Hello community,
here is the log from the commit of package pdns for openSUSE:Factory checked in at 2014-10-31 18:27:39
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pdns (Old)
and /work/SRC/openSUSE:Factory/.pdns.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns"
Changes:
--------
--- /work/SRC/openSUSE:Factory/pdns/pdns.changes 2014-10-29 21:11:16.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.pdns.new/pdns.changes 2014-10-31 20:20:32.000000000 +0100
@@ -1,0 +2,23 @@
+Thu Oct 30 15:36:02 UTC 2014 - michael@stroeder.com
+
+- update to version 3.4.1
+
+Changes since 3.4.0:
+
+ * commit dcd6524, commit a8750a5, commit 7dc86bf, commit 2fda71f: PowerDNS now
+ polls the security status of a release at startup and periodically. More
+ detail on this feature, and how to turn it off, can be found in Section 2,
+ “Security polling”.
+
+ * commit 5fe6dc0: API: Replace HTTP Basic auth with static key in custom header
+ (X-API-Key)
+
+ * commit 4a95ab4: Use transaction for pdnssec increase-serial
+
+ * commit 6e82a23: Don't empty ordername during pdnssec increase-serial
+
+ * commit 535f4e3: honor SOA-EDIT while considering "empty IXFR" fallback, fixes
+ ticket 1835. This fixes slaving of signed zones to IXFR-aware slaves like NSD
+ or BIND.
+
+-------------------------------------------------------------------
Old:
----
pdns-3.4.0.tar.bz2
New:
----
pdns-3.4.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pdns.spec ++++++
--- /var/tmp/diff_new_pack.eNn8Xx/_old 2014-10-31 20:20:33.000000000 +0100
+++ /var/tmp/diff_new_pack.eNn8Xx/_new 2014-10-31 20:20:33.000000000 +0100
@@ -17,11 +17,11 @@
Name: pdns
-Version: 3.4.0
+Version: 3.4.1
Release: 0
#
%define pkg_name pdns
-%define pkg_version 3.4.0
+%define pkg_version 3.4.1
%define polarssl_version 1.3.2
#
%define home %{_var}/lib/pdns
++++++ pdns-3.4.0.tar.bz2 -> pdns-3.4.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/build-scripts/redhat/pdns-server-test.spec new/pdns-3.4.1/build-scripts/redhat/pdns-server-test.spec
--- old/pdns-3.4.0/build-scripts/redhat/pdns-server-test.spec 2014-09-30 11:23:37.000000000 +0200
+++ new/pdns-3.4.1/build-scripts/redhat/pdns-server-test.spec 2014-10-30 11:18:22.000000000 +0100
@@ -9,7 +9,7 @@
Epoch: 0
License: GPL
Group: System/Servers
-Source: http://downloads.powerdns.com/releases/pdns-3.4.0.tar.bz2
+Source: http://downloads.powerdns.com/releases/pdns-3.4.1.tar.bz2
BuildRequires: autoconf automake
BuildRequires: gcc gcc-c++
@@ -30,7 +30,7 @@
PowerDNS testbuild
%prep
-%setup -q -n pdns-3.4.0
+%setup -q -n pdns-3.4.1
%build
%configure \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/configure new/pdns-3.4.1/configure
--- old/pdns-3.4.0/configure 2014-09-30 11:23:48.000000000 +0200
+++ new/pdns-3.4.1/configure 2014-10-30 11:18:31.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for pdns 3.4.0.
+# Generated by GNU Autoconf 2.69 for pdns 3.4.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='pdns'
PACKAGE_TARNAME='pdns'
-PACKAGE_VERSION='3.4.0'
-PACKAGE_STRING='pdns 3.4.0'
+PACKAGE_VERSION='3.4.1'
+PACKAGE_STRING='pdns 3.4.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1471,7 +1471,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pdns 3.4.0 to adapt to many kinds of systems.
