isc_result_t
pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype,
isc_boolean_t need_services, isc_boolean_t rw,
isc_boolean_t logon, const char *pin, CK_SLOT_ID slot)
{
pk11_token_t *token = NULL;
pk11_sessionlist_t *freelist;
pk11_session_t *sp;
isc_result_t ret;
#ifdef PKCS11CRYPTO
isc_result_t service_ret = ISC_R_SUCCESS;
#else
UNUSED(need_services);
#endif
memset(ctx, 0, sizeof(pk11_context_t));
ctx->handle = NULL;
ctx->session = CK_INVALID_HANDLE;
ret = pk11_initialize(NULL, NULL);
#ifdef PKCS11CRYPTO
if (ret == PK11_R_NORANDOMSERVICE ||
ret == PK11_R_NODIGESTSERVICE ||
ret == PK11_R_NOAESSERVICE) {
if (need_services)
return (ret);
service_ret = ret;
}
else
#endif /* PKCS11CRYPTO */
if (ret != ISC_R_SUCCESS)
return (ret);
LOCK(&sessionlock);
/* wait for initialization to finish */
UNLOCK(&sessionlock);
switch(optype) {
#ifdef PKCS11CRYPTO
case OP_RAND:
token = rand_token;
break;
case OP_DIGEST:
token = digest_token;
break;
case OP_AES:
token = aes_token;
break;
case OP_ANY:
for (token = ISC_LIST_HEAD(tokens);
token != NULL;
token = ISC_LIST_NEXT(token, link))
if (token->slotid == slot)
break;
break;
#endif
default:
for (token = ISC_LIST_HEAD(tokens);
token != NULL;
token = ISC_LIST_NEXT(token, link))
if (token->slotid == slot)
break;
#ifdef PKCS11CRYPTO
if ((token == NULL) ||
((token->operations & (1 << optype)) == 0))
return (ISC_R_NOTFOUND);
#endif
break;
}
if (token == NULL)
return (ISC_R_NOTFOUND);
/* Override the token's PIN */
if (logon && pin != NULL && *pin != '\0') {
if (strlen(pin) > PINLEN)
return ISC_R_RANGE;
memset(token->pin, 0, PINLEN + 1);
strncpy(token->pin, pin, PINLEN);
}
freelist = &token->sessions;
LOCK(&sessionlock);
sp = ISC_LIST_HEAD(*freelist);
if (sp != NULL) {
ISC_LIST_UNLINK(*freelist, sp, link);
ISC_LIST_APPEND(actives, sp, link);
UNLOCK(&sessionlock);
if (logon)
ret = token_login(sp);
ctx->handle = sp;
ctx->session = sp->session;
return (ret);
}
UNLOCK(&sessionlock);
sp = pk11_mem_get(sizeof(*sp));
if (sp == NULL)
return (ISC_R_NOMEMORY);
sp->magic = SES_MAGIC;
sp->token = token;
sp->session = CK_INVALID_HANDLE;
ISC_LINK_INIT(sp, link);
ret = setup_session(sp, token, rw);
if ((ret == ISC_R_SUCCESS) && logon)
ret = token_login(sp);
LOCK(&sessionlock);
ISC_LIST_APPEND(actives, sp, link);
UNLOCK(&sessionlock);
ctx->handle = sp;
ctx->session = sp->session;
#ifdef PKCS11CRYPTO
if (ret == ISC_R_SUCCESS)
ret = service_ret;
#endif
return (ret);
}
isc_result_t
dns_tsig_sign(dns_message_t *msg) {
dns_tsigkey_t *key;
dns_rdata_any_tsig_t tsig, querytsig;
unsigned char data[128];
isc_buffer_t databuf, sigbuf;
isc_buffer_t *dynbuf;
dns_name_t *owner;
dns_rdata_t *rdata;
dns_rdatalist_t *datalist;
dns_rdataset_t *dataset;
isc_region_t r;
isc_stdtime_t now;
isc_mem_t *mctx;
dst_context_t *ctx = NULL;
isc_result_t ret;
unsigned char badtimedata[BADTIMELEN];
unsigned int sigsize = 0;
REQUIRE(msg != NULL);
REQUIRE(VALID_TSIG_KEY(dns_message_gettsigkey(msg)));
/*
* If this is a response, there should be a query tsig.
*/
if (is_response(msg) && msg->querytsig == NULL)
return (DNS_R_EXPECTEDTSIG);
dynbuf = NULL;
mctx = msg->mctx;
key = dns_message_gettsigkey(msg);
tsig.mctx = mctx;
tsig.common.rdclass = dns_rdataclass_any;
tsig.common.rdtype = dns_rdatatype_tsig;
ISC_LINK_INIT(&tsig.common, link);
dns_name_init(&tsig.algorithm, NULL);
dns_name_clone(key->algorithm, &tsig.algorithm);
isc_stdtime_get(&now);
tsig.timesigned = now + msg->timeadjust;
tsig.fudge = DNS_TSIG_FUDGE;
tsig.originalid = msg->id;
isc_buffer_init(&databuf, data, sizeof(data));
if (is_response(msg))
tsig.error = msg->querytsigstatus;
else
tsig.error = dns_rcode_noerror;
if (tsig.error != dns_tsigerror_badtime) {
tsig.otherlen = 0;
tsig.other = NULL;
} else {
isc_buffer_t otherbuf;
tsig.otherlen = BADTIMELEN;
tsig.other = badtimedata;
isc_buffer_init(&otherbuf, tsig.other, tsig.otherlen);
buffer_putuint48(&otherbuf, tsig.timesigned);
}
if (key->key != NULL && tsig.error != dns_tsigerror_badsig) {
unsigned char header[DNS_MESSAGE_HEADERLEN];
isc_buffer_t headerbuf;
ret = dst_context_create(key->key, mctx, &ctx);
if (ret != ISC_R_SUCCESS)
return (ret);
/*
* If this is a response, digest the query signature.
*/
if (is_response(msg)) {
dns_rdata_t querytsigrdata = DNS_RDATA_INIT;
ret = dns_rdataset_first(msg->querytsig);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
dns_rdataset_current(msg->querytsig, &querytsigrdata);
ret = dns_rdata_tostruct(&querytsigrdata, &querytsig,
NULL);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
isc_buffer_putuint16(&databuf, querytsig.siglen);
if (isc_buffer_availablelength(&databuf) <
querytsig.siglen)
{
ret = ISC_R_NOSPACE;
goto cleanup_context;
}
isc_buffer_putmem(&databuf, querytsig.signature,
querytsig.siglen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
}
/*
* Digest the header.
*/
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
if (msg->tcp_continuation == 0) {
/*
* Digest the name, class, ttl, alg.
*/
dns_name_toregion(&key->name, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
isc_buffer_clear(&databuf);
isc_buffer_putuint16(&databuf, dns_rdataclass_any);
isc_buffer_putuint32(&databuf, 0); /* ttl */
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
dns_name_toregion(&tsig.algorithm, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
}
/* Digest the timesigned and fudge */
isc_buffer_clear(&databuf);
if (tsig.error == dns_tsigerror_badtime)
tsig.timesigned = querytsig.timesigned;
buffer_putuint48(&databuf, tsig.timesigned);
isc_buffer_putuint16(&databuf, tsig.fudge);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
if (msg->tcp_continuation == 0) {
/*
* Digest the error and other data length.
*/
isc_buffer_clear(&databuf);
isc_buffer_putuint16(&databuf, tsig.error);
isc_buffer_putuint16(&databuf, tsig.otherlen);
isc_buffer_usedregion(&databuf, &r);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
/*
* Digest the error and other data.
*/
if (tsig.otherlen > 0) {
r.length = tsig.otherlen;
r.base = tsig.other;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
}
}
ret = dst_key_sigsize(key->key, &sigsize);
if (ret != ISC_R_SUCCESS)
goto cleanup_context;
tsig.signature = (unsigned char *) isc_mem_get(mctx, sigsize);
if (tsig.signature == NULL) {
ret = ISC_R_NOMEMORY;
goto cleanup_context;
}
isc_buffer_init(&sigbuf, tsig.signature, sigsize);
ret = dst_context_sign(ctx, &sigbuf);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
dst_context_destroy(&ctx);
tsig.siglen = isc_buffer_usedlength(&sigbuf);
} else {
tsig.siglen = 0;
tsig.signature = NULL;
}
rdata = NULL;
ret = dns_message_gettemprdata(msg, &rdata);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_tsig, &tsig, dynbuf);
if (ret != ISC_R_SUCCESS)
goto cleanup_dynbuf;
dns_message_takebuffer(msg, &dynbuf);
if (tsig.signature != NULL) {
isc_mem_put(mctx, tsig.signature, sigsize);
tsig.signature = NULL;
}
owner = NULL;
ret = dns_message_gettempname(msg, &owner);
if (ret != ISC_R_SUCCESS)
goto cleanup_dynbuf;
dns_name_init(owner, NULL);
ret = dns_name_dup(&key->name, msg->mctx, owner);
if (ret != ISC_R_SUCCESS)
goto cleanup_owner;
datalist = NULL;
ret = dns_message_gettemprdatalist(msg, &datalist);
if (ret != ISC_R_SUCCESS)
goto cleanup_owner;
datalist->rdclass = dns_rdataclass_any;
datalist->type = dns_rdatatype_tsig;
datalist->covers = 0;
datalist->ttl = 0;
ISC_LIST_INIT(datalist->rdata);
ISC_LIST_APPEND(datalist->rdata, rdata, link);
dataset = NULL;
ret = dns_message_gettemprdataset(msg, &dataset);
if (ret != ISC_R_SUCCESS)
goto cleanup_owner;
dns_rdataset_init(dataset);
RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset)
== ISC_R_SUCCESS);
msg->tsig = dataset;
msg->tsigname = owner;
return (ISC_R_SUCCESS);
cleanup_owner:
if (owner != NULL)
dns_message_puttempname(msg, &owner);
cleanup_dynbuf:
if (dynbuf != NULL)
isc_buffer_free(&dynbuf);
cleanup_signature:
if (tsig.signature != NULL)
isc_mem_put(mctx, tsig.signature, sigsize);
cleanup_context:
if (ctx != NULL)
dst_context_destroy(&ctx);
return (ret);
}
static void
parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
int argc, char **argv) {
isc_result_t result;
isc_textregion_t tr;
isc_boolean_t firstarg = ISC_TRUE;
dig_lookup_t *lookup = NULL;
dns_rdatatype_t rdtype;
dns_rdataclass_t rdclass;
isc_boolean_t open_type_class = ISC_TRUE;
char batchline[MXNAME];
int bargc;
char *bargv[64];
int rc;
char **rv;
#ifndef NOPOSIX
char *homedir;
char rcfile[256];
#endif
char *input;
int i;
isc_boolean_t need_clone = ISC_TRUE;
/*
* The semantics for parsing the args is a bit complex; if
* we don't have a host yet, make the arg apply globally,
* otherwise make it apply to the latest host. This is
* a bit different than the previous versions, but should
* form a consistent user interface.
