int main(int argc, char *argv[]) { char s[1000]; isc_result_t result; dns_fixedname_t wname, wname2, oname, compname, downname; isc_buffer_t source; isc_region_t r; dns_name_t *name, *origin, *comp, *down; unsigned int downcase = 0; size_t len; isc_boolean_t quiet = ISC_FALSE; isc_boolean_t concatenate = ISC_FALSE; isc_boolean_t got_name = ISC_FALSE; isc_boolean_t check_absolute = ISC_FALSE; isc_boolean_t check_wildcard = ISC_FALSE; isc_boolean_t test_downcase = ISC_FALSE; isc_boolean_t inplace = ISC_FALSE; isc_boolean_t want_split = ISC_FALSE; unsigned int labels, split_label = 0; dns_fixedname_t fprefix, fsuffix; dns_name_t *prefix, *suffix; int ch; isc__mem_register(); isc__task_register(); isc__timer_register(); isc__socket_register(); while ((ch = isc_commandline_parse(argc, argv, "acdiqs:w")) != -1) { switch (ch) { case 'a': check_absolute = ISC_TRUE; break; case 'c': concatenate = ISC_TRUE; break; case 'd': test_downcase = ISC_TRUE; break; case 'i': inplace = ISC_TRUE; break; case 'q': quiet = ISC_TRUE; break; case 's': want_split = ISC_TRUE; split_label = atoi(isc_commandline_argument); break; case 'w': check_wildcard = ISC_TRUE; break; } } argc -= isc_commandline_index; argv += isc_commandline_index; if (argc > 0) { if (strcasecmp("none", argv[0]) == 0) origin = NULL; else { len = strlen(argv[0]); isc_buffer_init(&source, argv[0], len); isc_buffer_add(&source, len); dns_fixedname_init(&oname); origin = &oname.name; result = dns_name_fromtext(origin, &source, dns_rootname, 0, NULL); if (result != 0) { fprintf(stderr, "dns_name_fromtext() failed: %d\n", result); exit(1); } } } else if (concatenate) origin = NULL; else origin = dns_rootname; if (argc >= 1) { if (strcasecmp("none", argv[1]) == 0) comp = NULL; else { len = strlen(argv[1]); isc_buffer_init(&source, argv[1], len); isc_buffer_add(&source, len); dns_fixedname_init(&compname); comp = &compname.name; result = dns_name_fromtext(comp, &source, origin, 0, NULL); if (result != 0) { fprintf(stderr, "dns_name_fromtext() failed: %d\n", result); exit(1); } } } else comp = NULL; dns_fixedname_init(&wname); name = dns_fixedname_name(&wname); dns_fixedname_init(&wname2); while (fgets(s, sizeof(s), stdin) != NULL) { len = strlen(s); if (len > 0U && s[len - 1] == '\n') { s[len - 1] = '\0'; len--; } isc_buffer_init(&source, s, len); isc_buffer_add(&source, len); if (len > 0U) result = dns_name_fromtext(name, &source, origin, downcase, NULL); else { if (name == dns_fixedname_name(&wname)) dns_fixedname_init(&wname); else dns_fixedname_init(&wname2); result = ISC_R_SUCCESS; } if (result != ISC_R_SUCCESS) { printf("%s\n", dns_result_totext(result)); if (name == dns_fixedname_name(&wname)) dns_fixedname_init(&wname); else dns_fixedname_init(&wname2); continue; } if (check_absolute && dns_name_countlabels(name) > 0) { if (dns_name_isabsolute(name)) printf("absolute\n"); else printf("relative\n"); } if (check_wildcard && dns_name_countlabels(name) > 0) { if (dns_name_iswildcard(name)) printf("wildcard\n"); else printf("not wildcard\n"); } dns_name_toregion(name, &r); if (!quiet) { print_wirename(&r); printf("%u labels, %u bytes.\n", dns_name_countlabels(name), r.length); } if (concatenate) { if (got_name) { printf("Concatenating.\n"); result = dns_name_concatenate(&wname.name, &wname2.name, &wname2.name, NULL); name = &wname2.name; if (result == ISC_R_SUCCESS) { if (check_absolute && dns_name_countlabels(name) > 0) { if (dns_name_isabsolute(name)) printf("absolute\n"); else printf("relative\n"); } if (check_wildcard && dns_name_countlabels(name) > 0) { if (dns_name_iswildcard(name)) printf("wildcard\n"); else printf("not " "wildcard\n"); } dns_name_toregion(name, &r); if (!quiet) { print_wirename(&r); printf("%u labels, " "%u bytes.\n", dns_name_countlabels(name), r.length); } } else printf("%s\n", dns_result_totext(result)); got_name = ISC_FALSE; } else got_name = ISC_TRUE; } isc_buffer_init(&source, s, sizeof(s)); if (dns_name_countlabels(name) > 0) result = dns_name_totext(name, ISC_FALSE, &source); else result = ISC_R_SUCCESS; if (result == ISC_R_SUCCESS) { isc_buffer_usedregion(&source, &r); if (r.length > 0) printf("%.*s\n", (int)r.length, r.base); else printf("<empty text name>\n"); if (!quiet) { printf("%u bytes.\n", source.used); } } else printf("%s\n", dns_result_totext(result)); if (test_downcase) { if (inplace) { down = name; } else { dns_fixedname_init(&downname); down = dns_fixedname_name(&downname); } result = dns_name_downcase(name, down, NULL); INSIST(result == ISC_R_SUCCESS); if (!quiet) { dns_name_toregion(down, &r); print_wirename(&r); printf("%u labels, %u bytes.\n", dns_name_countlabels(down), r.length); } isc_buffer_init(&source, s, sizeof(s)); print_name(down); } if (comp != NULL && dns_name_countlabels(name) > 0) { int order; unsigned int nlabels; dns_namereln_t namereln; namereln = dns_name_fullcompare(name, comp, &order, &nlabels); if (!quiet) { if (order < 0) printf("<"); else if (order > 0) printf(">"); else printf("="); switch (namereln) { case dns_namereln_contains: printf(", contains"); break; case dns_namereln_subdomain: printf(", subdomain"); break; case dns_namereln_commonancestor: printf(", common ancestor"); break; default: break; } if (namereln != dns_namereln_none && namereln != dns_namereln_equal) printf(", nlabels = %u", nlabels); printf("\n"); } printf("dns_name_equal() returns %s\n", dns_name_equal(name, comp) ? "TRUE" : "FALSE"); } labels = dns_name_countlabels(name); if (want_split && split_label < labels) { dns_fixedname_init(&fprefix); prefix = dns_fixedname_name(&fprefix); dns_fixedname_init(&fsuffix); suffix = dns_fixedname_name(&fsuffix); printf("splitting at label %u: ", split_label); dns_name_split(name, split_label, prefix, suffix); printf("\n prefix = "); print_name(prefix); printf(" suffix = "); print_name(suffix); } if (concatenate) { if (got_name) name = &wname2.name; else name = &wname.name; } } return (0); }
static isc_result_t add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) { dns_tsigkey_t *tsigkey = NULL; const cfg_listelt_t *element; const cfg_obj_t *key = NULL; const char *keyid = NULL; unsigned char *secret = NULL; int secretalloc = 0; int secretlen = 0; isc_result_t ret; isc_stdtime_t now; isc_uint16_t bits; for (element = cfg_list_first(list); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *algobj = NULL; const cfg_obj_t *secretobj = NULL; dns_name_t keyname; dns_name_t *alg; const char *algstr; char keynamedata[1024]; isc_buffer_t keynamesrc, keynamebuf; const char *secretstr; isc_buffer_t secretbuf; key = cfg_listelt_value(element); keyid = cfg_obj_asstring(cfg_map_getname(key)); algobj = NULL; secretobj = NULL; (void)cfg_map_get(key, "algorithm", &algobj); (void)cfg_map_get(key, "secret", &secretobj); INSIST(algobj != NULL && secretobj != NULL); /* * Create the key name. */ dns_name_init(&keyname, NULL); isc_buffer_init(&keynamesrc, keyid, strlen(keyid)); isc_buffer_add(&keynamesrc, strlen(keyid)); isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata)); ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname, DNS_NAME_DOWNCASE, &keynamebuf); if (ret != ISC_R_SUCCESS) goto failure; /* * Create the algorithm. */ algstr = cfg_obj_asstring(algobj); if (ns_config_getkeyalgorithm(algstr, &alg, &bits) != ISC_R_SUCCESS) { cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR, "key '%s': has a unsupported algorithm '%s'", keyid, algstr); ret = DNS_R_BADALG; goto failure; } secretstr = cfg_obj_asstring(secretobj); secretalloc = secretlen = strlen(secretstr) * 3 / 4; secret = isc_mem_get(mctx, secretlen); if (secret == NULL) { ret = ISC_R_NOMEMORY; goto failure; } isc_buffer_init(&secretbuf, secret, secretlen); ret = isc_base64_decodestring(secretstr, &secretbuf); if (ret != ISC_R_SUCCESS) goto failure; secretlen = isc_buffer_usedlength(&secretbuf); isc_stdtime_get(&now); ret = dns_tsigkey_create(&keyname, alg, secret, secretlen, ISC_FALSE, NULL, now, now, mctx, ring, &tsigkey); isc_mem_put(mctx, secret, secretalloc); secret = NULL; if (ret != ISC_R_SUCCESS) goto failure; /* * Set digest bits. */ dst_key_setbits(tsigkey->key, bits); dns_tsigkey_detach(&tsigkey); } return (ISC_R_SUCCESS); failure: cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR, "configuring key '%s': %s", keyid, isc_result_totext(ret)); if (secret != NULL) isc_mem_put(mctx, secret, secretalloc); return (ret); }
static isc_result_t setup_dnsseckeys(dns_client_t *client) { isc_result_t result; cfg_parser_t *parser = NULL; const cfg_obj_t *keys = NULL; const cfg_obj_t *managed_keys = NULL; cfg_obj_t *bindkeys = NULL; const char *filename = anchorfile; if (!root_validation && !dlv_validation) return (ISC_R_SUCCESS); if (filename == NULL) { #ifndef WIN32 filename = NS_SYSCONFDIR "/bind.keys"; #else static char buf[MAX_PATH]; strlcpy(buf, isc_ntpaths_get(SYS_CONF_DIR), sizeof(buf)); strlcat(buf, "\\bind.keys", sizeof(buf)); filename = buf; #endif } if (trust_anchor == NULL) { trust_anchor = isc_mem_strdup(mctx, "."); if (trust_anchor == NULL) fatal("out of memory"); } if (trust_anchor != NULL) CHECK(convert_name(&afn, &anchor_name, trust_anchor)); if (dlv_anchor != NULL) CHECK(convert_name(&dfn, &dlv_name, dlv_anchor)); CHECK(cfg_parser_create(mctx, dns_lctx, &parser)); if (access(filename, R_OK) != 0) { if (anchorfile != NULL) fatal("Unable to read key file '%s'", anchorfile); } else { result = cfg_parse_file(parser, filename, &cfg_type_bindkeys, &bindkeys); if (result != ISC_R_SUCCESS) if (anchorfile != NULL) fatal("Unable to load keys from '%s'", anchorfile); } if (bindkeys == NULL) { isc_buffer_t b; isc_buffer_init(&b, anchortext, sizeof(anchortext) - 1); isc_buffer_add(&b, sizeof(anchortext) - 1); result = cfg_parse_buffer(parser, &b, &cfg_type_bindkeys, &bindkeys); if (result != ISC_R_SUCCESS) fatal("Unable to parse built-in keys"); } INSIST(bindkeys != NULL); cfg_map_get(bindkeys, "trusted-keys", &keys); cfg_map_get(bindkeys, "managed-keys", &managed_keys); if (keys != NULL) CHECK(load_keys(keys, client)); if (managed_keys != NULL) CHECK(load_keys(managed_keys, client)); result = ISC_R_SUCCESS; if (trusted_keys == 0) fatal("No trusted keys were loaded"); if (dlv_validation) dns_client_setdlv(client, dns_rdataclass_in, dlv_anchor); cleanup: if (result != ISC_R_SUCCESS) delv_log(ISC_LOG_ERROR, "setup_dnsseckeys: %s", isc_result_totext(result)); return (result); }
/*% * Reads a public key from disk */ isc_result_t dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, dst_key_t **keyp) { u_char rdatabuf[DST_KEY_MAXSIZE]; isc_buffer_t b; dns_fixedname_t name; isc_lex_t *lex = NULL; isc_token_t token; isc_result_t ret; dns_rdata_t rdata = DNS_RDATA_INIT; unsigned int opt = ISC_LEXOPT_DNSMULTILINE; dns_rdataclass_t rdclass = dns_rdataclass_in; isc_lexspecials_t specials; isc_uint32_t ttl; isc_result_t result; dns_rdatatype_t keytype; /* * Open the file and read its formatted contents * File format: * domain.name [ttl] [class] [KEY|DNSKEY] <flags> <protocol> <algorithm> <key> */ /* 1500 should be large enough for any key */ ret = isc_lex_create(mctx, 1500, &lex); if (ret != ISC_R_SUCCESS) goto cleanup; memset(specials, 0, sizeof(specials)); specials['('] = 1; specials[')'] = 1; specials['"'] = 1; isc_lex_setspecials(lex, specials); isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); ret = isc_lex_openfile(lex, filename); if (ret != ISC_R_SUCCESS) goto cleanup; #define NEXTTOKEN(lex, opt, token) { \ ret = isc_lex_gettoken(lex, opt, token); \ if (ret != ISC_R_SUCCESS) \ goto cleanup; \ } #define BADTOKEN() { \ ret = ISC_R_UNEXPECTEDTOKEN; \ goto cleanup; \ } /* Read the domain name */ NEXTTOKEN(lex, opt, &token); if (token.type != isc_tokentype_string) BADTOKEN(); dns_fixedname_init(&name); isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token))); isc_buffer_add(&b, strlen(DST_AS_STR(token))); ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname, ISC_FALSE, NULL); if (ret != ISC_R_SUCCESS) goto cleanup; /* Read the next word: either TTL, class, or 'KEY' */ NEXTTOKEN(lex, opt, &token); /* If it's a TTL, read the next one */ result = dns_ttl_fromtext(&token.value.as_textregion, &ttl); if (result == ISC_R_SUCCESS) NEXTTOKEN(lex, opt, &token); if (token.type != isc_tokentype_string) BADTOKEN(); ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion); if (ret == ISC_R_SUCCESS) NEXTTOKEN(lex, opt, &token); if (token.type != isc_tokentype_string) BADTOKEN(); if (strcasecmp(DST_AS_STR(token), "DNSKEY") == 0) keytype = dns_rdatatype_dnskey; else if (strcasecmp(DST_AS_STR(token), "KEY") == 0) keytype = dns_rdatatype_key; /*%< SIG(0), TKEY */ else BADTOKEN(); if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) || ((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey)) { ret = DST_R_BADKEYTYPE; goto cleanup; } isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf)); ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL, ISC_FALSE, mctx, &b, NULL); if (ret != ISC_R_SUCCESS) goto cleanup; ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx, keyp); if (ret != ISC_R_SUCCESS) goto cleanup; cleanup: if (lex != NULL) isc_lex_destroy(&lex); return (ret); }
