/* * Puts resource record data on 'db'. */ isc_result_t bdb_putrdata(DB *db, dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata) { static DBT key, data; isc_buffer_t keybuf, databuf; char nametext[DNS_NAME_MAXTEXT]; char rdatatext[MAX_RDATATEXT]; isc_buffer_init(&keybuf, nametext, DNS_NAME_MAXTEXT); dns_name_totext(name, ISC_TRUE, &keybuf); key.data = isc_buffer_base(&keybuf); key.size = isc_buffer_usedlength(&keybuf); isc_buffer_init(&databuf, rdatatext, MAX_RDATATEXT); dns_ttl_totext(ttl, ISC_FALSE, &databuf); *(char *)isc_buffer_used(&databuf) = ' '; isc_buffer_add(&databuf, 1); dns_rdatatype_totext(rdata->type, &databuf); /* XXX private data */ *(char *)isc_buffer_used(&databuf) = ' '; isc_buffer_add(&databuf, 1); dns_rdata_totext(rdata, NULL, &databuf); data.data = isc_buffer_base(&databuf); data.size = isc_buffer_usedlength(&databuf); REQUIRE(db->put(db, NULL, &key, &data, 0) == 0); return ISC_R_SUCCESS; }
static void printrdata(dns_rdata_t *rdata) { isc_result_t result; isc_buffer_t *b = NULL; unsigned int size = 1024; isc_boolean_t done = ISC_FALSE; if (rdata->type < N_KNOWN_RRTYPES) printf("%s", rtypetext[rdata->type]); else printf("rdata_%d = ", rdata->type); while (!done) { result = isc_buffer_allocate(mctx, &b, size); if (result != ISC_R_SUCCESS) check_result(result, "isc_buffer_allocate"); result = dns_rdata_totext(rdata, NULL, b); if (result == ISC_R_SUCCESS) { printf("%.*s\n", (int)isc_buffer_usedlength(b), (char *)isc_buffer_base(b)); done = ISC_TRUE; } else if (result != ISC_R_NOSPACE) check_result(result, "dns_rdata_totext"); isc_buffer_free(&b); size *= 2; } }
/** * Generate list of all values as bracketed list. * This string might be fed into cfg parser. * * Caller has to deallocate resulting output buffer. */ isc_result_t fwd_print_bracketed_values_buf(isc_mem_t *mctx, ldap_valuelist_t *values, isc_buffer_t **string) { isc_result_t result; ldap_value_t *value; const char prefix[] = "{ "; const char suffix[] = "}"; isc_buffer_t tmp_buf; /* hack: only the base buffer is allocated */ REQUIRE(string != NULL && *string == NULL); isc_buffer_initnull(&tmp_buf); tmp_buf.mctx = mctx; buffer_append_str(&tmp_buf, prefix, 2); for (value = HEAD(*values); value != NULL && value->value != NULL; value = NEXT(value, link)) { buffer_append_str(&tmp_buf, value->value, strlen(value->value)); buffer_append_str(&tmp_buf, "; ", 2); } buffer_append_str(&tmp_buf, suffix, 2); /* create and copy string from tmp to output buffer */ CHECK(isc_buffer_allocate(mctx, string, tmp_buf.used)); isc_buffer_putmem(*string, isc_buffer_base(&tmp_buf), tmp_buf.used); cleanup: if (tmp_buf.base != NULL) isc_mem_put(mctx, tmp_buf.base, tmp_buf.length); return result; }
static void dumpmessage(dns_message_t *msg) { isc_buffer_t outbuf; unsigned char *output; int len = TEMP_BUFFER_SZ; isc_result_t result; for (;;) { output = isc_mem_get(msg->mctx, len); if (output == NULL) return; isc_buffer_init(&outbuf, output, len); result = dns_message_totext(msg, &dns_master_style_debug, 0, &outbuf); if (result == ISC_R_NOSPACE) { isc_mem_put(msg->mctx, output, len); len *= 2; continue; } if (result == ISC_R_SUCCESS) tkey_log("%.*s", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); else tkey_log("Warning: dns_message_totext: %s", dns_result_totext(result)); break; } if (output != NULL) isc_mem_put(msg->mctx, output, len); }
/*% * Write a key file to 'keyfile'. If 'user' is non-NULL, * make that user the owner of the file. The key will have * the name 'keyname' and the secret in the buffer 'secret'. */ void write_key_file(const char *keyfile, const char *user, const char *keyname, isc_buffer_t *secret, dns_secalg_t alg) { isc_result_t result; const char *algname = alg_totext(alg); FILE *fd = NULL; DO("create keyfile", isc_file_safecreate(keyfile, &fd)); if (user != NULL) { if (set_user(fd, user) == -1) fatal("unable to set file owner\n"); } fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n" "\tsecret \"%.*s\";\n};\n", keyname, algname, (int)isc_buffer_usedlength(secret), (char *)isc_buffer_base(secret)); fflush(fd); if (ferror(fd)) fatal("write to %s failed\n", keyfile); if (fclose(fd)) fatal("fclose(%s) failed\n", keyfile); fprintf(stderr, "wrote key file \"%s\"\n", keyfile); }
static void print_hex(dns_dtdata_t *dt) { isc_buffer_t *b = NULL; isc_result_t result; size_t textlen; if (dt->msg == NULL) { return; } textlen = (dt->msgdata.length * 2) + 1; isc_buffer_allocate(mctx, &b, textlen); if (b == NULL) { fatal("out of memory"); } result = isc_hex_totext(&dt->msgdata, 0, "", b); CHECKM(result, "isc_hex_totext"); printf("%.*s\n", (int) isc_buffer_usedlength(b), (char *) isc_buffer_base(b)); cleanup: if (b != NULL) isc_buffer_free(&b); }
isc_result_t dns_keytable_dump(dns_keytable_t *keytable, FILE *fp) { isc_result_t result; isc_buffer_t *text = NULL; REQUIRE(VALID_KEYTABLE(keytable)); REQUIRE(fp != NULL); result = isc_buffer_allocate(keytable->mctx, &text, 4096); if (result != ISC_R_SUCCESS) return (result); result = dns_keytable_totext(keytable, &text); if (isc_buffer_usedlength(text) != 0) { (void) putstr(&text, "\n"); } else if (result == ISC_R_SUCCESS) (void) putstr(&text, "none"); else { (void) putstr(&text, "could not dump key table: "); (void) putstr(&text, isc_result_totext(result)); } fprintf(fp, "%.*s", (int) isc_buffer_usedlength(text), (char *) isc_buffer_base(text)); isc_buffer_free(&text); return (result); }
static void recvquery(isc_task_t *task, isc_event_t *event) { dns_requestevent_t *reqev = (dns_requestevent_t *)event; isc_result_t result; dns_message_t *query, *response; char keyname[256]; isc_buffer_t keynamebuf; int type; UNUSED(task); REQUIRE(reqev != NULL); if (reqev->result != ISC_R_SUCCESS) { fprintf(stderr, "I:request event result: %s\n", isc_result_totext(reqev->result)); exit(-1); } query = reqev->ev_arg; response = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); CHECK("dns_message_create", result); result = dns_request_getresponse(reqev->request, response, DNS_MESSAGEPARSE_PRESERVEORDER); CHECK("dns_request_getresponse", result); if (response->rcode != dns_rcode_noerror) { result = ISC_RESULTCLASS_DNSRCODE + response->rcode; fprintf(stderr, "I:response rcode: %s\n", isc_result_totext(result)); exit(-1); } result = dns_tkey_processdhresponse(query, response, ourkey, &nonce, &tsigkey, ring); CHECK("dns_tkey_processdhresponse", result); /* * Yes, this is a hack. */ isc_buffer_init(&keynamebuf, keyname, sizeof(keyname)); result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf); CHECK("dst_key_buildfilename", result); printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf), (char *)isc_buffer_base(&keynamebuf)); type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY; result = dst_key_tofile(tsigkey->key, type, ""); CHECK("dst_key_tofile", result); dns_message_destroy(&query); dns_message_destroy(&response); dns_request_destroy(&reqev->request); isc_event_free(&event); isc_app_shutdown(); return; }
