Commit Graph
7163 Commits
Author SHA1 Message Date
Ondřej SurýandMichał Kępień cb2dde567c Cleanup support for specifying PKCS#11 engine as part of the label
The code for specifying OpenSSL PKCS#11 engine as part of the label
(e.g. -l "pkcs11:token=..." instead of -E pkcs11 -l "token=...")
was non-functional.  This commit just cleans the related code.

(cherry picked from commit a5c87d9d18)
2020-02-11 10:42:33 +01:00
Matthijs MekkingandOndřej Surý 4af46a8574 rdata: delay assignment until after REQUIRE 2020-02-08 06:32:42 -08:00
Matthijs MekkingandOndřej Surý 86184dfb68 Suppress cppcheck false positive nullPointerRedundantCheck 2020-02-08 06:32:42 -08:00
Mark AndrewsandOndřej Surý 39cb4dc6c9 delay assignment until after REQUIRE
(cherry picked from commit c65c06301c)
2020-02-08 06:32:42 -08:00
Mark Andrews 2543bfe0d2 Fix indenting.
(cherry picked from commit 98d5109e82)
2020-02-07 21:43:57 +11:00
Evan Hunt edee4f93c5 Correctly handle catalog zone entries containing slashes
- Add quotes before and after zone name when generating "addzone"
  input so avoid "unexpected token" errors.
- Use a hex digest for zone filenames when the zone or view name
  contains a slash.
- Test with a domain name containing a slash.
- Incidentally added 'catzhash.py' to contrib/scripts to generate
  hash labels for catalog zones, as it was needed to write the test.

(cherry picked from commit dba0163dac)
2020-02-03 19:23:37 -08:00
Mark Andrews f72c0b9257 style
(cherry picked from commit 279f6b01de)
2020-01-31 11:33:27 +11:00
Mark Andrews 1da7fef048 use anonomous constants
(cherry picked from commit 02c2fc5ad3)
2020-01-31 11:33:27 +11:00
Mark Andrews 3732485b61 use enum
(cherry picked from commit 7c0d9dac9f)
2020-01-31 11:33:27 +11:00
Mark Andrews 1c2b1add66 return the correct error code for the type being checked
(cherry picked from commit a09c464a20)
2020-01-31 11:33:27 +11:00
Mark Andrews baff08ba18 check that a CDNSKEY deletion record is accepted
(cherry picked from commit f91b3a69ce)
2020-01-31 11:33:27 +11:00
Mark Andrews 047e003877 handle CDS deletion record in consistancy checks
(cherry picked from commit 0adb4b25d3)
2020-01-31 11:23:48 +11:00
Mark Andrews ccab27b073 add final 'c' to 'badcache.c' in Makefile.in
(cherry picked from commit 68a360772f)
2020-01-31 11:23:47 +11:00
Tinderbox UserandEvan Hunt 296ccbf479 prep 9.11.15
Update the API files.
- lib/dns:
  - struct resolver has added elements, this is an interface change
    and thus LIBINTERFACE is incremented, and LIBREVISION is reset.
  - Since this also means an interface change since the last public
    release, also reset LIBAGE.
- lib/isc:
  - The library source code changed, so increment LIBREVISION.
- lib/isccfg:
  - The library source code changed, so increment LIBREVISION.

Update other files:
- No changes needed to the README, this is a small bugfix release.
- Fix a bad version xml:id in the release notes.
2020-01-27 11:10:16 -08:00
Tony FinchandMark Andrews ec499f7165 Send NOFITY messages after deleting private-type records.
The `rndc signing -clear` command cleans up the private-type records
that keep track of zone signing activity, but before this change it
did not tell the secondary servers that the zone has changed.

(cherry picked from commit f3f7b7df5d)
2020-01-24 00:03:56 +11:00
Diego FronzaandEvan Hunt b3acca3107 Fixed crash when querying for non existing domain in chaos class
Function dns_view_findzonecut in view.c wasn't correctly handling
classes other than IN (chaos, hesiod, etc) whenever the name being
looked up wasn't in cache or in any of the configured zone views' database.

That resulted in a NULL fname being used in resolver.c:4900, which
in turn was triggering abort.

