int
packet_encode_rr(query_type *q, domain_type *owner, rr_type *rr)
{
size_t truncation_mark;
uint16_t rdlength = 0;
size_t rdlength_pos;
uint16_t j;
assert(q);
assert(owner);
assert(rr);
/*
* If the record does not in fit in the packet the packet size
* will be restored to the mark.
*/
truncation_mark = buffer_position(q->packet);
encode_dname(q, owner);
buffer_write_u16(q->packet, rr->type);
buffer_write_u16(q->packet, rr->klass);
buffer_write_u32(q->packet, rr->ttl);
/* Reserve space for rdlength. */
rdlength_pos = buffer_position(q->packet);
buffer_skip(q->packet, sizeof(rdlength));
for (j = 0; j < rr->rdata_count; ++j) {
switch (rdata_atom_wireformat_type(rr->type, j)) {
case RDATA_WF_COMPRESSED_DNAME:
encode_dname(q, rdata_atom_domain(rr->rdatas[j]));
break;
case RDATA_WF_UNCOMPRESSED_DNAME:
{
const dname_type *dname = domain_dname(
rdata_atom_domain(rr->rdatas[j]));
buffer_write(q->packet,
dname_name(dname), dname->name_size);
break;
}
default:
buffer_write(q->packet,
rdata_atom_data(rr->rdatas[j]),
rdata_atom_size(rr->rdatas[j]));
break;
}
}
if (!query_overflow(q)) {
rdlength = (buffer_position(q->packet) - rdlength_pos
- sizeof(rdlength));
buffer_write_u16_at(q->packet, rdlength_pos, rdlength);
return 1;
} else {
buffer_set_position(q->packet, truncation_mark);
query_clear_dname_offsets(q, truncation_mark);
assert(!query_overflow(q));
return 0;
}
}
/*
* Check the RRs in an IXFR/AXFR reply.
* returns 0 on error, 1 on correct parseable packet.
* done = 1 if the last SOA in an IXFR/AXFR has been seen.
* soa then contains that soa info.
* (soa contents is modified by the routine)
*/
static int
xfrd_xfr_check_rrs(xfrd_zone_t* zone, buffer_type* packet, size_t count,
int *done, xfrd_soa_t* soa)
{
/* first RR has already been checked */
uint16_t type, rrlen;
size_t i, soapos;
for(i=0; i<count; ++i,++zone->msg_rr_count)
{
if(!packet_skip_dname(packet))
return 0;
if(!buffer_available(packet, 10))
return 0;
soapos = buffer_position(packet);
type = buffer_read_u16(packet);
(void)buffer_read_u16(packet); /* class */
(void)buffer_read_u32(packet); /* ttl */
rrlen = buffer_read_u16(packet);
if(!buffer_available(packet, rrlen))
return 0;
if(type == TYPE_SOA) {
/* check the SOAs */
size_t mempos = buffer_position(packet);
buffer_set_position(packet, soapos);
if(!xfrd_parse_soa_info(packet, soa))
return 0;
if(zone->msg_rr_count == 1 &&
ntohl(soa->serial) != zone->msg_new_serial) {
/* 2nd RR is SOA with lower serial, this is an IXFR */
zone->msg_is_ixfr = 1;
if(!zone->soa_disk_acquired)
return 0; /* got IXFR but need AXFR */
if(ntohl(soa->serial) != ntohl(zone->soa_disk.serial))
return 0; /* bad start serial in IXFR */
zone->msg_old_serial = ntohl(soa->serial);
}
else if(ntohl(soa->serial) == zone->msg_new_serial) {
/* saw another SOA of new serial. */
if(zone->msg_is_ixfr == 1) {
zone->msg_is_ixfr = 2; /* seen middle SOA in ixfr */
} else {
/* 2nd SOA for AXFR or 3rd newSOA for IXFR */
*done = 1;
}
}
buffer_set_position(packet, mempos);
}
buffer_skip(packet, rrlen);
}
/* packet seems to have a valid DNS RR structure */
return 1;
}
/**
* Add RR to query.
*
*/
int
query_add_rr(query_type* q, ldns_rr* rr)
{
size_t i = 0;
size_t tc_mark = 0;
size_t rdlength_pos = 0;
uint16_t rdlength = 0;
ods_log_assert(q);
ods_log_assert(q->buffer);
ods_log_assert(rr);
/* set truncation mark, in case rr does not fit */
tc_mark = buffer_position(q->buffer);
/* owner type class ttl */
if (!buffer_available(q->buffer, ldns_rdf_size(ldns_rr_owner(rr)))) {
goto query_add_rr_tc;
}
buffer_write_rdf(q->buffer, ldns_rr_owner(rr));
if (!buffer_available(q->buffer, sizeof(uint16_t) + sizeof(uint16_t) +
sizeof(uint32_t) + sizeof(rdlength))) {
goto query_add_rr_tc;
}
buffer_write_u16(q->buffer, (uint16_t) ldns_rr_get_type(rr));
buffer_write_u16(q->buffer, (uint16_t) ldns_rr_get_class(rr));
buffer_write_u32(q->buffer, (uint32_t) ldns_rr_ttl(rr));
/* skip rdlength */
rdlength_pos = buffer_position(q->buffer);
buffer_skip(q->buffer, sizeof(rdlength));
/* write rdata */
for (i=0; i < ldns_rr_rd_count(rr); i++) {
if (!buffer_available(q->buffer, ldns_rdf_size(ldns_rr_rdf(rr, i)))) {
goto query_add_rr_tc;
}
buffer_write_rdf(q->buffer, ldns_rr_rdf(rr, i));
}
if (!query_overflow(q)) {
/* write rdlength */
rdlength = buffer_position(q->buffer) - rdlength_pos - sizeof(rdlength);
buffer_write_u16_at(q->buffer, rdlength_pos, rdlength);
/* position updated by buffer_write() */
return 1;
}
query_add_rr_tc:
buffer_set_position(q->buffer, tc_mark);
ods_log_assert(!query_overflow(q));
return 0;
}
/**
* IXFR.
