diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/dns/api | 2 | ||||
-rw-r--r-- | lib/dns/ncache.c | 4 | ||||
-rw-r--r-- | lib/dns/validator.c | 33 | ||||
-rw-r--r-- | lib/dns/win32/libdns.def | 1 |
4 files changed, 24 insertions, 16 deletions
diff --git a/lib/dns/api b/lib/dns/api index af1a23fe..9d9c7586 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -1,3 +1,3 @@ LIBINTERFACE = 82 -LIBREVISION = 1 +LIBREVISION = 2 LIBAGE = 1 diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index 211d5fc6..e72571ee 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.50.124.1 2011-02-03 07:39:03 marka Exp $ */ +/* $Id: ncache.c,v 1.50.124.1.2.1 2011-05-27 00:57:31 each Exp $ */ /*! \file */ @@ -186,7 +186,7 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 2) + if (r.length < 3) return (ISC_R_NOSPACE); isc_buffer_putuint16(&buffer, rdataset->type); diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 7895c7cc..fa6fa610 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.197 2010-12-23 04:07:58 marka Exp $ */ +/* $Id: validator.c,v 1.197.40.1 2011-05-27 00:57:31 each Exp $ */ #include <config.h> @@ -428,7 +428,8 @@ fetch_callback_validator(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", rdataset->trust); + "keyset with trust %s", + dns_trust_totext(rdataset->trust)); /* * Only extract the dst key if the keyset is secure. */ @@ -505,7 +506,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "dsset with trust %d", rdataset->trust); + "dsset with trust %s", + dns_trust_totext(rdataset->trust)); val->dsset = &val->frdataset; result = validatezonekey(val); if (result != DNS_R_WAIT) @@ -660,7 +662,8 @@ keyvalidated(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", val->frdataset.trust); + "keyset with trust %s", + dns_trust_totext(val->frdataset.trust)); /* * Only extract the dst key if the keyset is secure. */ @@ -731,10 +734,10 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { isc_boolean_t have_dsset; dns_name_t *name; validator_log(val, ISC_LOG_DEBUG(3), - "%s with trust %d", + "%s with trust %s", val->frdataset.type == dns_rdatatype_ds ? "dsset" : "ds non-existance", - val->frdataset.trust); + dns_trust_totext(val->frdataset.trust)); have_dsset = ISC_TF(val->frdataset.type == dns_rdatatype_ds); name = dns_fixedname_name(&val->fname); if ((val->attributes & VALATTR_INSECURITY) != 0 && @@ -1385,8 +1388,8 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) { INSIST(type == dns_rdatatype_dlv); if (val->frdataset.trust != dns_trust_secure) { validator_log(val, ISC_LOG_DEBUG(3), - "covering nsec: trust %u", - val->frdataset.trust); + "covering nsec: trust %s", + dns_trust_totext(val->frdataset.trust)); goto notfound; } result = dns_rdataset_first(&val->frdataset); @@ -1721,8 +1724,8 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) { * See if we've got the key used in the signature. */ validator_log(val, ISC_LOG_DEBUG(3), - "keyset with trust %d", - val->frdataset.trust); + "keyset with trust %s", + dns_trust_totext(val->frdataset.trust)); result = get_dst_key(val, siginfo, val->keyset); if (result != ISC_R_SUCCESS) { /* @@ -2492,8 +2495,11 @@ validatezonekey(dns_validator_t *val) { " insecure DS"); return (DNS_R_MUSTBESECURE); } - markanswer(val, "validatezonekey (2)"); - return (ISC_R_SUCCESS); + if (val->view->dlv == NULL || DLVTRIED(val)) { + markanswer(val, "validatezonekey (2)"); + return (ISC_R_SUCCESS); + } + return (startfinddlvsep(val, val->event->name)); } /* @@ -3231,7 +3237,8 @@ dlvvalidated(isc_task_t *task, isc_event_t *event) { validator_done(val, ISC_R_CANCELED); } else if (eresult == ISC_R_SUCCESS) { validator_log(val, ISC_LOG_DEBUG(3), - "dlvset with trust %d", val->frdataset.trust); + "dlvset with trust %s", + dns_trust_totext(val->frdataset.trust)); dns_rdataset_clone(&val->frdataset, &val->dlv); val->havedlvsep = ISC_TRUE; if (dlv_algorithm_supported(val)) diff --git a/lib/dns/win32/libdns.def b/lib/dns/win32/libdns.def index 83a1cf62..dac286ef 100644 --- a/lib/dns/win32/libdns.def +++ b/lib/dns/win32/libdns.def @@ -675,6 +675,7 @@ dns_tkey_processgssresponse dns_tkey_processquery dns_tkeyctx_create dns_tkeyctx_destroy +dns_trust_totext dns_tsig_sign dns_tsig_verify dns_tsigkey_attach |