From e9bee7c2837af58b918a9d68a6240fe08b6a7038 Mon Sep 17 00:00:00 2001 From: Willem Toorop Date: Mon, 2 Jan 2012 15:06:50 +0000 Subject: [PATCH] Updated Changelog Exit with error message from configure and make when trying to build drill and examples from the root of the source directory when ./configure has been used in the drill and examples subdirectories. Documentation for soa serial increment functions. --- Changelog | 94 +++++++++++++++++++++++++-------------------- Makefile.in | 20 +++++++++- configure.ac | 18 ++++++++- ldns/rr_functions.h | 81 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 168 insertions(+), 45 deletions(-) diff --git a/Changelog b/Changelog index 052205f5..2dc2c27b 100644 --- a/Changelog +++ b/Changelog @@ -1,17 +1,29 @@ 1.6.12 - * Canonicalize the signers name rdata field in RRSIGs when signing * bugfix #413: Fix manpage source for srcdir != builddir + * Canonicalize the signers name rdata field in RRSIGs when signing + * Ignore minor version of Private-key-format (so v1.3 may be used) + * Allow a check_time to be given in stead of always checking against + the current time. With ldns-verify-zone the check_time can be set + with the -t option. + * Added functions for updating and manipulating SOA serial numbers. + ldns-read-zone has an option -S for updating and manipulating the + serial numbers. + * The library Makefile is now GNU and BSD make compatible. * bugfix #419: NSEC3 validation of a name covered by a wildcard with no data. + * Two new options (--with-drill and --with-examples) to the main + configure script (in the root of the source tree) to build drill + and examples too. + * Fix days_since_epoch to year_yday calculation on 32bits systems. 1.6.11 2011-09-29 * bugfix #394: Fix socket leak on errors - * bugfix #392: Apex only and percentage checks for ldns-verify-zone + * bugfix #392: Apex only and percentage checks for ldns-verify-zone (thanks Miek Gieben) * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone * Fix python site package path from sitelib to sitearch for pyldns. * Fix python api to support python2 and python3 (thanks Karel Slany). - * bugfix #401: Correction of date/time functions algorithm and + * bugfix #401: Correction of date/time functions algorithm and prevention of an infinite loop therein * bugfix #402: Correct the minimum and maximum number of rdata fields in TSIG. (thanks David Keeler) @@ -19,29 +31,29 @@ * bugfix #404: Make parsing APL strings more robust (thanks David Keeler) * bugfix #391: Complete library assessment to prevent assertion errors - through ldns_rdf_size usage. + through ldns_rdf_size usage. * Slightly more specific error messaging on wrong number of rdata fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes. * bugfix #406: More rigorous openssl result code handling to prevent future crashes within openssl. * Fix ldns_fetch_valid_domain_keys to search deeper than just one level - for a DNSKEY that signed a DS RR. (this function was used in the + for a DNSKEY that signed a DS RR. (this function was used in the check_dnssec_trace nagios module) * bugfix #407: Canonicalize TSIG dnames and algorithm fields * A new output specifier to accommodate configuration of what to show in comment texts when converting host and/or wire-format data to string. All conversion to string and printing functions have a new version that have such a format specifier as an extra argument. - The default is changed so that only DNSKEY RR's are annotated with + The default is changed so that only DNSKEY RR's are annotated with an comment show the Key Tag of the DNSKEY. * Fixed the ldns resolver to not mark a nameserver unreachable when edns0 is tried unsuccessfully with size 4096 (no return packet came), - but to still try TCP. A big UDP packet might have been corrupted by + but to still try TCP. A big UDP packet might have been corrupted by fragments dropping firewalls. * Update of libdns.vim (thanks Miek Gieben) * Added the ldnsx Python module to our contrib section, which adds even - more