+\`configure' configures pdns 3.4.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1541,7 +1541,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pdns 3.4.0:";;
+ short | recursive ) echo "Configuration of pdns 3.4.1:";;
esac
cat <<\_ACEOF
@@ -1737,7 +1737,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-pdns configure 3.4.0
+pdns configure 3.4.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2344,7 +2344,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pdns $as_me 3.4.0, which was
+It was created by pdns $as_me 3.4.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3167,7 +3167,7 @@
# Define the identity of the package.
PACKAGE='pdns'
- VERSION='3.4.0'
+ VERSION='3.4.1'
cat >>confdefs.h <<_ACEOF
@@ -21020,7 +21020,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by pdns $as_me 3.4.0, which was
+This file was extended by pdns $as_me 3.4.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -21086,7 +21086,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-pdns config.status 3.4.0
+pdns config.status 3.4.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/configure.ac new/pdns-3.4.1/configure.ac
--- old/pdns-3.4.0/configure.ac 2014-09-30 11:23:37.000000000 +0200
+++ new/pdns-3.4.1/configure.ac 2014-10-30 11:18:22.000000000 +0100
@@ -1,7 +1,7 @@
AC_PREREQ([2.61])
dnl The following lines may be patched by set-version-auth.
-AC_INIT([pdns], [3.4.0])
+AC_INIT([pdns], [3.4.1])
AC_SUBST([DIST_HOST], [jenkins@autotest.powerdns.com])
dnl End patch area.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/debian-pdns/changelog new/pdns-3.4.1/debian-pdns/changelog
--- old/pdns-3.4.0/debian-pdns/changelog 2014-09-30 11:23:37.000000000 +0200
+++ new/pdns-3.4.1/debian-pdns/changelog 2014-10-30 11:18:22.000000000 +0100
@@ -1,4 +1,4 @@
-pdns (3.4.0-1) unstable; urgency=medium
+pdns (3.4.1-1) unstable; urgency=medium
* fill in the blanks
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/Makefile.am new/pdns-3.4.1/pdns/Makefile.am
--- old/pdns-3.4.0/pdns/Makefile.am 2014-08-29 16:02:13.000000000 +0200
+++ new/pdns-3.4.1/pdns/Makefile.am 2014-10-30 11:18:22.000000000 +0100
@@ -58,7 +58,7 @@
bindparser.cc bindlexer.c \
backends/gsql/gsqlbackend.cc \
backends/gsql/gsqlbackend.hh backends/gsql/ssql.hh \
-base64.cc sillyrecords.cc \
+base64.cc sillyrecords.cc secpoll-auth.cc secpoll-auth.hh \
base64.hh zoneparser-tng.cc dnsrecords.cc dnswriter.cc \
rcpgenerator.cc dnsparser.cc dns_random.hh dns_random.cc\
randomhelper.cc namespaces.hh nsecrecords.cc base32.cc dbdnsseckeeper.cc dnssecinfra.cc \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/Makefile.in new/pdns-3.4.1/pdns/Makefile.in
--- old/pdns-3.4.0/pdns/Makefile.in 2014-09-30 11:23:53.000000000 +0200
+++ new/pdns-3.4.1/pdns/Makefile.in 2014-10-30 11:18:39.000000000 +0100
@@ -326,11 +326,12 @@
utility.hh iputils.hh common_startup.hh unix_semaphore.cc \
bind-dnssec.schema.sqlite3.sql.h bindparser.cc bindlexer.c \
backends/gsql/gsqlbackend.cc backends/gsql/gsqlbackend.hh \
- backends/gsql/ssql.hh base64.cc sillyrecords.cc base64.hh \
- zoneparser-tng.cc dnsrecords.cc dnswriter.cc rcpgenerator.cc \
- dnsparser.cc dns_random.hh dns_random.cc randomhelper.cc \
- namespaces.hh nsecrecords.cc base32.cc dbdnsseckeeper.cc \
- dnssecinfra.cc dnsseckeeper.hh dnssecinfra.hh base32.hh dns.cc \
+ backends/gsql/ssql.hh base64.cc sillyrecords.cc \
+ secpoll-auth.cc secpoll-auth.hh base64.hh zoneparser-tng.cc \
+ dnsrecords.cc dnswriter.cc rcpgenerator.cc dnsparser.cc \
