9.1.1-P3

is not used.

1480.   [bug]           Provide replay protection for rndc commands.

CHANGES

@@ -1,4 +1,20 @@
 
+	--- 9.1.1-P3 released ---
+
+2126.	[security]	Serialise validation of type ANY responses. [RT #16555]
+
+	--- 9.1.1-P2 released ---
+
+1499.	[bug]		isc_random need to be seeded better if arc4random()
+			is not used.
+
+1480.	[bug]		Provide replay protection for rndc commands.
+
+	--- 9.1.1-P1 released ---
+
+1243.	[bug]		It was possible to trigger a REQUIRE() in
+			dns_message_findtype(). [RT #2659]
+
 	--- 9.1.1 released ---
 
 	--- 9.1.1rc7 released ---

lib/dns/config/confparser.y.dirty

@@ -33,7 +33,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: confparser.y.dirty,v 1.44.2.8 2001/03/21 18:34:31 bwelling Exp $ */
+/* $Id: confparser.y.dirty,v 1.44.2.8.4.1 2003/09/01 05:19:20 marka Exp $ */
 
 #include <config.h>
 
@@ -1888,7 +1888,7 @@ ordering_name: /* nothing */
 			$$ = $2;
 		}
 	}
-
+	;
 
 rrset_ordering_element: ordering_class ordering_type ordering_name
 	L_ORDER L_STRING
@@ -1918,7 +1918,7 @@ rrset_ordering_element: ordering_class ordering_type ordering_name
 		isc_mem_free(memctx, $5);
 		isc_mem_free(memctx, $3);
 	}
-
+	;
 
 transfer_format: L_ONE_ANSWER
 	{
@@ -2158,7 +2158,8 @@ additional_data: L_INTERNAL
 	| L_MAXIMAL
 	{
 		$$ = dns_c_ad_maximal;
-	};
+	}
+	;
 
 yea_or_nay: L_YES
 	{
@@ -2188,6 +2189,7 @@ yea_or_nay: L_YES
 			$$ = isc_boolean_true;
 		}
 	}
+	;
 
 notify_setting: yea_or_nay
 	{
@@ -4958,6 +4960,7 @@ class_name: any_string
 		isc_mem_free(memctx, $1);
 		$$ = cl;
 	}
+	;
 
 wild_class_name: any_string
 	{
@@ -4981,6 +4984,7 @@ wild_class_name: any_string
 		isc_mem_free(memctx, $1);
 		$$ = cl;
 	}
+	;
 
 optional_class: /* Empty */
 	{

lib/dns/include/dns/validator.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.h,v 1.17.2.1 2001/01/09 22:46:27 bwelling Exp $ */
+/* $Id: validator.h,v 1.17.2.1.4.1 2007/01/23 23:42:23 marka Exp $ */
 
 #ifndef DNS_VALIDATOR_H
 #define DNS_VALIDATOR_H 1
@@ -111,6 +111,11 @@ struct dns_validator {
 	ISC_LINK(dns_validator_t)	link;
 };
 
+/*%
+ * dns_validator_create() options.
+ */
+#define DNS_VALIDATOR_DEFER 2U
+
 ISC_LANG_BEGINDECLS
 
 isc_result_t
@@ -153,6 +158,15 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
  * part of a known insecure domain.
  */
 
+void
+dns_validator_send(dns_validator_t *validator);
+/*%<
+ * Send a deferred validation request
+ *
+ * Requires:
+ *	'validator' to points to a valid DNSSEC validator.
+ */
+
 void
 dns_validator_cancel(dns_validator_t *validator);
 /*

lib/dns/resolver.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.187.2.9 2001/03/20 23:49:36 bwelling Exp $ */
+/* $Id: resolver.c,v 1.187.2.9.4.2 2007/01/23 23:42:23 marka Exp $ */
 
 #include <config.h>
 
@@ -701,6 +701,8 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
+	INSIST(ISC_LIST_EMPTY(fctx->validators));
+
 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
 
 	query = isc_mem_get(res->mctx, sizeof *query);
@@ -2373,12 +2375,21 @@ maybe_destroy(fetchctx_t *fctx) {
 	unsigned int bucketnum;
 	isc_boolean_t bucket_empty = ISC_FALSE;
 	dns_resolver_t *res = fctx->res;
+	dns_validator_t *validator;
 
 	REQUIRE(SHUTTINGDOWN(fctx));
 
-	if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
+	if (fctx->pending != 0)
 		return;
 
