static isc_stdtime_t setresign(dns_rdataset_t *modified) { dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_rrsig_t sig; isc_stdtime_t when; isc_result_t result; result = dns_rdataset_first(modified); INSIST(result == ISC_R_SUCCESS); dns_rdataset_current(modified, &rdata); (void)dns_rdata_tostruct(&rdata, &sig, NULL); if ((rdata.flags & DNS_RDATA_OFFLINE) != 0) when = 0; else when = sig.timeexpire; dns_rdata_reset(&rdata); result = dns_rdataset_next(modified); while (result == ISC_R_SUCCESS) { dns_rdataset_current(modified, &rdata); (void)dns_rdata_tostruct(&rdata, &sig, NULL); if ((rdata.flags & DNS_RDATA_OFFLINE) != 0) { goto next_rr; } if (when == 0 || sig.timeexpire < when) when = sig.timeexpire; next_rr: dns_rdata_reset(&rdata); result = dns_rdataset_next(modified); } INSIST(result == ISC_R_NOMORE); return (when); }
isc_result_t dns_rdataset_additionaldata(dns_rdataset_t *rdataset, dns_additionaldatafunc_t add, void *arg) { dns_rdata_t rdata = DNS_RDATA_INIT; isc_result_t result; /* * For each rdata in rdataset, call 'add' for each name and type in the * rdata which is subject to additional section processing. */ REQUIRE(DNS_RDATASET_VALID(rdataset)); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_QUESTION) == 0); result = dns_rdataset_first(rdataset); if (result != ISC_R_SUCCESS) return (result); do { dns_rdataset_current(rdataset, &rdata); result = dns_rdata_additionaldata(&rdata, add, arg); if (result == ISC_R_SUCCESS) result = dns_rdataset_next(rdataset); dns_rdata_reset(&rdata); } while (result == ISC_R_SUCCESS); if (result != ISC_R_NOMORE) return (result); return (ISC_R_SUCCESS); }
static isc_result_t fill_array(int *pos, dns_rdataset_t *rdataset, int size, unsigned char **rdatas, lwres_uint16_t *rdatalen) { dns_rdata_t rdata; isc_result_t result; isc_region_t r; UNUSED(size); dns_rdata_init(&rdata); for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) { INSIST(*pos < size); dns_rdataset_current(rdataset, &rdata); dns_rdata_toregion(&rdata, &r); rdatas[*pos] = r.base; rdatalen[*pos] = r.length; dns_rdata_reset(&rdata); (*pos)++; } if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; return (result); }
isc_result_t dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, isc_boolean_t *answer) { dns_dbnode_t *node = NULL; dns_rdataset_t rdataset; dns_rdata_dnskey_t dnskey; isc_result_t result; REQUIRE(answer != NULL); dns_rdataset_init(&rdataset); result = dns_db_getoriginnode(db, &node); if (result != ISC_R_SUCCESS) return (result); result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey, 0, 0, &rdataset, NULL); dns_db_detachnode(db, &node); if (result == ISC_R_NOTFOUND) { *answer = ISC_FALSE; return (ISC_R_SUCCESS); } if (result != ISC_R_SUCCESS) return (result); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) { dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_current(&rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &dnskey, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); if (dnskey.algorithm == DST_ALG_RSAMD5 || dnskey.algorithm == DST_ALG_RSASHA1 || dnskey.algorithm == DST_ALG_DSA || dnskey.algorithm == DST_ALG_ECC) break; } dns_rdataset_disassociate(&rdataset); if (result == ISC_R_SUCCESS) *answer = ISC_TRUE; if (result == ISC_R_NOMORE) { *answer = ISC_FALSE; result = ISC_R_SUCCESS; } return (result); }
static isc_result_t db_rr_iterator_next(db_rr_iterator_t *it) { if (it->result != ISC_R_SUCCESS) return (it->result); INSIST(it->dbit != NULL); INSIST(it->node != NULL); INSIST(it->rdatasetit != NULL); it->result = dns_rdataset_next(&it->rdataset); if (it->result == ISC_R_NOMORE) { dns_rdataset_disassociate(&it->rdataset); it->result = dns_rdatasetiter_next(it->rdatasetit); /* * The while loop body is executed more than once * only when an empty dbnode needs to be skipped. */ while (it->result == ISC_R_NOMORE) { dns_rdatasetiter_destroy(&it->rdatasetit); dns_db_detachnode(it->db, &it->node); it->result = dns_dbiterator_next(it->dbit); if (it->result == ISC_R_NOMORE) { /* We are at the end of the entire database. */ return (it->result); } if (it->result != ISC_R_SUCCESS) return (it->result); it->result = dns_dbiterator_current(it->dbit, &it->node, dns_fixedname_name(&it->fixedname)); if (it->result != ISC_R_SUCCESS) return (it->result); it->result = dns_db_allrdatasets(it->db, it->node, it->ver, it->now, &it->rdatasetit); if (it->result != ISC_R_SUCCESS) return (it->result); it->result = dns_rdatasetiter_first(it->rdatasetit); } if (it->result != ISC_R_SUCCESS) return (it->result); dns_rdatasetiter_current(it->rdatasetit, &it->rdataset); it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER; it->result = dns_rdataset_first(&it->rdataset); if (it->result != ISC_R_SUCCESS) return (it->result); } return (it->result); }
isc_result_t dns_rriterator_next(dns_rriterator_t *it) { REQUIRE(VALID_RRITERATOR(it)); if (it->result != ISC_R_SUCCESS) return (it->result); INSIST(it->dbit != NULL); INSIST(it->node != NULL); INSIST(it->rdatasetit != NULL); it->result = dns_rdataset_next(&it->rdataset); if (it->result == ISC_R_NOMORE) return (dns_rriterator_nextrrset(it)); return (it->result); }
static isc_boolean_t inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) { isc_result_t result; dns_rdata_t current = DNS_RDATA_INIT; result = dns_rdataset_first(rrset); while (result == ISC_R_SUCCESS) { dns_rdataset_current(rrset, ¤t); if (dns_rdata_compare(rdata, ¤t) == 0) return (ISC_TRUE); dns_rdata_reset(¤t); result = dns_rdataset_next(rrset); } return (ISC_FALSE); }
/*% * short_form message print handler. Calls above say_message() */ static isc_result_t short_answer(dns_message_t *msg, dns_messagetextflag_t flags, isc_buffer_t *buf, dig_query_t *query) { dns_name_t *name; dns_rdataset_t *rdataset; isc_result_t result, loopresult; dns_name_t empty_name; dns_rdata_t rdata = DNS_RDATA_INIT; UNUSED(flags); dns_name_init(&empty_name, NULL); result = dns_message_firstname(msg, DNS_SECTION_ANSWER); if (result == ISC_R_NOMORE) return (ISC_R_SUCCESS); else if (result != ISC_R_SUCCESS) return (result); for (;;) { name = NULL; dns_message_currentname(msg, DNS_SECTION_ANSWER, &name); for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { loopresult = dns_rdataset_first(rdataset); while (loopresult == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); result = say_message(&rdata, query, buf); if (result == ISC_R_NOSPACE) return (result); check_result(result, "say_message"); loopresult = dns_rdataset_next(rdataset); dns_rdata_reset(&rdata); } } result = dns_message_nextname(msg, DNS_SECTION_ANSWER); if (result == ISC_R_NOMORE) break; else if (result != ISC_R_SUCCESS) return (result); } return (ISC_R_SUCCESS); }
static inline isc_result_t copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) { isc_result_t result; unsigned int count; isc_region_t ar, r; dns_rdata_t rdata = DNS_RDATA_INIT; /* * Copy the rdataset count to the buffer. */ isc_buffer_availableregion(buffer, &ar); if (ar.length < 2) return (ISC_R_NOSPACE); count = dns_rdataset_count(rdataset); INSIST(count <= 65535); isc_buffer_putuint16(buffer, (isc_uint16_t)count); result = dns_rdataset_first(rdataset); while (result == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); dns_rdata_toregion(&rdata, &r); INSIST(r.length <= 65535); isc_buffer_availableregion(buffer, &ar); if (ar.length < 2) return (ISC_R_NOSPACE); /* * Copy the rdata length to the buffer. */ isc_buffer_putuint16(buffer, (isc_uint16_t)r.length); /* * Copy the rdata to the buffer. */ result = isc_buffer_copyregion(buffer, &r); if (result != ISC_R_SUCCESS) return (result); dns_rdata_reset(&rdata); result = dns_rdataset_next(rdataset); } if (result != ISC_R_NOMORE) return (result); return (ISC_R_SUCCESS); }
isc_result_t dns_db_getsoaserial(dns_db_t *db, dns_dbversion_t *ver, isc_uint32_t *serialp) { isc_result_t result; dns_dbnode_t *node = NULL; dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; isc_buffer_t buffer; REQUIRE(dns_db_iszone(db) || dns_db_isstub(db)); result = dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node); if (result != ISC_R_SUCCESS) return (result); dns_rdataset_init(&rdataset); result = dns_db_findrdataset(db, node, ver, dns_rdatatype_soa, 0, (isc_stdtime_t)0, &rdataset, NULL); if (result != ISC_R_SUCCESS) goto freenode; result = dns_rdataset_first(&rdataset); if (result != ISC_R_SUCCESS) goto freerdataset; dns_rdataset_current(&rdataset, &rdata); result = dns_rdataset_next(&rdataset); INSIST(result == ISC_R_NOMORE); INSIST(rdata.length > 20); isc_buffer_init(&buffer, rdata.data, rdata.length); isc_buffer_add(&buffer, rdata.length); isc_buffer_forward(&buffer, rdata.length - 20); *serialp = isc_buffer_getuint32(&buffer); result = ISC_R_SUCCESS; freerdataset: dns_rdataset_disassociate(&rdataset); freenode: dns_db_detachnode(db, &node); return (result); }
static isc_result_t in_rootns(dns_rdataset_t *rootns, dns_name_t *name) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_ns_t ns; if (!dns_rdataset_isassociated(rootns)) return (ISC_R_NOTFOUND); result = dns_rdataset_first(rootns); while (result == ISC_R_SUCCESS) { dns_rdataset_current(rootns, &rdata); result = dns_rdata_tostruct(&rdata, &ns, NULL); if (result != ISC_R_SUCCESS) return (result); if (dns_name_compare(name, &ns.name) == 0) return (ISC_R_SUCCESS); result = dns_rdataset_next(rootns); } if (result == ISC_R_NOMORE) result = ISC_R_NOTFOUND; return (result); }
