Commit Graph

11278 Commits

Author SHA1 Message Date
Mark Andrews
0536bfc91a Always call set_resigntime with the zone lock held
(cherry picked from commit 7212961849)
2020-03-03 16:17:34 +11:00
Mark Andrews
43ff3b3ad5 Always call zone_settimer()
zone_needdump() could potentially not call zone_settimer() so
explitly call zone_settimer() as zone->resigntime could have
gone backward.

(cherry picked from commit 5ec57f31b0)
2020-03-03 16:17:30 +11:00
Mark Andrews
bfef5ce9bc Call set_resigntime() in receive_secure_serial()
With RRSIG records no longer being signed with the full
sig-validity-interval we need to ensure the zone->resigntime
as it may need to be set to a earlier time.

(cherry picked from commit 5d1611afdc)
2020-03-03 16:16:38 +11:00
Ondřej Surý
5edc8b5338 Use standard PKCS#11 standard error codes instead of custom error codes
* CKR_CRYPTOKI_ALREADY_INITIALIZED: This value can only be returned by
  `C_Initialize`. It means that the Cryptoki library has already been
  initialized (by a previous call to `C_Initialize` which did not have a
  matching `C_Finalize` call).

* CKR_FUNCTION_NOT_SUPPORTED: The requested function is not supported by this
  Cryptoki library. Even unsupported functions in the Cryptoki API should have a
  "stub" in the library; this stub should simply return the value
  CKR_FUNCTION_NOT_SUPPORTED.

* CKR_LIBRARY_LOAD_FAILED: The Cryptoki library could not load a dependent
  shared library.

(cherry picked from commit f6922d6e78)
2020-03-02 11:01:05 +01:00
Ondřej Surý
4b9cdbaf7e Replace the OASIS PKCS#11 header file with one from p11-kit
The OASIS pkcs11.h header has a restrictive license.  Replace the
pkcs11.h pkcs11f.h and pkcs11t.h headers with pkcs11.h from p11-kit.

For source distribution, the license for the OASIS headers itself
doesn't pose any licensing problem when combined with MPL license, but
it possibly creates problem for downstream distributors of BIND 9.

(cherry picked from commit c47fad2431)
2020-03-02 10:43:45 +01:00
Mark Andrews
317e0cf4c9 sort RRSIG(SOA) to be last of RRSIGs with a common re-resign time
(cherry picked from commit a24fd55836)
2020-02-28 10:13:57 +11:00
Mark Andrews
51f3d3781e use the full sig-validity-interval for RRSIG(SOA)
(cherry picked from commit 660dc3eba7)
2020-02-28 10:10:26 +11:00
Evan Hunt
191b616579 fix additional spelling errors 2020-02-24 22:04:43 -08:00
Evan Hunt
e63223332c fix spelling errors reported by Fossies. 2020-02-21 14:09:59 -08:00
Mark Andrews
4ecf3b8961 fixup! Fix code to generate the test signatues. 2020-02-21 18:10:44 +11:00
Mark Andrews
22422a2f5d Fix code to generate the test signatues.
* ctx needs to be destroyed before it is regenerated.
* emit the name of the signature to be replaced.
* cleanup memory before asserting so post longjump doesn't detect a
  memory leak.
* comment code.

(cherry picked from commit 3a8c8a2a31)
2020-02-21 17:45:47 +11:00
Tinderbox User
aa55ef6c43 prep 9.11.16 2020-02-12 15:37:33 +00:00
Ondřej Surý
f71a8d1120 Convert all atomic operations in isc_rwlock to sequentially-consistent ordering
The memory ordering in the rwlock was all wrong, I am copying excerpts
from the https://en.cppreference.com/w/c/atomic/memory_order#Relaxed_ordering
for the convenience of the reader:

  Relaxed ordering

  Atomic operations tagged memory_order_relaxed are not synchronization
  operations; they do not impose an order among concurrent memory
  accesses. They only guarantee atomicity and modification order
  consistency.

  Sequentially-consistent ordering

  Atomic operations tagged memory_order_seq_cst not only order memory
  the same way as release/acquire ordering (everything that
  happened-before a store in one thread becomes a visible side effect in
  the thread that did a load), but also establish a single total
  modification order of all atomic operations that are so tagged.

Which basically means that we had no or weak synchronization between
threads using the same variables in the rwlock structure.  There should
not be a significant performance drop because the critical sections were
already protected by:

  while(1) {
    if (relaxed_atomic_operation) {
      break;
    }
    LOCK(lock);
    if (!relaxed_atomic_operation) {
      WAIT(sem, lock);
    }
    UNLOCK(lock)l
  }

I would add one more thing to "Don't do your own crypto, folks.":

  - Also don't do your own locking, folks.

As part of this commit, I have also cleaned up the #ifdef spaghetti,
and fixed the isc_atomic API usage.
2020-02-11 21:20:14 +01:00
Ondřej Surý
542517b194 Make isc_rwlock.c thread-safe
The ThreadSanitizer found several possible data races in our rwlock
implementation.  This commit convert .spins and .write_granted fields
to atomic.

