static isc_result_t
make_name(const char *src, dns_name_t *name) {
isc_buffer_t b;
isc_buffer_constinit(&b, src, strlen(src));
isc_buffer_add(&b, strlen(src));
return (dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
}
static isc_result_t
convert_name(dns_fixedname_t *fn, dns_name_t **name, const char *text) {
isc_result_t result;
isc_buffer_t b;
dns_name_t *n;
unsigned int len;
REQUIRE(fn != NULL && name != NULL && text != NULL);
len = strlen(text);
isc_buffer_constinit(&b, text, len);
isc_buffer_add(&b, len);
dns_fixedname_init(fn);
n = dns_fixedname_name(fn);
result = dns_name_fromtext(n, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
delv_log(ISC_LOG_ERROR, "failed to convert QNAME %s: %s",
text, isc_result_totext(result));
return (result);
}
*name = n;
return (ISC_R_SUCCESS);
}
ATF_TC_BODY(isc_dh_computesecret, tc) {
dst_key_t *key = NULL;
isc_buffer_t buf;
unsigned char array[1024];
isc_result_t ret;
dns_fixedname_t fname;
dns_name_t *name;
UNUSED(tc);
ret = dns_test_begin(NULL, ISC_FALSE);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_constinit(&buf, "dh.", 3);
isc_buffer_add(&buf, 3);
ret = dns_name_fromtext(name, &buf, NULL, 0, NULL);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
ret = dst_key_fromfile(name, 18602, DST_ALG_DH,
DST_TYPE_PUBLIC | DST_TYPE_KEY,
"./", mctx, &key);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
isc_buffer_init(&buf, array, sizeof(array));
ret = dst_key_computesecret(key, key, &buf);
ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY);
ret = key->func->computesecret(key, key, &buf);
ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE);
dst_key_free(&key);
dns_test_end();
}
isc_result_t
dns_peer_setkeybycharp(dns_peer_t *peer, const char *keyval) {
isc_buffer_t b;
dns_fixedname_t fname;
dns_name_t *name;
isc_result_t result;
dns_fixedname_init(&fname);
isc_buffer_constinit(&b, keyval, strlen(keyval));
isc_buffer_add(&b, strlen(keyval));
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
return (result);
name = isc_mem_get(peer->mem, sizeof(dns_name_t));
if (name == NULL)
return (ISC_R_NOMEMORY);
dns_name_init(name, NULL);
result = dns_name_dup(dns_fixedname_name(&fname), peer->mem, name);
if (result != ISC_R_SUCCESS) {
isc_mem_put(peer->mem, name, sizeof(dns_name_t));
return (result);
}
result = dns_peer_setkey(peer, &name);
if (result != ISC_R_SUCCESS)
isc_mem_put(peer->mem, name, sizeof(dns_name_t));
return (result);
}
static isc_result_t
make_querymessage(dns_message_t *message, const char *namestr,
dns_rdatatype_t rdtype)
{
dns_name_t *qname = NULL, *qname0;
dns_rdataset_t *qrdataset = NULL;
isc_result_t result;
isc_buffer_t b;
unsigned int namelen;
REQUIRE(message != NULL);
REQUIRE(namestr != NULL);
/* Construct qname */
namelen = strlen(namestr);
isc_buffer_constinit(&b, namestr, namelen);
isc_buffer_add(&b, namelen);
dns_fixedname_init(&fixedqname);
qname0 = dns_fixedname_name(&fixedqname);
result = dns_name_fromtext(qname0, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to convert qname: %d\n", result);
return (result);
}
/* Construct query message */
message->opcode = dns_opcode_query;
message->rdclass = dns_rdataclass_in;
result = dns_message_gettempname(message, &qname);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_message_gettemprdataset(message, &qrdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
dns_name_init(qname, NULL);
dns_name_clone(qname0, qname);
dns_rdataset_init(qrdataset);
dns_rdataset_makequestion(qrdataset, message->rdclass, rdtype);
ISC_LIST_APPEND(qname->list, qrdataset, link);
dns_message_addname(message, qname, DNS_SECTION_QUESTION);
return (ISC_R_SUCCESS);
cleanup:
if (qname != NULL)
dns_message_puttempname(message, &qname);
if (qrdataset != NULL)
dns_message_puttemprdataset(message, &qrdataset);
dns_message_destroy(&message);
return (result);
}
static void
setup(const char *zonename, const char *filename, const char *classname) {
isc_result_t result;
dns_rdataclass_t rdclass;
isc_consttextregion_t region;
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
const char *rbt = "rbt";
if (debug)
fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
zonename, filename, classname);
result = dns_zone_create(&zone, mctx);
ERRRET(result, "dns_zone_new");
dns_zone_settype(zone, zonetype);
isc_buffer_constinit(&buffer, zonename, strlen(zonename));
isc_buffer_add(&buffer, strlen(zonename));
dns_fixedname_init(&fixorigin);
result = dns_name_fromtext(dns_fixedname_name(&fixorigin),
&buffer, dns_rootname, 0, NULL);
ERRRET(result, "dns_name_fromtext");
origin = dns_fixedname_name(&fixorigin);
result = dns_zone_setorigin(zone, origin);
ERRRET(result, "dns_zone_setorigin");
result = dns_zone_setdbtype(zone, 1, &rbt);
ERRRET(result, "dns_zone_setdatabase");
result = dns_zone_setfile(zone, filename);
ERRRET(result, "dns_zone_setfile");
region.base = classname;
region.length = strlen(classname);
result = dns_rdataclass_fromtext(&rdclass,
(isc_textregion_t *)(void*)®ion);
ERRRET(result, "dns_rdataclass_fromtext");
dns_zone_setclass(zone, rdclass);
if (zonetype == dns_zone_slave)
dns_zone_setmasters(zone, &addr, 1);
result = dns_zone_load(zone);
ERRRET(result, "dns_zone_load");
result = dns_zonemgr_managezone(zonemgr, zone);
ERRRET(result, "dns_zonemgr_managezone");
}
static void
lookup(const char *target) {
dns_name_t name;
unsigned char namedata[256];
client_t *client;
isc_buffer_t t, namebuf;
isc_result_t result;
unsigned int options;
INSIST(target != NULL);
client = new_client();
isc_buffer_constinit(&t, target, strlen(target));
isc_buffer_add(&t, strlen(target));
isc_buffer_init(&namebuf, namedata, sizeof(namedata));
dns_name_init(&name, NULL);
result = dns_name_fromtext(&name, &t, dns_rootname, 0, &namebuf);
check_result(result, "dns_name_fromtext %s", target);
result = dns_name_dup(&name, mctx, &client->name);
check_result(result, "dns_name_dup %s", target);
options = 0;
options |= DNS_ADBFIND_INET;
options |= DNS_ADBFIND_INET6;
options |= DNS_ADBFIND_WANTEVENT;
options |= DNS_ADBFIND_HINTOK;
options |= DNS_ADBFIND_GLUEOK;
result = dns_adb_createfind(adb, t2, lookup_callback, client,
&client->name, dns_rootname, 0, options,
now, NULL, view->dstport, &client->find);
if (result != ISC_R_SUCCESS)
printf("DNS_ADB_CREATEFIND -> %s\n", dns_result_totext(result));
dns_adb_dumpfind(client->find, stderr);
if ((client->find->options & DNS_ADBFIND_WANTEVENT) != 0) {
client->target = target;
ISC_LIST_APPEND(clients, client, link);
} else {
printf("NAME %s: err4 %s, err6 %s\n",
target, isc_result_totext(client->find->result_v4),
isc_result_totext(client->find->result_v6));
dns_adb_destroyfind(&client->find);
free_client(&client);
}
}
/*
* Create a zone with origin 'name', return a pointer to the zone object in
* 'zonep'. If 'view' is set, add the zone to that view; otherwise, create
* a new view for the purpose.