static int setup_follow_possible_cname(dnskey_glob *gs, dnskey_lookup *dl) { int ret; dl->cname_count++; /* * If we are on an odd cycle (starting with 1), * then convert to dns_name_t so that we can compare later. * * This detects loops in the CNAME processing, while still * allowing an arbitrary number of CNAMEs to be followed. */ if(dl->cname_count & 1) { isc_buffer_t fqdn_src; isc_buffer_t *fqdn_dst; if(dl->cname_count == 1) { memset(&dl->last_cname, 0, sizeof(dl->last_cname)); dns_name_init(&dl->last_cname, NULL); } else { dns_name_reset(&dl->last_cname); } fqdn_dst=NULL; isc_buffer_init(&fqdn_src, dl->fqdn, strlen(dl->fqdn)); isc_buffer_add(&fqdn_src, strlen(dl->fqdn)); isc_buffer_allocate(gs->iscmem, &fqdn_dst, strlen(dl->fqdn)+1); #if 0 if(dl->last_cname_used) { dns_name_free(&dl->last_cname, gs->iscmem); } #endif dl->last_cname_used = 1; if(dns_name_fromtext(&dl->last_cname, &fqdn_src, NULL, 1, fqdn_dst) != ISC_R_SUCCESS) { return 0; } /* something else here ? */ } ret = lwres_getrrsetbyname_init(dl->fqdn, dns_rdataclass_in, dns_rdatatype_cname, 0 /*flags*/, gs->lwctx, &dl->las); if(ret != ERRSET_SUCCESS) { return 0; } lwres_getrrsetbyname_xmit(gs->lwctx, &dl->las); return 1; }
isc_result_t dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, dns_rdatatype_t covers, dns_rdataset_t *rdataset) { dns_name_t tname; dns_rdata_rrsig_t rrsig; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_t clone; dns_rdatatype_t type; dns_trust_t trust = dns_trust_none; isc_buffer_t source; isc_region_t remaining, sigregion; isc_result_t result; unsigned char *raw; unsigned int count; REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); dns_rdataset_init(&clone); dns_rdataset_clone(ncacherdataset, &clone); result = dns_rdataset_first(&clone); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&clone, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&tname, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&tname, &remaining); INSIST(remaining.length >= tname.length); isc_buffer_forward(&source, tname.length); isc_region_consume(&remaining, tname.length); INSIST(remaining.length >= 2); type = isc_buffer_getuint16(&source); isc_region_consume(&remaining, 2); if (type != dns_rdatatype_rrsig || !dns_name_equal(&tname, name)) { result = dns_rdataset_next(&clone); dns_rdata_reset(&rdata); continue; } INSIST(remaining.length >= 1); trust = isc_buffer_getuint8(&source); INSIST(trust <= dns_trust_ultimate); isc_region_consume(&remaining, 1); raw = remaining.base; count = raw[0] * 256 + raw[1]; INSIST(count > 0); raw += 2; sigregion.length = raw[0] * 256 + raw[1]; raw += 2; sigregion.base = raw; dns_rdata_reset(&rdata); dns_rdata_fromregion(&rdata, rdataset->rdclass, dns_rdatatype_rrsig, &sigregion); (void)dns_rdata_tostruct(&rdata, &rrsig, NULL); if (rrsig.covered == covers) { isc_buffer_remainingregion(&source, &remaining); break; } result = dns_rdataset_next(&clone); dns_rdata_reset(&rdata); } dns_rdataset_disassociate(&clone); if (result == ISC_R_NOMORE) return (ISC_R_NOTFOUND); if (result != ISC_R_SUCCESS) return (result); INSIST(remaining.length != 0); rdataset->methods = &rdataset_methods; rdataset->rdclass = ncacherdataset->rdclass; rdataset->type = dns_rdatatype_rrsig; rdataset->covers = covers; rdataset->ttl = ncacherdataset->ttl; rdataset->trust = trust; rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = remaining.base; /* * Reset iterator state. */ rdataset->privateuint4 = 0; rdataset->private5 = NULL; rdataset->private6 = NULL; return (ISC_R_SUCCESS); }
int main (int *argc, char **argv) { isc_mem_t *mctx = NULL; isc_entropy_t *ectx = NULL; isc_result_t result; char *basedn; ldap_info *tmp; LDAPMod *base_attrs[2]; LDAPMod base; isc_buffer_t buff; char *zonefile; char fullbasedn[1024]; char *ctmp; dns_fixedname_t fixedzone, fixedname; dns_rdataset_t rdataset; char **dc_list; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdatasetiter_t *riter; dns_name_t *zone, *name; dns_db_t *db = NULL; dns_dbiterator_t *dbit = NULL; dns_dbnode_t *node; extern char *optarg; extern int optind, opterr, optopt; int create_base = 0; int topt; if ((int) argc < 2) { usage (); exit (-1); } while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1) { switch (topt) { case 'v': printf("%s\n", VERSION); exit(0); case 'c': create_base++; break; case 'd': debug++; break; case 'D': binddn = strdup (optarg); break; case 'w': bindpw = strdup (optarg); break; case 'b': ldapbase = strdup (optarg); break; case 'z': argzone = strdup (optarg); // We wipe argzone all to hell when we parse it for the DN */ gbl_zone = strdup(argzone); break; case 'f': zonefile = strdup (optarg); break; case 'h': ldapsystem = strdup (optarg); break; case '?': default: usage (); exit (0); } } if ((argzone == NULL) || (zonefile == NULL)) { usage (); exit (-1); } if (debug) printf ("Initializing ISC Routines, parsing zone file\n"); result = isc_mem_create (0, 0, &mctx); isc_result_check (result, "isc_mem_create"); result = isc_entropy_create(mctx, &ectx); isc_result_check (result, "isc_entropy_create"); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); isc_result_check (result, "isc_hash_create"); isc_buffer_init (&buff, argzone, strlen (argzone)); isc_buffer_add (&buff, strlen (argzone)); dns_fixedname_init (&fixedzone); zone = dns_fixedname_name (&fixedzone); result = dns_name_fromtext (zone, &buff, dns_rootname, 0, NULL); isc_result_check (result, "dns_name_fromtext"); result = dns_db_create (mctx, "rbt", zone, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &db); isc_result_check (result, "dns_db_create"); result = dns_db_load (db, zonefile); isc_result_check (result, "Check Zone Syntax: dns_db_load"); result = dns_db_createiterator (db, 0, &dbit); isc_result_check (result, "dns_db_createiterator"); result = dns_dbiterator_first (dbit); isc_result_check (result, "dns_dbiterator_first"); dns_fixedname_init (&fixedname); name = dns_fixedname_name (&fixedname); dns_rdataset_init (&rdataset); dns_rdata_init (&rdata); while (result == ISC_R_SUCCESS) { node = NULL; result = dns_dbiterator_current (dbit, &node, name); if (result == ISC_R_NOMORE) break; isc_result_check (result, "dns_dbiterator_current"); riter = NULL; result = dns_db_allrdatasets (db, node, NULL, 0, &riter); isc_result_check (result, "dns_db_allrdatasets"); result = dns_rdatasetiter_first (riter); //isc_result_check(result, "dns_rdatasetiter_first"); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current (riter, &rdataset); result = dns_rdataset_first (&rdataset); isc_result_check (result, "dns_rdatasetiter_current"); while (result == ISC_R_SUCCESS) { dns_rdataset_current (&rdataset, &rdata); generate_ldap (name, &rdata, rdataset.ttl); dns_rdata_reset (&rdata); result = dns_rdataset_next (&rdataset); } dns_rdataset_disassociate (&rdataset); result = dns_rdatasetiter_next (riter); } dns_rdatasetiter_destroy (&riter); result = dns_dbiterator_next (dbit); } /* Initialize the LDAP Connection */ if (debug) printf ("Initializing LDAP Connection to %s as %s\n", ldapsystem, binddn); init_ldap_conn (); if (create_base) { if (debug) printf ("Creating base zone DN %s\n", argzone); dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC); for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--) { if ((*ctmp == ',') || (ctmp == &basedn[0])) { base.mod_op = LDAP_MOD_ADD; base.mod_type = "objectClass"; base.mod_values = topObjectClasses; base_attrs[0] = &base; base_attrs[1] = NULL; if (ldapbase) { if (ctmp != &basedn[0]) sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase); else sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); } else { if (ctmp != &basedn[0]) sprintf (fullbasedn, "%s", ctmp + 1); else sprintf (fullbasedn, "%s", ctmp); } result = ldap_add_s (conn, fullbasedn, base_attrs); ldap_result_check ("intial ldap_add_s", fullbasedn, result); } } } else { if (debug) printf ("Skipping zone base dn creation for %s\n", argzone); } for (tmp = ldap_info_base; tmp != NULL; tmp = tmp->next) { if (debug) printf ("Adding DN: %s\n", tmp->dn); add_ldap_values (tmp); } if (debug) printf("Operation Complete.\n"); /* Cleanup */ isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); if (zonefile) free(zonefile); return 0; }
int main(int argc, char *argv[]) { char *ourkeyname; isc_taskmgr_t *taskmgr; isc_timermgr_t *timermgr; isc_socketmgr_t *socketmgr; isc_socket_t *sock; unsigned int attrs, attrmask; isc_sockaddr_t bind_any; dns_dispatchmgr_t *dispatchmgr; dns_dispatch_t *dispatchv4; dns_view_t *view; isc_entropy_t *ectx; dns_tkeyctx_t *tctx; isc_log_t *log; isc_logconfig_t *logconfig; isc_task_t *task; isc_result_t result; int type; RUNCHECK(isc_app_start()); if (argc < 2) { fprintf(stderr, "I:no DH key provided\n"); exit(-1); } ourkeyname = argv[1]; if (argc >= 3) ownername_str = argv[2]; dns_result_register(); mctx = NULL; isc_mem_debugging = ISC_MEM_DEBUGRECORD; RUNCHECK(isc_mem_create(0, 0, &mctx)); ectx = NULL; RUNCHECK(isc_entropy_create(mctx, &ectx)); RUNCHECK(isc_entropy_createfilesource(ectx, "../random.data")); RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)); log = NULL; logconfig = NULL; RUNCHECK(isc_log_create(mctx, &log, &logconfig)); RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY)); taskmgr = NULL; RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr)); task = NULL; RUNCHECK(isc_task_create(taskmgr, 0, &task)); timermgr = NULL; RUNCHECK(isc_timermgr_create(mctx, &timermgr)); socketmgr = NULL; RUNCHECK(isc_socketmgr_create(mctx, &socketmgr)); dispatchmgr = NULL; RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)); isc_sockaddr_any(&bind_any); attrs = DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_MAKEQUERY | DNS_DISPATCHATTR_IPV4; attrmask = DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP | DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6; dispatchv4 = NULL; RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &bind_any, 4096, 4, 2, 3, 5, attrs, attrmask, &dispatchv4)); requestmgr = NULL; RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr, dispatchmgr, dispatchv4, NULL, &requestmgr)); ring = NULL; RUNCHECK(dns_tsigkeyring_create(mctx, &ring)); tctx = NULL; RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx)); view = NULL; RUNCHECK(dns_view_create(mctx, 0, "_test", &view)); dns_view_setkeyring(view, ring); dns_tsigkeyring_detach(&ring); sock = NULL; RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp, &sock)); RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL)); ourkey = NULL; type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; result = dst_key_fromnamedfile(ourkeyname, NULL, type, mctx, &ourkey); CHECK("dst_key_fromnamedfile", result); isc_buffer_init(&nonce, noncedata, sizeof(noncedata)); result = isc_entropy_getdata(ectx, noncedata, sizeof(noncedata), NULL, ISC_ENTROPY_BLOCKING); CHECK("isc_entropy_getdata", result); isc_buffer_add(&nonce, sizeof(noncedata)); (void)isc_app_run(); dns_requestmgr_shutdown(requestmgr); dns_requestmgr_detach(&requestmgr); dns_dispatch_detach(&dispatchv4); dns_dispatchmgr_destroy(&dispatchmgr); isc_task_shutdown(task); isc_task_detach(&task); isc_taskmgr_destroy(&taskmgr); isc_socket_detach(&sock); isc_socketmgr_destroy(&socketmgr); isc_timermgr_destroy(&timermgr); dst_key_free(&ourkey); dns_tsigkey_detach(&initialkey); dns_tsigkey_detach(&tsigkey); dns_tkeyctx_destroy(&tctx); dns_view_detach(&view); isc_log_destroy(&log); dst_lib_destroy(); isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); isc_app_finish(); return (0); }
