static void rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) { stats_dumparg_t *dumparg = arg; FILE *fp; char typebuf[64]; const char *typestr; isc_boolean_t nxrrset = ISC_FALSE; #ifdef HAVE_LIBXML2 xmlTextWriterPtr writer; #endif if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) != 0) { typestr = "NXDOMAIN"; } else if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) != 0) { typestr = "Others"; } else { dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf, sizeof(typebuf)); typestr = typebuf; } if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXRRSET) != 0) nxrrset = ISC_TRUE; switch (dumparg->type) { case statsformat_file: fp = dumparg->arg; fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s%s\n", val, nxrrset ? "!" : "", typestr); break; case statsformat_xml: #ifdef HAVE_LIBXML2 writer = dumparg->arg; xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset"); xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"); xmlTextWriterWriteFormatString(writer, "%s%s", nxrrset ? "!" : "", typestr); xmlTextWriterEndElement(writer); /* name */ xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"); xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", val); xmlTextWriterEndElement(writer); /* counter */ xmlTextWriterEndElement(writer); /* rrset */ #endif break; } }
static void rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) { char typebuf[64]; const char *typestr; stats_dumparg_t *dumparg = arg; FILE *fp; #ifdef HAVE_LIBXML2 xmlTextWriterPtr writer; int xmlrc; #endif if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) == 0) { dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf, sizeof(typebuf)); typestr = typebuf; } else typestr = "Others"; switch (dumparg->type) { case statsformat_file: fp = dumparg->arg; fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, typestr); break; case statsformat_xml: #ifdef HAVE_LIBXML2 writer = dumparg->arg; TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype")); TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name")); TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr)); TRY0(xmlTextWriterEndElement(writer)); /* name */ TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter")); TRY0(xmlTextWriterWriteFormatString(writer, "%" ISC_PRINT_QUADFORMAT "u", val)); TRY0(xmlTextWriterEndElement(writer)); /* counter */ TRY0(xmlTextWriterEndElement(writer)); /* rdtype */ #endif break; } return; #ifdef HAVE_LIBXML2 error: dumparg->result = ISC_R_FAILURE; return; #endif }
void dns_badcache_print(dns_badcache_t *bc, const char *cachename, FILE *fp) { char namebuf[DNS_NAME_FORMATSIZE]; char typebuf[DNS_RDATATYPE_FORMATSIZE]; dns_bcentry_t *bad, *next, *prev; isc_time_t now; unsigned int i; isc_uint64_t t; REQUIRE(VALID_BADCACHE(bc)); REQUIRE(cachename != NULL); REQUIRE(fp != NULL); LOCK(&bc->lock); fprintf(fp, ";\n; %s\n;\n", cachename); TIME_NOW(&now); for (i = 0; bc->count > 0 && i < bc->size; i++) { prev = NULL; for (bad = bc->table[i]; bad != NULL; bad = next) { next = bad->next; if (isc_time_compare(&bad->expire, &now) < 0) { if (prev != NULL) prev->next = bad->next; else bc->table[i] = bad->next; isc_mem_put(bc->mctx, bad, sizeof(*bad) + bad->name.length); bc->count--; continue; } prev = bad; dns_name_format(&bad->name, namebuf, sizeof(namebuf)); dns_rdatatype_format(bad->type, typebuf, sizeof(typebuf)); t = isc_time_microdiff(&bad->expire, &now); t /= 1000; fprintf(fp, "; %s/%s [ttl " "%" ISC_PLATFORM_QUADFORMAT "u]\n", namebuf, typebuf, t); } } UNLOCK(&bc->lock); }
