Import unbound 1.4.20
This commit is contained in:
parent
30c2432cb5
commit
35be22788f
115
Makefile.in
115
Makefile.in
@ -30,6 +30,7 @@ PYTHONMOD_INSTALL=@PYTHONMOD_INSTALL@
|
||||
PYTHONMOD_UNINSTALL=@PYTHONMOD_UNINSTALL@
|
||||
PYUNBOUND_INSTALL=@PYUNBOUND_INSTALL@
|
||||
PYUNBOUND_UNINSTALL=@PYUNBOUND_UNINSTALL@
|
||||
ALLTARGET=@ALLTARGET@
|
||||
|
||||
# _unbound.la if pyunbound enabled.
|
||||
PYUNBOUND_TARGET=@PYUNBOUND_TARGET@
|
||||
@ -99,7 +100,8 @@ util/storage/lruhash.c util/storage/slabhash.c util/timehist.c util/tube.c \
|
||||
util/winsock_event.c validator/autotrust.c validator/val_anchor.c \
|
||||
validator/validator.c validator/val_kcache.c validator/val_kentry.c \
|
||||
validator/val_neg.c validator/val_nsec3.c validator/val_nsec.c \
|
||||
validator/val_sigcrypt.c validator/val_utils.c $(CHECKLOCK_SRC)
|
||||
validator/val_secalgo.c validator/val_sigcrypt.c \
|
||||
validator/val_utils.c $(CHECKLOCK_SRC)
|
||||
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
|
||||
msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
|
||||
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
|
||||
@ -109,7 +111,7 @@ fptr_wlist.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
|
||||
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
|
||||
slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \
|
||||
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
|
||||
val_sigcrypt.lo val_utils.lo $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ)
|
||||
val_secalgo.lo val_sigcrypt.lo val_utils.lo $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ)
|
||||
COMMON_OBJ=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
|
||||
outside_network.lo
|
||||
# set to $COMMON_OBJ or to "" if --enableallsymbols
|
||||
@ -227,9 +229,11 @@ COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS)
|
||||
LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS)
|
||||
LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(staticexe) -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined
|
||||
|
||||
.PHONY: clean realclean doc lint all install uninstall tests test strip lib longtest longcheck check
|
||||
.PHONY: clean realclean doc lint all install uninstall tests test strip lib longtest longcheck check alltargets
|
||||
|
||||
all: $(COMMON_OBJ) unbound$(EXEEXT) unbound-checkconf$(EXEEXT) lib unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup $(WINAPPS) $(PYUNBOUND_TARGET)
|
||||
all: $(COMMON_OBJ) $(ALLTARGET)
|
||||
|
||||
alltargets: unbound$(EXEEXT) unbound-checkconf$(EXEEXT) lib unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup $(WINAPPS) $(PYUNBOUND_TARGET)
|
||||
|
||||
# compat with BSD make, register suffix, and an implicit rule to actualise it.
|
||||
.SUFFIXES: .lo
|
||||
@ -358,7 +362,7 @@ pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
|
||||
pythonmod/interface.h: $(srcdir)/pythonmod/interface.i $(srcdir)/config.h
|
||||
pythonmod/interface.h: $(srcdir)/pythonmod/interface.i config.h
|
||||
@-if test ! -d pythonmod; then $(INSTALL) -d pythonmod; fi
|
||||
$(SWIG) $(CPPFLAGS) -o $@ -python $(srcdir)/pythonmod/interface.i
|
||||
|
||||
@ -389,12 +393,14 @@ clean:
|
||||
rm -f *.o *.d *.lo *~ tags
|
||||
rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup libunbound.la
|
||||
rm -f $(ALL_SRC:.c=.lint)
|
||||
rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py
|
||||
rm -rf autom4te.cache .libs build doc/html doc/xml
|
||||
|
||||
realclean: clean
|
||||
rm -f config.status config.log config.h.in config.h
|
||||
rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool
|
||||
rm -f util/configlexer.c util/configparser.c util/configparser.h
|
||||
rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5
|
||||
rm -f $(TEST_BIN)
|
||||
rm -f Makefile
|
||||
|
||||
@ -439,7 +445,7 @@ pythonmod-install:
|
||||
|
||||
pyunbound-install:
|
||||
$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
|
||||
$(INSTALL) -c -m 644 libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py
|
||||
$(INSTALL) -c -m 644 $(srcdir)/libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py
|
||||
$(LIBTOOL) --mode=install cp _unbound.la $(DESTDIR)$(PYTHON_SITE_PKG)
|
||||
$(LIBTOOL) --mode=finish $(DESTDIR)$(PYTHON_SITE_PKG)
|
||||
|
||||
@ -464,6 +470,16 @@ install: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL)
|
||||
$(INSTALL) -c -m 644 doc/unbound.conf.5 $(DESTDIR)$(mandir)/man5
|
||||
$(INSTALL) -c -m 644 $(srcdir)/doc/unbound-host.1 $(DESTDIR)$(mandir)/man1
|
||||
$(INSTALL) -c -m 644 doc/libunbound.3 $(DESTDIR)$(mandir)/man3
|
||||
for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete \
|
||||
ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd \
|
||||
ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file \
|
||||
ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async \
|
||||
ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel \
|
||||
ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add \
|
||||
ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; \
|
||||
do \
|
||||
echo ".so man3/libunbound.3" > $(DESTDIR)$(mandir)/man3/$$mpage.3 ; \
|
||||
done
|
||||
$(INSTALL) -c -m 755 unbound-control-setup $(DESTDIR)$(sbindir)/unbound-control-setup
|
||||
if test ! -e $(DESTDIR)$(configfile); then $(INSTALL) -d `dirname $(DESTDIR)$(configfile)`; $(INSTALL) -c -m 644 doc/example.conf $(DESTDIR)$(configfile); fi
|
||||
$(LIBTOOL) --mode=install cp $(srcdir)/libunbound/unbound.h $(DESTDIR)$(includedir)/unbound.h
|
||||
@ -481,6 +497,16 @@ uninstall: $(PYTHONMOD_UNINSTALL) $(PYUNBOUND_UNINSTALL)
|
||||
rm -f -- $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-host$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-anchor$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control-setup
|
||||
rm -f -- $(DESTDIR)$(mandir)/man8/unbound.8 $(DESTDIR)$(mandir)/man8/unbound-checkconf.8 $(DESTDIR)$(mandir)/man5/unbound.conf.5 $(DESTDIR)$(mandir)/man8/unbound-control.8 $(DESTDIR)$(mandir)/man8/unbound-anchor.8
|
||||
rm -f -- $(DESTDIR)$(mandir)/man1/unbound-host.1 $(DESTDIR)$(mandir)/man3/libunbound.3
|
||||
for mpage in ub_ctx ub_result ub_ctx_create ub_ctx_delete \
|
||||
ub_ctx_set_option ub_ctx_get_option ub_ctx_config ub_ctx_set_fwd \
|
||||
ub_ctx_resolvconf ub_ctx_hosts ub_ctx_add_ta ub_ctx_add_ta_file \
|
||||
ub_ctx_trustedkeys ub_ctx_debugout ub_ctx_debuglevel ub_ctx_async \
|
||||
ub_poll ub_wait ub_fd ub_process ub_resolve ub_resolve_async ub_cancel \
|
||||
ub_resolve_free ub_strerror ub_ctx_print_local_zones ub_ctx_zone_add \
|
||||
ub_ctx_zone_remove ub_ctx_data_add ub_ctx_data_remove; \
|
||||
do \
|
||||
rm -f -- $(DESTDIR)$(mandir)/man3/$$mpage.3 ; \
|
||||
done
|
||||
rm -f -- $(DESTDIR)$(includedir)/unbound.h
|
||||
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libunbound.la
|
||||
@echo
|
||||
@ -562,9 +588,8 @@ msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/net_help.h
|
||||
msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h \
|
||||
$(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lookup3.h \
|
||||
$(srcdir)/util/regional.h
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h
|
||||
msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h \
|
||||
$(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \
|
||||
@ -669,7 +694,7 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service
|
||||
$(srcdir)/util/fptr_wlist.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \
|
||||
$(srcdir)/validator/val_utils.h $(PYTHONMOD_HEADER)
|
||||
$(srcdir)/validator/val_utils.h
|
||||
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/netevent.h \
|
||||
@ -710,8 +735,8 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
|
||||
$(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/daemon/worker.h $(srcdir)/util/alloc.h $(srcdir)/daemon/stats.h \
|
||||
$(srcdir)/util/timehist.h $(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/util/alloc.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \
|
||||
@ -719,19 +744,12 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
|
||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \
|
||||
$(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/util/config_file.h $(PYTHONMOD_HEADER)
|
||||
$(srcdir)/util/config_file.h
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
|
||||
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/locks.h
|
||||
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/tube.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h
|
||||
module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/msgreply.h \
|
||||
@ -744,7 +762,7 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/modstack.h \
|
||||
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||
|
||||
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h \
|
||||
$(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
@ -762,8 +780,7 @@ rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
|
||||
regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/regional.h
|
||||
rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/util/log.h \
|
||||
|
||||
rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h
|
||||
dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h \
|
||||
@ -848,12 +865,16 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
|
||||
val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h \
|
||||
$(srcdir)/validator/val_secalgo.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
|
||||
val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \
|
||||
|
||||
val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
@ -863,7 +884,7 @@ val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/val
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/regional.h
|
||||
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/testcode/checklocks.h
|
||||
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h \
|
||||
@ -904,11 +925,11 @@ unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/u
|
||||
$(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h \
|
||||
$(srcdir)/validator/val_nsec.h \
|
||||
$(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/testcode/ldns-testpkts.h \
|
||||
$(srcdir)/validator/val_secalgo.h \
|
||||
$(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/validator/val_utils.h $(srcdir)/testcode/ldns-testpkts.h \
|
||||
$(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/regional.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h
|
||||
readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h \
|
||||
@ -924,13 +945,12 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \
|
||||
$(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/util/netevent.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/daemon/stats.h \
|
||||
$(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \
|
||||
$(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h \
|
||||
$(srcdir)/util/storage/dnstree.h
|
||||
$(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h \
|
||||
$(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h
|
||||
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||
$(srcdir)/daemon/daemon.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h $(srcdir)/daemon/worker.h \
|
||||
@ -940,7 +960,7 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h
|
||||
$(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h
|
||||
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \
|
||||
$(srcdir)/daemon/remote.h \
|
||||
$(srcdir)/daemon/worker.h $(srcdir)/util/netevent.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h \
|
||||
@ -971,8 +991,7 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||
$(srcdir)/util/net_help.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h \
|
||||
$(srcdir)/util/log.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/util/netevent.h \
|
||||
@ -995,8 +1014,7 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
|
||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/net_help.h
|
||||
ldns-testpkts.lo ldns-testpkts.o: $(srcdir)/testcode/ldns-testpkts.c config.h \
|
||||
$(srcdir)/testcode/ldns-testpkts.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h \
|
||||
@ -1027,7 +1045,7 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \
|
||||
$(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h
|
||||
$(srcdir)/services/localzone.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h
|
||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h \
|
||||
$(srcdir)/daemon/stats.h \
|
||||
$(srcdir)/util/timehist.h $(srcdir)/daemon/worker.h $(srcdir)/util/netevent.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
@ -1085,7 +1103,7 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c
|
||||
$(srcdir)/util/regional.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \
|
||||
$(srcdir)/services/localzone.h $(PYTHONMOD_HEADER)
|
||||
$(srcdir)/services/localzone.h
|
||||
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/services/mesh.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h \
|
||||
@ -1160,8 +1178,7 @@ pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c conf
|
||||
$(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/netevent.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \
|
||||
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h
|
||||
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/alloc.h \
|
||||
|
294
aclocal.m4
vendored
294
aclocal.m4
vendored
@ -1,7 +1,7 @@
|
||||
# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.12.2 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2012 Free Software Foundation, Inc.
|
||||
|
||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
||||
# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
# with or without modifications, as long as this notice is preserved.
|
||||
@ -14,8 +14,8 @@
|
||||
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
|
||||
# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
|
||||
# Inc.
|
||||
# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Gordon Matzigkeit, 1996
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
@ -24,8 +24,8 @@
|
||||
|
||||
m4_define([_LT_COPYING], [dnl
|
||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
|
||||
# 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
|
||||
# Inc.
|
||||
# 2006, 2007, 2008, 2009, 2010, 2011 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Gordon Matzigkeit, 1996
|
||||
#
|
||||
# This file is part of GNU Libtool.
|
||||
@ -159,6 +159,8 @@ AC_REQUIRE([AC_CANONICAL_BUILD])dnl
|
||||
AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
|
||||
AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
|
||||
|
||||
_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
|
||||
dnl
|
||||
_LT_DECL([], [host_alias], [0], [The host system])dnl
|
||||
_LT_DECL([], [host], [0])dnl
|
||||
_LT_DECL([], [host_os], [0])dnl
|
||||
@ -644,7 +646,7 @@ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
|
||||
m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
|
||||
configured by $[0], generated by m4_PACKAGE_STRING.
|
||||
|
||||
Copyright (C) 2010 Free Software Foundation, Inc.
|
||||
Copyright (C) 2011 Free Software Foundation, Inc.
|
||||
This config.lt script is free software; the Free Software Foundation
|
||||
gives unlimited permision to copy, distribute and modify it."
|
||||
|
||||
@ -808,6 +810,7 @@ AC_DEFUN([LT_LANG],
|
||||
m4_case([$1],
|
||||
[C], [_LT_LANG(C)],
|
||||
[C++], [_LT_LANG(CXX)],
|
||||
[Go], [_LT_LANG(GO)],
|
||||
[Java], [_LT_LANG(GCJ)],
|
||||
[Fortran 77], [_LT_LANG(F77)],
|
||||
[Fortran], [_LT_LANG(FC)],
|
||||
@ -829,6 +832,29 @@ m4_defun([_LT_LANG],
|
||||
])# _LT_LANG
|
||||
|
||||
|
||||
m4_ifndef([AC_PROG_GO], [
|
||||
# NOTE: This macro has been submitted for inclusion into #
|
||||
# GNU Autoconf as AC_PROG_GO. When it is available in #
|
||||
# a released version of Autoconf we should remove this #
|
||||
# macro and use it instead. #
|
||||
m4_defun([AC_PROG_GO],
|
||||
[AC_LANG_PUSH(Go)dnl
|
||||
AC_ARG_VAR([GOC], [Go compiler command])dnl
|
||||
AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
|
||||
_AC_ARG_VAR_LDFLAGS()dnl
|
||||
AC_CHECK_TOOL(GOC, gccgo)
|
||||
if test -z "$GOC"; then
|
||||
if test -n "$ac_tool_prefix"; then
|
||||
AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
|
||||
fi
|
||||
fi
|
||||
if test -z "$GOC"; then
|
||||
AC_CHECK_PROG(GOC, gccgo, gccgo, false)
|
||||
fi
|
||||
])#m4_defun
|
||||
])#m4_ifndef
|
||||
|
||||
|
||||
# _LT_LANG_DEFAULT_CONFIG
|
||||
# -----------------------
|
||||
m4_defun([_LT_LANG_DEFAULT_CONFIG],
|
||||
@ -859,6 +885,10 @@ AC_PROVIDE_IFELSE([AC_PROG_GCJ],
|
||||
m4_ifdef([LT_PROG_GCJ],
|
||||
[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
|
||||
|
||||
AC_PROVIDE_IFELSE([AC_PROG_GO],
|
||||
[LT_LANG(GO)],
|
||||
[m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
|
||||
|
||||
AC_PROVIDE_IFELSE([LT_PROG_RC],
|
||||
[LT_LANG(RC)],
|
||||
[m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
|
||||
@ -961,7 +991,13 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
|
||||
$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
|
||||
-dynamiclib -Wl,-single_module conftest.c 2>conftest.err
|
||||
_lt_result=$?
|
||||
if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
|
||||
# If there is a non-empty error log, and "single_module"
|
||||
# appears in it, assume the flag caused a linker warning
|
||||
if test -s conftest.err && $GREP single_module conftest.err; then
|
||||
cat conftest.err >&AS_MESSAGE_LOG_FD
|
||||
# Otherwise, if the output was created with a 0 exit code from
|
||||
# the compiler, it worked.
|
||||
elif test -f libconftest.dylib && test $_lt_result -eq 0; then
|
||||
lt_cv_apple_cc_single_mod=yes
|
||||
else
|
||||
cat conftest.err >&AS_MESSAGE_LOG_FD
|
||||
@ -969,6 +1005,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
|
||||
rm -rf libconftest.dylib*
|
||||
rm -f conftest.*
|
||||
fi])
|
||||
|
||||
AC_CACHE_CHECK([for -exported_symbols_list linker flag],
|
||||
[lt_cv_ld_exported_symbols_list],
|
||||
[lt_cv_ld_exported_symbols_list=no
|
||||
@ -980,6 +1017,7 @@ m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
|
||||
[lt_cv_ld_exported_symbols_list=no])
|
||||
LDFLAGS="$save_LDFLAGS"
|
||||
])
|
||||
|
||||
AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
|
||||
[lt_cv_ld_force_load=no
|
||||
cat > conftest.c << _LT_EOF
|
||||
@ -997,7 +1035,9 @@ _LT_EOF
|
||||
echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
|
||||
$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
|
||||
_lt_result=$?
|
||||
if test -f conftest && test ! -s conftest.err && test $_lt_result = 0 && $GREP forced_load conftest 2>&1 >/dev/null; then
|
||||
if test -s conftest.err && $GREP force_load conftest.err; then
|
||||
cat conftest.err >&AS_MESSAGE_LOG_FD
|
||||
elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then
|
||||
lt_cv_ld_force_load=yes
|
||||
else
|
||||
cat conftest.err >&AS_MESSAGE_LOG_FD
|
||||
@ -1042,8 +1082,8 @@ _LT_EOF
|
||||
])
|
||||
|
||||
|
||||
# _LT_DARWIN_LINKER_FEATURES
|
||||
# --------------------------
|
||||
# _LT_DARWIN_LINKER_FEATURES([TAG])
|
||||
# ---------------------------------
|
||||
# Checks for linker and compiler features on darwin
|
||||
m4_defun([_LT_DARWIN_LINKER_FEATURES],
|
||||
[
|
||||
@ -1054,6 +1094,8 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
|
||||
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
|
||||
if test "$lt_cv_ld_force_load" = "yes"; then
|
||||
_LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
|
||||
m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
|
||||
[FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
|
||||
else
|
||||
_LT_TAGVAR(whole_archive_flag_spec, $1)=''
|
||||
fi
|
||||
@ -1337,14 +1379,27 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
||||
CFLAGS="$SAVE_CFLAGS"
|
||||
fi
|
||||
;;
|
||||
sparc*-*solaris*)
|
||||
*-*solaris*)
|
||||
# Find out which ABI we are using.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `/usr/bin/file conftest.o` in
|
||||
*64-bit*)
|
||||
case $lt_cv_prog_gnu_ld in
|
||||
yes*) LD="${LD-ld} -m elf64_sparc" ;;
|
||||
yes*)
|
||||
case $host in
|
||||
i?86-*-solaris*)
|
||||
LD="${LD-ld} -m elf_x86_64"
|
||||
;;
|
||||
sparc*-*-solaris*)
|
||||
LD="${LD-ld} -m elf64_sparc"
|
||||
;;
|
||||
esac
|
||||
# GNU ld 2.21 introduced _sol2 emulations. Use them if available.
|
||||
if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
|
||||
LD="${LD-ld}_sol2"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
|
||||
LD="${LD-ld} -64"
|
||||
@ -1421,13 +1476,13 @@ old_postuninstall_cmds=
|
||||
if test -n "$RANLIB"; then
|
||||
case $host_os in
|
||||
openbsd*)
|
||||
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
|
||||
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
|
||||
;;
|
||||
*)
|
||||
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
|
||||
old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
|
||||
;;
|
||||
esac
|
||||
old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
|
||||
old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
|
||||
fi
|
||||
|
||||
case $host_os in
|
||||
@ -1607,6 +1662,11 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
|
||||
lt_cv_sys_max_cmd_len=196608
|
||||
;;
|
||||
|
||||
os2*)
|
||||
# The test takes a long time on OS/2.
|
||||
lt_cv_sys_max_cmd_len=8192
|
||||
;;
|
||||
|
||||
osf*)
|
||||
# Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
|
||||
# due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
|
||||
@ -1646,7 +1706,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
|
||||
# If test is not a shell built-in, we'll probably end up computing a
|
||||
# maximum length that is only half of the actual maximum length, but
|
||||
# we can't tell.
|
||||
while { test "X"`func_fallback_echo "$teststring$teststring" 2>/dev/null` \
|
||||
while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \
|
||||
= "X$teststring$teststring"; } >/dev/null 2>&1 &&
|
||||
test $i != 17 # 1/2 MB should be enough
|
||||
do
|
||||
@ -2192,7 +2252,7 @@ need_version=unknown
|
||||
|
||||
case $host_os in
|
||||
aix3*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
|
||||
shlibpath_var=LIBPATH
|
||||
|
||||
@ -2201,7 +2261,7 @@ aix3*)
|
||||
;;
|
||||
|
||||
aix[[4-9]]*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
hardcode_into_libs=yes
|
||||
@ -2266,7 +2326,7 @@ beos*)
|
||||
;;
|
||||
|
||||
bsdi[[45]]*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
@ -2405,7 +2465,7 @@ m4_if([$1], [],[
|
||||
;;
|
||||
|
||||
dgux*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
|
||||
@ -2413,10 +2473,6 @@ dgux*)
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
;;
|
||||
|
||||
freebsd1*)
|
||||
dynamic_linker=no
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly*)
|
||||
# DragonFly does not have aout. When/if they implement a new
|
||||
# versioning mechanism, adjust this.
|
||||
@ -2424,7 +2480,7 @@ freebsd* | dragonfly*)
|
||||
objformat=`/usr/bin/objformat`
|
||||
else
|
||||
case $host_os in
|
||||
freebsd[[123]]*) objformat=aout ;;
|
||||
freebsd[[23]].*) objformat=aout ;;
|
||||
*) objformat=elf ;;
|
||||
esac
|
||||
fi
|
||||
@ -2442,7 +2498,7 @@ freebsd* | dragonfly*)
|
||||
esac
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
case $host_os in
|
||||
freebsd2*)
|
||||
freebsd2.*)
|
||||
shlibpath_overrides_runpath=yes
|
||||
;;
|
||||
freebsd3.[[01]]* | freebsdelf3.[[01]]*)
|
||||
@ -2462,17 +2518,18 @@ freebsd* | dragonfly*)
|
||||
;;
|
||||
|
||||
gnu*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
hardcode_into_libs=yes
|
||||
;;
|
||||
|
||||
haiku*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
dynamic_linker="$host_os runtime_loader"
|
||||
@ -2533,7 +2590,7 @@ hpux9* | hpux10* | hpux11*)
|
||||
;;
|
||||
|
||||
interix[[3-9]]*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
|
||||
@ -2549,7 +2606,7 @@ irix5* | irix6* | nonstopux*)
|
||||
nonstopux*) version_type=nonstopux ;;
|
||||
*)
|
||||
if test "$lt_cv_prog_gnu_ld" = yes; then
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
else
|
||||
version_type=irix
|
||||
fi ;;
|
||||
@ -2586,9 +2643,9 @@ linux*oldld* | linux*aout* | linux*coff*)
|
||||
dynamic_linker=no
|
||||
;;
|
||||
|
||||
# This must be Linux ELF.
|
||||
# This must be glibc/ELF.
|
||||
linux* | k*bsd*-gnu | kopensolaris*-gnu)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
@ -2655,7 +2712,7 @@ netbsd*)
|
||||
;;
|
||||
|
||||
newsos6)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=yes
|
||||
@ -2724,7 +2781,7 @@ rdos*)
|
||||
;;
|
||||
|
||||
solaris*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
@ -2749,7 +2806,7 @@ sunos4*)
|
||||
;;
|
||||
|
||||
sysv4 | sysv4.3*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
@ -2773,7 +2830,7 @@ sysv4 | sysv4.3*)
|
||||
|
||||
sysv4*MP*)
|
||||
if test -d /usr/nec ;then
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
|
||||
soname_spec='$libname${shared_ext}.$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
@ -2804,7 +2861,7 @@ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
|
||||
|
||||
tpf*)
|
||||
# TPF is a cross-target only. Preferred cross-host = GNU/Linux.
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
@ -2814,7 +2871,7 @@ tpf*)
|
||||
;;
|
||||
|
||||
uts4*)
|
||||
version_type=linux
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
@ -3236,7 +3293,7 @@ irix5* | irix6* | nonstopux*)
|
||||
lt_cv_deplibs_check_method=pass_all
|
||||
;;
|
||||
|
||||
# This must be Linux ELF.
|
||||
# This must be glibc/ELF.
|
||||
linux* | k*bsd*-gnu | kopensolaris*-gnu)
|
||||
lt_cv_deplibs_check_method=pass_all
|
||||
;;
|
||||
@ -3656,6 +3713,7 @@ for ac_symprfx in "" "_"; do
|
||||
# which start with @ or ?.
|
||||
lt_cv_sys_global_symbol_pipe="$AWK ['"\
|
||||
" {last_section=section; section=\$ 3};"\
|
||||
" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
|
||||
" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
|
||||
" \$ 0!~/External *\|/{next};"\
|
||||
" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
|
||||
@ -4240,7 +4298,9 @@ m4_if([$1], [CXX], [
|
||||
case $cc_basename in
|
||||
nvcc*) # Cuda Compiler Driver 2.2
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Xcompiler -fPIC'
|
||||
if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
else
|
||||
@ -4332,18 +4392,33 @@ m4_if([$1], [CXX], [
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
*Sun\ F* | *Sun*Fortran*)
|
||||
*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
|
||||
# Sun Fortran 8.3 passes all unrecognized flags to the linker
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)=''
|
||||
;;
|
||||
*Sun\ F* | *Sun*Fortran*)
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
|
||||
;;
|
||||
*Sun\ C*)
|
||||
# Sun C 5.9
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
|
||||
;;
|
||||
*Intel*\ [[CF]]*Compiler*)
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
|
||||
;;
|
||||
*Portland\ Group*)
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
@ -4503,7 +4578,9 @@ m4_if([$1], [CXX], [
|
||||
;;
|
||||
cygwin* | mingw* | cegcc*)
|
||||
case $cc_basename in
|
||||
cl*) ;;
|
||||
cl*)
|
||||
_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
|
||||
;;
|
||||
*)
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
|
||||
_LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
|
||||
@ -4528,7 +4605,6 @@ m4_if([$1], [CXX], [
|
||||
_LT_TAGVAR(hardcode_direct, $1)=no
|
||||
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_separator, $1)=
|
||||
_LT_TAGVAR(hardcode_minus_L, $1)=no
|
||||
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
|
||||
@ -4779,8 +4855,7 @@ _LT_EOF
|
||||
xlf* | bgf* | bgxlf* | mpixlf*)
|
||||
# IBM XL Fortran 10.1 on PPC cannot create shared libs itself
|
||||
_LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
|
||||
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
|
||||
if test "x$supports_anon_versioning" = xyes; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
@ -5075,6 +5150,7 @@ _LT_EOF
|
||||
# The linker will not automatically build a static lib if we build a DLL.
|
||||
# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
|
||||
# Don't use ranlib
|
||||
_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
|
||||
@ -5121,10 +5197,6 @@ _LT_EOF
|
||||
_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
|
||||
;;
|
||||
|
||||
freebsd1*)
|
||||
_LT_TAGVAR(ld_shlibs, $1)=no
|
||||
;;
|
||||
|
||||
# FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
|
||||
# support. Future versions do this automatically, but an explicit c++rt0.o
|
||||
# does not break anything, and helps significantly (at the cost of a little
|
||||
@ -5137,7 +5209,7 @@ _LT_EOF
|
||||
;;
|
||||
|
||||
# Unfortunately, older versions of FreeBSD 2 do not have this feature.
|
||||
freebsd2*)
|
||||
freebsd2.*)
|
||||
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
|
||||
_LT_TAGVAR(hardcode_direct, $1)=yes
|
||||
_LT_TAGVAR(hardcode_minus_L, $1)=yes
|
||||
@ -5176,7 +5248,6 @@ _LT_EOF
|
||||
fi
|
||||
if test "$with_gnu_ld" = no; then
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
|
||||
_LT_TAGVAR(hardcode_libdir_separator, $1)=:
|
||||
_LT_TAGVAR(hardcode_direct, $1)=yes
|
||||
_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
|
||||
@ -5618,9 +5689,6 @@ _LT_TAGDECL([], [no_undefined_flag], [1],
|
||||
_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
|
||||
[Flag to hardcode $libdir into a binary during linking.
|
||||
This must work even if $libdir does not exist])
|
||||
_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
|
||||
[[If ld is used when linking, flag to hardcode $libdir into a binary
|
||||
during linking. This must work even if $libdir does not exist]])
|
||||
_LT_TAGDECL([], [hardcode_libdir_separator], [1],
|
||||
[Whether we need a single "-rpath" flag with a separated argument])
|
||||
_LT_TAGDECL([], [hardcode_direct], [0],
|
||||
@ -5774,7 +5842,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_direct, $1)=no
|
||||
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_separator, $1)=
|
||||
_LT_TAGVAR(hardcode_minus_L, $1)=no
|
||||
_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
|
||||
@ -6144,7 +6211,7 @@ if test "$_lt_caught_CXX_error" != yes; then
|
||||
esac
|
||||
;;
|
||||
|
||||
freebsd[[12]]*)
|
||||
freebsd2.*)
|
||||
# C++ shared libraries reported to be fairly broken before
|
||||
# switch to ELF
|
||||
_LT_TAGVAR(ld_shlibs, $1)=no
|
||||
@ -6905,12 +6972,18 @@ public class foo {
|
||||
}
|
||||
};
|
||||
_LT_EOF
|
||||
], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
|
||||
package foo
|
||||
func foo() {
|
||||
}
|
||||
_LT_EOF
|
||||
])
|
||||
|
||||
_lt_libdeps_save_CFLAGS=$CFLAGS
|
||||
case "$CC $CFLAGS " in #(
|
||||
*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
|
||||
*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
|
||||
*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
|
||||
esac
|
||||
|
||||
dnl Parse the compiler output and extract the necessary
|
||||
@ -7107,7 +7180,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_direct, $1)=no
|
||||
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_separator, $1)=
|
||||
_LT_TAGVAR(hardcode_minus_L, $1)=no
|
||||
_LT_TAGVAR(hardcode_automatic, $1)=no
|
||||
@ -7240,7 +7312,6 @@ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_direct, $1)=no
|
||||
_LT_TAGVAR(hardcode_direct_absolute, $1)=no
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
|
||||
_LT_TAGVAR(hardcode_libdir_separator, $1)=
|
||||
_LT_TAGVAR(hardcode_minus_L, $1)=no
|
||||
_LT_TAGVAR(hardcode_automatic, $1)=no
|
||||
@ -7423,6 +7494,73 @@ CFLAGS=$lt_save_CFLAGS
|
||||
])# _LT_LANG_GCJ_CONFIG
|
||||
|
||||
|
||||
# _LT_LANG_GO_CONFIG([TAG])
|
||||
# --------------------------
|
||||
# Ensure that the configuration variables for the GNU Go compiler
|
||||
# are suitably defined. These variables are subsequently used by _LT_CONFIG
|
||||
# to write the compiler configuration to `libtool'.
|
||||
m4_defun([_LT_LANG_GO_CONFIG],
|
||||
[AC_REQUIRE([LT_PROG_GO])dnl
|
||||
AC_LANG_SAVE
|
||||
|
||||
# Source file extension for Go test sources.
|
||||
ac_ext=go
|
||||
|
||||
# Object file extension for compiled Go test sources.
|
||||
objext=o
|
||||
_LT_TAGVAR(objext, $1)=$objext
|
||||
|
||||
# Code to be used in simple compile tests
|
||||
lt_simple_compile_test_code="package main; func main() { }"
|
||||
|
||||
# Code to be used in simple link tests
|
||||
lt_simple_link_test_code='package main; func main() { }'
|
||||
|
||||
# ltmain only uses $CC for tagged configurations so make sure $CC is set.
|
||||
_LT_TAG_COMPILER
|
||||
|
||||
# save warnings/boilerplate of simple test code
|
||||
_LT_COMPILER_BOILERPLATE
|
||||
_LT_LINKER_BOILERPLATE
|
||||
|
||||
# Allow CC to be a program name with arguments.
|
||||
lt_save_CC=$CC
|
||||
lt_save_CFLAGS=$CFLAGS
|
||||
lt_save_GCC=$GCC
|
||||
GCC=yes
|
||||
CC=${GOC-"gccgo"}
|
||||
CFLAGS=$GOFLAGS
|
||||
compiler=$CC
|
||||
_LT_TAGVAR(compiler, $1)=$CC
|
||||
_LT_TAGVAR(LD, $1)="$LD"
|
||||
_LT_CC_BASENAME([$compiler])
|
||||
|
||||
# Go did not exist at the time GCC didn't implicitly link libc in.
|
||||
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
|
||||
|
||||
_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
|
||||
_LT_TAGVAR(reload_flag, $1)=$reload_flag
|
||||
_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
|
||||
|
||||
if test -n "$compiler"; then
|
||||
_LT_COMPILER_NO_RTTI($1)
|
||||
_LT_COMPILER_PIC($1)
|
||||
_LT_COMPILER_C_O($1)
|
||||
_LT_COMPILER_FILE_LOCKS($1)
|
||||
_LT_LINKER_SHLIBS($1)
|
||||
_LT_LINKER_HARDCODE_LIBPATH($1)
|
||||
|
||||
_LT_CONFIG($1)
|
||||
fi
|
||||
|
||||
AC_LANG_RESTORE
|
||||
|
||||
GCC=$lt_save_GCC
|
||||
CC=$lt_save_CC
|
||||
CFLAGS=$lt_save_CFLAGS
|
||||
])# _LT_LANG_GO_CONFIG
|
||||
|
||||
|
||||
# _LT_LANG_RC_CONFIG([TAG])
|
||||
# -------------------------
|
||||
# Ensure that the configuration variables for the Windows resource compiler
|
||||
@ -7492,6 +7630,13 @@ dnl aclocal-1.4 backwards compatibility:
|
||||
dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
|
||||
|
||||
|
||||
# LT_PROG_GO
|
||||
# ----------
|
||||
AC_DEFUN([LT_PROG_GO],
|
||||
[AC_CHECK_TOOL(GOC, gccgo,)
|
||||
])
|
||||
|
||||
|
||||
# LT_PROG_RC
|
||||
# ----------
|
||||
AC_DEFUN([LT_PROG_RC],
|
||||
@ -8156,9 +8301,24 @@ dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
|
||||
# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
|
||||
m4_define([_LT_WITH_PIC],
|
||||
[AC_ARG_WITH([pic],
|
||||
[AS_HELP_STRING([--with-pic],
|
||||
[AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
|
||||
[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
|
||||
[pic_mode="$withval"],
|
||||
[lt_p=${PACKAGE-default}
|
||||
case $withval in
|
||||
yes|no) pic_mode=$withval ;;
|
||||
*)
|
||||
pic_mode=default
|
||||
# Look at the argument we got. We use all the common list separators.
|
||||
lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
|
||||
for lt_pkg in $withval; do
|
||||
IFS="$lt_save_ifs"
|
||||
if test "X$lt_pkg" = "X$lt_p"; then
|
||||
pic_mode=yes
|
||||
fi
|
||||
done
|
||||
IFS="$lt_save_ifs"
|
||||
;;
|
||||
esac],
|
||||
[pic_mode=default])
|
||||
|
||||
test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
|
||||
@ -8330,15 +8490,15 @@ m4_define([lt_dict_filter],
|
||||
|
||||
# @configure_input@
|
||||
|
||||
# serial 3293 ltversion.m4
|
||||
# serial 3337 ltversion.m4
|
||||
# This file is part of GNU Libtool
|
||||
|
||||
m4_define([LT_PACKAGE_VERSION], [2.4])
|
||||
m4_define([LT_PACKAGE_REVISION], [1.3293])
|
||||
m4_define([LT_PACKAGE_VERSION], [2.4.2])
|
||||
m4_define([LT_PACKAGE_REVISION], [1.3337])
|
||||
|
||||
AC_DEFUN([LTVERSION_VERSION],
|
||||
[macro_version='2.4'
|
||||
macro_revision='1.3293'
|
||||
[macro_version='2.4.2'
|
||||
macro_revision='1.3337'
|
||||
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
|
||||
_LT_DECL(, macro_revision, 0)
|
||||
])
|
||||
|
@ -164,8 +164,11 @@ $ac_distutils_result])
|
||||
AC_MSG_CHECKING([consistency of all components of python development environment])
|
||||
AC_LANG_PUSH([C])
|
||||
# save current global flags
|
||||
LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
|
||||
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
|
||||
ac_save_LIBS="$LIBS"
|
||||
ac_save_CPPFLAGS="$CPPFLAGS"
|
||||
|
||||
LIBS="$LIBS $PYTHON_LDFLAGS"
|
||||
CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
|
||||
AC_TRY_LINK([
|
||||
#include <Python.h>
|
||||
],[
|
||||
|
261
config.guess
vendored
261
config.guess
vendored
@ -1,10 +1,10 @@
|
||||
#! /bin/sh
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
|
||||
# Free Software Foundation, Inc.
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
# 2011, 2012 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2009-11-20'
|
||||
timestamp='2012-06-10'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
@ -17,9 +17,7 @@ timestamp='2009-11-20'
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
@ -56,8 +54,9 @@ version="\
|
||||
GNU config.guess ($timestamp)
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
|
||||
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
|
||||
Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@ -144,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
|
||||
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
*:NetBSD:*:*)
|
||||
# NetBSD (nbsd) targets should (where applicable) match one or
|
||||
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
|
||||
# switched to ELF, *-*-netbsd* would select the old
|
||||
# object file format. This provides both forward
|
||||
@ -180,7 +179,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
os=netbsd
|
||||
os=netbsd
|
||||
;;
|
||||
esac
|
||||
# The OS release
|
||||
@ -223,7 +222,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
|
||||
;;
|
||||
*5.*)
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
;;
|
||||
esac
|
||||
# According to Compaq, /usr/sbin/psrinfo has been available on
|
||||
@ -269,7 +268,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
# A Xn.n version is an unreleased experimental baselevel.
|
||||
# 1.2 uses "1.2" for uname -r.
|
||||
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
exit ;;
|
||||
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
|
||||
exitcode=$?
