9.1.1-P2

1499. [bug] isc_random need to be seeded better if arc4random()
is not used. 1480. [bug] Provide replay protection for rndc commands.
2003-09-01 05:31:28 +00:00 · 2003-09-01 05:19:22 +00:00
11 changed files with 96 additions and 27 deletions
--- a/7
+++ b/7
@@ -1,4 +1,11 @@

+	--- 9.1.1-P2 released ---
+
+1499.	[bug]		isc_random need to be seeded better if arc4random()
+			is not used.
+
+1480.	[bug]		Provide replay protection for rndc commands.
+
 	--- 9.1.1-P1 released ---

 1243.	[bug]		It was possible to trigger a REQUIRE() in
--- a/lib/dns/config/confparser.y.dirty
+++ b/lib/dns/config/confparser.y.dirty
@@ -33,7 +33,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: confparser.y.dirty,v 1.44.2.8 2001/03/21 18:34:31 bwelling Exp $ */
+/* $Id: confparser.y.dirty,v 1.44.2.8.4.1 2003/09/01 05:19:20 marka Exp $ */

 #include <config.h>

@@ -1888,7 +1888,7 @@ ordering_name: /* nothing */
 			$$ = $2;
 		}
 	}
-
+	;

 rrset_ordering_element: ordering_class ordering_type ordering_name
 	L_ORDER L_STRING
@@ -1918,7 +1918,7 @@ rrset_ordering_element: ordering_class ordering_type ordering_name
 		isc_mem_free(memctx, $5);
 		isc_mem_free(memctx, $3);
 	}
-
+	;

 transfer_format: L_ONE_ANSWER
 	{
@@ -2158,7 +2158,8 @@ additional_data: L_INTERNAL
 	| L_MAXIMAL
 	{
 		$$ = dns_c_ad_maximal;
-	};
+	}
+	;

 yea_or_nay: L_YES
 	{
@@ -2188,6 +2189,7 @@ yea_or_nay: L_YES
 			$$ = isc_boolean_true;
 		}
 	}
+	;

 notify_setting: yea_or_nay
 	{
@@ -4958,6 +4960,7 @@ class_name: any_string
 		isc_mem_free(memctx, $1);
 		$$ = cl;
 	}
+	;

 wild_class_name: any_string
 	{
@@ -4981,6 +4984,7 @@ wild_class_name: any_string
 		isc_mem_free(memctx, $1);
 		$$ = cl;
 	}
+	;

 optional_class: /* Empty */
 	{
--- a/lib/isc/random.c
+++ b/lib/isc/random.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: random.c,v 1.14.2.1 2001/01/09 22:49:14 bwelling Exp $ */
+/* $Id: random.c,v 1.14.2.1.4.1 2003/09/01 05:19:20 marka Exp $ */

 #include <config.h>

@@ -33,7 +33,14 @@ static isc_once_t once = ISC_ONCE_INIT;
 static void
 initialize_rand(void)
 {
-	srand(time(NULL));
+	unsigned int pid = getpid();
+
+	/*
+	 * The low bits of pid generally change faster.
+	 * Xor them with the high bits of time which change slowly.
+	 */
+	pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff);
+	srand(time(NULL) ^ pid);
 }

 static void
--- a/lib/omapi/api
+++ b/lib/omapi/api
@@ -1,3 +1,3 @@
-LIBINTERFACE = 3
+LIBINTERFACE = 4
 LIBREVISION = 0
 LIBAGE = 0
--- a/lib/omapi/include/omapi/private.h
+++ b/lib/omapi/include/omapi/private.h
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: private.h,v 1.25.4.1 2001/01/09 22:53:15 bwelling Exp $ */
+/* $Id: private.h,v 1.25.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */

 /*****
 ***** Private master include file for the OMAPI library.
@@ -243,6 +243,7 @@ struct omapi_protocol {
 	isc_region_t			signature_in;
 	isc_buffer_t			*signature_out;
 	isc_result_t			verify_result;
+	isc_uint32_t			authid;
 	/*
 	 * A callback to find out whether a requested key is valid on
 	 * the connection, and the arg the caller wants to help it decide.
@@ -438,12 +439,12 @@ send_intro(omapi_object_t *object, unsigned int version);
 #define send_status omapi__send_status
 isc_result_t
 send_status(omapi_object_t *protcol, isc_result_t waitstatus,
-	    unsigned int response_id, const char *message);
+	    unsigned int response_id, unsigned int authid, const char *message);

