Commit 6e287123 authored by Automatic Updater's avatar Automatic Updater
Browse files

update copyright notice

parent 6098d364
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.28 2008/09/24 02:46:21 marka Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.29 2008/09/24 03:16:57 tbox Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 30, 2000</date>
......@@ -41,7 +41,6 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.309 2008/09/24 02:46:21 marka Exp $ */
/* $Id: query.c,v 1.310 2008/09/24 03:16:57 tbox Exp $ */
/*! \file */
......@@ -2324,7 +2324,7 @@ mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
rdataset->ttl = sigrdataset->ttl;
else
sigrdataset->ttl = rdataset->ttl;
(void)dns_db_addrdataset(db, node, NULL, client->now, rdataset,
0, NULL);
(void)dns_db_addrdataset(db, node, NULL, client->now, sigrdataset,
......@@ -4201,7 +4201,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (found &&
dns_rdataset_isassociated(rdataset) &&
!dns_name_equal(qname, found))
{
{
unsigned int count;
unsigned int skip;
......@@ -4234,7 +4234,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* 'nearest' doesn't exist so
* 'exist' is set to ISC_FALSE.
*/
query_findclosestnsec3(found, db,
query_findclosestnsec3(found, db,
version,
client,
rdataset,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.147 2008/09/24 02:46:21 marka Exp $ */
/* $Id: update.c,v 1.148 2008/09/24 03:16:57 tbox Exp $ */
#include <config.h>
......@@ -1158,7 +1158,7 @@ replaces_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
* Replace records added in this UPDATE request.
*/
if (db_rr->data[0] == update_rr->data[0] &&
db_rr->data[1] & DNS_NSEC3FLAG_UPDATE &&
db_rr->data[1] & DNS_NSEC3FLAG_UPDATE &&
update_rr->data[1] & DNS_NSEC3FLAG_UPDATE &&
memcmp(db_rr->data+2, update_rr->data+2,
update_rr->length - 2) == 0)
......@@ -1584,7 +1584,7 @@ is_active(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_fixedname_name(&foundname),
NULL, NULL) == DNS_R_NXRRSET)
*unsecure = ISC_TRUE;
else
else
*unsecure = ISC_FALSE;
}
return (ISC_R_SUCCESS);
......@@ -2896,12 +2896,12 @@ check_dnssec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
isc_boolean_t flag;
isc_result_t result;
unsigned int iterations = 0, max;
dns_diff_init(diff->mctx, &temp_diff);
CHECK(dns_nsec_nseconly(db, ver, &flag));
if (flag)
if (flag)
CHECK(dns_nsec3_active(db, ver, ISC_FALSE, &flag));
if (flag) {
update_log(client, zone, ISC_LOG_WARNING,
......@@ -2992,9 +2992,9 @@ add_nsec3param_records(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
unsigned char *next_data = next->rdata.data;
unsigned char *tuple_data = tuple->rdata.data;
if (next_data[0] != tuple_data[0] ||
/* Ignore flags. */
/* Ignore flags. */
next_data[2] != tuple_data[2] ||
next_data[3] != tuple_data[3] ||
next_data[3] != tuple_data[3] ||
next_data[4] != tuple_data[4] ||
!memcmp(&next_data[5], &tuple_data[5],
tuple_data[4])) {
......@@ -3172,11 +3172,11 @@ add_signing_records(dns_db_t *db, dns_name_t *name, dns_dbversion_t *ver,
failure:
return (result);
}
#ifdef ALLOW_NSEC3PARAM_UPDATE
/*
* Mark all NSEC3 chains for deletion without creating a NSEC chain as
* a side effect of deleting the last chain.
* a side effect of deleting the last chain.
*/
static isc_result_t
delete_chains(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin,
......@@ -3190,7 +3190,7 @@ delete_chains(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin,
isc_boolean_t flag;
isc_result_t result = ISC_R_SUCCESS;
unsigned char buf[DNS_NSEC3PARAM_BUFFERSIZE];
dns_name_init(&next, NULL);
dns_rdataset_init(&rdataset);
......@@ -3214,7 +3214,7 @@ delete_chains(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin,
dns_rdataset_current(&rdataset, &rdata);
INSIST(rdata.length <= sizeof(buf));
memcpy(buf, rdata.data, rdata.length);
if (buf[1] == (DNS_NSEC3FLAG_REMOVE | DNS_NSEC3FLAG_NONSEC)) {
dns_rdata_reset(&rdata);
continue;
......@@ -3662,7 +3662,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
}
#else
if (rdata.type == dns_rdatatype_nsec3param) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
update_log(client, zone, LOGLEVEL_PROTOCOL,
"attempt to add NSEC3PARAM "
"record ignored");
continue;
......@@ -3974,7 +3974,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
keyid = dst_region_computeid(&r, algorithm);
result = dns_zone_signwithkey(zone, algorithm, keyid,
ISC_TF(tuple->op == DNS_DIFFOP_DEL));
ISC_TF(tuple->op == DNS_DIFFOP_DEL));
if (result != ISC_R_SUCCESS) {
update_log(client, zone, ISC_LOG_ERROR,
"dns_zone_signwithkey failed: %s",
......@@ -3985,7 +3985,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
#ifdef ALLOW_NSEC3PARAM_UPDATE
/*
* Cause the zone to add/delete NSEC3 chains for the
* defered NSEC3PARAM changes.