|
||||
trap '' 0
|
||||
exit $exitcode ;;
|
||||
Alpha\ *:Windows_NT*:*)
|
||||
# How do we know it's Interix rather than the generic POSIX subsystem?
|
||||
# Should we change UNAME_MACHINE based on the output of uname instead
|
||||
@ -295,7 +297,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
echo s390-ibm-zvmoe
|
||||
exit ;;
|
||||
*:OS400:*:*)
|
||||
echo powerpc-ibm-os400
|
||||
echo powerpc-ibm-os400
|
||||
exit ;;
|
||||
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
|
||||
echo arm-acorn-riscix${UNAME_RELEASE}
|
||||
@ -394,23 +396,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
# MiNT. But MiNT is downward compatible to TOS, so this should
|
||||
# be no problem.
|
||||
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
exit ;;
|
||||
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
m68k:machten:*:*)
|
||||
echo m68k-apple-machten${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@ -480,8 +482,8 @@ EOF
|
||||
echo m88k-motorola-sysv3
|
||||
exit ;;
|
||||
AViiON:dgux:*:*)
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
|
||||
then
|
||||
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
|
||||
@ -494,7 +496,7 @@ EOF
|
||||
else
|
||||
echo i586-dg-dgux${UNAME_RELEASE}
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
|
||||
echo m88k-dolphin-sysv3
|
||||
exit ;;
|
||||
@ -551,7 +553,7 @@ EOF
|
||||
echo rs6000-ibm-aix3.2
|
||||
fi
|
||||
exit ;;
|
||||
*:AIX:*:[456])
|
||||
*:AIX:*:[4567])
|
||||
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
|
||||
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
|
||||
IBM_ARCH=rs6000
|
||||
@ -594,52 +596,52 @@ EOF
|
||||
9000/[678][0-9][0-9])
|
||||
if [ -x /usr/bin/getconf ]; then
|
||||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
|
||||
esac ;;
|
||||
esac
|
||||
esac ;;
|
||||
esac
|
||||
fi
|
||||
if [ "${HP_ARCH}" = "" ]; then
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
EOF
|
||||
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||
@ -730,22 +732,22 @@ EOF
|
||||
exit ;;
|
||||
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
|
||||
echo c1-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
|
||||
if getsysinfo -f scalar_acc
|
||||
then echo c32-convex-bsd
|
||||
else echo c2-convex-bsd
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
|
||||
echo c34-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
|
||||
echo c38-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
|
||||
echo c4-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
CRAY*Y-MP:*:*:*)
|
||||
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit ;;
|
||||
@ -769,14 +771,14 @@ EOF
|
||||
exit ;;
|
||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
5000:UNIX_System_V:4.*:*)
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
|
||||
@ -788,13 +790,12 @@ EOF
|
||||
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:FreeBSD:*:*)
|
||||
case ${UNAME_MACHINE} in
|
||||
pc98)
|
||||
echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
case ${UNAME_PROCESSOR} in
|
||||
amd64)
|
||||
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
*)
|
||||
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
esac
|
||||
exit ;;
|
||||
i*:CYGWIN*:*)
|
||||
@ -803,15 +804,18 @@ EOF
|
||||
*:MINGW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw32
|
||||
exit ;;
|
||||
i*:MSYS*:*)
|
||||
echo ${UNAME_MACHINE}-pc-msys
|
||||
exit ;;
|
||||
i*:windows32*:*)
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
exit ;;
|
||||
i*:PW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-pw32
|
||||
exit ;;
|
||||
*:Interix*:*)
|
||||
case ${UNAME_MACHINE} in
|
||||
case ${UNAME_MACHINE} in
|
||||
x86)
|
||||
echo i586-pc-interix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@ -857,6 +861,13 @@ EOF
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
exit ;;
|
||||
aarch64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
aarch64_be:Linux:*:*)
|
||||
UNAME_MACHINE=aarch64_be
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
|
||||
EV5) UNAME_MACHINE=alphaev5 ;;
|
||||
@ -866,7 +877,7 @@ EOF
|
||||
EV6) UNAME_MACHINE=alphaev6 ;;
|
||||
EV67) UNAME_MACHINE=alphaev67 ;;
|
||||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||
esac
|
||||
esac
|
||||
objdump --private-headers /bin/sh | grep -q ld.so.1
|
||||
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
|
||||
@ -878,20 +889,29 @@ EOF
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_PCS_VFP
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
|
||||
fi
|
||||
fi
|
||||
exit ;;
|
||||
avr32*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
cris:Linux:*:*)
|
||||
echo cris-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
exit ;;
|
||||
crisv32:Linux:*:*)
|
||||
echo crisv32-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
exit ;;
|
||||
frv:Linux:*:*)
|
||||
echo frv-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
hexagon:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
i*86:Linux:*:*)
|
||||
LIBC=gnu
|
||||
@ -933,7 +953,7 @@ EOF
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
|
||||
;;
|
||||
or32:Linux:*:*)
|
||||
echo or32-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
padre:Linux:*:*)
|
||||
echo sparc-unknown-linux-gnu
|
||||
@ -959,7 +979,7 @@ EOF
|
||||
echo ${UNAME_MACHINE}-ibm-linux
|
||||
exit ;;
|
||||
sh64*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
sh*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
@ -967,14 +987,17 @@ EOF
|
||||
sparc:Linux:*:* | sparc64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
tile*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
vax:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-dec-linux-gnu
|
||||
exit ;;
|
||||
x86_64:Linux:*:*)
|
||||
echo x86_64-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
xtensa*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
i*86:DYNIX/ptx:4*:*)
|
||||
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
|
||||
@ -983,11 +1006,11 @@ EOF
|
||||
echo i386-sequent-sysv4
|
||||
exit ;;
|
||||
i*86:UNIX_SV:4.2MP:2.*)
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# I just have to hope. -- rms.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
|
||||
exit ;;
|
||||
i*86:OS/2:*:*)
|
||||
@ -1019,7 +1042,7 @@ EOF
|
||||
fi
|
||||
exit ;;
|
||||
i*86:*:5:[678]*)
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
case `/bin/uname -X | grep "^Machine"` in
|
||||
*486*) UNAME_MACHINE=i486 ;;
|
||||
*Pentium) UNAME_MACHINE=i586 ;;
|
||||
@ -1047,13 +1070,13 @@ EOF
|
||||
exit ;;
|
||||
pc:*:*:*)
|
||||
# Left here for compatibility:
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# Note: whatever this is, it MUST be the same as what config.sub
|
||||
# prints for the "djgpp" host, or else GDB configury will decide that
|
||||
# this is a cross-build.
|
||||
echo i586-pc-msdosdjgpp
|
||||
exit ;;
|
||||
exit ;;
|
||||
Intel:Mach:3*:*)
|
||||
echo i386-pc-mach3
|
||||
exit ;;
|
||||
@ -1088,8 +1111,8 @@ EOF
|
||||
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
|
||||
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
|
||||
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4; exit; } ;;
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4; exit; } ;;
|
||||
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
|
||||
OS_REL='.3'
|
||||
test -r /etc/.relid \
|
||||
@ -1132,10 +1155,10 @@ EOF
|
||||
echo ns32k-sni-sysv
|
||||
fi
|
||||
exit ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit ;;
|
||||
*:UNIX_System_V:4*:FTX*)
|
||||
# From Gerald Hewes <hewes@openmarket.com>.
|
||||
# How about differentiating between stratus architectures? -djm
|
||||
@ -1161,11 +1184,11 @@ EOF
|
||||
exit ;;
|
||||
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
|
||||
if [ -d /usr/nec ]; then
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
else
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
|
||||
echo powerpc-be-beos
|
||||
exit ;;
|
||||
@ -1230,7 +1253,10 @@ EOF
|
||||
*:QNX:*:4*)
|
||||
echo i386-pc-qnx
|
||||
exit ;;
|
||||
NSE-?:NONSTOP_KERNEL:*:*)
|
||||
NEO-?:NONSTOP_KERNEL:*:*)
|
||||
echo neo-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSE-*:NONSTOP_KERNEL:*:*)
|
||||
echo nse-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSR-?:NONSTOP_KERNEL:*:*)
|
||||
@ -1275,13 +1301,13 @@ EOF
|
||||
echo pdp10-unknown-its
|
||||
exit ;;
|
||||
SEI:*:*:SEIUX)
|
||||
echo mips-sei-seiux${UNAME_RELEASE}
|
||||
echo mips-sei-seiux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:DragonFly:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
|
||||
exit ;;
|
||||
*:*VMS:*:*)
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
case "${UNAME_MACHINE}" in
|
||||
A*) echo alpha-dec-vms ; exit ;;
|
||||
I*) echo ia64-dec-vms ; exit ;;
|
||||
@ -1299,6 +1325,9 @@ EOF
|
||||
i*86:AROS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-aros
|
||||
exit ;;
|
||||
x86_64:VMkernel:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-esx
|
||||
exit ;;
|
||||
esac
|
||||
|
||||
#echo '(No uname command or uname output not recognized.)' 1>&2
|
||||
@ -1321,11 +1350,11 @@ main ()
|
||||
#include <sys/param.h>
|
||||
printf ("m68k-sony-newsos%s\n",
|
||||
#ifdef NEWSOS4
|
||||
"4"
|
||||
"4"
|
||||
#else
|
||||
""
|
||||
""
|
||||
#endif
|
||||
); exit (0);
|
||||
); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
11
config.h.in
11
config.h.in
@ -106,6 +106,9 @@
|
||||
/* Define to 1 if you have the `fcntl' function. */
|
||||
#undef HAVE_FCNTL
|
||||
|
||||
/* Define to 1 if you have the `FIPS_mode' function. */
|
||||
#undef HAVE_FIPS_MODE
|
||||
|
||||
/* Define to 1 if you have the `fork' function. */
|
||||
#undef HAVE_FORK
|
||||
|
||||
@ -193,6 +196,9 @@
|
||||
/* Define to 1 if you have the <netinet/in.h> header file. */
|
||||
#undef HAVE_NETINET_IN_H
|
||||
|
||||
/* Use libnss for crypto */
|
||||
#undef HAVE_NSS
|
||||
|
||||
/* Define to 1 if you have the `OPENSSL_config' function. */
|
||||
#undef HAVE_OPENSSL_CONFIG
|
||||
|
||||
@ -543,6 +549,11 @@
|
||||
`char[]'. */
|
||||
#undef YYTEXT_POINTER
|
||||
|
||||
/* Enable large inode numbers on Mac OS X 10.5. */
|
||||
#ifndef _DARWIN_USE_64_BIT_INODE
|
||||
# define _DARWIN_USE_64_BIT_INODE 1
|
||||
#endif
|
||||
|
||||
/* Number of bits in a file offset, on hosts where this is settable. */
|
||||
#undef _FILE_OFFSET_BITS
|
||||
|
||||
|
213
config.sub
vendored
213
config.sub
vendored
@ -1,10 +1,10 @@
|
||||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
|
||||
# Free Software Foundation, Inc.
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
# 2011, 2012 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2009-11-20'
|
||||
timestamp='2012-04-18'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
@ -21,9 +21,7 @@ timestamp='2009-11-20'
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
@ -75,8 +73,9 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
|
||||
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
|
||||
Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@ -123,13 +122,18 @@ esac
|
||||
# Here we must recognize all the valid KERNEL-OS combinations.
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
|
||||
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
|
||||
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
|
||||
linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
|
||||
knetbsd*-gnu* | netbsd*-gnu* | \
|
||||
kopensolaris*-gnu* | \
|
||||
storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
os=-$maybe_os
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
|
||||
;;
|
||||
android-linux)
|
||||
os=-linux-android
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
|
||||
;;
|
||||
*)
|
||||
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
|
||||
if [ $basic_machine != $1 ]
|
||||
@ -156,8 +160,8 @@ case $os in
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
-bluegene*)
|
||||
os=-cnk
|
||||
-bluegene*)
|
||||
os=-cnk
|
||||
;;
|
||||
-sim | -cisco | -oki | -wec | -winbond)
|
||||
os=
|
||||
@ -173,10 +177,10 @@ case $os in
|
||||
os=-chorusos
|
||||
basic_machine=$1
|
||||
;;
|
||||
-chorusrdb)
|
||||
os=-chorusrdb
|
||||
-chorusrdb)
|
||||
os=-chorusrdb
|
||||
basic_machine=$1
|
||||
;;
|
||||
;;
|
||||
-hiux*)
|
||||
os=-hiuxwe2
|
||||
;;
|
||||
@ -221,6 +225,12 @@ case $os in
|
||||
-isc*)
|
||||
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
|
||||
;;
|
||||
-lynx*178)
|
||||
os=-lynxos178
|
||||
;;
|
||||
-lynx*5)
|
||||
os=-lynxos5
|
||||
;;
|
||||
-lynx*)
|
||||
os=-lynxos
|
||||
;;
|
||||
@ -245,17 +255,22 @@ case $basic_machine in
|
||||
# Some are omitted here because they have special meanings below.
|
||||
1750a | 580 \
|
||||
| a29k \
|
||||
| aarch64 | aarch64_be \
|
||||
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| am33_2.0 \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
|
||||
| be32 | be64 \
|
||||
| bfin \
|
||||
| c4x | clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
| epiphany \
|
||||
| fido | fr30 | frv \
|
||||
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
|
||||
| hexagon \
|
||||
| i370 | i860 | i960 | ia64 \
|
||||
| ip2k | iq2000 \
|
||||
| le32 | le64 \
|
||||
| lm32 \
|
||||
| m32c | m32r | m32rle | m68000 | m68k | m88k \
|
||||
| maxq | mb | microblaze | mcore | mep | metag \
|
||||
@ -281,29 +296,39 @@ case $basic_machine in
|
||||
| moxie \
|
||||
| mt \
|
||||
| msp430 \
|
||||
| nds32 | nds32le | nds32be \
|
||||
| nios | nios2 \
|
||||
| ns16k | ns32k \
|
||||
| open8 \
|
||||
| or32 \
|
||||
| pdp10 | pdp11 | pj | pjl \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
|
||||
| powerpc | powerpc64 | powerpc64le | powerpcle \
|
||||
| pyramid \
|
||||
| rx \
|
||||
| rl78 | rx \
|
||||
| score \
|
||||
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh64 | sh64le \
|
||||
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
|
||||
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
|
||||
| spu | strongarm \
|
||||
| tahoe | thumb | tic4x | tic80 | tron \
|
||||
| spu \
|
||||
| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
|
||||
| ubicom32 \
|
||||
| v850 | v850e \
|
||||
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
|
||||
| we32k \
|
||||
| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
|
||||
| x86 | xc16x | xstormy16 | xtensa \
|
||||
| z8k | z80)
|
||||
basic_machine=$basic_machine-unknown
|
||||
;;
|
||||
m6811 | m68hc11 | m6812 | m68hc12 | picochip)
|
||||
# Motorola 68HC11/12.
|
||||
c54x)
|
||||
basic_machine=tic54x-unknown
|
||||
;;
|
||||
c55x)
|
||||
basic_machine=tic55x-unknown
|
||||
;;
|
||||
c6x)
|
||||
basic_machine=tic6x-unknown
|
||||
;;
|
||||
m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-none
|
||||
;;
|
||||
@ -313,6 +338,21 @@ case $basic_machine in
|
||||
basic_machine=mt-unknown
|
||||
;;
|
||||
|
||||
strongarm | thumb | xscale)
|
||||
basic_machine=arm-unknown
|
||||
;;
|
||||
xgate)
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-none
|
||||
;;
|
||||
xscaleeb)
|
||||
basic_machine=armeb-unknown
|
||||
;;
|
||||
|
||||
xscaleel)
|
||||
basic_machine=armel-unknown
|
||||
;;
|
||||
|
||||
# We use `pc' rather than `unknown'
|
||||
# because (1) that's what they normally are, and
|
||||
# (2) the word "unknown" tends to confuse beginning users.
|
||||
@ -327,21 +367,25 @@ case $basic_machine in
|
||||
# Recognize the basic CPU types with company name.
|
||||
580-* \
|
||||
| a29k-* \
|
||||
| aarch64-* | aarch64_be-* \
|
||||
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
|
||||
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* | avr32-* \
|
||||
| be32-* | be64-* \
|
||||
| bfin-* | bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* \
|
||||
| clipper-* | craynv-* | cydra-* \
|
||||
| d10v-* | d30v-* | dlx-* \
|
||||
| elxsi-* \
|
||||
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
|
||||
| h8300-* | h8500-* \
|
||||
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
|
||||
| hexagon-* \
|
||||
| i*86-* | i860-* | i960-* | ia64-* \
|
||||
| ip2k-* | iq2000-* \
|
||||
| le32-* | le64-* \
|
||||
| lm32-* \
|
||||
| m32c-* | m32r-* | m32rle-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
@ -367,25 +411,29 @@ case $basic_machine in
|
||||
| mmix-* \
|
||||
| mt-* \
|
||||
| msp430-* \
|
||||
| nds32-* | nds32le-* | nds32be-* \
|
||||
| nios-* | nios2-* \
|
||||
| none-* | np1-* | ns16k-* | ns32k-* \
|
||||
| open8-* \
|
||||
| orion-* \
|
||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
|
||||
| pyramid-* \
|
||||
| romp-* | rs6000-* | rx-* \
|
||||
| rl78-* | romp-* | rs6000-* | rx-* \
|
||||
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
|
||||
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
|
||||
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
|
||||
| sparclite-* \
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
|
||||
| tahoe-* | thumb-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
|
||||
| tahoe-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
|
||||
| tile*-* \
|
||||
| tron-* \
|
||||
| ubicom32-* \
|
||||
| v850-* | v850e-* | vax-* \
|
||||
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
|
||||
| vax-* \
|
||||
| we32k-* \
|
||||
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
|
||||
| x86-* | x86_64-* | xc16x-* | xps100-* \
|
||||
| xstormy16-* | xtensa*-* \
|
||||
| ymp-* \
|
||||
| z8k-* | z80-*)
|
||||
@ -410,7 +458,7 @@ case $basic_machine in
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
abacus)
|
||||
abacus)
|
||||
basic_machine=abacus-unknown
|
||||
;;
|
||||
adobe68k)
|
||||
@ -480,11 +528,20 @@ case $basic_machine in
|
||||
basic_machine=powerpc-ibm
|
||||
os=-cnk
|
||||
;;
|
||||
c54x-*)
|
||||
basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
c55x-*)
|
||||
basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
c6x-*)
|
||||
basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
c90)
|
||||
basic_machine=c90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
cegcc)
|
||||
cegcc)
|
||||
basic_machine=arm-unknown
|
||||
os=-cegcc
|
||||
;;
|
||||
@ -516,7 +573,7 @@ case $basic_machine in
|
||||
basic_machine=craynv-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
cr16)
|
||||
cr16 | cr16-*)
|
||||
basic_machine=cr16-unknown
|
||||
os=-elf
|
||||
;;
|
||||
@ -674,7 +731,6 @@ case $basic_machine in
|
||||
i370-ibm* | ibm*)
|
||||
basic_machine=i370-ibm
|
||||
;;
|
||||
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
|
||||
i*86v32)
|
||||
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
|
||||
os=-sysv32
|
||||
@ -732,7 +788,7 @@ case $basic_machine in
|
||||
basic_machine=ns32k-utek
|
||||
os=-sysv
|
||||
;;
|
||||
microblaze)
|
||||
microblaze)
|
||||
basic_machine=microblaze-xilinx
|
||||
;;
|
||||
mingw32)
|
||||
@ -771,10 +827,18 @@ case $basic_machine in
|
||||
ms1-*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
|
||||
;;
|
||||
msys)
|
||||
basic_machine=i386-pc
|
||||
os=-msys
|
||||
;;
|
||||
mvs)
|
||||
basic_machine=i370-ibm
|
||||
os=-mvs
|
||||
;;
|
||||
nacl)
|
||||
basic_machine=le32-unknown
|
||||
os=-nacl
|
||||
;;
|
||||
ncr3000)
|
||||
basic_machine=i486-ncr
|
||||
os=-sysv4
|
||||
@ -839,6 +903,12 @@ case $basic_machine in
|
||||
np1)
|
||||
basic_machine=np1-gould
|
||||
;;
|
||||
neo-tandem)
|
||||
basic_machine=neo-tandem
|
||||
;;
|
||||
nse-tandem)
|
||||
basic_machine=nse-tandem
|
||||
;;
|
||||
nsr-tandem)
|
||||
basic_machine=nsr-tandem
|
||||
;;
|
||||
@ -921,9 +991,10 @@ case $basic_machine in
|
||||
;;
|
||||
power) basic_machine=power-ibm
|
||||
;;
|
||||
ppc) basic_machine=powerpc-unknown
|
||||
ppc | ppcbe) basic_machine=powerpc-unknown
|
||||
;;
|
||||
ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
ppc-* | ppcbe-*)
|
||||
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
ppcle | powerpclittle | ppc-le | powerpc-little)
|
||||
basic_machine=powerpcle-unknown
|
||||
@ -1017,6 +1088,9 @@ case $basic_machine in
|
||||
basic_machine=i860-stratus
|
||||
os=-sysv4
|
||||
;;
|
||||
strongarm-* | thumb-*)
|
||||
basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
sun2)
|
||||
basic_machine=m68000-sun
|
||||
;;
|
||||
@ -1073,20 +1147,8 @@ case $basic_machine in
|
||||
basic_machine=t90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
tic54x | c54x*)
|
||||
basic_machine=tic54x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic55x | c55x*)
|
||||
basic_machine=tic55x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tic6x | c6x*)
|
||||
basic_machine=tic6x-unknown
|
||||
os=-coff
|
||||
;;
|
||||
tile*)
|
||||
basic_machine=tile-unknown
|
||||
basic_machine=$basic_machine-unknown
|
||||
os=-linux-gnu
|
||||
;;
|
||||
tx39)
|
||||
@ -1156,6 +1218,9 @@ case $basic_machine in
|
||||
xps | xps100)
|
||||
basic_machine=xps100-honeywell
|
||||
;;
|
||||
xscale-* | xscalee[bl]-*)
|
||||
basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
|
||||
;;
|
||||
ymp)
|
||||
basic_machine=ymp-cray
|
||||
os=-unicos
|
||||
@ -1253,11 +1318,11 @@ esac
|
||||
if [ x"$os" != x"" ]
|
||||
then
|
||||
case $os in
|
||||
# First match some system type aliases
|
||||
# that might get confused with valid system types.
|
||||
# First match some system type aliases
|
||||
# that might get confused with valid system types.
|
||||
# -solaris* is a basic system type, with this one exception.
|
||||
-auroraux)
|
||||
os=-auroraux
|
||||
-auroraux)
|
||||
os=-auroraux
|
||||
;;
|
||||
-solaris1 | -solaris1.*)
|
||||
os=`echo $os | sed -e 's|solaris1|sunos4|'`
|
||||
@ -1293,8 +1358,9 @@ case $os in
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* | -cegcc* \
|
||||
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
|
||||
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -linux-android* \
|
||||
| -linux-newlib* | -linux-uclibc* \
|
||||
| -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
@ -1341,7 +1407,7 @@ case $os in
|
||||
-opened*)
|
||||
os=-openedition
|
||||
;;
|
||||
-os400*)
|
||||
-os400*)
|
||||
os=-os400
|
||||
;;
|
||||
-wince*)
|
||||
@ -1390,7 +1456,7 @@ case $os in
|
||||
-sinix*)
|
||||
os=-sysv4
|
||||
;;
|
||||
-tpf*)
|
||||
-tpf*)
|
||||
os=-tpf
|
||||
;;
|
||||
-triton*)
|
||||
@ -1435,6 +1501,8 @@ case $os in
|
||||
-dicos*)
|
||||
os=-dicos
|
||||
;;
|
||||
-nacl*)
|
||||
;;
|
||||
-none)
|
||||
;;
|
||||
*)
|
||||
@ -1457,10 +1525,10 @@ else
|
||||
# system, and we'll never get to this point.
|
||||
|
||||
case $basic_machine in
|
||||
score-*)
|
||||
score-*)
|
||||
os=-elf
|
||||
;;
|
||||
spu-*)
|
||||
spu-*)
|
||||
os=-elf
|
||||
;;
|
||||
*-acorn)
|
||||
@ -1472,8 +1540,20 @@ case $basic_machine in
|
||||
arm*-semi)
|
||||
os=-aout
|
||||
;;
|
||||
c4x-* | tic4x-*)
|
||||
os=-coff
|
||||
c4x-* | tic4x-*)
|
||||
os=-coff
|
||||
;;
|
||||
hexagon-*)
|
||||
os=-elf
|
||||
;;
|
||||
tic54x-*)
|
||||
os=-coff
|
||||
;;
|
||||
tic55x-*)
|
||||
os=-coff
|
||||
;;
|
||||
tic6x-*)
|
||||
os=-coff
|
||||
;;
|
||||
# This must come before the *-dec entry.
|
||||
pdp10-*)
|
||||
@ -1493,14 +1573,11 @@ case $basic_machine in
|
||||
;;
|
||||
m68000-sun)
|
||||
os=-sunos3
|
||||
# This also exists in the configure program, but was not the
|
||||
# default.
|
||||
# os=-sunos4
|
||||
;;
|
||||
m68*-cisco)
|
||||
os=-aout
|
||||
;;
|
||||
mep-*)
|
||||
mep-*)
|
||||
os=-elf
|
||||
;;
|
||||
mips*-cisco)
|
||||
@ -1527,7 +1604,7 @@ case $basic_machine in
|
||||
*-ibm)
|
||||
os=-aix
|
||||
;;
|
||||
*-knuth)
|
||||
*-knuth)
|
||||
os=-mmixware
|
||||
;;
|
||||
*-wec)
|
||||
|
88
configure.ac
88
configure.ac
@ -6,10 +6,10 @@ sinclude(acx_pthread.m4)
|
||||
sinclude(acx_python.m4)
|
||||
sinclude(ac_pkg_swig.m4)
|
||||
|
||||
AC_INIT(unbound, 1.4.17, unbound-bugs@nlnetlabs.nl, unbound)
|
||||
AC_INIT(unbound, 1.4.20, unbound-bugs@nlnetlabs.nl, unbound)
|
||||
|
||||
LIBUNBOUND_CURRENT=3
|
||||
LIBUNBOUND_REVISION=1
|
||||
LIBUNBOUND_REVISION=5
|
||||
LIBUNBOUND_AGE=1
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
@ -43,6 +43,9 @@ LIBUNBOUND_AGE=1
|
||||
# 1.4.15 had 3:0:1 # adds ub_version()
|
||||
# 1.4.16 had 3:1:1
|
||||
# 1.4.17 had 3:2:1
|
||||
# 1.4.18 had 3:3:1
|
||||
# 1.4.19 had 3:4:1
|
||||
# 1.4.20 had 4:0:2 # adds libunbound.ttl
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
@ -208,8 +211,11 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f
|
||||
# Checks for typedefs, structures, and compiler characteristics.
|
||||
AC_C_CONST
|
||||
AC_LANG_C
|
||||
# allow user to override the -g -O2 flags.
|
||||
if test "x$CFLAGS" = "x" ; then
|
||||
ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"])
|
||||
ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"])
|
||||
fi
|
||||
AC_PROG_CC
|
||||
ACX_DEPFLAG
|
||||
ACX_DETERMINE_EXT_FLAGS_UNBOUND
|
||||
@ -511,11 +517,34 @@ CONFIG_DATE=`date +%Y%m%d`
|
||||
AC_SUBST(CONFIG_DATE)
|
||||
|
||||
# Checks for libraries.
|
||||
|
||||
# libnss
|
||||
USE_NSS="no"
|
||||
AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path],
|
||||
[use libnss instead of openssl, installed at path.]),
|
||||
[
|
||||
USE_NSS="yes"
|
||||
AC_DEFINE(HAVE_NSS, 1, [Use libnss for crypto])
|
||||
if test "$withval" != "" -a "$withval" != "yes"; then
|
||||
CPPFLAGS="$CPPFLAGS -I$withval/include/nss3"
|
||||
LDFLAGS="$LDFLAGS -L$withval/lib"
|
||||
ACX_RUNTIME_PATH_ADD([$withval/lib])
|
||||
CPPFLAGS="-I$withval/include/nspr4 $CPPFLAGS"
|
||||
else
|
||||
CPPFLAGS="$CPPFLAGS -I/usr/include/nss3"
|
||||
CPPFLAGS="-I/usr/include/nspr4 $CPPFLAGS"
|
||||
fi
|
||||
LIBS="$LIBS -lnss3 -lnspr4"
|
||||
]
|
||||
)
|
||||
|
||||
# openssl
|
||||
if test $USE_NSS = "no"; then
|
||||
ACX_WITH_SSL
|
||||
ACX_LIB_SSL
|
||||
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode])
|
||||
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free], [], [], [
|
||||
AC_INCLUDES_DEFAULT
|
||||
#ifdef HAVE_OPENSSL_ERR_H
|
||||
@ -536,6 +565,8 @@ AC_INCLUDES_DEFAULT
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/evp.h>
|
||||
])
|
||||
fi
|
||||
|
||||
|
||||
AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support]))
|
||||
case "$enable_sha2" in
|
||||
@ -646,19 +677,21 @@ AC_MSG_RESULT($ac_cv_c_gost_works)
|
||||
|
||||
AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support]))
|
||||
use_gost="no"
|
||||
if test $USE_NSS = "no"; then
|
||||
case "$enable_gost" in
|
||||
no)
|
||||
;;
|
||||
*)
|
||||
AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL 1.0.0 is needed for GOST support])])
|
||||
AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([OpenSSL does not support ECC, needed for GOST support])])
|
||||
AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([OpenSSL does not support ECC, needed for GOST support])])
|
||||
AC_CHECK_GOST_WORKS
|
||||
if test $ac_cv_c_gost_works != no; then
|
||||
if test "$ac_cv_c_gost_works" != no; then
|
||||
use_gost="yes"
|
||||
AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
fi dnl !USE_NSS
|
||||
|
||||
AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support]))
|
||||
use_ecdsa="no"
|
||||
@ -666,18 +699,20 @@ case "$enable_ecdsa" in
|
||||
no)
|
||||
;;
|
||||
*)
|
||||
AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])])
|
||||
AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])])
|
||||
AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
|
||||
if test $USE_NSS = "no"; then
|
||||
AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa])])
|
||||
AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa])])
|
||||
AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT
|
||||
#include <openssl/evp.h>
|
||||
])
|
||||
# see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
|
||||
AC_MSG_CHECKING([if openssl supports SHA2 and ECDSA with EVP])
|
||||
if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl])
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
])
|
||||
# see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
|
||||
AC_MSG_CHECKING([if openssl supports SHA2 and ECDSA with EVP])
|
||||
if grep OPENSSL_VERSION_NUMBER $ssldir/include/openssl/opensslv.h | grep 0x0 >/dev/null; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_DEFINE_UNQUOTED([USE_ECDSA_EVP_WORKAROUND], [1], [Define this to enable an EVP workaround for older openssl])
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
fi
|
||||
fi
|
||||
# we now know we have ECDSA and the required curves.
|
||||
AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.])
|
||||
@ -969,6 +1004,17 @@ rm -f conftest.lo
|
||||
AC_SUBST(SOURCEDETERMINE)
|
||||
AC_SUBST(SOURCEFILE)
|
||||
|
||||
# see if we want to build the library or everything
|
||||
ALLTARGET="alltargets"
|
||||
AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only],
|
||||
[do not build daemon and tool programs]),
|
||||
[
|
||||
if test "$withval" = "yes"; then
|
||||
ALLTARGET="lib"
|
||||
fi
|
||||
])
|
||||
AC_SUBST(ALLTARGET)
|
||||
|
||||
# check this after all other compilation checks, since the linking of the lib
|
||||
# may break checks after this.
|
||||
AC_ARG_WITH(ldns, AC_HELP_STRING([--with-ldns=PATH],
|
||||
@ -990,13 +1036,19 @@ AC_CHECK_LIB(ldns, ldns_rr_new,,[
|
||||
AC_MSG_ERROR([No ldns library found, install the ldns library into system lib dir or use --with-ldns=path to other location. The --with-ldns can point to the make-dir of ldns. Install the package ldns or download source http://www.nlnetlabs.nl/projects/ldns])
|
||||
])
|
||||
AC_CHECK_FUNC(ldns_buffer_copy)
|
||||
AC_CHECK_FUNC(ldns_key_buf2rsa_raw)
|
||||
if test $USE_NSS = "no"; then
|
||||
AC_CHECK_FUNC(ldns_key_buf2rsa_raw)
|
||||
else
|
||||
dnl ignore test
|
||||
ac_cv_func_ldns_key_buf2rsa_raw="yes"
|
||||
fi
|
||||
AC_CHECK_FUNC(ldns_get_random)
|
||||
AC_CHECK_FUNC(ldns_b32_ntop_extended_hex)
|
||||
if test x$use_gost = xyes; then
|
||||
if test x$use_gost = xyes -a x$USE_NSS = xno; then
|
||||
AC_CHECK_FUNC(ldns_key_EVP_load_gost_id)
|
||||
AC_CHECK_FUNCS([ldns_key_EVP_unload_gost])
|
||||
else
|
||||
dnl ignore test
|
||||
ac_cv_func_ldns_key_EVP_load_gost_id="yes"
|
||||
fi
|
||||
if test x$use_ecdsa = xyes; then
|
||||
|
@ -15,3 +15,7 @@ distribution but may be helpful.
|
||||
a local-zone and local-data include file for unbound.conf.
|
||||
* unbound-host.nagios.patch: makes unbound-host return status that fits right
|
||||
in with the nagios monitoring framework. Contributed by Migiel de Vos.
|
||||
* unbound_unixsock.diff: Add Unix socket support for unbound-control.
|
||||
Contributed by Ilya Bakulin, 2012-08-28.
|
||||
* patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
|
||||
it is treated as insecure). The RSAMD5 algorithm is deprecated (RFC6725).
|
||||
|
22
contrib/patch_rsamd5_enable.diff
Normal file
22
contrib/patch_rsamd5_enable.diff
Normal file
@ -0,0 +1,22 @@
|
||||
Index: validator/val_secalgo.c
|
||||
===================================================================
|
||||
--- validator/val_secalgo.c (revision 2759)
|
||||
+++ validator/val_secalgo.c (working copy)
|
||||
@@ -153,7 +153,7 @@
|
||||
switch(id) {
|
||||
case LDNS_RSAMD5:
|
||||
/* RFC 6725 deprecates RSAMD5 */
|
||||
- return 0;
|
||||
+ return 1;
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
case LDNS_RSASHA1:
|
||||
@@ -617,7 +617,7 @@
|
||||
switch(id) {
|
||||
case LDNS_RSAMD5:
|
||||
/* RFC 6725 deprecates RSAMD5 */
|
||||
- return 0;
|
||||
+ return 1;
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
case LDNS_RSASHA1:
|
@ -1,6 +1,6 @@
|
||||
Summary: Validating, recursive, and caching DNS resolver
|
||||
Name: unbound
|
||||
Version: 1.4.8
|
||||
Version: 1.4.18
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Url: http://www.nlnetlabs.nl/unbound/
|
||||
|
@ -230,9 +230,8 @@ if test "$1" = "config" ; then
|
||||
echo "graph_args --base 1000 -l 0"
|
||||
echo "graph_vlabel queries / second"
|
||||
echo "graph_category DNS"
|
||||
for x in thread0.num.queries thread1.num.queries \
|
||||
thread2.num.queries thread3.num.queries thread4.num.queries \
|
||||
thread5.num.queries thread6.num.queries thread7.num.queries; do
|
||||
for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
|
||||
sed -e 's/=.*//'`; do
|
||||
exist_config $x "queries handled by `basename $x .num.queries`"
|
||||
done
|
||||
p_config "total.num.queries" "total queries from clients"
|
||||
@ -423,9 +422,8 @@ print_value ( ) {
|
||||
|
||||
case $id in
|
||||
hits)
|
||||
for x in thread0.num.queries thread1.num.queries thread2.num.queries \
|
||||
thread3.num.queries thread4.num.queries thread5.num.queries \
|
||||
thread6.num.queries thread7.num.queries total.num.queries \
|
||||
for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state |
|
||||
sed -e 's/=.*//'` total.num.queries \
|
||||
total.num.cachehits total.num.prefetch num.query.tcp \
|
||||
num.query.ipv6 unwanted.queries unwanted.replies; do
|
||||
if grep "^"$x"=" $state >/dev/null 2>&1; then
|
||||
|
305
contrib/unbound_unixsock.diff
Normal file
305
contrib/unbound_unixsock.diff
Normal file
@ -0,0 +1,305 @@
|
||||
diff --git a/daemon/remote.c b/daemon/remote.c
|
||||
index a2b2204..b6990f3 100644
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -81,6 +81,11 @@
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
+#ifdef HAVE_PWD_H
|
||||
+#include <pwd.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <fcntl.h>
|
||||
+#endif
|
||||
|
||||
/* just for portability */
|
||||
#ifdef SQ
|
||||
@@ -235,7 +240,8 @@ void daemon_remote_delete(struct daemon_remote* rc)
|
||||
* @return false on failure.