static void rndc_recvdone(isc_task_t *task, isc_event_t *event) { isccc_sexpr_t *response = NULL; isccc_sexpr_t *data; isccc_region_t source; char *errormsg = NULL; char *textmsg = NULL; isc_result_t result; recvs--; if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" "This may indicate that\n" "* the remote server is using an older version of" " the command protocol,\n" "* this host is not authorized to connect,\n" "* the clocks are not synchronized, or\n" "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); source.rstart = isc_buffer_base(&ccmsg.buffer); source.rend = isc_buffer_used(&ccmsg.buffer); DO("parse message", isccc_cc_fromwire(&source, &response, algorithm, &secret)); data = isccc_alist_lookup(response, "_data"); if (data == NULL) fatal("no data section in response"); result = isccc_cc_lookupstring(data, "err", &errormsg); if (result == ISC_R_SUCCESS) { failed = ISC_TRUE; fprintf(stderr, "%s: '%s' failed: %s\n", progname, command, errormsg); } else if (result != ISC_R_NOTFOUND) fprintf(stderr, "%s: parsing response failed: %s\n", progname, isc_result_totext(result)); result = isccc_cc_lookupstring(data, "text", &textmsg); if (result == ISC_R_SUCCESS) { if ((!quiet || failed) && strlen(textmsg) != 0U) fprintf(failed ? stderr : stdout, "%s\n", textmsg); } else if (result != ISC_R_NOTFOUND) fprintf(stderr, "%s: parsing response failed: %s\n", progname, isc_result_totext(result)); isc_event_free(&event); isccc_sexpr_free(&response); if (sends == 0 && recvs == 0) { isc_socket_detach(&sock); isc_task_shutdown(task); RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); } }
static void recvresponse(isc_task_t *task, isc_event_t *event) { dns_requestevent_t *reqev = (dns_requestevent_t *)event; isc_result_t result; dns_message_t *query, *response; isc_buffer_t outbuf; char output[1024]; UNUSED(task); REQUIRE(reqev != NULL); if (reqev->result != ISC_R_SUCCESS) { fprintf(stderr, "I:request event result: %s\n", isc_result_totext(reqev->result)); exit(-1); } query = reqev->ev_arg; response = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); CHECK("dns_message_create", result); result = dns_request_getresponse(reqev->request, response, DNS_MESSAGEPARSE_PRESERVEORDER); CHECK("dns_request_getresponse", result); if (response->rcode != dns_rcode_noerror) { result = ISC_RESULTCLASS_DNSRCODE + response->rcode; fprintf(stderr, "I:response rcode: %s\n", isc_result_totext(result)); exit(-1); } if (response->counts[DNS_SECTION_ANSWER] != 1U) { fprintf(stderr, "I:response answer count (%u!=1)\n", response->counts[DNS_SECTION_ANSWER]); } isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_sectiontotext(response, DNS_SECTION_ANSWER, &dns_master_style_simple, DNS_MESSAGETEXTFLAG_NOCOMMENTS, &outbuf); CHECK("dns_message_sectiontotext", result); printf("%.*s", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); fflush(stdout); dns_message_destroy(&query); dns_message_destroy(&response); dns_request_destroy(&reqev->request); isc_event_free(&event); if (--onfly == 0) isc_app_shutdown(); return; }
static void recvresponse(isc_task_t *task, isc_event_t *event) { dns_requestevent_t *reqev = (dns_requestevent_t *)event; isc_result_t result, result2; dns_message_t *query = NULL, *response = NULL; isc_buffer_t outtoken; isc_buffer_t outbuf; char output[10 * 1024]; unsigned char array[DNS_NAME_MAXTEXT + 1]; isc_buffer_init(&outtoken, array, sizeof(array)); UNUSED(task); REQUIRE(reqev != NULL); query = reqev->ev_arg; if (reqev->result != ISC_R_SUCCESS) { fprintf(stderr, "I:request event result: %s\n", isc_result_totext(reqev->result)); goto end; } response = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); CHECK("dns_message_create", result); printf("\nReceived Response:\n"); result2 = dns_request_getresponse(reqev->request, response, DNS_MESSAGEPARSE_PRESERVEORDER); isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_totext(response, &dns_master_style_debug, 0, &outbuf); CHECK("dns_message_totext", result); printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); CHECK("dns_request_getresponse", result2); if (response != NULL) dns_message_destroy(&response); end: if (query != NULL) dns_message_destroy(&query); if (reqev->request != NULL) dns_request_destroy(&reqev->request); isc_event_free(&event); event = isc_event_allocate(mctx, (void *)1, 1, console, NULL, sizeof(*event)); isc_task_send(task, &event); return; }
static void printa(dns_rdata_t *rdata) { isc_result_t result; char text[sizeof("255.255.255.255")]; isc_buffer_t b; isc_buffer_init(&b, text, sizeof(text)); result = dns_rdata_totext(rdata, NULL, &b); check_result(result, "dns_rdata_totext"); printf("Address: %.*s\n", (int)isc_buffer_usedlength(&b), (char *)isc_buffer_base(&b)); }
static void _dns_tkey_dumpmessage(dns_message_t *msg) { isc_buffer_t outbuf; unsigned char output[4096]; isc_result_t result; isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_totext(msg, &dns_master_style_debug, 0, &outbuf); /* XXXMLG ignore result */ fprintf(stderr, "%.*s\n", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); }
static void _dns_tkey_dumpmessage (dns_message_t * msg) { isc_buffer_t outbuf; unsigned char output[4096]; isc_result_t result; isc_buffer_init (&outbuf, output, sizeof (output)); result = dns_message_totext (msg, &dns_master_style_debug, 0, &outbuf); if (result != ISC_R_SUCCESS) fprintf (stderr, "Warning: dns_message_totext returned: %s\n", dns_result_totext (result)); fprintf (stderr, "%.*s\n", (int) isc_buffer_usedlength (&outbuf), (char *) isc_buffer_base (&outbuf)); }
static void log_rr(dns_name_t *name, dns_rdata_t *rdata, isc_uint32_t ttl) { isc_result_t result; isc_buffer_t buf; char mem[2000]; dns_rdatalist_t rdl; dns_rdataset_t rds; dns_rdata_t rd = DNS_RDATA_INIT; rdl.type = rdata->type; rdl.rdclass = rdata->rdclass; rdl.ttl = ttl; if (rdata->type == dns_rdatatype_sig || rdata->type == dns_rdatatype_rrsig) rdl.covers = dns_rdata_covers(rdata); else rdl.covers = dns_rdatatype_none; ISC_LIST_INIT(rdl.rdata); ISC_LINK_INIT(&rdl, link); dns_rdataset_init(&rds); dns_rdata_init(&rd); dns_rdata_clone(rdata, &rd); ISC_LIST_APPEND(rdl.rdata, &rd, link); RUNTIME_CHECK(dns_rdatalist_tordataset(&rdl, &rds) == ISC_R_SUCCESS); isc_buffer_init(&buf, mem, sizeof(mem)); result = dns_rdataset_totext(&rds, name, ISC_FALSE, ISC_FALSE, &buf); /* * We could use xfrout_log(), but that would produce * very long lines with a repetitive prefix. */ if (result == ISC_R_SUCCESS) { /* * Get rid of final newline. */ INSIST(buf.used >= 1 && ((char *) buf.base)[buf.used - 1] == '\n'); buf.used--; isc_log_write(XFROUT_RR_LOGARGS, "%.*s", (int)isc_buffer_usedlength(&buf), (char *)isc_buffer_base(&buf)); } else { isc_log_write(XFROUT_RR_LOGARGS, "<RR too large to print>"); } }
