interlegis · edwardoliveira · May 18, 2015
diff --git a/ChangeLog b/ChangeLog
@@ -1,11 +1,18 @@
 DNSSHIM: NIC.br's DNS Secure Hidden Master
 
-version 2.2.2
-	* Fix to allow AXFR responses bigger than 32767 bytes
+version 2.5
+	* big zones (+64k) transfers fixed 
 
-version 2.2.1
-	* Fix for list-zones and change-password
-	* Added hook to capture a shutdown signal from the Operating System
+version 2.4
+    * NSD support
+    * New config parameter: minimun_soa_refresh
+    * New config parameter: minimun_soa_expire
+    * Include SOA RR as a hint in notify messages
+    Bug Fixes:
+    * Fixed command for changing user password
+
+version 2.3
+	* Memory leak fixed
 
 version 2.2
 	* TLS certificate import fix

diff --git a/build.xml b/build.xml
@@ -22,12 +22,7 @@
 		<copy todir="${build}" >
 		    <fileset dir="${src}">
 		    	<include name="**/resources/**" />
-		    </fileset>
-		</copy>
-	    <copy todir="${build}/META-INF">
-			<fileset dir="${src}/META-INF">
-				<include name="*" />
-			</fileset>
+		    </fileset>	
 		</copy>
 	</target>
 
@@ -40,7 +35,8 @@
 		<!--  signer -->
 		<jar jarfile="${dist}/dnsshim-signer.jar">
 			<fileset dir="${build}/" excludes="**/xfrd/" />
-		    <manifest>
+
+			<manifest>
 				<attribute name="Main-Class"
 					value="br/registro/dnsshim/signer/server/SignerServer" />
 				<attribute name="Class-Path" value="${manifest-classpath-signer} ." /> <!-- class-path  + current directory -->
@@ -64,9 +60,9 @@
 			</fileset>
 		</copy>
 
-		<copy file="scripts/SlaveSync.sh" todir="${dist}/"/>
+		<copy file="scripts/BindSync.sh" todir="${dist}/"/>
+		<copy file="scripts/NSDSync.sh" todir="${dist}/"/>
 		<copy file="scripts/CreateZoneDirs.sh" todir="${dist}/"/>
-		<copy file="ChangeLog" todir="${dist}/"/>
 
 	</target>
 
@@ -83,7 +79,9 @@
 		<map from="${lib.app.dir}" to="lib" /> <!-- to relative path -->
 		<path id="class.path">
 			<fileset dir="lib">
-				<include name="**/*.jar" />
+				<!-- <include name="**/*.jar" /> -->
+				<include name="*log4j*" />
+				<include name="*commons-codec*" />
 			</fileset>
 		</path>
 	</pathconvert>
@@ -93,7 +91,8 @@
 		<map from="${lib.app.dir}" to="lib" /> <!-- to relative path -->
 		<path id="class.path">
 			<fileset dir="lib">
-				<include name="**/*.jar" />
+				<include name="*log4j*" />
+				<include name="*commons-codec*" />
 			</fileset>
 		</path>
 	</pathconvert>

