mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity
bind/lib/dns/private.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

414 lines
11 KiB
C
Raw Normal View History

2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
update copyright notice
2011-02-15 23:47:36 +00:00
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
*
* SPDX-License-Identifier: MPL-2.0
Update the copyright information in all files in the repository This commit converts the license handling to adhere to the REUSE specification. It specifically: 1. Adds used licnses to LICENSES/ directory 2. Add "isc" template for adding the copyright boilerplate 3. Changes all source files to include copyright and SPDX license header, this includes all the C sources, documentation, zone files, configuration files. There are notes in the doc/dev/copyrights file on how to add correct headers to the new files. 4. Handle the rest that can't be modified via .reuse/dep5 file. The binary (or otherwise unmodifiable) files could have license places next to them in <foo>.license file, but this would lead to cluttered repository and most of the files handled in the .reuse/dep5 file are system test files.
2021-06-03 08:37:05 +02:00
*
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
Update license headers to not include years in copyright in all applicable files
2018-02-23 09:53:12 +01:00
*
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
#include <stdbool.h>
added print.h includes, updated copyrights
2015-05-23 14:21:51 +02:00
#include <isc/base64.h>
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
#include <isc/result.h>
#include <isc/string.h>
#include <isc/types.h>
4774. [bug] <isc/util.h> was incorrectly included in several header files. [RT #46311]
2017-10-19 12:26:32 +11:00
#include <isc/util.h>
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
#include <dns/nsec3.h>
#include <dns/private.h>
/*
* We need to build the relevant chain if there exists a NSEC/NSEC3PARAM
* at the apex; normally only one or the other of NSEC/NSEC3PARAM will exist.
*
* If a NSEC3PARAM RRset exists then we will need to build a NSEC chain
* if all the NSEC3PARAM records (and associated chains) are slated for
* destruction and we have not been told to NOT build the NSEC chain.
*
* If the NSEC set exist then check to see if there is a request to create
* a NSEC3 chain.
*
* If neither NSEC/NSEC3PARAM RRsets exist at the origin and the private
* type exists then we need to examine it to determine if NSEC3 chain has
* been requested to be built otherwise a NSEC chain needs to be built.
*/
Update the source code formatting using clang-format-17
2023-10-10 16:55:13 +02:00
#define REMOVE(x) (((x) & DNS_NSEC3FLAG_REMOVE) != 0)
#define CREATE(x) (((x) & DNS_NSEC3FLAG_CREATE) != 0)
#define INITIAL(x) (((x) & DNS_NSEC3FLAG_INITIAL) != 0)
#define NONSEC(x) (((x) & DNS_NSEC3FLAG_NONSEC) != 0)
Use clang-format to reformat the source files
2020-02-12 13:59:18 +01:00
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/*
* Work out if 'param' should be ignored or not (i.e. it is in the process
* of being removed).
*
* Note: we 'belt-and-braces' here by also checking for a CREATE private
* record and keep the param record in this case.
*/
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
static bool
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
ignore(dns_rdata_t *param, dns_rdataset_t *privateset) {
add DNS_RDATASET_FOREACH macro replace the pattern `for (result = dns_rdataset_first(x); result == ISC_R_SUCCES; result = dns_rdataset_next(x)` with a new `DNS_RDATASET_FOREACH` macro throughout BIND.
2025-03-21 23:32:27 -07:00
DNS_RDATASET_FOREACH(privateset) {
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
dns_rdata_t private = DNS_RDATA_INIT;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(privateset, &private);
if (!dns_nsec3param_fromprivate(&private, &rdata, buf,
Update sources to Clang 15 formatting
2022-11-02 19:33:14 +01:00
sizeof(buf)))
{
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
update copyright notice
2009-10-09 23:48:09 +00:00
* We are going to create a new NSEC3 chain so it
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
* doesn't matter if we are removing this one.
*/
if (CREATE(rdata.data[1])) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
return false;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (rdata.data[0] != param->data[0] ||
rdata.data[2] != param->data[2] ||
rdata.data[3] != param->data[3] ||
rdata.data[4] != param->data[4] ||
memcmp(&rdata.data[5], &param->data[5], param->data[4]))
{
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
* The removal of this NSEC3 chain does NOT cause a
* NSEC chain to be created so we don't need to tell
* the caller that it will be removed.
