static isc_result_t
configure_listener(isc_sockaddr_t *address, ns_lwresd_t *lwresd,
isc_mem_t *mctx, ns_lwreslistenerlist_t *newlisteners)
{
ns_lwreslistener_t *listener, *oldlistener = NULL;
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_result_t result;
(void)find_listener(address, &oldlistener);
listener = NULL;
result = listener_create(mctx, lwresd, &listener);
if (result != ISC_R_SUCCESS) {
isc_sockaddr_format(address, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
"lwres failed to configure %s: %s",
socktext, isc_result_totext(result));
return (result);
}
/*
* If there's already a listener, don't rebind the socket.
*/
if (oldlistener == NULL) {
result = listener_bind(listener, address);
if (result != ISC_R_SUCCESS) {
ns_lwreslistener_detach(&listener);
return (ISC_R_SUCCESS);
}
} else
listener_copysock(oldlistener, listener);
result = listener_startclients(listener);
if (result != ISC_R_SUCCESS) {
isc_sockaddr_format(address, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
"lwres: failed to start %s: %s", socktext,
isc_result_totext(result));
ns_lwreslistener_detach(&listener);
return (ISC_R_SUCCESS);
}
if (oldlistener != NULL) {
/*
* Remove the old listener from the old list and shut it down.
*/
ISC_LIST_UNLINK(listeners, oldlistener, link);
listener_shutdown(oldlistener);
ns_lwreslistener_detach(&oldlistener);
} else {
isc_sockaddr_format(address, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_NOTICE,
"lwres listening on %s", socktext);
}
ISC_LIST_APPEND(*newlisteners, listener, link);
return (result);
}
static void control_newconn (isc_task_t * task, isc_event_t * event)
{
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *) event;
controllistener_t *listener = event->ev_arg;
isc_socket_t *sock;
isc_sockaddr_t peeraddr;
isc_result_t result;
UNUSED (task);
listener->listening = ISC_FALSE;
if (nevent->result != ISC_R_SUCCESS)
{
if (nevent->result == ISC_R_CANCELED)
{
shutdown_listener (listener);
goto cleanup;
}
goto restart;
}
sock = nevent->newsocket;
isc_socket_setname (sock, "control", NULL);
(void) isc_socket_getpeername (sock, &peeraddr);
if (listener->type == isc_sockettype_tcp && !address_ok (&peeraddr, listener->acl))
{
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format (&peeraddr, socktext, sizeof (socktext));
isc_log_write (ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, "rejected command channel message from %s", socktext);
isc_socket_detach (&sock);
goto restart;
}
result = newconnection (listener, sock);
if (result != ISC_R_SUCCESS)
{
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format (&peeraddr, socktext, sizeof (socktext));
isc_log_write (ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"dropped command channel from %s: %s", socktext, isc_result_totext (result));
isc_socket_detach (&sock);
goto restart;
}
restart:
control_next (listener);
cleanup:
isc_event_free (&event);
}
static isc_boolean_t
client_ok(const isc_sockaddr_t *fromaddr, void *arg) {
ns_statschannel_t *listener = arg;
isc_netaddr_t netaddr;
char socktext[ISC_SOCKADDR_FORMATSIZE];
int match;
REQUIRE(listener != NULL);
isc_netaddr_fromsockaddr(&netaddr, fromaddr);
LOCK(&listener->lock);
if (dns_acl_match(&netaddr, NULL, listener->acl, &ns_g_server->aclenv,
&match, NULL) == ISC_R_SUCCESS && match > 0) {
UNLOCK(&listener->lock);
return (ISC_TRUE);
}
UNLOCK(&listener->lock);
isc_sockaddr_format(fromaddr, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"rejected statistics connection from %s", socktext);
return (ISC_FALSE);
}
static void
shutdown_listener(controllistener_t *listener) {
controlconnection_t *conn;
controlconnection_t *next;
if (!listener->exiting) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_UNLINK(listener->controls->listeners, listener, link);
isc_sockaddr_format(&listener->address, socktext,
sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"stopping command channel on %s", socktext);
if (listener->type == isc_sockettype_unix)
isc_socket_cleanunix(&listener->address, ISC_TRUE);
listener->exiting = ISC_TRUE;
}
for (conn = ISC_LIST_HEAD(listener->connections);
conn != NULL;
conn = next)
{
next = ISC_LIST_NEXT(conn, link);
maybe_free_connection(conn);
}
if (listener->listening)
isc_socket_cancel(listener->sock, listener->task,
ISC_SOCKCANCEL_ACCEPT);
maybe_free_listener(listener);
}
static void
rndc_connected(isc_task_t *task, isc_event_t *event) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_socketevent_t *sevent = (isc_socketevent_t *)event;
isccc_sexpr_t *request = NULL;
isccc_sexpr_t *data;
isccc_time_t now;
isccc_region_t message;
isc_region_t r;
isc_uint32_t len;
isc_buffer_t b;
isc_result_t result;
connects--;
if (sevent->result != ISC_R_SUCCESS) {
isc_sockaddr_format(&serveraddrs[currentaddr], socktext,
sizeof(socktext));
if (sevent->result != ISC_R_CANCELED &&
++currentaddr < nserveraddrs)
{
notify("connection failed: %s: %s", socktext,
isc_result_totext(sevent->result));
isc_socket_detach(&sock);
isc_event_free(&event);
rndc_startconnect(&serveraddrs[currentaddr], task);
return;
} else
fatal("connect failed: %s: %s", socktext,