*
* First, create a "default lookup" which won't actually be used
* anywhere, except for cloning into new lookups
*/
debug("parse_args()");
if (!is_batchfile) {
debug("making new lookup");
default_lookup = make_empty_lookup();
default_lookup->adflag = ISC_TRUE;
default_lookup->edns = 0;
#ifndef NOPOSIX
/*
* Treat ${HOME}/.digrc as a special batchfile
*/
INSIST(batchfp == NULL);
homedir = getenv("HOME");
if (homedir != NULL) {
unsigned int n;
n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc",
homedir);
if (n < sizeof(rcfile))
batchfp = fopen(rcfile, "r");
}
if (batchfp != NULL) {
while (fgets(batchline, sizeof(batchline),
batchfp) != 0) {
debug("config line %s", batchline);
bargc = 1;
input = batchline;
bargv[bargc] = next_token(&input, " \t\r\n");
while ((bargv[bargc] != NULL) &&
(bargc < 62)) {
bargc++;
bargv[bargc] =
next_token(&input, " \t\r\n");
}
bargv[0] = argv[0];
argv0 = argv[0];
for(i = 0; i < bargc; i++)
debug(".digrc argv %d: %s",
i, bargv[i]);
parse_args(ISC_TRUE, ISC_TRUE, bargc,
(char **)bargv);
}
fclose(batchfp);
}
#endif
}
if (is_batchfile && !config_only) {
/* Processing '-f batchfile'. */
lookup = clone_lookup(default_lookup, ISC_TRUE);
need_clone = ISC_FALSE;
} else
lookup = default_lookup;
rc = argc;
rv = argv;
for (rc--, rv++; rc > 0; rc--, rv++) {
debug("main parsing %s", rv[0]);
if (strncmp(rv[0], "%", 1) == 0)
break;
if (strncmp(rv[0], "@", 1) == 0) {
addresscount = getaddresses(lookup, &rv[0][1], NULL);
} else if (rv[0][0] == '+') {
plus_option(&rv[0][1], is_batchfile,
lookup);
} else if (rv[0][0] == '-') {
if (rc <= 1) {
if (dash_option(&rv[0][1], NULL,
&lookup, &open_type_class,
&need_clone, config_only,
argc, argv, &firstarg)) {
rc--;
rv++;
}
} else {
if (dash_option(&rv[0][1], rv[1],
&lookup, &open_type_class,
&need_clone, config_only,
argc, argv, &firstarg)) {
rc--;
rv++;
}
}
} else {
/*
* Anything which isn't an option
*/
if (open_type_class) {
if (strncasecmp(rv[0], "ixfr=", 5) == 0) {
rdtype = dns_rdatatype_ixfr;
result = ISC_R_SUCCESS;
} else {
tr.base = rv[0];
tr.length = strlen(rv[0]);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS &&
rdtype == dns_rdatatype_ixfr) {
fprintf(stderr, ";; Warning, "
"ixfr requires a "
"serial number\n");
continue;
}
}
if (result == ISC_R_SUCCESS) {
if (lookup->rdtypeset) {
fprintf(stderr, ";; Warning, "
"extra type option\n");
}
if (rdtype == dns_rdatatype_ixfr) {
isc_uint32_t serial;
lookup->rdtype =
dns_rdatatype_ixfr;
lookup->rdtypeset = ISC_TRUE;
result = parse_uint(&serial,
&rv[0][5],
MAXSERIAL,
"serial number");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse "
"serial number");
lookup->ixfr_serial = serial;
lookup->section_question =
plusquest;
lookup->comments = pluscomm;
lookup->tcp_mode = ISC_TRUE;
} else {
lookup->rdtype = rdtype;
lookup->rdtypeset = ISC_TRUE;
if (rdtype ==
dns_rdatatype_axfr) {
lookup->section_question =
plusquest;
lookup->comments = pluscomm;
}
lookup->ixfr_serial = ISC_FALSE;
}
continue;
}
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS) {
if (lookup->rdclassset) {
fprintf(stderr, ";; Warning, "
"extra class option\n");
}
lookup->rdclass = rdclass;
lookup->rdclassset = ISC_TRUE;
continue;
}
}
if (!config_only) {
if (need_clone)
lookup = clone_lookup(default_lookup,
ISC_TRUE);
need_clone = ISC_TRUE;
strncpy(lookup->textname, rv[0],
sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
lookup->trace_root = ISC_TF(lookup->trace ||
lookup->ns_search_only);
lookup->new_search = ISC_TRUE;
if (firstarg) {
printgreeting(argc, argv, lookup);
firstarg = ISC_FALSE;
}
ISC_LIST_APPEND(lookup_list, lookup, link);
debug("looking up %s", lookup->textname);
}
/* XXX Error message */
}
}
/*
* If we have a batchfile, seed the lookup list with the
* first entry, then trust the callback in dighost_shutdown
* to get the rest
*/
if ((batchname != NULL) && !(is_batchfile)) {
if (strcmp(batchname, "-") == 0)
batchfp = stdin;
else
batchfp = fopen(batchname, "r");
if (batchfp == NULL) {
perror(batchname);
if (exitcode < 8)
exitcode = 8;
fatal("couldn't open specified batch file");
}
/* XXX Remove code dup from shutdown code */
next_line:
if (fgets(batchline, sizeof(batchline), batchfp) != 0) {
bargc = 1;
debug("batch line %s", batchline);
if (batchline[0] == '\r' || batchline[0] == '\n'
|| batchline[0] == '#' || batchline[0] == ';')
goto next_line;
input = batchline;
bargv[bargc] = next_token(&input, " \t\r\n");
while ((bargv[bargc] != NULL) && (bargc < 14)) {
bargc++;
bargv[bargc] = next_token(&input, " \t\r\n");
}
bargv[0] = argv[0];
argv0 = argv[0];
for(i = 0; i < bargc; i++)
debug("batch argv %d: %s", i, bargv[i]);
parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
return;
}
return;
}
/*
* If no lookup specified, search for root
*/
if ((lookup_list.head == NULL) && !config_only) {
if (need_clone)
lookup = clone_lookup(default_lookup, ISC_TRUE);
need_clone = ISC_TRUE;
lookup->trace_root = ISC_TF(lookup->trace ||
lookup->ns_search_only);
lookup->new_search = ISC_TRUE;
strcpy(lookup->textname, ".");
lookup->rdtype = dns_rdatatype_ns;
lookup->rdtypeset = ISC_TRUE;
if (firstarg) {
printgreeting(argc, argv, lookup);
firstarg = ISC_FALSE;
}
ISC_LIST_APPEND(lookup_list, lookup, link);
}
if (!need_clone)
destroy_lookup(lookup);
}
static void
isc_httpd_recvdone(isc_task_t *task, isc_event_t *ev)
{
isc_region_t r;
isc_result_t result;
isc_httpd_t *httpd = ev->ev_arg;
isc_socketevent_t *sev = (isc_socketevent_t *)ev;
isc_httpdurl_t *url;
isc_time_t now;
char datebuf[32]; /* Only need 30, but safety first */
ENTER("recv");
INSIST(ISC_HTTPD_ISRECV(httpd));
if (sev->result != ISC_R_SUCCESS) {
NOTICE("recv destroying client");
destroy_client(&httpd);
goto out;
}
result = process_request(httpd, sev->n);
if (result == ISC_R_NOTFOUND) {
if (httpd->recvlen >= HTTP_RECVLEN - 1) {
destroy_client(&httpd);
goto out;
}
r.base = (unsigned char *)httpd->recvbuf + httpd->recvlen;
r.length = HTTP_RECVLEN - httpd->recvlen - 1;
result = isc_socket_recv(httpd->sock, &r, 1, task,
isc_httpd_recvdone, httpd);
goto out;
} else if (result != ISC_R_SUCCESS) {
destroy_client(&httpd);
goto out;
}
ISC_HTTPD_SETSEND(httpd);
/*
* XXXMLG Call function here. Provide an add-header function
* which will append the common headers to a response we generate.
*/
isc_buffer_initnull(&httpd->bodybuffer);
isc_time_now(&now);
isc_time_formathttptimestamp(&now, datebuf, sizeof(datebuf));
url = ISC_LIST_HEAD(httpd->mgr->urls);
while (url != NULL) {
if (strcmp(httpd->url, url->url) == 0)
break;
url = ISC_LIST_NEXT(url, link);
}
if (url == NULL)
result = httpd->mgr->render_404(httpd->url, httpd->querystring,
NULL,
&httpd->retcode,
&httpd->retmsg,
&httpd->mimetype,
&httpd->bodybuffer,
&httpd->freecb,
&httpd->freecb_arg);
else
result = url->action(httpd->url, httpd->querystring,
url->action_arg,
&httpd->retcode, &httpd->retmsg,
&httpd->mimetype, &httpd->bodybuffer,
&httpd->freecb, &httpd->freecb_arg);
if (result != ISC_R_SUCCESS) {
destroy_client(&httpd);
goto out;
}
isc_httpd_response(httpd);
isc_httpd_addheader(httpd, "Content-Type", httpd->mimetype);
isc_httpd_addheader(httpd, "Date", datebuf);
isc_httpd_addheader(httpd, "Expires", datebuf);
isc_httpd_addheader(httpd, "Last-Modified", datebuf);
isc_httpd_addheader(httpd, "Pragma: no-cache", NULL);
isc_httpd_addheader(httpd, "Cache-Control: no-cache", NULL);
isc_httpd_addheader(httpd, "Server: libisc", NULL);
isc_httpd_addheaderuint(httpd, "Content-Length",
isc_buffer_usedlength(&httpd->bodybuffer));
isc_httpd_endheaders(httpd); /* done */
ISC_LIST_APPEND(httpd->bufflist, &httpd->headerbuffer, link);
/*
* Link the data buffer into our send queue, should we have any data
* rendered into it. If no data is present, we won't do anything
* with the buffer.
*/
if (isc_buffer_length(&httpd->bodybuffer) > 0)
ISC_LIST_APPEND(httpd->bufflist, &httpd->bodybuffer, link);
result = isc_socket_sendv(httpd->sock, &httpd->bufflist, task,
isc_httpd_senddone, httpd);
out:
isc_event_free(&ev);
EXIT("recv");
}
static void
resigned(isc_assertioncallback_t callback) {
isc_result_t result;
dns_rdataset_t rdataset, added;
dns_dbnode_t *node = NULL;
dns_rdatalist_t rdatalist;
dns_rdata_rrsig_t rrsig;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_buffer_t b;
unsigned char buf[1024];
result = dns_test_begin(NULL, ISC_FALSE);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
setup_db();
/*
* Create a dummy RRSIG record and set a resigning time.
*/
dns_rdataset_init(&added);
dns_rdataset_init(&rdataset);
dns_rdatalist_init(&rdatalist);
isc_buffer_init(&b, buf, sizeof(buf));
DNS_RDATACOMMON_INIT(&rrsig, dns_rdatatype_rrsig, dns_rdataclass_in);
rrsig.covered = dns_rdatatype_a;
rrsig.algorithm = 100;
rrsig.labels = 0;
rrsig.originalttl = 0;
rrsig.timeexpire = 3600;
rrsig.timesigned = 0;
rrsig.keyid = 0;
dns_name_init(&rrsig.signer, NULL);
dns_name_clone(dns_rootname, &rrsig.signer);
rrsig.siglen = 0;
rrsig.signature = NULL;
result = dns_rdata_fromstruct(&rdata, dns_rdataclass_in,
dns_rdatatype_rrsig, &rrsig, &b);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
rdatalist.rdclass = dns_rdataclass_in;
rdatalist.type = dns_rdatatype_rrsig;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
rdataset.attributes |= DNS_RDATASETATTR_RESIGN;
rdataset.resign = 7200;
result = dns_db_findnode(db1, dns_rootname, ISC_FALSE, &node);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_db_addrdataset(db1, node, v1, 0, &rdataset, 0, &added);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
dns_db_detachnode(db1, &node);
ATF_REQUIRE_EQ(node, NULL);
isc_assertion_setcallback(callback);
dns_db_resigned(db1, &added, VERSION(callback));
if (callback != NULL)
atf_tc_fail("dns_db_resigned did not assert");
dns_rdataset_disassociate(&added);
close_db();
dns_test_end();
}
static isc_result_t
ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
const char *name, ns_interface_t **ifpret)
{
ns_interface_t *ifp;
isc_result_t result;
REQUIRE(NS_INTERFACEMGR_VALID(mgr));
ifp = isc_mem_get(mgr->mctx, sizeof(*ifp));
if (ifp == NULL)
return (ISC_R_NOMEMORY);
ifp->mgr = NULL;
ifp->generation = mgr->generation;
ifp->addr = *addr;
ifp->flags = 0;
strncpy(ifp->name, name, sizeof(ifp->name));
ifp->name[sizeof(ifp->name)-1] = '\0';
ifp->clientmgr = NULL;
result = isc_mutex_init(&ifp->lock);
if (result != ISC_R_SUCCESS)
goto lock_create_failure;
result = ns_clientmgr_create(mgr->mctx, mgr->taskmgr,
ns_g_timermgr,
&ifp->clientmgr);
if (result != ISC_R_SUCCESS) {
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
"ns_clientmgr_create() failed: %s",
isc_result_totext(result));
goto clientmgr_create_failure;
}
ifp->udpdispatch = NULL;
ifp->tcpsocket = NULL;
/*
* Create a single TCP client object. It will replace itself
* with a new one as soon as it gets a connection, so the actual
* connections will be handled in parallel even though there is
* only one client initially.
*/
ifp->ntcptarget = 1;
ifp->ntcpcurrent = 0;
ISC_LINK_INIT(ifp, link);
ns_interfacemgr_attach(mgr, &ifp->mgr);
ISC_LIST_APPEND(mgr->interfaces, ifp, link);
ifp->references = 1;
ifp->magic = IFACE_MAGIC;
*ifpret = ifp;
return (ISC_R_SUCCESS);
clientmgr_create_failure:
DESTROYLOCK(&ifp->lock);
lock_create_failure:
ifp->magic = 0;
isc_mem_put(mgr->mctx, ifp, sizeof(*ifp));
return (ISC_R_UNEXPECTED);
}
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;
cfg_parser_t *pctx = NULL;
cfg_obj_t *config = NULL;
const cfg_obj_t *key = NULL;
const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL;
const char *algstr = NULL;
const char *secretstr = NULL;
controlkey_t *keyid = NULL;
char secret[1024];
isc_buffer_t b;
CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx));
CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config));
CHECK(cfg_map_get(config, "key", &key));
keyid = isc_mem_get(mctx, sizeof(*keyid));
if (keyid == NULL)
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
keyid->secret.base = NULL;
keyid->secret.length = 0;
ISC_LINK_INIT(keyid, link);
if (keyid->keyname == NULL)
CHECK(ISC_R_NOMEMORY);
CHECK(bind9_check_key(key, ns_g_lctx));
(void)cfg_map_get(key, "algorithm", &algobj);
(void)cfg_map_get(key, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL);
algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj);
if (ns_config_getkeyalgorithm(algstr, NULL, NULL) != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx,
ISC_LOG_WARNING,
"unsupported algorithm '%s' in "
"key '%s' for use with command "
"channel",
algstr, keyid->keyname);
goto cleanup;
}
isc_buffer_init(&b, secret, sizeof(secret));
result = isc_base64_decodestring(secretstr, &b);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"secret for key '%s' on command channel: %s",
keyid->keyname, isc_result_totext(result));
goto cleanup;
}
keyid->secret.length = isc_buffer_usedlength(&b);
keyid->secret.base = isc_mem_get(mctx,
keyid->secret.length);
if (keyid->secret.base == NULL) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"couldn't register key '%s': "
"out of memory", keyid->keyname);
CHECK(ISC_R_NOMEMORY);
}
memcpy(keyid->secret.base, isc_buffer_base(&b),
keyid->secret.length);
ISC_LIST_APPEND(*keyids, keyid, link);
keyid = NULL;
result = ISC_R_SUCCESS;
cleanup:
if (keyid != NULL)
free_controlkey(keyid, mctx);
if (config != NULL)
cfg_obj_destroy(pctx, &config);
if (pctx != NULL)
cfg_parser_destroy(&pctx);
return (result);
}
void
dns_diff_append(dns_diff_t *diff, dns_difftuple_t **tuplep)
{
ISC_LIST_APPEND(diff->tuples, *tuplep, link);
*tuplep = NULL;
}
static isc_result_t
diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
isc_boolean_t warn)
{
dns_difftuple_t *t;
dns_dbnode_t *node = NULL;
isc_result_t result;
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
REQUIRE(DNS_DIFF_VALID(diff));
REQUIRE(DNS_DB_VALID(db));
t = ISC_LIST_HEAD(diff->tuples);
while (t != NULL) {
dns_name_t *name;
INSIST(node == NULL);
name = &t->name;
/*
* Find the node.
* We create the node if it does not exist.
* This will cause an empty node to be created if the diff
* contains a deletion of an RR at a nonexistent name,
* but such diffs should never be created in the first
* place.
*/
while (t != NULL && dns_name_equal(&t->name, name)) {
dns_rdatatype_t type, covers;
dns_diffop_t op;
dns_rdatalist_t rdl;
dns_rdataset_t rds;
dns_rdataset_t ardataset;
dns_rdataset_t *modified = NULL;
op = t->op;
type = t->rdata.type;
covers = rdata_covers(&t->rdata);
/*
* Collect a contiguous set of updates with
* the same operation (add/delete) and RR type
* into a single rdatalist so that the
* database rrset merging/subtraction code
* can work more efficiently than if each
* RR were merged into / subtracted from
* the database separately.
*
* This is done by linking rdata structures from the
* diff into "rdatalist". This uses the rdata link
* field, not the diff link field, so the structure
* of the diff itself is not affected.
*/
dns_rdatalist_init(&rdl);
rdl.type = type;
rdl.covers = covers;
rdl.rdclass = t->rdata.rdclass;
rdl.ttl = t->ttl;
node = NULL;
if (type != dns_rdatatype_nsec3 &&
covers != dns_rdatatype_nsec3)
CHECK(dns_db_findnode(db, name, ISC_TRUE,
&node));
else
CHECK(dns_db_findnsec3node(db, name, ISC_TRUE,
&node));
while (t != NULL &&
dns_name_equal(&t->name, name) &&
t->op == op &&
t->rdata.type == type &&
rdata_covers(&t->rdata) == covers)
{
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(t->rdata.type, typebuf,
sizeof(typebuf));
dns_rdataclass_format(t->rdata.rdclass,
classbuf,
sizeof(classbuf));
if (t->ttl != rdl.ttl && warn)
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"'%s/%s/%s': TTL differs in "
"rdataset, adjusting "
"%lu -> %lu",
namebuf, typebuf, classbuf,
(unsigned long) t->ttl,
(unsigned long) rdl.ttl);
ISC_LIST_APPEND(rdl.rdata, &t->rdata, link);
t = ISC_LIST_NEXT(t, link);
}
/*
* Convert the rdatalist into a rdataset.
