req *); +#define REXPROC_MODES ((unsigned long)(3)) +extern void * rexproc_modes_1(rex_ttymode *, CLIENT *); +extern void * rexproc_modes_1_svc(rex_ttymode *, struct svc_req *); +#define REXPROC_WINCH ((unsigned long)(4)) +extern void * rexproc_winch_1(rex_ttysize *, CLIENT *); +extern void * rexproc_winch_1_svc(rex_ttysize *, struct svc_req *); +#define REXPROC_SIGNAL ((unsigned long)(5)) +extern void * rexproc_signal_1(int *, CLIENT *); +extern void * rexproc_signal_1_svc(int *, struct svc_req *); +extern int rexprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_rexstring(XDR *, rexstring*); +extern bool_t xdr_rex_start(XDR *, rex_start*); +extern bool_t xdr_rex_result(XDR *, rex_result*); +extern bool_t xdr_sgttyb(XDR *, sgttyb*); +extern bool_t xdr_tchars(XDR *, tchars*); +extern bool_t xdr_ltchars(XDR *, ltchars*); +extern bool_t xdr_rex_ttysize(XDR *, rex_ttysize*); +extern bool_t xdr_rex_ttymode(XDR *, rex_ttymode*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_REX_H_RPCGEN */ diff --git a/include/rpcsvc/rnusers.h b/include/rpcsvc/rnusers.h new file mode 100644 index 0000000000..40b76a3f03 --- /dev/null +++ b/include/rpcsvc/rnusers.h @@ -0,0 +1,107 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _RNUSERS_H_RPCGEN +#define _RNUSERS_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define MAXUSERS 100 +#define MAXUTLEN 256 + +struct utmp { + char *ut_line; + char *ut_name; + char *ut_host; + int ut_time; +}; +typedef struct utmp utmp; + +struct utmpidle { + utmp ui_utmp; + u_int ui_idle; +}; +typedef struct utmpidle utmpidle; + +typedef struct { + u_int utmparr_len; + utmp *utmparr_val; +} utmparr; + +typedef struct { + u_int utmpidlearr_len; + utmpidle *utmpidlearr_val; +} utmpidlearr; +#define RUSERS_MAXUSERLEN 32 +#define RUSERS_MAXLINELEN 32 +#define RUSERS_MAXHOSTLEN 257 + +struct rusers_utmp { + char *ut_user; + char *ut_line; + char *ut_host; + int ut_type; + int ut_time; + u_int ut_idle; +}; +typedef struct rusers_utmp rusers_utmp; + +typedef struct { + u_int utmp_array_len; + rusers_utmp *utmp_array_val; +} utmp_array; + +#define RUSERSPROG ((unsigned long)(100002)) +#define RUSERSVERS_ORIG ((unsigned long)(1)) + +extern void rusersprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define RUSERSPROC_NUM ((unsigned long)(1)) +extern int * rusersproc_num_1(void *, CLIENT *); +extern int * rusersproc_num_1_svc(void *, struct svc_req *); +#define RUSERSPROC_NAMES ((unsigned long)(2)) +extern utmparr * rusersproc_names_1(void *, CLIENT *); +extern utmparr * rusersproc_names_1_svc(void *, struct svc_req *); +#define RUSERSPROC_ALLNAMES ((unsigned long)(3)) +extern utmparr * rusersproc_allnames_1(void *, CLIENT *); +extern utmparr * rusersproc_allnames_1_svc(void *, struct svc_req *); +extern int rusersprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define RUSERSVERS_IDLE ((unsigned long)(2)) + +extern void rusersprog_2(struct svc_req *rqstp, SVCXPRT *transp); +extern int * rusersproc_num_2(void *, CLIENT *); +extern int * rusersproc_num_2_svc(void *, struct svc_req *); +extern utmpidlearr * rusersproc_names_2(void *, CLIENT *); +extern utmpidlearr * rusersproc_names_2_svc(void *, struct svc_req *); +extern utmpidlearr * rusersproc_allnames_2(void *, CLIENT *); +extern utmpidlearr * rusersproc_allnames_2_svc(void *, struct svc_req *); +extern int rusersprog_2_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define RUSERSVERS_3 ((unsigned long)(3)) + +extern void rusersprog_3(struct svc_req *rqstp, SVCXPRT *transp); +extern int * rusersproc_num_3(void *, CLIENT *); +extern int * rusersproc_num_3_svc(void *, struct svc_req *); +extern utmp_array * rusersproc_names_3(void *, CLIENT *); +extern utmp_array * rusersproc_names_3_svc(void *, struct svc_req *); +extern utmp_array * rusersproc_allnames_3(void *, CLIENT *); +extern utmp_array * rusersproc_allnames_3_svc(void *, struct svc_req *); +extern int rusersprog_3_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_utmp(XDR *, utmp*); +extern bool_t xdr_utmpidle(XDR *, utmpidle*); +extern bool_t xdr_utmparr(XDR *, utmparr*); +extern bool_t xdr_utmpidlearr(XDR *, utmpidlearr*); +extern bool_t xdr_rusers_utmp(XDR *, rusers_utmp*); +extern bool_t xdr_utmp_array(XDR *, utmp_array*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_RNUSERS_H_RPCGEN */ diff --git a/include/rpcsvc/rquota.h b/include/rpcsvc/rquota.h new file mode 100644 index 0000000000..d751f58d45 --- /dev/null +++ b/include/rpcsvc/rquota.h @@ -0,0 +1,74 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _RQUOTA_H_RPCGEN +#define _RQUOTA_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define RQ_PATHLEN 1024 + +struct getquota_args { + char *gqa_pathp; + int gqa_uid; +}; +typedef struct getquota_args getquota_args; + +struct rquota { + int rq_bsize; + bool_t rq_active; + u_int rq_bhardlimit; + u_int rq_bsoftlimit; + u_int rq_curblocks; + u_int rq_fhardlimit; + u_int rq_fsoftlimit; + u_int rq_curfiles; + u_int rq_btimeleft; + u_int rq_ftimeleft; +}; +typedef struct rquota rquota; + +enum gqr_status { + Q_OK = 1, + Q_NOQUOTA = 2, + Q_EPERM = 3 +}; +typedef enum gqr_status gqr_status; + +struct getquota_rslt { + gqr_status status; + union { + rquota gqr_rquota; + } getquota_rslt_u; +}; +typedef struct getquota_rslt getquota_rslt; + +#define RQUOTAPROG ((unsigned long)(100011)) +#define RQUOTAVERS ((unsigned long)(1)) + +extern void rquotaprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define RQUOTAPROC_GETQUOTA ((unsigned long)(1)) +extern getquota_rslt * rquotaproc_getquota_1(getquota_args *, CLIENT *); +extern getquota_rslt * rquotaproc_getquota_1_svc(getquota_args *, struct svc_req *); +#define RQUOTAPROC_GETACTIVEQUOTA ((unsigned long)(2)) +extern getquota_rslt * rquotaproc_getactivequota_1(getquota_args *, CLIENT *); +extern getquota_rslt * rquotaproc_getactivequota_1_svc(getquota_args *, struct svc_req *); +extern int rquotaprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_getquota_args(XDR *, getquota_args*); +extern bool_t xdr_rquota(XDR *, rquota*); +extern bool_t xdr_gqr_status(XDR *, gqr_status*); +extern bool_t xdr_getquota_rslt(XDR *, getquota_rslt*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_RQUOTA_H_RPCGEN */ diff --git a/include/rpcsvc/rstat.h b/include/rpcsvc/rstat.h new file mode 100644 index 0000000000..b4cf7b4a43 --- /dev/null +++ b/include/rpcsvc/rstat.h @@ -0,0 +1,129 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _RSTAT_H_RPCGEN +#define _RSTAT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef FSCALE +/* + * Scale factor for scaled integers used to count load averages. + */ +#define FSHIFT 8 /* bits to right of fixed binary point */ +#define FSCALE (1< + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + */ +/* + * Copyright (c) 1984, 1990 by Sun Microsystems, Inc. + */ + +/* from @(#)rwall.x 1.6 91/03/11 TIRPC 1.0 */ + +#ifndef _rpcsvc_rwall_h +#define _rpcsvc_rwall_h + +typedef char *wrapstring; + + +#endif /* ! _rpcsvc_rwall_h */ + +#define WALLPROG ((unsigned long)(100008)) +#define WALLVERS ((unsigned long)(1)) + +extern void wallprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define WALLPROC_WALL ((unsigned long)(2)) +extern void * wallproc_wall_1(wrapstring *, CLIENT *); +extern void * wallproc_wall_1_svc(wrapstring *, struct svc_req *); +extern int wallprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +#ifdef __cplusplus +} +#endif + +#endif /* !