Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/bind merge changes
details: https://anonhg.NetBSD.org/src/rev/ab431d12d911
branches: trunk
changeset: 759221:ab431d12d911
user: christos <christos%NetBSD.org@localhost>
date: Thu Dec 02 14:52:17 2010 +0000
description:
merge changes
diffstat:
external/bsd/bind/dist/bin/dig/dighost.c | 21 +-
external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c | 355 +++-
external/bsd/bind/dist/bin/named/main.c | 6 +-
external/bsd/bind/dist/bin/named/server.c | 540 +++----
external/bsd/bind/dist/doc/draft/draft-ietf-dnsext-dnssec-registry-fixes-05.txt | 504 -------
external/bsd/bind/dist/doc/draft/draft-yao-dnsext-bname-03.txt | 673 ----------
external/bsd/bind/dist/lib/dns/include/dns/zone.h | 33 +-
external/bsd/bind/dist/lib/dns/rbtdb.c | 119 +-
external/bsd/bind/dist/lib/dns/resolver.c | 35 +-
external/bsd/bind/dist/lib/isc/include/isc/mem.h | 13 +-
external/bsd/bind/include/config.h | 5 +-
external/bsd/bind/include/isc/platform.h | 4 +-
external/bsd/bind/lib/libbind9/shlib_version | 4 +-
external/bsd/bind/lib/libdns/shlib_version | 4 +-
external/bsd/bind/lib/libisc/shlib_version | 4 +-
external/bsd/bind/lib/libisccc/shlib_version | 4 +-
external/bsd/bind/lib/libisccfg/shlib_version | 4 +-
external/bsd/bind/lib/liblwres/shlib_version | 4 +-
18 files changed, 652 insertions(+), 1680 deletions(-)
diffs (truncated from 3238 to 300 lines):
diff -r 7e87c127ed03 -r ab431d12d911 external/bsd/bind/dist/bin/dig/dighost.c
--- a/external/bsd/bind/dist/bin/dig/dighost.c Thu Dec 02 14:22:18 2010 +0000
+++ b/external/bsd/bind/dist/bin/dig/dighost.c Thu Dec 02 14:52:17 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dighost.c,v 1.5 2010/08/06 10:58:03 christos Exp $ */
+/* $NetBSD: dighost.c,v 1.6 2010/12/02 14:52:17 christos Exp $ */
/*
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: dighost.c,v 1.328.22.3 2010/06/24 07:29:07 marka Exp */
+/* Id: dighost.c,v 1.328.22.4 2010/08/10 08:43:40 marka Exp */
/*! \file
* \note
@@ -1388,14 +1388,15 @@
if (dnssec)
rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
if (nsid) {
- unsigned char data[4];
- isc_buffer_t buf;
-
- isc_buffer_init(&buf, data, sizeof(data));
- isc_buffer_putuint16(&buf, DNS_OPT_NSID);
- isc_buffer_putuint16(&buf, 0);
- rdata->data = data;
- rdata->length = sizeof(data);
+ isc_buffer_t *b = NULL;
+
+ result = isc_buffer_allocate(mctx, &b, 4);
+ check_result(result, "isc_buffer_allocate");
+ isc_buffer_putuint16(b, DNS_OPT_NSID);
+ isc_buffer_putuint16(b, 0);
+ rdata->data = isc_buffer_base(b);
+ rdata->length = isc_buffer_usedlength(b);
+ dns_message_takebuffer(msg, &b);
} else {
rdata->data = NULL;
rdata->length = 0;
diff -r 7e87c127ed03 -r ab431d12d911 external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c
--- a/external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c Thu Dec 02 14:22:18 2010 +0000
+++ b/external/bsd/bind/dist/bin/dnssec/dnssec-keygen.c Thu Dec 02 14:52:17 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dnssec-keygen.c,v 1.4 2010/08/06 10:58:03 christos Exp $ */
+/* $NetBSD: dnssec-keygen.c,v 1.5 2010/12/02 14:52:18 christos Exp $ */
/*
* Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
@@ -31,7 +31,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* Id: dnssec-keygen.c,v 1.108.8.4 2010/01/19 23:48:12 tbox Exp */
+/* Id: dnssec-keygen.c,v 1.108.8.6 2010/08/16 23:46:30 tbox Exp */
/*! \file */
@@ -94,27 +94,27 @@
"NSEC3RSASHA1 if using -3)\n");
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
