mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00
Code Issues Releases Wiki Activity
6,102 Commits 660 Branches 820 Tags
Commit Graph

67 Commits

Author SHA1 Message Date
Brian Wellington
5b0413f993 Call isc_log_wouldlog to potentially avoid extra work in validator_log. 2000-07-26 00:50:02 +00:00
Brian Wellington
60783293cc If a failed positive validation led us to try an insecurity proof, and the 
insecurity proof also failed, the validator event should normally contain
the error from the positive validation.
 2000-07-25 01:24:18 +00:00
Brian Wellington
6bc1a64561 If a positive validation fails and it looks like the reason is that there 
are no material DNSSEC signatures, try an insecurity proof.
 2000-07-13 23:52:04 +00:00
Brian Wellington
25496cebad If trying to validate a key set that happens to be a security root, the 
validation should only consist of checking that each key in the key set
is also in the list of security root keys.

Strangeness occurs when the key set is signed, since the key set is marked
as secure, but the sig set is not, since it wasn't used in the validation
process.  This means that a query for a key set at a security root will
have the AD bit set if the key set is unsigned and not if the key set is signed.
 2000-07-07 00:44:01 +00:00
David Lawrence
9c3531d72a add RCS id string 2000-06-22 22:00:42 +00:00
Andreas Gustafsson
6036112f48 more detailed logging during insecurity proofs 2000-06-22 21:14:48 +00:00
Brian Wellington
77c67dfb26 Repeatedly querying for nonexistant data could lead to a crash. 2000-06-07 01:32:47 +00:00
Brian Wellington
e27021ee1f Certain negative responses could crash the validator. 
The insecurity proof code didn't check to see if the name was below a security
root.
 2000-06-03 00:18:43 +00:00
Brian Wellington
75f6c57d95 When an rdataset is signed, its ttl is normalized based on the signature 
validity period.
 2000-05-31 22:01:39 +00:00
Brian Wellington
9a4a878733 removed debugging code 2000-05-26 22:03:47 +00:00
Brian Wellington
ca9af3aaf7 Lots of restructuring to make code easier to follow. Also a few bugs fixed, 
and hopefully not too many new ones introduced.
 2000-05-26 21:45:53 +00:00
Andreas Gustafsson
115635379a style 2000-05-26 17:46:16 +00:00
Brian Wellington
a9bc95f22e dst now stores the key name as a dns_name_t, not a char *. 2000-05-24 23:13:32 +00:00
David Lawrence
ed019cabc1 fixed lines > 79 columns wide 2000-05-24 05:10:00 +00:00
David Lawrence
1d198e8a6b removed unused stack variable sigrdataset from authvalidated() 2000-05-24 02:47:15 +00:00
Brian Wellington
feb40fc5f9 keytag collision handling was broken and a memory leak existed in the error 
handling code.
 2000-05-22 21:17:05 +00:00
Brian Wellington
17a3fcecd0 Propagate errors out of the validator in all cases. This means that if there 
are any problems in a validation, a SERVFAIL will be returned.  This may not
be correct in all cases (and will be fixed), but it leaves the server in a
much more consistent state after failures.
 2000-05-19 23:04:14 +00:00
Brian Wellington
e49c834de8 Replaced dns_keynode_next by the more correct dns_keytable_findnextkeynode 2000-05-19 20:25:55 +00:00
Andreas Gustafsson
e755d59880 validator.c failed to compile on many platforms because 
a label was not followed by a statement.  Added a null statement.
 2000-05-19 18:48:27 +00:00
Brian Wellington
ba393f380e better keytag collision handling with trusted keys 2000-05-19 18:39:49 +00:00
Brian Wellington
187604c1ad accidentally removed an assignment to NULL before; added a note to look 
back at keytag collisions later
 2000-05-19 01:23:12 +00:00
Brian Wellington
c50936eb40 changed dst_key_free() prototype, misc. dst cleanup 2000-05-19 00:20:59 +00:00
Brian Wellington
d6643ef587 snapshot - support for keytag collision, better support for signed subdomains 
of insecure domains.
 2000-05-18 23:22:14 +00:00
Brian Wellington
aa863b2d1e insecurity proof wasn't correctly setting the rdataset trust level; 
added more debug output
 2000-05-18 18:29:29 +00:00
Brian Wellington
5c61176885 insecurity proof for negative responses 2000-05-18 02:02:05 +00:00
Brian Wellington
94766449d6 restructuring snapshot 2000-05-17 18:24:59 +00:00
David Lawrence
0013c93bc4 "validator.c", line 343: remark(1552): variable "rdataset" was set but never 
used

Removed rdataset from function.
 2000-05-14 02:33:29 +00:00
Andreas Gustafsson
e1f16346db validator must not indicate a validation failure by returning 
ISC_R_NOTFOUND as that seriously confuses query_find().  Introduced new
result codes DNS_R_NOVALIDSIG and DNS_R_NOVALIDNXT to use instead.
 2000-05-12 21:25:17 +00:00
Andreas Gustafsson
78951552dc removed support for trusted keys other than security 
roots; check that key name is appropriate even if it is a security
root; added/clarified log messages
 2000-05-12 17:41:30 +00:00
Andreas Gustafsson
3ce4b8b03e added a comment 2000-05-11 22:58:17 +00:00
David Lawrence
1a69a1a78c Megacommit of dozens of files. 
Cleanup of redundant/useless header file inclusion.

