Commit 14844197 authored by Internet Software Consortium, Inc's avatar Internet Software Consortium, Inc Committed by Lamont Jones

9.5.0a7

parent 10df5197
--- 9.5.0a7 released ---
2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
[RT #17241]
2257. [bug] win32: Use the full path to vcredist_x86.exe when
calling it. [RT #17222]
2256. [bug] win32: Correctly register the installation location of
bindevt.dll. [RT #17159]
2255. [bug] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
when reading timer->idle allowing it to see
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
2253. [func] "max-cache-size" defaults to 32M.
"max-acache-size" defaults to 16M.
2252. [bug] Fixed errors in sortlist code [RT #17216]
2251. [placeholder]
2250. [func] New flag 'memstatistics' to state whether the
memory statistics file should be written or not.
Additionally named's -m option will cause the
statistics file to be written. [RT #17113]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
robust. [RT #17147]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
2244. [func] Allow the check of nameserver names against the
SOA MNAME field to be disabled by specifying
'notify-to-soa yes;'. [RT #17073]
2243. [func] Configuration files without a newline at the end now
parse without error. [RT #17120]
2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
library could require a source of random data.
[RT #17127]
2241. [func] nsupdate: add a interative 'help' command. [RT #17099]
2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
a number of INSIST()s into plain fatal() errors
which report the triggering result code.
The 'key' command wasn't disabling GSS-TSIG.
[RT #17099]
2239. [func] Ship a prebuilt bin/named/bind9.xsl.h. [RT #17114]
2238. [bug] It was possible to trigger a REQUIRE when a
validation was cancelled. [RT #17106]
2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
2236. [bug] dnssec-signzone failed to preserve the case of
of wildcard owner names. [RT #17085]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2233. [func] Add support for O(1) ACL processing, based on
radix tree code originally written by kevin
brintnall. [RT #16288]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
[RT #17088]
2230. [bug] We could INSIST reading a corrupted journal.
[RT #17132]
2229. [bug] Null pointer dereference on query pool creation
failure. [RT #17133]
2228. [contrib] contrib: Change 2188 was incomplete.
2227. [cleanup] Tidied up the FAQ. [RT #17121]
2226. [placeholder]
2225. [bug] More support for systems with no IPv4 addresses.
[RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
2223. [bug] Make a new journal when compacting. [RT #17119]
2222. [func] named-checkconf now checks server key references.
[RT #17097]
2221. [bug] Set the event result code to reflect the actual
record turned to caller when a cache update is
rejected due to a more credible answer existing.
[RT #17017]
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
2219. [bug] Apply zone consistancy checks to additions, not
removals, when updating. [RT #17049]
2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
[RT #16976]
2217. [func] Adjust update log levels. [RT #17092]
2216. [cleanup] Fix a number of errors reported by Coverity.
[RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
2214. [bug] Deregister OpenSSL lock callback when cleaning
up. Reorder OpenSSL cleanup so that RAND_cleanup()
is called before the locks are destroyed. [RT #17098]
2213. [bug] SIG0 diagnostic failure messages were looking at the
wrong status code. [RT #17101]
2212. [func] 'host -m' now causes memory statistics and active
memory to be printed at exit. [RT 17028]
2211. [func] Update "dynamic update temporarily disabled" message.
[RT #17065]
2210. [bug] Deleting class specific records via UPDATE could
fail. [RT #17074]
2209. [port] osx: linking against user supplied static OpenSSL
libraries failed as the system ones were still being
found. [RT #17078]
2208. [port] win32: make sure both build methods produce the
same output. [RT #17058]
2207. [port] Some implementations of getaddrinfo() fail to set
ai_canonname correctly. [RT #17061]
--- 9.5.0a6 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
......@@ -18,7 +174,7 @@
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2204 [bug] "rndc flushanme name unknown-view" caused named
2204. [bug] "rndc flushanme name unknown-view" caused named
to crash. [RT #16984]
2203. [security] Query id generation was cryptographically weak.