fprintf(stderr, " -b <key size in bits>:\n");
- fprintf(stderr, " RSAMD5:\t[512..%d]\n", MAX_RSA);
- fprintf(stderr, " RSASHA1:\t[512..%d]\n", MAX_RSA);
- fprintf(stderr, " NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA);
- fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA);
- fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
- fprintf(stderr, " DH:\t\t[128..4096]\n");
- fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
- fprintf(stderr, " NSEC3DSA:\t[512..1024] and divisible "
+ fprintf(stderr, " RSAMD5:\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " RSASHA1:\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA);
+ fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
+ fprintf(stderr, " DH:\t\t[128..4096]\n");
+ fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
+ fprintf(stderr, " NSEC3DSA:\t[512..1024] and divisible "
"by 64\n");
- fprintf(stderr, " HMAC-MD5:\t[1..512]\n");
- fprintf(stderr, " HMAC-SHA1:\t[1..160]\n");
- fprintf(stderr, " HMAC-SHA224:\t[1..224]\n");
- fprintf(stderr, " HMAC-SHA256:\t[1..256]\n");
- fprintf(stderr, " HMAC-SHA384:\t[1..384]\n");
- fprintf(stderr, " HMAC-SHA512:\t[1..512]\n");
+ fprintf(stderr, " HMAC-MD5:\t[1..512]\n");
+ fprintf(stderr, " HMAC-SHA1:\t[1..160]\n");
+ fprintf(stderr, " HMAC-SHA224:\t[1..224]\n");
+ fprintf(stderr, " HMAC-SHA256:\t[1..256]\n");
+ fprintf(stderr, " HMAC-SHA384:\t[1..384]\n");
+ fprintf(stderr, " HMAC-SHA512:\t[1..512]\n");
fprintf(stderr, " (if using the default algorithm, key size\n"
" defaults to 2048 for KSK, or 1024 for all "
"others)\n");
fprintf(stderr, " -n <nametype>: ZONE | HOST | ENTITY | "
"USER | OTHER\n");
- fprintf(stderr, " (DNSKEY generation defaults to ZONE)\n");
+ fprintf(stderr, " (DNSKEY generation defaults to ZONE)\n");
fprintf(stderr, " -c <class>: (default: IN)\n");
fprintf(stderr, " -d <digest bits> (0 => max, default)\n");
#ifdef USE_PKCS11
@@ -138,7 +138,7 @@
fprintf(stderr, " -h: print usage and exit\n");
fprintf(stderr, " -m <memory debugging mode>:\n");
- fprintf(stderr, " usage | trace | record | size | mctx\n");
+ fprintf(stderr, " usage | trace | record | size | mctx\n");
fprintf(stderr, " -v <level>: set verbosity level (0 - 10)\n");
fprintf(stderr, "Timing options:\n");
fprintf(stderr, " -P date/[+-]offset/none: set key publication date "
@@ -153,6 +153,11 @@
fprintf(stderr, " -G: generate key only; do not set -P or -A\n");
fprintf(stderr, " -C: generate a backward-compatible key, omitting "
"all dates\n");
+ fprintf(stderr, " -S <key>: generate a successor to an existing "
+ "key\n");
+ fprintf(stderr, " -i <interval>: prepublication interval for "
+ "successor key "
+ "(default: 30 days)\n");
fprintf(stderr, "Output:\n");
fprintf(stderr, " K<name>+<alg>+<id>.key, "
"K<name>+<alg>+<id>.private\n");
@@ -192,7 +197,7 @@
int
main(int argc, char **argv) {
- char *algname = NULL, *nametype = NULL, *type = NULL;
+ char *algname = NULL, *nametype = NULL, *type = NULL;
char *classname = NULL;
char *endp;
dst_key_t *key = NULL;
@@ -209,6 +214,8 @@
isc_textregion_t r;
char filename[255];
const char *directory = NULL;
+ const char *predecessor = NULL;
+ dst_key_t *prevkey = NULL;
isc_buffer_t buf;
isc_log_t *log = NULL;
isc_entropy_t *ectx = NULL;
@@ -224,6 +231,7 @@
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
isc_stdtime_t now;
+ int prepub = -1;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
@@ -245,7 +253,7 @@
/*
* Process memory debugging argument first.