*/
dns_rdataset_init(&rds);
CHECK(dns_rdatalist_tordataset(&rdl, &rds));
if (rds.type == dns_rdatatype_rrsig)
switch (op) {
case DNS_DIFFOP_ADDRESIGN:
case DNS_DIFFOP_DELRESIGN:
modified = &ardataset;
dns_rdataset_init(modified);
break;
default:
break;
}
rds.trust = dns_trust_ultimate;
/*
* Merge the rdataset into the database.
*/
switch (op) {
case DNS_DIFFOP_ADD:
case DNS_DIFFOP_ADDRESIGN:
result = dns_db_addrdataset(db, node, ver,
0, &rds,
DNS_DBADD_MERGE|
DNS_DBADD_EXACT|
DNS_DBADD_EXACTTTL,
modified);
break;
case DNS_DIFFOP_DEL:
case DNS_DIFFOP_DELRESIGN:
result = dns_db_subtractrdataset(db, node, ver,
&rds,
DNS_DBSUB_EXACT,
modified);
break;
default:
INSIST(0);
}
if (result == ISC_R_SUCCESS) {
if (modified != NULL) {
isc_stdtime_t resign;
resign = setresign(modified);
dns_db_setsigningtime(db, modified,
resign);
}
} else if (result == DNS_R_UNCHANGED) {
/*
* This will not happen when executing a
* dynamic update, because that code will
* generate strictly minimal diffs.
* It may happen when receiving an IXFR
* from a server that is not as careful.
* Issue a warning and continue.
*/
if (warn) {
dns_name_format(dns_db_origin(db),
namebuf,
sizeof(namebuf));
dns_rdataclass_format(dns_db_class(db),
classbuf,
sizeof(classbuf));
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"%s/%s: dns_diff_apply: "
"update with no effect",
namebuf, classbuf);
}
} else if (result == DNS_R_NXRRSET) {
/*
* OK.
*/
} else {
if (modified != NULL &&
dns_rdataset_isassociated(modified))
dns_rdataset_disassociate(modified);
CHECK(result);
}
dns_db_detachnode(db, &node);
if (modified != NULL &&
dns_rdataset_isassociated(modified))
dns_rdataset_disassociate(modified);
}
}
return (ISC_R_SUCCESS);
failure:
if (node != NULL)
dns_db_detachnode(db, &node);
return (result);
}
isc_result_t
dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dns_rdata_sig_t sig; /* SIG(0) */
unsigned char data[512];
unsigned char header[DNS_MESSAGE_HEADERLEN];
isc_buffer_t headerbuf, databuf, sigbuf;
unsigned int sigsize;
isc_buffer_t *dynbuf = NULL;
dns_rdata_t *rdata;
dns_rdatalist_t *datalist;
dns_rdataset_t *dataset;
isc_region_t r;
isc_stdtime_t now;
dst_context_t *ctx = NULL;
isc_mem_t *mctx;
isc_result_t result;
isc_boolean_t signeedsfree = ISC_TRUE;
REQUIRE(msg != NULL);
REQUIRE(key != NULL);
if (is_response(msg))
REQUIRE(msg->query.base != NULL);
mctx = msg->mctx;
memset(&sig, 0, sizeof(sig));
sig.mctx = mctx;
sig.common.rdclass = dns_rdataclass_any;
sig.common.rdtype = dns_rdatatype_sig; /* SIG(0) */
ISC_LINK_INIT(&sig.common, link);
sig.covered = 0;
sig.algorithm = dst_key_alg(key);
sig.labels = 0; /* the root name */
sig.originalttl = 0;
isc_stdtime_get(&now);
sig.timesigned = now - DNS_TSIG_FUDGE;
sig.timeexpire = now + DNS_TSIG_FUDGE;
sig.keyid = dst_key_id(key);
dns_name_init(&sig.signer, NULL);
dns_name_clone(dst_key_name(key), &sig.signer);
sig.siglen = 0;
sig.signature = NULL;
isc_buffer_init(&databuf, data, sizeof(data));
RETERR(dst_context_create(key, mctx, &ctx));
/*
* Digest the fields of the SIG - we can cheat and use
* dns_rdata_fromstruct. Since siglen is 0, the digested data
* is identical to dns format.
*/
RETERR(dns_rdata_fromstruct(NULL, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */,
&sig, &databuf));
isc_buffer_usedregion(&databuf, &r);
RETERR(dst_context_adddata(ctx, &r));
/*
* If this is a response, digest the query.
*/
if (is_response(msg))
RETERR(dst_context_adddata(ctx, &msg->query));
/*
* Digest the header.
*/
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
RETERR(dst_context_adddata(ctx, &r));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
RETERR(dst_context_adddata(ctx, &r));
RETERR(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
sig.signature = (unsigned char *) isc_mem_get(mctx, sig.siglen);
if (sig.signature == NULL) {
result = ISC_R_NOMEMORY;
goto failure;
}
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
RETERR(dst_context_sign(ctx, &sigbuf));
dst_context_destroy(&ctx);
rdata = NULL;
RETERR(dns_message_gettemprdata(msg, &rdata));
RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024));
RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_any,
dns_rdatatype_sig /* SIG(0) */,
&sig, dynbuf));
isc_mem_put(mctx, sig.signature, sig.siglen);
signeedsfree = ISC_FALSE;
dns_message_takebuffer(msg, &dynbuf);
datalist = NULL;
RETERR(dns_message_gettemprdatalist(msg, &datalist));
datalist->rdclass = dns_rdataclass_any;
datalist->type = dns_rdatatype_sig; /* SIG(0) */
datalist->covers = 0;
datalist->ttl = 0;
ISC_LIST_INIT(datalist->rdata);
ISC_LIST_APPEND(datalist->rdata, rdata, link);
dataset = NULL;
RETERR(dns_message_gettemprdataset(msg, &dataset));
dns_rdataset_init(dataset);
RUNTIME_CHECK(dns_rdatalist_tordataset(datalist, dataset) == ISC_R_SUCCESS);
msg->sig0 = dataset;
return (ISC_R_SUCCESS);
failure:
if (dynbuf != NULL)
isc_buffer_free(&dynbuf);
if (signeedsfree)
isc_mem_put(mctx, sig.signature, sig.siglen);
if (ctx != NULL)
dst_context_destroy(&ctx);
return (result);
}
/*% constructs a query list by parsing a string into query segments */
static isc_result_t
build_querylist(isc_mem_t *mctx, const char *query_str, char **zone,
char **record, char **client, query_list_t **querylist,
unsigned int flags)
{
isc_result_t result;
isc_boolean_t foundzone = isc_boolean_false;
isc_boolean_t foundrecord = isc_boolean_false;
isc_boolean_t foundclient = isc_boolean_false;
char *temp_str = NULL;
char *right_str = NULL;
query_list_t *tql;
query_segment_t *tseg = NULL;
REQUIRE(querylist != NULL && *querylist == NULL);
REQUIRE(mctx != NULL);
/* if query string is null, or zero length */
if (query_str == NULL || strlen(query_str) < 1) {
if ((flags & SDLZH_REQUIRE_QUERY) == 0)
/* we don't need it were ok. */
return (ISC_R_SUCCESS);
else
/* we did need it, PROBLEM!!! */
return (ISC_R_FAILURE);
}
/* allocate memory for query list */
tql = isc_mem_get(mctx, sizeof(query_list_t));
/* couldn't allocate memory. Problem!! */
if (tql == NULL)
return (ISC_R_NOMEMORY);
/* initialize the query segment list */
ISC_LIST_INIT(*tql);
/* make a copy of query_str so we can chop it up */
temp_str = right_str = isc_mem_strdup(mctx, query_str);
/* couldn't make a copy, problem!! */
if (right_str == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
/* loop through the string and chop it up */
while (right_str != NULL) {
/* allocate memory for tseg */
tseg = isc_mem_get(mctx, sizeof(query_segment_t));
if (tseg == NULL) { /* no memory, clean everything up. */
result = ISC_R_NOMEMORY;
goto cleanup;
}
tseg->sql = NULL;
tseg->direct = isc_boolean_false;
/* initialize the query segment link */
ISC_LINK_INIT(tseg, link);
/* append the query segment to the list */
ISC_LIST_APPEND(*tql, tseg, link);
/*
* split string at the first "$". set query segment to
* left portion
*/
tseg->sql = isc_mem_strdup(mctx,
isc_string_separate(&right_str,
"$"));
if (tseg->sql == NULL) {
/* no memory, clean everything up. */
result = ISC_R_NOMEMORY;
goto cleanup;
}
/* tseg->sql points directly to a string. */
tseg->direct = isc_boolean_true;
tseg->strlen = strlen(tseg->sql);
/* check if we encountered "$zone$" token */
if (strcasecmp(tseg->sql, "zone") == 0) {
/*
* we don't really need, or want the "zone"
* text, so get rid of it.
*/
isc_mem_free(mctx, tseg->sql);
/* set tseg->sql to in-direct zone string */
tseg->sql = (char**) zone;
tseg->strlen = 0;
/* tseg->sql points in-directly to a string */
tseg->direct = isc_boolean_false;
foundzone = isc_boolean_true;
/* check if we encountered "$record$" token */
} else if (strcasecmp(tseg->sql, "record") == 0) {
/*
* we don't really need, or want the "record"
* text, so get rid of it.
*/
isc_mem_free(mctx, tseg->sql);
/* set tseg->sql to in-direct record string */
tseg->sql = (char**) record;
tseg->strlen = 0;
/* tseg->sql points in-directly poinsts to a string */
tseg->direct = isc_boolean_false;
foundrecord = isc_boolean_true;
/* check if we encountered "$client$" token */
} else if (strcasecmp(tseg->sql, "client") == 0) {
/*
* we don't really need, or want the "client"
* text, so get rid of it.
*/
isc_mem_free(mctx, tseg->sql);
/* set tseg->sql to in-direct record string */
tseg->sql = (char**) client;
tseg->strlen = 0;
/* tseg->sql points in-directly poinsts to a string */
tseg->direct = isc_boolean_false;
foundclient = isc_boolean_true;
}
}
/* we don't need temp_str any more */
isc_mem_free(mctx, temp_str);
/*
* add checks later to verify zone and record are found if
* necessary.
*/
/* if this query requires %client%, make sure we found it */
if (((flags & SDLZH_REQUIRE_CLIENT) != 0) && (!foundclient) ) {
/* Write error message to log */
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"Required token $client$ not found.");
result = ISC_R_FAILURE;
goto flag_fail;
}
/* if this query requires %record%, make sure we found it */
if (((flags & SDLZH_REQUIRE_RECORD) != 0) && (!foundrecord) ) {
/* Write error message to log */
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"Required token $record$ not found.");
result = ISC_R_FAILURE;
goto flag_fail;
}
/* if this query requires %zone%, make sure we found it */
if (((flags & SDLZH_REQUIRE_ZONE) != 0) && (!foundzone) ) {
/* Write error message to log */
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_ERROR,
"Required token $zone$ not found.");
result = ISC_R_FAILURE;
goto flag_fail;
}
/* pass back the query list */
*querylist = (query_list_t *) tql;
/* return success */
return (ISC_R_SUCCESS);
cleanup:
/* get rid of temp_str */
if (temp_str != NULL)
isc_mem_free(mctx, temp_str);
flag_fail:
/* get rid of what was build of the query list */
if (tql != NULL)
destroy_querylist(mctx, &tql);
return result;
}
static isc_result_t
add_tsig(dst_context_t *tsigctx, dns_tsigkey_t *key, isc_buffer_t *target) {
dns_compress_t cctx;
dns_rdata_any_tsig_t tsig;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdatalist_t rdatalist;
dns_rdataset_t rdataset;
isc_buffer_t *dynbuf = NULL;
isc_buffer_t databuf;
isc_buffer_t sigbuf;
isc_region_t r;
isc_result_t result = ISC_R_SUCCESS;
isc_stdtime_t now;
unsigned char tsigbuf[1024];
unsigned int count;
unsigned int sigsize;
isc_boolean_t invalidate_ctx = ISC_FALSE;
CHECK(dns_compress_init(&cctx, -1, mctx));
invalidate_ctx = ISC_TRUE;
memset(&tsig, 0, sizeof(tsig));
tsig.common.rdclass = dns_rdataclass_any;
tsig.common.rdtype = dns_rdatatype_tsig;
ISC_LINK_INIT(&tsig.common, link);
dns_name_init(&tsig.algorithm, NULL);
dns_name_clone(key->algorithm, &tsig.algorithm);
isc_stdtime_get(&now);
tsig.timesigned = now;
tsig.fudge = DNS_TSIG_FUDGE;
tsig.originalid = 50;
tsig.error = dns_rcode_noerror;
tsig.otherlen = 0;
tsig.other = NULL;
isc_buffer_init(&databuf, tsigbuf, sizeof(tsigbuf));
isc_buffer_putuint48(&databuf, tsig.timesigned);
isc_buffer_putuint16(&databuf, tsig.fudge);
isc_buffer_usedregion(&databuf, &r);
CHECK(dst_context_adddata(tsigctx, &r));
CHECK(dst_key_sigsize(key->key, &sigsize));
tsig.signature = (unsigned char *) isc_mem_get(mctx, sigsize);
if (tsig.signature == NULL)
CHECK(ISC_R_NOMEMORY);
isc_buffer_init(&sigbuf, tsig.signature, sigsize);
CHECK(dst_context_sign(tsigctx, &sigbuf));
tsig.siglen = isc_buffer_usedlength(&sigbuf);
CHECK(isc_buffer_allocate(mctx, &dynbuf, 512));
CHECK(dns_rdata_fromstruct(&rdata, dns_rdataclass_any,
dns_rdatatype_tsig, &tsig, dynbuf));
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = dns_rdataclass_any;
rdatalist.type = dns_rdatatype_tsig;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
dns_rdataset_init(&rdataset);
CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset));
CHECK(dns_rdataset_towire(&rdataset, &key->name, &cctx,
target, 0, &count));
/*
* Fixup additional record count.
*/
((unsigned char*)target->base)[11]++;
if (((unsigned char*)target->base)[11] == 0)
((unsigned char*)target->base)[10]++;
cleanup:
if (tsig.signature != NULL)
isc_mem_put(mctx, tsig.signature, sigsize);
if (dynbuf != NULL)
isc_buffer_free(&dynbuf);
if (invalidate_ctx)
dns_compress_invalidate(&cctx);
return (result);
}
/*
* Arrange to send as much as we can of "stream" without blocking.
*
* Requires:
* The stream iterator is initialized and points at an RR,
* or possibly at the end of the stream (that is, the
* _first method of the iterator has been called).