+ dns_random.hh dns_random.cc randomhelper.cc namespaces.hh \
+ nsecrecords.cc base32.cc dbdnsseckeeper.cc dnssecinfra.cc \
+ dnsseckeeper.hh dnssecinfra.hh base32.hh dns.cc \
dnssecsigner.cc polarrsakeyinfra.cc sha.hh md5.hh \
signingpipe.cc signingpipe.hh dnslabeltext.cc lua-pdns.cc \
lua-auth.cc lua-auth.hh serialtweaker.cc ednssubnet.cc \
@@ -357,7 +358,7 @@
unix_utility.$(OBJEXT) common_startup.$(OBJEXT) \
unix_semaphore.$(OBJEXT) bindparser.$(OBJEXT) \
bindlexer.$(OBJEXT) backends/gsql/gsqlbackend.$(OBJEXT) \
- base64.$(OBJEXT) sillyrecords.$(OBJEXT) \
+ base64.$(OBJEXT) sillyrecords.$(OBJEXT) secpoll-auth.$(OBJEXT) \
zoneparser-tng.$(OBJEXT) dnsrecords.$(OBJEXT) \
dnswriter.$(OBJEXT) rcpgenerator.$(OBJEXT) dnsparser.$(OBJEXT) \
dns_random.$(OBJEXT) randomhelper.$(OBJEXT) \
@@ -961,18 +962,18 @@
unix_semaphore.cc bind-dnssec.schema.sqlite3.sql.h \
bindparser.cc bindlexer.c backends/gsql/gsqlbackend.cc \
backends/gsql/gsqlbackend.hh backends/gsql/ssql.hh base64.cc \
- sillyrecords.cc base64.hh zoneparser-tng.cc dnsrecords.cc \
- dnswriter.cc rcpgenerator.cc dnsparser.cc dns_random.hh \
- dns_random.cc randomhelper.cc namespaces.hh nsecrecords.cc \
- base32.cc dbdnsseckeeper.cc dnssecinfra.cc dnsseckeeper.hh \
- dnssecinfra.hh base32.hh dns.cc dnssecsigner.cc \
- polarrsakeyinfra.cc sha.hh md5.hh signingpipe.cc \
- signingpipe.hh dnslabeltext.cc lua-pdns.cc lua-auth.cc \
- lua-auth.hh serialtweaker.cc ednssubnet.cc ednssubnet.hh \
- cachecleaner.hh json.cc json.hh version.hh version.cc \
- rfc2136handler.cc responsestats.cc responsestats.hh comment.hh \
- auth-carbon.cc $(am__append_5) $(am__append_7) $(am__append_9) \
- $(am__append_11) $(am__append_13)
+ sillyrecords.cc secpoll-auth.cc secpoll-auth.hh base64.hh \
+ zoneparser-tng.cc dnsrecords.cc dnswriter.cc rcpgenerator.cc \
+ dnsparser.cc dns_random.hh dns_random.cc randomhelper.cc \
+ namespaces.hh nsecrecords.cc base32.cc dbdnsseckeeper.cc \
+ dnssecinfra.cc dnsseckeeper.hh dnssecinfra.hh base32.hh dns.cc \
+ dnssecsigner.cc polarrsakeyinfra.cc sha.hh md5.hh \
+ signingpipe.cc signingpipe.hh dnslabeltext.cc lua-pdns.cc \
+ lua-auth.cc lua-auth.hh serialtweaker.cc ednssubnet.cc \
+ ednssubnet.hh cachecleaner.hh json.cc json.hh version.hh \
+ version.cc rfc2136handler.cc responsestats.cc responsestats.hh \
+ comment.hh auth-carbon.cc $(am__append_5) $(am__append_7) \
+ $(am__append_9) $(am__append_11) $(am__append_13)
pdns_server_LDFLAGS = @moduleobjects@ @modulelibs@ $(DYNLINKFLAGS) @LIBDL@ $(THREADFLAGS) $(BOOST_SERIALIZATION_LDFLAGS) -rdynamic
pdns_server_LDADD = $(POLARSSL_LIBS) $(BOOST_SERIALIZATION_LIBS) \
$(LUA_LIBS) $(SQLITE3_LIBS) $(YAHTTP_LIBS) $(am__append_6) \
@@ -1498,6 +1499,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2136handler.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/saxfr.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sdig.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secpoll-auth.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/selectmplexer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/serialtweaker.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signingpipe.Po@am__quote@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/common_startup.cc new/pdns-3.4.1/pdns/common_startup.cc
--- old/pdns-3.4.0/pdns/common_startup.cc 2014-09-22 12:32:05.000000000 +0200
+++ new/pdns-3.4.1/pdns/common_startup.cc 2014-10-28 13:51:22.000000000 +0100
@@ -21,6 +21,7 @@
*/
#include "common_startup.hh"
#include "ws-auth.hh"