*/
-#define CMDLINE_FLAGS "3a:b:Cc:d:E:eFf:g:K:km:n:p:qr:s:T:t:v:hGP:A:R:I:D:"
+#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
@@ -438,6 +446,12 @@
unsetdel = ISC_TRUE;
}
break;
+ case 'S':
+ predecessor = isc_commandline_argument;
+ break;
+ case 'i':
+ prepub = strtottl(isc_commandline_argument);
+ break;
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
@@ -469,87 +483,205 @@
setup_logging(verbose, mctx, &log);
- if (argc < isc_commandline_index + 1)
- fatal("the key name was not specified");
- if (argc > isc_commandline_index + 1)
- fatal("extraneous arguments");
+ if (predecessor == NULL) {
+ if (prepub == -1)
+ prepub = 0;
+
+ if (argc < isc_commandline_index + 1)
+ fatal("the key name was not specified");
+ if (argc > isc_commandline_index + 1)
+ fatal("extraneous arguments");
+
+ dns_fixedname_init(&fname);
+ name = dns_fixedname_name(&fname);
+ isc_buffer_init(&buf, argv[isc_commandline_index],
+ strlen(argv[isc_commandline_index]));
+ isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
+ ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
+ if (ret != ISC_R_SUCCESS)
+ fatal("invalid key name %s: %s",
+ argv[isc_commandline_index],
+ isc_result_totext(ret));
- if (algname == NULL) {
- use_default = ISC_TRUE;
- if (use_nsec3)
- algname = strdup(DEFAULT_NSEC3_ALGORITHM);
- else
- algname = strdup(DEFAULT_ALGORITHM);
- if (verbose > 0)
- fprintf(stderr, "no algorithm specified; "
- "defaulting to %s\n", algname);
- }
+ if (algname == NULL) {
+ use_default = ISC_TRUE;
+ if (use_nsec3)
+ algname = strdup(DEFAULT_NSEC3_ALGORITHM);
+ else
+ algname = strdup(DEFAULT_ALGORITHM);
+ if (verbose > 0)
+ fprintf(stderr, "no algorithm specified; "
+ "defaulting to %s\n", algname);
+ }
+
+ if (strcasecmp(algname, "RSA") == 0) {
+ fprintf(stderr, "The use of RSA (RSAMD5) is not "
+ "recommended.\nIf you still wish to "
+ "use RSA (RSAMD5) please specify "
+ "\"-a RSAMD5\"\n");
+ return (1);
+ } else if (strcasecmp(algname, "HMAC-MD5") == 0)
+ alg = DST_ALG_HMACMD5;
+ else if (strcasecmp(algname, "HMAC-SHA1") == 0)
+ alg = DST_ALG_HMACSHA1;
+ else if (strcasecmp(algname, "HMAC-SHA224") == 0)
+ alg = DST_ALG_HMACSHA224;
+ else if (strcasecmp(algname, "HMAC-SHA256") == 0)
+ alg = DST_ALG_HMACSHA256;
+ else if (strcasecmp(algname, "HMAC-SHA384") == 0)
+ alg = DST_ALG_HMACSHA384;
+ else if (strcasecmp(algname, "HMAC-SHA512") == 0)
+ alg = DST_ALG_HMACSHA512;
+ else {
+ r.base = algname;
+ r.length = strlen(algname);
+ ret = dns_secalg_fromtext(&alg, &r);
+ if (ret != ISC_R_SUCCESS)
+ fatal("unknown algorithm %s", algname);
+ if (alg == DST_ALG_DH)
+ options |= DST_TYPE_KEY;
+ }
- if (strcasecmp(algname, "RSA") == 0) {
- fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
- "If you still wish to use RSA (RSAMD5) please "
- "specify \"-a RSAMD5\"\n");
- return (1);
- } else if (strcasecmp(algname, "HMAC-MD5") == 0) {
- options |= DST_TYPE_KEY;
- alg = DST_ALG_HMACMD5;
- } else if (strcasecmp(algname, "HMAC-SHA1") == 0) {
- options |= DST_TYPE_KEY;
- alg = DST_ALG_HMACSHA1;
- } else if (strcasecmp(algname, "HMAC-SHA224") == 0) {
- options |= DST_TYPE_KEY;
- alg = DST_ALG_HMACSHA224;
- } else if (strcasecmp(algname, "HMAC-SHA256") == 0) {
- options |= DST_TYPE_KEY;
- alg = DST_ALG_HMACSHA256;
- } else if (strcasecmp(algname, "HMAC-SHA384") == 0) {
- options |= DST_TYPE_KEY;
- alg = DST_ALG_HMACSHA384;
- } else if (strcasecmp(algname, "HMAC-SHA512") == 0) {
- options |= DST_TYPE_KEY;
- alg = DST_ALG_HMACSHA512;
+ if (use_nsec3 &&
+ alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
+ alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512) {
+ fatal("%s is incompatible with NSEC3; "
+ "do not use the -3 option", algname);
+ }
+
+ if (type != NULL && (options & DST_TYPE_KEY) != 0) {
+ if (strcasecmp(type, "NOAUTH") == 0)
+ flags |= DNS_KEYTYPE_NOAUTH;
+ else if (strcasecmp(type, "NOCONF") == 0)
+ flags |= DNS_KEYTYPE_NOCONF;
+ else if (strcasecmp(type, "NOAUTHCONF") == 0) {
+ flags |= (DNS_KEYTYPE_NOAUTH |
+ DNS_KEYTYPE_NOCONF);
+ if (size < 0)
+ size = 0;
+ }
+ else if (strcasecmp(type, "AUTHCONF") == 0)
+ /* nothing */;
+ else
+ fatal("invalid type %s", type);
+ }
+
+ if (size < 0) {
+ if (use_default) {
+ if ((kskflag & DNS_KEYFLAG_KSK) != 0)
+ size = 2048;
Home |
Main Index |
Thread Index |
Old Index