*/
if (NONSEC(rdata.data[1])) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
return false;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
return true;
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
}
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
return false;
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
}
isc_result_t
dns_private_chains(dns_db_t *db, dns_dbversion_t *ver,
dns_rdatatype_t privatetype, bool *build_nsec,
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
bool *build_nsec3) {
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
dns_dbnode_t *node;
dns_rdataset_t nsecset, nsec3paramset, privateset;
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
bool nsec3chain;
bool signing;
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
isc_result_t result;
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
unsigned int count;
node = NULL;
dns_rdataset_init(&nsecset);
dns_rdataset_init(&nsec3paramset);
dns_rdataset_init(&privateset);
CHECK(dns_db_getoriginnode(db, &node));
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec, 0,
(isc_stdtime_t)0, &nsecset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param, 0,
(isc_stdtime_t)0, &nsec3paramset, NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (dns_rdataset_isassociated(&nsecset) &&
dns_rdataset_isassociated(&nsec3paramset))
{
Apply more SET_IF_NOT_NULL() changes coccinelle v1.2 found more cases where the SET_IF_NOT_NULL macro applies.
2024-12-05 16:15:50 +01:00
SET_IF_NOT_NULL(build_nsec, true);
SET_IF_NOT_NULL(build_nsec3, true);
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
goto success;
}
if (privatetype != (dns_rdatatype_t)0) {
result = dns_db_findrdataset(db, node, ver, privatetype, 0,
(isc_stdtime_t)0, &privateset,
NULL);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) {
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
}
/*
typo in comment
2011-02-15 18:23:34 +00:00
* Look to see if we also need to be creating a NSEC3 chain.
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
*/
if (dns_rdataset_isassociated(&nsecset)) {
Apply more SET_IF_NOT_NULL() changes coccinelle v1.2 found more cases where the SET_IF_NOT_NULL macro applies.
2024-12-05 16:15:50 +01:00
SET_IF_NOT_NULL(build_nsec, true);
SET_IF_NOT_NULL(build_nsec3, false);
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (!dns_rdataset_isassociated(&privateset)) {
goto success;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
add DNS_RDATASET_FOREACH macro replace the pattern `for (result = dns_rdataset_first(x); result == ISC_R_SUCCES; result = dns_rdataset_next(x)` with a new `DNS_RDATASET_FOREACH` macro throughout BIND.
2025-03-21 23:32:27 -07:00
DNS_RDATASET_FOREACH(&privateset) {
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
dns_rdata_t private = DNS_RDATA_INIT;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(&privateset, &private);
if (!dns_nsec3param_fromprivate(&private, &rdata, buf,
Update sources to Clang 15 formatting
2022-11-02 19:33:14 +01:00
sizeof(buf)))
{
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (REMOVE(rdata.data[1])) {
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (build_nsec3 != NULL) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
*build_nsec3 = true;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
break;
}
goto success;
}
update copyright notice
2009-10-09 23:48:09 +00:00
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (dns_rdataset_isassociated(&nsec3paramset)) {
Apply more SET_IF_NOT_NULL() changes coccinelle v1.2 found more cases where the SET_IF_NOT_NULL macro applies.
2024-12-05 16:15:50 +01:00
SET_IF_NOT_NULL(build_nsec3, true);
SET_IF_NOT_NULL(build_nsec, false);
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (!dns_rdataset_isassociated(&privateset)) {
goto success;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
* If we are in the process of building a new NSEC3 chain
* then we don't need to build a NSEC chain.
*/
add DNS_RDATASET_FOREACH macro replace the pattern `for (result = dns_rdataset_first(x); result == ISC_R_SUCCES; result = dns_rdataset_next(x)` with a new `DNS_RDATASET_FOREACH` macro throughout BIND.
2025-03-21 23:32:27 -07:00
DNS_RDATASET_FOREACH(&privateset) {
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
dns_rdata_t private = DNS_RDATA_INIT;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(&privateset, &private);
if (!dns_nsec3param_fromprivate(&private, &rdata, buf,
Update sources to Clang 15 formatting
2022-11-02 19:33:14 +01:00
sizeof(buf)))
{
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (CREATE(rdata.data[1])) {
goto success;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
}
update copyright notice
2009-10-09 23:48:09 +00:00
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
* Check to see if there will be a active NSEC3CHAIN once
* the changes queued complete.
*/
count = 0;
add DNS_RDATASET_FOREACH macro replace the pattern `for (result = dns_rdataset_first(x); result == ISC_R_SUCCES; result = dns_rdataset_next(x)` with a new `DNS_RDATASET_FOREACH` macro throughout BIND.