*
* If the created view is going to be needed by the caller subsequently,
* then 'keepview' should be set to true; this will prevent the view
* from being detached. In this case, the caller is responsible for
* detaching the view.
*/
isc_result_t
dns_test_makezone(const char *name, dns_zone_t **zonep, dns_view_t *view,
isc_boolean_t keepview)
{
isc_result_t result;
dns_zone_t *zone = NULL;
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
if (view == NULL)
CHECK(dns_view_create(mctx, dns_rdataclass_in, "view", &view));
else if (!keepview)
keepview = ISC_TRUE;
zone = *zonep;
if (zone == NULL)
CHECK(dns_zone_create(&zone, mctx));
isc_buffer_constinit(&buffer, name, strlen(name));
isc_buffer_add(&buffer, strlen(name));
dns_fixedname_init(&fixorigin);
origin = dns_fixedname_name(&fixorigin);
CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
CHECK(dns_zone_setorigin(zone, origin));
dns_zone_setview(zone, view);
dns_zone_settype(zone, dns_zone_master);
dns_zone_setclass(zone, view->rdclass);
dns_view_addzone(view, zone);
if (!keepview)
dns_view_detach(&view);
*zonep = zone;
return (ISC_R_SUCCESS);
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
if (view != NULL)
dns_view_detach(&view);
return (result);
}
static isc_result_t
convert_keyname(const cfg_obj_t *keyobj, isc_log_t *lctx, isc_mem_t *mctx,
dns_name_t *dnsname)
{
isc_result_t result;
isc_buffer_t buf;
dns_fixedname_t fixname;
unsigned int keylen;
const char *txtname = cfg_obj_asstring(keyobj);
keylen = strlen(txtname);
isc_buffer_constinit(&buf, txtname, keylen);
isc_buffer_add(&buf, keylen);
dns_fixedname_init(&fixname);
result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(keyobj, lctx, ISC_LOG_WARNING,
"key name '%s' is not a valid domain name",
txtname);
return (result);
}
return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
}
isc_result_t
ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
isc_mem_t *mctx, isc_sockaddr_t **addrsp,
isc_dscp_t **dscpsp, dns_name_t ***keysp,
isc_uint32_t *countp)
{
isc_uint32_t addrcount = 0, dscpcount = 0, keycount = 0, i = 0;
isc_uint32_t listcount = 0, l = 0, j;
isc_uint32_t stackcount = 0, pushed = 0;
isc_result_t result;
const cfg_listelt_t *element;
const cfg_obj_t *addrlist;
const cfg_obj_t *portobj;
const cfg_obj_t *dscpobj;
in_port_t port;
isc_dscp_t dscp = -1;
dns_fixedname_t fname;
isc_sockaddr_t *addrs = NULL;
isc_dscp_t *dscps = NULL;
dns_name_t **keys = NULL;
struct { const char *name; } *lists = NULL;
struct {
const cfg_listelt_t *element;
in_port_t port;
isc_dscp_t dscp;
} *stack = NULL;
REQUIRE(addrsp != NULL && *addrsp == NULL);
REQUIRE(dscpsp != NULL && *dscpsp == NULL);
REQUIRE(keysp != NULL && *keysp == NULL);
REQUIRE(countp != NULL);
/*
* Get system defaults.
*/
result = ns_config_getport(config, &port);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = ns_config_getdscp(config, &dscp);
if (result != ISC_R_SUCCESS)
goto cleanup;
newlist:
addrlist = cfg_tuple_get(list, "addresses");
portobj = cfg_tuple_get(list, "port");
dscpobj = cfg_tuple_get(list, "dscp");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
result = ISC_R_RANGE;
goto cleanup;
}
port = (in_port_t) val;
}
if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
if (cfg_obj_asuint32(dscpobj) > 63) {
cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
"dscp value '%u' is out of range",
cfg_obj_asuint32(dscpobj));
result = ISC_R_RANGE;
goto cleanup;
}
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
}
result = ISC_R_NOMEMORY;
element = cfg_list_first(addrlist);
resume:
for ( ;
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *addr;
const cfg_obj_t *key;
const char *keystr;
isc_buffer_t b;
addr = cfg_tuple_get(cfg_listelt_value(element),
"masterselement");
key = cfg_tuple_get(cfg_listelt_value(element), "key");
if (!cfg_obj_issockaddr(addr)) {
const char *listname = cfg_obj_asstring(addr);
isc_result_t tresult;
/* Grow lists? */
if (listcount == l) {
void * tmp;
isc_uint32_t newlen = listcount + 16;
size_t newsize, oldsize;
newsize = newlen * sizeof(*lists);
oldsize = listcount * sizeof(*lists);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (listcount != 0) {
memmove(tmp, lists, oldsize);
isc_mem_put(mctx, lists, oldsize);
}
lists = tmp;
listcount = newlen;
}
/* Seen? */
for (j = 0; j < l; j++)
if (strcasecmp(lists[j].name, listname) == 0)
break;
if (j < l)
continue;
tresult = get_masters_def(config, listname, &list);
if (tresult == ISC_R_NOTFOUND) {
cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
"masters \"%s\" not found", listname);
result = tresult;
goto cleanup;
}
if (tresult != ISC_R_SUCCESS)
goto cleanup;
lists[l++].name = listname;
/* Grow stack? */
if (stackcount == pushed) {
void * tmp;
isc_uint32_t newlen = stackcount + 16;
size_t newsize, oldsize;
newsize = newlen * sizeof(*stack);
oldsize = stackcount * sizeof(*stack);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (stackcount != 0) {
memmove(tmp, stack, oldsize);
isc_mem_put(mctx, stack, oldsize);
}
stack = tmp;
stackcount = newlen;
}
/*
* We want to resume processing this list on the
* next element.