_RWALL_H_RPCGEN */ diff --git a/include/rpcsvc/sm_inter.h b/include/rpcsvc/sm_inter.h new file mode 100644 index 0000000000..b7612a08cd --- /dev/null +++ b/include/rpcsvc/sm_inter.h @@ -0,0 +1,111 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _SM_INTER_H_RPCGEN +#define _SM_INTER_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SM_MAXSTRLEN 1024 + +struct sm_name { + char *mon_name; +}; +typedef struct sm_name sm_name; + +struct my_id { + char *my_name; + int my_prog; + int my_vers; + int my_proc; +}; +typedef struct my_id my_id; + +struct mon_id { + char *mon_name; + struct my_id my_id; +}; +typedef struct mon_id mon_id; + +struct mon { + struct mon_id mon_id; + char priv[16]; +}; +typedef struct mon mon; + +struct stat_chge { + char *mon_name; + int state; +}; +typedef struct stat_chge stat_chge; + +struct sm_stat { + int state; +}; +typedef struct sm_stat sm_stat; + +enum sm_res { + stat_succ = 0, + stat_fail = 1 +}; +typedef enum sm_res sm_res; + +struct sm_stat_res { + sm_res res_stat; + int state; +}; +typedef struct sm_stat_res sm_stat_res; + +struct sm_status { + char *mon_name; + int state; + char priv[16]; +}; +typedef struct sm_status sm_status; + +#define SM_PROG ((unsigned long)(100024)) +#define SM_VERS ((unsigned long)(1)) + +extern void sm_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define SM_STAT ((unsigned long)(1)) +extern struct sm_stat_res * sm_stat_1(struct sm_name *, CLIENT *); +extern struct sm_stat_res * sm_stat_1_svc(struct sm_name *, struct svc_req *); +#define SM_MON ((unsigned long)(2)) +extern struct sm_stat_res * sm_mon_1(struct mon *, CLIENT *); +extern struct sm_stat_res * sm_mon_1_svc(struct mon *, struct svc_req *); +#define SM_UNMON ((unsigned long)(3)) +extern struct sm_stat * sm_unmon_1(struct mon_id *, CLIENT *); +extern struct sm_stat * sm_unmon_1_svc(struct mon_id *, struct svc_req *); +#define SM_UNMON_ALL ((unsigned long)(4)) +extern struct sm_stat * sm_unmon_all_1(struct my_id *, CLIENT *); +extern struct sm_stat * sm_unmon_all_1_svc(struct my_id *, struct svc_req *); +#define SM_SIMU_CRASH ((unsigned long)(5)) +extern void * sm_simu_crash_1(void *, CLIENT *); +extern void * sm_simu_crash_1_svc(void *, struct svc_req *); +#define SM_NOTIFY ((unsigned long)(6)) +extern void * sm_notify_1(struct stat_chge *, CLIENT *); +extern void * sm_notify_1_svc(struct stat_chge *, struct svc_req *); +extern int sm_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_sm_name(XDR *, sm_name*); +extern bool_t xdr_my_id(XDR *, my_id*); +extern bool_t xdr_mon_id(XDR *, mon_id*); +extern bool_t xdr_mon(XDR *, mon*); +extern bool_t xdr_stat_chge(XDR *, stat_chge*); +extern bool_t xdr_sm_stat(XDR *, sm_stat*); +extern bool_t xdr_sm_res(XDR *, sm_res*); +extern bool_t xdr_sm_stat_res(XDR *, sm_stat_res*); +extern bool_t xdr_sm_status(XDR *, sm_status*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_SM_INTER_H_RPCGEN */ diff --git a/include/rpcsvc/spray.h b/include/rpcsvc/spray.h new file mode 100644 index 0000000000..6bf8d4146e --- /dev/null +++ b/include/rpcsvc/spray.h @@ -0,0 +1,58 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _SPRAY_H_RPCGEN +#define _SPRAY_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SPRAYMAX 8845 + +struct spraytimeval { + u_int sec; + u_int usec; +}; +typedef struct spraytimeval spraytimeval; + +struct spraycumul { + u_int counter; + spraytimeval clock; +}; +typedef struct spraycumul spraycumul; + +typedef struct { + u_int sprayarr_len; + char *sprayarr_val; +} sprayarr; + +#define SPRAYPROG ((unsigned long)(100012)) +#define SPRAYVERS ((unsigned long)(1)) + +extern void sprayprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define SPRAYPROC_SPRAY ((unsigned long)(1)) +extern void * sprayproc_spray_1(sprayarr *, CLIENT *); +extern void * sprayproc_spray_1_svc(sprayarr *, struct svc_req *); +#define SPRAYPROC_GET ((unsigned long)(2)) +extern spraycumul * sprayproc_get_1(void *, CLIENT *); +extern spraycumul * sprayproc_get_1_svc(void *, struct svc_req *); +#define SPRAYPROC_CLEAR ((unsigned long)(3)) +extern void * sprayproc_clear_1(void *, CLIENT *); +extern void * sprayproc_clear_1_svc(void *, struct svc_req *); +extern int sprayprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_spraytimeval(XDR *, spraytimeval*); +extern bool_t xdr_spraycumul(XDR *, spraycumul*); +extern bool_t xdr_sprayarr(XDR *, sprayarr*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_SPRAY_H_RPCGEN */ diff --git a/include/rpcsvc/yp.h b/include/rpcsvc/yp.h new file mode 100644 index 0000000000..2ab4f0c895 --- /dev/null +++ b/include/rpcsvc/yp.h @@ -0,0 +1,380 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _YP_H_RPCGEN +#define _YP_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define YPMAXRECORD 1024 +#define YPMAXDOMAIN 64 +#define YPMAXMAP 64 +#define YPMAXPEER 64 + +enum ypstat { + YP_TRUE = 1, + YP_NOMORE = 2, + YP_FALSE = 0, + YP_NOMAP = -1, + YP_NODOM = -2, + YP_NOKEY = -3, + YP_BADOP = -4, + YP_BADDB = -5, + YP_YPERR = -6, + YP_BADARGS = -7, + YP_VERS = -8 +}; +typedef enum ypstat ypstat; + +enum ypxfrstat { + YPXFR_SUCC = 1, + YPXFR_AGE = 2, + YPXFR_NOMAP = -1, + YPXFR_NODOM = -2, + YPXFR_RSRC = -3, + YPXFR_RPC = -4, + YPXFR_MADDR = -5, + YPXFR_YPERR = -6, + YPXFR_BADARGS = -7, + YPXFR_DBM = -8, + YPXFR_FILE = -9, + YPXFR_SKEW = -10, + YPXFR_CLEAR = -11, + YPXFR_FORCE = -12, + YPXFR_XFRERR = -13, + YPXFR_REFUSED = -14 +}; +typedef enum ypxfrstat ypxfrstat; + +typedef char *domainname; + +typedef char *mapname; + +typedef char *peername; + +typedef struct { + u_int keydat_len; + char *keydat_val; +} keydat; + +typedef struct { + u_int valdat_len; + char *valdat_val; +} valdat; + +struct ypmap_parms { + domainname domain; + mapname map; + u_int ordernum; + peername peer; +}; +typedef struct ypmap_parms ypmap_parms; + +struct ypreq_key { + domainname domain; + mapname map; + keydat key; +}; +typedef struct ypreq_key ypreq_key; + +struct ypreq_nokey { + domainname domain; + mapname map; +}; +typedef struct ypreq_nokey ypreq_nokey; + +struct ypreq_xfr { + ypmap_parms map_parms; + u_int transid; + u_int prog; + u_int port; +}; +typedef struct ypreq_xfr ypreq_xfr; + +struct ypresp_val { + ypstat stat; + valdat val; +}; +typedef struct ypresp_val ypresp_val; + +struct ypresp_key_val { + ypstat stat; + valdat val; + keydat key; +}; +typedef struct ypresp_key_val ypresp_key_val; + +struct ypresp_master { + ypstat stat; + peername peer; +}; +typedef struct ypresp_master ypresp_master; + +struct ypresp_order { + ypstat stat; + u_int ordernum; +}; +typedef struct ypresp_order ypresp_order; + +struct ypresp_all { + bool_t more; + union { + ypresp_key_val val; + } ypresp_all_u; +}; +typedef struct ypresp_all ypresp_all; + +struct ypresp_xfr { + u_int transid; + ypxfrstat xfrstat; +}; +typedef struct ypresp_xfr ypresp_xfr; + +struct ypmaplist { + mapname map; + struct ypmaplist *next; +}; +typedef struct ypmaplist ypmaplist; + +struct ypresp_maplist { + ypstat stat; + ypmaplist *maps; +}; +typedef struct ypresp_maplist ypresp_maplist; + +enum yppush_status { + YPPUSH_SUCC = 1, + YPPUSH_AGE = 2, + YPPUSH_NOMAP = -1, + YPPUSH_NODOM = -2, + YPPUSH_RSRC = -3, + YPPUSH_RPC = -4, + YPPUSH_MADDR = -5, + YPPUSH_YPERR = -6, + YPPUSH_BADARGS = -7, + YPPUSH_DBM = -8, + YPPUSH_FILE = -9, + YPPUSH_SKEW = -10, + YPPUSH_CLEAR = -11, + YPPUSH_FORCE = -12, + YPPUSH_XFRERR = -13, + YPPUSH_REFUSED = -14 +}; +typedef enum yppush_status yppush_status; + +struct yppushresp_xfr { + u_int transid; + yppush_status status; +}; +typedef struct yppushresp_xfr yppushresp_xfr; + +enum ypbind_resptype { + YPBIND_SUCC_VAL = 1, + YPBIND_FAIL_VAL = 2 +}; +typedef enum ypbind_resptype ypbind_resptype; + +struct ypbind_binding { + char ypbind_binding_addr[4]; + char ypbind_binding_port[2]; +}; +typedef struct ypbind_binding ypbind_binding; + +struct ypbind_resp { + ypbind_resptype ypbind_status; + union { + u_int ypbind_error; + ypbind_binding ypbind_bindinfo; + } ypbind_resp_u; +}; +typedef struct ypbind_resp ypbind_resp; +#define YPBIND_ERR_ERR 1 +#define YPBIND_ERR_NOSERV 2 +#define YPBIND_ERR_RESC 3 + +struct ypbind_setdom { + domainname ypsetdom_domain; + ypbind_binding ypsetdom_binding; + u_int ypsetdom_vers; +}; +typedef struct ypbind_setdom ypbind_setdom; + +enum ypreqtype { + YPREQ_KEY = 1, + YPREQ_NOKEY = 2, + YPREQ_MAP_PARMS = 3 +}; +typedef enum ypreqtype ypreqtype; + +enum ypresptype { + YPRESP_VAL = 1, + YPRESP_KEY_VAL = 2, + YPRESP_MAP_PARMS = 3 +}; +typedef enum ypresptype ypresptype; + +struct yprequest { + ypreqtype yp_reqtype; + union { + ypreq_key yp_req_keytype; + ypreq_nokey yp_req_nokeytype; + ypmap_parms yp_req_map_parmstype; + } yprequest_u; +}; +typedef struct yprequest yprequest; + +struct ypresponse { + ypresptype yp_resptype; + union { + ypresp_val yp_resp_valtype; + ypresp_key_val yp_resp_key_valtype; + ypmap_parms yp_resp_map_parmstype; + } ypresponse_u; +}; +typedef struct ypresponse ypresponse; + +#define YPPROG ((unsigned long)(100004)) +#define YPOLDVERS ((unsigned long)(1)) + +extern void ypprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define YPOLDPROC_NULL ((unsigned long)(0)) +extern void * ypoldproc_null_1(void *, CLIENT *); +extern void * ypoldproc_null_1_svc(void *, struct svc_req *); +#define YPOLDPROC_DOMAIN ((unsigned long)(1)) +extern bool_t * ypoldproc_domain_1(domainname *, CLIENT *); +extern bool_t * ypoldproc_domain_1_svc(domainname *, struct svc_req *); +#define YPOLDPROC_DOMAIN_NONACK ((unsigned long)(2)) +extern bool_t * ypoldproc_domain_nonack_1(domainname *, CLIENT *); +extern bool_t * ypoldproc_domain_nonack_1_svc(domainname *, struct svc_req *); +#define YPOLDPROC_MATCH ((unsigned long)(3)) +extern ypresponse * ypoldproc_match_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_match_1_svc(yprequest *, struct svc_req *); +#define YPOLDPROC_FIRST ((unsigned long)(4)) +extern ypresponse * ypoldproc_first_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_first_1_svc(yprequest *, struct svc_req *); +#define YPOLDPROC_NEXT ((unsigned long)(5)) +extern ypresponse * ypoldproc_next_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_next_1_svc(yprequest *, struct svc_req *); +#define YPOLDPROC_POLL ((unsigned long)(6)) +extern ypresponse * ypoldproc_poll_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_poll_1_svc(yprequest *, struct svc_req *); +#define YPOLDPROC_PUSH ((unsigned long)(7)) +extern ypresponse * ypoldproc_push_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_push_1_svc(yprequest *, struct svc_req *); +#define YPOLDPROC_PULL ((unsigned long)(8)) +extern ypresponse * ypoldproc_pull_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_pull_1_svc(yprequest *, struct svc_req *); +#define YPOLDPROC_GET ((unsigned long)(9)) +extern ypresponse * ypoldproc_get_1(yprequest *, CLIENT *); +extern ypresponse * ypoldproc_get_1_svc(yprequest *, struct svc_req *); +extern int ypprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); +#define YPVERS ((unsigned long)(2)) + +extern void ypprog_2(struct svc_req *rqstp, SVCXPRT *transp); +#define YPPROC_NULL ((unsigned long)(0)) +extern void * ypproc_null_2(void *, CLIENT *); +extern void * ypproc_null_2_svc(void *, struct svc_req *); +#define YPPROC_DOMAIN ((unsigned long)(1)) +extern bool_t * ypproc_domain_2(domainname *, CLIENT *); +extern bool_t * ypproc_domain_2_svc(domainname *, struct svc_req *); +#define YPPROC_DOMAIN_NONACK ((unsigned long)(2)) +extern bool_t * ypproc_domain_nonack_2(domainname *, CLIENT *); +extern bool_t * ypproc_domain_nonack_2_svc(domainname *, struct svc_req *); +#define YPPROC_MATCH ((unsigned long)(3)) +extern ypresp_val * ypproc_match_2(ypreq_key *, CLIENT *); +extern ypresp_val * ypproc_match_2_svc(ypreq_key *, struct svc_req *); +#define YPPROC_FIRST ((unsigned long)(4)) +extern ypresp_key_val * ypproc_first_2(ypreq_nokey *, CLIENT *); +extern ypresp_key_val * ypproc_first_2_svc(ypreq_nokey *, struct svc_req *); +#define YPPROC_NEXT ((unsigned long)(5)) +extern ypresp_key_val * ypproc_next_2(ypreq_key *, CLIENT *); +extern ypresp_key_val * ypproc_next_2_svc(ypreq_key *, struct svc_req *); +#define YPPROC_XFR ((unsigned long)(6)) +extern ypresp_xfr * ypproc_xfr_2(ypreq_xfr *, CLIENT *); +extern ypresp_xfr * ypproc_xfr_2_svc(ypreq_xfr *, struct svc_req *); +#define YPPROC_CLEAR ((unsigned long)(7)) +extern void * ypproc_clear_2(void *, CLIENT *); +extern void * ypproc_clear_2_svc(void *, struct svc_req *); +#define YPPROC_ALL ((unsigned long)(8)) +extern ypresp_all * ypproc_all_2(ypreq_nokey *, CLIENT *); +extern ypresp_all * ypproc_all_2_svc(ypreq_nokey *, struct svc_req *); +#define YPPROC_MASTER ((unsigned long)(9)) +extern ypresp_master * ypproc_master_2(ypreq_nokey *, CLIENT *); +extern ypresp_master * ypproc_master_2_svc(ypreq_nokey *, struct svc_req *); +#define YPPROC_ORDER ((unsigned long)(10)) +extern ypresp_order * ypproc_order_2(ypreq_nokey *, CLIENT *); +extern ypresp_order * ypproc_order_2_svc(ypreq_nokey *, struct svc_req *); +#define YPPROC_MAPLIST ((unsigned long)(11)) +extern ypresp_maplist * ypproc_maplist_2(domainname *, CLIENT *); +extern ypresp_maplist * ypproc_maplist_2_svc(domainname *, struct svc_req *); +extern int ypprog_2_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +#define YPPUSH_XFRRESPPROG ((unsigned long)(0x40000000)) +#define YPPUSH_XFRRESPVERS ((unsigned long)(1)) + +extern void yppush_xfrrespprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define YPPUSHPROC_NULL ((unsigned long)(0)) +extern void * yppushproc_null_1(void *, CLIENT *); +extern void * yppushproc_null_1_svc(void *, struct svc_req *); +#define YPPUSHPROC_XFRRESP ((unsigned long)(1)) +extern void * yppushproc_xfrresp_1(yppushresp_xfr *, CLIENT *); +extern void * yppushproc_xfrresp_1_svc(yppushresp_xfr *, struct svc_req *); +extern int