isc_result_totext(sevent->result));
}
isc_stdtime_get(&now);
DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial,
now, now + 60, &request));
data = isccc_alist_lookup(request, "_data");
if (data == NULL)
fatal("_data section missing");
if (isccc_cc_definestring(data, "type", "null") == NULL)
fatal("out of memory");
message.rstart = databuf + 4;
message.rend = databuf + sizeof(databuf);
DO("render message", isccc_cc_towire(request, &message, &secret));
len = sizeof(databuf) - REGION_SIZE(message);
isc_buffer_init(&b, databuf, 4);
isc_buffer_putuint32(&b, len - 4);
r.length = len;
r.base = databuf;
isccc_ccmsg_init(mctx, sock, &ccmsg);
isccc_ccmsg_setmaxsize(&ccmsg, 1024 * 1024);
DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task,
rndc_recvnonce, NULL));
recvs++;
DO("send message", isc_socket_send(sock, &r, task, rndc_senddone,
NULL));
sends++;
isc_event_free(&event);
}
static void
rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
isc_result_t result;
int pf;
isc_sockettype_t type;
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(addr, socktext, sizeof(socktext));
notify("using server %s (%s)", servername, socktext);
pf = isc_sockaddr_pf(addr);
if (pf == AF_INET || pf == AF_INET6)
type = isc_sockettype_tcp;
else
type = isc_sockettype_unix;
DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
switch (isc_sockaddr_pf(addr)) {
case AF_INET:
DO("bind socket", isc_socket_bind(sock, &local4));
break;
case AF_INET6:
DO("bind socket", isc_socket_bind(sock, &local6));
break;
default:
break;
}
DO("connect", isc_socket_connect(sock, addr, task, rndc_connected,
NULL));
connects++;
}
isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char servtext[ISC_SOCKADDR_FORMATSIZE];
/* I've we've gotten this far, we've reached a server. */
query_error = 0;
debug("printmessage()");
isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
printf("Server:\t\t%s\n", query->userarg);
printf("Address:\t%s\n", servtext);
puts("");
if (!short_form) {
isc_boolean_t headers = ISC_TRUE;
puts("------------");
/* detailheader(query, msg);*/
detailsection(query, msg, headers, DNS_SECTION_QUESTION);
detailsection(query, msg, headers, DNS_SECTION_ANSWER);
detailsection(query, msg, headers, DNS_SECTION_AUTHORITY);
detailsection(query, msg, headers, DNS_SECTION_ADDITIONAL);
puts("------------");
}
if (msg->rcode != 0) {
char nametext[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name,
nametext, sizeof(nametext));
printf("** server can't find %s: %s\n",
nametext, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
/* the lookup failed */
print_error |= 1;
return (ISC_R_SUCCESS);
}
if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0)
puts("Non-authoritative answer:");
if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
printsection(query, msg, headers, DNS_SECTION_ANSWER);
else
printf("*** Can't find %s: No answer\n",
query->lookup->textname);
if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
(query->lookup->rdtype != dns_rdatatype_a)) {
puts("\nAuthoritative answers can be found from:");
printsection(query, msg, headers,
DNS_SECTION_AUTHORITY);
printsection(query, msg, headers,
DNS_SECTION_ADDITIONAL);
}
return (ISC_R_SUCCESS);
}
static void
shutdown_listener(ns_statschannel_t *listener) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&listener->address, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,NS_LOGMODULE_SERVER,
ISC_LOG_NOTICE, "stopping statistics channel on %s",
socktext);
isc_httpdmgr_shutdown(&listener->httpdmgr);
}
static inline void
log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t peeraddr;
(void)isc_socket_getpeername(ccmsg->sock, &peeraddr);
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_ERROR,
"invalid command from %s: %s",
socktext, isc_result_totext(result));
}
/*%
* Callback from dighost.c to print the received message.
*/
void
received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
isc_uint64_t diff;
isc_time_t now;
time_t tnow;
struct tm tmnow;
char time_str[100];
char fromtext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(from, fromtext, sizeof(fromtext));
TIME_NOW(&now);
if (query->lookup->stats && !short_form) {
diff = isc_time_microdiff(&now, &query->time_sent);
printf(";; Query time: %ld msec\n", (long int)diff/1000);
printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
time(&tnow);
tmnow = *localtime(&tnow);
if (strftime(time_str, sizeof(time_str),
"%a %b %d %H:%M:%S %Z %Y", &tmnow) > 0U)
printf(";; WHEN: %s\n", time_str);
if (query->lookup->doing_xfr) {
printf(";; XFR size: %u records (messages %u, "
"bytes %" ISC_PRINT_QUADFORMAT "u)\n",
query->rr_count, query->msg_count,
query->byte_count);
} else {
printf(";; MSG SIZE rcvd: %u\n", bytes);
}
if (key != NULL) {
if (!validated)
puts(";; WARNING -- Some TSIG could not "
"be validated");
}
if ((key == NULL) && (keysecret[0] != 0)) {
puts(";; WARNING -- TSIG key was not used.");
}
puts("");
} else if (query->lookup->identify && !short_form) {
diff = isc_time_microdiff(&now, &query->time_sent);
printf(";; Received %" ISC_PRINT_QUADFORMAT "u bytes "
"from %s(%s) in %d ms\n\n",
query->lookup->doing_xfr ?