+#include "secpoll-auth.hh"
bool g_anyToTcp;
typedef Distributor DNSDistributor;
@@ -61,6 +62,7 @@
::arg().set("retrieval-threads", "Number of AXFR-retrieval threads for slave operation")="2";
::arg().setSwitch("experimental-json-interface", "If the webserver should serve JSON data")="no";
::arg().setSwitch("experimental-api-readonly", "If the JSON API should disallow data modification")="no";
+ ::arg().set("experimental-api-key", "REST API Static authentication key (required for API use)")="";
::arg().setSwitch("experimental-dname-processing", "If we should support DNAME records")="no";
::arg().setCmd("help","Provide a helpful message");
@@ -159,6 +161,7 @@
::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
::arg().set("include-dir","Include *.conf files from this directory");
+ ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
}
void declareStats(void)
@@ -198,7 +201,7 @@
S.declare("servfail-packets","Number of times a server-failed packet was sent out");
S.declare("latency","Average number of microseconds needed to answer a question");
S.declare("timedout-packets","Number of packets which weren't answered within timeout set");
-
+ S.declare("security-status", "Security status based on regular polling");
S.declareRing("queries","UDP Queries Received");
S.declareRing("nxdomain-queries","Queries for non-existent records within existent domains");
S.declareRing("noerror-queries","Queries for existing records, but for type we don't have");
@@ -362,6 +365,9 @@
DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
+
+ doSecPoll(true); // this must be BEFORE chroot
+
if(!::arg()["chroot"].empty()) {
if(::arg().mustDo("master") || ::arg().mustDo("slave"))
gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
@@ -399,13 +405,19 @@
TN->go(); // tcp nameserver launch
pthread_create(&qtid,0,carbonDumpThread, 0); // runs even w/o carbon, might change @ runtime
+
// fork(); (this worked :-))
unsigned int max_rthreads= ::arg().asNum("receiver-threads", 1);
for(unsigned int n=0; n < max_rthreads; ++n)
pthread_create(&qtid,0,qthread, reinterpret_cast(n)); // receives packets
- void *p;
- pthread_join(qtid, &p);
+ for(;;) {
+ sleep(1800);
+ try {
+ doSecPoll(false);
+ }
+ catch(...){}
+ }
L<http://docbook.sf.net/
-.\" Date: 09/30/2014
+.\" Date: 10/30/2014
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "DNSDIST" "1" "09/30/2014" "\ \&" "\ \&"
+.TH "DNSDIST" "1" "10/30/2014" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/docs/dnstcpbench.1 new/pdns-3.4.1/pdns/docs/dnstcpbench.1
--- old/pdns-3.4.0/pdns/docs/dnstcpbench.1 2014-09-30 11:24:26.000000000 +0200
+++ new/pdns-3.4.1/pdns/docs/dnstcpbench.1 2014-10-30 11:19:07.000000000 +0100
@@ -2,12 +2,12 @@
.\" Title: dnstcpbench
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/
-.\" Date: 09/30/2014
+.\" Date: 10/30/2014
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "DNSTCPBENCH" "1" "09/30/2014" "\ \&" "\ \&"
+.TH "DNSTCPBENCH" "1" "10/30/2014" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/pdns.conf-dist new/pdns-3.4.1/pdns/pdns.conf-dist
--- old/pdns-3.4.0/pdns/pdns.conf-dist 2014-08-12 13:32:10.000000000 +0200
+++ new/pdns-3.4.1/pdns/pdns.conf-dist 2014-10-28 11:41:09.000000000 +0100
@@ -145,6 +145,11 @@
# entropy-source=/dev/urandom
#################################
+# experimental-api-key REST API Static authentication key (required for API use)
+#
+# experimental-api-key=
+
+#################################