(cherry picked from commit 85555f29d7)
2020-01-22 13:08:52 -08:00
Mark Andrews 9787ce6054 dnssec: do not publish CDS records when -Psync is in the future
This is a bug I encountered when trying to schedule an algorithm
rollover. My plan, for a zone whose maximum TTL is 48h, was to sign
with the new algorithm and schedule a change of CDS records for more
than 48 hours in the future, roughly like this:

    $ dnssec-keygen -a 13 -fk -Psync now+50h $zone
    $ dnssec-keygen -a 13 $zone
    $ dnssec-settime -Dsync now+50h $zone_ksk_old

However the algorithm 13 CDS was published immediately, which could
have made the zone bogus.

To reveal the bug using the `smartsign` test, this change just adds a
KSK with all its times in the future, so it should not affect the
existing checks at all. But the final check (that there are no CDS or
CDSNSKEY records after -Dsync) fails with the old `syncpublish()`
logic, because the future key's sync records appear early. With the
new `syncpublish()` logic the future key does not affect the test, as
expected, and it now passes.

(cherry picked from commit 4227b7969b)
(cherry picked from commit 2db5a2539a)
2020-01-22 12:19:01 +11:00
Tony FinchandMark Andrews 353814fc09 Omit spurious newlines when reporting DNSKEY changes
These caused blank lines to appear in the logs.

(cherry picked from commit 3b1bd3f48b)
2020-01-21 16:34:20 +11:00
Mark Andrews 9b71352f25 exercise dns_rdata_checknames
(cherry picked from commit b3c1b2a869)
2020-01-14 09:17:10 +00:00
Mark Andrews ecdb80ca85 exercise dns_rdata_additionaldata
(cherry picked from commit 649a34d628)
2020-01-14 09:17:10 +00:00
Mark Andrews 83b5274f84 call dns_rdata_towire on valid output from dns_rdata_fromtext and dns_rdata_fromwire
(cherry picked from commit 5e74550740)
2020-01-14 09:17:10 +00:00
Mark AndrewsandOndřej Surý 3a9cdba3d8 Add is_leaf and send_to_prune_tree.
Add is_leaf and send_to_prune_tree to make the logic easier
to understand in cleanup_dead_nodes and decrement_reference.

(cherry picked from commit c6efc0e50f)
2020-01-14 08:35:37 +01:00
Mark AndrewsandOndřej Surý 4db29f1f7d Testing node->down requires the tree lock to be held.
In decrement_reference only test node->down if the tree lock
is held.  As node->down is not always tested in
decrement_reference we need to test that it is non NULL in
cleanup_dead_nodes prior to removing the node from the rbt
tree.  Additionally it is not always possible to aquire the
node lock and reactivate a node when adding parent nodes.
Reactivate such nodes in cleanup_dead_nodes if required.

(cherry picked from commit 176b23b6cd)
2020-01-14 08:35:37 +01:00
Michał Kępień 28fe27e47e Properly detect MMDB lookup failures
Only comparing the value of the integer passed as the last argument to
MMDB_lookup_sockaddr() against MMDB_SUCCESS is not enough to ensure that
an MMDB lookup was successful - the 'found_entry' field of the
MMDB_lookup_result_s structure returned by that function also needs to
be true or else the remaining contents of that structure should be
ignored as the lookup failed.  Extend the relevant logical condition in
get_entry_for() to ensure the latter does not return incorrect MMDB
entries for IP addresses which do not belong to any subnet defined in a
given GeoIP2 database.