 #define send_update omapi__send_update
 isc_result_t
 send_update(omapi_object_t *protocol, unsigned int response_id,
-	    omapi_object_t *object);
+	    unsigned int authid, omapi_object_t *object);

 ISC_LANG_ENDDECLS

--- a/lib/omapi/include/omapi/result.h
+++ b/lib/omapi/include/omapi/result.h
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: result.h,v 1.7.4.1 2001/01/09 22:53:16 bwelling Exp $ */
+/* $Id: result.h,v 1.7.4.1.4.1 2003/09/01 05:19:22 marka Exp $ */

 #ifndef OMAPI_RESULT_H
 #define OMAPI_RESULT_H 1
@@ -32,8 +32,9 @@ ISC_LANG_BEGINDECLS
 #define OMAPI_R_INVALIDARG		(ISC_RESULTCLASS_OMAPI + 3)
 #define OMAPI_R_VERSIONMISMATCH		(ISC_RESULTCLASS_OMAPI + 4)
 #define OMAPI_R_PROTOCOLERROR		(ISC_RESULTCLASS_OMAPI + 5)
+#define OMAPI_R_BADAUTHID		(ISC_RESULTCLASS_OMAPI + 6)

-#define OMAPI_R_NRESULTS		6	/* Number of results */
+#define OMAPI_R_NRESULTS		7	/* Number of results */

 const char *
 omapi_result_totext(isc_result_t);
--- a/lib/omapi/listener.c
+++ b/lib/omapi/listener.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: listener.c,v 1.31.4.2 2001/03/27 00:14:54 bwelling Exp $ */
+/* $Id: listener.c,v 1.31.4.2.4.1 2003/09/01 05:19:21 marka Exp $ */

 /*
 * Subroutines that support the generic listener object.
@@ -219,6 +219,8 @@ listener_accept(isc_task_t *task, isc_event_t *event) {
 	 */
 	protocol->verify_key = listener->verify_key;
 	protocol->verify_key_arg = listener->callback_arg;
+	while (protocol->authid == 0)
+		isc_random_get(&protocol->authid);

 	/*
 	 * Tie the protocol object bidirectionally to the connection
--- a/lib/omapi/message.c
+++ b/lib/omapi/message.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: message.c,v 1.28.4.1 2001/01/09 22:53:00 bwelling Exp $ */
+/* $Id: message.c,v 1.28.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */

 /*
 * Subroutines for dealing with message objects.
@@ -26,6 +26,7 @@
 #include <stddef.h>

 #include <isc/buffer.h>
+#include <isc/random.h>
 #include <isc/string.h>
 #include <isc/util.h>

@@ -180,7 +181,7 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {

 	if (result == ISC_R_SUCCESS)
 		/* XXXTL Write the ID of the authentication key we're using. */
-		result = omapi_connection_putuint32(connection, 0);
+		result = omapi_connection_putuint32(connection, p->authid);

 	if (result == ISC_R_SUCCESS)
 		result = omapi_connection_putuint32(connection, authlen);
@@ -209,6 +210,8 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 		 * Set and write the transaction ID.
 		 */
 		m->id = p->next_xid++;
+		if (m->id == 0)
+			m->id = p->next_xid++;
 		result = omapi_connection_putuint32(connection, m->id);
 	}

@@ -385,6 +388,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			dst_context_destroy(&protocol->dstctx);
 		}

+		if (protocol->verify_result == ISC_R_SUCCESS &&
+		    protocol->authid != 0)
+			if (protocol->authid != message->authid)
+				result = OMAPI_R_BADAUTHID;
+
 		if (protocol->verify_result != ISC_R_SUCCESS) {
 			if (connection->is_client) {
 				INSIST(m != NULL);
@@ -422,6 +430,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 				return (send_status(po,
 						    protocol->verify_result,
 						    message->id,
+						    protocol->authid,
 						    "failed to verify "
 						    "signature"));
 		}
@@ -434,7 +443,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {

 		if (m != NULL) {
 			return (send_status(po, OMAPI_R_INVALIDARG,
-					    message->id,
+					    message->id, protocol->authid,
 					    "OPEN can't be a response"));
 		}

