Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind/dist merge changes.
details: https://anonhg.NetBSD.org/src/rev/40209df3c2c2
branches: trunk
changeset: 748474:40209df3c2c2
user: christos <christos%NetBSD.org@localhost>
date: Sun Oct 25 00:14:31 2009 +0000
description:
merge changes.
diffstat:
external/bsd/bind/dist/KNOWN-DEFECTS | 15 -
external/bsd/bind/dist/acconfig.h | 6 +-
external/bsd/bind/dist/bin/dig/dighost.c | 229 +-
external/bsd/bind/dist/bin/dig/include/dig/dig.h | 16 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keyfromlabel.c | 6 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c | 6 +-
external/bsd/bind/dist/bin/named/main.c | 120 +-
external/bsd/bind/dist/bin/named/named.conf.5 | 47 +-
external/bsd/bind/dist/bin/named/named.conf.docbook | 40 +-
external/bsd/bind/dist/bin/named/named.conf.html | 68 +-
external/bsd/bind/dist/bin/named/server.c | 1392 +-
external/bsd/bind/dist/bin/rndc/rndc-confgen.8 | 213 -
external/bsd/bind/dist/bin/rndc/rndc-confgen.c | 344 -
external/bsd/bind/dist/bin/rndc/rndc-confgen.docbook | 286 -
external/bsd/bind/dist/bin/rndc/rndc-confgen.html | 188 -
external/bsd/bind/dist/bin/rndc/unix/Makefile.in | 36 -
external/bsd/bind/dist/bin/rndc/unix/os.c | 72 -
external/bsd/bind/dist/bin/rndc/util.h | 12 +-
external/bsd/bind/dist/bin/rndc/win32/confgen.dsp | 111 -
external/bsd/bind/dist/bin/rndc/win32/confgen.dsw | 29 -
external/bsd/bind/dist/bin/rndc/win32/confgen.mak | 313 -
external/bsd/bind/dist/bin/rndc/win32/os.c | 67 -
external/bsd/bind/dist/bin/tests/genrandom.c | 78 -
external/bsd/bind/dist/bin/tests/journalprint.c | 88 -
external/bsd/bind/dist/bin/tests/nsec3hash.c | 119 -
external/bsd/bind/dist/contrib/dnssec-tools/README | 9 -
external/bsd/bind/dist/contrib/pkcs11-keygen/PEM_write_pubkey.c | 126 -
external/bsd/bind/dist/contrib/pkcs11-keygen/destroyobj.c | 185 -
external/bsd/bind/dist/contrib/pkcs11-keygen/genkey.c | 208 -
external/bsd/bind/dist/contrib/pkcs11-keygen/genkey.sh | 55 -
external/bsd/bind/dist/contrib/pkcs11-keygen/keyconv.pl | 61 -
external/bsd/bind/dist/contrib/pkcs11-keygen/keydump.pl | 26 -
external/bsd/bind/dist/contrib/pkcs11-keygen/listobjs.c | 199 -
external/bsd/bind/dist/contrib/pkcs11-keygen/openssl-0.9.8g-patch | 8715 ----------
external/bsd/bind/dist/contrib/pkcs11-keygen/readkey.c | 232 -
external/bsd/bind/dist/contrib/pkcs11-keygen/set_key_id.c | 161 -
external/bsd/bind/dist/contrib/pkcs11-keygen/writekey.c | 362 -
external/bsd/bind/dist/contrib/pkcs11-keygen/writekey.sh | 73 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published | 7 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private | 7 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated | 7 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private | 10 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key | 3 -
external/bsd/bind/dist/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private | 10 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-axfr-clarify-09.txt | 992 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-bis-updates-01.txt | 616 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-rsasha256-06.txt | 504 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-rfc2672bis-dname-13.txt | 952 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-tsig-sha-06.txt | 522 -