static void print_dtdata(dns_dtdata_t *dt) { isc_result_t result; isc_buffer_t *b = NULL; isc_buffer_allocate(mctx, &b, 2048); if (b == NULL) fatal("out of memory"); CHECKM(dns_dt_datatotext(dt, &b), "dns_dt_datatotext"); printf("%.*s\n", (int) isc_buffer_usedlength(b), (char *) isc_buffer_base(b)); cleanup: if (b != NULL) isc_buffer_free(&b); }
static void print_packet(dns_dtdata_t *dt, const dns_master_style_t *style) { isc_buffer_t *b = NULL; isc_result_t result; if (dt->msg != NULL) { size_t textlen = 2048; isc_buffer_allocate(mctx, &b, textlen); if (b == NULL) fatal("out of memory"); for (;;) { isc_buffer_reserve(&b, textlen); if (b == NULL) fatal("out of memory"); result = dns_message_totext(dt->msg, style, 0, b); if (result == ISC_R_NOSPACE) { textlen *= 2; continue; } else if (result == ISC_R_SUCCESS) { printf("%.*s", (int) isc_buffer_usedlength(b), (char *) isc_buffer_base(b)); isc_buffer_free(&b); } else { isc_buffer_free(&b); CHECKM(result, "dns_message_totext"); } break; } } cleanup: if (b != NULL) isc_buffer_free(&b); }
static void recvdone(isc_task_t *task, isc_event_t *event) { isc_socketevent_t *sevent = (isc_socketevent_t *)event; isc_buffer_t source; isc_result_t result; dns_message_t *response; REQUIRE(sevent != NULL); REQUIRE(sevent->ev_type == ISC_SOCKEVENT_RECVDONE); REQUIRE(task == task1); printf("recvdone\n"); if (sevent->result != ISC_R_SUCCESS) { printf("failed\n"); exit(-1); } isc_buffer_init(&source, sevent->region.base, sevent->region.length); isc_buffer_add(&source, sevent->n); response = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); CHECK("dns_message_create", result); result = dns_message_parse(response, &source, 0); CHECK("dns_message_parse", result); isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_totext(response, style, 0, &outbuf); CHECK("dns_message_totext", result); printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); dns_message_destroy(&response); isc_event_free(&event); isc_app_shutdown(); }
/*% * Write an rndc.key file to 'keyfile'. If 'user' is non-NULL, * make that user the owner of the file. The key will have * the name 'keyname' and the secret in the buffer 'secret'. */ static void write_key_file(const char *keyfile, const char *user, const char *keyname, isc_buffer_t *secret ) { FILE *fd; fd = safe_create(keyfile); if (fd == NULL) fatal( "unable to create \"%s\"\n", keyfile); if (user != NULL) { if (set_user(fd, user) == -1) fatal("unable to set file owner\n"); } fprintf(fd, "key \"%s\" {\n\talgorithm hmac-md5;\n" "\tsecret \"%.*s\";\n};\n", keyname, (int)isc_buffer_usedlength(secret), (char *)isc_buffer_base(secret)); fflush(fd); if (ferror(fd)) fatal("write to %s failed\n", keyfile); if (fclose(fd)) fatal("fclose(%s) failed\n", keyfile); fprintf(stderr, "wrote key file \"%s\"\n", keyfile); }
/* * Convert a resolv.conf file into a config structure. */ isc_result_t ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx, cfg_obj_t **configp) { char text[4096]; char str[16]; isc_buffer_t b; lwres_context_t *lwctx = NULL; lwres_conf_t *lwc = NULL; isc_sockaddr_t sa; isc_netaddr_t na; int i; isc_result_t result; lwres_result_t lwresult; lwctx = NULL; lwresult = lwres_context_create(&lwctx, mctx, ns__lwresd_memalloc, ns__lwresd_memfree, LWRES_CONTEXT_SERVERMODE); if (lwresult != LWRES_R_SUCCESS) { result = ISC_R_NOMEMORY; goto cleanup; } lwresult = lwres_conf_parse(lwctx, lwresd_g_resolvconffile); if (lwresult != LWRES_R_SUCCESS) { result = DNS_R_SYNTAX; goto cleanup; } lwc = lwres_conf_get(lwctx); INSIST(lwc != NULL); isc_buffer_init(&b, text, sizeof(text)); CHECK(buffer_putstr(&b, "options {\n")); /* * Build the list of forwarders. */ if (lwc->nsnext > 0) { CHECK(buffer_putstr(&b, "\tforwarders {\n")); for (i = 0; i < lwc->nsnext; i++) { CHECK(lwaddr_sockaddr_fromlwresaddr( &sa, &lwc->nameservers[i], ns_g_port)); isc_netaddr_fromsockaddr(&na, &sa); CHECK(buffer_putstr(&b, "\t\t")); CHECK(isc_netaddr_totext(&na, &b)); CHECK(buffer_putstr(&b, ";\n")); } CHECK(buffer_putstr(&b, "\t};\n")); } /* * Build the sortlist */ if (lwc->sortlistnxt > 0) { CHECK(buffer_putstr(&b, "\tsortlist {\n")); CHECK(buffer_putstr(&b, "\t\t{\n")); CHECK(buffer_putstr(&b, "\t\t\tany;\n")); CHECK(buffer_putstr(&b, "\t\t\t{\n")); for (i = 0; i < lwc->sortlistnxt; i++) { lwres_addr_t *lwaddr = &lwc->sortlist[i].addr; lwres_addr_t *lwmask = &lwc->sortlist[i].mask; unsigned int mask; CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, lwmask, 0)); isc_netaddr_fromsockaddr(&na, &sa); result = isc_netaddr_masktoprefixlen(&na, &mask); if (result != ISC_R_SUCCESS) { char addrtext[ISC_NETADDR_FORMATSIZE]; isc_netaddr_format(&na, addrtext, sizeof(addrtext)); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_LWRESD, ISC_LOG_ERROR, "processing sortlist: '%s' is " "not a valid netmask", addrtext); goto cleanup; } CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, lwaddr, 0)); isc_netaddr_fromsockaddr(&na, &sa); CHECK(buffer_putstr(&b, "\t\t\t\t")); CHECK(isc_netaddr_totext(&na, &b)); snprintf(str, sizeof(str), "%u", mask); CHECK(buffer_putstr(&b, "/")); CHECK(buffer_putstr(&b, str)); CHECK(buffer_putstr(&b, ";\n")); } CHECK(buffer_putstr(&b, "\t\t\t};\n")); CHECK(buffer_putstr(&b, "\t\t};\n")); CHECK(buffer_putstr(&b, "\t};\n")); } CHECK(buffer_putstr(&b, "};\n\n")); CHECK(buffer_putstr(&b, "lwres {\n")); /* * Build the search path */ if (lwc->searchnxt > 0) { if (lwc->searchnxt > 0) { CHECK(buffer_putstr(&b, "\tsearch {\n")); for (i = 0; i < lwc->searchnxt; i++) { CHECK(buffer_putstr(&b, "\t\t\"")); CHECK(buffer_putstr(&b, lwc->search[i])); CHECK(buffer_putstr(&b, "\";\n")); } CHECK(buffer_putstr(&b, "\t};\n")); } } /* * Build the ndots line */ if (lwc->ndots != 1) { CHECK(buffer_putstr(&b, "\tndots ")); snprintf(str, sizeof(str), "%u", lwc->ndots); CHECK(buffer_putstr(&b, str)); CHECK(buffer_putstr(&b, ";\n")); } /* * Build the listen-on line */ if (lwc->lwnext > 0) { CHECK(buffer_putstr(&b, "\tlisten-on {\n")); for (i = 0; i < lwc->lwnext; i++) { CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, &lwc->lwservers[i], 0)); isc_netaddr_fromsockaddr(&na, &sa); CHECK(buffer_putstr(&b, "\t\t")); CHECK(isc_netaddr_totext(&na, &b)); CHECK(buffer_putstr(&b, ";\n")); } CHECK(buffer_putstr(&b, "\t};\n")); } CHECK(buffer_putstr(&b, "};\n")); #if 0 printf("%.*s\n", (int)isc_buffer_usedlength(&b), (char *)isc_buffer_base(&b)); #endif lwres_conf_clear(lwctx); lwres_context_destroy(&lwctx); return (cfg_parse_buffer(pctx, &b, &cfg_type_namedconf, configp)); cleanup: if (lwctx != NULL) { lwres_conf_clear(lwctx); lwres_context_destroy(&lwctx); } return (result); }