+	for (validator = ISC_LIST_HEAD(fctx->validators);
+	     validator != NULL;
+	     validator = ISC_LIST_HEAD(fctx->validators)) {
+		ISC_LIST_UNLINK(fctx->validators, validator, link);
+		dns_validator_cancel(validator);
+		dns_validator_destroy(&validator);
+	}
+
 	bucketnum = fctx->bucketnum;
 	LOCK(&res->buckets[bucketnum].lock);
 	if (fctx->references == 0)
@@ -2549,7 +2560,9 @@ validated(isc_task_t *task, isc_event_t *event) {
 			goto noanswer_response;
 	}
 
-	if (sentresponse) {
+	if (!ISC_LIST_EMPTY(fctx->validators))
+		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+	else if (sentresponse) {
 		/*
 		 * If we only deferred the destroy because we wanted to cache
 		 * the data, destroy now.
@@ -2569,6 +2582,7 @@ validated(isc_task_t *task, isc_event_t *event) {
 		 * more rdatasets that still need to
 		 * be validated.
 		 */
+		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
 		goto cleanup_event;
 	}
 
@@ -2617,6 +2631,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 	unsigned int options;
 	isc_task_t *task;
 	dns_validator_t *validator;
+	unsigned int valoptions = 0;
 
 	/*
 	 * The appropriate bucket lock must be held.
@@ -2805,15 +2820,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 						rdataset,
 						sigrdataset,
 						fctx->rmessage,
-						0,
+						valoptions,
 						task,
 						validated,
 						fctx,
 						&validator);
-					if (result == ISC_R_SUCCESS)
+					if (result == ISC_R_SUCCESS) {
 						ISC_LIST_APPEND(
 							fctx->validators,
 							validator, link);
+						valoptions |=
+							 DNS_VALIDATOR_DEFER;
+					}
 				}
 			}
 		} else if (!EXTERNAL(rdataset)) {
@@ -2886,7 +2904,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 					      valrdataset,
 					      valsigrdataset,
 					      fctx->rmessage,
-					      0,
+					      valoptions,
 					      task,
 					      validated,
 					      fctx,
@@ -3212,6 +3230,7 @@ check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) {
 				/*
 				 * Do we have its SIG too?
 				 */
+				rdataset = NULL;
 				result = dns_message_findtype(name,
 						      dns_rdatatype_sig,
 						      type, &rdataset);

lib/dns/validator.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.87.2.1 2001/01/09 22:44:26 bwelling Exp $ */
+/* $Id: validator.c,v 1.87.2.1.4.1 2007/01/23 23:42:23 marka Exp $ */
 
 #include <config.h>
 
@@ -1512,7 +1512,8 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
 	ISC_LINK_INIT(val, link);
 	val->magic = VALIDATOR_MAGIC;
 
-	isc_task_send(task, (isc_event_t **)&event);
+	if ((options & DNS_VALIDATOR_DEFER) == 0)
+		isc_task_send(task, (isc_event_t **)&event);
 
 	*validatorp = val;
 
@@ -1529,6 +1530,21 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
 	return (result);
 }
 
+void
+dns_validator_send(dns_validator_t *validator) {
+	isc_event_t *event;
+	REQUIRE(VALID_VALIDATOR(validator));
+
+	LOCK(&validator->lock);
+
+	INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
+	event = (isc_event_t *)validator->event;
+	validator->options &= ~DNS_VALIDATOR_DEFER;
+	UNLOCK(&validator->lock);
+
+	isc_task_send(validator->task, &event);
+}
+
 void
 dns_validator_cancel(dns_validator_t *validator) {
 	REQUIRE(VALID_VALIDATOR(validator));
@@ -1548,6 +1564,13 @@ dns_validator_cancel(dns_validator_t *validator) {
 
 		if (validator->authvalidator != NULL)
 			dns_validator_cancel(validator->authvalidator);
+
+		if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
+			isc_task_t *task = validator->event->ev_sender;
+			validator->options &= ~DNS_VALIDATOR_DEFER;
+			isc_event_free((isc_event_t **)&validator->event);
+			isc_task_detach(&task);
+		}
 	}
 	UNLOCK(&validator->lock);
 }

lib/isc/random.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: random.c,v 1.14.2.1 2001/01/09 22:49:14 bwelling Exp $ */
+/* $Id: random.c,v 1.14.2.1.4.1 2003/09/01 05:19:20 marka Exp $ */
 