@@ -456,7 +465,8 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		} else if (result == ISC_R_NOTFOUND)
 			type = NULL;
 		else
-			return (send_status(po, result, message->id,
+			return (send_status(po, result, message->id, 
+					    protocol->authid,
 					    isc_result_totext(result)));

 		/*
@@ -470,6 +480,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			create = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));

 		/*
@@ -483,6 +494,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			update = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));

 		/*
@@ -496,6 +508,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			exclusive = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));

 		/*
@@ -505,6 +518,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 #ifdef notyet /* not for 9.0.0 */
 		if (type != omapi_type_protocol && protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized access"));
 #endif /* notyet */

@@ -516,6 +530,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			if (create != 0)
 				return (send_status(po, OMAPI_R_INVALIDARG,
 						   message->id,
+						    protocol->authid,
 						   "type required on create"));

 			goto refresh;
@@ -523,6 +538,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {

 		if (message->object == NULL)
 			return (send_status(po, ISC_R_NOTFOUND, message->id,
+					    protocol->authid,
 					    "no lookup key specified"));

 		/*
@@ -551,12 +567,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {

 		if (result == ISC_R_NOTIMPLEMENTED)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "unsearchable object type"));

 		if (result != ISC_R_SUCCESS &&
 		    result != ISC_R_NOTFOUND &&
 		    result != OMAPI_R_NOKEYS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "object lookup failed"));

 		/*
@@ -565,6 +583,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		 */
 		if (result == ISC_R_NOTFOUND && create == 0) {
 			return (send_status(po, ISC_R_NOTFOUND, message->id,
+					    protocol->authid,
 					   "no object matches specification"));
 		}

@@ -576,6 +595,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (result == ISC_R_SUCCESS && create != 0 && exclusive != 0) {
 			OBJECT_DEREF(&object);
 			return (send_status(po, ISC_R_EXISTS, message->id,
+					    protocol->authid,
 					   "specified object already exists"));
 		}

@@ -586,6 +606,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			result = object_methodcreate(type, &object);
 			if (result != ISC_R_SUCCESS)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						   "can't create new object"));
 		}

@@ -598,6 +619,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			if (result != ISC_R_SUCCESS) {
 				OBJECT_DEREF(&object);
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "can't update object"));
 			}
 		}
@@ -614,6 +636,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 #ifdef notyet /* not for 9.0.0 */
 		if (protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized access"));
 #endif /* notyet */

@@ -621,10 +644,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		result = handle_lookup(&object, message->h);
 		if (result != ISC_R_SUCCESS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "no matching handle"));

 	send:
-		result = send_update(po, message->id, object);
+		result = send_update(po, message->id, protocol->authid, object);
 		OBJECT_DEREF(&object);
 		return (result);

@@ -632,6 +656,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (! connection->is_client)
 			return (send_status(po, OMAPI_R_INVALIDARG,
 					    message->id,
+					    protocol->authid,
 					    "OMAPI_OP_UPDATE is not a "
 					    "valid server operation"));

@@ -642,6 +667,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			result = handle_lookup(&object, message->h);
 			if (result != ISC_R_SUCCESS)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "no matching handle"));
 		}

@@ -656,6 +682,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (result != ISC_R_SUCCESS) {
 			if (message->rid == 0)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "can't update object"));
 			if (m != NULL)
 				object_signal((omapi_object_t *)m,
@@ -665,6 +692,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {

 		if (message->rid == 0)
 			result = send_status(po, ISC_R_SUCCESS, message->id,
+					    protocol->authid,
 					     NULL);

 		if (m != NULL)
@@ -675,12 +703,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {

 	case OMAPI_OP_NOTIFY:
 		return (send_status(po, ISC_R_NOTIMPLEMENTED, message->id,
+				    protocol->authid,
 				    "notify not implemented yet"));

 	case OMAPI_OP_STATUS:
 		if (! connection->is_client)
 			return (send_status(po, OMAPI_R_INVALIDARG,
 					    message->id,
+					    protocol->authid,
 					    "OMAPI_OP_STATUS is not a "
 					    "valid server operation"));

@@ -720,22 +750,26 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {

 		if (protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized delete"));

 		result = handle_lookup(&object, message->h);
 		if (result != ISC_R_SUCCESS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "no matching handle"));

 		result = object_methodexpunge(object->type, object);
 		if (result == ISC_R_NOTIMPLEMENTED)
 			return (send_status(po, ISC_R_NOTIMPLEMENTED,
 					    message->id,
+					    protocol->authid,
 					    "no remove method for object"));

