diff --git a/CHANGES b/CHANGES index 70868ce6e1..ecad770db8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +3006. [func] Allow dynamically generated TSIG keys to be preserved + across restarts of named. Initially this is for + TSIG keys generated using GSSAPI. [RT #22639] + 3005. [port] Solaris: Work around the lack of gsskrb5_register_acceptor_identity() by setting the KRB5_KTNAME environment variable to the diff --git a/bin/named/client.c b/bin/named/client.c index 940c535d7a..1a7e343272 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.269 2010/09/24 05:09:02 marka Exp $ */ +/* $Id: client.c,v 1.270 2011/01/10 05:32:03 marka Exp $ */ #include @@ -1777,9 +1777,11 @@ client_request(isc_task_t *task, isc_event_t *event) { } if (result == ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(&client->signername, namebuf, sizeof(namebuf)); ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3), - "request has valid signature"); + "request has valid signature: %s", namebuf); client->signer = &client->signername; } else if (result == ISC_R_NOTFOUND) { ns_client_log(client, DNS_LOGCATEGORY_SECURITY, diff --git a/bin/named/server.c b/bin/named/server.c index 291c884cd1..25e9196f79 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.595 2011/01/07 04:31:38 marka Exp $ */ +/* $Id: server.c,v 1.596 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ @@ -2197,7 +2197,23 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, ns_g_server->sessionkey)); } dns_view_setkeyring(view, ring); - ring = NULL; /* ownership transferred */ + dns_tsigkeyring_detach(&ring); + + /* + * See if we can re-use a dynamic key ring. + */ + result = dns_viewlist_find(&ns_g_server->viewlist, view->name, + view->rdclass, &pview); + if (result != ISC_R_NOTFOUND && result != ISC_R_SUCCESS) + goto cleanup; + if (pview != NULL) { + dns_view_getdynamickeyring(pview, &ring); + if (ring != NULL) + dns_view_setdynamickeyring(view, ring); + dns_tsigkeyring_detach(&ring); + dns_view_detach(&pview); + } else + dns_view_restorekeyring(view); /* * Configure the view's peer list. @@ -2775,7 +2791,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, if (excluded != NULL) dns_acl_detach(&excluded); if (ring != NULL) - dns_tsigkeyring_destroy(&ring); + dns_tsigkeyring_detach(&ring); if (zone != NULL) dns_zone_detach(&zone); if (dispatch4 != NULL) diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c index 5e06b0f64a..6a81f1fa4c 100644 --- a/bin/named/tsigconf.c +++ b/bin/named/tsigconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.c,v 1.33 2009/09/01 00:22:25 jinmei Exp $ */ +/* $Id: tsigconf.c,v 1.34 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ @@ -178,6 +178,6 @@ ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig, return (ISC_R_SUCCESS); failure: - dns_tsigkeyring_destroy(&ring); + dns_tsigkeyring_detach(&ring); return (result); } diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 510d6a2a8f..f949a37186 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.192 2011/01/08 23:47:00 tbox Exp $ */ +/* $Id: nsupdate.c,v 1.193 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ @@ -416,7 +416,7 @@ reset_system(void) { if (tsigkey != NULL) dns_tsigkey_detach(&tsigkey); if (gssring != NULL) - dns_tsigkeyring_destroy(&gssring); + dns_tsigkeyring_detach(&gssring); tried_other_gsstsig = ISC_FALSE; } } @@ -2502,7 +2502,7 @@ start_gssrequest(dns_name_t *master) { usevc = ISC_TRUE; if (gssring != NULL) - dns_tsigkeyring_destroy(&gssring); + dns_tsigkeyring_detach(&gssring); gssring = NULL; result = dns_tsigkeyring_create(mctx, &gssring); @@ -2866,8 +2866,8 @@ cleanup(void) { dns_tsigkey_detach(&tsigkey); } if (gssring != NULL) { - ddebug("Destroying GSS-TSIG keyring"); - dns_tsigkeyring_destroy(&gssring); + ddebug("Detaching GSS-TSIG keyring"); + dns_tsigkeyring_detach(&gssring); } if (kserver != NULL) { isc_mem_put(mctx, kserver, sizeof(isc_sockaddr_t)); diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index b8cf968dd5..2f5c87ff19 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.55 2010/12/23 04:07:58 marka Exp $ + * $Id: dst_api.c,v 1.56 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ @@ -1181,6 +1181,48 @@ dst_key_format(const dst_key_t *key, char *cp, unsigned int size) { snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key)); } +isc_result_t +dst_key_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) { + + REQUIRE(buffer != NULL && *buffer == NULL); + REQUIRE(length != NULL && *length == 0); + REQUIRE(VALID_KEY(key)); + + if (key->func->isprivate == NULL) + return (ISC_R_NOTIMPLEMENTED); + return (key->func->dump(key, mctx, buffer, length)); +} + +isc_result_t +dst_key_restore(dns_name_t *name, unsigned int alg, unsigned int flags, + unsigned int protocol, dns_rdataclass_t rdclass, + isc_mem_t *mctx, const char *keystr, dst_key_t **keyp) +{ + isc_result_t result; + dst_key_t *key; + + REQUIRE(dst_initialized == ISC_TRUE); + REQUIRE(keyp != NULL && *keyp == NULL); + + if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL) + return (DST_R_UNSUPPORTEDALG); + + if (dst_t_func[alg]->restore == NULL) + return (ISC_R_NOTIMPLEMENTED); + + key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx); + if (key == NULL) + return (ISC_R_NOMEMORY); + + result = (dst_t_func[alg]->restore)(key, keystr); + if (result == ISC_R_SUCCESS) + *keyp = key; + else + dst_key_free(&key); + + return (result); +} + /*** *** Static methods ***/ diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h index bdd96f5027..d2d144742b 100644 --- a/lib/dns/dst_internal.h +++ b/lib/dns/dst_internal.h @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_internal.h,v 1.27 2010/12/23 04:07:58 marka Exp $ */ +/* $Id: dst_internal.h,v 1.28 2011/01/10 05:32:03 marka Exp $ */ #ifndef DST_DST_INTERNAL_H #define DST_DST_INTERNAL_H 1 @@ -191,6 +191,9 @@ struct dst_func { isc_result_t (*fromlabel)(dst_key_t *key, const char *engine, const char *label, const char *pin); + isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer, + int *length); + isc_result_t (*restore)(dst_key_t *key, const char *keystr); }; /*% diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c index 5645814562..e7f5ee320e 100644 --- a/lib/dns/gssapi_link.c +++ b/lib/dns/gssapi_link.c @@ -16,13 +16,14 @@ */ /* - * $Id: gssapi_link.c,v 1.14 2009/10/24 23:47:36 tbox Exp $ + * $Id: gssapi_link.c,v 1.15 2011/01/10 05:32:03 marka Exp $ */ #include #ifdef GSSAPI +#include #include #include #include @@ -44,6 +45,12 @@ (gb).value = (r).base; \ } while (0) +#define GBUFFER_TO_REGION(gb, r) \ + do { \ + (r).length = (gb).length; \ + (r).base = (gb).value; \ + } while (0) + struct dst_gssapi_signverifyctx { isc_buffer_t *buffer; @@ -276,6 +283,79 @@ gssapi_destroy(dst_key_t *key) { key->keydata.gssctx = NULL; } +static isc_result_t +gssapi_restore(dst_key_t *key, const char *keystr) { + OM_uint32 major, minor; + size_t len; + isc_buffer_t *b = NULL; + isc_region_t r; + gss_buffer_desc gssbuffer; + isc_result_t result; + + len = strlen(keystr); + if ((len % 4) != 0) + return (ISC_R_BADBASE64); + + len = (len / 4) * 3; + + result = isc_buffer_allocate(key->mctx, &b, len); + if (result != ISC_R_SUCCESS) + return (result); + + result = isc_base64_decodestring(keystr, b); + if (result != ISC_R_SUCCESS) { + isc_buffer_free(&b); + return (result); + } + + isc_buffer_remainingregion(b, &r); + REGION_TO_GBUFFER(r, gssbuffer); + major = gss_import_sec_context(&minor, &gssbuffer, + &key->keydata.gssctx); + if (major != GSS_S_COMPLETE) { + isc_buffer_free(&b); + return (ISC_R_FAILURE); + } + + isc_buffer_free(&b); + return (ISC_R_SUCCESS); +} + +static isc_result_t +gssapi_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) { + OM_uint32 major, minor; + gss_buffer_desc gssbuffer; + size_t len; + char *buf; + isc_buffer_t b; + isc_region_t r; + isc_result_t result; + + major = gss_export_sec_context(&minor, &key->keydata.gssctx, + &gssbuffer); + if (major != GSS_S_COMPLETE) { + fprintf(stderr, "gss_export_sec_context -> %d, %d\n", + major, minor); + return (ISC_R_FAILURE); + } + if (gssbuffer.length == 0) + return (ISC_R_FAILURE); + len = ((gssbuffer.length + 2)/3) * 4; + buf = isc_mem_get(mctx, len); + if (buf == NULL) { + gss_release_buffer(&minor, &gssbuffer); + return (ISC_R_NOMEMORY); + } + isc_buffer_init(&b, buf, len); + GBUFFER_TO_REGION(gssbuffer, r); + result = isc_base64_totext(&r, 0, "", &b); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + gss_release_buffer(&minor, &gssbuffer); + *buffer = buf; + *length = len; + return (ISC_R_SUCCESS); +} + static dst_func_t gssapi_functions = { gssapi_create_signverify_ctx, gssapi_destroy_signverify_ctx, @@ -294,6 +374,8 @@ static dst_func_t gssapi_functions = { NULL, /*%< parse */ NULL, /*%< cleanup */ NULL, /*%< fromlabel */ + gssapi_dump, + gssapi_restore, }; isc_result_t diff --git a/lib/dns/hmac_link.c b/lib/dns/hmac_link.c index fa54b962e1..996ac18cef 100644 --- a/lib/dns/hmac_link.c +++ b/lib/dns/hmac_link.c @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.17 2010/01/07 23:48:54 tbox Exp $ + * $Id: hmac_link.c,v 1.18 2011/01/10 05:32:03 marka Exp $ */ #include @@ -325,6 +325,8 @@ static dst_func_t hmacmd5_functions = { hmacmd5_parse, NULL, /*%< cleanup */ NULL, /*%< fromlabel */ + NULL, /*%< dump */ + NULL, /*%< restore */ }; isc_result_t @@ -599,6 +601,8 @@ static dst_func_t hmacsha1_functions = { hmacsha1_parse, NULL, /* cleanup */ NULL, /* fromlabel */ + NULL, /* dump */ + NULL, /* restore */ }; isc_result_t @@ -875,6 +879,8 @@ static dst_func_t hmacsha224_functions = { hmacsha224_parse, NULL, /* cleanup */ NULL, /* fromlabel */ + NULL, /* dump */ + NULL, /* restore */ }; isc_result_t @@ -1151,6 +1157,8 @@ static dst_func_t hmacsha256_functions = { hmacsha256_parse, NULL, /* cleanup */ NULL, /* fromlabel */ + NULL, /* dump */ + NULL, /* restore */ }; isc_result_t @@ -1427,6 +1435,8 @@ static dst_func_t hmacsha384_functions = { hmacsha384_parse, NULL, /* cleanup */ NULL, /* fromlabel */ + NULL, /* dump */ + NULL, /* restore */ }; isc_result_t @@ -1703,6 +1713,8 @@ static dst_func_t hmacsha512_functions = { hmacsha512_parse, NULL, /* cleanup */ NULL, /* fromlabel */ + NULL, /* dump */ + NULL, /* restore */ }; isc_result_t diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h index c9b4d25195..0d1d03551d 100644 --- a/lib/dns/include/dns/result.h +++ b/lib/dns/include/dns/result.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.120 2010/02/25 05:08:01 tbox Exp $ */ +/* $Id: result.h,v 1.121 2011/01/10 05:32:03 marka Exp $ */ #ifndef DNS_RESULT_H #define DNS_RESULT_H 1 @@ -150,8 +150,9 @@ #define DNS_R_INVALIDNSEC3 (ISC_RESULTCLASS_DNS + 104) #define DNS_R_NOTMASTER (ISC_RESULTCLASS_DNS + 105) #define DNS_R_BROKENCHAIN (ISC_RESULTCLASS_DNS + 106) +#define DNS_R_EXPIRED (ISC_RESULTCLASS_DNS + 107) -#define DNS_R_NRESULTS 107 /*%< Number of results */ +#define DNS_R_NRESULTS 108 /*%< Number of results */ /* * DNS wire format rcodes. diff --git a/lib/dns/include/dns/tsig.h b/lib/dns/include/dns/tsig.h index c5299c5341..1de89dd43e 100644 --- a/lib/dns/include/dns/tsig.h +++ b/lib/dns/include/dns/tsig.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsig.h,v 1.57 2010/12/09 00:54:34 marka Exp $ */ +/* $Id: tsig.h,v 1.58 2011/01/10 05:32:04 marka Exp $ */ #ifndef DNS_TSIG_H #define DNS_TSIG_H 1 @@ -25,6 +25,7 @@ #include #include #include +#include #include #include @@ -69,6 +70,7 @@ struct dns_tsig_keyring { unsigned int generated; unsigned int maxgenerated; ISC_LIST(dns_tsigkey_t) lru; + unsigned int references; }; struct dns_tsigkey { @@ -269,7 +271,14 @@ dns_tsigkeyring_add(dns_tsig_keyring_t *ring, dns_name_t *name, void -dns_tsigkeyring_destroy(dns_tsig_keyring_t **ringp); +dns_tsigkeyring_attach(dns_tsig_keyring_t *source, dns_tsig_keyring_t **target); + +void +dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp); + +isc_result_t +dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp); + /*%< * Destroy a TSIG key ring. * @@ -277,6 +286,9 @@ dns_tsigkeyring_destroy(dns_tsig_keyring_t **ringp); *\li 'ringp' is not NULL */ +void +dns_keyring_restore(dns_tsig_keyring_t *ring, FILE *fp); + ISC_LANG_ENDDECLS #endif /* DNS_TSIG_H */ diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index 