|
||||
*/
|
||||
static int
|
||||
-add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
|
||||
+add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
|
||||
+ struct config_file* cfg)
|
||||
{
|
||||
struct addrinfo hints;
|
||||
struct addrinfo* res;
|
||||
@@ -246,29 +252,74 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
|
||||
snprintf(port, sizeof(port), "%d", nr);
|
||||
port[sizeof(port)-1]=0;
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
- hints.ai_socktype = SOCK_STREAM;
|
||||
- hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
|
||||
- if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
|
||||
-#ifdef USE_WINSOCK
|
||||
- if(!noproto_is_err && r == EAI_NONAME) {
|
||||
- /* tried to lookup the address as name */
|
||||
- return 1; /* return success, but do nothing */
|
||||
+
|
||||
+ if(ip[0] == '/') {
|
||||
+ /* This looks like UNIX socket! */
|
||||
+ fd = create_domain_accept_sock(ip);
|
||||
+/*
|
||||
+ * When unbound starts, it first creates a socket and then
|
||||
+ * drops privs, so the socket is created as root user.
|
||||
+ * This is fine, but we would like to set _unbound user group
|
||||
+ * for this socket, and permissions should be 0660 so only
|
||||
+ * root and _unbound group members can invoke unbound-control.
|
||||
+ * The username used here is the same as username that unbound
|
||||
+ * uses for its worker processes.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Note: this code is an exact copy of code from daemon.c
|
||||
+ * Normally this should be either wrapped into a function,
|
||||
+ * or gui/gid values should be retrieved at config parsing time
|
||||
+ * and then stored in configfile structure.
|
||||
+ * This requires action from unbound developers!
|
||||
+*/
|
||||
+#ifdef HAVE_GETPWNAM
|
||||
+ struct passwd *pwd = NULL;
|
||||
+ uid_t uid;
|
||||
+ gid_t gid;
|
||||
+ /* initialize, but not to 0 (root) */
|
||||
+ memset(&uid, 112, sizeof(uid));
|
||||
+ memset(&gid, 112, sizeof(gid));
|
||||
+ log_assert(cfg);
|
||||
+
|
||||
+ if(cfg->username && cfg->username[0]) {
|
||||
+ if((pwd = getpwnam(cfg->username)) == NULL)
|
||||
+ fatal_exit("user '%s' does not exist.",
|
||||
+ cfg->username);
|
||||
+ uid = pwd->pw_uid;
|
||||
+ gid = pwd->pw_gid;
|
||||
+ endpwent();
|
||||
}
|
||||
+
|
||||
+ chown(ip, 0, gid);
|
||||
+ chmod(ip, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
|
||||
+#endif
|
||||
+ } else {
|
||||
+ hints.ai_socktype = SOCK_STREAM;
|
||||
+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
|
||||
+ if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
|
||||
+#ifdef USE_WINSOCK
|
||||
+ if(!noproto_is_err && r == EAI_NONAME) {
|
||||
+ /* tried to lookup the address as name */
|
||||
+ return 1; /* return success, but do nothing */
|
||||
+ }
|
||||
#endif /* USE_WINSOCK */
|
||||
- log_err("control interface %s:%s getaddrinfo: %s %s",
|
||||
- ip?ip:"default", port, gai_strerror(r),
|
||||
+ log_err("control interface %s:%s getaddrinfo: %s %s",
|
||||
+ ip?ip:"default", port, gai_strerror(r),
|
||||
#ifdef EAI_SYSTEM
|
||||
r==EAI_SYSTEM?(char*)strerror(errno):""
|
||||
#else
|
||||
""
|
||||
#endif
|
||||
);
|
||||
- return 0;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ /* open fd */
|
||||
+ fd = create_tcp_accept_sock(res, 1, &noproto);
|
||||
+ freeaddrinfo(res);
|
||||
}
|
||||
|
||||
- /* open fd */
|
||||
- fd = create_tcp_accept_sock(res, 1, &noproto);
|
||||
- freeaddrinfo(res);
|
||||
if(fd == -1 && noproto) {
|
||||
if(!noproto_is_err)
|
||||
return 1; /* return success, but do nothing */
|
||||
@@ -305,7 +356,7 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
|
||||
if(cfg->control_ifs) {
|
||||
struct config_strlist* p;
|
||||
for(p = cfg->control_ifs; p; p = p->next) {
|
||||
- if(!add_open(p->str, cfg->control_port, &l, 1)) {
|
||||
+ if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
}
|
||||
@@ -313,12 +364,12 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
|
||||
} else {
|
||||
/* defaults */
|
||||
if(cfg->do_ip6 &&
|
||||
- !add_open("::1", cfg->control_port, &l, 0)) {
|
||||
+ !add_open("::1", cfg->control_port, &l, 0, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
}
|
||||
if(cfg->do_ip4 &&
|
||||
- !add_open("127.0.0.1", cfg->control_port, &l, 1)) {
|
||||
+ !add_open("127.0.0.1", cfg->control_port, &l, 1, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
|
||||
index ea7ec3a..4cb04e2 100644
|
||||
--- a/services/listen_dnsport.c
|
||||
+++ b/services/listen_dnsport.c
|
||||
@@ -55,6 +55,10 @@
|
||||
#endif
|
||||
#include <fcntl.h>
|
||||
|
||||
+#ifndef USE_WINSOCK
|
||||
+#include <sys/un.h>
|
||||
+#endif
|
||||
+
|
||||
/** number of queued TCP connections for listen() */
|
||||
#define TCP_BACKLOG 5
|
||||
|
||||
@@ -376,6 +380,53 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
}
|
||||
|
||||
int
|
||||
+create_domain_accept_sock(char *path) {
|
||||
+ int s;
|
||||
+ struct sockaddr_un unixaddr;
|
||||
+
|
||||
+#ifndef USE_WINSOCK
|
||||
+ unixaddr.sun_len = sizeof(unixaddr);
|
||||
+ unixaddr.sun_family = AF_UNIX;
|
||||
+ strlcpy(unixaddr.sun_path, path, 104);
|
||||
+
|
||||
+ if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
|
||||
+ log_err("Cannot create UNIX socket %s (%s)",
|
||||
+ path, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(unlink(path) && errno != ENOENT) {
|
||||
+ /* The socket already exists and cannot be removed */
|
||||
+ log_err("Cannot remove old UNIX socket %s (%s)",
|
||||
+ path, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(bind(s, (struct sockaddr *) &unixaddr,
|
||||
+ sizeof(struct sockaddr_un)) == -1) {
|
||||
+ log_err("Cannot bind UNIX socket %s (%s)",
|
||||
+ path, strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(!fd_set_nonblock(s)) {
|
||||
+ log_err("Cannot set non-blocking mode");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if(listen(s, TCP_BACKLOG) == -1) {
|
||||
+ log_err("can't listen: %s", strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return s;
|
||||
+#else
|
||||
+ log_err("UNIX sockets are not supported");
|
||||
+ return -1;
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+int
|
||||
create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
|
||||
{
|
||||
int s;
|
||||
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
|
||||
index a872f92..10631fd 100644
|
||||
--- a/smallapp/unbound-control.c
|
||||
+++ b/smallapp/unbound-control.c
|
||||
@@ -59,6 +59,8 @@
|
||||
#include "util/locks.h"
|
||||
#include "util/net_help.h"
|
||||
|
||||
+#include <sys/un.h>
|
||||
+
|
||||
/** Give unbound-control usage, and exit (1). */
|
||||
static void
|
||||
usage()
|
||||
@@ -158,6 +160,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
{
|
||||
struct sockaddr_storage addr;
|
||||
socklen_t addrlen;
|
||||
+ int addrfamily = 0;
|
||||
int fd;
|
||||
/* use svr or the first config entry */
|
||||
if(!svr) {
|
||||
@@ -176,12 +179,21 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
if(strchr(svr, '@')) {
|
||||
if(!extstrtoaddr(svr, &addr, &addrlen))
|
||||
fatal_exit("could not parse IP@port: %s", svr);
|
||||
+ } else if(svr[0] == '/') {
|
||||
+ struct sockaddr_un* unixsock = (struct sockaddr_un *) &addr;
|
||||
+ unixsock->sun_family = AF_UNIX;
|
||||
+ unixsock->sun_len = sizeof(unixsock);
|
||||
+ strlcpy(unixsock->sun_path, svr, 104);
|
||||
+ addrlen = sizeof(struct sockaddr_un);
|
||||
+ addrfamily = AF_UNIX;
|
||||
} else {
|
||||
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
|
||||
fatal_exit("could not parse IP: %s", svr);
|
||||
}
|
||||
- fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET,
|
||||
- SOCK_STREAM, 0);
|
||||
+
|
||||
+ if(addrfamily != AF_UNIX)
|
||||
+ addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
|
||||
+ fd = socket(addrfamily, SOCK_STREAM, 0);
|
||||
if(fd == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
fatal_exit("socket: %s", strerror(errno));
|
||||
diff --git a/util/net_help.c b/util/net_help.c
|
||||
index b3136a3..5b5b4a3 100644
|
||||
--- a/util/net_help.c
|
||||
+++ b/util/net_help.c
|
||||
@@ -45,6 +45,7 @@
|
||||
#include "util/module.h"
|
||||
#include "util/regional.h"
|
||||
#include <fcntl.h>
|
||||
+#include <sys/un.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
@@ -135,7 +136,7 @@ log_addr(enum verbosity_value v, const char* str,
|
||||
{
|
||||
uint16_t port;
|
||||
const char* family = "unknown";
|
||||
- char dest[100];
|
||||
+ char dest[108];
|
||||
int af = (int)((struct sockaddr_in*)addr)->sin_family;
|
||||
void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr;
|
||||
if(verbosity < v)
|
||||
@@ -148,15 +149,23 @@ log_addr(enum verbosity_value v, const char* str,
|
||||
case AF_UNIX: family="unix"; break;
|
||||
default: break;
|
||||
}
|
||||
- if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
|
||||
- strncpy(dest, "(inet_ntop error)", sizeof(dest));
|
||||
+
|
||||
+ if(af != AF_UNIX) {
|
||||
+ if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
|
||||
+ strncpy(dest, "(inet_ntop error)", sizeof(dest));
|
||||
+ }
|
||||
+ dest[sizeof(dest)-1] = 0;
|
||||
+ port = ntohs(((struct sockaddr_in*)addr)->sin_port);
|
||||
+ if(verbosity >= 4)
|
||||
+ verbose(v, "%s %s %s port %d (len %d)", str, family,
|
||||
+ dest, (int)port, (int)addrlen);
|
||||
+ else verbose(v, "%s %s port %d", str, dest, (int)port);
|
||||
+ } else {
|
||||
+ struct sockaddr_un* unixsock;
|
||||
+ unixsock = (struct sockaddr_un *) addr;
|
||||
+ strlcpy(dest, unixsock->sun_path, sizeof(dest));
|
||||
+ verbose(v, "%s %s %s", str, family, dest);
|
||||
}
|
||||
- dest[sizeof(dest)-1] = 0;
|
||||
- port = ntohs(((struct sockaddr_in*)addr)->sin_port);
|
||||
- if(verbosity >= 4)
|
||||
- verbose(v, "%s %s %s port %d (len %d)", str, family, dest,
|
||||
- (int)port, (int)addrlen);
|
||||
- else verbose(v, "%s %s port %d", str, dest, (int)port);
|
||||
}
|
||||
|
||||
int
|
@ -44,11 +44,9 @@
|
||||
#include "daemon/cachedump.h"
|
||||
#include "daemon/remote.h"
|
||||
#include "daemon/worker.h"
|
||||
#include "daemon/daemon.h"
|
||||
#include "services/cache/rrset.h"
|
||||
#include "services/cache/dns.h"
|
||||
#include "services/cache/infra.h"
|
||||
#include "services/modstack.h"
|
||||
#include "util/data/msgreply.h"
|
||||
#include "util/regional.h"
|
||||
#include "util/net_help.h"
|
||||
|
@ -55,6 +55,12 @@
|
||||
#ifdef HAVE_OPENSSL_ENGINE_H
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NSS
|
||||
/* nss3 */
|
||||
#include "nss.h"
|
||||
#endif
|
||||
|
||||
#include <ldns/ldns.h>
|
||||
#include "daemon/daemon.h"
|
||||
#include "daemon/worker.h"
|
||||
@ -73,6 +79,7 @@
|
||||
#include "util/module.h"
|
||||
#include "util/random.h"
|
||||
#include "util/tube.h"
|
||||
#include "util/net_help.h"
|
||||
#include <signal.h>
|
||||
|
||||
/** How many quit requests happened. */
|
||||
@ -189,20 +196,29 @@ daemon_init(void)
|
||||
#endif /* USE_WINSOCK */
|
||||
signal_handling_record();
|
||||
checklock_start();
|
||||
#ifdef HAVE_SSL
|
||||
ERR_load_crypto_strings();
|
||||
ERR_load_SSL_strings();
|
||||
#ifdef HAVE_OPENSSL_CONFIG
|
||||
# ifdef HAVE_OPENSSL_CONFIG
|
||||
OPENSSL_config("unbound");
|
||||
#endif
|
||||
#ifdef USE_GOST
|
||||
# endif
|
||||
# ifdef USE_GOST
|
||||
(void)ldns_key_EVP_load_gost_id();
|
||||
#endif
|
||||
# endif
|
||||
OpenSSL_add_all_algorithms();
|
||||
#if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
|
||||
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
|
||||
/* grab the COMP method ptr because openssl leaks it */
|
||||
comp_meth = (void*)SSL_COMP_get_compression_methods();
|
||||
#endif
|
||||
# endif
|
||||
(void)SSL_library_init();
|
||||
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
|
||||
if(!ub_openssl_lock_init())
|
||||
fatal_exit("could not init openssl locks");
|
||||
# endif
|
||||
#elif defined(HAVE_NSS)
|
||||
if(NSS_NoDB_Init(NULL) != SECSuccess)
|
||||
fatal_exit("could not init NSS");
|
||||
#endif /* HAVE_SSL or HAVE_NSS */
|
||||
#ifdef HAVE_TZSET
|
||||
/* init timezone info while we are not chrooted yet */
|
||||
tzset();
|
||||
@ -530,31 +546,40 @@ daemon_delete(struct daemon* daemon)
|
||||
free(daemon->chroot);
|
||||
free(daemon->pidfile);
|
||||
free(daemon->env);
|
||||
#ifdef HAVE_SSL
|
||||
SSL_CTX_free((SSL_CTX*)daemon->listen_sslctx);
|
||||
SSL_CTX_free((SSL_CTX*)daemon->connect_sslctx);
|
||||
#endif
|
||||
free(daemon);
|
||||
#ifdef LEX_HAS_YYLEX_DESTROY
|
||||
/* lex cleanup */
|
||||
ub_c_lex_destroy();
|
||||
#endif
|
||||
/* libcrypto cleanup */
|
||||
#if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
|
||||
#ifdef HAVE_SSL
|
||||
# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
|
||||
ldns_key_EVP_unload_gost();
|
||||
#endif
|
||||
#if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
|
||||
#ifndef S_SPLINT_S
|
||||
# endif
|
||||
# if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS && HAVE_DECL_SK_SSL_COMP_POP_FREE
|
||||
# ifndef S_SPLINT_S
|
||||
sk_SSL_COMP_pop_free(comp_meth, (void(*)())CRYPTO_free);
|
||||
#endif
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_CONFIG
|
||||
# endif
|
||||
# endif
|
||||
# ifdef HAVE_OPENSSL_CONFIG
|
||||
EVP_cleanup();
|
||||
ENGINE_cleanup();
|
||||
CONF_modules_free();
|
||||
#endif
|
||||
# endif
|
||||
CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
|
||||
ERR_remove_state(0);
|
||||
ERR_free_strings();
|
||||
RAND_cleanup();
|
||||
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
|
||||
ub_openssl_lock_delete();
|
||||
# endif
|
||||
#elif defined(HAVE_NSS)
|
||||
NSS_Shutdown();
|
||||
#endif /* HAVE_SSL or HAVE_NSS */
|
||||
checklock_stop();
|
||||
#ifdef USE_WINSOCK
|
||||
if(WSACleanup() != 0) {
|
||||
|
@ -1286,6 +1286,74 @@ do_flush_zone(SSL* ssl, struct worker* worker, char* arg)
|
||||
(unsigned)inf.num_msgs, (unsigned)inf.num_keys);
|
||||
}
|
||||
|
||||
/** callback to delete bogus rrsets */
|
||||
static void
|
||||
bogus_del_rrset(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
/* entry is locked */
|
||||
struct del_info* inf = (struct del_info*)arg;
|
||||
struct packed_rrset_data* d = (struct packed_rrset_data*)e->data;
|
||||
if(d->security == sec_status_bogus) {
|
||||
d->ttl = inf->expired;
|
||||
inf->num_rrsets++;
|
||||
}
|
||||
}
|
||||
|
||||
/** callback to delete bogus messages */
|
||||
static void
|
||||
bogus_del_msg(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
/* entry is locked */
|
||||
struct del_info* inf = (struct del_info*)arg;
|
||||
struct reply_info* d = (struct reply_info*)e->data;
|
||||
if(d->security == sec_status_bogus) {
|
||||
d->ttl = inf->expired;
|
||||
inf->num_msgs++;
|
||||
}
|
||||
}
|
||||
|
||||
/** callback to delete bogus keys */
|
||||
static void
|
||||
bogus_del_kcache(struct lruhash_entry* e, void* arg)
|
||||
{
|
||||
/* entry is locked */
|
||||
struct del_info* inf = (struct del_info*)arg;
|
||||
struct key_entry_data* d = (struct key_entry_data*)e->data;
|
||||
if(d->isbad) {
|
||||
d->ttl = inf->expired;
|
||||
inf->num_keys++;
|
||||
}
|
||||
}
|
||||
|
||||
/** remove all rrsets and keys from zone from cache */
|
||||
static void
|
||||
do_flush_bogus(SSL* ssl, struct worker* worker)
|
||||
{
|
||||
struct del_info inf;
|
||||
/* what we do is to set them all expired */
|
||||
inf.worker = worker;
|
||||
inf.now = *worker->env.now;
|
||||
inf.expired = *worker->env.now;
|
||||
inf.expired -= 3; /* handle 3 seconds skew between threads */
|
||||
inf.num_rrsets = 0;
|
||||
inf.num_msgs = 0;
|
||||
inf.num_keys = 0;
|
||||
slabhash_traverse(&worker->env.rrset_cache->table, 1,
|
||||
&bogus_del_rrset, &inf);
|
||||
|
||||
slabhash_traverse(worker->env.msg_cache, 1, &bogus_del_msg, &inf);
|
||||
|
||||
/* and validator cache */
|
||||
if(worker->env.key_cache) {
|
||||
slabhash_traverse(worker->env.key_cache->slab, 1,
|
||||
&bogus_del_kcache, &inf);
|
||||
}
|
||||
|
||||
(void)ssl_printf(ssl, "ok removed %u rrsets, %u messages "
|
||||
"and %u key entries\n", (unsigned)inf.num_rrsets,
|
||||
(unsigned)inf.num_msgs, (unsigned)inf.num_keys);
|
||||
}
|
||||
|
||||
/** remove name rrset from cache */
|
||||
static void
|
||||
do_flush_name(SSL* ssl, struct worker* w, char* arg)
|
||||
@ -1393,6 +1461,7 @@ parse_delegpt(SSL* ssl, char* args, uint8_t* nm, int allow_names)
|
||||
}
|
||||
if(!delegpt_add_ns_mlc(dp, n, 0)) {
|
||||
(void)ssl_printf(ssl, "error out of memory\n");
|
||||
free(n);
|
||||
delegpt_free_mlc(dp);
|
||||
return NULL;
|
||||
}
|
||||
@ -1442,7 +1511,6 @@ do_forward(SSL* ssl, struct worker* worker, char* args)
|
||||
return;
|
||||
if(!forwards_add_zone(fwd, LDNS_RR_CLASS_IN, dp)) {
|
||||
(void)ssl_printf(ssl, "error out of memory\n");
|
||||
delegpt_free_mlc(dp);
|
||||
return;
|
||||
}
|
||||
}
|
||||
@ -1514,7 +1582,6 @@ do_forward_add(SSL* ssl, struct worker* worker, char* args)
|
||||
}
|
||||
if(!forwards_add_zone(fwd, LDNS_RR_CLASS_IN, dp)) {
|
||||
(void)ssl_printf(ssl, "error out of memory\n");
|
||||
delegpt_free_mlc(dp);
|
||||
free(nm);
|
||||
return;
|
||||
}
|
||||
@ -1571,7 +1638,6 @@ do_stub_add(SSL* ssl, struct worker* worker, char* args)
|
||||
forwards_delete_stub_hole(fwd, LDNS_RR_CLASS_IN, nm);
|
||||
if(insecure) anchors_delete_insecure(worker->env.anchors,
|
||||
LDNS_RR_CLASS_IN, nm);
|
||||
delegpt_free_mlc(dp);
|
||||
free(nm);
|
||||
return;
|
||||
}
|
||||
@ -2040,6 +2106,8 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
|
||||
do_set_option(ssl, worker, skipwhite(p+10));
|
||||
} else if(cmdcmp(p, "get_option", 10)) {
|
||||
do_get_option(ssl, worker, skipwhite(p+10));
|
||||
} else if(cmdcmp(p, "flush_bogus", 11)) {
|
||||
do_flush_bogus(ssl, worker);
|
||||
} else {
|
||||
(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
|
||||
}
|
||||
|
@ -69,8 +69,10 @@ struct rc_state {
|
||||
struct comm_point* c;
|
||||
/** in the handshake part */
|
||||
enum { rc_none, rc_hs_read, rc_hs_write } shake_state;
|
||||
#ifdef HAVE_SSL
|
||||
/** the ssl state */
|
||||
SSL* ssl;
|
||||
#endif
|
||||
/** the rc this is part of */
|
||||
struct daemon_remote* rc;
|
||||
};
|
||||
@ -93,8 +95,10 @@ struct daemon_remote {
|
||||
int max_active;
|
||||
/** current commpoints busy; should be a short list, malloced */
|
||||
struct rc_state* busy_list;
|
||||
#ifdef HAVE_SSL
|
||||
/** the SSL context for creating new SSL streams */
|
||||
SSL_CTX* ctx;
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
@ -159,6 +163,7 @@ int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
|
||||
/** handle remote control data callbacks */
|
||||
int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
/**
|
||||
* Print fixed line of text over ssl connection in blocking mode
|
||||
* @param ssl: print to
|
||||
@ -185,6 +190,7 @@ int ssl_printf(SSL* ssl, const char* format, ...)
|
||||
* @return false on connection failure.
|
||||
*/
|
||||
int ssl_read_line(SSL* ssl, char* buf, size_t max);
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
/** routine to printout option values over SSL */
|
||||
void remote_get_opt_ssl(char* line, void* arg);
|
||||
|
@ -87,6 +87,11 @@
|
||||
# include "winrc/win_svc.h"
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NSS
|
||||
/* nss3 */
|
||||
# include "nss.h"
|
||||
#endif
|
||||
|
||||
/** global debug value to keep track of heap memory allocation */
|
||||
void* unbound_start_brk = 0;
|
||||
|
||||
@ -159,7 +164,12 @@ static void usage()
|
||||
get_event_sys(&evnm, &evsys, &evmethod);
|
||||
printf("linked libs: %s %s (it uses %s), ldns %s, %s\n",
|
||||
evnm, evsys, evmethod, ldns_version(),
|
||||
SSLeay_version(SSLEAY_VERSION));
|
||||
#ifdef HAVE_SSL
|
||||
SSLeay_version(SSLEAY_VERSION)
|
||||
#elif defined(HAVE_NSS)
|
||||
NSS_GetVersion()
|
||||
#endif
|
||||
);
|
||||
printf("linked modules:");
|
||||
for(m = module_list_avail(); *m; m++)
|
||||
printf(" %s", *m);
|
||||
@ -445,6 +455,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
||||
* given to unbound on the commandline. */
|
||||
|
||||
/* read ssl keys while superuser and outside chroot */
|
||||
#ifdef HAVE_SSL
|
||||
if(!(daemon->rc = daemon_remote_create(cfg)))
|
||||
fatal_exit("could not set up remote-control");
|
||||
if(cfg->ssl_service_key && cfg->ssl_service_key[0]) {
|
||||
@ -454,6 +465,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
||||
}
|
||||
if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL, NULL)))
|
||||
fatal_exit("could not set up connect SSL_CTX");
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_KILL
|
||||
/* check old pid file before forking */
|
||||
@ -528,6 +540,9 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
||||
if(chroot(cfg->chrootdir))
|
||||
fatal_exit("unable to chroot to %s: %s",
|
||||
cfg->chrootdir, strerror(errno));
|
||||
if(chdir("/"))
|
||||
fatal_exit("unable to chdir to / in chroot %s: %s",
|
||||
cfg->chrootdir, strerror(errno));
|
||||
verbose(VERB_QUERY, "chroot to %s", cfg->chrootdir);
|
||||
if(strncmp(*cfgfile, cfg->chrootdir,
|
||||
strlen(cfg->chrootdir)) == 0)
|
||||
|
@ -1243,17 +1243,6 @@ worker_delete(struct worker* worker)
|
||||
free(worker);
|
||||
}
|
||||
|
||||
/** compare outbound entry qstates */
|
||||
static int
|
||||
outbound_entry_compare(void* a, void* b)
|
||||
{
|
||||
struct outbound_entry* e1 = (struct outbound_entry*)a;
|
||||
struct outbound_entry* e2 = (struct outbound_entry*)b;
|
||||
if(e1->qstate == e2->qstate)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct outbound_entry*
|
||||
worker_send_query(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
uint16_t qclass, uint16_t flags, int dnssec, int want_dnssec,
|
||||
@ -1270,7 +1259,7 @@ worker_send_query(uint8_t* qname, size_t qnamelen, uint16_t qtype,
|
||||
qnamelen, qtype, qclass, flags, dnssec, want_dnssec,
|
||||
q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr,
|
||||
addrlen, zone, zonelen, worker_handle_service_reply, e,
|
||||
worker->back->udp_buff, &outbound_entry_compare);
|
||||
worker->back->udp_buff);
|
||||
if(!e->qsent) {
|
||||
return NULL;
|
||||
}
|
||||
|
268
doc/Changelog
268
doc/Changelog
@ -1,5 +1,273 @@
|
||||
21 March 2013: Wouter
|
||||
- release 1.4.20
|
||||
|
||||
14 March 2013: Wouter
|
||||
- iana portlist update.
|
||||
- tag 1.4.20rc1
|
||||
|
||||
12 March 2013: Wouter
|
||||
- Fixup makedist.sh for windows compile.
|
||||
|
||||
11 March 2013: Wouter
|
||||
- iana portlist update.
|
||||
- testcode/ldns-testpkts.c check for makedist is informational.
|
||||
|
||||
15 February 2013: Wouter
|
||||
- fix defines in lookup3 for bigendian bsd alpha
|
||||
|
||||
11 February 2013: Wouter
|
||||
- Fixup openssl_thread init code to only run if compiled with SSL.
|
||||
|
||||
7 February 2013: Wouter
|
||||
- detect endianness in lookup3 on BSD.
|
||||
- add libunbound.ttl at end of result structure, version bump for
|
||||
libunbound and binary backwards compatible, but 1.4.19 is not
|
||||
forward compatible with 1.4.20.
|
||||
- update iana port list.
|
||||
|
||||
30 January 2013: Wouter
|
||||
- includes and have_ssl fixes for nss.
|
||||
|
||||
29 January 2013: Wouter
|
||||
- printout name of zone with duplicate fwd and hint errors.
|
||||
|
||||
28 January 2013: Wouter
|
||||
- updated fwd_zero for newer nc. Updated common.sh for newer netstat.
|
||||
|
||||
17 January 2013: Wouter
|
||||
- unbound-anchors checks the emailAddress of the signer of the
|
||||
root.xml file, default is dnssec@iana.org. It also checks that
|
||||
the signer has the correct key usage for a digital signature.
|
||||
- update iana port list.
|
||||
|
||||
3 January 2013: Wouter
|
||||
- Test that unbound-control checks client credentials.
|
||||
- Test that unbound can handle a CNAME at an intermediate node in
|
||||
the chain of trust (where it seeks a DS record).
|
||||
- Check the commonName of the signer of the root.xml file in
|
||||
unbound-anchor, default is dnssec@iana.org.
|
||||
|
||||
2 January 2013: Wouter
|
||||
- Fix openssl lock free on exit (reported by Robert Fleischman).
|
||||
- iana portlist updated.
|
||||
- Tested that unbound implements the RFC5155 Technical Errata id 3441.
|
||||
Unbound already implements insecure classification of an empty
|
||||
nonterminal in NSEC3 optout zone.
|
||||
|
||||
20 December 2012: Wouter
|
||||
- Fix unbound-anchor xml parse of entity declarations for safety.
|
||||
|
||||
19 December 2012: Wouter
|
||||
- iana portlist updated.
|
||||
|
||||
18 December 2012: Wouter
|
||||
- iana portlist updated.
|
||||
|
||||
14 December 2012: Wouter
|
||||
- Change of D.ROOT-SERVERS.NET A address in default root hints.
|
||||
|
||||
12 December 2012: Wouter
|
||||
- 1.4.19 release.
|
||||
- trunk has 1.4.20 under development.
|
||||
|
||||
5 December 2012: Wouter
|
||||
- note support for AAAA RR type RFC.
|
||||
|
||||
4 December 2012: Wouter
|
||||
- 1.4.19rc1 tag.
|
||||
|
||||
30 November 2012: Wouter
|
||||
- bug 481: fix python example0.
|
||||
- iana portlist updated.
|
||||
|
||||
27 November 2012: Wouter
|
||||
- iana portlist updated.
|
||||
|
||||
9 November 2012: Wouter
|
||||
- Fix unbound-control forward disables configured stubs below it.
|
||||
|
||||
7 November 2012: Wouter
|
||||
- Fixup ldns-testpkts, identical to ldns/examples.
|
||||
- iana portlist updated.
|
||||
|
||||
30 October 2012: Wouter
|
||||
- Fix bug #477: unbound-anchor segfaults if EDNS is blocked.
|
||||
|
||||
29 October 2012: Matthijs
|
||||
- Fix validation for responses with both CNAME and wildcard
|
||||
expanded CNAME records in answer section.
|
||||
|
||||
8 October 2012: Wouter
|
||||
- update ldns-testpkts.c to ldns 1.6.14 version.
|
||||
- fix build of pythonmod in objdir, for unbound.py.
|
||||
- make clean and makerealclean remove generated python and docs.
|
||||
|
||||
5 October 2012: Wouter
|
||||
- fix build of pythonmod in objdir (thanks Jakob Schlyter).
|
||||
|
||||
3 October 2012: Wouter
|
||||
- fix text in unbound-anchor man page.
|
||||
|
||||
1 October 2012: Wouter
|
||||
- ignore trusted-keys globs that have no files (from Paul Wouters).
|
||||
|
||||
27 September 2012: Wouter
|
||||
- include: directive in config file accepts wildcards. Patch from
|
||||
Paul Wouters. Suggested use: include: "/etc/unbound.d/conf.d/*"
|
||||
- unbound-control -q option is quiet, patch from Mariano Absatz.
|
||||
- iana portlist updated.
|
||||
- updated contrib/unbound.spec, patch from Valentin Bud.
|
||||
|
||||
21 September 2012: Wouter
|
||||
- chdir to / after chroot call (suggested by Camiel Dobbelaar).
|
||||
|
||||
17 September 2012: Wouter
|
||||
- patch_rsamd5_enable.diff: this patch enables RSAMD5 validation
|
||||
otherwise it is treated as insecure. The RSAMD5 algorithm is
|
||||
deprecated (RFC6725). The MD5 hash is considered weak for some
|
||||
purposes, if you want to sign your zone, then RSASHA256 is an
|
||||
uncontested hash.
|
||||
|
||||
30 August 2012: Wouter
|
||||
- RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled.
|
||||
- iana portlist updated.
|
||||
|
||||
29 August 2012: Wouter
|
||||
- Nicer comments outgoing-port-avoid, thanks Stu (bug #465).
|
||||
|
||||
22 August 2012: Wouter
|
||||
- Fallback to 1472 and 1232, one fragment size without headers.
|
||||
|
||||
21 August 2012: Wouter
|
||||
- Fix timeouts so that when a server has been offline for a while
|
||||
and is probed to see it works, it becomes fully available for
|
||||
server selection again.
|
||||
|
||||
17 August 2012: Wouter
|
||||
- Add documentation to libunbound for default nonuse of resolv.conf.
|
||||
|
||||
2 August 2012: Wouter
|
||||
- trunk has 1.4.19 under development (fixes from 1 aug and 31 july
|
||||
are for 1.4.19).
|
||||
- iana portlist updated.
|
||||
|
||||
1 August 2012: Wouter
|
||||
- Fix openssl race condition, initializes openssl locks, reported
|
||||
by Einar Lonn and Patrik Wallstrom.
|
||||
|
||||
31 July 2012: Wouter
|
||||
- Improved forward-first and stub-first documentation.
|
||||
- Fix that enables modules to register twice for the same
|
||||
serviced_query, without race conditions or administration issues.
|
||||
This should not happen with the current codebase, but it is robust.
|
||||
- Fix forward-first option where it sets the RD flag wrongly.
|
||||
- added manpage links for libunbound calls (Thanks Paul Wouters).
|
||||
|
||||
30 July 2012: Wouter
|
||||
- tag 1.4.18rc2 (became 1.4.18 release at 2 august 2012).
|
||||
|
||||
27 July 2012: Wouter
|
||||
- unbound-host works with libNSS
|
||||
- fix bogus nodata cname chain not reported as bogus by validator,
|
||||
(Thanks Peter van Dijk).
|
||||
|
||||
26 July 2012: Wouter
|
||||
- iana portlist updated.
|
||||
- tag 1.4.18rc1.
|
||||
|
||||
25 July 2012: Wouter
|
||||
- review fix for libnss, check hash prefix allocation size.
|
||||
|
||||
23 July 2012: Wouter
|
||||
- fix missing break for GOST DS hash function.
|
||||
- implemented forward_first for the root.
|
||||
|
||||
20 July 2012: Wouter
|
||||
- Fix bug#452 and another assertion failure in mesh.c, makes
|
||||
assertions in mesh.c resist duplicates. Fixes DS NS search to
|
||||
not generate duplicate sub queries.
|
||||
|
||||
19 July 2012: Willem
|
||||
- Fix bug#454: Remove ACX_CHECK_COMPILER_FLAG from configure.ac,
|
||||
if CFLAGS is specified at configure time then '-g -O2' is not
|
||||
appended to CFLAGS, so that the user can override them.
|
||||
|
||||
18 July 2012: Willem
|
||||
- Fix libunbound report of errors when in background mode.
|
||||
|
||||
11 July 2012: Willem
|
||||
- updated iana ports list.
|
||||
|
||||
9 July 2012: Willem
|
||||
- Add flush_bogus option for unbound-control
|
||||
|
||||
6 July 2012: Wouter
|
||||
- Fix validation of qtype DS queries that result in no data for
|
||||
non-optout NSEC3 zones.
|
||||
|
||||
4 July 2012: Wouter
|
||||
- compile libunbound with libnss on Suse, passes regression tests.
|
||||
|
||||
3 July 2012: Wouter
|
||||
- FIPS_mode openssl does not use arc4random but RAND_pseudo_bytes.
|
||||
|
||||
2 July 2012: Wouter
|
||||
- updated iana ports list.
|
||||
|
||||
29 June 2012: Wouter
|
||||
- patch for unbound_munin_ script to handle arbitrary thread count by
|
||||
Sven Ulland.
|
||||
|
||||
28 June 2012: Wouter
|
||||
- detect if openssl has FIPS_mode.
|
||||
- code review: return value of cache_store can be ignored for better
|
||||
performance in out of memory conditions.
|
||||
- fix edns-buffer-size and msg-buffer-size manpage documentation.
|
||||
- updated iana ports list.
|
||||
|
||||
25 June 2012: Wouter
|
||||
- disable RSAMD5 if in FIPS mode (for openssl and for libnss).
