Commit Graph

487 Commits

Author SHA1 Message Date
Mark Andrews
4f3327cd41 Extend dns_db_allrdatasets to control interation results
Add an options parameter to control what rdatasets are returned when
iteratating over the node.  Specific modes will be added later.

(cherry picked from commit 7695c36a5d)
2022-12-08 11:20:35 +11:00
Michal Nowak
771fed4a14 Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
Mark Andrews
10083c2019 Have dns_zt_apply lock the zone table
There were a number of places where the zone table should have been
locked, but wasn't, when dns_zt_apply was called.

Added a isc_rwlocktype_t type parameter to dns_zt_apply and adjusted
all calls to using it.  Removed locks in callers.

(cherry picked from commit f053d5b414)
2022-11-11 16:13:55 +00:00
Mark Andrews
e396d5d72d Add support for 'dohpath' to SVCB (and HTTPS)
dohpath is specfied in draft-ietf-add-svcb-dns and has a value
of 7.  It must be a relative path (start with a /), be encoded
as UTF8 and contain the variable dns ({?dns}).

(cherry picked from commit 6d561d3886)
2022-10-04 15:33:49 +11:00
Mark Andrews
c6abcefee1 Check if RSASHA1 is supported by the OS
(cherry picked from commit 1690cb7bb4)
2022-10-03 13:28:25 +02:00
Michal Nowak
a584a8f88f Update clang to version 14
(cherry picked from commit 1c45a9885a)
2022-06-16 18:11:03 +02:00
Ondřej Surý
888dcc6aab Remove UNREACHABLE() statements after exit()
Couple of UNREACHABLE() statements following exit() were found and
removed.

(cherry picked from commit 81fdc4a822)
2022-03-25 10:08:39 +01:00
Ondřej Surý
75f9dd8e82 Simplify way we tag unreachable code with only ISC_UNREACHABLE()
Previously, the unreachable code paths would have to be tagged with:

    INSIST(0);
    ISC_UNREACHABLE();

There was also older parts of the code that used comment annotation:

    /* NOTREACHED */

Unify the handling of unreachable code paths to just use:

    UNREACHABLE();

The UNREACHABLE() macro now asserts when reached and also uses
__builtin_unreachable(); when such builtin is available in the compiler.

(cherry picked from commit 584f0d7a7e)
2022-03-25 09:33:51 +01:00
Ondřej Surý
25732d818d Remove usage of deprecated ATOMIC_VAR_INIT() macro
The C17 standard deprecated ATOMIC_VAR_INIT() macro (see [1]).  Follow
the suite and remove the ATOMIC_VAR_INIT() usage in favor of simple
assignment of the value as this is what all supported stdatomic.h
implementations do anyway:

  * MacOSX.plaform: #define ATOMIC_VAR_INIT(__v) {__v}
  * Gcc stdatomic.h: #define ATOMIC_VAR_INIT(VALUE)	(VALUE)

1. http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p1138r0.pdf

(cherry picked from commit f251d69eba)
2022-03-17 21:44:04 +01:00
Ondřej Surý
2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
Aram Sargsyan
c6e4c28b4e Add dst_key_pubcompare and dst_key_compare unit test
The dst_key_pubcompare() and dst_key_compare() didn't have a unit test,
add the unit tests which test comparing the same keys, different keys,
and, where possible, similar keys with a manually altered parameter.

dst_key_pubcompare() internally uses the *_todns() functions of the
lib/dns/openssl*_link.c modules.

dst_key_compare() internally uses the *_compare() functions of the
lib/dns/openssl*_link.c modules.
2021-10-28 14:52:28 +00:00
Evan Hunt
ddc677ae64 rename dns_zone_master and dns_zone_slave
dns_zone_master and dns_zone_slave are renamed as dns_zone_primary
and dns_zone_secondary.

