isc_result_t
irs_dnsconf_load(isc_mem_t *mctx, const char *filename, irs_dnsconf_t **confp)
{
irs_dnsconf_t *conf;
cfg_parser_t *parser = NULL;
cfg_obj_t *cfgobj = NULL;
isc_result_t result = ISC_R_SUCCESS;
REQUIRE(confp != NULL && *confp == NULL);
conf = isc_mem_get(mctx, sizeof(*conf));
if (conf == NULL)
return (ISC_R_NOMEMORY);
conf->mctx = mctx;
ISC_LIST_INIT(conf->trusted_keylist);
/*
* If the specified file does not exist, we'll simply with an empty
* configuration.
*/
if (!isc_file_exists(filename))
goto cleanup;
result = cfg_parser_create(mctx, NULL, &parser);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = cfg_parse_file(parser, filename, &cfg_type_dnsconf,
&cfgobj);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = configure_dnsseckeys(conf, cfgobj, dns_rdataclass_in);
cleanup:
if (parser != NULL) {
if (cfgobj != NULL)
cfg_obj_destroy(parser, &cfgobj);
cfg_parser_destroy(&parser);
}
conf->magic = IRS_DNSCONF_MAGIC;
if (result == ISC_R_SUCCESS)
*confp = conf;
else
irs_dnsconf_destroy(&conf);
return (result);
}
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;
cfg_parser_t *pctx = NULL;
cfg_obj_t *config = NULL;
const cfg_obj_t *key = NULL;
const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL;
const char *algstr = NULL;
const char *secretstr = NULL;
controlkey_t *keyid = NULL;
char secret[1024];
unsigned int algtype;
isc_buffer_t b;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_INFO,
"configuring command channel from '%s'",
ns_g_keyfile);
if (! isc_file_exists(ns_g_keyfile))
return (ISC_R_FILENOTFOUND);
CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx));
CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config));
CHECK(cfg_map_get(config, "key", &key));
keyid = isc_mem_get(mctx, sizeof(*keyid));
if (keyid == NULL)
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
keyid->secret.base = NULL;
keyid->secret.length = 0;
keyid->algorithm = DST_ALG_UNKNOWN;
ISC_LINK_INIT(keyid, link);
if (keyid->keyname == NULL)
CHECK(ISC_R_NOMEMORY);
CHECK(bind9_check_key(key, ns_g_lctx));
(void)cfg_map_get(key, "algorithm", &algobj);
(void)cfg_map_get(key, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL);
algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj);
if (ns_config_getkeyalgorithm2(algstr, NULL,
&algtype, NULL) != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx,
ISC_LOG_WARNING,
"unsupported algorithm '%s' in "
"key '%s' for use with command "
"channel",
algstr, keyid->keyname);
goto cleanup;
}
keyid->algorithm = algtype;
isc_buffer_init(&b, secret, sizeof(secret));
result = isc_base64_decodestring(secretstr, &b);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"secret for key '%s' on command channel: %s",
keyid->keyname, isc_result_totext(result));
goto cleanup;
}
keyid->secret.length = isc_buffer_usedlength(&b);
keyid->secret.base = isc_mem_get(mctx,
keyid->secret.length);
if (keyid->secret.base == NULL) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"couldn't register key '%s': "
"out of memory", keyid->keyname);
CHECK(ISC_R_NOMEMORY);
}
memmove(keyid->secret.base, isc_buffer_base(&b),
keyid->secret.length);
ISC_LIST_APPEND(*keyids, keyid, link);
keyid = NULL;
result = ISC_R_SUCCESS;
cleanup:
if (keyid != NULL)
free_controlkey(keyid, mctx);
if (config != NULL)
cfg_obj_destroy(pctx, &config);
if (pctx != NULL)
cfg_parser_destroy(&pctx);
return (result);
}
/*% The main processing routine */
int
main(int argc, char **argv) {
int c;
cfg_parser_t *parser = NULL;
cfg_obj_t *config = NULL;
const char *conffile = NULL;
isc_mem_t *mctx = NULL;
isc_result_t result;
int exit_status = 0;
isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
unsigned int flags = 0;
isc_commandline_errprint = ISC_FALSE;
/*
* Process memory debugging argument first.
