Ondřej Surý [Mon, 5 Aug 2024 09:40:42 +0000 (11:40 +0200)]
Remove OpenSSL Engine support
The OpenSSL 1.x Engines support has been deprecated in the OpenSSL 3.x
and is going to be removed. Remove the OpenSSL Engine support in favor
of OpenSSL Providers.
Ondřej Surý [Mon, 5 Aug 2024 16:54:02 +0000 (16:54 +0000)]
fix: Move matching isc_mem_destroy() outside of ifdef
The isc_mem_create() in printversion() was created outside of an #ifdef
HAVE_GEOIP, but destroyed inside the #ifdef; move it to the outside of
the #ifdef where it belongs.
This is really a nit as we immediately exit() after printing the
versions, but I found it and it would bug me for the rest of my life.
Merge branch 'ondrej/fix-missing-isc_mem_destroy-in-printversion' into 'main'
Ondřej Surý [Mon, 5 Aug 2024 13:55:53 +0000 (15:55 +0200)]
Move matching isc_mem_destroy() outside of ifdef
The isc_mem_create() in printversion() was created outside of an #ifdef
HAVE_GEOIP, but destroyed inside the #ifdef; move it to the outside of
the #ifdef where it belongs.
This is really a nit as we immediately exit() after printing the
versions, but I found it and it would bug me for the rest of my life.
Ondřej Surý [Mon, 5 Aug 2024 13:36:54 +0000 (13:36 +0000)]
fix: dev: don't use 'create' flag unnecessarily in findnode()
when searching the cache for a node so that we can delete an rdataset, it isn't necessary to set the 'create' flag. if the
node doesn't exist yet, we won't be able to delete anything from it anyway.
Merge branch 'each-minor-findnode-refactor' into 'main'
Fix the glue table in the QP and RBT zone databases
When adding glue to the header, we add header to the wait-free stack to
be cleaned up later which sets wfc_node->next to non-NULL value. When
the actual cleaning happens we would only cleanup the .glue_list, but
since the database isn't locked for the time being, the headers could be
reused while cleaning the existing glue entries, which creates a data
race between database versions.
Revert the code back to use per-database-version hashtable where keys
are the node pointers. This allows each database version to have
independent glue cache table that doesn't affect nodes or headers that
could already "belong" to the future database version.
when searching the cache for a node so that we can delete an
rdataset, it is not necessary to set the 'create' flag. if the
node doesn't exist yet, we then we won't be able to delete
anything from it anyway.
Ondřej Surý [Mon, 5 Aug 2024 13:02:41 +0000 (13:02 +0000)]
fix: usr: Raise the log level of priming failures
When a priming query is complete, it's currently logged at level ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising it to ISC_LOG_NOTICE in the case of failure. [GL #3516]
Closes #3516
Merge branch '3516-log-priming-errors' into 'main'
when a priming query is complete, it's currently logged at
level ISC_LOG_DEBUG(1), regardless of success or failure. we
are now raising it to ISC_LOG_NOTICE in the case of failure.
Ondřej Surý [Mon, 5 Aug 2024 11:22:32 +0000 (11:22 +0000)]
chg: dev: fix the rsa exponent to 65537
There isn't a realistic reason to ever use e = 4294967297. Fortunately
its codepath wasn't reachable to users and can be safetly removed.
Keep in mind the `dns_key_generate` header comment was outdated. e = 3
hasn't been used since 2006 so there isn't a reason to panic. The
toggle was the public exponents between 65537 and 4294967297.
Aydın Mercan [Tue, 9 Jul 2024 13:32:51 +0000 (16:32 +0300)]
fix the rsa exponent to 65537
There isn't a realistic reason to ever use e = 4294967297. Fortunately
its codepath wasn't reachable to users and can be safetly removed.
Keep in mind the `dns_key_generate` header comment was outdated. e = 3
hasn't been used since 2006 so there isn't a reason to panic. The
toggle was the public exponents between 65537 and 4294967297.