*/
stack[pushed].element = cfg_list_next(element);
stack[pushed].port = port;
stack[pushed].dscp = dscp;
pushed++;
goto newlist;
}
if (i == addrcount) {
void * tmp;
isc_uint32_t newlen = addrcount + 16;
size_t newsize, oldsize;
newsize = newlen * sizeof(isc_sockaddr_t);
oldsize = addrcount * sizeof(isc_sockaddr_t);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (addrcount != 0) {
memmove(tmp, addrs, oldsize);
isc_mem_put(mctx, addrs, oldsize);
}
addrs = tmp;
addrcount = newlen;
newsize = newlen * sizeof(isc_dscp_t);
oldsize = dscpcount * sizeof(isc_dscp_t);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (dscpcount != 0) {
memmove(tmp, dscps, oldsize);
isc_mem_put(mctx, dscps, oldsize);
}
dscps = tmp;
dscpcount = newlen;
newsize = newlen * sizeof(dns_name_t *);
oldsize = keycount * sizeof(dns_name_t *);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (keycount != 0) {
memmove(tmp, keys, oldsize);
isc_mem_put(mctx, keys, oldsize);
}
keys = tmp;
keycount = newlen;
}
addrs[i] = *cfg_obj_assockaddr(addr);
if (isc_sockaddr_getport(&addrs[i]) == 0)
isc_sockaddr_setport(&addrs[i], port);
dscps[i] = cfg_obj_getdscp(addr);
if (dscps[i] == -1)
dscps[i] = dscp;
keys[i] = NULL;
i++; /* Increment here so that cleanup on error works. */
if (!cfg_obj_isstring(key))
continue;
keys[i - 1] = isc_mem_get(mctx, sizeof(dns_name_t));
if (keys[i - 1] == NULL)
goto cleanup;
dns_name_init(keys[i - 1], NULL);
keystr = cfg_obj_asstring(key);
isc_buffer_constinit(&b, keystr, strlen(keystr));
isc_buffer_add(&b, strlen(keystr));
dns_fixedname_init(&fname);
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_name_dup(dns_fixedname_name(&fname), mctx,
keys[i - 1]);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
if (pushed != 0) {
pushed--;
element = stack[pushed].element;
port = stack[pushed].port;
dscp = stack[pushed].dscp;
goto resume;
}
if (i < addrcount) {
void * tmp;
size_t newsize, oldsize;
newsize = i * sizeof(isc_sockaddr_t);
oldsize = addrcount * sizeof(isc_sockaddr_t);
if (i != 0) {
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
memmove(tmp, addrs, newsize);
} else
tmp = NULL;
isc_mem_put(mctx, addrs, oldsize);
addrs = tmp;
addrcount = i;
newsize = i * sizeof(isc_dscp_t);
oldsize = dscpcount * sizeof(isc_dscp_t);
if (i != 0) {
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
memmove(tmp, dscps, newsize);
} else
tmp = NULL;
isc_mem_put(mctx, dscps, oldsize);
dscps = tmp;
dscpcount = i;
newsize = i * sizeof(dns_name_t *);
oldsize = keycount * sizeof(dns_name_t *);
if (i != 0) {
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
memmove(tmp, keys, newsize);
} else
tmp = NULL;
isc_mem_put(mctx, keys, oldsize);
keys = tmp;
keycount = i;
}
if (lists != NULL)
isc_mem_put(mctx, lists, listcount * sizeof(*lists));
if (stack != NULL)
isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
INSIST(keycount == addrcount);
*addrsp = addrs;
*dscpsp = dscps;
*keysp = keys;
*countp = addrcount;
return (ISC_R_SUCCESS);
cleanup:
if (addrs != NULL)
isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
if (dscps != NULL)
isc_mem_put(mctx, dscps, dscpcount * sizeof(isc_dscp_t));
if (keys != NULL) {
for (j = 0; j < i; j++) {
if (keys[j] == NULL)
continue;
if (dns_name_dynamic(keys[j]))
dns_name_free(keys[j], mctx);
isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
}
isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
}
if (lists != NULL)
isc_mem_put(mctx, lists, listcount * sizeof(*lists));
if (stack != NULL)
isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
return (result);
}
ATF_TC_BODY(isc_rsa_verify, tc) {
isc_result_t ret;
dns_fixedname_t fname;
isc_buffer_t buf;
dns_name_t *name;
dst_key_t *key = NULL;
dst_context_t *ctx = NULL;
isc_region_t r;
UNUSED(tc);
ret = dns_test_begin(NULL, ISC_FALSE);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_constinit(&buf, "rsa.", 4);
isc_buffer_add(&buf, 4);
ret = dns_name_fromtext(name, &buf, NULL, 0, NULL);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
ret = dst_key_fromfile(name, 29235, DST_ALG_RSASHA1,
DST_TYPE_PUBLIC, "./", mctx, &key);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
/* RSASHA1 */
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
ISC_FALSE, &ctx);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = d;
r.length = 10;
ret = dst_context_adddata(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = sigsha1;
r.length = 256;
ret = dst_context_verify(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
dst_context_destroy(&ctx);
/* RSAMD5 */
#ifndef PK11_MD5_DISABLE
key->key_alg = DST_ALG_RSAMD5;
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
ISC_FALSE, &ctx);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = d;
r.length = 10;
ret = dst_context_adddata(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = sigmd5;
r.length = 256;
ret = dst_context_verify(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
dst_context_destroy(&ctx);
#endif
/* RSASHA256 */
key->key_alg = DST_ALG_RSASHA256;
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
ISC_FALSE, &ctx);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = d;
r.length = 10;
ret = dst_context_adddata(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = sigsha256;
r.length = 256;
ret = dst_context_verify(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
dst_context_destroy(&ctx);
/* RSASHA512 */
key->key_alg = DST_ALG_RSASHA512;
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
ISC_FALSE, &ctx);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = d;
r.length = 10;
ret = dst_context_adddata(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
r.base = sigsha512;
r.length = 256;
ret = dst_context_verify(ctx, &r);
ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
