the length of a key's secret data. Previously
OMAPI only stored secrets up to the first NUL byte.
This change was made to cope with decoded base64 secrets, so in this
revision omapiconf.c and rndc.c also decode the secret.
(This is basically bin/named/server.c:base64_cstring_tobuffer(), which I
will remove in another revision that will not need to be pulled up. I also
would like to change isc_base64_totext() and isc_base64_tobuffer() to be
isc_base64_encoderegion() and isc_base64_decodelexer(), unless there are
exceptions. I find their existing names to be quite confusing with regard to
what translation function each performs.)
make the warning message say 'file does not end with newline' instead of
'unexpected end of file' to lead the user on the right tracks to fixing
the most likely cause. Also, don't include the function name in the message.
isc_socket_cancel() has been called. resquery_senddone() has been fixed
to account for this (there was a race condition because of the faulty
assumption that only ISC_R_CANCELED would be returned after
isc_socket_cancel()).
The interaction of resquery_response() with the dispatcher now has to be
closely reviewed to make sure it does not have a similar problem with
a canceled query. If the faulty assumption hadn't been faulty, it was
fine, but now I'm not so sure.
subtype only)
- support "keys" clause
controls {
inet * port 1024
allow { any; } keys { "foo"; }
}
- allow "port xxx" to be left out of statement,
in which case it defaults to omapi's default port
of 953.
validation should only consist of checking that each key in the key set
is also in the list of security root keys.
Strangeness occurs when the key set is signed, since the key set is marked
as secure, but the sig set is not, since it wasn't used in the validation
process. This means that a query for a key set at a security root will
have the AD bit set if the key set is unsigned and not if the key set is signed.
match does not have associated data and DNS_RBTFIND_EMPTYDATA is not set.
Return DNS_R_PARTIALMATCH instead if there is a superdomain with
data, or ISC_R_NOTFOUND if no superdomain has data.
Make dns_rbt_findname() honor DNS_RBTFIND_EMPTYDATA, per the rbt.h
documentation that has been saying it will. It didn't.