*
*/
static query_state
query_process_ixfr(query_type* q)
{
uint16_t count = 0;
ods_log_assert(q);
ods_log_assert(q->buffer);
ods_log_assert(buffer_pkt_qdcount(q->buffer) == 1);
/* skip header and question section */
buffer_skip(q->buffer, BUFFER_PKT_HEADER_SIZE);
if (!buffer_skip_rr(q->buffer, 1)) {
ods_log_error("[%s] dropped packet: zone %s received bad ixfr "
"request (bad question section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
/* answer section is empty */
ods_log_assert(buffer_pkt_ancount(q->buffer) == 0);
/* examine auth section */
q->startpos = buffer_position(q->buffer);
count = buffer_pkt_nscount(q->buffer);
if (count) {
if (!buffer_skip_dname(q->buffer) ||
!query_parse_soa(q->buffer, &(q->serial))) {
ods_log_error("[%s] dropped packet: zone %s received bad ixfr "
"request (bad soa in auth section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
ods_log_debug("[%s] found ixfr request zone %s serial=%u", query_str,
q->zone->name, q->serial);
return QUERY_PROCESSED;
}
ods_log_debug("[%s] ixfr request zone %s has no auth section", query_str,
q->zone->name);
q->serial = 0;
return QUERY_PROCESSED;
}
/**
* Sign notify.
*
*/
static void
notify_tsig_sign(notify_type* notify, buffer_type* buffer)
{
tsig_algo_type* algo = NULL;
if (!notify || !notify->tsig_rr || !notify->secondary ||
!notify->secondary->tsig || !notify->secondary->tsig->key ||
!buffer) {
return; /* no tsig configured */
}
algo = tsig_lookup_algo(notify->secondary->tsig->algorithm);
if (!algo) {
ods_log_error("[%s] unable to sign notify: tsig unknown algorithm "
"%s", notify_str, notify->secondary->tsig->algorithm);
return;
}
ods_log_assert(algo);
tsig_rr_reset(notify->tsig_rr, algo, notify->secondary->tsig->key);
notify->tsig_rr->original_query_id = buffer_pkt_id(buffer);
notify->tsig_rr->algo_name =
ldns_rdf_clone(notify->tsig_rr->algo->wf_name);
notify->tsig_rr->key_name = ldns_rdf_clone(notify->tsig_rr->key->dname);
log_dname(notify->tsig_rr->key_name, "tsig sign notify with key %s",
LOG_DEBUG);
log_dname(notify->tsig_rr->algo_name, "tsig sign notify with algorithm %s",
LOG_DEBUG);
tsig_rr_prepare(notify->tsig_rr);
tsig_rr_update(notify->tsig_rr, buffer, buffer_position(buffer));
tsig_rr_sign(notify->tsig_rr);
ods_log_debug("[%s] tsig append rr to notify id=%u", notify_str,
buffer_pkt_id(buffer));
tsig_rr_append(notify->tsig_rr, buffer);
buffer_pkt_set_arcount(buffer, buffer_pkt_arcount(buffer)+1);
tsig_rr_prepare(notify->tsig_rr);
return;
}
int
print_rdata(buffer_type *output, rrtype_descriptor_type *descriptor,
rr_type *record)
{
size_t i;
size_t saved_position = buffer_position(output);
for (i = 0; i < record->rdata_count; ++i) {
if (i == 0) {
buffer_printf(output, "\t");
} else if (descriptor->type == TYPE_SOA && i == 2) {
buffer_printf(output, " (\n\t\t");
} else {
buffer_printf(output, " ");
}
if (!rdata_atom_to_string(
output,
(rdata_zoneformat_type) descriptor->zoneformat[i],
record->rdatas[i], record))
{
buffer_set_position(output, saved_position);
return 0;
}
}
if (descriptor->type == TYPE_SOA) {
buffer_printf(output, " )");
}
return 1;
}
static void
encode_dname(query_type *q, domain_type *domain)
{
while (domain->parent && query_get_dname_offset(q, domain) == 0) {
query_put_dname_offset(q, domain, buffer_position(q->packet));
DEBUG(DEBUG_NAME_COMPRESSION, 2,
(LOG_INFO, "dname: %s, number: %lu, offset: %u\n",
dname_to_string(domain_dname(domain), NULL),
(unsigned long) domain->number,
query_get_dname_offset(q, domain)));
buffer_write(q->packet, dname_name(domain_dname(domain)),
label_length(dname_name(domain_dname(domain))) + 1U);
domain = domain->parent;
}
if (domain->parent) {
DEBUG(DEBUG_NAME_COMPRESSION, 2,
(LOG_INFO, "dname: %s, number: %lu, pointer: %u\n",
dname_to_string(domain_dname(domain), NULL),
(unsigned long) domain->number,
query_get_dname_offset(q, domain)));
assert(query_get_dname_offset(q, domain) <= MAX_COMPRESSION_OFFSET);
buffer_write_u16(q->packet,
0xc000 | query_get_dname_offset(q, domain));
} else {
buffer_write_u8(q->packet, 0);
}
}
/**
* Check if query does not overflow.
