Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/dist/bind Pull up revisions 1.4-1.6 (requested by itojun):
details: https://anonhg.NetBSD.org/src/rev/3b8acbf7653a
branches: netbsd-1-5
changeset: 493173:3b8acbf7653a
user: he <he%NetBSD.org@localhost>
date: Mon Jul 01 17:12:48 2002 +0000
description:
Pull up revisions 1.4-1.6 (requested by itojun):
Update BIND to version 8.3.3.
diffstat:
dist/bind/README | 37 +
dist/bind/bin/named-xfer/named-xfer.c | 1190 ++++++++++++++------------------
dist/bind/bin/named/db_dump.c | 31 +-
dist/bind/bin/named/ns_defs.h | 94 +-
dist/bind/bin/named/ns_glue.c | 48 +-
dist/bind/bin/named/ns_maint.c | 166 ++-
dist/bind/man/nsupdate.8 | 42 +-
7 files changed, 808 insertions(+), 800 deletions(-)
diffs (truncated from 2874 to 300 lines):
diff -r a51fe72577e4 -r 3b8acbf7653a dist/bind/README
--- a/dist/bind/README Fri Jun 28 13:48:17 2002 +0000
+++ b/dist/bind/README Mon Jul 01 17:12:48 2002 +0000
@@ -10,6 +10,43 @@
Note that BIND 8 is in "end-of-life", having been replaced by BIND 9. See
http://www.isc.org/ for more details.
+BIND 8.3.3 Highlights
+ Security Fix libbind. All applications linked against libbind
+ need to relinked.
+ 'rndc restart' now preserves named's arguements
+
+BIND 8.3.2 Highlights
+ dig, nslookup, host and nsupdate have improved IPv6 support.
+
+BIND 8.3.1 Highlights
+ Critical bug fix to prevent DNS storms. If you have BIND 8.3.0 you
+ need to upgrade.
+
+BIND 8.3.0 Highlights
+ IPv6 transport support in resolver (from KAME).
+ Opaque rdata support.
+ EDNS0 support.
+ Glue ordering to help non-ENDS0 aware clients (servers) cope with
+ larger responses as a result of IPv6 by allowing A records to be added
+ first to the additional section. IPv6 capable clients are expected to
+ use EDNS0 to allow larger responses to be sent.
+ Bug Fixes, includes BIND 8.2.5 changes.
+
+BIND 8.2.4 Highlights
+ NSAP processing was not RFC 1706 compliant. NOTE: OLD MASTER FILES
+ NEED TO BE CORRECTED AND CACHE FILES REMOVED.
+ Fixes long-standing protocol incompatibility in DNSSEC support.
+ Avoids fwd'ing to root name servers if response will be rejected.
+ new port/cygwin contributed by s_c_biggs%bigfoot.com@localhost.
+ new contrib/mdnkit (V1.3) from author.
+ new contrib/adm from official ftp site.
+ new contrib/host from author.
+ new contrib/dnsp from author.
+ fixed file descriptor leak in resolver.
+ fixed a major memory leak in the processing of dynamic updates.
+ numerous portability improvements.
+ numerous bug fixes.
+
BIND 8.2.3 Highlights
Improved support for Windows NT and Windows 2000.
diff -r a51fe72577e4 -r 3b8acbf7653a dist/bind/bin/named-xfer/named-xfer.c
--- a/dist/bind/bin/named-xfer/named-xfer.c Fri Jun 28 13:48:17 2002 +0000
+++ b/dist/bind/bin/named-xfer/named-xfer.c Mon Jul 01 17:12:48 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: named-xfer.c,v 1.1.1.1.8.3 2001/01/28 15:52:37 he Exp $ */
+/* $NetBSD: named-xfer.c,v 1.1.1.1.8.4 2002/07/01 17:12:50 he Exp $ */
/*
* The original version of named-xfer by Kevin Dunlap.