query->byte_count : (isc_uint64_t)bytes,
fromtext, query->userarg,
(int)diff/1000);
}
}
static isc_result_t
listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
isc_socket_t *sock = NULL;
isc_result_t result = ISC_R_SUCCESS;
int pf;
pf = isc_sockaddr_pf(address);
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
return (ISC_R_FAMILYNOSUPPORT);
listener->address = *address;
if (isc_sockaddr_getport(&listener->address) == 0) {
in_port_t port;
port = lwresd_g_listenport;
if (port == 0)
port = LWRES_UDP_PORT;
isc_sockaddr_setport(&listener->address, port);
}
sock = NULL;
result = isc_socket_create(ns_g_socketmgr, pf,
isc_sockettype_udp, &sock);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
"failed to create lwres socket: %s",
isc_result_totext(result));
return (result);
}
result = isc_socket_bind(sock, &listener->address,
ISC_SOCKET_REUSEADDRESS);
if (result != ISC_R_SUCCESS) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&listener->address, socktext,
sizeof(socktext));
isc_socket_detach(&sock);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
"failed to add lwres socket: %s: %s",
socktext, isc_result_totext(result));
return (result);
}
listener->sock = sock;
return (ISC_R_SUCCESS);
}
static void
rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
isc_result_t result;
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(addr, socktext, sizeof(socktext));
notify("using server %s (%s)", servername, socktext);
DO("create socket", isc_socket_create(socketmgr,
isc_sockaddr_pf(addr),
isc_sockettype_tcp, &sock));
DO("connect", isc_socket_connect(sock, addr, task, rndc_connected,
NULL));
connects++;
}
static void
show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
dig_server_t *srv;
isc_sockaddr_t sockaddr;
dig_searchlist_t *listent;
isc_result_t result;
srv = ISC_LIST_HEAD(server_list);
while (srv != NULL) {
char sockstr[ISC_SOCKADDR_FORMATSIZE];
result = get_address(srv->servername, port, &sockaddr);
check_result(result, "get_address");
isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
printf("Default server: %s\nAddress: %s\n",
srv->userarg, sockstr);
if (!full)
return;
srv = ISC_LIST_NEXT(srv, link);
}
if (serv_only)
return;
printf("\nSet options:\n");
printf(" %s\t\t\t%s\t\t%s\n",
tcpmode ? "vc" : "novc",
short_form ? "nodebug" : "debug",
debugging ? "d2" : "nod2");
printf(" %s\t\t%s\n",
usesearch ? "search" : "nosearch",
recurse ? "recurse" : "norecurse");
printf(" timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n",
timeout, tries, port, ndots);
printf(" querytype = %-8s\tclass = %s\n", deftype, defclass);
printf(" srchlist = ");
for (listent = ISC_LIST_HEAD(search_list);
listent != NULL;
listent = ISC_LIST_NEXT(listent, link)) {
printf("%s", listent->origin);
if (ISC_LIST_NEXT(listent, link) != NULL)
printf("/");
}
printf("\n");
}
/*%
* Remove any interfaces whose generation number is not the current one.
*/
static void
purge_old_interfaces(ns_interfacemgr_t *mgr) {
ns_interface_t *ifp, *next;
for (ifp = ISC_LIST_HEAD(mgr->interfaces); ifp != NULL; ifp = next) {
INSIST(NS_INTERFACE_VALID(ifp));
next = ISC_LIST_NEXT(ifp, link);
if (ifp->generation != mgr->generation) {
char sabuf[256];
ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf));
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_INFO,
"no longer listening on %s", sabuf);
ns_interface_shutdown(ifp);
ns_interface_detach(&ifp);
}
}
}
static void control_senddone (isc_task_t * task, isc_event_t * event)
{
isc_socketevent_t *sevent = (isc_socketevent_t *) event;
controlconnection_t *conn = event->ev_arg;
controllistener_t *listener = conn->listener;
isc_socket_t *sock = (isc_socket_t *) sevent->ev_sender;
isc_result_t result;
REQUIRE (conn->sending);
UNUSED (task);
conn->sending = ISC_FALSE;
if (sevent->result != ISC_R_SUCCESS && sevent->result != ISC_R_CANCELED)
{
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t peeraddr;
(void) isc_socket_getpeername (sock, &peeraddr);
isc_sockaddr_format (&peeraddr, socktext, sizeof (socktext));
isc_log_write (ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"error sending command response to %s: %s", socktext, isc_result_totext (sevent->result));
}
isc_event_free (&event);
result = isccc_ccmsg_readmessage (&conn->ccmsg, listener->task, control_recvmessage, conn);
if (result != ISC_R_SUCCESS)
{
isc_socket_detach (&conn->sock);
maybe_free_connection (conn);
maybe_free_listener (listener);
}
}
isc_result_t
ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config) {
const cfg_obj_t *lwreslist = NULL;
const cfg_obj_t *lwres = NULL;
const cfg_obj_t *listenerslist = NULL;
const cfg_listelt_t *element = NULL;
ns_lwreslistener_t *listener;
ns_lwreslistenerlist_t newlisteners;
isc_result_t result;
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t *addrs = NULL;
ns_lwresd_t *lwresd = NULL;
isc_uint32_t count = 0;
REQUIRE(mctx != NULL);
REQUIRE(config != NULL);
RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
ISC_LIST_INIT(newlisteners);
result = cfg_map_get(config, "lwres", &lwreslist);
if (result != ISC_R_SUCCESS)
return (ISC_R_SUCCESS);
LOCK(&listeners_lock);
/*
* Run through the new lwres address list, noting sockets that
* are already being listened on and moving them to the new list.