static isc_result_t pkcs11dsa_todns(const dst_key_t *key, isc_buffer_t *data) { pk11_object_t *dsa; CK_ATTRIBUTE *attr; isc_region_t r; int dnslen; unsigned int t, p_bytes; CK_ATTRIBUTE *prime = NULL, *subprime = NULL; CK_ATTRIBUTE *base = NULL, *pub_key = NULL; CK_BYTE *cp; REQUIRE(key->keydata.pkey != NULL); dsa = key->keydata.pkey; for (attr = pk11_attribute_first(dsa); attr != NULL; attr = pk11_attribute_next(dsa, attr)) switch (attr->type) { case CKA_PRIME: prime = attr; break; case CKA_SUBPRIME: subprime = attr; break; case CKA_BASE: base = attr; break; case CKA_VALUE: pub_key = attr; break; } REQUIRE((prime != NULL) && (subprime != NULL) && (base != NULL) && (pub_key != NULL)); isc_buffer_availableregion(data, &r); t = (prime->ulValueLen - 64) / 8; if (t > 8) return (DST_R_INVALIDPUBLICKEY); p_bytes = 64 + 8 * t; dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH; if (r.length < (unsigned int) dnslen) return (ISC_R_NOSPACE); memset(r.base, 0, dnslen); *r.base = t; isc_region_consume(&r, 1); cp = (CK_BYTE *) subprime->pValue; memmove(r.base + ISC_SHA1_DIGESTLENGTH - subprime->ulValueLen, cp, subprime->ulValueLen); isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); cp = (CK_BYTE *) prime->pValue; memmove(r.base + key->key_size/8 - prime->ulValueLen, cp, prime->ulValueLen); isc_region_consume(&r, p_bytes); cp = (CK_BYTE *) base->pValue; memmove(r.base + key->key_size/8 - base->ulValueLen, cp, base->ulValueLen); isc_region_consume(&r, p_bytes); cp = (CK_BYTE *) pub_key->pValue; memmove(r.base + key->key_size/8 - pub_key->ulValueLen, cp, pub_key->ulValueLen); isc_region_consume(&r, p_bytes); isc_buffer_add(data, dnslen); return (ISC_R_SUCCESS); }
isc_result_t dst_gssapi_acceptctx(gss_cred_id_t cred, isc_region_t *intoken, isc_buffer_t **outtoken, gss_ctx_id_t *ctxout, dns_name_t *principal, isc_mem_t *mctx) { #ifdef GSSAPI isc_region_t r; isc_buffer_t namebuf; gss_buffer_desc gnamebuf = GSS_C_EMPTY_BUFFER, gintoken, gouttoken = GSS_C_EMPTY_BUFFER; OM_uint32 gret, minor; gss_ctx_id_t context = GSS_C_NO_CONTEXT; gss_name_t gname = NULL; isc_result_t result; char buf[1024]; REQUIRE(outtoken != NULL && *outtoken == NULL); log_cred(cred); REGION_TO_GBUFFER(*intoken, gintoken); if (*ctxout == NULL) context = GSS_C_NO_CONTEXT; else context = *ctxout; gret = gss_accept_sec_context(&minor, &context, cred, &gintoken, GSS_C_NO_CHANNEL_BINDINGS, &gname, NULL, &gouttoken, NULL, NULL, NULL); result = ISC_R_FAILURE; switch (gret) { case GSS_S_COMPLETE: result = ISC_R_SUCCESS; break; case GSS_S_CONTINUE_NEEDED: result = DNS_R_CONTINUE; break; case GSS_S_DEFECTIVE_TOKEN: case GSS_S_DEFECTIVE_CREDENTIAL: case GSS_S_BAD_SIG: case GSS_S_DUPLICATE_TOKEN: case GSS_S_OLD_TOKEN: case GSS_S_NO_CRED: case GSS_S_CREDENTIALS_EXPIRED: case GSS_S_BAD_BINDINGS: case GSS_S_NO_CONTEXT: case GSS_S_BAD_MECH: case GSS_S_FAILURE: result = DNS_R_INVALIDTKEY; /* fall through */ default: gss_log(3, "failed gss_accept_sec_context: %s", gss_error_tostring(gret, minor, buf, sizeof(buf))); return (result); } if (gouttoken.length > 0) { RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length)); GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(*outtoken, &r)); (void)gss_release_buffer(&minor, &gouttoken); } if (gret == GSS_S_COMPLETE) { gret = gss_display_name(&minor, gname, &gnamebuf, NULL); if (gret != GSS_S_COMPLETE) { gss_log(3, "failed gss_display_name: %s", gss_error_tostring(gret, minor, buf, sizeof(buf))); RETERR(ISC_R_FAILURE); } /* * Compensate for a bug in Solaris8's implementation * of gss_display_name(). Should be harmless in any * case, since principal names really should not * contain null characters. */ if (gnamebuf.length > 0 && ((char *)gnamebuf.value)[gnamebuf.length - 1] == '\0') gnamebuf.length--; gss_log(3, "gss-api source name (accept) is %.*s", (int)gnamebuf.length, (char *)gnamebuf.value); GBUFFER_TO_REGION(gnamebuf, r); isc_buffer_init(&namebuf, r.base, r.length); isc_buffer_add(&namebuf, r.length); RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, ISC_FALSE, NULL)); if (gnamebuf.length != 0) { gret = gss_release_buffer(&minor, &gnamebuf); if (gret != GSS_S_COMPLETE) gss_log(3, "failed gss_release_buffer: %s", gss_error_tostring(gret, minor, buf, sizeof(buf))); } } *ctxout = context; out: if (gname != NULL) { gret = gss_release_name(&minor, &gname); if (gret != GSS_S_COMPLETE) gss_log(3, "failed gss_release_name: %s", gss_error_tostring(gret, minor, buf, sizeof(buf))); } return (result); #else UNUSED(cred); UNUSED(intoken); UNUSED(outtoken); UNUSED(ctxout); UNUSED(principal); UNUSED(mctx); return (ISC_R_NOTIMPLEMENTED); #endif }
static void sendquery(isc_task_t *task, isc_event_t *event) { struct in_addr inaddr; isc_sockaddr_t address; isc_region_t r; isc_result_t result; dns_fixedname_t keyname; dns_fixedname_t ownername; isc_buffer_t namestr, keybuf; unsigned char keydata[9]; dns_message_t *query; dns_request_t *request; static char keystr[] = "0123456789ab"; isc_event_free(&event); result = ISC_R_FAILURE; if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) CHECK("inet_pton", result); isc_sockaddr_fromin(&address, &inaddr, PORT); dns_fixedname_init(&keyname); isc_buffer_constinit(&namestr, "tkeytest.", 9); isc_buffer_add(&namestr, 9); result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, NULL, 0, NULL); CHECK("dns_name_fromtext", result); dns_fixedname_init(&ownername); isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str)); isc_buffer_add(&namestr, strlen(ownername_str)); result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr, NULL, 0, NULL); CHECK("dns_name_fromtext", result); isc_buffer_init(&keybuf, keydata, 9); result = isc_base64_decodestring(keystr, &keybuf); CHECK("isc_base64_decodestring", result); isc_buffer_usedregion(&keybuf, &r); initialkey = NULL; result = dns_tsigkey_create(dns_fixedname_name(&keyname), DNS_TSIG_HMACMD5_NAME, isc_buffer_base(&keybuf), isc_buffer_usedlength(&keybuf), ISC_FALSE, NULL, 0, 0, mctx, ring, &initialkey); CHECK("dns_tsigkey_create", result); query = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); CHECK("dns_message_create", result); result = dns_tkey_builddhquery(query, ourkey, dns_fixedname_name(&ownername), DNS_TSIG_HMACMD5_NAME, &nonce, 3600); CHECK("dns_tkey_builddhquery", result); request = NULL; result = dns_request_create(requestmgr, query, &address, DNS_REQUESTOPT_TCP, initialkey, TIMEOUT, task, recvquery, query, &request); CHECK("dns_request_create", result); }
int main(int argc, char *argv[]) { dns_db_t *db; dns_dbnode_t *node; isc_result_t result; dns_name_t name; dns_offsets_t offsets; size_t len; isc_buffer_t source, target; char s[1000]; char b[255]; dns_rdataset_t rdataset, sigrdataset; int ch; dns_rdatatype_t type = 1; isc_boolean_t printnode = ISC_FALSE; isc_boolean_t addmode = ISC_FALSE; isc_boolean_t delmode = ISC_FALSE; isc_boolean_t holdmode = ISC_FALSE; isc_boolean_t verbose = ISC_FALSE; isc_boolean_t done = ISC_FALSE; isc_boolean_t quiet = ISC_FALSE; isc_boolean_t time_lookups = ISC_FALSE; isc_boolean_t found_as; isc_boolean_t find_zonecut = ISC_FALSE; isc_boolean_t noexact_zonecut = ISC_FALSE; int i, v; dns_rdatasetiter_t *rdsiter; char t1[256]; char t2[256]; isc_buffer_t tb1, tb2; isc_region_t r1, r2; dns_fixedname_t foundname; dns_name_t *fname; unsigned int options = 0, zcoptions; isc_time_t start, finish; const char *origintext; dbinfo *dbi; dns_dbversion_t *version; dns_name_t *origin; size_t memory_quota = 0; dns_trust_t trust = 0; unsigned int addopts; isc_log_t *lctx = NULL; size_t n; dns_result_register(); RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); RUNTIME_CHECK(dns_dbtable_create(mctx, dns_rdataclass_in, &dbtable) == ISC_R_SUCCESS); strcpy(dbtype, "rbt"); while ((ch = isc_commandline_parse(argc, argv, "c:d:t:z:P:Q:glpqvT")) != -1) { switch (ch) { case 'c': result = load(isc_commandline_argument, ".", ISC_TRUE); if (result != ISC_R_SUCCESS) printf("cache load(%s) %08x: %s\n", isc_commandline_argument, result, isc_result_totext(result)); break; case 'd': n = strlcpy(dbtype, isc_commandline_argument, sizeof(dbtype)); if (n >= sizeof(dbtype)) { fprintf(stderr, "bad db type '%s'\n", isc_commandline_argument); exit(1); } break; case 'g': options |= (DNS_DBFIND_GLUEOK|DNS_DBFIND_VALIDATEGLUE); break; case 'l': RUNTIME_CHECK(isc_log_create(mctx, &lctx, NULL) == ISC_R_SUCCESS); isc_log_setcontext(lctx); dns_log_init(lctx); dns_log_setcontext(lctx); break; case 'q': quiet = ISC_TRUE; verbose = ISC_FALSE; break; case 'p': printnode = ISC_TRUE; break; case 'P': pause_every = atoi(isc_commandline_argument); break; case 'Q': memory_quota = atoi(isc_commandline_argument); isc_mem_setquota(mctx, memory_quota); break; case 't': type = atoi(isc_commandline_argument); break; case 'T': time_lookups = ISC_TRUE; break; case 'v': verbose = ISC_TRUE; break; case 'z': origintext = strrchr(isc_commandline_argument, '/'); if (origintext == NULL) origintext = isc_commandline_argument; else origintext++; /* Skip '/'. */ result = load(isc_commandline_argument, origintext, ISC_FALSE); if (result != ISC_R_SUCCESS) printf("zone load(%s) %08x: %s\n", isc_commandline_argument, result, isc_result_totext(result)); break; } } argc -= isc_commandline_index; argv += isc_commandline_index; POST(argv); if (argc != 0) printf("ignoring trailing arguments\n"); /* * Some final initialization... */ dns_fixedname_init(&foundname); fname = dns_fixedname_name(&foundname); dbi = NULL; origin = dns_rootname; version = NULL; if (time_lookups) { TIME_NOW(&start); } while (!done) { if (!quiet) printf("\n"); if (fgets(s, sizeof(s), stdin) == NULL) { done = ISC_TRUE; continue; } len = strlen(s); if (len > 0U && s[len - 1] == '\n') { s[len - 1] = '\0'; len--; } if (verbose && dbi != NULL) { if (dbi->wversion != NULL) printf("future version (%p)\n", dbi->wversion); for (i = 0; i < dbi->rcount; i++) if (dbi->rversions[i] != NULL) printf("open version %d (%p)\n", i, dbi->rversions[i]); } dns_name_init(&name, offsets); if (strcmp(s, "!R") == 0) { DBI_CHECK(dbi); if (dbi->rcount == MAXVERSIONS) { printf("too many open versions\n"); continue; } dns_db_currentversion(dbi->db, &dbi->rversions[dbi->rcount]); printf("opened version %d\n", dbi->rcount); dbi->version = dbi->rversions[dbi->rcount]; version = dbi->version; dbi->rcount++; continue; } else if (strcmp(s, "!W") == 0) { DBI_CHECK(dbi); if (dbi->wversion != NULL) { printf("using existing future version\n"); dbi->version = dbi->wversion; version = dbi->version; continue; } result = dns_db_newversion(dbi->db, &dbi->wversion); if (result != ISC_R_SUCCESS) print_result("", result); else printf("newversion\n"); dbi->version = dbi->wversion; version = dbi->version; continue; } else if (strcmp(s, "!C") == 0) { DBI_CHECK(dbi); addmode = ISC_FALSE; delmode = ISC_FALSE; if (dbi->version == NULL) continue; if (dbi->version == dbi->wversion) { printf("closing future