@@ -132,7 +132,7 @@
#if !defined(lint) && !defined(SABER)
static const char sccsid[] = "@(#)named-xfer.c 4.18 (Berkeley) 3/7/91";
-static const char rcsid[] = "Id: named-xfer.c,v 8.104 2000/12/23 08:14:44 vixie Exp";
+static const char rcsid[] = "Id: named-xfer.c,v 8.121 2002/06/26 03:27:22 marka Exp";
#endif /* not lint */
#include "port_before.h"
@@ -171,6 +171,10 @@
#include "port_after.h"
+#ifndef PATH_SEP
+#define PATH_SEP '/'
+#endif
+
#define MAIN_PROGRAM
#include "../named/named.h"
#undef MAIN_PROGRAM
@@ -213,7 +217,7 @@
writemsg(int, const u_char *, int);
static int ixfr_log(const u_char *msg, int len, int *delete,
FILE *file, struct sockaddr_in *sin,
- char *domain, u_int32_t *serial_no, int *);
+ u_int32_t *serial_no, int *);
static SIG_FN read_alarm(void);
static SIG_FN term_handler(void);
static const char *soa_zinfo(struct zoneinfo *, u_char *, u_char*),
@@ -286,7 +290,8 @@
return (1);
}
-void cleanup_for_exit(void) {
+static void
+cleanup_for_exit(void) {
#ifdef DEBUG
if (!debug)
#endif
@@ -320,7 +325,7 @@
struct in_addr axfr_src;
char *dbfile = NULL, *tracefile = NULL, *tm = NULL, *tsigfile = NULL;
char *ixfrfile = NULL;
- int dbfd, ddtd, result, c, ixfd;
+ int dbfd, ddtd, result, c, ixfd = -1;
u_int32_t serial_no = 0;
u_int port = htons(NAMESERVER_PORT);
struct stat statbuf;
@@ -332,7 +337,7 @@
set42sig();
#endif
memset(&axfr_src, 0, sizeof axfr_src);
- ProgName = strrchr(argv[0], '/');
+ ProgName = strrchr(argv[0], PATH_SEP);
if (ProgName != NULL)
ProgName++;
else
@@ -493,12 +498,16 @@
if (!quiet)
syslog(LOG_ERR, "can't [f]chmod tmpfile (%s): %s\n",
tmpname, strerror(errno));
+ close(dbfd);
+ unlink(tmpname);
exit(XFER_FAIL);
}
if ((dbfp = fdopen(dbfd, "r+")) == NULL) {
perror(tmpname);
if (!quiet)
syslog(LOG_ERR, "can't fdopen tmpfile (%s)", tmpname);
+ close(dbfd);
+ unlink(tmpname);
exit(XFER_FAIL);
}
if (ixfrfile) {
@@ -545,9 +554,13 @@
#endif
{
perror(ddtfile);
+ close(ddtd);
+ unlink(ddtfile);
debug = 0;
} else if ((ddt = fdopen(ddtd, "w")) == NULL) {
perror(ddtfile);
+ close(ddtd);
+ unlink(ddtfile);
debug = 0;
} else
setvbuf(ddt, NULL, _IOLBF, 0);
@@ -739,6 +752,7 @@
default:
result = XFER_FAIL;
/* fall through */
+ case XFER_REFUSED:
case XFER_TIMEOUT:
case XFER_FAIL:
(void) unlink(tmpname);
@@ -749,7 +763,7 @@
return (0); /* Make gcc happy. */
}
-static char *UsageText[] = {
+static const char *UsageText[] = {
"\t-z zone_to_transfer\n",
"\t-f db_file\n",
"\t[-i ixfr_file]\n",
@@ -768,11 +782,11 @@
static void
usage(const char *msg) {
- char * const *line;
+ const char **line;
fprintf(stderr, "Usage error: %s\n", msg);
fprintf(stderr, "Usage: %s\n", ProgName);
- for (line = UsageText; *line; line++)
+ for (line = UsageText; *line; line++)
fputs(*line, stderr);
exit(XFER_FAIL);
}
@@ -851,6 +865,179 @@
char prev_dname[MAXDNAME] = { DEF_DNAME }; /* from previous record */