external/bsd/bind/dist/doc/draft/draft-ietf-dnsop-name-server-management-reqs-01.txt | 1008 -
external/bsd/bind/dist/lib/dns/include/dns/name.h | 75 +-
external/bsd/bind/dist/lib/dns/include/dns/rbt.h | 6 +-
external/bsd/bind/dist/lib/dns/include/dns/zone.h | 59 +-
external/bsd/bind/dist/lib/dns/keytable.c | 4 +-
external/bsd/bind/dist/lib/dns/master.c | 115 +-
external/bsd/bind/dist/lib/dns/message.c | 4 +-
external/bsd/bind/dist/lib/dns/rbtdb.c | 211 +-
external/bsd/bind/dist/lib/dns/resolver.c | 227 +-
external/bsd/bind/dist/lib/isc/alpha/include/isc/atomic.h | 4 +-
external/bsd/bind/dist/lib/isc/assertions.c | 66 +-
external/bsd/bind/dist/lib/isc/include/isc/assertions.h | 10 +-
external/bsd/bind/dist/lib/isc/include/isc/mem.h | 170 +-
external/bsd/bind/dist/lib/isc/include/isc/radix.h | 4 +-
external/bsd/bind/dist/lib/isc/include/isc/refcount.h | 14 +-
external/bsd/bind/dist/lib/isc/include/isc/types.h | 10 +-
external/bsd/bind/dist/lib/isc/powerpc/include/isc/atomic.h | 55 +-
external/bsd/bind/dist/lib/isc/rwlock.c | 4 +-
external/bsd/bind/dist/lib/isc/unix/app.c | 6 +-
external/bsd/bind/dist/lib/isc/unix/socket.c | 6 +-
external/bsd/bind/dist/lib/isc/win32/include/isc/mutex.h | 4 +-
external/bsd/bind/dist/lib/isc/win32/include/isc/net.h | 6 +-
external/bsd/bind/dist/win32utils/BuildOpenSSL.bat | 26 -
91 files changed, 2416 insertions(+), 17734 deletions(-)
diffs (truncated from 23026 to 300 lines):
diff -r 1e9cf2854d71 -r 40209df3c2c2 external/bsd/bind/dist/KNOWN-DEFECTS
--- a/external/bsd/bind/dist/KNOWN-DEFECTS Sun Oct 25 00:01:26 2009 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-dnssec-signzone was designed so that it could sign a zone partially, using
-only a subset of the DNSSEC keys needed to produce a fully-signed zone.
-This permits a zone administrator, for example, to sign a zone with one
-key on one machine, move the resulting partially-signed zone to a second
-machine, and sign it again with a second key.
-
-An unfortunate side-effect of this flexibility is that dnssec-signzone
-does not check to make sure it's signing a zone with any valid keys at
-all. An attempt to sign a zone without any keys will appear to succeed,
-producing a "signed" zone with no signatures. There is no warning issued
-when a zone is not signed.
-
-This will be corrected in a future release. In the meantime, ISC
-recommends examining the output of dnssec-signzone to confirm that
-the zone is properly signed by all keys before using it.
diff -r 1e9cf2854d71 -r 40209df3c2c2 external/bsd/bind/dist/acconfig.h
--- a/external/bsd/bind/dist/acconfig.h Sun Oct 25 00:01:26 2009 +0000
+++ b/external/bsd/bind/dist/acconfig.h Sun Oct 25 00:14:31 2009 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: acconfig.h,v 1.2 2009/04/12 03:46:06 christos Exp $ */
+/* $NetBSD: acconfig.h,v 1.3 2009/10/25 00:14:31 christos Exp $ */
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: acconfig.h,v 1.51.334.2 2009/02/16 23:47:15 tbox Exp */
+/* Id: acconfig.h,v 1.53 2008/12/01 23:47:44 tbox Exp */
/*! \file */
diff -r 1e9cf2854d71 -r 40209df3c2c2 external/bsd/bind/dist/bin/dig/dighost.c
--- a/external/bsd/bind/dist/bin/dig/dighost.c Sun Oct 25 00:01:26 2009 +0000