version\n"); dbi->wversion = NULL; } else { for (i = 0; i < dbi->rcount; i++) { if (dbi->version == dbi->rversions[i]) { dbi->rversions[i] = NULL; printf("closing open version %d\n", i); break; } } } dns_db_closeversion(dbi->db, &dbi->version, ISC_TRUE); version = NULL; continue; } else if (strcmp(s, "!X") == 0) { DBI_CHECK(dbi); addmode = ISC_FALSE; delmode = ISC_FALSE; if (dbi->version == NULL) continue; if (dbi->version == dbi->wversion) { printf("aborting future version\n"); dbi->wversion = NULL; } else { for (i = 0; i < dbi->rcount; i++) { if (dbi->version == dbi->rversions[i]) { dbi->rversions[i] = NULL; printf("closing open version %d\n", i); break; } } } dns_db_closeversion(dbi->db, &dbi->version, ISC_FALSE); version = NULL; continue; } else if (strcmp(s, "!A") == 0) { DBI_CHECK(dbi); delmode = ISC_FALSE; if (addmode) addmode = ISC_FALSE; else addmode = ISC_TRUE; printf("addmode = %s\n", addmode ? "TRUE" : "FALSE"); continue; } else if (strcmp(s, "!D") == 0) { DBI_CHECK(dbi); addmode = ISC_FALSE; if (delmode) delmode = ISC_FALSE; else delmode = ISC_TRUE; printf("delmode = %s\n", delmode ? "TRUE" : "FALSE"); continue; } else if (strcmp(s, "!H") == 0) { DBI_CHECK(dbi); if (holdmode) holdmode = ISC_FALSE; else holdmode = ISC_TRUE; printf("holdmode = %s\n", holdmode ? "TRUE" : "FALSE"); continue; } else if (strcmp(s, "!HR") == 0) { DBI_CHECK(dbi); for (i = 0; i < dbi->hold_count; i++) dns_db_detachnode(dbi->db, &dbi->hold_nodes[i]); dbi->hold_count = 0; holdmode = ISC_FALSE; printf("held nodes have been detached\n"); continue; } else if (strcmp(s, "!VC") == 0) { DBI_CHECK(dbi); printf("switching to current version\n"); dbi->version = NULL; version = NULL; continue; } else if (strstr(s, "!V") == s) { DBI_CHECK(dbi); v = atoi(&s[2]); if (v >= dbi->rcount || v < 0) { printf("unknown open version %d\n", v); continue; } if (dbi->rversions[v] == NULL) { printf("version %d is not open\n", v); continue; } printf("switching to open version %d\n", v); dbi->version = dbi->rversions[v]; version = dbi->version; continue; } else if (strstr(s, "!TR") == s) { trust = (unsigned int)atoi(&s[3]); printf("trust level is now %u\n", (unsigned int)trust); continue; } else if (strstr(s, "!T") == s) { type = (unsigned int)atoi(&s[2]); printf("now searching for type %u\n", type); continue; } else if (strcmp(s, "!G") == 0) { if ((options & DNS_DBFIND_GLUEOK) != 0) options &= ~DNS_DBFIND_GLUEOK; else options |= DNS_DBFIND_GLUEOK; printf("glue ok = %s\n", ((options & DNS_DBFIND_GLUEOK) != 0) ? "TRUE" : "FALSE"); continue; } else if (strcmp(s, "!GV") == 0) { if ((options & DNS_DBFIND_VALIDATEGLUE) != 0) options &= ~DNS_DBFIND_VALIDATEGLUE; else options |= DNS_DBFIND_VALIDATEGLUE; printf("validate glue = %s\n", ((options & DNS_DBFIND_VALIDATEGLUE) != 0) ? "TRUE" : "FALSE"); continue; } else if (strcmp(s, "!WC") == 0) { if ((options & DNS_DBFIND_NOWILD) != 0) options &= ~DNS_DBFIND_NOWILD; else options |= DNS_DBFIND_NOWILD; printf("wildcard matching = %s\n", ((options & DNS_DBFIND_NOWILD) == 0) ? "TRUE" : "FALSE"); continue; } else if (strstr(s, "!LS ") == s) { DBI_CHECK(dbi); list(dbi, &s[4]); continue; } else if (strcmp(s, "!LS") == 0) { DBI_CHECK(dbi); list(dbi, NULL); continue; } else if (strstr(s, "!DU ") == s) { DBI_CHECK(dbi); result = dns_db_dump(dbi->db, dbi->version, s+4); if (result != ISC_R_SUCCESS) { printf("\n"); print_result("", result); } continue; } else if (strcmp(s, "!PN") == 0) { if (printnode) printnode = ISC_FALSE; else printnode = ISC_TRUE; printf("printnode = %s\n", printnode ? "TRUE" : "FALSE"); continue; } else if (strstr(s, "!P") == s) { DBI_CHECK(dbi); v = atoi(&s[2]); dbi->pause_every = v; continue; } else if (strcmp(s, "!+") == 0) { DBI_CHECK(dbi); dbi->ascending = ISC_TRUE; continue; } else if (strcmp(s, "!-") == 0) { DBI_CHECK(dbi); dbi->ascending = ISC_FALSE; continue; } else if (strcmp(s, "!DB") == 0) { dbi = NULL; origin = dns_rootname; version = NULL; printf("now searching all databases\n"); continue; } else if (strncmp(s, "!DB ", 4) == 0) { dbi = select_db(s+4); if (dbi != NULL) { db = dbi->db; origin = dns_db_origin(dbi->db); version = dbi->version; addmode = ISC_FALSE; delmode = ISC_FALSE; holdmode = ISC_FALSE; } else { db = NULL; version = NULL; origin = dns_rootname; printf("database not found; " "now searching all databases\n"); } continue; } else if (strcmp(s, "!ZC") == 0) { if (find_zonecut) find_zonecut = ISC_FALSE; else find_zonecut = ISC_TRUE; printf("find_zonecut = %s\n", find_zonecut ? "TRUE" : "FALSE"); continue; } else if (strcmp(s, "!NZ") == 0) { if (noexact_zonecut) noexact_zonecut = ISC_FALSE; else noexact_zonecut = ISC_TRUE; printf("noexact_zonecut = %s\n", noexact_zonecut ? "TRUE" : "FALSE"); continue; } isc_buffer_init(&source, s, len); isc_buffer_add(&source, len); isc_buffer_init(&target, b, sizeof(b)); result = dns_name_fromtext(&name, &source, origin, 0, &target); if (result != ISC_R_SUCCESS) { print_result("bad name: ", result); continue; } if (dbi == NULL) { zcoptions = 0; if (noexact_zonecut) zcoptions |= DNS_DBTABLEFIND_NOEXACT; db = NULL; result = dns_dbtable_find(dbtable, &name, zcoptions, &db); if (result != ISC_R_SUCCESS && result != DNS_R_PARTIALMATCH) { if (!quiet) { printf("\n"); print_result("", result); } continue; } isc_buffer_init(&tb1, t1, sizeof(t1)); result = dns_name_totext(dns_db_origin(db), ISC_FALSE, &tb1); if (result != ISC_R_SUCCESS) { printf("\n"); print_result("", result); dns_db_detach(&db); continue; } isc_buffer_usedregion(&tb1, &r1); printf("\ndatabase = %.*s (%s)\n", (int)r1.length, r1.base, (dns_db_iszone(db)) ? "zone" : "cache"); } node = NULL; dns_rdataset_init(&rdataset); dns_rdataset_init(&sigrdataset); if (find_zonecut && dns_db_iscache(db)) { zcoptions = options; if (noexact_zonecut) zcoptions |= DNS_DBFIND_NOEXACT; result = dns_db_findzonecut(db, &name, zcoptions, 0, &node, fname, &rdataset, &sigrdataset); } else { result = dns_db_find(db, &name, version, type, options, 0, &node, fname, &rdataset, &sigrdataset); } if (!quiet) { if (dbi != NULL) printf("\n"); print_result("", result); } found_as = ISC_FALSE; switch (result) { case ISC_R_SUCCESS: case DNS_R_GLUE: case DNS_R_CNAME: case DNS_R_ZONECUT: break; case DNS_R_DNAME: case DNS_R_DELEGATION: found_as = ISC_TRUE; break; case DNS_R_NXRRSET: if (dns_rdataset_isassociated(&rdataset)) break; if (dbi != NULL) { if (holdmode) { RUNTIME_CHECK(dbi->hold_count < MAXHOLD); dbi->hold_nodes[dbi->hold_count++] = node; node = NULL; } else dns_db_detachnode(db, &node); } else { dns_db_detachnode(db, &node); dns_db_detach(&db); } continue; case DNS_R_NXDOMAIN: if (dns_rdataset_isassociated(&rdataset)) break; /* FALLTHROUGH */ default: if (dbi == NULL) dns_db_detach(&db); if (quiet) print_result("", result); continue; } if (found_as && !quiet) { isc_buffer_init(&tb1, t1, sizeof(t1)); isc_buffer_init(&tb2, t2, sizeof(t2)); result = dns_name_totext(&name, ISC_FALSE, &tb1); if (result != ISC_R_SUCCESS) { print_result("", result); dns_db_detachnode(db, &node); if (dbi == NULL) dns_db_detach(&db); continue; } result = dns_name_totext(fname, ISC_FALSE, &tb2); if (result != ISC_R_SUCCESS) { print_result("", result); dns_db_detachnode(db, &node); if (dbi == NULL) dns_db_detach(&db); continue; } isc_buffer_usedregion(&tb1, &r1); isc_buffer_usedregion(&tb2, &r2); printf("found %.*s as %.*s\n", (int)r1.length, r1.base, (int)r2.length, r2.base); } if (printnode) dns_db_printnode(db, node, stdout); if (!found_as && type == dns_rdatatype_any) { rdsiter = NULL; result = dns_db_allrdatasets(db, node, version, 0, &rdsiter); if (result == ISC_R_SUCCESS) { if (!quiet) print_rdatasets(fname, rdsiter); dns_rdatasetiter_destroy(&rdsiter); } else print_result("", result); } else { if (!quiet) print_rdataset(fname, &rdataset); if (dns_rdataset_isassociated(&sigrdataset)) { if (!quiet) print_rdataset(fname, &sigrdataset); dns_rdataset_disassociate(&sigrdataset); } if (dbi != NULL && addmode && !found_as) { rdataset.ttl++; rdataset.trust = trust; if (dns_db_iszone(db)) addopts = DNS_DBADD_MERGE; else addopts = 0; result = dns_db_addrdataset(db, node, version, 0, &rdataset, addopts, NULL); if (result != ISC_R_SUCCESS) print_result("", result); if (printnode) dns_db_printnode(db, node, stdout); } else if (dbi != NULL && delmode && !found_as) { result = dns_db_deleterdataset(db, node, version, type, 0); if (result != ISC_R_SUCCESS) print_result("", result); if (printnode) dns_db_printnode(db, node, stdout); } dns_rdataset_disassociate(&rdataset); } if (dbi != NULL) { if (holdmode) { RUNTIME_CHECK(dbi->hold_count < MAXHOLD); dbi->hold_nodes[dbi->hold_count++] = node; node = NULL; } else dns_db_detachnode(db, &node); } else { dns_db_detachnode(db, &node); dns_db_detach(&db); } } if (time_lookups) { isc_uint64_t usec; TIME_NOW(&finish); usec = isc_time_microdiff(&finish, &start); printf("elapsed time: %lu.%06lu seconds\n", (unsigned long)(usec / 1000000), (unsigned long)(usec % 1000000)); } unload_all(); dns_dbtable_detach(&dbtable); if (lctx != NULL) isc_log_destroy(&lctx); if (!quiet) isc_mem_stats(mctx, stdout); return (0); }
static isc_result_t load(const char *filename, const char *origintext, isc_boolean_t cache) { dns_fixedname_t forigin; dns_name_t *origin; isc_result_t result; isc_buffer_t source; size_t len; dbinfo *dbi; unsigned int i; dbi = isc_mem_get(mctx, sizeof(*dbi)); if (dbi == NULL) return (ISC_R_NOMEMORY); dbi->db = NULL; dbi->version = NULL; dbi->wversion = NULL; for (i = 0; i < MAXVERSIONS; i++) dbi->rversions[i] = NULL; dbi->hold_count = 0; for (i = 0; i < MAXHOLD; i++) dbi->hold_nodes[i] = NULL; dbi->dbiterator = NULL; dbi->iversion = NULL; dbi->pause_every = pause_every; dbi->ascending = ascending; ISC_LINK_INIT(dbi, link); len = strlen(origintext); isc_buffer_constinit(&source, origintext, len); isc_buffer_add(&source, len); dns_fixedname_init(&forigin); origin = dns_fixedname_name(&forigin); result = dns_name_fromtext(origin, &source, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) { isc_mem_put(mctx, dbi, sizeof(*dbi)); return (result); } result = dns_db_create(mctx, dbtype, origin, cache ? dns_dbtype_cache : dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &dbi->db); if (result != ISC_R_SUCCESS) { isc_mem_put(mctx, dbi, sizeof(*dbi)); return (result); } printf("loading %s (%s)\n", filename, origintext); result = dns_db_load(dbi->db, filename); if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) { dns_db_detach(&dbi->db); isc_mem_put(mctx, dbi, sizeof(*dbi)); return (result); } printf("loaded\n"); if (cache) { INSIST(cache_dbi == NULL); dns_dbtable_adddefault(dbtable, dbi->db); cache_dbi = dbi; } else { result = dns_dbtable_add(dbtable, dbi->db); if (result != ISC_R_SUCCESS) { dns_db_detach(&dbi->db); isc_mem_put(mctx, dbi, sizeof(*dbi)); return (result); } } ISC_LIST_APPEND(dbs, dbi, link); return (ISC_R_SUCCESS); }