|
||||
|
||||
22 June 2012: Wouter
|
||||
- implement DS records, NSEC3 and ECDSA for compile with libnss.
|
||||
|
||||
21 June 2012: Wouter
|
||||
- fix error handling of alloc failure during rrsig verification.
|
||||
- nss check for verification failure.
|
||||
- nss crypto works for RSA and DSA.
|
||||
|
||||
20 June 2012: Wouter
|
||||
- work on --with-nss build option (for now, --with-libunbound-only).
|
||||
|
||||
19 June 2012: Wouter
|
||||
- --with-libunbound-only build option, only builds the library and
|
||||
not the daemon and other tools.
|
||||
|
||||
18 June 2012: Wouter
|
||||
- code review.
|
||||
|
||||
15 June 2012: Wouter
|
||||
- implement log-time-ascii on windows.
|
||||
- The key-cache bad key ttl is now 60 seconds.
|
||||
- updated iana ports list.
|
||||
- code review.
|
||||
|
||||
11 June 2012: Wouter
|
||||
- bug #452: fix crash on assert in mesh_state_attachment.
|
||||
|
||||
30 May 2012: Wouter
|
||||
- silence warning from swig-generated code (md set but not used in
|
||||
swig initmodule, due to ifdefs in swig-generated code).
|
||||
|
||||
27 May 2012: Wouter
|
||||
- Fix debian-bugs-658021: Please enable hardened build flags.
|
||||
|
||||
25 May 2012: Wouter
|
||||
- updated iana ports list.
|
||||
|
||||
24 May 2012: Wouter
|
||||
- tag for 1.4.17 release.
|
||||
- trunk is 1.4.18 in development.
|
||||
|
||||
18 May 2012: Wouter
|
||||
- Review comments, removed duplicate memset to zero in delegpt.
|
||||
|
@ -24,6 +24,7 @@ RFC 1034-1035: as a recursive, caching server. Not authoritative.
|
||||
including CNAMEs, referrals, wildcards, classes, ...
|
||||
AAAA type, and IP6 dual stack support.
|
||||
type ANY queries are supported, class ANY queries are supported.
|
||||
RFC 1123, 6.1 Requirements for DNS of internet hosts.
|
||||
RFC 4033-4035: as a validating caching server (unbound daemon).
|
||||
as a validating stub (libunbound).
|
||||
RFC 1918.
|
||||
@ -91,6 +92,7 @@ AAAA type
|
||||
2672: DNAME type.
|
||||
OPT type
|
||||
3123: APL
|
||||
3596: AAAA
|
||||
SSHFP type
|
||||
4025: IPSECKEY
|
||||
4033-4035: DS, RRSIG, NSEC, DNSKEY
|
||||
|
@ -1,4 +1,4 @@
|
||||
README for Unbound 1.4.17
|
||||
README for Unbound 1.4.20
|
||||
Copyright 2007 NLnet Labs
|
||||
http://unbound.net
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# Example configuration file.
|
||||
#
|
||||
# See unbound.conf(5) man page, version 1.4.17.
|
||||
# See unbound.conf(5) man page, version 1.4.20.
|
||||
#
|
||||
# this is a comment.
|
||||
|
||||
@ -67,6 +67,8 @@ server:
|
||||
# Use this to make sure unbound does not grab a UDP port that some
|
||||
# other server on this computer needs. The default is to avoid
|
||||
# IANA-assigned port numbers.
|
||||
# If multiple outgoing-port-permit and outgoing-port-avoid options
|
||||
# are present, they are processed in order.
|
||||
# outgoing-port-avoid: "3200-3208"
|
||||
|
||||
# number of outgoing simultaneous tcp buffers to hold per thread.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "libunbound" "3" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "libunbound" "3" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" libunbound.3 -- unbound library functions manual
|
||||
.\"
|
||||
@ -42,7 +42,7 @@
|
||||
.B ub_ctx_zone_remove,
|
||||
.B ub_ctx_data_add,
|
||||
.B ub_ctx_data_remove
|
||||
\- Unbound DNS validating resolver 1.4.17 functions.
|
||||
\- Unbound DNS validating resolver 1.4.20 functions.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B #include <unbound.h>
|
||||
@ -203,7 +203,9 @@ At this time it is only possible to set configuration before the
|
||||
first resolve is done.
|
||||
.TP
|
||||
.B ub_ctx_resolvconf
|
||||
Read list of nameservers to use from the filename given.
|
||||
By default the root servers are queried and full resolver mode is used, but
|
||||
you can use this call to read the list of nameservers to use from the
|
||||
filename given.
|
||||
Usually "/etc/resolv.conf". Uses those nameservers as caching proxies.
|
||||
If they do not support DNSSEC, validation may fail.
|
||||
Only nameservers are picked up, the searchdomain, ndots and other
|
||||
@ -357,6 +359,7 @@ The result of the DNS resolution and validation is returned as
|
||||
int secure; /* true if result is secure */
|
||||
int bogus; /* true if a security failure happened */
|
||||
char* why_bogus; /* string with error if bogus */
|
||||
int ttl; /* number of seconds the result is valid */
|
||||
};
|
||||
.fi
|
||||
.P
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-anchor" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "unbound-anchor" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" unbound-anchor.8 -- unbound anchor maintenance utility manual
|
||||
.\"
|
||||
@ -45,7 +45,7 @@ all checks are successful, it updates the root anchor file. Otherwise
|
||||
the root anchor file is unchanged. It performs RFC5011 tracking if the
|
||||
DNSSEC information available via the DNS makes that possible.
|
||||
.P
|
||||
If does not perform an update if the certificate is expired, if the network
|
||||
It does not perform an update if the certificate is expired, if the network
|
||||
is down or other errors occur.
|
||||
.P
|
||||
The available options are:
|
||||
@ -77,6 +77,11 @@ The pathname to the root\-anchors.p7s file on the server. (forms URL with \-u).
|
||||
The default is /root\-anchors/root\-anchors.p7s. This file has to be a PKCS7
|
||||
signature over the xml file, using the pem file (\-c) as trust anchor.
|
||||
.TP
|
||||
.B \-n \fIname
|
||||
The emailAddress for the Subject of the signer's certificate from the p7s
|
||||
signature file. Only signatures from this name are allowed. default is
|
||||
dnssec@iana.org. If you pass "" then the emailAddress is not checked.
|
||||
.TP
|
||||
.B \-4
|
||||
Use IPv4 for domain resolution and contacting the server on https. Default is
|
||||
to use IPv4 and IPv6 where appropriate.
|
||||
@ -126,9 +131,6 @@ but then ignores the result and goes on to use the xml fallback method.
|
||||
.TP
|
||||
.B \-h
|
||||
Show the version and commandline option help.
|
||||
.TP
|
||||
.B \-v
|
||||
More verbose. Prints output detailing what happens.
|
||||
.SH "EXIT CODE"
|
||||
This tool exits with value 1 if the root anchor was updated using the
|
||||
certificate or if the builtin root-anchor was used. It exits with code
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-checkconf" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "unbound-checkconf" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" unbound-checkconf.8 -- unbound configuration checker manual
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound-control" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "unbound-control" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" unbound-control.8 -- unbound remote control manual
|
||||
.\"
|
||||
@ -14,7 +14,7 @@
|
||||
\- Unbound remote server control utility.
|
||||
.SH "SYNOPSIS"
|
||||
.B unbound\-control
|
||||
.RB [ \-h ]
|
||||
.RB [ \-hq ]
|
||||
.RB [ \-c
|
||||
.IR cfgfile ]
|
||||
.RB [ \-s
|
||||
@ -38,6 +38,9 @@ config file @ub_conf_file@ is used.
|
||||
.B \-s \fIserver[@port]
|
||||
IPv4 or IPv6 address of the server to contact. If not given, the
|
||||
address is read from the config file.
|
||||
.TP
|
||||
.B \-q
|
||||
quiet, if the option is given it does not print anything if it works ok.
|
||||
.SH "COMMANDS"
|
||||
There are several commands that the server understands.
|
||||
.TP
|
||||
@ -127,6 +130,9 @@ Remove all information at or below the name from the cache.
|
||||
The rrsets and key entries are removed so that new lookups will be performed.
|
||||
This needs to walk and inspect the entire cache, and is a slow operation.
|
||||
.TP
|
||||
.B flush_bogus
|
||||
Remove all bogus data from the cache.
|
||||
.TP
|
||||
.B flush_stats
|
||||
Reset statistics to zero.
|
||||
.TP
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound\-host" "1" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "unbound\-host" "1" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" unbound-host.1 -- unbound DNS lookup utility
|
||||
.\"
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound" "8" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "unbound" "8" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" unbound.8 -- unbound manual
|
||||
.\"
|
||||
@ -10,7 +10,7 @@
|
||||
.SH "NAME"
|
||||
.LP
|
||||
.B unbound
|
||||
\- Unbound DNS validating resolver 1.4.17.
|
||||
\- Unbound DNS validating resolver 1.4.20.
|
||||
.SH "SYNOPSIS"
|
||||
.LP
|
||||
.B unbound
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH "unbound.conf" "5" "May 24, 2012" "NLnet Labs" "unbound 1.4.17"
|
||||
.TH "unbound.conf" "5" "Mar 21, 2013" "NLnet Labs" "unbound 1.4.20"
|
||||
.\"
|
||||
.\" unbound.conf.5 -- unbound.conf manual
|
||||
.\"
|
||||
@ -71,12 +71,12 @@ is followed by its containing attributes, or a value.
|
||||
.P
|
||||
Files can be included using the
|
||||
.B include:
|
||||
directive. It can appear anywhere, and takes a single filename as an argument.
|
||||
directive. It can appear anywhere, it accepts a single file name as argument.
|
||||
Processing continues as if the text from the included file was copied into
|
||||
the config file at that point. If also using chroot, using full path names
|
||||
for the included files works, relative pathnames for the included names work
|
||||
if the directory where the daemon is started equals its chroot/working
|
||||
directory.
|
||||
directory. Wildcards can be used to include multiple files, see \fIglob\fR(7).
|
||||
.SS "Server Options"
|
||||
These options are part of the
|
||||
.B server:
|
||||
@ -176,7 +176,7 @@ to 0, or if do_tcp is "no", no TCP queries from clients are accepted.
|
||||
Number of bytes size to advertise as the EDNS reassembly buffer size.
|
||||
This is the value put into datagrams over UDP towards peers. The actual
|
||||
buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do
|
||||
not set lower than that value. Default is 4096 which is RFC recommended.
|
||||
not set higher than that value. Default is 4096 which is RFC recommended.
|
||||
If you have fragmentation reassembly problems, usually seen as timeouts,
|
||||
then a value of 1480 can fix it. Setting to 512 bypasses even the most
|
||||
stringent path MTU problems, but is seen as extreme, since the amount
|
||||
@ -994,6 +994,8 @@ the resolver picks up a correct list online.
|
||||
.TP
|
||||
.B stub\-first: \fI<yes or no>
|
||||
If enabled, a query is attempted without the stub clause if it fails.
|
||||
The data could not be retrieved and would have caused SERVFAIL because
|
||||
the servers are unreachable, instead it is tried without this clause.
|
||||
The default is no.
|
||||
.SS "Forward Zone Options"
|
||||
.LP
|
||||
@ -1022,6 +1024,8 @@ To use a nondefault port for DNS communication append '@' with the port number.
|
||||
.TP
|
||||
.B forward\-first: \fI<yes or no>
|
||||
If enabled, a query is attempted without the forward clause if it fails.
|
||||
The data could not be retrieved and would have caused SERVFAIL because
|
||||
the servers are unreachable, instead it is tried without this clause.
|
||||
The default is no.
|
||||
.SS "Python Module Options"
|
||||
.LP
|
||||
|
@ -487,7 +487,7 @@ SHOW_USED_FILES = YES
|
||||
# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
|
||||
# in the documentation. The default is NO.
|
||||
|
||||
SHOW_DIRECTORIES = YES
|
||||
#SHOW_DIRECTORIES = YES
|
||||
|
||||
# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
|
||||
# This will remove the Files entry from the Quick Index and from the
|
||||
@ -862,7 +862,7 @@ HTML_TIMESTAMP = YES
|
||||
# files or namespaces will be aligned in HTML using tables. If set to
|
||||
# NO a bullet list will be used.
|
||||
|
||||
HTML_ALIGN_MEMBERS = YES
|
||||
#HTML_ALIGN_MEMBERS = YES
|
||||
|
||||
# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
|
||||
# documentation will contain sections that can be hidden and shown after the
|
||||
@ -1047,7 +1047,7 @@ GENERATE_TREEVIEW = NO
|
||||
# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
|
||||
# and Class Hierarchy pages using a tree view instead of an ordered list.
|
||||
|
||||
USE_INLINE_TREES = NO
|
||||
#USE_INLINE_TREES = NO
|
||||
|
||||
# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
|
||||
# used to set the initial width (in pixels) of the frame in which the tree
|
||||
|
35
install-sh
35
install-sh
@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
# install - install a program, script, or datafile
|
||||
|
||||
scriptversion=2009-04-28.21; # UTC
|
||||
scriptversion=2011-11-20.07; # UTC
|
||||
|
||||
# This originates from X11R5 (mit/util/scripts/install.sh), which was
|
||||
# later released in X11R6 (xc/config/util/install.sh) with the
|
||||
@ -35,7 +35,7 @@ scriptversion=2009-04-28.21; # UTC
|
||||
# FSF changes to this file are in the public domain.
|
||||
#
|
||||
# Calling this script install-sh is preferred over install.sh, to prevent
|
||||
# `make' implicit rules from creating a file called install from it
|
||||
# 'make' implicit rules from creating a file called install from it
|
||||
# when there is no Makefile.
|
||||
#
|
||||
# This script is compatible with the BSD install script, but was written
|
||||
@ -156,6 +156,10 @@ while test $# -ne 0; do
|
||||
-s) stripcmd=$stripprog;;
|
||||
|
||||
-t) dst_arg=$2
|
||||
# Protect names problematic for 'test' and other utilities.
|
||||
case $dst_arg in
|
||||
-* | [=\(\)!]) dst_arg=./$dst_arg;;
|
||||
esac
|
||||
shift;;
|
||||
|
||||
-T) no_target_directory=true;;
|
||||
@ -186,6 +190,10 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
|
||||
fi
|
||||
shift # arg
|
||||
dst_arg=$arg
|
||||
# Protect names problematic for 'test' and other utilities.
|
||||
case $dst_arg in
|
||||
-* | [=\(\)!]) dst_arg=./$dst_arg;;
|
||||
esac
|
||||
done
|
||||
fi
|
||||
|
||||
@ -194,13 +202,17 @@ if test $# -eq 0; then
|
||||
echo "$0: no input file specified." >&2
|
||||
exit 1
|
||||
fi
|
||||
# It's OK to call `install-sh -d' without argument.
|
||||
# It's OK to call 'install-sh -d' without argument.
|
||||
# This can happen when creating conditional directories.
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if test -z "$dir_arg"; then
|
||||
trap '(exit $?); exit' 1 2 13 15
|
||||
do_exit='(exit $ret); exit $ret'
|
||||
trap "ret=129; $do_exit" 1
|
||||
trap "ret=130; $do_exit" 2
|
||||
trap "ret=141; $do_exit" 13
|
||||
trap "ret=143; $do_exit" 15
|
||||
|
||||
# Set umask so as not to create temps with too-generous modes.
|
||||
# However, 'strip' requires both read and write access to temps.
|
||||
@ -228,9 +240,9 @@ fi
|
||||
|
||||
for src
|
||||
do
|
||||
# Protect names starting with `-'.
|
||||
# Protect names problematic for 'test' and other utilities.
|
||||
case $src in
|
||||
-*) src=./$src;;
|
||||
-* | [=\(\)!]) src=./$src;;
|
||||
esac
|
||||
|
||||
if test -n "$dir_arg"; then
|
||||
@ -252,12 +264,7 @@ do
|
||||
echo "$0: no destination specified." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
dst=$dst_arg
|
||||
# Protect names starting with `-'.
|
||||
case $dst in
|
||||
-*) dst=./$dst;;
|
||||
esac
|
||||
|
||||
# If destination is a directory, append the input filename; won't work
|
||||
# if double slashes aren't ignored.
|
||||
@ -347,7 +354,7 @@ do
|
||||
if test -z "$dir_arg" || {
|
||||
# Check for POSIX incompatibilities with -m.
|
||||
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
|
||||
# other-writeable bit of parent directory when it shouldn't.
|
||||
# other-writable bit of parent directory when it shouldn't.
|
||||
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
|
||||
ls_ld_tmpdir=`ls -ld "$tmpdir"`
|
||||
case $ls_ld_tmpdir in
|
||||
@ -385,7 +392,7 @@ do
|
||||
|
||||
case $dstdir in
|
||||
/*) prefix='/';;
|
||||
-*) prefix='./';;
|
||||
[-=\(\)!]*) prefix='./';;
|
||||
*) prefix='';;
|
||||
esac
|
||||
|
||||
@ -403,7 +410,7 @@ do
|
||||
|
||||
for d
|
||||
do
|
||||
test -z "$d" && continue
|
||||
test X"$d" = X && continue
|
||||
|
||||
prefix=$prefix$d
|
||||
if test -d "$prefix"; then
|
||||
|
@ -128,7 +128,9 @@ forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm,
|
||||
node->namelabs = nmlabs;
|
||||
node->dp = dp;
|
||||
if(!rbtree_insert(fwd->tree, &node->node)) {
|
||||
log_err("duplicate forward zone ignored.");
|
||||
char buf[257];
|
||||
dname_str(nm, buf);
|
||||
log_err("duplicate forward zone %s ignored.", buf);
|
||||
delegpt_free_mlc(dp);
|
||||
free(node->name);
|
||||
free(node);
|
||||
@ -250,43 +252,26 @@ read_forwards(struct iter_forwards* fwd, struct config_file* cfg)
|
||||
struct config_stub* s;
|
||||
for(s = cfg->forwards; s; s = s->next) {
|
||||
struct delegpt* dp;
|
||||
if(!(dp=read_fwds_name(s)) ||
|
||||
!read_fwds_host(s, dp) ||
|
||||
!read_fwds_addr(s, dp))
|
||||
if(!(dp=read_fwds_name(s)))
|
||||
return 0;
|
||||
if(!read_fwds_host(s, dp) || !read_fwds_addr(s, dp)) {
|
||||
delegpt_free_mlc(dp);
|
||||
return 0;
|
||||
}
|
||||
/* set flag that parent side NS information is included.
|
||||
* Asking a (higher up) server on the internet is not useful */
|
||||
/* the flag is turned off for 'forward-first' so that the
|
||||
* last resort will ask for parent-side NS record and thus
|
||||
* fallback to the internet name servers on a failure */
|
||||
dp->has_parent_side_NS = (uint8_t)!s->isfirst;
|
||||
if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp))
|
||||
return 0;
|
||||
verbose(VERB_QUERY, "Forward zone server list:");
|
||||
delegpt_log(VERB_QUERY, dp);
|
||||
if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** see if zone needs to have a hole inserted */
|
||||
static int
|
||||
need_hole_insert(rbtree_t* tree, struct iter_forward_zone* zone)
|
||||
{
|
||||
struct iter_forward_zone k;
|
||||
if(rbtree_search(tree, zone))
|
||||
return 0; /* exact match exists */
|
||||
k = *zone;
|
||||
k.node.key = &k;
|
||||
/* search up the tree */
|
||||
do {
|
||||
dname_remove_label(&k.name, &k.namelen);
|
||||
k.namelabs --;
|
||||
if(rbtree_search(tree, &k))
|
||||
return 1; /* found an upper forward zone, need hole */
|
||||
} while(k.namelabs > 1);
|
||||
return 0; /* no forwards above, no holes needed */
|
||||
}
|
||||
|
||||
/** insert a stub hole (if necessary) for stub name */
|
||||
static int
|
||||
fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
|
||||
@ -296,11 +281,8 @@ fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
|
||||
key.dclass = c;
|
||||
key.name = nm;
|
||||
key.namelabs = dname_count_size_labels(key.name, &key.namelen);
|
||||
if(need_hole_insert(fwd->tree, &key)) {
|
||||
return forwards_insert_data(fwd, key.dclass, key.name,
|
||||
key.namelen, key.namelabs, NULL);
|
||||
}
|
||||
return 1;
|
||||
return forwards_insert_data(fwd, key.dclass, key.name,
|
||||
key.namelen, key.namelabs, NULL);
|
||||
}
|
||||
|
||||
/** make NULL entries for stubs */
|
||||
|
@ -119,39 +119,42 @@ compile_time_root_prime(int do_ip4, int do_ip6)
|
||||
; on server FTP.INTERNIC.NET
|
||||
; -OR- RS.INTERNIC.NET
|
||||
;
|
||||
; related version of root zone: 2010061700
|
||||
; related version of root zone: changes-on-20120103
|
||||
*/
|
||||
struct delegpt* dp = delegpt_create_mlc((uint8_t*)"\000");
|
||||
if(!dp)
|
||||
return NULL;
|
||||
dp->has_parent_side_NS = 1;
|
||||
if(do_ip4) {
|
||||
if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) return 0;
|
||||
if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) return 0;
|
||||
if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) return 0;
|
||||
if(!ah(dp, "D.ROOT-SERVERS.NET.", "128.8.10.90")) return 0;
|
||||
if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) return 0;
|
||||
if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) return 0;
|
||||
if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) return 0;
|
||||
if(!ah(dp, "H.ROOT-SERVERS.NET.", "128.63.2.53")) return 0;
|
||||
if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) return 0;
|
||||
if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) return 0;
|
||||
if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) return 0;
|
||||
if(!ah(dp, "L.ROOT-SERVERS.NET.", "199.7.83.42")) return 0;
|
||||
if(!ah(dp, "M.ROOT-SERVERS.NET.", "202.12.27.33")) return 0;
|
||||
if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed;
|
||||
if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) goto failed;
|
||||
if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed;
|
||||
if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed;
|
||||
if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed;
|
||||
if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241")) goto failed;
|
||||
if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4")) goto failed;
|
||||
if(!ah(dp, "H.ROOT-SERVERS.NET.", "128.63.2.53")) goto failed;
|
||||
if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17")) goto failed;
|
||||
if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30")) goto failed;
|
||||
if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129")) goto failed;
|
||||
if(!ah(dp, "L.ROOT-SERVERS.NET.", "199.7.83.42")) goto failed;
|
||||
if(!ah(dp, "M.ROOT-SERVERS.NET.", "202.12.27.33")) goto failed;
|
||||
}
|
||||
if(do_ip6) {
|
||||
if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) return 0;
|
||||
if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) return 0;
|
||||
if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) return 0;
|
||||
if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) return 0;
|
||||
if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) return 0;
|
||||
if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) return 0;
|
||||
if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) return 0;
|
||||
if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:3::42")) return 0;
|
||||
if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) return 0;
|
||||
if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed;
|
||||
if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed;
|
||||
if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed;
|
||||
if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::803f:235")) goto failed;
|
||||
if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed;
|
||||
if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed;
|
||||
if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed;
|
||||
if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:3::42")) goto failed;
|
||||
if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) goto failed;
|
||||
}
|
||||
return dp;
|
||||
failed:
|
||||
delegpt_free_mlc(dp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** insert new hint info into hint structure */
|
||||
@ -169,7 +172,9 @@ hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp,
|
||||
node->noprime = (uint8_t)noprime;
|
||||
if(!name_tree_insert(&hints->tree, &node->node, dp->name, dp->namelen,
|
||||
dp->namelabs, c)) {
|
||||
log_err("second hints ignored.");
|
||||
char buf[257];
|
||||
dname_str(dp->name, buf);
|
||||
log_err("second hints for zone %s ignored.", buf);
|
||||
delegpt_free_mlc(dp);
|
||||
free(node);
|
||||
}
|
||||
@ -253,17 +258,19 @@ read_stubs(struct iter_hints* hints, struct config_file* cfg)
|
||||
struct config_stub* s;
|
||||
struct delegpt* dp;
|
||||
for(s = cfg->stubs; s; s = s->next) {
|
||||
if(!(dp=read_stubs_name(s)) ||
|
||||
!read_stubs_host(s, dp) ||
|
||||
!read_stubs_addr(s, dp))
|
||||
if(!(dp=read_stubs_name(s)))
|
||||
return 0;
|
||||
if(!read_stubs_host(s, dp) || !read_stubs_addr(s, dp)) {
|
||||
delegpt_free_mlc(dp);
|
||||
return 0;
|
||||
}
|
||||
/* the flag is turned off for 'stub-first' so that the
|
||||
* last resort will ask for parent-side NS record and thus
|
||||
* fallback to the internet name servers on a failure */
|
||||
dp->has_parent_side_NS = (uint8_t)!s->isfirst;
|
||||
delegpt_log(VERB_QUERY, dp);
|
||||
if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime))
|
||||
return 0;
|
||||
delegpt_log(VERB_QUERY, dp);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -418,13 +418,14 @@ dns_copy_msg(struct dns_msg* from, struct regional* region)
|
||||
return m;
|
||||
}
|
||||
|
||||
int
|
||||
void
|
||||
iter_dns_store(struct module_env* env, struct query_info* msgqinf,
|
||||
struct reply_info* msgrep, int is_referral, uint32_t leeway, int pside,
|
||||
struct regional* region)
|
||||
{
|
||||
return dns_cache_store(env, msgqinf, msgrep, is_referral, leeway,
|
||||
pside, region);
|
||||
if(!dns_cache_store(env, msgqinf, msgrep, is_referral, leeway,
|
||||
pside, region))
|
||||
log_err("out of memory: cannot store data in cache");
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -124,9 +124,13 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional);
|
||||
* @param pside: true if dp is parentside, thus message is 'fresh' and NS
|
||||
* can be prefetch-updates.
|
||||
* @param region: to copy modified (cache is better) rrs back to.
|
||||
* @return 0 on alloc error (out of memory).
|
||||
* @return void, because we are not interested in alloc errors,
|
||||
* the iterator and validator can operate on the results in their
|
||||
* scratch space (the qstate.region) and are not dependent on the cache.
|
||||
* It is useful to log the alloc failure (for the server operator),
|
||||
* but the query resolution can continue without cache storage.
|
||||
*/
|
||||
int iter_dns_store(struct module_env* env, struct query_info* qinf,
|
||||
void iter_dns_store(struct module_env* env, struct query_info* qinf,
|
||||
struct reply_info* rep, int is_referral, uint32_t leeway, int pside,
|
||||
struct regional* region);
|
||||
|
||||
|
@ -259,9 +259,7 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode)
|
||||
/* do not waste time trying to validate this servfail */
|
||||
err.security = sec_status_indeterminate;
|
||||
verbose(VERB_ALGO, "store error response in message cache");
|
||||
if(!iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL)) {
|
||||
log_err("error_response_cache: could not store error (nomem)");
|
||||
}
|
||||
iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL);
|
||||
return error_response(qstate, id, rcode);
|
||||
}
|
||||
|
||||
@ -1432,7 +1430,25 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
verbose(VERB_ALGO, "No more query targets, attempting last resort");
|
||||
log_assert(iq->dp);
|
||||
|
||||
if(!iq->dp->has_parent_side_NS) {
|
||||
if(!iq->dp->has_parent_side_NS && dname_is_root(iq->dp->name)) {
|
||||
struct delegpt* p = hints_lookup_root(qstate->env->hints,
|
||||
iq->qchase.qclass);
|
||||
if(p) {
|
||||
struct delegpt_ns* ns;
|
||||
struct delegpt_addr* a;
|
||||
iq->chase_flags &= ~BIT_RD; /* go to authorities */
|
||||
for(ns = p->nslist; ns; ns=ns->next) {
|
||||
(void)delegpt_add_ns(iq->dp, qstate->region,
|
||||
ns->name, (int)ns->lame);
|
||||
}
|
||||
for(a = p->target_list; a; a=a->next_target) {
|
||||
(void)delegpt_add_addr(iq->dp, qstate->region,
|
||||
&a->addr, a->addrlen, a->bogus,
|
||||
a->lame);
|
||||
}
|
||||
}
|
||||
iq->dp->has_parent_side_NS = 1;
|
||||
} else if(!iq->dp->has_parent_side_NS) {
|
||||
if(!iter_lookup_parent_NS_from_cache(qstate->env, iq->dp,
|
||||
qstate->region, &qstate->qinfo)
|
||||
|| !iq->dp->has_parent_side_NS) {
|
||||
@ -1440,6 +1456,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* if: no parent NS in cache - go up one level */
|
||||
verbose(VERB_ALGO, "try to grab parent NS");
|
||||
iq->store_parent_NS = iq->dp;
|
||||
iq->chase_flags &= ~BIT_RD; /* go to authorities */
|
||||
iq->deleg_msg = NULL;
|
||||
iq->refetch_glue = 1;
|
||||
iq->query_restart_count++;
|
||||
@ -1541,8 +1558,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
* the final state (i.e., on answer).
|
||||
*/
|
||||
static int
|
||||
processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
int id)
|
||||
processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id)
|
||||
{
|
||||
struct module_qstate* subq = NULL;
|
||||
verbose(VERB_ALGO, "processDSNSFind");
|
||||
@ -1906,13 +1922,20 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
if(iq->qchase.qtype == LDNS_RR_TYPE_DS && !iq->dsns_point
|
||||
&& !(iq->chase_flags&BIT_RD)
|
||||
&& iter_ds_toolow(iq->response, iq->dp)
|
||||
&& iter_dp_cangodown(&iq->qchase, iq->dp))
|
||||
&& iter_dp_cangodown(&iq->qchase, iq->dp)) {
|
||||
/* close down outstanding requests to be discarded */
|
||||
outbound_list_clear(&iq->outlist);
|
||||
iq->num_current_queries = 0;
|
||||
fptr_ok(fptr_whitelist_modenv_detach_subs(
|
||||
qstate->env->detach_subs));
|
||||
(*qstate->env->detach_subs)(qstate);
|
||||
iq->num_target_queries = 0;
|
||||
return processDSNSFind(qstate, iq, id);
|
||||
if(!iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
}
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 0, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS,
|
||||
qstate->region))
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
qstate->region);
|
||||
/* close down outstanding requests to be discarded */
|
||||
outbound_list_clear(&iq->outlist);
|
||||
iq->num_current_queries = 0;
|
||||
@ -1949,10 +1972,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
)) {
|
||||
/* Store the referral under the current query */
|
||||
/* no prefetch-leeway, since its not the answer */
|
||||
if(!iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, 0, 0, NULL))
|
||||
return error_response(qstate, id,
|
||||
LDNS_RCODE_SERVFAIL);
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, 0, 0, NULL);
|
||||
if(iq->store_parent_NS)
|
||||
iter_store_parentside_NS(qstate->env,
|
||||
iq->response->rep);
|
||||
@ -2032,8 +2053,15 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
if(iq->qchase.qtype == LDNS_RR_TYPE_DS && !iq->dsns_point
|
||||
&& !(iq->chase_flags&BIT_RD)
|
||||
&& iter_ds_toolow(iq->response, iq->dp)
|
||||
&& iter_dp_cangodown(&iq->qchase, iq->dp))
|
||||
&& iter_dp_cangodown(&iq->qchase, iq->dp)) {
|
||||
outbound_list_clear(&iq->outlist);
|
||||
iq->num_current_queries = 0;
|
||||
fptr_ok(fptr_whitelist_modenv_detach_subs(
|
||||
qstate->env->detach_subs));
|
||||
(*qstate->env->detach_subs)(qstate);
|
||||
iq->num_target_queries = 0;
|
||||
return processDSNSFind(qstate, iq, id);
|
||||
}
|
||||
/* Process the CNAME response. */
|
||||
if(!handle_cname_response(qstate, iq, iq->response,
|
||||
&sname, &snamelen))
|
||||
@ -2042,10 +2070,9 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
/* NOTE : set referral=1, so that rrsets get stored but not
|
||||
* the partial query answer (CNAME only). */
|
||||
/* prefetchleeway applied because this updates answer parts */
|
||||
if(!iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iter_dns_store(qstate->env, &iq->response->qinfo,
|
||||
iq->response->rep, 1, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS, NULL))
|
||||
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
|
||||
iq->dp&&iq->dp->has_parent_side_NS, NULL);
|
||||
/* set the current request's qname to the new value. */
|
||||
iq->qchase.qname = sname;
|
||||
iq->qchase.qname_len = snamelen;
|
||||
@ -2555,12 +2582,10 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq,
|
||||
* but only if we did recursion. The nonrecursion referral
|
||||
* from cache does not need to be stored in the msg cache. */
|
||||
if(qstate->query_flags&BIT_RD) {
|
||||
if(!iter_dns_store(qstate->env, &qstate->qinfo,
|
||||
iter_dns_store(qstate->env, &qstate->qinfo,
|
||||
iq->response->rep, 0, qstate->prefetch_leeway,
|
||||
iq->dp&&iq->dp->has_parent_side_NS,
|
||||
qstate->region))
|
||||
return error_response(qstate, id,
|
||||
LDNS_RCODE_SERVFAIL);
|
||||
qstate->region);
|
||||
}
|
||||
}
|
||||
qstate->return_rcode = LDNS_RCODE_NOERROR;
|
||||
|
@ -44,7 +44,9 @@
|
||||
#include "config.h"
|
||||
#include <ldns/dname.h>
|
||||
#include <ldns/wire2host.h>
|
||||
#ifdef HAVE_SSL
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
#include "libunbound/libworker.h"
|
||||
#include "libunbound/context.h"
|
||||
#include "libunbound/unbound.h"
|
||||
@ -88,7 +90,9 @@ libworker_delete(struct libworker* w)
|
||||
ub_randfree(w->env->rnd);
|
||||
free(w->env);
|
||||
}
|
||||
#ifdef HAVE_SSL
|
||||
SSL_CTX_free(w->sslctx);
|
||||
#endif
|
||||
outside_network_delete(w->back);
|
||||
comm_base_delete(w->base);
|
||||
free(w);
|
||||
@ -407,15 +411,18 @@ fill_canon(struct ub_result* res, uint8_t* s)
|
||||
/** fill data into result */
|
||||
static int
|
||||
fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer,
|
||||
uint8_t* finalcname, struct query_info* rq)
|
||||
uint8_t* finalcname, struct query_info* rq, struct reply_info* rep)
|
||||
{
|
||||
size_t i;
|
||||
struct packed_rrset_data* data;
|
||||
res->ttl = 0;
|
||||
if(!answer) {
|
||||
if(finalcname) {
|
||||
if(!fill_canon(res, finalcname))
|
||||
return 0; /* out of memory */
|
||||
}
|
||||
if(rep->rrset_count != 0)
|
||||
res->ttl = (int)rep->ttl;
|
||||
res->data = (char**)calloc(1, sizeof(char*));
|
||||
res->len = (int*)calloc(1, sizeof(int));
|
||||
return (res->data && res->len);
|
||||
@ -436,6 +443,21 @@ fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer,
|
||||
if(!res->data[i])
|
||||
return 0; /* out of memory */
|
||||
}
|
||||
/* ttl for positive answers, from CNAME and answer RRs */
|
||||
if(data->count != 0) {
|
||||
size_t j;
|
||||
res->ttl = (int)data->ttl;
|
||||
for(j=0; j<rep->an_numrrsets; j++) {
|
||||
struct packed_rrset_data* d =
|
||||
(struct packed_rrset_data*)rep->rrsets[j]->
|
||||
entry.data;
|
||||
if((int)d->ttl < res->ttl)
|
||||
res->ttl = (int)d->ttl;
|
||||
}
|
||||
}
|
||||
/* ttl for negative answers */
|
||||
if(data->count == 0 && rep->rrset_count != 0)
|
||||
res->ttl = (int)rep->ttl;
|
||||
res->data[data->count] = NULL;
|
||||
res->len[data->count] = 0;
|
||||
return 1;
|
||||
@ -455,7 +477,7 @@ libworker_enter_result(struct ub_result* res, ldns_buffer* buf,
|
||||
return; /* error parsing buf, or out of memory */
|
||||
}
|
||||
if(!fill_res(res, reply_find_answer_rrset(&rq, rep),
|
||||
reply_find_final_cname_target(&rq, rep), &rq))
|
||||
reply_find_final_cname_target(&rq, rep), &rq, rep))
|
||||
return; /* out of memory */
|
||||
/* rcode, havedata, nxdomain, secure, bogus */
|
||||
res->rcode = (int)FLAGS_GET_RCODE(rep->flags);
|
||||
@ -643,6 +665,8 @@ libworker_bg_done_cb(void* arg, int rcode, ldns_buffer* buf, enum sec_status s,
|
||||
return;
|
||||
}
|
||||
q->msg_security = s;
|
||||
if(!buf)
|
||||
buf = q->w->env->scratch_buffer;
|
||||
if(rcode != 0) {
|
||||
error_encode(buf, rcode, NULL, 0, BIT_RD, NULL);
|
||||
}
|
||||
@ -703,17 +727,6 @@ void libworker_alloc_cleanup(void* arg)
|
||||
slabhash_clear(w->env->msg_cache);
|
||||
}
|
||||
|
||||
/** compare outbound entry qstates */
|
||||
static int
|
||||
outbound_entry_compare(void* a, void* b)
|
||||
{
|
||||
struct outbound_entry* e1 = (struct outbound_entry*)a;
|
||||
struct outbound_entry* e2 = (struct outbound_entry*)b;
|
||||
if(e1->qstate == e2->qstate)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
|
||||
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
|
||||
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
@ -729,7 +742,7 @@ struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
|
||||
qnamelen, qtype, qclass, flags, dnssec, want_dnssec,
|
||||
q->env->cfg->tcp_upstream, q->env->cfg->ssl_upstream, addr,
|
||||
addrlen, zone, zonelen, libworker_handle_service_reply, e,
|
||||
w->back->udp_buff, &outbound_entry_compare);
|
||||
w->back->udp_buff);
|
||||
if(!e->qsent) {
|
||||
return NULL;
|
||||
}
|
||||
|
@ -193,6 +193,12 @@ struct ub_result {
|
||||
* Is NULL if the result is not bogus.