(cherry picked from commit 1da0994ea4)
2020-02-11 20:05:51 +01:00
Mark Andrews
8d0b59a5f5 Silence Coverity FORWARD_NULL warning
CID 1458400 (#1 of 1): Dereference after null check
	(FORWARD_NULL) 14. var_deref_model: Passing null pointer
	nxt->typebits to mem_tobuffer, which dereferences it. [show
	details]

219        return (mem_tobuffer(target, nxt->typebits, nxt->len));
2020-02-11 13:02:08 +00:00
Ondřej Surý
cb2dde567c Cleanup support for specifying PKCS#11 engine as part of the label
The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional.  This commit just cleans the related code.

(cherry picked from commit a5c87d9d18)
2020-02-11 10:42:33 +01:00
Ondřej Surý
699bda8de7 Clean the ENTER/EXIT/NOTICE debugging from production code
(cherry picked from commit 5b448996e5)
2020-02-08 11:46:37 -08:00
Ondřej Surý
f2c5bdda21 Refactor parts of isc_httpd and isc_httpd for better readability and safety
(cherry picked from commit 9643a62dd5)
2020-02-08 11:46:37 -08:00
Mark Andrews
e5522d114b add ISC_MAGIC and reference counting to httpd and httpdmgr
(cherry picked from commit 7c3f419d66)
2020-02-08 11:37:25 -08:00
Matthijs Mekking
ea477e114b mem.c: delay assignment until after REQUIRE 2020-02-08 06:32:42 -08:00
Matthijs Mekking
c8959c0e3a Check for basic blocks not NULL 2020-02-08 06:32:42 -08:00
Matthijs Mekking
4af46a8574 rdata: delay assignment until after REQUIRE 2020-02-08 06:32:42 -08:00
Matthijs Mekking
86184dfb68 Suppress cppcheck false positive nullPointerRedundantCheck 2020-02-08 06:32:42 -08:00
Mark Andrews
39cb4dc6c9 delay assignment until after REQUIRE
(cherry picked from commit c65c06301c)
2020-02-08 06:32:42 -08:00
Mark Andrews
12cda20aa2 simplify ISC_LIKELY/ISC_UNLIKELY for CPPCHECK
(cherry picked from commit 6c2e138d7a)
2020-02-08 06:32:42 -08:00
Mark Andrews
26caad3c12 simplify RUNTIME_CHECK for cppcheck
(cherry picked from commit 668a972d1e)
2020-02-08 06:32:42 -08:00
Mark Andrews
2543bfe0d2 Fix indenting.
(cherry picked from commit 98d5109e82)
2020-02-07 21:43:57 +11:00
Michal Nowak
0e284831ce Windows: Prevent tools from clashing with named in system tests
In system tests on Windows tool's local port can sometimes clash with
'named'. On Unix the system is poked for the minimal local port,
otherwise is set to 32768 as a sane minimum. For Windows we don't
poke but set a hardcoded limit; this change aligns the limit with
Unix and changes it to 32768.

(cherry picked from commit ed7fe5fae3b22d136f0a5a92ea3b67536b10a5ce)
2020-02-05 11:07:33 +00:00
Evan Hunt
edee4f93c5 Correctly handle catalog zone entries containing slashes
- Add quotes before and after zone name when generating "addzone"
  input so avoid "unexpected token" errors.
- Use a hex digest for zone filenames when the zone or view name
  contains a slash.
- Test with a domain name containing a slash.
- Incidentally added 'catzhash.py' to contrib/scripts to generate
  hash labels for catalog zones, as it was needed to write the test.

(cherry picked from commit dba0163dac)
2020-02-03 19:23:37 -08:00
Mark Andrews
f72c0b9257 style
(cherry picked from commit 279f6b01de)
2020-01-31 11:33:27 +11:00
Mark Andrews
1da7fef048 use anonomous constants
(cherry picked from commit 02c2fc5ad3)
2020-01-31 11:33:27 +11:00
Mark Andrews
3732485b61 use enum
(cherry picked from commit 7c0d9dac9f)
2020-01-31 11:33:27 +11:00
Mark Andrews
1c2b1add66 return the correct error code for the type being checked
(cherry picked from commit a09c464a20)
2020-01-31 11:33:27 +11:00
Mark Andrews
baff08ba18 check that a CDNSKEY deletion record is accepted
(cherry picked from commit f91b3a69ce)
2020-01-31 11:33:27 +11:00
Mark Andrews
047e003877 handle CDS deletion record in consistancy checks
(cherry picked from commit 0adb4b25d3)
2020-01-31 11:23:48 +11:00
Mark Andrews
ccab27b073 add final 'c' to 'badcache.c' in Makefile.in
(cherry picked from commit 68a360772f)
2020-01-31 11:23:47 +11:00
Tinderbox User
6b5916325f regen v9_11 2020-01-27 11:10:16 -08:00
Tinderbox User
296ccbf479 prep 9.11.15
Update the API files.
- lib/dns:
  - struct resolver has added elements, this is an interface change
    and thus LIBINTERFACE is incremented, and LIBREVISION is reset.
  - Since this also means an interface change since the last public
    release, also reset LIBAGE.
- lib/isc:
  - The library source code changed, so increment LIBREVISION.
- lib/isccfg:
  - The library source code changed, so increment LIBREVISION.