# experimental-api-readonly If the JSON API should disallow data modification
#
# experimental-api-readonly=no
@@ -370,6 +375,11 @@
# reuseport=no
#################################
+# security-poll-suffix Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+
+#################################
# send-root-referral Send out old-fashioned root-referral instead of ServFail in case of no authority
#
# send-root-referral=no
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/pdns_recursor.cc new/pdns-3.4.1/pdns/pdns_recursor.cc
--- old/pdns-3.4.0/pdns/pdns_recursor.cc 2014-09-25 13:42:01.000000000 +0200
+++ new/pdns-3.4.1/pdns/pdns_recursor.cc 2014-10-30 11:18:22.000000000 +0100
@@ -2101,6 +2101,7 @@
::arg().set("experimental-webserver-password", "Password required for accessing the webserver") = "";
::arg().set("webserver-allow-from","Webserver access is only allowed from these subnets")="0.0.0.0/0,::/0";
::arg().set("experimental-api-config-dir", "Directory where REST API stores config and zones") = "";
+ ::arg().set("experimental-api-key", "REST API Static authentication key (required for API use)") = "";
::arg().set("carbon-ourname", "If set, overrides our reported hostname for carbon stats")="";
::arg().set("carbon-server", "If set, send metrics in carbon (graphite) format to this server")="";
::arg().set("carbon-interval", "Number of seconds between carbon (graphite) updates")="30";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/pdnssec.cc new/pdns-3.4.1/pdns/pdnssec.cc
--- old/pdns-3.4.0/pdns/pdnssec.cc 2014-07-29 14:58:22.000000000 +0200
+++ new/pdns-3.4.1/pdns/pdnssec.cc 2014-10-30 11:18:22.000000000 +0100
@@ -612,10 +612,37 @@
}
rrs[0].content = serializeSOAData(sd);
+ sd.db->startTransaction("", -1);
+
if (! sd.db->replaceRRSet(sd.domain_id, zone, rr.qtype, rrs)) {
+ sd.db->abortTransaction();
cerr<<"Backend did not replace SOA record. Backend might not support this operation."<doesDNSSEC()) {
+ NSEC3PARAMRecordContent ns3pr;
+ bool narrow;
+ bool haveNSEC3=dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
+
+ if(haveNSEC3)
+ {
+ if(!narrow) {
+ string hashed=toBase32Hex(hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rrs[0].qname));
+ if(g_verbose)
+ cerr<<"'"< '"<< hashed <<"'"<updateDNSSECOrderAndAuthAbsolute(sd.domain_id, rrs[0].qname, hashed, 1);
+ }
+ else {
+ sd.db->nullifyDNSSECOrderNameAndUpdateAuth(sd.domain_id, rrs[0].qname, 1);
+ }
+ } else {
+ sd.db->updateDNSSECOrderAndAuth(sd.domain_id, zone, rrs[0].qname, 1);
+ }
+ }
+
+ sd.db->commitTransaction();
+
cout<<"SOA serial for zone "<
+#include "sstuff.hh"
+#include "dnswriter.hh"
+#include "dns_random.hh"
+#include "namespaces.hh"
+#include "statbag.hh"
+#include
+#ifndef PACKAGEVERSION
+#define PACKAGEVERSION PDNS_VERSION
+#endif
+
+string g_security_message;
+
+extern StatBag S;
+
+static vector<ComboAddress> parseResolveConf()
+{
+ vector<ComboAddress> ret;
+ ifstream ifs("/etc/resolv.conf");
+ if(!ifs)
+ return ret;
+
+ string line;
+ while(std::getline(ifs, line)) {
+ boost::trim_right_if(line, is_any_of(" \r\n\x1a"));
+ boost::trim_left(line); // leading spaces, let's be nice
+
+ string::size_type tpos = line.find_first_of(";#");
+ if(tpos != string::npos)
+ line.resize(tpos);
+
+ if(boost::starts_with(line, "nameserver ") || boost::starts_with(line, "nameserver\t")) {
+ vector<string> parts;
+ stringtok(parts, line, " \t,"); // be REALLY nice
+ for(vector<string>::const_iterator iter = parts.begin()+1; iter != parts.end(); ++iter) {
+
+ try {
+ ret.push_back(ComboAddress(*iter, 53));
+ }
+ catch(...)