......
This diff is collapsed.
This diff is collapsed.
......@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.49 2007/06/19 23:46:59 tbox Exp $
# $Id: Makefile.in,v 1.50 2007/09/03 00:36:53 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -61,7 +61,7 @@ test:
FAQ: FAQ.xml
${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
${W3M} -T text/html -dump >$@.tmp
LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
mv $@.tmp $@
clean::
......
......@@ -54,8 +54,12 @@ BIND 9.5.0
Experimental http server and statistics support for named via xml.
Faster ACL processing.
Use Doxygen to generate internal documention.
Efficient LRU cache-cleaning mechanism.
BIND 9.4.0
BIND 9.4.0 has a number of new features over 9.3,
......@@ -77,7 +81,9 @@ BIND 9.4.0
used to specify the default zone access level rather than
having to have every zone override the global value.
allow-query-cache can be set at both the options and view
levels. If allow-query-cache is not set allow-query applies.
levels. If allow-query-cache is not set then allow-recursion
is used if set, otherwise allow-query is used if set, otherwise
the default (localhost; localnets;) is used.
rndc: the source address can now be specified.
......
......@@ -15,27 +15,26 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.29 2007/06/18 23:47:16 tbox Exp $ */
/* $Id: check-tool.c,v 1.31 2007/09/13 04:45:18 each Exp $ */
/*! \file */
#include <config.h>
#include <stdio.h>
#include <string.h>
#include "check-tool.h"
#include <isc/util.h>
#include <isc/buffer.h>
#include <isc/log.h>
#include <isc/net.h>
#include <isc/mem.h>
#include <isc/netdb.h>
#include <isc/net.h>
#include <isc/region.h>
#include <isc/stdio.h>
#include <isc/string.h>
#include <isc/symtab.h>
#include <isc/types.h>
#include <isc/mem.h>
#include <isc/util.h>
#include <dns/fixedname.h>
#include <dns/log.h>
......@@ -193,7 +192,16 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
case 0:
if (strcasecmp(ai->ai_canonname, namebuf) != 0 &&
/*
* Work around broken getaddrinfo() implementations that
* fail to set ai_canonname on first entry.
*/
cur = ai;
while (cur != NULL && cur->ai_canonname == NULL &&
cur->ai_next != NULL)
cur = cur->ai_next;
if (ai != NULL && cur->ai_canonname != NULL &&
strcasecmp(ai->ai_canonname, namebuf) != 0 &&
!logged(namebuf, ERR_IS_CNAME)) {
dns_zone_log(zone, ISC_LOG_ERROR,
"%s/NS '%s' (out of zone) "
......@@ -348,7 +356,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
static isc_boolean_t
checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
#ifdef USE_GETADDRINFO
struct addrinfo hints, *ai;
struct addrinfo hints, *ai, *cur;
char namebuf[DNS_NAME_FORMATSIZE + 1];
char ownerbuf[DNS_NAME_FORMATSIZE];
int result;
......@@ -373,7 +381,16 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
case 0:
if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
/*
* Work around broken getaddrinfo() implementations that
* fail to set ai_canonname on first entry.
*/
cur = ai;
while (cur != NULL && cur->ai_canonname == NULL &&
cur->ai_next != NULL)
cur = cur->ai_next;
if (cur != NULL && cur->ai_canonname != NULL &&
strcasecmp(cur->ai_canonname, namebuf) != 0) {
if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
level = ISC_LOG_WARNING;
if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
......@@ -422,7 +439,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
static isc_boolean_t
checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
#ifdef USE_GETADDRINFO
struct addrinfo hints, *ai;
struct addrinfo hints, *ai, *cur;
char namebuf[DNS_NAME_FORMATSIZE + 1];
char ownerbuf[DNS_NAME_FORMATSIZE];
int result;
......@@ -447,7 +464,16 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
case 0:
if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
/*
* Work around broken getaddrinfo() implementations that
* fail to set ai_canonname on first entry.