static isc_result_t get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; cfg_parser_t *pctx = NULL; cfg_obj_t *config = NULL; const cfg_obj_t *key = NULL; const cfg_obj_t *algobj = NULL; const cfg_obj_t *secretobj = NULL; const char *algstr = NULL; const char *secretstr = NULL; controlkey_t *keyid = NULL; char secret[1024]; unsigned int algtype; isc_buffer_t b; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_INFO, "configuring command channel from '%s'", ns_g_keyfile); if (! isc_file_exists(ns_g_keyfile)) return (ISC_R_FILENOTFOUND); CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx)); CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config)); CHECK(cfg_map_get(config, "key", &key)); keyid = isc_mem_get(mctx, sizeof(*keyid)); if (keyid == NULL) CHECK(ISC_R_NOMEMORY); keyid->keyname = isc_mem_strdup(mctx, cfg_obj_asstring(cfg_map_getname(key))); keyid->secret.base = NULL; keyid->secret.length = 0; keyid->algorithm = DST_ALG_UNKNOWN; ISC_LINK_INIT(keyid, link); if (keyid->keyname == NULL) CHECK(ISC_R_NOMEMORY); CHECK(bind9_check_key(key, ns_g_lctx)); (void)cfg_map_get(key, "algorithm", &algobj); (void)cfg_map_get(key, "secret", &secretobj); INSIST(algobj != NULL && secretobj != NULL); algstr = cfg_obj_asstring(algobj); secretstr = cfg_obj_asstring(secretobj); if (ns_config_getkeyalgorithm2(algstr, NULL, &algtype, NULL) != ISC_R_SUCCESS) { cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, "unsupported algorithm '%s' in " "key '%s' for use with command " "channel", algstr, keyid->keyname); goto cleanup; } keyid->algorithm = algtype; isc_buffer_init(&b, secret, sizeof(secret)); result = isc_base64_decodestring(secretstr, &b); if (result != ISC_R_SUCCESS) { cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, "secret for key '%s' on command channel: %s", keyid->keyname, isc_result_totext(result)); goto cleanup; } keyid->secret.length = isc_buffer_usedlength(&b); keyid->secret.base = isc_mem_get(mctx, keyid->secret.length); if (keyid->secret.base == NULL) { cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, "couldn't register key '%s': " "out of memory", keyid->keyname); CHECK(ISC_R_NOMEMORY); } memmove(keyid->secret.base, isc_buffer_base(&b), keyid->secret.length); ISC_LIST_APPEND(*keyids, keyid, link); keyid = NULL; result = ISC_R_SUCCESS; cleanup: if (keyid != NULL) free_controlkey(keyid, mctx); if (config != NULL) cfg_obj_destroy(pctx, &config); if (pctx != NULL) cfg_parser_destroy(&pctx); return (result); }
static void register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext) { controlkey_t *keyid, *next; const cfg_obj_t *keydef; char secret[1024]; isc_buffer_t b; isc_result_t result; /* * Find the keys corresponding to the keyids used by this listener. */ for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) { next = ISC_LIST_NEXT(keyid, link); result = cfgkeylist_find(keylist, keyid->keyname, &keydef); if (result != ISC_R_SUCCESS) { cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, "couldn't find key '%s' for use with " "command channel %s", keyid->keyname, socktext); ISC_LIST_UNLINK(*keyids, keyid, link); free_controlkey(keyid, mctx); } else { const cfg_obj_t *algobj = NULL; const cfg_obj_t *secretobj = NULL; const char *algstr = NULL; const char *secretstr = NULL; unsigned int algtype; (void)cfg_map_get(keydef, "algorithm", &algobj); (void)cfg_map_get(keydef, "secret", &secretobj); INSIST(algobj != NULL && secretobj != NULL); algstr = cfg_obj_asstring(algobj); secretstr = cfg_obj_asstring(secretobj); if (ns_config_getkeyalgorithm2(algstr, NULL, &algtype, NULL) != ISC_R_SUCCESS) { cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING, "unsupported algorithm '%s' in " "key '%s' for use with command " "channel %s", algstr, keyid->keyname, socktext); ISC_LIST_UNLINK(*keyids, keyid, link); free_controlkey(keyid, mctx); continue; } keyid->algorithm = algtype; isc_buffer_init(&b, secret, sizeof(secret)); result = isc_base64_decodestring(secretstr, &b); if (result != ISC_R_SUCCESS) { cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING, "secret for key '%s' on " "command channel %s: %s", keyid->keyname, socktext, isc_result_totext(result)); ISC_LIST_UNLINK(*keyids, keyid, link); free_controlkey(keyid, mctx); continue; } keyid->secret.length = isc_buffer_usedlength(&b); keyid->secret.base = isc_mem_get(mctx, keyid->secret.length); if (keyid->secret.base == NULL) { cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING, "couldn't register key '%s': " "out of memory", keyid->keyname); ISC_LIST_UNLINK(*keyids, keyid, link); free_controlkey(keyid, mctx); break; } memmove(keyid->secret.base, isc_buffer_base(&b), keyid->secret.length); } } }
static void control_recvmessage(isc_task_t *task, isc_event_t *event) { controlconnection_t *conn; controllistener_t *listener; controlkey_t *key; isccc_sexpr_t *request = NULL; isccc_sexpr_t *response = NULL; isc_uint32_t algorithm; isccc_region_t secret; isc_stdtime_t now; isc_buffer_t b; isc_region_t r; isc_buffer_t *text; isc_result_t result; isc_result_t eresult; isccc_sexpr_t *_ctrl; isccc_time_t sent; isccc_time_t exp; isc_uint32_t nonce; isccc_sexpr_t *data; REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG); conn = event->ev_arg; listener = conn->listener; algorithm = DST_ALG_UNKNOWN; secret.rstart = NULL; text = NULL; /* Is the server shutting down? */ if (listener->controls->shuttingdown) goto cleanup; if (conn->ccmsg.result != ISC_R_SUCCESS) { if (conn->ccmsg.result != ISC_R_CANCELED && conn->ccmsg.result != ISC_R_EOF) log_invalid(&conn->ccmsg, conn->ccmsg.result); goto cleanup; } request = NULL; for (key = ISC_LIST_HEAD(listener->keys); key != NULL; key = ISC_LIST_NEXT(key, link)) { isccc_region_t ccregion; ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; memmove(secret.rstart, key->secret.base, key->secret.length); secret.rend = secret.rstart + key->secret.length; algorithm = key->algorithm; result = isccc_cc_fromwire(&ccregion, &request, algorithm, &secret); if (result == ISC_R_SUCCESS) break; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); if (result != ISCCC_R_BADAUTH) { log_invalid(&conn->ccmsg, result); goto cleanup; } } if (key == NULL) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); goto cleanup; } /* We shouldn't be getting a reply. */ if (isccc_cc_isreply(request)) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } isc_stdtime_get(&now); /* * Limit exposure to replay attacks. */ _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); goto