*/
static void
sendstream(xfrout_ctx_t *xfr) {
dns_message_t *tcpmsg = NULL;
dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */
isc_result_t result;
isc_region_t used;
isc_region_t region;
dns_rdataset_t *qrdataset;
dns_name_t *msgname = NULL;
dns_rdata_t *msgrdata = NULL;
dns_rdatalist_t *msgrdl = NULL;
dns_rdataset_t *msgrds = NULL;
dns_compress_t cctx;
isc_boolean_t cleanup_cctx = ISC_FALSE;
int n_rrs;
isc_buffer_clear(&xfr->buf);
isc_buffer_clear(&xfr->txlenbuf);
isc_buffer_clear(&xfr->txbuf);
if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) {
/*
* In the UDP case, we put the response data directly into
* the client message.
*/
msg = xfr->client->message;
CHECK(dns_message_reply(msg, ISC_TRUE));
} else {
/*
* TCP. Build a response dns_message_t, temporarily storing
* the raw, uncompressed owner names and RR data contiguously
* in xfr->buf. We know that if the uncompressed data fits
* in xfr->buf, the compressed data will surely fit in a TCP
* message.
*/
CHECK(dns_message_create(xfr->mctx,
DNS_MESSAGE_INTENTRENDER, &tcpmsg));
msg = tcpmsg;
msg->id = xfr->id;
msg->rcode = dns_rcode_noerror;
msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
msg->flags |= DNS_MESSAGEFLAG_RA;
CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
if (xfr->lasttsig != NULL)
isc_buffer_free(&xfr->lasttsig);
/*
* Include a question section in the first message only.
* BIND 8.2.1 will not recognize an IXFR if it does not
* have a question section.
*/
if (xfr->nmsg == 0) {
dns_name_t *qname = NULL;
isc_region_t r;
/*
* Reserve space for the 12-byte message header
* and 4 bytes of question.
*/
isc_buffer_add(&xfr->buf, 12 + 4);
qrdataset = NULL;
result = dns_message_gettemprdataset(msg, &qrdataset);
if (result != ISC_R_SUCCESS)
goto failure;
dns_rdataset_init(qrdataset);
dns_rdataset_makequestion(qrdataset,
xfr->client->message->rdclass,
xfr->qtype);
result = dns_message_gettempname(msg, &qname);
if (result != ISC_R_SUCCESS)
goto failure;
dns_name_init(qname, NULL);
isc_buffer_availableregion(&xfr->buf, &r);
INSIST(r.length >= xfr->qname->length);
r.length = xfr->qname->length;
isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
xfr->qname->length);
dns_name_fromregion(qname, &r);
ISC_LIST_INIT(qname->list);
ISC_LIST_APPEND(qname->list, qrdataset, link);
dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
}
else
msg->tcp_continuation = 1;
}
/*
* Try to fit in as many RRs as possible, unless "one-answer"
* format has been requested.
*/
for (n_rrs = 0; ; n_rrs++) {
dns_name_t *name = NULL;
isc_uint32_t ttl;
dns_rdata_t *rdata = NULL;
unsigned int size;
isc_region_t r;
msgname = NULL;
msgrdata = NULL;
msgrdl = NULL;
msgrds = NULL;
xfr->stream->methods->current(xfr->stream,
&name, &ttl, &rdata);
size = name->length + 10 + rdata->length;
isc_buffer_availableregion(&xfr->buf, &r);
if (size >= r.length) {
/*
* RR would not fit. If there are other RRs in the
* buffer, send them now and leave this RR to the
* next message. If this RR overflows the buffer
* all by itself, fail.
*
* In theory some RRs might fit in a TCP message
* when compressed even if they do not fit when
* uncompressed, but surely we don't want
* to send such monstrosities to an unsuspecting
* slave.
*/
if (n_rrs == 0) {
xfrout_log(xfr, ISC_LOG_WARNING,
"RR too large for zone transfer "
"(%d bytes)", size);
/* XXX DNS_R_RRTOOLARGE? */
result = ISC_R_NOSPACE;
goto failure;
}
break;
}
if (isc_log_wouldlog(ns_g_lctx, XFROUT_RR_LOGLEVEL))
log_rr(name, rdata, ttl); /* XXX */
result = dns_message_gettempname(msg, &msgname);
if (result != ISC_R_SUCCESS)
goto failure;
dns_name_init(msgname, NULL);
isc_buffer_availableregion(&xfr->buf, &r);
INSIST(r.length >= name->length);
r.length = name->length;
isc_buffer_putmem(&xfr->buf, name->ndata, name->length);
dns_name_fromregion(msgname, &r);
/* Reserve space for RR header. */
isc_buffer_add(&xfr->buf, 10);
result = dns_message_gettemprdata(msg, &msgrdata);
if (result != ISC_R_SUCCESS)
goto failure;
isc_buffer_availableregion(&xfr->buf, &r);
r.length = rdata->length;
isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length);
dns_rdata_init(msgrdata);
dns_rdata_fromregion(msgrdata,
rdata->rdclass, rdata->type, &r);
result = dns_message_gettemprdatalist(msg, &msgrdl);
if (result != ISC_R_SUCCESS)
goto failure;
msgrdl->type = rdata->type;
msgrdl->rdclass = rdata->rdclass;
msgrdl->ttl = ttl;
if (rdata->type == dns_rdatatype_sig ||
rdata->type == dns_rdatatype_rrsig)
msgrdl->covers = dns_rdata_covers(rdata);
else
msgrdl->covers = dns_rdatatype_none;
ISC_LINK_INIT(msgrdl, link);
ISC_LIST_INIT(msgrdl->rdata);
ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link);
result = dns_message_gettemprdataset(msg, &msgrds);
if (result != ISC_R_SUCCESS)
goto failure;
dns_rdataset_init(msgrds);
result = dns_rdatalist_tordataset(msgrdl, msgrds);
INSIST(result == ISC_R_SUCCESS);
ISC_LIST_APPEND(msgname->list, msgrds, link);
dns_message_addname(msg, msgname, DNS_SECTION_ANSWER);
msgname = NULL;
result = xfr->stream->methods->next(xfr->stream);
if (result == ISC_R_NOMORE) {
xfr->end_of_stream = ISC_TRUE;
break;
}
CHECK(result);
if (! xfr->many_answers)
break;
}
if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) {
CHECK(dns_compress_init(&cctx, -1, xfr->mctx));
dns_compress_setsensitive(&cctx, ISC_TRUE);
cleanup_cctx = ISC_TRUE;
CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf));
CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
CHECK(dns_message_renderend(msg));
dns_compress_invalidate(&cctx);
cleanup_cctx = ISC_FALSE;
isc_buffer_usedregion(&xfr->txbuf, &used);
isc_buffer_putuint16(&xfr->txlenbuf,
(isc_uint16_t)used.length);
region.base = xfr->txlenbuf.base;
region.length = 2 + used.length;
xfrout_log(xfr, ISC_LOG_DEBUG(8),
"sending TCP message of %d bytes",
used.length);
CHECK(isc_socket_send(xfr->client->tcpsocket, /* XXX */
®ion, xfr->client->task,
xfrout_senddone,
xfr));
xfr->sends++;
} else {
xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response");
ns_client_send(xfr->client);
xfr->stream->methods->pause(xfr->stream);
xfrout_ctx_destroy(&xfr);
return;
}
/* Advance lasttsig to be the last TSIG generated */
CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
xfr->nmsg++;
failure:
if (msgname != NULL) {
if (msgrds != NULL) {
if (dns_rdataset_isassociated(msgrds))
dns_rdataset_disassociate(msgrds);
dns_message_puttemprdataset(msg, &msgrds);
}
if (msgrdl != NULL) {
ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
dns_message_puttemprdatalist(msg, &msgrdl);
}
if (msgrdata != NULL)
dns_message_puttemprdata(msg, &msgrdata);
dns_message_puttempname(msg, &msgname);
}
if (tcpmsg != NULL)
dns_message_destroy(&tcpmsg);
if (cleanup_cctx)
dns_compress_invalidate(&cctx);
/*
* Make sure to release any locks held by database
* iterators before returning from the event handler.
*/
xfr->stream->methods->pause(xfr->stream);
if (result == ISC_R_SUCCESS)
return;
xfrout_fail(xfr, result, "sending zone data");
}
static void
choose_slots(void) {
CK_MECHANISM_INFO mechInfo;
CK_TOKEN_INFO tokenInfo;
CK_RV rv;
CK_SLOT_ID slot;
CK_SLOT_ID_PTR slotList;
CK_ULONG slotCount;
pk11_token_t *token;
unsigned int i;
slotCount = 0;
PK11_FATALCHECK(pkcs_C_GetSlotList, (CK_FALSE, NULL_PTR, &slotCount));
/* it's not an error if we didn't find any providers */
if (slotCount == 0)
return;
slotList = pk11_mem_get(sizeof(CK_SLOT_ID_PTR) * slotCount);
RUNTIME_CHECK(slotList != NULL);
PK11_FATALCHECK(pkcs_C_GetSlotList, (CK_FALSE, slotList, &slotCount));
for (i = 0; i < slotCount; i++) {
slot = slotList[i];
rv = pkcs_C_GetTokenInfo(slot, &tokenInfo);
if (rv != CKR_OK)
continue;
token = pk11_mem_get(sizeof(*token));
RUNTIME_CHECK(token != NULL);
token->magic = TOK_MAGIC;
token->slotid = slot;
ISC_LINK_INIT(token, link);
ISC_LIST_INIT(token->sessions);
memmove(token->name, tokenInfo.label, 32);
memmove(token->manuf, tokenInfo.manufacturerID, 32);
memmove(token->model, tokenInfo.model, 16);
memmove(token->serial, tokenInfo.serialNumber, 16);
ISC_LIST_APPEND(tokens, token, link);
if ((tokenInfo.flags & CKF_RNG) == 0)
goto try_rsa;
token->operations |= 1 << OP_RAND;
if (rand_token == NULL)
rand_token = token;
try_rsa:
rv = pkcs_C_GetMechanismInfo(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0))
goto try_dsa;
rv = pkcs_C_GetMechanismInfo(slot, CKM_MD5_RSA_PKCS,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_dsa;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA1_RSA_PKCS,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_dsa;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA256_RSA_PKCS,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_dsa;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA512_RSA_PKCS,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_dsa;
token->operations |= 1 << OP_RSA;
if (best_rsa_token == NULL)
best_rsa_token = token;
try_dsa:
rv = pkcs_C_GetMechanismInfo(slot, CKM_DSA_PARAMETER_GEN,
&mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_GENERATE) == 0))
goto try_dh;
rv = pkcs_C_GetMechanismInfo(slot, CKM_DSA_KEY_PAIR_GEN,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0))
goto try_dh;
rv = pkcs_C_GetMechanismInfo(slot, CKM_DSA_SHA1, &mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_dh;
token->operations |= 1 << OP_DSA;
if (best_dsa_token == NULL)
best_dsa_token = token;
try_dh:
#ifdef notdef
rv = pkcs_C_GetMechanismInfo(slot, CKM_DH_PKCS_PARAMETER_GEN,
&mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_GENERATE) == 0))
goto try_digest;
#endif
rv = pkcs_C_GetMechanismInfo(slot, CKM_DH_PKCS_KEY_PAIR_GEN,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0))
goto try_digest;
rv = pkcs_C_GetMechanismInfo(slot, CKM_DH_PKCS_DERIVE,
&mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DERIVE) == 0))
goto try_digest;
token->operations |= 1 << OP_DH;
if (best_dh_token == NULL)
best_dh_token = token;
try_digest:
rv = pkcs_C_GetMechanismInfo(slot, CKM_MD5, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA_1, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA224, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA256, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA384, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA512, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
continue;
#ifdef PKCS11CRYPTOWITHHMAC
rv = pkcs_C_GetMechanismInfo(slot, CKM_MD5_HMAC, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0))
continue;
#endif
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA_1_HMAC, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA224_HMAC, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA256_HMAC, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA384_HMAC, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0))
continue;
rv = pkcs_C_GetMechanismInfo(slot, CKM_SHA512_HMAC, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_SIGN) == 0))
continue;
token->operations |= 1 << OP_DIGEST;
if (digest_token == NULL)
digest_token = token;
/* ECDSA requires digest */
rv = pkcs_C_GetMechanismInfo(slot, CKM_EC_KEY_PAIR_GEN,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0))
goto try_gost;
rv = pkcs_C_GetMechanismInfo(slot, CKM_ECDSA, &mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_gost;
token->operations |= 1 << OP_EC;
if (best_ec_token == NULL)
best_ec_token = token;
try_gost:
/* does GOST require digest too? */
rv = pkcs_C_GetMechanismInfo(slot, CKM_GOSTR3411, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_DIGEST) == 0))
goto try_aes;
rv = pkcs_C_GetMechanismInfo(slot, CKM_GOSTR3410_KEY_PAIR_GEN,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_GENERATE_KEY_PAIR) == 0))
goto try_aes;
rv = pkcs_C_GetMechanismInfo(slot,
CKM_GOSTR3410_WITH_GOSTR3411,
&mechInfo);
if ((rv != CKR_OK) ||
((mechInfo.flags & CKF_SIGN) == 0) ||
((mechInfo.flags & CKF_VERIFY) == 0))
goto try_aes;
token->operations |= 1 << OP_GOST;
if (best_gost_token == NULL)
best_gost_token = token;
try_aes:
rv = pkcs_C_GetMechanismInfo(slot, CKM_AES_ECB, &mechInfo);
if ((rv != CKR_OK) || ((mechInfo.flags & CKF_ENCRYPT) == 0))
continue;
token->operations |= 1 << OP_AES;
if (aes_token == NULL)
aes_token = token;
}
if (slotList != NULL)
pk11_mem_put(slotList, sizeof(CK_SLOT_ID_PTR) * slotCount);
}
static isc_result_t ddns_remove_ptr (struct data_string *ddns_rev_name)
{
ns_updque updqueue;
ns_updrec *updrec;
isc_result_t result;
/*
* When a lease expires or a DHCP client issues a DHCPRELEASE request,
* the DHCP server SHOULD delete the PTR RR that matches the DHCP
* binding, if one was successfully added. The server's update query
* SHOULD assert that the name in the PTR record matches the name of
* the client whose lease has expired or been released.
* -- "Interaction between DHCP and DNS"
*/
ISC_LIST_INIT (updqueue);
/*
* Delete the PTR RRset for the leased address.
*/
updrec = minires_mkupdrec (S_UPDATE,
(const char *)ddns_rev_name -> data,
C_IN, T_PTR, 0);
if (!updrec) {
result = ISC_R_NOMEMORY;
goto error;
}
updrec -> r_data = (unsigned char *)0;
updrec -> r_size = 0;
updrec -> r_opcode = DELETE;
ISC_LIST_APPEND (updqueue, updrec, r_link);
/*
* Attempt to perform the update.
