static void
rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
stats_dumparg_t *dumparg = arg;
FILE *fp;
char typebuf[64];
const char *typestr;
isc_boolean_t nxrrset = ISC_FALSE;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXDOMAIN)
!= 0) {
typestr = "NXDOMAIN";
} else if ((DNS_RDATASTATSTYPE_ATTR(type) &
DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) != 0) {
typestr = "Others";
} else {
dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf,
sizeof(typebuf));
typestr = typebuf;
}
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_NXRRSET)
!= 0)
nxrrset = ISC_TRUE;
switch (dumparg->type) {
case statsformat_file:
fp = dumparg->arg;
fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s%s\n", val,
nxrrset ? "!" : "", typestr);
break;
case statsformat_xml:
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
xmlTextWriterStartElement(writer, ISC_XMLCHAR "rrset");
xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
xmlTextWriterWriteFormatString(writer, "%s%s",
nxrrset ? "!" : "", typestr);
xmlTextWriterEndElement(writer); /* name */
xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter");
xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val);
xmlTextWriterEndElement(writer); /* counter */
xmlTextWriterEndElement(writer); /* rrset */
#endif
break;
}
}
static void
rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
char typebuf[64];
const char *typestr;
stats_dumparg_t *dumparg = arg;
FILE *fp;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE)
== 0) {
dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf,
sizeof(typebuf));
typestr = typebuf;
} else
typestr = "Others";
switch (dumparg->type) {
case statsformat_file:
fp = dumparg->arg;
fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, typestr);
break;
case statsformat_xml:
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "rdtype"));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "name"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR typestr));
TRY0(xmlTextWriterEndElement(writer)); /* name */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val));
TRY0(xmlTextWriterEndElement(writer)); /* counter */
TRY0(xmlTextWriterEndElement(writer)); /* rdtype */
#endif
break;
}
return;
#ifdef HAVE_LIBXML2
error:
dumparg->result = ISC_R_FAILURE;
return;
#endif
}
void
dns_badcache_print(dns_badcache_t *bc, const char *cachename, FILE *fp) {
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
dns_bcentry_t *bad, *next, *prev;
isc_time_t now;
unsigned int i;
isc_uint64_t t;
REQUIRE(VALID_BADCACHE(bc));
REQUIRE(cachename != NULL);
REQUIRE(fp != NULL);
LOCK(&bc->lock);
fprintf(fp, ";\n; %s\n;\n", cachename);
TIME_NOW(&now);
for (i = 0; bc->count > 0 && i < bc->size; i++) {
prev = NULL;
for (bad = bc->table[i]; bad != NULL; bad = next) {
next = bad->next;
if (isc_time_compare(&bad->expire, &now) < 0) {
if (prev != NULL)
prev->next = bad->next;
else
bc->table[i] = bad->next;
isc_mem_put(bc->mctx, bad, sizeof(*bad) +
bad->name.length);
bc->count--;
continue;
}
prev = bad;
dns_name_format(&bad->name, namebuf, sizeof(namebuf));
dns_rdatatype_format(bad->type, typebuf,
sizeof(typebuf));
t = isc_time_microdiff(&bad->expire, &now);
t /= 1000;
fprintf(fp, "; %s/%s [ttl "
"%" ISC_PLATFORM_QUADFORMAT "u]\n",
namebuf, typebuf, t);
}
}
UNLOCK(&bc->lock);
}
/**
* Convert DNS rdata type to LDAP attribute name.
*
* @param[in] rdtype
* @param[out] target Output buffer with \0 terminated attribute name.
* @param[in] size Target size.