*
* Identifying duplicates addr/port combinations is left to either
* the underlying config code, or to the bind attempt getting an
* address-in-use error.
*/
for (element = cfg_list_first(lwreslist);
element != NULL;
element = cfg_list_next(element))
{
in_port_t port;
lwres = cfg_listelt_value(element);
CHECK(ns_lwdmanager_create(mctx, lwres, &lwresd));
port = lwresd_g_listenport;
if (port == 0)
port = LWRES_UDP_PORT;
listenerslist = NULL;
(void)cfg_map_get(lwres, "listen-on", &listenerslist);
if (listenerslist == NULL) {
struct in_addr localhost;
isc_sockaddr_t address;
localhost.s_addr = htonl(INADDR_LOOPBACK);
isc_sockaddr_fromin(&address, &localhost, port);
CHECK(configure_listener(&address, lwresd, mctx,
&newlisteners));
} else {
isc_uint32_t i;
CHECK(ns_config_getiplist(config, listenerslist,
port, mctx, &addrs, &count));
for (i = 0; i < count; i++)
CHECK(configure_listener(&addrs[i], lwresd,
mctx, &newlisteners));
ns_config_putiplist(mctx, &addrs, count);
}
ns_lwdmanager_detach(&lwresd);
}
/*
* Shutdown everything on the listeners list, and remove them from
* the list. Then put all of the new listeners on it.
*/
while (!ISC_LIST_EMPTY(listeners)) {
listener = ISC_LIST_HEAD(listeners);
ISC_LIST_UNLINK(listeners, listener, link);
isc_sockaddr_format(&listener->address,
socktext, sizeof(socktext));
listener_shutdown(listener);
ns_lwreslistener_detach(&listener);
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_NOTICE,
"lwres no longer listening on %s", socktext);
}
cleanup:
ISC_LIST_APPENDLIST(listeners, newlisteners, link);
if (addrs != NULL)
ns_config_putiplist(mctx, &addrs, count);
if (lwresd != NULL)
ns_lwdmanager_detach(&lwresd);
UNLOCK(&listeners_lock);
return (result);
}
isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char servtext[ISC_SOCKADDR_FORMATSIZE];
/* I've we've gotten this far, we've reached a server. */
query_error = 0;
debug("printmessage()");
if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
printf("Server:\t\t%s\n", query->userarg);
printf("Address:\t%s\n", servtext);
puts("");
}
if (!short_form) {
puts("------------");
/* detailheader(query, msg);*/
detailsection(query, msg, ISC_TRUE, DNS_SECTION_QUESTION);
detailsection(query, msg, ISC_TRUE, DNS_SECTION_ANSWER);
detailsection(query, msg, ISC_TRUE, DNS_SECTION_AUTHORITY);
detailsection(query, msg, ISC_TRUE, DNS_SECTION_ADDITIONAL);
puts("------------");
}
if (msg->rcode != 0) {
char nametext[DNS_NAME_FORMATSIZE];
dns_name_format(query->lookup->name,
nametext, sizeof(nametext));
printf("** server can't find %s: %s\n",
nametext, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
/* the lookup failed */
print_error |= 1;
return (ISC_R_SUCCESS);
}
if ( default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
char namestr[DNS_NAME_FORMATSIZE];
dig_lookup_t *lookup;
dns_fixedname_t fixed;
dns_name_t *name;
/* Add AAAA lookup. */
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
dns_name_copy(query->lookup->name, name, NULL);
chase_cnamechain(msg, name);
dns_name_format(name, namestr, sizeof(namestr));
lookup = clone_lookup(query->lookup, ISC_FALSE);
if (lookup != NULL) {
strncpy(lookup->textname, namestr,
sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1] = 0;
lookup->rdtype = dns_rdatatype_aaaa;
lookup->rdtypeset = ISC_TRUE;
lookup->origin = NULL;
lookup->retries = tries;
ISC_LIST_APPEND(lookup_list, lookup, link);
}
}
if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0 &&
( !default_lookups || query->lookup->rdtype == dns_rdatatype_a) )
puts("Non-authoritative answer:");
if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
printsection(query, msg, headers, DNS_SECTION_ANSWER);
else {
if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
a_noanswer = ISC_TRUE;
else if (!default_lookups ||
(query->lookup->rdtype == dns_rdatatype_aaaa &&
a_noanswer ) )
printf("*** Can't find %s: No answer\n",
query->lookup->textname);
}
if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
(query->lookup->rdtype != dns_rdatatype_a) &&
(query->lookup->rdtype != dns_rdatatype_aaaa) ) {
puts("\nAuthoritative answers can be found from:");
printsection(query, msg, headers,
DNS_SECTION_AUTHORITY);
printsection(query, msg, headers,
DNS_SECTION_ADDITIONAL);
}
return (ISC_R_SUCCESS);
}
isc_result_t
ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
cfg_aclconfctx_t *aclconfctx)
{
controllistener_t *listener;
controllistenerlist_t new_listeners;
const cfg_obj_t *controlslist = NULL;
const cfg_listelt_t *element, *element2;
char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_INIT(new_listeners);
/*
* Get the list of named.conf 'controls' statements.
*/
(void)cfg_map_get(config, "controls", &controlslist);
/*
* Run through the new control channel list, noting sockets that
* are already being listened on and moving them to the new list.