*/
result = minires_nupdate (&resolver_state, ISC_LIST_HEAD (updqueue));
#if defined (DEBUG)
print_dns_status ((int)result, &updqueue);
#endif
if (result == ISC_R_SUCCESS) {
log_info ("removed reverse map on %.*s",
(int)ddns_rev_name -> len,
(const char *)ddns_rev_name -> data);
} else {
if (result != ISC_R_NXRRSET && result != ISC_R_NXDOMAIN)
log_error ("can't remove reverse map on %.*s: %s",
(int)ddns_rev_name -> len,
(const char *)ddns_rev_name -> data,
isc_result_totext (result));
}
/* Not there is success. */
if (result == ISC_R_NXRRSET || result == ISC_R_NXDOMAIN)
result = ISC_R_SUCCESS;
/* Fall through. */
error:
while (!ISC_LIST_EMPTY (updqueue)) {
if((updqueue).head){
updrec = ISC_LIST_HEAD (updqueue);
ISC_LIST_UNLINK (updqueue, updrec, r_link);
minires_freeupdrec (updrec);
}
}
return result;
}
isc_result_t
dns_diff_load(dns_diff_t *diff, dns_addrdatasetfunc_t addfunc,
void *add_private)
{
dns_difftuple_t *t;
isc_result_t result;
REQUIRE(DNS_DIFF_VALID(diff));
t = ISC_LIST_HEAD(diff->tuples);
while (t != NULL) {
dns_name_t *name;
name = &t->name;
while (t != NULL && dns_name_equal(&t->name, name)) {
dns_rdatatype_t type, covers;
dns_diffop_t op;
dns_rdatalist_t rdl;
dns_rdataset_t rds;
op = t->op;
type = t->rdata.type;
covers = rdata_covers(&t->rdata);
dns_rdatalist_init(&rdl);
rdl.type = type;
rdl.covers = covers;
rdl.rdclass = t->rdata.rdclass;
rdl.ttl = t->ttl;
while (t != NULL && dns_name_equal(&t->name, name) &&
t->op == op && t->rdata.type == type &&
rdata_covers(&t->rdata) == covers)
{
ISC_LIST_APPEND(rdl.rdata, &t->rdata, link);
t = ISC_LIST_NEXT(t, link);
}
/*
* Convert the rdatalist into a rdataset.
*/
dns_rdataset_init(&rds);
CHECK(dns_rdatalist_tordataset(&rdl, &rds));
rds.trust = dns_trust_ultimate;
INSIST(op == DNS_DIFFOP_ADD);
result = (*addfunc)(add_private, name, &rds);
if (result == DNS_R_UNCHANGED) {
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"dns_diff_load: "
"update with no effect");
} else if (result == ISC_R_SUCCESS ||
result == DNS_R_NXRRSET) {
/*
* OK.
*/
} else {
CHECK(result);
}
}
}
result = ISC_R_SUCCESS;
failure:
return (result);
}
static isc_result_t ddns_update_ptr (struct data_string *ddns_fwd_name,
struct data_string *ddns_rev_name,
unsigned long ttl)
{
ns_updque updqueue;
ns_updrec *updrec;
isc_result_t result = ISC_R_UNEXPECTED;
/*
* The DHCP server submits a DNS query which deletes all of the PTR RRs
* associated with the lease IP address, and adds a PTR RR whose data
* is the client's (possibly disambiguated) host name. The server also
* adds a DHCID RR specified in Section 4.3.
* -- "Interaction between DHCP and DNS"
*/
ISC_LIST_INIT (updqueue);
/*
* Delete all PTR RRs.
*/
updrec = minires_mkupdrec (S_UPDATE,
(const char *)ddns_rev_name -> data,
C_IN, T_PTR, 0);
if (!updrec) {
result = ISC_R_NOMEMORY;
goto error;
}
updrec -> r_data = (unsigned char *)0;
updrec -> r_size = 0;
updrec -> r_opcode = DELETE;
ISC_LIST_APPEND (updqueue, updrec, r_link);
/*
* Add PTR RR.
*/
updrec = minires_mkupdrec (S_UPDATE,
(const char *)ddns_rev_name -> data,
C_IN, T_PTR, ttl);
if (!updrec) {
result = ISC_R_NOMEMORY;
goto error;
}
updrec -> r_data = ddns_fwd_name -> data;
updrec -> r_size = ddns_fwd_name -> len;
updrec -> r_opcode = ADD;
ISC_LIST_APPEND (updqueue, updrec, r_link);
/*
* Attempt to perform the update.
*/
result = minires_nupdate (&resolver_state, ISC_LIST_HEAD (updqueue));
#if defined (DEBUG)
print_dns_status ((int)result, &updqueue);
#endif
if (result == ISC_R_SUCCESS) {
log_info ("added reverse map from %.*s to %.*s",
(int)ddns_rev_name -> len,
(const char *)ddns_rev_name -> data,
(int)ddns_fwd_name -> len,
(const char *)ddns_fwd_name -> data);
} else {
log_error ("unable to add reverse map from %.*s to %.*s: %s",
(int)ddns_rev_name -> len,
(const char *)ddns_rev_name -> data,
(int)ddns_fwd_name -> len,
(const char *)ddns_fwd_name -> data,
isc_result_totext (result));
}
/* Fall through. */
error:
while (!ISC_LIST_EMPTY (updqueue)) {
if((updqueue).head){
updrec = ISC_LIST_HEAD (updqueue);
ISC_LIST_UNLINK (updqueue, updrec, r_link);
minires_freeupdrec (updrec);
}
}
return result;
}
static void
update_addordelete(isc_mem_t *mctx, char *cmdline, isc_boolean_t isdelete,
dns_name_t *name)
{
isc_result_t result;
isc_uint32_t ttl;
char *word;
dns_rdataclass_t rdataclass;
dns_rdatatype_t rdatatype;
dns_rdata_t *rdata = NULL;
dns_rdatalist_t *rdatalist = NULL;
dns_rdataset_t *rdataset = NULL;
isc_textregion_t region;
/*
* Read the owner name.
*/
parse_name(&cmdline, name);
rdata = isc_mem_get(mctx, sizeof(*rdata));
if (rdata == NULL) {
fprintf(stderr, "memory allocation for rdata failed\n");
exit(1);
}
dns_rdata_init(rdata);
/*
* If this is an add, read the TTL and verify that it's in range.
* If it's a delete, ignore a TTL if present (for compatibility).
*/
word = nsu_strsep(&cmdline, " \t\r\n");
if (word == NULL || *word == 0) {
if (!isdelete) {
fprintf(stderr, "could not read owner ttl\n");
exit(1);
}
else {
ttl = 0;
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
rdata->flags = DNS_RDATA_UPDATE;
goto doneparsing;
}
}
result = isc_parse_uint32(&ttl, word, 10);
if (result != ISC_R_SUCCESS) {
if (isdelete) {
ttl = 0;
goto parseclass;
} else {
fprintf(stderr, "ttl '%s': %s\n", word,
isc_result_totext(result));
exit(1);
}
}
if (isdelete)
ttl = 0;
else if (ttl > TTL_MAX) {
fprintf(stderr, "ttl '%s' is out of range (0 to %u)\n",
word, TTL_MAX);
exit(1);
}
/*
* Read the class or type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
parseclass:
if (word == NULL || *word == 0) {
if (isdelete) {
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
rdata->flags = DNS_RDATA_UPDATE;
goto doneparsing;
} else {
fprintf(stderr, "could not read class or type\n");
exit(1);
}
}
region.base = word;
region.length = strlen(word);
result = dns_rdataclass_fromtext(&rdataclass, ®ion);
if (result == ISC_R_SUCCESS) {
/*
* Now read the type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
if (word == NULL || *word == 0) {
if (isdelete) {
rdataclass = dns_rdataclass_any;
rdatatype = dns_rdatatype_any;
rdata->flags = DNS_RDATA_UPDATE;
goto doneparsing;
} else {
fprintf(stderr, "could not read type\n");
exit(1);
}
}
region.base = word;
region.length = strlen(word);
result = dns_rdatatype_fromtext(&rdatatype, ®ion);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "'%s' is not a valid type: %s\n",
word, isc_result_totext(result));
exit(1);
}
} else {
rdataclass = default_rdataclass;
result = dns_rdatatype_fromtext(&rdatatype, ®ion);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "'%s' is not a valid class or type: "
"%s\n", word, isc_result_totext(result));
exit(1);
}
}
parse_rdata(mctx, &cmdline, rdataclass, rdatatype, rdata);
if (isdelete) {
if ((rdata->flags & DNS_RDATA_UPDATE) != 0)
rdataclass = dns_rdataclass_any;
else
rdataclass = dns_rdataclass_none;
} else {
if ((rdata->flags & DNS_RDATA_UPDATE) != 0) {
fprintf(stderr, "could not read rdata\n");
exit(1);
}
}
doneparsing:
rdatalist = isc_mem_get(mctx, sizeof(*rdatalist));
if (rdatalist == NULL) {
fprintf(stderr, "memory allocation for rdatalist failed\n");
exit(1);
}
dns_rdatalist_init(rdatalist);
rdatalist->type = rdatatype;
rdatalist->rdclass = rdataclass;
rdatalist->covers = rdatatype;
rdatalist->ttl = (dns_ttl_t)ttl;
ISC_LIST_INIT(rdatalist->rdata);
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
ISC_LIST_APPEND(usedrdatalists, rdatalist, link);
rdataset = isc_mem_get(mctx, sizeof(*rdataset));
if (rdataset == NULL) {
fprintf(stderr, "memory allocation for rdataset failed\n");
exit(1);
}
dns_rdataset_init(rdataset);
dns_rdatalist_tordataset(rdatalist, rdataset);
ISC_LIST_INIT(name->list);
ISC_LIST_APPEND(name->list, rdataset, link);
}
isc_result_t
ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
cfg_aclconfctx_t *aclconfctx)
{
controllistener_t *listener;
controllistenerlist_t new_listeners;
const cfg_obj_t *controlslist = NULL;
const cfg_listelt_t *element, *element2;
char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_INIT(new_listeners);
/*
* Get the list of named.conf 'controls' statements.
*/
(void)cfg_map_get(config, "controls", &controlslist);
/*
* Run through the new control channel list, noting sockets that
* are already being listened on and moving them to the new list.
*
* Identifying duplicate addr/port combinations is left to either
* the underlying config code, or to the bind attempt getting an
* address-in-use error.
*/
if (controlslist != NULL) {
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *controls;
const cfg_obj_t *inetcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "inet", &inetcontrols);
if (inetcontrols == NULL)
continue;
for (element2 = cfg_list_first(inetcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *control;
const cfg_obj_t *obj;
isc_sockaddr_t addr;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
obj = cfg_tuple_get(control, "address");
addr = *cfg_obj_assockaddr(obj);
if (isc_sockaddr_getport(&addr) == 0)
isc_sockaddr_setport(&addr,
NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext,
sizeof(socktext));
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel %s",
socktext);
update_listener(cp, &listener, control, config,
&addr, aclconfctx, socktext,
isc_sockettype_tcp);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
socktext,
isc_sockettype_tcp);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *controls;
const cfg_obj_t *unixcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "unix", &unixcontrols);
if (unixcontrols == NULL)
continue;
for (element2 = cfg_list_first(unixcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *control;
const cfg_obj_t *path;
isc_sockaddr_t addr;
isc_result_t result;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
path = cfg_tuple_get(control, "path");
result = isc_sockaddr_frompath(&addr,
cfg_obj_asstring(path));
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"control channel '%s': %s",
cfg_obj_asstring(path),
isc_result_totext(result));
continue;
}
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel '%s'",
cfg_obj_asstring(path));
update_listener(cp, &listener, control, config,
&addr, aclconfctx,
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
} else {
int i;
for (i = 0; i < 2; i++) {
isc_sockaddr_t addr;
if (i == 0) {
struct in_addr localhost;
if (isc_net_probeipv4() != ISC_R_SUCCESS)
continue;
localhost.s_addr = htonl(INADDR_LOOPBACK);
isc_sockaddr_fromin(&addr, &localhost, 0);
} else {
if (isc_net_probeipv6() != ISC_R_SUCCESS)
continue;
isc_sockaddr_fromin6(&addr,
&in6addr_loopback, 0);
}
isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
update_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
/*
* ns_control_shutdown() will stop whatever is on the global
* listeners list, which currently only has whatever sockaddrs
* were in the previous configuration (if any) that do not
* remain in the current configuration.
*/
controls_shutdown(cp);
/*
* Put all of the valid listeners on the listeners list.
* Anything already on listeners in the process of shutting
* down will be taken care of by listen_done().
*/
ISC_LIST_APPENDLIST(cp->listeners, new_listeners, link);
return (ISC_R_SUCCESS);
}
static void
make_prereq(isc_mem_t *mctx, char *cmdline, isc_boolean_t ispositive,
isc_boolean_t isrrset, dns_name_t *name)
{
isc_result_t result;
char *word;
isc_textregion_t region;
dns_rdataset_t *rdataset = NULL;
dns_rdatalist_t *rdatalist = NULL;
dns_rdataclass_t rdataclass;
dns_rdatatype_t rdatatype;
dns_rdata_t *rdata = NULL;
/*
* Read the owner name
*/
parse_name(&cmdline, name);
/*
* If this is an rrset prereq, read the class or type.
*/
if (isrrset) {
word = nsu_strsep(&cmdline, " \t\r\n");
if (word == NULL || *word == 0) {
fprintf(stderr, "could not read class or type\n");
exit(1);
}
region.base = word;
region.length = strlen(word);
result = dns_rdataclass_fromtext(&rdataclass, ®ion);
if (result == ISC_R_SUCCESS) {
/*
* Now read the type.