(cherry picked from commit 916760ae46)
2021-08-30 11:58:29 -07:00
Mark Andrews
7d3d7cacf9 Reject zero length ALPN elements in fromwire
(cherry picked from commit 8833d90292)
2021-08-19 18:59:29 +10:00
Mark Andrews
c9858fa078 Check that ALPN is present when NO-DEFAULT-ALPN is present in fromwire
(cherry picked from commit 2f51bb2d93)
2021-08-19 17:32:32 +10:00
Mark Andrews
c0c38eeb36 Add invalid test vectors
(cherry picked from commit bc21015438)
2021-08-18 14:59:29 +10:00
Mark Andrews
4fd35998e6 add text vs unknown test vectors
(cherry picked from commit 3e459b4808)
2021-08-18 14:59:29 +10:00
Mark Andrews
c7130b36fc Parse and print HTTPS and SVCB records
(cherry picked from commit 36f34a3e79)
2021-08-18 14:59:29 +10:00
Mark Andrews
8538c762cb Fix unchecked returns of dns_name_fromtext 2021-07-12 02:40:25 +00:00
Ondřej Surý
a12938e183 Add rbtdb setownercase/getownercase unit test
This commit adds a unittest that tests private rdataset_getownercase()
and rdataset_setownercase() methods from rbtdb.c.  The test setups
minimal mock dns_rbtdb_t and dns_rbtdbnode_t data structures.

As the rbtdb methods are generally hidden behind layers and layers, we
include the "rbtdb.c" directly from rbtdb_test.c, and thus we can use
the private methods and data structures directly.  This also opens up
opportunity to add more unittest for the rbtdb private functions without
going through all the layers.

(cherry picked from commit c7a11bd5b4)
2021-06-23 17:31:13 +02:00
Mark Andrews
c7216ae382 Adjust acceptable count values
usleep(100000) can be slightly less than 10ms so allow the count
to reach 11.

(cherry picked from commit 2bc454dc2d)
2021-06-10 08:33:46 +10:00
Mark Andrews
ee07fb854a Adjust returned method from dns_updatemethod_date
if dns_updatemethod_date is used do that the returned method is only
set to dns_updatemethod_increment if the new serial does not encode
the current day (YYYYMMDDXX).

(cherry picked from commit 5d21042ed8)
2021-05-18 22:55:35 +10:00
Evan Hunt
ef1d909fa9 backport of netmgr/taskmgr to 9.16
this rolls up numerous changes that have been applied to the
main branch, including moving isc_task operations into the
netmgr event loops, and other general stabilization.
2021-05-14 12:52:48 +02:00
Ondřej Surý
a09822b624 Add nanosleep and usleep Windows shims
This commit adds POSIX nanosleep() and usleep() shim implementation for
Windows to help implementors use less #ifdef _WIN32 in the code.

(cherry picked from commit c37ff5d188)
2021-05-14 12:19:48 +02:00
Mark Andrews
53d755966e Update ZONEMD to match RFC 8976
* The location of the digest type field has changed to where the
  reserved field was.
* The reserved field is now called scheme and is where the digest
  type field was.
* Digest type 2 has been defined (SHA256).

(cherry picked from commit 8510ccaa54)
2021-04-30 11:21:19 +10:00
Mark Andrews
9324d2d295 Reduce nsec3 max iterations to 150
(cherry picked from commit 29126500d2)
2021-04-29 17:44:46 +10:00
Matthijs Mekking
0d47f9f20f Use stale TTL as RRset TTL in dumpdb
It is more intuitive to have the countdown 'max-stale-ttl' as the
RRset TTL, instead of 0 TTL. This information was already available
in a comment "; stale (will be retained for x more seconds", but
Support suggested to put it in the TTL field instead.

(cherry picked from commit a83c8cb0af)
2021-04-13 10:59:17 +02:00
Mark Andrews
0cea486327 Test a LOC record with an invalid direction field
(cherry picked from commit 07902d9f9d)
2021-02-19 11:39:12 +11:00
Michal Nowak
f483b102dd Drop USE_OPENSSL constraint from dh_test
The USE_OPENSSL constraint in dh_test does not seems to be necessary
anymore, the test runs with PKCS#11 as well.