* @param[in] unknown ISC_TRUE = use generic syntax "UnknownRecord;TYPE65333",
* ISC_FALSE = use type-specific mnemonic like "ARecord"
*/
isc_result_t
rdatatype_to_ldap_attribute(dns_rdatatype_t rdtype, char *target,
unsigned int size, isc_boolean_t unknown)
{
isc_result_t result;
char rdtype_str[DNS_RDATATYPE_FORMATSIZE];
if (unknown) {
/* "UnknownRecord;TYPE65333" */
CHECK(isc_string_copy(target, size,
LDAP_RDATATYPE_UNKNOWN_PREFIX));
snprintf(rdtype_str, sizeof(rdtype_str), "TYPE%u", rdtype);
CHECK(isc_string_append(target, size, rdtype_str));
} else {
/* "ARecord" */
dns_rdatatype_format(rdtype, rdtype_str, DNS_RDATATYPE_FORMATSIZE);
CHECK(isc_string_copy(target, size, rdtype_str));
CHECK(isc_string_append(target, size, LDAP_RDATATYPE_SUFFIX));
}
cleanup:
return result;
}
static void
report(dns_view_t *view, dns_name_t *name, isc_boolean_t missing,
dns_rdata_t *rdata)
{
const char *viewname = "", *sep = "";
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char databuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
isc_buffer_t buffer;
isc_result_t result;
if (strcmp(view->name, "_bind") != 0 &&
strcmp(view->name, "_default") != 0) {
viewname = view->name;
sep = ": view ";
}
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(rdata->type, typebuf, sizeof(typebuf));
isc_buffer_init(&buffer, databuf, sizeof(databuf) - 1);
result = dns_rdata_totext(rdata, NULL, &buffer);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
databuf[isc_buffer_usedlength(&buffer)] = '\0';
if (missing)
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
"checkhints%s%s: %s/%s (%s) missing from hints",
sep, viewname, namebuf, typebuf, databuf);
else
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
"checkhints%s%s: %s/%s (%s) extra record "
"in hints", sep, viewname, namebuf, typebuf,
databuf);
}
int
main(int argc, char *argv[]) {
isc_token_t token;
isc_result_t result;
int c;
unsigned int options = 0;
dns_rdatatype_t rdtype;
dns_rdataclass_t rdclass;
char text[256*1024];
char data[64*1024];
isc_buffer_t tbuf;
isc_buffer_t dbuf;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_boolean_t doexit = ISC_FALSE;
isc_boolean_t once = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
isc_boolean_t unknown = ISC_FALSE;
unsigned int t;
char *origin = NULL;
dns_fixedname_t fixed;
dns_name_t *name = NULL;
while ((c = isc_commandline_parse(argc, argv, "ho:puCPT")) != -1) {
switch (c) {
case 'o':
origin = isc_commandline_argument;
break;
case 'p':
print = ISC_TRUE;
break;
case 'u':
unknown = ISC_TRUE;
break;
case 'C':
for (t = 1; t <= 0xfeffu; t++) {
if (dns_rdataclass_ismeta(t))
continue;
dns_rdataclass_format(t, text, sizeof(text));
if (strncmp(text, "CLASS", 4) != 0)
fprintf(stdout, "%s\n", text);
}
exit(0);
case 'P':
for (t = 0xff00; t <= 0xfffeu; t++) {
if (dns_rdatatype_ismeta(t))
continue;
dns_rdatatype_format(t, text, sizeof(text));
if (strncmp(text, "TYPE", 4) != 0)
fprintf(stdout, "%s\n", text);
}
doexit = ISC_TRUE;
break;
case 'T':
for (t = 1; t <= 0xfeffu; t++) {
if (dns_rdatatype_ismeta(t))
continue;
dns_rdatatype_format(t, text, sizeof(text));
if (strncmp(text, "TYPE", 4) != 0)
fprintf(stdout, "%s\n", text);
}
doexit = ISC_TRUE;
break;
case '?':
case 'h':
/* Does not return. */
usage();
default:
fprintf(stderr, "%s: unhandled option -%c\n",
argv[0], isc_commandline_option);
exit(1);
}
}
if (doexit)
exit(0);
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_lex_create(mctx, 256, &lex) == ISC_R_SUCCESS);
/*
* Set up to lex DNS master file.
*/
specials['('] = 1;
specials[')'] = 1;
specials['"'] = 1;
isc_lex_setspecials(lex, specials);
options = ISC_LEXOPT_EOL;
isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
RUNTIME_CHECK(isc_lex_openstream(lex, stdin) == ISC_R_SUCCESS);
if (origin != NULL) {
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
result = dns_name_fromstring(name, origin, 0, NULL);
if (result != ISC_R_SUCCESS) {
fatal("dns_name_fromstring: %s",
dns_result_totext(result));
}
}
while ((result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER,
&token)) == ISC_R_SUCCESS) {
if (token.type == isc_tokentype_eof)
break;
if (token.type == isc_tokentype_eol)
continue;
if (once) {
fatal("extra data");
}
/*
* Get class.