dst_context_destroy(&ctx);
dst_key_free(&key);
dns_test_end();
}
static isc_result_t
load(const char *filename, const char *origintext, isc_boolean_t cache) {
dns_fixedname_t forigin;
dns_name_t *origin;
isc_result_t result;
isc_buffer_t source;
size_t len;
dbinfo *dbi;
unsigned int i;
dbi = isc_mem_get(mctx, sizeof(*dbi));
if (dbi == NULL)
return (ISC_R_NOMEMORY);
dbi->db = NULL;
dbi->version = NULL;
dbi->wversion = NULL;
for (i = 0; i < MAXVERSIONS; i++)
dbi->rversions[i] = NULL;
dbi->hold_count = 0;
for (i = 0; i < MAXHOLD; i++)
dbi->hold_nodes[i] = NULL;
dbi->dbiterator = NULL;
dbi->iversion = NULL;
dbi->pause_every = pause_every;
dbi->ascending = ascending;
ISC_LINK_INIT(dbi, link);
len = strlen(origintext);
isc_buffer_constinit(&source, origintext, len);
isc_buffer_add(&source, len);
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);
result = dns_name_fromtext(origin, &source, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_db_create(mctx, dbtype, origin,
cache ? dns_dbtype_cache : dns_dbtype_zone,
dns_rdataclass_in,
0, NULL, &dbi->db);
if (result != ISC_R_SUCCESS) {
isc_mem_put(mctx, dbi, sizeof(*dbi));
return (result);
}
printf("loading %s (%s)\n", filename, origintext);
result = dns_db_load(dbi->db, filename);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
dns_db_detach(&dbi->db);
isc_mem_put(mctx, dbi, sizeof(*dbi));
return (result);
}
printf("loaded\n");
if (cache) {
INSIST(cache_dbi == NULL);
dns_dbtable_adddefault(dbtable, dbi->db);
cache_dbi = dbi;
} else {
if (dns_dbtable_add(dbtable, dbi->db) != ISC_R_SUCCESS) {
dns_db_detach(&dbi->db);
isc_mem_put(mctx, dbi, sizeof(*dbi));
return (result);
}
}
ISC_LIST_APPEND(dbs, dbi, link);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
{
isc_result_t result;
dns_tkeyctx_t *tctx = NULL;
const char *s;
isc_uint32_t n;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
const cfg_obj_t *obj;
int type;
result = dns_tkeyctx_create(mctx, ectx, &tctx);
if (result != ISC_R_SUCCESS)
return (result);
obj = NULL;
result = cfg_map_get(options, "tkey-dhkey", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
RETERR(dst_key_fromfile(name, (dns_keytag_t) n, DNS_KEYALG_DH,
type, NULL, mctx, &tctx->dhkey));
}
obj = NULL;
result = cfg_map_get(options, "tkey-domain", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t));
if (tctx->domain == NULL) {
result = ISC_R_NOMEMORY;
goto failure;
}
dns_name_init(tctx->domain, NULL);
RETERR(dns_name_dup(name, mctx, tctx->domain));
}
obj = NULL;
result = cfg_map_get(options, "tkey-gssapi-credential", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
RETERR(dst_gssapi_acquirecred(name, ISC_FALSE, &tctx->gsscred));
}
obj = NULL;
result = cfg_map_get(options, "tkey-gssapi-keytab", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
tctx->gssapi_keytab = isc_mem_strdup(mctx, s);
if (tctx->gssapi_keytab == NULL) {
result = ISC_R_NOMEMORY;
goto failure;
}
}
*tctxp = tctx;
return (ISC_R_SUCCESS);
failure:
dns_tkeyctx_destroy(&tctx);
return (result);
}
/*
* Handle lwresd manager objects
*/
isc_result_t
ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
ns_lwresd_t **lwresdp)
{
ns_lwresd_t *lwresd;
const char *vname;
dns_rdataclass_t vclass;
const cfg_obj_t *obj, *viewobj, *searchobj;
const cfg_listelt_t *element;
isc_result_t result;
INSIST(lwresdp != NULL && *lwresdp == NULL);
lwresd = isc_mem_get(mctx, sizeof(ns_lwresd_t));
if (lwresd == NULL)
return (ISC_R_NOMEMORY);
lwresd->mctx = NULL;
isc_mem_attach(mctx, &lwresd->mctx);
lwresd->view = NULL;
lwresd->search = NULL;
lwresd->refs = 1;
obj = NULL;
(void)cfg_map_get(lwres, "ndots", &obj);
if (obj != NULL)
lwresd->ndots = cfg_obj_asuint32(obj);
else
lwresd->ndots = 1;
RUNTIME_CHECK(isc_mutex_init(&lwresd->lock) == ISC_R_SUCCESS);
lwresd->shutting_down = ISC_FALSE;
viewobj = NULL;
(void)cfg_map_get(lwres, "view", &viewobj);
if (viewobj != NULL) {
vname = cfg_obj_asstring(cfg_tuple_get(viewobj, "name"));
obj = cfg_tuple_get(viewobj, "class");
result = ns_config_getclass(obj, dns_rdataclass_in, &vclass);
if (result != ISC_R_SUCCESS)
goto fail;
} else {
vname = "_default";
vclass = dns_rdataclass_in;
}
result = dns_viewlist_find(&ns_g_server->viewlist, vname, vclass,
&lwresd->view);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
"couldn't find view %s", vname);
goto fail;
}
searchobj = NULL;
(void)cfg_map_get(lwres, "search", &searchobj);
if (searchobj != NULL) {
lwresd->search = NULL;
result = ns_lwsearchlist_create(lwresd->mctx,
&lwresd->search);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
"couldn't create searchlist");
goto fail;
}
for (element = cfg_list_first(searchobj);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *search;
const char *searchstr;
isc_buffer_t namebuf;
dns_fixedname_t fname;
dns_name_t *name;
search = cfg_listelt_value(element);
searchstr = cfg_obj_asstring(search);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_constinit(&namebuf, searchstr,
strlen(searchstr));
isc_buffer_add(&namebuf, strlen(searchstr));
result = dns_name_fromtext(name, &namebuf,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD,
ISC_LOG_WARNING,
"invalid name %s in searchlist",
searchstr);
continue;
}
result = ns_lwsearchlist_append(lwresd->search, name);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_LWRESD,
ISC_LOG_WARNING,
"couldn't update searchlist");
goto fail;
}
}
}
lwresd->magic = LWRESD_MAGIC;
*lwresdp = lwresd;
return (ISC_R_SUCCESS);
fail:
if (lwresd->view != NULL)
dns_view_detach(&lwresd->view);
if (lwresd->search != NULL)
ns_lwsearchlist_detach(&lwresd->search);
if (lwresd->mctx != NULL)
isc_mem_detach(&lwresd->mctx);
isc_mem_put(mctx, lwresd, sizeof(ns_lwresd_t));
return (result);
}
int
main(int argc, char **argv) {
UNUSED(argc);
UNUSED(argv);