/* * Sort the rdataset into an array. */ static isc_result_t rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx, dns_rdata_t **rdata, int *nrdata) { isc_result_t ret; int i = 0, n; dns_rdata_t *data; n = dns_rdataset_count(set); data = isc_mem_get(mctx, n * sizeof(dns_rdata_t)); if (data == NULL) return (ISC_R_NOMEMORY); ret = dns_rdataset_first(set); if (ret != ISC_R_SUCCESS) { isc_mem_put(mctx, data, n * sizeof(dns_rdata_t)); return (ret); } /* * Put them in the array. */ do { dns_rdata_init(&data[i]); dns_rdataset_current(set, &data[i++]); } while (dns_rdataset_next(set) == ISC_R_SUCCESS); /* * Sort the array. */ qsort(data, n, sizeof(dns_rdata_t), rdata_compare_wrapper); *rdata = data; *nrdata = n; return (ISC_R_SUCCESS); }
isc_result_t dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, dns_rdatatype_t covers, dns_rdataset_t *rdataset) { dns_name_t tname; dns_rdata_rrsig_t rrsig; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_t clone; dns_rdatatype_t type; dns_trust_t trust = dns_trust_none; isc_buffer_t source; isc_region_t remaining, sigregion; isc_result_t result; unsigned char *raw; unsigned int count; REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); dns_rdataset_init(&clone); dns_rdataset_clone(ncacherdataset, &clone); result = dns_rdataset_first(&clone); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&clone, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&tname, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&tname, &remaining); INSIST(remaining.length >= tname.length); isc_buffer_forward(&source, tname.length); isc_region_consume(&remaining, tname.length); INSIST(remaining.length >= 2); type = isc_buffer_getuint16(&source); isc_region_consume(&remaining, 2); if (type != dns_rdatatype_rrsig || !dns_name_equal(&tname, name)) { result = dns_rdataset_next(&clone); dns_rdata_reset(&rdata); continue; } INSIST(remaining.length >= 1); trust = isc_buffer_getuint8(&source); INSIST(trust <= dns_trust_ultimate); isc_region_consume(&remaining, 1); raw = remaining.base; count = raw[0] * 256 + raw[1]; INSIST(count > 0); raw += 2; sigregion.length = raw[0] * 256 + raw[1]; raw += 2; sigregion.base = raw; dns_rdata_reset(&rdata); dns_rdata_fromregion(&rdata, rdataset->rdclass, dns_rdatatype_rrsig, &sigregion); (void)dns_rdata_tostruct(&rdata, &rrsig, NULL); if (rrsig.covered == covers) { isc_buffer_remainingregion(&source, &remaining); break; } result = dns_rdataset_next(&clone); dns_rdata_reset(&rdata); } dns_rdataset_disassociate(&clone); if (result == ISC_R_NOMORE) return (ISC_R_NOTFOUND); if (result != ISC_R_SUCCESS) return (result); INSIST(remaining.length != 0); rdataset->methods = &rdataset_methods; rdataset->rdclass = ncacherdataset->rdclass; rdataset->type = dns_rdatatype_rrsig; rdataset->covers = covers; rdataset->ttl = ncacherdataset->ttl; rdataset->trust = trust; rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = remaining.base; /* * Reset iterator state. */ rdataset->privateuint4 = 0; rdataset->private5 = NULL; rdataset->private6 = NULL; return (ISC_R_SUCCESS); }
int main(int argc, char *argv[]) { char *sql; int res; char *errmsg = NULL; char *porigin, *zonefile; dns_fixedname_t forigin, fname; dns_name_t *origin, *name; dns_db_t *db = NULL; dns_dbiterator_t *dbiter; dns_dbnode_t *node; dns_rdatasetiter_t *rdsiter; dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; isc_mem_t *mctx = NULL; isc_entropy_t *ectx = NULL; isc_buffer_t b; isc_result_t result; if (argc != 5) { printf("usage: %s <zone> <zonefile> <dbfile> <dbtable>\n", argv[0]); exit(1); } porigin = argv[1]; zonefile = argv[2]; dbi.filename = argv[3]; dbi.table = argv[4]; dns_result_register(); result = isc_mem_create(0, 0, &mctx); check_result(result, "isc_mem_create"); result = isc_entropy_create(mctx, &ectx); check_result(result, "isc_entropy_create"); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); check_result(result, "isc_hash_create"); isc_buffer_init(&b, porigin, strlen(porigin)); isc_buffer_add(&b, strlen(porigin)); dns_fixedname_init(&forigin); origin = dns_fixedname_name(&forigin); result = dns_name_fromtext(origin, &b, dns_rootname, 0, NULL); check_result(result, "dns_name_fromtext"); db = NULL; result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &db); check_result(result, "dns_db_create"); result = dns_db_load(db, zonefile); if (result == DNS_R_SEENINCLUDE) result = ISC_R_SUCCESS; check_result(result, "dns_db_load"); printf("Connecting to '%s'\n", dbi.filename); if ((result = db_connect(&dbi)) != ISC_R_SUCCESS) { fprintf(stderr, "Connection to database '%s' failed\n", dbi.filename); closeandexit(1); } sql = sqlite3_mprintf("DROP TABLE %q ", dbi.table); printf("%s\n", sql); res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg); sqlite3_free(sql); #if 0 if (res != SQLITE_OK) { fprintf(stderr, "DROP TABLE %s failed: %s\n", dbi.table, errmsg); } #endif #if 0 sql = sqlite3_mprintf(sql, "BEGIN TRANSACTION"); printf("%s\n", sql); res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg); sqlite3_free(sql); if (res != SQLITE_OK) { fprintf(stderr, "BEGIN TRANSACTION failed: %s\n", errmsg); closeandexit(1); } #endif sql = sqlite3_mprintf( "CREATE TABLE %q " "(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT) ", dbi.table); printf("%s\n", sql); res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg); sqlite3_free(sql); if (res != SQLITE_OK) { fprintf(stderr, "CREATE TABLE %s failed: %s\n", dbi.table, errmsg); closeandexit(1); } dbiter = NULL; result = dns_db_createiterator(db, 0, &dbiter); check_result(result, "dns_db_createiterator()"); result = dns_dbiterator_first(dbiter); check_result(result, "dns_dbiterator_first"); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); dns_rdataset_init(&rdataset); dns_rdata_init(&rdata); while (result == ISC_R_SUCCESS) { node = NULL; result = dns_dbiterator_current(dbiter, &node, name); if (result == ISC_R_NOMORE) break; check_result(result, "dns_dbiterator_current"); rdsiter = NULL; result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter); check_result(result, "dns_db_allrdatasets"); result = dns_rdatasetiter_first(rdsiter); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current(rdsiter, &rdataset); result = dns_rdataset_first(&rdataset); check_result(result, "dns_rdataset_first"); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&rdataset, &rdata); addrdata(name, rdataset.ttl, &rdata); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rdataset); } dns_rdataset_disassociate(&rdataset); result = dns_rdatasetiter_next(rdsiter); } dns_rdatasetiter_destroy(&rdsiter); dns_db_detachnode(db, &node); result = dns_dbiterator_next(dbiter); } #if 0 sql = sqlite3_mprintf(sql, "COMMIT TRANSACTION "); printf("%s\n", sql); res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg); sqlite3_free(sql); if (res != SQLITE_OK) { fprintf(stderr, "COMMIT TRANSACTION failed: %s\n", errmsg); closeandexit(1); } #endif dns_dbiterator_destroy(&dbiter); dns_db_detach(&db); isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); closeandexit(0); exit(0); }
isc_result_t dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, dns_rdatatype_t type, dns_rdataset_t *rdataset) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t remaining; isc_buffer_t source; dns_name_t tname; dns_rdatatype_t ttype; dns_trust_t trust = dns_trust_none; dns_rdataset_t clone; REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); REQUIRE(type != dns_rdatatype_rrsig); dns_rdataset_init(&clone); dns_rdataset_clone(ncacherdataset, &clone); result = dns_rdataset_first(&clone); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&clone, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&tname, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&tname, &remaining); INSIST(remaining.length >= tname.length); isc_buffer_forward(&source, tname.length); remaining.length -= tname.length; INSIST(remaining.length >= 3); ttype = isc_buffer_getuint16(&source); if (ttype == type && dns_name_equal(&tname, name)) { trust = isc_buffer_getuint8(&source); INSIST(trust <= dns_trust_ultimate); isc_buffer_remainingregion(&source, &remaining); break; } result = dns_rdataset_next(&clone); dns_rdata_reset(&rdata); } dns_rdataset_disassociate(&clone); if (result == ISC_R_NOMORE) return (ISC_R_NOTFOUND); if (result != ISC_R_SUCCESS) return (result); INSIST(remaining.length != 0); rdataset->methods = &rdataset_methods; rdataset->rdclass = ncacherdataset->rdclass; rdataset->type = type; rdataset->covers = 0; rdataset->ttl = ncacherdataset->ttl; rdataset->trust = trust; rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = remaining.base; /* * Reset iterator state. */ rdataset->privateuint4 = 0; rdataset->private5 = NULL; rdataset->private6 = NULL; return (ISC_R_SUCCESS); }
isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, isc_buffer_t *target, unsigned int options, unsigned int *countp) { dns_rdata_t rdata = DNS_RDATA_INIT; isc_result_t result; isc_region_t remaining, tavailable; isc_buffer_t source, savedbuffer, rdlen; dns_name_t name; dns_rdatatype_t type; unsigned int i, rcount, count; /* * Convert the negative caching rdataset 'rdataset' to wire format, * compressing names as specified in 'cctx', and storing the result in * 'target'. */ REQUIRE(rdataset != NULL); REQUIRE(rdataset->type == 0); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); savedbuffer = *target; count = 0; result = dns_rdataset_first(rdataset); while (result == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); isc_buffer_init(&source, rdata.data, rdata.length); isc_buffer_add(&source, rdata.length); dns_name_init(&name, NULL); isc_buffer_remainingregion(&source, &remaining); dns_name_fromregion(&name, &remaining); INSIST(remaining.length >= name.length); isc_buffer_forward(&source, name.length); remaining.length -= name.length; INSIST(remaining.length >= 5); type = isc_buffer_getuint16(&source); isc_buffer_forward(&source, 1); rcount = isc_buffer_getuint16(&source); for (i = 0; i < rcount; i++) { /* * Get the length of this rdata and set up an * rdata structure for it. */ isc_buffer_remainingregion(&source, &remaining); INSIST(remaining.length >= 2); dns_rdata_reset(&rdata); rdata.length = isc_buffer_getuint16(&source); isc_buffer_remainingregion(&source, &remaining); rdata.data = remaining.base; rdata.type = type; rdata.rdclass = rdataset->rdclass; INSIST(remaining.length >= rdata.length); isc_buffer_forward(&source, rdata.length); if ((options & DNS_NCACHETOWIRE_OMITDNSSEC) != 0 && dns_rdatatype_isdnssec(type)) continue; /* * Write the name. */ dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14); result = dns_name_towire(&name, cctx, target); if (result != ISC_R_SUCCESS) goto rollback; /* * See if we have space for type, class, ttl, and * rdata length. Write the type, class, and ttl. */ isc_buffer_availableregion(target, &tavailable); if (tavailable.length < 10) { result = ISC_R_NOSPACE; goto rollback; } isc_buffer_putuint16(target, type); isc_buffer_putuint16(target, rdataset->rdclass); isc_buffer_putuint32(target, rdataset->ttl); /* * Save space for rdata length. */ rdlen = *target; isc_buffer_add(target, 2); /* * Write the rdata. */ result = dns_rdata_towire(&rdata, cctx, target); if (result != ISC_R_SUCCESS) goto rollback; /* * Set the rdata length field to the compressed * length. */ INSIST((target->used >= rdlen.used + 2) && (target->used - rdlen.used - 2 < 65536)); isc_buffer_putuint16(&rdlen, (isc_uint16_t)(target->used - rdlen.used - 2)); count++; } INSIST(isc_buffer_remaininglength(&source) == 0); result = dns_rdataset_next(rdataset); dns_rdata_reset(&rdata); } if (result != ISC_R_NOMORE) goto rollback; *countp = count; return (ISC_R_SUCCESS); rollback: INSIST(savedbuffer.used < 65536); dns_compress_rollback(cctx, (isc_uint16_t)savedbuffer.used); *countp = 0; *target = savedbuffer; return (result); }
void dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_ns_t ns; dns_rdataset_t hintns, rootns; const char *viewname = "", *sep = ""; isc_stdtime_t now; dns_name_t *name; dns_fixedname_t fixed; REQUIRE(hints != NULL); REQUIRE(db != NULL); REQUIRE(view != NULL); isc_stdtime_get(&now); if (strcmp(view->name, "_bind") != 0 && strcmp(view->name, "_default") != 0) { viewname = view->name; sep = ": view "; } dns_rdataset_init(&hintns); dns_rdataset_init(&rootns); dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0, now, NULL, name, &hintns, NULL); if (result != ISC_R_SUCCESS) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, "checkhints%s%s: unable to get root NS rrset " "from hints: %s", sep, viewname, dns_result_totext(result)); goto cleanup; } result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0, now, NULL, name, &rootns, NULL); if (result != ISC_R_SUCCESS) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, "checkhints%s%s: unable to get root NS rrset " "from cache: %s", sep, viewname, dns_result_totext(result)); goto cleanup; } /* * Look for missing root NS names. */ result = dns_rdataset_first(&rootns); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&rootns, &rdata); result = dns_rdata_tostruct(&rdata, &ns, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); result = in_rootns(&hintns, &ns.name); if (result != ISC_R_SUCCESS) { char namebuf[DNS_NAME_FORMATSIZE]; /* missing from hints */ dns_name_format(&ns.name, namebuf, sizeof(namebuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, "checkhints%s%s: unable to find root " "NS '%s' in hints", sep, viewname, namebuf); } else check_address_records(view, hints, db, &ns.name, now); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rootns); } if (result != ISC_R_NOMORE) { goto cleanup; } /* * Look for extra root NS names. */ result = dns_rdataset_first(&hintns); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&hintns, &rdata); result = dns_rdata_tostruct(&rdata, &ns, NULL); RUNTIME_CHECK(result == ISC_R_SUCCESS); result = in_rootns(&rootns, &ns.name); if (result != ISC_R_SUCCESS) { char namebuf[DNS_NAME_FORMATSIZE]; /* extra entry in hints */ dns_name_format(&ns.name, namebuf, sizeof(namebuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_HINTS, ISC_LOG_WARNING, "checkhints%s%s: extra NS '%s' in hints", sep, viewname, namebuf); } dns_rdata_reset(&rdata); result = dns_rdataset_next(&hintns); } if (result != ISC_R_NOMORE) { goto cleanup; } cleanup: if (dns_rdataset_isassociated(&rootns)) dns_rdataset_disassociate(&rootns); if (dns_rdataset_isassociated(&hintns)) dns_rdataset_disassociate(&hintns); }
static isc_result_t process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout, dns_tsig_keyring_t *ring, dns_namelist_t *namelist) { isc_result_t result = ISC_R_SUCCESS; dns_name_t *keyname, ourname; dns_rdataset_t *keyset = NULL; dns_rdata_t keyrdata = DNS_RDATA_INIT, ourkeyrdata = DNS_RDATA_INIT; isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE; dst_key_t *pubkey = NULL; isc_buffer_t ourkeybuf, *shared = NULL; isc_region_t r, r2, ourkeyr; unsigned char keydata[DST_KEY_MAXSIZE]; unsigned int sharedsize; isc_buffer_t secret; unsigned char *randomdata = NULL, secretdata[256]; dns_ttl_t ttl = 0; if (tctx->dhkey == NULL) { tkey_log("process_dhtkey: tkey-dhkey not defined"); tkeyout->error = dns_tsigerror_badalg; return (DNS_R_REFUSED); } if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_HMACMD5_NAME)) { tkey_log("process_dhtkey: algorithms other than " "hmac-md5 are not supported"); tkeyout->error = dns_tsigerror_badalg; return (ISC_R_SUCCESS); } /* * Look for a DH KEY record that will work with ours. */ for (result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL); result == ISC_R_SUCCESS && !found_key; result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL)) { keyname = NULL; dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, &keyname); keyset = NULL; result = dns_message_findtype(keyname, dns_rdatatype_key, 0, &keyset); if (result != ISC_R_SUCCESS) continue; for (result = dns_rdataset_first(keyset); result == ISC_R_SUCCESS && !found_key; result = dns_rdataset_next(keyset)) { dns_rdataset_current(keyset, &keyrdata); pubkey = NULL; result = dns_dnssec_keyfromrdata(keyname, &keyrdata, msg->mctx, &pubkey); if (result != ISC_R_SUCCESS) { dns_rdata_reset(&keyrdata); continue; } if (dst_key_alg(pubkey) == DNS_KEYALG_DH) { if (dst_key_paramcompare(pubkey, tctx->dhkey)) { found_key = ISC_TRUE; ttl = keyset->ttl; break; } else found_incompatible = ISC_TRUE; } dst_key_free(&pubkey); dns_rdata_reset(&keyrdata); } } if (!found_key) { if (found_incompatible) { tkey_log("process_dhtkey: found an incompatible key"); tkeyout->error = dns_tsigerror_badkey; return (ISC_R_SUCCESS); } else { tkey_log("process_dhtkey: failed to find a key"); return (DNS_R_FORMERR); } } RETERR(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist)); isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata)); RETERR(dst_key_todns(tctx->dhkey, &ourkeybuf)); isc_buffer_usedregion(&ourkeybuf, &ourkeyr); dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any, dns_rdatatype_key, &ourkeyr); dns_name_init(&ourname, NULL); dns_name_clone(dst_key_name(tctx->dhkey), &ourname); /* * XXXBEW The TTL should be obtained from the database, if it exists. */ RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist)); RETERR(dst_key_secretsize(tctx->dhkey, &sharedsize)); RETERR(isc_buffer_allocate(msg->mctx, &shared, sharedsize)); result = dst_key_computesecret(pubkey, tctx->dhkey, shared); if (result != ISC_R_SUCCESS) { tkey_log("process_dhtkey: failed to compute shared secret: %s", isc_result_totext(result)); goto failure; } dst_key_free(&pubkey); isc_buffer_init(&secret, secretdata, sizeof(secretdata)); randomdata = isc_mem_get(tkeyout->mctx, TKEY_RANDOM_AMOUNT); if (randomdata == NULL) goto failure; result = dst__entropy_getdata(randomdata, TKEY_RANDOM_AMOUNT, ISC_FALSE); if (result != ISC_R_SUCCESS) { tkey_log("process_dhtkey: failed to obtain entropy: %s", isc_result_totext(result)); goto failure; } r.base = randomdata; r.length = TKEY_RANDOM_AMOUNT; r2.base = tkeyin->key; r2.length = tkeyin->keylen; RETERR(compute_secret(shared, &r2, &r, &secret)); isc_buffer_free(&shared); RETERR(dns_tsigkey_create(name, &tkeyin->algorithm, isc_buffer_base(&secret), isc_buffer_usedlength(&secret), ISC_TRUE, signer, tkeyin->inception, tkeyin->expire, ring->mctx, ring, NULL)); /* This key is good for a long time */ tkeyout->inception = tkeyin->inception; tkeyout->expire = tkeyin->expire; tkeyout->key = randomdata; tkeyout->keylen = TKEY_RANDOM_AMOUNT; return (ISC_R_SUCCESS); failure: if (!ISC_LIST_EMPTY(*namelist)) free_namelist(msg, namelist); if (shared != NULL) isc_buffer_free(&shared); if (pubkey != NULL) dst_key_free(&pubkey); if (randomdata != NULL) isc_mem_put(tkeyout->mctx, randomdata, TKEY_RANDOM_AMOUNT); return (result); }