char prev_ns_dname[MAXDNAME] = { DEF_DNAME }; /* from most recent NS record */
+/*
+ * TSIG state
+ */
+static int tsig_signed;
+static ns_tcp_tsig_state tsig_state;
+
+static int
+make_query(int fd, struct zoneinfo *zp, int type, u_int32_t serial_no,
+ DST_KEY *tsig_key, u_char *buf, u_int bufsize)
+{
+ HEADER *hp;
+ u_char *cp;
+ int n, ret;
+ time_t timesigned = 0;
+
+ n = res_nmkquery(&res, QUERY, zp->z_origin, curclass,
+ type, NULL, 0, NULL, buf, bufsize);
+ if (n < 0) {
+ if (!quiet)
+ syslog(LOG_INFO, "zone %s: res_nmkquery %s failed",
+ p_type(query_type), zp->z_origin);
+ return (n);
+ }
+
+ if (type == T_IXFR) {
+ hp = (HEADER *) buf;
+ cp = buf;
+ dprintf(1, "len = %d\n", n);
+ hp->nscount = htons(1+ntohs(hp->nscount));
+ cp += n;
+ n = dn_comp(zp->z_origin, cp, bufsize - (cp - buf), NULL, NULL);
+ if (n < 0)
+ return (n);
+ cp += n;
+ if (cp + 3 * INT16SZ + 6 * INT32SZ + 2 > buf + bufsize)
+ return (-1);
+ PUTSHORT(T_SOA, cp); /* type */
+ PUTSHORT(C_IN, cp); /* class */
+ PUTLONG(0, cp); /* ttl */
+ PUTSHORT(22, cp); /* dlen */
+ *cp++ = 0; /* mname */
+ *cp++ = 0; /* rname */
+ PUTLONG(serial_no, cp);
+ PUTLONG(0xDEAD, cp); /* Refresh */
+ PUTLONG(0xBEEF, cp); /* Retry */
+ PUTLONG(0xABCD, cp); /* Expire */
+ PUTLONG(0x1776, cp); /* Min TTL */
+ n = cp - buf;
+ dprintf(1, "len = %d\n", cp-buf);
+ }
+
+ tsig_signed = 0;
+ if (tsig_key != NULL) {
+ int siglen;
+ u_char sig[64];
+
+ siglen = sizeof(sig);
+ ret = ns_sign(buf, &n, bufsize, NOERROR, tsig_key,
+ NULL, 0, sig, &siglen, timesigned);
+ if (ret == 0) {
+ tsig_signed = 1;
+ ns_verify_tcp_init(tsig_key, sig, siglen, &tsig_state);
+ }
+ }
+
+ if (debug)
+ res_pquery(&res, buf, n, ddt);
+
+ if (writemsg(fd, buf, n) < 0) {
+ syslog(LOG_INFO, "writemsg: %m");
+ return (-1);
+ }
+
+ return (n);
+}
+
+static u_int
+readandverify(int fd, u_char **bufp, u_int *bufsizep,
+ struct sockaddr_in *sin, char *z_origin, int sig_req)
+{
+ u_char *buf = *bufp;
+ u_char *newbuf;
+ u_int bufsize = *bufsizep;
+ u_int len;
+
+ if (netread(fd, (char *)buf, INT16SZ, XFER_TIMER) < 0)
+ return (0);
+
+ if ((len = ns_get16(buf)) == 0)
+ return (0);
+
+ if (len > bufsize) {
+ newbuf = realloc(buf, len);
+ if (newbuf == NULL) {
+ syslog(LOG_INFO, "realloc(%u) failed\n", len);
+ return (0);
+ }
+ *bufp = buf = newbuf;
+ *bufsizep = bufsize = len;
+ }
+
+ if (netread(fd, (char *)buf, len, XFER_TIMER) < 0)
+ return (0);
+
+#ifdef DEBUG
+ if (debug >= 3) {
+ (void)fprintf(ddt,"len = %d\n", len);
+ res_pquery(&res, buf, len, ddt);
+ }
+ if (fp)
+ res_pquery(&res, buf, len, fp);
+#endif
+
+ if (tsig_signed) {
+ int ret;
+
+ ret = ns_verify_tcp(buf, (int *)&len, &tsig_state, sig_req);
+ if (ret != 0) {
+ syslog(LOG_NOTICE, "%s [%s] %s %s: %s (%d)\n",
+ "TSIG verification from server",
+ inet_ntoa(sin->sin_addr), "zone", z_origin,
Home |
Main Index |
Thread Index |
Old Index