yppush_xfrrespprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +#define YPBINDPROG ((unsigned long)(100007)) +#define YPBINDVERS ((unsigned long)(2)) + +extern void ypbindprog_2(struct svc_req *rqstp, SVCXPRT *transp); +#define YPBINDPROC_NULL ((unsigned long)(0)) +extern void * ypbindproc_null_2(void *, CLIENT *); +extern void * ypbindproc_null_2_svc(void *, struct svc_req *); +#define YPBINDPROC_DOMAIN ((unsigned long)(1)) +extern ypbind_resp * ypbindproc_domain_2(domainname *, CLIENT *); +extern ypbind_resp * ypbindproc_domain_2_svc(domainname *, struct svc_req *); +#define YPBINDPROC_SETDOM ((unsigned long)(2)) +extern void * ypbindproc_setdom_2(ypbind_setdom *, CLIENT *); +extern void * ypbindproc_setdom_2_svc(ypbind_setdom *, struct svc_req *); +extern int ypbindprog_2_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_ypstat(XDR *, ypstat*); +extern bool_t xdr_ypxfrstat(XDR *, ypxfrstat*); +extern bool_t xdr_domainname(XDR *, domainname*); +extern bool_t xdr_mapname(XDR *, mapname*); +extern bool_t xdr_peername(XDR *, peername*); +extern bool_t xdr_keydat(XDR *, keydat*); +extern bool_t xdr_valdat(XDR *, valdat*); +extern bool_t xdr_ypmap_parms(XDR *, ypmap_parms*); +extern bool_t xdr_ypreq_key(XDR *, ypreq_key*); +extern bool_t xdr_ypreq_nokey(XDR *, ypreq_nokey*); +extern bool_t xdr_ypreq_xfr(XDR *, ypreq_xfr*); +extern bool_t xdr_ypresp_val(XDR *, ypresp_val*); +extern bool_t xdr_ypresp_key_val(XDR *, ypresp_key_val*); +extern bool_t xdr_ypresp_master(XDR *, ypresp_master*); +extern bool_t xdr_ypresp_order(XDR *, ypresp_order*); +extern bool_t xdr_ypresp_all(XDR *, ypresp_all*); +extern bool_t xdr_ypresp_xfr(XDR *, ypresp_xfr*); +extern bool_t xdr_ypmaplist(XDR *, ypmaplist*); +extern bool_t xdr_ypresp_maplist(XDR *, ypresp_maplist*); +extern bool_t xdr_yppush_status(XDR *, yppush_status*); +extern bool_t xdr_yppushresp_xfr(XDR *, yppushresp_xfr*); +extern bool_t xdr_ypbind_resptype(XDR *, ypbind_resptype*); +extern bool_t xdr_ypbind_binding(XDR *, ypbind_binding*); +extern bool_t xdr_ypbind_resp(XDR *, ypbind_resp*); +extern bool_t xdr_ypbind_setdom(XDR *, ypbind_setdom*); +extern bool_t xdr_ypreqtype(XDR *, ypreqtype*); +extern bool_t xdr_ypresptype(XDR *, ypresptype*); +extern bool_t xdr_yprequest(XDR *, yprequest*); +extern bool_t xdr_ypresponse(XDR *, ypresponse*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_YP_H_RPCGEN */ diff --git a/include/rpcsvc/yppasswd.h b/include/rpcsvc/yppasswd.h new file mode 100644 index 0000000000..cb9192bbcf --- /dev/null +++ b/include/rpcsvc/yppasswd.h @@ -0,0 +1,53 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _YPPASSWD_H_RPCGEN +#define _YPPASSWD_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +struct x_passwd { + char *pw_name; + char *pw_passwd; + int pw_uid; + int pw_gid; + char *pw_gecos; + char *pw_dir; + char *pw_shell; +}; +typedef struct x_passwd x_passwd; + +struct yppasswd { + char *oldpass; + x_passwd newpw; +}; +typedef struct yppasswd yppasswd; +#include +extern int _yppasswd ( char * , struct x_passwd * ); +#define yppasswd(x,y) _yppasswd(x,y) + +#define YPPASSWDPROG ((unsigned long)(100009)) +#define YPPASSWDVERS ((unsigned long)(1)) + +extern void yppasswdprog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define YPPASSWDPROC_UPDATE ((unsigned long)(1)) +extern int * yppasswdproc_update_1(yppasswd *, CLIENT *); +extern int * yppasswdproc_update_1_svc(yppasswd *, struct svc_req *); +extern int yppasswdprog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_x_passwd(XDR *, x_passwd*); +extern bool_t xdr_yppasswd(XDR *, yppasswd*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_YPPASSWD_H_RPCGEN */ diff --git a/include/rpcsvc/ypupdate_prot.h b/include/rpcsvc/ypupdate_prot.h new file mode 100644 index 0000000000..637fb6a2a7 --- /dev/null +++ b/include/rpcsvc/ypupdate_prot.h @@ -0,0 +1,112 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _YPUPDATE_PROT_H_RPCGEN +#define _YPUPDATE_PROT_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Sun RPC is a product of Sun Microsystems, Inc. and is provided for + * unrestricted use provided that this legend is included on all tape + * media and as a part of the software program in whole or part. Users + * may copy or modify Sun RPC without charge, but are not authorized + * to license or distribute it to anyone else except as part of a product or + * program developed by the user or with the express written consent of + * Sun Microsystems, Inc. + * + * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE + * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR + * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. + * + * Sun RPC is provided with no support and without any obligation on the + * part of Sun Microsystems, Inc. to assist in its use, correction, + * modification or enhancement. + * + * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE + * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC + * OR ANY PART THEREOF. + * + * In no event will Sun Microsystems, Inc. be liable for any lost revenue + * or profits or other special, indirect and consequential damages, even if + * Sun has been advised of the possibility of such damages. + * + * Sun Microsystems, Inc. + * 2550 Garcia Avenue + * Mountain View, California 94043 + * + * from @(#)ypupdate_prot.x 1.3 91/03/11 TIRPC 1.0 + * $FreeBSD: src/include/rpcsvc/ypupdate_prot.x,v 1.3 1999/08/27 23:45:13 peter Exp $ + * $DragonFly: src/include/rpcsvc/ypupdate_prot.x,v 1.2 2003/06/17 04:25:58 dillon Exp $ + */ +/* + * Copyright (c) 1986, 1990 by Sun Microsystems, Inc. + */ + +/* + * Compiled from ypupdate_prot.x using rpcgen + * This is NOT source code! + * DO NOT EDIT THIS FILE! + */ + +#ifndef _rpcsvc_ypupdate_prot_h +#define _rpcsvc_ypupdate_prot_h + +#define MAXMAPNAMELEN 255 +#define MAXYPDATALEN 1023 +#define MAXERRMSGLEN 255 + +typedef struct { + u_int yp_buf_len; + char *yp_buf_val; +} yp_buf; + +struct ypupdate_args { + char *mapname; + yp_buf key; + yp_buf datum; +}; +typedef struct ypupdate_args ypupdate_args; + +struct ypdelete_args { + char *mapname; + yp_buf key; +}; +typedef struct ypdelete_args ypdelete_args; + +#endif /* !