*/
cur = ai;
while (cur != NULL && cur->ai_canonname == NULL &&
cur->ai_next != NULL)
cur = cur->ai_next;
if (cur != NULL && cur->ai_canonname != NULL &&
strcasecmp(cur->ai_canonname, namebuf) != 0) {
if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
level = ISC_LOG_WARNING;
if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.114 2007/06/18 23:47:17 tbox Exp $ */
/* $Id: host.c,v 1.115 2007/08/15 04:40:30 marka Exp $ */
/*! \file */
......@@ -583,6 +583,7 @@ pre_parse_args(int argc, char **argv) {
while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
switch (c) {
case 'm':
memdebugging = ISC_TRUE;
if (strcasecmp("trace", isc_commandline_argument) == 0)
isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
else if (!strcasecmp("record",
......
......@@ -16,7 +16,7 @@
*
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
......@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.78 2007/06/18 23:47:17 tbox Exp $ */
/* $Id: dnssec-keygen.c,v 1.79 2007/08/28 07:20:42 tbox Exp $ */
/*! \file */
......
......@@ -16,7 +16,7 @@
*
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
......@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.203 2007/06/18 23:47:18 tbox Exp $ */
/* $Id: dnssec-signzone.c,v 1.204 2007/08/28 07:20:42 tbox Exp $ */
/*! \file */
......
/*
* Generated by convertxsl.pl 1.9 2007/09/14 06:14:44 marka Exp
* From bind9.xsl 1.13 2007/06/18 23:47:18 tbox Exp
*/
static char msg[] = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!-- - Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. (\"ISC\") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED \"AS IS\" AND ISC DISCLAIMS ALL WARRANTIES WITH - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE.--><!-- \045Id: bind9.xsl,v 1.13 2007/06/18 23:47:18 tbox Exp \045 --><xsl:stylesheet version=\"1.0\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns=\"http://www.w3.org/1999/xhtml\"><xsl:template match=\"isc/bind/statistics\"><html><head><style type=\"text/css\">body { font-family: sans-serif; background-color: #ffffff; color: #000000;}table { border-collapse: collapse;}tr.rowh { text-align: center; border: 1px solid #000000; background-color: #8080ff; color: #ffffff;}tr.row { text-align: right; border: 1px solid #000000; background-color: teal; color: #ffffff;}tr.lrow { text-align: left; border: 1px solid #000000; background-color: teal; color: #ffffff;}.header { background-color: teal; color: #ffffff; padding: 4px;}.content { background-color: #ffffff; color: #000000; padding: 4px;}.item { padding: 4px; align: right;}.value { padding: 4px; font-weight: bold;} </style><title>BIND 9 Statistics</title></head><body><div class=\"header\">Bind 9 Configuration and Statistics</div><br/><table><tr class=\"rowh\"><th colspan=\"2\">Times</th></tr><tr class=\"lrow\"><td>boot-time</td><td><xsl:value-of select=\"server/boot-time\"/></td></tr><tr class=\"lrow\"><td>current-time</td><td><xsl:value-of select=\"server/current-time\"/></td></tr></table><br/><table><tr class=\"rowh\"><th colspan=\"2\">Server statistics</th></tr><xsl:for-each select=\"server/counters/*\"><tr class=\"lrow\"><td><xsl:value-of select=\"name()\"/></td><td><xsl:value-of select=\".