2025-03-21 23:32:27 -07:00
DNS_RDATASET_FOREACH(&nsec3paramset) {
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
dns_rdata_t rdata = DNS_RDATA_INIT;
/*
* If there is more that one NSEC3 chain present then
* we don't need to construct a NSEC chain.
*/
if (++count > 1) {
goto success;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
dns_rdataset_current(&nsec3paramset, &rdata);
if (ignore(&rdata, &privateset)) {
update copyright notice
2009-10-09 23:48:09 +00:00
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
* We still have a good NSEC3 chain or we are
* not creating a NSEC chain as NONSEC is set.
*/
goto success;
}
/*
* The last NSEC3 chain is being removed and does not have
* have NONSEC set.
*/
if (build_nsec != NULL) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
*build_nsec = true;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
goto success;
}
Apply more SET_IF_NOT_NULL() changes coccinelle v1.2 found more cases where the SET_IF_NOT_NULL macro applies.
2024-12-05 16:15:50 +01:00
SET_IF_NOT_NULL(build_nsec, false);
SET_IF_NOT_NULL(build_nsec3, false);
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (!dns_rdataset_isassociated(&privateset)) {
goto success;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
signing = false;
nsec3chain = false;
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
add DNS_RDATASET_FOREACH macro replace the pattern `for (result = dns_rdataset_first(x); result == ISC_R_SUCCES; result = dns_rdataset_next(x)` with a new `DNS_RDATASET_FOREACH` macro throughout BIND.
2025-03-21 23:32:27 -07:00
DNS_RDATASET_FOREACH(&privateset) {
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_t private = DNS_RDATA_INIT;
dns_rdataset_current(&privateset, &private);
if (!dns_nsec3param_fromprivate(&private, &rdata, buf,
Update sources to Clang 15 formatting
2022-11-02 19:33:14 +01:00
sizeof(buf)))
{
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
/*
* Look for record that says we are signing the
* zone with a key.
*/
if (private.length == 5 && private.data[0] != 0 &&
private.data[3] == 0 && private.data[4] == 0)
{
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
signing = true;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
} else {
if (CREATE(rdata.data[1])) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
nsec3chain = true;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
}
}
if (signing) {
if (nsec3chain) {
if (build_nsec3 != NULL) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
*build_nsec3 = true;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
} else {
if (build_nsec != NULL) {
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
*build_nsec = true;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
}
}
success:
result = ISC_R_SUCCESS;
failure:
if (dns_rdataset_isassociated(&nsecset)) {
dns_rdataset_disassociate(&nsecset);
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (dns_rdataset_isassociated(&nsec3paramset)) {
dns_rdataset_disassociate(&nsec3paramset);
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (dns_rdataset_isassociated(&privateset)) {
dns_rdataset_disassociate(&privateset);
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
if (node != NULL) {
Decouple database and node lifetimes by adding node-specific vtables All databases in the codebase follow the same structure: a database is an associative container from DNS names to nodes, and each node is an associative container from RR types to RR data. Each database implementation (qpzone, qpcache, sdlz, builtin, dyndb) has its own corresponding node type (qpznode, qpcnode, etc). However, some code needs to work with nodes generically regardless of their specific type - for example, to acquire locks, manage references, or register/unregister slabs from the heap. Currently, these generic node operations are implemented as methods in the database vtable, which creates problematic coupling between database and node lifetimes. If a node outlives its parent database, the node destructor will destroy all RR data, and each RR data destructor will try to unregister from heaps by calling a virtual function from the database vtable. Since the database was already freed, this causes a crash. This commit breaks the coupling by standardizing the layout of all database nodes, adding a dedicated vtable for node operations, and moving node-specific methods from the database vtable to the node vtable.
2025-06-05 11:51:29 +02:00
dns_db_detachnode(&node);
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
2708. [func] Insecure to secure and NSEC3 parameter changes via update are now fully supported and no longer require defines to enable. We now no longer overload the NSEC3PARAM flag field, nor the NSEC OPT bit at the apex. Secure to insecure changes are controlled by by the named.conf option 'secure-to-insecure'. Warning: If you had previously enabled support by adding defines at compile time to BIND 9.6 you should ensure that all changes that are in progress have completed prior to upgrading to BIND 9.7. BIND 9.7 is not backwards compatible.