*/
if (token.type == isc_tokentype_number) {
rdclass = (dns_rdataclass_t) token.value.as_ulong;
if (token.value.as_ulong > 0xffffu) {
fatal("class value too big %lu",
token.value.as_ulong);
}
if (dns_rdataclass_ismeta(rdclass)) {
fatal("class %lu is a meta value",
token.value.as_ulong);
}
} else if (token.type == isc_tokentype_string) {
result = dns_rdataclass_fromtext(&rdclass,
&token.value.as_textregion);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdataclass_fromtext: %s",
dns_result_totext(result));
}
if (dns_rdataclass_ismeta(rdclass)) {
fatal("class %.*s(%d) is a meta value",
(int)token.value.as_textregion.length,
token.value.as_textregion.base, rdclass);
}
} else {
fatal("unexpected token %u", token.type);
}
result = isc_lex_gettoken(lex, options | ISC_LEXOPT_NUMBER,
&token);
if (result != ISC_R_SUCCESS)
break;
if (token.type == isc_tokentype_eol)
continue;
if (token.type == isc_tokentype_eof)
break;
/*
* Get type.
*/
if (token.type == isc_tokentype_number) {
rdtype = (dns_rdatatype_t) token.value.as_ulong;
if (token.value.as_ulong > 0xffffu) {
fatal("type value too big %lu",
token.value.as_ulong);
}
if (dns_rdatatype_ismeta(rdtype)) {
fatal("type %lu is a meta value",
token.value.as_ulong);
}
} else if (token.type == isc_tokentype_string) {
result = dns_rdatatype_fromtext(&rdtype,
&token.value.as_textregion);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdatatype_fromtext: %s",
dns_result_totext(result));
}
if (dns_rdatatype_ismeta(rdtype)) {
fatal("type %.*s(%d) is a meta value",
(int)token.value.as_textregion.length,
token.value.as_textregion.base, rdtype);
}
} else {
fatal("unexpected token %u", token.type);
}
isc_buffer_init(&dbuf, data, sizeof(data));
result = dns_rdata_fromtext(&rdata, rdclass, rdtype, lex,
name, 0, mctx, &dbuf, NULL);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdata_fromtext: %s",
dns_result_totext(result));
}
once = ISC_TRUE;
}
if (result != ISC_R_EOF) {
fatal("eof not found");
}
if (!once) {
fatal("no records found");
}
if (print) {
isc_buffer_init(&tbuf, text, sizeof(text));
result = dns_rdataclass_totext(rdclass, &tbuf);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdataclass_totext: %s",
dns_result_totext(result));
}
isc_buffer_putstr(&tbuf, "\t");
result = dns_rdatatype_totext(rdtype, &tbuf);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdatatype_totext: %s",
dns_result_totext(result));
}
isc_buffer_putstr(&tbuf, "\t");
result = dns_rdata_totext(&rdata, NULL, &tbuf);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdata_totext: %s",
dns_result_totext(result));
}
printf("%.*s\n", (int)tbuf.used, (char*)tbuf.base);
fflush(stdout);
}
if (unknown) {
isc_buffer_init(&tbuf, text, sizeof(text));
result = dns_rdataclass_tounknowntext(rdclass, &tbuf);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdataclass_tounknowntext: %s",
dns_result_totext(result));
}
isc_buffer_putstr(&tbuf, "\t");
result = dns_rdatatype_tounknowntext(rdtype, &tbuf);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdatatype_tounknowntext: %s",
dns_result_totext(result));
}
isc_buffer_putstr(&tbuf, "\t");
result = dns_rdata_tofmttext(&rdata, NULL,
DNS_STYLEFLAG_UNKNOWNFORMAT,
0, 0, "", &tbuf);
if (result != ISC_R_SUCCESS) {
fatal("dns_rdata_tofmttext: %sn",
dns_result_totext(result));
}
printf("%.*s\n", (int)tbuf.used, (char*)tbuf.base);
fflush(stdout);
}
isc_lex_close(lex);
isc_lex_destroy(&lex);
isc_mem_destroy(&mctx);
return (0);
}
static isc_result_t
diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
isc_boolean_t warn)
{
dns_difftuple_t *t;
dns_dbnode_t *node = NULL;
isc_result_t result;
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
REQUIRE(DNS_DIFF_VALID(diff));
REQUIRE(DNS_DB_VALID(db));
t = ISC_LIST_HEAD(diff->tuples);
while (t != NULL) {
dns_name_t *name;
INSIST(node == NULL);
name = &t->name;
/*
* Find the node.