+ {
+ }
+ }
+ }
+
+ }
+
+ return ret;
+}
+
+int doResolve(const string& qname, uint16_t qtype, vector<DNSResourceRecord>& ret)
+{
+ vector packet;
+
+ DNSPacketWriter pw(packet, qname, qtype);
+ pw.getHeader()->id=dns_random(0xffff);
+ pw.getHeader()->rd=1;
+
+ static vector<ComboAddress> s_servers;
+ vector<ComboAddress> servers = parseResolveConf();
+ if(!servers.empty())
+ s_servers = servers; // in case we chrooted in the meantime
+
+ if(s_servers.empty())
+ L< sizeof(struct dnsheader)) {
+ struct dnsheader d;
+ memcpy(&d, reply.c_str(), sizeof(d));
+ if(d.id != pw.getHeader()->id)
+ goto retry;
+ }
+ }
+ catch(...) {
+ continue;
+ }
+ MOADNSParser mdp(reply);
+ if(mdp.d_header.rcode == RCode::ServFail)
+ continue;
+
+
+ for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {
+ if(i->first.d_place == 1 && i->first.d_type==QType::TXT) {
+ DNSResourceRecord rr;
+ rr.qname = i->first.d_label;
+ rr.qtype = QType(i->first.d_type);
+ rr.content = i->first.d_content->getZoneRepresentation();
+ rr.ttl=i->first.d_ttl;
+ ret.push_back(rr);
+ }
+ }
+
+ return mdp.d_header.rcode;
+ }
+ return RCode::ServFail;
+}
+
+void doSecPoll(bool first)
+{
+ if(::arg()["security-poll-suffix"].empty())
+ return;
+
+ struct timeval now;
+ gettimeofday(&now, 0);
+
+ string query = "auth-" PACKAGEVERSION ".security-status."+::arg()["security-poll-suffix"];
+
+ if(*query.rbegin()!='.')
+ query+='.';
+
+ boost::replace_all(query, "+", "_");
+
+ vector<DNSResourceRecord> ret;
+
+ int res=doResolve(query, QType::TXT, ret);
+
+ int security_status=0;
+
+ if(!res && !ret.empty()) {
+ string content=ret.begin()->content;
+ if(!content.empty() && content[0]=='"' && content[content.size()-1]=='"') {
+ content=content.substr(1, content.length()-2);
+ }
+
+ pair split = splitField(content, ' ');
+
+ security_status = atoi(split.first.c_str());
+ g_security_message = split.second;
+
+ }
+ else {
+ L<
+#include "namespaces.hh"
+
+void doSecPoll(bool first);
+extern std::string g_security_message;
+
+#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/tcpreceiver.cc new/pdns-3.4.1/pdns/tcpreceiver.cc
--- old/pdns-3.4.0/pdns/tcpreceiver.cc 2014-08-12 13:32:10.000000000 +0200
+++ new/pdns-3.4.1/pdns/tcpreceiver.cc 2014-10-21 13:31:14.000000000 +0200
@@ -1008,7 +1008,10 @@
sendPacket(outpacket,outsock);
return 0;
}
- if (!rfc1982LessThan(serial, sd.serial)) {
+
+ string soaedit;
+ dk.getFromMeta(target, "SOA-EDIT", soaedit);
+ if (!rfc1982LessThan(serial, calculateEditSOA(sd, soaedit))) {
TSIGRecordContent trc;
string tsigkeyname, tsigsecret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/webserver.cc new/pdns-3.4.1/pdns/webserver.cc
--- old/pdns-3.4.0/pdns/webserver.cc 2014-07-30 16:42:05.000000000 +0200
+++ new/pdns-3.4.1/pdns/webserver.cc 2014-10-30 11:18:22.000000000 +0100
@@ -48,6 +48,37 @@
}
}
+bool HttpRequest::compareAuthorization(const string &expected_password)
+{
+ // validate password
+ YaHTTP::strstr_map_t::iterator header = headers.find("authorization");
+ bool auth_ok = false;
+ if (header != headers.end() && toLower(header->second).find("basic ") == 0) {
+ string cookie = header->second.substr(6);
+
+ string plain;
+ B64Decode(cookie, plain);
+
+ vector<string> cparts;
+ stringtok(cparts, plain, ":");