894aa0d72c..946858702b 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.h,v 1.129 2010/12/16 09:51:29 jinmei Exp $ */ +/* $Id: view.h,v 1.130 2011/01/10 05:32:04 marka Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -376,6 +376,8 @@ dns_view_sethints(dns_view_t *view, dns_db_t *hints); void dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring); +void +dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring); /*%< * Set the view's static TSIG keys * @@ -391,6 +393,15 @@ dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring); *\li The static TSIG keyring of 'view' is 'ring'. */ +void +dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp); +/*%< + * Return the views dynamic keys. + * + * \li 'view' is a valid, unfrozen view. + * \li 'ringp' != NULL && ringp == NULL. + */ + void dns_view_setdstport(dns_view_t *view, in_port_t dstport); /*%< @@ -1059,4 +1070,7 @@ dns_view_setnewzones(dns_view_t *view, isc_boolean_t allow, void *cfgctx, * \li 'view' is valid. */ +void +dns_view_restorekeyring(dns_view_t *view); + #endif /* DNS_VIEW_H */ diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index 5bda746be2..c2b4eaddb3 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst.h,v 1.29 2010/12/23 04:07:59 marka Exp $ */ +/* $Id: dst.h,v 1.30 2011/01/10 05:32:04 marka Exp $ */ #ifndef DST_DST_H #define DST_DST_H 1 @@ -847,6 +847,31 @@ dst_key_tkeytoken(const dst_key_t *key); */ +isc_result_t +dst_key_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length); +/*%< + * Allocate 'buffer' and dump the key into it in base64 format. The buffer + * is not NUL terminated. The length of the buffer is returned in *length. + * + * 'buffer' needs to be freed using isc_mem_put(mctx, buffer, length); + * + * Requires: + * 'buffer' to be non NULL and *buffer to be NULL. + * 'length' to be non NULL and *length to be zero. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + * ISC_R_NOTIMPLEMENTED + * others. + */ + +isc_result_t +dst_key_restore(dns_name_t *name, unsigned int alg, unsigned int flags, + unsigned int protocol, dns_rdataclass_t rdclass, + isc_mem_t *mctx, const char *keystr, dst_key_t **keyp); + + ISC_LANG_ENDDECLS #endif /* DST_DST_H */ diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c index 5be3c9c67d..8727e58878 100644 --- a/lib/dns/openssldh_link.c +++ b/lib/dns/openssldh_link.c @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.18 2009/10/30 05:08:23 marka Exp $ + * $Id: openssldh_link.c,v 1.19 2011/01/10 05:32:03 marka Exp $ */ #ifdef OPENSSL @@ -640,6 +640,8 @@ static dst_func_t openssldh_functions = { openssldh_parse, openssldh_cleanup, NULL, /*%< fromlabel */ + NULL, /*%< dump */ + NULL, /*%< restore */ }; isc_result_t diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c index feab1a7906..000ac2266f 100644 --- a/lib/dns/openssldsa_link.c +++ b/lib/dns/openssldsa_link.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: openssldsa_link.c,v 1.18 2009/10/30 05:08:23 marka Exp $ */ +/* $Id: openssldsa_link.c,v 1.19 2011/01/10 05:32:03 marka Exp $ */ #ifdef OPENSSL #ifndef USE_EVP @@ -618,6 +618,8 @@ static dst_func_t openssldsa_functions = { openssldsa_parse, NULL, /*%< cleanup */ NULL, /*%< fromlabel */ + NULL, /*%< dump */ + NULL, /*%< restore */ }; isc_result_t diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 08bf8b39b8..38f6ad1864 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: opensslrsa_link.c,v 1.37 2009/10/30 05:08:23 marka Exp $ + * $Id: opensslrsa_link.c,v 1.38 2011/01/10 05:32:03 marka Exp $ */ #ifdef OPENSSL #include @@ -1386,6 +1386,8 @@ static dst_func_t opensslrsa_functions = { opensslrsa_parse, NULL, /*%< cleanup */ opensslrsa_fromlabel, + NULL, /*%< dump */ + NULL, /*%< restore */ }; isc_result_t diff --git a/lib/dns/result.c b/lib/dns/result.c index 02705dc9dc..a1c78d96b7 100644 --- a/lib/dns/result.c +++ b/lib/dns/result.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.c,v 1.130 2010/02/25 05:08:01 tbox Exp $ */ +/* $Id: result.c,v 1.131 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ @@ -160,6 +160,7 @@ static const char *text[DNS_R_NRESULTS] = { "not master", /*%< 105 DNS_R_NOTMASTER */ "broken trust chain", /*%< 106 DNS_R_BROKENCHAIN */ + "expired", /*%< 106 DNS_R_EXPIRED */ }; static const char *rcode_text[DNS_R_NRCODERESULTS] = { diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 59af8bec85..97117cb13e 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: spnego.c,v 1.14 2010/12/20 23:47:21 tbox Exp $ */ +/* $Id: spnego.c,v 1.15 2011/01/10 05:32:03 marka Exp $ */ /*! \file * \brief @@ -412,7 +412,7 @@ code_NegTokenArg(OM_uint32 * minor_status, { OM_uint32 ret; u_char *buf; - size_t buf_size, buf_len; + size_t buf_size, buf_len = 0; buf_size = 1024; buf = malloc(buf_size); diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index c9e0fe7094..722e160d98 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.144 2010/12/24 02:20:47 each Exp $ + * $Id: tsig.c,v 1.145 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ #include @@ -528,6 +528,184 @@ cleanup_ring(dns_tsig_keyring_t *ring) } } +static void +destroyring(dns_tsig_keyring_t *ring) { + dns_rbt_destroy(&ring->keys); + isc_rwlock_destroy(&ring->lock); + isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsig_keyring_t)); +} + +static unsigned int +dst_alg_fromname(dns_name_t *algorithm) { + if (dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME)) { + return (DST_ALG_HMACMD5); + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) { + return (DST_ALG_HMACSHA1); + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA224_NAME)) { + return (DST_ALG_HMACSHA224); + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA256_NAME)) { + return (DST_ALG_HMACSHA256); + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA384_NAME)) { + return (DST_ALG_HMACSHA384); + } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA512_NAME)) { + return (DST_ALG_HMACSHA512); + } else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPI_NAME)) { + return (DST_ALG_GSSAPI); + } else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPIMS_NAME)) { + return (DST_ALG_GSSAPI); + } else + return (0); +} + +static isc_result_t +restore_key(dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) { + dst_key_t *dstkey = NULL; + char namestr[1024]; + char creatorstr[1024]; + char algorithmstr[1024]; + char keystr[4096]; + unsigned int inception, expire; + int n; + isc_buffer_t b; + dns_name_t *name, *creator, *algorithm; + dns_fixedname_t fname, fcreator, falgorithm; + isc_result_t result; + unsigned int dstalg; + + n = fscanf(fp, "%1023s %1023s %u %u %1023s %4095s\n", namestr, + creatorstr, &inception, &expire, algorithmstr, keystr); + if (n == EOF) + return (ISC_R_NOMORE); + if (n != 6) + return (ISC_R_FAILURE); + + if (isc_serial_lt(expire, now)) + return (DNS_R_EXPIRED); + + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + isc_buffer_init(&b, namestr, strlen(namestr)); + isc_buffer_add(&b, strlen(namestr)); + result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + dns_fixedname_init(&fcreator); + creator = dns_fixedname_name(&fcreator); + isc_buffer_init(&b, creatorstr, strlen(creatorstr)); + isc_buffer_add(&b, strlen(creatorstr)); + result = dns_name_fromtext(creator, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + dns_fixedname_init(&falgorithm); + algorithm = dns_fixedname_name(&falgorithm); + isc_buffer_init(&b, algorithmstr, strlen(algorithmstr)); + isc_buffer_add(&b, strlen(algorithmstr)); + result = dns_name_fromtext(algorithm, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + dstalg = dst_alg_fromname(algorithm); + if (dstalg == 0) + return (DNS_R_BADALG); + + result = dst_key_restore(name, dstalg, DNS_KEYOWNER_ENTITY, + DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, + ring->mctx, keystr, &dstkey); + if (result != ISC_R_SUCCESS) + return (result); + + result = dns_tsigkey_createfromkey(name, algorithm, &dstkey, + ISC_TRUE, creator, inception, + expire, ring->mctx, ring, NULL); + if (result != ISC_R_SUCCESS && dstkey != NULL) + dst_key_free(&dstkey); + return (result); +} + +static void +dump_key(dns_tsigkey_t *tkey, FILE *fp) +{ + char *buffer = NULL; + int length = 0; + char namestr[DNS_NAME_FORMATSIZE]; + char creatorstr[DNS_NAME_FORMATSIZE]; + char algorithmstr[DNS_NAME_FORMATSIZE]; + isc_result_t result; + + dns_name_format(&tkey->name, namestr, sizeof(namestr)); + dns_name_format(tkey->creator, creatorstr, sizeof(creatorstr)); + dns_name_format(tkey->algorithm, algorithmstr, sizeof(algorithmstr)); + result = dst_key_dump(tkey->key, tkey->mctx, &buffer, &length); + if (result == ISC_R_SUCCESS) + fprintf(fp, "%s %s %u %u %s %.*s\n", namestr, creatorstr, + tkey->inception, tkey->expire, algorithmstr, + length, buffer); + if (buffer != NULL) + isc_mem_put(tkey->mctx, buffer, length); +} + +isc_result_t +dns_tsigkeyring_dumpanddetach(dns_tsig_keyring_t **ringp, FILE *fp) { + isc_result_t result; + dns_rbtnodechain_t chain; + dns_name_t foundname; + dns_fixedname_t fixedorigin; + dns_name_t *origin; + isc_stdtime_t now; + dns_rbtnode_t *node; + dns_tsigkey_t *tkey; + dns_tsig_keyring_t *ring; + unsigned int references; + + REQUIRE(ringp != NULL && *ringp != NULL); + + ring = *ringp; + *ringp = NULL; + + RWLOCK(&ring->lock, isc_rwlocktype_write); + INSIST(ring->references > 0); + ring->references--; + references = ring->references; + RWUNLOCK(&ring->lock, isc_rwlocktype_write); + + if (references != 0) + return (DNS_R_CONTINUE); + + isc_stdtime_get(&now); + dns_name_init(&foundname, NULL); + dns_fixedname_init(&fixedorigin); + origin = dns_fixedname_name(&fixedorigin); + dns_rbtnodechain_init(&chain, ring->mctx); + result = dns_rbtnodechain_first(&chain, ring->keys, &foundname, + origin); + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + goto destroy; + } + + for (;;) { + node = NULL; + dns_rbtnodechain_current(&chain, &foundname, origin, &node); + tkey = node->data; + if (tkey != NULL && tkey->generated && tkey->expire >= now) + dump_key(tkey, fp); + result = dns_rbtnodechain_next(&chain, &foundname, + origin); + if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) { + dns_rbtnodechain_invalidate(&chain); + if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + goto destroy; + } + } + + destroy: + destroyring(ring); + return (result); +} + isc_result_t dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm, unsigned char *secret, int length, isc_boolean_t generated, @@ -1605,6 +1783,7 @@ dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ringp) { ring->maxgenerated = DNS_TSIG_MAXGENERATEDKEYS; ISC_LIST_INIT(ring->lru); isc_mem_attach(mctx, &ring->mctx); + ring->references = 1; *ringp = ring; return (ISC_R_SUCCESS); @@ -1624,8 +1803,23 @@ dns_tsigkeyring_add(dns_tsig_keyring_t *ring, dns_name_t *name, } void -dns_tsigkeyring_destroy(dns_tsig_keyring_t **ringp) { +dns_tsigkeyring_attach(dns_tsig_keyring_t *source, dns_tsig_keyring_t **target) +{ + REQUIRE(source != NULL); + REQUIRE(target != NULL && *target == NULL); + + RWLOCK(&source->lock, isc_rwlocktype_write); + INSIST(source->references > 0); + source->references++; + INSIST(source->references > 0); + *target = source; + RWUNLOCK(&source->lock, isc_rwlocktype_write); +} + +void +dns_tsigkeyring_detach(dns_tsig_keyring_t **ringp) { dns_tsig_keyring_t *ring; + unsigned int references; REQUIRE(ringp != NULL); REQUIRE(*ringp != NULL); @@ -1633,7 +1827,27 @@ dns_tsigkeyring_destroy(dns_tsig_keyring_t **ringp) { ring = *ringp; *ringp = NULL; - dns_rbt_destroy(&ring->keys); - isc_rwlock_destroy(&ring->lock); - isc_mem_putanddetach(&ring->mctx, ring, sizeof(dns_tsig_keyring_t)); + RWLOCK(&ring->lock, isc_rwlocktype_write); + INSIST(ring->references > 0); + ring->references--; + references = ring->references; + RWUNLOCK(&ring->lock, isc_rwlocktype_write); + + if (references == 0) + destroyring(ring); +} + +void +dns_keyring_restore(dns_tsig_keyring_t *ring, FILE *fp) { + isc_stdtime_t now; + isc_result_t result; + + isc_stdtime_get(&now); + do { + result = restore_key(ring, now, fp); + if (result == ISC_R_NOMORE) + return; + if (result == DNS_R_BADALG || result == DNS_R_EXPIRED) + result = ISC_R_SUCCESS; + } while (result == ISC_R_SUCCESS); } diff --git a/lib/dns/view.c