* We create the node if it does not exist.
* This will cause an empty node to be created if the diff
* contains a deletion of an RR at a nonexistent name,
* but such diffs should never be created in the first
* place.
*/
while (t != NULL && dns_name_equal(&t->name, name)) {
dns_rdatatype_t type, covers;
dns_diffop_t op;
dns_rdatalist_t rdl;
dns_rdataset_t rds;
dns_rdataset_t ardataset;
dns_rdataset_t *modified = NULL;
op = t->op;
type = t->rdata.type;
covers = rdata_covers(&t->rdata);
/*
* Collect a contiguous set of updates with
* the same operation (add/delete) and RR type
* into a single rdatalist so that the
* database rrset merging/subtraction code
* can work more efficiently than if each
* RR were merged into / subtracted from
* the database separately.
*
* This is done by linking rdata structures from the
* diff into "rdatalist". This uses the rdata link
* field, not the diff link field, so the structure
* of the diff itself is not affected.
*/
dns_rdatalist_init(&rdl);
rdl.type = type;
rdl.covers = covers;
rdl.rdclass = t->rdata.rdclass;
rdl.ttl = t->ttl;
node = NULL;
if (type != dns_rdatatype_nsec3 &&
covers != dns_rdatatype_nsec3)
CHECK(dns_db_findnode(db, name, ISC_TRUE,
&node));
else
CHECK(dns_db_findnsec3node(db, name, ISC_TRUE,
&node));
while (t != NULL &&
dns_name_equal(&t->name, name) &&
t->op == op &&
t->rdata.type == type &&
rdata_covers(&t->rdata) == covers)
{
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(t->rdata.type, typebuf,
sizeof(typebuf));
dns_rdataclass_format(t->rdata.rdclass,
classbuf,
sizeof(classbuf));
if (t->ttl != rdl.ttl && warn)
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"'%s/%s/%s': TTL differs in "
"rdataset, adjusting "
"%lu -> %lu",
namebuf, typebuf, classbuf,
(unsigned long) t->ttl,
(unsigned long) rdl.ttl);
ISC_LIST_APPEND(rdl.rdata, &t->rdata, link);
t = ISC_LIST_NEXT(t, link);
}
/*
* Convert the rdatalist into a rdataset.
*/
dns_rdataset_init(&rds);
CHECK(dns_rdatalist_tordataset(&rdl, &rds));
if (rds.type == dns_rdatatype_rrsig)
switch (op) {
case DNS_DIFFOP_ADDRESIGN:
case DNS_DIFFOP_DELRESIGN:
modified = &ardataset;
dns_rdataset_init(modified);
break;
default:
break;
}
rds.trust = dns_trust_ultimate;
/*
* Merge the rdataset into the database.
*/
switch (op) {
case DNS_DIFFOP_ADD:
case DNS_DIFFOP_ADDRESIGN:
result = dns_db_addrdataset(db, node, ver,
0, &rds,
DNS_DBADD_MERGE|
DNS_DBADD_EXACT|
DNS_DBADD_EXACTTTL,
modified);
break;
case DNS_DIFFOP_DEL:
case DNS_DIFFOP_DELRESIGN:
result = dns_db_subtractrdataset(db, node, ver,
&rds,
DNS_DBSUB_EXACT,
modified);
break;
default:
INSIST(0);
}
if (result == ISC_R_SUCCESS) {
if (modified != NULL) {
isc_stdtime_t resign;
resign = setresign(modified);
dns_db_setsigningtime(db, modified,
resign);
}
} else if (result == DNS_R_UNCHANGED) {
/*
* This will not happen when executing a
* dynamic update, because that code will
* generate strictly minimal diffs.
