#endif
#ifdef HAVE_NSS
-#include <nss3/nss.h>
+/* nss3 */
+#include "nss.h"
#endif
#include <ldns/ldns.h>
comp_meth = (void*)SSL_COMP_get_compression_methods();
# endif
(void)SSL_library_init();
-# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
if(!ub_openssl_lock_init())
fatal_exit("could not init openssl locks");
# endif
ERR_remove_state(0);
ERR_free_strings();
RAND_cleanup();
-# if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
ub_openssl_lock_delete();
# endif
#elif defined(HAVE_NSS)
#endif
#ifdef HAVE_NSS
-# include <nss3/nss.h>
+/* nss3 */
+# include "nss.h"
#endif
/** global debug value to keep track of heap memory allocation */
+15 February 2013: Wouter
+ - fix defines in lookup3 for bigendian bsd alpha
+
+11 February 2013: Wouter
+ - Fixup openssl_thread init code to only run if compiled with SSL.
+
+7 February 2013: Wouter
+ - detect endianness in lookup3 on BSD.
+ - add libunbound.ttl at end of result structure, version bump for
+ libunbound and binary backwards compatible, but 1.4.19 is not
+ forward compatible with 1.4.20.
+ - update iana port list.
+
+30 January 2013: Wouter
+ - includes and have_ssl fixes for nss.
+
+29 January 2013: Wouter
+ - printout name of zone with duplicate fwd and hint errors.
+
+28 January 2013: Wouter
+ - updated fwd_zero for newer nc. Updated common.sh for newer netstat.
+
17 January 2013: Wouter
- unbound-anchors checks the emailAddress of the signer of the
root.xml file, default is dnssec@iana.org. It also checks that
int secure; /* true if result is secure */
int bogus; /* true if a security failure happened */
char* why_bogus; /* string with error if bogus */
+ int ttl; /* number of seconds the result is valid */
};
.fi
.P
SHOW_USED_FILES = YES
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+#SHOW_DIRECTORIES = YES
+
# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
# This will remove the Files entry from the Quick Index and from the
# Folder Tree View (if specified). The default is YES.
HTML_TIMESTAMP = YES
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+#HTML_ALIGN_MEMBERS = YES
+
# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
# documentation will contain sections that can be hidden and shown after the
# page has loaded.
# documentation. Note that a value of 0 will completely suppress the enum
# values from appearing in the overview section.
-ENUM_VALUES_PER_LINE = 4
+#USE_INLINE_TREES = NO
# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
# used to set the initial width (in pixels) of the frame in which the tree
node->namelabs = nmlabs;
node->dp = dp;
if(!rbtree_insert(fwd->tree, &node->node)) {
- log_err("duplicate forward zone ignored.");
+ char buf[257];
+ dname_str(nm, buf);
+ log_err("duplicate forward zone %s ignored.", buf);
delegpt_free_mlc(dp);
free(node->name);
free(node);
node->noprime = (uint8_t)noprime;
if(!name_tree_insert(&hints->tree, &node->node, dp->name, dp->namelen,
dp->namelabs, c)) {
- log_err("second hints ignored.");
+ char buf[257];
+ dname_str(dp->name, buf);
+ log_err("second hints for zone %s ignored.", buf);
delegpt_free_mlc(dp);
free(node);
}
#include "config.h"
#include <ldns/dname.h>
#include <ldns/wire2host.h>
+#ifdef HAVE_SSL
#include <openssl/ssl.h>
+#endif
#include "libunbound/libworker.h"
#include "libunbound/context.h"
#include "libunbound/unbound.h"
ub_randfree(w->env->rnd);
free(w->env);
}
+#ifdef HAVE_SSL
SSL_CTX_free(w->sslctx);
+#endif
outside_network_delete(w->back);
comm_base_delete(w->base);
free(w);
/** fill data into result */
static int
fill_res(struct ub_result* res, struct ub_packed_rrset_key* answer,
- uint8_t* finalcname, struct query_info* rq)
+ uint8_t* finalcname, struct query_info* rq, struct reply_info* rep)
{
size_t i;
struct packed_rrset_data* data;
+ res->ttl = 0;
if(!answer) {
if(finalcname) {
if(!fill_canon(res, finalcname))
return 0; /* out of memory */
}
+ if(rep->rrset_count != 0)
+ res->ttl = (int)rep->ttl;
res->data = (char**)calloc(1, sizeof(char*));
res->len = (int*)calloc(1, sizeof(int));
return (res->data && res->len);
if(!res->data[i])
return 0; /* out of memory */
}
+ /* ttl for positive answers, from CNAME and answer RRs */
+ if(data->count != 0) {
+ size_t j;
+ res->ttl = (int)data->ttl;
+ for(j=0; j<rep->an_numrrsets; j++) {
+ struct packed_rrset_data* d =
+ (struct packed_rrset_data*)rep->rrsets[j]->
+ entry.data;
+ if((int)d->ttl < res->ttl)
+ res->ttl = (int)d->ttl;
+ }
+ }
+ /* ttl for negative answers */
+ if(data->count == 0 && rep->rrset_count != 0)
+ res->ttl = (int)rep->ttl;
res->data[data->count] = NULL;
res->len[data->count] = 0;
return 1;
return; /* error parsing buf, or out of memory */
}
if(!fill_res(res, reply_find_answer_rrset(&rq, rep),
- reply_find_final_cname_target(&rq, rep), &rq))
+ reply_find_final_cname_target(&rq, rep), &rq, rep))
return; /* out of memory */
/* rcode, havedata, nxdomain, secure, bogus */
res->rcode = (int)FLAGS_GET_RCODE(rep->flags);
* Is NULL if the result is not bogus.