\"/></td></tr></xsl:for-each></table><br/><xsl:for-each select=\"views/view\"><table><tr class=\"rowh\"><th colspan=\"11\">Zones for View <xsl:value-of select=\"name\"/></th></tr><tr class=\"rowh\"><th>Name</th><th>Class</th><th>Serial</th><th>Success</th><th>Referral</th><th>NXRRSET</th><th>NXDOMAIN</th><th>Recursion</th><th>Failure</th><th>Duplicate</th><th>Dropped</th></tr><xsl:for-each select=\"zones/zone\"><tr class=\"lrow\"><td><xsl:value-of select=\"name\"/></td><td><xsl:value-of select=\"rdataclass\"/></td><td><xsl:value-of select=\"serial\"/></td><td><xsl:value-of select=\"counters/success\"/></td><td><xsl:value-of select=\"counters/referral\"/></td><td><xsl:value-of select=\"counters/nxrrset\"/></td><td><xsl:value-of select=\"counters/nxdomain\"/></td><td><xsl:value-of select=\"counters/recursion\"/></td><td><xsl:value-of select=\"counters/failure\"/></td><td><xsl:value-of select=\"counters/duplicate\"/></td><td><xsl:value-of select=\"counters/dropped\"/></td></tr></xsl:for-each></table><br/></xsl:for-each><br/><table><tr class=\"rowh\"><th colspan=\"7\">Network Status</th></tr><tr class=\"rowh\"><th>ID</th><th>Name</th><th>Type</th><th>References</th><th>LocalAddress</th><th>PeerAddress</th><th>State</th></tr><xsl:for-each select=\"socketmgr/sockets/socket\"><tr class=\"lrow\"><td><xsl:value-of select=\"id\"/></td><td><xsl:value-of select=\"name\"/></td><td><xsl:value-of select=\"type\"/></td><td><xsl:value-of select=\"references\"/></td><td><xsl:value-of select=\"local-address\"/></td><td><xsl:value-of select=\"peer-address\"/></td><td><xsl:for-each select=\"states\"><xsl:value-of select=\".\"/></xsl:for-each></td></tr></xsl:for-each></table><br/><table><tr class=\"rowh\"><th colspan=\"2\">Task Manager Configuration</th></tr><tr class=\"lrow\"><td>Thread-Model</td><td><xsl:value-of select=\"taskmgr/thread-model/type\"/></td></tr><tr class=\"lrow\"><td>Worker Threads</td><td><xsl:value-of select=\"taskmgr/thread-model/worker-threads\"/></td></tr><tr class=\"lrow\"><td>Default Quantum</td><td><xsl:value-of select=\"taskmgr/thread-model/default-quantum\"/></td></tr><tr class=\"lrow\"><td>Tasks Running</td><td><xsl:value-of select=\"taskmgr/thread-model/tasks-running\"/></td></tr></table><br/><table><tr class=\"rowh\"><th colspan=\"5\">Tasks</th></tr><tr class=\"rowh\"><th>ID</th><th>Name</th><th>References</th><th>State</th><th>Quantum</th></tr><xsl:for-each select=\"taskmgr/tasks/task\"><tr class=\"lrow\"><td><xsl:value-of select=\"id\"/></td><td><xsl:value-of select=\"name\"/></td><td><xsl:value-of select=\"references\"/></td><td><xsl:value-of select=\"state\"/></td><td><xsl:value-of select=\"quantum\"/></td></tr></xsl:for-each></table></body></html></xsl:template></xsl:stylesheet>\n";
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.248 2007/06/26 02:52:15 marka Exp $ */
/* $Id: client.c,v 1.249 2007/08/22 00:42:42 marka Exp $ */
#include <config.h>
......@@ -1674,16 +1674,19 @@ client_request(isc_task_t *task, isc_event_t *event) {
char tsigrcode[64];
isc_buffer_t b;
dns_name_t *name = NULL;
dns_rcode_t status;
isc_result_t tresult;
isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus,
&b) == ISC_R_SUCCESS);
tsigrcode[isc_buffer_usedlength(&b)] = '\0';
/* There is a signature, but it is bad. */
if (dns_message_gettsig(client->message, &name) != NULL) {
char namebuf[DNS_NAME_FORMATSIZE];
char cnamebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf));
status = client->message->tsigstatus;
isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
tresult = dns_tsigrcode_totext(status, &b);
INSIST(tresult == ISC_R_SUCCESS);
tsigrcode[isc_buffer_usedlength(&b)] = '\0';
if (client->message->tsigkey->generated) {
dns_name_format(client->message->tsigkey->creator,
cnamebuf, sizeof(cnamebuf));
......@@ -1705,6 +1708,11 @@ client_request(isc_task_t *task, isc_event_t *event) {
tsigrcode);
}
} else {
status = client->message->sig0status;
isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
tresult = dns_tsigrcode_totext(status, &b);
INSIST(tresult == ISC_R_SUCCESS);
tsigrcode[isc_buffer_usedlength(&b)] = '\0';
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
"request has invalid signature: %s (%s)",
......
