diff options
author | brad <brad@openbsd.org> | 2014-09-16 17:01:38 +0000 |
---|---|---|
committer | brad <brad@openbsd.org> | 2014-09-16 17:01:38 +0000 |
commit | 533110e2415c2233148c52f8caf1731fa77ff1ef (patch) | |
tree | 64122a6661fcd953abb621e26e9a3ecbad98b88b /usr.sbin/nsd/nsec3.c | |
parent | Drop sendmail references. (diff) | |
download | wireguard-openbsd-533110e2415c2233148c52f8caf1731fa77ff1ef.tar.xz wireguard-openbsd-533110e2415c2233148c52f8caf1731fa77ff1ef.zip |
merge conflicts
Diffstat (limited to 'usr.sbin/nsd/nsec3.c')
-rw-r--r-- | usr.sbin/nsd/nsec3.c | 70 |
1 files changed, 60 insertions, 10 deletions
diff --git a/usr.sbin/nsd/nsec3.c b/usr.sbin/nsd/nsec3.c index f84a4cedb6e..92802bd2b00 100644 --- a/usr.sbin/nsd/nsec3.c +++ b/usr.sbin/nsd/nsec3.c @@ -227,6 +227,7 @@ udb_zone_find_nsec3param(udb_base* udb, udb_ptr* uz, struct zone* z) for(i=0; i<rrset->rr_count; i++) { /* if this RR matches the udb RR then we are done */ rdata_atom_type* rd = rrset->rrs[i].rdatas; + if(rrset->rrs[i].rdata_count < 4) continue; if(RR(&urr)->wire[0] == rdata_atom_data(rd[0])[0] && /*alg*/ RR(&urr)->wire[1] == rdata_atom_data(rd[1])[0] && /*flg*/ RR(&urr)->wire[2] == rdata_atom_data(rd[2])[0] && /*iter*/ @@ -243,11 +244,55 @@ udb_zone_find_nsec3param(udb_base* udb, udb_ptr* uz, struct zone* z) return NULL; } +static struct rr* +db_find_nsec3param(struct zone* z, struct rr* avoid_rr) +{ + unsigned i; + rrset_type* rrset = domain_find_rrset(z->apex, z, TYPE_NSEC3PARAM); + if(!rrset) /* no NSEC3PARAM in mem */ + return NULL; + /* find first nsec3param we can support (SHA1, no flags) */ + for(i=0; i<rrset->rr_count; i++) { + rdata_atom_type* rd = rrset->rrs[i].rdatas; + /* do not use the RR that is going to be deleted (in IXFR) */ + if(&rrset->rrs[i] == avoid_rr) continue; + if(rrset->rrs[i].rdata_count < 4) continue; + if(rdata_atom_data(rd[0])[0] == NSEC3_SHA1_HASH && + rdata_atom_data(rd[1])[0] == 0) { + if(2 <= verbosity) { + char str[MAX_RDLENGTH*2+16]; + char* p; + p = str+snprintf(str, sizeof(str), "%u %u %u ", + (unsigned)rdata_atom_data(rd[0])[0], + (unsigned)rdata_atom_data(rd[1])[0], + (unsigned)read_uint16(rdata_atom_data(rd[2]))); + if(rdata_atom_data(rd[3])[0] == 0) + *p++ = '-'; + else { + p += hex_ntop(rdata_atom_data(rd[3])+1, + rdata_atom_data(rd[3])[0], p, + sizeof(str)-strlen(str)-1); + } + *p = 0; + VERBOSITY(2, (LOG_INFO, "rehash of zone %s with parameters %s", + domain_to_string(z->apex), str)); + } + return &rrset->rrs[i]; + } + } + return NULL; +} + void -nsec3_find_zone_param(struct namedb* db, struct zone* zone, udb_ptr* z) +nsec3_find_zone_param(struct namedb* db, struct zone* zone, udb_ptr* z, + struct rr* avoid_rr) { /* get nsec3param RR from udb */ - zone->nsec3_param = udb_zone_find_nsec3param(db->udb, z, zone); + if(db->udb) + zone->nsec3_param = udb_zone_find_nsec3param(db->udb, z, zone); + /* no db, get from memory, avoid using the rr that is going to be + * deleted, avoid_rr */ + else zone->nsec3_param = db_find_nsec3param(zone, avoid_rr); } /* check params ok for one RR */ @@ -529,7 +574,7 @@ nsec3_precompile_newparam(namedb_type* db, zone_type* zone) region_type* tmpregion = region_create(xalloc, free); domain_type* walk; time_t s = time(NULL); - unsigned n = 0, c = 0; + unsigned long n = 0, c = 0; /* add nsec3s of chain to nsec3tree */ for(walk=zone->apex; walk && domain_is_subdomain(walk, zone->apex); @@ -551,7 +596,8 @@ nsec3_precompile_newparam(namedb_type* db, zone_type* zone) if(++c % ZONEC_PCT_COUNT == 0 && time(NULL) > s + ZONEC_PCT_TIME) { s = time(NULL); VERBOSITY(1, (LOG_INFO, "nsec3 %s %d %%", - zone->opts->name, c*100/n)); + zone->opts->name, + (int)(c*((unsigned long)100)/n))); } } region_destroy(tmpregion); @@ -567,18 +613,22 @@ prehash_zone_complete(struct namedb* db, struct zone* zone) /* find zone settings */ assert(db && zone); - if(!udb_zone_search(db->udb, &udbz, dname_name(domain_dname( - zone->apex)), domain_dname(zone->apex)->name_size)) { - udb_ptr_init(&udbz, db->udb); /* zero the ptr */ + if(db->udb) { + if(!udb_zone_search(db->udb, &udbz, dname_name(domain_dname( + zone->apex)), domain_dname(zone->apex)->name_size)) { + udb_ptr_init(&udbz, db->udb); /* zero the ptr */ + } } - nsec3_find_zone_param(db, zone, &udbz); + nsec3_find_zone_param(db, zone, &udbz, NULL); if(!zone->nsec3_param || !check_apex_soa(db, zone)) { zone->nsec3_param = NULL; zone->nsec3_last = NULL; - udb_ptr_unlink(&udbz, db->udb); + if(db->udb) + udb_ptr_unlink(&udbz, db->udb); return; } - udb_ptr_unlink(&udbz, db->udb); + if(db->udb) + udb_ptr_unlink(&udbz, db->udb); nsec3_precompile_newparam(db, zone); } |