struct keyalgorithms {
const char *str;
- enum {
- hmacnone,
- hmacmd5,
- hmacsha1,
- hmacsha224,
- hmacsha256,
- hmacsha384,
- hmacsha512
- } hmac;
+ enum { hmacnone,
+ hmacmd5,
+ hmacsha1,
+ hmacsha224,
+ hmacsha256,
+ hmacsha384,
+ hmacsha512 } hmac;
unsigned int type;
uint16_t size;
} algorithms[] = { { "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 },
#if NAMED_RUN_PID_DIR
EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/"
"named.pid");
-#else /* if NAMED_RUN_PID_DIR */
+#else /* if NAMED_RUN_PID_DIR */
EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/"
"named.pid");
#endif /* if NAMED_RUN_PID_DIR */
NAMED_LOGMODULE_MAIN,
ISC_LOG_CRITICAL, "%s", strs[i]);
}
-#else /* HAVE_BACKTRACE_SYMBOLS */
+#else /* HAVE_BACKTRACE_SYMBOLS */
for (int i = 0; i < nframes; i++) {
isc_log_write(
named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
printf("linked to OpenSSL version: %s\n",
OpenSSL_version(OPENSSL_VERSION));
-#else /* if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= \
- * 0x10100000L */
+#else /* if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= \
+ * 0x10100000L */
printf("linked to OpenSSL version: %s\n",
SSLeay_version(SSLEAY_VERSION));
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
named_g_cpus, named_g_cpus == 1 ? "" : "s");
#ifdef WIN32
named_g_udpdisp = 1;
-#else /* ifdef WIN32 */
+#else /* ifdef WIN32 */
if (named_g_udpdisp == 0) {
named_g_udpdisp = named_g_cpus_detected;
}
NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
"linked to OpenSSL version: %s",
OpenSSL_version(OPENSSL_VERSION));
-#else /* if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= \
- * 0x10100000L */
+#else /* if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= \
+ * 0x10100000L */
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
"linked to OpenSSL version: %s",
static isc_result_t
nzd_count(dns_view_t *view, int *countp);
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
static isc_result_t
nzf_append(dns_view_t *view, const cfg_obj_t *zconfig);
#endif /* ifdef HAVE_LMDB */
dns_name_t *name = NULL;
isc_buffer_t namebuf;
const char *atstr = NULL;
- enum {
- INIT_DNSKEY,
- STATIC_DNSKEY,
- INIT_DS,
- STATIC_DS,
- TRUSTED
- } anchortype;
+ enum { INIT_DNSKEY,
+ STATIC_DNSKEY,
+ INIT_DS,
+ STATIC_DS,
+ TRUSTED } anchortype;
REQUIRE(namestrp != NULL && *namestrp == NULL);
REQUIRE(ds != NULL);
if (!strcasecmp(str, "fixed")) {
#if DNS_RDATASET_FIXED
mode = DNS_RDATASETATTR_FIXEDORDER;
-#else /* if DNS_RDATASET_FIXED */
+#else /* if DNS_RDATASET_FIXED */
mode = DNS_RDATASETATTR_CYCLIC;
#endif /* DNS_RDATASET_FIXED */
} else if (!strcasecmp(str, "random")) {
" without `./configure --enable-dnsrps`");
return (ISC_R_FAILURE);
}
-#else /* ifndef USE_DNSRPS */
+#else /* ifndef USE_DNSRPS */
if (dnsrps_enabled) {
if (librpz == NULL) {
cfg_obj_log(rpz_obj, named_g_lctx, DNS_RPZ_ERROR_LEVEL,
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL && view != zoneview;
view = ISC_LIST_NEXT(view, link))
- {}
+ {
+ }
if (view == NULL) {
continue;
}
return (ISC_R_FAILURE);
}
}
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
UNUSED(obj);
#endif /* HAVE_LMDB */
#if defined(HAVE_GEOIP2)
geoip = named_g_geoip;
-#else /* if defined(HAVE_GEOIP2) */
+#else /* if defined(HAVE_GEOIP2) */