*/
#define CMDLINE_FLAGS "dhjm:t:pvxz"
while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (c) {
case 'm':
if (strcasecmp(isc_commandline_argument, "record") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
if (strcasecmp(isc_commandline_argument, "trace") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
if (strcasecmp(isc_commandline_argument, "usage") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
if (strcasecmp(isc_commandline_argument, "size") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
if (strcasecmp(isc_commandline_argument, "mctx") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGCTX;
break;
default:
break;
}
}
isc_commandline_reset = ISC_TRUE;
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != EOF) {
switch (c) {
case 'd':
debug++;
break;
case 'j':
nomerge = ISC_FALSE;
break;
case 'm':
break;
case 't':
result = isc_dir_chroot(isc_commandline_argument);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "isc_dir_chroot: %s\n",
isc_result_totext(result));
exit(1);
}
break;
case 'p':
print = ISC_TRUE;
break;
case 'v':
printf(VERSION "\n");
exit(0);
case 'x':
flags |= CFG_PRINTER_XKEY;
break;
case 'z':
load_zones = ISC_TRUE;
docheckmx = ISC_FALSE;
docheckns = ISC_FALSE;
dochecksrv = ISC_FALSE;
break;
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
usage();
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (((flags & CFG_PRINTER_XKEY) != 0) && !print) {
fprintf(stderr, "%s: -x cannot be used without -p\n", program);
exit(1);
}
if (isc_commandline_index + 1 < argc)
usage();
if (argv[isc_commandline_index] != NULL)
conffile = argv[isc_commandline_index];
if (conffile == NULL || conffile[0] == '\0')
conffile = NAMED_CONFFILE;
#ifdef _WIN32
InitSockets();
#endif
RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
== ISC_R_SUCCESS);
dns_result_register();
RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
cfg_parser_setcallback(parser, directory_callback, NULL);
if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
ISC_R_SUCCESS)
exit(1);
result = bind9_check_namedconf(config, logc, mctx);
if (result != ISC_R_SUCCESS)
exit_status = 1;
if (result == ISC_R_SUCCESS && load_zones) {
result = load_zones_fromconfig(config, mctx);
if (result != ISC_R_SUCCESS)
exit_status = 1;
}
if (print && exit_status == 0)
cfg_printx(config, flags, output, NULL);
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
dns_name_destroy();
isc_log_destroy(&logc);
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
#ifdef _WIN32
DestroySockets();
#endif
return (exit_status);
}
/*% The main processing routine */
int
main(int argc, char **argv) {
int c;
cfg_parser_t *parser = NULL;
cfg_obj_t *config = NULL;
const char *conffile = NULL;
isc_mem_t *mctx = NULL;
isc_result_t result;
int exit_status = 0;
isc_entropy_t *ectx = NULL;
isc_boolean_t load_zones = ISC_FALSE;
isc_boolean_t print = ISC_FALSE;
isc_commandline_errprint = ISC_FALSE;
while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) {
switch (c) {
case 'd':
debug++;
break;
case 'j':
nomerge = ISC_FALSE;
break;
case 't':
result = isc_dir_chroot(isc_commandline_argument);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "isc_dir_chroot: %s\n",
isc_result_totext(result));
exit(1);
}
break;
case 'p':
print = ISC_TRUE;
break;
case 'v':
printf(VERSION "\n");
exit(0);
case 'z':
load_zones = ISC_TRUE;
docheckmx = ISC_FALSE;
docheckns = ISC_FALSE;
dochecksrv = ISC_FALSE;
break;
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
case 'h':
usage();
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (isc_commandline_index + 1 < argc)
usage();
if (argv[isc_commandline_index] != NULL)
conffile = argv[isc_commandline_index];
if (conffile == NULL || conffile[0] == '\0')
conffile = NAMED_CONFFILE;
#ifdef _WIN32
InitSockets();
#endif
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
== ISC_R_SUCCESS);
dns_result_register();
RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
cfg_parser_setcallback(parser, directory_callback, NULL);
if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
ISC_R_SUCCESS)
exit(1);
result = bind9_check_namedconf(config, logc, mctx);
if (result != ISC_R_SUCCESS)
exit_status = 1;
if (result == ISC_R_SUCCESS && load_zones) {
result = load_zones_fromconfig(config, mctx);
if (result != ISC_R_SUCCESS)
exit_status = 1;
}
if (print && exit_status == 0)
cfg_print(config, output, NULL);
cfg_obj_destroy(parser, &config);
cfg_parser_destroy(&parser);
dns_name_destroy();
isc_log_destroy(&logc);
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
#ifdef _WIN32
DestroySockets();
#endif
return (exit_status);
}
static void
parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
cfg_parser_t **pctxp, cfg_obj_t **configp)
{
isc_result_t result;
const char *conffile = admin_conffile;
cfg_obj_t *defkey = NULL;
cfg_obj_t *options = NULL;
cfg_obj_t *servers = NULL;
cfg_obj_t *server = NULL;
cfg_obj_t *keys = NULL;
cfg_obj_t *key = NULL;
cfg_obj_t *defport = NULL;
cfg_obj_t *secretobj = NULL;
cfg_obj_t *algorithmobj = NULL;
cfg_obj_t *config = NULL;
cfg_listelt_t *elt;
const char *secretstr;
const char *algorithm;
static char secretarray[1024];
const cfg_type_t *conftype = &cfg_type_rndcconf;
isc_boolean_t key_only = ISC_FALSE;
if (! isc_file_exists(conffile)) {
conffile = admin_keyfile;
conftype = &cfg_type_rndckey;
if (! isc_file_exists(conffile))
fatal("neither %s nor %s was found",
admin_conffile, admin_keyfile);
key_only = ISC_TRUE;
}
DO("create parser", cfg_parser_create(mctx, log, pctxp));
/*
* The parser will output its own errors, so DO() is not used.