Update other files:
- No changes needed to the README, this is a small bugfix release.
- Fix a bad version xml:id in the release notes.
2020-01-27 11:10:16 -08:00
Tony Finch
ec499f7165 Send NOFITY messages after deleting private-type records.
The `rndc signing -clear` command cleans up the private-type records
that keep track of zone signing activity, but before this change it
did not tell the secondary servers that the zone has changed.

(cherry picked from commit f3f7b7df5d)
2020-01-24 00:03:56 +11:00
Diego Fronza
b3acca3107 Fixed crash when querying for non existing domain in chaos class
Function dns_view_findzonecut in view.c wasn't correctly handling
classes other than IN (chaos, hesiod, etc) whenever the name being
looked up wasn't in cache or in any of the configured zone views' database.

That resulted in a NULL fname being used in resolver.c:4900, which
in turn was triggering abort.

(cherry picked from commit 85555f29d7)
2020-01-22 13:08:52 -08:00
Mark Andrews
9787ce6054 dnssec: do not publish CDS records when -Psync is in the future
This is a bug I encountered when trying to schedule an algorithm
rollover. My plan, for a zone whose maximum TTL is 48h, was to sign
with the new algorithm and schedule a change of CDS records for more
than 48 hours in the future, roughly like this:

    $ dnssec-keygen -a 13 -fk -Psync now+50h $zone
    $ dnssec-keygen -a 13 $zone
    $ dnssec-settime -Dsync now+50h $zone_ksk_old

However the algorithm 13 CDS was published immediately, which could
have made the zone bogus.

To reveal the bug using the `smartsign` test, this change just adds a
KSK with all its times in the future, so it should not affect the
existing checks at all. But the final check (that there are no CDS or
CDSNSKEY records after -Dsync) fails with the old `syncpublish()`
logic, because the future key's sync records appear early. With the
new `syncpublish()` logic the future key does not affect the test, as
expected, and it now passes.

(cherry picked from commit 4227b7969b)
(cherry picked from commit 2db5a2539a)
2020-01-22 12:19:01 +11:00
Tony Finch
353814fc09 Omit spurious newlines when reporting DNSKEY changes
These caused blank lines to appear in the logs.

(cherry picked from commit 3b1bd3f48b)
2020-01-21 16:34:20 +11:00
Mark Andrews
9b71352f25 exercise dns_rdata_checknames
(cherry picked from commit b3c1b2a869)
2020-01-14 09:17:10 +00:00
Mark Andrews
ecdb80ca85 exercise dns_rdata_additionaldata
(cherry picked from commit 649a34d628)
2020-01-14 09:17:10 +00:00
Mark Andrews
83b5274f84 call dns_rdata_towire on valid output from dns_rdata_fromtext and dns_rdata_fromwire
(cherry picked from commit 5e74550740)
2020-01-14 09:17:10 +00:00
Mark Andrews
3a9cdba3d8 Add is_leaf and send_to_prune_tree.
Add is_leaf and send_to_prune_tree to make the logic easier
to understand in cleanup_dead_nodes and decrement_reference.

(cherry picked from commit c6efc0e50f)
2020-01-14 08:35:37 +01:00
Mark Andrews
4db29f1f7d Testing node->down requires the tree lock to be held.
In decrement_reference only test node->down if the tree lock
is held.  As node->down is not always tested in
decrement_reference we need to test that it is non NULL in
cleanup_dead_nodes prior to removing the node from the rbt
tree.  Additionally it is not always possible to aquire the
node lock and reactivate a node when adding parent nodes.
Reactivate such nodes in cleanup_dead_nodes if required.

(cherry picked from commit 176b23b6cd)
2020-01-14 08:35:37 +01:00
Michał Kępień
28fe27e47e Properly detect MMDB lookup failures
Only comparing the value of the integer passed as the last argument to
MMDB_lookup_sockaddr() against MMDB_SUCCESS is not enough to ensure that
an MMDB lookup was successful - the 'found_entry' field of the
MMDB_lookup_result_s structure returned by that function also needs to
be true or else the remaining contents of that structure should be
ignored as the lookup failed.  Extend the relevant logical condition in
get_entry_for() to ensure the latter does not return incorrect MMDB
entries for IP addresses which do not belong to any subnet defined in a
given GeoIP2 database.

(cherry picked from commit 814da1c808)
2020-01-13 15:06:35 +01:00
Michał Kępień
daade37977 Handle catopen() errors
musl libc's implementation of catgets() crashes when its first argument
is -1 instead of a proper message catalog descriptor.  Prevent that from
happening by making isc_msgcat_get() return the default text if the
prior call to catopen() returns an error.
2020-01-13 14:03:11 +01:00
Mark Andrews
939f2fa2f5 formally discard return value 2020-01-13 05:07:13 +00:00