Ondřej Surý [Mon, 5 Aug 2024 10:24:53 +0000 (10:24 +0000)]
chg: dev: call rcu_barrier() in the isc_mem_destroy() just once
The previous work in this area was led by the belief that we might be
calling call_rcu() from within call_rcu() callbacks. After carefully
checking all the current callback, it became evident that this is not
the case and the problem isn't enough rcu_barrier() calls, but something
entirely else.
Call the rcu_barrier() just once as that's enough and the multiple
rcu_barrier() calls will not hide the real problem anymore, so we can
find it.
Merge branch '4607-call-a-single-rcu_barrier' into 'main'
Call rcu_barrier() in the isc_mem_destroy() just once
The previous work in this area was led by the belief that we might be
calling call_rcu() from within call_rcu() callbacks. After carefully
checking all the current callback, it became evident that this is not
the case and the problem isn't enough rcu_barrier() calls, but something
entirely else.
Call the rcu_barrier() just once as that's enough and the multiple
rcu_barrier() calls will not hide the real problem anymore, so we can
find it.
Since the minimal OpenSSL version is now OpenSSL 1.1.1, remove all kind
of OpenSSL shims and checks for functions that are now always present in
the OpenSSL libraries.
Co-authored-by: Ondřej Surý <ondrej@isc.org> Co-authored-by: Aydın Mercan <aydin@isc.org>
OpenSSL supports pkg-config method since the 0.9.8 version and we
already require pkg-config for other mandatory libraries. Also
the way the AX_CHECK_OPENSSL macro was integrated into the configure
script was confusing - the macro would be used only if the libcrypto.pc
and libssl.pc file are not usable, so calling ./configure
--with-openssl=/usr/local would have no effect when PKG_CHECK_MODULES
would be successful.
As BIND 9.20 does not support RHEL/CentOS 7 which just reach
end-of-life, we can safely bump the OpenSSL requirements to version
1.1.1, which in turn will allow us to simplify our OpenSSL integration.
Ondřej Surý [Mon, 5 Aug 2024 08:24:37 +0000 (10:24 +0200)]
Fix assertion failure when checking named-checkconf version
The dst_lib_destroy() should be called only if dst_lib_init() was called
before. In named-checkconf, that is guarded by dst_cleanup variable
that was erroneously set to true by default. Set the dst_cleanup to
'false' by default.
Ondřej Surý [Mon, 5 Aug 2024 09:40:10 +0000 (09:40 +0000)]
fix: usr: Valid TSIG signatures with invalid time cause crash
An assertion failure triggers when the TSIG has valid cryptographic signature, but the time is invalid. This can happen when the times between the primary and secondary servers are not synchronised.
Closes #4811
Merge branch '4811-fix-isc_buffer_putuint48-buffer-size-requirement' into 'main'
Add a system test that sets TSIG fudge to 0, waits three seconds and
then sends signed message to the server. This tests the path where the
time difference between the client and the server is outside of the TSIG
fudge value.
Add tsig unit test for bad time and bad signatures
The tsig unit test was only testing if everything went ok, but it was
not testing whether the error paths work. Add two more unit tests - one
uses the time outside of the TSIG skew, and the second trashes the
signature with random data.
Fix the assertion failure when putting 48-bit number to buffer
When putting the 48-bit number into a fixed-size buffer that's exactly 6
bytes, the assertion failure would occur as the 48-bit number is
internally represented as 64-bit number and the code was checking if
there is enough space for `sizeof(val)`. This causes assertion failure
when otherwise valid TSIG signature has a bad timing information.
Specify the size of the argument explicitly, so the 48-bit number
doesn't require 8-byte long buffer.