(cherry picked from commit c341e7f740)
2021-02-17 12:46:25 +01:00
Michal Nowak
ed38e32b69 Ensure dnstap_test returns SKIPPED_TEST_EXIT_CODE
Make sure lib/dns/tests/dnstap_test returns an exit code that indicates
a skipped test when dnstap is not enabled.

(cherry picked from commit c286341703)
2021-02-17 12:15:18 +01:00
Michal Nowak
04aff208fb Use BIND 9.17 preprocessor macro to skip unit test
BIND 9.17 changed exit code of skipped test to meet Automake
expectations in fa505bfb0e. BIND 9.16 was
not rewritten to Automake, but for consistency reasons, the same
SKIPPED_TEST_EXIT_CODE preprocessor macro is used (though the actual
exit code differs from the one in BIND 9.17).

(cherry picked from commit fa505bfb0e)
2021-02-17 12:09:25 +01:00
Ondřej Surý
4bbe3e75de Stop including dnstap headers from <dns/dnstap.h>
The <fstrm.h> and <protobuf-c/protobuf-c.h> headers are only directly
included where used and we stopped exposing those headers from libdns
headers.
2021-02-16 12:08:21 +11:00
Mark Andrews
b8fc8742e5 Re-order include directories
${FSTRM_CFLAGS} ${PROTOBUF_C_CFLAGS} ${OPENSSL_CFLAGS} ${LMDB_CFLAGS}
need to appear after all directories in the build tree.
2021-02-16 12:08:21 +11:00
Ondřej Surý
04f9f45c54 Print warning when falling back to increment soa serial method
When using the `unixtime` or `date` method to update the SOA serial,
`named` and `dnssec-signzone` would silently fallback to `increment`
method to prevent the new serial number to be smaller than the old
serial number (using the serial number arithmetics).  Add a warning
message when such fallback happens.

(cherry picked from commit ef685bab5c)
2020-12-12 07:55:29 +01:00
Matthijs Mekking
2f0b924ce6 Add NSEC3PARAM unit test, refactor zone.c
Add unit test to ensure the right NSEC3PARAM event is scheduled in
'dns_zone_setnsec3param()'.  To avoid scheduling and managing actual
tasks, split up the 'dns_zone_setnsec3param()' function in two parts:

1. 'dns__zone_lookup_nsec3param()' that will check if the requested
   NSEC3 parameters already exist, and if a new salt needs to be
   generated.

2. The actual scheduling of the new NSEC3PARAM event (if needed).

(cherry picked from commit 64db30942d)
2020-11-26 14:15:05 +00:00
Michał Kępień
a6f2e36ee6 Use proper cmocka macros for pointer checks
Make sure pointer checks in unit tests use cmocka assertion macros
dedicated for use with pointers instead of those dedicated for use with
integers or booleans.

(cherry picked from commit f440600126)
2020-11-26 13:13:21 +01:00
Ondřej Surý
50db10b7ca Fix the clang 12 warnings with multi-line strings in string arrays
The clang 12 has a new warning that warns when using multi-line strings
in the string arrays, f.e.:

    { "aa",
      "b"
      "b",
      "cc" }

would generate warning like this:

    private_test.c:162:7: error: suspicious concatenation of string literals in an array initialization; did you mean to separate the elements with a comma? [-Werror,-Wstring-concatenation]
                                      "33333/RSASHA1" };
                                      ^
    private_test.c:161:7: note: place parentheses around the string literal to silence warning
                                      "Done removing signatures for key "
                                      ^
    private_test.c:197:7: error: suspicious concatenation of string literals in an array initialization; did you mean to separate the elements with a comma? [-Werror,-Wstring-concatenation]
                                      "NSEC chain",
                                      ^
    private_test.c:196:7: note: place parentheses around the string literal to silence warning
                                      "Removing NSEC3 chain 1 0 30 DEAF / creating "
                                      ^
    2 errors generated.