rsa = RSA_new();
e = BN_new();
pkey = EVP_PKEY_new();
if ((rsa == NULL) || (e == NULL) || (pkey == NULL) ||
!EVP_PKEY_set1_RSA(pkey, rsa)) {
fprintf(stderr, "fatal error: basic OpenSSL failure\n");
exit(1);
}
/* e = 0x1000000000001 */
BN_set_bit(e, 0);
BN_set_bit(e, 48);
if (RSA_generate_key_ex(rsa, bits, e, NULL)) {
BN_free(e);
RSA_free(rsa);
} else {
fprintf(stderr,
"fatal error: RSA_generate_key_ex() fails "
"at file %s line %d\n",
__FILE__, __LINE__);
exit(1);
}
dns_result_register();
CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()");
CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()");
CHECK(isc_entropy_usebestsource(ectx, &source,
"../random.data",
ISC_ENTROPY_KEYBOARDNO),
"isc_entropy_usebestsource(\"../random.data\")");
CHECK(dst_lib_init2(mctx, ectx, NULL, 0), "dst_lib_init2()");
CHECK(isc_log_create(mctx, &log_, &logconfig), "isc_log_create()");
isc_log_setcontext(log_);
dns_log_init(log_);
dns_log_setcontext(log_);
CHECK(isc_log_settag(logconfig, "bigkey"), "isc_log_settag()");
destination.file.stream = stderr;
destination.file.name = NULL;
destination.file.versions = ISC_LOG_ROLLNEVER;
destination.file.maximum_size = 0;
CHECK(isc_log_createchannel(logconfig, "stderr",
ISC_LOG_TOFILEDESC,
level,
&destination,
ISC_LOG_PRINTTAG | ISC_LOG_PRINTLEVEL),
"isc_log_createchannel()");
CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL),
"isc_log_usechannel()");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_constinit(&buf, "example.", strlen("example."));
isc_buffer_add(&buf, strlen("example."));
CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
"dns_name_fromtext(\"example.\")");
CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA1,
bits, DNS_KEYOWNER_ZONE,
DNS_KEYPROTO_DNSSEC, dns_rdataclass_in,
pkey, mctx, &key),
"dst_key_buildinternal(...)");
CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
"dst_key_tofile()");
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
isc_buffer_clear(&buf);
CHECK(dst_key_buildfilename(key, 0, NULL, &buf),
"dst_key_buildfilename()");
printf("%s\n", filename);
dst_key_free(&key);
isc_log_destroy(&log_);
isc_log_setcontext(NULL);
dns_log_setcontext(NULL);
if (source != NULL)
isc_entropy_destroysource(&source);
isc_entropy_detach(&ectx);
dst_lib_destroy();
dns_name_destroy();
isc_mem_destroy(&mctx);
return (0);
}
ATF_TC_BODY(send, tc) {
isc_result_t result;
dns_dtenv_t *dtenv = NULL;
dns_dthandle_t handle;
isc_uint8_t *data;
size_t dsize;
unsigned char zone[DNS_NAME_MAXWIRE];
unsigned char qambuffer[4096], rambuffer[4096];
unsigned char qrmbuffer[4096], rrmbuffer[4096];
isc_buffer_t zb, qamsg, ramsg, qrmsg, rrmsg;
size_t qasize, qrsize, rasize, rrsize;
dns_fixedname_t zfname;
dns_name_t *zname;
dns_dtmsgtype_t dt;
dns_view_t *view = NULL;
dns_compress_t cctx;
isc_region_t zr;
isc_sockaddr_t addr;
struct in_addr in;
isc_stdtime_t now;
isc_time_t p, f;
UNUSED(tc);
cleanup();
result = dns_test_begin(NULL, ISC_TRUE);
ATF_REQUIRE(result == ISC_R_SUCCESS);
result = dns_test_makeview("test", &view);
result = dns_dt_create(mctx, dns_dtmode_file, TAPFILE, 1, &dtenv);
ATF_REQUIRE(result == ISC_R_SUCCESS);
dns_dt_attach(dtenv, &view->dtenv);
view->dttypes = DNS_DTTYPE_ALL;
/*
* Set up some test data
*/
dns_fixedname_init(&zfname);
zname = dns_fixedname_name(&zfname);
isc_buffer_constinit(&zb, "example.com.", 12);
isc_buffer_add(&zb, 12);
result = dns_name_fromtext(zname, &zb, NULL, 0, NULL);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
memset(&zr, 0, sizeof(zr));
isc_buffer_init(&zb, zone, sizeof(zone));
result = dns_compress_init(&cctx, -1, mctx);
dns_compress_setmethods(&cctx, DNS_COMPRESS_NONE);
result = dns_name_towire(zname, &cctx, &zb);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
dns_compress_invalidate(&cctx);
isc_buffer_usedregion(&zb, &zr);
in.s_addr = inet_addr("10.53.0.1");
isc_sockaddr_fromin(&addr, &in, 2112);
isc_stdtime_get(&now);
isc_time_set(&p, now - 3600, 0); /* past */
isc_time_set(&f, now + 3600, 0); /* future */
result = dns_test_getdata("testdata/dnstap/query.auth",
qambuffer, sizeof(qambuffer), &qasize);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_buffer_init(&qamsg, qambuffer, qasize);
isc_buffer_add(&qamsg, qasize);
result = dns_test_getdata("testdata/dnstap/response.auth",
rambuffer, sizeof(rambuffer), &rasize);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_buffer_init(&ramsg, rambuffer, rasize);
isc_buffer_add(&ramsg, rasize);
result = dns_test_getdata("testdata/dnstap/query.recursive", qrmbuffer,
sizeof(qrmbuffer), &qrsize);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_buffer_init(&qrmsg, qrmbuffer, qrsize);
isc_buffer_add(&qrmsg, qrsize);
result = dns_test_getdata("testdata/dnstap/response.recursive",
rrmbuffer, sizeof(rrmbuffer), &rrsize);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_buffer_init(&rrmsg, rrmbuffer, rrsize);
isc_buffer_add(&rrmsg, rrsize);
for (dt = DNS_DTTYPE_SQ; dt <= DNS_DTTYPE_TR; dt <<= 1) {
isc_buffer_t *m;
switch (dt) {
case DNS_DTTYPE_AQ:
m = &qamsg;
break;
case DNS_DTTYPE_AR:
m = &ramsg;
break;
default:
m = &qrmsg;
if ((dt & DNS_DTTYPE_RESPONSE) != 0)
m = &ramsg;
break;
}
dns_dt_send(view, dt, &addr, ISC_FALSE, &zr, &p, &f, m);
dns_dt_send(view, dt, &addr, ISC_FALSE, &zr, NULL, &f, m);
dns_dt_send(view, dt, &addr, ISC_FALSE, &zr, &p, NULL, m);
dns_dt_send(view, dt, &addr, ISC_FALSE, &zr, NULL, NULL, m);
dns_dt_send(view, dt, &addr, ISC_TRUE, &zr, &p, &f, m);
dns_dt_send(view, dt, &addr, ISC_TRUE, &zr, NULL, &f, m);
dns_dt_send(view, dt, &addr, ISC_TRUE, &zr, &p, NULL, m);
dns_dt_send(view, dt, &addr, ISC_TRUE, &zr, NULL, NULL, m);
}
dns_dt_detach(&view->dtenv);
dns_dt_detach(&dtenv);
dns_dt_shutdown();
dns_view_detach(&view);
/*
* XXX now read back and check content.