ISC style lint, primarily for function declarations and standalone
comments -- ie, those that appear on a line without any code, which
should be written as follows:
   /*
    * This is a comment.
    */
 2000-05-08 14:38:29 +00:00
Andreas Gustafsson
59e9979330 REQUIRE(type != 0) 2000-05-05 00:18:36 +00:00
Andreas Gustafsson
c37a906752 more logging 2000-05-03 23:58:35 +00:00
David Lawrence
09f22ac5b0 Redundant header work, mostly removing <dns/result.h> from installed 
headers and adding it to source files that need it.
 2000-05-02 03:54:17 +00:00
Brian Wellington
48e27f529d Conform to the dns_dnssec_verify api change and fix an nxt processing crash 2000-04-27 18:14:11 +00:00
Andreas Gustafsson
fa04a194fb return value from dns_rdataset_first() was ignored; 
added more comments and logging to nxtvalidate()
 2000-04-27 00:15:16 +00:00
David Lawrence
6e49e91bd0 103. [func] libisc buffer API changes for <isc/buffer.h>: 
Added:
                                isc_buffer_base(b)          (pointer)
                                isc_buffer_current(b)       (pointer)
                                isc_buffer_active(b)        (pointer)
                                isc_buffer_used(b)          (pointer)
                                isc_buffer_length(b)            (int)
                                isc_buffer_usedlength(b)        (int)
                                isc_buffer_consumedlength(b)    (int)
                                isc_buffer_remaininglength(b)   (int)
                                isc_buffer_activelength(b)      (int)
                                isc_buffer_availablelength(b)   (int)
                        Removed:
                                ISC_BUFFER_USEDCOUNT(b)
                                ISC_BUFFER_AVAILABLECOUNT(b)
                                isc_buffer_type(b)
                        Changed names:
                                isc_buffer_used(b, r) ->
                                        isc_buffer_usedregion(b, r)
                                isc_buffer_available(b, r) ->
                                        isc_buffer_available_region(b, r)
                                isc_buffer_consumed(b, r) ->
                                        isc_buffer_consumedregion(b, r)
                                isc_buffer_active(b, r) ->
                                        isc_buffer_activeregion(b, r)
                                isc_buffer_remaining(b, r) ->
                                        isc_buffer_remainingregion(b, r)

                        Buffer types were removed, so the ISC_BUFFERTYPE_*
                        macros are no more, and the type argument to
                        isc_buffer_init and isc_buffer_allocate were removed.
                        isc_buffer_putstr is now void (instead of isc_result_t)
                        and requires that the caller ensure that there
                        is enough available buffer space for the string.
 2000-04-27 00:03:12 +00:00
Andreas Gustafsson
8db70f36be isc_buffer_putstr() will soon return void 2000-04-26 18:24:15 +00:00
David Lawrence
e1a5f4cd31 Shut up compiler about sigrdataset possibly being used before set in 
nxtvalidate().  The warning is bogus.
 2000-04-25 19:57:47 +00:00
Brian Wellington
ec371edc34 Add 'type' as a parameter to dns_validator_create() 2000-04-20 20:43:52 +00:00
Andreas Gustafsson
264fd373f3 added log message about not finding relevant NXTs; 
added REQUIREs to enforce prerequisites as documented in validator.h;
added cancelation cleanup code
 2000-04-20 18:03:12 +00:00
Brian Wellington
48ed268b33 snapshot - downward chaining support is much more complete, but still won't 
work until the server returns the child's null key from the parent.
 2000-04-19 18:08:27 +00:00
Andreas Gustafsson
d325d53d03 declare static function proveunsecure() before use; 
eliminate compiler warning
 2000-04-18 18:17:49 +00:00
Brian Wellington
613efcd8fb snapshot - includes (untested) code to find unsecured subdomains, which 
won't work until the server returns keys/nxts from the parent zones.
Also some style fixes.
 2000-04-18 17:50:38 +00:00
Michael Graff
e44487bfc2 convert sender, arg, action, etc. to ev_sender, ev_arg, ev_action, etc. 2000-04-17 19:22:44 +00:00
Brian Wellington
fe5ba8ddb5 memory leak cleanup, error if multiple nxts are present in negative answer 2000-04-14 16:00:33 +00:00
Brian Wellington
777ac454c0 Fixed locking problems in event handlers. Reordered NXT processing to 
do range checks before verify, since it's faster.
 2000-04-14 02:30:12 +00:00
Brian Wellington
e83cae7fa8 snapshot - partial support for negative answer verification and a couple bug 
fixes.
 2000-04-13 18:10:07 +00:00
Bob Halley
fca5f81ad6 using snprintf or vsnprintf requires isc/print.h 2000-04-12 19:07:12 +00:00
Brian Wellington
63bf060be4 dst_key_iszonekey() checks that the key's protocol is DNSSEC or ANY. 
Remove this check from the validator, and remove more redundant constants
from dst.h
 2000-04-12 15:52:12 +00:00