* It may happen when receiving an IXFR
* from a server that is not as careful.
* Issue a warning and continue.
*/
if (warn) {
dns_name_format(dns_db_origin(db),
namebuf,
sizeof(namebuf));
dns_rdataclass_format(dns_db_class(db),
classbuf,
sizeof(classbuf));
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"%s/%s: dns_diff_apply: "
"update with no effect",
namebuf, classbuf);
}
} else if (result == DNS_R_NXRRSET) {
/*
* OK.
*/
} else {
if (modified != NULL &&
dns_rdataset_isassociated(modified))
dns_rdataset_disassociate(modified);
CHECK(result);
}
dns_db_detachnode(db, &node);
if (modified != NULL &&
dns_rdataset_isassociated(modified))
dns_rdataset_disassociate(modified);
}
}
return (ISC_R_SUCCESS);
failure:
if (node != NULL)
dns_db_detachnode(db, &node);
return (result);
}
static isc_result_t
detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
dns_section_t section) {
isc_result_t result, loopresult;
dns_name_t *name;
dns_rdataset_t *rdataset = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
char namebuf[DNS_NAME_FORMATSIZE];
UNUSED(query);
debug("detailsection()");
if (headers) {
switch (section) {
case DNS_SECTION_QUESTION:
puts(" QUESTIONS:");
break;
case DNS_SECTION_ANSWER:
puts(" ANSWERS:");
break;
case DNS_SECTION_AUTHORITY:
puts(" AUTHORITY RECORDS:");
break;
case DNS_SECTION_ADDITIONAL:
puts(" ADDITIONAL RECORDS:");
break;
}
}
result = dns_message_firstname(msg, section);
if (result == ISC_R_NOMORE)
return (ISC_R_SUCCESS);
else if (result != ISC_R_SUCCESS)
return (result);
for (;;) {
name = NULL;
dns_message_currentname(msg, section,
&name);
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
if (section == DNS_SECTION_QUESTION) {
dns_name_format(name, namebuf,
sizeof(namebuf));
printf("\t%s, ", namebuf);
dns_rdatatype_format(rdataset->type,
namebuf,
sizeof(namebuf));
printf("type = %s, ", namebuf);
dns_rdataclass_format(rdataset->rdclass,
namebuf,
sizeof(namebuf));
printf("class = %s\n", namebuf);
}
loopresult = dns_rdataset_first(rdataset);
while (loopresult == ISC_R_SUCCESS) {
dns_rdataset_current(rdataset, &rdata);
dns_name_format(name, namebuf,
sizeof(namebuf));
printf(" -> %s\n", namebuf);
switch (rdata.type) {
case dns_rdatatype_soa:
printsoa(&rdata);
break;
default:
printf("\t");
printrdata(&rdata);
}
dns_rdata_reset(&rdata);
printf("\tttl = %u\n", rdataset->ttl);
loopresult = dns_rdataset_next(rdataset);
}
}
result = dns_message_nextname(msg, section);
if (result == ISC_R_NOMORE)
break;
else if (result != ISC_R_SUCCESS) {
return (result);
}
}
return (ISC_R_SUCCESS);
}
/*
* Perform an update-policy rule check against an external application
* over a socket.
*
* This currently only supports local: for unix domain datagram sockets.
*
* Note that by using a datagram socket and creating a new socket each
* time we avoid the need for locking and allow for parallel access to
* the authorization server.