+
+ // this gets rid of terminating zeros
+ auth_ok = (cparts.size()==2 && (0==strcmp(cparts[1].c_str(), expected_password.c_str())));
+ }
+ return auth_ok;
+}
+
+bool HttpRequest::compareHeader(const string &header_name, const string &expected_value)
+{
+ YaHTTP::strstr_map_t::iterator header = headers.find(header_name);
+ if (header == headers.end())
+ return false;
+
+ // this gets rid of terminating zeros
+ return (0==strcmp(header->second.c_str(), expected_value.c_str()));
+}
+
+
void HttpResponse::setBody(rapidjson::Document& document)
{
this->body = makeStringFromDocument(document);
@@ -58,19 +89,30 @@
return ::B64Decode(strInput, strOutput);
}
-static void handlerWrapper(WebServer::HandlerFunction handler, YaHTTP::Request* req, YaHTTP::Response* resp)
+static void bareHandlerWrapper(WebServer::HandlerFunction handler, YaHTTP::Request* req, YaHTTP::Response* resp)
{
// wrapper to convert from YaHTTP::* to our subclasses
handler(static_cast(req), static_cast(resp));
}
-void WebServer::registerHandler(const string& url, HandlerFunction handler)
+void WebServer::registerBareHandler(const string& url, HandlerFunction handler)
{
- YaHTTP::THandlerFunction f = boost::bind(&handlerWrapper, handler, _1, _2);
+ YaHTTP::THandlerFunction f = boost::bind(&bareHandlerWrapper, handler, _1, _2);
YaHTTP::Router::Any(url, f);
}
static void apiWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
+ const string& api_key = arg()["experimental-api-key"];
+ if (api_key.empty()) {
+ L<url.path << "\": Authentication failed, API Key missing in config" << endl;
+ throw HttpUnauthorizedException();
+ }
+ bool auth_ok = req->compareHeader("x-api-key", api_key);
+ if (!auth_ok) {
+ L<url.path << "\": Authentication by API Key failed" << endl;
+ throw HttpUnauthorizedException();
+ }
+
resp->headers["Access-Control-Allow-Origin"] = "*";
resp->headers["Content-Type"] = "application/json";
@@ -108,7 +150,25 @@
void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {
HandlerFunction f = boost::bind(&apiWrapper, handler, _1, _2);
- registerHandler(url, f);
+ registerBareHandler(url, f);
+}
+
+static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
+ const string& web_password = arg()["webserver-password"];
+ if (!web_password.empty()) {
+ bool auth_ok = req->compareAuthorization(web_password);
+ if (!auth_ok) {
+ L<url.path << "\": Web Authentication failed" << endl;
+ throw HttpUnauthorizedException();
+ }
+ }
+
+ handler(req, resp);
+}
+
+void WebServer::registerWebHandler(const string& url, HandlerFunction handler) {
+ HandlerFunction f = boost::bind(&webWrapper, handler, _1, _2);
+ registerBareHandler(url, f);
}
static void *WebServerConnectionThreadStart(void *p) {
@@ -148,28 +208,6 @@
}
}
- if (!d_password.empty()) {
- // validate password
- header = req.headers.find("authorization");
- bool auth_ok = false;
- if (header != req.headers.end() && toLower(header->second).find("basic ") == 0) {
- string cookie = header->second.substr(6);
-
- string plain;
- B64Decode(cookie, plain);
-
- vector<string> cparts;
- stringtok(cparts, plain, ":");
-
- // this gets rid of terminating zeros
- auth_ok = (cparts.size()==2 && (0==strcmp(cparts[1].c_str(), d_password.c_str())));
- }