_rpcsvc_ypupdate_prot_h */ + +#define YPU_PROG ((unsigned long)(100028)) +#define YPU_VERS ((unsigned long)(1)) + +extern void ypu_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define YPU_CHANGE ((unsigned long)(1)) +extern u_int * ypu_change_1(ypupdate_args *, CLIENT *); +extern u_int * ypu_change_1_svc(ypupdate_args *, struct svc_req *); +#define YPU_INSERT ((unsigned long)(2)) +extern u_int * ypu_insert_1(ypupdate_args *, CLIENT *); +extern u_int * ypu_insert_1_svc(ypupdate_args *, struct svc_req *); +#define YPU_DELETE ((unsigned long)(3)) +extern u_int * ypu_delete_1(ypdelete_args *, CLIENT *); +extern u_int * ypu_delete_1_svc(ypdelete_args *, struct svc_req *); +#define YPU_STORE ((unsigned long)(4)) +extern u_int * ypu_store_1(ypupdate_args *, CLIENT *); +extern u_int * ypu_store_1_svc(ypupdate_args *, struct svc_req *); +extern int ypu_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_yp_buf(XDR *, yp_buf*); +extern bool_t xdr_ypupdate_args(XDR *, ypupdate_args*); +extern bool_t xdr_ypdelete_args(XDR *, ypdelete_args*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_YPUPDATE_PROT_H_RPCGEN */ diff --git a/include/rpcsvc/ypxfrd.h b/include/rpcsvc/ypxfrd.h new file mode 100644 index 0000000000..af19794ef3 --- /dev/null +++ b/include/rpcsvc/ypxfrd.h @@ -0,0 +1,108 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _YPXFRD_H_RPCGEN +#define _YPXFRD_H_RPCGEN + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define _YPMAXRECORD 1024 +#define _YPMAXDOMAIN 64 +#define _YPMAXMAP 64 +#define _YPMAXPEER 64 +#define YPXFRBLOCK 32767 + +enum xfrstat { + XFR_REQUEST_OK = 1, + XFR_DENIED = 2, + XFR_NOFILE = 3, + XFR_ACCESS = 4, + XFR_BADDB = 5, + XFR_READ_OK = 6, + XFR_READ_ERR = 7, + XFR_DONE = 8, + XFR_DB_ENDIAN_MISMATCH = 9, + XFR_DB_TYPE_MISMATCH = 10 +}; +typedef enum xfrstat xfrstat; + +enum xfr_db_type { + XFR_DB_ASCII = 1, + XFR_DB_BSD_HASH = 2, + XFR_DB_BSD_BTREE = 3, + XFR_DB_BSD_RECNO = 4, + XFR_DB_BSD_MPOOL = 5, + XFR_DB_BSD_NDBM = 6, + XFR_DB_GNU_GDBM = 7, + XFR_DB_DBM = 8, + XFR_DB_NDBM = 9, + XFR_DB_OPAQUE = 10, + XFR_DB_ANY = 11, + XFR_DB_UNKNOWN = 12 +}; +typedef enum xfr_db_type xfr_db_type; + +enum xfr_byte_order { + XFR_ENDIAN_BIG = 1, + XFR_ENDIAN_LITTLE = 2, + XFR_ENDIAN_ANY = 3 +}; +typedef enum xfr_byte_order xfr_byte_order; + +typedef char *xfrdomain; + +typedef char *xfrmap; + +typedef char *xfrmap_filename; + +struct ypxfr_mapname { + xfrmap xfrmap; + xfrdomain xfrdomain; + xfrmap_filename xfrmap_filename; + xfr_db_type xfr_db_type; + xfr_byte_order xfr_byte_order; +}; +typedef struct ypxfr_mapname ypxfr_mapname; + +struct xfr { + bool_t ok; + union { + struct { + u_int xfrblock_buf_len; + char *xfrblock_buf_val; + } xfrblock_buf; + xfrstat xfrstat; + } xfr_u; +}; +typedef struct xfr xfr; + +#define YPXFRD_FREEBSD_PROG ((unsigned long)(600100069)) +#define YPXFRD_FREEBSD_VERS ((unsigned long)(1)) + +extern void ypxfrd_freebsd_prog_1(struct svc_req *rqstp, SVCXPRT *transp); +#define YPXFRD_GETMAP ((unsigned long)(1)) +extern struct xfr * ypxfrd_getmap_1(ypxfr_mapname *, CLIENT *); +extern struct xfr * ypxfrd_getmap_1_svc(ypxfr_mapname *, struct svc_req *); +extern int ypxfrd_freebsd_prog_1_freeresult(SVCXPRT *, xdrproc_t, caddr_t); + +/* the xdr functions */ +extern bool_t xdr_xfrstat(XDR *, xfrstat*); +extern bool_t xdr_xfr_db_type(XDR *, xfr_db_type*); +extern bool_t xdr_xfr_byte_order(XDR *, xfr_byte_order*); +extern bool_t xdr_xfrdomain(XDR *, xfrdomain*); +extern bool_t xdr_xfrmap(XDR *, xfrmap*); +extern bool_t xdr_xfrmap_filename(XDR *, xfrmap_filename*); +extern bool_t xdr_ypxfr_mapname(XDR *, ypxfr_mapname*); +extern bool_t xdr_xfr(XDR *, xfr*); + +#ifdef __cplusplus +} +#endif + +#endif /* !_YPXFRD_H_RPCGEN */ diff --git a/include/vers.c b/include/vers.c new file mode 100644 index 0000000000..c77b8782dc --- /dev/null +++ b/include/vers.c @@ -0,0 +1,11 @@ +/* + * Copyright (c) 2009 The DragonFly Project + * All rights reserved. + * + */ + +char version[] = "DragonFly 2.5.1-DEVELOPMENT #0: Wed Nov 11 22:37:21 CET 2009\n lentferj@atom.lan.net:/home/lentferj/repo/src/include\n"; +char ostype[] = "DragonFly"; +char osrelease[] = "2.5.1-DEVELOPMENT"; +int osreldate = 200500; +char kern_ident[] = ""; diff --git a/include/version b/include/version new file mode 100644 index 0000000000..d00491fd7e --- /dev/null +++ b/include/version @@ -0,0 +1 @@ +1 diff --git a/lib/libbind/Makefile b/lib/libbind/Makefile index 9bbebb4f9d..630bc50444 100644 --- a/lib/libbind/Makefile +++ b/lib/libbind/Makefile @@ -1,13 +1,14 @@ # $FreeBSD: src/lib/libbind/Makefile,v 1.5.2.2 2002/07/19 18:46:25 ru Exp $ # $DragonFly: src/lib/libbind/Makefile,v 1.10 2007/02/15 20:28:49 victor Exp $ -BIND_DIR=${.CURDIR}/../../contrib/bind-9.3 +BIND_DIR=${.CURDIR}/../../contrib/bind-9.5.2 # note: lib/bind/include/isc/list.h must come before lib/isc/include/isc/list.h # CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \ -I${.CURDIR}/../../usr.sbin/named/include \ - -I${BIND_DIR}/lib/bind/include + -I${BIND_DIR}/lib/bind/include \ + -DHAVE_MEMCHR .include "${.CURDIR}/../../usr.sbin/named/Makefile.inc" .include "${BIND_DIR}/lib/bind/api" @@ -58,7 +59,10 @@ SRCS+= assertions.c base64.c bitncmp.c ctl_clnt.c \ eventlib.c heap.c hex.c logging.c \ memcluster.c movefile.c tree.c -WARNS?= 1 +.PATH: ${BIND_DIR}/lib/bind/bsd +SRCS+= gettimeofday.c + +WARNS?= 0 INTERNALLIB= true diff --git a/lib/libbind/port_after.h b/lib/libbind/port_after.h index 9bc46f9886..18c770cd3b 100644 --- a/lib/libbind/port_after.h +++ b/lib/libbind/port_after.h @@ -1,4 +1,22 @@ -/* $DragonFly: src/lib/libbind/port_after.h,v 1.3 2008/01/10 22:30:27 nth Exp $ */ +/* + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: port_after.h.in,v 1.53.128.7 2008/02/28 05:46:12 marka Exp $ */ + #ifndef port_after_h #define port_after_h @@ -6,18 +24,31 @@ #include #include #include +#include #if (!defined(BSD)) || (BSD < 199306) #include #endif #ifdef HAVE_INTTYPES_H #include #endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif /* HAVE_SYS_SELECT_H */ +#ifdef REENABLE_SEND +#undef send +#endif + +#undef NEED_PSELECT #define HAVE_SA_LEN 1 -#define HAVE_MINIMUM_IFREQ 1 +#undef HAVE_MINIMUM_IFREQ #undef NEED_DAEMON #undef NEED_STRSEP #undef NEED_STRERROR +#ifdef NEED_STRERROR +const char *isc_strerror(int); +#define strerror isc_strerror +#endif #define HAS_INET6_STRUCTS 1 #define HAVE_SIN6_SCOPE_ID 1 #undef NEED_IN6ADDR_ANY @@ -26,12 +57,18 @@ #undef NEED_GETTIMEOFDAY #define HAVE_STRNDUP 1 #undef USE_FIONBIO_IOCTL -#undef USE_SYSERROR_LIST #undef INNETGR_ARGS #undef SETNETGRENT_ARGS #define USE_IFNAMELINKID 1 #define PORT_NONBLOCK O_NONBLOCK +#ifndef _POSIX_PATH_MAX +#define _POSIX_PATH_MAX 255 +#endif +#ifndef PATH_MAX +#define PATH_MAX _POSIX_PATH_MAX +#endif + /* * We need to know the IPv6 address family number even on IPv4-only systems. * Note that this is NOT a protocol constant, and that if the system has its @@ -56,7 +93,7 @@ #ifndef HAS_INET6_STRUCTS /* Replace with structure from later rev of O/S if known. */ struct in6_addr { - u_int8_t s6_addr[16]; + u_int8_t s6_addr[16]; }; #define IN6ADDR_ANY_INIT \ @@ -70,15 +107,15 @@ struct in6_addr { /* Replace with structure from later rev of O/S if known. */ struct sockaddr_in6 { #ifdef HAVE_SA_LEN - u_int8_t sin6_len; /* length of this struct */ - u_int8_t sin6_family; /* AF_INET6 */ + u_int8_t sin6_len; /* length of this struct */ + u_int8_t sin6_family; /* AF_INET6 */ #else - u_int16_t sin6_family; /* AF_INET6 */ + u_int16_t sin6_family; /* AF_INET6 */ #endif - u_int16_t sin6_port; /* transport layer port # */ - u_int32_t sin6_flowinfo; /* IPv6 flow information */ - struct in6_addr sin6_addr; /* IPv6 address */ - u_int32_t sin6_scope_id; /* set of interfaces for a scope */ + u_int16_t sin6_port; /* transport layer port # */ + u_int32_t sin6_flowinfo; /* IPv6 flow information */ + struct in6_addr sin6_addr; /* IPv6 address */ + u_int32_t sin6_scope_id; /* set of interfaces for a scope */ }; #endif /* HAS_INET6_STRUCTS */ @@ -125,21 +162,21 @@ struct