*/
result = cfg_parse_file(*pctxp, conffile, conftype, &config);
if (result != ISC_R_SUCCESS)
fatal("could not load rndc configuration");
if (!key_only)
(void)cfg_map_get(config, "options", &options);
if (key_only && servername == NULL)
servername = "127.0.0.1";
else if (servername == NULL && options != NULL) {
cfg_obj_t *defserverobj = NULL;
(void)cfg_map_get(options, "default-server", &defserverobj);
if (defserverobj != NULL)
servername = cfg_obj_asstring(defserverobj);
}
if (servername == NULL)
fatal("no server specified and no default");
if (!key_only) {
(void)cfg_map_get(config, "server", &servers);
if (servers != NULL) {
for (elt = cfg_list_first(servers);
elt != NULL;
elt = cfg_list_next(elt))
{
const char *name;
server = cfg_listelt_value(elt);
name = cfg_obj_asstring(cfg_map_getname(server));
if (strcasecmp(name, servername) == 0)
break;
server = NULL;
}
}
}
/*
* Look for the name of the key to use.
*/
if (keyname != NULL)
; /* Was set on command line, do nothing. */
else if (server != NULL) {
DO("get key for server", cfg_map_get(server, "key", &defkey));
keyname = cfg_obj_asstring(defkey);
} else if (options != NULL) {
DO("get default key", cfg_map_get(options, "default-key",
&defkey));
keyname = cfg_obj_asstring(defkey);
} else if (!key_only)
fatal("no key for server and no default");
/*
* Get the key's definition.
*/
if (key_only)
DO("get key", cfg_map_get(config, "key", &key));
else {
DO("get config key list", cfg_map_get(config, "key", &keys));
for (elt = cfg_list_first(keys);
elt != NULL;
elt = cfg_list_next(elt))
{
key = cfg_listelt_value(elt);
if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)),
keyname) == 0)
break;
}
if (elt == NULL)
fatal("no key definition for name %s", keyname);
}
(void)cfg_map_get(key, "secret", &secretobj);
(void)cfg_map_get(key, "algorithm", &algorithmobj);
if (secretobj == NULL || algorithmobj == NULL)
fatal("key must have algorithm and secret");
secretstr = cfg_obj_asstring(secretobj);
algorithm = cfg_obj_asstring(algorithmobj);
if (strcasecmp(algorithm, "hmac-md5") != 0)
fatal("unsupported algorithm: %s", algorithm);
secret.rstart = (unsigned char *)secretarray;
secret.rend = (unsigned char *)secretarray + sizeof(secretarray);
DO("decode base64 secret", isccc_base64_decode(secretstr, &secret));
secret.rend = secret.rstart;
secret.rstart = (unsigned char *)secretarray;
/*
* Find the port to connect to.
*/
if (remoteport != 0)
; /* Was set on command line, do nothing. */
else {
if (server != NULL)
(void)cfg_map_get(server, "port", &defport);
if (defport == NULL && options != NULL)
(void)cfg_map_get(options, "default-port", &defport);
}
if (defport != NULL) {
remoteport = cfg_obj_asuint32(defport);
if (remoteport > 65535 || remoteport == 0)
fatal("port %d out of range", remoteport);
} else if (remoteport == 0)
remoteport = NS_CONTROL_PORT;
*configp = config;
}
int
main(int argc, char **argv) {
isc_result_t result;
isc_mem_t *mctx = NULL;
isc_log_t *lctx = NULL;
isc_logconfig_t *lcfg = NULL;
isc_logdestination_t destination;
cfg_parser_t *pctx = NULL;
cfg_obj_t *cfg = NULL;
cfg_type_t *type = NULL;
isc_boolean_t grammar = ISC_FALSE;
isc_boolean_t memstats = ISC_FALSE;
char *filename = NULL;
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
result = isc_log_create(mctx, &lctx, &lcfg);
check_result(result, "isc_log_create()");
isc_log_setcontext(lctx);
/*
* Create and install the default channel.