*
*/
static int
query_overflow(query_type* q)
{
ods_log_assert(q);
ods_log_assert(q->buffer);
return buffer_position(q->buffer) > (q->maxlen - q->reserved_space);
}
int
packet_encode_rrset(query_type *query,
domain_type *owner,
rrset_type *rrset,
int section)
{
uint16_t i;
size_t truncation_mark;
uint16_t added = 0;
int all_added = 1;
int truncate_rrset = (section == ANSWER_SECTION ||
section == AUTHORITY_SECTION);
rrset_type *rrsig;
assert(rrset->rr_count > 0);
truncation_mark = buffer_position(query->packet);
for (i = 0; i < rrset->rr_count; ++i) {
if (packet_encode_rr(query, owner, &rrset->rrs[i])) {
++added;
} else {
all_added = 0;
break;
}
}
if (all_added &&
query->edns.dnssec_ok &&
zone_is_secure(rrset->zone) &&
rrset_rrtype(rrset) != TYPE_RRSIG &&
(rrsig = domain_find_rrset(owner, rrset->zone, TYPE_RRSIG)))
{
for (i = 0; i < rrsig->rr_count; ++i) {
if (rr_rrsig_type_covered(&rrsig->rrs[i])
== rrset_rrtype(rrset))
{
if (packet_encode_rr(query, owner,
&rrsig->rrs[i]))
{
++added;
} else {
all_added = 0;
break;
}
}
}
}
if (!all_added && truncate_rrset) {
/* Truncate entire RRset and set truncate flag. */
buffer_set_position(query->packet, truncation_mark);
query_clear_dname_offsets(query, truncation_mark);
TC_SET(query->packet);
added = 0;
}
return added;
}
/**
* Find TSIG RR.
*
*/
static int
query_find_tsig(query_type* q)
{
size_t saved_pos = 0;
size_t rrcount = 0;
size_t i = 0;
ods_log_assert(q);
ods_log_assert(q->tsig_rr);
ods_log_assert(q->buffer);
if (buffer_pkt_arcount(q->buffer) == 0) {
q->tsig_rr->status = TSIG_NOT_PRESENT;
return 1;
}
saved_pos = buffer_position(q->buffer);
rrcount = buffer_pkt_qdcount(q->buffer) + buffer_pkt_ancount(q->buffer) +
buffer_pkt_nscount(q->buffer);
buffer_set_position(q->buffer, BUFFER_PKT_HEADER_SIZE);
for (i=0; i < rrcount; i++) {
if (!buffer_skip_rr(q->buffer, i < buffer_pkt_qdcount(q->buffer))) {
buffer_set_position(q->buffer, saved_pos);
return 0;
}
}
rrcount = buffer_pkt_arcount(q->buffer);
ods_log_assert(rrcount != 0);
if (!tsig_rr_parse(q->tsig_rr, q->buffer)) {
ods_log_debug("[%s] got bad tsig", query_str);
return 0;
}
if (q->tsig_rr->status != TSIG_NOT_PRESENT) {
--rrcount;
}
if (rrcount) {
if (edns_rr_parse(q->edns_rr, q->buffer)) {
--rrcount;
}
}
if (rrcount && q->tsig_rr->status == TSIG_NOT_PRESENT) {
/* see if tsig is after the edns record */
if (!tsig_rr_parse(q->tsig_rr, q->buffer)) {
ods_log_debug("[%s] got bad tsig", query_str);
return 0;
}
if (q->tsig_rr->status != TSIG_NOT_PRESENT) {
--rrcount;
}
}
if (rrcount > 0) {
ods_log_debug("[%s] too many additional rrs", query_str);
return 0;
}
buffer_set_position(q->buffer, saved_pos);
return 1;
}
static int
rdata_nsec_to_string(buffer_type *output, rdata_atom_type rdata,
rr_type* ATTR_UNUSED(rr))
{
size_t saved_position = buffer_position(output);
buffer_type packet;
int insert_space = 0;
buffer_create_from(
&packet, rdata_atom_data(rdata), rdata_atom_size(rdata));
while (buffer_available(&packet, 2)) {
uint8_t window = buffer_read_u8(&packet);
uint8_t bitmap_size = buffer_read_u8(&packet);
uint8_t *bitmap = buffer_current(&packet);
int i;
if (!buffer_available(&packet, bitmap_size)) {
buffer_set_position(output, saved_position);
return 0;
}
for (i = 0; i < bitmap_size * 8; ++i) {
if (get_bit(bitmap, i)) {
buffer_printf(output,
"%s%s",
insert_space ? " " : "",
rrtype_to_string(
window * 256 + i));
insert_space = 1;
}
}
buffer_skip(&packet, bitmap_size);
}
return 1;
}
void
xfrd_tsig_sign_request(buffer_type* packet, tsig_record_type* tsig,
acl_options_t* acl)
{
tsig_algorithm_type* algo;
assert(acl->key_options && acl->key_options->tsig_key);
algo = tsig_get_algorithm_by_name(acl->key_options->algorithm);
if(!algo) {
log_msg(LOG_ERR, "tsig unknown algorithm %s",
acl->key_options->algorithm);
return;
}
assert(algo);
tsig_init_record(tsig, algo, acl->key_options->tsig_key);
tsig_init_query(tsig, ID(packet));
tsig_prepare(tsig);
tsig_update(tsig, packet, buffer_position(packet));
tsig_sign(tsig);
tsig_append_rr(tsig, packet);
ARCOUNT_SET(packet, ARCOUNT(packet) + 1);
DEBUG(DEBUG_XFRD,1, (LOG_INFO, "appending tsig to packet"));
/* prepare for validating tsigs */
tsig_prepare(tsig);
}
int
dname_make_wire_from_packet(uint8_t *buf, buffer_type *packet,
int allow_pointers)
{
int done = 0;
uint8_t visited[(MAX_PACKET_SIZE+7)/8];
size_t dname_length = 0;
const uint8_t *label;
ssize_t mark = -1;
memset(visited, 0, (buffer_limit(packet)+7)/8);
while (!done) {
if (!buffer_available(packet, 1)) {
/* error("dname out of bounds"); */
return 0;
}
if (get_bit(visited, buffer_position(packet))) {
/* error("dname loops"); */
return 0;
}
set_bit(visited, buffer_position(packet));
label = buffer_current(packet);
if (label_is_pointer(label)) {
size_t pointer;
if (!allow_pointers) {
return 0;
}
if (!buffer_available(packet, 2)) {
/* error("dname pointer out of bounds"); */