Ondřej Surý [Mon, 5 Aug 2024 07:36:10 +0000 (07:36 +0000)]
fix: dev: Don't skip the counting if fcount_incr() is called with force==true
The fcount_incr() was incorrectly skipping the accounting for the
fetches-per-zone if the force argument was set to true. We want to skip
the accounting only when the fetches-per-zone is completely disabled,
but for individual names we need to do the accounting even if we are
forcing the result to be success.
Closes #4786
Merge branch '4786-forced-fcount_incr-should-still-increment-count-and-allowed' into 'main'
Ondřej Surý [Thu, 20 Jun 2024 16:59:56 +0000 (18:59 +0200)]
Don't skip the counting if fcount_incr() is called with force==true
The fcount_incr() was incorrectly skipping the accounting for the
fetches-per-zone if the force argument was set to true. We want to skip
the accounting only when the fetches-per-zone is completely disabled,
but for individual names we need to do the accounting even if we are
forcing the result to be success.
Ondřej Surý [Mon, 5 Aug 2024 07:33:02 +0000 (07:33 +0000)]
fix: test: Use LC_ALL to override all system locales
The system tests were overriding the local locale by setting LANG to C.
This does not override the locale in case there are individual LC_<*>
variables like LC_CTYPE explicitly set.
Use LC_ALL=C instead which is the proper way of overriding all currently
set locales.
Merge branch 'ondrej/use-LC_ALL-not-LANG' into 'main'
Ondřej Surý [Tue, 18 Jun 2024 06:56:18 +0000 (08:56 +0200)]
Use LC_ALL to override all system locales
The system tests were overriding the local locale by setting LANG to C.
This does not override the locale in case there are individual LC_<*>
variables like LC_CTYPE explicitly set.
Use LC_ALL=C instead which is the proper way of overriding all currently
set locales.
Ondřej Surý [Mon, 5 Aug 2024 07:31:54 +0000 (07:31 +0000)]
fix: dev: Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage
The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are
usually not defines, but enum values, so simple preprocessor check
doesn't work.
Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf AS_COMPILE_IFELSE
block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP. This should enable
adaptive mutex on Linux and FreeBSD.
As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc
does define it when compatibility macros are being set, we can just use
PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP.
Merge branch 'ondrej/fix-adaptive-mutex-use' into 'main'
Ondřej Surý [Tue, 18 Jun 2024 13:21:52 +0000 (15:21 +0200)]
Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage
The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are
usually not defines, but enum values, so simple preprocessor check
doesn't work.
Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf AS_COMPILE_IFELSE
block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP. This should enable
adaptive mutex on Linux and FreeBSD.
As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc
does define it when compatibility macros are being set, we can just use
PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP.
Ondřej Surý [Mon, 5 Aug 2024 07:31:20 +0000 (07:31 +0000)]
chg: dev: Don't open route socket if we don't need it
When automatic-interface-scan is disabled, the route socket was still
being opened. Add new API to connect / disconnect from the route socket
only as needed.
Additionally, move the block that disables periodic interface rescans to
a place where it actually have access to the configuration values.
Previously, the values were being checked before the configuration was
loaded.
Closes #4757
Merge branch '4757-dont-open-routing-socket-if-not-needed' into 'main'
When automatic-interface-scan is disabled, the route socket was still
being opened. Add new API to connect / disconnect from the route socket
only as needed.
Additionally, move the block that disables periodic interface rescans to
a place where it actually have access to the configuration values.
Previously, the values were being checked before the configuration was
loaded.
Mark Andrews [Mon, 5 Aug 2024 03:36:41 +0000 (03:36 +0000)]
fix: usr: Remove extra newline from yaml output
I split this into two commits, one for the actual newline removal, and one for issues I found, ruining the yaml output when some errors were outputted.
Closes: #4772
Merge branch 'yaml-indent' into 'main'
Mark Andrews [Tue, 9 Jul 2024 01:55:46 +0000 (11:55 +1000)]
Prevent overflow of bufsize
If bufsize overflows we will have an infinite loop. In practice
this will not happen unless we have made a coding error. Add an
INSIST to detect this condition.