*/
char* why_bogus;
+
+ /**
+ * TTL for the result, in seconds. If the security is bogus, then
+ * you also cannot trust this value.
+ */
+ int ttl;
};
/**
struct local_data* node;
struct local_rrset* rrset;
struct packed_rrset_data* pd;
- uint16_t rrtype, rrclass;
- uint32_t ttl;
+ uint16_t rrtype = 0, rrclass = 0;
+ uint32_t ttl = 0;
if(!get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, buf)) {
log_err("bad local-data: %s", rrstr);
return 0;
#include "libunbound/unbound.h"
#include <ldns/ldns.h>
#ifdef HAVE_NSS
-#include <nss3/nss.h>
+/* nss3 */
+#include "nss.h"
#endif
/** verbosity for unbound-host app */
fi
fi
if test $SKIP -eq 0; then
- echo $test
+ #echo -n "$test "
sh ../testcode/mini_tpkg.sh -a ../.. exe $test
else
echo "skip $test"
/**
* reads the canned reply file and returns a list of structs
* does an exit on error.
- * @param name: path of file
+ * @param name: name of the file to read.
* @param skip_whitespace: skip leftside whitespace.
*/
struct entry* read_datafile(const char* name, int skip_whitespace);
fi
else
if test -f "result.$name"; then
- echo "!! FAILED !! : $name"
+ echo "\033[01;31m!! FAILED !!\033[00m : $name"
else
echo ">> SKIPPED<< : $name"
fi
shell="sh"
fi
+echo -n "$name: \t"
+
# check already done
if test -f .done-$name; then
echo "minitpkg .done-$name exists. skip test."
fi
# Extract
-echo "minitpkg extract $1 to $dir"
+#echo "minitpkg extract $1 to $dir"
mkdir $dir
gzip -cd $name.tpkg | (cd $dir; tar xf -)
cd $dir
grep "Description:" $name.dsc >> $result 2>&1
echo "DateRunStart: "`date "+%s" 2>/dev/null` >> $result
if test -f $name.pre; then
- echo "minitpkg exe $name.pre"
+ #echo "minitpkg exe $name.pre"
echo "minitpkg exe $name.pre" >> $result
$shell $name.pre $args >> $result
if test $? -ne 0; then
fi
fi
if test -f $name.test; then
- echo "minitpkg exe $name.test"
+ #echo "minitpkg exe $name.test"
echo "minitpkg exe $name.test" >> $result
$shell $name.test $args >>$result 2>&1
if test $? -ne 0; then
echo "$name: FAILED" >> $result
- echo "$name: FAILED"
+ echo "\033[01;31mFAILED\033[00m"
success="no"
else
echo "$name: PASSED" >> $result
echo "$name: PASSED" > ../.done-$name
- echo "$name: PASSED"
+ echo "\033[01;32mPASSED\033[00m"
success="yes"
fi
fi
if test -f $name.post; then
- echo "minitpkg exe $name.post"
+ #echo "minitpkg exe $name.post"
echo "minitpkg exe $name.post" >> $result
$shell $name.post $args >> $result
if test $? -ne 0; then
#endif
#ifdef HAVE_NSS
-#include "nss3/nss.h"
+/* nss3 */
+#include "nss.h"
#endif
#include <ldns/ldns.h>
# depending on uname try to check for collisions in port numbers
case "`uname`" in
linux|Linux)
- plist=`netstat -n -A ip -A ip6 -a | sed -e 's/^.*:\([0-9]*\) .*$/\1/'`
+ plist=`netstat -n -A ip -A ip6 -a 2>/dev/null | sed -e 's/^.*:\([0-9]*\) .*$/\1/'`
;;
FreeBSD|freebsd|NetBSD|netbsd|OpenBSD|openbsd)
plist=`netstat -n -a | grep "^[ut][dc]p[46] " | sed -e 's/^.*\.\([0-9]*\) .*$/\1/'`
7799,
7800,
7801,
+7802,
7810,
7845,
7846,
#endif
}
-#if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
/** global lock list for openssl locks */
static lock_basic_t *ub_openssl_locks = NULL;
int ub_openssl_lock_init(void)
{