geoip = NULL;
#endif /* if defined(HAVE_GEOIP2) */
#ifndef HAVE_LMDB
FILE *fp = NULL;
bool cleanup_config = false;
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
MDB_txn *txn = NULL;
MDB_dbi dbi;
(void)isc_stdio_close(fp);
fp = NULL;
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
/* Make sure we can open the NZD database */
result = nzd_writable(view);
if (result != ISC_R_SUCCESS) {
/* Save the new zone configuration into the NZD */
CHECK(nzd_open(view, 0, &txn, &dbi));
CHECK(nzd_save(&txn, dbi, zone, zoneobj));
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
/* Append the zone configuration to the NZF */
result = nzf_append(view, zoneobj);
#endif /* HAVE_LMDB */
cfg->nzf_config, name, NULL);
RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
}
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
if (txn != NULL) {
(void)nzd_close(&txn, false);
}
#ifndef HAVE_LMDB
FILE *fp = NULL;
cfg_obj_t *z;
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
MDB_txn *txn = NULL;
MDB_dbi dbi;
LOCK(&view->new_zone_lock);
}
(void)isc_stdio_close(fp);
fp = NULL;
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
/* Make sure we can open the NZD database */
result = nzd_writable(view);
if (result != ISC_R_SUCCESS) {
#ifdef HAVE_LMDB
CHECK(nzd_open(view, 0, &txn, &dbi));
CHECK(nzd_save(&txn, dbi, zone, zoneobj));
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
result = nzf_append(view, zoneobj);
if (result != ISC_R_SUCCESS) {
TCHECK(putstr(text, "\nNew zone config not saved: "));
if (fp != NULL) {
(void)isc_stdio_close(fp);
}
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
if (txn != NULL) {
(void)nzd_close(&txn, false);
}
/* Are we accepting new zones in this view? */
#ifdef HAVE_LMDB
if (view->new_zone_db == NULL)
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
if (view->new_zone_file == NULL)
#endif /* HAVE_LMDB */
{
(void)nzd_close(&txn, false);
}
UNLOCK(&view->new_zone_lock);
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
result = delete_zoneconf(view, cfg->add_parser, cfg->nzf_config,
dns_zone_getorigin(zone),
nzf_writeconf);
zconfig = find_name_in_list_from_map(cfg->nzf_config, "zone",
zonename, redirect);
}
-#else /* HAVE_LMDB */
+#else /* HAVE_LMDB */
if (zconfig == NULL) {
const cfg_obj_t *zlist = NULL;
CHECK(get_newzone_config(view, zonename, &nzconfig));
result = dns_dt_reopen(server->dtenv, backups);
return (result);
-#else /* ifdef HAVE_DNSTAP */
+#else /* ifdef HAVE_DNSTAP */
UNUSED(server);
UNUSED(lex);
UNUSED(text);
void
isc__nm_tcpdns_read(isc_nmhandle_t *handle, isc_nm_recv_cb_t cb, void *cbarg) {
- isc_nmsocket_t *sock = handle->sock;
+ isc_nmsocket_t *sock = NULL;
isc__netievent_tcpdnsread_t *ievent = NULL;
isc_nmhandle_t *eventhandle = NULL;
- REQUIRE(handle == sock->statichandle);
+ REQUIRE(VALID_NMHANDLE(handle));
+
+ sock = handle->sock;
+
+ REQUIRE(sock->statichandle == handle);
+ REQUIRE(VALID_NMSOCK(sock));
REQUIRE(sock->recv_cb == NULL);
REQUIRE(sock->tid == isc_nm_tid());
REQUIRE(atomic_load(&sock->client));
static void
async_tls_do_bio(isc_nmsocket_t *sock);
+/*
+ * The socket is closing, outerhandle has been detached, listener is
+ * inactive, or the netmgr is closing: any operation on it should abort
+ * with ISC_R_CANCELED.