*/
result = dns_dt_open(TAPFILE, dns_dtmode_file, &handle);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
while (dns_dt_getframe(&handle, &data, &dsize) == ISC_R_SUCCESS) {
dns_dtdata_t *dtdata = NULL;
isc_region_t r;
static dns_dtmsgtype_t expected = DNS_DTTYPE_SQ;
static int n = 0;
r.base = data;
r.length = dsize;
result = dns_dt_parse(mctx, &r, &dtdata);
ATF_CHECK_EQ(result, ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS) {
n++;
continue;
}
ATF_CHECK_EQ(dtdata->type, expected);
if (++n % 8 == 0)
expected <<= 1;
dns_dtdata_free(&dtdata);
}
dns_dt_close(&handle);
cleanup();
dns_test_end();
}
static void
sendquery(isc_task_t *task, isc_event_t *event) {
struct in_addr inaddr;
isc_sockaddr_t address;
isc_region_t r;
isc_result_t result;
dns_fixedname_t keyname;
dns_fixedname_t ownername;
isc_buffer_t namestr, keybuf;
unsigned char keydata[9];
dns_message_t *query;
dns_request_t *request;
static char keystr[] = "0123456789ab";
isc_event_free(&event);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
CHECK("inet_pton", result);
isc_sockaddr_fromin(&address, &inaddr, PORT);
dns_fixedname_init(&keyname);
isc_buffer_constinit(&namestr, "tkeytest.", 9);
isc_buffer_add(&namestr, 9);
result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr,
NULL, 0, NULL);
CHECK("dns_name_fromtext", result);
dns_fixedname_init(&ownername);
isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str));
isc_buffer_add(&namestr, strlen(ownername_str));
result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr,
NULL, 0, NULL);
CHECK("dns_name_fromtext", result);
isc_buffer_init(&keybuf, keydata, 9);
result = isc_base64_decodestring(keystr, &keybuf);
CHECK("isc_base64_decodestring", result);
isc_buffer_usedregion(&keybuf, &r);
initialkey = NULL;
result = dns_tsigkey_create(dns_fixedname_name(&keyname),
DNS_TSIG_HMACMD5_NAME,
isc_buffer_base(&keybuf),
isc_buffer_usedlength(&keybuf),
ISC_FALSE, NULL, 0, 0, mctx, ring,
&initialkey);
CHECK("dns_tsigkey_create", result);
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
CHECK("dns_message_create", result);
result = dns_tkey_builddhquery(query, ourkey,
dns_fixedname_name(&ownername),
DNS_TSIG_HMACMD5_NAME, &nonce, 3600);
CHECK("dns_tkey_builddhquery", result);
request = NULL;
result = dns_request_create(requestmgr, query, &address,
DNS_REQUESTOPT_TCP, initialkey,
TIMEOUT, task, recvquery, query,
&request);
CHECK("dns_request_create", result);
}
ATF_TC_BODY(csync, tc) {
struct {
const char *data;
isc_boolean_t ok;
} text_data[] = {
{ "", ISC_FALSE },
{ "0", ISC_FALSE },
{ "0 0", ISC_TRUE },
{ "0 0 A", ISC_TRUE },
{ "0 0 NS", ISC_TRUE },
{ "0 0 AAAA", ISC_TRUE },
{ "0 0 A AAAA", ISC_TRUE },
{ "0 0 A NS AAAA", ISC_TRUE },
{ "0 0 A NS AAAA BOGUS", ISC_FALSE },
{ NULL, ISC_FALSE },
};
struct {
unsigned char data[64];
size_t len;
isc_boolean_t ok;
} wire_data[] = {
/* short */
{ { 0x00 }, 0, ISC_FALSE },
/* short */
{ { 0x00 }, 1, ISC_FALSE },
/* short */
{ { 0x00, 0x00 }, 2, ISC_FALSE },
/* short */
{ { 0x00, 0x00, 0x00 }, 3, ISC_FALSE },
/* short */
{ { 0x00, 0x00, 0x00, 0x00 }, 4, ISC_FALSE },
/* short */
{ { 0x00, 0x00, 0x00, 0x00, 0x00 }, 5, ISC_FALSE },
/* serial + flags only */
{ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 6, ISC_TRUE },
/* bad type map */
{ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 7, ISC_FALSE },
/* bad type map */
{ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
8, ISC_FALSE },
/* good type map */
{ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02 },
9, ISC_TRUE }
};
unsigned char buf1[1024];
unsigned char buf2[1024];
isc_buffer_t source, target1, target2;
isc_result_t result;
size_t i;
dns_rdataclass_t rdclass = dns_rdataclass_in;
dns_rdatatype_t type = dns_rdatatype_csync;
isc_lex_t *lex = NULL;
dns_rdatacallbacks_t callbacks;
dns_rdata_csync_t csync;
dns_decompress_t dctx;
UNUSED(tc);
result = dns_test_begin(NULL, ISC_FALSE);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = isc_lex_create(mctx, 64, &lex);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
dns_rdatacallbacks_init(&callbacks);
callbacks.error = error_callback;
callbacks.warn = warn_callback;
for (i = 0; text_data[i].data != NULL; i++) {
size_t length = strlen(text_data[i].data);
isc_buffer_constinit(&source, text_data[i].data, length);
isc_buffer_add(&source, length);
result = isc_lex_openbuffer(lex, &source);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_buffer_init(&target1, buf1, sizeof(buf1));
result = dns_rdata_fromtext(NULL, rdclass, type, lex,
dns_rootname, 0, NULL, &target1,
&callbacks);
if (text_data[i].ok)
ATF_CHECK_EQ(result, ISC_R_SUCCESS);
else
ATF_CHECK(result != ISC_R_SUCCESS);
}
isc_lex_destroy(&lex);
for (i = 0; i < sizeof(wire_data)/sizeof(wire_data[0]); i++) {
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_buffer_init(&source, wire_data[i].data, wire_data[i].len);
isc_buffer_add(&source, wire_data[i].len);
isc_buffer_setactive(&source, wire_data[i].len);
isc_buffer_init(&target1, buf1, sizeof(buf1));
dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY);
result = dns_rdata_fromwire(&rdata, rdclass, type, &source,
&dctx, 0, &target1);
dns_decompress_invalidate(&dctx);
if (wire_data[i].ok)
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
else
ATF_REQUIRE(result != ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS)
continue;
result = dns_rdata_tostruct(&rdata, &csync, NULL);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
isc_buffer_init(&target2, buf2, sizeof(buf2));
dns_rdata_reset(&rdata);
result = dns_rdata_fromstruct(&rdata, rdclass, type,
&csync, &target2);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
ATF_REQUIRE_EQ(isc_buffer_usedlength(&target2),
wire_data[i].len);
ATF_REQUIRE_EQ(memcmp(buf2, wire_data[i].data,
wire_data[i].len), 0);
}
}
/*% load the zone */
isc_result_t
load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
dns_masterformat_t fileformat, const char *classname,
dns_ttl_t maxttl, dns_zone_t **zonep)
{
isc_result_t result;
dns_rdataclass_t rdclass;
isc_textregion_t region;
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
dns_zone_t *zone = NULL;
REQUIRE(zonep == NULL || *zonep == NULL);
if (debug)
fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
zonename, filename, classname);
CHECK(dns_zone_create(&zone, mctx));
dns_zone_settype(zone, dns_zone_master);
isc_buffer_constinit(&buffer, zonename, strlen(zonename));
isc_buffer_add(&buffer, strlen(zonename));
dns_fixedname_init(&fixorigin);
origin = dns_fixedname_name(&fixorigin);
CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
CHECK(dns_zone_setorigin(zone, origin));
CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
CHECK(dns_zone_setfile2(zone, filename, fileformat));
if (journal != NULL)
CHECK(dns_zone_setjournal(zone, journal));
DE_CONST(classname, region.base);
region.length = strlen(classname);
CHECK(dns_rdataclass_fromtext(&rdclass, ®ion));
dns_zone_setclass(zone, rdclass);
dns_zone_setoption(zone, zone_options, ISC_TRUE);
dns_zone_setoption2(zone, zone_options2, ISC_TRUE);
dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
dns_zone_setmaxttl(zone, maxttl);
if (docheckmx)
dns_zone_setcheckmx(zone, checkmx);
if (docheckns)
dns_zone_setcheckns(zone, checkns);
if (dochecksrv)
dns_zone_setchecksrv(zone, checksrv);
CHECK(dns_zone_load(zone));
/*
* When loading map files we can't catch oversize TTLs during
* load, so we check for them here.