(cherry picked from commit 7b07f22969)
2020-10-01 18:42:11 +02:00
Mark Andrews
2b4f4cbbd0 Add the ability select individual tests to rdata_test
(cherry picked from commit 6293682020)
2020-10-01 22:57:47 +10:00
Ondřej Surý
f0989bdf03 The dns_message_create() cannot fail, change the return to void
The dns_message_create() function cannot soft fail (as all memory
allocations either succeed or cause abort), so we change the function to
return void and cleanup the calls.

(cherry picked from commit 33eefe9f85)
2020-09-30 14:26:26 +02:00
Diego Fronza
da84f8d1fd Refactored dns_message_t for using attach/detach semantics
This commit will be used as a base for the next code updates in
order to have a better control of dns_message_t objects' lifetime.

(cherry picked from commit 12d6d13100)
2020-09-30 11:34:42 +10:00
Evan Hunt
df698d73f4 update all copyright headers to eliminate the typo 2020-09-14 16:50:58 -07:00
Mark Andrews
c2ee9eea3a Refactor totext_loc
(cherry picked from commit 2ca4d35037)
2020-08-26 16:44:01 +02:00
Mark Andrews
06b76b2b16 Check LOC's altitude field is properly parsed and encoded.
(cherry picked from commit 888dfd78c7)
2020-08-26 16:44:00 +02:00
Mark Andrews
7eb5d61703 Tighten LOC parsing to reject period and/or m as a value.
(cherry picked from commit 9225c67835)
2020-08-26 16:44:00 +02:00
Mark Andrews
b0942c2442 Check walking the hip rendezvous servers.
Also fixes extraneous white space at end of record when
there are no rendezvous servers.

(cherry picked from commit 78db46d746)
2020-07-24 15:24:49 +10:00
Mark Andrews
e67b7a62d0 Assert tsigout is non-NULL
(cherry picked from commit 827746e89b)
2020-07-13 13:21:12 +10:00
Mark Andrews
12fac1ce70 check returns from inet_pton()
(cherry picked from commit 9499adeb5e)
2020-07-13 11:44:58 +10:00
Matthijs Mekking
9f5a43808f Fix linking problem for #1612
When a library is examined, an object file within it can be left out
of the link if it does not provide symbols that the symbol table
needs.  Introducing `isc_stdtime_tostring` caused a build failure for
`update_test` because it now requires `libisc.a(stdtime.o)` and that
also exports the `isc_stdtime_get` symbol, meaning we have a
multiple definition error.

Add a local version of `isc_stdtime_tostring`, so that the linker
will not search for it in available object files.
2020-07-01 10:55:30 +02:00
Mark Andrews
4df013f0ea Extend loop count by 1 to account for non-exact timing in usleep().
(cherry picked from commit 3012e1ad9b)
2020-05-21 14:09:42 +10:00
Ondřej Surý
af1b56240f Resolve the overlinking of the system libraries
Originally, every library and binaries got linked to everything, which
creates unnecessary overlinking.  This wasn't as straightforward as it
should be as we still support configuration without libtool for 9.16.

Couple of smaller issues related to include headers and an issue where
sanitizer overload dlopen and dlclose symbols, so we were getting false
negatives in the autoconf test.
2020-05-11 09:49:54 +02:00
Mark Andrews
af14091f65 Refactor the isc_log API so it cannot fail on memory failures
The isc_mem API now crashes on memory allocation failure, and this is
the next commit in series to cleanup the code that could fail before,
but cannot fail now, e.g. isc_result_t return type has been changed to
void for the isc_log API functions that could only return ISC_R_SUCCESS.

(cherry picked from commit 0b793166d0)
2020-03-18 11:44:18 +01:00