+ */
+static bool
+inactive(isc_nmsocket_t *sock) {
+ return (!isc__nmsocket_active(sock) || atomic_load(&sock->closing) ||
+ sock->outerhandle == NULL ||
+ (sock->listener != NULL &&
+ !isc__nmsocket_active(sock->listener)) ||
+ atomic_load(&sock->mgr->closing));
+}
+
static void
tls_senddone(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) {
isc_nmsocket_t *sock = (isc_nmsocket_t *)cbarg;
/* We will resume read if TLS layer wants us to */
isc_nm_pauseread(sock->outerhandle);
+ if (inactive(sock)) {
+ result = ISC_R_CANCELED;
+ goto error;
+ }
+
if (sock->tls.state == TLS_INIT) {
(void)SSL_do_handshake(sock->tls.ssl);
sock->tls.state = TLS_HANDSHAKE;
return;
}
- if (tls_err == 0) {
+ switch (tls_err) {
+ case 0:
return;
- }
-
- if (tls_err == SSL_ERROR_WANT_WRITE) {
+ case SSL_ERROR_WANT_WRITE:
if (!sock->tls.sending) {
/*
* Launch tls_do_bio asynchronously. If we're sending
} else {
return;
}
- } else if (tls_err == SSL_ERROR_WANT_READ) {
+ break;
+ case SSL_ERROR_WANT_READ:
isc_nm_resumeread(sock->outerhandle);
- } else if (tls_err != 0) {
+ break;
+ default:
result = tls_error_to_result(tls_err);
goto error;
}
isc__nm_async_tlssend(isc__networker_t *worker, isc__netievent_t *ev0) {
int rv;
isc__netievent_tcpsend_t *ievent = (isc__netievent_tcpsend_t *)ev0;
+ isc_nmsocket_t *sock = ievent->sock;
isc__nm_uvreq_t *req = ievent->req;
ievent->req = NULL;
REQUIRE(VALID_UVREQ(req));
- REQUIRE(worker->id == ievent->sock->tid);
+ REQUIRE(worker->id == sock->tid);
- if (!atomic_load(&ievent->sock->active)) {
+ if (inactive(sock)) {
+ req->cb.send(req->handle, ISC_R_CANCELED, req->cbarg);
+ isc__nm_uvreq_put(&req, sock);
return;
}
- if (!ISC_LIST_EMPTY(ievent->sock->tls.sends)) {
+ if (!ISC_LIST_EMPTY(sock->tls.sends)) {
/* We're not the first */
- ISC_LIST_APPEND(ievent->sock->tls.sends, req, link);
- tls_do_bio(ievent->sock);
+ ISC_LIST_APPEND(sock->tls.sends, req, link);
+ tls_do_bio(sock);
return;
}
- rv = SSL_write(ievent->sock->tls.ssl, req->uvbuf.base, req->uvbuf.len);
+ rv = SSL_write(sock->tls.ssl, req->uvbuf.base, req->uvbuf.len);
if (rv < 0) {
/*
* We might need to read, we might need to write, or the
* TLS socket might be dead - in any case, we need to
* enqueue the uvreq and let the TLS BIO layer do the rest.