* defered NSEC3PARAM changes.
*
* Note: we are already committed to this course of action.
*/
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsupdate.c,v 1.160 2008/09/24 02:46:21 marka Exp $ */
/* $Id: nsupdate.c,v 1.161 2008/09/24 03:16:57 tbox Exp $ */
/*! \file */
......@@ -1411,7 +1411,7 @@ evaluate_ttl(char *cmdline) {
}
default_ttl = ttl;
default_ttl_set = ISC_TRUE;
return (STATUS_MORE);
}
......
/*
* Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
* Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
......@@ -15,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsec3.h,v 1.4 2008/09/24 02:46:23 marka Exp $ */
/* $Id: nsec3.h,v 1.5 2008/09/24 03:16:58 tbox Exp $ */
#ifndef DNS_NSEC3_H
#define DNS_NSEC3_H 1
......@@ -50,7 +49,7 @@ isc_result_t
dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version,
dns_dbnode_t *node, unsigned int hashalg,
unsigned int optin, unsigned int iterations,
const unsigned char *salt, size_t salt_length,
const unsigned char *salt, size_t salt_length,
const unsigned char *nexthash, size_t hash_length,
unsigned char *buffer, dns_rdata_t *rdata);
/*%<
......@@ -102,13 +101,13 @@ dns_nsec3_supportedhash(dns_hash_t hash);
isc_result_t
dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
dns_name_t *name, const dns_rdata_nsec3param_t *nsec3param,
dns_name_t *name, const dns_rdata_nsec3param_t *nsec3param,
dns_ttl_t nsecttl, isc_boolean_t unsecure, dns_diff_t *diff);
isc_result_t
dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
dns_name_t *name, dns_ttl_t nsecttl,
isc_boolean_t unsecure, dns_diff_t *diff);
dns_name_t *name, dns_ttl_t nsecttl,
isc_boolean_t unsecure, dns_diff_t *diff);
/*%<
* Add NSEC3 records for 'name', recording the change in 'diff'.
* Adjust previous NSEC3 records, if any, to reflect the addition.
......@@ -139,11 +138,11 @@ dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
isc_result_t
dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
const dns_rdata_nsec3param_t *nsec3param, dns_diff_t *diff);
const dns_rdata_nsec3param_t *nsec3param, dns_diff_t *diff);
isc_result_t
dns_nsec3_delnsec3s(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
dns_diff_t *diff);
dns_diff_t *diff);
/*%<
* Remove NSEC3 records for 'name', recording the change in 'diff'.
* Adjust previous NSEC3 records, if any, to reflect the removal.
......@@ -164,8 +163,8 @@ dns_nsec3_delnsec3s(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
*/
isc_result_t
dns_nsec3_active(dns_db_t *db, dns_dbversion_t *version,
isc_boolean_t complete, isc_boolean_t *answer);
dns_nsec3_active(dns_db_t *db, dns_dbversion_t *version,
isc_boolean_t complete, isc_boolean_t *answer);
/*%<
* Check if there are any complete/to be built NSEC3 chains.
* If 'complete' is ISC_TRUE only complete chains will be recognised.
......@@ -178,7 +177,7 @@ dns_nsec3_active(dns_db_t *db, dns_dbversion_t *version,
isc_result_t
dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version,
isc_mem_t *mctx, unsigned int *iterationsp);
isc_mem_t *mctx, unsigned int *iterationsp);
/*%<
* Find the maximum permissible number of iterations allowed based on
* the key strength.