 #include <config.h>
 
@@ -33,7 +33,14 @@ static isc_once_t once = ISC_ONCE_INIT;
 static void
 initialize_rand(void)
 {
-	srand(time(NULL));
+	unsigned int pid = getpid();
+
+	/*
+	 * The low bits of pid generally change faster.
+	 * Xor them with the high bits of time which change slowly.
+	 */
+	pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff);
+	srand(time(NULL) ^ pid);
 }
 
 static void

lib/omapi/api

@@ -1,3 +1,3 @@
-LIBINTERFACE = 3
+LIBINTERFACE = 4
 LIBREVISION = 0
 LIBAGE = 0

lib/omapi/include/omapi/private.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: private.h,v 1.25.4.1 2001/01/09 22:53:15 bwelling Exp $ */
+/* $Id: private.h,v 1.25.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*****
  ***** Private master include file for the OMAPI library.
@@ -243,6 +243,7 @@ struct omapi_protocol {
 	isc_region_t			signature_in;
 	isc_buffer_t			*signature_out;
 	isc_result_t			verify_result;
+	isc_uint32_t			authid;
 	/*
 	 * A callback to find out whether a requested key is valid on
 	 * the connection, and the arg the caller wants to help it decide.
@@ -438,12 +439,12 @@ send_intro(omapi_object_t *object, unsigned int version);
 #define send_status omapi__send_status
 isc_result_t
 send_status(omapi_object_t *protcol, isc_result_t waitstatus,
-	    unsigned int response_id, const char *message);
+	    unsigned int response_id, unsigned int authid, const char *message);
 
 #define send_update omapi__send_update
 isc_result_t
 send_update(omapi_object_t *protocol, unsigned int response_id,
-	    omapi_object_t *object);
+	    unsigned int authid, omapi_object_t *object);
 
 ISC_LANG_ENDDECLS
 

lib/omapi/include/omapi/result.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.h,v 1.7.4.1 2001/01/09 22:53:16 bwelling Exp $ */
+/* $Id: result.h,v 1.7.4.1.4.1 2003/09/01 05:19:22 marka Exp $ */
 
 #ifndef OMAPI_RESULT_H
 #define OMAPI_RESULT_H 1
@@ -32,8 +32,9 @@ ISC_LANG_BEGINDECLS
 #define OMAPI_R_INVALIDARG		(ISC_RESULTCLASS_OMAPI + 3)
 #define OMAPI_R_VERSIONMISMATCH		(ISC_RESULTCLASS_OMAPI + 4)
 #define OMAPI_R_PROTOCOLERROR		(ISC_RESULTCLASS_OMAPI + 5)
+#define OMAPI_R_BADAUTHID		(ISC_RESULTCLASS_OMAPI + 6)
 
-#define OMAPI_R_NRESULTS		6	/* Number of results */
+#define OMAPI_R_NRESULTS		7	/* Number of results */
 
 const char *
 omapi_result_totext(isc_result_t);

lib/omapi/listener.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listener.c,v 1.31.4.2 2001/03/27 00:14:54 bwelling Exp $ */
+/* $Id: listener.c,v 1.31.4.2.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*
  * Subroutines that support the generic listener object.
@@ -219,6 +219,8 @@ listener_accept(isc_task_t *task, isc_event_t *event) {
 	 */
 	protocol->verify_key = listener->verify_key;
 	protocol->verify_key_arg = listener->callback_arg;
+	while (protocol->authid == 0)
+		isc_random_get(&protocol->authid);
 
 	/*
 	 * Tie the protocol object bidirectionally to the connection

lib/omapi/message.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.28.4.1 2001/01/09 22:53:00 bwelling Exp $ */
+/* $Id: message.c,v 1.28.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*
  * Subroutines for dealing with message objects.
@@ -26,6 +26,7 @@
 #include <stddef.h>
 
 #include <isc/buffer.h>
+#include <isc/random.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -180,7 +181,7 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 
 	if (result == ISC_R_SUCCESS)
 		/* XXXTL Write the ID of the authentication key we're using. */
-		result = omapi_connection_putuint32(connection, 0);
+		result = omapi_connection_putuint32(connection, p->authid);
 
 	if (result == ISC_R_SUCCESS)
 		result = omapi_connection_putuint32(connection, authlen);
@@ -209,6 +210,8 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 		 * Set and write the transaction ID.
 		 */
 		m->id = p->next_xid++;
+		if (m->id == 0)
+			m->id = p->next_xid++;
 		result = omapi_connection_putuint32(connection, m->id);
 	}
 
@@ -385,6 +388,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			dst_context_destroy(&protocol->dstctx);
 		}
 