*/
if (fileformat == dns_masterformat_map && maxttl != 0) {
CHECK(check_ttls(zone, maxttl));
}
if (zonep != NULL) {
*zonep = zone;
zone = NULL;
}
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
return (result);
}
/*
* Create a writeable DLZ zone. This can be called by DLZ drivers
* during configure() to create a zone that can be updated. The zone
* type is set to dns_zone_dlz, which is equivalent to a master zone
*
* This function uses a callback setup in dns_dlzconfigure() to call
* into the server zone code to setup the remaining pieces of server
* specific functionality on the zone
*/
isc_result_t
dns_dlz_writeablezone(dns_view_t *view, dns_dlzdb_t *dlzdb,
const char *zone_name)
{
dns_zone_t *zone = NULL;
dns_zone_t *dupzone = NULL;
isc_result_t result;
isc_buffer_t buffer;
dns_fixedname_t fixorigin;
dns_name_t *origin;
REQUIRE(DNS_DLZ_VALID(dlzdb));
REQUIRE(dlzdb->configure_callback != NULL);
isc_buffer_constinit(&buffer, zone_name, strlen(zone_name));
isc_buffer_add(&buffer, strlen(zone_name));
dns_fixedname_init(&fixorigin);
result = dns_name_fromtext(dns_fixedname_name(&fixorigin),
&buffer, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
goto cleanup;
origin = dns_fixedname_name(&fixorigin);
if (!dlzdb->search) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
DNS_LOGMODULE_DLZ, ISC_LOG_WARNING,
"DLZ %s has 'search no;', but attempted to "
"register writeable zone %s.",
dlzdb->dlzname, zone_name);
result = ISC_R_SUCCESS;
goto cleanup;
}
/* See if the zone already exists */
result = dns_view_findzone(view, origin, &dupzone);
if (result == ISC_R_SUCCESS) {
dns_zone_detach(&dupzone);
result = ISC_R_EXISTS;
goto cleanup;
}
INSIST(dupzone == NULL);
/* Create it */
result = dns_zone_create(&zone, view->mctx);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_zone_setorigin(zone, origin);
if (result != ISC_R_SUCCESS)
goto cleanup;
dns_zone_setview(zone, view);
dns_zone_setadded(zone, ISC_TRUE);
if (dlzdb->ssutable == NULL) {
result = dns_ssutable_createdlz(dlzdb->mctx,
&dlzdb->ssutable, dlzdb);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
dns_zone_setssutable(zone, dlzdb->ssutable);
result = dlzdb->configure_callback(view, dlzdb, zone);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_view_addzone(view, zone);
cleanup:
if (zone != NULL)
dns_zone_detach(&zone);
return (result);
}
int
main(int argc, char *argv[]) {
isc_boolean_t verbose = ISC_FALSE;
isc_socketmgr_t *socketmgr;
isc_timermgr_t *timermgr;
struct in_addr inaddr;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
int ch;
isc_result_t result;
in_port_t port = 53;
RUNTIME_CHECK(isc_app_start() == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_mutex_init(&lock) == ISC_R_SUCCESS);
mctx = NULL;
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
while ((ch = isc_commandline_parse(argc, argv, "vp:")) != -1) {
switch (ch) {
case 'v':
verbose = ISC_TRUE;
break;
case 'p':
port = (unsigned int)atoi(isc_commandline_argument);
break;
}
}
RUNTIME_CHECK(isc_entropy_create(mctx, &ent) == ISC_R_SUCCESS);
RUNTIME_CHECK(dst_lib_init(mctx, ent, 0) == ISC_R_SUCCESS);
dns_result_register();
dst_result_register();
taskmgr = NULL;
RUNTIME_CHECK(isc_taskmgr_create(mctx, 2, 0, &taskmgr) ==
ISC_R_SUCCESS);
task1 = NULL;
RUNTIME_CHECK(isc_task_create(taskmgr, 0, &task1) == ISC_R_SUCCESS);
timermgr = NULL;
RUNTIME_CHECK(isc_timermgr_create(mctx, &timermgr) == ISC_R_SUCCESS);
socketmgr = NULL;
RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
RUNTIME_CHECK(isc_log_create(mctx, &lctx, &logconfig) == ISC_R_SUCCESS);
s = NULL;
RUNTIME_CHECK(isc_socket_create(socketmgr, PF_INET,
isc_sockettype_udp, &s) ==
ISC_R_SUCCESS);
inaddr.s_addr = htonl(INADDR_LOOPBACK);
isc_sockaddr_fromin(&address, &inaddr, port);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_constinit(&b, "child.example.", strlen("child.example."));
isc_buffer_add(&b, strlen("child.example."));
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
key = NULL;
result = dst_key_fromfile(name, 4017, DNS_KEYALG_DSA,
DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
NULL, mctx, &key);
CHECK("dst_key_fromfile", result);
buildquery();
(void)isc_app_run();
isc_task_shutdown(task1);
isc_task_detach(&task1);
isc_taskmgr_destroy(&taskmgr);
isc_socket_detach(&s);
isc_socketmgr_destroy(&socketmgr);
isc_timermgr_destroy(&timermgr);
dst_key_free(&key);
dst_lib_destroy();
isc_entropy_detach(&ent);
isc_log_destroy(&lctx);
if (verbose)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
DESTROYLOCK(&lock);
isc_app_finish();
return (0);
}
static void
nsec3hash(nsec3printer *nsec3print, const char *algostr, const char *flagstr,
const char *iterstr, const char *saltstr, const char *domain)
{
dns_fixedname_t fixed;
dns_name_t *name;
isc_buffer_t buffer;
isc_region_t region;
isc_result_t result;
unsigned char hash[NSEC3_MAX_HASH_LENGTH];
unsigned char salt[DNS_NSEC3_SALTSIZE];
unsigned char text[1024];
unsigned int hash_alg;
unsigned int flags;
unsigned int length;
unsigned int iterations;
unsigned int salt_length;
const char dash[] = "-";
if (strcmp(saltstr, "-") == 0) {
salt_length = 0;
salt[0] = 0;
} else {
isc_buffer_init(&buffer, salt, sizeof(salt));
result = isc_hex_decodestring(saltstr, &buffer);
check_result(result, "isc_hex_decodestring(salt)");
salt_length = isc_buffer_usedlength(&buffer);
if (salt_length > DNS_NSEC3_SALTSIZE)
fatal("salt too long");
if (salt_length == 0)
saltstr = dash;
}
hash_alg = atoi(algostr);
if (hash_alg > 255U)
fatal("hash algorithm too large");
flags = flagstr == NULL ? 0 : atoi(flagstr);
if (flags > 255U)
fatal("flags too large");
iterations = atoi(iterstr);
if (iterations > 0xffffU)
fatal("iterations to large");
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
isc_buffer_constinit(&buffer, domain, strlen(domain));
isc_buffer_add(&buffer, strlen(domain));
result = dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL);
check_result(result, "dns_name_fromtext() failed");
dns_name_downcase(name, name, NULL);
length = isc_iterated_hash(hash, hash_alg, iterations, salt,
salt_length, name->ndata, name->length);