return 0;
}
pointer = label_pointer_location(label);
if (pointer >= buffer_limit(packet)) {
/* error("dname pointer points outside packet"); */
return 0;
}
buffer_skip(packet, 2);
if (mark == -1) {
mark = buffer_position(packet);
}
buffer_set_position(packet, pointer);
} else if (label_is_normal(label)) {
size_t length = label_length(label) + 1;
done = label_is_root(label);
if (!buffer_available(packet, length)) {
/* error("dname label out of bounds"); */
return 0;
}
if (dname_length + length >= MAXDOMAINLEN+1) {
/* error("dname too large"); */
return 0;
}
buffer_read(packet, buf + dname_length, length);
dname_length += length;
} else {
/* error("bad label type"); */
return 0;
}
}
if (mark != -1) {
buffer_set_position(packet, mark);
}
return dname_length;
}
static int dns_name_from_wire(buffer_type* data,
struct decompress_ctx *decompress,
char* text_name)
{
char *q;
u_int8_t *p, label_len;
int length, off, saved = -1, i;
if (data == NULL || text_name == NULL || decompress == NULL)
return -1;
p = buffer_current(data);
q = text_name;
length = 0;
label_len = buffer_read_u8(data);
if (label_len == 0) {
*q = '.';
q++;
}
while (label_len != 0
&& length < NAME_MAX_LENGTH) {
if ((label_len & 0xc0) == 0xc0) {
buffer_set_position(data, buffer_position(data) - 1);
label_len = buffer_read_u16(data);
off = label_len & ~0xc0;
if (off >= buffer_limit(data) /*|| decompress->pos[off] != off*/)
return -1;
if (saved == -1)
saved = buffer_position(data);
buffer_set_position(data, off);
label_len = buffer_read_u8(data);
} else {
if (!buffer_available(data, label_len))
return -1;
for (i = 0; i < label_len; i++) {
if (decompress->pos[i] == -1)
decompress->pos[i] = buffer_position(data);
}
length += label_len;
p = buffer_current(data);
memcpy(q, p, label_len);
buffer_skip(data, label_len);
q += label_len;
*q = '.';
q++;
label_len = buffer_read_u8(data);
}
}
if (label_len == 0) {
*q = '\0';
if (saved > -1)
buffer_set_position(data, saved);
} else {
log_msg("dns:domain not ends with \\0\n");
return -1;
}
return 0;
}
ssize_t
rdata_wireformat_to_rdata_atoms(region_type *region,
domain_table_type *owners,
uint16_t rrtype,
uint16_t data_size,
buffer_type *packet,
rdata_atom_type **rdatas)
{
size_t end = buffer_position(packet) + data_size;
size_t i;
rdata_atom_type temp_rdatas[MAXRDATALEN];
rrtype_descriptor_type *descriptor = rrtype_descriptor_by_type(rrtype);
region_type *temp_region;
assert(descriptor->maximum <= MAXRDATALEN);
if (!buffer_available(packet, data_size)) {
return -1;
}
temp_region = region_create(xalloc, free);
for (i = 0; i < descriptor->maximum; ++i) {
int is_domain = 0;
int is_normalized = 0;
int is_wirestore = 0;
size_t length = 0;
int required = i < descriptor->minimum;
switch (rdata_atom_wireformat_type(rrtype, i)) {
case RDATA_WF_COMPRESSED_DNAME:
case RDATA_WF_UNCOMPRESSED_DNAME:
is_domain = 1;
is_normalized = 1;
break;
case RDATA_WF_LITERAL_DNAME:
is_domain = 1;
is_wirestore = 1;
break;
case RDATA_WF_BYTE:
length = sizeof(uint8_t);
break;
case RDATA_WF_SHORT:
length = sizeof(uint16_t);
break;
case RDATA_WF_LONG:
length = sizeof(uint32_t);
break;
case RDATA_WF_TEXTS:
case RDATA_WF_LONG_TEXT:
length = end - buffer_position(packet);
break;
case RDATA_WF_TEXT:
case RDATA_WF_BINARYWITHLENGTH:
/* Length is stored in the first byte. */
length = 1;
if (buffer_position(packet) + length <= end) {
length += buffer_current(packet)[length - 1];
}
break;
case RDATA_WF_A:
length = sizeof(in_addr_t);
break;
case RDATA_WF_AAAA:
length = IP6ADDRLEN;
break;
case RDATA_WF_ILNP64:
length = IP6ADDRLEN/2;
break;
case RDATA_WF_EUI48:
length = EUI48ADDRLEN;
break;
case RDATA_WF_EUI64:
length = EUI64ADDRLEN;
break;
case RDATA_WF_BINARY:
/* Remaining RDATA is binary. */
length = end - buffer_position(packet);
break;
case RDATA_WF_APL:
length = (sizeof(uint16_t) /* address family */
+ sizeof(uint8_t) /* prefix */
+ sizeof(uint8_t)); /* length */
if (buffer_position(packet) + length <= end) {
/* Mask out negation bit. */
length += (buffer_current(packet)[length - 1]
& APL_LENGTH_MASK);
}
break;
case RDATA_WF_IPSECGATEWAY:
switch(rdata_atom_data(temp_rdatas[1])[0]) /* gateway type */ {
default:
case IPSECKEY_NOGATEWAY:
length = 0;
break;
case IPSECKEY_IP4:
length = IP4ADDRLEN;
break;
case IPSECKEY_IP6:
length = IP6ADDRLEN;
break;
case IPSECKEY_DNAME:
is_domain = 1;
is_normalized = 1;
is_wirestore = 1;
break;
}
break;
}
if (is_domain) {
const dname_type *dname;
if (!required && buffer_position(packet) == end) {
break;
}
dname = dname_make_from_packet(
temp_region, packet, 1, is_normalized);
if (!dname || buffer_position(packet) > end) {
/* Error in domain name. */
region_destroy(temp_region);
return -1;
}
if(is_wirestore) {
temp_rdatas[i].data = (uint16_t *) region_alloc(
region, sizeof(uint16_t) + ((size_t)dname->name_size));
temp_rdatas[i].data[0] = dname->name_size;