b/lib/dns/view.c index 9c0d8f8c71..132b8745bc 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -15,13 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.174 2010/12/18 11:47:13 marka Exp $ */ +/* $Id: view.c,v 1.175 2011/01/10 05:32:03 marka Exp $ */ /*! \file */ #include +#include #include +#include #include #include #include /* Required for HP/UX (and others?) */ @@ -234,7 +236,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, cleanup_dynkeys: #endif - dns_tsigkeyring_destroy(&view->dynamickeys); + dns_tsigkeyring_detach(&view->dynamickeys); cleanup_references: isc_refcount_destroy(&view->references); @@ -278,10 +280,41 @@ destroy(dns_view_t *view) { #endif if (view->peers != NULL) dns_peerlist_detach(&view->peers); - if (view->dynamickeys != NULL) - dns_tsigkeyring_destroy(&view->dynamickeys); + + if (view->dynamickeys != NULL) { + isc_result_t result; + char template[20]; + char keyfile[20]; + FILE *fp = NULL; + int n; + + n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys", + view->name); + if (n > 0 && (size_t)n < sizeof(keyfile)) { + result = isc_file_mktemplate(keyfile, template, + sizeof(template)); + if (result == ISC_R_SUCCESS) + (void)isc_file_openuniqueprivate(template, &fp); + } + if (fp == NULL) + dns_tsigkeyring_detach(&view->dynamickeys); + else { + result = dns_tsigkeyring_dumpanddetach( + &view->dynamickeys, fp); + if (result == ISC_R_SUCCESS) { + if (fclose(fp) == 0) + result = isc_file_rename(template, + keyfile); + if (result != ISC_R_SUCCESS) + (void)remove(template); + } else { + (void)fclose(fp); + (void)remove(template); + } + } + } if (view->statickeys != NULL) - dns_tsigkeyring_destroy(&view->statickeys); + dns_tsigkeyring_detach(&view->statickeys); if (view->adb != NULL) dns_adb_detach(&view->adb); if (view->resolver != NULL) @@ -725,8 +758,46 @@ dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) { REQUIRE(DNS_VIEW_VALID(view)); REQUIRE(ring != NULL); if (view->statickeys != NULL) - dns_tsigkeyring_destroy(&view->statickeys); - view->statickeys = ring; + dns_tsigkeyring_detach(&view->statickeys); + dns_tsigkeyring_attach(ring, &view->statickeys); +} + +void +dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(ring != NULL); + if (view->dynamickeys != NULL) + dns_tsigkeyring_detach(&view->dynamickeys); + dns_tsigkeyring_attach(ring, &view->dynamickeys); +} + +void +dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) { + REQUIRE(DNS_VIEW_VALID(view)); + REQUIRE(ringp != NULL && *ringp == NULL); + if (view->dynamickeys != NULL) + dns_tsigkeyring_attach(view->dynamickeys, ringp); +} + +void +dns_view_restorekeyring(dns_view_t *view) { + FILE *fp; + char keyfile[20]; + int n; + + REQUIRE(DNS_VIEW_VALID(view)); + + if (view->dynamickeys != NULL) { + n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys", + view->name); + if (n > 0 && (size_t)n < sizeof(keyfile)) { + fp = fopen(keyfile, "r"); + if (fp != NULL) { + dns_keyring_restore(view->dynamickeys, fp); + (void)fclose(fp); + } + } + } } void diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def index 9f92c288d6..4c97e06028 100644 --- a/lib/dns/win32/libdns.def +++ b/lib/dns/win32/libdns.def @@ -21,16 +21,16 @@ dns_acl_any dns_acl_attach dns_acl_create dns_acl_detach +dns_aclelement_match +dns_aclenv_copy +dns_aclenv_destroy +dns_aclenv_init dns_acl_isany dns_acl_isinsecure dns_acl_isnone dns_acl_match dns_acl_merge dns_acl_none -dns_aclelement_match -dns_aclenv_copy -dns_aclenv_destroy -dns_aclenv_init dns_adb_adjustsrtt dns_adb_attach dns_adb_cancelfind @@ -114,6 +114,16 @@ dns_db_ispersistent dns_db_issecure dns_db_isstub dns_db_iszone +dns_dbiterator_current +dns_dbiterator_destroy +dns_dbiterator_first +dns_dbiterator_last +dns_dbiterator_next +dns_dbiterator_origin +dns_dbiterator_pause +dns_dbiterator_prev +dns_dbiterator_seek +dns_dbiterator_setcleanmode dns_db_load dns_db_load2 dns_db_load3 @@ -125,17 +135,6 @@ dns_db_overmem dns_db_printnode dns_db_register dns_db_subtractrdataset -dns_db_unregister -dns_dbiterator_current -dns_dbiterator_destroy -dns_dbiterator_first -dns_dbiterator_last -dns_dbiterator_next -dns_dbiterator_origin -dns_dbiterator_pause -dns_dbiterator_prev -dns_dbiterator_seek -dns_dbiterator_setcleanmode dns_dbtable_add dns_dbtable_adddefault dns_dbtable_attach @@ -145,6 +144,7 @@ dns_dbtable_find dns_dbtable_getdefault dns_dbtable_remove dns_dbtable_removedefault +dns_db_unregister dns_decompress_edns dns_decompress_getmethods dns_decompress_init @@ -173,8 +173,6 @@ dns_dispatch_getlocaladdress dns_dispatch_getsocket dns_dispatch_getudp dns_dispatch_importrecv -dns_dispatch_removeresponse -dns_dispatch_starttcp dns_dispatchmgr_create dns_dispatchmgr_destroy dns_dispatchmgr_getblackhole @@ -182,6 +180,8 @@ dns_dispatchmgr_setavailports dns_dispatchmgr_setblackhole dns_dispatchmgr_setblackportlist dns_dispatchmgr_setstats +dns_dispatch_removeresponse +dns_dispatch_starttcp dns_dlzallowzonexfr dns_dlzcreate dns_dlzdestroy @@ -199,6 +199,8 @@ dns_dns64_unlink dns_dnssec_findmatchingkeys dns_dnssec_findzonekeys dns_dnssec_findzonekeys2 +dns_dnsseckey_create +dns_dnsseckey_destroy dns_dnssec_keyfromrdata dns_dnssec_keylistfromrdataset dns_dnssec_selfsigns @@ -208,8 +210,6 @@ dns_dnssec_updatekeys dns_dnssec_verify dns_dnssec_verify2 dns_dnssec_verifymessage -dns_dnsseckey_create -dns_dnsseckey_destroy dns_ds_buildrdata dns_ds_digest_supported dns_dumpctx_detach @@ -238,8 +238,8 @@ dns_journal_open dns_journal_print dns_journal_rollforward dns_journal_rollforward2 -dns_journal_write_transaction dns_journal_writediff +dns_journal_write_transaction dns_keydata_fromdnskey dns_keydata_todnskey dns_keyflags_fromtext @@ -400,19 +400,19 @@ dns_nsec3_delnsec3sx dns_nsec3_hashlength dns_nsec3_hashname dns_nsec3_maxiterations -dns_nsec3_supportedhash -dns_nsec3_typepresent dns_nsec3param_deletechains dns_nsec3param_fromprivate dns_nsec3param_toprivate +dns_nsec3_supportedhash +dns_nsec3_typepresent dns_nsec_build dns_nsec_buildrdata dns_nsec_nseconly dns_nsec_typepresent -dns_opcode_totext dns_opcodestats_create dns_opcodestats_dump dns_opcodestats_increment +dns_opcode_totext