2009-10-09 00:33:39 +00:00
return result;
}
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_result_t
dns_private_totext(dns_rdata_t *private, isc_buffer_t *buf) {
isc_result_t result;
3410. [bug] Addressed Coverity warnings. [RT #31626] Squashed commit of the following: commit bce2efe66d69d60b746b85df49974ca341723169 Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:59:25 2012 +1100 use 'static dns_rdata_xxxx_t xxxx' commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:35:16 2012 +1100 return ISC_R_NOTFOUND if private record length does not make sense commit 7596610c12c5685336fc0909860173d2fae359af Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:41:17 2012 +1100 check private->length == 5 commit 3836365a3e3e83b057bd940350f032279e080296 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:40:50 2012 +1100 properly set private->length commit a295778ac53109d39ef3a8b233751100edae678b Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:13:30 2012 +1100 check dns_rdata_tostruct result commit e33c37ca9112159e0b2363615bb018d27fa7d1a5 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:10:43 2012 +1100 check remove/fopen/chmod return values commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:59:10 2012 +1100 check isc_socket_accept result commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:55:40 2012 +1100 change variable scopes commit b9e9d9ad58270271003e463f10744e0ceaf9ad97 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:53:19 2012 +1100 check inet_pton return value commit 70698e9589da77e3745efb6ea24b8830addd6ae4 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:40 2012 +1100 break -> /* NOTREACHED */ commit 88de9de2e8e201ab2fef16a868f241e8206ea826 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:06 2012 +1100 strcpy -> strlcpy commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:51:26 2012 +1100 check dns_rdata_tostruct return values
2012-10-29 20:04:59 +11:00
if (private->length < 5) {
return ISC_R_NOTFOUND;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
3410. [bug] Addressed Coverity warnings. [RT #31626] Squashed commit of the following: commit bce2efe66d69d60b746b85df49974ca341723169 Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:59:25 2012 +1100 use 'static dns_rdata_xxxx_t xxxx' commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:35:16 2012 +1100 return ISC_R_NOTFOUND if private record length does not make sense commit 7596610c12c5685336fc0909860173d2fae359af Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:41:17 2012 +1100 check private->length == 5 commit 3836365a3e3e83b057bd940350f032279e080296 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:40:50 2012 +1100 properly set private->length commit a295778ac53109d39ef3a8b233751100edae678b Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:13:30 2012 +1100 check dns_rdata_tostruct result commit e33c37ca9112159e0b2363615bb018d27fa7d1a5 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:10:43 2012 +1100 check remove/fopen/chmod return values commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:59:10 2012 +1100 check isc_socket_accept result commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:55:40 2012 +1100 change variable scopes commit b9e9d9ad58270271003e463f10744e0ceaf9ad97 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:53:19 2012 +1100 check inet_pton return value commit 70698e9589da77e3745efb6ea24b8830addd6ae4 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:40 2012 +1100 break -> /* NOTREACHED */ commit 88de9de2e8e201ab2fef16a868f241e8206ea826 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:06 2012 +1100 strcpy -> strlcpy commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:51:26 2012 +1100 check dns_rdata_tostruct return values
2012-10-29 20:04:59 +11:00
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
if (private->data[0] == 0) {
unsigned char nsec3buf[DNS_NSEC3PARAM_BUFFERSIZE];
unsigned char newbuf[DNS_NSEC3PARAM_BUFFERSIZE];
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_nsec3param_t nsec3param;
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
bool del, init, nonsec;
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_t b;
if (!dns_nsec3param_fromprivate(private, &rdata, nsec3buf,
Update sources to Clang 15 formatting
2022-11-02 19:33:14 +01:00
sizeof(nsec3buf)))
{
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
CHECK(ISC_R_FAILURE);
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
CHECK(dns_rdata_tostruct(&rdata, &nsec3param, NULL));
Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool
2018-10-11 11:57:57 +02:00
del = ((nsec3param.flags & DNS_NSEC3FLAG_REMOVE) != 0);
init = ((nsec3param.flags & DNS_NSEC3FLAG_INITIAL) != 0);
nonsec = ((nsec3param.flags & DNS_NSEC3FLAG_NONSEC) != 0);
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
nsec3param.flags &=
~(DNS_NSEC3FLAG_CREATE | DNS_NSEC3FLAG_REMOVE |
DNS_NSEC3FLAG_INITIAL | DNS_NSEC3FLAG_NONSEC);
if (init) {
isc_buffer_putstr(buf, "Pending NSEC3 chain ");