+++ b/external/bsd/bind/dist/bin/dig/dighost.c Sun Oct 25 00:14:31 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dighost.c,v 1.2 2009/04/12 03:46:06 christos Exp $ */
+/* $NetBSD: dighost.c,v 1.3 2009/10/25 00:14:31 christos Exp $ */
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: dighost.c,v 1.311.70.8 2009/02/25 02:39:21 marka Exp */
+/* Id: dighost.c,v 1.326 2009/09/15 23:48:09 tbox Exp */
/*! \file
* \note
@@ -55,6 +55,7 @@
#include <ctype.h>
#endif
#include <dns/fixedname.h>
+#include <dns/log.h>
#include <dns/message.h>
#include <dns/name.h>
#include <dns/rdata.h>
@@ -73,10 +74,12 @@
#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/lang.h>
+#include <isc/log.h>
#include <isc/netaddr.h>
#ifdef DIG_SIGCHASE
#include <isc/netdb.h>
#endif
+#include <isc/parseint.h>
#include <isc/print.h>
#include <isc/random.h>
#include <isc/result.h>
@@ -86,6 +89,8 @@
#include <isc/types.h>
#include <isc/util.h>
+#include <isccfg/namedconf.h>
+
#include <lwres/lwres.h>
#include <lwres/net.h>
@@ -123,6 +128,7 @@
unsigned int timeout = 0;
unsigned int extrabytes;
isc_mem_t *mctx = NULL;
+isc_log_t *lctx = NULL;
isc_taskmgr_t *taskmgr = NULL;
isc_task_t *global_task = NULL;
isc_timermgr_t *timermgr = NULL;
@@ -395,7 +401,7 @@
static void
hex_dump(isc_buffer_t *b) {
- unsigned int len;
+ unsigned int len, i;
isc_region_t r;
isc_buffer_usedregion(b, &r);
@@ -403,11 +409,29 @@
printf("%d bytes\n", r.length);
for (len = 0; len < r.length; len++) {
printf("%02x ", r.base[len]);
- if (len % 16 == 15)
+ if (len % 16 == 15) {
+ fputs(" ", stdout);
+ for (i = len - 15; i <= len; i++) {
+ if (r.base[i] >= '!' && r.base[i] <= '}')
+ putchar(r.base[i]);
+ else
+ putchar('.');
+ }
printf("\n");
+ }
}
- if (len % 16 != 0)
+ if (len % 16 != 0) {
+ for (i = len; (i % 16) != 0; i++)
+ fputs(" ", stdout);
+ fputs(" ", stdout);
+ for (i = ((len>>4)<<4); i < len; i++) {
+ if (r.base[i] >= '!' && r.base[i] <= '}')
+ putchar(r.base[i]);
+ else
+ putchar('.');
+ }
printf("\n");
+ }
}
/*%
@@ -905,9 +929,7 @@
secretsize = isc_buffer_usedlength(&secretbuf);
- result = dns_name_fromtext(&keyname, namebuf,
- dns_rootname, ISC_FALSE,
- namebuf);
+ result = dns_name_fromtext(&keyname, namebuf, dns_rootname, 0, namebuf);
if (result != ISC_R_SUCCESS)
goto failure;
@@ -926,14 +948,164 @@
isc_buffer_free(&namebuf);
}
+isc_result_t
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
+ const char *desc) {
+ isc_uint32_t n;
+ isc_result_t result = isc_parse_uint32(&n, value, 10);
+ if (result == ISC_R_SUCCESS && n > max)
+ result = ISC_R_RANGE;
+ if (result != ISC_R_SUCCESS) {
+ printf("invalid %s '%s': %s\n", desc,
+ value, isc_result_totext(result));
+ return (result);
+ }
+ *uip = n;
+ return (ISC_R_SUCCESS);
+}
+
+static isc_uint32_t
+parse_bits(char *arg, const char *desc, isc_uint32_t max) {
+ isc_result_t result;
+ isc_uint32_t tmp;
+
+ result = parse_uint(&tmp, arg, max, desc);
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't parse digest bits");
+ tmp = (tmp + 7) & ~0x7U;
+ return (tmp);
+}
+
+
+/*
+ * Parse HMAC algorithm specification
+ */
+void
+parse_hmac(const char *hmac) {
+ char buf[20];
+ int len;
+
+ REQUIRE(hmac != NULL);
+
+ len = strlen(hmac);
+ if (len >= (int) sizeof(buf))
+ fatal("unknown key type '%.*s'", len, hmac);
+ strncpy(buf, hmac, sizeof(buf));
+
+ digestbits = 0;
+
+ if (strcasecmp(buf, "hmac-md5") == 0) {