pythonisticism to the usage of ldns with Python. (Many thanks + more pythonisticism to the usage of ldns with Python. (Many thanks to Christpher Olah and Paul Wouters) The ldnsx module is automatically installed when --with-pyldns is used with configuring, but may explicitly be excluded with the @@ -57,9 +69,9 @@ * bugfix #364: Slight performance increase of ldns-verifyzone. * bugfix #367: Fix to allow glue records with the same name as the delegation. - * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* + * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* glue when the zone is opt-out. - * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, + * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit performance) @@ -97,7 +109,7 @@ 1.6.8 2011-01-24 * Fix ldns zone, so that $TTL definition match RFC 2308. - * Fix lots of missing checks on allocation failures and parse of + * Fix lots of missing checks on allocation failures and parse of NSEC with many types and max parse length in hosts_frm_fp routine and off by one in read_anchor_file routine (thanks Dan Kaminsky and Justin Ferguson). @@ -162,7 +174,7 @@ * Catch \X where X is a digit as an error. * Fix segfault when ip6 ldns resolver only has ip4 servers. * Fix NSEC record after DNSKEY at zone apex not properly signed. - * Fix syntax error if last label too long and no dot at end of domain. + * Fix syntax error if last label too long and no dot at end of domain. * Fix parse of \# syntax with space for type LOC. * Fix ldns_dname_absolute for escape sequences, fixes some parse errs. * bugfix #297: linking ssl, bug due to patch submitted as #296. @@ -291,15 +303,15 @@ the SEP flag * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to the first non-default DNSKEY TTL value it sees) - + 1.5.1 Example tools: * ldns-signzone was broken in 1.5.0 for multiple keys, this - has been repaired + has been repaired Build system: - * Removed a small erroneous output warning in - examples/configure and drill/configure + * Removed a small erroneous output warning in + examples/configure and drill/configure 1.5.0 Bug fixes: @@ -316,7 +328,7 @@ * ldns_key now has support for 'external' data, in which case the OpenSSL EVP structures are not used; ldns_key_set_external_key() and ldns_key_external_key() - * added ldns_key_get_file_base_name() which creates a + * added ldns_key_get_file_base_name() which creates a 'default' filename base string for key storage, of the form "K++" * the ldns_dnssec_* family of structures now have deep_free() @@ -334,9 +346,9 @@ * added new example tool: ldns-nsec3-hash * ldns-dpa can now filter on specific query name and types * ldnsd has fixes for the zone name, a fix for the return - value of recvfrom(), and an memory initialization fix - (Thanks to Colm MacCárthaigh for the patch) - * Fixed memory leaks in ldnsd + value of recvfrom(), and an memory initialization fix + (Thanks to Colm MacCárthaigh for the patch) + * Fixed memory leaks in ldnsd @@ -347,12 +359,12 @@ * NSEC3 optout flag now correctly printed in string output * inttypes.h moved to configured inclusion * fixed NSEC3 type bitmaps for empty nonterminals and unsigned - delegations + delegations API addition: * for that last fix, we added a new function ldns_dname_add_from() that can clone parts of a dname - + 1.4.0 Bug fixes: * sig chase return code fix (patch from Rafael Justo, bug id 189) @@ -370,7 +382,7 @@ * Fixed a bug concerning whitespace in zone data (with patch from Ondrej Sury, bug 213) * Fixed a small fallback problem in axfr client code - + API CHANGES: * added 2str convenience functions: - ldns_rr_type2str @@ -390,7 +402,7 @@ * TCP fallback system has been improved * HMAC-SHA256 TSIG support has been added. * TTLS are now correcly set in NSEC(3) records when signing zones - + EXAMPLE TOOLS: * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 * ldns-testpkts has been fixed and updated @@ -460,7 +472,7 @@ Contrib: * new contrib/ dir with user contributions * added compilation script for solaris (thanks to Jakob Schlyter) - + 28 Nov 2007 1.2.2: * Added support for HMAC-MD5 keys in generator * Added a new example tool (written by Ondrej Sury): ldns-compare-zones @@ -483,7 +495,7 @@ 11 Apr 2007 1.2.0: * canonicalization of rdata in DNSSEC functions now adheres to the - rr type list in rfc3597, not rfc4035, which will be updated + rr type list in rfc3597, not rfc4035, which will be updated (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html) * ldns-walk now support dnames with maximum label length * ldnsd now takes an extra argument containing the address to listen on @@ -527,36 +539,36 @@ platform; some gnuism were identified and fixed. * The ldns_zone structure was stress tested. The current setup (ie. just a list of rrs) can scale to zone file in order of - megabytes. Sorting such zone is still difficult. + megabytes. Sorting such zone is still difficult. * Reading multiline b64 encoded rdata works. * OpenSSL was made optional, configure --without-ssl. Ofcourse all dnssec/tsig related functions are disabled * Building of examples and drill now happens with the same defines as the building of ldns itself. * Preliminary sha-256 support was added. Currently is your - OpenSSL supports it, it is supported in the DS creation. + OpenSSL supports it, it is supported in the DS creation. * ldns_resolver_search was implemented * Fixed a lot of bugs Drill: - * -r was killed in favor of -o
which + * -r was killed in favor of -o
which allows for a header bits setting (and maybe more in the future) * DNSSEC is never automaticaly set, even when you query for DNSKEY/RRSIG or DS. * Implement a crude RTT check, it now distinguishes between reachable and unreachable. - * A form of secure tracing was added - * Secure Chasing has been improved + * A form of secure tracing was added + * Secure Chasing has been improved * -x does a reverse lookup for the given IP address - + Examples: * ldns-dpa was added to the examples - this is the Dns Packet Analyzer tool. * ldnsd - as very, very simple nameserver impl. * ldns-zsplit - split zones for parrallel signing * ldns-zcat - cat split zones back together - * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, + * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, non-DNSSEC) anti-spoofing techniques. * ldns-walk - 'Walks' a DNSSEC signed zone * Added an all-static target to the makefile so you can use examples @@ -567,7 +579,7 @@ Code: * All networking code was moved to net.c * rdata.c: added asserts to the rdf set/get functions - * const keyword was added to pointer arguments that + * const keyword was added to pointer arguments that aren't changed API: @@ -575,18 +587,18 @@ * renamed ldns/dns.h to ldns/ldns.h * ldns_rr_new_frm_str() is extented with an extra variable which in common use may be NULL. This trickles through to: - o ldns_rr_new_frm_fp + o ldns_rr_new_frm_fp o ldns_rr_new_frm_fp_l Which also get an extra variable Also the function has been changed to return a status message. The compiled RR is returned in the first argument. * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are - changed to return a status msg. + changed to return a status msg. * ldns_key_new_frm_fp is changed to return ldns_status and the actual key list in the first argument * ldns_rdata_new_frm_fp[_l]() are changed to return a status. the rdf is return in the first argument - * ldns_resolver_new_frm_fp: same treatment: return status and + * ldns_resolver_new_frm_fp: same treatment: return status and the new resolver in the first argument * ldns_pkt_query_new_frm_str(): same: return status and the packet in the first arg @@ -603,7 +615,7 @@ * ldns_pkt_empty(): check is a packet is empty * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list - * ldns_rr_list_compare(): compare 2 ldns_rr_lists + * ldns_rr_list_compare(): compare 2 ldns_rr_lists * ldns_pkt_push_rr_list: rr_list equiv for rr * ldns_pkt_safe_push_rr_list: rr_list equiv for rr Removed: @@ -645,9 +657,9 @@ * Usual fixes in documentation and code 13 Jun 2005: 0.65: ldns-team - * Repository is online at: + * Repository is online at: http://www.nlnetlabs.nl/ldns/svn/ - * Apply reference copying throuhgout ldns, except in 2 + * Apply reference copying throuhgout ldns, except in 2 places in the ldns_resolver structure (._domain and ._nameservers) * Usual array of bugfixes @@ -659,7 +671,7 @@ (you're not supposed to include that in a libary) * Further tweaking - DNSSEC signing/verification works - - Assorted bug fixes and tweaks (memory management) + - Assorted bug fixes and tweaks (memory management) May 2005: 0.50: ldns-team * First usable release diff --git a/Makefile.in b/Makefile.in index 437f0ba2..3e96cf77 100644 --- a/Makefile.in +++ b/Makefile.in @@ -118,7 +118,15 @@ putdown-builddir: if test -d drill -a ! -f drill/README ; then rmdir drill || : ; fi if test -d compat -a ! -f compat/malloc.c; then rmdir compat || : ; fi -drill: drill/drill +drill: no-drill-config-h drill/drill +no-drill-config-h: + if test -e $(srcdir)/drill/config.h -o -e drill/config.h ; then \ + echo "A config.h was detected in the drill subdirectory." ; \ + echo "This does not work when building drill from here." ; \ + echo "Either remove the config.h from the subdirectory" ; \ + echo "or build drill there." ; \ + exit -1 ; \ + fi drill/drill: $(DRILL_LOBJS) $(LIB) $(LINK_EXE) $(DRILL_LOBJS) $(LIBS) -lldns -o drill/drill @@ -137,7 +145,15 @@ uninstall-drill: clean-drill: $(LIBTOOL) --mode clean rm -f $(DRILL_LOBJS) drill/drill -examples: $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) +examples: no-examples-config-h $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) +no-examples-config-h: + if test -e $(srcdir)/examples/config.h -o -e examples/config.h ; then \ + echo "A config.h was detected in the examples subdirectory." ; \ + echo "This does not work when building examples from here." ; \ + echo "Either remove the config.h from the subdirectory" ; \ + echo "or build examples there." ; \ + exit -1 ; \ + fi $(EXAMPLE_PROGS): $(EXAMPLE_LOBJS) $(LIB) $(LINK_EXE) $@.lo $(LIBS) -lldns -o $@ diff --git a/configure.ac b/configure.ac index 07eb4587..2c8e8284 100644 --- a/configure.ac +++ b/configure.ac @@ -99,12 +99,19 @@ AC_SEARCH_LIBS([inet_pton], [nsl]) AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill], [Also build drill.]), [],[with_drill="no"]) -if test x_$with_drill != x_no; then +if test x_$with_drill != x_no ; then AC_SUBST(DRILL,[drill]) AC_SUBST(INSTALL_DRILL,[install-drill]) AC_SUBST(UNINSTALL_DRILL,[uninstall-drill]) AC_SUBST(CLEAN_DRILL,[clean-drill]) AC_SUBST(LINT_DRILL,[lint-drill]) + if test -e $srcdir/drill/config.h -o -e drill/config.h ; then + AC_MSG_ERROR([ +A config.h was detected in the drill subdirectory. +This does not work with the --with-drill option. +Please remove the config.h from the drill subdirectory +or do not use the --with-drill option.]) + fi else AC_SUBST(DRILL,[""]) AC_SUBST(INSTALL_DRILL,[""]) @@ -117,12 +124,19 @@ fi AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples], [Also build examples.]), [],[with_examples="no"]) -if test x_$with_examples != x_no; then +if test x_$with_examples != x_no ; then AC_SUBST(EXAMPLES,[examples]) AC_SUBST(INSTALL_EXAMPLES,[install-examples]) AC_SUBST(UNINSTALL_EXAMPLES,[uninstall-examples]) AC_SUBST(CLEAN_EXAMPLES,[clean-examples]) AC_SUBST(LINT_EXAMPLES,[lint-examples]) + if test -e $srcdir/examples/config.h -o -e examples/config.h ; then + AC_MSG_ERROR([ +A config.h was detected in the examples subdirectory. +This does not work with the --with-examples option. +Please remove the config.h from the examples subdirectory +or do not use the --with-examples option.]) + fi else AC_SUBST(EXAMPLES,[""]) AC_SUBST(INSTALL_EXAMPLES,[""]) diff --git a/ldns/rr_functions.h b/ldns/rr_functions.h index 3a566302..4a8bf655 100644 --- a/ldns/rr_functions.h +++ b/ldns/rr_functions.h @@ -252,23 +252,104 @@ size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata, */ size_t ldns_rr_dnskey_key_size(const ldns_rr *key); +/** + * The type of function to be passed to