memcpy(temp_rdatas[i].data+1, dname_name(dname),
dname->name_size);
} else {
temp_rdatas[i].domain
= domain_table_insert(owners, dname);
temp_rdatas[i].domain->usage ++;
}
} else {
if (buffer_position(packet) + length > end) {
if (required) {
/* Truncated RDATA. */
region_destroy(temp_region);
return -1;
} else {
break;
}
}
if (!required && buffer_position(packet) == end) {
break;
}
temp_rdatas[i].data = (uint16_t *) region_alloc(
region, sizeof(uint16_t) + length);
temp_rdatas[i].data[0] = length;
buffer_read(packet, temp_rdatas[i].data + 1, length);
}
}
if (buffer_position(packet) < end) {
/* Trailing garbage. */
region_destroy(temp_region);
return -1;
}
*rdatas = (rdata_atom_type *) region_alloc_array_init(
region, temp_rdatas, i, sizeof(rdata_atom_type));
region_destroy(temp_region);
return (ssize_t)i;
}
/* return value 0: syntaxerror,badIXFR, 1:OK, 2:done_and_skip_it */
static int
apply_ixfr(namedb_type* db, FILE *in, const off_t* startpos,
const char* zone, uint32_t serialno, nsd_options_t* opt,
uint16_t id, uint32_t seq_nr, uint32_t seq_total,
int* is_axfr, int* delete_mode, int* rr_count,
size_t child_count)
{
uint32_t filelen, msglen, pkttype, timestamp[2];
int qcount, ancount, counter;
buffer_type* packet;
region_type* region;
int i;
uint16_t rrlen;
const dname_type *dname_zone, *dname;
zone_type* zone_db;
domain_type* last_in_list;
char file_zone_name[3072];
uint32_t file_serial, file_seq_nr;
uint16_t file_id;
off_t mempos;
memmove(&mempos, startpos, sizeof(off_t));
if(fseeko(in, mempos, SEEK_SET) == -1) {
log_msg(LOG_INFO, "could not fseeko: %s.", strerror(errno));
return 0;
}
/* read ixfr packet RRs and apply to in memory db */
if(!diff_read_32(in, &pkttype) || pkttype != DIFF_PART_IXFR) {
log_msg(LOG_ERR, "could not read type or wrong type");
return 0;
}
if(!diff_read_32(in, ×tamp[0]) ||
!diff_read_32(in, ×tamp[1])) {
log_msg(LOG_ERR, "could not read timestamp");
return 0;
}
if(!diff_read_32(in, &filelen)) {
log_msg(LOG_ERR, "could not read len");
return 0;
}
/* read header */
if(filelen < QHEADERSZ + sizeof(uint32_t)*3 + sizeof(uint16_t)) {
log_msg(LOG_ERR, "msg too short");
return 0;
}
region = region_create(xalloc, free);
if(!region) {
log_msg(LOG_ERR, "out of memory");
return 0;
}
if(!diff_read_str(in, file_zone_name, sizeof(file_zone_name)) ||
!diff_read_32(in, &file_serial) ||
!diff_read_16(in, &file_id) ||
!diff_read_32(in, &file_seq_nr))
{
log_msg(LOG_ERR, "could not part data");
region_destroy(region);
return 0;
}
if(strcmp(file_zone_name, zone) != 0 || serialno != file_serial ||
id != file_id || seq_nr != file_seq_nr) {
log_msg(LOG_ERR, "internal error: reading part with changed id");
region_destroy(region);
return 0;
}
msglen = filelen - sizeof(uint32_t)*3 - sizeof(uint16_t)
- strlen(file_zone_name);
packet = buffer_create(region, QIOBUFSZ);
dname_zone = dname_parse(region, zone);
zone_db = find_zone(db, dname_zone, opt, child_count);
if(!zone_db) {
log_msg(LOG_ERR, "no zone exists");
region_destroy(region);
/* break out and stop the IXFR, ignore it */
return 2;
}
if(msglen > QIOBUFSZ) {
log_msg(LOG_ERR, "msg too long");
region_destroy(region);
return 0;
}
buffer_clear(packet);
if(fread(buffer_begin(packet), msglen, 1, in) != 1) {
log_msg(LOG_ERR, "short fread: %s", strerror(errno));
region_destroy(region);
return 0;
}
buffer_set_limit(packet, msglen);
/* only answer section is really used, question, additional and
authority section RRs are skipped */
qcount = QDCOUNT(packet);
ancount = ANCOUNT(packet);
buffer_skip(packet, QHEADERSZ);
/* skip queries */
for(i=0; i<qcount; ++i)
if(!packet_skip_rr(packet, 1)) {
log_msg(LOG_ERR, "bad RR in question section");
region_destroy(region);
return 0;
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: started packet for zone %s",
dname_to_string(dname_zone, 0)));
/* first RR: check if SOA and correct zone & serialno */
if(*rr_count == 0) {
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s parse first RR",
dname_to_string(dname_zone, 0)));
dname = dname_make_from_packet(region, packet, 1, 1);
if(!dname) {
log_msg(LOG_ERR, "could not parse dname");
region_destroy(region);
return 0;
}
if(dname_compare(dname_zone, dname) != 0) {
log_msg(LOG_ERR, "SOA dname %s not equal to zone",
dname_to_string(dname,0));
log_msg(LOG_ERR, "zone dname is %s",
dname_to_string(dname_zone,0));
region_destroy(region);
return 0;
}
if(!buffer_available(packet, 10)) {
log_msg(LOG_ERR, "bad SOA RR");
region_destroy(region);
return 0;
}
if(buffer_read_u16(packet) != TYPE_SOA ||
buffer_read_u16(packet) != CLASS_IN) {
log_msg(LOG_ERR, "first RR not SOA IN");
region_destroy(region);
return 0;
}
buffer_skip(packet, sizeof(uint32_t)); /* ttl */
if(!buffer_available(packet, buffer_read_u16(packet)) ||
!packet_skip_dname(packet) /* skip prim_ns */ ||
!packet_skip_dname(packet) /* skip email */) {
log_msg(LOG_ERR, "bad SOA RR");