cleanup_request; } } else { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } /* * Expire messages that are too old. */ if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && now > exp) { log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); goto cleanup_request; } /* * Duplicate suppression (required for UDP). */ isccc_cc_cleansymtab(listener->controls->symtab, now); result = isccc_cc_checkdup(listener->controls->symtab, request, now); if (result != ISC_R_SUCCESS) { if (result == ISC_R_EXISTS) result = ISCCC_R_DUPLICATE; log_invalid(&conn->ccmsg, result); goto cleanup_request; } if (conn->nonce != 0 && (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || conn->nonce != nonce)) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); goto cleanup_request; } result = isc_buffer_allocate(listener->mctx, &text, 2 * 2048); if (result != ISC_R_SUCCESS) goto cleanup_request; /* * Establish nonce. */ if (conn->nonce == 0) { while (conn->nonce == 0) isc_random_get(&conn->nonce); eresult = ISC_R_SUCCESS; } else eresult = ns_control_docommand(request, &text); result = isccc_cc_createresponse(request, now, now + 60, &response); if (result != ISC_R_SUCCESS) goto cleanup_request; data = isccc_alist_lookup(response, "_data"); if (data != NULL) { if (isccc_cc_defineuint32(data, "result", eresult) == NULL) goto cleanup_response; } if (eresult != ISC_R_SUCCESS) { if (data != NULL) { const char *estr = isc_result_totext(eresult); if (isccc_cc_definestring(data, "err", estr) == NULL) goto cleanup_response; } } if (isc_buffer_usedlength(text) > 0) { if (data != NULL) { char *str = (char *)isc_buffer_base(text); if (isccc_cc_definestring(data, "text", str) == NULL) goto cleanup_response; } } _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL || isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) goto cleanup_response; if (conn->buffer == NULL) { result = isc_buffer_allocate(listener->mctx, &conn->buffer, 2 * 2048); if (result != ISC_R_SUCCESS) goto cleanup_response; } isc_buffer_clear(conn->buffer); /* Skip the length field (4 bytes) */ isc_buffer_add(conn->buffer, 4); result = isccc_cc_towire(response, &conn->buffer, algorithm, &secret); if (result != ISC_R_SUCCESS) goto cleanup_response; isc_buffer_init(&b, conn->buffer->base, 4); isc_buffer_putuint32(&b, conn->buffer->used - 4); r.base = conn->buffer->base; r.length = conn->buffer->used; result = isc_socket_send(conn->sock, &r, task, control_senddone, conn); if (result != ISC_R_SUCCESS) goto cleanup_response; conn->sending = ISC_TRUE; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); isccc_sexpr_free(&request); isccc_sexpr_free(&response); isc_buffer_free(&text); return; cleanup_response: isccc_sexpr_free(&response); cleanup_request: isccc_sexpr_free(&request); isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); if (text != NULL) isc_buffer_free(&text); cleanup: isc_socket_detach(&conn->sock); isccc_ccmsg_invalidate(&conn->ccmsg); conn->ccmsg_valid = ISC_FALSE; maybe_free_connection(conn); maybe_free_listener(listener); }
static void rndc_recvnonce(isc_task_t *task, isc_event_t *event) { isccc_sexpr_t *response = NULL; isccc_sexpr_t *_ctrl; isccc_region_t source; isc_result_t result; isc_uint32_t nonce; isccc_sexpr_t *request = NULL; isccc_time_t now; isc_region_t r; isccc_sexpr_t *data; isccc_region_t message; isc_uint32_t len; isc_buffer_t b; recvs--; if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" "This may indicate that the remote server is using " "an older version of \n" "the command protocol, this host is not authorized " "to connect,\nor the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); source.rstart = isc_buffer_base(&ccmsg.buffer); source.rend = isc_buffer_used(&ccmsg.buffer); DO("parse message", isccc_cc_fromwire(&source, &response, &secret)); _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); nonce = 0; if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) nonce = 0; isc_stdtime_get(&now); DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, now, now + 60, &request)); data = isccc_alist_lookup(request, "_data"); if (data == NULL) fatal("_data section missing"); if (isccc_cc_definestring(data, "type", args) == NULL) fatal("out of memory"); if (nonce != 0) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL) fatal("out of memory"); } message.rstart = databuf + 4; message.rend = databuf + sizeof(databuf); DO("render message", isccc_cc_towire(request, &message, &secret)); len = sizeof(databuf) - REGION_SIZE(message); isc_buffer_init(&b, databuf, 4); isc_buffer_putuint32(&b, len - 4); r.length = len; r.base = databuf; isccc_ccmsg_cancelread(&ccmsg); DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, rndc_recvdone, NULL)); recvs++; DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, NULL)); sends++; isc_event_free(&event); isccc_sexpr_free(&response); return; }
/* * Callback from dighost.c to print the reply from a server */ isc_result_t printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { isc_result_t result; dns_messagetextflag_t flags; isc_buffer_t *buf = NULL; unsigned int len = OUTPUTBUF; dns_master_style_t *style = NULL; unsigned int styleflags = 0; styleflags |= DNS_STYLEFLAG_REL_OWNER; if (query->lookup->comments) styleflags |= DNS_STYLEFLAG_COMMENT; if (rrcomments) styleflags |= DNS_STYLEFLAG_RRCOMMENT; if (nottl) styleflags |= DNS_STYLEFLAG_NO_TTL; if (noclass) styleflags |= DNS_STYLEFLAG_NO_CLASS; if (multiline) { styleflags |= DNS_STYLEFLAG_OMIT_OWNER; styleflags |= DNS_STYLEFLAG_OMIT_CLASS; styleflags |= DNS_STYLEFLAG_REL_DATA; styleflags |= DNS_STYLEFLAG_OMIT_TTL; styleflags |= DNS_STYLEFLAG_TTL; styleflags |= DNS_STYLEFLAG_MULTILINE; styleflags |= DNS_STYLEFLAG_RRCOMMENT; } if (multiline || (nottl && noclass)) result = dns_master_stylecreate2(&style, styleflags, 24, 24, 24, 32, 80, 8, splitwidth, mctx); else if (nottl || noclass) result = dns_master_stylecreate2(&style, styleflags, 24, 24, 32, 40, 80, 8, splitwidth, mctx); else result = dns_master_stylecreate2(&style, styleflags, 24, 32, 40, 48, 80, 8, splitwidth, mctx); check_result(result, "dns_master_stylecreate"); if (query->lookup->cmdline[0] != 0) { if (!short_form) fputs(query->lookup->cmdline, stdout); query->lookup->cmdline[0]=0; } debug("printmessage(%s %s %s)", headers ? "headers" : "noheaders", query->lookup->comments ? "comments" : "nocomments", short_form ? "short_form" : "long_form"); flags = 0; if (!headers) { flags |= DNS_MESSAGETEXTFLAG_NOHEADERS; flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS; } if (onesoa && query->lookup->rdtype == dns_rdatatype_axfr) flags |= (query->msg_count == 0) ? DNS_MESSAGETEXTFLAG_ONESOA : DNS_MESSAGETEXTFLAG_OMITSOA; if (!query->lookup->comments) flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS; result = isc_buffer_allocate(mctx, &buf, len); check_result(result, "isc_buffer_allocate"); if (query->lookup->comments && !short_form) { if (query->lookup->cmdline[0] != 0) printf("; %s\n", query->lookup->cmdline); if (msg == query->lookup->sendmsg) printf(";; Sending:\n"); else printf(";; Got answer:\n"); if (headers) { printf(";; ->>HEADER<<- opcode: %s, status: %s, " "id: %u\n", opcodetext[msg->opcode], rcode_totext(msg->rcode), msg->id); printf(";; flags:"); if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) printf(" qr"); if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) printf(" aa"); if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) printf(" tc"); if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) printf(" rd"); if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) printf(" ra"); if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) printf(" ad"); if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) printf(" cd"); if ((msg->flags & 0x0040U) != 0) printf("; MBZ: 0x4"); printf("; QUERY: %u, ANSWER: %u, " "AUTHORITY: %u, ADDITIONAL: %u\n", msg->counts[DNS_SECTION_QUESTION], msg->counts[DNS_SECTION_ANSWER], msg->counts[DNS_SECTION_AUTHORITY], msg->counts[DNS_SECTION_ADDITIONAL]); if (msg != query->lookup->sendmsg && (msg->flags & DNS_MESSAGEFLAG_RD) != 0 && (msg->flags & DNS_MESSAGEFLAG_RA) == 0) printf(";; WARNING: recursion requested " "but not available\n"); } if (msg != query->lookup->sendmsg && query->lookup->edns != -1 && msg->opt == NULL && (msg->rcode == dns_rcode_formerr || msg->rcode == dns_rcode_notimp)) printf("\n;; WARNING: EDNS query returned status " "%s - retry with '+noedns'\n", rcode_totext(msg->rcode)); if (msg != query->lookup->sendmsg && extrabytes != 0U) printf(";; WARNING: Messages has %u extra byte%s at " "end\n", extrabytes, extrabytes != 0 ? "s" : ""); } repopulate_buffer: if (query->lookup->comments && headers && !short_form) { result = dns_message_pseudosectiontotext(msg, DNS_PSEUDOSECTION_OPT, style, flags, buf); if (result == ISC_R_NOSPACE) { buftoosmall: len += OUTPUTBUF; isc_buffer_free(&buf); result = isc_buffer_allocate(mctx, &buf, len); if (result == ISC_R_SUCCESS) goto repopulate_buffer; else goto cleanup; } check_result(result, "dns_message_pseudosectiontotext"); } if (query->lookup->section_question && headers) { if (!short_form) { result = dns_message_sectiontotext(msg, DNS_SECTION_QUESTION, style, flags, buf); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "dns_message_sectiontotext"); } } if (query->lookup->section_answer) { if (!short_form) { result = dns_message_sectiontotext(msg, DNS_SECTION_ANSWER, style, flags, buf); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "dns_message_sectiontotext"); } else { result = short_answer(msg, flags, buf, query); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "short_answer"); } } if (query->lookup->section_authority) { if (!short_form) { result = dns_message_sectiontotext(msg, DNS_SECTION_AUTHORITY, style, flags, buf); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "dns_message_sectiontotext"); } } if (query->lookup->section_additional) { if (!short_form) { result = dns_message_sectiontotext(msg, DNS_SECTION_ADDITIONAL, style, flags, buf); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "dns_message_sectiontotext"); /* * Only print the signature on the first record. */ if (headers) { result = dns_message_pseudosectiontotext( msg, DNS_PSEUDOSECTION_TSIG, style, flags, buf); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "dns_message_pseudosectiontotext"); result = dns_message_pseudosectiontotext( msg, DNS_PSEUDOSECTION_SIG0, style, flags, buf); if (result == ISC_R_NOSPACE) goto buftoosmall; check_result(result, "dns_message_pseudosectiontotext"); } } } if (headers && query->lookup->comments && !short_form) printf("\n"); printf("%.*s", (int)isc_buffer_usedlength(buf), (char *)isc_buffer_base(buf)); isc_buffer_free(&buf); cleanup: if (style != NULL) dns_master_styledestroy(&style, mctx); return (result); }
static void buildquery(void) { isc_result_t result; dns_rdataset_t *question = NULL; dns_name_t *qname = NULL; isc_region_t r, inr; dns_message_t *query; char nametext[] = "host.example"; isc_buffer_t namesrc, namedst; unsigned char namedata[256]; isc_sockaddr_t sa; dns_compress_t cctx; query = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); CHECK("dns_message_create", result); result = dns_message_setsig0key(query, key); CHECK("dns_message_setsig0key", result); result = dns_message_gettemprdataset(query, &question); CHECK("dns_message_gettemprdataset", result); dns_rdataset_init(question); dns_rdataset_makequestion(question, dns_rdataclass_in, dns_rdatatype_a); result = dns_message_gettempname(query, &qname); CHECK("dns_message_gettempname", result); isc_buffer_init(&namesrc, nametext, strlen(nametext)); isc_buffer_add(&namesrc, strlen(nametext)); isc_buffer_init(&namedst, namedata, sizeof(namedata)); dns_name_init(qname, NULL); result = dns_name_fromtext(qname, &namesrc, dns_rootname, ISC_FALSE, &namedst); CHECK("dns_name_fromtext", result); ISC_LIST_APPEND(qname->list, question, link); dns_message_addname(query, qname, DNS_SECTION_QUESTION); isc_buffer_init(&qbuffer, qdata, sizeof(qdata)); result = dns_compress_init(&cctx, -1, mctx); CHECK("dns_compress_init", result); result = dns_message_renderbegin(query, &cctx, &qbuffer); CHECK("dns_message_renderbegin", result); result = dns_message_rendersection(query, DNS_SECTION_QUESTION, 0); CHECK("dns_message_rendersection(question)", result); result = dns_message_rendersection(query, DNS_SECTION_ANSWER, 0); CHECK("dns_message_rendersection(answer)", result); result = dns_message_rendersection(query, DNS_SECTION_AUTHORITY, 0); CHECK("dns_message_rendersection(auth)", result); result = dns_message_rendersection(query, DNS_SECTION_ADDITIONAL, 0); CHECK("dns_message_rendersection(add)", result); result = dns_message_renderend(query); CHECK("dns_message_renderend", result); dns_compress_invalidate(&cctx); isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_totext(query, style, 0, &outbuf); CHECK("dns_message_totext", result); printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); isc_buffer_usedregion(&qbuffer, &r); isc_sockaddr_any(&sa); result = isc_socket_bind(s, &sa); CHECK("isc_socket_bind", result); result = isc_socket_sendto(s, &r, task1, senddone, NULL, &address, NULL); CHECK("isc_socket_sendto", result); inr.base = rdata; inr.length = sizeof(rdata); result = isc_socket_recv(s, &inr, 1, task1, recvdone, NULL); CHECK("isc_socket_recv", result); dns_message_destroy(&query); }