*/
isc_boolean_t
dns_ssu_external_match(dns_name_t *identity,
dns_name_t *signer, dns_name_t *name,
isc_netaddr_t *tcpaddr, dns_rdatatype_t type,
const dst_key_t *key, isc_mem_t *mctx)
{
char b_identity[DNS_NAME_FORMATSIZE];
char b_signer[DNS_NAME_FORMATSIZE];
char b_name[DNS_NAME_FORMATSIZE];
char b_addr[ISC_NETADDR_FORMATSIZE];
char b_type[DNS_RDATATYPE_FORMATSIZE];
char b_key[DST_KEY_FORMATSIZE];
isc_buffer_t *tkey_token = NULL;
int fd;
const char *sock_path;
unsigned int req_len;
isc_region_t token_region;
unsigned char *data;
isc_buffer_t buf;
isc_uint32_t token_len = 0;
isc_uint32_t reply;
ssize_t ret;
/* The identity contains local:/path/to/socket */
dns_name_format(identity, b_identity, sizeof(b_identity));
/* For now only local: is supported */
if (strncmp(b_identity, "local:", 6) != 0) {
ssu_e_log(3, "ssu_external: invalid socket path '%s'",
b_identity);
return (ISC_FALSE);
}
sock_path = &b_identity[6];
fd = ux_socket_connect(sock_path);
if (fd == -1)
return (ISC_FALSE);
if (key != NULL) {
dst_key_format(key, b_key, sizeof(b_key));
tkey_token = dst_key_tkeytoken(key);
} else
b_key[0] = 0;
if (tkey_token != NULL) {
isc_buffer_region(tkey_token, &token_region);
token_len = token_region.length;
}
/* Format the request elements */
if (signer != NULL)
dns_name_format(signer, b_signer, sizeof(b_signer));
else
b_signer[0] = 0;
dns_name_format(name, b_name, sizeof(b_name));
if (tcpaddr != NULL)
isc_netaddr_format(tcpaddr, b_addr, sizeof(b_addr));
else
b_addr[0] = 0;
dns_rdatatype_format(type, b_type, sizeof(b_type));
/* Work out how big the request will be */
req_len = sizeof(isc_uint32_t) + /* Format version */
sizeof(isc_uint32_t) + /* Length */
strlen(b_signer) + 1 + /* Signer */
strlen(b_name) + 1 + /* Name */
strlen(b_addr) + 1 + /* Address */
strlen(b_type) + 1 + /* Type */
strlen(b_key) + 1 + /* Key */
sizeof(isc_uint32_t) + /* tkey_token length */
token_len; /* tkey_token */
/* format the buffer */
data = isc_mem_allocate(mctx, req_len);
if (data == NULL) {
close(fd);
return (ISC_FALSE);
}
isc_buffer_init(&buf, data, req_len);
isc_buffer_putuint32(&buf, SSU_EXTERNAL_VERSION);
isc_buffer_putuint32(&buf, req_len);
/* Strings must be null-terminated */
isc_buffer_putstr(&buf, b_signer);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putstr(&buf, b_name);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putstr(&buf, b_addr);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putstr(&buf, b_type);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putstr(&buf, b_key);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putuint32(&buf, token_len);
if (tkey_token && token_len != 0)
isc_buffer_putmem(&buf, token_region.base, token_len);
ENSURE(isc_buffer_availablelength(&buf) == 0);
/* Send the request */
ret = write(fd, data, req_len);
isc_mem_free(mctx, data);
if (ret != (ssize_t) req_len) {
char strbuf[ISC_STRERRORSIZE];
isc__strerror(errno, strbuf, sizeof(strbuf));
ssu_e_log(3, "ssu_external: unable to send request - %s",
strbuf);
close(fd);
return (ISC_FALSE);
}
/* Receive the reply */
ret = read(fd, &reply, sizeof(isc_uint32_t));
if (ret != (ssize_t) sizeof(isc_uint32_t)) {
char strbuf[ISC_STRERRORSIZE];
isc__strerror(errno, strbuf, sizeof(strbuf));
ssu_e_log(3, "ssu_external: unable to receive reply - %s",
strbuf);
close(fd);
return (ISC_FALSE);
}
close(fd);
reply = ntohl(reply);
if (reply == 0) {
ssu_e_log(3, "ssu_external: denied external auth for '%s'",
b_name);
return (ISC_FALSE);
} else if (reply == 1) {
ssu_e_log(3, "ssu_external: allowed external auth for '%s'",
b_name);
return (ISC_TRUE);
}
ssu_e_log(3, "ssu_external: invalid reply 0x%08x", reply);
return (ISC_FALSE);
}