*/
destination.file.stream = stderr;
destination.file.name = NULL;
destination.file.versions = ISC_LOG_ROLLNEVER;
destination.file.maximum_size = 0;
result = isc_log_createchannel(lcfg, "_default",
ISC_LOG_TOFILEDESC,
ISC_LOG_DYNAMIC,
&destination, ISC_LOG_PRINTTIME);
check_result(result, "isc_log_createchannel()");
result = isc_log_usechannel(lcfg, "_default", NULL, NULL);
check_result(result, "isc_log_usechannel()");
/*
* Set the initial debug level.
*/
isc_log_setdebuglevel(lctx, 2);
if (argc < 3)
usage();
while (argc > 1) {
if (strcmp(argv[1], "--grammar") == 0) {
grammar = ISC_TRUE;
} else if (strcmp(argv[1], "--memstats") == 0) {
memstats = ISC_TRUE;
} else if (strcmp(argv[1], "--named") == 0) {
type = &cfg_type_namedconf;
} else if (strcmp(argv[1], "--rndc") == 0) {
type = &cfg_type_rndcconf;
} else if (argv[1][0] == '-') {
usage();
} else {
filename = argv[1];
}
argv++, argc--;
}
if (grammar) {
if (type == NULL)
usage();
cfg_print_grammar(type, output, NULL);
} else {
if (type == NULL || filename == NULL)
usage();
RUNTIME_CHECK(cfg_parser_create(mctx, lctx, &pctx) == ISC_R_SUCCESS);
result = cfg_parse_file(pctx, filename, type, &cfg);
fprintf(stderr, "read config: %s\n", isc_result_totext(result));
if (result != ISC_R_SUCCESS)
exit(1);
cfg_print(cfg, output, NULL);
cfg_obj_destroy(pctx, &cfg);
cfg_parser_destroy(&pctx);
}
isc_log_destroy(&lctx);
if (memstats)
isc_mem_stats(mctx, stderr);
isc_mem_destroy(&mctx);
fflush(stdout);
if (ferror(stdout)) {
fprintf(stderr, "write error\n");
return (1);
} else
return (0);
}
static void
parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
cfg_parser_t **pctxp, cfg_obj_t **configp)
{
isc_result_t result;
const char *conffile = admin_conffile;
const cfg_obj_t *addresses = NULL;
const cfg_obj_t *defkey = NULL;
const cfg_obj_t *options = NULL;
const cfg_obj_t *servers = NULL;
const cfg_obj_t *server = NULL;
const cfg_obj_t *keys = NULL;
const cfg_obj_t *key = NULL;
const cfg_obj_t *defport = NULL;
const cfg_obj_t *secretobj = NULL;
const cfg_obj_t *algorithmobj = NULL;
cfg_obj_t *config = NULL;
const cfg_obj_t *address = NULL;
const cfg_listelt_t *elt;
const char *secretstr;
const char *algorithm;
static char secretarray[1024];
const cfg_type_t *conftype = &cfg_type_rndcconf;
isc_boolean_t key_only = ISC_FALSE;
const cfg_listelt_t *element;
if (! isc_file_exists(conffile)) {
conffile = admin_keyfile;
conftype = &cfg_type_rndckey;
if (! isc_file_exists(conffile))
fatal("neither %s nor %s was found",
admin_conffile, admin_keyfile);
key_only = ISC_TRUE;
}
DO("create parser", cfg_parser_create(mctx, log, pctxp));
/*
* The parser will output its own errors, so DO() is not used.
*/
result = cfg_parse_file(*pctxp, conffile, conftype, &config);
if (result != ISC_R_SUCCESS)
fatal("could not load rndc configuration");
if (!key_only)
(void)cfg_map_get(config, "options", &options);
if (key_only && servername == NULL)
servername = "127.0.0.1";
else if (servername == NULL && options != NULL) {
const cfg_obj_t *defserverobj = NULL;
(void)cfg_map_get(options, "default-server", &defserverobj);
if (defserverobj != NULL)
servername = cfg_obj_asstring(defserverobj);
}
if (servername == NULL)
fatal("no server specified and no default");
if (!key_only) {
(void)cfg_map_get(config, "server", &servers);
if (servers != NULL) {
for (elt = cfg_list_first(servers);
elt != NULL;
elt = cfg_list_next(elt))
{
const char *name;
server = cfg_listelt_value(elt);
name = cfg_obj_asstring(cfg_map_getname(server));
if (strcasecmp(name, servername) == 0)
break;
server = NULL;
}
}
}
/*
* Look for the name of the key to use.