static void resolve_nsaddress(isc_task_t *task, isc_event_t *event) { struct probe_trans *trans = event->ev_arg; dns_clientresevent_t *rev = (dns_clientresevent_t *)event; dns_name_t *name; dns_rdataset_t *rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; struct probe_ns *pns = trans->current_ns; isc_result_t result; REQUIRE(task == probe_task); REQUIRE(trans->inuse == ISC_TRUE); REQUIRE(pns != NULL); INSIST(outstanding_probes > 0); for (name = ISC_LIST_HEAD(rev->answerlist); name != NULL; name = ISC_LIST_NEXT(name, link)) { for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { (void)print_rdataset(rdataset, name); if (rdataset->type != dns_rdatatype_a) continue; for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) { dns_rdata_in_a_t rdata_a; struct server *server; dns_rdataset_current(rdataset, &rdata); result = dns_rdata_tostruct(&rdata, &rdata_a, NULL); if (result != ISC_R_SUCCESS) continue; server = isc_mem_get(mctx, sizeof(*server)); if (server == NULL) { fprintf(stderr, "resolve_nsaddress: " "mem_get failed"); result = ISC_R_NOMEMORY; POST(result); goto cleanup; } isc_sockaddr_fromin(&server->address, &rdata_a.in_addr, 53); ISC_LINK_INIT(server, link); server->result_a = none; server->result_aaaa = none; ISC_LIST_APPEND(pns->servers, server, link); } } } cleanup: dns_client_freeresanswer(client, &rev->answerlist); dns_client_destroyrestrans(&trans->resid); isc_event_free(&event); next_ns: trans->current_ns = ISC_LIST_NEXT(pns, link); if (trans->current_ns == NULL) { trans->current_ns = ISC_LIST_HEAD(trans->nslist); dns_fixedname_invalidate(&trans->fixedname); trans->qname = NULL; result = set_nextqname(trans); if (result == ISC_R_SUCCESS) result = probe_name(trans, dns_rdatatype_a); } else { result = fetch_nsaddress(trans); if (result != ISC_R_SUCCESS) goto next_ns; /* XXX: this is unlikely to succeed */ } if (result != ISC_R_SUCCESS) reset_probe(trans); }
static isc_result_t printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers, dns_section_t section) { isc_result_t result, loopresult; dns_name_t *name; dns_rdataset_t *rdataset = NULL; dns_rdata_t rdata = DNS_RDATA_INIT; char namebuf[DNS_NAME_FORMATSIZE]; UNUSED(query); UNUSED(headers); debug("printsection()"); result = dns_message_firstname(msg, section); if (result == ISC_R_NOMORE) return (ISC_R_SUCCESS); else if (result != ISC_R_SUCCESS) return (result); for (;;) { name = NULL; dns_message_currentname(msg, section, &name); for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { loopresult = dns_rdataset_first(rdataset); while (loopresult == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); switch (rdata.type) { case dns_rdatatype_a: if (section != DNS_SECTION_ANSWER) goto def_short_section; dns_name_format(name, namebuf, sizeof(namebuf)); printf("Name:\t%s\n", namebuf); printa(&rdata); break; case dns_rdatatype_soa: dns_name_format(name, namebuf, sizeof(namebuf)); printf("%s\n", namebuf); printsoa(&rdata); break; default: def_short_section: dns_name_format(name, namebuf, sizeof(namebuf)); printf("%s\t", namebuf); printrdata(&rdata); break; } dns_rdata_reset(&rdata); loopresult = dns_rdataset_next(rdataset); } } result = dns_message_nextname(msg, section); if (result == ISC_R_NOMORE) break; else if (result != ISC_R_SUCCESS) { return (result); } } return (ISC_R_SUCCESS); }
static isc_result_t towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, dns_rdatasetorderfunc_t order, const void *order_arg, isc_boolean_t partial, unsigned int options, unsigned int *countp, void **state) { dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t r; isc_result_t result; unsigned int i, count = 0, added, choice; isc_buffer_t savedbuffer, rdlen, rrbuffer; unsigned int headlen; isc_boolean_t question = ISC_FALSE; isc_boolean_t shuffle = ISC_FALSE; dns_rdata_t *shuffled = NULL, shuffled_fixed[MAX_SHUFFLE]; struct towire_sort *sorted = NULL, sorted_fixed[MAX_SHUFFLE]; /* count processed auswer ips */ int answer_count = 0; int is_no_auth_answer = 0; /* tmp count for record */ int tmp_count = 0; UNUSED(state); /* * Convert 'rdataset' to wire format, compressing names as specified * in cctx, and storing the result in 'target'. */ REQUIRE(DNS_RDATASET_VALID(rdataset)); REQUIRE(countp != NULL); REQUIRE((order == NULL) == (order_arg == NULL)); REQUIRE(cctx != NULL && cctx->mctx != NULL); if ((rdataset->attributes & DNS_RDATASETATTR_QUESTION) != 0) { question = ISC_TRUE; count = 1; result = dns_rdataset_first(rdataset); INSIST(result == ISC_R_NOMORE); } else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { /* * This is a negative caching rdataset. */ unsigned int ncache_opts = 0; if ((options & DNS_RDATASETTOWIRE_OMITDNSSEC) != 0) ncache_opts |= DNS_NCACHETOWIRE_OMITDNSSEC; return (dns_ncache_towire(rdataset, cctx, target, ncache_opts, countp)); } else { count = (rdataset->methods->count)(rdataset); result = dns_rdataset_first(rdataset); if (result == ISC_R_NOMORE) return (ISC_R_SUCCESS); if (result != ISC_R_SUCCESS) return (result); } /* * Do we want to shuffle this answer? */ if (!question && count > 1 && (!WANT_FIXED(rdataset) || order != NULL) && rdataset->type != dns_rdatatype_rrsig) shuffle = ISC_TRUE; if (shuffle && count > MAX_SHUFFLE) { shuffled = isc_mem_get(cctx->mctx, count * sizeof(*shuffled)); sorted = isc_mem_get(cctx->mctx, count * sizeof(*sorted)); if (shuffled == NULL || sorted == NULL) shuffle = ISC_FALSE; } else { shuffled = shuffled_fixed; sorted = sorted_fixed; } if (shuffle) { /* * First we get handles to all of the rdata. */ i = 0; do { INSIST(i < count); dns_rdata_init(&shuffled[i]); dns_rdataset_current(rdataset, &shuffled[i]); i++; result = dns_rdataset_next(rdataset); } while (result == ISC_R_SUCCESS); if (result != ISC_R_NOMORE) goto cleanup; INSIST(i == count); /* * Now we shuffle. */ if (WANT_FIXED(rdataset)) { /* * 'Fixed' order. */ INSIST(order != NULL); for (i = 0; i < count; i++) { sorted[i].key = (*order)(&shuffled[i], order_arg); sorted[i].rdata = &shuffled[i]; } } else if (WANT_RANDOM(rdataset)) { /* * 'Random' order. */ for (i = 0; i < count; i++) { dns_rdata_t rdata; isc_uint32_t val; isc_random_get(&val); choice = i + (val % (count - i)); rdata = shuffled[i]; shuffled[i] = shuffled[choice]; shuffled[choice] = rdata; if (order != NULL) sorted[i].key = (*order)(&shuffled[i], order_arg); else sorted[i].key = 0; /* Unused */ sorted[i].rdata = &shuffled[i]; } } else { /* * "Cyclic" order. */ isc_uint32_t val; unsigned int j; val = rdataset->count; if (val == ISC_UINT32_MAX) isc_random_get(&val); j = val % count; for (i = 0; i < count; i++) { if (order != NULL) sorted[i].key = (*order)(&shuffled[j], order_arg); else sorted[i].key = 0; /* Unused */ sorted[i].rdata = &shuffled[j]; j++; if (j == count) j = 0; /* Wrap around. */ } } /* * Sorted order. */ if (order != NULL) qsort(sorted, count, sizeof(sorted[0]), towire_compare); } savedbuffer = *target; i = 0; added = 0; // save the count here tmp_count = count; do { /* * Copy out the name, type, class, ttl. */ /* mark if is answer data. */ is_no_auth_answer = 0; /* Answer from a non-authoritative server,we set the ttl fixed as 500. */ if(rdataset->attributes == DNS_RDATASETATTR_LOADORDER && rdataset->type == dns_rdatatype_a){ /* Answer from a non-authoritative server,we set the ttl fixed as 500. */ if(rdataset->trust == dns_trust_answer ){ is_no_auth_answer = 1; } /* for all multi-ip answer,if set DNS_ANSWER_ONLY_ONE_IP flag, return only 1 ip. */ if(answer_count == 0){ answer_count ++; }else{ if( DNS_ANSWER_ONLY_ONE_IP ){ //fprintf(stderr,"DNS_ANSWER_ONLY_ONE_IP set,skip. \n"); if (shuffle) { tmp_count--; if (i == tmp_count) result = ISC_R_NOMORE; else result = ISC_R_SUCCESS; } else { result = dns_rdataset_next(rdataset); } continue; } } } rrbuffer = *target; dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14); result = dns_name_towire(owner_name, cctx, target); if (result != ISC_R_SUCCESS) goto rollback; headlen = sizeof(dns_rdataclass_t) + sizeof(dns_rdatatype_t); if (!question) headlen += sizeof(dns_ttl_t) + 2; /* XXX 2 for rdata len */ isc_buffer_availableregion(target, &r); if (r.length < headlen) { result = ISC_R_NOSPACE; goto rollback; } isc_buffer_putuint16(target, rdataset->type); isc_buffer_putuint16(target, rdataset->rdclass); if (!question) { if( is_no_auth_answer ){ isc_buffer_putuint32(target, DNS_DEFAULT_TTL_FOR_NO_AUTH_NAME); }else{ isc_buffer_putuint32(target, rdataset->ttl); } //fprintf(stderr,"xxxxxxxxx:trust : %d artr: %d ttl:%d cover: %d type: %d count: %d class: %d\n", rdataset->trust,rdataset->attributes,rdataset->ttl, rdataset->covers,rdataset->type, rdataset->count, rdataset->rdclass); /* * Save space for rdlen. */ rdlen = *target; isc_buffer_add(target, 2); /* * Copy out the rdata */ if (shuffle) rdata = *(sorted[i].rdata); else { dns_rdata_reset(&rdata); dns_rdataset_current(rdataset, &rdata); } result = dns_rdata_towire(&rdata, cctx, target); if (result != ISC_R_SUCCESS) goto rollback; INSIST((target->used >= rdlen.used + 2) && (target->used - rdlen.used - 2 < 65536)); isc_buffer_putuint16(&rdlen, (isc_uint16_t)(target->used - rdlen.used - 2)); added++; } if (shuffle) { i++; if (i == tmp_count) result = ISC_R_NOMORE; else result = ISC_R_SUCCESS; } else { result = dns_rdataset_next(rdataset); } } while (result == ISC_R_SUCCESS); if (result != ISC_R_NOMORE) goto rollback; *countp += tmp_count; result = ISC_R_SUCCESS; goto cleanup; rollback: if (partial && result == ISC_R_NOSPACE) { INSIST(rrbuffer.used < 65536); dns_compress_rollback(cctx, (isc_uint16_t)rrbuffer.used); *countp += added; *target = rrbuffer; goto cleanup; } INSIST(savedbuffer.used < 65536); dns_compress_rollback(cctx, (isc_uint16_t)savedbuffer.used); *countp = 0; *target = savedbuffer; cleanup: if (sorted != NULL && sorted != sorted_fixed) isc_mem_put(cctx->mctx, sorted, count * sizeof(*sorted)); if (shuffled != NULL && shuffled != shuffled_fixed) isc_mem_put(cctx->mctx, shuffled, count * sizeof(*shuffled)); return (result); }
