static inline isc_result_t tostruct_ipseckey(ARGS_TOSTRUCT) { isc_region_t region; dns_rdata_ipseckey_t *ipseckey = target; dns_name_t name; isc_uint32_t n; REQUIRE(rdata->type == 45); REQUIRE(target != NULL); REQUIRE(rdata->length >= 3); if (rdata->data[1] > 3U) return (ISC_R_NOTIMPLEMENTED); ipseckey->common.rdclass = rdata->rdclass; ipseckey->common.rdtype = rdata->type; ISC_LINK_INIT(&ipseckey->common, link); dns_name_init(&name, NULL); dns_rdata_toregion(rdata, ®ion); ipseckey->precedence = uint8_fromregion(®ion); isc_region_consume(®ion, 1); ipseckey->gateway_type = uint8_fromregion(®ion); isc_region_consume(®ion, 1); ipseckey->algorithm = uint8_fromregion(®ion); isc_region_consume(®ion, 1); switch (ipseckey->gateway_type) { case 0: break; case 1: n = uint32_fromregion(®ion); ipseckey->in_addr.s_addr = htonl(n); isc_region_consume(®ion, 4); break; case 2: memcpy(ipseckey->in6_addr.s6_addr, region.base, 16); isc_region_consume(®ion, 16); break; case 3: dns_name_init(&ipseckey->gateway, NULL); dns_name_fromregion(&name, ®ion); RETERR(name_duporclone(&name, mctx, &ipseckey->gateway)); isc_region_consume(®ion, name_length(&name)); break; } ipseckey->keylength = region.length; if (ipseckey->keylength != 0U) { ipseckey->key = mem_maybedup(mctx, region.base, ipseckey->keylength); if (ipseckey->key == NULL) { if (ipseckey->gateway_type == 3) dns_name_free(&ipseckey->gateway, ipseckey->mctx); return (ISC_R_NOMEMORY); } } else ipseckey->key = NULL; ipseckey->mctx = mctx; return (ISC_R_SUCCESS); }
isc_result_t dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm, dst_key_t *dstkey, isc_boolean_t generated, dns_name_t *creator, isc_stdtime_t inception, isc_stdtime_t expire, isc_mem_t *mctx, dns_tsig_keyring_t *ring, dns_tsigkey_t **key) { dns_tsigkey_t *tkey; isc_result_t ret; unsigned int refs = 0; REQUIRE(key == NULL || *key == NULL); REQUIRE(name != NULL); REQUIRE(algorithm != NULL); REQUIRE(mctx != NULL); REQUIRE(key != NULL || ring != NULL); tkey = (dns_tsigkey_t *) isc_mem_get(mctx, sizeof(dns_tsigkey_t)); if (tkey == NULL) return (ISC_R_NOMEMORY); dns_name_init(&tkey->name, NULL); ret = dns_name_dup(name, mctx, &tkey->name); if (ret != ISC_R_SUCCESS) goto cleanup_key; (void)dns_name_downcase(&tkey->name, &tkey->name, NULL); if (dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME)) { tkey->algorithm = DNS_TSIG_HMACMD5_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACMD5) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA1_NAME)) { tkey->algorithm = DNS_TSIG_HMACSHA1_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA1) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA224_NAME)) { tkey->algorithm = DNS_TSIG_HMACSHA224_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA224) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA256_NAME)) { tkey->algorithm = DNS_TSIG_HMACSHA256_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA256) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA384_NAME)) { tkey->algorithm = DNS_TSIG_HMACSHA384_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA384) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_HMACSHA512_NAME)) { tkey->algorithm = DNS_TSIG_HMACSHA512_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_HMACSHA512) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPI_NAME)) { tkey->algorithm = DNS_TSIG_GSSAPI_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_GSSAPI) { ret = DNS_R_BADALG; goto cleanup_name; } } else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPIMS_NAME)) { tkey->algorithm = DNS_TSIG_GSSAPIMS_NAME; if (dstkey != NULL && dst_key_alg(dstkey) != DST_ALG_GSSAPI) { ret = DNS_R_BADALG; goto cleanup_name; } } else { if (dstkey != NULL) { ret = DNS_R_BADALG; goto cleanup_name; } tkey->algorithm = isc_mem_get(mctx, sizeof(dns_name_t)); if (tkey->algorithm == NULL) { ret = ISC_R_NOMEMORY; goto cleanup_name; } dns_name_init(tkey->algorithm, NULL); ret = dns_name_dup(algorithm, mctx, tkey->algorithm); if (ret != ISC_R_SUCCESS) goto cleanup_algorithm; (void)dns_name_downcase(tkey->algorithm, tkey->algorithm, NULL); } if (creator != NULL) { tkey->creator = isc_mem_get(mctx, sizeof(dns_name_t)); if (tkey->creator == NULL) { ret = ISC_R_NOMEMORY; goto cleanup_algorithm; } dns_name_init(tkey->creator, NULL); ret = dns_name_dup(creator, mctx, tkey->creator); if (ret != ISC_R_SUCCESS) { isc_mem_put(mctx, tkey->creator, sizeof(dns_name_t)); goto cleanup_algorithm; } } else tkey->creator = NULL; tkey->key = NULL; if (dstkey != NULL) dst_key_attach(dstkey, &tkey->key); tkey->ring = ring; if (key != NULL) refs = 1; if (ring != NULL) refs++; ret = isc_refcount_init(&tkey->refs, refs); if (ret != ISC_R_SUCCESS) goto cleanup_creator; tkey->generated = generated; tkey->inception = inception; tkey->expire = expire; tkey->mctx = NULL; isc_mem_attach(mctx, &tkey->mctx); tkey->magic = TSIG_MAGIC; if (ring != NULL) { ret = keyring_add(ring, name, tkey); if (ret != ISC_R_SUCCESS) goto cleanup_refs; } /* * Ignore this if it's a GSS key, since the key size is meaningless. */ if (dstkey != NULL && dst_key_size(dstkey) < 64 && !dns_name_equal(algorithm, DNS_TSIG_GSSAPI_NAME) && !dns_name_equal(algorithm, DNS_TSIG_GSSAPIMS_NAME)) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(name, namestr, sizeof(namestr)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, ISC_LOG_INFO, "the key '%s' is too short to be secure", namestr); } if (key != NULL) *key = tkey; return (ISC_R_SUCCESS); cleanup_refs: tkey->magic = 0; while (refs-- > 0) isc_refcount_decrement(&tkey->refs, NULL); isc_refcount_destroy(&tkey->refs); cleanup_creator: if (tkey->key != NULL) dst_key_free(&tkey->key); if (tkey->creator != NULL) { dns_name_free(tkey->creator, mctx); isc_mem_put(mctx, tkey->creator, sizeof(dns_name_t)); } cleanup_algorithm: if (algname_is_allocated(tkey->algorithm)) { if (dns_name_dynamic(tkey->algorithm)) dns_name_free(tkey->algorithm, mctx); isc_mem_put(mctx, tkey->algorithm, sizeof(dns_name_t)); } cleanup_name: dns_name_free(&tkey->name, mctx); cleanup_key: isc_mem_put(mctx, tkey, sizeof(dns_tsigkey_t)); return (ret); }