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ } else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
+ hmacname = DNS_TSIG_HMACMD5_NAME;
+ digestbits = parse_bits(&buf[9], "digest-bits [0..128]", 128);
+ } else if (strcasecmp(buf, "hmac-sha1") == 0) {
+ hmacname = DNS_TSIG_HMACSHA1_NAME;
+ digestbits = 0;
+ } else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) {
+ hmacname = DNS_TSIG_HMACSHA1_NAME;
+ digestbits = parse_bits(&buf[10], "digest-bits [0..160]", 160);
+ } else if (strcasecmp(buf, "hmac-sha224") == 0) {
+ hmacname = DNS_TSIG_HMACSHA224_NAME;
+ } else if (strncasecmp(buf, "hmac-sha224-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA224_NAME;
+ digestbits = parse_bits(&buf[12], "digest-bits [0..224]", 224);
+ } else if (strcasecmp(buf, "hmac-sha256") == 0) {
+ hmacname = DNS_TSIG_HMACSHA256_NAME;
+ } else if (strncasecmp(buf, "hmac-sha256-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA256_NAME;
+ digestbits = parse_bits(&buf[12], "digest-bits [0..256]", 256);
+ } else if (strcasecmp(buf, "hmac-sha384") == 0) {
+ hmacname = DNS_TSIG_HMACSHA384_NAME;
+ } else if (strncasecmp(buf, "hmac-sha384-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA384_NAME;
+ digestbits = parse_bits(&buf[12], "digest-bits [0..384]", 384);
+ } else if (strcasecmp(buf, "hmac-sha512") == 0) {
+ hmacname = DNS_TSIG_HMACSHA512_NAME;
+ } else if (strncasecmp(buf, "hmac-sha512-", 12) == 0) {
+ hmacname = DNS_TSIG_HMACSHA512_NAME;
+ digestbits = parse_bits(&buf[12], "digest-bits [0..512]", 512);
+ } else {
+ fprintf(stderr, ";; Warning, ignoring "
+ "invalid TSIG algorithm %s\n", buf);
+ }
+}
+
+/*
+ * Get a key from a named.conf format keyfile
+ */
+static isc_result_t
+read_confkey(void) {
+ isc_log_t *lctx = NULL;
+ cfg_parser_t *pctx = NULL;
+ cfg_obj_t *file = NULL;
+ const cfg_obj_t *key = NULL;
+ const cfg_obj_t *secretobj = NULL;
+ const cfg_obj_t *algorithmobj = NULL;
+ const char *keyname;
+ const char *secretstr;
+ const char *algorithm;
+ isc_result_t result;
+
+ if (! isc_file_exists(keyfile))
+ return (ISC_R_FILENOTFOUND);
+
+ result = cfg_parser_create(mctx, lctx, &pctx);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = cfg_parse_file(pctx, keyfile, &cfg_type_sessionkey,
+ &file);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = cfg_map_get(file, "key", &key);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ (void) cfg_map_get(key, "secret", &secretobj);
+ (void) cfg_map_get(key, "algorithm", &algorithmobj);
+ if (secretobj == NULL || algorithmobj == NULL)
+ fatal("key must have algorithm and secret");
+
+ keyname = cfg_obj_asstring(cfg_map_getname(key));
+ secretstr = cfg_obj_asstring(secretobj);
+ algorithm = cfg_obj_asstring(algorithmobj);
+
+ strncpy(keynametext, keyname, sizeof(keynametext));
+ strncpy(keysecret, secretstr, sizeof(keysecret));
+ parse_hmac(algorithm);
+ setup_text_key();
+
+ cleanup:
+ if (pctx != NULL) {
+ if (file != NULL)
+ cfg_obj_destroy(pctx, &file);
+ cfg_parser_destroy(&pctx);
+ }
+
+ return (result);
+}
+
static void
setup_file_key(void) {
isc_result_t result;
dst_key_t *dstkey = NULL;
debug("setup_file_key()");
- result = dst_key_fromnamedfile(keyfile, DST_TYPE_PRIVATE | DST_TYPE_KEY,
- mctx, &dstkey);
Home |
Main Index |
Thread Index |
Old Index