*/
word = nsu_strsep(&cmdline, " \t\r\n");
if (word == NULL || *word == 0) {
fprintf(stderr, "could not read type\n");
exit(1);
}
region.base = word;
region.length = strlen(word);
result = dns_rdatatype_fromtext(&rdatatype, ®ion);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "invalid type: %s\n", word);
exit(1);
}
} else {
rdataclass = default_rdataclass;
result = dns_rdatatype_fromtext(&rdatatype, ®ion);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "invalid type: %s\n", word);
exit(1);
}
}
} else
rdatatype = dns_rdatatype_any;
rdata = isc_mem_get(mctx, sizeof(*rdata));
if (rdata == NULL) {
fprintf(stderr, "memory allocation for rdata failed\n");
exit(1);
}
dns_rdata_init(rdata);
if (isrrset && ispositive)
parse_rdata(mctx, &cmdline, rdataclass, rdatatype, rdata);
else
rdata->flags = DNS_RDATA_UPDATE;
rdatalist = isc_mem_get(mctx, sizeof(*rdatalist));
if (rdatalist == NULL) {
fprintf(stderr, "memory allocation for rdatalist failed\n");
exit(1);
}
dns_rdatalist_init(rdatalist);
rdatalist->type = rdatatype;
if (ispositive) {
if (isrrset && rdata->data != NULL)
rdatalist->rdclass = rdataclass;
else
rdatalist->rdclass = dns_rdataclass_any;
} else
rdatalist->rdclass = dns_rdataclass_none;
rdatalist->covers = 0;
rdatalist->ttl = 0;
rdata->rdclass = rdatalist->rdclass;
rdata->type = rdatatype;
ISC_LIST_INIT(rdatalist->rdata);
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
ISC_LIST_APPEND(usedrdatalists, rdatalist, link);
rdataset = isc_mem_get(mctx, sizeof(*rdataset));
if (rdataset == NULL) {
fprintf(stderr, "memory allocation for rdataset failed\n");
exit(1);
}
dns_rdataset_init(rdataset);
dns_rdatalist_tordataset(rdatalist, rdataset);
ISC_LIST_INIT(name->list);
ISC_LIST_APPEND(name->list, rdataset, link);
}
static void
isc_httpd_accept(isc_task_t *task, isc_event_t *ev)
{
isc_result_t result;
isc_httpdmgr_t *httpdmgr = ev->ev_arg;
isc_httpd_t *httpd;
isc_region_t r;
isc_socket_newconnev_t *nev = (isc_socket_newconnev_t *)ev;
isc_sockaddr_t peeraddr;
ENTER("accept");
LOCK(&httpdmgr->lock);
if (MSHUTTINGDOWN(httpdmgr)) {
NOTICE("accept shutting down, goto out");
goto out;
}
if (nev->result == ISC_R_CANCELED) {
NOTICE("accept canceled, goto out");
goto out;
}
if (nev->result != ISC_R_SUCCESS) {
/* XXXMLG log failure */
NOTICE("accept returned failure, goto requeue");
goto requeue;
}
(void)isc_socket_getpeername(nev->newsocket, &peeraddr);
if (httpdmgr->client_ok != NULL &&
!(httpdmgr->client_ok)(&peeraddr, httpdmgr->cb_arg)) {
isc_socket_detach(&nev->newsocket);
goto requeue;
}
httpd = isc_mem_get(httpdmgr->mctx, sizeof(isc_httpd_t));
if (httpd == NULL) {
/* XXXMLG log failure */
NOTICE("accept failed to allocate memory, goto requeue");
isc_socket_detach(&nev->newsocket);
goto requeue;
}
httpd->mgr = httpdmgr;
ISC_LINK_INIT(httpd, link);
ISC_LIST_APPEND(httpdmgr->running, httpd, link);
ISC_HTTPD_SETRECV(httpd);
httpd->sock = nev->newsocket;
isc_socket_setname(httpd->sock, "httpd", NULL);
httpd->flags = 0;
/*
* Initialize the buffer for our headers.
*/
httpd->headerdata = isc_mem_get(httpdmgr->mctx, HTTP_SENDGROW);
if (httpd->headerdata == NULL) {
isc_mem_put(httpdmgr->mctx, httpd, sizeof(isc_httpd_t));
isc_socket_detach(&nev->newsocket);
goto requeue;
}
httpd->headerlen = HTTP_SENDGROW;
isc_buffer_init(&httpd->headerbuffer, httpd->headerdata,
httpd->headerlen);
ISC_LIST_INIT(httpd->bufflist);
isc_buffer_initnull(&httpd->bodybuffer);
reset_client(httpd);
r.base = (unsigned char *)httpd->recvbuf;
r.length = HTTP_RECVLEN - 1;
result = isc_socket_recv(httpd->sock, &r, 1, task, isc_httpd_recvdone,
httpd);
NOTICE("accept queued recv on socket");
requeue:
result = isc_socket_accept(httpdmgr->sock, task, isc_httpd_accept,
httpdmgr);
if (result != ISC_R_SUCCESS) {
/* XXXMLG what to do? Log failure... */
NOTICE("accept could not reaccept due to failure");
}
out:
UNLOCK(&httpdmgr->lock);
httpdmgr_destroy(httpdmgr);
isc_event_free(&ev);
EXIT("accept");
}
int
main(int argc, char *argv[]) {
int ch;
struct addrinfo hints, *res;
int gai_error;
dns_client_t *client = NULL;
char *zonenamestr = NULL;
char *keyfilename = NULL;
char *prereqstr = NULL;
isc_sockaddrlist_t auth_servers;
char *auth_server = NULL;
char *recursive_server = NULL;
isc_sockaddr_t sa_auth, sa_recursive;
isc_sockaddrlist_t rec_servers;
isc_result_t result;
isc_boolean_t isdelete;
isc_buffer_t b, *buf;
dns_fixedname_t zname0, pname0, uname0;
size_t namelen;
dns_name_t *zname = NULL, *uname, *pname;
dns_rdataset_t *rdataset;
dns_rdatalist_t *rdatalist;
dns_rdata_t *rdata;
dns_namelist_t updatelist, prereqlist, *prereqlistp = NULL;
isc_mem_t *umctx = NULL;
while ((ch = getopt(argc, argv, "a:k:p:r:z:")) != -1) {
switch (ch) {
case 'k':
keyfilename = optarg;
break;
case 'a':
auth_server = optarg;
break;
case 'p':
prereqstr = optarg;
break;
case 'r':
recursive_server = optarg;
break;
case 'z':
zonenamestr = optarg;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc < 2)
usage();
/* command line argument validation */
if (strcmp(argv[0], "delete") == 0)
isdelete = ISC_TRUE;
else if (strcmp(argv[0], "add") == 0)
isdelete = ISC_FALSE;
else {
fprintf(stderr, "invalid update command: %s\n", argv[0]);
exit(1);
}
if (auth_server == NULL && recursive_server == NULL) {
fprintf(stderr, "authoritative or recursive server "
"must be specified\n");
usage();
}
/* Initialization */
ISC_LIST_INIT(usedbuffers);
ISC_LIST_INIT(usedrdatalists);
ISC_LIST_INIT(prereqlist);
ISC_LIST_INIT(auth_servers);
isc_lib_register();
result = dns_lib_init();
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "dns_lib_init failed: %d\n", result);
exit(1);
}
result = isc_mem_create(0, 0, &umctx);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to crate mctx\n");
exit(1);
}
result = dns_client_create(&client, 0);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "dns_client_create failed: %d\n", result);
exit(1);
}
/* Set the authoritative server */
if (auth_server != NULL) {
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICHOST;
gai_error = getaddrinfo(auth_server, "53", &hints, &res);
if (gai_error != 0) {
fprintf(stderr, "getaddrinfo failed: %s\n",
gai_strerror(gai_error));
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa_auth.type));
memmove(&sa_auth.type, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
sa_auth.length = res->ai_addrlen;
ISC_LINK_INIT(&sa_auth, link);
ISC_LIST_APPEND(auth_servers, &sa_auth, link);
}
/* Set the recursive server */
if (recursive_server != NULL) {
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICHOST;
gai_error = getaddrinfo(recursive_server, "53", &hints, &res);
if (gai_error != 0) {
fprintf(stderr, "getaddrinfo failed: %s\n",
gai_strerror(gai_error));
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa_recursive.type));
memmove(&sa_recursive.type, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
sa_recursive.length = res->ai_addrlen;
ISC_LINK_INIT(&sa_recursive, link);
ISC_LIST_INIT(rec_servers);
ISC_LIST_APPEND(rec_servers, &sa_recursive, link);
result = dns_client_setservers(client, dns_rdataclass_in,
NULL, &rec_servers);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "set server failed: %d\n", result);
exit(1);
}
}
/* Construct zone name */
zname = NULL;
if (zonenamestr != NULL) {
namelen = strlen(zonenamestr);
isc_buffer_init(&b, zonenamestr, namelen);
isc_buffer_add(&b, namelen);
dns_fixedname_init(&zname0);
zname = dns_fixedname_name(&zname0);
result = dns_name_fromtext(zname, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
fprintf(stderr, "failed to convert zone name: %d\n",
result);
}
/* Construct prerequisite name (if given) */
if (prereqstr != NULL) {
dns_fixedname_init(&pname0);
pname = dns_fixedname_name(&pname0);
evaluate_prereq(umctx, prereqstr, pname);
ISC_LIST_APPEND(prereqlist, pname, link);
prereqlistp = &prereqlist;
}
/* Construct update name */
ISC_LIST_INIT(updatelist);
dns_fixedname_init(&uname0);
uname = dns_fixedname_name(&uname0);
update_addordelete(umctx, argv[1], isdelete, uname);
ISC_LIST_APPEND(updatelist, uname, link);
/* Set up TSIG/SIG(0) key (if given) */
if (keyfilename != NULL)
setup_tsec(keyfilename, umctx);
/* Perform update */
result = dns_client_update(client,
default_rdataclass, /* XXX: fixed */
zname, prereqlistp, &updatelist,
(auth_server == NULL) ? NULL :
&auth_servers, tsec, 0);
if (result != ISC_R_SUCCESS) {
fprintf(stderr,
"update failed: %s\n", dns_result_totext(result));
} else
fprintf(stderr, "update succeeded\n");
/* Cleanup */
while ((pname = ISC_LIST_HEAD(prereqlist)) != NULL) {
while ((rdataset = ISC_LIST_HEAD(pname->list)) != NULL) {
ISC_LIST_UNLINK(pname->list, rdataset, link);
dns_rdataset_disassociate(rdataset);
isc_mem_put(umctx, rdataset, sizeof(*rdataset));
}
ISC_LIST_UNLINK(prereqlist, pname, link);
}
while ((uname = ISC_LIST_HEAD(updatelist)) != NULL) {
while ((rdataset = ISC_LIST_HEAD(uname->list)) != NULL) {
ISC_LIST_UNLINK(uname->list, rdataset, link);
dns_rdataset_disassociate(rdataset);
isc_mem_put(umctx, rdataset, sizeof(*rdataset));
}
ISC_LIST_UNLINK(updatelist, uname, link);
}
while ((rdatalist = ISC_LIST_HEAD(usedrdatalists)) != NULL) {
while ((rdata = ISC_LIST_HEAD(rdatalist->rdata)) != NULL) {
ISC_LIST_UNLINK(rdatalist->rdata, rdata, link);
isc_mem_put(umctx, rdata, sizeof(*rdata));
}
ISC_LIST_UNLINK(usedrdatalists, rdatalist, link);
isc_mem_put(umctx, rdatalist, sizeof(*rdatalist));
}
while ((buf = ISC_LIST_HEAD(usedbuffers)) != NULL) {
ISC_LIST_UNLINK(usedbuffers, buf, link);
isc_buffer_free(&buf);
}
if (tsec != NULL)
dns_tsec_destroy(&tsec);
isc_mem_destroy(&umctx);
dns_client_destroy(&client);
dns_lib_shutdown();
return (0);
}
int
main(int argc, char *argv[]) {
isc_boolean_t verbose = ISC_FALSE;
unsigned int workers = 2;
isc_timermgr_t *timermgr;
int ch;
isc_socketmgr_t *socketmgr;
dns_dispatchmgr_t *dispatchmgr;
dns_cache_t *cache;
isc_buffer_t b;
RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
dns_result_register();
mctx = NULL;
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
== ISC_R_SUCCESS);
while ((ch = isc_commandline_parse(argc, argv, "d:vw:")) != -1) {
switch (ch) {
case 'd':
level = (unsigned int)atoi(isc_commandline_argument);
break;
case 'v':
verbose = ISC_TRUE;
break;
case 'w':
workers = (unsigned int)atoi(isc_commandline_argument);
break;
}
}
log_init();
if (verbose) {
printf("%u workers\n", workers);
printf("IPv4: %s\n", isc_result_totext(isc_net_probeipv4()));
printf("IPv6: %s\n", isc_result_totext(isc_net_probeipv6()));
}
taskmgr = NULL;
RUNTIME_CHECK(isc_taskmgr_create(mctx, workers, 0, &taskmgr) ==
ISC_R_SUCCESS);
task = NULL;
RUNTIME_CHECK(isc_task_create(taskmgr, 0, &task) ==
ISC_R_SUCCESS);
isc_task_setname(task, "byname", NULL);
dispatchmgr = NULL;
RUNTIME_CHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)
== ISC_R_SUCCESS);
timermgr = NULL;
RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) == ISC_R_SUCCESS);
socketmgr = NULL;
RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
cache = NULL;
RUNTIME_CHECK(dns_cache_create(mctx, taskmgr, timermgr,
dns_rdataclass_in, "rbt", 0, NULL,
&cache) == ISC_R_SUCCESS);
view = NULL;
RUNTIME_CHECK(dns_view_create(mctx, dns_rdataclass_in, "default",
&view) == ISC_R_SUCCESS);
{
unsigned int attrs;
dns_dispatch_t *disp4 = NULL;
dns_dispatch_t *disp6 = NULL;
if (isc_net_probeipv4() == ISC_R_SUCCESS) {
isc_sockaddr_t any4;
isc_sockaddr_any(&any4);
attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr,
socketmgr,
taskmgr, &any4,
512, 6, 1024,
17, 19, attrs,
attrs, &disp4)
== ISC_R_SUCCESS);
INSIST(disp4 != NULL);
}
if (isc_net_probeipv6() == ISC_R_SUCCESS) {