*/
if (keyname != NULL)
; /* Was set on command line, do nothing. */
else if (server != NULL) {
DO("get key for server", cfg_map_get(server, "key", &defkey));
keyname = cfg_obj_asstring(defkey);
} else if (options != NULL) {
DO("get default key", cfg_map_get(options, "default-key",
&defkey));
keyname = cfg_obj_asstring(defkey);
} else if (!key_only)
fatal("no key for server and no default");
/*
* Get the key's definition.
*/
if (key_only)
DO("get key", cfg_map_get(config, "key", &key));
else {
DO("get config key list", cfg_map_get(config, "key", &keys));
for (elt = cfg_list_first(keys);
elt != NULL;
elt = cfg_list_next(elt))
{
key = cfg_listelt_value(elt);
if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)),
keyname) == 0)
break;
}
if (elt == NULL)
fatal("no key definition for name %s", keyname);
}
(void)cfg_map_get(key, "secret", &secretobj);
(void)cfg_map_get(key, "algorithm", &algorithmobj);
if (secretobj == NULL || algorithmobj == NULL)
fatal("key must have algorithm and secret");
secretstr = cfg_obj_asstring(secretobj);
algorithm = cfg_obj_asstring(algorithmobj);
if (strcasecmp(algorithm, "hmac-md5") != 0)
fatal("unsupported algorithm: %s", algorithm);
secret.rstart = (unsigned char *)secretarray;
secret.rend = (unsigned char *)secretarray + sizeof(secretarray);
DO("decode base64 secret", isccc_base64_decode(secretstr, &secret));
secret.rend = secret.rstart;
secret.rstart = (unsigned char *)secretarray;
/*
* Find the port to connect to.
*/
if (remoteport != 0)
; /* Was set on command line, do nothing. */
else {
if (server != NULL)
(void)cfg_map_get(server, "port", &defport);
if (defport == NULL && options != NULL)
(void)cfg_map_get(options, "default-port", &defport);
}
if (defport != NULL) {
remoteport = cfg_obj_asuint32(defport);
if (remoteport > 65535 || remoteport == 0)
fatal("port %u out of range", remoteport);
} else if (remoteport == 0)
remoteport = NS_CONTROL_PORT;
if (server != NULL)
result = cfg_map_get(server, "addresses", &addresses);
else
result = ISC_R_NOTFOUND;
if (result == ISC_R_SUCCESS) {
for (element = cfg_list_first(addresses);
element != NULL;
element = cfg_list_next(element))
{
isc_sockaddr_t sa;
address = cfg_listelt_value(element);
if (!cfg_obj_issockaddr(address)) {
unsigned int myport;
const char *name;
const cfg_obj_t *obj;
obj = cfg_tuple_get(address, "name");
name = cfg_obj_asstring(obj);
obj = cfg_tuple_get(address, "port");
if (cfg_obj_isuint32(obj)) {
myport = cfg_obj_asuint32(obj);
if (myport > ISC_UINT16_MAX ||
myport == 0)
fatal("port %u out of range",
myport);
} else
myport = remoteport;
if (nserveraddrs < SERVERADDRS)
get_addresses(name, (in_port_t) myport);
else
fprintf(stderr, "too many address: "
"%s: dropped\n", name);
continue;
}
sa = *cfg_obj_assockaddr(address);
if (isc_sockaddr_getport(&sa) == 0)
isc_sockaddr_setport(&sa, remoteport);
if (nserveraddrs < SERVERADDRS)
serveraddrs[nserveraddrs++] = sa;
else {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&sa, socktext,
sizeof(socktext));
fprintf(stderr,
"too many address: %s: dropped\n",
socktext);
}
}
}
if (!local4set && server != NULL) {
address = NULL;
cfg_map_get(server, "source-address", &address);
if (address != NULL) {
local4 = *cfg_obj_assockaddr(address);
local4set = ISC_TRUE;
}
}
if (!local4set && options != NULL) {
address = NULL;
cfg_map_get(options, "default-source-address", &address);
if (address != NULL) {