*
* Identifying duplicate addr/port combinations is left to either
* the underlying config code, or to the bind attempt getting an
* address-in-use error.
*/
if (controlslist != NULL) {
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *controls;
const cfg_obj_t *inetcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "inet", &inetcontrols);
if (inetcontrols == NULL)
continue;
for (element2 = cfg_list_first(inetcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *control;
const cfg_obj_t *obj;
isc_sockaddr_t addr;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
obj = cfg_tuple_get(control, "address");
addr = *cfg_obj_assockaddr(obj);
if (isc_sockaddr_getport(&addr) == 0)
isc_sockaddr_setport(&addr,
NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext,
sizeof(socktext));
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel %s",
socktext);
update_listener(cp, &listener, control, config,
&addr, aclconfctx, socktext,
isc_sockettype_tcp);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
socktext,
isc_sockettype_tcp);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *controls;
const cfg_obj_t *unixcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "unix", &unixcontrols);
if (unixcontrols == NULL)
continue;
for (element2 = cfg_list_first(unixcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *control;
const cfg_obj_t *path;
isc_sockaddr_t addr;
isc_result_t result;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
path = cfg_tuple_get(control, "path");
result = isc_sockaddr_frompath(&addr,
cfg_obj_asstring(path));
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"control channel '%s': %s",
cfg_obj_asstring(path),
isc_result_totext(result));
continue;
}
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel '%s'",
cfg_obj_asstring(path));
update_listener(cp, &listener, control, config,
&addr, aclconfctx,
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
} else {
int i;
for (i = 0; i < 2; i++) {
isc_sockaddr_t addr;
if (i == 0) {
struct in_addr localhost;
if (isc_net_probeipv4() != ISC_R_SUCCESS)
continue;
localhost.s_addr = htonl(INADDR_LOOPBACK);
isc_sockaddr_fromin(&addr, &localhost, 0);
} else {
if (isc_net_probeipv6() != ISC_R_SUCCESS)
continue;
isc_sockaddr_fromin6(&addr,
&in6addr_loopback, 0);
}
isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
update_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
/*
* ns_control_shutdown() will stop whatever is on the global
* listeners list, which currently only has whatever sockaddrs
* were in the previous configuration (if any) that do not
* remain in the current configuration.
*/
controls_shutdown(cp);
/*
* Put all of the valid listeners on the listeners list.
* Anything already on listeners in the process of shutting
* down will be taken care of by listen_done().
*/
ISC_LIST_APPENDLIST(cp->listeners, new_listeners, link);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config,
cfg_aclconfctx_t *aclconfctx)
{
ns_statschannel_t *listener, *listener_next;
ns_statschannellist_t new_listeners;
const cfg_obj_t *statschannellist = NULL;
const cfg_listelt_t *element, *element2;
char socktext[ISC_SOCKADDR_FORMATSIZE];
RUNTIME_CHECK(isc_once_do(&once, init_desc) == ISC_R_SUCCESS);
ISC_LIST_INIT(new_listeners);
/*
* Get the list of named.conf 'statistics-channels' statements.
*/
(void)cfg_map_get(config, "statistics-channels", &statschannellist);
/*
* Run through the new address/port list, noting sockets that are
* already being listened on and moving them to the new list.
*
* Identifying duplicate addr/port combinations is left to either
* the underlying config code, or to the bind attempt getting an
* address-in-use error.
*/
if (statschannellist != NULL) {
#ifndef HAVE_LIBXML2
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"statistics-channels specified but not effective "
"due to missing XML library");
#endif
for (element = cfg_list_first(statschannellist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *statschannel;
const cfg_obj_t *listenercfg = NULL;
statschannel = cfg_listelt_value(element);
(void)cfg_map_get(statschannel, "inet",
&listenercfg);
if (listenercfg == NULL)
continue;
for (element2 = cfg_list_first(listenercfg);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *listen_params;
const cfg_obj_t *obj;
isc_sockaddr_t addr;
listen_params = cfg_listelt_value(element2);
obj = cfg_tuple_get(listen_params, "address");
addr = *cfg_obj_assockaddr(obj);
if (isc_sockaddr_getport(&addr) == 0)
isc_sockaddr_setport(&addr, NS_STATSCHANNEL_HTTPPORT);
isc_sockaddr_format(&addr, socktext,
sizeof(socktext));
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_DEBUG(9),
"processing statistics "
"channel %s",
socktext);
update_listener(server, &listener,
listen_params, config, &addr,
aclconfctx, socktext);
if (listener != NULL) {
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(server->statschannels,
listener, link);
} else {
/*
* This is a new listener.