|
||||
*/
|
||||
char* why_bogus;
|
||||
|
||||
/**
|
||||
* TTL for the result, in seconds. If the security is bogus, then
|
||||
* you also cannot trust this value.
|
||||
*/
|
||||
int ttl;
|
||||
};
|
||||
|
||||
/**
|
||||
|
95
ltmain.sh
95
ltmain.sh
@ -1,9 +1,9 @@
|
||||
|
||||
# libtool (GNU libtool) 2.4
|
||||
# libtool (GNU libtool) 2.4.2
|
||||
# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
|
||||
|
||||
# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
|
||||
# 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
|
||||
# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
|
||||
# This is free software; see the source for copying conditions. There is NO
|
||||
# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
@ -41,6 +41,7 @@
|
||||
# --quiet, --silent don't print informational messages
|
||||
# --no-quiet, --no-silent
|
||||
# print informational messages (default)
|
||||
# --no-warn don't display warning messages
|
||||
# --tag=TAG use configuration variables from tag TAG
|
||||
# -v, --verbose print more informational messages than default
|
||||
# --no-verbose don't print the extra informational messages
|
||||
@ -69,7 +70,7 @@
|
||||
# compiler: $LTCC
|
||||
# compiler flags: $LTCFLAGS
|
||||
# linker: $LD (gnu? $with_gnu_ld)
|
||||
# $progname: (GNU libtool) 2.4
|
||||
# $progname: (GNU libtool) 2.4.2
|
||||
# automake: $automake_version
|
||||
# autoconf: $autoconf_version
|
||||
#
|
||||
@ -79,9 +80,9 @@
|
||||
|
||||
PROGRAM=libtool
|
||||
PACKAGE=libtool
|
||||
VERSION=2.4
|
||||
VERSION=2.4.2
|
||||
TIMESTAMP=""
|
||||
package_revision=1.3293
|
||||
package_revision=1.3337
|
||||
|
||||
# Be Bourne compatible
|
||||
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
|
||||
@ -136,15 +137,10 @@ progpath="$0"
|
||||
|
||||
: ${CP="cp -f"}
|
||||
test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'}
|
||||
: ${EGREP="/bin/grep -E"}
|
||||
: ${FGREP="/bin/grep -F"}
|
||||
: ${GREP="/bin/grep"}
|
||||
: ${LN_S="ln -s"}
|
||||
: ${MAKE="make"}
|
||||
: ${MKDIR="mkdir"}
|
||||
: ${MV="mv -f"}
|
||||
: ${RM="rm -f"}
|
||||
: ${SED="/bin/sed"}
|
||||
: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
|
||||
: ${Xsed="$SED -e 1s/^X//"}
|
||||
|
||||
@ -387,7 +383,7 @@ case $progpath in
|
||||
;;
|
||||
*)
|
||||
save_IFS="$IFS"
|
||||
IFS=:
|
||||
IFS=${PATH_SEPARATOR-:}
|
||||
for progdir in $PATH; do
|
||||
IFS="$save_IFS"
|
||||
test -x "$progdir/$progname" && break
|
||||
@ -771,8 +767,8 @@ func_help ()
|
||||
s*\$LTCFLAGS*'"$LTCFLAGS"'*
|
||||
s*\$LD*'"$LD"'*
|
||||
s/\$with_gnu_ld/'"$with_gnu_ld"'/
|
||||
s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
|
||||
s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
|
||||
s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/
|
||||
s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/
|
||||
p
|
||||
d
|
||||
}
|
||||
@ -1052,6 +1048,7 @@ opt_finish=false
|
||||
opt_help=false
|
||||
opt_help_all=false
|
||||
opt_silent=:
|
||||
opt_warning=:
|
||||
opt_verbose=:
|
||||
opt_silent=false
|
||||
opt_verbose=false
|
||||
@ -1118,6 +1115,10 @@ esac
|
||||
;;
|
||||
--no-silent|--no-quiet)
|
||||
opt_silent=false
|
||||
func_append preserve_args " $opt"
|
||||
;;
|
||||
--no-warning|--no-warn)
|
||||
opt_warning=false
|
||||
func_append preserve_args " $opt"
|
||||
;;
|
||||
--no-verbose)
|
||||
@ -2059,7 +2060,7 @@ func_mode_compile ()
|
||||
*.[cCFSifmso] | \
|
||||
*.ada | *.adb | *.ads | *.asm | \
|
||||
*.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
|
||||
*.[fF][09]? | *.for | *.java | *.obj | *.sx | *.cu | *.cup)
|
||||
*.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
|
||||
func_xform "$libobj"
|
||||
libobj=$func_xform_result
|
||||
;;
|
||||
@ -3201,11 +3202,13 @@ func_mode_install ()
|
||||
|
||||
# Set up the ranlib parameters.
|
||||
oldlib="$destdir/$name"
|
||||
func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
|
||||
tool_oldlib=$func_to_tool_file_result
|
||||
|
||||
func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
|
||||
|
||||
if test -n "$stripme" && test -n "$old_striplib"; then
|
||||
func_show_eval "$old_striplib $oldlib" 'exit $?'
|
||||
func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
|
||||
fi
|
||||
|
||||
# Do each command in the postinstall commands.
|
||||
@ -3470,7 +3473,7 @@ static const void *lt_preloaded_setup() {
|
||||
# linked before any other PIC object. But we must not use
|
||||
# pic_flag when linking with -static. The problem exists in
|
||||
# FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
|
||||
*-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
|
||||
*-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
|
||||
pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
|
||||
*-*-hpux*)
|
||||
pic_flag_for_symtable=" $pic_flag" ;;
|
||||
@ -3982,14 +3985,17 @@ func_exec_program_core ()
|
||||
# launches target application with the remaining arguments.
|
||||
func_exec_program ()
|
||||
{
|
||||
for lt_wr_arg
|
||||
do
|
||||
case \$lt_wr_arg in
|
||||
--lt-*) ;;
|
||||
*) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
case \" \$* \" in
|
||||
*\\ --lt-*)
|
||||
for lt_wr_arg
|
||||
do
|
||||
case \$lt_wr_arg in
|
||||
--lt-*) ;;
|
||||
*) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
|
||||
esac
|
||||
shift
|
||||
done ;;
|
||||
esac
|
||||
func_exec_program_core \${1+\"\$@\"}
|
||||
}
|
||||
|
||||
@ -5057,9 +5063,15 @@ void lt_dump_script (FILE* f)
|
||||
{
|
||||
EOF
|
||||
func_emit_wrapper yes |
|
||||
$SED -e 's/\([\\"]\)/\\\1/g' \
|
||||
-e 's/^/ fputs ("/' -e 's/$/\\n", f);/'
|
||||
|
||||
$SED -n -e '
|
||||
s/^\(.\{79\}\)\(..*\)/\1\
|
||||
\2/
|
||||
h
|
||||
s/\([\\"]\)/\\\1/g
|
||||
s/$/\\n/
|
||||
s/\([^\n]*\).*/ fputs ("\1", f);/p
|
||||
g
|
||||
D'
|
||||
cat <<"EOF"
|
||||
}
|
||||
EOF
|
||||
@ -5643,7 +5655,8 @@ func_mode_link ()
|
||||
continue
|
||||
;;
|
||||
|
||||
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
|
||||
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
|
||||
|-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
|
||||
func_append compiler_flags " $arg"
|
||||
func_append compile_command " $arg"
|
||||
func_append finalize_command " $arg"
|
||||
@ -6147,7 +6160,8 @@ func_mode_link ()
|
||||
lib=
|
||||
found=no
|
||||
case $deplib in
|
||||
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
|
||||
-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
|
||||
|-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
|
||||
if test "$linkmode,$pass" = "prog,link"; then
|
||||
compile_deplibs="$deplib $compile_deplibs"
|
||||
finalize_deplibs="$deplib $finalize_deplibs"
|
||||
@ -6831,7 +6845,7 @@ func_mode_link ()
|
||||
test "$hardcode_direct_absolute" = no; then
|
||||
add="$dir/$linklib"
|
||||
elif test "$hardcode_minus_L" = yes; then
|
||||
add_dir="-L$dir"
|
||||
add_dir="-L$absdir"
|
||||
# Try looking first in the location we're being installed to.
|
||||
if test -n "$inst_prefix_dir"; then
|
||||
case $libdir in
|
||||
@ -7316,6 +7330,7 @@ func_mode_link ()
|
||||
# which has an extra 1 added just for fun
|
||||
#
|
||||
case $version_type in
|
||||
# correct linux to gnu/linux during the next big refactor
|
||||
darwin|linux|osf|windows|none)
|
||||
func_arith $number_major + $number_minor
|
||||
current=$func_arith_result
|
||||
@ -7432,7 +7447,7 @@ func_mode_link ()
|
||||
versuffix="$major.$revision"
|
||||
;;
|
||||
|
||||
linux)
|
||||
linux) # correct to gnu/linux during the next big refactor
|
||||
func_arith $current - $age
|
||||
major=.$func_arith_result
|
||||
versuffix="$major.$age.$revision"
|
||||
@ -8020,6 +8035,11 @@ EOF
|
||||
|
||||
# Test again, we may have decided not to build it any more
|
||||
if test "$build_libtool_libs" = yes; then
|
||||
# Remove ${wl} instances when linking with ld.
|
||||
# FIXME: should test the right _cmds variable.
|
||||
case $archive_cmds in
|
||||
*\$LD\ *) wl= ;;
|
||||
esac
|
||||
if test "$hardcode_into_libs" = yes; then
|
||||
# Hardcode the library paths
|
||||
hardcode_libdirs=
|
||||
@ -8050,7 +8070,7 @@ EOF
|
||||
elif test -n "$runpath_var"; then
|
||||
case "$perm_rpath " in
|
||||
*" $libdir "*) ;;
|
||||
*) func_apped perm_rpath " $libdir" ;;
|
||||
*) func_append perm_rpath " $libdir" ;;
|
||||
esac
|
||||
fi
|
||||
done
|
||||
@ -8058,11 +8078,7 @@ EOF
|
||||
if test -n "$hardcode_libdir_separator" &&
|
||||
test -n "$hardcode_libdirs"; then
|
||||
libdir="$hardcode_libdirs"
|
||||
if test -n "$hardcode_libdir_flag_spec_ld"; then
|
||||
eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
|
||||
else
|
||||
eval dep_rpath=\"$hardcode_libdir_flag_spec\"
|
||||
fi
|
||||
eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
|
||||
fi
|
||||
if test -n "$runpath_var" && test -n "$perm_rpath"; then
|
||||
# We should set the runpath_var.
|
||||
@ -9152,6 +9168,8 @@ EOF
|
||||
esac
|
||||
done
|
||||
fi
|
||||
func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
|
||||
tool_oldlib=$func_to_tool_file_result
|
||||
eval cmds=\"$old_archive_cmds\"
|
||||
|
||||
func_len " $cmds"
|
||||
@ -9261,7 +9279,8 @@ EOF
|
||||
*.la)
|
||||
func_basename "$deplib"
|
||||
name="$func_basename_result"
|
||||
eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
|
||||
func_resolve_sysroot "$deplib"
|
||||
eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
|
||||
test -z "$libdir" && \
|
||||
func_fatal_error "\`$deplib' is not a valid libtool archive"
|
||||
func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
|
||||
|
@ -1,7 +1,4 @@
|
||||
|
||||
print mod_env.fname # Print module script name
|
||||
mod_env.data = "test" # Store global module data
|
||||
|
||||
def init(id, cfg):
|
||||
log_info("pythonmod: init called, module id is %d port: %d script: %s" % (id, cfg.port, cfg.python_script))
|
||||
return True
|
||||
|
@ -41,6 +41,7 @@
|
||||
/* ignore the varargs unused warning from SWIGs internal vararg support */
|
||||
#ifdef __GNUC__
|
||||
#pragma GCC diagnostic ignored "-Wunused-parameter"
|
||||
#pragma GCC diagnostic ignored "-Wunused-but-set-variable"
|
||||
#endif
|
||||
|
||||
#include "config.h"
|
||||
|
5
services/cache/infra.c
vendored
5
services/cache/infra.c
vendored
@ -403,6 +403,11 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr,
|
||||
data->timeout_other++;
|
||||
}
|
||||
} else {
|
||||
/* if we got a reply, but the old timeout was above server
|
||||
* selection height, delete the timeout so the server is
|
||||
* fully available again */
|
||||
if(rtt_unclamped(&data->rtt) >= USEFUL_SERVER_TOP_TIMEOUT)
|
||||
rtt_init(&data->rtt);
|
||||
rtt_update(&data->rtt, roundtrip);
|
||||
data->probedelay = 0;
|
||||
if(qtype == LDNS_RR_TYPE_A)
|
||||
|
@ -323,6 +323,11 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
log_err("setsockopt(..., IP_MTU_DISCOVER, "
|
||||
"IP_PMTUDISC_DONT...) failed: %s",
|
||||
strerror(errno));
|
||||
# ifndef USE_WINSOCK
|
||||
close(s);
|
||||
# else
|
||||
closesocket(s);
|
||||
# endif
|
||||
return -1;
|
||||
}
|
||||
# elif defined(IP_DONTFRAG)
|
||||
@ -331,6 +336,11 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
|
||||
&off, (socklen_t)sizeof(off)) < 0) {
|
||||
log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s",
|
||||
strerror(errno));
|
||||
# ifndef USE_WINSOCK
|
||||
close(s);
|
||||
# else
|
||||
closesocket(s);
|
||||
# endif
|
||||
return -1;
|
||||
}
|
||||
# endif /* IPv4 MTU */
|
||||
@ -408,9 +418,11 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
|
||||
#ifndef USE_WINSOCK
|
||||
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
|
||||
strerror(errno));
|
||||
close(s);
|
||||
#else
|
||||
log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
closesocket(s);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
@ -422,9 +434,11 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
|
||||
#ifndef USE_WINSOCK
|
||||
log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
|
||||
strerror(errno));
|
||||
close(s);
|
||||
#else
|
||||
log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
closesocket(s);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
@ -443,23 +457,32 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
|
||||
(struct sockaddr_storage*)addr->ai_addr,
|
||||
addr->ai_addrlen);
|
||||
}
|
||||
close(s);
|
||||
#else
|
||||
log_err("can't bind socket: %s",
|
||||
wsa_strerror(WSAGetLastError()));
|
||||
log_addr(0, "failed address",
|
||||
(struct sockaddr_storage*)addr->ai_addr,
|
||||
addr->ai_addrlen);
|
||||
closesocket(s);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
if(!fd_set_nonblock(s)) {
|
||||
#ifndef USE_WINSOCK
|
||||
close(s);
|
||||
#else
|
||||
closesocket(s);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
if(listen(s, TCP_BACKLOG) == -1) {
|
||||
#ifndef USE_WINSOCK
|
||||
log_err("can't listen: %s", strerror(errno));
|
||||
close(s);
|
||||
#else
|
||||
log_err("can't listen: %s", wsa_strerror(WSAGetLastError()));
|
||||
closesocket(s);
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
@ -653,8 +676,14 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
|
||||
return 0;
|
||||
}
|
||||
/* getting source addr packet info is highly non-portable */
|
||||
if(!set_recvpktinfo(s, hints->ai_family))
|
||||
if(!set_recvpktinfo(s, hints->ai_family)) {
|
||||
#ifndef USE_WINSOCK
|
||||
close(s);
|
||||
#else
|
||||
closesocket(s);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
if(!port_insert(list, s, listen_type_udpancil)) {
|
||||
#ifndef USE_WINSOCK
|
||||
close(s);
|
||||
|
@ -449,8 +449,8 @@ lz_enter_rr_into_zone(struct local_zone* z, ldns_buffer* buf,
|
||||
struct local_data* node;
|
||||
struct local_rrset* rrset;
|
||||
struct packed_rrset_data* pd;
|
||||
uint16_t rrtype, rrclass;
|
||||
uint32_t ttl;
|
||||
uint16_t rrtype = 0, rrclass = 0;
|
||||
uint32_t ttl = 0;
|
||||
if(!get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, buf)) {
|
||||
log_err("bad local-data: %s", rrstr);
|
||||
return 0;
|
||||
|
@ -676,6 +676,7 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
/* find it, if not, create it */
|
||||
struct mesh_area* mesh = qstate->env->mesh;
|
||||
struct mesh_state* sub = mesh_area_find(mesh, qinfo, qflags, prime);
|
||||
int was_detached;
|
||||
if(mesh_detect_cycle_found(qstate, sub)) {
|
||||
verbose(VERB_ALGO, "attach failed, cycle detected");
|
||||
return 0;
|
||||
@ -706,9 +707,12 @@ int mesh_attach_sub(struct module_qstate* qstate, struct query_info* qinfo,
|
||||
*newq = &sub->s;
|
||||
} else
|
||||
*newq = NULL;
|
||||
was_detached = (sub->super_set.count == 0);
|
||||
if(!mesh_state_attachment(qstate->mesh_info, sub))
|
||||
return 0;
|
||||
if(!sub->reply_list && !sub->cb_list && sub->super_set.count == 1) {
|
||||
/* if it was a duplicate attachment, the count was not zero before */
|
||||
if(!sub->reply_list && !sub->cb_list && was_detached &&
|
||||
sub->super_set.count == 1) {
|
||||
/* it used to be detached, before this one got added */
|
||||
log_assert(mesh->num_detached_states > 0);
|
||||
mesh->num_detached_states--;
|
||||
@ -735,16 +739,20 @@ int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub)
|
||||
superref->s = super;
|
||||
subref->node.key = subref;
|
||||
subref->s = sub;
|
||||
#ifdef UNBOUND_DEBUG
|
||||
n =
|
||||
#endif
|
||||
rbtree_insert(&sub->super_set, &superref->node);
|
||||
log_assert(n != NULL);
|
||||
if(!rbtree_insert(&sub->super_set, &superref->node)) {
|
||||
/* this should not happen, iterator and validator do not
|
||||
* attach subqueries that are identical. */
|
||||
/* already attached, we are done, nothing todo.
|
||||
* since superref and subref already allocated in region,
|
||||
* we cannot free them */
|
||||
return 1;
|
||||
}
|
||||
#ifdef UNBOUND_DEBUG
|
||||
n =
|
||||
#endif
|
||||
rbtree_insert(&super->sub_set, &subref->node);
|
||||
log_assert(n != NULL);
|
||||
log_assert(n != NULL); /* we checked above if statement, the reverse
|
||||
administration should not fail now, unless they are out of sync */
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -58,7 +58,9 @@
|
||||
#include "util/net_help.h"
|
||||
#include "util/random.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#ifdef HAVE_OPENSSL_SSL_H
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
@ -297,9 +299,11 @@ decomission_pending_tcp(struct outside_network* outnet,
|
||||
struct pending_tcp* pend)
|
||||
{
|
||||
if(pend->c->ssl) {
|
||||
#ifdef HAVE_SSL
|
||||
SSL_shutdown(pend->c->ssl);
|
||||
SSL_free(pend->c->ssl);
|
||||
pend->c->ssl = NULL;
|
||||
#endif
|
||||
}
|
||||
comm_point_close(pend->c);
|
||||
pend->next_free = outnet->tcp_free;
|
||||
@ -1439,7 +1443,7 @@ static void
|
||||
serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
|
||||
struct comm_reply* rep)
|
||||
{
|
||||
struct service_callback* p = sq->cblist, *n;
|
||||
struct service_callback* p;
|
||||
int dobackup = (sq->cblist && sq->cblist->next); /* >1 cb*/
|
||||
uint8_t *backup_p = NULL;
|
||||
size_t backlen = 0;
|
||||
@ -1498,8 +1502,9 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
|
||||
}
|
||||
sq->outnet->svcd_overhead = backlen;
|
||||
}
|
||||
while(p) {
|
||||
n = p->next;
|
||||
/* test the actual sq->cblist, because the next elem could be deleted*/
|
||||
while((p=sq->cblist) != NULL) {
|
||||
sq->cblist = p->next; /* remove this element */
|
||||
if(dobackup && c) {
|
||||
ldns_buffer_clear(c->buffer);
|
||||
ldns_buffer_write(c->buffer, backup_p, backlen);
|
||||
@ -1507,7 +1512,7 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
|
||||
}
|
||||
fptr_ok(fptr_whitelist_serviced_query(p->cb));
|
||||
(void)(*p->cb)(c, p->cb_arg, error, rep);
|
||||
p = n;
|
||||
free(p);
|
||||
}
|
||||
if(backup_p) {
|
||||
free(backup_p);
|
||||
@ -1781,37 +1786,21 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** find callback in list */
|
||||
static struct service_callback*
|
||||
callback_list_find(struct serviced_query* sq, void* cb_arg,
|
||||
int (*arg_compare)(void*,void*))
|
||||
{
|
||||
struct service_callback* p;
|
||||
for(p = sq->cblist; p; p = p->next) {
|
||||
if(arg_compare(p->cb_arg, cb_arg))
|
||||
return p;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct serviced_query*
|
||||
outnet_serviced_query(struct outside_network* outnet,
|
||||
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
|
||||
uint16_t flags, int dnssec, int want_dnssec, int tcp_upstream,
|
||||
int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, comm_point_callback_t* callback,
|
||||
void* callback_arg, ldns_buffer* buff, int (*arg_compare)(void*,void*))
|
||||
void* callback_arg, ldns_buffer* buff)
|
||||
{
|
||||
struct serviced_query* sq;
|
||||
struct service_callback* cb;
|
||||
serviced_gen_query(buff, qname, qnamelen, qtype, qclass, flags);
|
||||
sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen);
|
||||
if(sq) {
|
||||
/* see if it is a duplicate notification request for cb_arg */
|
||||
if(callback_list_find(sq, callback_arg, arg_compare)) {
|
||||
return sq;
|
||||
}
|
||||
}
|
||||
/* duplicate entries are included in the callback list, because
|
||||
* there is a counterpart registration by our caller that needs to
|
||||
* be doubly-removed (with callbacks perhaps). */
|
||||
if(!(cb = (struct service_callback*)malloc(sizeof(*cb))))
|
||||
return NULL;
|
||||
if(!sq) {
|
||||
|
@ -279,9 +279,9 @@ struct service_callback {
|
||||
};
|
||||
|
||||
/** fallback size for fragmentation for EDNS in IPv4 */
|
||||
#define EDNS_FRAG_SIZE_IP4 1480
|
||||
#define EDNS_FRAG_SIZE_IP4 1472
|
||||
/** fallback size for EDNS in IPv6, fits one fragment with ip6-tunnel-ids */
|
||||
#define EDNS_FRAG_SIZE_IP6 1260
|
||||
#define EDNS_FRAG_SIZE_IP6 1232
|
||||
|
||||
/**
|
||||
* Query service record.
|
||||
@ -468,8 +468,6 @@ void pending_delete(struct outside_network* outnet, struct pending* p);
|
||||
authoritative.
|
||||
* @param zonelen: length of zone.
|
||||
* @param buff: scratch buffer to create query contents in. Empty on exit.
|
||||
* @param arg_compare: function to compare callback args, return true if
|
||||
* identical. It is given the callback_arg and args that are listed.
|
||||
* @return 0 on error, or pointer to serviced query that is used to answer
|
||||
* this serviced query may be shared with other callbacks as well.
|
||||
*/
|
||||
@ -478,8 +476,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
|
||||
uint16_t flags, int dnssec, int want_dnssec, int tcp_upstream,
|
||||
int ssl_upstream, struct sockaddr_storage* addr, socklen_t addrlen,
|
||||
uint8_t* zone, size_t zonelen, comm_point_callback_t* callback,
|
||||
void* callback_arg, ldns_buffer* buff,
|
||||
int (*arg_compare)(void*,void*));
|
||||
void* callback_arg, ldns_buffer* buff);
|
||||
|
||||
/**
|
||||
* Remove service query callback.
|
||||
|
@ -134,6 +134,7 @@
|
||||
#include <openssl/rand.h>
|
||||
#endif
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
/** name of server in URL to fetch HTTPS from */
|
||||
@ -142,6 +143,8 @@
|
||||
#define XMLNAME "root-anchors/root-anchors.xml"
|
||||
/** path on HTTPS server to p7s file */
|
||||
#define P7SNAME "root-anchors/root-anchors.p7s"
|
||||
/** name of the signer of the certificate */
|
||||
#define P7SIGNER "dnssec@iana.org"
|
||||
/** port number for https access */
|
||||
#define HTTPS_PORT 443
|
||||
|
||||
@ -184,6 +187,7 @@ usage()
|
||||
printf("-u name server in https url, default %s\n", URLNAME);
|
||||
printf("-x path pathname to xml in url, default %s\n", XMLNAME);
|
||||
printf("-s path pathname to p7s in url, default %s\n", P7SNAME);
|
||||
printf("-n name signer's subject emailAddress, default %s\n", P7SIGNER);
|
||||
printf("-4 work using IPv4 only\n");
|
||||
printf("-6 work using IPv6 only\n");
|
||||
printf("-f resolv.conf use given resolv.conf to resolve -u name\n");
|
||||
@ -540,6 +544,11 @@ resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
|
||||
ub_ctx_delete(ctx);
|
||||
exit(0);
|
||||
}
|
||||
if(!res->havedata || res->rcode || !res->data) {
|
||||
if(verb) printf("resolve %s %s: no result\n", host,
|
||||
(tp==LDNS_RR_TYPE_A)?"A":"AAAA");
|
||||
return;
|
||||
}
|
||||
for(i = 0; res->data[i]; i++) {
|
||||
struct ip_list* ip = RR_to_ip(tp, res->data[i], res->len[i],
|
||||
port);
|
||||
@ -1498,6 +1507,20 @@ xml_endelem(void *userData, const XML_Char *name)
|
||||
}
|
||||
}
|
||||
|
||||
/* Stop the parser when an entity declaration is encountered. For safety. */
|
||||
static void
|
||||
xml_entitydeclhandler(void *userData,
|
||||
const XML_Char *ATTR_UNUSED(entityName),
|
||||
int ATTR_UNUSED(is_parameter_entity),
|
||||
const XML_Char *ATTR_UNUSED(value), int ATTR_UNUSED(value_length),
|
||||
const XML_Char *ATTR_UNUSED(base),
|
||||
const XML_Char *ATTR_UNUSED(systemId),
|
||||
const XML_Char *ATTR_UNUSED(publicId),
|
||||
const XML_Char *ATTR_UNUSED(notationName))
|
||||
{
|
||||
(void)XML_StopParser((XML_Parser)userData, XML_FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* XML parser setup of the callbacks for the tags
|
||||
*/
|
||||
@ -1526,6 +1549,7 @@ xml_parse_setup(XML_Parser parser, struct xml_data* data, time_t now)
|
||||
if(verb) printf("out of memory\n");
|
||||
exit(0);
|
||||
}
|
||||
XML_SetEntityDeclHandler(parser, xml_entitydeclhandler);
|
||||
XML_SetElementHandler(parser, xml_startelem, xml_endelem);
|
||||
XML_SetCharacterDataHandler(parser, xml_charhandle);
|
||||
}
|
||||
@ -1603,12 +1627,113 @@ xml_parse(BIO* xml, time_t now)
|
||||
}
|
||||
}
|
||||
|
||||
/* get key usage out of its extension, returns 0 if no key_usage extension */
|
||||
static unsigned long
|
||||
get_usage_of_ex(X509* cert)
|
||||
{
|
||||
unsigned long val = 0;
|
||||
ASN1_BIT_STRING* s;
|
||||
if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) {
|
||||
if(s->length > 0) {
|
||||
val = s->data[0];
|
||||
if(s->length > 1)
|
||||
val |= s->data[1] << 8;
|
||||
}
|
||||
ASN1_BIT_STRING_free(s);
|
||||
}
|
||||
return val;
|
||||
}
|
||||
|
||||
/** get valid signers from the list of signers in the signature */
|
||||
static STACK_OF(X509)*
|
||||
get_valid_signers(PKCS7* p7, char* p7signer)
|
||||
{
|
||||
int i;
|
||||
STACK_OF(X509)* validsigners = sk_X509_new_null();
|
||||
STACK_OF(X509)* signers = PKCS7_get0_signers(p7, NULL, 0);
|
||||
unsigned long usage = 0;
|
||||
if(!validsigners) {
|
||||
if(verb) printf("out of memory\n");
|
||||
sk_X509_free(signers);
|
||||
return NULL;
|
||||
}
|
||||
if(!signers) {
|
||||
if(verb) printf("no signers in pkcs7 signature\n");
|
||||
sk_X509_free(validsigners);
|
||||
return NULL;
|
||||
}
|
||||
for(i=0; i<sk_X509_num(signers); i++) {
|
||||
X509_NAME* nm = X509_get_subject_name(
|
||||
sk_X509_value(signers, i));
|
||||
char buf[1024];
|
||||
if(!nm) {
|
||||
if(verb) printf("signer %d: cert has no subject name\n", i);
|
||||
continue;
|
||||
}
|
||||
if(verb && nm) {
|
||||
char* nmline = X509_NAME_oneline(nm, buf,
|
||||
(int)sizeof(buf));
|
||||
printf("signer %d: Subject: %s\n", i,
|
||||
nmline?nmline:"no subject");
|
||||
if(verb >= 3 && X509_NAME_get_text_by_NID(nm,
|
||||
NID_commonName, buf, (int)sizeof(buf)))
|
||||
printf("commonName: %s\n", buf);
|
||||
if(verb >= 3 && X509_NAME_get_text_by_NID(nm,
|
||||
NID_pkcs9_emailAddress, buf, (int)sizeof(buf)))
|
||||
printf("emailAddress: %s\n", buf);
|
||||
}
|
||||
if(verb) {
|
||||
int ku_loc = X509_get_ext_by_NID(
|
||||
sk_X509_value(signers, i), NID_key_usage, -1);
|
||||
if(verb >= 3 && ku_loc >= 0) {
|
||||
X509_EXTENSION *ex = X509_get_ext(
|
||||
sk_X509_value(signers, i), ku_loc);
|
||||
if(ex) {
|
||||
printf("keyUsage: ");
|
||||
X509V3_EXT_print_fp(stdout, ex, 0, 0);
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
if(!p7signer || strcmp(p7signer, "")==0) {
|
||||
/* there is no name to check, return all records */
|
||||
if(verb) printf("did not check commonName of signer\n");
|
||||
} else {
|
||||
if(!X509_NAME_get_text_by_NID(nm,
|
||||
NID_pkcs9_emailAddress,
|
||||
buf, (int)sizeof(buf))) {
|
||||
if(verb) printf("removed cert with no name\n");
|
||||
continue; /* no name, no use */
|
||||
}
|
||||
if(strcmp(buf, p7signer) != 0) {
|
||||
if(verb) printf("removed cert with wrong name\n");
|
||||
continue; /* wrong name, skip it */
|
||||
}
|
||||
}
|
||||
|
||||
/* check that the key usage allows digital signatures
|
||||
* (the p7s) */
|
||||
usage = get_usage_of_ex(sk_X509_value(signers, i));
|
||||
if(!(usage & KU_DIGITAL_SIGNATURE)) {
|
||||
if(verb) printf("removed cert with no key usage Digital Signature allowed\n");
|
||||
continue;
|
||||
}
|
||||
|
||||
/* we like this cert, add it to our list of valid
|
||||
* signers certificates */
|
||||
sk_X509_push(validsigners, sk_X509_value(signers, i));
|
||||
}
|
||||
sk_X509_free(signers);
|
||||
return validsigners;
|
||||
}
|
||||
|
||||
/** verify a PKCS7 signature, false on failure */
|
||||
static int
|
||||
verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust)
|
||||
verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
|
||||
{
|
||||
PKCS7* p7;
|
||||
X509_STORE *store = X509_STORE_new();
|
||||
STACK_OF(X509)* validsigners;
|
||||
int secure = 0;
|
||||
int i;
|
||||
#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
|
||||
@ -1630,6 +1755,9 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust)
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
|
||||
X509_VERIFY_PARAM_free(param);
|
||||
#endif
|
||||
|
||||
(void)BIO_reset(p7s);
|
||||
(void)BIO_reset(data);
|
||||
@ -1654,7 +1782,15 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust)
|
||||
}
|
||||
if(verb >= 2) printf("setup the X509_STORE\n");
|
||||
|
||||
if(PKCS7_verify(p7, NULL, store, data, NULL, 0) == 1) {
|
||||
/* check what is in the Subject name of the certificates,
|
||||
* and build a stack that contains only the right certificates */
|
||||
validsigners = get_valid_signers(p7, p7signer);
|
||||
if(!validsigners) {
|
||||
X509_STORE_free(store);
|
||||
PKCS7_free(p7);
|
||||
return 0;
|
||||
}
|
||||
if(PKCS7_verify(p7, validsigners, store, data, NULL, PKCS7_NOINTERN) == 1) {
|
||||
secure = 1;
|
||||
if(verb) printf("the PKCS7 signature verified\n");
|
||||
} else {
|
||||
@ -1663,6 +1799,7 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust)
|
||||
}
|
||||
}
|
||||
|
||||
sk_X509_free(validsigners);
|
||||
X509_STORE_free(store);
|
||||
PKCS7_free(p7);
|
||||
return secure;
|
||||
@ -1723,12 +1860,12 @@ write_root_anchor(char* root_anchor_file, BIO* ds)
|
||||
/** Perform the verification and update of the trustanchor file */
|
||||
static void
|
||||
verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
|
||||
STACK_OF(X509)* cert)
|
||||
STACK_OF(X509)* cert, char* p7signer)
|
||||
{
|
||||
BIO* ds;
|
||||
|
||||
/* verify xml file */
|
||||
if(!verify_p7sig(xml, p7s, cert)) {
|
||||
if(!verify_p7sig(xml, p7s, cert, p7signer)) {
|
||||
printf("the PKCS7 signature failed\n");
|
||||
exit(0);
|
||||
}
|
||||
@ -1752,7 +1889,7 @@ static void do_wsa_cleanup(void) { WSACleanup(); }
|
||||
/** perform actual certupdate work */
|
||||
static int
|
||||
do_certupdate(char* root_anchor_file, char* root_cert_file,
|
||||
char* urlname, char* xmlname, char* p7sname,
|
||||
char* urlname, char* xmlname, char* p7sname, char* p7signer,
|
||||
char* res_conf, char* root_hints, char* debugconf,
|
||||
int ip4only, int ip6only, int port, struct ub_result* dnskey)
|
||||
{
|
||||
@ -1785,7 +1922,7 @@ do_certupdate(char* root_anchor_file, char* root_cert_file,
|
||||
p7s = https(ip_list, p7sname, urlname);
|
||||
|
||||
/* verify and update the root anchor */
|
||||
verify_and_update_anchor(root_anchor_file, xml, p7s, cert);
|
||||
verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer);
|
||||
if(verb) printf("success: the anchor has been updated "
|
||||
"using the cert\n");
|
||||
|
||||
@ -2035,7 +2172,7 @@ probe_date_allows_certupdate(char* root_anchor_file)
|
||||
/** perform the unbound-anchor work */
|
||||
static int
|
||||
do_root_update_work(char* root_anchor_file, char* root_cert_file,
|
||||
char* urlname, char* xmlname, char* p7sname,
|
||||
char* urlname, char* xmlname, char* p7sname, char* p7signer,
|
||||
char* res_conf, char* root_hints, char* debugconf,
|
||||
int ip4only, int ip6only, int force, int port)
|
||||
{
|
||||
@ -2068,8 +2205,8 @@ do_root_update_work(char* root_anchor_file, char* root_cert_file,
|
||||
if((dnskey->rcode == 0 &&
|
||||
probe_date_allows_certupdate(root_anchor_file)) || force) {
|
||||
if(do_certupdate(root_anchor_file, root_cert_file, urlname,
|
||||
xmlname, p7sname, res_conf, root_hints, debugconf,
|
||||
ip4only, ip6only, port, dnskey))
|
||||
xmlname, p7sname, p7signer, res_conf, root_hints,
|
||||
debugconf, ip4only, ip6only, port, dnskey))
|
||||
return 1;
|
||||
return used_builtin;
|
||||
}
|
||||
@ -2092,12 +2229,13 @@ int main(int argc, char* argv[])
|
||||
char* urlname = URLNAME;
|
||||
char* xmlname = XMLNAME;
|
||||
char* p7sname = P7SNAME;
|
||||
char* p7signer = P7SIGNER;
|
||||
char* res_conf = NULL;
|
||||
char* root_hints = NULL;
|
||||
char* debugconf = NULL;
|
||||
int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
|
||||
/* parse the options */
|
||||
while( (c=getopt(argc, argv, "46C:FP:a:c:f:hlr:s:u:vx:")) != -1) {
|
||||
while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) {
|
||||
switch(c) {
|
||||
case 'l':
|
||||
dolist = 1;
|
||||
@ -2123,6 +2261,9 @@ int main(int argc, char* argv[])
|
||||
case 's':
|
||||
p7sname = optarg;
|
||||
break;
|
||||
case 'n':
|
||||
p7signer = optarg;
|
||||
break;
|
||||
case 'f':
|
||||
res_conf = optarg;
|
||||
break;
|
||||
@ -2160,6 +2301,6 @@ int main(int argc, char* argv[])
|
||||
if(dolist) do_list_builtin();
|
||||
|
||||
return do_root_update_work(root_anchor_file, root_cert_file, urlname,
|
||||
xmlname, p7sname, res_conf, root_hints, debugconf, ip4only,
|
||||
ip6only, force, port);
|
||||
xmlname, p7sname, p7signer, res_conf, root_hints, debugconf,
|
||||
ip4only, ip6only, force, port);
|
||||
}
|
||||
|
@ -68,6 +68,7 @@ usage()
|
||||
printf("Options:\n");
|
||||
printf(" -c file config file, default is %s\n", CONFIGFILE);
|
||||
printf(" -s ip[@port] server address, if omitted config is used.\n");
|
||||
printf(" -q quiet (don't print anything if it works ok).\n");
|
||||
printf(" -h show this usage help.\n");
|
||||
printf("Commands:\n");
|
||||
printf(" start start server; runs unbound(8)\n");
|
||||
@ -93,6 +94,7 @@ usage()
|
||||
printf(" flush_type <name> <type> flush name, type from cache\n");
|
||||
printf(" flush_zone <name> flush everything at or under name\n");
|
||||
printf(" from rr and dnssec caches\n");
|
||||
printf(" flush_bogus flush all bogus data\n");
|
||||
printf(" flush_stats flush statistics, make zero\n");
|
||||
printf(" flush_requestlist drop queries that are worked on\n");
|
||||
printf(" dump_requestlist show what is worked on\n");
|
||||
@ -262,7 +264,7 @@ send_file(SSL* ssl, FILE* in, char* buf, size_t sz)
|
||||
|
||||
/** send command and display result */
|
||||
static int
|
||||
go_cmd(SSL* ssl, int argc, char* argv[])
|
||||
go_cmd(SSL* ssl, int quiet, int argc, char* argv[])
|
||||
{
|
||||
char pre[10];
|
||||
const char* space=" ";
|
||||
@ -296,9 +298,12 @@ go_cmd(SSL* ssl, int argc, char* argv[])
|
||||
ssl_err("could not SSL_read");
|
||||
}
|
||||
buf[r] = 0;
|
||||
printf("%s", buf);
|
||||
if(first_line && strncmp(buf, "error", 5) == 0)
|
||||
if(first_line && strncmp(buf, "error", 5) == 0) {
|
||||
printf("%s", buf);
|
||||
was_error = 1;
|
||||
} else if (!quiet)
|
||||
printf("%s", buf);
|
||||
|
||||
first_line = 0;
|
||||
}
|
||||
return was_error;
|
||||
@ -306,7 +311,7 @@ go_cmd(SSL* ssl, int argc, char* argv[])
|
||||
|
||||
/** go ahead and read config, contact server and perform command and display */
|
||||
static int
|
||||
go(const char* cfgfile, char* svr, int argc, char* argv[])
|
||||
go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
|
||||
{
|
||||
struct config_file* cfg;
|
||||
int fd, ret;
|
||||
@ -327,7 +332,7 @@ go(const char* cfgfile, char* svr, int argc, char* argv[])
|
||||
ssl = setup_ssl(ctx, fd);
|
||||
|
||||
/* send command */
|
||||
ret = go_cmd(ssl, argc, argv);
|
||||
ret = go_cmd(ssl, quiet, argc, argv);
|
||||
|
||||
SSL_free(ssl);
|
||||
#ifndef USE_WINSOCK
|
||||
@ -349,6 +354,7 @@ extern char* optarg;
|
||||
int main(int argc, char* argv[])
|
||||
{
|
||||
int c, ret;
|
||||
int quiet = 0;
|
||||
const char* cfgfile = CONFIGFILE;
|
||||
char* svr = NULL;
|
||||
#ifdef USE_WINSOCK
|
||||
@ -379,7 +385,8 @@ int main(int argc, char* argv[])
|
||||
if(!RAND_status()) {
|
||||
/* try to seed it */
|
||||
unsigned char buf[256];
|
||||
unsigned int v, seed=(unsigned)time(NULL) ^ (unsigned)getpid();
|
||||