- if (!auth_ok) {
- L< HandlerFunction;
- void registerHandler(const string& url, HandlerFunction handler);
void registerApiHandler(const string& url, HandlerFunction handler);
+ void registerWebHandler(const string& url, HandlerFunction handler);
protected:
static char B64Decode1(char cInChar);
static int B64Decode(const std::string& strInput, std::string& strOutput);
+ void registerBareHandler(const string& url, HandlerFunction handler);
virtual Server* createServer() {
return new Server(d_listenaddress, d_port);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/ws-auth.cc new/pdns-3.4.1/pdns/ws-auth.cc
--- old/pdns-3.4.0/pdns/ws-auth.cc 2014-08-12 13:32:10.000000000 +0200
+++ new/pdns-3.4.1/pdns/ws-auth.cc 2014-10-30 11:18:22.000000000 +0100
@@ -61,7 +61,7 @@
d_ws = 0;
d_tid = 0;
if(arg().mustDo("webserver")) {
- d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"),arg()["webserver-password"]);
+ d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
d_ws->bind();
}
}
@@ -1255,8 +1255,8 @@
// legacy dispatch
d_ws->registerApiHandler("/jsonstat", boost::bind(&AuthWebServer::jsonstat, this, _1, _2));
}
- d_ws->registerHandler("/style.css", boost::bind(&AuthWebServer::cssfunction, this, _1, _2));
- d_ws->registerHandler("/", boost::bind(&AuthWebServer::indexfunction, this, _1, _2));
+ d_ws->registerWebHandler("/style.css", boost::bind(&AuthWebServer::cssfunction, this, _1, _2));
+ d_ws->registerWebHandler("/", boost::bind(&AuthWebServer::indexfunction, this, _1, _2));
d_ws->go();
}
catch(...) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/ws-recursor.cc new/pdns-3.4.1/pdns/ws-recursor.cc
--- old/pdns-3.4.0/pdns/ws-recursor.cc 2014-06-24 14:22:01.000000000 +0200
+++ new/pdns-3.4.1/pdns/ws-recursor.cc 2014-10-30 11:18:22.000000000 +0100
@@ -421,7 +421,7 @@
{
RecursorControlParser rcp; // inits
- d_ws = new AsyncWebServer(fdm, arg()["experimental-webserver-address"], arg().asNum("experimental-webserver-port"), arg()["experimental-webserver-password"]);
+ d_ws = new AsyncWebServer(fdm, arg()["experimental-webserver-address"], arg().asNum("experimental-webserver-port"));
d_ws->bind();
// legacy dispatch
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns/ws-recursor.hh new/pdns-3.4.1/pdns/ws-recursor.hh
--- old/pdns-3.4.0/pdns/ws-recursor.hh 2014-03-27 12:22:04.000000000 +0100
+++ new/pdns-3.4.1/pdns/ws-recursor.hh 2014-10-21 14:34:39.000000000 +0200
@@ -45,8 +45,8 @@
class AsyncWebServer : public WebServer
{
public:
- AsyncWebServer(FDMultiplexer* fdm, const string &listenaddress, int port, const string &password="") :
- WebServer(listenaddress, port, password), d_fdm(fdm) { };
+ AsyncWebServer(FDMultiplexer* fdm, const string &listenaddress, int port) :
+ WebServer(listenaddress, port), d_fdm(fdm) { };
void go();
private:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pdns-3.4.0/pdns.spec new/pdns-3.4.1/pdns.spec
--- old/pdns-3.4.0/pdns.spec 2014-09-30 11:23:37.000000000 +0200
+++ new/pdns-3.4.1/pdns.spec 2014-10-30 11:18:22.000000000 +0100
@@ -1,6 +1,6 @@
BuildRoot: /tmp/pdns
Name: pdns-static
-Version: 3.4.0
+Version: 3.4.1
Release: 1
Summary: extremely powerful and versatile nameserver
License: GPL
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org