dns_order_add dns_order_attach dns_order_create @@ -428,6 +428,12 @@ dns_peer_getrequestixfr dns_peer_getsupportedns dns_peer_gettransferformat dns_peer_gettransfers +dns_peerlist_addpeer +dns_peerlist_attach +dns_peerlist_currpeer +dns_peerlist_detach +dns_peerlist_new +dns_peerlist_peerbyaddr dns_peer_new dns_peer_newprefix dns_peer_setbogus @@ -444,12 +450,6 @@ dns_peer_settransferformat dns_peer_settransfers dns_peer_settransfersource dns_peer_setudpsize -dns_peerlist_addpeer -dns_peerlist_attach -dns_peerlist_currpeer -dns_peerlist_detach -dns_peerlist_new -dns_peerlist_peerbyaddr dns_portlist_add dns_portlist_create dns_portlist_detach @@ -465,8 +465,6 @@ dns_rbt_findnode dns_rbt_formatnodename dns_rbt_fullnamefromnode dns_rbt_namefromnode -dns_rbt_nodecount -dns_rbt_printall dns_rbtnodechain_current dns_rbtnodechain_first dns_rbtnodechain_init @@ -475,11 +473,19 @@ dns_rbtnodechain_last dns_rbtnodechain_next dns_rbtnodechain_prev dns_rbtnodechain_reset +dns_rbt_nodecount +dns_rbt_printall dns_rcode_fromtext dns_rcode_totext dns_rdata_additionaldata +dns_rdatacallbacks_init +dns_rdatacallbacks_init_stdio dns_rdata_casecompare dns_rdata_checkowner +dns_rdataclass_format +dns_rdataclass_fromtext +dns_rdataclass_ismeta +dns_rdataclass_totext dns_rdata_clone dns_rdata_compare dns_rdata_covers @@ -490,20 +496,9 @@ dns_rdata_fromstruct dns_rdata_fromtext dns_rdata_fromwire dns_rdata_init -dns_rdata_reset -dns_rdata_tofmttext -dns_rdata_toregion -dns_rdata_tostruct -dns_rdata_totext -dns_rdata_towire -dns_rdatacallbacks_init -dns_rdatacallbacks_init_stdio -dns_rdataclass_format -dns_rdataclass_fromtext -dns_rdataclass_ismeta -dns_rdataclass_totext dns_rdatalist_init dns_rdatalist_tordataset +dns_rdata_reset dns_rdataset_additionaldata dns_rdataset_clone dns_rdataset_count @@ -517,24 +512,29 @@ dns_rdataset_getnoqname dns_rdataset_init dns_rdataset_invalidate dns_rdataset_isassociated +dns_rdatasetiter_current +dns_rdatasetiter_destroy +dns_rdatasetiter_first +dns_rdatasetiter_next dns_rdataset_makequestion dns_rdataset_next dns_rdataset_putadditional dns_rdataset_setadditional dns_rdataset_settrust +dns_rdatasetstats_dump dns_rdataset_totext dns_rdataset_towire dns_rdataset_towiresorted -dns_rdatasetiter_current -dns_rdatasetiter_destroy -dns_rdatasetiter_first -dns_rdatasetiter_next -dns_rdatasetstats_dump dns_rdataslab_equal dns_rdataslab_fromrdataset dns_rdataslab_merge dns_rdataslab_size dns_rdataslab_subtract +dns_rdata_tofmttext +dns_rdata_toregion +dns_rdata_tostruct +dns_rdata_totext +dns_rdata_towire dns_rdatatype_atparent dns_rdatatype_attributes dns_rdatatype_format @@ -546,10 +546,10 @@ dns_rdatatype_issingleton dns_rdatatype_iszonecutauth dns_rdatatype_notquestion dns_rdatatype_questiononly -dns_rdatatype_totext dns_rdatatypestats_create dns_rdatatypestats_dump dns_rdatatypestats_increment +dns_rdatatype_totext dns_request_cancel dns_request_create dns_request_createraw @@ -557,12 +557,12 @@ dns_request_createvia dns_request_createvia3 dns_request_destroy dns_request_getresponse -dns_request_usedtcp dns_requestmgr_attach dns_requestmgr_create dns_requestmgr_detach dns_requestmgr_shutdown dns_requestmgr_whenshutdown +dns_request_usedtcp dns_resolver_addalternate dns_resolver_addbadcache dns_resolver_algorithm_supported @@ -652,25 +652,27 @@ dns_timer_setidle dns_tkey_builddeletequery dns_tkey_builddhquery dns_tkey_buildgssquery +dns_tkeyctx_create +dns_tkeyctx_destroy dns_tkey_processdeleteresponse dns_tkey_processdhresponse dns_tkey_processgssresponse dns_tkey_processquery -dns_tkeyctx_create -dns_tkeyctx_destroy -dns_tsig_sign -dns_tsig_verify dns_tsigkey_attach dns_tsigkey_create dns_tsigkey_createfromkey dns_tsigkey_detach dns_tsigkey_find -dns_tsigkey_setdeleted dns_tsigkeyring_add +dns_tsigkeyring_attach dns_tsigkeyring_create -dns_tsigkeyring_destroy +dns_tsigkeyring_detach +dns_tsigkeyring_dumpanddetach +dns_tsigkey_setdeleted dns_tsigrcode_fromtext dns_tsigrcode_totext +dns_tsig_sign +dns_tsig_verify dns_ttl_fromtext dns_ttl_totext dns_validator_cancel @@ -704,6 +706,8 @@ dns_view_gettsig dns_view_initsecroots dns_view_iscacheshared dns_view_issecuredomain +dns_viewlist_find +dns_viewlist_findzone dns_view_load dns_view_loadnew dns_view_setcache @@ -719,8 +723,6 @@ dns_view_simplefind dns_view_thaw dns_view_weakattach dns_view_weakdetach -dns_viewlist_find -dns_viewlist_findzone dns_xfrin_attach dns_xfrin_create dns_xfrin_detach @@ -788,12 +790,30 @@ dns_zone_getzeronosoattl dns_zone_iattach dns_zone_idetach dns_zone_isforced +dns_zonekey_iszonekey dns_zone_load dns_zone_loadandthaw dns_zone_loadnew dns_zone_log dns_zone_maintenance dns_zone_markdirty +dns_zonemgr_attach +dns_zonemgr_create +dns_zonemgr_detach +dns_zonemgr_forcemaint +dns_zonemgr_getcount +dns_zonemgr_getiolimit +dns_zonemgr_getserialqueryrate +dns_zonemgr_getttransfersin +dns_zonemgr_getttransfersperns +dns_zonemgr_managezone +dns_zonemgr_releasezone +dns_zonemgr_resumexfrs +dns_zonemgr_setiolimit +dns_zonemgr_setserialqueryrate +dns_zonemgr_settransfersin +dns_zonemgr_settransfersperns +dns_zonemgr_shutdown dns_zone_name dns_zone_next dns_zone_notify @@ -862,24 +882,6 @@ dns_zone_setxfrsource6 dns_zone_setzeronosoattl dns_zone_signwithkey dns_zone_unload -dns_zonekey_iszonekey -dns_zonemgr_attach -dns_zonemgr_create -dns_zonemgr_detach -dns_zonemgr_forcemaint -dns_zonemgr_getcount -dns_zonemgr_getiolimit -dns_zonemgr_getserialqueryrate -dns_zonemgr_getttransfersin -dns_zonemgr_getttransfersperns -dns_zonemgr_managezone -dns_zonemgr_releasezone -dns_zonemgr_resumexfrs -dns_zonemgr_setiolimit -dns_zonemgr_setserialqueryrate -dns_zonemgr_settransfersin -dns_zonemgr_settransfersperns -dns_zonemgr_shutdown dns_zt_apply dns_zt_attach dns_zt_create @@ -904,6 +906,7 @@ dst_key_buildfilename dst_key_class dst_key_compare dst_key_computesecret +dst_key_dump dst_key_flags dst_key_format dst_key_free @@ -925,6 +928,7 @@ dst_key_name dst_key_paramcompare dst_key_proto dst_key_pubcompare +dst_key_restory dst_key_secretsize dst_key_setbits dst_key_setflags diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h index 68ae8ca86d..4f5b1db91f 100644 --- a/lib/isc/include/isc/file.h +++ b/lib/isc/include/isc/file.