sockaddr_in6 { #endif #ifndef HAVE_SOCKADDR_STORAGE -#define __SS_MAXSIZE 128 -#define __SS_ALLIGSIZE (sizeof (long)) +#define __SS_MAXSIZE 128 +#define __SS_ALLIGSIZE (sizeof (long)) struct sockaddr_storage { #ifdef HAVE_SA_LEN - u_int8_t ss_len; /* address length */ - u_int8_t ss_family; /* address family */ - char __ss_pad1[__SS_ALLIGSIZE - 2 * sizeof(u_int8_t)]; - long __ss_align; - char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; -#else - u_int16_t ss_family; /* address family */ - char __ss_pad1[__SS_ALLIGSIZE - sizeof(u_int16_t)]; - long __ss_align; - char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; + u_int8_t ss_len; /* address length */ + u_int8_t ss_family; /* address family */ + char __ss_pad1[__SS_ALLIGSIZE - 2 * sizeof(u_int8_t)]; + long __ss_align; + char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; +#else + u_int16_t ss_family; /* address family */ + char __ss_pad1[__SS_ALLIGSIZE - sizeof(u_int16_t)]; + long __ss_align; + char __ss_pad2[__SS_MAXSIZE - 2 * __SS_ALLIGSIZE]; #endif }; #endif @@ -250,7 +287,7 @@ extern const struct in6_addr isc_in6addr_loopback; #ifdef NEED_DAEMON int daemon(int nochdir, int noclose); #endif - + #ifdef NEED_STRSEP char * strsep(char **stringp, const char *delim); #endif @@ -305,16 +342,16 @@ innetgr_r(const char *, const char *, const char *, const char *); #endif #ifdef NEED_SETNETGRENT_R -#ifdef NGR_R_ENT_ARGS -NGR_R_SET_RETURN setnetgrent_r(const char *netgroup, NGR_R_ENT_ARGS); +#ifdef NGR_R_SET_ARGS +NGR_R_SET_RETURN setnetgrent_r(NGR_R_SET_CONST char *netgroup, NGR_R_SET_ARGS); #else -NGR_R_SET_RETURN setnetgrent_r(const char *netgroup); +NGR_R_SET_RETURN setnetgrent_r(NGR_R_SET_CONST char *netgroup); #endif #endif #ifdef NEED_ENDNETGRENT_R -#ifdef NGR_R_ENT_ARGS -NGR_R_END_RETURN endnetgrent_r(NGR_R_ENT_ARGS); +#ifdef NGR_R_END_ARGS +NGR_R_END_RETURN endnetgrent_r(NGR_R_END_ARGS); #else NGR_R_END_RETURN endnetgrent_r(void); #endif @@ -323,25 +360,25 @@ NGR_R_END_RETURN endnetgrent_r(void); #ifdef POSIX_GETPWNAM_R int __posix_getpwnam_r(const char *login, struct passwd *pwptr, - char *buf, size_t buflen, struct passwd **result); + char *buf, size_t buflen, struct passwd **result); #endif #ifdef NEED_GETPWNAM_R int getpwnam_r(const char *login, struct passwd *pwptr, - char *buf, size_t buflen, struct passwd **result); + char *buf, size_t buflen, struct passwd **result); #endif #ifdef POSIX_GETPWUID_R int __posix_getpwuid_r(uid_t uid, struct passwd *pwptr, - char *buf, int buflen, struct passwd **result); + char *buf, int buflen, struct passwd **result); #endif #ifdef NEED_GETPWUID_R int getpwuid_r(uid_t uid, struct passwd *pwptr, - char *buf, size_t buflen, struct passwd **result); + char *buf, size_t buflen, struct passwd **result); #endif #ifdef NEED_SETPWENT_R @@ -380,10 +417,12 @@ int isc__gettimeofday(struct timeval *tvp, struct _TIMEZONE *tzp); int isc__gettimeofday(struct timeval *tp, struct timezone *tzp); #endif -int getnetgrent(char **machinep, char **userp, char **domainp); +int getnetgrent(NGR_R_CONST char **machinep, NGR_R_CONST char **userp, + NGR_R_CONST char **domainp); #ifdef NGR_R_ARGS -int getnetgrent_r(char **machinep, char **userp, char **domainp, NGR_R_ARGS); +int getnetgrent_r(NGR_R_CONST char **machinep, NGR_R_CONST char **userp, + NGR_R_CONST char **domainp, NGR_R_ARGS); #endif #ifdef SETNETGRENT_ARGS @@ -401,11 +440,87 @@ int innetgr(const char *netgroup, const char *machine, const char *user, const char *domain); #endif -#ifdef NGR_R_ENT_ARGS +#ifdef NGR_R_SET_ARGS NGR_R_SET_RETURN -setnetgrent_r(const char *netgroup, NGR_R_ENT_ARGS); +setnetgrent_r(NGR_R_SET_CONST char *netgroup, NGR_R_SET_ARGS); #else NGR_R_SET_RETURN -setnetgrent_r(const char *netgroup); +setnetgrent_r(NGR_R_SET_CONST char *netgroup); +#endif + +#ifdef NEED_STRTOUL +unsigned long strtoul(const char *, char **, int); +#endif + +#ifdef NEED_SUN4PROTOS +#include +#ifndef __SIZE_TYPE__ +#define __SIZE_TYPE__ int +#endif +struct sockaddr; +struct iovec; +struct timeval; +struct timezone; +int fprintf(FILE *, const char *, ...); +int getsockname(int, struct sockaddr *, int *); +int getpeername(int, struct sockaddr *, int *); +int socket(int, int, int); +int connect(int, const struct sockaddr *, int); +int writev(int, struct iovec *, int); +int readv(int, struct iovec *, int); +int send(int, const char *, int, int); +void bzero(char *, int); +int recvfrom(int, char *, int, int, struct sockaddr *, int *); +int syslog(int, const char *, ... ); +int printf(const char *, ...); +__SIZE_TYPE__ fread(void *, __SIZE_TYPE__, __SIZE_TYPE__, FILE *); +__SIZE_TYPE__ fwrite(const void *, __SIZE_TYPE__, __SIZE_TYPE__, FILE *); +int fclose(FILE *); +int ungetc(int, FILE *); +int scanf(const char *, ...); +int sscanf(const char *, const char *, ... ); +int tolower(int); +int toupper(int); +int strcasecmp(const char *, const char *); +int strncasecmp(const char *, const char *, int); +int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); +#ifdef gettimeofday +#undef gettimeofday +int gettimeofday(struct timeval *, struct timezone *); +#define gettimeofday isc__gettimeofday +#else +int gettimeofday(struct timeval *, struct timezone *); +#endif +long strtol(const char*, char **, int); +int fseek(FILE *, long, int); +int setsockopt(int, int, int, const char *, int); +int bind(int, const struct sockaddr *, int); +void bcopy(char *, char *, int); +int fputc(char, FILE *); +int listen(int, int); +int accept(int, struct sockaddr *, int *); +int getsockopt(int, int, int, char *, int *); +int vfprintf(FILE *, const char *, va_list); +int fflush(FILE *); +int fgetc(FILE *); +int fputs(const char *, FILE *); +int fchown(int, int, int); +void setbuf(FILE *, char *); +int gethostname(char *, int); +int rename(const char *, const char *); +time_t time(time_t *); +int fscanf(FILE *, const char *, ...); +int sscanf(const char *, const char *, ...); +int ioctl(int, int, caddr_t); +void perror(const char *); + +#if !defined(__USE_FIXED_PROTOTYPES__) && !defined(__cplusplus) && !defined(__STRICT_ANSI__) +/* + * 'gcc -ansi' changes the prototype for vsprintf(). + * Use this prototype when 'gcc -ansi' is not in effect. + */ +char *vsprintf(char *, const char *, va_list); #endif #endif + +#endif diff --git a/lib/libbind/port_before.h b/lib/libbind/port_before.h index b28d17bf8a..6802b4feca 100644 --- a/lib/libbind/port_before.h +++ b/lib/libbind/port_before.h @@ -1,8 +1,30 @@ -/* $DragonFly: src/lib/libbind/port_before.h,v 1.3 2008/05/19 10:19:49 corecode Exp $ */ +/* + * Copyright (C) 2005-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: port_before.h.in,v 1.27.128.3 2008/02/28 05:46:12 marka Exp $ */ + #ifndef port_before_h #define port_before_h #include +#ifdef NEED_SUN4PROTOS +#define _PARAMS(x) x +#endif + struct group; /* silence warning */ struct passwd; /* silence warning */ struct timeval; /* silence warning */ @@ -12,57 +34,68 @@ struct timezone; /* silence warning */ #include #endif #include -#include +#ifdef ISC_PLATFORM_NEEDTIMESPEC +#include /* For time_t */ +struct timespec { + time_t