181retry:
182 isc_buffer_allocate(mctx, &b, bufsize);
183 result = dns_rdata_totext(rdata, NULL, b);
184 if (result == ISC_R_NOSPACE) {
185 isc_buffer_free(&b);
CID 498031: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression bufsize, which is equal to 0, overflows
the type that receives it, an unsigned integer 32 bits wide.
186 bufsize *= 2;
187 goto retry;
188 }
Mark Andrews [Tue, 9 Jul 2024 01:59:39 +0000 (11:59 +1000)]
Prevent overflow of size
If size overflows we will have an infinite loop. In practice
this will not happen unless we have made a coding error. Add
an INSIST to detect this condition.
CID 498025: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression size, which is equal to 0, overflows the type that
receives it, an unsigned integer 32 bits wide.
192 size *= 2;
193 }
Mark Andrews [Fri, 2 Aug 2024 06:34:08 +0000 (06:34 +0000)]
fix: dev: Remove unnecessary operations
Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml
and dns_message_pseudosectiontotext. Coverity was also reporting
an impossible false positive overflow of optlen (CID 499061).
Mark Andrews [Tue, 9 Jul 2024 00:29:30 +0000 (10:29 +1000)]
Remove unnecessary operations
Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml
and dns_message_pseudosectiontotext. Coverity was also reporting
an impossible false positive overflow of optlen (CID 499061).
The minimum allowed value of 'resolver-query-timeout' was lowered to
301 milliseconds instead of the earlier 10000 milliseconds (which is the
default). As earlier, values less than or equal to 300 are converted to
seconds before applying the limit.
Closes #4320
Merge branch '4320-allow-shorter-resolver-query-timeout-configuration' into 'main'
Aram Sargsyan [Thu, 6 Jun 2024 19:58:57 +0000 (19:58 +0000)]
Update the resolver unit test
Before there was a gap from 301 to 9999 which would be converted
to 10000 and now there is no such gap.
This settimeout_belowmin test was checking the behavior of a value
in the gap. As there is now no gap left, the minimum is 301 and
anything below that is converted to seconds as before. In order
for this check to still test the "below minimum" behavior, change
the value from 9000 to 300.
Update the settimeout_overmax value test too so it logically aligns
with the minimum value test.
There are use cases for which shorter timeout values make sense.
For example if there is a load balancer which sets RD=1 and
forwards queries to a BIND resolver which is then configured to
talk to backend servers which are not visible in the public NS set.
WIth a shorter timeout value the frontend can give back SERVFAIL
early when backends are not available and the ultimate client will
not penalize the BIND-frontend for non-response.
Arаm Sаrgsyаn [Thu, 1 Aug 2024 16:54:45 +0000 (16:54 +0000)]
new: usr: implement rndc retransfer -force
A new optional argument '-force' has been added to the command channel
command 'rndc retransfer'. When it is specified, named aborts the
ongoing zone transfer (if there is one), and starts a new transfer.
Closes #2299
Merge branch '2299-implement-rndc-force-retransfer' into 'main'
Aram Sargsyan [Tue, 11 Jun 2024 12:26:08 +0000 (12:26 +0000)]
Test rndc retransfer -force
Use a big zone and the slow transfer mode. Initiate a retransfer, wait
several seconds, then initiate a retransfer using a '-force' argument,
which should cancel the previous transfer and start a new one.
Mark Andrews [Thu, 1 Aug 2024 06:40:17 +0000 (06:40 +0000)]
fix: usr: fix generation of 6to4-self name expansion from IPv4 address
The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong name being checked. Add system test for 6to4-self implementation.
Closes #4766
Merge branch '4766-add-system-test-for-6to4-self' into 'main'
Mark Andrews [Wed, 5 Jun 2024 03:59:39 +0000 (13:59 +1000)]
Add missing period to generated IPv4 6to4 name
The period between the most significant nibble of the IPv4 address
and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong
name being checked.