unsigned int seed=(unsigned)time(NULL) ^ (unsigned)getpid();
|
||||
unsigned int v = seed;
|
||||
size_t i;
|
||||
for(i=0; i<256/sizeof(v); i++) {
|
||||
memmove(buf+i*sizeof(v), &v, sizeof(v));
|
||||
@ -390,7 +397,7 @@ int main(int argc, char* argv[])
|
||||
}
|
||||
|
||||
/* parse the options */
|
||||
while( (c=getopt(argc, argv, "c:s:h")) != -1) {
|
||||
while( (c=getopt(argc, argv, "c:s:qh")) != -1) {
|
||||
switch(c) {
|
||||
case 'c':
|
||||
cfgfile = optarg;
|
||||
@ -398,6 +405,9 @@ int main(int argc, char* argv[])
|
||||
case 's':
|
||||
svr = optarg;
|
||||
break;
|
||||
case 'q':
|
||||
quiet = 1;
|
||||
break;
|
||||
case '?':
|
||||
case 'h':
|
||||
default:
|
||||
@ -416,7 +426,7 @@ int main(int argc, char* argv[])
|
||||
}
|
||||
}
|
||||
|
||||
ret = go(cfgfile, svr, argc, argv);
|
||||
ret = go(cfgfile, svr, quiet, argc, argv);
|
||||
|
||||
#ifdef USE_WINSOCK
|
||||
WSACleanup();
|
||||
|
@ -61,6 +61,10 @@
|
||||
#endif
|
||||
#include "libunbound/unbound.h"
|
||||
#include <ldns/ldns.h>
|
||||
#ifdef HAVE_NSS
|
||||
/* nss3 */
|
||||
#include "nss.h"
|
||||
#endif
|
||||
|
||||
/** verbosity for unbound-host app */
|
||||
static int verb = 0;
|
||||
@ -509,6 +513,12 @@ int main(int argc, char* argv[])
|
||||
if(argc != 1)
|
||||
usage();
|
||||
|
||||
#ifdef HAVE_NSS
|
||||
if(NSS_NoDB_Init(".") != SECSuccess) {
|
||||
fprintf(stderr, "could not init NSS\n");
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
lookup(ctx, argv[0], qtype, qclass);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1041,14 +1041,13 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
|
||||
int ATTR_UNUSED(tcp_upstream), int ATTR_UNUSED(ssl_upstream),
|
||||
struct sockaddr_storage* addr, socklen_t addrlen, uint8_t* zone,
|
||||
size_t zonelen, comm_point_callback_t* callback, void* callback_arg,
|
||||
ldns_buffer* ATTR_UNUSED(buff), int (*arg_compare)(void*,void*))
|
||||
ldns_buffer* ATTR_UNUSED(buff))
|
||||
{
|
||||
struct replay_runtime* runtime = (struct replay_runtime*)outnet->base;
|
||||
struct fake_pending* pend = (struct fake_pending*)calloc(1,
|
||||
sizeof(struct fake_pending));
|
||||
char z[256];
|
||||
ldns_status status;
|
||||
(void)arg_compare;
|
||||
log_assert(pend);
|
||||
log_nametypeclass(VERB_OPS, "pending serviced query",
|
||||
qname, qtype, qclass);
|
||||
|
@ -323,7 +323,7 @@ data_buffer2wire(ldns_buffer *data_buffer)
|
||||
uint8_t *hexbuf;
|
||||
int hexbufpos = 0;
|
||||
size_t wirelen;
|
||||
uint8_t *data_wire = (uint8_t *) ldns_buffer_export(data_buffer);
|
||||
uint8_t *data_wire = (uint8_t *) ldns_buffer_begin(data_buffer);
|
||||
uint8_t *wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
|
||||
|
||||
hexbuf = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
|
||||
@ -340,6 +340,12 @@ data_buffer2wire(ldns_buffer *data_buffer)
|
||||
(c >= 'a' && c <= 'f') ||
|
||||
(c >= 'A' && c <= 'F') )
|
||||
{
|
||||
if (hexbufpos >= LDNS_MAX_PACKETLEN) {
|
||||
error("buffer overflow");
|
||||
LDNS_FREE(hexbuf);
|
||||
return 0;
|
||||
|
||||
}
|
||||
hexbuf[hexbufpos] = (uint8_t) c;
|
||||
hexbufpos++;
|
||||
} else if (c == ';') {
|
||||
@ -354,14 +360,14 @@ data_buffer2wire(ldns_buffer *data_buffer)
|
||||
}
|
||||
break;
|
||||
case 2:
|
||||
if (hexbufpos >= LDNS_MAX_PACKETLEN) {
|
||||
error("buffer overflow");
|
||||
LDNS_FREE(hexbuf);
|
||||
return 0;
|
||||
}
|
||||
hexbuf[hexbufpos] = (uint8_t) c;
|
||||
hexbufpos++;
|
||||
break;
|
||||
default:
|
||||
error("unknown state while reading");
|
||||
LDNS_FREE(hexbuf);
|
||||
return 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -371,6 +377,11 @@ data_buffer2wire(ldns_buffer *data_buffer)
|
||||
|
||||
/* lenient mode: length must be multiple of 2 */
|
||||
if (hexbufpos % 2 != 0) {
|
||||
if (hexbufpos >= LDNS_MAX_PACKETLEN) {
|
||||
error("buffer overflow");
|
||||
LDNS_FREE(hexbuf);
|
||||
return 0;
|
||||
}
|
||||
hexbuf[hexbufpos] = (uint8_t) '0';
|
||||
hexbufpos++;
|
||||
}
|
||||
@ -415,7 +426,7 @@ get_origin(const char* name, int lineno, ldns_rdf** origin, char* parse)
|
||||
/* Reads one entry from file. Returns entry or NULL on error. */
|
||||
struct entry*
|
||||
read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
|
||||
ldns_rdf** origin, ldns_rdf** prev_rr)
|
||||
ldns_rdf** origin, ldns_rdf** prev_rr, int skip_whitespace)
|
||||
{
|
||||
struct entry* current = NULL;
|
||||
char line[MAX_LINE];
|
||||
@ -485,7 +496,10 @@ read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
|
||||
reading_hex = false;
|
||||
cur_reply->reply_from_hex = data_buffer2wire(hex_data_buffer);
|
||||
ldns_buffer_free(hex_data_buffer);
|
||||
hex_data_buffer = NULL;
|
||||
} else if(str_keyword(&parse, "ENTRY_END")) {
|
||||
if (hex_data_buffer)
|
||||
ldns_buffer_free(hex_data_buffer);
|
||||
return current;
|
||||
} else if(reading_hex) {
|
||||
ldns_buffer_printf(hex_data_buffer, line);
|
||||
@ -493,14 +507,17 @@ read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
|
||||
/* it must be a RR, parse and add to packet. */
|
||||
ldns_rr* n = NULL;
|
||||
ldns_status status;
|
||||
char* rrstr = line;
|
||||
if (skip_whitespace)
|
||||
rrstr = parse;
|
||||
if(add_section == LDNS_SECTION_QUESTION)
|
||||
status = ldns_rr_new_question_frm_str(
|
||||
&n, parse, *origin, prev_rr);
|
||||
else status = ldns_rr_new_frm_str(&n, parse,
|
||||
&n, rrstr, *origin, prev_rr);
|
||||
else status = ldns_rr_new_frm_str(&n, rrstr,
|
||||
*default_ttl, *origin, prev_rr);
|
||||
if(status != LDNS_STATUS_OK)
|
||||
error("%s line %d:\n\t%s: %s", name, *lineno,
|
||||
ldns_get_errorstr_by_id(status), parse);
|
||||
ldns_get_errorstr_by_id(status), rrstr);
|
||||
ldns_pkt_push_rr(cur_reply->reply, add_section, n);
|
||||
}
|
||||
|
||||
@ -518,7 +535,7 @@ read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
|
||||
|
||||
/* reads the canned reply file and returns a list of structs */
|
||||
struct entry*
|
||||
read_datafile(const char* name)
|
||||
read_datafile(const char* name, int skip_whitespace)
|
||||
{
|
||||
struct entry* list = NULL;
|
||||
struct entry* last = NULL;
|
||||
@ -535,7 +552,7 @@ read_datafile(const char* name)
|
||||
}
|
||||
|
||||
while((current = read_entry(in, name, &lineno, &default_ttl,
|
||||
&origin, &prev_rr)))
|
||||
&origin, &prev_rr, skip_whitespace)))
|
||||
{
|
||||
if(last)
|
||||
last->next = current;
|
||||
@ -815,7 +832,7 @@ handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count,
|
||||
/* still try to adjust ID */
|
||||
answer_size = ldns_buffer_capacity(p->reply_from_hex);
|
||||
outbuf = LDNS_XMALLOC(uint8_t, answer_size);
|
||||
memcpy(outbuf, ldns_buffer_export(p->reply_from_hex), answer_size);
|
||||
memcpy(outbuf, ldns_buffer_begin(p->reply_from_hex), answer_size);
|
||||
if(entry->copy_id) {
|
||||
ldns_write_uint16(outbuf,
|
||||
ldns_pkt_id(query_pkt));
|
||||
|
@ -197,8 +197,10 @@ struct entry {
|
||||
/**
|
||||
* reads the canned reply file and returns a list of structs
|
||||
* does an exit on error.
|
||||
* @param name: name of the file to read.
|
||||
* @param skip_whitespace: skip leftside whitespace.
|
||||
*/
|
||||
struct entry* read_datafile(const char* name);
|
||||
struct entry* read_datafile(const char* name, int skip_whitespace);
|
||||
|
||||
/**
|
||||
* Delete linked list of entries.
|
||||
@ -217,10 +219,12 @@ void delete_entry(struct entry* list);
|
||||
* later it stores the $ORIGIN value last seen. Often &NULL or the zone
|
||||
* name on first call.
|
||||
* @param prev_rr: previous rr name for correcter parsing. &NULL on first call.
|
||||
* @param skip_whitespace: skip leftside whitespace.
|
||||
* @return: The entry read (malloced) or NULL if no entry could be read.
|
||||
*/
|
||||
struct entry* read_entry(FILE* in, const char* name, int *lineno,
|
||||
uint32_t* default_ttl, ldns_rdf** origin, ldns_rdf** prev_rr);
|
||||
uint32_t* default_ttl, ldns_rdf** origin, ldns_rdf** prev_rr,
|
||||
int skip_whitespace);
|
||||
|
||||
/**
|
||||
* finds entry in list, or returns NULL.
|
||||
|
@ -193,7 +193,7 @@ replay_range_read(char* remain, FILE* in, const char* name, int* lineno,
|
||||
/* set position before line; read entry */
|
||||
(*lineno)--;
|
||||
fseeko(in, pos, SEEK_SET);
|
||||
entry = read_entry(in, name, lineno, ttl, or, prev);
|
||||
entry = read_entry(in, name, lineno, ttl, or, prev, 1);
|
||||
if(!entry)
|
||||
fatal_exit("%d: bad entry", *lineno);
|
||||
entry->next = NULL;
|
||||
@ -393,7 +393,7 @@ replay_moment_read(char* remain, FILE* in, const char* name, int* lineno,
|
||||
}
|
||||
|
||||
if(readentry) {
|
||||
mom->match = read_entry(in, name, lineno, ttl, or, prev);
|
||||
mom->match = read_entry(in, name, lineno, ttl, or, prev, 1);
|
||||
if(!mom->match) {
|
||||
free(mom);
|
||||
return NULL;
|
||||
|
@ -281,7 +281,7 @@ main(int argc, char* argv[])
|
||||
printf("selftest successful\n");
|
||||
exit(0);
|
||||
case '2':
|
||||
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
||||
#if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS)) && defined(USE_SHA2)
|
||||
printf("SHA256 supported\n");
|
||||
exit(0);
|
||||
#else
|
||||
|
@ -55,6 +55,12 @@
|
||||
#ifdef HAVE_OPENSSL_ENGINE_H
|
||||
#include <openssl/engine.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NSS
|
||||
/* nss3 */
|
||||
#include "nss.h"
|
||||
#endif
|
||||
|
||||
#include <ldns/ldns.h>
|
||||
#include "util/log.h"
|
||||
#include "testcode/unitmain.h"
|
||||
@ -555,13 +561,18 @@ main(int argc, char* argv[])
|
||||
return 1;
|
||||
}
|
||||
printf("Start of %s unit test.\n", PACKAGE_STRING);
|
||||
#ifdef HAVE_SSL
|
||||
ERR_load_crypto_strings();
|
||||
#ifdef HAVE_OPENSSL_CONFIG
|
||||
# ifdef HAVE_OPENSSL_CONFIG
|
||||
OPENSSL_config("unbound");
|
||||
#endif
|
||||
#ifdef USE_GOST
|
||||
# endif
|
||||
# ifdef USE_GOST
|
||||
(void)ldns_key_EVP_load_gost_id();
|
||||
#endif
|
||||
# endif
|
||||
#elif defined(HAVE_NSS)
|
||||
if(NSS_NoDB_Init(".") != SECSuccess)
|
||||
fatal_exit("could not init NSS");
|
||||
#endif /* HAVE_SSL or HAVE_NSS*/
|
||||
checklock_start();
|
||||
neg_test();
|
||||
rnd_test();
|
||||
@ -579,18 +590,23 @@ main(int argc, char* argv[])
|
||||
msgparse_test();
|
||||
checklock_stop();
|
||||
printf("%d checks ok.\n", testcount);
|
||||
#if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
|
||||
#ifdef HAVE_SSL
|
||||
# if defined(USE_GOST) && defined(HAVE_LDNS_KEY_EVP_UNLOAD_GOST)
|
||||
ldns_key_EVP_unload_gost();
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_CONFIG
|
||||
# endif
|
||||
# ifdef HAVE_OPENSSL_CONFIG
|
||||
EVP_cleanup();
|
||||
ENGINE_cleanup();
|
||||
CONF_modules_free();
|
||||
#endif
|
||||
# endif
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
ERR_remove_state(0);
|
||||
ERR_free_strings();
|
||||
RAND_cleanup();
|
||||
#elif defined(HAVE_NSS)
|
||||
if(NSS_Shutdown() != SECSuccess)
|
||||
fatal_exit("could not shutdown NSS");
|
||||
#endif /* HAVE_SSL or HAVE_NSS */
|
||||
#ifdef HAVE_PTHREAD
|
||||
/* dlopen frees its thread specific state */
|
||||
pthread_exit(NULL);
|
||||
|
@ -42,6 +42,7 @@
|
||||
#include "util/log.h"
|
||||
#include "testcode/unitmain.h"
|
||||
#include "validator/val_sigcrypt.h"
|
||||
#include "validator/val_secalgo.h"
|
||||
#include "validator/val_nsec.h"
|
||||
#include "validator/val_nsec3.h"
|
||||
#include "validator/validator.h"
|
||||
@ -297,7 +298,7 @@ verifytest_file(const char* fname, const char* at_date)
|
||||
struct alloc_cache alloc;
|
||||
ldns_buffer* buf = ldns_buffer_new(65535);
|
||||
struct entry* e;
|
||||
struct entry* list = read_datafile(fname);
|
||||
struct entry* list = read_datafile(fname, 1);
|
||||
struct module_env env;
|
||||
struct val_env ve;
|
||||
uint32_t now = time(NULL);
|
||||
@ -341,7 +342,7 @@ dstest_file(const char* fname)
|
||||
struct alloc_cache alloc;
|
||||
ldns_buffer* buf = ldns_buffer_new(65535);
|
||||
struct entry* e;
|
||||
struct entry* list = read_datafile(fname);
|
||||
struct entry* list = read_datafile(fname, 1);
|
||||
struct module_env env;
|
||||
|
||||
if(!list)
|
||||
@ -474,7 +475,7 @@ nsec3_hash_test(const char* fname)
|
||||
struct alloc_cache alloc;
|
||||
ldns_buffer* buf = ldns_buffer_new(65535);
|
||||
struct entry* e;
|
||||
struct entry* list = read_datafile(fname);
|
||||
struct entry* list = read_datafile(fname, 1);
|
||||
|
||||
if(!list)
|
||||
fatal_exit("could not read %s: %s", fname, strerror(errno));
|
||||
@ -505,12 +506,12 @@ verify_test(void)
|
||||
verifytest_file("testdata/test_signatures.6", "20080416005004");
|
||||
verifytest_file("testdata/test_signatures.7", "20070829144150");
|
||||
verifytest_file("testdata/test_signatures.8", "20070829144150");
|
||||
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
||||
#if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS)) && defined(USE_SHA2)
|
||||
verifytest_file("testdata/test_sigs.rsasha256", "20070829144150");
|
||||
verifytest_file("testdata/test_sigs.sha1_and_256", "20070829144150");
|
||||
verifytest_file("testdata/test_sigs.rsasha256_draft", "20090101000000");
|
||||
#endif
|
||||
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
|
||||
#if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS)) && defined(USE_SHA2)
|
||||
verifytest_file("testdata/test_sigs.rsasha512_draft", "20070829144150");
|
||||
#endif
|
||||
verifytest_file("testdata/test_sigs.hinfo", "20090107100022");
|
||||
@ -521,8 +522,11 @@ verify_test(void)
|
||||
else printf("Warning: skipped GOST, openssl does not provide gost.\n");
|
||||
#endif
|
||||
#ifdef USE_ECDSA
|
||||
verifytest_file("testdata/test_sigs.ecdsa_p256", "20100908100439");
|
||||
verifytest_file("testdata/test_sigs.ecdsa_p384", "20100908100439");
|
||||
/* test for support in case we use libNSS and ECC is removed */
|
||||
if(dnskey_algo_id_is_supported(LDNS_ECDSAP256SHA256)) {
|
||||
verifytest_file("testdata/test_sigs.ecdsa_p256", "20100908100439");
|
||||
verifytest_file("testdata/test_sigs.ecdsa_p384", "20100908100439");
|
||||
}
|
||||
dstest_file("testdata/test_ds.sha384");
|
||||
#endif
|
||||
dstest_file("testdata/test_ds.sha1");
|
||||
|
BIN
testdata/09-unbound-control.tpkg
vendored
BIN
testdata/09-unbound-control.tpkg
vendored
Binary file not shown.
BIN
testdata/10-unbound-anchor.tpkg
vendored
BIN
testdata/10-unbound-anchor.tpkg
vendored
Binary file not shown.
2
testdata/common.sh
vendored
2
testdata/common.sh
vendored
@ -116,7 +116,7 @@ get_random_port () {
|
||||
# depending on uname try to check for collisions in port numbers
|
||||
case "`uname`" in
|
||||
linux|Linux)
|
||||
plist=`netstat -n -A ip -A ip6 -a | sed -e 's/^.*:\([0-9]*\) .*$/\1/'`
|
||||
plist=`netstat -n -A ip -A ip6 -a 2>/dev/null | sed -e 's/^.*:\([0-9]*\) .*$/\1/'`
|
||||
;;
|
||||
FreeBSD|freebsd|NetBSD|netbsd|OpenBSD|openbsd)
|
||||
plist=`netstat -n -a | grep "^[ut][dc]p[46] " | sed -e 's/^.*\.\([0-9]*\) .*$/\1/'`
|
||||
|
BIN
testdata/fwd_zero.tpkg
vendored
BIN
testdata/fwd_zero.tpkg
vendored
Binary file not shown.
296
testdata/iter_ds_locate_ns_detach.rpl
vendored
Normal file
296
testdata/iter_ds_locate_ns_detach.rpl
vendored
Normal file
@ -0,0 +1,296 @@
|
||||
; config options
|
||||
server:
|
||||
target-fetch-policy: "3 2 1 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test locate of NS records for DS and with detached queries
|
||||
; the additional targets looked up cause detached queries.
|
||||
; hence the target fetch policy is increased above.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
k.root-servers.net. IN A
|
||||
SECTION ANSWER
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
SECTION AUTHORITY
|
||||
root-servers.net. IN NS K.ROOT-SERVERS.NET.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
k.root-servers.net. IN AAAA
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
root-servers.net. IN SOA K.ROOT-SERVERS.NET. hostmaster. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
net. IN DS
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
. IN SOA K.ROOT-SERVERS.NET. hostmaster. 1 2 3 4 5
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.server.net.
|
||||
net. IN NS b.server.net.
|
||||
net. IN NS c.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.server.net.
|
||||
; The b.server.net and c.server.net servers are here to cause
|
||||
; extra lookups to be generated (to create detached queries in the
|
||||
; iterator), there is no IP address that answers for them set up.
|
||||
; force DSNSFind, we host a grandchild zone.
|
||||
; also, this range of steps is without responses for b and c, so that
|
||||
; they can be force to happen later (after the DSNS is activated).
|
||||
RANGE_BEGIN 0 20
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
net. IN NS
|
||||
SECTION ANSWER
|
||||
net. IN NS a.server.net.
|
||||
net. IN NS b.server.net.
|
||||
net. IN NS c.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
a.server.net. IN A
|
||||
SECTION ANSWER
|
||||
a.server.net. IN A 192.5.6.30
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.server.net.
|
||||
net. IN NS b.server.net.
|
||||
net. IN NS c.server.net.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
a.sub.example.net. IN DS
|
||||
SECTION AUTHORITY
|
||||
sub.example.net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
sub.example.net. IN NS
|
||||
SECTION ANSWER
|
||||
sub.example.net. IN NS a.server.net.
|
||||
sub.example.net. IN NS b.server.net.
|
||||
sub.example.net. IN NS c.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
a.sub.example.net. IN A
|
||||
SECTION AUTHORITY
|
||||
sub.example.net. IN NS a.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.server.net range with all the answers (to finish the test).
|
||||
RANGE_BEGIN 30 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
net. IN NS
|
||||
SECTION ANSWER
|
||||
net. IN NS a.server.net.
|
||||
net. IN NS b.server.net.
|
||||
net. IN NS c.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
a.server.net. IN A
|
||||
SECTION ANSWER
|
||||
a.server.net. IN A 192.5.6.30
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.server.net.
|
||||
net. IN NS b.server.net.
|
||||
net. IN NS c.server.net.
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
a.server.net. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
b.server.net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
b.server.net. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
c.server.net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
c.server.net. IN AAAA
|
||||
SECTION AUTHORITY
|
||||
net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
a.sub.example.net. IN DS
|
||||
SECTION AUTHORITY
|
||||
sub.example.net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
sub.example.net. IN NS
|
||||
SECTION ANSWER
|
||||
sub.example.net. IN NS a.server.net.
|
||||
sub.example.net. IN NS b.server.net.
|
||||
sub.example.net. IN NS c.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
a.sub.example.net. IN A
|
||||
SECTION AUTHORITY
|
||||
sub.example.net. IN NS a.server.net.
|
||||
SECTION ADDITIONAL
|
||||
a.server.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
a.sub.example.net. IN DS
|
||||
ENTRY_END
|
||||
|
||||
; make traffic flow at this time
|
||||
STEP 15 TRAFFIC
|
||||
|
||||
STEP 20 TRAFFIC
|
||||
|
||||
STEP 40 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA NOERROR
|
||||
SECTION QUESTION
|
||||
a.sub.example.net. IN DS
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
sub.example.net. IN SOA a.gtld-servers.net. hostmaster. 2 3 4 5 6
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
STEP 50 TRAFFIC
|
||||
|
||||
SCENARIO_END
|
BIN
testdata/nss_compile.tpkg
vendored
Normal file
BIN
testdata/nss_compile.tpkg
vendored
Normal file
Binary file not shown.
208
testdata/val_cnametocnamewctoposwc.rpl
vendored
Normal file
208
testdata/val_cnametocnamewctoposwc.rpl
vendored
Normal file
@ -0,0 +1,208 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b"
|
||||
val-override-date: "-1"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 120 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b}
|
||||
example.com. 3600 IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s=
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION ANSWER
|
||||
start.example.com. 3600 IN CNAME x.y.z.wc.example.com.
|
||||
start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0=
|
||||
x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com.
|
||||
x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
|
||||
SECTION AUTHORITY
|
||||
*.wc.example.com. 86400 IN NSEC www.example.com. CNAME RRSIG NSEC
|
||||
*.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
|
||||
*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC
|
||||
*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
x.y.z.wc.example.com. IN A
|
||||
SECTION ANSWER
|
||||
x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com.
|
||||
x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
|
||||
SECTION AUTHORITY
|
||||
*.wc.example.com. 86400 IN NSEC www.example.com. CNAME RRSIG NSEC
|
||||
*.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
|
||||
*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC
|
||||
*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY=
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGING
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
x.y.z.end.example.com. IN A
|
||||
SECTION ANSWER
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
|
||||
SECTION AUTHORITY
|
||||
*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC
|
||||
*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA AD NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION ANSWER
|
||||
start.example.com. 3600 IN CNAME x.y.z.wc.example.com.
|
||||
start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0=
|
||||
x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com.
|
||||
x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI=
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE=
|
||||
SECTION AUTHORITY
|
||||
*.wc.example.com. 86400 IN NSEC www.example.com. CNAME RRSIG NSEC
|
||||
*.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU=
|
||||
*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC
|
||||
*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
262
testdata/val_cnametonodata_nonsec.rpl
vendored
Normal file
262
testdata/val_cnametonodata_nonsec.rpl
vendored
Normal file
@ -0,0 +1,262 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with cname to nodata
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
net. IN NS
|
||||
SECTION ANSWER
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.net. IN A
|
||||
SECTION AUTHORITY
|
||||
example.net. IN NS ns.example.net.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.net. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
; NSEC here ...
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN CNAME www.example.net.
|
||||
www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.5
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.net. IN NS
|
||||
SECTION ANSWER
|
||||
example.net. IN NS ns.example.net.
|
||||
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.net. IN A 1.2.3.5
|
||||
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.net. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
|
||||
example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
|
||||
SECTION AUTHORITY
|
||||
example.net. IN NS ns.example.net.
|
||||
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.net. IN A 1.2.3.5
|
||||
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.net. IN AAAA
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
; NSEC here
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.net. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
;www.example.net. IN NSEC example.net. MX NSEC RRSIG
|
||||
;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.net. IN DS
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
www.example.net. IN NSEC example.net. MX NSEC RRSIG
|
||||
www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899}
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
275
testdata/val_ds_cnamesub.rpl
vendored
Normal file
275
testdata/val_ds_cnamesub.rpl
vendored
Normal file
@ -0,0 +1,275 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with CNAME response to DS in chain of trust
|
||||
; the CNAME is at a nonempty nonterminal name in the parent zone.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
net. IN A
|
||||
SECTION AUTHORITY
|
||||
net. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
SECTION ANSWER
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
example.net. IN A
|
||||
SECTION AUTHORITY
|
||||
example.net. IN NS ns.example.net.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.net. IN A 1.2.3.6
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
SECTION ANSWER
|
||||
; not legal NOERROR/NODATA response, but leniently accepted (not validated)
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400
|
||||
;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DS query for a.example.com, a CNAME
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
a.example.com. IN DS
|
||||
SECTION ANSWER
|
||||
a.example.com. IN CNAME zzz.example.net.
|
||||
a.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc=
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; response to DS query for sub.a.example.com.
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
sub.a.example.com. IN DS
|
||||
SECTION ANSWER
|
||||
sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649
|
||||
sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; delegation down
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
sub.a.example.com. IN NS
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649
|
||||
sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw=
|
||||
sub.a.example.com. IN NS ns.sub.a.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.sub.a.example.com. IN A 1.2.3.5
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.sub.a.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.5
|
||||
|
||||
; DNSKEY query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
sub.a.example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
sub.a.example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b}
|
||||
sub.a.example.com. 3600 IN RRSIG DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ=
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
www.sub.a.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.sub.a.example.com. IN A 10.20.30.40
|
||||
www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; ns.example.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.6
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA NOERROR
|
||||
SECTION QUESTION
|
||||
zzz.example.net. IN DS
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
example.net. IN SOA root. host. 1 2 3 4 5
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
www.sub.a.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA AD NOERROR
|
||||
SECTION QUESTION
|
||||
www.sub.a.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.sub.a.example.com. 3600 IN A 10.20.30.40
|
||||
www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA=
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
206
testdata/val_nsec3_cnametocnamewctoposwc.rpl
vendored
Normal file
206
testdata/val_nsec3_cnametocnamewctoposwc.rpl
vendored
Normal file
@ -0,0 +1,206 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b"
|
||||
val-override-date: "-1"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 120 IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b}
|
||||
example.com. 3600 IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s=
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
; response to query of interest
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION ANSWER
|
||||
start.example.com. 3600 IN CNAME x.y.z.wc.example.com.
|
||||
start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g=
|
||||
x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com.
|
||||
x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
|
||||
SECTION AUTHORITY
|
||||
; H(z.wc.example.com.) = isn85psesctb6afn2q105mv966tqqepi.
|
||||
isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
|
||||
isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
|
||||
; H(z.end.example.com.) = a62608t4becqb6233m87ar7a3648rj3b.
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
x.y.z.wc.example.com. IN A
|
||||
SECTION ANSWER
|
||||
x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com.
|
||||
x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
|
||||
SECTION AUTHORITY
|
||||
isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
|
||||
isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGING
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
x.y.z.end.example.com. IN A
|
||||
SECTION ANSWER
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
|
||||
SECTION AUTHORITY
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA AD NOERROR
|
||||
SECTION QUESTION
|
||||
start.example.com. IN A
|
||||
SECTION ANSWER
|
||||
start.example.com. 3600 IN CNAME x.y.z.wc.example.com.
|
||||
start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g=
|
||||
x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com.
|
||||
x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ=
|
||||
x.y.z.end.example.com. 3600 IN A 1.2.3.5
|
||||
x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo=
|
||||
SECTION AUTHORITY
|
||||
isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG
|
||||
isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg=
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG
|
||||
a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ=
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U=
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk=
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
200
testdata/val_nsec3_entnodata_optout.rpl
vendored
Normal file
200
testdata/val_nsec3_entnodata_optout.rpl
vendored
Normal file
@ -0,0 +1,200 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA REFUSED
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA REFUSED
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
|
||||
example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
|
||||
|
||||
; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
|
||||
s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
|
||||
s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
|
||||
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN DS
|
||||
SECTION AUTHORITY
|
||||
; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
|
||||
; OPTOUT
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
|
||||
; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
|
||||
; OPTOUT SPAN around it
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
|
||||
ENTRY_END
|
||||
|
||||
; refer to server one down
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
|
||||
; OPTOUT
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
|
||||
; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
|
||||
; OPTOUT SPAN around it
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA DO NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
196
testdata/val_nsec3_entnodata_optout_badopt.rpl
vendored
Normal file
196
testdata/val_nsec3_entnodata_optout_badopt.rpl
vendored
Normal file
@ -0,0 +1,196 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA REFUSED
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA REFUSED
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
|
||||
example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
|
||||
|
||||
; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
|
||||
s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
|
||||
s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
|
||||
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN DS
|
||||
SECTION AUTHORITY
|
||||
; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
|
||||
; OPTOUT
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
|
||||
; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
|
||||
; the span does not have OPTOUT
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k=
|
||||
ENTRY_END
|
||||
|
||||
; refer to server one down
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
|
||||
; OPTOUT
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
|
||||
; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
|
||||
; the span does not have OPTOUT
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k=
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA DO SERVFAIL
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
200
testdata/val_nsec3_entnodata_optout_match.rpl
vendored
Normal file
200
testdata/val_nsec3_entnodata_optout_match.rpl
vendored
Normal file
@ -0,0 +1,200 @@
|
||||
; config options
|
||||
; The island of trust is at example.com
|
||||
server:
|
||||
trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
|
||||
val-override-date: "20070916134226"
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test validator NODATA ENT with nsec3 optout matches the ent.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION ANSWER
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA REFUSED
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR AA REFUSED
|
||||
SECTION QUESTION
|
||||
ns.example.com. IN AAAA
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION ANSWER
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
; response to DNSKEY priming query
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
||||
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
|
||||
example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854}
|
||||
|
||||
; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3
|
||||
s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG
|
||||
s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854}
|
||||
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN DS
|
||||
SECTION AUTHORITY
|
||||
; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
|
||||
; OPTOUT
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
|
||||
; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
|
||||
; OPTOUT
|
||||
2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
|
||||
ENTRY_END
|
||||
|
||||
; refer to server one down
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg.
|
||||
; OPTOUT
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
|
||||
; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag.
|
||||
; OPTOUT
|
||||
2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
|
||||
ENTRY_END
|
||||
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD DO
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursion happens here.