+		if (protocol->verify_result == ISC_R_SUCCESS &&
+		    protocol->authid != 0)
+			if (protocol->authid != message->authid)
+				result = OMAPI_R_BADAUTHID;
+
 		if (protocol->verify_result != ISC_R_SUCCESS) {
 			if (connection->is_client) {
 				INSIST(m != NULL);
@@ -422,6 +430,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 				return (send_status(po,
 						    protocol->verify_result,
 						    message->id,
+						    protocol->authid,
 						    "failed to verify "
 						    "signature"));
 		}
@@ -434,7 +443,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (m != NULL) {
 			return (send_status(po, OMAPI_R_INVALIDARG,
-					    message->id,
+					    message->id, protocol->authid,
 					    "OPEN can't be a response"));
 		}
 
@@ -456,7 +465,8 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		} else if (result == ISC_R_NOTFOUND)
 			type = NULL;
 		else
-			return (send_status(po, result, message->id,
+			return (send_status(po, result, message->id, 
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -470,6 +480,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			create = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -483,6 +494,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			update = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -496,6 +508,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			exclusive = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -505,6 +518,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 #ifdef notyet /* not for 9.0.0 */
 		if (type != omapi_type_protocol && protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized access"));
 #endif /* notyet */
 
@@ -516,6 +530,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			if (create != 0)
 				return (send_status(po, OMAPI_R_INVALIDARG,
 						   message->id,
+						    protocol->authid,
 						   "type required on create"));
 
 			goto refresh;
@@ -523,6 +538,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (message->object == NULL)
 			return (send_status(po, ISC_R_NOTFOUND, message->id,
+					    protocol->authid,
 					    "no lookup key specified"));
 
 		/*
@@ -551,12 +567,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (result == ISC_R_NOTIMPLEMENTED)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "unsearchable object type"));
 
 		if (result != ISC_R_SUCCESS &&
 		    result != ISC_R_NOTFOUND &&
 		    result != OMAPI_R_NOKEYS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "object lookup failed"));
 
 		/*
@@ -565,6 +583,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		 */
 		if (result == ISC_R_NOTFOUND && create == 0) {
 			return (send_status(po, ISC_R_NOTFOUND, message->id,
+					    protocol->authid,
 					   "no object matches specification"));
 		}
 
@@ -576,6 +595,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (result == ISC_R_SUCCESS && create != 0 && exclusive != 0) {
 			OBJECT_DEREF(&object);
 			return (send_status(po, ISC_R_EXISTS, message->id,
+					    protocol->authid,
 					   "specified object already exists"));
 		}
 
@@ -586,6 +606,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			result = object_methodcreate(type, &object);
 			if (result != ISC_R_SUCCESS)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						   "can't create new object"));
 		}
 
@@ -598,6 +619,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			if (result != ISC_R_SUCCESS) {
 				OBJECT_DEREF(&object);
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "can't update object"));
 			}
 		}
@@ -614,6 +636,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 #ifdef notyet /* not for 9.0.0 */
 		if (protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized access"));
 #endif /* notyet */
 
@@ -621,10 +644,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		result = handle_lookup(&object, message->h);
 		if (result != ISC_R_SUCCESS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "no matching handle"));
 
 	send:
-		result = send_update(po, message->id, object);
+		result = send_update(po, message->id, protocol->authid, object);
 		OBJECT_DEREF(&object);
 		return (result);
 
@@ -632,6 +656,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (! connection->is_client)
 			return (send_status(po, OMAPI_R_INVALIDARG,
 					    message->id,
+					    protocol->authid,
 					    "OMAPI_OP_UPDATE is not a "
 					    "valid server operation"));
 
@@ -642,6 +667,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			result = handle_lookup(&object, message->h);
 			if (result != ISC_R_SUCCESS)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "no matching handle"));
 		}
 
@@ -656,6 +682,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (result != ISC_R_SUCCESS) {
 			if (message->rid == 0)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "can't update object"));
 			if (m != NULL)
 				object_signal((omapi_object_t *)m,
@@ -665,6 +692,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (message->rid == 0)
 			result = send_status(po, ISC_R_SUCCESS, message->id,
+					    protocol->authid,
 					     NULL);
 
 		if (m != NULL)
@@ -675,12 +703,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 	case OMAPI_OP_NOTIFY:
 		return (send_status(po, ISC_R_NOTIMPLEMENTED, message->id,
+				    protocol->authid,
 				    "notify not implemented yet"));
 
 	case OMAPI_OP_STATUS:
 		if (! connection->is_client)
 			return (send_status(po, OMAPI_R_INVALIDARG,
 					    message->id,
+					    protocol->authid,
 					    "OMAPI_OP_STATUS is not a "
 					    "valid server operation"));
 
