mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity
12,111 Commits 657 Branches 820 Tags
Commit Graph

113 Commits

Author SHA1 Message Date
David Lawrence
9c3531d72a add RCS id string 2000-06-22 22:00:42 +00:00
Andreas Gustafsson
6036112f48 more detailed logging during insecurity proofs 2000-06-22 21:14:48 +00:00
Brian Wellington
77c67dfb26 Repeatedly querying for nonexistant data could lead to a crash. 2000-06-07 01:32:47 +00:00
Brian Wellington
e27021ee1f Certain negative responses could crash the validator. 
The insecurity proof code didn't check to see if the name was below a security
root.
 2000-06-03 00:18:43 +00:00
Brian Wellington
75f6c57d95 When an rdataset is signed, its ttl is normalized based on the signature 
validity period.
 2000-05-31 22:01:39 +00:00
Brian Wellington
9a4a878733 removed debugging code 2000-05-26 22:03:47 +00:00
Brian Wellington
ca9af3aaf7 Lots of restructuring to make code easier to follow. Also a few bugs fixed, 
and hopefully not too many new ones introduced.
 2000-05-26 21:45:53 +00:00
Andreas Gustafsson
115635379a style 2000-05-26 17:46:16 +00:00
Brian Wellington
a9bc95f22e dst now stores the key name as a dns_name_t, not a char *. 2000-05-24 23:13:32 +00:00
David Lawrence
ed019cabc1 fixed lines > 79 columns wide 2000-05-24 05:10:00 +00:00
David Lawrence
1d198e8a6b removed unused stack variable sigrdataset from authvalidated() 2000-05-24 02:47:15 +00:00
Brian Wellington
feb40fc5f9 keytag collision handling was broken and a memory leak existed in the error 
handling code.
 2000-05-22 21:17:05 +00:00
Brian Wellington
17a3fcecd0 Propagate errors out of the validator in all cases. This means that if there 
are any problems in a validation, a SERVFAIL will be returned.  This may not
be correct in all cases (and will be fixed), but it leaves the server in a
much more consistent state after failures.
 2000-05-19 23:04:14 +00:00
Brian Wellington
e49c834de8 Replaced dns_keynode_next by the more correct dns_keytable_findnextkeynode 2000-05-19 20:25:55 +00:00
Andreas Gustafsson
e755d59880 validator.c failed to compile on many platforms because 
a label was not followed by a statement.  Added a null statement.
 2000-05-19 18:48:27 +00:00
Brian Wellington
ba393f380e better keytag collision handling with trusted keys 2000-05-19 18:39:49 +00:00
Brian Wellington
187604c1ad accidentally removed an assignment to NULL before; added a note to look 
back at keytag collisions later
 2000-05-19 01:23:12 +00:00
Brian Wellington
c50936eb40 changed dst_key_free() prototype, misc. dst cleanup 2000-05-19 00:20:59 +00:00
Brian Wellington
d6643ef587 snapshot - support for keytag collision, better support for signed subdomains 
of insecure domains.
 2000-05-18 23:22:14 +00:00
Brian Wellington
aa863b2d1e insecurity proof wasn't correctly setting the rdataset trust level; 
added more debug output
 2000-05-18 18:29:29 +00:00
Brian Wellington
5c61176885 insecurity proof for negative responses 2000-05-18 02:02:05 +00:00
Brian Wellington
94766449d6 restructuring snapshot 2000-05-17 18:24:59 +00:00
David Lawrence
0013c93bc4 "validator.c", line 343: remark(1552): variable "rdataset" was set but never 
used

Removed rdataset from function.
 2000-05-14 02:33:29 +00:00
Andreas Gustafsson
e1f16346db validator must not indicate a validation failure by returning 
ISC_R_NOTFOUND as that seriously confuses query_find().  Introduced new
result codes DNS_R_NOVALIDSIG and DNS_R_NOVALIDNXT to use instead.
 2000-05-12 21:25:17 +00:00
Andreas Gustafsson
78951552dc removed support for trusted keys other than security 
roots; check that key name is appropriate even if it is a security
root; added/clarified log messages
 2000-05-12 17:41:30 +00:00
Andreas Gustafsson
3ce4b8b03e added a comment 2000-05-11 22:58:17 +00:00
David Lawrence
1a69a1a78c Megacommit of dozens of files. 
Cleanup of redundant/useless header file inclusion.