static void list(dbinfo *dbi, char *seektext) { dns_fixedname_t fname; dns_name_t *name; dns_dbnode_t *node; dns_rdatasetiter_t *rdsiter; isc_result_t result; int i; size_t len; dns_fixedname_t fseekname; dns_name_t *seekname; isc_buffer_t source; dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); if (dbi->dbiterator == NULL) { INSIST(dbi->iversion == NULL); if (dns_db_iszone(dbi->db)) { if (dbi->version != NULL) dns_db_attachversion(dbi->db, dbi->version, &dbi->iversion); else dns_db_currentversion(dbi->db, &dbi->iversion); } result = dns_db_createiterator(dbi->db, 0, &dbi->dbiterator); if (result == ISC_R_SUCCESS) { if (seektext != NULL) { len = strlen(seektext); isc_buffer_init(&source, seektext, len); isc_buffer_add(&source, len); dns_fixedname_init(&fseekname); seekname = dns_fixedname_name(&fseekname); result = dns_name_fromtext(seekname, &source, dns_db_origin( dbi->db), 0, NULL); if (result == ISC_R_SUCCESS) result = dns_dbiterator_seek( dbi->dbiterator, seekname); } else if (dbi->ascending) result = dns_dbiterator_first(dbi->dbiterator); else result = dns_dbiterator_last(dbi->dbiterator); } } else result = ISC_R_SUCCESS; node = NULL; rdsiter = NULL; i = 0; while (result == ISC_R_SUCCESS) { result = dns_dbiterator_current(dbi->dbiterator, &node, name); if (result != ISC_R_SUCCESS && result != DNS_R_NEWORIGIN) break; result = dns_db_allrdatasets(dbi->db, node, dbi->iversion, 0, &rdsiter); if (result != ISC_R_SUCCESS) { dns_db_detachnode(dbi->db, &node); break; } print_rdatasets(name, rdsiter); dns_rdatasetiter_destroy(&rdsiter); dns_db_detachnode(dbi->db, &node); if (dbi->ascending) result = dns_dbiterator_next(dbi->dbiterator); else result = dns_dbiterator_prev(dbi->dbiterator); i++; if (result == ISC_R_SUCCESS && i == dbi->pause_every) { printf("[more...]\n"); result = dns_dbiterator_pause(dbi->dbiterator); if (result == ISC_R_SUCCESS) return; } } if (result != ISC_R_NOMORE) print_result("", result); dns_dbiterator_destroy(&dbi->dbiterator); if (dbi->iversion != NULL) dns_db_closeversion(dbi->db, &dbi->iversion, ISC_FALSE); }
isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, isc_buffer_t *target, unsigned int options, unsigned int *countp) { dns_rdata_t rdata = DNS_RDATA_INIT; isc_result_t result; isc_region_t remaining, tavailable; isc_buffer_t source, savedbuffer, rdlen; dns_name_t name; dns_rdatatype_t type; unsigned int i, rcount, count; /* * Convert the negative caching rdataset 'rdataset' to wire format, * compressing names as specified in 'cctx', and storing the result in * 'target'. */ REQUIRE(rdataset != NULL); REQUIRE(rdataset->type == 0); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); savedbuffer = *target; count = 0; result = dns_rdataset_first(rdataset); while (result == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&name, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&name, &remaining); INSIST(remaining.length >= name.length); isc_buffer_forward(&source, name.length); remaining.length -= name.length; INSIST(remaining.length >= 5); type = isc_buffer_getuint16(&source); isc_buffer_forward(&source, 1); rcount = isc_buffer_getuint16(&source); for (i = 0; i < rcount; i++) { /* * Get the length of this rdata and set up an * rdata structure for it. */ isc_buffer_remainingregion(&source, &remaining); INSIST(remaining.length >= 2); dns_rdata_reset(&rdata); rdata.length = isc_buffer_getuint16(&source); isc_buffer_remainingregion(&source, &remaining); rdata.data = remaining.base; rdata.type = type; rdata.rdclass = rdataset->rdclass; INSIST(remaining.length >= rdata.length); isc_buffer_forward(&source, rdata.length); if ((options & DNS_NCACHETOWIRE_OMITDNSSEC) != 0 && dns_rdatatype_isdnssec(type)) continue; /* * Write the name. */ dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14); result = dns_name_towire(&name, cctx, target); if (result != ISC_R_SUCCESS) goto rollback; /* * See if we have space for type, class, ttl, and * rdata length. Write the type, class, and ttl. */ isc_buffer_availableregion(target, &tavailable); if (tavailable.length < 10) { result = ISC_R_NOSPACE; goto rollback; } isc_buffer_putuint16(target, type); isc_buffer_putuint16(target, rdataset->rdclass); isc_buffer_putuint32(target, rdataset->ttl); /* * Save space for rdata length. */ rdlen = *target; isc_buffer_add(target, 2); /* * Write the rdata. */ result = dns_rdata_towire(&rdata, cctx, target); if (result != ISC_R_SUCCESS) goto rollback; /* * Set the rdata length field to the compressed * length. */ INSIST((target->used >= rdlen.used + 2) && (target->used - rdlen.used - 2 < 65536)); isc_buffer_putuint16(&rdlen, (isc_uint16_t)(target->used - rdlen.used - 2)); count++; } INSIST(isc_buffer_remaininglength(&source) == 0); result = dns_rdataset_next(rdataset); dns_rdata_reset(&rdata); } if (result != ISC_R_NOMORE) goto rollback; *countp = count; return (ISC_R_SUCCESS); rollback: INSIST(savedbuffer.used < 65536); dns_compress_rollback(cctx, (isc_uint16_t)savedbuffer.used); *countp = 0; *target = savedbuffer; return (result); }
/* * Arrange to send as much as we can of "stream" without blocking. * * Requires: * The stream iterator is initialized and points at an RR, * or possibly at the end of the stream (that is, the * _first method of the iterator has been called). */ static void sendstream(xfrout_ctx_t *xfr) { dns_message_t *tcpmsg = NULL; dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */ isc_result_t result; isc_region_t used; isc_region_t region; dns_rdataset_t *qrdataset; dns_name_t *msgname = NULL; dns_rdata_t *msgrdata = NULL; dns_rdatalist_t *msgrdl = NULL; dns_rdataset_t *msgrds = NULL; dns_compress_t cctx; isc_boolean_t cleanup_cctx = ISC_FALSE; int n_rrs; isc_buffer_clear(&xfr->buf); isc_buffer_clear(&xfr->txlenbuf); isc_buffer_clear(&xfr->txbuf); if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) { /* * In the UDP case, we put the response data directly into * the client message. */ msg = xfr->client->message; CHECK(dns_message_reply(msg, ISC_TRUE)); } else { /* * TCP. Build a response dns_message_t, temporarily storing * the raw, uncompressed owner names and RR data contiguously * in xfr->buf. We know that if the uncompressed data fits * in xfr->buf, the compressed data will surely fit in a TCP * message. */ CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTRENDER, &tcpmsg)); msg = tcpmsg; msg->id = xfr->id; msg->rcode = dns_rcode_noerror; msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA; if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0) msg->flags |= DNS_MESSAGEFLAG_RA; CHECK(dns_message_settsigkey(msg, xfr->tsigkey)); CHECK(dns_message_setquerytsig(msg, xfr->lasttsig)); if (xfr->lasttsig != NULL) isc_buffer_free(&xfr->lasttsig); /* * Add a EDNS option to the message? */ if ((xfr->client->attributes & NS_CLIENTATTR_WANTOPT) != 0) { dns_rdataset_t *opt = NULL; CHECK(ns_client_addopt(xfr->client, msg, &opt)); CHECK(dns_message_setopt(msg, opt)); /* * Add to first message only. */ xfr->client->attributes &= ~NS_CLIENTATTR_WANTNSID; xfr->client->attributes &= ~NS_CLIENTATTR_HAVEEXPIRE; } /* * Account for reserved space. */ if (xfr->tsigkey != NULL) INSIST(msg->reserved != 0U); isc_buffer_add(&xfr->buf, msg->reserved); /* * Include a question section in the first message only. * BIND 8.2.1 will not recognize an IXFR if it does not * have a question section. */ if (xfr->nmsg == 0) { dns_name_t *qname = NULL; isc_region_t r; /* * Reserve space for the 12-byte message header * and 4 bytes of question. */ isc_buffer_add(&xfr->buf, 12 + 4); qrdataset = NULL; result = dns_message_gettemprdataset(msg, &qrdataset); if (result != ISC_R_SUCCESS) goto failure; dns_rdataset_init(qrdataset); dns_rdataset_makequestion(qrdataset, xfr->client->message->rdclass, xfr->qtype); result = dns_message_gettempname(msg, &qname); if (result != ISC_R_SUCCESS) goto failure; dns_name_init(qname, NULL); isc_buffer_availableregion(&xfr->buf, &r); INSIST(r.length >= xfr->qname->length); r.length = xfr->qname->length; isc_buffer_putmem(&xfr->buf, xfr->qname->ndata, xfr->qname->length); dns_name_fromregion(qname, &r); ISC_LIST_INIT(qname->list); ISC_LIST_APPEND(qname->list, qrdataset, link); dns_message_addname(msg, qname, DNS_SECTION_QUESTION); } else { /* * Reserve space for the 12-byte message header */ isc_buffer_add(&xfr->buf, 12); msg->tcp_continuation = 1; } } /* * Try to fit in as many RRs as possible, unless "one-answer" * format has been requested. */ for (n_rrs = 0; ; n_rrs++) { dns_name_t *name = NULL; isc_uint32_t ttl; dns_rdata_t *rdata = NULL; unsigned int size; isc_region_t r; msgname = NULL; msgrdata = NULL; msgrdl = NULL; msgrds = NULL; xfr->stream->methods->current(xfr->stream, &name, &ttl, &rdata); size = name->length + 10 + rdata->length; isc_buffer_availableregion(&xfr->buf, &r); if (size >= r.length) { /* * RR would not fit. If there are other RRs in the * buffer, send them now and leave this RR to the * next message. If this RR overflows the buffer * all by itself, fail. * * In theory some RRs might fit in a TCP message * when compressed even if they do not fit when * uncompressed, but surely we don't want * to send such monstrosities to an unsuspecting * slave. */ if (n_rrs == 0) { xfrout_log(xfr, ISC_LOG_WARNING, "RR too large for zone transfer " "(%d bytes)", size); /* XXX DNS_R_RRTOOLARGE? */ result = ISC_R_NOSPACE; goto failure; } break; } if (isc_log_wouldlog(ns_g_lctx, XFROUT_RR_LOGLEVEL)) log_rr(name, rdata, ttl); /* XXX */ result = dns_message_gettempname(msg, &msgname); if (result != ISC_R_SUCCESS) goto failure; dns_name_init(msgname, NULL); isc_buffer_availableregion(&xfr->buf, &r); INSIST(r.length >= name->length); r.length = name->length; isc_buffer_putmem(&xfr->buf, name->ndata, name->length); dns_name_fromregion(msgname, &r); /* Reserve space for RR header. */ isc_buffer_add(&xfr->buf, 10); result = dns_message_gettemprdata(msg, &msgrdata); if (result != ISC_R_SUCCESS) goto failure; isc_buffer_availableregion(&xfr->buf, &r); r.length = rdata->length; isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length); dns_rdata_init(msgrdata); dns_rdata_fromregion(msgrdata, rdata->rdclass, rdata->type, &r); result = dns_message_gettemprdatalist(msg, &msgrdl); if (result != ISC_R_SUCCESS) goto failure; msgrdl->type = rdata->type; msgrdl->rdclass = rdata->rdclass; msgrdl->ttl = ttl; if (rdata->type == dns_rdatatype_sig || rdata->type == dns_rdatatype_rrsig) msgrdl->covers = dns_rdata_covers(rdata); else msgrdl->covers = dns_rdatatype_none; ISC_LINK_INIT(msgrdl, link); ISC_LIST_INIT(msgrdl->rdata); ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link); result = dns_message_gettemprdataset(msg, &msgrds); if (result != ISC_R_SUCCESS) goto failure; dns_rdataset_init(msgrds); result = dns_rdatalist_tordataset(msgrdl, msgrds); INSIST(result == ISC_R_SUCCESS); ISC_LIST_APPEND(msgname->list, msgrds, link); dns_message_addname(msg, msgname, DNS_SECTION_ANSWER); msgname = NULL; result = xfr->stream->methods->next(xfr->stream); if (result == ISC_R_NOMORE) { xfr->end_of_stream = ISC_TRUE; break; } CHECK(result); if (! xfr->many_answers) break; } if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) { CHECK(dns_compress_init(&cctx, -1, xfr->mctx)); dns_compress_setsensitive(&cctx, ISC_TRUE); cleanup_cctx = ISC_TRUE; CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf)); CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0)); CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0)); CHECK(dns_message_renderend(msg)); dns_compress_invalidate(&cctx); cleanup_cctx = ISC_FALSE; isc_buffer_usedregion(&xfr->txbuf, &used); isc_buffer_putuint16(&xfr->txlenbuf, (isc_uint16_t)used.length); region.base = xfr->txlenbuf.base; region.length = 2 + used.length; xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending TCP message of %d bytes", used.length); CHECK(isc_socket_send(xfr->client->tcpsocket, /* XXX */ ®ion, xfr->client->task, xfrout_senddone, xfr)); xfr->sends++; } else { xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response"); ns_client_send(xfr->client); xfr->stream->methods->pause(xfr->stream); xfrout_ctx_destroy(&xfr); return; } /* Advance lasttsig to be the last TSIG generated */ CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig)); xfr->nmsg++; failure: if (msgname != NULL) { if (msgrds != NULL) { if (dns_rdataset_isassociated(msgrds)) dns_rdataset_disassociate(msgrds); dns_message_puttemprdataset(msg, &msgrds); } if (msgrdl != NULL) { ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link); dns_message_puttemprdatalist(msg, &msgrdl); } if (msgrdata != NULL) dns_message_puttemprdata(msg, &msgrdata); dns_message_puttempname(msg, &msgname); } if (tcpmsg != NULL) dns_message_destroy(&tcpmsg); if (cleanup_cctx) dns_compress_invalidate(&cctx); /* * Make sure to release any locks held by database * iterators before returning from the event handler. */ xfr->stream->methods->pause(xfr->stream); if (result == ISC_R_SUCCESS) return; xfrout_fail(xfr, result, "sending zone data"); }