region_destroy(region);
return 0;
}
if(buffer_read_u32(packet) != serialno) {
buffer_skip(packet, -4);
log_msg(LOG_ERR, "SOA serial %d different from commit %d",
buffer_read_u32(packet), serialno);
region_destroy(region);
return 0;
}
buffer_skip(packet, sizeof(uint32_t)*4);
counter = 1;
*rr_count = 1;
*is_axfr = 0;
*delete_mode = 0;
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s start count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
}
else counter = 0;
last_in_list = zone_db->apex;
for(; counter < ancount; ++counter,++(*rr_count))
{
uint16_t type, klass;
uint32_t ttl;
if(!(dname=dname_make_from_packet(region, packet, 1,1))) {
log_msg(LOG_ERR, "bad xfr RR dname %d", *rr_count);
region_destroy(region);
return 0;
}
if(!buffer_available(packet, 10)) {
log_msg(LOG_ERR, "bad xfr RR format %d", *rr_count);
region_destroy(region);
return 0;
}
type = buffer_read_u16(packet);
klass = buffer_read_u16(packet);
ttl = buffer_read_u32(packet);
rrlen = buffer_read_u16(packet);
if(!buffer_available(packet, rrlen)) {
log_msg(LOG_ERR, "bad xfr RR rdata %d, len %d have %d",
*rr_count, rrlen, (int)buffer_remaining(packet));
region_destroy(region);
return 0;
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s parsed count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
if(*rr_count == 1 && type != TYPE_SOA) {
/* second RR: if not SOA: this is an AXFR; delete all zone contents */
delete_zone_rrs(db, zone_db);
/* add everything else (incl end SOA) */
*delete_mode = 0;
*is_axfr = 1;
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s sawAXFR count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
}
if(*rr_count == 1 && type == TYPE_SOA) {
/* if the serial no of the SOA equals the serialno, then AXFR */
size_t bufpos = buffer_position(packet);
uint32_t thisserial;
if(!packet_skip_dname(packet) ||
!packet_skip_dname(packet) ||
buffer_remaining(packet) < sizeof(uint32_t)*5)
{
log_msg(LOG_ERR, "bad xfr SOA RR formerr.");
region_destroy(region);
return 0;
}
thisserial = buffer_read_u32(packet);
if(thisserial == serialno) {
/* AXFR */
delete_zone_rrs(db, zone_db);
*delete_mode = 0;
*is_axfr = 1;
}
/* must have stuff in memory for a successful IXFR,
* the serial number of the SOA has been checked
* previously (by check_for_bad_serial) if it exists */
if(!*is_axfr && !domain_find_rrset(zone_db->apex,
zone_db, TYPE_SOA)) {
log_msg(LOG_ERR, "%s SOA serial %d is not "
"in memory, skip IXFR", zone, serialno);
region_destroy(region);
/* break out and stop the IXFR, ignore it */
return 2;
}
buffer_set_position(packet, bufpos);
}
if(type == TYPE_SOA && !*is_axfr) {
/* switch from delete-part to add-part and back again,
just before soa - so it gets deleted and added too */
/* this means we switch to delete mode for the final SOA */
*delete_mode = !*delete_mode;
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "diff: %s IXFRswapdel count %d, ax %d, delmode %d",
dname_to_string(dname_zone, 0), *rr_count, *is_axfr, *delete_mode));
}
if(type == TYPE_TSIG || type == TYPE_OPT) {
/* ignore pseudo RRs */
buffer_skip(packet, rrlen);
continue;
}
DEBUG(DEBUG_XFRD,2, (LOG_INFO, "xfr %s RR dname is %s type %s",
*delete_mode?"del":"add",
dname_to_string(dname,0), rrtype_to_string(type)));
if(*delete_mode) {
/* delete this rr */
if(!*is_axfr && type == TYPE_SOA && counter==ancount-1
&& seq_nr == seq_total-1) {
continue; /* do not delete final SOA RR for IXFR */
}
if(!delete_RR(db, dname, type, klass, last_in_list, packet,
rrlen, zone_db, region, *is_axfr)) {
region_destroy(region);
return 0;
}
if (!*is_axfr && last_in_list->nextdiff) {
last_in_list = last_in_list->nextdiff;
}
}
else
{
/* add this rr */
if(!add_RR(db, dname, type, klass, ttl, packet,
rrlen, zone_db, *is_axfr)) {
region_destroy(region);
return 0;
}
}
}
fix_empty_terminals(zone_db);
region_destroy(region);
return 1;
}
static void
handle_tcp_reading(netio_type *netio,
netio_handler_type *handler,
netio_event_types_type event_types)
{
struct tcp_handler_data *data
= (struct tcp_handler_data *) handler->user_data;
ssize_t received;
if (event_types & NETIO_EVENT_TIMEOUT) {
/* Connection timed out. */
cleanup_tcp_handler(netio, handler);
return;
}
if (data->nsd->tcp_query_count > 0 &&
data->query_count >= data->nsd->tcp_query_count) {
/* No more queries allowed on this tcp connection. */
cleanup_tcp_handler(netio, handler);
return;
}
assert(event_types & NETIO_EVENT_READ);
if (data->bytes_transmitted == 0) {
query_reset(data->query, TCP_MAX_MESSAGE_LEN, 1);
}
/*
* Check if we received the leading packet length bytes yet.
*/
if (data->bytes_transmitted < sizeof(uint16_t)) {
received = read(handler->fd,
(char *) &data->query->tcplen
+ data->bytes_transmitted,
sizeof(uint16_t) - data->bytes_transmitted);
if (received == -1) {
if (errno == EAGAIN || errno == EINTR) {
/*
* Read would block, wait until more
* data is available.