static isc_result_t detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers, dns_section_t section) { isc_result_t result, loopresult; dns_name_t *name; dns_rdataset_t *rdataset = NULL; dns_rdata_t rdata = DNS_RDATA_INIT; char namebuf[DNS_NAME_FORMATSIZE]; UNUSED(query); debug("detailsection()"); if (headers) { switch (section) { case DNS_SECTION_QUESTION: puts(" QUESTIONS:"); break; case DNS_SECTION_ANSWER: puts(" ANSWERS:"); break; case DNS_SECTION_AUTHORITY: puts(" AUTHORITY RECORDS:"); break; case DNS_SECTION_ADDITIONAL: puts(" ADDITIONAL RECORDS:"); break; } } result = dns_message_firstname(msg, section); if (result == ISC_R_NOMORE) return (ISC_R_SUCCESS); else if (result != ISC_R_SUCCESS) return (result); for (;;) { name = NULL; dns_message_currentname(msg, section, &name); for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { if (section == DNS_SECTION_QUESTION) { dns_name_format(name, namebuf, sizeof(namebuf)); printf("\t%s, ", namebuf); dns_rdatatype_format(rdataset->type, namebuf, sizeof(namebuf)); printf("type = %s, ", namebuf); dns_rdataclass_format(rdataset->rdclass, namebuf, sizeof(namebuf)); printf("class = %s\n", namebuf); } loopresult = dns_rdataset_first(rdataset); while (loopresult == ISC_R_SUCCESS) { dns_rdataset_current(rdataset, &rdata); dns_name_format(name, namebuf, sizeof(namebuf)); printf(" -> %s\n", namebuf); switch (rdata.type) { case dns_rdatatype_soa: printsoa(&rdata); break; default: printf("\t"); printrdata(&rdata); } dns_rdata_reset(&rdata); printf("\tttl = %u\n", rdataset->ttl); loopresult = dns_rdataset_next(rdataset); } } result = dns_message_nextname(msg, section); if (result == ISC_R_NOMORE) break; else if (result != ISC_R_SUCCESS) { return (result); } } return (ISC_R_SUCCESS); }
isc_result_t dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, dns_name_t *name, const char *directory, isc_mem_t *mctx, unsigned int maxkeys, dst_key_t **keys, unsigned int *nkeys) { dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; isc_result_t result; dst_key_t *pubkey = NULL; unsigned int count = 0; REQUIRE(nkeys != NULL); REQUIRE(keys != NULL); *nkeys = 0; dns_rdataset_init(&rdataset); RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0, &rdataset, NULL)); RETERR(dns_rdataset_first(&rdataset)); while (result == ISC_R_SUCCESS && count < maxkeys) { pubkey = NULL; dns_rdataset_current(&rdataset, &rdata); RETERR(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey)); if (!is_zone_key(pubkey) || (dst_key_flags(pubkey) & DNS_KEYTYPE_NOAUTH) != 0) goto next; keys[count] = NULL; result = dst_key_fromfile(dst_key_name(pubkey), dst_key_id(pubkey), dst_key_alg(pubkey), DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, directory, mctx, &keys[count]); if (result == ISC_R_FILENOTFOUND) { keys[count] = pubkey; pubkey = NULL; count++; goto next; } if (result != ISC_R_SUCCESS) goto failure; if ((dst_key_flags(keys[count]) & DNS_KEYTYPE_NOAUTH) != 0) { /* We should never get here. */ dst_key_free(&keys[count]); goto next; } count++; next: if (pubkey != NULL) dst_key_free(&pubkey); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rdataset); } if (result != ISC_R_NOMORE) goto failure; if (count == 0) result = ISC_R_NOTFOUND; else result = ISC_R_SUCCESS; failure: if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); if (pubkey != NULL) dst_key_free(&pubkey); if (result != ISC_R_SUCCESS) while (count > 0) dst_key_free(&keys[--count]); *nkeys = count; return (result); }
int main(int argc, char **argv) { char *algname = NULL, *classname = NULL; char *filename = NULL, *dir = NULL, *namestr; char *lookaside = NULL; char *endp; int ch; unsigned int dtype = DNS_DSDIGEST_SHA1; isc_boolean_t both = ISC_TRUE; isc_boolean_t usekeyset = ISC_FALSE; isc_boolean_t showall = ISC_FALSE; isc_result_t result; isc_log_t *log = NULL; isc_entropy_t *ectx = NULL; dns_rdataset_t rdataset; dns_rdata_t rdata; dns_rdata_init(&rdata); if (argc == 1) usage(); result = isc_mem_create(0, 0, &mctx); if (result != ISC_R_SUCCESS) fatal("out of memory"); dns_result_register(); isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "12Aa:c:d:Ff:K:l:sv:h")) != -1) { switch (ch) { case '1': dtype = DNS_DSDIGEST_SHA1; both = ISC_FALSE; break; case '2': dtype = DNS_DSDIGEST_SHA256; both = ISC_FALSE; break; case 'A': showall = ISC_TRUE; break; case 'a': algname = isc_commandline_argument; both = ISC_FALSE; break; case 'c': classname = isc_commandline_argument; break; case 'd': fprintf(stderr, "%s: the -d option is deprecated; " "use -K\n", program); /* fall through */ case 'K': dir = isc_commandline_argument; if (strlen(dir) == 0U) fatal("directory must be non-empty string"); break; case 'f': filename = isc_commandline_argument; break; case 'l': lookaside = isc_commandline_argument; if (strlen(lookaside) == 0U) fatal("lookaside must be a non-empty string"); break; case 's': usekeyset = ISC_TRUE; break; case 'v': verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') fatal("-v must be followed by a number"); break; case 'F': /* Reserved for FIPS mode */ /* FALLTHROUGH */ case '?': if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); /* FALLTHROUGH */ case 'h': usage(); default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); } } if (algname != NULL) { if (strcasecmp(algname, "SHA1") == 0 || strcasecmp(algname, "SHA-1") == 0) dtype = DNS_DSDIGEST_SHA1; else if (strcasecmp(algname, "SHA256") == 0 || strcasecmp(algname, "SHA-256") == 0) dtype = DNS_DSDIGEST_SHA256; #ifdef HAVE_OPENSSL_GOST else if (strcasecmp(algname, "GOST") == 0) dtype = DNS_DSDIGEST_GOST; #endif else if (strcasecmp(algname, "SHA384") == 0 || strcasecmp(algname, "SHA-384") == 0) dtype = DNS_DSDIGEST_SHA384; else fatal("unknown algorithm %s", algname); } rdclass = strtoclass(classname); if (usekeyset && filename != NULL) fatal("cannot use both -s and -f"); /* When not using -f, -A is implicit */ if (filename == NULL) showall = ISC_TRUE; if (argc < isc_commandline_index + 1 && filename == NULL) fatal("the key file name was not specified"); if (argc > isc_commandline_index + 1) fatal("extraneous arguments"); if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); if (result != ISC_R_SUCCESS) fatal("could not initialize hash"); result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY); if (result != ISC_R_SUCCESS) fatal("could not initialize dst: %s", isc_result_totext(result)); isc_entropy_stopcallbacksources(ectx); setup_logging(verbose, mctx, &log); dns_rdataset_init(&rdataset); if (usekeyset || filename != NULL) { if (argc < isc_commandline_index + 1 && filename != NULL) { /* using zone name as the zone file name */ namestr = filename; } else namestr = argv[isc_commandline_index]; result = initname(namestr); if (result != ISC_R_SUCCESS) fatal("could not initialize name %s", namestr); if (usekeyset) result = loadkeyset(dir, &rdataset); else result = loadsetfromfile(filename, &rdataset); if (result != ISC_R_SUCCESS) fatal("could not load DNSKEY set: %s\n", isc_result_totext(result)); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) { dns_rdata_init(&rdata); dns_rdataset_current(&rdataset, &rdata); if (verbose > 2) logkey(&rdata); if (both) { emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata); emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata); } else emit(dtype, showall, lookaside, &rdata); } } else { unsigned char key_buf[DST_KEY_MAXSIZE]; loadkey(argv[isc_commandline_index], key_buf, DST_KEY_MAXSIZE, &rdata); if (both) { emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata); emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata); } else emit(dtype, showall, lookaside, &rdata); } if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); dst_lib_destroy(); isc_hash_destroy(); cleanup_entropy(&ectx); dns_name_destroy(); if (verbose > 10) isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); fflush(stdout); if (ferror(stdout)) { fprintf(stderr, "write error\n"); return (1); } else return (0); }