*/
isc_result_t r;
r = add_listener(server, &listener,
listen_params, config,
&addr, aclconfctx,
socktext);
if (r != ISC_R_SUCCESS) {
cfg_obj_log(listen_params,
ns_g_lctx,
ISC_LOG_WARNING,
"couldn't allocate "
"statistics channel"
" %s: %s",
socktext,
isc_result_totext(r));
}
}
if (listener != NULL)
ISC_LIST_APPEND(new_listeners, listener,
link);
}
}
}
for (listener = ISC_LIST_HEAD(server->statschannels);
listener != NULL;
listener = listener_next) {
listener_next = ISC_LIST_NEXT(listener, link);
ISC_LIST_UNLINK(server->statschannels, listener, link);
shutdown_listener(listener);
}
ISC_LIST_APPENDLIST(server->statschannels, new_listeners, link);
return (ISC_R_SUCCESS);
}
static isc_result_t
do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
isc_boolean_t verbose)
{
isc_interfaceiter_t *iter = NULL;
isc_boolean_t scan_ipv4 = ISC_FALSE;
isc_boolean_t scan_ipv6 = ISC_FALSE;
isc_boolean_t adjusting = ISC_FALSE;
isc_boolean_t ipv6only = ISC_TRUE;
isc_boolean_t ipv6pktinfo = ISC_TRUE;
isc_result_t result;
isc_netaddr_t zero_address, zero_address6;
ns_listenelt_t *le;
isc_sockaddr_t listen_addr;
ns_interface_t *ifp;
isc_boolean_t log_explicit = ISC_FALSE;
isc_boolean_t dolistenon;
if (ext_listen != NULL)
adjusting = ISC_TRUE;
if (isc_net_probeipv6() == ISC_R_SUCCESS)
scan_ipv6 = ISC_TRUE;
#ifdef WANT_IPV6
else
isc_log_write(IFMGR_COMMON_LOGARGS,
verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1),
"no IPv6 interfaces found");
#endif
if (isc_net_probeipv4() == ISC_R_SUCCESS)
scan_ipv4 = ISC_TRUE;
else
isc_log_write(IFMGR_COMMON_LOGARGS,
verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1),
"no IPv4 interfaces found");
/*
* A special, but typical case; listen-on-v6 { any; }.
* When we can make the socket IPv6-only, open a single wildcard
* socket for IPv6 communication. Otherwise, make separate socket
* for each IPv6 address in order to avoid accepting IPv4 packets
* as the form of mapped addresses unintentionally unless explicitly
* allowed.
*/
#ifndef ISC_ALLOW_MAPPED
if (scan_ipv6 == ISC_TRUE &&
isc_net_probe_ipv6only() != ISC_R_SUCCESS) {
ipv6only = ISC_FALSE;
log_explicit = ISC_TRUE;
}
#endif
if (scan_ipv6 == ISC_TRUE &&
isc_net_probe_ipv6pktinfo() != ISC_R_SUCCESS) {
ipv6pktinfo = ISC_FALSE;
log_explicit = ISC_TRUE;
}
if (scan_ipv6 == ISC_TRUE && ipv6only && ipv6pktinfo) {
for (le = ISC_LIST_HEAD(mgr->listenon6->elts);
le != NULL;
le = ISC_LIST_NEXT(le, link)) {
struct in6_addr in6a;
if (!listenon_is_ip6_any(le))
continue;
in6a = in6addr_any;
isc_sockaddr_fromin6(&listen_addr, &in6a, le->port);
ifp = find_matching_interface(mgr, &listen_addr);
if (ifp != NULL) {
ifp->generation = mgr->generation;
} else {
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_INFO,
"listening on IPv6 "
"interfaces, port %u",
le->port);
result = ns_interface_setup(mgr, &listen_addr,
"<any>", &ifp,
ISC_TRUE);
if (result == ISC_R_SUCCESS)
ifp->flags |= NS_INTERFACEFLAG_ANYADDR;
else
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_ERROR,
"listening on all IPv6 "
"interfaces failed");
/* Continue. */
}
}
}
isc_netaddr_any(&zero_address);
isc_netaddr_any6(&zero_address6);
result = isc_interfaceiter_create(mgr->mctx, &iter);
if (result != ISC_R_SUCCESS)
return (result);
if (adjusting == ISC_FALSE) {
result = clearacl(mgr->mctx, &mgr->aclenv.localhost);
if (result != ISC_R_SUCCESS)
goto cleanup_iter;
result = clearacl(mgr->mctx, &mgr->aclenv.localnets);
if (result != ISC_R_SUCCESS)
goto cleanup_iter;
clearlistenon(mgr);
}
for (result = isc_interfaceiter_first(iter);
result == ISC_R_SUCCESS;
result = isc_interfaceiter_next(iter))
{
isc_interface_t interface;
ns_listenlist_t *ll;
unsigned int family;
result = isc_interfaceiter_current(iter, &interface);
if (result != ISC_R_SUCCESS)
break;
family = interface.address.family;
if (family != AF_INET && family != AF_INET6)
continue;
if (scan_ipv4 == ISC_FALSE && family == AF_INET)
continue;
if (scan_ipv6 == ISC_FALSE && family == AF_INET6)
continue;
/*
* Test for the address being nonzero rather than testing
* INTERFACE_F_UP, because on some systems the latter
* follows the media state and we could end up ignoring
* the interface for an entire rescan interval due to
* a temporary media glitch at rescan time.
*/
if (family == AF_INET &&
isc_netaddr_equal(&interface.address, &zero_address)) {
continue;
}
if (family == AF_INET6 &&
isc_netaddr_equal(&interface.address, &zero_address6)) {
continue;
}
if (adjusting == ISC_FALSE) {
result = setup_locals(mgr, &interface);
if (result != ISC_R_SUCCESS)
goto ignore_interface;
}
ll = (family == AF_INET) ? mgr->listenon4 : mgr->listenon6;
dolistenon = ISC_TRUE;
for (le = ISC_LIST_HEAD(ll->elts);
le != NULL;
le = ISC_LIST_NEXT(le, link))
{
int match;
isc_boolean_t ipv6_wildcard = ISC_FALSE;
isc_netaddr_t listen_netaddr;
isc_sockaddr_t listen_sockaddr;
/*
* Construct a socket address for this IP/port
* combination.