*/
return;
} else {
#ifdef ECONNRESET
if (verbosity >= 2 || errno != ECONNRESET)
#endif /* ECONNRESET */
log_msg(LOG_ERR, "failed reading from tcp: %s", strerror(errno));
cleanup_tcp_handler(netio, handler);
return;
}
} else if (received == 0) {
/* EOF */
cleanup_tcp_handler(netio, handler);
return;
}
data->bytes_transmitted += received;
if (data->bytes_transmitted < sizeof(uint16_t)) {
/*
* Not done with the tcplen yet, wait for more
* data to become available.
*/
return;
}
assert(data->bytes_transmitted == sizeof(uint16_t));
data->query->tcplen = ntohs(data->query->tcplen);
/*
* Minimum query size is:
*
* Size of the header (12)
* + Root domain name (1)
* + Query class (2)
* + Query type (2)
*/
if (data->query->tcplen < QHEADERSZ + 1 + sizeof(uint16_t) + sizeof(uint16_t)) {
VERBOSITY(2, (LOG_WARNING, "packet too small, dropping tcp connection"));
cleanup_tcp_handler(netio, handler);
return;
}
if (data->query->tcplen > data->query->maxlen) {
VERBOSITY(2, (LOG_WARNING, "insufficient tcp buffer, dropping connection"));
cleanup_tcp_handler(netio, handler);
return;
}
buffer_set_limit(data->query->packet, data->query->tcplen);
}
assert(buffer_remaining(data->query->packet) > 0);
/* Read the (remaining) query data. */
received = read(handler->fd,
buffer_current(data->query->packet),
buffer_remaining(data->query->packet));
if (received == -1) {
if (errno == EAGAIN || errno == EINTR) {
/*
* Read would block, wait until more data is
* available.
*/
return;
} else {
#ifdef ECONNRESET
if (verbosity >= 2 || errno != ECONNRESET)
#endif /* ECONNRESET */
log_msg(LOG_ERR, "failed reading from tcp: %s", strerror(errno));
cleanup_tcp_handler(netio, handler);
return;
}
} else if (received == 0) {
/* EOF */
cleanup_tcp_handler(netio, handler);
return;
}
data->bytes_transmitted += received;
buffer_skip(data->query->packet, received);
if (buffer_remaining(data->query->packet) > 0) {
/*
* Message not yet complete, wait for more data to
* become available.
*/
return;
}
assert(buffer_position(data->query->packet) == data->query->tcplen);
/* Account... */
#ifdef BIND8_STATS
# ifndef INET6
STATUP(data->nsd, ctcp);
# else
if (data->query->addr.ss_family == AF_INET) {
STATUP(data->nsd, ctcp);
} else if (data->query->addr.ss_family == AF_INET6) {
STATUP(data->nsd, ctcp6);
}
# endif
#endif /* BIND8_STATS */
/* We have a complete query, process it. */
/* tcp-query-count: handle query counter ++ */
data->query_count++;
buffer_flip(data->query->packet);
data->query_state = server_process_query(data->nsd, data->query);
if (data->query_state == QUERY_DISCARDED) {
/* Drop the packet and the entire connection... */
STATUP(data->nsd, dropped);
#if defined(BIND8_STATS) && defined(USE_ZONE_STATS)
if (data->query->zone) {
ZTATUP(data->query->zone, dropped);
}
#endif
cleanup_tcp_handler(netio, handler);
return;
}
#ifdef BIND8_STATS
if (RCODE(data->query->packet) == RCODE_OK
&& !AA(data->query->packet))
{
STATUP(data->nsd, nona);
ZTATUP(data->query->zone, nona);
}
# ifdef USE_ZONE_STATS
# ifndef INET6
ZTATUP(data->query->zone, ctcp);
# else
if (data->query->addr.ss_family == AF_INET) {
ZTATUP(data->query->zone, ctcp);
} else if (data->query->addr.ss_family == AF_INET6) {
ZTATUP(data->query->zone, ctcp6);
}
# endif
# endif /* USE_ZONE_STATS */
#endif /* BIND8_STATS */
query_add_optional(data->query, data->nsd);
/* Switch to the tcp write handler. */
buffer_flip(data->query->packet);
data->query->tcplen = buffer_remaining(data->query->packet);
data->bytes_transmitted = 0;
handler->timeout->tv_sec = data->nsd->tcp_timeout;
handler->timeout->tv_nsec = 0L;
timespec_add(handler->timeout, netio_current_time(netio));
handler->event_types = NETIO_EVENT_WRITE | NETIO_EVENT_TIMEOUT;
handler->event_handler = handle_tcp_writing;
}
/**
* NOTIFY.