local4 = *cfg_obj_assockaddr(address);
local4set = ISC_TRUE;
}
}
if (!local6set && server != NULL) {
address = NULL;
cfg_map_get(server, "source-address-v6", &address);
if (address != NULL) {
local6 = *cfg_obj_assockaddr(address);
local6set = ISC_TRUE;
}
}
if (!local6set && options != NULL) {
address = NULL;
cfg_map_get(options, "default-source-address-v6", &address);
if (address != NULL) {
local6 = *cfg_obj_assockaddr(address);
local6set = ISC_TRUE;
}
}
*configp = config;
}
isc_result_t
acl_from_ldap(isc_mem_t *mctx, const char *aclstr, acl_type_t type,
dns_acl_t **aclp)
{
dns_acl_t *acl = NULL;
isc_result_t result;
ld_string_t *new_aclstr = NULL;
cfg_parser_t *parser = NULL;
cfg_obj_t *aclobj = NULL;
cfg_aclconfctx_t *aclctx = NULL;
/* ACL parser requires "configuration context". The parser looks for
* undefined names in this context. We create empty context ("map" type),
* i.e. only built-in named lists "any", "none" etc. are supported. */
cfg_obj_t *cctx = NULL;
cfg_parser_t *parser_empty = NULL;
REQUIRE(aclp != NULL && *aclp == NULL);
CHECK(bracket_str(mctx, aclstr, &new_aclstr));
CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
CHECK(cfg_parser_create(mctx, dns_lctx, &parser_empty));
CHECK(cfg_parse_strbuf(parser_empty, "{}", &empty_map_p, &cctx));
switch (type) {
case acl_type_query:
CHECK(cfg_parse_strbuf(parser, str_buf(new_aclstr), &cfg_type_allow_query,
&aclobj));
break;
case acl_type_transfer:
CHECK(cfg_parse_strbuf(parser, str_buf(new_aclstr), &cfg_type_allow_transfer,
&aclobj));
break;
default:
/* This is a bug */
REQUIRE("Unhandled ACL type in acl_from_ldap" == NULL);
}
CHECK(cfg_aclconfctx_create(mctx, &aclctx));
CHECK(cfg_acl_fromconfig(aclobj, cctx, dns_lctx, aclctx, mctx, 0, &acl));
*aclp = acl;
result = ISC_R_SUCCESS;
cleanup:
if (result != ISC_R_SUCCESS)
log_error_r("%s ACL parsing failed: '%s'",
type == acl_type_query ? "query" : "transfer",
aclstr);
if (aclctx != NULL)
cfg_aclconfctx_detach(&aclctx);
if (aclobj != NULL)
cfg_obj_destroy(parser, &aclobj);
if (parser != NULL)
cfg_parser_destroy(&parser);
if (cctx != NULL)
cfg_obj_destroy(parser_empty, &cctx);
if (parser_empty != NULL)
cfg_parser_destroy(&parser_empty);
str_destroy(&new_aclstr);
return result;
}
isc_result_t
acl_configure_zone_ssutable(const char *policy_str, dns_zone_t *zone)
{
isc_result_t result = ISC_R_SUCCESS;
cfg_parser_t *parser = NULL;
const cfg_listelt_t *el;
cfg_obj_t *policy = NULL;
dns_ssutable_t *table = NULL;
ld_string_t *new_policy_str = NULL;
isc_mem_t *mctx;
REQUIRE(zone != NULL);
mctx = dns_zone_getmctx(zone);
if (policy_str == NULL)
goto cleanup;
CHECK(bracket_str(mctx, policy_str, &new_policy_str));
CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
result = cfg_parse_strbuf(parser, str_buf(new_policy_str), &cfg_type_update_policy, &policy);
if (result != ISC_R_SUCCESS) {
dns_zone_log(zone, ISC_LOG_ERROR,
"failed to parse policy string");
goto cleanup;
}
CHECK(dns_ssutable_create(mctx, &table));
for (el = cfg_list_first(policy); el != NULL; el = cfg_list_next(el)) {
const cfg_obj_t *stmt;
isc_boolean_t grant;
unsigned int match_type;
dns_fixedname_t fname, fident;
dns_rdatatype_t *types;
unsigned int n;
types = NULL;
stmt = cfg_listelt_value(el);
CHECK(get_mode(stmt, &grant));
CHECK(get_match_type(stmt, &match_type));
CHECK(get_fixed_name(stmt, "identity", &fident));
/* Use zone name for 'zonesub' match type */