isc_result_t dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, dns_rdatatype_t type, dns_rdataset_t *rdataset) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t remaining; isc_buffer_t source; dns_name_t tname; dns_rdatatype_t ttype; dns_trust_t trust = dns_trust_none; dns_rdataset_t clone; REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); REQUIRE(type != dns_rdatatype_rrsig); dns_rdataset_init(&clone); dns_rdataset_clone(ncacherdataset, &clone); result = dns_rdataset_first(&clone); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&clone, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&tname, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&tname, &remaining); INSIST(remaining.length >= tname.length); isc_buffer_forward(&source, tname.length); remaining.length -= tname.length; INSIST(remaining.length >= 3); ttype = isc_buffer_getuint16(&source); if (ttype == type && dns_name_equal(&tname, name)) { trust = isc_buffer_getuint8(&source); INSIST(trust <= dns_trust_ultimate); isc_buffer_remainingregion(&source, &remaining); break; } result = dns_rdataset_next(&clone); dns_rdata_reset(&rdata); } dns_rdataset_disassociate(&clone); if (result == ISC_R_NOMORE) return (ISC_R_NOTFOUND); if (result != ISC_R_SUCCESS) return (result); INSIST(remaining.length != 0); rdataset->methods = &rdataset_methods; rdataset->rdclass = ncacherdataset->rdclass; rdataset->type = type; rdataset->covers = 0; rdataset->ttl = ncacherdataset->ttl; rdataset->trust = trust; rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = remaining.base; /* * Reset iterator state. */ rdataset->privateuint4 = 0; rdataset->private5 = NULL; rdataset->private6 = NULL; return (ISC_R_SUCCESS); }
void ns_lwdclient_processgrbn(ns_lwdclient_t *client, lwres_buffer_t *b) { lwres_grbnrequest_t *req; isc_result_t result; ns_lwdclientmgr_t *cm; isc_buffer_t namebuf; REQUIRE(NS_LWDCLIENT_ISRECVDONE(client)); INSIST(client->byaddr == NULL); cm = client->clientmgr; req = NULL; result = lwres_grbnrequest_parse(cm->lwctx, b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) goto out; if (req->name == NULL) goto out; client->options = 0; if (req->rdclass != cm->view->rdclass) goto out; if (req->rdclass == dns_rdataclass_any || req->rdtype == dns_rdatatype_any) goto out; client->rdtype = req->rdtype; isc_buffer_init(&namebuf, req->name, req->namelen); isc_buffer_add(&namebuf, req->namelen); dns_fixedname_init(&client->query_name); result = dns_name_fromtext(dns_fixedname_name(&client->query_name), &namebuf, NULL, 0, NULL); if (result != ISC_R_SUCCESS) goto out; ns_lwsearchctx_init(&client->searchctx, cm->listener->manager->search, dns_fixedname_name(&client->query_name), cm->listener->manager->ndots); ns_lwsearchctx_first(&client->searchctx); ns_lwdclient_log(50, "client %p looking for type %d", client, client->rdtype); /* * We no longer need to keep this around. */ lwres_grbnrequest_free(cm->lwctx, &req); /* * Initialize the real name and alias arrays in the reply we're * going to build up. */ init_grbn(client); /* * Start the find. */ start_lookup(client); return; /* * We're screwed. Return an error packet to our caller. */ out: if (req != NULL) lwres_grbnrequest_free(cm->lwctx, &req); ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); }
void dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found, dns_rdataset_t *rdataset) { dns_rdata_t rdata = DNS_RDATA_INIT; dns_trust_t trust; isc_region_t remaining, sigregion; isc_buffer_t source; dns_name_t tname; dns_rdatatype_t type; unsigned int count; dns_rdata_rrsig_t rrsig; unsigned char *raw; REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(found != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); dns_rdataset_current(ncacherdataset, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&tname, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(found, &remaining); INSIST(remaining.length >= found->length); isc_buffer_forward(&source, found->length); remaining.length -= found->length; INSIST(remaining.length >= 5); type = isc_buffer_getuint16(&source); trust = isc_buffer_getuint8(&source); INSIST(trust <= dns_trust_ultimate); isc_buffer_remainingregion(&source, &remaining); rdataset->methods = &rdataset_methods; rdataset->rdclass = ncacherdataset->rdclass; rdataset->type = type; if (type == dns_rdatatype_rrsig) { /* * Extract covers from RRSIG. */ raw = remaining.base; count = raw[0] * 256 + raw[1]; INSIST(count > 0); raw += 2; sigregion.length = raw[0] * 256 + raw[1]; raw += 2; sigregion.base = raw; dns_rdata_reset(&rdata); dns_rdata_fromregion(&rdata, rdataset->rdclass, rdataset->type, &sigregion); (void)dns_rdata_tostruct(&rdata, &rrsig, NULL); rdataset->covers = rrsig.covered; } else rdataset->covers = 0; rdataset->ttl = ncacherdataset->ttl; rdataset->trust = trust; rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = remaining.base; /* * Reset iterator state. */ rdataset->privateuint4 = 0; rdataset->private5 = NULL; rdataset->private6 = NULL; }
static inline isc_result_t fromwire_opt(ARGS_FROMWIRE) { isc_region_t sregion; isc_region_t tregion; isc_uint16_t opt; isc_uint16_t length; unsigned int total; REQUIRE(type == 41); UNUSED(type); UNUSED(rdclass); UNUSED(dctx); UNUSED(options); isc_buffer_activeregion(source, &sregion); total = 0; while (sregion.length != 0) { if (sregion.length < 4) return (ISC_R_UNEXPECTEDEND); opt = uint16_fromregion(&sregion); isc_region_consume(&sregion, 2); length = uint16_fromregion(&sregion); isc_region_consume(&sregion, 2); total += 4; if (sregion.length < length) return (ISC_R_UNEXPECTEDEND); switch (opt) { case DNS_OPT_CLIENT_SUBNET: { isc_uint16_t family; isc_uint8_t addrlen; isc_uint8_t scope; isc_uint8_t addrbytes; if (length < 4) return (DNS_R_FORMERR); family = uint16_fromregion(&sregion); isc_region_consume(&sregion, 2); addrlen = uint8_fromregion(&sregion); isc_region_consume(&sregion, 1); scope = uint8_fromregion(&sregion); isc_region_consume(&sregion, 1); switch (family) { case 1: if (addrlen > 32U || scope > 32U) return (DNS_R_FORMERR); break; case 2: if (addrlen > 128U || scope > 128U) return (DNS_R_FORMERR); break; } addrbytes = (addrlen + 7) / 8; if (addrbytes + 4 != length) return (DNS_R_FORMERR); isc_region_consume(&sregion, addrbytes); break; } case DNS_OPT_EXPIRE: /* * Request has zero length. Response is 32 bits. */ if (length != 0 && length != 4) return (DNS_R_FORMERR); isc_region_consume(&sregion, length); break; default: isc_region_consume(&sregion, length); break; } total += length; } isc_buffer_activeregion(source, &sregion); isc_buffer_availableregion(target, &tregion); if (tregion.length < total) return (ISC_R_NOSPACE); memmove(tregion.base, sregion.base, total); isc_buffer_forward(source, total); isc_buffer_add(target, total); return (ISC_R_SUCCESS); }
ATF_TC_BODY(dumpraw, tc) { isc_result_t result; dns_db_t *db = NULL; dns_dbversion_t *version = NULL; char myorigin[sizeof(TEST_ORIGIN)]; dns_name_t dnsorigin; isc_buffer_t source, target; unsigned char namebuf[BUFLEN]; int len; UNUSED(tc); strcpy(myorigin, TEST_ORIGIN); len = strlen(myorigin); isc_buffer_init(&source, myorigin, len); isc_buffer_add(&source, len); isc_buffer_setactive(&source, len); isc_buffer_init(&target, namebuf, BUFLEN); dns_name_init(&dnsorigin, NULL); result = dns_name_fromtext(&dnsorigin, &source, dns_rootname, 0, &target); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = dns_test_begin(NULL, ISC_FALSE); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = dns_db_create(mctx, "rbt", &dnsorigin, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &db); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = dns_db_load(db, "testdata/master/master1.data"); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); dns_db_currentversion(db, &version); result = dns_master_dump2(mctx, db, version, &dns_master_style_default, "test.dump", dns_masterformat_raw); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = test_master("test.dump", dns_masterformat_raw, NULL, NULL); ATF_CHECK_STREQ(isc_result_totext(result), "success"); ATF_CHECK(headerset); ATF_CHECK_EQ(header.flags, 0); dns_master_initrawheader(&header); header.sourceserial = 12345; header.flags |= DNS_MASTERRAW_SOURCESERIALSET; unlink("test.dump"); result = dns_master_dump3(mctx, db, version, &dns_master_style_default, "test.dump", dns_masterformat_raw, &header); ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); result = test_master("test.dump", dns_masterformat_raw, NULL, NULL); ATF_CHECK_STREQ(isc_result_totext(result), "success"); ATF_CHECK(headerset); ATF_CHECK((header.flags & DNS_MASTERRAW_SOURCESERIALSET) != 0); ATF_CHECK_EQ(header.sourceserial, 12345); unlink("test.dump"); dns_db_closeversion(db, &version, ISC_FALSE); dns_db_detach(&db); dns_test_end(); }
static void set_key(dns_client_t *client, char *keynamestr, char *keystr, isc_boolean_t is_sep, isc_mem_t **mctxp) { isc_result_t result; dns_fixedname_t fkeyname; size_t namelen; dns_name_t *keyname; dns_rdata_dnskey_t keystruct; unsigned char keydata[4096]; isc_buffer_t keydatabuf; unsigned char rrdata[4096]; isc_buffer_t rrdatabuf; isc_buffer_t b; isc_textregion_t tr; isc_region_t r; dns_secalg_t alg; result = isc_mem_create(0, 0, mctxp); if (result != ISC_R_SUCCESS) { fprintf(stderr, "failed to crate mctx\n"); exit(1); } if (algname != NULL) { tr.base = algname; tr.length = strlen(algname); result = dns_secalg_fromtext(&alg, &tr); if (result != ISC_R_SUCCESS) { fprintf(stderr, "failed to identify the algorithm\n"); exit(1); } } else alg = DNS_KEYALG_RSASHA1; keystruct.common.rdclass = dns_rdataclass_in; keystruct.common.rdtype = dns_rdatatype_dnskey; keystruct.flags = DNS_KEYOWNER_ZONE; /* fixed */ if (is_sep) keystruct.flags |= DNS_KEYFLAG_KSK; keystruct.protocol = DNS_KEYPROTO_DNSSEC; /* fixed */ keystruct.algorithm = alg; isc_buffer_init(&keydatabuf, keydata, sizeof(keydata)); isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata)); result = isc_base64_decodestring(keystr, &keydatabuf); if (result != ISC_R_SUCCESS) { fprintf(stderr, "base64 decode failed\n"); exit(1); } isc_buffer_usedregion(&keydatabuf, &r); keystruct.datalen = r.length; keystruct.data = r.base; result = dns_rdata_fromstruct(NULL, keystruct.common.rdclass, keystruct.common.rdtype, &keystruct, &rrdatabuf); if (result != ISC_R_SUCCESS) { fprintf(stderr, "failed to construct key rdata\n"); exit(1); } namelen = strlen(keynamestr); isc_buffer_init(&b, keynamestr, namelen); isc_buffer_add(&b, namelen); dns_fixedname_init(&fkeyname); keyname = dns_fixedname_name(&fkeyname); result = dns_name_fromtext(keyname, &b, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) { fprintf(stderr, "failed to construct key name\n"); exit(1); } result = dns_client_addtrustedkey(client, dns_rdataclass_in, keyname, &rrdatabuf); if (result != ISC_R_SUCCESS) { fprintf(stderr, "failed to add key for %s\n", keynamestr); exit(1); } }