*
*/
static query_state
query_process_notify(query_type* q, ldns_rr_type qtype, void* engine)
{
engine_type* e = (engine_type*) engine;
dnsin_type* dnsin = NULL;
uint16_t count = 0;
uint16_t rrcount = 0;
uint32_t serial = 0;
size_t pos = 0;
char address[128];
if (!e || !q || !q->zone) {
return QUERY_DISCARDED;
}
ods_log_assert(e->dnshandler);
ods_log_assert(q->zone->name);
ods_log_debug("[%s] incoming notify for zone %s", query_str,
q->zone->name);
if (buffer_pkt_rcode(q->buffer) != LDNS_RCODE_NOERROR ||
buffer_pkt_qr(q->buffer) ||
!buffer_pkt_aa(q->buffer) ||
buffer_pkt_tc(q->buffer) ||
buffer_pkt_rd(q->buffer) ||
buffer_pkt_ra(q->buffer) ||
buffer_pkt_ad(q->buffer) ||
buffer_pkt_cd(q->buffer) ||
buffer_pkt_qdcount(q->buffer) != 1 ||
buffer_pkt_ancount(q->buffer) > 1 ||
qtype != LDNS_RR_TYPE_SOA) {
return query_formerr(q);
}
if (!q->zone->adinbound || q->zone->adinbound->type != ADAPTER_DNS) {
ods_log_error("[%s] zone %s is not configured to have input dns "
"adapter", query_str, q->zone->name);
return query_notauth(q);
}
ods_log_assert(q->zone->adinbound->config);
dnsin = (dnsin_type*) q->zone->adinbound->config;
if (!acl_find(dnsin->allow_notify, &q->addr, q->tsig_rr)) {
if (addr2ip(q->addr, address, sizeof(address))) {
ods_log_info("[%s] unauthorized notify for zone %s from client %s: "
"no acl matches", query_str, q->zone->name, address);
} else {
ods_log_info("[%s] unauthorized notify for zone %s from unknown "
"client: no acl matches", query_str, q->zone->name);
}
return query_notauth(q);
}
ods_log_assert(q->zone->xfrd);
/* skip header and question section */
buffer_skip(q->buffer, BUFFER_PKT_HEADER_SIZE);
count = buffer_pkt_qdcount(q->buffer);
for (rrcount = 0; rrcount < count; rrcount++) {
if (!buffer_skip_rr(q->buffer, 1)) {
ods_log_error("[%s] dropped packet: zone %s received bad notify "
"(bad question section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
}
pos = buffer_position(q->buffer);
/* examine answer section */
count = buffer_pkt_ancount(q->buffer);
if (count) {
if (!buffer_skip_dname(q->buffer) ||
!query_parse_soa(q->buffer, &serial)) {
ods_log_error("[%s] dropped packet: zone %s received bad notify "
"(bad soa in answer section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
lock_basic_lock(&q->zone->xfrd->serial_lock);
q->zone->xfrd->serial_notify = serial;
q->zone->xfrd->serial_notify_acquired = time_now();
if (!util_serial_gt(q->zone->xfrd->serial_notify,
q->zone->xfrd->serial_disk)) {
ods_log_debug("[%s] ignore notify: already got zone %s serial "
"%u on disk", query_str, q->zone->name,
q->zone->xfrd->serial_notify);
lock_basic_unlock(&q->zone->xfrd->serial_lock);
goto send_notify_ok;
}
lock_basic_unlock(&q->zone->xfrd->serial_lock);
} else {
lock_basic_lock(&q->zone->xfrd->serial_lock);
q->zone->xfrd->serial_notify = 0;
q->zone->xfrd->serial_notify_acquired = 0;
lock_basic_unlock(&q->zone->xfrd->serial_lock);
}
/* forward notify to xfrd */
xfrd_set_timer_now(q->zone->xfrd);
dnshandler_fwd_notify(e->dnshandler, buffer_begin(q->buffer),
buffer_remaining(q->buffer));
send_notify_ok:
/* send notify ok */
buffer_pkt_set_qr(q->buffer);
buffer_pkt_set_aa(q->buffer);
buffer_pkt_set_ancount(q->buffer, 0);
buffer_clear(q->buffer); /* lim = pos, pos = 0; */
buffer_set_position(q->buffer, pos);
buffer_set_limit(q->buffer, buffer_capacity(q->buffer));
q->reserved_space = edns_rr_reserved_space(q->edns_rr);
q->reserved_space += tsig_rr_reserved_space(q->tsig_rr);
return QUERY_PROCESSED;
}
/**
* Add optional RRs to query.
*
*/
void
query_add_optional(query_type* q, void* engine)
{
engine_type* e = (engine_type*) engine;
edns_data_type* edns = NULL;
if (!q || !e) {
return;
}
/** First EDNS */
if (q->edns_rr) {
edns = &e->edns;
switch (q->edns_rr->status) {
case EDNS_NOT_PRESENT:
break;
case EDNS_OK:
ods_log_debug("[%s] add edns opt ok", query_str);
if (q->edns_rr->dnssec_ok) {
edns->ok[7] = 0x80;
} else {
edns->ok[7] = 0x00;
}
buffer_write(q->buffer, edns->ok, OPT_LEN);
/* fill with NULLs */
buffer_write(q->buffer, edns->rdata_none, OPT_RDATA);
buffer_pkt_set_arcount(q->buffer,
buffer_pkt_arcount(q->buffer) + 1);
break;
case EDNS_ERROR:
ods_log_debug("[%s] add edns opt err", query_str);
if (q->edns_rr->dnssec_ok) {
edns->ok[7] = 0x80;
} else {
edns->ok[7] = 0x00;
}
buffer_write(q->buffer, edns->error, OPT_LEN);
buffer_write(q->buffer, edns->rdata_none, OPT_RDATA);
buffer_pkt_set_arcount(q->buffer,
buffer_pkt_arcount(q->buffer) + 1);
break;
default:
break;
}
}
/** Then TSIG */
if (!q->tsig_rr) {
return;
}
if (q->tsig_rr->status != TSIG_NOT_PRESENT) {
if (q->tsig_rr->status == TSIG_ERROR ||
q->tsig_rr->error_code != LDNS_RCODE_NOERROR) {
ods_log_debug("[%s] add tsig err", query_str);
tsig_rr_error(q->tsig_rr);
tsig_rr_append(q->tsig_rr, q->buffer);
buffer_pkt_set_arcount(q->buffer,
buffer_pkt_arcount(q->buffer)+1);
} else if (q->tsig_rr->status == TSIG_OK &&
q->tsig_rr->error_code == LDNS_RCODE_NOERROR) {
ods_log_debug("[%s] add tsig ok", query_str);
if (q->tsig_prepare_it)
tsig_rr_prepare(q->tsig_rr);
if (q->tsig_update_it)
tsig_rr_update(q->tsig_rr, q->buffer,
buffer_position(q->buffer));
if (q->tsig_sign_it) {
tsig_rr_sign(q->tsig_rr);
tsig_rr_append(q->tsig_rr, q->buffer);
buffer_pkt_set_arcount(q->buffer,
buffer_pkt_arcount(q->buffer)+1);
}
}
}
return;
}