if (length == 0)
fatal("isc_iterated_hash failed");
region.base = hash;
region.length = length;
isc_buffer_init(&buffer, text, sizeof(text));
isc_base32hexnp_totext(®ion, 1, "", &buffer);
isc_buffer_putuint8(&buffer, '\0');
nsec3print(hash_alg, flags, iterations, saltstr, domain, (char *)text);
}
static isc_result_t
configure_dnsseckeys(irs_dnsconf_t *conf, cfg_obj_t *cfgobj,
dns_rdataclass_t rdclass)
{
isc_mem_t *mctx = conf->mctx;
const cfg_obj_t *keys = NULL;
const cfg_obj_t *key, *keylist;
dns_fixedname_t fkeyname;
dns_name_t *keyname_base, *keyname;
const cfg_listelt_t *element, *element2;
isc_result_t result;
isc_uint32_t flags, proto, alg;
const char *keystr, *keynamestr;
unsigned char keydata[4096];
isc_buffer_t keydatabuf_base, *keydatabuf;
dns_rdata_dnskey_t keystruct;
unsigned char rrdata[4096];
isc_buffer_t rrdatabuf;
isc_region_t r;
isc_buffer_t namebuf;
irs_dnsconf_dnskey_t *keyent;
cfg_map_get(cfgobj, "trusted-keys", &keys);
if (keys == NULL)
return (ISC_R_SUCCESS);
for (element = cfg_list_first(keys);
element != NULL;
element = cfg_list_next(element)) {
keylist = cfg_listelt_value(element);
for (element2 = cfg_list_first(keylist);
element2 != NULL;
element2 = cfg_list_next(element2))
{
keydatabuf = NULL;
keyname = NULL;
key = cfg_listelt_value(element2);
flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags"));
proto = cfg_obj_asuint32(cfg_tuple_get(key,
"protocol"));
alg = cfg_obj_asuint32(cfg_tuple_get(key,
"algorithm"));
keynamestr = cfg_obj_asstring(cfg_tuple_get(key,
"name"));
keystruct.common.rdclass = rdclass;
keystruct.common.rdtype = dns_rdatatype_dnskey;
keystruct.mctx = NULL;
ISC_LINK_INIT(&keystruct.common, link);
if (flags > 0xffff)
return (ISC_R_RANGE);
if (proto > 0xff)
return (ISC_R_RANGE);
if (alg > 0xff)
return (ISC_R_RANGE);
keystruct.flags = (isc_uint16_t)flags;
keystruct.protocol = (isc_uint8_t)proto;
keystruct.algorithm = (isc_uint8_t)alg;
isc_buffer_init(&keydatabuf_base, keydata,
sizeof(keydata));
isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
/* Configure key value */
keystr = cfg_obj_asstring(cfg_tuple_get(key, "key"));
result = isc_base64_decodestring(keystr,
&keydatabuf_base);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_usedregion(&keydatabuf_base, &r);
keystruct.datalen = r.length;
keystruct.data = r.base;
result = dns_rdata_fromstruct(NULL,
keystruct.common.rdclass,
keystruct.common.rdtype,
&keystruct, &rrdatabuf);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_usedregion(&rrdatabuf, &r);
result = isc_buffer_allocate(mctx, &keydatabuf,
r.length);
if (result != ISC_R_SUCCESS)
return (result);
result = isc_buffer_copyregion(keydatabuf, &r);
if (result != ISC_R_SUCCESS)
goto cleanup;
/* Configure key name */
dns_fixedname_init(&fkeyname);
keyname_base = dns_fixedname_name(&fkeyname);
isc_buffer_constinit(&namebuf, keynamestr,
strlen(keynamestr));
isc_buffer_add(&namebuf, strlen(keynamestr));
result = dns_name_fromtext(keyname_base, &namebuf,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
return (result);
keyname = isc_mem_get(mctx, sizeof(*keyname));
if (keyname == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup;
}
dns_name_init(keyname, NULL);
result = dns_name_dup(keyname_base, mctx, keyname);
if (result != ISC_R_SUCCESS)
goto cleanup;
/* Add the key data to the list */
keyent = isc_mem_get(mctx, sizeof(*keyent));
if (keyent == NULL) {
dns_name_free(keyname, mctx);
result = ISC_R_NOMEMORY;
goto cleanup;
}
keyent->keyname = keyname;
keyent->keydatabuf = keydatabuf;
ISC_LIST_APPEND(conf->trusted_keylist, keyent, link);
}
}
return (ISC_R_SUCCESS);
cleanup:
if (keydatabuf != NULL)
isc_buffer_free(&keydatabuf);
if (keyname != NULL)
isc_mem_put(mctx, keyname, sizeof(*keyname));
return (result);
}
static isc_result_t
add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
isc_mem_t *mctx)
{
dns_tsigkey_t *tsigkey = NULL;
const cfg_listelt_t *element;
const cfg_obj_t *key = NULL;
const char *keyid = NULL;
unsigned char *secret = NULL;
int secretalloc = 0;
int secretlen = 0;
isc_result_t ret;
isc_stdtime_t now;
isc_uint16_t bits;
for (element = cfg_list_first(list);
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL;
dns_name_t keyname;
dns_name_t *alg;
const char *algstr;
char keynamedata[1024];
isc_buffer_t keynamesrc, keynamebuf;
const char *secretstr;
isc_buffer_t secretbuf;
key = cfg_listelt_value(element);
keyid = cfg_obj_asstring(cfg_map_getname(key));
algobj = NULL;
secretobj = NULL;
(void)cfg_map_get(key, "algorithm", &algobj);
(void)cfg_map_get(key, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL);
/*
* Create the key name.
*/
dns_name_init(&keyname, NULL);
isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
isc_buffer_add(&keynamesrc, strlen(keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
DNS_NAME_DOWNCASE, &keynamebuf);
if (ret != ISC_R_SUCCESS)
goto failure;
/*
* Create the algorithm.
*/
algstr = cfg_obj_asstring(algobj);
if (ns_config_getkeyalgorithm(algstr, &alg, &bits)
!= ISC_R_SUCCESS) {
cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR,
"key '%s': has a unsupported algorithm '%s'",
keyid, algstr);
ret = DNS_R_BADALG;
goto failure;
}
secretstr = cfg_obj_asstring(secretobj);
secretalloc = secretlen = strlen(secretstr) * 3 / 4;
secret = isc_mem_get(mctx, secretlen);
if (secret == NULL) {
ret = ISC_R_NOMEMORY;
goto failure;
}
isc_buffer_init(&secretbuf, secret, secretlen);
ret = isc_base64_decodestring(secretstr, &secretbuf);
if (ret != ISC_R_SUCCESS)
goto failure;
secretlen = isc_buffer_usedlength(&secretbuf);
isc_stdtime_get(&now);
ret = dns_tsigkey_create(&keyname, alg, secret, secretlen,
ISC_FALSE, NULL, now, now,
mctx, ring, &tsigkey);
isc_mem_put(mctx, secret, secretalloc);
secret = NULL;
if (ret != ISC_R_SUCCESS)
goto failure;
/*
* Set digest bits.
*/
dst_key_setbits(tsigkey->key, bits);
dns_tsigkey_detach(&tsigkey);
}
return (ISC_R_SUCCESS);
failure:
cfg_obj_log(key, ns_g_lctx, ISC_LOG_ERROR,
"configuring key '%s': %s", keyid,
isc_result_totext(ret));
if (secret != NULL)
isc_mem_put(mctx, secret, secretalloc);
return (ret);
}