4654. [cleanup] Don't use C++ keywords delete, new and namespace. [RT #45538]
2017-07-21 11:52:24 +10:00
} else if (del) {
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_putstr(buf, "Removing NSEC3 chain ");
} else {
isc_buffer_putstr(buf, "Creating NSEC3 chain ");
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
dns_rdata_reset(&rdata);
isc_buffer_init(&b, newbuf, sizeof(newbuf));
CHECK(dns_rdata_fromstruct(&rdata, dns_rdataclass_in,
dns_rdatatype_nsec3param,
&nsec3param, &b));
CHECK(dns_rdata_totext(&rdata, NULL, buf));
4654. [cleanup] Don't use C++ keywords delete, new and namespace. [RT #45538]
2017-07-21 11:52:24 +10:00
if (del && !nonsec) {
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_putstr(buf, " / creating NSEC chain");
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
3410. [bug] Addressed Coverity warnings. [RT #31626] Squashed commit of the following: commit bce2efe66d69d60b746b85df49974ca341723169 Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:59:25 2012 +1100 use 'static dns_rdata_xxxx_t xxxx' commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:35:16 2012 +1100 return ISC_R_NOTFOUND if private record length does not make sense commit 7596610c12c5685336fc0909860173d2fae359af Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:41:17 2012 +1100 check private->length == 5 commit 3836365a3e3e83b057bd940350f032279e080296 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:40:50 2012 +1100 properly set private->length commit a295778ac53109d39ef3a8b233751100edae678b Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:13:30 2012 +1100 check dns_rdata_tostruct result commit e33c37ca9112159e0b2363615bb018d27fa7d1a5 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:10:43 2012 +1100 check remove/fopen/chmod return values commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:59:10 2012 +1100 check isc_socket_accept result commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:55:40 2012 +1100 change variable scopes commit b9e9d9ad58270271003e463f10744e0ceaf9ad97 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:53:19 2012 +1100 check inet_pton return value commit 70698e9589da77e3745efb6ea24b8830addd6ae4 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:40 2012 +1100 break -> /* NOTREACHED */ commit 88de9de2e8e201ab2fef16a868f241e8206ea826 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:06 2012 +1100 strcpy -> strlcpy commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:51:26 2012 +1100 check dns_rdata_tostruct return values
2012-10-29 20:04:59 +11:00
} else if (private->length == 5) {
Support PRIVATEOID/PRIVATEDNS in zone.c - dns_zone_cdscheck() has been extended to extract the key algorithms from DNSKEY data when the CDS algorithm is PRIVATEOID or PRIVATEDNS. - dns_zone_signwithkey() has been extended to support signing with PRIVATEDNS and PRIVATEOID algorithms. The signing record (type 65534) added at the zone apex to indicate the current state of automatic zone signing can now contain an additional two-byte field for the DST algorithm value, when the DNS secalg value isn't enough information.
2025-04-08 13:26:55 -05:00
/* Old Form */
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
unsigned char alg = private->data[0];
dns_keytag_t keyid = (private->data[2] | private->data[1] << 8);
Increase the BUFSIZ-long buffers The BUFSIZ value varies between platforms, it could be 8K on Linux and 512 bytes on mingw. Make sure the buffers are always big enough for the output data to prevent truncation of the output by appropriately enlarging or sizing the buffers.
2022-07-14 13:48:45 +02:00
char keybuf[DNS_SECALG_FORMATSIZE + BUFSIZ],
algbuf[DNS_SECALG_FORMATSIZE];
Replace custom isc_boolean_t with C standard bool type
2018-04-17 08:29:14 -07:00
bool del = private->data[3];
bool complete = private->data[4];
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
4654. [cleanup] Don't use C++ keywords delete, new and namespace. [RT #45538]
2017-07-21 11:52:24 +10:00
if (del && complete) {
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_putstr(buf, "Done removing signatures for ");
4654. [cleanup] Don't use C++ keywords delete, new and namespace. [RT #45538]
2017-07-21 11:52:24 +10:00
} else if (del) {
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_putstr(buf, "Removing signatures for ");
} else if (complete) {
isc_buffer_putstr(buf, "Done signing with ");
} else {
isc_buffer_putstr(buf, "Signing with ");
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
Support PRIVATEOID/PRIVATEDNS in zone.c - dns_zone_cdscheck() has been extended to extract the key algorithms from DNSKEY data when the CDS algorithm is PRIVATEOID or PRIVATEDNS. - dns_zone_signwithkey() has been extended to support signing with PRIVATEDNS and PRIVATEOID algorithms. The signing record (type 65534) added at the zone apex to indicate the current state of automatic zone signing can now contain an additional two-byte field for the DST algorithm value, when the DNS secalg value isn't enough information.