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: file.h,v 1.37 2009/08/28 03:13:08 each Exp $ */ +/* $Id: file.h,v 1.38 2011/01/10 05:32:04 marka Exp $ */ #ifndef ISC_FILE_H #define ISC_FILE_H 1 @@ -100,6 +100,10 @@ isc_file_mktemplate(const char *path, char *buf, size_t buflen); isc_result_t isc_file_openunique(char *templet, FILE **fp); +isc_result_t +isc_file_openuniqueprivate(char *templet, FILE **fp); +isc_result_t +isc_file_openuniquemode(char *templet, int mode, FILE **fp); /*!< * \brief Create and open a file with a unique name based on 'templet'. * diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c index 4b1c58c7b9..4e3d7cd2c1 100644 --- a/lib/isc/unix/file.c +++ b/lib/isc/unix/file.c @@ -48,7 +48,7 @@ * SUCH DAMAGE. */ -/* $Id: file.c,v 1.55 2009/08/28 03:13:08 each Exp $ */ +/* $Id: file.c,v 1.56 2011/01/10 05:32:04 marka Exp $ */ /*! \file */ @@ -243,16 +243,26 @@ isc_file_renameunique(const char *file, char *templet) { return (ISC_R_SUCCESS); } - isc_result_t isc_file_openunique(char *templet, FILE **fp) { + int mode = S_IWUSR|S_IRUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH; + return (isc_file_openuniquemode(templet, mode, fp)); +} + +isc_result_t +isc_file_openuniqueprivate(char *templet, FILE **fp) { + int mode = S_IWUSR|S_IRUSR; + return (isc_file_openuniquemode(templet, mode, fp)); +} + +isc_result_t +isc_file_openuniquemode(char *templet, int mode, FILE **fp) { int fd; FILE *f; isc_result_t result = ISC_R_SUCCESS; char *x; char *cp; isc_uint32_t which; - int mode; REQUIRE(templet != NULL); REQUIRE(fp != NULL && *fp == NULL); @@ -270,7 +280,6 @@ isc_file_openunique(char *templet, FILE **fp) { x = cp--; } - mode = S_IWUSR|S_IRUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH; while ((fd = open(templet, O_RDWR|O_CREAT|O_EXCL, mode)) == -1) { if (errno != EEXIST) diff --git a/lib/isc/win32/file.c b/lib/isc/win32/file.c index fabd5b6e10..22f749a8b5 100644 --- a/lib/isc/win32/file.c +++ b/lib/isc/win32/file.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: file.c,v 1.35 2009/09/02 17:58:06 each Exp $ */ +/* $Id: file.c,v 1.36 2011/01/10 05:32:04 marka Exp $ */ #include @@ -316,8 +316,20 @@ isc_file_renameunique(const char *file, char *templet) { return (result); } +isc_result_t +isc_file_openuniqueprivate(char *templet, FILE **fp) { + int mode = _S_IREAD | _S_IWRITE; + return (isc_file_openuniquemode(templet, mode, fp)); +} + isc_result_t isc_file_openunique(char *templet, FILE **fp) { + int mode = _S_IREAD | _S_IWRITE; + return (isc_file_openuniquemode(templet, mode, fp)); +} + +isc_result_t +isc_file_openuniquemode(char *templet, unsigned int mode, FILE **fp) { int fd; FILE *f; isc_result_t result = ISC_R_SUCCESS; @@ -333,6 +345,11 @@ isc_file_openunique(char *templet, FILE **fp) { if (fd == -1) result = isc__errno2result(errno); if (result == ISC_R_SUCCESS) { +#if 1 + UNUSED(mode) +#else + (void)fchmod(fd, mode); +#endif f = fdopen(fd, "w+"); if (f == NULL) { result = isc__errno2result(errno); diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def index 1316ffe104..a08d941f8c 100644 --- a/lib/isc/win32/libisc.def +++ b/lib/isc/win32/libisc.def @@ -3,18 +3,7 @@ LIBRARY libisc ; Exported Functions EXPORTS -NTReportError closelog -isc___mem_allocate -isc___mem_free -isc___mem_get -isc___mem_put -isc___mem_putanddetach -isc___mem_reallocate -isc___mem_strdup -isc___mempool_get -isc___mempool_put -isc___socketmgr_maxudp isc__app_block isc__app_finish isc__app_onrun @@ -23,18 +12,47 @@ isc__app_run isc__app_shutdown isc__app_start isc__app_unblock +isc_assertion_failed +isc_assertion_setcallback +isc_assertion_typetotext +isc_backtrace_getsymbol +isc_backtrace_getsymbolfromindex +isc_backtrace_gettrace isc__backtrace_nsymbols isc__backtrace_symtable +isc_base32_decoderegion +isc_base32_decodestring +isc_base32hex_decoderegion +isc_base32hex_decodestring +isc_base32hex_tobuffer +isc_base32hex_totext +isc_base32_tobuffer +isc_base32_totext +isc_base64_decodestring +isc_base64_tobuffer +isc_base64_totext +isc_bitstring_copy +isc_bitstring_init +isc_bitstring_invalidate isc__buffer_activeregion isc__buffer_add +isc_buffer_allocate isc__buffer_availableregion isc__buffer_back isc__buffer_clear +isc_buffer_compact isc__buffer_consumedregion +isc_buffer_copyregion isc__buffer_first isc__buffer_forward +isc_buffer_free +isc_buffer_getuint16 +isc_buffer_getuint32 +isc_buffer_getuint8 isc__buffer_init isc__buffer_invalidate +isc_bufferlist_availablecount +isc_bufferlist_usedcount isc__buffer_putmem isc__buffer_putstr isc__buffer_putuint16 @@ -42,138 +60,11 @@ isc__buffer_putuint32 isc__buffer_putuint48 isc__buffer_putuint8 isc__buffer_region +isc_buffer_reinit isc__buffer_remainingregion isc__buffer_setactive isc__buffer_subtract isc__buffer_usedregion -isc__mem_attach -isc__mem_checkdestroyed -isc__mem_create -isc__mem_create2 -isc__mem_createx -isc__mem_createx2 -isc__mem_destroy -isc__mem_detach -isc__mem_getname -isc__mem_getquota -isc__mem_gettag -isc__mem_inuse -isc__mem_isovermem -isc__mem_ondestroy -isc__mem_references -isc__mem_setdestroycheck -isc__mem_setname -isc__mem_setquota -isc__mem_setwater -isc__mem_stats -isc__mem_waterack -isc__mempool_associatelock -isc__mempool_create -isc__mempool_destroy -isc__mempool_getallocated -isc__mempool_getfillcount -isc__mempool_getfreecount -isc__mempool_getfreemax -isc__mempool_getmaxalloc -isc__mempool_setfillcount -isc__mempool_setfreemax -isc__mempool_setmaxalloc -isc__mempool_setname -isc__socket_accept -isc__socket_attach -isc__socket_bind -isc__socket_cancel -isc__socket_cleanunix -isc__socket_close -isc__socket_connect -isc__socket_create -isc__socket_detach -isc__socket_filter -isc__socket_getname -isc__socket_getpeername -isc__socket_getsockname -isc__socket_gettag -isc__socket_gettype -isc__socket_ipv6only -isc__socket_isbound -isc__socket_listen -isc__socket_open -isc__socket_permunix -isc__socket_recv -isc__socket_recv2 -isc__socket_recvv -isc__socket_send -isc__socket_sendto -isc__socket_sendto2 -isc__socket_sendtov -isc__socket_sendv -isc__socket_setname -isc__socketmgr_create -isc__socketmgr_create2 -isc__socketmgr_destroy -isc__socketmgr_getmaxsockets -isc__socketmgr_setreserved -isc__socketmgr_setstats -isc__strerror -isc__task_attach -isc__task_beginexclusive -isc__task_create -isc__task_destroy -isc__task_detach -isc__task_endexclusive -isc__task_getcurrenttime -isc__task_getname -isc__task_gettag -isc__task_onshutdown -isc__task_purge -isc__task_purgeevent -isc__task_purgerange -isc__task_send -isc__task_sendanddetach -isc__task_setname -isc__task_shutdown -isc__task_unsend -isc__task_unsendrange -isc__taskmgr_create -isc__taskmgr_destroy -isc__timer_attach -isc__timer_create -isc__timer_detach -isc__timer_reset -isc__timer_touch -isc__timermgr_create -isc__timermgr_destroy -isc__timermgr_poke -isc_assertion_failed -isc_assertion_setcallback -isc_assertion_typetotext -isc_backtrace_getsymbol -isc_backtrace_getsymbolfromindex -isc_backtrace_gettrace -isc_base32_decoderegion -isc_base32_decodestring -isc_base32_tobuffer -isc_base32_totext -isc_base32hex_decoderegion -isc_base32hex_decodestring -isc_base32hex_tobuffer -isc_base32hex_totext -isc_base64_decodestring -isc_base64_tobuffer -isc_base64_totext -isc_bitstring_copy -isc_bitstring_init -isc_bitstring_invalidate -isc_buffer_allocate -isc_buffer_compact -isc_buffer_copyregion -isc_buffer_free -isc_buffer_getuint16 -isc_buffer_getuint32 -isc_buffer_getuint8 -isc_buffer_reinit -isc_bufferlist_availablecount -isc_bufferlist_usedcount isc_commandline_parse isc_condition_broadcast isc_condition_destroy @@ -219,6 +110,8 @@ isc_file_ischdiridempotent isc_file_iscurrentdir isc_file_mktemplate isc_file_openunique +isc_file_openuniquemode +isc_file_openuniqueprivate isc_file_progname isc_file_remove isc_file_rename @@ -323,6 +216,10 @@ isc_lfsr_skip isc_lib_initmsgcat isc_log_categorybyname isc_log_closefilelogs +isc_logconfig_create +isc_logconfig_destroy +isc_logconfig_get +isc_logconfig_use isc_log_create isc_log_createchannel isc_log_destroy @@ -347,31 +244,58 @@ isc_log_vwrite1 isc_log_wouldlog isc_log_write isc_log_write1 -isc_logconfig_create -isc_logconfig_destroy -isc_logconfig_get -isc_logconfig_use isc_md5_final isc_md5_init isc_md5_invalidate isc_md5_update +isc___mem_allocate +isc__mem_attach +isc__mem_checkdestroyed +isc__mem_create +isc__mem_create2 +isc__mem_createx +isc__mem_createx2 +isc__mem_destroy +isc__mem_detach +isc___mem_free +isc___mem_get +isc__mem_getname +isc__mem_getquota +isc__mem_gettag +isc__mem_inuse +isc__mem_isovermem +isc__mem_ondestroy +isc__mempool_associatelock +isc__mempool_create +isc__mempool_destroy +isc___mempool_get +isc__mempool_getallocated +isc__mempool_getfillcount +isc__mempool_getfreecount +isc__mempool_getfreemax +isc__mempool_getmaxalloc +isc___mempool_put +isc__mempool_setfillcount +isc__mempool_setfreemax +isc__mempool_setmaxalloc +isc__mempool_setname +isc___mem_put +isc___mem_putanddetach +isc___mem_reallocate +isc__mem_references isc_mem_renderxml +isc__mem_setdestroycheck +isc__mem_setname +isc__mem_setquota +isc__mem_setwater +isc__mem_stats +isc___mem_strdup +isc__mem_waterack isc_msgcat_close isc_msgcat_get isc_msgcat_open isc_mutexblock_destroy isc_mutexblock_init -isc_net_aton -isc_net_disableipv4 -isc_net_disableipv6 -isc_net_getudpportrange -isc_net_ntop -isc_net_probe_ipv6only -isc_net_probe_ipv6pktinfo -isc_net_probeipv4 -isc_net_probeipv6 -isc_net_probeunix -isc_net_pton isc_netaddr_any isc_netaddr_any6 isc_netaddr_eqprefix @@ -387,6 +311,17 @@ isc_netaddr_masktoprefixlen isc_netaddr_prefixok isc_netaddr_setzone isc_netaddr_totext +isc_net_aton +isc_net_disableipv4 +isc_net_disableipv6 +isc_net_getudpportrange +isc_net_ntop +isc_net_probeipv4 +isc_net_probeipv6 +isc_net_probe_ipv6only +isc_net_probe_ipv6pktinfo +isc_net_probeunix +isc_net_pton isc_netscope_pton isc_ntpaths_get isc_ntpaths_init @@ -491,7 +426,43 @@ isc_sockaddr_pf isc_sockaddr_setport isc_sockaddr_totext isc_sockaddr_v6fromin +isc__socket_accept +isc__socket_attach +isc__socket_bind +isc__socket_cancel +isc__socket_cleanunix +isc__socket_close +isc__socket_connect +isc__socket_create +isc__socket_detach +isc__socket_filter +isc__socket_getname +isc__socket_getpeername +isc__socket_getsockname +isc__socket_gettag +isc__socket_gettype +isc__socket_ipv6only +isc__socket_isbound +isc__socket_listen +isc__socketmgr_create +isc__socketmgr_create2 +isc__socketmgr_destroy +isc__socketmgr_getmaxsockets +isc___socketmgr_maxudp isc_socketmgr_renderxml +isc__socketmgr_setreserved +isc__socketmgr_setstats +isc__socket_open +isc__socket_permunix +isc__socket_recv +isc__socket_recv2 +isc__socket_recvv +isc__socket_send +isc__socket_sendto +isc__socket_sendto2 +isc__socket_sendtov +isc__socket_sendv +isc__socket_setname isc_stats_attach isc_stats_create isc_stats_decrement @@ -507,6 +478,7 @@ isc_stdio_seek isc_stdio_sync isc_stdio_write isc_stdtime_get +isc__strerror isc_string_append isc_string_append_truncate isc_string_copy @@ -524,10 +496,31 @@ isc_symtab_destroy isc_symtab_lookup isc_symtab_undefine isc_syslog_facilityfromstring +isc__task_attach +isc__task_beginexclusive +isc__task_create +isc__task_destroy +isc__task_detach +isc__task_endexclusive +isc__task_getcurrenttime +isc__task_getname +isc__task_gettag +isc__taskmgr_create +isc__taskmgr_destroy isc_taskmgr_renderxml +isc__task_onshutdown isc_taskpool_create isc_taskpool_destroy isc_taskpool_gettask +isc__task_purge +isc__task_purgeevent +isc__task_purgerange +isc__task_send +isc__task_sendanddetach +isc__task_setname +isc__task_shutdown +isc__task_unsend +isc__task_unsendrange isc_thread_create isc_thread_join isc_thread_key_create @@ -544,6 +537,14 @@ isc_time_microdiff isc_time_nanoseconds isc_time_now isc_time_nowplusinterval +isc__timer_attach +isc__timer_create +isc__timer_detach +isc__timermgr_create +isc__timermgr_destroy +isc__timermgr_poke +isc__timer_reset +isc__timer_touch isc_time_seconds isc_time_set isc_time_settoepoch @@ -553,6 +554,7 @@ isc_win32os_minorversion isc_win32os_servicepackmajor isc_win32os_servicepackminor isc_win32os_versioncheck +NTReportError openlog syslog