......@@ -15,14 +15,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.79 2007/06/18 23:47:18 tbox Exp $ */
/* $Id: config.c,v 1.82 2007/10/19 17:15:53 explorer Exp $ */
/*! \file */
#include <config.h>
#include <stdlib.h>
#include <string.h>
#include <isc/buffer.h>
#include <isc/log.h>
......@@ -31,6 +30,7 @@
#include <isc/region.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
#include <isc/string.h>
#include <isc/util.h>
#include <isccfg/namedconf.h>
......@@ -129,14 +129,14 @@ options {\n\
max-ncache-ttl 10800; /* 3 hours */\n\
max-cache-ttl 604800; /* 1 week */\n\
transfer-format many-answers;\n\
max-cache-size 0;\n\
max-cache-size 32M;\n\
check-names master fail;\n\
check-names slave warn;\n\
check-names response ignore;\n\
check-mx warn;\n\
acache-enable no;\n\
acache-cleaning-interval 60;\n\
max-acache-size 0;\n\
max-acache-size 16M;\n\
dnssec-enable yes;\n\
dnssec-validation no; /* Make yes for 9.5. */ \n\
dnssec-accept-expired no;\n\
......@@ -152,6 +152,7 @@ options {\n\
notify yes;\n\
# also-notify <none>\n\
notify-delay 5;\n\
notify-to-soa no;\n\
dialup no;\n\
# forward <none>\n\
# forwarders <none>\n\
......
......@@ -15,17 +15,17 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.32 2007/06/18 23:47:18 tbox Exp $ */
/* $Id: control.c,v 1.33 2007/09/13 04:45:18 each Exp $ */
/*! \file */
#include <config.h>
#include <string.h>
#include <isc/app.h>
#include <isc/event.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/timer.h>
#include <isc/util.h>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: controlconf.c,v 1.54 2007/06/18 23:47:18 tbox Exp $ */
/* $Id: controlconf.c,v 1.55 2007/09/12 01:09:07 each Exp $ */
/*! \file */
......@@ -1014,7 +1014,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp,
if (control != NULL && type == isc_sockettype_tcp) {
allow = cfg_tuple_get(control, "allow");
result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
aclconfctx, listener->mctx,
aclconfctx, listener->mctx, 0,
&new_acl);
} else {
result = dns_acl_any(listener->mctx, &new_acl);
......@@ -1101,7 +1101,8 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
if (control != NULL && type == isc_sockettype_tcp) {
allow = cfg_tuple_get(control, "allow");
result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
aclconfctx, mctx, &new_acl);
aclconfctx, mctx, 0,
&new_acl);
} else {
result = dns_acl_any(mctx, &new_acl);
}
......
......@@ -14,23 +14,40 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: convertxsl.pl,v 1.8 2007/06/19 23:46:59 tbox Exp $
# $Id: convertxsl.pl,v 1.9 2007/09/14 06:14:44 marka Exp $
use strict;
use warnings;
print 'static char msg[] = "';
my $rev = '$Id: convertxsl.pl,v 1.9 2007/09/14 06:14:44 marka Exp $';
$rev =~ s/\$//g;
$rev =~ s/,v//g;
$rev =~ s/Id: //;
my $xsl = "unknown";
my $lines = '';
while (<>) {
chomp;
# pickout the id for comment.
$xsl = $_ if (/<!-- .Id:.* -->/);