ISC style lint, primarily for function declarations and standalone
comments -- ie, those that appear on a line without any code, which
should be written as follows:
   /*
    * This is a comment.
    */
 2000-05-08 14:38:29 +00:00
Andreas Gustafsson
59e9979330 REQUIRE(type != 0) 2000-05-05 00:18:36 +00:00
Andreas Gustafsson
c37a906752 more logging 2000-05-03 23:58:35 +00:00
David Lawrence
09f22ac5b0 Redundant header work, mostly removing <dns/result.h> from installed 
headers and adding it to source files that need it.
 2000-05-02 03:54:17 +00:00
Brian Wellington
48e27f529d Conform to the dns_dnssec_verify api change and fix an nxt processing crash 2000-04-27 18:14:11 +00:00
Andreas Gustafsson
fa04a194fb return value from dns_rdataset_first() was ignored; 
added more comments and logging to nxtvalidate()
 2000-04-27 00:15:16 +00:00
David Lawrence
6e49e91bd0 103. [func] libisc buffer API changes for <isc/buffer.h>: 
Added:
                                isc_buffer_base(b)          (pointer)
                                isc_buffer_current(b)       (pointer)
                                isc_buffer_active(b)        (pointer)
                                isc_buffer_used(b)          (pointer)
                                isc_buffer_length(b)            (int)
                                isc_buffer_usedlength(b)        (int)
                                isc_buffer_consumedlength(b)    (int)
                                isc_buffer_remaininglength(b)   (int)
                                isc_buffer_activelength(b)      (int)
                                isc_buffer_availablelength(b)   (int)
                        Removed:
                                ISC_BUFFER_USEDCOUNT(b)
                                ISC_BUFFER_AVAILABLECOUNT(b)
                                isc_buffer_type(b)
                        Changed names:
                                isc_buffer_used(b, r) ->
                                        isc_buffer_usedregion(b, r)
                                isc_buffer_available(b, r) ->
                                        isc_buffer_available_region(b, r)
                                isc_buffer_consumed(b, r) ->
                                        isc_buffer_consumedregion(b, r)
                                isc_buffer_active(b, r) ->
                                        isc_buffer_activeregion(b, r)
                                isc_buffer_remaining(b, r) ->
                                        isc_buffer_remainingregion(b, r)

                        Buffer types were removed, so the ISC_BUFFERTYPE_*
                        macros are no more, and the type argument to
                        isc_buffer_init and isc_buffer_allocate were removed.
                        isc_buffer_putstr is now void (instead of isc_result_t)
                        and requires that the caller ensure that there
                        is enough available buffer space for the string.
 2000-04-27 00:03:12 +00:00
Andreas Gustafsson
8db70f36be isc_buffer_putstr() will soon return void 2000-04-26 18:24:15 +00:00
David Lawrence
e1a5f4cd31 Shut up compiler about sigrdataset possibly being used before set in 
nxtvalidate().  The warning is bogus.
 2000-04-25 19:57:47 +00:00
Brian Wellington
ec371edc34 Add 'type' as a parameter to dns_validator_create() 2000-04-20 20:43:52 +00:00
Andreas Gustafsson
264fd373f3 added log message about not finding relevant NXTs; 
added REQUIREs to enforce prerequisites as documented in validator.h;
added cancelation cleanup code
 2000-04-20 18:03:12 +00:00
Brian Wellington
48ed268b33 snapshot - downward chaining support is much more complete, but still won't 
work until the server returns the child's null key from the parent.
 2000-04-19 18:08:27 +00:00
Andreas Gustafsson
d325d53d03 declare static function proveunsecure() before use; 
eliminate compiler warning
 2000-04-18 18:17:49 +00:00
Brian Wellington
613efcd8fb snapshot - includes (untested) code to find unsecured subdomains, which 
won't work until the server returns keys/nxts from the parent zones.
Also some style fixes.
 2000-04-18 17:50:38 +00:00
Michael Graff
e44487bfc2 convert sender, arg, action, etc. to ev_sender, ev_arg, ev_action, etc. 2000-04-17 19:22:44 +00:00
Brian Wellington
fe5ba8ddb5 memory leak cleanup, error if multiple nxts are present in negative answer 2000-04-14 16:00:33 +00:00
Brian Wellington
777ac454c0 Fixed locking problems in event handlers. Reordered NXT processing to 
do range checks before verify, since it's faster.
 2000-04-14 02:30:12 +00:00
Brian Wellington
e83cae7fa8 snapshot - partial support for negative answer verification and a couple bug 
fixes.
 2000-04-13 18:10:07 +00:00
Bob Halley
fca5f81ad6 using snprintf or vsnprintf requires isc/print.h 2000-04-12 19:07:12 +00:00
Brian Wellington
63bf060be4 dst_key_iszonekey() checks that the key's protocol is DNSSEC or ANY. 
Remove this check from the validator, and remove more redundant constants
from dst.h
 2000-04-12 15:52:12 +00:00
Andreas Gustafsson
ecfe4a3490 validator_log() logged garbage after RR type 2000-04-11 22:17:49 +00:00
Brian Wellington
538fea1c91 Added back some code lost by the logging patch, made the keyvalidated event 
handler actually work in the easy case.
 2000-04-11 20:59:37 +00:00
Andreas Gustafsson
1b1e1fda46 logging 2000-04-11 20:35:37 +00:00
Brian Wellington
e7a8dfd296 If we mark an rdataset as secure, also mark the sigrdataset as secure. 2000-04-11 17:12:31 +00:00