diff --git a/lib/commons-validator-1.4.0.jar b/lib/commons-validator-1.4.0.jar
diff --git a/scripts/BindSync.sh b/scripts/BindSync.sh
@@ -0,0 +1,106 @@
+#!/bin/sh
+# Copyright (C) 2009 Registro.br. All rights reserved. 
+# 
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions are 
+# met:
+# 1. Redistribution of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY REGISTRO.BR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIE OF FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL REGISTRO.BR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+# DAMAGE.
+
+
+added=0
+removed=0
+ERRCOUNTER=0
+rndcExists=0
+
+rndcPath="/usr/bin/rndc"
+rndcPort="953"
+
+if [ -n "$1" -a -n "$2" -a -n "$3" -a -n "$4" ]
+	then
+	addedZones=$1
+	removedZones=$2
+	serverIp=$3
+	timestamp=$4
+
+	if [ -x "$rndcPath" ]
+		then
+		rndcExists=1
+	fi
+
+	filename="${addedZones}${timestamp}"
+    # Make sure file exists and is not empty
+    if [ -s $filename ]
+    	then
+    	while read LINE
+    	do
+    		if [ $rndcExists -eq 1 ]
+    			then
+    			err=`eval $rndcPath -s $serverIp -p $rndcPort addzone $LINE 2>&1`
+    			if [ $? -eq 0 ]
+    				then
+    				added=`expr $added + 1`
+    			else
+    				echo $err | grep "already exists"
+    				if [ $? -eq 1 ]
+    					then
+    					zone=`echo $LINE | awk '{ print $1 }'`
+    					echo $zone >> ${addedZones}.err
+    				fi
+    				ERRCOUNTER=`expr $ERRCOUNTER + 1`
+    			fi
+    		else
+    			zone=`echo $LINE | awk '{ print $1 }'`
+    			echo $zone >> ${addedZones}.err
+    			ERRCOUNTER=`expr $ERRCOUNTER + 1`
+    		fi
+    	done < $filename
+    fi
+
+    filename="${removedZones}${timestamp}"
+    if [ -s $filename ]
+    	then
+    	while read LINE
+    	do
+    		if [ $rndcExists -eq 1 ]
+    			then
+    			err=`eval $rndcPath -s $serverIp -p $rndcPort delzone $LINE 2>&1`
+    			if [ $? -eq 0 ]
+    				then
+    				removed=`expr $removed + 1`
+    			else
+    				echo $err | grep "not found"
+    				if [ $? -eq 1 ]
+    					then
+    					echo $LINE >> ${removedZones}.err
+    				fi
+    				ERRCOUNTER=`expr $ERRCOUNTER + 1`
+
+    			fi
+    		else
+    			echo $LINE >> ${removedZones}.err
+    			ERRCOUNTER=`expr $ERRCOUNTER + 1`
+    		fi
+    	done < $filename
+    fi
+
+    echo "SlaveSync $serverIp finished"
+    echo "Added: $added"
+    echo "Removed: $removed"
+    echo "Errors: $ERRCOUNTER"
+fi
diff --git a/scripts/NSDSync.sh b/scripts/NSDSync.sh
@@ -0,0 +1,106 @@
+#!/bin/sh
+# Copyright (C) 2009 Registro.br. All rights reserved. 
+# 
+# Redistribution and use in source and binary forms, with or without 
+# modification, are permitted provided that the following conditions are 
+# met:
+# 1. Redistribution of source code must retain the above copyright 
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY REGISTRO.BR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIE OF FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL REGISTRO.BR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
+# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+# DAMAGE.
+
+
+added=0
+removed=0
+ERRCOUNTER=0
+nsdControlExists=0
+
+nsdControlPath="/home/mauro/nsd/sbin/nsd-control"
+nsdControlPort="8952"
+
+if [ -n "$1" -a -n "$2" -a -n "$3" -a -n "$4" ]
+	then
+	addedZones=$1
+	removedZones=$2
+	serverIp=$3
+	timestamp=$4
+
+	if [ -x "$nsdControlPath" ]
+		then
+		nsdControlExists=1
+	fi
+
+	filename="${addedZones}${timestamp}"
+    # Make sure file exists and is not empty
+    if [ -s $filename ]
+    	then
+    	while read LINE
+    	do
+    		if [ $nsdControlExists -eq 1 ]
+    			then
+    			err=`eval $nsdControlPath -s $serverIp addzone $LINE 2>&1`
+    			if [ $? -eq 0 ]
+    				then
+    				added=`expr $added + 1`
+    			else
+                    zone=`echo $LINE | awk '{ print $1 }'`
+                    # checking if we could not add because the zone already exists
+                    err=`eval $nsdControlPath -s $serverIp zonestatus $zone 2>&1`
+                    if [ $? -eq 1 ]
+                        then
+                        echo $zone >> ${addedZones}.err
+                    fi
+                    ERRCOUNTER=`expr $ERRCOUNTER + 1`
+    			fi
+    		else
+    			echo $LINE >> ${addedZones}.err
+    			ERRCOUNTER=`expr $ERRCOUNTER + 1`
+    		fi
+    	done < $filename
+    fi
+
+    filename="${removedZones}${timestamp}"
+    if [ -s $filename ]
+    	then
+    	while read LINE
+    	do
+    		if [ $nsdControlExists -eq 1 ]
+    			then
+    			err=`eval $nsdControlPath -s $serverIp delzone $LINE 2>&1`
+    			if [ $? -eq 0 ]
+    				then
+    				removed=`expr $removed + 1`
+    			else
+    				echo $err | grep "not present"
+    				if [ $? -eq 1 ]
+    					then
+    					echo $LINE >> ${removedZones}.err
+    				fi
+    				ERRCOUNTER=`expr $ERRCOUNTER + 1`
+
+    			fi
+    		else
+    			echo $LINE >> ${removedZones}.err
+    			ERRCOUNTER=`expr $ERRCOUNTER + 1`
+    		fi
+    	done < $filename
+    fi
+
+    echo "SlaveSync $serverIp finished"
+    echo "Added: $added"
+    echo "Removed: $removed"
+    echo "Errors: $ERRCOUNTER"
+fi
diff --git a/src/br/registro/dnsshim/domain/A.java b/src/br/registro/dnsshim/domain/A.java
@@ -28,6 +28,8 @@
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 
+import org.apache.commons.validator.routines.InetAddressValidator;
+
 import br.registro.dnsshim.common.server.DnsshimProtocolException;
 import br.registro.dnsshim.common.server.ProtocolStatusCode;
 import br.registro.dnsshim.util.ByteUtil;
@@ -39,6 +41,9 @@ public A(String ownername, DnsClass dnsClass, int ttl, String ip)
 		throws DnsshimProtocolException {
 		super(ownername, RrType.A, dnsClass, ttl);
 		try {
+			if (InetAddressValidator.getInstance().isValid(ip) == false) {
+				throw new DnsshimProtocolException(ProtocolStatusCode.INVALID_RESOURCE_RECORD, "Invalid IPv4 address: " + ip);
+			}
 			this.addr = (Inet4Address) InetAddress.getByName(ip);
 		} catch (UnknownHostException uhe) {
 			throw new DnsshimProtocolException(ProtocolStatusCode.INVALID_RESOURCE_RECORD, "Invalid IPv4 address: " + ip);

diff --git a/src/br/registro/dnsshim/domain/Aaaa.java b/src/br/registro/dnsshim/domain/Aaaa.java
@@ -28,6 +28,8 @@
 import java.net.UnknownHostException;
 import java.nio.ByteBuffer;
 
+import org.apache.commons.validator.routines.InetAddressValidator;
+
 import br.registro.dnsshim.common.server.DnsshimProtocolException;
 import br.registro.dnsshim.common.server.ProtocolStatusCode;
 import br.registro.dnsshim.util.ByteUtil;
@@ -39,6 +41,16 @@ public Aaaa(String ownername, DnsClass dnsClass, int ttl, String ipv6)
 		throws DnsshimProtocolException {
 		super(ownername, RrType.AAAA, dnsClass, ttl);
 		try {
+			// is a IPv4 ?
+		    if (InetAddressValidator.getInstance().isValid(ipv6)){
+		    	throw new DnsshimProtocolException(ProtocolStatusCode.INVALID_RESOURCE_RECORD, "Invalid IPv6 address: " + ipv6);
+		    }
+		    InetAddress inet = InetAddress.getByName(ipv6);
+
+		    if ((inet instanceof Inet6Address) == false) {
+		    	throw new DnsshimProtocolException(ProtocolStatusCode.INVALID_RESOURCE_RECORD, "Invalid IPv6 address: " + ipv6);
+		    }
+
 			this.addr = (Inet6Address) InetAddress.getByName(ipv6);
 		} catch (UnknownHostException uhe) {
 			throw new DnsshimProtocolException(ProtocolStatusCode.INVALID_RESOURCE_RECORD, "Invalid IPv6 address: " + ipv6);

diff --git a/src/br/registro/dnsshim/domain/Rrset.java b/src/br/registro/dnsshim/domain/Rrset.java
@@ -47,18 +47,6 @@ public Rrset(String ownername, RrType type, DnsClass dnsClass) {
 		this.dnsClass = dnsClass;
 	}
 
-	public Rrset(Rrset rrset) {
-		if (rrset == null) {
-			throw new IllegalArgumentException();
-		}
-
-		this.ownername = rrset.ownername;
-		this.type = rrset.type;
-		this.dnsClass = rrset.dnsClass;
-
-		records = new TreeSet<ResourceRecord>(rrset.records);
-	}
-
 	public String getOwnername() {
 		return ownername;
 	}

diff --git a/src/br/registro/dnsshim/domain/Soa.java b/src/br/registro/dnsshim/domain/Soa.java
@@ -31,6 +31,8 @@
 import br.registro.dnsshim.common.server.DnsshimProtocolException;
 import br.registro.dnsshim.common.server.ProtocolStatusCode;
 import br.registro.dnsshim.util.DomainNameUtil;
+import br.registro.dnsshim.xfrd.domain.XfrdConfig;
+import br.registro.dnsshim.xfrd.domain.logic.XfrdConfigManager;
 
 public class Soa extends ResourceRecord {
 
@@ -49,12 +51,27 @@ public Soa(String ownername, DnsClass dnsClass, int ttl,
 		this.mname = mname.toLowerCase();
 		this.rname = rname.toLowerCase();
 		this.serial = serial;
-		this.refresh = refresh;
+
+		// Refresh minimum
+		XfrdConfig config = XfrdConfigManager.getInstance();
+		if (refresh < config.getMinimumSOARefresh()) {
+			this.refresh = config.getMinimumSOARefresh();		
+		} else {
+			this.refresh = refresh;
+		}
+
 		this.retry = retry;
-		this.expire = expire;
+
+		// Expire minimum
+		if (expire < config.getMinimumSOAExpire()) {
+			this.expire = config.getMinimumSOAExpire();
+		} else {
+			this.expire = expire;
+		}
+
 		this.minimum = minimum;
 		this.rdata = RdataSoaBuilder.get(this.mname,	this.rname,
-				serial, refresh, retry, expire, minimum);
+				this.serial, this.refresh, this.retry, this.expire, this.minimum);
 	}