tv_sec; /* seconds */ + long tv_nsec; /* nanoseconds */ +}; +#endif +#ifndef HAVE_MEMMOVE +/*#define memmove(a,b,c) bcopy(b,a,c)*/ +#endif #undef WANT_IRS_GR #undef WANT_IRS_NIS #undef WANT_IRS_PW #undef BSD_COMP +#undef HAVE_POLL +#undef HAVE_MD5 #undef SOLARIS2 #undef DO_PTHREADS #define GETGROUPLIST_ARGS const char *name, gid_t basegid, gid_t *groups, int *ngroups -#define GETNETBYADDR_ADDR_T long +#define GETNETBYADDR_ADDR_T unsigned long int #define SETPWENT_VOID 1 -#undef SETGRENT_VOID +#define SETGRENT_VOID 1 -#define NET_R_ARGS char *buf, int buflen -#define NET_R_BAD NULL +#define NET_R_ARGS char *buf, size_t buflen, struct netent **answerp, int *h_errnop +#define NET_R_BAD ERANGE #define NET_R_COPY buf, buflen -#define NET_R_COPY_ARGS NET_R_ARGS +#define NET_R_COPY_ARGS char *buf, size_t buflen #define NET_R_END_RESULT(x) /*empty*/ #define NET_R_END_RETURN void #undef NET_R_ENT_ARGS /*empty*/ -#define NET_R_OK nptr -#define NET_R_RETURN struct netent * +#define NET_R_OK 0 +#define NET_R_RETURN int #undef NET_R_SET_RESULT /*empty*/ -#undef NET_R_SETANSWER +#define NET_R_SETANSWER 1 #define NET_R_SET_RETURN void #undef NETENT_DATA -#define GROUP_R_RETURN struct group * + #define GROUP_R_SET_RETURN void #undef GROUP_R_SET_RESULT /*empty*/ #define GROUP_R_END_RETURN void #define GROUP_R_END_RESULT(x) /*empty*/ -#define GROUP_R_ARGS char *buf, int buflen + #define GROUP_R_ENT_ARGS void -#define GROUP_R_OK gptr -#define GROUP_R_BAD NULL -#define HOST_R_ARGS char *buf, int buflen, int *h_errnop -#define HOST_R_BAD NULL + + +#define HOST_R_ARGS char *buf, size_t buflen, struct hostent **answerp, int *h_errnop +#define HOST_R_BAD ERANGE #define HOST_R_COPY buf, buflen #define HOST_R_COPY_ARGS char *buf, int buflen #define HOST_R_END_RESULT(x) /*empty*/ #define HOST_R_END_RETURN void #undef HOST_R_ENT_ARGS /*empty*/ #define HOST_R_ERRNO *h_errnop = h_errno -#define HOST_R_OK hptr -#define HOST_R_RETURN struct hostent * -#undef HOST_R_SETANSWER +#define HOST_R_OK 0 +#define HOST_R_RETURN int +#define HOST_R_SETANSWER 1 #undef HOST_R_SET_RESULT #define HOST_R_SET_RETURN void #undef HOSTENT_DATA @@ -71,60 +104,71 @@ struct timezone; /* silence warning */ #define NGR_R_BAD (0) #define NGR_R_COPY buf, buflen #define NGR_R_COPY_ARGS NGR_R_ARGS +#define NGR_R_CONST #define NGR_R_END_RESULT(x) /*empty*/ #define NGR_R_END_RETURN void -#undef NGR_R_ENT_ARGS /*empty*/ +#undef NGR_R_END_ARGS /*empty*/ #define NGR_R_OK 1 #define NGR_R_RETURN int +#define NGR_R_SET_CONST const #undef NGR_R_SET_RESULT /*empty*/ #define NGR_R_SET_RETURN void +#undef NGR_R_SET_ARGS -#define PROTO_R_ARGS char *buf, int buflen -#define PROTO_R_BAD NULL +#if !defined(NGR_R_SET_ARGS) && defined(NGR_R_END_ARGS) +#define NGR_R_SET_ARGS NGR_R_END_ARGS +#endif + +#define PROTO_R_ARGS char *buf, size_t buflen, struct protoent **answerp +#define PROTO_R_BAD ERANGE #define PROTO_R_COPY buf, buflen -#define PROTO_R_COPY_ARGS PROTO_R_ARGS +#define PROTO_R_COPY_ARGS char *buf, size_t buflen #define PROTO_R_END_RESULT(x) /*empty*/ #define PROTO_R_END_RETURN void #undef PROTO_R_ENT_ARGS /*empty*/ -#define PROTO_R_OK pptr -#undef PROTO_R_SETANSWER -#define PROTO_R_RETURN struct protoent * +#undef PROTO_R_ENT_UNUSED +#define PROTO_R_OK 0 +#define PROTO_R_SETANSWER 1 +#define PROTO_R_RETURN int #undef PROTO_R_SET_RESULT #define PROTO_R_SET_RETURN void +#undef PROTOENT_DATA + + + + -#define PASS_R_ARGS char *buf, int buflen -#define PASS_R_BAD NULL -#define PASS_R_COPY buf, buflen -#define PASS_R_COPY_ARGS PASS_R_ARGS #define PASS_R_END_RESULT(x) /*empty*/ #define PASS_R_END_RETURN void #undef PASS_R_ENT_ARGS -#define PASS_R_OK pwptr -#define PASS_R_RETURN struct passwd * + + #undef PASS_R_SET_RESULT /*empty*/ #define PASS_R_SET_RETURN void -#define SERV_R_ARGS char *buf, int buflen -#define SERV_R_BAD NULL +#define SERV_R_ARGS char *buf, size_t buflen, struct servent **answerp +#define SERV_R_BAD ERANGE #define SERV_R_COPY buf, buflen -#define SERV_R_COPY_ARGS SERV_R_ARGS +#define SERV_R_COPY_ARGS char *buf, size_t buflen #define SERV_R_END_RESULT(x) /*empty*/ #define SERV_R_END_RETURN void #undef SERV_R_ENT_ARGS /*empty*/ -#define SERV_R_OK sptr -#undef SERV_R_SETANSWER -#define SERV_R_RETURN struct servent * +#undef SERV_R_ENT_UNUSED /*empty*/ +#define SERV_R_OK (0) +#define SERV_R_SETANSWER 1 +#define SERV_R_RETURN int #undef SERV_R_SET_RESULT #define SERV_R_SET_RETURN void + #define DE_CONST(konst, var) \ - do { \ - union { const void *k; void *v; } _u; \ - _u.k = konst; \ - var = _u.v; \ - } while (0) + do { \ + union { const void *k; void *v; } _u; \ + _u.k = konst; \ + var = _u.v; \ + } while (0) #define UNUSED(x) (x) = (x) @@ -144,3 +188,5 @@ struct timezone; /* silence warning */ #endif #endif + +/*! \file */ diff --git a/lib/libbind9/Makefile b/lib/libbind9/Makefile index 6d824e3b26..427d0eb184 100644 --- a/lib/libbind9/Makefile +++ b/lib/libbind9/Makefile @@ -1,12 +1,21 @@ # $DragonFly: src/lib/libbind9/Makefile,v 1.1 2006/09/20 21:48:39 victor Exp $ -BIND_DIR=${.CURDIR}/../../contrib/bind-9.3 +BIND_DIR=${.CURDIR}/../../contrib/bind-9.5.2 .include "${BIND_DIR}/lib/isc/api" - CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \ -I${.CURDIR}/../../usr.sbin/named/include \ -I${BIND_DIR}/lib/bind9/include +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif .include "${.CURDIR}/../../usr.sbin/named/Makefile.inc" .include "${BIND_DIR}/lib/bind9/api" @@ -17,7 +26,7 @@ CFLAGS+= -DLIBINTERFACE=${LIBINTERFACE} -DLIBREVISION=${LIBREVISION} -DLIBAGE=${ .PATH: ${BIND_DIR}/lib/bind9 SRCS+= check.c version.c getaddresses.c -WARNS?= 3 +WARNS?= 1 .include diff --git a/lib/libc/resolv/Makefile.inc b/lib/libc/resolv/Makefile.inc index aa85234f81..b1f3ff4a87 100644 --- a/lib/libc/resolv/Makefile.inc +++ b/lib/libc/resolv/Makefile.inc @@ -1,4 +1,4 @@ -BINDDIR= ${.CURDIR}/../../contrib/bind-9.3/lib/bind +BINDDIR= ${.CURDIR}/../../contrib/bind-9.5.2/lib/bind .PATH: ${BINDDIR}/inet SRCS+= inet_addr.c inet_cidr_ntop.c inet_cidr_pton.c inet_lnaof.c \ diff --git a/lib/libc_rtld/Makefile b/lib/libc_rtld/Makefile index 586ff5113f..3d5200040e 100644 --- a/lib/libc_rtld/Makefile +++ b/lib/libc_rtld/Makefile @@ -5,6 +5,7 @@ INTERNALLIB= INSTALL_PIC_ARCHIVE= NOPROFILE= STATIC_LOCALES= +BINDDIR= ${.CURDIR}/../../contrib/bind-9.5.2/lib/bind CFLAGS+=-I${.CURDIR}/../libc/include CFLAGS+=-I${.CURDIR}/../libc/rpc CFLAGS+=-I${.CURDIR}/../../include -D__thread= diff --git a/lib/libisc/Makefile b/lib/libisc/Makefile index af6357f813..5569a9a585 100644 --- a/lib/libisc/Makefile +++ b/lib/libisc/Makefile @@ -1,8 +1,7 @@ # $FreeBSD: src/lib/libisc/Makefile,v 1.1.2.6 2002/07/22 14:21:49 ru Exp $ # $DragonFly: src/lib/libisc/Makefile,v 1.8 2006/09/20 21:48:39 victor Exp $ -BIND_DIR= ${.CURDIR}/../../contrib/bind-9.3 - +BIND_DIR= ${.CURDIR}/../../contrib/bind-9.5.2 .include "${.CURDIR}/../../usr.sbin/named/Makefile.inc" .include "${BIND_DIR}/lib/isc/api" @@ -24,28 +23,28 @@ SRCS+= isc/unix/app.c isc/unix/dir.c isc/unix/entropy.c \ SRCS+= isc/assertions.c isc/base64.c isc/bitstring.c \ isc/buffer.c isc/bufferlist.c isc/commandline.c \ isc/error.c isc/event.c isc/hash.c isc/heap.c \ - isc/hex.c \ - isc/hmacmd5.c isc/inet_pton.c isc/lex.c isc/lfsr.c \ - isc/lib.c isc/log.c isc/md5.c isc/mem.c \ + isc/hex.c isc/httpd.c \ + isc/hmacmd5.c isc/hmacsha.c isc/inet_pton.c isc/lex.c isc/lfsr.c \ + isc/lib.c isc/inet_aton.c isc/log.c isc/md5.c isc/mem.c \ isc/mutexblock.c isc/netaddr.c isc/netscope.c \ - isc/ondestroy.c isc/parseint.c isc/quota.c \ - isc/random.c isc/ratelimiter.c isc/region.c \ + isc/ondestroy.c isc/parseint.c isc/portset.c isc/quota.c \ + isc/radix.c isc/random.c isc/ratelimiter.c isc/refcount.c isc/region.c \ isc/result.c \ - isc/rwlock.c isc/serial.c isc/sha1.c \ - isc/sockaddr.c isc/string.c isc/strtoul.c \ + isc/rwlock.c isc/serial.c isc/sha1.c isc/sha2.c \ + isc/sockaddr.c isc/stats.c isc/string.c isc/strtoul.c \ isc/symtab.c isc/task.c isc/taskpool.c \ isc/timer.c isc/version.c -SRCS+= isccfg/namedconf.c isccfg/log.c isccfg/parser.c isccfg/version.c +SRCS+= isccfg/aclconf.c isccfg/namedconf.c isccfg/log.c isccfg/parser.c isccfg/version.c -SRCS+= dns/acl.c dns/adb.c dns/byaddr.c dns/cache.c \ +SRCS+= dns/acache.c dns/acl.c dns/adb.c dns/byaddr.c dns/cache.c \ dns/callbacks.c dns/compress.c dns/db.c \ dns/dbiterator.c dns/dbtable.c dns/diff.c \ - dns/dispatch.c dns/dnssec.c dns/ds.c \ + dns/dispatch.c dns/dlz.c dns/dnssec.c dns/ds.c \ dns/dst_api.c dns/dst_lib.c dns/dst_parse.c \ dns/dst_result.c dns/forward.c dns/gssapi_link.c \ dns/gssapictx.c \ - dns/hmac_link.c dns/journal.c dns/key.c \ + dns/hmac_link.c dns/iptable.c dns/journal.c dns/key.c \ dns/keytable.c dns/lib.c dns/log.c \ dns/lookup.c dns/master.c dns/masterdump.c \ dns/message.c dns/name.c dns/ncache.c \ @@ -80,6 +79,17 @@ SRCS+= lwres/context.c lwres/gai_strerror.c lwres/getaddrinfo.c \ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named CFLAGS+= -I${.CURDIR}/../../usr.sbin/named/include +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif + CFLAGS+= -Wall -Wmissing-prototypes CFLAGS+= -DLIBINTERFACE=${LIBINTERFACE} \ diff --git a/usr.bin/dig/Makefile b/usr.bin/dig/Makefile index 30cd353744..a4d1d5c6ae 100644 --- a/usr.bin/dig/Makefile +++ b/usr.bin/dig/Makefile @@ -10,11 +10,22 @@ USE_LIBISC= yes PROG= dig SRCS= dig.c dighost.c -WARNS?= 3 +WARNS?= 1 CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \ -I${.CURDIR}/../../usr.sbin/named/include \ -I${BIND_DIR}/lib/bind9/include \ -I${BIND_DIR}/bin/dig/include +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif + .include diff --git a/usr.bin/host/Makefile b/usr.bin/host/Makefile index bdd78dae1f..e95002e84d 100644 --- a/usr.bin/host/Makefile +++ b/usr.bin/host/Makefile @@ -11,11 +11,22 @@ USE_LIBISC= yes PROG= host SRCS= host.c dighost.c -WARNS?= 3 +WARNS?= 1 CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \ -I${.CURDIR}/../../usr.sbin/named/include \ -I${BIND_DIR}/lib/bind9/include \ -I${BIND_DIR}/bin/dig/include +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif + .include diff --git a/usr.sbin/named/Makefile b/usr.sbin/named/Makefile index 6ccddac603..681fd0657c 100644 --- a/usr.sbin/named/Makefile +++ b/usr.sbin/named/Makefile @@ -11,22 +11,36 @@ USE_LIBBIND9= true PROG= named # named.conf.5 named-bootconf.8 -MAN= named.conf.5 named.8 nsupdate.8 -SRCS= aclconf.c builtin.c client.c config.c control.c \ +MAN= named.conf.5 named.8 nsupdate.1 +SRCS= builtin.c client.c config.c control.c \ controlconf.c interfacemgr.c \ listenlist.c log.c logconf.c main.c notify.c \ - query.c server.c sortlist.c \ + query.c server.c statschannel.c sortlist.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \ +CFLAGS+= -I${BIND_DIR}/bin/named/unix/include/named + .PATH: ${BIND_DIR}/bin/named/unix SRCS+= os.c -WARNS?= 3 +WARNS?= 1 CFLAGS+= -I${BIND_DIR}/bin/named/include \ - -I${BIND_DIR}/lib/bind9/include + -I${BIND_DIR}/lib/bind9/include \ + -I${BIND_DIR}/bin/named/unix/include + +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif .if exists(${.OBJDIR}/../../lib/libisc) LIBISCDIR:= ${.OBJDIR}/../../lib/libisc diff --git a/usr.sbin/named/Makefile.inc b/usr.sbin/named/Makefile.inc index 6197d65334..c5751b452a 100644 --- a/usr.sbin/named/Makefile.inc +++ b/usr.sbin/named/Makefile.inc @@ -5,11 +5,11 @@ .ifndef (Mk.Inc) Mk.Inc?=defined -BIND_DIR?= ${.CURDIR}/../../contrib/bind-9.3 +BIND_DIR?= ${.CURDIR}/../../contrib/bind-9.5.2 # P2 doesn't officially exist from ISC # this is the patch for 9.3.5-P1 backported to 9.3.4-P1 -VER= 9.3.4-P2 +VER= 9.5.2 PS= ps PIDDIR= /var/run diff --git a/usr.sbin/named/include/isc/os.h b/usr.sbin/named/include/isc/os.h index 9dff0aa5ca..3cf59e2cb6 100644 --- a/usr.sbin/named/include/isc/os.h +++ b/usr.sbin/named/include/isc/os.h @@ -1,33 +1,34 @@ /* + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.5 2001/01/09 21:57:19 bwelling Exp $ */ -/* $DragonFly: src/usr.sbin/named/include/isc/os.h,v 1.1 2004/05/27 18:15:42 dillon Exp $ */ +/* $Id: os.h,v 1.12 2007/06/19 23:47:18 tbox Exp $ */ #ifndef ISC_OS_H #define ISC_OS_H 1 +/*! \file isc/os.h */ + #include ISC_LANG_BEGINDECLS unsigned int isc_os_ncpus(void); -/* +/*%< * Return the number of CPUs available on the system, or 1 if this cannot * be determined. */ diff --git a/usr.sbin/named/include/named/os.h b/usr.sbin/named/include/named/os.h index 5c02faa99d..1ab86aa290 100644 --- a/usr.sbin/named/include/named/os.h +++ b/usr.sbin/named/include/named/os.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.14.2.2.8.9 2004/09/29 06:36:44 marka Exp $ */ -/* $DragonFly: src/usr.sbin/named/include/named/os.h,v 1.2 2006/09/20 21:48:39 victor Exp $ */ +/* $Id: os.h,v 1.27.128.2 2008/10/24 01:44:15 tbox Exp $ */ #ifndef NS_OS_H #define NS_OS_H 1 +/*! \file */ + #include void @@ -44,12 +45,14 @@ ns_os_inituserinfo(const char *username); void ns_os_changeuser(void); +void +ns_os_adjustnofile(void); + void ns_os_minprivs(void); void ns_os_writepidfile(const char *filename, isc_boolean_t first_time); - void ns_os_shutdown(void); diff --git a/usr.sbin/nslookup/Makefile b/usr.sbin/nslookup/Makefile index 2b5227f18b..4530e424de 100644 --- a/usr.sbin/nslookup/Makefile +++ b/usr.sbin/nslookup/Makefile @@ -11,12 +11,24 @@ USE_LIBISC= yes PROG= nslookup SRCS= nslookup.c dighost.c -MAN= -WARNS?= 3 + +WARNS?= 1 CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \ -I${.CURDIR}/../../usr.sbin/named/include \ -I${BIND_DIR}/lib/bind9/include \ -I${BIND_DIR}/bin/dig/include +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif + + .include diff --git a/usr.sbin/nsupdate/Makefile b/usr.sbin/nsupdate/Makefile index aaa0c8da50..e80b9d12a1 100644 --- a/usr.sbin/nsupdate/Makefile +++ b/usr.sbin/nsupdate/Makefile @@ -16,6 +16,19 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \ -I${.CURDIR}/../../usr.sbin/named/include \ -I${BIND_DIR}/lib/bind9/include -MAN= nsupdate.8 +.if ${MACHINE_ARCH} == "i386" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USEGCCASM +.endif +.if ${MACHINE_ARCH} == "x86_64" +CFLAGS+= -I${BIND_DIR}/lib/isc/x86_64/include +CFLAGS+= -DISC_PLATFORM_USETHREADS +CFLAGS+= -DISC_PLATFORM_USESTDASM +.endif + +WARNS?=1 + +MAN= nsupdate.1 .include -- 2.41.0