*/
if (family == AF_INET) {
isc_netaddr_fromin(&listen_netaddr,
&interface.address.type.in);
} else {
isc_netaddr_fromin6(&listen_netaddr,
&interface.address.type.in6);
isc_netaddr_setzone(&listen_netaddr,
interface.address.zone);
}
isc_sockaddr_fromnetaddr(&listen_sockaddr,
&listen_netaddr,
le->port);
/*
* See if the address matches the listen-on statement;
* if not, ignore the interface.
*/
(void)dns_acl_match(&listen_netaddr, NULL, le->acl,
&mgr->aclenv, &match, NULL);
if (match <= 0)
continue;
if (adjusting == ISC_FALSE && dolistenon == ISC_TRUE) {
setup_listenon(mgr, &interface, le->port);
dolistenon = ISC_FALSE;
}
/*
* The case of "any" IPv6 address will require
* special considerations later, so remember it.
*/
if (family == AF_INET6 && ipv6only && ipv6pktinfo &&
listenon_is_ip6_any(le))
ipv6_wildcard = ISC_TRUE;
/*
* When adjusting interfaces with extra a listening
* list, see if the address matches the extra list.
* If it does, and is also covered by a wildcard
* interface, we need to listen on the address
* explicitly.
*/
if (adjusting == ISC_TRUE) {
ns_listenelt_t *ele;
match = 0;
for (ele = ISC_LIST_HEAD(ext_listen->elts);
ele != NULL;
ele = ISC_LIST_NEXT(ele, link)) {
(void)dns_acl_match(&listen_netaddr,
NULL, ele->acl,
NULL, &match, NULL);
if (match > 0 &&
(ele->port == le->port ||
ele->port == 0))
break;
else
match = 0;
}
if (ipv6_wildcard == ISC_TRUE && match == 0)
continue;
}
ifp = find_matching_interface(mgr, &listen_sockaddr);
if (ifp != NULL) {
ifp->generation = mgr->generation;
} else {
char sabuf[ISC_SOCKADDR_FORMATSIZE];
if (adjusting == ISC_FALSE &&
ipv6_wildcard == ISC_TRUE)
continue;
if (log_explicit && family == AF_INET6 &&
!adjusting && listenon_is_ip6_any(le)) {
isc_log_write(IFMGR_COMMON_LOGARGS,
verbose ? ISC_LOG_INFO :
ISC_LOG_DEBUG(1),
"IPv6 socket API is "
"incomplete; explicitly "
"binding to each IPv6 "
"address separately");
log_explicit = ISC_FALSE;
}
isc_sockaddr_format(&listen_sockaddr,
sabuf, sizeof(sabuf));
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_INFO,
"%s"
"listening on %s interface "
"%s, %s",
(adjusting == ISC_TRUE) ?
"additionally " : "",
(family == AF_INET) ?
"IPv4" : "IPv6",
interface.name, sabuf);
result = ns_interface_setup(mgr,
&listen_sockaddr,
interface.name,
&ifp,
(adjusting == ISC_TRUE) ?
ISC_FALSE :
ISC_TRUE);
if (result != ISC_R_SUCCESS) {
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_ERROR,
"creating %s interface "
"%s failed; interface "
"ignored",
(family == AF_INET) ?
"IPv4" : "IPv6",
interface.name);
}
/* Continue. */
}
}
continue;
ignore_interface:
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_ERROR,
"ignoring %s interface %s: %s",
(family == AF_INET) ? "IPv4" : "IPv6",
interface.name, isc_result_totext(result));
continue;
}
if (result != ISC_R_NOMORE)
UNEXPECTED_ERROR(__FILE__, __LINE__,
"interface iteration failed: %s",
isc_result_totext(result));
else
result = ISC_R_SUCCESS;
cleanup_iter:
isc_interfaceiter_destroy(&iter);
return (result);
}
static void
parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
cfg_parser_t **pctxp, cfg_obj_t **configp)
{
isc_result_t result;
const char *conffile = admin_conffile;
const cfg_obj_t *addresses = NULL;
const cfg_obj_t *defkey = NULL;
const cfg_obj_t *options = NULL;
const cfg_obj_t *servers = NULL;
const cfg_obj_t *server = NULL;
const cfg_obj_t *keys = NULL;
const cfg_obj_t *key = NULL;
const cfg_obj_t *defport = NULL;
const cfg_obj_t *secretobj = NULL;
const cfg_obj_t *algorithmobj = NULL;
cfg_obj_t *config = NULL;
const cfg_obj_t *address = NULL;
const cfg_listelt_t *elt;
const char *secretstr;
const char *algorithm;
static char secretarray[1024];
const cfg_type_t *conftype = &cfg_type_rndcconf;
isc_boolean_t key_only = ISC_FALSE;
const cfg_listelt_t *element;
if (! isc_file_exists(conffile)) {
conffile = admin_keyfile;
conftype = &cfg_type_rndckey;
if (! isc_file_exists(conffile))
fatal("neither %s nor %s was found",
admin_conffile, admin_keyfile);
key_only = ISC_TRUE;
}
DO("create parser", cfg_parser_create(mctx, log, pctxp));
/*
* The parser will output its own errors, so DO() is not used.