static void sendquery(isc_task_t *task, isc_event_t *event) { struct in_addr inaddr; isc_sockaddr_t address; isc_region_t r; isc_result_t result; dns_fixedname_t keyname; dns_fixedname_t ownername; isc_buffer_t namestr, keybuf; unsigned char keydata[9]; dns_message_t *query; dns_request_t *request; static char keystr[] = "0123456789ab"; isc_event_free(&event); result = ISC_R_FAILURE; if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) CHECK("inet_pton", result); isc_sockaddr_fromin(&address, &inaddr, PORT); dns_fixedname_init(&keyname); isc_buffer_init(&namestr, "tkeytest.", 9); isc_buffer_add(&namestr, 9); result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, NULL, 0, NULL); CHECK("dns_name_fromtext", result); dns_fixedname_init(&ownername); isc_buffer_init(&namestr, ownername_str, strlen(ownername_str)); isc_buffer_add(&namestr, strlen(ownername_str)); result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr, NULL, 0, NULL); CHECK("dns_name_fromtext", result); isc_buffer_init(&keybuf, keydata, 9); result = isc_base64_decodestring(keystr, &keybuf); CHECK("isc_base64_decodestring", result); isc_buffer_usedregion(&keybuf, &r); initialkey = NULL; result = dns_tsigkey_create(dns_fixedname_name(&keyname), DNS_TSIG_HMACMD5_NAME, isc_buffer_base(&keybuf), isc_buffer_usedlength(&keybuf), ISC_FALSE, NULL, 0, 0, mctx, ring, &initialkey); CHECK("dns_tsigkey_create", result); query = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); CHECK("dns_message_create", result); result = dns_tkey_builddhquery(query, ourkey, dns_fixedname_name(&ownername), DNS_TSIG_HMACMD5_NAME, &nonce, 3600); CHECK("dns_tkey_builddhquery", result); request = NULL; result = dns_request_create(requestmgr, query, &address, 0, initialkey, TIMEOUT, task, recvquery, query, &request); CHECK("dns_request_create", result); }
int main(int argc, char **argv) { isc_boolean_t show_final_mem = ISC_FALSE; isc_buffer_t key_txtbuffer; char key_txtsecret[256]; isc_mem_t *mctx = NULL; isc_result_t result = ISC_R_SUCCESS; const char *keyname = NULL; const char *randomfile = NULL; const char *serveraddr = NULL; dns_secalg_t alg = DST_ALG_HMACMD5; const char *algname = alg_totext(alg); char *p; int ch; int port; int keysize; struct in_addr addr4_dummy; struct in6_addr addr6_dummy; char *chrootdir = NULL; char *user = NULL; isc_boolean_t keyonly = ISC_FALSE; int len; keydef = keyfile = RNDC_KEYFILE; result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) memmove(program, "rndc-confgen", 13); progname = program; keyname = DEFAULT_KEYNAME; keysize = DEFAULT_KEYLENGTH; serveraddr = DEFAULT_SERVER; port = DEFAULT_PORT; isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) { switch (ch) { case 'a': keyonly = ISC_TRUE; break; case 'b': keysize = strtol(isc_commandline_argument, &p, 10); if (*p != '\0' || keysize < 0) fatal("-b requires a non-negative number"); break; case 'c': keyfile = isc_commandline_argument; break; case 'h': usage(0); case 'k': case 'y': /* Compatible with rndc -y. */ keyname = isc_commandline_argument; break; case 'M': isc_mem_debugging = ISC_MEM_DEBUGTRACE; break; case 'm': show_final_mem = ISC_TRUE; break; case 'p': port = strtol(isc_commandline_argument, &p, 10); if (*p != '\0' || port < 0 || port > 65535) fatal("port '%s' out of range", isc_commandline_argument); break; case 'r': randomfile = isc_commandline_argument; break; case 's': serveraddr = isc_commandline_argument; if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 && inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1) fatal("-s should be an IPv4 or IPv6 address"); break; case 't': chrootdir = isc_commandline_argument; break; case 'u': user = isc_commandline_argument; break; case 'V': verbose = ISC_TRUE; break; case '?': if (isc_commandline_option != '?') { fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); usage(1); } else usage(0); break; default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); } } argc -= isc_commandline_index; argv += isc_commandline_index; POST(argv); if (argc > 0) usage(1); DO("create memory context", isc_mem_create(0, 0, &mctx)); isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret)); generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer); if (keyonly) { write_key_file(keyfile, chrootdir == NULL ? user : NULL, keyname, &key_txtbuffer, alg); if (chrootdir != NULL) { char *buf; len = strlen(chrootdir) + strlen(keyfile) + 2; buf = isc_mem_get(mctx, len); if (buf == NULL) fatal("isc_mem_get(%d) failed\n", len); snprintf(buf, len, "%s%s%s", chrootdir, (*keyfile != '/') ? "/" : "", keyfile); write_key_file(buf, user, keyname, &key_txtbuffer, alg); isc_mem_put(mctx, buf, len); } } else { printf("\ # Start of rndc.conf\n\ key \"%s\" {\n\ algorithm %s;\n\ secret \"%.*s\";\n\ };\n\ \n\ options {\n\ default-key \"%s\";\n\ default-server %s;\n\ default-port %d;\n\ };\n\ # End of rndc.conf\n\ \n\ # Use with the following in named.conf, adjusting the allow list as needed:\n\ # key \"%s\" {\n\ # algorithm %s;\n\ # secret \"%.*s\";\n\ # };\n\ # \n\ # controls {\n\ # inet %s port %d\n\ # allow { %s; } keys { \"%s\"; };\n\ # };\n\ # End of named.conf\n", keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer), (char *)isc_buffer_base(&key_txtbuffer), keyname, serveraddr, port, keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer), (char *)isc_buffer_base(&key_txtbuffer), serveraddr, port, serveraddr, keyname); } if (show_final_mem) isc_mem_stats(mctx, stderr); isc_mem_destroy(&mctx); return (0); }
static isc_result_t process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout, dns_tsig_keyring_t *ring) { isc_result_t result = ISC_R_SUCCESS; dst_key_t *dstkey = NULL; dns_tsigkey_t *tsigkey = NULL; dns_fixedname_t principal; isc_stdtime_t now; isc_region_t intoken; isc_buffer_t *outtoken = NULL; gss_ctx_id_t gss_ctx = NULL; /* * You have to define either a gss credential (principal) to * accept with tkey-gssapi-credential, or you have to * configure a specific keytab (with tkey-gssapi-keytab) in * order to use gsstkey */ if (tctx->gsscred == NULL && tctx->gssapi_keytab == NULL) { tkey_log("process_gsstkey(): no tkey-gssapi-credential " "or tkey-gssapi-keytab configured"); return (ISC_R_NOPERM); } if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_GSSAPI_NAME) && !dns_name_equal(&tkeyin->algorithm, DNS_TSIG_GSSAPIMS_NAME)) { tkeyout->error = dns_tsigerror_badalg; tkey_log("process_gsstkey(): dns_tsigerror_badalg"); /* XXXSRA */ return (ISC_R_SUCCESS); } /* * XXXDCL need to check for key expiry per 4.1.1 * XXXDCL need a way to check fully established, perhaps w/key_flags */ intoken.base = tkeyin->key; intoken.length = tkeyin->keylen; result = dns_tsigkey_find(&tsigkey, name, &tkeyin->algorithm, ring); if (result == ISC_R_SUCCESS) gss_ctx = dst_key_getgssctx(tsigkey->key); dns_fixedname_init(&principal); /* * Note that tctx->gsscred may be NULL if tctx->gssapi_keytab is set */ result = dst_gssapi_acceptctx(tctx->gsscred, tctx->gssapi_keytab, &intoken, &outtoken, &gss_ctx, dns_fixedname_name(&principal), tctx->mctx); if (result == DNS_R_INVALIDTKEY) { if (tsigkey != NULL) dns_tsigkey_detach(&tsigkey); tkeyout->error = dns_tsigerror_badkey; tkey_log("process_gsstkey(): dns_tsigerror_badkey"); /* XXXSRA */ return (ISC_R_SUCCESS); } if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS) goto failure; /* * XXXDCL Section 4.1.3: Limit GSS_S_CONTINUE_NEEDED to 10 times. */ isc_stdtime_get(&now); if (tsigkey == NULL) { #ifdef GSSAPI OM_uint32 gret, minor, lifetime; #endif isc_uint32_t expire; RETERR(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey, &intoken)); /* * Limit keys to 1 hour or the context's lifetime whichever * is smaller. */ expire = now + 3600; #ifdef GSSAPI gret = gss_context_time(&minor, gss_ctx, &lifetime); if (gret == GSS_S_COMPLETE && now + lifetime < expire) expire = now + lifetime; #endif RETERR(dns_tsigkey_createfromkey(name, &tkeyin->algorithm, dstkey, ISC_TRUE, dns_fixedname_name(&principal), now, expire, ring->mctx, ring, NULL)); dst_key_free(&dstkey); tkeyout->inception = now; tkeyout->expire = expire; } else { tkeyout->inception = tsigkey->inception; tkeyout->expire = tsigkey->expire; dns_tsigkey_detach(&tsigkey); } if (outtoken) { tkeyout->key = isc_mem_get(tkeyout->mctx, isc_buffer_usedlength(outtoken)); if (tkeyout->key == NULL) { result = ISC_R_NOMEMORY; goto failure; } tkeyout->keylen = isc_buffer_usedlength(outtoken); memmove(tkeyout->key, isc_buffer_base(outtoken), isc_buffer_usedlength(outtoken)); isc_buffer_free(&outtoken); } else { tkeyout->key = isc_mem_get(tkeyout->mctx, tkeyin->keylen); if (tkeyout->key == NULL) { result = ISC_R_NOMEMORY; goto failure; } tkeyout->keylen = tkeyin->keylen; memmove(tkeyout->key, tkeyin->key, tkeyin->keylen); } tkeyout->error = dns_rcode_noerror; tkey_log("process_gsstkey(): dns_tsigerror_noerror"); /* XXXSRA */ return (ISC_R_SUCCESS); failure: if (tsigkey != NULL) dns_tsigkey_detach(&tsigkey); if (dstkey != NULL) dst_key_free(&dstkey); if (outtoken != NULL) isc_buffer_free(&outtoken); tkey_log("process_gsstkey(): %s", isc_result_totext(result)); /* XXXSRA */ return (result); }
static isc_result_t process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout, dns_tsig_keyring_t *ring, dns_namelist_t *namelist) { isc_result_t result = ISC_R_SUCCESS; dns_name_t *keyname, ourname; dns_rdataset_t *keyset = NULL; dns_rdata_t keyrdata = DNS_RDATA_INIT, ourkeyrdata = DNS_RDATA_INIT; isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE; dst_key_t *pubkey = NULL; isc_buffer_t ourkeybuf, *shared = NULL; isc_region_t r, r2, ourkeyr; unsigned char keydata[DST_KEY_MAXSIZE]; unsigned int sharedsize; isc_buffer_t secret; unsigned char *randomdata = NULL, secretdata[256]; dns_ttl_t ttl = 0; if (tctx->dhkey == NULL) { tkey_log("process_dhtkey: tkey-dhkey not defined"); tkeyout->error = dns_tsigerror_badalg; return (DNS_R_REFUSED); } if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_HMACMD5_NAME)) { tkey_log("process_dhtkey: algorithms other than " "hmac-md5 are not supported"); tkeyout->error = dns_tsigerror_badalg; return (ISC_R_SUCCESS); } /* * Look for a DH KEY record that will work with ours. */ for (result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL); result == ISC_R_SUCCESS && !found_key; result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL)) { keyname = NULL; dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, &keyname); keyset = NULL; result = dns_message_findtype(keyname, dns_rdatatype_key, 0, &keyset); if (result != ISC_R_SUCCESS) continue; for (result = dns_rdataset_first(keyset); result == ISC_R_SUCCESS && !found_key; result = dns_rdataset_next(keyset)) { dns_rdataset_current(keyset, &keyrdata); pubkey = NULL; result = dns_dnssec_keyfromrdata(keyname, &keyrdata, msg->mctx, &pubkey); if (result != ISC_R_SUCCESS) { dns_rdata_reset(&keyrdata); continue; } if (dst_key_alg(pubkey) == DNS_KEYALG_DH) { if (dst_key_paramcompare(pubkey, tctx->dhkey)) { found_key = ISC_TRUE; ttl = keyset->ttl; break; } else found_incompatible = ISC_TRUE; } dst_key_free(&pubkey); dns_rdata_reset(&keyrdata); } } if (!found_key) { if (found_incompatible) { tkey_log("process_dhtkey: found an incompatible key"); tkeyout->error = dns_tsigerror_badkey; return (ISC_R_SUCCESS); } else { tkey_log("process_dhtkey: failed to find a key"); return (DNS_R_FORMERR); } } RETERR(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist)); isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata)); RETERR(dst_key_todns(tctx->dhkey, &ourkeybuf)); isc_buffer_usedregion(&ourkeybuf, &ourkeyr); dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any, dns_rdatatype_key, &ourkeyr); dns_name_init(&ourname, NULL); dns_name_clone(dst_key_name(tctx->dhkey), &ourname); /* * XXXBEW The TTL should be obtained from the database, if it exists. */ RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist)); RETERR(dst_key_secretsize(tctx->dhkey, &sharedsize)); RETERR(isc_buffer_allocate(msg->mctx, &shared, sharedsize)); result = dst_key_computesecret(pubkey, tctx->dhkey, shared); if (result != ISC_R_SUCCESS) { tkey_log("process_dhtkey: failed to compute shared secret: %s", isc_result_totext(result)); goto failure; } dst_key_free(&pubkey); isc_buffer_init(&secret, secretdata, sizeof(secretdata)); randomdata = isc_mem_get(tkeyout->mctx, TKEY_RANDOM_AMOUNT); if (randomdata == NULL) goto failure; result = dst__entropy_getdata(randomdata, TKEY_RANDOM_AMOUNT, ISC_FALSE); if (result != ISC_R_SUCCESS) { tkey_log("process_dhtkey: failed to obtain entropy: %s", isc_result_totext(result)); goto failure; } r.base = randomdata; r.length = TKEY_RANDOM_AMOUNT; r2.base = tkeyin->key; r2.length = tkeyin->keylen; RETERR(compute_secret(shared, &r2, &r, &secret)); isc_buffer_free(&shared); RETERR(dns_tsigkey_create(name, &tkeyin->algorithm, isc_buffer_base(&secret), isc_buffer_usedlength(&secret), ISC_TRUE, signer, tkeyin->inception, tkeyin->expire, ring->mctx, ring, NULL)); /* This key is good for a long time */ tkeyout->inception = tkeyin->inception; tkeyout->expire = tkeyin->expire; tkeyout->key = randomdata; tkeyout->keylen = TKEY_RANDOM_AMOUNT; return (ISC_R_SUCCESS); failure: if (!ISC_LIST_EMPTY(*namelist)) free_namelist(msg, namelist); if (shared != NULL) isc_buffer_free(&shared); if (pubkey != NULL) dst_key_free(&pubkey); if (randomdata != NULL) isc_mem_put(tkeyout->mctx, randomdata, TKEY_RANDOM_AMOUNT); return (result); }