ldns_rr_soa_increment_func, + * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int. + * The function will be called with as the first argument the current serial + * number of the SOA RR to be updated, and as the second argument a value + * given when calling ldns_rr_soa_increment_func_data or + * ldns_rr_soa_increment_int. + */ typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*); +/** + * Function to be used with dns_rr_soa_increment_func_int, to set the soa + * serial number. + * \param[in] _ the (unused) current serial number. + * \param[in] data the serial number to be set (when casted to uint32_t). + */ uint32_t ldns_soa_serial_identity(uint32_t _, void *data); + +/** + * Function to be used with dns_rr_soa_increment_func, to increment the soa + * serial number with one. + * \param[in] s the current serial number. + * \param[in] _ unused. + */ uint32_t ldns_soa_serial_increment(uint32_t s, void *_); + +/** + * Function to be used with dns_rr_soa_increment_func_int, to increment the soa + * serial number with a certain amount. + * \param[in] s the current serial number. + * \param[in] data (casted to intptr_t) the amount to add to the + * current serial number. + */ uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data); + +/** + * Function to be used with ldns_rr_soa_increment_func or + * ldns_rr_soa_increment_func_int to set the soa serial to the number of + * seconds since unix epoch (1-1-1970 00:00). + * When data is given (i.e. the function is called via + * ldns_rr_soa_increment_func_int), it is used as the current time. + * When the resulting serial number is smaller than the current serial number, + * the current serial number is increased by one. + * \param[in] s the current serial number. + * \param[in] data the time in seconds since 1-1-1970 00:00 + */ uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data); + +/** + * Function to be used with ldns_rr_soa_increment_func or + * ldns_rr_soa_increment_func_int to set the soa serial to the current date + * succeeded by a two digit iteration. + * When data is given (i.e. the function is called via + * ldns_rr_soa_increment_func_int), it is used as the current time. + * When the resulting serial number is smaller than the current serial number, + * the current serial number is increased by one. + * \param[in] s the current serial number. + * \param[in] data the time in seconds since 1-1-1970 00:00 + */ uint32_t ldns_soa_serial_YYYYMMDDxx(uint32_t s, void *data); +/** + * Increment the serial number of the given SOA by one. + * \param[in] soa The soa rr to be incremented + */ void ldns_rr_soa_increment( ldns_rr *soa); +/** + * Increment the serial number of the given SOA with the given function. + * Included functions to be used here are: ldns_rr_soa_increment, + * ldns_soa_serial_unixtime and ldns_soa_serial_YYYYMMDDxx. + * \param[in] soa The soa rr to be incremented + * \param[in] f the function to use to increment the soa rr. + */ void ldns_rr_soa_increment_func( ldns_rr *soa, ldns_soa_serial_increment_func_t f); +/** + * Increment the serial number of the given SOA with the given function + * passing it the given data argument. + * \param[in] soa The soa rr to be incremented + * \param[in] f the function to use to increment the soa rr. + * \param[in] data this argument will be passed to f as the second argument. + */ void ldns_rr_soa_increment_func_data( ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data); +/** + * Increment the serial number of the given SOA with the given function + * using data as an argument for the function. + * Included functions to be used here are: ldns_soa_serial_identity, + * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and + * ldns_soa_serial_YYYYMMDDxx. + * \param[in] soa The soa rr to be incremented + * \param[in] f the function to use to increment the soa rr. + * \param[in] data this argument will be passed to f as the second argument. + */ void ldns_rr_soa_increment_func_int( ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data); -- 2.47.3