@@ -720,22 +750,26 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized delete"));
 
 		result = handle_lookup(&object, message->h);
 		if (result != ISC_R_SUCCESS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "no matching handle"));
 
 		result = object_methodexpunge(object->type, object);
 		if (result == ISC_R_NOTIMPLEMENTED)
 			return (send_status(po, ISC_R_NOTIMPLEMENTED,
 					    message->id,
+					    protocol->authid,
 					    "no remove method for object"));
 
 		OBJECT_DEREF(&object);
 
-		return (send_status(po, result, message->id, NULL));
+		return (send_status(po, result, message->id,
+				    protocol->authid, NULL));
 	}
 
 	return (ISC_R_NOTIMPLEMENTED);

lib/omapi/protocol.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: protocol.c,v 1.32.4.1 2001/01/09 22:53:03 bwelling Exp $ */
+/* $Id: protocol.c,v 1.32.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*
  * Functions supporting the object management protocol.
@@ -28,6 +28,7 @@
 
 #include <isc/buffer.h>
 #include <isc/mem.h>
+#include <isc/random.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -158,9 +159,8 @@ send_intro(omapi_object_t *h, unsigned int ver) {
 
 		/*
 		 * Make up an initial transaction ID for this connection.
-		 * XXXDCL better generator than random()?
 		 */
-		p->next_xid = random();
+		isc_random_get(&p->next_xid);
 
 		result = connection_send(connection);
 
@@ -212,7 +212,7 @@ omapi_protocol_listen(omapi_object_t *manager, isc_sockaddr_t *addr,
 
 isc_result_t
 send_status(omapi_object_t *po, isc_result_t waitstatus,
-	    unsigned int rid, const char *msg)
+	    unsigned int rid, unsigned int authid, const char *msg)
 {
 	isc_result_t result;
 	omapi_object_t *message = NULL;
@@ -230,6 +230,10 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
 	if (result == ISC_R_SUCCESS)
 		result = omapi_object_setinteger(message, "rid", (int)rid);
 
+	if (result == ISC_R_SUCCESS)
+		result = omapi_object_setinteger(message, "authid",
+						 (int)authid);
+
 	if (result == ISC_R_SUCCESS)
 		result = omapi_object_setinteger(message, "result",
 						 (int)waitstatus);
@@ -249,7 +253,9 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
 }
 
 isc_result_t
-send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
+send_update(omapi_object_t *po, unsigned int rid, unsigned int authid,
+	    omapi_object_t *object)
+{
 	isc_result_t result;
 	omapi_object_t *message = NULL;
 
@@ -267,6 +273,10 @@ send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
 
 		result = omapi_object_setinteger(message, "rid", (int)rid);
 
+		if (result == ISC_R_SUCCESS)
+			result = omapi_object_setinteger(message, "authid",
+							 (int)authid);
+
 		if (result == ISC_R_SUCCESS)
 			result = object_gethandle(&handle, object);
 
@@ -378,6 +388,8 @@ dispatch_messages(omapi_protocol_t *protocol,
 		 */
 		/* XXXDCL authid is unused */
 		connection_getuint32(connection, &protocol->message->authid);
+		if (protocol->authid == 0)
+			protocol->authid = protocol->message->authid;
 		/* XXXTL bind the authenticator here! */
 		connection_getuint32(connection, &protocol->message->authlen);
 		connection_getuint32(connection, &protocol->message->op);

lib/omapi/result.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.c,v 1.10.4.1 2001/01/09 22:53:04 bwelling Exp $ */
+/* $Id: result.c,v 1.10.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 #include <config.h>
 
 #include <isc/once.h>
@@ -31,6 +31,7 @@ static const char *text[OMAPI_R_NRESULTS] = {
 	"invalid argument",			/* 3 */
 	"protocol version mismatch",		/* 4 */
 	"protocol error",			/* 5 */
+	"bad authid",				/* 6 */
 };
 
 

version

@@ -1,4 +1,4 @@
-# $Id: version,v 1.18.4.13 2001/03/28 19:08:09 gson Exp $
+# $Id: version,v 1.18.4.13.4.3 2007/01/23 23:42:23 marka Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=1
 PATCHVER=1
-RELEASETYPE=
-RELEASEVER=
+RELEASETYPE=-P
+RELEASEVER=3