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rbtdb.c,v 1.263 2008/09/24 02:46:22 marka Exp $ */
/* $Id: rbtdb.c,v 1.264 2008/09/24 03:16:57 tbox Exp $ */
/*! \file */
......@@ -1913,7 +1913,7 @@ setnsec3parameters(dns_db_t *db, rbtdb_version_t *version,
if ((nsec3param.flags & ~DNS_NSEC3FLAG_OPTOUT)
!= 0)
continue;
#endif
#endif
INSIST(nsec3param.salt_length <=
sizeof(version->salt));
......@@ -7687,7 +7687,7 @@ dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) {
}
} else if (result == DNS_R_PARTIALMATCH) {
result = ISC_R_NOTFOUND;
rbtdbiter->node = NULL;
rbtdbiter->node = NULL;
}
rbtdbiter->result = result;
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: sdb.c,v 1.65 2008/09/24 02:46:22 marka Exp $ */
/* $Id: sdb.c,v 1.66 2008/09/24 03:16:58 tbox Exp $ */
/*! \file */
......@@ -1049,7 +1049,7 @@ createiterator(dns_db_t *db, unsigned int options, dns_dbiterator_t **iteratorp)
if ((options & DNS_DB_NSEC3ONLY) != 0 ||
(options & DNS_DB_NONSEC3) != 0)
return (ISC_R_NOTIMPLEMENTED);
return (ISC_R_NOTIMPLEMENTED);
sdbiter = isc_mem_get(sdb->common.mctx, sizeof(sdb_dbiterator_t));
if (sdbiter == NULL)
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.481 2008/09/24 02:46:22 marka Exp $ */
/* $Id: zone.c,v 1.482 2008/09/24 03:16:58 tbox Exp $ */
/*! \file */
......@@ -2205,7 +2205,7 @@ zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
if ((nsec3chain->nsec3param.flags & DNS_NSEC3FLAG_CREATE) != 0)
options = DNS_DB_NONSEC3;
result = dns_db_createiterator(nsec3chain->db, options,
&nsec3chain->dbiterator);
&nsec3chain->dbiterator);
if (result == ISC_R_SUCCESS)
dns_dbiterator_first(nsec3chain->dbiterator);
if (result == ISC_R_SUCCESS) {
......@@ -3676,7 +3676,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_rdataset_init(&rdataset);
if (type == dns_rdatatype_nsec3)
if (type == dns_rdatatype_nsec3)
result = dns_db_findnsec3node(db, name, ISC_FALSE, &node);
else
result = dns_db_findnode(db, name, ISC_FALSE, &node);
......@@ -3789,7 +3789,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_rdataset_init(&rdataset);
isc_buffer_init(&buffer, data, sizeof(data));
if (type == dns_rdatatype_nsec3)
if (type == dns_rdatatype_nsec3)
result = dns_db_findnsec3node(db, name, ISC_FALSE, &node);
else
result = dns_db_findnode(db, name, ISC_FALSE, &node);
......@@ -4225,7 +4225,7 @@ sign_a_node(dns_db_t *db, dns_name_t *name, dns_dbnode_t *node,
CHECK(dns_nsec3_addnsec3s(db, version, name, minimum,
unsecure, diff));
(*signatures)--;
}
}
/*
* Going from insecure to NSEC.
* Don't generate NSEC records for NSEC3 records.
......@@ -4382,7 +4382,7 @@ updatesignwithkey(dns_signing_t *signing, dns_dbversion_t *version,
rdata.length = sizeof(data);
rdata.data = data;
rdata.type = privatetype;
rdata.rdclass = dns_db_class(signing->db);
rdata.rdclass = dns_db_class(signing->db);
CHECK(update_one_rr(signing->db, version, diff, DNS_DIFFOP_ADD,
name, rdataset.ttl, &rdata));
}
......@@ -4517,7 +4517,7 @@ deletematchingnsec3(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
dns_rdataset_t rdataset;
dns_rdata_nsec3_t nsec3;
isc_result_t result;
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3,
0, 0, &rdataset, NULL);
......@@ -4546,7 +4546,7 @@ deletematchingnsec3(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node,
failure:
dns_rdataset_disassociate(&rdataset);
return (result);
}
}
static isc_result_t
need_nsec_chain(dns_db_t *db, dns_dbversion_t *ver,
......@@ -4558,7 +4558,7 @@ need_nsec_chain(dns_db_t *db, dns_dbversion_t *ver,
dns_rdata_nsec3param_t myparam;
dns_rdataset_t rdataset;
isc_result_t result;
*answer = ISC_FALSE;
result = dns_db_getoriginnode(db, &node);
......@@ -4590,7 +4590,7 @@ need_nsec_chain(dns_db_t *db, dns_dbversion_t *ver,
check_nsec3param:
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_nsec3param,
0, 0, &rdataset, NULL);
if (result == ISC_R_NOTFOUND) {
if (result == ISC_R_NOTFOUND) {
*answer = ISC_TRUE;
dns_db_detachnode(db, &node);
return (ISC_R_SUCCESS);
......@@ -4820,7 +4820,7 @@ zone_nsec3chain(dns_zone_t *zone) {
goto next_addnode;
if (result != ISC_R_SUCCESS)
goto failure;
seen_soa = seen_ns = seen_dname = seen_ds = seen_nsec =
ISC_FALSE;
for (result = dns_rdatasetiter_first(iterator);
......@@ -4857,17 +4857,17 @@ zone_nsec3chain(dns_zone_t *zone) {
dns_dbiterator_pause(nsec3chain->dbiterator);
CHECK(dns_nsec3_addnsec3(db, version, name,
&nsec3chain->nsec3param,
zone->minimum, unsecure, &nsec3_diff));
zone->minimum, unsecure, &nsec3_diff));
/*
* Treat each call to dns_nsec3_addnsec3() as if it's cost is
* two signatures. Additionally there will, in general, be
* two signature generated below.
