the length of a key's secret data. Previously
OMAPI only stored secrets up to the first NUL byte.
This change was made to cope with decoded base64 secrets, so in this
revision omapiconf.c and rndc.c also decode the secret.
(This is basically bin/named/server.c:base64_cstring_tobuffer(), which I
will remove in another revision that will not need to be pulled up. I also
would like to change isc_base64_totext() and isc_base64_tobuffer() to be
isc_base64_encoderegion() and isc_base64_decodelexer(), unless there are
exceptions. I find their existing names to be quite confusing with regard to
what translation function each performs.)
make the warning message say 'file does not end with newline' instead of
'unexpected end of file' to lead the user on the right tracks to fixing
the most likely cause. Also, don't include the function name in the message.
isc_socket_cancel() has been called. resquery_senddone() has been fixed
to account for this (there was a race condition because of the faulty
assumption that only ISC_R_CANCELED would be returned after
isc_socket_cancel()).
The interaction of resquery_response() with the dispatcher now has to be
closely reviewed to make sure it does not have a similar problem with
a canceled query. If the faulty assumption hadn't been faulty, it was
fine, but now I'm not so sure.
subtype only)
- support "keys" clause
controls {
inet * port 1024
allow { any; } keys { "foo"; }
}
- allow "port xxx" to be left out of statement,
in which case it defaults to omapi's default port
of 953.
validation should only consist of checking that each key in the key set
is also in the list of security root keys.
Strangeness occurs when the key set is signed, since the key set is marked
as secure, but the sig set is not, since it wasn't used in the validation
process. This means that a query for a key set at a security root will
have the AD bit set if the key set is unsigned and not if the key set is signed.
match does not have associated data and DNS_RBTFIND_EMPTYDATA is not set.
Return DNS_R_PARTIALMATCH instead if there is a superdomain with
data, or ISC_R_NOTFOUND if no superdomain has data.
Make dns_rbt_findname() honor DNS_RBTFIND_EMPTYDATA, per the rbt.h
documentation that has been saying it will. It didn't.
the DNS_DB_NOEXACT flag. This means that the resolver will start look for the
key at or above the parent zone, and will return the key set from the parent
zone if key sets are present in both the parent and child.
NULL. It appears that zone maintenance can occur when the zone is shutting
down and the view pointer is NULL. We don't want to do zone maintenance in
this case.
isc_socket_sendto() calls that did not yet have their
completion events posted, so it could (rarely) end up
destroying the query context and then want to use
it again when the send event posted, triggering an
assertion as it tried to cancel an already-canceled
query. (RT #77)
... so now the resolver counts the number of outstanding isc_socket_sendto()s
and only destroys the query context when there are no more.
