From: Mark Andrews Date: Thu, 12 Nov 2009 23:43:36 +0000 (+0000) Subject: 2765. [bug] Skip masters for which the TSIG key cannot be found. X-Git-Tag: v9.5.2-P1~1^4~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ddf5347a68e9510bc2098659436a98bc04259205;p=thirdparty%2Fbind9.git 2765. [bug] Skip masters for which the TSIG key cannot be found. [RT #20595] --- diff --git a/CHANGES b/CHANGES index d9ac82760ae..593c4181e31 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2765. [bug] Skip masters for which the TSIG key cannot be found. + [RT #20595] + 2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533] 2759. [doc] Add information about .jbk/.jnw files to diff --git a/lib/dns/view.c b/lib/dns/view.c index 5766cd5b40c..86f3bb5035f 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.143.128.9 2009/01/29 23:47:13 tbox Exp $ */ +/* $Id: view.c,v 1.143.128.10 2009/11/12 23:43:36 marka Exp $ */ /*! \file */ @@ -1250,7 +1250,8 @@ dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr, if (result != ISC_R_SUCCESS) return (result); - return (dns_view_gettsig(view, keyname, keyp)); + result = dns_view_gettsig(view, keyname, keyp); + return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result); } isc_result_t diff --git a/lib/dns/zone.c b/lib/dns/zone.c index ad99258feb9..233f74cede5 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.470.12.14 2009/10/05 23:46:58 tbox Exp $ */ +/* $Id: zone.c,v 1.470.12.15 2009/11/12 23:43:36 marka Exp $ */ /*! \file */ @@ -3674,6 +3674,7 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) { isc_sockaddr_t any; isc_boolean_t isself; isc_netaddr_t dstaddr; + isc_result_t result; if (zone->view == NULL || zone->isself == NULL) return (ISC_FALSE); @@ -3699,7 +3700,9 @@ notify_isself(dns_zone_t *zone, isc_sockaddr_t *dst) { src = *dst; isc_netaddr_fromsockaddr(&dstaddr, dst); - (void)dns_view_getpeertsig(zone->view, &dstaddr, &key); + result = dns_view_getpeertsig(zone->view, &dstaddr, &key); + if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) + return (ISC_FALSE); isself = (zone->isself)(zone->view, key, &src, dst, zone->rdclass, zone->isselfarg); if (key != NULL) @@ -3901,9 +3904,14 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) { goto cleanup; isc_netaddr_fromsockaddr(&dstip, ¬ify->dst); - (void)dns_view_getpeertsig(notify->zone->view, &dstip, &key); - isc_sockaddr_format(¬ify->dst, addrbuf, sizeof(addrbuf)); + result = dns_view_getpeertsig(notify->zone->view, &dstip, &key); + if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { + notify_log(notify->zone, ISC_LOG_ERROR, "NOTIFY to %s not " + "sent. Peer TSIG key lookup failure.", addrbuf); + goto cleanup_message; + } + notify_log(notify->zone, ISC_LOG_DEBUG(3), "sending notify to %s", addrbuf); if (notify->zone->view->peers != NULL) { @@ -3950,6 +3958,7 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) { cleanup_key: if (key != NULL) dns_tsigkey_detach(&key); + cleanup_message: dns_message_destroy(&message); cleanup: UNLOCK_ZONE(notify->zone); @@ -5146,10 +5155,19 @@ soa_query(isc_task_t *task, isc_event_t *event) { dns_name_format(keyname, namebuf, sizeof(namebuf)); dns_zone_log(zone, ISC_LOG_ERROR, "unable to find key: %s", namebuf); + goto skip_master; + } + } + if (key == NULL) { + result = dns_view_getpeertsig(zone->view, &masterip, &key); + if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) { + char addrbuf[ISC_NETADDR_FORMATSIZE]; + isc_netaddr_format(&masterip, addrbuf, sizeof(addrbuf)); + dns_zone_log(zone, ISC_LOG_ERROR, + "unable to find TSIG key for %s", addrbuf); + goto skip_master; } } - if (key == NULL) - (void)dns_view_getpeertsig(zone->view, &masterip, &key); have_xfrsource = ISC_FALSE; reqnsid = zone->view->requestnsid;