-#if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
int i;
ub_openssl_locks = (lock_basic_t*)malloc(
sizeof(lock_basic_t)*CRYPTO_num_locks());
void ub_openssl_lock_delete(void)
{
-#if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+#if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
int i;
if(!ub_openssl_locks)
return;
# endif /* USE_WINSOCK */
#else /* USE_MINI_EVENT */
/* we use libevent */
-# include <event.h>
+# ifdef HAVE_EVENT_H
+# include <event.h>
+# else
+# include "event.h"
+# endif
#endif /* USE_MINI_EVENT */
/**
#include <openssl/rc4.h>
#include <openssl/err.h>
#elif defined(HAVE_NSS)
-#include <nspr4/prerror.h>
-#include <nss3/secport.h>
-#include <nss3/pk11pub.h>
+/* nspr4 */
+#include "prerror.h"
+/* nss3 */
+#include "secport.h"
+#include "pk11pub.h"
#endif
/**
/*
+ February 2013(Wouter) patch defines for BSD endianness, from Brad Smith.
January 2012(Wouter) added randomised initial value, fallout from 28c3.
March 2007(Wouter) adapted from lookup3.c original, add config.h include.
added #ifdef VALGRIND to remove 298,384,660 'unused variable k8' warnings.
#ifdef linux
# include <endian.h> /* attempt to define endianness */
#endif
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__)
+#include <sys/endian.h> /* attempt to define endianness */
+#endif
+#ifdef __OpenBSD__
+#include <machine/endian.h> /* attempt to define endianness */
+#endif
/* random initial value */
static uint32_t raninit = (uint32_t)0xdeadbeef;
*/
#if (defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \
__BYTE_ORDER == __LITTLE_ENDIAN) || \
+ (defined(_BYTE_ORDER) && defined(_LITTLE_ENDIAN) && \
+ _BYTE_ORDER == _LITTLE_ENDIAN) || \
(defined(i386) || defined(__i386__) || defined(__i486__) || \
defined(__i586__) || defined(__i686__) || defined(vax) || defined(MIPSEL))
# define HASH_LITTLE_ENDIAN 1
# define HASH_BIG_ENDIAN 0
+#elif (!defined(_BYTE_ORDER) && !defined(__BYTE_ORDER) && defined(_BIG_ENDIAN))
+# define HASH_LITTLE_ENDIAN 0
+# define HASH_BIG_ENDIAN 1
#elif (defined(__BYTE_ORDER) && defined(__BIG_ENDIAN) && \
__BYTE_ORDER == __BIG_ENDIAN) || \
+ (defined(_BYTE_ORDER) && defined(_BIG_ENDIAN) && \
+ _BYTE_ORDER == _BIG_ENDIAN) || \
(defined(sparc) || defined(POWERPC) || defined(mc68000) || defined(sel))
# define HASH_LITTLE_ENDIAN 0
# define HASH_BIG_ENDIAN 1
#include "openssl/ssl.h"
#endif
#ifdef HAVE_NSS
-#include <nss3/sechash.h>
+/* nss3 */
+#include "sechash.h"
#endif
#include "validator/val_nsec3.h"
#include "validator/validator.h"
/**************************************************/
#elif defined(HAVE_NSS)
/* libnss implementation */
-#include <nss3/sechash.h>
-#include <nss3/pk11pub.h>
-#include <nss3/keyhi.h>
-#include <nss3/secerr.h>
-#include <nss3/cryptohi.h>
-#include <nspr4/prerror.h>
+/* nss3 */
+#include "sechash.h"
+#include "pk11pub.h"
+#include "keyhi.h"
+#include "secerr.h"
+#include "cryptohi.h"
+/* nspr4 */
+#include "prerror.h"
size_t
ds_digest_size_supported(int algo)
daemon_delete(daemon);
}
+#ifdef DOXYGEN
+#define ATTR_UNUSED(x) x
+#endif
/**
* The main function for the service.
* Called by the services API when starting unbound on windows in background.
projects / thirdparty / unbound.git / commitdiff