*/
- ISC_LIST_APPEND(ievent->sock->tls.sends, req, link);
- tls_do_bio(ievent->sock);
+ ISC_LIST_APPEND(sock->tls.sends, req, link);
+ tls_do_bio(sock);
return;
}
if (rv != (int)req->uvbuf.len) {
- ievent->sock->tls.state = TLS_ERROR;
- async_tls_do_bio(ievent->sock);
+ sock->tls.state = TLS_ERROR;
+ async_tls_do_bio(sock);
return;
}
- req->cb.send(ievent->sock->statichandle, ISC_R_SUCCESS, req->cbarg);
- isc__nm_uvreq_put(&req, ievent->sock);
- tls_do_bio(ievent->sock);
+ req->cb.send(sock->statichandle, ISC_R_SUCCESS, req->cbarg);
+ isc__nm_uvreq_put(&req, sock);
+ tls_do_bio(sock);
return;
}
void
isc__nm_tls_send(isc_nmhandle_t *handle, isc_region_t *region, isc_nm_cb_t cb,
void *cbarg) {
- isc_nmsocket_t *sock = handle->sock;
isc__netievent_tcpsend_t *ievent = NULL;
isc__nm_uvreq_t *uvreq = NULL;
+ isc_nmsocket_t *sock = NULL;
+ REQUIRE(VALID_NMHANDLE(handle));
+ REQUIRE(VALID_NMSOCK(handle->sock));
+
+ sock = handle->sock;
REQUIRE(sock->type == isc_nm_tlssocket);
+ if (inactive(sock)) {
+ cb(handle, ISC_R_CANCELED, cbarg);
+ return;
+ }
+
uvreq = isc__nm_uvreq_get(sock->mgr, sock);
- uvreq->uvbuf.base = (char *)region->base;
- uvreq->uvbuf.len = region->length;
isc_nmhandle_attach(handle, &uvreq->handle);
uvreq->cb.send = cb;
uvreq->cbarg = cbarg;
+ uvreq->uvbuf.base = (char *)region->base;
+ uvreq->uvbuf.len = region->length;
+
/*
* We need to create an event and pass it using async channel
*/
isc__netievent_startread_t *ievent = NULL;
REQUIRE(VALID_NMHANDLE(handle));
- REQUIRE(VALID_NMSOCK(handle->sock));
+
+ sock = handle->sock;
+
+ REQUIRE(sock->statichandle == handle);
+ REQUIRE(VALID_NMSOCK(sock));
+ REQUIRE(sock->recv_cb == NULL);
+ REQUIRE(sock->tid == isc_nm_tid());
+
+ if (inactive(sock)) {
+ cb(handle, ISC_R_NOTCONNECTED, NULL, cbarg);
+ return;
+ }
sock = handle->sock;
sock->recv_cb = cb;
timer_close_cb(uv_handle_t *handle) {
isc_nmsocket_t *sock = (isc_nmsocket_t *)uv_handle_get_data(handle);
INSIST(VALID_NMSOCK(sock));
- isc__nmsocket_detach(&sock);
+ tls_close_direct(sock);
}
static void
tls_close_direct(isc_nmsocket_t *sock) {
REQUIRE(sock->tid == isc_nm_tid());
- /* We don't need atomics here, it's all in single network thread */
+ if (sock->timer_running) {
+ uv_timer_stop(&sock->timer);
+ sock->timer_running = false;
+ }
+
+ /* We don't need atomics here, it's all in single network thread
+ */
if (sock->timer_initialized) {
/*
* We need to fire the timer callback to clean it up,
uv_close((uv_handle_t *)&sock->timer, timer_close_cb);
} else {
/*
- * At this point we're certain that there are no external
- * references, we can close everything.
+ * At this point we're certain that there are no
+ * external references, we can close everything.
*/
if (sock->outerhandle != NULL) {
isc_nm_pauseread(sock->outerhandle);
sock->tls.app_bio = NULL;
}
atomic_store(&sock->closed, true);
+ isc__nmsocket_detach(&sock);
}
}
REQUIRE(VALID_NMSOCK(sock));
REQUIRE(sock->type == isc_nm_tlssocket);
+ if (!atomic_compare_exchange_strong(&sock->closing, &(bool){ false },
+ true)) {
+ return;
+ }
+
if (sock->tid == isc_nm_tid()) {
tls_close_direct(sock);
} else {
nsock->connect_cbarg = cbarg;
nsock->connect_timeout = timeout;
nsock->tls.ctx = ctx;
- /* We need to initialize SSL now to reference SSL_CTX properly */
+ /* We need to initialize SSL now to reference SSL_CTX properly
+ */
nsock->tls.ssl = SSL_new(nsock->tls.ctx);
if (nsock->tls.ssl == NULL) {
atomic_store(&nsock->closed, true);
}
/*
- * EVP_PKEY_assign_*() set the referenced key to key however
- * these use the supplied key internally and so key will be
- * freed when the parent pkey is freed.
+ * EVP_PKEY_assign_*() set the referenced key to key
+ * however these use the supplied key internally and so
+ * key will be freed when the parent pkey is freed.
*/
EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa);
rsa = NULL;
0);
X509_NAME_add_entry_by_txt(
name, "O", MBSTRING_ASC,
- (const unsigned char *)"BIND9 ephemeral certificate",
+ (const unsigned char *)"BIND9 ephemeral "
+ "certificate",
-1, -1, 0);
X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
(const unsigned char *)"bind9.local",
{ "dnstap-output", &cfg_type_dnstapoutput, 0 },
{ "dnstap-identity", &cfg_type_serverid, 0 },
{ "dnstap-version", &cfg_type_qstringornone, 0 },
-#else /* ifdef HAVE_DNSTAP */
+#else /* ifdef HAVE_DNSTAP */
{ "dnstap-output", &cfg_type_dnstapoutput,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "dnstap-identity", &cfg_type_serverid, CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "fstrm-set-output-queue-model", &cfg_type_fstrm_model, 0 },
{ "fstrm-set-output-queue-size", &cfg_type_uint32, 0 },
{ "fstrm-set-reopen-interval", &cfg_type_duration, 0 },
-#else /* ifdef HAVE_DNSTAP */
+#else /* ifdef HAVE_DNSTAP */
{ "fstrm-set-buffer-hint", &cfg_type_uint32,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "fstrm-set-flush-timeout", &cfg_type_uint32,
#endif /* HAVE_DNSTAP */
#if defined(HAVE_GEOIP2)
{ "geoip-directory", &cfg_type_qstringornone, 0 },
-#else /* if defined(HAVE_GEOIP2) */
+#else /* if defined(HAVE_GEOIP2) */
{ "geoip-directory", &cfg_type_qstringornone,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_GEOIP2 */
#ifdef USE_DNSRPS
{ "dnsrps-enable", &cfg_type_boolean, 0 },
{ "dnsrps-options", &cfg_type_bracketed_text, 0 },
-#else /* ifdef USE_DNSRPS */
+#else /* ifdef USE_DNSRPS */
{ "dnsrps-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "dnsrps-options", &cfg_type_bracketed_text,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#ifdef USE_DNSRPS
{ "dnsrps-enable", &cfg_type_boolean, 0 },
{ "dnsrps-options", &cfg_type_bracketed_text, 0 },
-#else /* ifdef USE_DNSRPS */
+#else /* ifdef USE_DNSRPS */
{ "dnsrps-enable", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "dnsrps-options", &cfg_type_bracketed_text,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "dnssec-validation", &cfg_type_boolorauto, 0 },
#ifdef HAVE_DNSTAP
{ "dnstap", &cfg_type_dnstap, 0 },
-#else /* ifdef HAVE_DNSTAP */
+#else /* ifdef HAVE_DNSTAP */
{ "dnstap", &cfg_type_dnstap, CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_DNSTAP */
{ "dual-stack-servers", &cfg_type_nameportiplist, 0 },
{ "lame-ttl", &cfg_type_duration, 0 },
#ifdef HAVE_LMDB
{ "lmdb-mapsize", &cfg_type_sizeval, 0 },
-#else /* ifdef HAVE_LMDB */
+#else /* ifdef HAVE_LMDB */
{ "lmdb-mapsize", &cfg_type_sizeval, CFG_CLAUSEFLAG_NOOP },
#endif /* ifdef HAVE_LMDB */
{ "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE },
projects / thirdparty / bind9.git / commitdiff