/** * Convert DNS rdata type to LDAP attribute name. * * @param[in] rdtype * @param[out] target Output buffer with \0 terminated attribute name. * @param[in] size Target size. * @param[in] unknown ISC_TRUE = use generic syntax "UnknownRecord;TYPE65333", * ISC_FALSE = use type-specific mnemonic like "ARecord" */ isc_result_t rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target, unsigned int size, isc_boolean_t unknown) { isc_result_t result; char rdtype_str[DNS_RDATATYPE_FORMATSIZE]; if (unknown) { /* "UnknownRecord;TYPE65333" */ CHECK(isc_string_copy(target, size, LDAP_RDATATYPE_UNKNOWN_PREFIX)); snprintf(rdtype_str, sizeof(rdtype_str), "TYPE%u", rdtype); CHECK(isc_string_append(target, size, rdtype_str)); } else { /* "ARecord" */ dns_rdatatype_format(rdtype, rdtype_str, DNS_RDATATYPE_FORMATSIZE); CHECK(isc_string_copy(target, size, rdtype_str)); CHECK(isc_string_append(target, size, LDAP_RDATATYPE_SUFFIX)); } cleanup: return result; }
static void report(dns_view_t *view, dns_name_t *name, isc_boolean_t missing, dns_rdata_t *rdata) { const char *viewname = "", *sep = ""; char namebuf[DNS_NAME_FORMATSIZE]; char typebuf[DNS_RDATATYPE_FORMATSIZE]; char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")]; isc_buffer_t buffer; isc_result_t result; if (strcmp(view->name, "_bind") != 0 && strcmp(view->name, "_default") != 0) { viewname = view->name; sep = ": view "; } dns_name_format(name, namebuf, sizeof(namebuf)); dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf)); isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1); result = dns_rdata_totext(rdata, NULL, &buffer); RUNTIME_CHECK(result == ISC_R_SUCCESS); databuf[isc_buffer_usedlength(&buffer)] = '\0'; if (missing) isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, "checkhints%s%s: %s/%s (%s) missing from hints", sep, viewname, namebuf, typebuf, databuf); else isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, "checkhints%s%s: %s/%s (%s) extra record " "in hints", sep, viewname, namebuf, typebuf, databuf); }
int main(int argc, char *argv[]) { isc_token_t token; isc_result_t result; int c; unsigned int options = 0; dns_rdatatype_t rdtype; dns_rdataclass_t rdclass; char text[256*1024]; char data[64*1024]; isc_buffer_t tbuf; isc_buffer_t dbuf; dns_rdata_t rdata = DNS_RDATA_INIT; isc_boolean_t doexit = ISC_FALSE; isc_boolean_t once = ISC_FALSE; isc_boolean_t print = ISC_FALSE; isc_boolean_t unknown = ISC_FALSE; unsigned int t; char *origin = NULL; dns_fixedname_t fixed; dns_name_t *name = NULL; while ((c = isc_commandline_parse(argc, argv, "ho:puCPT")) != -1) { switch (c) { case 'o': origin = isc_commandline_argument; break; case 'p': print = ISC_TRUE; break; case 'u': unknown = ISC_TRUE; break; case 'C': for (t = 1; t <= 0xfeffu; t++) { if (dns_rdataclass_ismeta(t)) continue; dns_rdataclass_format(t, text, sizeof(text)); if (strncmp(text, "CLASS", 4) != 0) fprintf(stdout, "%s\n", text); } exit(0); case 'P': for (t = 0xff00; t <= 0xfffeu; t++) { if (dns_rdatatype_ismeta(t)) continue; dns_rdatatype_format(t, text, sizeof(text)); if (strncmp(text, "TYPE", 4) != 0) fprintf(stdout, "%s\n", text); } doexit = ISC_TRUE; break; case 'T': for (t = 1; t <= 0xfeffu; t++) { if (dns_rdatatype_ismeta(t)) continue; dns_rdatatype_format(t, text, sizeof(text)); if (strncmp(text, "TYPE", 4) != 0) fprintf(stdout, "%s\n", text); } doexit = ISC_TRUE; break; case '?': case 'h': /* Does not return. */ usage(); default: fprintf(stderr, "%s: unhandled option -%c\n", argv[0], isc_commandline_option); exit(1); } } if (doexit) exit(0); RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); RUNTIME_CHECK(isc_lex_create(mctx, 256, &lex) == ISC_R_SUCCESS); /* * Set up to lex DNS master file. */ specials['('] = 1; specials[')'] = 1; specials['"'] = 1; isc_lex_setspecials(lex, specials); options = ISC_LEXOPT_EOL; isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); RUNTIME_CHECK(isc_lex_openstream(lex, stdin) == ISC_R_SUCCESS); if (origin != NULL) { dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); result = dns_name_fromstring(name, origin, 0, NULL); if (result != ISC_R_SUCCESS) { fatal("dns_name_fromstring: %s", dns_result_totext(result)); } } while ((result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER, &token)) == ISC_R_SUCCESS) { if (token.type == isc_tokentype_eof) break; if (token.type == isc_tokentype_eol) continue; if (once) { fatal("extra data"); } /* * Get class. */ if (token.type == isc_tokentype_number) { rdclass = (dns_rdataclass_t) token.value.as_ulong; if (token.value.as_ulong > 0xffffu) { fatal("class value too big %lu", token.value.as_ulong); } if (dns_rdataclass_ismeta(rdclass)) { fatal("class %lu is a meta value", token.value.as_ulong); } } else if (token.type == isc_tokentype_string) { result = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion); if (result != ISC_R_SUCCESS) { fatal("dns_rdataclass_fromtext: %s", dns_result_totext(result)); } if (dns_rdataclass_ismeta(rdclass)) { fatal("class %.*s(%d) is a meta value", (int)token.value.as_textregion.length, token.value.as_textregion.base, rdclass); } } else { fatal("unexpected token %u", token.type); } result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER, &token); if (result != ISC_R_SUCCESS) break; if (token.type == isc_tokentype_eol) continue; if (token.type == isc_tokentype_eof) break; /* * Get type. */ if (token.type == isc_tokentype_number) { rdtype = (dns_rdatatype_t) token.value.as_ulong; if (token.value.as_ulong > 0xffffu) { fatal("type value too big %lu", token.value.as_ulong); } if (dns_rdatatype_ismeta(rdtype)) { fatal("type %lu is a meta value", token.value.as_ulong); } } else if (token.type == isc_tokentype_string) { result = dns_rdatatype_fromtext(&rdtype, &token.value.as_textregion); if (result != ISC_R_SUCCESS) { fatal("dns_rdatatype_fromtext: %s", dns_result_totext(result)); } if (dns_rdatatype_ismeta(rdtype)) { fatal("type %.*s(%d) is a meta value", (int)token.value.as_textregion.length, token.value.as_textregion.base, rdtype); } } else { fatal("unexpected token %u", token.type); } isc_buffer_init(&dbuf, data, sizeof(data)); result = dns_rdata_fromtext(&rdata, rdclass, rdtype, lex, name, 0, mctx, &dbuf, NULL); if (result != ISC_R_SUCCESS) { fatal("dns_rdata_fromtext: %s", dns_result_totext(result)); } once = ISC_TRUE; } if (result != ISC_R_EOF) { fatal("eof not found"); } if (!once) { fatal("no records found"); } if (print) { isc_buffer_init(&tbuf, text, sizeof(text)); result = dns_rdataclass_totext(rdclass, &tbuf); if (result != ISC_R_SUCCESS) { fatal("dns_rdataclass_totext: %s", dns_result_totext(result)); } isc_buffer_putstr(&tbuf, "\t"); result = dns_rdatatype_totext(rdtype, &tbuf); if (result != ISC_R_SUCCESS) { fatal("dns_rdatatype_totext: %s", dns_result_totext(result)); } isc_buffer_putstr(&tbuf, "\t"); result = dns_rdata_totext(&rdata, NULL, &tbuf); if (result != ISC_R_SUCCESS) { fatal("dns_rdata_totext: %s", dns_result_totext(result)); } printf("%.