 		OBJECT_DEREF(&object);

-		return (send_status(po, result, message->id, NULL));
+		return (send_status(po, result, message->id,
+				    protocol->authid, NULL));
 	}

 	return (ISC_R_NOTIMPLEMENTED);
--- a/lib/omapi/protocol.c
+++ b/lib/omapi/protocol.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: protocol.c,v 1.32.4.1 2001/01/09 22:53:03 bwelling Exp $ */
+/* $Id: protocol.c,v 1.32.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */

 /*
 * Functions supporting the object management protocol.
@@ -28,6 +28,7 @@

 #include <isc/buffer.h>
 #include <isc/mem.h>
+#include <isc/random.h>
 #include <isc/string.h>
 #include <isc/util.h>

@@ -158,9 +159,8 @@ send_intro(omapi_object_t *h, unsigned int ver) {

 		/*
 		 * Make up an initial transaction ID for this connection.
-		 * XXXDCL better generator than random()?
 		 */
-		p->next_xid = random();
+		isc_random_get(&p->next_xid);

 		result = connection_send(connection);

@@ -212,7 +212,7 @@ omapi_protocol_listen(omapi_object_t *manager, isc_sockaddr_t *addr,

 isc_result_t
 send_status(omapi_object_t *po, isc_result_t waitstatus,
-	    unsigned int rid, const char *msg)
+	    unsigned int rid, unsigned int authid, const char *msg)
 {
 	isc_result_t result;
 	omapi_object_t *message = NULL;
@@ -230,6 +230,10 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
 	if (result == ISC_R_SUCCESS)
 		result = omapi_object_setinteger(message, "rid", (int)rid);

+	if (result == ISC_R_SUCCESS)
+		result = omapi_object_setinteger(message, "authid",
+						 (int)authid);
+
 	if (result == ISC_R_SUCCESS)
 		result = omapi_object_setinteger(message, "result",
 						 (int)waitstatus);
@@ -249,7 +253,9 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
 }

 isc_result_t
-send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
+send_update(omapi_object_t *po, unsigned int rid, unsigned int authid,
+	    omapi_object_t *object)
+{
 	isc_result_t result;
 	omapi_object_t *message = NULL;

@@ -267,6 +273,10 @@ send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {

 		result = omapi_object_setinteger(message, "rid", (int)rid);

+		if (result == ISC_R_SUCCESS)
+			result = omapi_object_setinteger(message, "authid",
+							 (int)authid);
+
 		if (result == ISC_R_SUCCESS)
 			result = object_gethandle(&handle, object);

@@ -378,6 +388,8 @@ dispatch_messages(omapi_protocol_t *protocol,
 		 */
 		/* XXXDCL authid is unused */
 		connection_getuint32(connection, &protocol->message->authid);
+		if (protocol->authid == 0)
+			protocol->authid = protocol->message->authid;
 		/* XXXTL bind the authenticator here! */
 		connection_getuint32(connection, &protocol->message->authlen);
 		connection_getuint32(connection, &protocol->message->op);
--- a/lib/omapi/result.c
+++ b/lib/omapi/result.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: result.c,v 1.10.4.1 2001/01/09 22:53:04 bwelling Exp $ */
+/* $Id: result.c,v 1.10.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 #include <config.h>

 #include <isc/once.h>
@@ -31,6 +31,7 @@ static const char *text[OMAPI_R_NRESULTS] = {
 	"invalid argument",			/* 3 */
 	"protocol version mismatch",		/* 4 */
 	"protocol error",			/* 5 */
+	"bad authid",				/* 6 */
 };


--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-# $Id: version,v 1.18.4.13.4.1 2002/06/01 02:19:20 marka Exp $
+# $Id: version,v 1.18.4.13.4.2 2003/09/01 05:31:27 marka Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -7,4 +7,4 @@ MAJORVER=9
 MINORVER=1
 PATCHVER=1
 RELEASETYPE=-P
-RELEASEVER=1
+RELEASEVER=2
Author	SHA1	Message	Date
Mark Andrews	b39f966a0c	9.1.1-P2	2003-09-01 05:31:28 +00:00
Mark Andrews	7dc916ccd3	1499. [bug] isc_random need to be seeded better if arc4random() is not used. 1480. [bug] Provide replay protection for rndc commands.	2003-09-01 05:19:22 +00:00