(cherry picked from commit 814da1c808)
2020-01-13 15:06:35 +01:00
Mark Andrews 939f2fa2f5 formally discard return value 2020-01-13 05:07:13 +00:00
Mark Andrews 71d8c73d8f remove duplicate #includes
(cherry picked from commit 848c1c8b8b)
2019-12-23 08:20:59 +11:00
Mark Andrews a4762ee293 revert d10fbdec for lib/dns/gen.c as it is a build platform executable
(cherry picked from commit 7278f2529a)
2019-12-23 08:20:58 +11:00
Mark Andrews 93e0d11e73 Refactor loop body as copy_non_dnssec_records.
(cherry picked from commit d26e125438)
2019-12-20 22:08:04 +11:00
Ondřej SurýandMark Andrews be646d9d3e Add failure handling when iterators don't end with ISC_R_NOMORE
(cherry picked from commit bff83b9480)
2019-12-20 22:06:26 +11:00
Ondřej SurýandMark Andrews 20e458e5f7 Refactor receive_secure_db to make the variables and code flow around the iterator more local
(cherry picked from commit 6012479419)
2019-12-20 22:06:26 +11:00
Mark Andrews f1a8215a44 Call dns_dbiterator_destroy earlier to prevent potential deadlock.
(cherry picked from commit 9d8f9cc8f2)
2019-12-20 22:06:25 +11:00
Ondřej SurýandMark Andrews f8cab45c3b Change the (acl)->node_count macro to dns_acl_node_count(acl) macro to clean the global namespace
(cherry picked from commit 8120088ec7)
2019-12-18 11:11:48 +11:00
Ondřej Surý 3bac7e9807 Ensure all zone_settimer() calls are done on locked zone
(cherry picked from commit cf48e8eb32)
2019-12-12 16:16:59 +01:00
Mark Andrews a52189e8e6 give zspill its own lock 2019-12-12 20:41:44 +11:00
Tinderbox User ed6da5ec3d prep 9.11.14 2019-12-12 05:01:05 +00:00
Mark Andrews 020c29a8c8 Note bucket lock requirements.
(cherry picked from commit 13aaeaa06f)
2019-12-11 11:08:03 +11:00
Mark Andrews 89cf1dc665 lock access to fctx->nqueries
(cherry picked from commit 5589748eca)
2019-12-11 11:02:21 +11:00
Mark Andrews 4263b2ea21 address deadlock introduced in cd2469d3cd
(cherry picked from commit fd52417f71)
2019-12-10 20:24:05 +00:00
Mark Andrews 56af72c1d4 Assign fctx->client when fctx is created rather when the join happens.
This prevents races on fctx->client whenever a new fetch joins a existing
fetch (by calling fctx_join) as it is now invariant for the active life of
fctx.

(cherry picked from commit 9ca6ad6311)
2019-12-03 23:39:47 +11:00
Mark Andrews 882d79b2a3 r/w of rbtdb->current_version requires that rbtdb->lock be held
(cherry picked from commit cd2469d3cd)
2019-12-03 16:50:06 +11:00
Mark Andrews 37eb8e0d6c define and use FCTX_ATTR_SET and FCTX_ATTR_CLR 2019-12-03 11:41:05 +11:00
Mark Andrews 3114ff2346 make FCTX_ATTR_SHUTTINGDOWN a independent bool 2019-12-03 08:51:44 +11:00
Mark Andrews 1c61f129c3 rdataset_setownercase and rdataset_getownercase need to obtain a node lock
(cherry picked from commit 637b2c4e51)
2019-11-29 07:13:04 +11:00
Mark AndrewsandOndřej Surý 449f96c7bb add comments 'tree_lock(write) must be held'
(cherry picked from commit 8f6aaa7230)
2019-11-27 18:06:05 +01:00
Mark AndrewsandOndřej Surý 37f6845980 rbtnode->nsec needs to be read while holding the tree lock
(cherry picked from commit 7cad3b2e91)
2019-11-27 18:06:05 +01:00
Mark Andrews d74a6a96c3 move maxbuffers test to allocate_udp_buffer
(cherry picked from commit 26a93d77aa)
2019-11-26 11:53:33 +11:00
Mark Andrews 1d928de33e Lock dispatch manager buffer_lock before accessing buffers;
Only test buffers for UDP dispatches.

(cherry picked from commit 011af4de71)
2019-11-26 11:53:33 +11:00
Mark Andrews dcb21f39b6 lock disp->mgr before reading disp->mgr->buffers
(cherry picked from commit afc7389ce8)
2019-11-26 11:53:33 +11:00
Mark Andrews 9cffeb606a lock dispatch before reporting state
(cherry picked from commit 3075445ed6)
2019-11-23 08:25:47 +11:00
Mark Andrews 9d4f5f88f3 Conditional compilation of lock_callback was inconsistent with
conditional use of the function when forcing BIND to build with
older and unsupported versions of OpenSSL.
2019-11-21 10:59:16 +11:00