isc_sockaddr_t any6;
isc_sockaddr_any6(&any6);
attrs = DNS_DISPATCHATTR_IPV6 | DNS_DISPATCHATTR_UDP;
RUNTIME_CHECK(dns_dispatch_getudp(dispatchmgr,
socketmgr,
taskmgr, &any6,
512, 6, 1024,
17, 19, attrs,
attrs, &disp6)
== ISC_R_SUCCESS);
INSIST(disp6 != NULL);
}
RUNTIME_CHECK(dns_view_createresolver(view, taskmgr, 10, 1,
socketmgr,
timermgr, 0,
dispatchmgr,
disp4, disp6) ==
ISC_R_SUCCESS);
if (disp4 != NULL)
dns_dispatch_detach(&disp4);
if (disp6 != NULL)
dns_dispatch_detach(&disp6);
}
{
struct in_addr ina;
isc_sockaddr_t sa;
isc_sockaddrlist_t sal;
ISC_LIST_INIT(sal);
ina.s_addr = inet_addr("127.0.0.1");
isc_sockaddr_fromin(&sa, &ina, 53);
ISC_LIST_APPEND(sal, &sa, link);
RUNTIME_CHECK(dns_fwdtable_add(view->fwdtable, dns_rootname,
&sal, dns_fwdpolicy_only)
== ISC_R_SUCCESS);
}
dns_view_setcache(view, cache);
dns_view_freeze(view);
dns_cache_detach(&cache);
printf("name = %s\n", argv[isc_commandline_index]);
isc_buffer_init(&b, argv[isc_commandline_index],
strlen(argv[isc_commandline_index]));
isc_buffer_add(&b, strlen(argv[isc_commandline_index]));
dns_fixedname_init(&fixed);
dns_fixedname_init(&target);
RUNTIME_CHECK(dns_name_fromtext(dns_fixedname_name(&fixed), &b,
dns_rootname, 0, NULL) ==
ISC_R_SUCCESS);
RUNTIME_CHECK(isc_app_onrun(mctx, task, run, NULL) == ISC_R_SUCCESS);
(void)isc_app_run();
dns_view_detach(&view);
isc_task_shutdown(task);
isc_task_detach(&task);
dns_dispatchmgr_destroy(&dispatchmgr);
isc_taskmgr_destroy(&taskmgr);
isc_socketmgr_destroy(&socketmgr);
isc_timermgr_destroy(&timermgr);
isc_log_destroy(&lctx);
isc_hash_destroy();
isc_entropy_detach(&ectx);
if (verbose)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
isc_app_finish();
return (0);
}
int main (int argc, char *argv[])
{
int i, ch, error;
struct addrinfo hints, *res;
isc_result_t result;
isc_sockaddr_t sa;
isc_sockaddrlist_t servers;
isc_taskmgr_t *taskmgr = NULL;
isc_socketmgr_t *socketmgr = NULL;
isc_timermgr_t *timermgr = NULL;
while ((ch = getopt (argc, argv, "c:dhv")) != -1)
{
switch (ch)
{
case 'c':
cacheserver = optarg;
break;
case 'd':
debug_mode = ISC_TRUE;
break;
case 'h':
usage ();
break;
case 'v':
verbose_level++;
break;
default:
usage ();
break;
}
}
argc -= optind;
argv += optind;
/* Common set up */
isc_lib_register ();
result = dns_lib_init ();
if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "dns_lib_init failed: %d\n", result);
exit (1);
}
result = ctxs_init (&mctx, &actx, &taskmgr, &socketmgr, &timermgr);
if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "ctx create failed: %d\n", result);
exit (1);
}
isc_app_ctxstart (actx);
result = dns_client_createx (mctx, actx, taskmgr, socketmgr, timermgr, 0, &client);
if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "dns_client_createx failed: %d\n", result);
exit (1);
}
/* Set local cache server */
memset (&hints, 0, sizeof (hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
error = getaddrinfo (cacheserver, "53", &hints, &res);
if (error != 0)
{
fprintf (stderr, "failed to convert server name (%s): %s\n", cacheserver, gai_strerror (error));
exit (1);
}
if (res->ai_addrlen > sizeof (sa.type))
{
fprintf (stderr, "assumption failure: addrlen is too long: %ld\n", (long) res->ai_addrlen);
exit (1);
}
memcpy (&sa.type.sa, res->ai_addr, res->ai_addrlen);
sa.length = res->ai_addrlen;
freeaddrinfo (res);
ISC_LINK_INIT (&sa, link);
ISC_LIST_INIT (servers);
ISC_LIST_APPEND (servers, &sa, link);
result = dns_client_setservers (client, dns_rdataclass_in, NULL, &servers);
if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "failed to set server: %d\n", result);
exit (1);
}
/* Create the main task */
probe_task = NULL;
result = isc_task_create (taskmgr, 0, &probe_task);
if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "failed to create task: %d\n", result);
exit (1);
}
/* Open input file */
if (argc == 0)
fp = stdin;
else
{
fp = fopen (argv[0], "r");
if (fp == NULL)
{
fprintf (stderr, "failed to open input file: %s\n", argv[0]);
exit (1);
}
}
/* Set up and start probe */
for (i = 0; i < MAX_PROBES; i++)
{
probes[i].inuse = ISC_FALSE;
probes[i].domain = NULL;
dns_fixedname_init (&probes[i].fixedname);
probes[i].qname = NULL;
probes[i].qlabel = qlabels;
probes[i].qname_found = ISC_FALSE;
probes[i].resid = NULL;
ISC_LIST_INIT (probes[i].nslist);
probes[i].reqid = NULL;
probes[i].qmessage = NULL;
result = dns_message_create (mctx, DNS_MESSAGE_INTENTRENDER, &probes[i].qmessage);
if (result == ISC_R_SUCCESS)
{
result = dns_message_create (mctx, DNS_MESSAGE_INTENTPARSE, &probes[i].rmessage);
}
if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "initialization failure\n");
exit (1);
}
}
for (i = 0; i < MAX_PROBES; i++)
{
result = probe_domain (&probes[i]);
if (result == ISC_R_NOMORE)
break;
else if (result != ISC_R_SUCCESS)
{
fprintf (stderr, "failed to issue an initial probe\n");
exit (1);
}
}
/* Start event loop */
isc_app_ctxrun (actx);
/* Dump results */
printf ("Per domain results (out of %lu domains):\n", number_of_domains);
printf (" valid: %lu\n"
" ignore: %lu\n"
" nxdomain: %lu\n"
" othererr: %lu\n"
" multiplesoa: %lu\n"
" multiplecname: %lu\n"
" brokenanswer: %lu\n"
" lame: %lu\n"
" unknown: %lu\n"
" multiple errors: %lu\n",
domain_stat.valid, domain_stat.ignore, domain_stat.nxdomain,
domain_stat.othererr, domain_stat.multiplesoa,
domain_stat.multiplecname, domain_stat.brokenanswer,
domain_stat.lame, domain_stat.unknown, multiple_error_domains);
printf ("Per server results (out of %lu servers):\n", number_of_servers);
printf (" valid: %lu\n"
" ignore: %lu\n"
" nxdomain: %lu\n"
" othererr: %lu\n"
" multiplesoa: %lu\n"
" multiplecname: %lu\n"
" brokenanswer: %lu\n"
" lame: %lu\n"
" unknown: %lu\n",
server_stat.valid, server_stat.ignore, server_stat.nxdomain,
server_stat.othererr, server_stat.multiplesoa,
server_stat.multiplecname, server_stat.brokenanswer, server_stat.lame, server_stat.unknown);
/* Cleanup */
for (i = 0; i < MAX_PROBES; i++)
{
dns_message_destroy (&probes[i].qmessage);
dns_message_destroy (&probes[i].rmessage);
}
isc_task_detach (&probe_task);
dns_client_destroy (&client);
dns_lib_shutdown ();
isc_app_ctxfinish (actx);
ctxs_destroy (&mctx, &actx, &taskmgr, &socketmgr, &timermgr);
exit (0);
}
static void
buildquery(void) {
isc_result_t result;
dns_rdataset_t *question = NULL;
dns_name_t *qname = NULL;
isc_region_t r, inr;
dns_message_t *query;
char nametext[] = "host.example";
isc_buffer_t namesrc, namedst;
unsigned char namedata[256];
isc_sockaddr_t sa;
dns_compress_t cctx;
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
CHECK("dns_message_create", result);
result = dns_message_setsig0key(query, key);
CHECK("dns_message_setsig0key", result);
result = dns_message_gettemprdataset(query, &question);
CHECK("dns_message_gettemprdataset", result);
dns_rdataset_init(question);
dns_rdataset_makequestion(question, dns_rdataclass_in,
dns_rdatatype_a);
result = dns_message_gettempname(query, &qname);
CHECK("dns_message_gettempname", result);
isc_buffer_init(&namesrc, nametext, strlen(nametext));
isc_buffer_add(&namesrc, strlen(nametext));
isc_buffer_init(&namedst, namedata, sizeof(namedata));
dns_name_init(qname, NULL);
result = dns_name_fromtext(qname, &namesrc, dns_rootname, ISC_FALSE,
&namedst);
CHECK("dns_name_fromtext", result);
ISC_LIST_APPEND(qname->list, question, link);
dns_message_addname(query, qname, DNS_SECTION_QUESTION);
isc_buffer_init(&qbuffer, qdata, sizeof(qdata));
result = dns_compress_init(&cctx, -1, mctx);
CHECK("dns_compress_init", result);
result = dns_message_renderbegin(query, &cctx, &qbuffer);
CHECK("dns_message_renderbegin", result);
result = dns_message_rendersection(query, DNS_SECTION_QUESTION, 0);
CHECK("dns_message_rendersection(question)", result);
result = dns_message_rendersection(query, DNS_SECTION_ANSWER, 0);
CHECK("dns_message_rendersection(answer)", result);
result = dns_message_rendersection(query, DNS_SECTION_AUTHORITY, 0);
CHECK("dns_message_rendersection(auth)", result);
result = dns_message_rendersection(query, DNS_SECTION_ADDITIONAL, 0);
CHECK("dns_message_rendersection(add)", result);
result = dns_message_renderend(query);
CHECK("dns_message_renderend", result);
dns_compress_invalidate(&cctx);
isc_buffer_init(&outbuf, output, sizeof(output));
result = dns_message_totext(query, style, 0, &outbuf);
CHECK("dns_message_totext", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
isc_buffer_usedregion(&qbuffer, &r);
isc_sockaddr_any(&sa);
result = isc_socket_bind(s, &sa);
CHECK("isc_socket_bind", result);
result = isc_socket_sendto(s, &r, task1, senddone, NULL, &address,
NULL);
CHECK("isc_socket_sendto", result);
inr.base = rdata;
inr.length = sizeof(rdata);
result = isc_socket_recv(s, &inr, 1, task1, recvdone, NULL);
CHECK("isc_socket_recv", result);
dns_message_destroy(&query);
}
static void resolve_nsaddress (isc_task_t * task, isc_event_t * event)
{
struct probe_trans *trans = event->ev_arg;
dns_clientresevent_t *rev = (dns_clientresevent_t *) event;
dns_name_t *name;
dns_rdataset_t *rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
struct probe_ns *pns = trans->current_ns;
isc_result_t result;
REQUIRE (task == probe_task);
REQUIRE (trans->inuse == ISC_TRUE);
REQUIRE (pns != NULL);
INSIST (outstanding_probes > 0);
for (name = ISC_LIST_HEAD (rev->answerlist); name != NULL; name = ISC_LIST_NEXT (name, link))
{
for (rdataset = ISC_LIST_HEAD (name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT (rdataset, link))
{
(void) print_rdataset (rdataset, name);
if (rdataset->type != dns_rdatatype_a)
continue;
for (result = dns_rdataset_first (rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next (rdataset))
{
dns_rdata_in_a_t rdata_a;
struct server *server;
dns_rdataset_current (rdataset, &rdata);
result = dns_rdata_tostruct (&rdata, &rdata_a, NULL);
if (result != ISC_R_SUCCESS)
continue;
server = isc_mem_get (mctx, sizeof (*server));
if (server == NULL)
{
fprintf (stderr, "resolve_nsaddress: " "mem_get failed");
result = ISC_R_NOMEMORY;
POST (result);
goto cleanup;
}
isc_sockaddr_fromin (&server->address, &rdata_a.in_addr, 53);
ISC_LINK_INIT (server, link);
server->result_a = none;
server->result_aaaa = none;
ISC_LIST_APPEND (pns->servers, server, link);
}
}
}
cleanup:
dns_client_freeresanswer (client, &rev->answerlist);
dns_client_destroyrestrans (&trans->resid);
isc_event_free (&event);
next_ns:
trans->current_ns = ISC_LIST_NEXT (pns, link);
if (trans->current_ns == NULL)
{
trans->current_ns = ISC_LIST_HEAD (trans->nslist);
dns_fixedname_invalidate (&trans->fixedname);
trans->qname = NULL;
result = set_nextqname (trans);
if (result == ISC_R_SUCCESS)
result = probe_name (trans, dns_rdatatype_a);
}
else
{
result = fetch_nsaddress (trans);
if (result != ISC_R_SUCCESS)
goto next_ns; /* XXX: this is unlikely to succeed */
}
if (result != ISC_R_SUCCESS)
reset_probe (trans);
}
static isc_boolean_t
dash_option(char *option, char *next, dig_lookup_t **lookup,
isc_boolean_t *open_type_class, isc_boolean_t *need_clone,
isc_boolean_t config_only, int argc, char **argv,
isc_boolean_t *firstarg)
{
char opt, *value, *ptr, *ptr2, *ptr3;
isc_result_t result;
isc_boolean_t value_from_next;
isc_textregion_t tr;
dns_rdatatype_t rdtype;
dns_rdataclass_t rdclass;
char textname[MXNAME];
struct in_addr in4;
struct in6_addr in6;
in_port_t srcport;
char *hash, *cmd;
isc_uint32_t num;
while (strpbrk(option, single_dash_opts) == &option[0]) {
/*
* Since the -[46dhimnv] options do not take an argument,
* account for them (in any number and/or combination)
* if they appear as the first character(s) of a q-opt.