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA AD DO NOERROR
|
||||
SECTION QUESTION
|
||||
ent.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA RRSIG DNSKEY
|
||||
b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78=
|
||||
2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag
|
||||
2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ=
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
@ -177,8 +177,11 @@ void alloc_set_id_cleanup(struct alloc_cache* alloc, void (*cleanup)(void*),
|
||||
void* arg);
|
||||
|
||||
#ifdef UNBOUND_ALLOC_LITE
|
||||
# include <ldns/ldns.h>
|
||||
# include <ldns/packet.h>
|
||||
# include <openssl/ssl.h>
|
||||
# ifdef HAVE_OPENSSL_SSL_H
|
||||
# include <openssl/ssl.h>
|
||||
# endif
|
||||
# define malloc(s) unbound_stat_malloc_lite(s, __FILE__, __LINE__, __func__)
|
||||
# define calloc(n,s) unbound_stat_calloc_lite(n, s, __FILE__, __LINE__, __func__)
|
||||
# define free(p) unbound_stat_free_lite(p, __FILE__, __LINE__, __func__)
|
||||
|
@ -53,6 +53,10 @@
|
||||
#include "util/regional.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#include "util/data/dname.h"
|
||||
#ifdef HAVE_GLOB_H
|
||||
# include <glob.h>
|
||||
#endif
|
||||
|
||||
/** global config during parsing */
|
||||
struct config_parser_state* cfg_parser = 0;
|
||||
/** lex in file */
|
||||
@ -286,7 +290,7 @@ struct config_file* config_create_forlib(void)
|
||||
{ return cfg_strlist_insert(&cfg->var, strdup(val)); }
|
||||
|
||||
int config_set_option(struct config_file* cfg, const char* opt,
|
||||
const char* val)
|
||||
const char* val)
|
||||
{
|
||||
S_NUMBER_OR_ZERO("verbosity:", verbosity)
|
||||
else if(strcmp(opt, "statistics-interval:") == 0) {
|
||||
@ -458,7 +462,7 @@ void config_collate_func(char* line, void* arg)
|
||||
}
|
||||
|
||||
int config_get_option_list(struct config_file* cfg, const char* opt,
|
||||
struct config_strlist** list)
|
||||
struct config_strlist** list)
|
||||
{
|
||||
struct config_collate_arg m;
|
||||
memset(&m, 0, sizeof(m));
|
||||
@ -687,8 +691,69 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
|
||||
{
|
||||
FILE *in;
|
||||
char *fname = (char*)filename;
|
||||
#ifdef HAVE_GLOB
|
||||
glob_t g;
|
||||
size_t i;
|
||||
int r, flags;
|
||||
#endif
|
||||
if(!fname)
|
||||
return 1;
|
||||
|
||||
/* check for wildcards */
|
||||
#ifdef HAVE_GLOB
|
||||
if(!(!strchr(fname, '*') && !strchr(fname, '?') && !strchr(fname, '[') &&
|
||||
!strchr(fname, '{') && !strchr(fname, '~'))) {
|
||||
verbose(VERB_QUERY, "wildcard found, processing %s", fname);
|
||||
flags = 0
|
||||
#ifdef GLOB_ERR
|
||||
| GLOB_ERR
|
||||
#endif
|
||||
#ifdef GLOB_NOSORT
|
||||
| GLOB_NOSORT
|
||||
#endif
|
||||
#ifdef GLOB_BRACE
|
||||
| GLOB_BRACE
|
||||
#endif
|
||||
#ifdef GLOB_TILDE
|
||||
| GLOB_TILDE
|
||||
#endif
|
||||
;
|
||||
memset(&g, 0, sizeof(g));
|
||||
r = glob(fname, flags, NULL, &g);
|
||||
if(r) {
|
||||
/* some error */
|
||||
globfree(&g);
|
||||
if(r == GLOB_NOMATCH) {
|
||||
verbose(VERB_QUERY, "include: "
|
||||
"no matches for %s", fname);
|
||||
return 1;
|
||||
} else if(r == GLOB_NOSPACE) {
|
||||
log_err("include: %s: "
|
||||
"fnametern out of memory", fname);
|
||||
} else if(r == GLOB_ABORTED) {
|
||||
log_err("wildcard include: %s: expansion "
|
||||
"aborted (%s)", fname, strerror(errno));
|
||||
} else {
|
||||
log_err("wildcard include: %s: expansion "
|
||||
"failed (%s)", fname, strerror(errno));
|
||||
}
|
||||
/* ignore globs that yield no files */
|
||||
return 1;
|
||||
}
|
||||
/* process files found, if any */
|
||||
for(i=0; i<(size_t)g.gl_pathc; i++) {
|
||||
if(!config_read(cfg, g.gl_pathv[i], chroot)) {
|
||||
log_err("error reading wildcard "
|
||||
"include: %s", g.gl_pathv[i]);
|
||||
globfree(&g);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
globfree(&g);
|
||||
return 1;
|
||||
}
|
||||
#endif /* HAVE_GLOB */
|
||||
|
||||
in = fopen(fname, "r");
|
||||
if(!in) {
|
||||
log_err("Could not open %s: %s", fname, strerror(errno));
|
||||
@ -1003,26 +1068,26 @@ cfg_convert_timeval(const char* str)
|
||||
int
|
||||
cfg_count_numbers(const char* s)
|
||||
{
|
||||
/* format ::= (sp num)+ sp */
|
||||
/* num ::= [-](0-9)+ */
|
||||
/* sp ::= (space|tab)* */
|
||||
int num = 0;
|
||||
while(*s) {
|
||||
while(*s && isspace((int)*s))
|
||||
s++;
|
||||
if(!*s) /* end of string */
|
||||
break;
|
||||
if(*s == '-')
|
||||
s++;
|
||||
if(!*s) /* only - not allowed */
|
||||
return 0;
|
||||
if(!isdigit((int)*s)) /* bad character */
|
||||
return 0;
|
||||
while(*s && isdigit((int)*s))
|
||||
s++;
|
||||
num++;
|
||||
}
|
||||
return num;
|
||||
/* format ::= (sp num)+ sp */
|
||||
/* num ::= [-](0-9)+ */
|
||||
/* sp ::= (space|tab)* */
|
||||
int num = 0;
|
||||
while(*s) {
|
||||
while(*s && isspace((int)*s))
|
||||
s++;
|
||||
if(!*s) /* end of string */
|
||||
break;
|
||||
if(*s == '-')
|
||||
s++;
|
||||
if(!*s) /* only - not allowed */
|
||||
return 0;
|
||||
if(!isdigit((int)*s)) /* bad character */
|
||||
return 0;
|
||||
while(*s && isdigit((int)*s))
|
||||
s++;
|
||||
num++;
|
||||
}
|
||||
return num;
|
||||
}
|
||||
|
||||
/** all digit number */
|
||||
@ -1038,9 +1103,9 @@ static int isalldigit(const char* str, size_t l)
|
||||
int
|
||||
cfg_parse_memsize(const char* str, size_t* res)
|
||||
{
|
||||
size_t len = (size_t)strlen(str);
|
||||
size_t len;
|
||||
size_t mult = 1;
|
||||
if(!str || len == 0) {
|
||||
if(!str || (len=(size_t)strlen(str)) == 0) {
|
||||
log_err("not a size: '%s'", str);
|
||||
return 0;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -11,6 +11,9 @@
|
||||
#include <ctype.h>
|
||||
#include <string.h>
|
||||
#include <strings.h>
|
||||
#ifdef HAVE_GLOB_H
|
||||
# include <glob.h>
|
||||
#endif
|
||||
|
||||
#include "util/config_file.h"
|
||||
#include "util/configparser.h"
|
||||
@ -43,6 +46,7 @@ static int config_include_stack_ptr = 0;
|
||||
static int inc_prev = 0;
|
||||
static int num_args = 0;
|
||||
|
||||
|
||||
static void config_start_include(const char* filename)
|
||||
{
|
||||
FILE *input;
|
||||
@ -74,6 +78,50 @@ static void config_start_include(const char* filename)
|
||||
++config_include_stack_ptr;
|
||||
}
|
||||
|
||||
static void config_start_include_glob(const char* filename)
|
||||
{
|
||||
|
||||
/* check for wildcards */
|
||||
#ifdef HAVE_GLOB
|
||||
glob_t g;
|
||||
size_t i;
|
||||
int r, flags;
|
||||
if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') &&
|
||||
!strchr(filename, '{') && !strchr(filename, '~'))) {
|
||||
flags = 0
|
||||
#ifdef GLOB_ERR
|
||||
| GLOB_ERR
|
||||
#endif
|
||||
#ifdef GLOB_NOSORT
|
||||
| GLOB_NOSORT
|
||||
#endif
|
||||
#ifdef GLOB_BRACE
|
||||
| GLOB_BRACE
|
||||
#endif
|
||||
#ifdef GLOB_TILDE
|
||||
| GLOB_TILDE
|
||||
#endif
|
||||
;
|
||||
memset(&g, 0, sizeof(g));
|
||||
r = glob(filename, flags, NULL, &g);
|
||||
if(r) {
|
||||
/* some error */
|
||||
globfree(&g);
|
||||
config_start_include(filename); /* let original deal with it */
|
||||
return;
|
||||
}
|
||||
/* process files found, if any */
|
||||
for(i=0; i<(size_t)g.gl_pathc; i++) {
|
||||
config_start_include(g.gl_pathv[i]);
|
||||
}
|
||||
globfree(&g);
|
||||
return;
|
||||
}
|
||||
#endif /* HAVE_GLOB */
|
||||
|
||||
config_start_include(filename);
|
||||
}
|
||||
|
||||
static void config_end_include(void)
|
||||
{
|
||||
--config_include_stack_ptr;
|
||||
@ -299,7 +347,7 @@ rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) }
|
||||
<include>\" { LEXOUT(("IQS ")); BEGIN(include_quoted); }
|
||||
<include>{UNQUOTEDLETTER}* {
|
||||
LEXOUT(("Iunquotedstr(%s) ", yytext));
|
||||
config_start_include(yytext);
|
||||
config_start_include_glob(yytext);
|
||||
BEGIN(inc_prev);
|
||||
}
|
||||
<include_quoted><<EOF>> {
|
||||
@ -312,7 +360,7 @@ rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) }
|
||||
<include_quoted>\" {
|
||||
LEXOUT(("IQE "));
|
||||
yytext[yyleng - 1] = '\0';
|
||||
config_start_include(yytext);
|
||||
config_start_include_glob(yytext);
|
||||
BEGIN(inc_prev);
|
||||
}
|
||||
<INITIAL,val><<EOF>> {
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,8 @@
|
||||
/* A Bison parser, made by GNU Bison 2.5. */
|
||||
/* A Bison parser, made by GNU Bison 2.6.1. */
|
||||
|
||||
/* Bison interface for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2011 Free Software Foundation, Inc.
|
||||
Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -30,6 +30,15 @@
|
||||
This special exception was added by the Free Software Foundation in
|
||||
version 2.2 of Bison. */
|
||||
|
||||
#ifndef YY_UTIL_CONFIGPARSER_H
|
||||
# define YY_UTIL_CONFIGPARSER_H
|
||||
/* Enabling traces. */
|
||||
#ifndef YYDEBUG
|
||||
# define YYDEBUG 0
|
||||
#endif
|
||||
#if YYDEBUG
|
||||
extern int yydebug;
|
||||
#endif
|
||||
|
||||
/* Tokens. */
|
||||
#ifndef YYTOKENTYPE
|
||||
@ -297,20 +306,17 @@
|
||||
|
||||
|
||||
|
||||
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
typedef union YYSTYPE
|
||||
{
|
||||
|
||||
/* Line 2068 of yacc.c */
|
||||
/* Line 2049 of yacc.c */
|
||||
#line 64 "util/configparser.y"
|
||||
|
||||
char* str;
|
||||
|
||||
|
||||
|
||||
/* Line 2068 of yacc.c */
|
||||
#line 314 "util/configparser.h"
|
||||
/* Line 2049 of yacc.c */
|
||||
#line 320 "util/configparser.h"
|
||||
} YYSTYPE;
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
@ -319,4 +325,18 @@ typedef union YYSTYPE
|
||||
|
||||
extern YYSTYPE yylval;
|
||||
|
||||
#ifdef YYPARSE_PARAM
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void *YYPARSE_PARAM);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#else /* ! YYPARSE_PARAM */
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#endif /* ! YYPARSE_PARAM */
|
||||
|
||||
#endif /* !YY_UTIL_CONFIGPARSER_H */
|
||||
|
@ -39,7 +39,6 @@
|
||||
#include "config.h"
|
||||
#include <ldns/ldns.h>
|
||||
#include "util/data/msgparse.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/data/dname.h"
|
||||
#include "util/data/packed_rrset.h"
|
||||
#include "util/storage/lookup3.h"
|
||||
@ -655,8 +654,10 @@ calc_size(ldns_buffer* pkt, uint16_t type, struct rr_parse* rr)
|
||||
len = 0;
|
||||
break;
|
||||
case LDNS_RDF_TYPE_STR:
|
||||
if(pkt_len < 1)
|
||||
if(pkt_len < 1) {
|
||||
/* NOTREACHED, due to 'while(>0)' */
|
||||
return 0; /* len byte exceeds rdata */
|
||||
}
|
||||
len = ldns_buffer_current(pkt)[0] + 1;
|
||||
break;
|
||||
default:
|
||||
|
@ -692,7 +692,7 @@
|
||||
1022,
|
||||
1025,
|
||||
1026,
|
||||
1028,
|
||||
1027,
|
||||
1029,
|
||||
1030,
|
||||
1031,
|
||||
@ -895,6 +895,7 @@
|
||||
1229,
|
||||
1230,
|
||||
1231,
|
||||
1232,
|
||||
1233,
|
||||
1234,
|
||||
1235,
|
||||
@ -3848,6 +3849,7 @@
|
||||
4425,
|
||||
4426,
|
||||
4430,
|
||||
4432,
|
||||
4441,
|
||||
4442,
|
||||
4443,
|
||||
@ -3870,6 +3872,7 @@
|
||||
4486,
|
||||
4488,
|
||||
4500,
|
||||
4534,
|
||||
4535,
|
||||
4536,
|
||||
4537,
|
||||
@ -3957,6 +3960,7 @@
|
||||
4743,
|
||||
4744,
|
||||
4745,
|
||||
4747,
|
||||
4749,
|
||||
4750,
|
||||
4751,
|
||||
@ -4053,6 +4057,7 @@
|
||||
5050,
|
||||
5051,
|
||||
5052,
|
||||
5053,
|
||||
5055,
|
||||
5056,
|
||||
5057,
|
||||
@ -4232,6 +4237,7 @@
|
||||
5556,
|
||||
5567,
|
||||
5568,
|
||||
5569,
|
||||
5573,
|
||||
5580,
|
||||
5581,
|
||||
@ -4256,6 +4262,7 @@
|
||||
5632,
|
||||
5633,
|
||||
5634,
|
||||
5670,
|
||||
5671,
|
||||
5672,
|
||||
5673,
|
||||
@ -4350,6 +4357,7 @@
|
||||
6085,
|
||||
6086,
|
||||
6087,
|
||||
6088,
|
||||
6100,
|
||||
6101,
|
||||
6102,
|
||||
@ -4363,6 +4371,7 @@
|
||||
6110,
|
||||
6111,
|
||||
6112,
|
||||
6118,
|
||||
6122,
|
||||
6123,
|
||||
6124,
|
||||
@ -4382,6 +4391,7 @@
|
||||
6162,
|
||||
6163,
|
||||
6200,
|
||||
6201,
|
||||
6222,
|
||||
6241,
|
||||
6242,
|
||||
@ -4397,6 +4407,7 @@
|
||||
6306,
|
||||
6315,
|
||||
6316,
|
||||
6317,
|
||||
6320,
|
||||
6321,
|
||||
6322,
|
||||
@ -4441,6 +4452,7 @@
|
||||
6508,
|
||||
6509,
|
||||
6510,
|
||||
6511,
|
||||
6514,
|
||||
6515,
|
||||
6543,
|
||||
@ -4466,6 +4478,7 @@
|
||||
6626,
|
||||
6627,
|
||||
6628,
|
||||
6633,
|
||||
6657,
|
||||
6670,
|
||||
6671,
|
||||
@ -4485,6 +4498,7 @@
|
||||
6769,
|
||||
6770,
|
||||
6771,
|
||||
6784,
|
||||
6785,
|
||||
6786,
|
||||
6787,
|
||||
@ -4541,6 +4555,7 @@
|
||||
7070,
|
||||
7071,
|
||||
7080,
|
||||
7095,
|
||||
7099,
|
||||
7100,
|
||||
7101,
|
||||
@ -4651,6 +4666,7 @@
|
||||
7799,
|
||||
7800,
|
||||
7801,
|
||||
7802,
|
||||
7810,
|
||||
7845,
|
||||
7846,
|
||||
@ -4694,6 +4710,7 @@
|
||||
8057,
|
||||
8058,
|
||||
8059,
|
||||
8060,
|
||||
8074,
|
||||
8080,
|
||||
8081,
|
||||
@ -4758,6 +4775,7 @@
|
||||
8442,
|
||||
8443,
|
||||
8444,
|
||||
8445,
|
||||
8450,
|
||||
8472,
|
||||
8473,
|
||||
@ -4768,6 +4786,7 @@
|
||||
8555,
|
||||
8567,
|
||||
8600,
|
||||
8609,
|
||||
8610,
|
||||
8611,
|
||||
8612,
|
||||
@ -4781,6 +4800,7 @@
|
||||
8763,
|
||||
8764,
|
||||
8765,
|
||||
8766,
|
||||
8770,
|
||||
8786,
|
||||
8787,
|
||||
@ -4866,6 +4886,7 @@
|
||||
9217,
|
||||
9222,
|
||||
9255,
|
||||
9277,
|
||||
9278,
|
||||
9279,
|
||||
9280,
|
||||
@ -4929,7 +4950,7 @@
|
||||
9801,
|
||||
9802,
|
||||
9875,
|
||||
9876,
|
||||
9878,
|
||||
9888,
|
||||
9889,
|
||||
9898,
|
||||
@ -5000,6 +5021,7 @@
|
||||
10805,
|
||||
10810,
|
||||
10860,
|
||||
10880,
|
||||
10990,
|
||||
11000,
|
||||
11001,
|
||||
@ -5023,6 +5045,7 @@
|
||||
11600,
|
||||
11720,
|
||||
11751,
|
||||
11796,
|
||||
11876,
|
||||
11877,
|
||||
11967,
|
||||
@ -5067,9 +5090,11 @@
|
||||
13820,
|
||||
13821,
|
||||
13822,
|
||||
13894,
|
||||
13929,
|
||||
14000,
|
||||
14001,
|
||||
14002,
|
||||
14033,
|
||||
14034,
|
||||
14141,
|
||||
@ -5147,6 +5172,7 @@
|
||||
19539,
|
||||
19540,
|
||||
19541,
|
||||
19788,
|
||||
19999,
|
||||
20000,
|
||||
20001,
|
||||
@ -5210,6 +5236,7 @@
|
||||
24242,
|
||||
24249,
|
||||
24321,
|
||||
24322,
|
||||
24386,
|
||||
24465,
|
||||
24554,
|
||||
@ -5217,6 +5244,7 @@
|
||||
24677,
|
||||
24678,
|
||||
24680,
|
||||
24850,
|
||||
24922,
|
||||
25000,
|
||||
25001,
|
||||
@ -5233,6 +5261,8 @@
|
||||
25901,
|
||||
25902,
|
||||
25903,
|
||||
25954,
|
||||
25955,
|
||||
26000,
|
||||
26133,
|
||||
26208,
|
||||
@ -5250,6 +5280,7 @@
|
||||
27999,
|
||||
28000,
|
||||
28119,
|
||||
28200,
|
||||
28240,
|
||||
29167,
|
||||
30001,
|
||||
@ -5313,19 +5344,21 @@
|
||||
42508,
|
||||
42509,
|
||||
42510,
|
||||
43000,
|
||||
43188,
|
||||
43189,
|
||||
43190,
|
||||
43210,
|
||||
43439,
|
||||
43440,
|
||||
43441,
|
||||
44321,
|
||||
44322,
|
||||
44323,
|
||||
44544,
|
||||
44553,
|
||||
44600,
|
||||
44818,
|
||||
44900,
|
||||
45000,
|
||||
45054,
|
||||
45678,
|
||||
@ -5333,6 +5366,7 @@
|
||||
45966,
|
||||
46999,
|
||||
47000,
|
||||
47100,
|
||||
47557,
|
||||
47624,
|
||||
47806,
|
||||
|
@ -171,6 +171,8 @@ log_vmsg(int pri, const char* type,
|
||||
#if defined(HAVE_STRFTIME) && defined(HAVE_LOCALTIME_R)
|
||||
char tmbuf[32];
|
||||
struct tm tm;
|
||||
#elif defined(UB_ON_WINDOWS)
|
||||
char tmbuf[128], dtbuf[128];
|
||||
#endif
|
||||
(void)pri;
|
||||
vsnprintf(message, sizeof(message), format, args);
|
||||
@ -218,6 +220,13 @@ log_vmsg(int pri, const char* type,
|
||||
fprintf(logfile, "%s %s[%d:%x] %s: %s\n", tmbuf,
|
||||
ident, (int)getpid(), tid?*tid:0, type, message);
|
||||
} else
|
||||
#elif defined(UB_ON_WINDOWS)
|
||||
if(log_time_asc && GetTimeFormat(LOCALE_USER_DEFAULT, 0, NULL, NULL,
|
||||
tmbuf, sizeof(tmbuf)) && GetDateFormat(LOCALE_USER_DEFAULT, 0,
|
||||
NULL, NULL, dtbuf, sizeof(dtbuf))) {
|
||||
fprintf(logfile, "%s %s %s[%d:%x] %s: %s\n", dtbuf, tmbuf,
|
||||
ident, (int)getpid(), tid?*tid:0, type, message);
|
||||
} else
|
||||
#endif
|
||||
fprintf(logfile, "[%u] %s[%d:%x] %s: %s\n", (unsigned)now,
|
||||
ident, (int)getpid(), tid?*tid:0, type, message);
|
||||
|
@ -45,8 +45,12 @@
|
||||
#include "util/module.h"
|
||||
#include "util/regional.h"
|
||||
#include <fcntl.h>
|
||||
#ifdef HAVE_OPENSSL_SSL_H
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_ERR_H
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
|
||||
/** max length of an IP address (the address portion) that we allow */
|
||||
#define MAX_ADDR_STRLEN 128 /* characters */
|
||||
@ -565,6 +569,7 @@ void sock_list_merge(struct sock_list** list, struct regional* region,
|
||||
void
|
||||
log_crypto_err(const char* str)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
/* error:[error code]:[library name]:[function name]:[reason string] */
|
||||
char buf[128];
|
||||
unsigned long e;
|
||||
@ -574,10 +579,14 @@ log_crypto_err(const char* str)
|
||||
ERR_error_string_n(e, buf, sizeof(buf));
|
||||
log_err("and additionally crypto %s", buf);
|
||||
}
|
||||
#else
|
||||
(void)str;
|
||||
#endif /* HAVE_SSL */
|
||||
}
|
||||
|
||||
void* listen_sslctx_create(char* key, char* pem, char* verifypem)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
if(!ctx) {
|
||||
log_crypto_err("could not SSL_CTX_new");
|
||||
@ -619,10 +628,15 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
}
|
||||
return ctx;
|
||||
#else
|
||||
(void)key; (void)pem; (void)verifypem;
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
void* connect_sslctx_create(char* key, char* pem, char* verifypem)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
SSL_CTX* ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
if(!ctx) {
|
||||
log_crypto_err("could not allocate SSL_CTX pointer");
|
||||
@ -662,10 +676,15 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem)
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
}
|
||||
return ctx;
|
||||
#else
|
||||
(void)key; (void)pem; (void)verifypem;
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
void* incoming_ssl_fd(void* sslctx, int fd)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
SSL* ssl = SSL_new((SSL_CTX*)sslctx);
|
||||
if(!ssl) {
|
||||
log_crypto_err("could not SSL_new");
|
||||
@ -679,10 +698,15 @@ void* incoming_ssl_fd(void* sslctx, int fd)
|
||||
return NULL;
|
||||
}
|
||||
return ssl;
|
||||
#else
|
||||
(void)sslctx; (void)fd;
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
void* outgoing_ssl_fd(void* sslctx, int fd)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
SSL* ssl = SSL_new((SSL_CTX*)sslctx);
|
||||
if(!ssl) {
|
||||
log_crypto_err("could not SSL_new");
|
||||
@ -696,4 +720,64 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
|
||||
return NULL;
|
||||
}
|
||||
return ssl;
|
||||
#else
|
||||
(void)sslctx; (void)fd;
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
|
||||
/** global lock list for openssl locks */
|
||||
static lock_basic_t *ub_openssl_locks = NULL;
|
||||
|
||||
/** callback that gets thread id for openssl */
|
||||
static unsigned long
|
||||
ub_crypto_id_cb(void)
|
||||
{
|
||||
return (unsigned long)ub_thread_self();
|
||||
}
|
||||
|
||||
static void
|
||||
ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file),
|
||||
int ATTR_UNUSED(line))
|
||||
{
|
||||
if((mode&CRYPTO_LOCK)) {
|
||||
lock_basic_lock(&ub_openssl_locks[type]);
|
||||
} else {
|
||||
lock_basic_unlock(&ub_openssl_locks[type]);
|
||||
}
|
||||
}
|
||||
#endif /* OPENSSL_THREADS */
|
||||
|
||||
int ub_openssl_lock_init(void)
|
||||
{
|
||||
#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
|
||||
int i;
|
||||
ub_openssl_locks = (lock_basic_t*)malloc(
|
||||
sizeof(lock_basic_t)*CRYPTO_num_locks());
|
||||
if(!ub_openssl_locks)
|
||||
return 0;
|
||||
for(i=0; i<CRYPTO_num_locks(); i++) {
|
||||
lock_basic_init(&ub_openssl_locks[i]);
|
||||
}
|
||||
CRYPTO_set_id_callback(&ub_crypto_id_cb);
|
||||
CRYPTO_set_locking_callback(&ub_crypto_lock_cb);
|
||||
#endif /* OPENSSL_THREADS */
|
||||
return 1;
|
||||
}
|
||||
|
||||
void ub_openssl_lock_delete(void)
|
||||
{
|
||||
#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
|
||||
int i;
|
||||
if(!ub_openssl_locks)
|
||||
return;
|
||||
CRYPTO_set_id_callback(NULL);
|
||||
CRYPTO_set_locking_callback(NULL);
|
||||
for(i=0; i<CRYPTO_num_locks(); i++) {
|
||||
lock_basic_destroy(&ub_openssl_locks[i]);
|
||||
}
|
||||
free(ub_openssl_locks);
|
||||
#endif /* OPENSSL_THREADS */
|
||||
}
|
||||
|
||||
|
@ -369,4 +369,15 @@ void* incoming_ssl_fd(void* sslctx, int fd);
|
||||
*/
|
||||
void* outgoing_ssl_fd(void* sslctx, int fd);
|
||||
|
||||
/**
|
||||
* Initialize openssl locking for thread safety
|
||||
* @return false on failure (alloc failure).
|
||||
*/
|
||||
int ub_openssl_lock_init(void);
|
||||
|
||||
/**
|
||||
* De-init the allocated openssl locks
|
||||
*/
|
||||
void ub_openssl_lock_delete(void);
|
||||
|
||||
#endif /* NET_HELP_H */
|
||||
|
@ -44,8 +44,12 @@
|
||||
#include "util/log.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/fptr_wlist.h"
|
||||
#ifdef HAVE_OPENSSL_SSL_H
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_ERR_H
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
|
||||
/* -------- Start of local definitions -------- */
|
||||
/** if CMSG_ALIGN is not defined on this platform, a workaround */
|
||||
@ -91,7 +95,13 @@
|
||||
# endif /* USE_WINSOCK */
|
||||
#else /* USE_MINI_EVENT */
|
||||
/* we use libevent */
|
||||
# include <event.h>
|
||||
# ifdef HAVE_EVENT_H
|
||||
# include <event.h>
|
||||
# else
|
||||
# include "event2/event.h"
|
||||
# include "event2/event_struct.h"
|
||||
# include "event2/event_compat.h"
|
||||
# endif
|
||||
#endif /* USE_MINI_EVENT */
|
||||
|
||||
/**
|
||||
@ -846,9 +856,11 @@ reclaim_tcp_handler(struct comm_point* c)
|
||||
{
|
||||
log_assert(c->type == comm_tcp);
|
||||
if(c->ssl) {
|
||||
#ifdef HAVE_SSL
|
||||
SSL_shutdown(c->ssl);
|
||||
SSL_free(c->ssl);
|
||||
c->ssl = NULL;
|
||||
#endif
|
||||
}
|
||||
comm_point_close(c);
|
||||
if(c->tcp_parent) {
|
||||
@ -893,6 +905,7 @@ tcp_callback_reader(struct comm_point* c)
|
||||
}
|
||||
|
||||
/** continue ssl handshake */
|
||||
#ifdef HAVE_SSL
|
||||
static int
|
||||
ssl_handshake(struct comm_point* c)
|
||||
{
|
||||
@ -955,11 +968,13 @@ ssl_handshake(struct comm_point* c)
|
||||
c->ssl_shake_state = comm_ssl_shake_none;
|
||||
return 1;
|
||||
}
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
/** ssl read callback on TCP */
|
||||
static int
|
||||
ssl_handle_read(struct comm_point* c)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
int r;
|
||||
if(c->ssl_shake_state != comm_ssl_shake_none) {
|
||||
if(!ssl_handshake(c))
|
||||
@ -1036,12 +1051,17 @@ ssl_handle_read(struct comm_point* c)
|
||||
tcp_callback_reader(c);
|
||||
}
|
||||
return 1;
|
||||
#else
|
||||
(void)c;
|
||||
return 0;
|
||||
#endif /* HAVE_SSL */
|
||||
}
|
||||
|
||||
/** ssl write callback on TCP */
|
||||
static int
|
||||
ssl_handle_write(struct comm_point* c)
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
int r;
|
||||
if(c->ssl_shake_state != comm_ssl_shake_none) {
|
||||
if(!ssl_handshake(c))
|
||||
@ -1115,6 +1135,10 @@ ssl_handle_write(struct comm_point* c)
|
||||
tcp_callback_writer(c);
|
||||
}
|
||||
return 1;
|
||||
#else
|
||||
(void)c;
|
||||
return 0;
|
||||
#endif /* HAVE_SSL */
|
||||
}
|
||||
|
||||
/** handle ssl tcp connection with dns contents */
|
||||
@ -1844,8 +1868,10 @@ comm_point_delete(struct comm_point* c)
|
||||
if(!c)
|
||||
return;
|
||||
if(c->type == comm_tcp && c->ssl) {
|
||||
#ifdef HAVE_SSL
|
||||
SSL_shutdown(c->ssl);
|
||||
SSL_free(c->ssl);
|
||||
#endif
|
||||
}
|
||||
comm_point_close(c);
|
||||
if(c->tcp_handlers) {
|
||||
|
@ -60,10 +60,25 @@
|
||||
#include "config.h"
|
||||
#include "util/random.h"
|
||||
#include "util/log.h"
|
||||
#ifdef HAVE_SSL
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rc4.h>
|
||||
#include <openssl/err.h>
|
||||
#elif defined(HAVE_NSS)
|
||||
/* nspr4 */
|
||||
#include "prerror.h"
|
||||
/* nss3 */
|
||||
#include "secport.h"
|
||||
#include "pk11pub.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Max random value. Similar to RAND_MAX, but more portable
|
||||
* (mingw uses only 15 bits random).
|
||||
*/
|
||||
#define MAX_VALUE 0x7fffffff
|
||||
|
||||
#ifdef HAVE_SSL
|
||||
/**
|
||||
* Struct with per-thread random state.
|
||||
* Keeps SSL types away from the header file.
|
||||
@ -78,12 +93,6 @@ struct ub_randstate {
|
||||
/** Size of key to use (must be multiple of 8) */
|
||||
#define SEED_SIZE 24
|
||||
|
||||
/**
|
||||
* Max random value. Similar to RAND_MAX, but more portable
|
||||
* (mingw uses only 15 bits random).
|
||||
*/
|
||||
#define MAX_VALUE 0x7fffffff
|
||||
|
||||
/** Number of bytes to reseed after */
|
||||
#define REKEY_BYTES (1 << 24)
|
||||
|
||||
@ -140,6 +149,16 @@ ub_arc4random_stir(struct ub_randstate* s, struct ub_randstate* from)
|
||||
return;
|
||||
}
|
||||
}
|
||||
#ifdef HAVE_FIPS_MODE
|
||||
if(FIPS_mode()) {
|
||||
/* RC4 is not allowed, get some trustworthy randomness */
|
||||
/* double certainty here, this routine should not be
|
||||
* called in FIPS_mode */
|
||||
memset(rand_buf, 0, sizeof(rand_buf));
|
||||
s->rc4_ready = REKEY_BYTES;
|
||||
return;
|
||||
}
|
||||
#endif /* FIPS_MODE */
|
||||
RC4_set_key(&s->rc4, SEED_SIZE, (unsigned char*)rand_buf);
|
||||
|
||||
/*
|
||||
@ -164,6 +183,9 @@ ub_initstate(unsigned int seed, struct ub_randstate* from)
|
||||
return NULL;
|
||||
}
|
||||
ub_systemseed(seed);
|
||||
#ifdef HAVE_FIPS_MODE
|
||||
if(!FIPS_mode())
|
||||
#endif
|
||||
ub_arc4random_stir(s, from);
|
||||
return s;
|
||||
}
|
||||
@ -172,6 +194,20 @@ long int
|
||||
ub_random(struct ub_randstate* s)
|
||||
{
|
||||
unsigned int r = 0;
|
||||
#ifdef HAVE_FIPS_MODE
|
||||
if(FIPS_mode()) {
|
||||
/* RC4 is not allowed, get some trustworthy randomness */
|
||||
/* we use pseudo bytes: it tries to return secure randomness
|
||||
* but returns 'something' if that fails. We need something
|
||||
* else if it fails, because we cannot block here */
|
||||
if(RAND_pseudo_bytes((unsigned char*)&r, (int)sizeof(r))
|
||||
== -1) {
|
||||
log_err("FIPSmode, no arc4random but RAND failed "
|
||||
"(error %ld)", ERR_get_error());
|
||||
}
|
||||
return (long int)((r) % (((unsigned)MAX_VALUE + 1)));
|
||||
}
|
||||
#endif /* FIPS_MODE */
|
||||
if (s->rc4_ready <= 0) {
|
||||
ub_arc4random_stir(s, NULL);
|
||||
}
|
||||
@ -182,6 +218,42 @@ ub_random(struct ub_randstate* s)
|
||||
return (long int)((r) % (((unsigned)MAX_VALUE + 1)));
|
||||
}
|
||||
|
||||
#elif defined(HAVE_NSS)
|
||||
|
||||
/* not much to remember for NSS since we use its pk11_random, placeholder */
|
||||
struct ub_randstate {
|
||||
int ready;
|
||||
};
|
||||
|
||||
void ub_systemseed(unsigned int ATTR_UNUSED(seed))
|
||||
{
|
||||
}
|
||||
|
||||
struct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed),
|
||||
struct ub_randstate* ATTR_UNUSED(from))
|
||||
{
|
||||
struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s));
|
||||
if(!s) {
|
||||
log_err("malloc failure in random init");
|
||||
return NULL;
|
||||
}
|
||||
return s;
|
||||
}
|
||||
|
||||
long int ub_random(struct ub_randstate* ATTR_UNUSED(state))
|
||||
{
|
||||
long int x;
|
||||
/* random 31 bit value. */
|
||||
SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x));
|
||||
if(s != SECSuccess) {
|
||||
log_err("PK11_GenerateRandom error: %s",
|
||||
PORT_ErrorToString(PORT_GetError()));
|
||||
}
|
||||
return x & MAX_VALUE;
|
||||
}
|
||||
|
||||
#endif /* HAVE_SSL or HAVE_NSS */
|
||||
|
||||
long int
|
||||
ub_random_max(struct ub_randstate* state, long int x)
|
||||
{
|
||||
|
@ -41,7 +41,6 @@
|
||||
*/
|
||||
#include "config.h"
|
||||
#include "util/rtt.h"
|
||||
#include "util/log.h"
|
||||
|
||||
/** calculate RTO from rtt information */
|
||||
static int
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
February 2013(Wouter) patch defines for BSD endianness, from Brad Smith.
|
||||
January 2012(Wouter) added randomised initial value, fallout from 28c3.
|
||||
March 2007(Wouter) adapted from lookup3.c original, add config.h include.
|
||||
added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
|
||||
@ -52,6 +53,12 @@ on 1 byte), but shoehorning those bytes into integers efficiently is messy.