*/
result = cfg_parse_file(*pctxp, conffile, conftype, &config);
if (result != ISC_R_SUCCESS)
fatal("could not load rndc configuration");
if (!key_only)
(void)cfg_map_get(config, "options", &options);
if (key_only && servername == NULL)
servername = "127.0.0.1";
else if (servername == NULL && options != NULL) {
const cfg_obj_t *defserverobj = NULL;
(void)cfg_map_get(options, "default-server", &defserverobj);
if (defserverobj != NULL)
servername = cfg_obj_asstring(defserverobj);
}
if (servername == NULL)
fatal("no server specified and no default");
if (!key_only) {
(void)cfg_map_get(config, "server", &servers);
if (servers != NULL) {
for (elt = cfg_list_first(servers);
elt != NULL;
elt = cfg_list_next(elt))
{
const char *name;
server = cfg_listelt_value(elt);
name = cfg_obj_asstring(cfg_map_getname(server));
if (strcasecmp(name, servername) == 0)
break;
server = NULL;
}
}
}
/*
* Look for the name of the key to use.
*/
if (keyname != NULL)
; /* Was set on command line, do nothing. */
else if (server != NULL) {
DO("get key for server", cfg_map_get(server, "key", &defkey));
keyname = cfg_obj_asstring(defkey);
} else if (options != NULL) {
DO("get default key", cfg_map_get(options, "default-key",
&defkey));
keyname = cfg_obj_asstring(defkey);
} else if (!key_only)
fatal("no key for server and no default");
/*
* Get the key's definition.
*/
if (key_only)
DO("get key", cfg_map_get(config, "key", &key));
else {
DO("get config key list", cfg_map_get(config, "key", &keys));
for (elt = cfg_list_first(keys);
elt != NULL;
elt = cfg_list_next(elt))
{
key = cfg_listelt_value(elt);
if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)),
keyname) == 0)
break;
}
if (elt == NULL)
fatal("no key definition for name %s", keyname);
}
(void)cfg_map_get(key, "secret", &secretobj);
(void)cfg_map_get(key, "algorithm", &algorithmobj);
if (secretobj == NULL || algorithmobj == NULL)
fatal("key must have algorithm and secret");
secretstr = cfg_obj_asstring(secretobj);
algorithm = cfg_obj_asstring(algorithmobj);
if (strcasecmp(algorithm, "hmac-md5") != 0)
fatal("unsupported algorithm: %s", algorithm);
secret.rstart = (unsigned char *)secretarray;
secret.rend = (unsigned char *)secretarray + sizeof(secretarray);
DO("decode base64 secret", isccc_base64_decode(secretstr, &secret));
secret.rend = secret.rstart;
secret.rstart = (unsigned char *)secretarray;
/*
* Find the port to connect to.
*/
if (remoteport != 0)
; /* Was set on command line, do nothing. */
else {
if (server != NULL)
(void)cfg_map_get(server, "port", &defport);
if (defport == NULL && options != NULL)
(void)cfg_map_get(options, "default-port", &defport);
}
if (defport != NULL) {
remoteport = cfg_obj_asuint32(defport);
if (remoteport > 65535 || remoteport == 0)
fatal("port %u out of range", remoteport);
} else if (remoteport == 0)
remoteport = NS_CONTROL_PORT;
if (server != NULL)
result = cfg_map_get(server, "addresses", &addresses);
else
result = ISC_R_NOTFOUND;
if (result == ISC_R_SUCCESS) {
for (element = cfg_list_first(addresses);
element != NULL;
element = cfg_list_next(element))
{
isc_sockaddr_t sa;
address = cfg_listelt_value(element);
if (!cfg_obj_issockaddr(address)) {
unsigned int myport;
const char *name;
const cfg_obj_t *obj;
obj = cfg_tuple_get(address, "name");
name = cfg_obj_asstring(obj);
obj = cfg_tuple_get(address, "port");
if (cfg_obj_isuint32(obj)) {
myport = cfg_obj_asuint32(obj);
if (myport > ISC_UINT16_MAX ||
myport == 0)
fatal("port %u out of range",
myport);
} else
myport = remoteport;
if (nserveraddrs < SERVERADDRS)
get_addresses(name, (in_port_t) myport);
else
fprintf(stderr, "too many address: "
"%s: dropped\n", name);
continue;
}
sa = *cfg_obj_assockaddr(address);
if (isc_sockaddr_getport(&sa) == 0)
isc_sockaddr_setport(&sa, remoteport);
if (nserveraddrs < SERVERADDRS)
serveraddrs[nserveraddrs++] = sa;
else {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&sa, socktext,
sizeof(socktext));
fprintf(stderr,
"too many address: %s: dropped\n",
socktext);
}
}
}
if (!local4set && server != NULL) {
address = NULL;
cfg_map_get(server, "source-address", &address);
if (address != NULL) {
local4 = *cfg_obj_assockaddr(address);
local4set = ISC_TRUE;
}
}
if (!local4set && options != NULL) {
address = NULL;
cfg_map_get(options, "default-source-address", &address);
if (address != NULL) {
local4 = *cfg_obj_assockaddr(address);
local4set = ISC_TRUE;
}
}
if (!local6set && server != NULL) {
address = NULL;
cfg_map_get(server, "source-address-v6", &address);
if (address != NULL) {
local6 = *cfg_obj_assockaddr(address);
local6set = ISC_TRUE;
}
}
if (!local6set && options != NULL) {
address = NULL;
cfg_map_get(options, "default-source-address-v6", &address);
if (address != NULL) {
local6 = *cfg_obj_assockaddr(address);
local6set = ISC_TRUE;
}
}
*configp = config;
}