*/
opt = option[0];
switch (opt) {
case '4':
if (have_ipv4) {
isc_net_disableipv6();
have_ipv6 = ISC_FALSE;
} else {
fatal("can't find IPv4 networking");
/* NOTREACHED */
return (ISC_FALSE);
}
break;
case '6':
if (have_ipv6) {
isc_net_disableipv4();
have_ipv4 = ISC_FALSE;
} else {
fatal("can't find IPv6 networking");
/* NOTREACHED */
return (ISC_FALSE);
}
break;
case 'd':
ptr = strpbrk(&option[1], dash_opts);
if (ptr != &option[1]) {
cmd = option;
FULLCHECK("debug");
debugging = ISC_TRUE;
return (ISC_FALSE);
} else
debugging = ISC_TRUE;
break;
case 'h':
help();
exit(0);
break;
case 'i':
ip6_int = ISC_TRUE;
break;
case 'm': /* memdebug */
/* memdebug is handled in preparse_args() */
break;
case 'n':
/* deprecated */
break;
case 'v':
version();
exit(0);
break;
}
if (strlen(option) > 1U)
option = &option[1];
else
return (ISC_FALSE);
}
opt = option[0];
if (strlen(option) > 1U) {
value_from_next = ISC_FALSE;
value = &option[1];
} else {
value_from_next = ISC_TRUE;
value = next;
}
if (value == NULL)
goto invalid_option;
switch (opt) {
case 'b':
hash = strchr(value, '#');
if (hash != NULL) {
result = parse_uint(&num, hash + 1, MAXPORT,
"port number");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse port number");
srcport = num;
*hash = '\0';
} else
srcport = 0;
if (have_ipv6 && inet_pton(AF_INET6, value, &in6) == 1) {
isc_sockaddr_fromin6(&bind_address, &in6, srcport);
isc_net_disableipv4();
} else if (have_ipv4 && inet_pton(AF_INET, value, &in4) == 1) {
isc_sockaddr_fromin(&bind_address, &in4, srcport);
isc_net_disableipv6();
} else {
if (hash != NULL)
*hash = '#';
fatal("invalid address %s", value);
}
if (hash != NULL)
*hash = '#';
specified_source = ISC_TRUE;
return (value_from_next);
case 'c':
if ((*lookup)->rdclassset) {
fprintf(stderr, ";; Warning, extra class option\n");
}
*open_type_class = ISC_FALSE;
tr.base = value;
tr.length = strlen(value);
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS) {
(*lookup)->rdclass = rdclass;
(*lookup)->rdclassset = ISC_TRUE;
} else
fprintf(stderr, ";; Warning, ignoring "
"invalid class %s\n",
value);
return (value_from_next);
case 'f':
batchname = value;
return (value_from_next);
case 'k':
strncpy(keyfile, value, sizeof(keyfile));
keyfile[sizeof(keyfile)-1]=0;
return (value_from_next);
case 'p':
result = parse_uint(&num, value, MAXPORT, "port number");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse port number");
port = num;
return (value_from_next);
case 'q':
if (!config_only) {
if (*need_clone)
(*lookup) = clone_lookup(default_lookup,
ISC_TRUE);
*need_clone = ISC_TRUE;
strncpy((*lookup)->textname, value,
sizeof((*lookup)->textname));
(*lookup)->textname[sizeof((*lookup)->textname)-1]=0;
(*lookup)->trace_root = ISC_TF((*lookup)->trace ||
(*lookup)->ns_search_only);
(*lookup)->new_search = ISC_TRUE;
if (*firstarg) {
printgreeting(argc, argv, *lookup);
*firstarg = ISC_FALSE;
}
ISC_LIST_APPEND(lookup_list, (*lookup), link);
debug("looking up %s", (*lookup)->textname);
}
return (value_from_next);
case 't':
*open_type_class = ISC_FALSE;
if (strncasecmp(value, "ixfr=", 5) == 0) {
rdtype = dns_rdatatype_ixfr;
result = ISC_R_SUCCESS;
} else {
tr.base = value;
tr.length = strlen(value);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS &&
rdtype == dns_rdatatype_ixfr) {
result = DNS_R_UNKNOWN;
}
}
if (result == ISC_R_SUCCESS) {
if ((*lookup)->rdtypeset) {
fprintf(stderr, ";; Warning, "
"extra type option\n");
}
if (rdtype == dns_rdatatype_ixfr) {
isc_uint32_t serial;
(*lookup)->rdtype = dns_rdatatype_ixfr;
(*lookup)->rdtypeset = ISC_TRUE;
result = parse_uint(&serial, &value[5],
MAXSERIAL, "serial number");
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse serial number");
(*lookup)->ixfr_serial = serial;
(*lookup)->section_question = plusquest;
(*lookup)->comments = pluscomm;
(*lookup)->tcp_mode = ISC_TRUE;
} else {
(*lookup)->rdtype = rdtype;
(*lookup)->rdtypeset = ISC_TRUE;
if (rdtype == dns_rdatatype_axfr) {
(*lookup)->section_question = plusquest;
(*lookup)->comments = pluscomm;
}
(*lookup)->ixfr_serial = ISC_FALSE;
}
} else
fprintf(stderr, ";; Warning, ignoring "
"invalid type %s\n",
value);
return (value_from_next);
case 'y':
ptr = next_token(&value,":"); /* hmac type or name */
if (ptr == NULL) {
usage();
}
ptr2 = next_token(&value, ":"); /* name or secret */
if (ptr2 == NULL)
usage();
ptr3 = next_token(&value,":"); /* secret or NULL */
if (ptr3 != NULL) {
parse_hmac(ptr);
ptr = ptr2;
ptr2 = ptr3;
} else {
hmacname = DNS_TSIG_HMACMD5_NAME;
digestbits = 0;
}
strncpy(keynametext, ptr, sizeof(keynametext));
keynametext[sizeof(keynametext)-1]=0;
strncpy(keysecret, ptr2, sizeof(keysecret));
keysecret[sizeof(keysecret)-1]=0;
return (value_from_next);
case 'x':
if (*need_clone)
*lookup = clone_lookup(default_lookup, ISC_TRUE);
*need_clone = ISC_TRUE;
if (get_reverse(textname, sizeof(textname), value,
ip6_int, ISC_FALSE) == ISC_R_SUCCESS) {
strncpy((*lookup)->textname, textname,
sizeof((*lookup)->textname));
debug("looking up %s", (*lookup)->textname);
(*lookup)->trace_root = ISC_TF((*lookup)->trace ||
(*lookup)->ns_search_only);
(*lookup)->ip6_int = ip6_int;
if (!(*lookup)->rdtypeset)
(*lookup)->rdtype = dns_rdatatype_ptr;
if (!(*lookup)->rdclassset)
(*lookup)->rdclass = dns_rdataclass_in;
(*lookup)->new_search = ISC_TRUE;
if (*firstarg) {
printgreeting(argc, argv, *lookup);
*firstarg = ISC_FALSE;
}
ISC_LIST_APPEND(lookup_list, *lookup, link);
} else {
fprintf(stderr, "Invalid IP address %s\n", value);
exit(1);
}
return (value_from_next);
invalid_option:
default:
fprintf(stderr, "Invalid option: -%s\n", option);
usage();
}
/* NOTREACHED */
return (ISC_FALSE);
}
static void resolve_ns (isc_task_t * task, isc_event_t * event)
{
struct probe_trans *trans = event->ev_arg;
dns_clientresevent_t *rev = (dns_clientresevent_t *) event;
dns_name_t *name;
dns_rdataset_t *rdataset;
isc_result_t result = ISC_R_SUCCESS;
dns_rdata_t rdata = DNS_RDATA_INIT;
struct probe_ns *pns;
REQUIRE (task == probe_task);
REQUIRE (trans->inuse == ISC_TRUE);
INSIST (outstanding_probes > 0);
for (name = ISC_LIST_HEAD (rev->answerlist); name != NULL; name = ISC_LIST_NEXT (name, link))
{
for (rdataset = ISC_LIST_HEAD (name->list); rdataset != NULL; rdataset = ISC_LIST_NEXT (rdataset, link))
{
(void) print_rdataset (rdataset, name);
if (rdataset->type != dns_rdatatype_ns)
continue;
for (result = dns_rdataset_first (rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next (rdataset))
{
dns_rdata_ns_t ns;
dns_rdataset_current (rdataset, &rdata);
/*
* Extract the name from the NS record.
*/
result = dns_rdata_tostruct (&rdata, &ns, NULL);
if (result != ISC_R_SUCCESS)
continue;
pns = isc_mem_get (mctx, sizeof (*pns));
if (pns == NULL)
{
fprintf (stderr, "resolve_ns: mem_get failed");
result = ISC_R_NOMEMORY;
POST (result);
/*
* XXX: should we continue with the
* available servers anyway?
*/
goto cleanup;
}
dns_fixedname_init (&pns->fixedname);
pns->name = dns_fixedname_name (&pns->fixedname);
ISC_LINK_INIT (pns, link);
ISC_LIST_APPEND (trans->nslist, pns, link);
ISC_LIST_INIT (pns->servers);
dns_name_copy (&ns.name, pns->name, NULL);
dns_rdata_reset (&rdata);
dns_rdata_freestruct (&ns);
}
}
}
cleanup:
dns_client_freeresanswer (client, &rev->answerlist);
dns_client_destroyrestrans (&trans->resid);
isc_event_free (&event);
if (!ISC_LIST_EMPTY (trans->nslist))
{
/* Go get addresses of NSes */
trans->current_ns = ISC_LIST_HEAD (trans->nslist);
result = fetch_nsaddress (trans);
}
else
result = ISC_R_FAILURE;
if (result == ISC_R_SUCCESS)
return;
reset_probe (trans);
}
isc_result_t
res_nupdate(res_state statp, ns_updrec *rrecp_in) {
ns_updrec *rrecp;
double answer[PACKETSZ / sizeof (double)];
double packet[2*PACKETSZ / sizeof (double)];
struct zonegrp *zptr, tgrp;
int nscount = 0;
unsigned n;
unsigned rval;
struct sockaddr_in nsaddrs[MAXNS];
ns_tsig_key *key;
void *zcookie = 0;
void *zcookp = &zcookie;
isc_result_t rcode;
again:
/* Make sure all the updates are in the same zone, and find out
what zone they are in. */
zptr = NULL;
for (rrecp = rrecp_in; rrecp; rrecp = ISC_LIST_NEXT(rrecp, r_link)) {
/* Find the origin for it if there is one. */
tgrp.z_class = rrecp->r_class;
rcode = res_findzonecut(statp, rrecp->r_dname, tgrp.z_class,
RES_EXHAUSTIVE,
tgrp.z_origin,
sizeof tgrp.z_origin,
tgrp.z_nsaddrs, MAXNS, &tgrp.z_nscount,
zcookp);
if (rcode != ISC_R_SUCCESS)
goto done;
if (tgrp.z_nscount <= 0) {
rcode = ISC_R_NOTZONE;
goto done;
}
/* Make a group for it if there isn't one. */
if (zptr == NULL) {
zptr = malloc(sizeof *zptr);
if (zptr == NULL) {
rcode = ISC_R_NOMEMORY;
goto done;
}
*zptr = tgrp;
zptr->z_flags = 0;
ISC_LIST_INIT(zptr->z_rrlist);
} else if (ns_samename(tgrp.z_origin, zptr->z_origin) == 0 ||
tgrp.z_class != zptr->z_class) {
/* Some of the records are in different zones. */
rcode = ISC_R_CROSSZONE;
goto done;
}
/* Thread this rrecp onto the zone group. */
ISC_LIST_APPEND(zptr->z_rrlist, rrecp, r_glink);
}
/* Construct zone section and prepend it. */
rrecp = res_mkupdrec(ns_s_zn, zptr->z_origin,
zptr->z_class, ns_t_soa, 0);
if (rrecp == NULL) {
rcode = ISC_R_UNEXPECTED;
goto done;
}
ISC_LIST_PREPEND(zptr->z_rrlist, rrecp, r_glink);
zptr->z_flags |= ZG_F_ZONESECTADDED;
/* Marshall the update message. */
n = sizeof packet;
rcode = res_nmkupdate(statp,
ISC_LIST_HEAD(zptr->z_rrlist), packet, &n);
if (rcode != ISC_R_SUCCESS)
goto done;
/* Temporarily replace the resolver's nameserver set. */
nscount = nscopy(nsaddrs, statp->nsaddr_list, statp->nscount);
statp->nscount = nsprom(statp->nsaddr_list,
zptr->z_nsaddrs, zptr->z_nscount);
/* Send the update and remember the result. */
key = (ns_tsig_key *)0;
rcode = find_tsig_key (&key, zptr->z_origin, zcookie);
if (rcode == ISC_R_SUCCESS) {
rcode = res_nsendsigned(statp, packet, n, key,
answer, sizeof answer, &rval);
tkey_free (&key);
} else if (rcode == ISC_R_NOTFOUND || rcode == ISC_R_KEY_UNKNOWN) {
rcode = res_nsend(statp, packet, n,
answer, sizeof answer, &rval);
}
if (rcode != ISC_R_SUCCESS)
goto undone;
rcode = ns_rcode_to_isc (((HEADER *)answer)->rcode);
if (zcookie && rcode == ISC_R_BADSIG) {
repudiate_zone (&zcookie);
}
undone:
/* Restore resolver's nameserver set. */
statp->nscount = nscopy(statp->nsaddr_list, nsaddrs, nscount);
nscount = 0;
done:
if (zptr) {
if ((zptr->z_flags & ZG_F_ZONESECTADDED) != 0)
res_freeupdrec(ISC_LIST_HEAD(zptr->z_rrlist));
free(zptr);
}
/* If the update failed because we used a cached zone and it
didn't work, try it again without the cached zone. */
if (zcookp && (rcode == ISC_R_NOTZONE || rcode == ISC_R_BADSIG)) {
zcookp = 0;
goto again;
}
if (zcookie)
forget_zone (&zcookie);
return rcode;
}
/*%
* Configure an apex NS with glues for a static-stub zone.
* For example, for the zone named "example.com", the following RRs will be
* added to the zone DB:
* example.com. NS example.com.
* example.com. A 192.0.2.1
* example.com. AAAA 2001:db8::1
*/
static isc_result_t
configure_staticstub_serveraddrs(const cfg_obj_t *zconfig, dns_zone_t *zone,
dns_rdatalist_t *rdatalist_ns,
dns_rdatalist_t *rdatalist_a,
dns_rdatalist_t *rdatalist_aaaa)
{
const cfg_listelt_t *element;
isc_mem_t *mctx = dns_zone_getmctx(zone);
isc_region_t region, sregion;
dns_rdata_t *rdata;
isc_result_t result = ISC_R_SUCCESS;
for (element = cfg_list_first(zconfig);
element != NULL;
element = cfg_list_next(element))
{
const isc_sockaddr_t* sa;
isc_netaddr_t na;
const cfg_obj_t *address = cfg_listelt_value(element);
dns_rdatalist_t *rdatalist;
sa = cfg_obj_assockaddr(address);
if (isc_sockaddr_getport(sa) != 0) {
cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
"port is not configurable for "
"static stub server-addresses");
return (ISC_R_FAILURE);
}
isc_netaddr_fromsockaddr(&na, sa);
if (isc_netaddr_getzone(&na) != 0) {
cfg_obj_log(zconfig, ns_g_lctx, ISC_LOG_ERROR,
"scoped address is not allowed "
"for static stub "
"server-addresses");
return (ISC_R_FAILURE);
}
switch (na.family) {
case AF_INET:
region.length = sizeof(na.type.in);
rdatalist = rdatalist_a;
break;
default:
INSIST(na.family == AF_INET6);
region.length = sizeof(na.type.in6);
rdatalist = rdatalist_aaaa;
break;
}
rdata = isc_mem_get(mctx, sizeof(*rdata) + region.length);
if (rdata == NULL)
return (ISC_R_NOMEMORY);
region.base = (unsigned char *)(rdata + 1);
memcpy(region.base, &na.type, region.length);
dns_rdata_init(rdata);
dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
rdatalist->type, ®ion);
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
}
/*
* If no address is specified (unlikely in this context, but possible),
* there's nothing to do anymore.
*/
if (ISC_LIST_EMPTY(rdatalist_a->rdata) &&
ISC_LIST_EMPTY(rdatalist_aaaa->rdata)) {
return (ISC_R_SUCCESS);
}
/* Add to the list an apex NS with the ns name being the origin name */
dns_name_toregion(dns_zone_getorigin(zone), &sregion);
rdata = isc_mem_get(mctx, sizeof(*rdata) + sregion.length);
if (rdata == NULL) {
/*
* Already allocated data will be freed in the caller, so
* we can simply return here.
*/
return (ISC_R_NOMEMORY);
}
region.length = sregion.length;
region.base = (unsigned char *)(rdata + 1);
memcpy(region.base, sregion.base, region.length);
dns_rdata_init(rdata);
dns_rdata_fromregion(rdata, dns_zone_getclass(zone),
dns_rdatatype_ns, ®ion);
ISC_LIST_APPEND(rdatalist_ns->rdata, rdata, link);
return (result);
}