result = get_fixed_name(stmt, "name", &fname);
if (result == ISC_R_NOTFOUND &&
match_type == DNS_SSUMATCHTYPE_SUBDOMAIN) {
dns_fixedname_init(&fname);
CHECK(dns_name_copy(dns_zone_getorigin(zone),
dns_fixedname_name(&fname),
&fname.buffer));
}
else if (result != ISC_R_SUCCESS)
goto cleanup;
CHECK(get_types(mctx, stmt, &types, &n));
if (match_type == DNS_SSUMATCHTYPE_WILDCARD &&
!dns_name_iswildcard(dns_fixedname_name(&fname))) {
char name[DNS_NAME_FORMATSIZE];
dns_name_format(dns_fixedname_name(&fname), name,
DNS_NAME_FORMATSIZE);
dns_zone_log(zone, ISC_LOG_ERROR,
"invalid update policy: "
"name '%s' is expected to be a wildcard",
name);
CLEANUP_WITH(DNS_R_BADNAME);
}
result = dns_ssutable_addrule(table, grant,
dns_fixedname_name(&fident),
match_type,
dns_fixedname_name(&fname),
n, types);
SAFE_MEM_PUT(mctx, types, n * sizeof(dns_rdatatype_t));
if (result != ISC_R_SUCCESS)
goto cleanup;
}
cleanup:
if (result == ISC_R_SUCCESS)
dns_zone_setssutable(zone, table);
str_destroy(&new_policy_str);
if (policy != NULL)
cfg_obj_destroy(parser, &policy);
if (parser != NULL)
cfg_parser_destroy(&parser);
if (table != NULL)
dns_ssutable_detach(&table);
return result;
}
isc_result_t
fwd_print_list_buff(isc_mem_t *mctx, dns_forwarders_t *fwdrs,
isc_buffer_t **out_buf) {
isc_result_t result;
size_t list_len;
isc_buffer_t *dummy_fwdr_buf = NULL; /* fully dynamic allocation */
isc_buffer_t tmp_buf; /* hack: only the base buffer is allocated */
cfg_parser_t *parser = NULL;
cfg_obj_t *forwarders_cfg = NULL;
const cfg_obj_t *faddresses;
const cfg_listelt_t *fwdr_cfg; /* config representation */
/* internal representation */
#if LIBDNS_VERSION_MAJOR < 140
isc_sockaddr_t *fwdr_int;
#else /* LIBDNS_VERSION_MAJOR >= 140 */
dns_forwarder_t *fwdr_int;
#endif
isc_buffer_initnull(&tmp_buf);
tmp_buf.mctx = mctx;
CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
/* Create dummy string with list of IP addresses of the same length
* as the original list of forwarders. Parse this string to obtain
* nested cfg structures which will be filled with data for actual
* forwarders.
*
* This is nasty hack but it is easiest way to create list of cfg_objs
* I found.
*/
list_len = fwd_list_len(fwdrs);
CHECK(fwd_list_gen_dummy_config_string(mctx,
list_len, &dummy_fwdr_buf));
CHECK(cfg_parse_buffer(parser, dummy_fwdr_buf,
cfg_type_forwarders, &forwarders_cfg));
/* Walk through internal representation and cfg representation and copy
* data from the internal one to cfg data structures.*/
faddresses = cfg_tuple_get(forwarders_cfg, "addresses");
for (fwdr_int = ISC_LIST_HEAD(
#if LIBDNS_VERSION_MAJOR < 140
fwdrs->addrs
#else /* LIBDNS_VERSION_MAJOR >= 140 */
fwdrs->fwdrs
#endif
), fwdr_cfg = cfg_list_first(faddresses);
INSIST((fwdr_int == NULL) == (fwdr_cfg == NULL)), fwdr_int != NULL;
fwdr_int = ISC_LIST_NEXT(fwdr_int, link), fwdr_cfg = cfg_list_next(fwdr_cfg)) {
#if LIBDNS_VERSION_MAJOR < 140
fwdr_cfg->obj->value.sockaddr = *fwdr_int;
#else /* LIBDNS_VERSION_MAJOR >= 140 */
fwdr_cfg->obj->value.sockaddrdscp.sockaddr = fwdr_int->addr;
fwdr_cfg->obj->value.sockaddrdscp.dscp = fwdr_int->dscp;
#endif
}
cfg_print(faddresses, buffer_append_str, &tmp_buf);
/* create and copy string from tmp to output buffer */
CHECK(isc_buffer_allocate(mctx, out_buf, tmp_buf.used));
isc_buffer_putmem(*out_buf, isc_buffer_base(&tmp_buf),
isc_buffer_usedlength(&tmp_buf));