int main (int *argc, char **argv) { isc_mem_t *mctx = NULL; isc_entropy_t *ectx = NULL; isc_result_t result; char *basedn; ldap_info *tmp; LDAPMod *base_attrs[2]; LDAPMod base; isc_buffer_t buff; char *zonefile; char fullbasedn[1024]; char *ctmp; dns_fixedname_t fixedzone, fixedname; dns_rdataset_t rdataset; char **dc_list; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdatasetiter_t *riter; dns_name_t *zone, *name; dns_db_t *db = NULL; dns_dbiterator_t *dbit = NULL; dns_dbnode_t *node; extern char *optarg; extern int optind, opterr, optopt; int create_base = 0; int topt; if ((int) argc < 2) { usage (); exit (-1); } while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1) { switch (topt) { case 'v': printf("%s\n", VERSION); exit(0); case 'c': create_base++; break; case 'd': debug++; break; case 'D': binddn = strdup (optarg); break; case 'w': bindpw = strdup (optarg); break; case 'b': ldapbase = strdup (optarg); break; case 'z': argzone = strdup (optarg); // We wipe argzone all to hell when we parse it for the DN */ gbl_zone = strdup(argzone); break; case 'f': zonefile = strdup (optarg); break; case 'h': ldapsystem = strdup (optarg); break; case '?': default: usage (); exit (0); } } if ((argzone == NULL) || (zonefile == NULL)) { usage (); exit (-1); } if (debug) printf ("Initializing ISC Routines, parsing zone file\n"); result = isc_mem_create (0, 0, &mctx); isc_result_check (result, "isc_mem_create"); result = isc_entropy_create(mctx, &ectx); isc_result_check (result, "isc_entropy_create"); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); isc_result_check (result, "isc_hash_create"); isc_buffer_init (&buff, argzone, strlen (argzone)); isc_buffer_add (&buff, strlen (argzone)); dns_fixedname_init (&fixedzone); zone = dns_fixedname_name (&fixedzone); result = dns_name_fromtext (zone, &buff, dns_rootname, 0, NULL); isc_result_check (result, "dns_name_fromtext"); result = dns_db_create (mctx, "rbt", zone, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &db); isc_result_check (result, "dns_db_create"); result = dns_db_load (db, zonefile); isc_result_check (result, "Check Zone Syntax: dns_db_load"); result = dns_db_createiterator (db, 0, &dbit); isc_result_check (result, "dns_db_createiterator"); result = dns_dbiterator_first (dbit); isc_result_check (result, "dns_dbiterator_first"); dns_fixedname_init (&fixedname); name = dns_fixedname_name (&fixedname); dns_rdataset_init (&rdataset); dns_rdata_init (&rdata); while (result == ISC_R_SUCCESS) { node = NULL; result = dns_dbiterator_current (dbit, &node, name); if (result == ISC_R_NOMORE) break; isc_result_check (result, "dns_dbiterator_current"); riter = NULL; result = dns_db_allrdatasets (db, node, NULL, 0, &riter); isc_result_check (result, "dns_db_allrdatasets"); result = dns_rdatasetiter_first (riter); //isc_result_check(result, "dns_rdatasetiter_first"); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current (riter, &rdataset); result = dns_rdataset_first (&rdataset); isc_result_check (result, "dns_rdatasetiter_current"); while (result == ISC_R_SUCCESS) { dns_rdataset_current (&rdataset, &rdata); generate_ldap (name, &rdata, rdataset.ttl); dns_rdata_reset (&rdata); result = dns_rdataset_next (&rdataset); } dns_rdataset_disassociate (&rdataset); result = dns_rdatasetiter_next (riter); } dns_rdatasetiter_destroy (&riter); result = dns_dbiterator_next (dbit); } /* Initialize the LDAP Connection */ if (debug) printf ("Initializing LDAP Connection to %s as %s\n", ldapsystem, binddn); init_ldap_conn (); if (create_base) { if (debug) printf ("Creating base zone DN %s\n", argzone); dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP); basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC); for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--) { if ((*ctmp == ',') || (ctmp == &basedn[0])) { base.mod_op = LDAP_MOD_ADD; base.mod_type = "objectClass"; base.mod_values = topObjectClasses; base_attrs[0] = &base; base_attrs[1] = NULL; if (ldapbase) { if (ctmp != &basedn[0]) sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase); else sprintf (fullbasedn, "%s,%s", ctmp, ldapbase); } else { if (ctmp != &basedn[0]) sprintf (fullbasedn, "%s", ctmp + 1); else sprintf (fullbasedn, "%s", ctmp); } result = ldap_add_s (conn, fullbasedn, base_attrs); ldap_result_check ("intial ldap_add_s", fullbasedn, result); } } } else { if (debug) printf ("Skipping zone base dn creation for %s\n", argzone); } for (tmp = ldap_info_base; tmp != NULL; tmp = tmp->next) { if (debug) printf ("Adding DN: %s\n", tmp->dn); add_ldap_values (tmp); } if (debug) printf("Operation Complete.\n"); /* Cleanup */ isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); if (zonefile) free(zonefile); return 0; }
int main(int argc, char **argv) { char *porigin, *zonefile; dns_fixedname_t forigin, fname; dns_name_t *origin, *name; dns_db_t *db = NULL; dns_dbiterator_t *dbiter; dns_dbnode_t *node; dns_rdatasetiter_t *rdsiter; dns_rdataset_t rdataset; dns_rdata_t rdata = DNS_RDATA_INIT; isc_mem_t *mctx = NULL; isc_entropy_t *ectx = NULL; isc_buffer_t b; isc_result_t result; PGresult *res; if (argc != 5) { printf("usage: %s origin file dbname dbtable\n", argv[0]); printf("Note that dbname must be an existing database.\n"); exit(1); } porigin = argv[1]; zonefile = argv[2]; dbname = argv[3]; dbtable = argv[4]; dns_result_register(); mctx = NULL; result = isc_mem_create(0, 0, &mctx); check_result(result, "isc_mem_create"); result = isc_entropy_create(mctx, &ectx); result_check (result, "isc_entropy_create"); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); check_result (result, "isc_hash_create"); isc_buffer_init(&b, porigin, strlen(porigin)); isc_buffer_add(&b, strlen(porigin)); dns_fixedname_init(&forigin); origin = dns_fixedname_name(&forigin); result = dns_name_fromtext(origin, &b, dns_rootname, ISC_FALSE, NULL); check_result(result, "dns_name_fromtext"); db = NULL; result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone, dns_rdataclass_in, 0, NULL, &db); check_result(result, "dns_db_create"); result = dns_db_load(db, zonefile); if (result == DNS_R_SEENINCLUDE) result = ISC_R_SUCCESS; check_result(result, "dns_db_load"); printf("Connecting to '%s'\n", dbname); conn = PQsetdb(NULL, NULL, NULL, NULL, dbname); if (PQstatus(conn) == CONNECTION_BAD) { fprintf(stderr, "Connection to database '%s' failed: %s\n", dbname, PQerrorMessage(conn)); closeandexit(1); } snprintf(str, sizeof(str), "DROP TABLE %s", dbtable); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) fprintf(stderr, "DROP TABLE command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); snprintf(str, sizeof(str), "BEGIN"); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) { fprintf(stderr, "BEGIN command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); closeandexit(1); } PQclear(res); snprintf(str, sizeof(str), "CREATE TABLE %s " "(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT)", dbtable); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) { fprintf(stderr, "CREATE TABLE command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); closeandexit(1); } PQclear(res); dbiter = NULL; result = dns_db_createiterator(db, ISC_FALSE, &dbiter); check_result(result, "dns_db_createiterator()"); result = dns_dbiterator_first(dbiter); check_result(result, "dns_dbiterator_first"); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); dns_rdataset_init(&rdataset); dns_rdata_init(&rdata); while (result == ISC_R_SUCCESS) { node = NULL; result = dns_dbiterator_current(dbiter, &node, name); if (result == ISC_R_NOMORE) break; check_result(result, "dns_dbiterator_current"); rdsiter = NULL; result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter); check_result(result, "dns_db_allrdatasets"); result = dns_rdatasetiter_first(rdsiter); while (result == ISC_R_SUCCESS) { dns_rdatasetiter_current(rdsiter, &rdataset); result = dns_rdataset_first(&rdataset); check_result(result, "dns_rdataset_first"); while (result == ISC_R_SUCCESS) { dns_rdataset_current(&rdataset, &rdata); addrdata(name, rdataset.ttl, &rdata); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rdataset); } dns_rdataset_disassociate(&rdataset); result = dns_rdatasetiter_next(rdsiter); } dns_rdatasetiter_destroy(&rdsiter); dns_db_detachnode(db, &node); result = dns_dbiterator_next(dbiter); } snprintf(str, sizeof(str), "COMMIT TRANSACTION"); printf("%s\n", str); res = PQexec(conn, str); if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) { fprintf(stderr, "COMMIT command failed: %s\n", PQresultErrorMessage(res)); PQclear(res); closeandexit(1); } PQclear(res); dns_dbiterator_destroy(&dbiter); dns_db_detach(&db); isc_hash_destroy(); isc_entropy_detach(&ectx); isc_mem_destroy(&mctx); closeandexit(0); exit(0); }
void ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { isc_result_t result; dns_name_t *question_name; dns_rdataset_t *question_rdataset; dns_zone_t *zone = NULL, *raw = NULL, *mayberaw; dns_db_t *db = NULL; dns_dbversion_t *ver = NULL; dns_rdataclass_t question_class; rrstream_t *soa_stream = NULL; rrstream_t *data_stream = NULL; rrstream_t *stream = NULL; dns_difftuple_t *current_soa_tuple = NULL; dns_name_t *soa_name; dns_rdataset_t *soa_rdataset; dns_rdata_t soa_rdata = DNS_RDATA_INIT; isc_boolean_t have_soa = ISC_FALSE; const char *mnemonic = NULL; isc_mem_t *mctx = client->mctx; dns_message_t *request = client->message; xfrout_ctx_t *xfr = NULL; isc_quota_t *quota = NULL; dns_transfer_format_t format = client->view->transfer_format; isc_netaddr_t na; dns_peer_t *peer = NULL; isc_buffer_t *tsigbuf = NULL; char *journalfile; char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")]; char keyname[DNS_NAME_FORMATSIZE]; isc_boolean_t is_poll = ISC_FALSE; isc_boolean_t is_dlz = ISC_FALSE; isc_boolean_t is_ixfr = ISC_FALSE; isc_uint32_t begin_serial = 0, current_serial; switch (reqtype) { case dns_rdatatype_axfr: mnemonic = "AXFR"; break; case dns_rdatatype_ixfr: mnemonic = "IXFR"; break; default: INSIST(0); break; } ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT, ISC_LOG_DEBUG(6), "%s request", mnemonic); /* * Apply quota. */ result = isc_quota_attach(&ns_g_server->xfroutquota, "a); if (result != ISC_R_SUCCESS) { isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING, "%s request denied: %s", mnemonic, isc_result_totext(result)); goto failure; } /* * Interpret the question section. */ result = dns_message_firstname(request, DNS_SECTION_QUESTION); INSIST(result == ISC_R_SUCCESS); /* * The question section must contain exactly one question, and * it must be for AXFR/IXFR as appropriate. */ question_name = NULL; dns_message_currentname(request, DNS_SECTION_QUESTION, &question_name); question_rdataset = ISC_LIST_HEAD(question_name->list); question_class = question_rdataset->rdclass; INSIST(question_rdataset->type == reqtype); if (ISC_LIST_NEXT(question_rdataset, link) != NULL) FAILC(DNS_R_FORMERR, "multiple questions"); result = dns_message_nextname(request, DNS_SECTION_QUESTION); if (result != ISC_R_NOMORE) FAILC(DNS_R_FORMERR, "multiple questions"); result = dns_zt_find(client->view->zonetable, question_name, 0, NULL, &zone); if (result != ISC_R_SUCCESS) { /* * Normal zone table does not have a match. * Try the DLZ database */ // Temporary: only searching the first DLZ database if (! ISC_LIST_EMPTY(client->view->dlz_searched)) { result = dns_dlzallowzonexfr(client->view, question_name, &client->peeraddr, &db); pfilter_notify(result, client, "zonexfr"); if (result == ISC_R_NOPERM) { char _buf1[DNS_NAME_FORMATSIZE]; char _buf2[DNS_RDATACLASS_FORMATSIZE]; result = DNS_R_REFUSED; dns_name_format(question_name, _buf1, sizeof(_buf1)); dns_rdataclass_format(question_class, _buf2, sizeof(_buf2)); ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_XFER_OUT, ISC_LOG_ERROR, "zone transfer '%s/%s' denied", _buf1, _buf2); goto failure; } if (result != ISC_R_SUCCESS) FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class); is_dlz = ISC_TRUE; } else { /* * not DLZ and not in normal zone table, we are * not authoritative */ FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class); } } else { /* zone table has a match */ switch(dns_zone_gettype(zone)) { /* Master and slave zones are OK for transfer. */ case dns_zone_master: case dns_zone_slave: case dns_zone_dlz: break; default: FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class); } CHECK(dns_zone_getdb(zone, &db)); dns_db_currentversion(db, &ver); } xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6), "%s question section OK", mnemonic); /* * Check the authority section. Look for a SOA record with * the same name and class as the question. */ for (result = dns_message_firstname(request, DNS_SECTION_AUTHORITY); result == ISC_R_SUCCESS; result = dns_message_nextname(request, DNS_SECTION_AUTHORITY)) { soa_name = NULL; dns_message_currentname(request, DNS_SECTION_AUTHORITY, &soa_name); /* * Ignore data whose owner name is not the zone apex. */ if (! dns_name_equal(soa_name, question_name)) continue; for (soa_rdataset = ISC_LIST_HEAD(soa_name->list); soa_rdataset != NULL; soa_rdataset = ISC_LIST_NEXT(soa_rdataset, link)) { /* * Ignore non-SOA data. */ if (soa_rdataset->type != dns_rdatatype_soa) continue; if (soa_rdataset->rdclass != question_class) continue; CHECK(dns_rdataset_first(soa_rdataset)); dns_rdataset_current(soa_rdataset, &soa_rdata); result = dns_rdataset_next(soa_rdataset); if (result == ISC_R_SUCCESS) FAILC(DNS_R_FORMERR, "IXFR authority section " "has multiple SOAs"); have_soa = ISC_TRUE; goto got_soa; } } got_soa: if (result != ISC_R_NOMORE) CHECK(result); xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6), "%s authority section OK", mnemonic); /* * If not a DLZ zone, decide whether to allow this transfer. */ if (!is_dlz) { ns_client_aclmsg("zone transfer", question_name, reqtype, client->view->rdclass, msg, sizeof(msg)); CHECK(ns_client_checkacl(client, NULL, msg, dns_zone_getxfracl(zone), ISC_TRUE, ISC_LOG_ERROR)); } /* * AXFR over UDP is not possible. */ if (reqtype == dns_rdatatype_axfr && (client->attributes & NS_CLIENTATTR_TCP) == 0) FAILC(DNS_R_FORMERR, "attempted AXFR over UDP"); /* * Look up the requesting server in the peer table. */ isc_netaddr_fromsockaddr(&na, &client->peeraddr); (void)dns_peerlist_peerbyaddr(client->view->peers, &na, &peer); /* * Decide on the transfer format (one-answer or many-answers). */ if (peer != NULL) (void)dns_peer_gettransferformat(peer, &format); /* * Get a dynamically allocated copy of the current SOA. */ if (is_dlz) dns_db_currentversion(db, &ver); CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS, ¤t_soa_tuple)); current_serial = dns_soa_getserial(¤t_soa_tuple->rdata); if (reqtype == dns_rdatatype_ixfr) { isc_boolean_t provide_ixfr; /* * Outgoing IXFR may have been disabled for this peer * or globally. */ provide_ixfr = client->view->provideixfr; if (peer != NULL) (void) dns_peer_getprovideixfr(peer, &provide_ixfr); if (provide_ixfr == ISC_FALSE) goto axfr_fallback; if (! have_soa) FAILC(DNS_R_FORMERR, "IXFR request missing SOA"); begin_serial = dns_soa_getserial(&soa_rdata); /* * RFC1995 says "If an IXFR query with the same or * newer version number than that of the server * is received, it is replied to with a single SOA * record of the server's current version, just as * in AXFR". The claim about AXFR is incorrect, * but other than that, we do as the RFC says. * * Sending a single SOA record is also how we refuse * IXFR over UDP (currently, we always do). */ if (DNS_SERIAL_GE(begin_serial, current_serial) || (client->attributes & NS_CLIENTATTR_TCP) == 0) { CHECK(soa_rrstream_create(mctx, db, ver, &stream)); is_poll = ISC_TRUE; goto have_stream; } journalfile = is_dlz ? NULL : dns_zone_getjournal(zone); if (journalfile != NULL) result = ixfr_rrstream_create(mctx, journalfile, begin_serial, current_serial, &data_stream); else result = ISC_R_NOTFOUND; if (result == ISC_R_NOTFOUND || result == ISC_R_RANGE) { xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(4), "IXFR version not in journal, " "falling back to AXFR"); mnemonic = "AXFR-style IXFR"; goto axfr_fallback; } CHECK(result); is_ixfr = ISC_TRUE; } else { axfr_fallback: CHECK(axfr_rrstream_create(mctx, db, ver, &data_stream)); } /* * Bracket the data stream with SOAs. */ CHECK(soa_rrstream_create(mctx, db, ver, &soa_stream)); CHECK(compound_rrstream_create(mctx, &soa_stream, &data_stream, &stream)); soa_stream = NULL; data_stream = NULL; have_stream: CHECK(dns_message_getquerytsig(request, mctx, &tsigbuf)); /* * Create the xfrout context object. This transfers the ownership * of "stream", "db", "ver", and "quota" to the xfrout context object. */ if (is_dlz) CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, reqtype, question_class, zone, db, ver, quota, stream, dns_message_gettsigkey(request), tsigbuf, 3600, 3600, (format == dns_many_answers) ? ISC_TRUE : ISC_FALSE, &xfr)); else CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, reqtype, question_class, zone, db, ver, quota, stream, dns_message_gettsigkey(request), tsigbuf, dns_zone_getmaxxfrout(zone), dns_zone_getidleout(zone), (format == dns_many_answers) ? ISC_TRUE : ISC_FALSE, &xfr)); xfr->mnemonic = mnemonic; stream = NULL; quota = NULL; CHECK(xfr->stream->methods->first(xfr->stream)); if (xfr->tsigkey != NULL) dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname)); else keyname[0] = '\0'; if (is_poll) xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(1), "IXFR poll up to date%s%s", (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname); else if (is_ixfr) xfrout_log1(client, question_name, question_class, ISC_LOG_INFO, "%s started%s%s (serial %u -> %u)", mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname, begin_serial, current_serial); else xfrout_log1(client, question_name, question_class, ISC_LOG_INFO, "%s started%s%s (serial %u)", mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname, current_serial); if (zone != NULL) { dns_zone_getraw(zone, &raw); mayberaw = (raw != NULL) ? raw : zone; if ((client->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0 && dns_zone_gettype(mayberaw) == dns_zone_slave) { isc_time_t expiretime; isc_uint32_t secs; dns_zone_getexpiretime(zone, &expiretime); secs = isc_time_seconds(&expiretime); if (secs >= client->now && result == ISC_R_SUCCESS) { client->attributes |= NS_CLIENTATTR_HAVEEXPIRE; client->expire = secs - client->now; } } if (raw != NULL) dns_zone_detach(&raw); } /* * Hand the context over to sendstream(). Set xfr to NULL; * sendstream() is responsible for either passing the * context on to a later event handler or destroying it. */ sendstream(xfr); xfr = NULL; result = ISC_R_SUCCESS; failure: if (result == DNS_R_REFUSED) inc_stats(zone, dns_nsstatscounter_xfrrej); if (quota != NULL) isc_quota_detach("a); if (current_soa_tuple != NULL) dns_difftuple_free(¤t_soa_tuple); if (stream != NULL) stream->methods->destroy(&stream); if (soa_stream != NULL) soa_stream->methods->destroy(&soa_stream); if (data_stream != NULL) data_stream->methods->destroy(&data_stream); if (ver != NULL) dns_db_closeversion(db, &ver, ISC_FALSE); if (db != NULL) dns_db_detach(&db); if (zone != NULL) dns_zone_detach(&zone); /* XXX kludge */ if (xfr != NULL) { xfrout_fail(xfr, result, "setting up zone transfer"); } else if (result != ISC_R_SUCCESS) { ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT, ISC_LOG_DEBUG(3), "zone transfer setup failed"); ns_client_error(client, result); } }