2025-04-08 13:26:55 -05:00
dns_secalg_format(alg, algbuf, sizeof(algbuf));
snprintf(keybuf, sizeof(keybuf), "key %d/%s", keyid, algbuf);
isc_buffer_putstr(buf, keybuf);
} else if (private->length == 7) {
/* New Form - supports private types */
dns_keytag_t keyid = private->data[2] | (private->data[1] << 8);
char keybuf[DNS_SECALG_FORMATSIZE + BUFSIZ],
algbuf[DNS_SECALG_FORMATSIZE];
bool del = private->data[3];
bool complete = private->data[4];
dst_algorithm_t alg = private->data[6] |
(private->data[5] << 8);
if (dst_algorithm_tosecalg(alg) != private->data[0]) {
return ISC_R_NOTFOUND;
}
if (del && complete) {
isc_buffer_putstr(buf, "Done removing signatures for ");
} else if (del) {
isc_buffer_putstr(buf, "Removing signatures for ");
} else if (complete) {
isc_buffer_putstr(buf, "Done signing with ");
} else {
isc_buffer_putstr(buf, "Signing with ");
}
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
dns_secalg_format(alg, algbuf, sizeof(algbuf));
4748. [cleanup] Sprintf to snprintf coversions. [RT #46132]
2017-10-03 14:54:19 +11:00
snprintf(keybuf, sizeof(keybuf), "key %d/%s", keyid, algbuf);
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_putstr(buf, keybuf);
3410. [bug] Addressed Coverity warnings. [RT #31626] Squashed commit of the following: commit bce2efe66d69d60b746b85df49974ca341723169 Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:59:25 2012 +1100 use 'static dns_rdata_xxxx_t xxxx' commit 704d3c29acbf2dd350a26f2df82a57cb077ba72e Author: Mark Andrews <marka@isc.org> Date: Mon Oct 29 12:35:16 2012 +1100 return ISC_R_NOTFOUND if private record length does not make sense commit 7596610c12c5685336fc0909860173d2fae359af Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:41:17 2012 +1100 check private->length == 5 commit 3836365a3e3e83b057bd940350f032279e080296 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:40:50 2012 +1100 properly set private->length commit a295778ac53109d39ef3a8b233751100edae678b Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:13:30 2012 +1100 check dns_rdata_tostruct result commit e33c37ca9112159e0b2363615bb018d27fa7d1a5 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 21:10:43 2012 +1100 check remove/fopen/chmod return values commit 3a675e0666aae25d1c51f51ec7bd3fbe25545aae Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:59:10 2012 +1100 check isc_socket_accept result commit 696923344f4b07ce0dba4cf2675b1cbb6eba7e8e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:55:40 2012 +1100 change variable scopes commit b9e9d9ad58270271003e463f10744e0ceaf9ad97 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:53:19 2012 +1100 check inet_pton return value commit 70698e9589da77e3745efb6ea24b8830addd6ae4 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:40 2012 +1100 break -> /* NOTREACHED */ commit 88de9de2e8e201ab2fef16a868f241e8206ea826 Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:52:06 2012 +1100 strcpy -> strlcpy commit 6ba79c7cec0e48014cdfa76e8a9406b7a921556e Author: Mark Andrews <marka@isc.org> Date: Sat Oct 27 20:51:26 2012 +1100 check dns_rdata_tostruct return values
2012-10-29 20:04:59 +11:00
} else {
return ISC_R_NOTFOUND;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
3185. [func] New 'rndc signing' option for auto-dnssec zones: - 'rndc signing -list' displays the current state of signing operations - 'rndc signing -clear' clears the signing state records for keys that have fully signed the zone - 'rndc signing -nsec3param' sets the NSEC3 parameters for the zone The 'rndc keydone' syntax is removed. [RT #23729]
2011-10-28 06:20:07 +00:00
isc_buffer_putuint8(buf, 0);
result = ISC_R_SUCCESS;
failure:
return result;
}
Reference in New Issue Copy Permalink