Mark Andrews [Mon, 8 Jul 2024 04:00:14 +0000 (14:00 +1000)]
Fix yaml output
In yaml mode we emit a string for each question and record. Certain
names and data could result in invalid yaml being produced. Use single
quote string for all questions and records. This requires that single
quotes get converted to two quotes within the string.
Mark Andrews [Mon, 17 Jun 2024 13:16:28 +0000 (23:16 +1000)]
Properly reject zero length ALPN in commatxt_fromtext
ALPN are defined as 1*255OCTET in RFC 9460. commatxt_fromtext was not
rejecting invalid inputs produces by missing a level of escaping
which where later caught be dns_rdata_fromwire on reception.
These inputs should have been rejected
svcb in svcb 1 1.svcb alpn=\,abc
svcb1 in svcb 1 1.svcb alpn=a\,\,abc
and generated 00 03 61 62 63 and 01 61 00 02 61 62 63 respectively.
The correct inputs to include commas in the alpn requires double
escaping.
svcb in svcb 1 1.svcb alpn=\\,abc
svcb1 in svcb 1 1.svcb alpn=a\\,\\,abc
and generate 04 2C 61 62 63 and 06 61 2C 2C 61 62 63 respectively.
Aram Sargsyan [Thu, 6 Jun 2024 20:49:34 +0000 (20:49 +0000)]
Update the chain test
Update the CNAME chain test to correspond to the changed behavior,
because now named returns SERVFAIL when hitting the maximum query
restarts limit (e.g. happening when following a long CNAME chain).
In the current test auth will hit the limit and return partial data
with a SERVFAIL code, while the resolver will return no data with
a SERVFAIL code after auth returns SERVFAIL to it.
chg: test: Improve crypto support detection and algorithm selection in pytest
Ensure that the selected algorithms remains stable throughout the entire test session. Crypto support detection was rewritten to python and simplified.
Closes #4202
Closes #4422
Related #3810
Merge branch '4202-algorithm-detection-pytest' into 'main'
Nicki Křížek [Fri, 10 May 2024 11:10:14 +0000 (13:10 +0200)]
Initialize all environment variables when running isctest
Ensure all the variables are initialized when running the main function
of isctest module. This enables proper environment variables during test
script development when only conf.sh is sourced, rather than the script
being executed by the pytest runner.
Tom Krizek [Mon, 8 Jan 2024 11:54:19 +0000 (12:54 +0100)]
Rewrite testcrypto.sh into python
Run the crypto support checks when initializing the isctest package and
save those results in environment variable. This removes the need to
repeatedly check for crypto operation support, as it's not something
that would change at test runtime.
Tom Krizek [Thu, 4 Jan 2024 16:27:32 +0000 (17:27 +0100)]
Move test algorithm configuration to isctest
Instead of invoking get_algorithms.py script repeatedly (which may yield
different results), move the algorithm configuration to an isctest
module. This ensures the variables are consistent across the entire test
run.
Mark Andrews [Wed, 31 Jul 2024 08:48:51 +0000 (08:48 +0000)]
new: usr: add support for external log rotation tools
Add two mechanisms to close open log files. The first is `rndc closelogs`. The second is `kill -USR1 <pid>`.
They are intended to be used with external log rotation tools.
Closes #4780
Merge branch '4780-add-support-for-external-log-rotation-tools' into 'main'
Mark Andrews [Wed, 26 Jun 2024 00:47:47 +0000 (10:47 +1000)]
Configure SIGUSR1 to close log files
Some external log file rotation programs use signals to tell programs
to close log files. SIGHUP can be used to do this but it also does
a full reconfiguration. Configure named to accept SIGUSR1 as a
signal to close log files.
projects / thirdparty / bind9.git / log