*s\n", (int)tbuf.used, (char*)tbuf.base); fflush(stdout); } if (unknown) { isc_buffer_init(&tbuf, text, sizeof(text)); result = dns_rdataclass_tounknowntext(rdclass, &tbuf); if (result != ISC_R_SUCCESS) { fatal("dns_rdataclass_tounknowntext: %s", dns_result_totext(result)); } isc_buffer_putstr(&tbuf, "\t"); result = dns_rdatatype_tounknowntext(rdtype, &tbuf); if (result != ISC_R_SUCCESS) { fatal("dns_rdatatype_tounknowntext: %s", dns_result_totext(result)); } isc_buffer_putstr(&tbuf, "\t"); result = dns_rdata_tofmttext(&rdata, NULL, DNS_STYLEFLAG_UNKNOWNFORMAT, 0, 0, "", &tbuf); if (result != ISC_R_SUCCESS) { fatal("dns_rdata_tofmttext: %sn", dns_result_totext(result)); } printf("%.*s\n", (int)tbuf.used, (char*)tbuf.base); fflush(stdout); } isc_lex_close(lex); isc_lex_destroy(&lex); isc_mem_destroy(&mctx); return (0); }
static isc_result_t diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, isc_boolean_t warn) { dns_difftuple_t *t; dns_dbnode_t *node = NULL; isc_result_t result; char namebuf[DNS_NAME_FORMATSIZE]; char typebuf[DNS_RDATATYPE_FORMATSIZE]; char classbuf[DNS_RDATACLASS_FORMATSIZE]; REQUIRE(DNS_DIFF_VALID(diff)); REQUIRE(DNS_DB_VALID(db)); t = ISC_LIST_HEAD(diff->tuples); while (t != NULL) { dns_name_t *name; INSIST(node == NULL); name = &t->name; /* * Find the node. * We create the node if it does not exist. * This will cause an empty node to be created if the diff * contains a deletion of an RR at a nonexistent name, * but such diffs should never be created in the first * place. */ while (t != NULL && dns_name_equal(&t->name, name)) { dns_rdatatype_t type, covers; dns_diffop_t op; dns_rdatalist_t rdl; dns_rdataset_t rds; dns_rdataset_t ardataset; dns_rdataset_t *modified = NULL; op = t->op; type = t->rdata.type; covers = rdata_covers(&t->rdata); /* * Collect a contiguous set of updates with * the same operation (add/delete) and RR type * into a single rdatalist so that the * database rrset merging/subtraction code * can work more efficiently than if each * RR were merged into / subtracted from * the database separately. * * This is done by linking rdata structures from the * diff into "rdatalist". This uses the rdata link * field, not the diff link field, so the structure * of the diff itself is not affected. */ dns_rdatalist_init(&rdl); rdl.type = type; rdl.covers = covers; rdl.rdclass = t->rdata.rdclass; rdl.ttl = t->ttl; node = NULL; if (type != dns_rdatatype_nsec3 && covers != dns_rdatatype_nsec3) CHECK(dns_db_findnode(db, name, ISC_TRUE, &node)); else CHECK(dns_db_findnsec3node(db, name, ISC_TRUE, &node)); while (t != NULL && dns_name_equal(&t->name, name) && t->op == op && t->rdata.type == type && rdata_covers(&t->rdata) == covers) { dns_name_format(name, namebuf, sizeof(namebuf)); dns_rdatatype_format(t->rdata.type, typebuf, sizeof(typebuf)); dns_rdataclass_format(t->rdata.rdclass, classbuf, sizeof(classbuf)); if (t->ttl != rdl.ttl && warn) isc_log_write(DIFF_COMMON_LOGARGS, ISC_LOG_WARNING, "'%s/%s/%s': TTL differs in " "rdataset, adjusting " "%lu -> %lu", namebuf, typebuf, classbuf, (unsigned long) t->ttl, (unsigned long) rdl.ttl); ISC_LIST_APPEND(rdl.rdata, &t->rdata, link); t = ISC_LIST_NEXT(t, link); } /* * Convert the rdatalist into a rdataset. */ dns_rdataset_init(&rds); CHECK(dns_rdatalist_tordataset(&rdl, &rds)); if (rds.type == dns_rdatatype_rrsig) switch (op) { case DNS_DIFFOP_ADDRESIGN: case DNS_DIFFOP_DELRESIGN: modified = &ardataset; dns_rdataset_init(modified); break; default: break; } rds.trust = dns_trust_ultimate; /* * Merge the rdataset into the database. */ switch (op) { case DNS_DIFFOP_ADD: case DNS_DIFFOP_ADDRESIGN: result = dns_db_addrdataset(db, node, ver, 0, &rds, DNS_DBADD_MERGE| DNS_DBADD_EXACT| DNS_DBADD_EXACTTTL, modified); break; case DNS_DIFFOP_DEL: case DNS_DIFFOP_DELRESIGN: result = dns_db_subtractrdataset(db, node, ver, &rds, DNS_DBSUB_EXACT, modified); break; default: INSIST(0); } if (result == ISC_R_SUCCESS) { if (modified != NULL) { isc_stdtime_t resign; resign = setresign(modified); dns_db_setsigningtime(db, modified, resign); } } else if (result == DNS_R_UNCHANGED) { /* * This will not happen when executing a * dynamic update, because that code will * generate strictly minimal diffs. * It may happen when receiving an IXFR * from a server that is not as careful. * Issue a warning and continue. */ if (warn) { dns_name_format(dns_db_origin(db), namebuf, sizeof(namebuf)); dns_rdataclass_format(dns_db_class(db), classbuf, sizeof(classbuf)); isc_log_write(DIFF_COMMON_LOGARGS, ISC_LOG_WARNING, "%s/%s: dns_diff_apply: " "update with no effect", namebuf, classbuf); } } else if (result == DNS_R_NXRRSET) { /* * OK. */ } else { if (modified != NULL && dns_rdataset_isassociated(modified)) dns_rdataset_disassociate(modified); CHECK(result); } dns_db_detachnode(db, &node); if (modified != NULL && dns_rdataset_isassociated(modified)) dns_rdataset_disassociate(modified); } } return (ISC_R_SUCCESS); failure: if (node != NULL) dns_db_detachnode(db, &node); return (result); }
static isc_result_t detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers, dns_section_t section) { isc_result_t result, loopresult; dns_name_t *name; dns_rdataset_t *rdataset = NULL; dns_rdata_t rdata = DNS_RDATA_INIT; char namebuf[DNS_NAME_FORMATSIZE]; UNUSED(query); debug("detailsection()"); if (headers) { switch (section) { case DNS_SECTION_QUESTION: puts(" QUESTIONS:"); break; case DNS_SECTION_ANSWER: puts(" ANSWERS:"); break; case DNS_SECTION_AUTHORITY: puts(" AUTHORITY RECORDS:"); break; case DNS_SECTION_ADDITIONAL: puts(" ADDITIONAL RECORDS:"); break; } } result = dns_message_firstname(msg, section); if (result == ISC_R_NOMORE) return (ISC_R_SUCCESS); else if (result != ISC_R_SUCCESS) return (result); for (;;) { name = NULL; dns_message_currentname(msg, section, &name); for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { if (section == DNS_SECTION_QUESTION) { dns_name_format(name, namebuf, sizeof(namebuf)); printf("\t%s, ", namebuf); dns_rdatatype_format(rdataset->type, namebuf, sizeof(namebuf)); printf("type = %s, ", namebuf); dns_rdataclass_format(rdataset->rdclass, namebuf, sizeof(namebuf)); printf("class = %s\n", namebuf); } loopresult = dns_rdataset_first(rdataset); while (loopresult == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); dns_name_format(name, namebuf, sizeof(namebuf)); printf(" -> %s\n", namebuf); switch (rdata.type) { case dns_rdatatype_soa: printsoa(&rdata); break; default: printf("\t"); printrdata(&rdata); } dns_rdata_reset(&rdata); printf("\tttl = %u\n", rdataset->ttl); loopresult = dns_rdataset_next(rdataset); } } result = dns_message_nextname(msg, section); if (result == ISC_R_NOMORE) break; else if (result != ISC_R_SUCCESS) { return (result); } } return (ISC_R_SUCCESS); }