static inline isc_result_t tostruct_rrsig(ARGS_TOSTRUCT) { isc_region_t sr; dns_rdata_rrsig_t *sig = target; dns_name_t signer; REQUIRE(rdata->type == 46); REQUIRE(target != NULL); REQUIRE(rdata->length != 0); sig->common.rdclass = rdata->rdclass; sig->common.rdtype = rdata->type; ISC_LINK_INIT(&sig->common, link); dns_rdata_toregion(rdata, &sr); /* * Type covered. */ sig->covered = uint16_fromregion(&sr); isc_region_consume(&sr, 2); /* * Algorithm. */ sig->algorithm = uint8_fromregion(&sr); isc_region_consume(&sr, 1); /* * Labels. */ sig->labels = uint8_fromregion(&sr); isc_region_consume(&sr, 1); /* * Original TTL. */ sig->originalttl = uint32_fromregion(&sr); isc_region_consume(&sr, 4); /* * Expire time. */ sig->timeexpire = uint32_fromregion(&sr); isc_region_consume(&sr, 4); /* * Time signed. */ sig->timesigned = uint32_fromregion(&sr); isc_region_consume(&sr, 4); /* * Key ID. */ sig->keyid = uint16_fromregion(&sr); isc_region_consume(&sr, 2); dns_name_init(&signer, NULL); dns_name_fromregion(&signer, &sr); dns_name_init(&sig->signer, NULL); RETERR(name_duporclone(&signer, mctx, &sig->signer)); isc_region_consume(&sr, name_length(&sig->signer)); /* * Signature. */ sig->siglen = sr.length; sig->signature = mem_maybedup(mctx, sr.base, sig->siglen); if (sig->signature == NULL) goto cleanup; sig->mctx = mctx; return (ISC_R_SUCCESS); cleanup: if (mctx != NULL) dns_name_free(&sig->signer, mctx); return (ISC_R_NOMEMORY); }
static int setup_follow_possible_cname(dnskey_glob *gs, dnskey_lookup *dl) { int ret; dl->cname_count++; /* * If we are on an odd cycle (starting with 1), * then convert to dns_name_t so that we can compare later. * * This detects loops in the CNAME processing, while still * allowing an arbitrary number of CNAMEs to be followed. */ if(dl->cname_count & 1) { isc_buffer_t fqdn_src; isc_buffer_t *fqdn_dst; if(dl->cname_count == 1) { memset(&dl->last_cname, 0, sizeof(dl->last_cname)); dns_name_init(&dl->last_cname, NULL); } else { dns_name_reset(&dl->last_cname); } fqdn_dst=NULL; isc_buffer_init(&fqdn_src, dl->fqdn, strlen(dl->fqdn)); isc_buffer_add(&fqdn_src, strlen(dl->fqdn)); isc_buffer_allocate(gs->iscmem, &fqdn_dst, strlen(dl->fqdn)+1); #if 0 if(dl->last_cname_used) { dns_name_free(&dl->last_cname, gs->iscmem); } #endif dl->last_cname_used = 1; if(dns_name_fromtext(&dl->last_cname, &fqdn_src, NULL, 1, fqdn_dst) != ISC_R_SUCCESS) { return 0; } /* something else here ? */ } ret = lwres_getrrsetbyname_init(dl->fqdn, dns_rdataclass_in, dns_rdatatype_cname, 0 /*flags*/, gs->lwctx, &dl->las); if(ret != ERRSET_SUCCESS) { return 0; } lwres_getrrsetbyname_xmit(gs->lwctx, &dl->las); return 1; }
isc_result_t dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, dns_name_t *identity, unsigned int matchtype, dns_name_t *name, unsigned int ntypes, dns_rdatatype_t *types) { dns_ssurule_t *rule; isc_mem_t *mctx; isc_result_t result; REQUIRE(VALID_SSUTABLE(table)); REQUIRE(dns_name_isabsolute(identity)); REQUIRE(dns_name_isabsolute(name)); REQUIRE(matchtype <= DNS_SSUMATCHTYPE_MAX); if (matchtype == DNS_SSUMATCHTYPE_WILDCARD) REQUIRE(dns_name_iswildcard(name)); if (ntypes > 0) REQUIRE(types != NULL); mctx = table->mctx; rule = isc_mem_get(mctx, sizeof(dns_ssurule_t)); if (rule == NULL) return (ISC_R_NOMEMORY); rule->identity = NULL; rule->name = NULL; rule->types = NULL; rule->grant = grant; rule->identity = isc_mem_get(mctx, sizeof(dns_name_t)); if (rule->identity == NULL) { result = ISC_R_NOMEMORY; goto failure; } dns_name_init(rule->identity, NULL); result = dns_name_dup(identity, mctx, rule->identity); if (result != ISC_R_SUCCESS) goto failure; rule->name = isc_mem_get(mctx, sizeof(dns_name_t)); if (rule->name == NULL) { result = ISC_R_NOMEMORY; goto failure; } dns_name_init(rule->name, NULL); result = dns_name_dup(name, mctx, rule->name); if (result != ISC_R_SUCCESS) goto failure; rule->matchtype = matchtype; rule->ntypes = ntypes; if (ntypes > 0) { rule->types = isc_mem_get(mctx, ntypes * sizeof(dns_rdatatype_t)); if (rule->types == NULL) { result = ISC_R_NOMEMORY; goto failure; } memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t)); } else rule->types = NULL; rule->magic = SSURULEMAGIC; ISC_LIST_INITANDAPPEND(table->rules, rule, link); return (ISC_R_SUCCESS); failure: if (rule->identity != NULL) { if (dns_name_dynamic(rule->identity)) dns_name_free(rule->identity, mctx); isc_mem_put(mctx, rule->identity, sizeof(dns_name_t)); } if (rule->name != NULL) { if (dns_name_dynamic(rule->name)) dns_name_free(rule->name, mctx); isc_mem_put(mctx, rule->name, sizeof(dns_name_t)); } if (rule->types != NULL) isc_mem_put(mctx, rule->types, ntypes * sizeof(dns_rdatatype_t)); isc_mem_put(mctx, rule, sizeof(dns_ssurule_t)); return (result); }
/* * Driver-specific implementation of dns_db_create(). * * @param[in] argv Database-specific parameters from dns_db_create(). * @param[in] driverarg Driver-specific parameter from dns_db_register(). */ isc_result_t create_db(isc_mem_t *mctx, dns_name_t *origin, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp) { sampledb_t *sampledb = NULL; isc_result_t result; dns_dbversion_t *version = NULL; struct in_addr a_addr; REQUIRE(type == dns_dbtype_zone); REQUIRE(rdclass == dns_rdataclass_in); REQUIRE(argc == 0); REQUIRE(argv != NULL); REQUIRE(driverarg != NULL); /* pointer to driver instance */ REQUIRE(dbp != NULL && *dbp == NULL); UNUSED(driverarg); /* no driver-specific configuration */ a_addr.s_addr = 0x0100007fU; CHECKED_MEM_GET_PTR(mctx, sampledb); ZERO_PTR(sampledb); isc_mem_attach(mctx, &sampledb->common.mctx); dns_name_init(&sampledb->common.origin, NULL); isc_ondestroy_init(&sampledb->common.ondest); sampledb->common.magic = DNS_DB_MAGIC; sampledb->common.impmagic = SAMPLEDB_MAGIC; sampledb->common.methods = &sampledb_methods; sampledb->common.attributes = 0; sampledb->common.rdclass = rdclass; CHECK(dns_name_dupwithoffsets(origin, mctx, &sampledb->common.origin)); CHECK(isc_refcount_init(&sampledb->refs, 1)); /* Translate instance name to instance pointer. */ sampledb->inst = driverarg; /* Create internal instance of RBT DB implementation from BIND. */ CHECK(dns_db_create(mctx, "rbt", origin, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &sampledb->rbtdb)); /* Create fake SOA, NS, and A records to make database loadable. */ CHECK(dns_db_newversion(sampledb->rbtdb, &version)); CHECK(add_soa(sampledb->rbtdb, version, origin, origin, origin)); CHECK(add_ns(sampledb->rbtdb, version, origin, origin)); CHECK(add_a(sampledb->rbtdb, version, origin, a_addr)); dns_db_closeversion(sampledb->rbtdb, &version, ISC_TRUE); *dbp = (dns_db_t *)sampledb; return (ISC_R_SUCCESS); cleanup: if (sampledb != NULL) { if (dns_name_dynamic(&sampledb->common.origin)) dns_name_free(&sampledb->common.origin, mctx); isc_mem_putanddetach(&sampledb->common.mctx, sampledb, sizeof(*sampledb)); } return (result); }