# convert Id string to a form not recognisable by cvs.
$_ =~ s/<!-- .Id:(.*). -->/<!-- \\045Id: $1\\045 -->/;
$lines .= $_;
}
$xsl =~ s/\$//g;
$xsl =~ s/<!-- Id: //;
$xsl =~ s/ -->.*//;
$xsl =~ s/,v//;
$lines =~ s/[\ \t]+/ /g;
$lines =~ s/\>\ \</\>\</g;
$lines =~ s/\"/\\\"/g;
print "/*\n * Generated by $rev \n * From $xsl\n */\n";
print 'static char msg[] = "';
print $lines;
print '\\n";', "\n";
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: globals.h,v 1.72 2007/06/19 23:46:59 tbox Exp $ */
/* $Id: globals.h,v 1.73 2007/09/26 03:22:43 marka Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
......@@ -114,6 +114,7 @@ EXTERN const char * ns_g_username INIT(NULL);
EXTERN int ns_g_listen INIT(3);
EXTERN isc_time_t ns_g_boottime;
EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE);
#undef EXTERN
#undef INIT
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: interfacemgr.c,v 1.89 2007/06/18 23:47:18 tbox Exp $ */
/* $Id: interfacemgr.c,v 1.90 2007/09/12 01:09:07 each Exp $ */
/*! \file */
......@@ -483,7 +483,7 @@ static isc_result_t
clearacl(isc_mem_t *mctx, dns_acl_t **aclp) {
dns_acl_t *newacl = NULL;
isc_result_t result;
result = dns_acl_create(mctx, 10, &newacl);
result = dns_acl_create(mctx, 0, &newacl);
if (result != ISC_R_SUCCESS)
return (result);
dns_acl_detach(aclp);
......@@ -494,36 +494,31 @@ clearacl(isc_mem_t *mctx, dns_acl_t **aclp) {
static isc_boolean_t
listenon_is_ip6_any(ns_listenelt_t *elt) {
if (elt->acl->length != 1)
return (ISC_FALSE);
if (elt->acl->elements[0].negative == ISC_FALSE &&
elt->acl->elements[0].type == dns_aclelementtype_any)
return (ISC_TRUE); /* listen-on-v6 { any; } */
return (ISC_FALSE); /* All others */
REQUIRE(elt && elt->acl);
return dns_acl_isany(elt->acl);
}
static isc_result_t
setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
isc_result_t result;
dns_aclelement_t elt;
unsigned int family;
unsigned int prefixlen;
isc_netaddr_t *netaddr;
family = interface->address.family;
netaddr = &interface->address;
elt.type = dns_aclelementtype_ipprefix;
elt.negative = ISC_FALSE;
elt.u.ip_prefix.address = interface->address;
elt.u.ip_prefix.prefixlen = (family == AF_INET) ? 32 : 128;
result = dns_acl_appendelement(mgr->aclenv.localhost, &elt);
/* First add localhost address */
prefixlen = (netaddr->family == AF_INET) ? 32 : 128;
result = dns_iptable_addprefix(mgr->aclenv.localhost->iptable,
netaddr, prefixlen, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
/* Then add localnets prefix */
result = isc_netaddr_masktoprefixlen(&interface->netmask,
&prefixlen);
/* Non contigious netmasks not allowed by IPv6 arch. */
if (result != ISC_R_SUCCESS && family == AF_INET6)
if (result != ISC_R_SUCCESS && netaddr->family == AF_INET6)
return (result);
if (result != ISC_R_SUCCESS) {
......@@ -533,17 +528,14 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
"localnets ACL: %s",
interface->name,
isc_result_totext(result));
} else {
elt.u.ip_prefix.prefixlen = prefixlen;
if (dns_acl_elementmatch(mgr->aclenv.localnets, &elt,
NULL) == ISC_R_NOTFOUND) {
result = dns_acl_appendelement(mgr->aclenv.localnets,
&elt);
if (result != ISC_R_SUCCESS)
return (result);
}
return (ISC_R_SUCCESS);
}
result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
netaddr, prefixlen, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);