/* * Perform an update-policy rule check against an external application * over a socket. * * This currently only supports local: for unix domain datagram sockets. * * Note that by using a datagram socket and creating a new socket each * time we avoid the need for locking and allow for parallel access to * the authorization server. */ isc_boolean_t dns_ssu_external_match(dns_name_t *identity, dns_name_t *signer, dns_name_t *name, isc_netaddr_t *tcpaddr, dns_rdatatype_t type, const dst_key_t *key, isc_mem_t *mctx) { char b_identity[DNS_NAME_FORMATSIZE]; char b_signer[DNS_NAME_FORMATSIZE]; char b_name[DNS_NAME_FORMATSIZE]; char b_addr[ISC_NETADDR_FORMATSIZE]; char b_type[DNS_RDATATYPE_FORMATSIZE]; char b_key[DST_KEY_FORMATSIZE]; isc_buffer_t *tkey_token = NULL; int fd; const char *sock_path; unsigned int req_len; isc_region_t token_region; unsigned char *data; isc_buffer_t buf; isc_uint32_t token_len = 0; isc_uint32_t reply; ssize_t ret; /* The identity contains local:/path/to/socket */ dns_name_format(identity, b_identity, sizeof(b_identity)); /* For now only local: is supported */ if (strncmp(b_identity, "local:", 6) != 0) { ssu_e_log(3, "ssu_external: invalid socket path '%s'", b_identity); return (ISC_FALSE); } sock_path = &b_identity[6]; fd = ux_socket_connect(sock_path); if (fd == -1) return (ISC_FALSE); if (key != NULL) { dst_key_format(key, b_key, sizeof(b_key)); tkey_token = dst_key_tkeytoken(key); } else b_key[0] = 0; if (tkey_token != NULL) { isc_buffer_region(tkey_token, &token_region); token_len = token_region.length; } /* Format the request elements */ if (signer != NULL) dns_name_format(signer, b_signer, sizeof(b_signer)); else b_signer[0] = 0; dns_name_format(name, b_name, sizeof(b_name)); if (tcpaddr != NULL) isc_netaddr_format(tcpaddr, b_addr, sizeof(b_addr)); else b_addr[0] = 0; dns_rdatatype_format(type, b_type, sizeof(b_type)); /* Work out how big the request will be */ req_len = sizeof(isc_uint32_t) + /* Format version */ sizeof(isc_uint32_t) + /* Length */ strlen(b_signer) + 1 + /* Signer */ strlen(b_name) + 1 + /* Name */ strlen(b_addr) + 1 + /* Address */ strlen(b_type) + 1 + /* Type */ strlen(b_key) + 1 + /* Key */ sizeof(isc_uint32_t) + /* tkey_token length */ token_len; /* tkey_token */ /* format the buffer */ data = isc_mem_allocate(mctx, req_len); if (data == NULL) { close(fd); return (ISC_FALSE); } isc_buffer_init(&buf, data, req_len); isc_buffer_putuint32(&buf, SSU_EXTERNAL_VERSION); isc_buffer_putuint32(&buf, req_len); /* Strings must be null-terminated */ isc_buffer_putstr(&buf, b_signer); isc_buffer_putuint8(&buf, 0); isc_buffer_putstr(&buf, b_name); isc_buffer_putuint8(&buf, 0); isc_buffer_putstr(&buf, b_addr); isc_buffer_putuint8(&buf, 0); isc_buffer_putstr(&buf, b_type); isc_buffer_putuint8(&buf, 0); isc_buffer_putstr(&buf, b_key); isc_buffer_putuint8(&buf, 0); isc_buffer_putuint32(&buf, token_len); if (tkey_token && token_len != 0) isc_buffer_putmem(&buf, token_region.base, token_len); ENSURE(isc_buffer_availablelength(&buf) == 0); /* Send the request */ ret = write(fd, data, req_len); isc_mem_free(mctx, data); if (ret != (ssize_t) req_len) { char strbuf[ISC_STRERRORSIZE]; isc__strerror(errno, strbuf, sizeof(strbuf)); ssu_e_log(3, "ssu_external: unable to send request - %s", strbuf); close(fd); return (ISC_FALSE); } /* Receive the reply */ ret = read(fd, &reply, sizeof(isc_uint32_t)); if (ret != (ssize_t) sizeof(isc_uint32_t)) { char strbuf[ISC_STRERRORSIZE]; isc__strerror(errno, strbuf, sizeof(strbuf)); ssu_e_log(3, "ssu_external: unable to receive reply - %s", strbuf); close(fd); return (ISC_FALSE); } close(fd); reply = ntohl(reply); if (reply == 0) { ssu_e_log(3, "ssu_external: denied external auth for '%s'", b_name); return (ISC_FALSE); } else if (reply == 1) { ssu_e_log(3, "ssu_external: allowed external auth for '%s'", b_name); return (ISC_TRUE); } ssu_e_log(3, "ssu_external: invalid reply 0x%08x", reply); return (ISC_FALSE); }