isc_result_t dns_tkey_processquery (dns_message_t * msg, dns_tkeyctx_t * tctx, dns_tsig_keyring_t * ring) { isc_result_t result = ISC_R_SUCCESS; dns_rdata_tkey_t tkeyin, tkeyout; isc_boolean_t freetkeyin = ISC_FALSE; dns_name_t *qname, *name, *keyname, *signer, tsigner; dns_fixedname_t fkeyname; dns_rdataset_t *tkeyset; dns_rdata_t rdata; dns_namelist_t namelist; char tkeyoutdata[512]; isc_buffer_t tkeyoutbuf; REQUIRE (msg != NULL); REQUIRE (tctx != NULL); REQUIRE (ring != NULL); ISC_LIST_INIT (namelist); /* * Interpret the question section. */ result = dns_message_firstname (msg, DNS_SECTION_QUESTION); if (result != ISC_R_SUCCESS) return (DNS_R_FORMERR); qname = NULL; dns_message_currentname (msg, DNS_SECTION_QUESTION, &qname); /* * Look for a TKEY record that matches the question. */ tkeyset = NULL; name = NULL; result = dns_message_findname (msg, DNS_SECTION_ADDITIONAL, qname, dns_rdatatype_tkey, 0, &name, &tkeyset); if (result != ISC_R_SUCCESS) { /* * Try the answer section, since that's where Win2000 * puts it. */ if (dns_message_findname (msg, DNS_SECTION_ANSWER, qname, dns_rdatatype_tkey, 0, &name, &tkeyset) != ISC_R_SUCCESS) { result = DNS_R_FORMERR; tkey_log ("dns_tkey_processquery: couldn't find a TKEY " "matching the question"); goto failure; } } result = dns_rdataset_first (tkeyset); if (result != ISC_R_SUCCESS) { result = DNS_R_FORMERR; goto failure; } dns_rdata_init (&rdata); dns_rdataset_current (tkeyset, &rdata); RETERR (dns_rdata_tostruct (&rdata, &tkeyin, NULL)); freetkeyin = ISC_TRUE; if (tkeyin.error != dns_rcode_noerror) { result = DNS_R_FORMERR; goto failure; } /* * Before we go any farther, verify that the message was signed. * GSSAPI TKEY doesn't require a signature, the rest do. */ dns_name_init (&tsigner, NULL); result = dns_message_signer (msg, &tsigner); if (result != ISC_R_SUCCESS) { if (tkeyin.mode == DNS_TKEYMODE_GSSAPI && result == ISC_R_NOTFOUND) signer = NULL; else { tkey_log ("dns_tkey_processquery: query was not " "properly signed - rejecting"); result = DNS_R_FORMERR; goto failure; } } else signer = &tsigner; tkeyout.common.rdclass = tkeyin.common.rdclass; tkeyout.common.rdtype = tkeyin.common.rdtype; ISC_LINK_INIT (&tkeyout.common, link); tkeyout.mctx = msg->mctx; dns_name_init (&tkeyout.algorithm, NULL); dns_name_clone (&tkeyin.algorithm, &tkeyout.algorithm); tkeyout.inception = tkeyout.expire = 0; tkeyout.mode = tkeyin.mode; tkeyout.error = 0; tkeyout.keylen = tkeyout.otherlen = 0; tkeyout.key = tkeyout.other = NULL; /* * A delete operation must have a fully specified key name. If this * is not a delete, we do the following: * if (qname != ".") * keyname = qname + defaultdomain * else * keyname = <random hex> + defaultdomain */ if (tkeyin.mode != DNS_TKEYMODE_DELETE) { dns_tsigkey_t *tsigkey = NULL; if (tctx->domain == NULL && tkeyin.mode != DNS_TKEYMODE_GSSAPI) { tkey_log ("dns_tkey_processquery: tkey-domain not set"); result = DNS_R_REFUSED; goto failure; } dns_fixedname_init (&fkeyname); keyname = dns_fixedname_name (&fkeyname); if (!dns_name_equal (qname, dns_rootname)) { unsigned int n = dns_name_countlabels (qname); RUNTIME_CHECK (dns_name_copy (qname, keyname, NULL) == ISC_R_SUCCESS); dns_name_getlabelsequence (keyname, 0, n - 1, keyname); } else { static char hexdigits[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; unsigned char randomdata[16]; char randomtext[32]; isc_buffer_t b; unsigned int i, j; result = isc_entropy_getdata (tctx->ectx, randomdata, sizeof (randomdata), NULL, 0); if (result != ISC_R_SUCCESS) goto failure; for (i = 0, j = 0; i < sizeof (randomdata); i++) { unsigned char val = randomdata[i]; randomtext[j++] = hexdigits[val >> 4]; randomtext[j++] = hexdigits[val & 0xF]; } isc_buffer_init (&b, randomtext, sizeof (randomtext)); isc_buffer_add (&b, sizeof (randomtext)); result = dns_name_fromtext (keyname, &b, NULL, 0, NULL); if (result != ISC_R_SUCCESS) goto failure; } if (tkeyin.mode == DNS_TKEYMODE_GSSAPI) { /* Yup. This is a hack */ result = dns_name_concatenate (keyname, dns_rootname, keyname, NULL); if (result != ISC_R_SUCCESS) goto failure; } else { result = dns_name_concatenate (keyname, tctx->domain, keyname, NULL); if (result != ISC_R_SUCCESS) goto failure; } result = dns_tsigkey_find (&tsigkey, keyname, NULL, ring); if (result == ISC_R_SUCCESS) { tkeyout.error = dns_tsigerror_badname; dns_tsigkey_detach (&tsigkey); goto failure_with_tkey; } else if (result != ISC_R_NOTFOUND) goto failure; }
int main(int argc, char **argv) { char *algname = NULL, *nametype = NULL, *type = NULL; char *classname = NULL; char *endp; dst_key_t *key = NULL, *oldkey; dns_fixedname_t fname; dns_name_t *name; isc_uint16_t flags = 0, ksk = 0; dns_secalg_t alg; isc_boolean_t null_key = ISC_FALSE; isc_mem_t *mctx = NULL; int ch; int protocol = -1, signatory = 0; isc_result_t ret; isc_textregion_t r; char filename[255]; isc_buffer_t buf; isc_log_t *log = NULL; isc_entropy_t *ectx = NULL; dns_rdataclass_t rdclass; int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC; char *label = NULL; if (argc == 1) usage(); RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS); dns_result_register(); isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "a:c:f:kl:n:p:t:v:h")) != -1) { switch (ch) { case 'a': algname = isc_commandline_argument; break; case 'c': classname = isc_commandline_argument; break; case 'f': if (strcasecmp(isc_commandline_argument, "KSK") == 0) ksk = DNS_KEYFLAG_KSK; else fatal("unknown flag '%s'", isc_commandline_argument); break; case 'k': options |= DST_TYPE_KEY; break; case 'l': label = isc_commandline_argument; break; case 'n': nametype = isc_commandline_argument; break; case 'p': protocol = strtol(isc_commandline_argument, &endp, 10); if (*endp != '\0' || protocol < 0 || protocol > 255) fatal("-p must be followed by a number " "[0..255]"); break; case 't': type = isc_commandline_argument; break; case 'v': verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') fatal("-v must be followed by a number"); break; case '?': if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); case 'h': usage(); default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); } } if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); ret = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY); if (ret != ISC_R_SUCCESS) fatal("could not initialize dst"); setup_logging(verbose, mctx, &log); if (label == NULL) fatal("the key label was not specified"); if (argc < isc_commandline_index + 1) fatal("the key name was not specified"); if (argc > isc_commandline_index + 1) fatal("extraneous arguments"); if (algname == NULL) fatal("no algorithm was specified"); if (strcasecmp(algname, "RSA") == 0) { fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n" "If you still wish to use RSA (RSAMD5) please " "specify \"-a RSAMD5\"\n"); return (1); } else { r.base = algname; r.length = strlen(algname); ret = dns_secalg_fromtext(&alg, &r); if (ret != ISC_R_SUCCESS) fatal("unknown algorithm %s", algname); if (alg == DST_ALG_DH) options |= DST_TYPE_KEY; } if (type != NULL && (options & DST_TYPE_KEY) != 0) { if (strcasecmp(type, "NOAUTH") == 0) flags |= DNS_KEYTYPE_NOAUTH; else if (strcasecmp(type, "NOCONF") == 0) flags |= DNS_KEYTYPE_NOCONF; else if (strcasecmp(type, "NOAUTHCONF") == 0) { flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF); } else if (strcasecmp(type, "AUTHCONF") == 0) /* nothing */; else fatal("invalid type %s", type); } if (nametype == NULL) { if ((options & DST_TYPE_KEY) != 0) /* KEY */ fatal("no nametype specified"); flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */ } else if (strcasecmp(nametype, "zone") == 0) flags |= DNS_KEYOWNER_ZONE; else if ((options & DST_TYPE_KEY) != 0) { /* KEY */ if (strcasecmp(nametype, "host") == 0 || strcasecmp(nametype, "entity") == 0) flags |= DNS_KEYOWNER_ENTITY; else if (strcasecmp(nametype, "user") == 0) flags |= DNS_KEYOWNER_USER; else fatal("invalid KEY nametype %s", nametype); } else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */ fatal("invalid DNSKEY nametype %s", nametype); rdclass = strtoclass(classname); if ((options & DST_TYPE_KEY) != 0) /* KEY */ flags |= signatory; else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */ flags |= ksk; if (protocol == -1) protocol = DNS_KEYPROTO_DNSSEC; else if ((options & DST_TYPE_KEY) == 0 && protocol != DNS_KEYPROTO_DNSSEC) fatal("invalid DNSKEY protocol: %d", protocol); if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) fatal("specified null key with signing authority"); } if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE && alg == DNS_KEYALG_DH) fatal("a key with algorithm '%s' cannot be a zone key", algname); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); isc_buffer_init(&buf, argv[isc_commandline_index], strlen(argv[isc_commandline_index])); isc_buffer_add(&buf, strlen(argv[isc_commandline_index])); ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL); if (ret != ISC_R_SUCCESS) fatal("invalid key name %s: %s", argv[isc_commandline_index], isc_result_totext(ret)); if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) null_key = ISC_TRUE; isc_buffer_init(&buf, filename, sizeof(filename) - 1); /* associate the key */ ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass, "", label, NULL, mctx, &key); isc_entropy_stopcallbacksources(ectx); if (ret != ISC_R_SUCCESS) { char namestr[DNS_NAME_FORMATSIZE]; char algstr[ALG_FORMATSIZE]; dns_name_format(name, namestr, sizeof(namestr)); alg_format(alg, algstr, sizeof(algstr)); fatal("failed to generate key %s/%s: %s\n", namestr, algstr, isc_result_totext(ret)); exit(-1); } /* * Try to read a key with the same name, alg and id from disk. * If there is one we must continue generating a new one * unless we were asked to generate a null key, in which * case we return failure. */ ret = dst_key_fromfile(name, dst_key_id(key), alg, DST_TYPE_PRIVATE, NULL, mctx, &oldkey); /* do not overwrite an existing key */ if (ret == ISC_R_SUCCESS) { isc_buffer_clear(&buf); ret = dst_key_buildfilename(key, 0, NULL, &buf); fprintf(stderr, "%s: %s already exists\n", program, filename); dst_key_free(&key); exit (1); } ret = dst_key_tofile(key, options, NULL); if (ret != ISC_R_SUCCESS) { char keystr[KEY_FORMATSIZE]; key_format(key, keystr, sizeof(keystr)); fatal("failed to write key %s: %s\n", keystr, isc_result_totext(ret)); } isc_buffer_clear(&buf); ret = dst_key_buildfilename(key, 0, NULL, &buf); printf("%s\n", filename); dst_key_free(&key); cleanup_logging(&log); cleanup_entropy(&ectx); dst_lib_destroy(); dns_name_destroy(); if (verbose > 10) isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); return (0); }
static void query(void) { char buf[1024]; dns_fixedname_t name; dns_fixedname_t found; dns_db_t *db; char *s; isc_buffer_t buffer; isc_result_t result; dns_rdataset_t rdataset; dns_rdataset_t sigset; fd_set rfdset; db = NULL; result = dns_zone_getdb(zone, &db); if (result != ISC_R_SUCCESS) { fprintf(stderr, "%s() returned %s\n", "dns_zone_getdb", dns_result_totext(result)); return; } dns_fixedname_init(&found); dns_rdataset_init(&rdataset); dns_rdataset_init(&sigset); do { fprintf(stdout, "zone_test "); fflush(stdout); FD_ZERO(&rfdset); FD_SET(0, &rfdset); select(1, &rfdset, NULL, NULL, NULL); if (fgets(buf, sizeof(buf), stdin) == NULL) { fprintf(stdout, "\n"); break; } buf[sizeof(buf) - 1] = '\0'; s = strchr(buf, '\n'); if (s != NULL) *s = '\0'; s = strchr(buf, '\r'); if (s != NULL) *s = '\0'; if (strcmp(buf, "dump") == 0) { dns_zone_dumptostream(zone, stdout); continue; } if (strlen(buf) == 0U) continue; dns_fixedname_init(&name); isc_buffer_init(&buffer, buf, strlen(buf)); isc_buffer_add(&buffer, strlen(buf)); result = dns_name_fromtext(dns_fixedname_name(&name), &buffer, dns_rootname, 0, NULL); ERRCONT(result, "dns_name_fromtext"); result = dns_db_find(db, dns_fixedname_name(&name), NULL /*vesion*/, dns_rdatatype_a, 0 /*options*/, 0 /*time*/, NULL /*nodep*/, dns_fixedname_name(&found), &rdataset, &sigset); fprintf(stderr, "%s() returned %s\n", "dns_db_find", dns_result_totext(result)); switch (result) { case DNS_R_DELEGATION: print_rdataset(dns_fixedname_name(&found), &rdataset); break; case ISC_R_SUCCESS: print_rdataset(dns_fixedname_name(&name), &rdataset); break; default: break; } if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); if (dns_rdataset_isassociated(&sigset)) dns_rdataset_disassociate(&sigset); } while (1); dns_rdataset_invalidate(&rdataset); dns_db_detach(&db); }