* two signature generated below.
*
* If we are only changing the optout flag the cost is half
* that of the cost of generating a completely new chain.
*/
signatures -= 4;
/*
* Go onto next node.
*/
......@@ -4876,7 +4876,7 @@ zone_nsec3chain(dns_zone_t *zone) {
dns_db_detachnode(db, &node);
do {
result = dns_dbiterator_next(nsec3chain->dbiterator);
if (result == ISC_R_NOMORE && nsec3chain->delete_nsec) {
CHECK(fixup_nsec3param(db, version, nsec3chain,
ISC_FALSE, &param_diff));
......@@ -4892,7 +4892,7 @@ zone_nsec3chain(dns_zone_t *zone) {
if (nsec3chain->seen_nsec) {
CHECK(fixup_nsec3param(db, version,
nsec3chain,
ISC_TRUE,
ISC_TRUE,
&param_diff));
nsec3chain->delete_nsec = ISC_TRUE;
goto same_addchain;
......@@ -4980,7 +4980,7 @@ zone_nsec3chain(dns_zone_t *zone) {
*/
CHECK(deletematchingnsec3(db, version, node, name,
&nsec3chain->nsec3param,
&nsec3_diff));
&nsec3_diff));
goto next_removenode;
}
......@@ -5014,7 +5014,7 @@ zone_nsec3chain(dns_zone_t *zone) {
goto next_removenode;
if (result != ISC_R_SUCCESS)
goto failure;
seen_soa = seen_ns = seen_dname = seen_nsec3 = seen_nsec =
seen_rr = ISC_FALSE;
for (result = dns_rdatasetiter_first(iterator);
......@@ -5125,7 +5125,7 @@ zone_nsec3chain(dns_zone_t *zone) {
dns_result_totext(result));
goto failure;
}
do {
dns_difftuple_t *next = ISC_LIST_NEXT(tuple, link);
while (next != NULL &&
......@@ -5253,7 +5253,7 @@ zone_nsec3chain(dns_zone_t *zone) {
goto failure;
}
}
LOCK_ZONE(zone);
zone_needdump(zone, DNS_DUMP_DELAY);
UNLOCK_ZONE(zone);
......@@ -5304,7 +5304,7 @@ zone_nsec3chain(dns_zone_t *zone) {
nsec3chain->delete_nsec = nsec3chain->save_delete_nsec;
}
}
/*
* Rollback the cleanup list.
*/
......@@ -5547,7 +5547,7 @@ zone_sign(dns_zone_t *zone) {
*/
result = dns_nsec3_active(db, version, ISC_TRUE, &build_nsec3);
if (result == ISC_R_SUCCESS) {
if (build_nsec3)
if (build_nsec3)
build_nsec3 = ISC_FALSE;
else {
result = dns_nsec3_active(db, version,
......@@ -11371,12 +11371,12 @@ static const char *hex = "0123456789ABCDEF";
isc_result_t
dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
isc_result_t result;
isc_result_t result;
char salt[255*2+1];
unsigned int i, j;
REQUIRE(DNS_ZONE_VALID(zone));
REQUIRE(DNS_ZONE_VALID(zone));
if (nsec3param->salt_length != 0) {
INSIST((nsec3param->salt_length * 2U) < sizeof(salt));
for (i = 0, j = 0; i < nsec3param->salt_length; i++) {
......@@ -11384,17 +11384,17 @@ dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param) {
salt[j++] = hex[nsec3param->salt[i] & 0xf];
}
salt[j] = '\0';
} else
} else
strcpy(salt, "-");
dns_zone_log(zone, ISC_LOG_NOTICE,
"dns_zone_addnsec3chain(hash=%u, iterations=%u, salt=%s)",
nsec3param->hash, nsec3param->iterations,
dns_zone_log(zone, ISC_LOG_NOTICE,
"dns_zone_addnsec3chain(hash=%u, iterations=%u, salt=%s)",
nsec3param->hash, nsec3param->iterations,
salt);
LOCK_ZONE(zone);
LOCK_ZONE(zone);
result = zone_addnsec3chain(zone, nsec3param);
UNLOCK_ZONE(zone);
return (result);
UNLOCK_ZONE(zone);
return (result);
}
void
......
/*
* Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2006, 2008 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: iterated_hash.c,v 1.3 2008/04/04 23:47:01 tbox Exp $ */
/* $Id: iterated_hash.c,v 1.4 2008/09/24 03:16:58 tbox Exp $ */
#include <stdio.h>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment