f



Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD

This is a multi-part message in MIME format.
--------------060707000103070208050207
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

  I've also reported this as a bind bug, but I'm posting it here as I 
think it answers the case for the BSD user in the thread entitled: Can't 
get BIND to use GSSAPI from /usr/local on FreeBSD
(Patch attached which fixes it for me)

   I've traced my problem to what looks like a mismatch of expectations
between heimdal 1.3.3 and bind 9 (BIND 9.7.1-P2)

in lib/dns/openssl_link.c, entropy_get returns the number of bytes if
successful - always equal to argument num (if successful).

entropy_get is registered as a delegate for openSSL's RAND_bytes in
dst__openssl_init.

My man page for RAND_bytes states:
RETURN VALUES
         RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
         obtained by ERR_get_error(3). RAND_pseudo_bytes() returns 1 if the
         bytes generated are cryptographically strong, 0 otherwise. Both
         functions return -1 if they are not supported by the current RAND
         method.
and entropy_get varies from that behaviour.

This causes problems with heimdal 1.3.3, in heimdal's lib/krb5/crypto.c:
3995        if (RAND_bytes(buf, len) != 1)
3996        krb5_abortx(NULL, "Failed to generate random block");

So "nsupdate -g" fails when linked with heimdal 1.3.3

It looks like bind 9 is at fault even though heimdal could be more accepting.

I don't know if there are other similar errors in other openssl_link.c


-- 
[FSF Associate Member #2325] 
<http://www.fsf.org/register_form?referrer=2325>

--------------060707000103070208050207
Content-Type: text/x-patch;
 name="001-openssl-link-num.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="001-openssl-link-num.diff"

--- src/lib/dns/openssl_link.c.o	2010-08-25 02:38:23.000000000 -0700
+++ src/lib/dns/openssl_link.c	2010-08-25 02:39:05.000000000 -0700
@@ -79,7 +79,7 @@
 	if (num < 0)
 		return (-1);
 	result = dst__entropy_getdata(buf, (unsigned int) num, ISC_FALSE);
-	return (result == ISC_R_SUCCESS ? num : -1);
+	return (result == ISC_R_SUCCESS ? 1 : -1);
 }
 
 static int
@@ -93,7 +93,7 @@
 	if (num < 0)
 		return (-1);
 	result = dst__entropy_getdata(buf, (unsigned int) num, ISC_TRUE);
-	return (result == ISC_R_SUCCESS ? num : -1);
+	return (result == ISC_R_SUCCESS ? 1 : -1);
 }
 
 static void

--------------060707000103070208050207--
0
Sam
8/25/2010 4:41:12 PM
comp.protocols.dns.bind 16245 articles. 1 followers. Post Follow

0 Replies
598 Views

Similar Articles

[PageSpeed] 28

Reply:

Similar Artilces:

Can't get BIND to use GSSAPI from /usr/local
BIND 9.7.1rc1 FreeBSD 8.1-PRERELEASE I've just stepped into the world of nsupdate (instead of doing the freeze/edit/thaw dance). I have had success using TSIG (nsupdate -k) but I would like to use TKEY-GSS (nsupdate -g). When I try to do that, nsupdate dumps core. $ /usr/bin/nsupdate -g -d > prereq nxdomain rwpc12.mby.riverwillow.net.au. > Reply from SOA query: --------< snip >-------- Found zone name: mby.riverwillow.net.au The master is: ns1.mby.riverwillow.net.au start_gssrequest nsupdate: Failed to generate random block Abort tra...

I can't get my BIND DNS to answer remote queries
Hello, I have a machine running BIND 9. I've configured a zone on the server and I in fact can do queries at this local machine (using dig). But when I do the same (dig) query from a remote machine in the same network, I get ";; connection timed out; no servers could be reached". Here are my zone file: $TTL 12345 vas.lab. IN SOA server.vas.lab. teste.vas.lab. ( 1 ; Serial 12345 ; Refresh 12345 ; Retry 12345 ; Expire 12345 ) ; Negative cachi...

Can't use my //e because I can't get any software for it
Here's my problem. I have an Apple //e, but I have absolutely no software for it. I have an older Mac. All of the images I have found are 5.25" and I can't write those back to the floppy using the Mac (or a PC for that matter). I don't have a null modem, but that doesn't matter because I don't have any comm software. Basically I have no way to get anything onto a bootable floppy. Now, if I could find a bootable image of a 3.5" disk I would be in business, but everything is in 5.25" format. Would an emaulator be able to create a bootable 3.5" di...

if lisp can add any feature, then why doesn't it get used? I don't get it..
I really don't and for some odd reason I have this fascination with forth lisp smalltalk io haskell aggghhh!! On 2008-09-06 11:46:32 +0100, gavino <gavcomedy@gmail.com> said: > I really don't > > and for some odd reason I have this fascination with forth lisp > smalltalk io haskell > > aggghhh!! Isn't the answer *precisely* in your asking the question? Lisp is not used by "people who don't get it". Not because those that do are any smarter or born geniuses, but surely *because* they decided to put in *the effort* to learn and see "...

Re: [ntp:questions] Re: can't bind socket 10048
----- Original Message Follows ----- > In article <4282568d$0$10507$9b4e6d93@newsread4.arcor-online.net>, > hans@msn.de wrote: > > > I wanted to use the WINSNTP ver.15f to synchronise with a time > server. > > > The reference implementation is free of charge, although you are > expected to support yourself. > > (I don't know if the 10048 is a socket number, in which case you > probably don't have a clash with W32Time, or a error number.) That's a WSA socket error number. The error means that the address is in use. It means something...

squid can't start, can't bind to port
I have a CentOS 5.2 server that for several weeks has been running squid on port 9765 with no problem (only accepting requests from certain external IPs). Some time yesterday it stopped working, and attempts to start squid now say only: [root@hostname28043 squid]# service squid start Starting squid: .................... [FAILED] The last lines of the cache.log file (whose dates correspond to the last time I attempted to start squid) say: 2009/02/10 03:48:20| Starting Squid Cache version 2.6.STABLE6 for i686- redhat-li nux-gnu... 2009/02/10 03:48:20| Process ID 3306 20...

Why can't I define vars in caller's binding using eval?
In other words, why can't I do this? def f(b) eval("x = 10", b) end f(binding) puts "x = #{x}" Is there any way to make that code work (besides obviously setting x to something before calling f). Thanks. Christopher J. Bottaro wrote: > In other words, why can't I do this? > > def f(b) > eval("x = 10", b) > end > > f(binding) > puts "x = #{x}" > > Is there any way to make that code work (besides obviously setting x > to something before calling f). > > Thanks. Worked for me. Dios:~ andrewmitch...

Can't get patches via smpatch, update manager, web, or wget; can't re-register with sconadm or update manager
I have a Sun software support contract. Since the new My Oracle thing went alive, I've been unable to update via smpatch or the update manager--voluminous Java error messages in / var/adm/messages include: Jan 23 16:33:41 osprey root: [ID 702911 user.error] => com.sun.patchpro.util.CachingDownloader@16c79d7 <=Downloader.getResponseCode() : IOExceptionNo route to host Other messages seem to suggest failure to use a proxy server (I have no proxy server here), although my network is behind a Solaris 10 'ipfilter' firewall that nat's the internal hosts. I&#...

Re: [ntp:questions] Re: WWV audio driver, FreeBSD, Can't seem to get it going
Roger, if you can file a bug report with bugzilla and attach your changes we can ask Dave to look at it and integrate it with the code base. It sounds like you did an excellent job of fixing things. Danny ----- Original Message Follows ----- > Hi all. > > I haven't done an update in a week or two, so thought I would update > everyone on whats going on. > > I bought an SB card, but the snd_driver load didn't even see it, so > I put the 'white box' special back in. After restarting, I saw lots > more action. Started getting wwv3 and 4 messages, but i...

Re: [ntp:questions] Re: WWV audio driver, FreeBSD, Can't seem to get it going #3
Dave, I think that there is little disagreement over this. Discussions on parameters and algorithms probably belong more in hackers rather than here but it doesn't matter a great deal. We recommend that people put the suggested changes in bugzilla so there's one place to go and it's easy to find, but all such issues need to go to you so you can review them and decide on the best course of action. Not all fixes that people recommend can be used under all circumstances so they always need careful review. Danny ----- Original Message Follows ----- > Harlan, > > We do indee...

Re: [ntp:questions] Re: WWV audio driver, FreeBSD, Can't seem to get it going #2
----- Original Message Follows ----- > Danny, et al, > > There is a good deal of electrical engineering theory and practice in > the WWV/H and CHU and IRIG audio drivers. In fact, I use those drivers > as examples of optimum demodulation/decoding in my course on > digital/analog communications engineering. I have no problem should > somebody send a bug report to bugzilla, but the only person to fix > problems with the audio drivers will be me. As I don't read bugzilla > reports directly, the best course is to send reports about the audio > drivers direc...

bind Bind or BIND?
When talk to others, I never describe it clearly for naming bind. is it "bind" or "Bind" or "BIND"? is bind an abbreviation word? Thanks. ...

Can't get past 'use strict' :(
Here I go again: the following code: while(my $line = <DIRLIST>) { my $dir_list[$i] = $line; chomp($dir_list[$i]); $i++; } produces this error: syntax error at ./backup.pl line 24, near "$dir_list[" when i use "use strict". I read Programming Perl's chapter on strict, but I can't get this thing working :(. -- _______ Karlo Lozovina - Mosor | | |.-----.-----. | || _ | _ | Na osami blizu mora, dok se sunce zemlji smije |__|_|__||_____|_____| Balun gledat, ...

Re: Tk::Error: can't bind a reference
>-Mike Wrote >When I enter an id in the Entry widget and click on the button, I get the >following error message: you need to use -textvariable my $ent = $right->Entry(-width=>8,-background=>'white', -textvariable => \my $string)->pack(-side=>'left'); my $go = $right->Button(-text=>'Get Data',-command=>sub{compute($string)})->pack(-side=>'top'); ...

Web resources about - Re: Can't get BIND to use GSSAPI from /usr/local on FreeBSD - comp.protocols.dns.bind

Resources last updated: 2/9/2016 10:48:16 AM