|
||||
#ifdef linux
|
||||
# include <endian.h> /* attempt to define endianness */
|
||||
#endif
|
||||
#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
|
||||
#include <sys/endian.h> /* attempt to define endianness */
|
||||
#endif
|
||||
#ifdef __OpenBSD__
|
||||
#include <machine/endian.h> /* attempt to define endianness */
|
||||
#endif
|
||||
|
||||
/* random initial value */
|
||||
static uint32_t raninit = 0xdeadbeef;
|
||||
@ -68,12 +75,19 @@ hash_set_raninit(uint32_t v)
|
||||
*/
|
||||
#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
|
||||
__BYTE_ORDER == __LITTLE_ENDIAN) || \
|
||||
(defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && \
|
||||
_BYTE_ORDER == _LITTLE_ENDIAN) || \
|
||||
(defined(i386) || defined(__i386__) || defined(__i486__) || \
|
||||
defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL))
|
||||
# define HASH_LITTLE_ENDIAN 1
|
||||
# define HASH_BIG_ENDIAN 0
|
||||
#elif (!defined(_BYTE_ORDER) && !defined(__BYTE_ORDER) && defined(_BIG_ENDIAN))
|
||||
# define HASH_LITTLE_ENDIAN 0
|
||||
# define HASH_BIG_ENDIAN 1
|
||||
#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
|
||||
__BYTE_ORDER == __BIG_ENDIAN) || \
|
||||
(defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && \
|
||||
_BYTE_ORDER == _BIG_ENDIAN) || \
|
||||
(defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel))
|
||||
# define HASH_LITTLE_ENDIAN 0
|
||||
# define HASH_BIG_ENDIAN 1
|
||||
|
@ -360,6 +360,7 @@ int tube_read_msg(struct tube* tube, uint8_t** buf, uint32_t* len,
|
||||
}
|
||||
d += r;
|
||||
}
|
||||
log_assert(*len < 65536*2);
|
||||
*buf = (uint8_t*)malloc(*len);
|
||||
if(!*buf) {
|
||||
log_err("tube read out of memory");
|
||||
|
@ -466,7 +466,7 @@ add_trustanchor_frm_str(struct val_anchors* anchors, char* str,
|
||||
* @param anchors: all points.
|
||||
* @param str: comments line
|
||||
* @param fname: filename
|
||||
* @param origin: $ORIGIN.
|
||||
* @param origin: the $ORIGIN.
|
||||
* @param prev: passed to ldns.
|
||||
* @param skip: if true, the result is NULL, but not an error, skip it.
|
||||
* @return false on failure, otherwise the tp read.
|
||||
@ -1851,6 +1851,7 @@ static void
|
||||
autr_tp_remove(struct module_env* env, struct trust_anchor* tp,
|
||||
struct ub_packed_rrset_key* dnskey_rrset)
|
||||
{
|
||||
struct trust_anchor* del_tp;
|
||||
struct trust_anchor key;
|
||||
struct autr_point_data pd;
|
||||
time_t mold, mnew;
|
||||
@ -1876,19 +1877,24 @@ autr_tp_remove(struct module_env* env, struct trust_anchor* tp,
|
||||
|
||||
/* take from tree. It could be deleted by someone else,hence (void). */
|
||||
lock_basic_lock(&env->anchors->lock);
|
||||
(void)rbtree_delete(env->anchors->tree, &key);
|
||||
del_tp = (struct trust_anchor*)rbtree_delete(env->anchors->tree, &key);
|
||||
mold = wait_probe_time(env->anchors);
|
||||
(void)rbtree_delete(&env->anchors->autr->probe, &key);
|
||||
mnew = wait_probe_time(env->anchors);
|
||||
anchors_init_parents_locked(env->anchors);
|
||||
lock_basic_unlock(&env->anchors->lock);
|
||||
|
||||
/* save on disk */
|
||||
tp->autr->next_probe_time = 0; /* no more probing for it */
|
||||
autr_write_file(env, tp);
|
||||
/* if !del_tp then the trust point is no longer present in the tree,
|
||||
* it was deleted by someone else, who will write the zonefile and
|
||||
* clean up the structure */
|
||||
if(del_tp) {
|
||||
/* save on disk */
|
||||
del_tp->autr->next_probe_time = 0; /* no more probing for it */
|
||||
autr_write_file(env, del_tp);
|
||||
|
||||
/* delete */
|
||||
autr_point_delete(tp);
|
||||
/* delete */
|
||||
autr_point_delete(del_tp);
|
||||
}
|
||||
if(mold != mnew) {
|
||||
reset_worker_timer(env);
|
||||
}
|
||||
|
@ -836,7 +836,8 @@ anchor_read_bind_file_wild(struct val_anchors* anchors, ldns_buffer* buffer,
|
||||
log_err("wildcard trusted-keys-file %s: expansion "
|
||||
"failed (%s)", pat, strerror(errno));
|
||||
}
|
||||
return 0;
|
||||
/* ignore globs that yield no files */
|
||||
return 1;
|
||||
}
|
||||
/* process files found, if any */
|
||||
for(i=0; i<(size_t)g.gl_pathc; i++) {
|
||||
@ -1246,6 +1247,7 @@ anchors_delete_insecure(struct val_anchors* anchors, uint16_t c,
|
||||
lock_basic_lock(&ta->lock);
|
||||
/* see if its really an insecure point */
|
||||
if(ta->keylist || ta->autr || ta->numDS || ta->numDNSKEY) {
|
||||
lock_basic_unlock(&anchors->lock);
|
||||
lock_basic_unlock(&ta->lock);
|
||||
/* its not an insecure point, do not remove it */
|
||||
return;
|
||||
|
@ -44,6 +44,9 @@
|
||||
#include "config.h"
|
||||
#ifdef HAVE_OPENSSL_SSL_H
|
||||
#include "openssl/ssl.h"
|
||||
#define NSEC3_SHA_LEN SHA_DIGEST_LENGTH
|
||||
#else
|
||||
#define NSEC3_SHA_LEN 20
|
||||
#endif
|
||||
#include "validator/val_neg.h"
|
||||
#include "validator/val_nsec.h"
|
||||
@ -1174,7 +1177,7 @@ neg_find_nsec3_ce(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
|
||||
int qlabs, ldns_buffer* buf, uint8_t* hashnc, size_t* nclen)
|
||||
{
|
||||
struct val_neg_data* data;
|
||||
uint8_t hashce[SHA_DIGEST_LENGTH];
|
||||
uint8_t hashce[NSEC3_SHA_LEN];
|
||||
uint8_t b32[257];
|
||||
size_t celen, b32len;
|
||||
|
||||
@ -1259,7 +1262,7 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
|
||||
{
|
||||
struct dns_msg* msg;
|
||||
struct val_neg_data* data;
|
||||
uint8_t hashnc[SHA_DIGEST_LENGTH];
|
||||
uint8_t hashnc[NSEC3_SHA_LEN];
|
||||
size_t nclen;
|
||||
struct ub_packed_rrset_key* ce_rrset, *nc_rrset;
|
||||
struct nsec3_cached_hash c;
|
||||
|
@ -45,6 +45,10 @@
|
||||
#ifdef HAVE_OPENSSL_SSL_H
|
||||
#include "openssl/ssl.h"
|
||||
#endif
|
||||
#ifdef HAVE_NSS
|
||||
/* nss3 */
|
||||
#include "sechash.h"
|
||||
#endif
|
||||
#include "validator/val_nsec3.h"
|
||||
#include "validator/validator.h"
|
||||
#include "validator/val_kentry.h"
|
||||
@ -541,26 +545,43 @@ nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
|
||||
ldns_buffer_write(buf, salt, saltlen);
|
||||
ldns_buffer_flip(buf);
|
||||
switch(algo) {
|
||||
#ifdef HAVE_EVP_SHA1
|
||||
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
|
||||
case NSEC3_HASH_SHA1:
|
||||
#ifdef HAVE_SSL
|
||||
hash_len = SHA_DIGEST_LENGTH;
|
||||
#else
|
||||
hash_len = SHA1_LENGTH;
|
||||
#endif
|
||||
if(hash_len > max)
|
||||
return 0;
|
||||
# ifdef HAVE_SSL
|
||||
(void)SHA1((unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf),
|
||||
(unsigned char*)res);
|
||||
# else
|
||||
(void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
|
||||
(unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf));
|
||||
# endif
|
||||
for(i=0; i<iter; i++) {
|
||||
ldns_buffer_clear(buf);
|
||||
ldns_buffer_write(buf, res, hash_len);
|
||||
ldns_buffer_write(buf, salt, saltlen);
|
||||
ldns_buffer_flip(buf);
|
||||
# ifdef HAVE_SSL
|
||||
(void)SHA1(
|
||||
(unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf),
|
||||
(unsigned char*)res);
|
||||
# else
|
||||
(void)HASH_HashBuf(HASH_AlgSHA1,
|
||||
(unsigned char*)res,
|
||||
(unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf));
|
||||
# endif
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_EVP_SHA1 */
|
||||
#endif /* HAVE_EVP_SHA1 or NSS */
|
||||
default:
|
||||
log_err("nsec3 hash of unknown algo %d", algo);
|
||||
return 0;
|
||||
@ -586,28 +607,46 @@ nsec3_calc_hash(struct regional* region, ldns_buffer* buf,
|
||||
ldns_buffer_write(buf, salt, saltlen);
|
||||
ldns_buffer_flip(buf);
|
||||
switch(algo) {
|
||||
#ifdef HAVE_EVP_SHA1
|
||||
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
|
||||
case NSEC3_HASH_SHA1:
|
||||
#ifdef HAVE_SSL
|
||||
c->hash_len = SHA_DIGEST_LENGTH;
|
||||
#else
|
||||
c->hash_len = SHA1_LENGTH;
|
||||
#endif
|
||||
c->hash = (uint8_t*)regional_alloc(region,
|
||||
c->hash_len);
|
||||
if(!c->hash)
|
||||
return 0;
|
||||
# ifdef HAVE_SSL
|
||||
(void)SHA1((unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf),
|
||||
(unsigned char*)c->hash);
|
||||
# else
|
||||
(void)HASH_HashBuf(HASH_AlgSHA1,
|
||||
(unsigned char*)c->hash,
|
||||
(unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf));
|
||||
# endif
|
||||
for(i=0; i<iter; i++) {
|
||||
ldns_buffer_clear(buf);
|
||||
ldns_buffer_write(buf, c->hash, c->hash_len);
|
||||
ldns_buffer_write(buf, salt, saltlen);
|
||||
ldns_buffer_flip(buf);
|
||||
# ifdef HAVE_SSL
|
||||
(void)SHA1(
|
||||
(unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf),
|
||||
(unsigned char*)c->hash);
|
||||
# else
|
||||
(void)HASH_HashBuf(HASH_AlgSHA1,
|
||||
(unsigned char*)c->hash,
|
||||
(unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned long)ldns_buffer_limit(buf));
|
||||
# endif
|
||||
}
|
||||
break;
|
||||
#endif /* HAVE_EVP_SHA1 */
|
||||
#endif /* HAVE_EVP_SHA1 or NSS */
|
||||
default:
|
||||
log_err("nsec3 hash of unknown algo %d", algo);
|
||||
return -1;
|
||||
@ -1133,8 +1172,8 @@ nsec3_do_prove_nodata(struct module_env* env, struct nsec3_filter* flt,
|
||||
* If not type DS: matching nsec3 must not be a delegation.
|
||||
*/
|
||||
if(qinfo->qtype == LDNS_RR_TYPE_DS && qinfo->qname_len != 1
|
||||
&& nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA &&
|
||||
!dname_is_root(qinfo->qname))) {
|
||||
&& nsec3_has_type(rrset, rr, LDNS_RR_TYPE_SOA) &&
|
||||
!dname_is_root(qinfo->qname)) {
|
||||
verbose(VERB_ALGO, "proveNodata: apex NSEC3 "
|
||||
"abused for no DS proof, bogus");
|
||||
return sec_status_bogus;
|
||||
|
1070
validator/val_secalgo.c
Normal file
1070
validator/val_secalgo.c
Normal file
File diff suppressed because it is too large
Load Diff
83
validator/val_secalgo.h
Normal file
83
validator/val_secalgo.h
Normal file
@ -0,0 +1,83 @@
|
||||
/*
|
||||
* validator/val_secalgo.h - validator security algorithm functions.
|
||||
*
|
||||
* Copyright (c) 2012, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This file contains helper functions for the validator module.
|
||||
* The functions take buffers with raw data and convert to library calls.
|
||||
*/
|
||||
|
||||
#ifndef VALIDATOR_VAL_SECALGO_H
|
||||
#define VALIDATOR_VAL_SECALGO_H
|
||||
|
||||
/**
|
||||
* Return size of DS digest according to its hash algorithm.
|
||||
* @param algo: DS digest algo.
|
||||
* @return size in bytes of digest, or 0 if not supported.
|
||||
*/
|
||||
size_t ds_digest_size_supported(int algo);
|
||||
|
||||
/**
|
||||
* @param algo: the DS digest algo
|
||||
* @param buf: the buffer to digest
|
||||
* @param len: length of buffer to digest.
|
||||
* @param res: result stored here (must have sufficient space).
|
||||
* @return false on failure.
|
||||
*/
|
||||
int secalgo_ds_digest(int algo, unsigned char* buf, size_t len,
|
||||
unsigned char* res);
|
||||
|
||||
/** return true if DNSKEY algorithm id is supported */
|
||||
int dnskey_algo_id_is_supported(int id);
|
||||
|
||||
/**
|
||||
* Check a canonical sig+rrset and signature against a dnskey
|
||||
* @param buf: buffer with data to verify, the first rrsig part and the
|
||||
* canonicalized rrset.
|
||||
* @param algo: DNSKEY algorithm.
|
||||
* @param sigblock: signature rdata field from RRSIG
|
||||
* @param sigblock_len: length of sigblock data.
|
||||
* @param key: public key data from DNSKEY RR.
|
||||
* @param keylen: length of keydata.
|
||||
* @param reason: bogus reason in more detail.
|
||||
* @return secure if verification succeeded, bogus on crypto failure,
|
||||
* unchecked on format errors and alloc failures.
|
||||
*/
|
||||
enum sec_status verify_canonrrset(ldns_buffer* buf, int algo,
|
||||
unsigned char* sigblock, unsigned int sigblock_len,
|
||||
unsigned char* key, unsigned int keylen, char** reason);
|
||||
|
||||
#endif /* VALIDATOR_VAL_SECALGO_H */
|
@ -43,6 +43,7 @@
|
||||
#include "config.h"
|
||||
#include <ldns/ldns.h>
|
||||
#include "validator/val_sigcrypt.h"
|
||||
#include "validator/val_secalgo.h"
|
||||
#include "validator/validator.h"
|
||||
#include "util/data/msgreply.h"
|
||||
#include "util/data/msgparse.h"
|
||||
@ -52,8 +53,8 @@
|
||||
#include "util/net_help.h"
|
||||
#include "util/regional.h"
|
||||
|
||||
#ifndef HAVE_SSL
|
||||
#error "Need SSL library to do digital signature cryptography"
|
||||
#if !defined(HAVE_SSL) && !defined(HAVE_NSS)
|
||||
#error "Need crypto library to do digital signature cryptography"
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_OPENSSL_ERR_H
|
||||
@ -265,42 +266,9 @@ ds_get_sigdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** digest,
|
||||
static size_t
|
||||
ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
|
||||
{
|
||||
switch(ds_get_digest_algo(k, idx)) {
|
||||
#ifdef HAVE_EVP_SHA1
|
||||
case LDNS_SHA1:
|
||||
return SHA_DIGEST_LENGTH;
|
||||
#endif
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
case LDNS_SHA256:
|
||||
return SHA256_DIGEST_LENGTH;
|
||||
#endif
|
||||
#ifdef USE_GOST
|
||||
case LDNS_HASH_GOST:
|
||||
if(EVP_get_digestbyname("md_gost94"))
|
||||
return 32;
|
||||
else return 0;
|
||||
#endif
|
||||
#ifdef USE_ECDSA
|
||||
case LDNS_SHA384:
|
||||
return SHA384_DIGEST_LENGTH;
|
||||
#endif
|
||||
default: break;
|
||||
}
|
||||
return 0;
|
||||
return ds_digest_size_supported(ds_get_digest_algo(k, idx));
|
||||
}
|
||||
|
||||
#ifdef USE_GOST
|
||||
/** Perform GOST hash */
|
||||
static int
|
||||
do_gost94(unsigned char* data, size_t len, unsigned char* dest)
|
||||
{
|
||||
const EVP_MD* md = EVP_get_digestbyname("md_gost94");
|
||||
if(!md)
|
||||
return 0;
|
||||
return ldns_digest_evp(data, (unsigned int)len, dest, md);
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Create a DS digest for a DNSKEY entry.
|
||||
*
|
||||
@ -333,37 +301,9 @@ ds_create_dnskey_digest(struct module_env* env,
|
||||
ldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
|
||||
ldns_buffer_flip(b);
|
||||
|
||||
switch(ds_get_digest_algo(ds_rrset, ds_idx)) {
|
||||
#ifdef HAVE_EVP_SHA1
|
||||
case LDNS_SHA1:
|
||||
(void)SHA1((unsigned char*)ldns_buffer_begin(b),
|
||||
ldns_buffer_limit(b), (unsigned char*)digest);
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
case LDNS_SHA256:
|
||||
(void)SHA256((unsigned char*)ldns_buffer_begin(b),
|
||||
ldns_buffer_limit(b), (unsigned char*)digest);
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef USE_GOST
|
||||
case LDNS_HASH_GOST:
|
||||
if(do_gost94((unsigned char*)ldns_buffer_begin(b),
|
||||
ldns_buffer_limit(b), (unsigned char*)digest))
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef USE_ECDSA
|
||||
case LDNS_SHA384:
|
||||
(void)SHA384((unsigned char*)ldns_buffer_begin(b),
|
||||
ldns_buffer_limit(b), (unsigned char*)digest);
|
||||
return 1;
|
||||
#endif
|
||||
default:
|
||||
verbose(VERB_QUERY, "unknown DS digest algorithm %d",
|
||||
(int) ds_get_digest_algo(ds_rrset, ds_idx));
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx),
|
||||
(unsigned char*)ldns_buffer_begin(b), ldns_buffer_limit(b),
|
||||
(unsigned char*)digest);
|
||||
}
|
||||
|
||||
int ds_digest_match_dnskey(struct module_env* env,
|
||||
@ -412,37 +352,6 @@ ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
|
||||
return (ds_digest_size_algo(ds_rrset, ds_idx) != 0);
|
||||
}
|
||||
|
||||
/** return true if DNSKEY algorithm id is supported */
|
||||
static int
|
||||
dnskey_algo_id_is_supported(int id)
|
||||
{
|
||||
switch(id) {
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
case LDNS_RSASHA1:
|
||||
case LDNS_RSASHA1_NSEC3:
|
||||
case LDNS_RSAMD5:
|
||||
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
||||
case LDNS_RSASHA256:
|
||||
#endif
|
||||
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
|
||||
case LDNS_RSASHA512:
|
||||
#endif
|
||||
#ifdef USE_ECDSA
|
||||
case LDNS_ECDSAP256SHA256:
|
||||
case LDNS_ECDSAP384SHA384:
|
||||
#endif
|
||||
return 1;
|
||||
#ifdef USE_GOST
|
||||
case LDNS_ECC_GOST:
|
||||
/* we support GOST if it can be loaded */
|
||||
return ldns_key_EVP_load_gost_id();
|
||||
#endif
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
|
||||
size_t ds_idx)
|
||||
@ -606,10 +515,14 @@ dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
|
||||
(uint8_t)rrset_get_sig_algo(rrset, i));
|
||||
}
|
||||
}
|
||||
verbose(VERB_ALGO, "rrset failed to verify: no valid signatures for "
|
||||
"%d algorithms", (int)algo_needs_num_missing(&needs));
|
||||
if(sigalg && (alg=algo_needs_missing(&needs)) != 0) {
|
||||
verbose(VERB_ALGO, "rrset failed to verify: "
|
||||
"no valid signatures for %d algorithms",
|
||||
(int)algo_needs_num_missing(&needs));
|
||||
algo_needs_reason(env, alg, reason, "no signatures");
|
||||
} else {
|
||||
verbose(VERB_ALGO, "rrset failed to verify: "
|
||||
"no valid signatures");
|
||||
}
|
||||
return sec_status_bogus;
|
||||
}
|
||||
@ -1314,378 +1227,6 @@ adjust_ttl(struct val_env* ve, uint32_t unow,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Output a libcrypto openssl error to the logfile.
|
||||
* @param str: string to add to it.
|
||||
* @param e: the error to output, error number from ERR_get_error().
|
||||
*/
|
||||
static void
|
||||
log_crypto_error(const char* str, unsigned long e)
|
||||
{
|
||||
char buf[128];
|
||||
/* or use ERR_error_string if ERR_error_string_n is not avail TODO */
|
||||
ERR_error_string_n(e, buf, sizeof(buf));
|
||||
/* buf now contains */
|
||||
/* error:[error code]:[library name]:[function name]:[reason string] */
|
||||
log_err("%s crypto %s", str, buf);
|
||||
}
|
||||
|
||||
/**
|
||||
* Setup DSA key digest in DER encoding ...
|
||||
* @param sig: input is signature output alloced ptr (unless failure).
|
||||
* caller must free alloced ptr if this routine returns true.
|
||||
* @param len: input is initial siglen, output is output len.
|
||||
* @return false on failure.
|
||||
*/
|
||||
static int
|
||||
setup_dsa_sig(unsigned char** sig, unsigned int* len)
|
||||
{
|
||||
unsigned char* orig = *sig;
|
||||
unsigned int origlen = *len;
|
||||
int newlen;
|
||||
BIGNUM *R, *S;
|
||||
DSA_SIG *dsasig;
|
||||
|
||||
/* extract the R and S field from the sig buffer */
|
||||
if(origlen < 1 + 2*SHA_DIGEST_LENGTH)
|
||||
return 0;
|
||||
R = BN_new();
|
||||
if(!R) return 0;
|
||||
(void) BN_bin2bn(orig + 1, SHA_DIGEST_LENGTH, R);
|
||||
S = BN_new();
|
||||
if(!S) return 0;
|
||||
(void) BN_bin2bn(orig + 21, SHA_DIGEST_LENGTH, S);
|
||||
dsasig = DSA_SIG_new();
|
||||
if(!dsasig) return 0;
|
||||
|
||||
dsasig->r = R;
|
||||
dsasig->s = S;
|
||||
*sig = NULL;
|
||||
newlen = i2d_DSA_SIG(dsasig, sig);
|
||||
if(newlen < 0) {
|
||||
DSA_SIG_free(dsasig);
|
||||
free(*sig);
|
||||
return 0;
|
||||
}
|
||||
*len = (unsigned int)newlen;
|
||||
DSA_SIG_free(dsasig);
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef USE_ECDSA
|
||||
/**
|
||||
* Setup the ECDSA signature in its encoding that the library wants.
|
||||
* Converts from plain numbers to ASN formatted.
|
||||
* @param sig: input is signature, output alloced ptr (unless failure).
|
||||
* caller must free alloced ptr if this routine returns true.
|
||||
* @param len: input is initial siglen, output is output len.
|
||||
* @return false on failure.
|
||||
*/
|
||||
static int
|
||||
setup_ecdsa_sig(unsigned char** sig, unsigned int* len)
|
||||
{
|
||||
ECDSA_SIG* ecdsa_sig;
|
||||
int newlen;
|
||||
int bnsize = (int)((*len)/2);
|
||||
/* if too short or not even length, fails */
|
||||
if(*len < 16 || bnsize*2 != (int)*len)
|
||||
return 0;
|
||||
/* use the raw data to parse two evenly long BIGNUMs, "r | s". */
|
||||
ecdsa_sig = ECDSA_SIG_new();
|
||||
if(!ecdsa_sig) return 0;
|
||||
ecdsa_sig->r = BN_bin2bn(*sig, bnsize, ecdsa_sig->r);
|
||||
ecdsa_sig->s = BN_bin2bn(*sig+bnsize, bnsize, ecdsa_sig->s);
|
||||
if(!ecdsa_sig->r || !ecdsa_sig->s) {
|
||||
ECDSA_SIG_free(ecdsa_sig);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* spool it into ASN format */
|
||||
*sig = NULL;
|
||||
newlen = i2d_ECDSA_SIG(ecdsa_sig, sig);
|
||||
if(newlen <= 0) {
|
||||
ECDSA_SIG_free(ecdsa_sig);
|
||||
free(*sig);
|
||||
return 0;
|
||||
}
|
||||
*len = (unsigned int)newlen;
|
||||
ECDSA_SIG_free(ecdsa_sig);
|
||||
return 1;
|
||||
}
|
||||
#endif /* USE_ECDSA */
|
||||
|
||||
/**
|
||||
* Setup key and digest for verification. Adjust sig if necessary.
|
||||
*
|
||||
* @param algo: key algorithm
|
||||
* @param evp_key: EVP PKEY public key to create.
|
||||
* @param digest_type: digest type to use
|
||||
* @param key: key to setup for.
|
||||
* @param keylen: length of key.
|
||||
* @return false on failure.
|
||||
*/
|
||||
static int
|
||||
setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type,
|
||||
unsigned char* key, size_t keylen)
|
||||
{
|
||||
DSA* dsa;
|
||||
RSA* rsa;
|
||||
|
||||
switch(algo) {
|
||||
case LDNS_DSA:
|
||||
case LDNS_DSA_NSEC3:
|
||||
*evp_key = EVP_PKEY_new();
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
dsa = ldns_key_buf2dsa_raw(key, keylen);
|
||||
if(!dsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"ldns_key_buf2dsa_raw failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_DSA failed");
|
||||
return 0;
|
||||
}
|
||||
*digest_type = EVP_dss1();
|
||||
|
||||
break;
|
||||
case LDNS_RSASHA1:
|
||||
case LDNS_RSASHA1_NSEC3:
|
||||
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
||||
case LDNS_RSASHA256:
|
||||
#endif
|
||||
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
|
||||
case LDNS_RSASHA512:
|
||||
#endif
|
||||
*evp_key = EVP_PKEY_new();
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
rsa = ldns_key_buf2rsa_raw(key, keylen);
|
||||
if(!rsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"ldns_key_buf2rsa_raw SHA failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_RSA SHA failed");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* select SHA version */
|
||||
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
|
||||
if(algo == LDNS_RSASHA256)
|
||||
*digest_type = EVP_sha256();
|
||||
else
|
||||
#endif
|
||||
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
|
||||
if(algo == LDNS_RSASHA512)
|
||||
*digest_type = EVP_sha512();
|
||||
else
|
||||
#endif
|
||||
*digest_type = EVP_sha1();
|
||||
|
||||
break;
|
||||
case LDNS_RSAMD5:
|
||||
*evp_key = EVP_PKEY_new();
|
||||
if(!*evp_key) {
|
||||
log_err("verify: malloc failure in crypto");
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
rsa = ldns_key_buf2rsa_raw(key, keylen);
|
||||
if(!rsa) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"ldns_key_buf2rsa_raw MD5 failed");
|
||||
return 0;
|
||||
}
|
||||
if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_PKEY_assign_RSA MD5 failed");
|
||||
return 0;
|
||||
}
|
||||
*digest_type = EVP_md5();
|
||||
|
||||
break;
|
||||
#ifdef USE_GOST
|
||||
case LDNS_ECC_GOST:
|
||||
*evp_key = ldns_gost2pkey_raw(key, keylen);
|
||||
if(!*evp_key) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"ldns_gost2pkey_raw failed");
|
||||
return 0;
|
||||
}
|
||||
*digest_type = EVP_get_digestbyname("md_gost94");
|
||||
if(!*digest_type) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"EVP_getdigest md_gost94 failed");
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifdef USE_ECDSA
|
||||
case LDNS_ECDSAP256SHA256:
|
||||
*evp_key = ldns_ecdsa2pkey_raw(key, keylen,
|
||||
LDNS_ECDSAP256SHA256);
|
||||
if(!*evp_key) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"ldns_ecdsa2pkey_raw failed");
|
||||
return 0;
|
||||
}
|
||||
#ifdef USE_ECDSA_EVP_WORKAROUND
|
||||
/* openssl before 1.0.0 fixes RSA with the SHA256
|
||||
* hash in EVP. We create one for ecdsa_sha256 */
|
||||
{
|
||||
static int md_ecdsa_256_done = 0;
|
||||
static EVP_MD md;
|
||||
if(!md_ecdsa_256_done) {
|
||||
EVP_MD m = *EVP_sha256();
|
||||
md_ecdsa_256_done = 1;
|
||||
m.required_pkey_type[0] = (*evp_key)->type;
|
||||
m.verify = (void*)ECDSA_verify;
|
||||
md = m;
|
||||
}
|
||||
*digest_type = &md;
|
||||
}
|
||||
#else
|
||||
*digest_type = EVP_sha256();
|
||||
#endif
|
||||
break;
|
||||
case LDNS_ECDSAP384SHA384:
|
||||
*evp_key = ldns_ecdsa2pkey_raw(key, keylen,
|
||||
LDNS_ECDSAP384SHA384);
|
||||
if(!*evp_key) {
|
||||
verbose(VERB_QUERY, "verify: "
|
||||
"ldns_ecdsa2pkey_raw failed");
|
||||
return 0;
|
||||
}
|
||||
#ifdef USE_ECDSA_EVP_WORKAROUND
|
||||
/* openssl before 1.0.0 fixes RSA with the SHA384
|
||||
* hash in EVP. We create one for ecdsa_sha384 */
|
||||
{
|
||||
static int md_ecdsa_384_done = 0;
|
||||
static EVP_MD md;
|
||||
if(!md_ecdsa_384_done) {
|
||||
EVP_MD m = *EVP_sha384();
|
||||
md_ecdsa_384_done = 1;
|
||||
m.required_pkey_type[0] = (*evp_key)->type;
|
||||
m.verify = (void*)ECDSA_verify;
|
||||
md = m;
|
||||
}
|
||||
*digest_type = &md;
|
||||
}
|
||||
#else
|
||||
*digest_type = EVP_sha384();
|
||||
#endif
|
||||
break;
|
||||
#endif /* USE_ECDSA */
|
||||
default:
|
||||
verbose(VERB_QUERY, "verify: unknown algorithm %d",
|
||||
algo);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check a canonical sig+rrset and signature against a dnskey
|
||||
* @param buf: buffer with data to verify, the first rrsig part and the
|
||||
* canonicalized rrset.
|
||||
* @param algo: DNSKEY algorithm.
|
||||
* @param sigblock: signature rdata field from RRSIG
|
||||
* @param sigblock_len: length of sigblock data.
|
||||
* @param key: public key data from DNSKEY RR.
|
||||
* @param keylen: length of keydata.
|
||||
* @param reason: bogus reason in more detail.
|
||||
* @return secure if verification succeeded, bogus on crypto failure,
|
||||
* unchecked on format errors and alloc failures.
|
||||
*/
|
||||
static enum sec_status
|
||||
verify_canonrrset(ldns_buffer* buf, int algo, unsigned char* sigblock,
|
||||
unsigned int sigblock_len, unsigned char* key, unsigned int keylen,
|
||||
char** reason)
|
||||
{
|
||||
const EVP_MD *digest_type;
|
||||
EVP_MD_CTX ctx;
|
||||
int res, dofree = 0;
|
||||
EVP_PKEY *evp_key = NULL;
|
||||
|
||||
if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) {
|
||||
verbose(VERB_QUERY, "verify: failed to setup key");
|
||||
*reason = "use of key for crypto failed";
|
||||
EVP_PKEY_free(evp_key);
|
||||
return sec_status_bogus;
|
||||
}
|
||||
/* if it is a DSA signature in bind format, convert to DER format */
|
||||
if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&
|
||||
sigblock_len == 1+2*SHA_DIGEST_LENGTH) {
|
||||
if(!setup_dsa_sig(&sigblock, &sigblock_len)) {
|
||||
verbose(VERB_QUERY, "verify: failed to setup DSA sig");
|
||||
*reason = "use of key for DSA crypto failed";
|
||||
EVP_PKEY_free(evp_key);
|
||||
return sec_status_bogus;
|
||||
}
|
||||
dofree = 1;
|
||||
}
|
||||
#ifdef USE_ECDSA
|
||||
else if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) {
|
||||
/* EVP uses ASN prefix on sig, which is not in the wire data */
|
||||
if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) {
|
||||
verbose(VERB_QUERY, "verify: failed to setup ECDSA sig");
|
||||
*reason = "use of signature for ECDSA crypto failed";
|
||||
EVP_PKEY_free(evp_key);
|
||||
return sec_status_bogus;
|
||||
}
|
||||
dofree = 1;
|
||||
}
|
||||
#endif /* USE_ECDSA */
|
||||
|
||||
/* do the signature cryptography work */
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
if(EVP_VerifyInit(&ctx, digest_type) == 0) {
|
||||
verbose(VERB_QUERY, "verify: EVP_VerifyInit failed");
|
||||
EVP_PKEY_free(evp_key);
|
||||
if(dofree) free(sigblock);
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
if(EVP_VerifyUpdate(&ctx, (unsigned char*)ldns_buffer_begin(buf),
|
||||
(unsigned int)ldns_buffer_limit(buf)) == 0) {
|
||||
verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed");
|
||||
EVP_PKEY_free(evp_key);
|
||||
if(dofree) free(sigblock);
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
|
||||
res = EVP_VerifyFinal(&ctx, sigblock, sigblock_len, evp_key);
|
||||
if(EVP_MD_CTX_cleanup(&ctx) == 0) {
|
||||
verbose(VERB_QUERY, "verify: EVP_MD_CTX_cleanup failed");
|
||||
EVP_PKEY_free(evp_key);
|
||||
if(dofree) free(sigblock);
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
EVP_PKEY_free(evp_key);
|
||||
|
||||
if(dofree)
|
||||
free(sigblock);
|
||||
|
||||
if(res == 1) {
|
||||
return sec_status_secure;
|
||||
} else if(res == 0) {
|
||||
verbose(VERB_QUERY, "verify: signature mismatch");
|
||||
*reason = "signature crypto failed";
|
||||
return sec_status_bogus;
|
||||
}
|
||||
|
||||
log_crypto_error("verify:", ERR_get_error());
|
||||
return sec_status_unchecked;
|
||||
}
|
||||
|
||||
enum sec_status
|
||||
dnskey_verify_rrset_sig(struct regional* region, ldns_buffer* buf,
|
||||
struct val_env* ve, uint32_t now,
|
||||
|
@ -54,7 +54,6 @@
|
||||
#include "util/net_help.h"
|
||||
#include "util/module.h"
|
||||
#include "util/regional.h"
|
||||
#include "util/config_file.h"
|
||||
|
||||
enum val_classification
|
||||
val_classify_response(uint16_t query_flags, struct query_info* origqinf,
|
||||
|
@ -1023,6 +1023,13 @@ validate_cname_response(struct module_env* env, struct val_env* ve,
|
||||
chase_reply->security = sec_status_bogus;
|
||||
return;
|
||||
}
|
||||
|
||||
/* If we have found a CNAME, stop looking for one.
|
||||
* The iterator has placed the CNAME chain in correct
|
||||
* order. */
|
||||
if (ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* AUTHORITY section */
|
||||
@ -1881,7 +1888,8 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq,
|
||||
/* store overall validation result in orig_msg */
|
||||
if(vq->rrset_skip == 0)
|
||||
vq->orig_msg->rep->security = vq->chase_reply->security;
|
||||
else if(vq->rrset_skip < vq->orig_msg->rep->an_numrrsets +
|
||||
else if(subtype != VAL_CLASS_REFERRAL ||
|
||||
vq->rrset_skip < vq->orig_msg->rep->an_numrrsets +
|
||||
vq->orig_msg->rep->ns_numrrsets) {
|
||||
/* ignore sec status of additional section if a referral
|
||||
* type message skips there and
|
||||
|
@ -56,13 +56,13 @@ struct config_strlist;
|
||||
* will be primed no more often than this interval. Used when harden-
|
||||
* dnssec-stripped is off and the trust anchor fails.
|
||||
*/
|
||||
#define NULL_KEY_TTL 900 /* seconds */
|
||||
#define NULL_KEY_TTL 60 /* seconds */
|
||||
|
||||
/**
|
||||
* TTL for bogus key entries. When a DS or DNSKEY fails in the chain of
|
||||
* trust the entire zone for that name is blacked out for this TTL.
|
||||
*/
|
||||
#define BOGUS_KEY_TTL 900 /* seconds */
|
||||
#define BOGUS_KEY_TTL 60 /* seconds */
|
||||
|
||||
/** max number of query restarts, number of IPs to probe */
|
||||
#define VAL_MAX_RESTART_COUNT 5
|
||||
|
@ -82,7 +82,7 @@ section /o "DLV - dlv.isc.org" SectionDLV
|
||||
SetOutPath $INSTDIR
|
||||
|
||||
# libgcc exception lib used by NSISdl plugin (in crosscompile).
|
||||
File /nonfatal "/oname=$PLUGINSDIR\libgcc_s_sjlj-1.dll" "/usr/i686-pc-mingw32/sys-root/mingw/bin/libgcc_s_sjlj-1.dll"
|
||||
File /nonfatal "/oname=$PLUGINSDIR\libgcc_s_sjlj-1.dll" "/usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc_s_sjlj-1.dll"
|
||||
|
||||
NSISdl::download "http://ftp.isc.org/www/dlv/dlv.isc.org.key" "$INSTDIR\dlv.isc.org.key"
|
||||
Pop $R0 # result from Inetc::get
|
||||
|
@ -380,6 +380,9 @@ service_deinit(struct daemon* daemon, struct config_file* cfg)
|
||||
daemon_delete(daemon);
|
||||
}
|
||||
|
||||
#ifdef DOXYGEN
|
||||
#define ATTR_UNUSED(x) x
|
||||
#endif
|
||||
/**
|
||||
* The main function for the service.
|
||||
* Called by the services API when starting unbound on windows in background.
|
||||
|
Loading…
Reference in New Issue
Block a user