static void check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db, dns_name_t *name, isc_stdtime_t now) { isc_result_t hresult, rresult, result; dns_rdataset_t hintrrset, rootrrset; dns_rdata_t rdata = DNS_RDATA_INIT; dns_name_t *foundname; dns_fixedname_t fixed; dns_rdataset_init(&hintrrset); dns_rdataset_init(&rootrrset); dns_fixedname_init(&fixed); foundname = dns_fixedname_name(&fixed); hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0, now, NULL, foundname, &hintrrset, NULL); rresult = dns_db_find(db, name, NULL, dns_rdatatype_a, DNS_DBFIND_GLUEOK, now, NULL, foundname, &rootrrset, NULL); if (hresult == ISC_R_SUCCESS && (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { result = dns_rdataset_first(&rootrrset); while (result == ISC_R_SUCCESS) { dns_rdata_reset(&rdata); dns_rdataset_current(&rootrrset, &rdata); if (!inrrset(&hintrrset, &rdata)) report(view, name, ISC_TRUE, &rdata); result = dns_rdataset_next(&rootrrset); } result = dns_rdataset_first(&hintrrset); while (result == ISC_R_SUCCESS) { dns_rdata_reset(&rdata); dns_rdataset_current(&hintrrset, &rdata); if (!inrrset(&rootrrset, &rdata)) report(view, name, ISC_FALSE, &rdata); result = dns_rdataset_next(&hintrrset); } } if (hresult == ISC_R_NOTFOUND && (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { result = dns_rdataset_first(&rootrrset); while (result == ISC_R_SUCCESS) { dns_rdata_reset(&rdata); dns_rdataset_current(&rootrrset, &rdata); report(view, name, ISC_TRUE, &rdata); result = dns_rdataset_next(&rootrrset); } } if (dns_rdataset_isassociated(&rootrrset)) dns_rdataset_disassociate(&rootrrset); if (dns_rdataset_isassociated(&hintrrset)) dns_rdataset_disassociate(&hintrrset); /* * Check AAAA records. */ hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0, now, NULL, foundname, &hintrrset, NULL); rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa, DNS_DBFIND_GLUEOK, now, NULL, foundname, &rootrrset, NULL); if (hresult == ISC_R_SUCCESS && (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { result = dns_rdataset_first(&rootrrset); while (result == ISC_R_SUCCESS) { dns_rdata_reset(&rdata); dns_rdataset_current(&rootrrset, &rdata); if (!inrrset(&hintrrset, &rdata)) report(view, name, ISC_TRUE, &rdata); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rootrrset); } result = dns_rdataset_first(&hintrrset); while (result == ISC_R_SUCCESS) { dns_rdata_reset(&rdata); dns_rdataset_current(&hintrrset, &rdata); if (!inrrset(&rootrrset, &rdata)) report(view, name, ISC_FALSE, &rdata); dns_rdata_reset(&rdata); result = dns_rdataset_next(&hintrrset); } } if (hresult == ISC_R_NOTFOUND && (rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) { result = dns_rdataset_first(&rootrrset); while (result == ISC_R_SUCCESS) { dns_rdata_reset(&rdata); dns_rdataset_current(&rootrrset, &rdata); report(view, name, ISC_TRUE, &rdata); dns_rdata_reset(&rdata); result = dns_rdataset_next(&rootrrset); } } if (dns_rdataset_isassociated(&rootrrset)) dns_rdataset_disassociate(&rootrrset); if (dns_rdataset_isassociated(&hintrrset)) dns_rdataset_disassociate(&hintrrset); }
static void resolve_ns(isc_task_t *task, isc_event_t *event) { struct probe_trans *trans = event->ev_arg; dns_clientresevent_t *rev = (dns_clientresevent_t *)event; dns_name_t *name; dns_rdataset_t *rdataset; isc_result_t result = ISC_R_SUCCESS; dns_rdata_t rdata = DNS_RDATA_INIT; struct probe_ns *pns; REQUIRE(task == probe_task); REQUIRE(trans->inuse == ISC_TRUE); INSIST(outstanding_probes > 0); for (name = ISC_LIST_HEAD(rev->answerlist); name != NULL; name = ISC_LIST_NEXT(name, link)) { for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT(rdataset, link)) { (void)print_rdataset(rdataset, name); if (rdataset->type != dns_rdatatype_ns) continue; for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) { dns_rdata_ns_t ns; dns_rdataset_current(rdataset, &rdata); /* * Extract the name from the NS record. */ result = dns_rdata_tostruct(&rdata, &ns, NULL); if (result != ISC_R_SUCCESS) continue; pns = isc_mem_get(mctx, sizeof(*pns)); if (pns == NULL) { fprintf(stderr, "resolve_ns: mem_get failed"); result = ISC_R_NOMEMORY; POST(result); /* * XXX: should we continue with the * available servers anyway? */ goto cleanup; } dns_fixedname_init(&pns->fixedname); pns->name = dns_fixedname_name(&pns->fixedname); ISC_LINK_INIT(pns, link); ISC_LIST_APPEND(trans->nslist, pns, link); ISC_LIST_INIT(pns->servers); dns_name_copy(&ns.name, pns->name, NULL); dns_rdata_reset(&rdata); dns_rdata_freestruct(&ns); } } } cleanup: dns_client_freeresanswer(client, &rev->answerlist); dns_client_destroyrestrans(&trans->resid); isc_event_free(&event); if (!ISC_LIST_EMPTY(trans->nslist)) { /* Go get addresses of NSes */ trans->current_ns = ISC_LIST_HEAD(trans->nslist); result = fetch_nsaddress(trans); } else result = ISC_R_FAILURE; if (result == ISC_R_SUCCESS) return; reset_probe(trans); }
isc_result_t dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx, isc_region_t *region, unsigned int reservelen) { /* * Use &removed as a sentinal pointer for duplicate * rdata as rdata.data == NULL is valid. */ static unsigned char removed; struct xrdata *x; unsigned char *rawbuf; #if DNS_RDATASET_FIXED unsigned char *offsetbase; #endif unsigned int buflen; isc_result_t result; unsigned int nitems; unsigned int nalloc; unsigned int i; #if DNS_RDATASET_FIXED unsigned int *offsettable; #endif unsigned int length; buflen = reservelen + 2; nalloc = dns_rdataset_count(rdataset); nitems = nalloc; if (nitems == 0 && rdataset->type != 0) return (ISC_R_FAILURE); if (nalloc > 0xffff) return (ISC_R_NOSPACE); if (nalloc != 0) { x = isc_mem_get(mctx, nalloc * sizeof(struct xrdata)); if (x == NULL) return (ISC_R_NOMEMORY); } else x = NULL; /* * Save all of the rdata members into an array. */ result = dns_rdataset_first(rdataset); if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) goto free_rdatas; for (i = 0; i < nalloc && result == ISC_R_SUCCESS; i++) { INSIST(result == ISC_R_SUCCESS); dns_rdata_init(&x[i].rdata); dns_rdataset_current(rdataset, &x[i].rdata); INSIST(x[i].rdata.data != &removed); #if DNS_RDATASET_FIXED x[i].order = i; #endif result = dns_rdataset_next(rdataset); } if (result != ISC_R_NOMORE) goto free_rdatas; if (i != nalloc) { /* * Somehow we iterated over fewer rdatas than * dns_rdataset_count() said there were! */ result = ISC_R_FAILURE; goto free_rdatas; } /* * Put into DNSSEC order. */ qsort(x, nalloc, sizeof(struct xrdata), compare_rdata); /* * Remove duplicates and compute the total storage required. * * If an rdata is not a duplicate, accumulate the storage size * required for the rdata. We do not store the class, type, etc, * just the rdata, so our overhead is 2 bytes for the number of * records, and 8 for each rdata, (length(2), offset(4) and order(2)) * and then the rdata itself. */ for (i = 1; i < nalloc; i++) { if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) { x[i-1].rdata.data = &removed; #if DNS_RDATASET_FIXED /* * Preserve the least order so A, B, A -> A, B * after duplicate removal. */ if (x[i-1].order < x[i].order) x[i].order = x[i-1].order; #endif nitems--; } else { #if DNS_RDATASET_FIXED buflen += (8 + x[i-1].rdata.length); #else buflen += (2 + x[i-1].rdata.length); #endif /* * Provide space to store the per RR meta data. */ if (rdataset->type == dns_rdatatype_rrsig) buflen++; } } /* * Don't forget the last item! */ if (nalloc != 0) { #if DNS_RDATASET_FIXED buflen += (8 + x[i-1].rdata.length); #else buflen += (2 + x[i-1].rdata.length); #endif } /* * Provide space to store the per RR meta data. */ if (rdataset->type == dns_rdatatype_rrsig) buflen++; /* * Ensure that singleton types are actually singletons. */ if (nitems > 1 && dns_rdatatype_issingleton(rdataset->type)) { /* * We have a singleton type, but there's more than one * RR in the rdataset. */ result = DNS_R_SINGLETON; goto free_rdatas; } /* * Allocate the memory, set up a buffer, start copying in * data. */ rawbuf = isc_mem_get(mctx, buflen); if (rawbuf == NULL) { result = ISC_R_NOMEMORY; goto free_rdatas; } #if DNS_RDATASET_FIXED /* Allocate temporary offset table. */ offsettable = isc_mem_get(mctx, nalloc * sizeof(unsigned int)); if (offsettable == NULL) { isc_mem_put(mctx, rawbuf, buflen); result = ISC_R_NOMEMORY; goto free_rdatas; } memset(offsettable, 0, nalloc * sizeof(unsigned int)); #endif region->base = rawbuf; region->length = buflen; rawbuf += reservelen; #if DNS_RDATASET_FIXED offsetbase = rawbuf; #endif *rawbuf++ = (nitems & 0xff00) >> 8; *rawbuf++ = (nitems & 0x00ff); #if DNS_RDATASET_FIXED /* Skip load order table. Filled in later. */ rawbuf += nitems * 4; #endif for (i = 0; i < nalloc; i++) { if (x[i].rdata.data == &removed) continue; #if DNS_RDATASET_FIXED offsettable[x[i].order] = rawbuf - offsetbase; #endif length = x[i].rdata.length; if (rdataset->type == dns_rdatatype_rrsig) length++; INSIST(length <= 0xffff); *rawbuf++ = (length & 0xff00) >> 8; *rawbuf++ = (length & 0x00ff); #if DNS_RDATASET_FIXED rawbuf += 2; /* filled in later */ #endif /* * Store the per RR meta data. */ if (rdataset->type == dns_rdatatype_rrsig) { *rawbuf++ |= (x[i].rdata.flags & DNS_RDATA_OFFLINE) ? DNS_RDATASLAB_OFFLINE : 0; } memcpy(rawbuf, x[i].rdata.data, x[i].rdata.length); rawbuf += x[i].rdata.length; } #if DNS_RDATASET_FIXED fillin_offsets(offsetbase, offsettable, nalloc); isc_mem_put(mctx, offsettable, nalloc * sizeof(unsigned int)); #endif result = ISC_R_SUCCESS; free_rdatas: if (x != NULL) isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata)); return (result); }