static isc_result_t opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { dst_key_t *key = dctx->key; isc_region_t r; unsigned int siglen = 0; #if USE_EVP EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; EVP_PKEY *pkey = key->keydata.pkey; #else RSA *rsa = key->keydata.rsa; /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */ unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH]; int status; int type = 0; unsigned int digestlen = 0; #if OPENSSL_VERSION_NUMBER < 0x00908000L unsigned int prefixlen = 0; const unsigned char *prefix = NULL; #endif #endif REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || dctx->key->key_alg == DST_ALG_RSASHA1 || dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || dctx->key->key_alg == DST_ALG_RSASHA256 || dctx->key->key_alg == DST_ALG_RSASHA512); isc_buffer_availableregion(sig, &r); #if USE_EVP if (r.length < (unsigned int) EVP_PKEY_size(pkey)) return (ISC_R_NOSPACE); if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) { return (dst__openssl_toresult2("EVP_SignFinal", ISC_R_FAILURE)); } #else if (r.length < (unsigned int) RSA_size(rsa)) return (ISC_R_NOSPACE); switch (dctx->key->key_alg) { case DST_ALG_RSAMD5: { isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; isc_md5_final(md5ctx, digest); type = NID_md5; digestlen = ISC_MD5_DIGESTLENGTH; } break; case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: { isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; isc_sha1_final(sha1ctx, digest); type = NID_sha1; digestlen = ISC_SHA1_DIGESTLENGTH; } break; case DST_ALG_RSASHA256: { isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; isc_sha256_final(digest, sha256ctx); digestlen = ISC_SHA256_DIGESTLENGTH; #if OPENSSL_VERSION_NUMBER < 0x00908000L prefix = sha256_prefix; prefixlen = sizeof(sha256_prefix); #else type = NID_sha256; #endif } break; case DST_ALG_RSASHA512: { isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; isc_sha512_final(digest, sha512ctx); digestlen = ISC_SHA512_DIGESTLENGTH; #if OPENSSL_VERSION_NUMBER < 0x00908000L prefix = sha512_prefix; prefixlen = sizeof(sha512_prefix); #else type = NID_sha512; #endif } break; default: INSIST(0); } #if OPENSSL_VERSION_NUMBER < 0x00908000L switch (dctx->key->key_alg) { case DST_ALG_RSAMD5: case DST_ALG_RSASHA1: case DST_ALG_NSEC3RSASHA1: INSIST(type != 0); status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa); break; case DST_ALG_RSASHA256: case DST_ALG_RSASHA512: INSIST(prefix != NULL); INSIST(prefixlen != 0); INSIST(prefixlen + digestlen <= sizeof(digest)); memmove(digest + prefixlen, digest, digestlen); memcpy(digest, prefix, prefixlen); status = RSA_private_encrypt(digestlen + prefixlen, digest, r.base, rsa, RSA_PKCS1_PADDING); if (status < 0) status = 0; else siglen = status; break; default: INSIST(0); } #else INSIST(type != 0); status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa); #endif if (status == 0) return (dst__openssl_toresult2("RSA_sign", DST_R_OPENSSLFAILURE)); #endif isc_buffer_add(sig, siglen); return (ISC_R_SUCCESS); }
/* * Create a writeable DLZ zone. This can be called by DLZ drivers * during configure() to create a zone that can be updated. The zone * type is set to dns_zone_dlz, which is equivalent to a master zone * * This function uses a callback setup in dns_dlzconfigure() to call * into the server zone code to setup the remaining pieces of server * specific functionality on the zone */ isc_result_t dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) { dns_zone_t *zone = NULL; dns_zone_t *dupzone = NULL; isc_result_t result; isc_buffer_t buffer; dns_fixedname_t fixorigin; dns_name_t *origin; dns_dlzdb_t *dlzdatabase; REQUIRE(DNS_DLZ_VALID(view->dlzdatabase)); dlzdatabase = view->dlzdatabase; REQUIRE(dlzdatabase->configure_callback != NULL); isc_buffer_init(&buffer, zone_name, strlen(zone_name)); isc_buffer_add(&buffer, strlen(zone_name)); dns_fixedname_init(&fixorigin); result = dns_name_fromtext(dns_fixedname_name(&fixorigin), &buffer, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) goto cleanup; origin = dns_fixedname_name(&fixorigin); /* See if the zone already exists */ result = dns_view_findzone(view, origin, &dupzone); if (result == ISC_R_SUCCESS) { dns_zone_detach(&dupzone); result = ISC_R_EXISTS; goto cleanup; } INSIST(dupzone == NULL); /* Create it */ result = dns_zone_create(&zone, view->mctx); if (result != ISC_R_SUCCESS) goto cleanup; result = dns_zone_setorigin(zone, origin); if (result != ISC_R_SUCCESS) goto cleanup; dns_zone_setview(zone, view); dns_zone_setadded(zone, ISC_TRUE); if (dlzdatabase->ssutable == NULL) { result = dns_ssutable_createdlz(dlzdatabase->mctx, &dlzdatabase->ssutable, view->dlzdatabase); if (result != ISC_R_SUCCESS) goto cleanup; } dns_zone_setssutable(zone, dlzdatabase->ssutable); result = dlzdatabase->configure_callback(view, zone); if (result != ISC_R_SUCCESS) goto cleanup; /* * Add the zone to its view in the new view list. */ result = dns_view_addzone(view, zone); cleanup: if (zone != NULL) dns_zone_detach(&zone); return (result); }
static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { isc_region_t r; unsigned int e_bytes; unsigned int mod_bytes; isc_result_t ret; RSA *rsa; #if USE_EVP EVP_PKEY *pkey; #endif #if USE_EVP REQUIRE(key->keydata.pkey != NULL); #else REQUIRE(key->keydata.rsa != NULL); #endif #if USE_EVP pkey = key->keydata.pkey; rsa = EVP_PKEY_get1_RSA(pkey); if (rsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); #else rsa = key->keydata.rsa; #endif isc_buffer_availableregion(data, &r); e_bytes = BN_num_bytes(rsa->e); mod_bytes = BN_num_bytes(rsa->n); if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */ if (r.length < 1) DST_RET(ISC_R_NOSPACE); isc_buffer_putuint8(data, (isc_uint8_t) e_bytes); isc_region_consume(&r, 1); } else { if (r.length < 3) DST_RET(ISC_R_NOSPACE); isc_buffer_putuint8(data, 0); isc_buffer_putuint16(data, (isc_uint16_t) e_bytes); isc_region_consume(&r, 3); } if (r.length < e_bytes + mod_bytes) DST_RET(ISC_R_NOSPACE); BN_bn2bin(rsa->e, r.base); isc_region_consume(&r, e_bytes); BN_bn2bin(rsa->n, r.base); isc_buffer_add(data, e_bytes + mod_bytes); ret = ISC_R_SUCCESS; err: #if USE_EVP if (rsa != NULL) RSA_free(rsa); #endif return (ret); }
int main(int argc, char **argv) { char *porigin, *zonefile; dns_fixedname_t forigin, fname; dns_name_t *origin, *name; dns_db_t *db = NULL; dns_dbiterator_t *dbiter; dns_dbnode_t *node; dns_rdatasetiter_t *rdsiter; dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; isc_mem_t *mctx = NULL; isc_entropy_t *ectx = NULL; isc_buffer_t b; isc_result_t result; PGresult *res; if (argc != 5) { printf("usage: %s origin file dbname dbtable\n", argv[0]); printf("Note that dbname must be an existing database.\n"); exit(1); } porigin = argv[1]; zonefile = argv[2]; dbname = argv[3]; dbtable = argv[4]; dns_result_register(); mctx = NULL; result = isc_mem_create(0, 0, &mctx); check_result(result, "isc_mem_create"); result = isc_entropy_create(mctx, &ectx); check_result(result, "isc_entropy_create"); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); check_result(result, "isc_hash_create"); isc_buffer_init(&b, porigin, strlen(porigin)); isc_buffer_add(&b, strlen(porigin)); dns_fixedname_init(&forigin); origin = dns_fixedname_name(&forigin); result = dns_name_fromtext(origin, &b, dns_rootname, 0, NULL); check_result(result, "dns_name_fromtext"); db = NULL; result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &db); check_result(result, "dns_db_create"); result = dns_db_load(db, zonefile); if (result == DNS_R_SEENINCLUDE) result = ISC_R_SUCCESS; check_result(result, "dns_db_load"); printf("Connecting to '%s'\n", dbname); conn = PQsetdb(NULL, NULL, NULL, NULL, dbname); if (PQstatus(conn) == CONNECTION_BAD) { fprintf(stderr, "Connection to database '%s' failed: %s\n", dbname, PQerrorMessage(conn)); closeandexit(1); } snprintf(str, sizeof(str), "DROP TABLE %s", dbtable); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) fprintf(stderr, "DROP TABLE command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); snprintf(str, sizeof(str), "BEGIN"); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) { fprintf(stderr, "BEGIN command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); closeandexit(1); } PQclear(res); snprintf(str, sizeof(str), "CREATE TABLE %s " "(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT)", dbtable); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) { fprintf(stderr, "CREATE TABLE command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); closeandexit(1); } PQclear(res); dbiter = NULL; result = dns_db_createiterator(db, 0, &dbiter); check_result(result, "dns_db_createiterator()"); result = dns_dbiterator_first(dbiter); check_result(result, "dns_dbiterator_first"); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); dns_rdataset_init(&rdataset); dns_rdata_init(&rdata); while (result == ISC_R_SUCCESS) { node = NULL; result = dns_dbiterator_current(dbiter, &node, name); if (result == ISC_R_NOMORE) break; check_result(result, "dns_dbiterator_current"); rdsiter = NULL; result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter); check_result(result, "dns_db_allrdatasets"); result = dns_rdatasetiter_first(rdsiter); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current(rdsiter, &rdataset); result = dns_rdataset_first(&rdataset); check_result(result, "dns_rdataset_first"); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&rdataset, &rdata); addrdata(name, rdataset.ttl, &rdata); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rdataset); } dns_rdataset_disassociate(&rdataset); result = dns_rdatasetiter_next(rdsiter); } dns_rdatasetiter_destroy(&rdsiter); dns_db_detachnode(db, &node); result = dns_dbiterator_next(dbiter); } snprintf(str, sizeof(str), "COMMIT TRANSACTION"); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) { fprintf(stderr, "COMMIT command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); closeandexit(1); } PQclear(res); dns_dbiterator_destroy(&dbiter); dns_db_detach(&db); isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); closeandexit(0); exit(0); }
isc_result_t dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, dns_rdatatype_t type, dns_rdataset_t *rdataset) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t remaining; isc_buffer_t source; dns_name_t tname; dns_rdatatype_t ttype; unsigned int i, rcount; isc_uint16_t length; REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); REQUIRE(type != dns_rdatatype_rrsig); result = dns_rdataset_first(ncacherdataset); if (result != ISC_R_SUCCESS) return (result); dns_rdataset_current(ncacherdataset, &rdata); INSIST(dns_rdataset_next(ncacherdataset) == ISC_R_NOMORE); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); do { dns_name_init(&tname, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&tname, &remaining); INSIST(remaining.length >= tname.length); isc_buffer_forward(&source, tname.length); remaining.length -= tname.length; INSIST(remaining.length >= 4); ttype = isc_buffer_getuint16(&source); if (ttype == type && dns_name_equal(&tname, name)) { isc_buffer_remainingregion(&source, &remaining); break; } rcount = isc_buffer_getuint16(&source); for (i = 0; i < rcount; i++) { isc_buffer_remainingregion(&source, &remaining); INSIST(remaining.length >= 2); length = isc_buffer_getuint16(&source); isc_buffer_remainingregion(&source, &remaining); INSIST(remaining.length >= length); isc_buffer_forward(&source, length); } isc_buffer_remainingregion(&source, &remaining); } while (remaining.length > 0); if (remaining.length == 0) return (ISC_R_NOTFOUND); rdataset->methods = &rdataset_methods; rdataset->rdclass = ncacherdataset->rdclass; rdataset->type = type; rdataset->covers = 0; rdataset->ttl = ncacherdataset->ttl; rdataset->trust = ncacherdataset->trust; rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = remaining.base; /* * Reset iterator state. */ rdataset->privateuint4 = 0; rdataset->private5 = NULL; return (ISC_R_SUCCESS); }