cleanup:
if (forwarders_cfg != NULL)
cfg_obj_destroy(parser, &forwarders_cfg);
if (parser != NULL)
cfg_parser_destroy(&parser);
if (dummy_fwdr_buf != NULL) {
if (tmp_buf.base != NULL)
isc_mem_put(mctx, tmp_buf.base, tmp_buf.length);
isc_buffer_free(&dummy_fwdr_buf);
}
return result;
}
const cfg_obj_t *fwdr_cfg;
isc_sockaddr_t addr;
#if LIBDNS_VERSION_MAJOR < 140
isc_sockaddr_t *fwdr;
#else /* LIBDNS_VERSION_MAJOR >= 140 */
dns_forwarder_t *fwdr;
#endif
in_port_t port = 53;
REQUIRE(fwdrs_str != NULL);
REQUIRE(fwdrs != NULL);
REQUIRE(ISC_LIST_EMPTY(*fwdrs));
/* parse string like { ip; ip port dscp; } to list of cfg objects */
CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
CHECK(cfg_parse_strbuf(parser, fwdrs_str,
&cfg_type_forwarders, &fwdrs_cfg));
faddresses = cfg_tuple_get(fwdrs_cfg, "addresses");
/* transform list of cfg objects to linked list of forwarders */
for (listel = cfg_list_first(faddresses);
listel != NULL;
listel = cfg_list_next(listel)) {
fwdr_cfg = cfg_listelt_value(listel);
addr = *cfg_obj_assockaddr(fwdr_cfg);
if (isc_sockaddr_getport(&addr) == 0)
isc_sockaddr_setport(&addr, port);
CHECKED_MEM_GET_PTR(mctx, fwdr);
#if LIBDNS_VERSION_MAJOR < 140
*fwdr = addr;
/*************
* Inheritance context
*************/
struct cfgi_t *cfgi_create(void) {
struct cfgi_t *cih = calloc(1, sizeof(struct cfgi_t));
cih->parser = cfg_parser_create();
return cih;
}
static isc_result_t
setup_dnsseckeys(dns_client_t *client) {
isc_result_t result;
cfg_parser_t *parser = NULL;
const cfg_obj_t *keys = NULL;
const cfg_obj_t *managed_keys = NULL;
cfg_obj_t *bindkeys = NULL;
const char *filename = anchorfile;
if (!root_validation && !dlv_validation)
return (ISC_R_SUCCESS);
if (filename == NULL) {
#ifndef WIN32
filename = NS_SYSCONFDIR "/bind.keys";
#else
static char buf[MAX_PATH];
strlcpy(buf, isc_ntpaths_get(SYS_CONF_DIR), sizeof(buf));
strlcat(buf, "\\bind.keys", sizeof(buf));
filename = buf;
#endif
}
if (trust_anchor == NULL) {
trust_anchor = isc_mem_strdup(mctx, ".");
if (trust_anchor == NULL)
fatal("out of memory");
}
if (trust_anchor != NULL)
CHECK(convert_name(&afn, &anchor_name, trust_anchor));
if (dlv_anchor != NULL)
CHECK(convert_name(&dfn, &dlv_name, dlv_anchor));
CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
if (access(filename, R_OK) != 0) {
if (anchorfile != NULL)
fatal("Unable to read key file '%s'", anchorfile);
} else {
result = cfg_parse_file(parser, filename,
&cfg_type_bindkeys, &bindkeys);
if (result != ISC_R_SUCCESS)
if (anchorfile != NULL)
fatal("Unable to load keys from '%s'",
anchorfile);
}
if (bindkeys == NULL) {
isc_buffer_t b;
isc_buffer_init(&b, anchortext, sizeof(anchortext) - 1);
isc_buffer_add(&b, sizeof(anchortext) - 1);
result = cfg_parse_buffer(parser, &b, &cfg_type_bindkeys,
&bindkeys);
if (result != ISC_R_SUCCESS)
fatal("Unable to parse built-in keys");
}
INSIST(bindkeys != NULL);
cfg_map_get(bindkeys, "trusted-keys", &keys);
cfg_map_get(bindkeys, "managed-keys", &managed_keys);
if (keys != NULL)
CHECK(load_keys(keys, client));
if (managed_keys != NULL)
CHECK(load_keys(managed_keys, client));
result = ISC_R_SUCCESS;
if (trusted_keys == 0)
fatal("No trusted keys were loaded");
if (dlv_validation)
dns_client_setdlv(client, dns_rdataclass_in, dlv_anchor);
cleanup:
if (result != ISC_R_SUCCESS)
delv_log(ISC_LOG_ERROR, "setup_dnsseckeys: %s",
isc_result_totext(result));
return (result);
}