isccc_sexpr_t * isccc_alist_define(isccc_sexpr_t *alist, const char *key, isccc_sexpr_t *value) { isccc_sexpr_t *kv, *k, *elt; kv = isccc_alist_assq(alist, key); if (kv == NULL) { /* * New association. */ k = isccc_sexpr_fromstring(key); if (k == NULL) return (NULL); kv = isccc_sexpr_cons(k, value); if (kv == NULL) { isccc_sexpr_free(&kv); return (NULL); } elt = isccc_sexpr_addtolist(&alist, kv); if (elt == NULL) { isccc_sexpr_free(&kv); return (NULL); } } else { /* * We've already got an entry for this key. Replace it. */ isccc_sexpr_free(&CDR(kv)); CDR(kv) = value; } return (kv); }
void isccc_sexpr_free(isccc_sexpr_t **sexprp) { isccc_sexpr_t *sexpr; isccc_sexpr_t *item; sexpr = *sexprp; if (sexpr == NULL) return; switch (sexpr->type) { case ISCCC_SEXPRTYPE_STRING: free(sexpr->value.as_string); break; case ISCCC_SEXPRTYPE_DOTTEDPAIR: item = CAR(sexpr); if (item != NULL) isccc_sexpr_free(&item); item = CDR(sexpr); if (item != NULL) isccc_sexpr_free(&item); break; case ISCCC_SEXPRTYPE_BINARY: free(sexpr->value.as_region.rstart); break; } free(sexpr); *sexprp = NULL; }
static isc_result_t list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp) { isccc_sexpr_t *list, *value; isc_result_t result; list = NULL; while (!REGION_EMPTY(*source)) { value = NULL; result = value_fromwire(source, &value); if (result != ISC_R_SUCCESS) { isccc_sexpr_free(&list); return (result); } if (isccc_sexpr_addtolist(&list, value) == NULL) { isccc_sexpr_free(&value); isccc_sexpr_free(&list); return (result); } } *listp = list; return (ISC_R_SUCCESS); }
static isc_result_t createmessage(isc_uint32_t version, const char *from, const char *to, isc_uint32_t serial, isccc_time_t now, isccc_time_t expires, isccc_sexpr_t **alistp, isc_boolean_t want_expires) { isccc_sexpr_t *alist, *_ctrl, *_data; isc_result_t result; REQUIRE(alistp != NULL && *alistp == NULL); if (version != 1) return (ISCCC_R_UNKNOWNVERSION); alist = isccc_alist_create(); if (alist == NULL) return (ISC_R_NOMEMORY); result = ISC_R_NOMEMORY; _ctrl = isccc_alist_create(); if (_ctrl == NULL) goto bad; if (isccc_alist_define(alist, "_ctrl", _ctrl) == NULL) { isccc_sexpr_free(&_ctrl); goto bad; } _data = isccc_alist_create(); if (_data == NULL) goto bad; if (isccc_alist_define(alist, "_data", _data) == NULL) { isccc_sexpr_free(&_data); goto bad; } if (isccc_cc_defineuint32(_ctrl, "_ser", serial) == NULL || isccc_cc_defineuint32(_ctrl, "_tim", now) == NULL || (want_expires && isccc_cc_defineuint32(_ctrl, "_exp", expires) == NULL)) goto bad; if (from != NULL && isccc_cc_definestring(_ctrl, "_frm", from) == NULL) goto bad; if (to != NULL && isccc_cc_definestring(_ctrl, "_to", to) == NULL) goto bad; *alistp = alist; return (ISC_R_SUCCESS); bad: isccc_sexpr_free(&alist); return (result); }
isc_result_t isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now, isccc_time_t expires, isccc_sexpr_t **alistp) { char *_frm, *_to, *type = NULL; isc_uint32_t serial; isccc_sexpr_t *alist, *_ctrl, *_data; isc_result_t result; REQUIRE(alistp != NULL && *alistp == NULL); _ctrl = isccc_alist_lookup(message, "_ctrl"); _data = isccc_alist_lookup(message, "_data"); if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) || isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS) return (ISC_R_FAILURE); /* * _frm and _to are optional. */ _frm = NULL; (void)isccc_cc_lookupstring(_ctrl, "_frm", &_frm); _to = NULL; (void)isccc_cc_lookupstring(_ctrl, "_to", &_to); /* * Create the response. */ alist = NULL; result = isccc_cc_createmessage(1, _to, _frm, serial, now, expires, &alist); if (result != ISC_R_SUCCESS) return (result); _ctrl = isccc_alist_lookup(alist, "_ctrl"); if (_ctrl == NULL) { result = ISC_R_FAILURE; goto bad; } _data = isccc_alist_lookup(alist, "_data"); if (_data == NULL) { result = ISC_R_FAILURE; goto bad; } if (isccc_cc_definestring(_ctrl, "_rpl", "1") == NULL || isccc_cc_definestring(_data, "type", type) == NULL) { result = ISC_R_NOMEMORY; goto bad; } *alistp = alist; return (ISC_R_SUCCESS); bad: isccc_sexpr_free(&alist); return (result); }
void isccc_alist_delete(isccc_sexpr_t *alist, const char *key) { isccc_sexpr_t *car, *caar, *rest, *prev; REQUIRE(isccc_alist_alistp(alist)); prev = alist; rest = CDR(alist); while (rest != NULL) { INSIST(rest->type == ISCCC_SEXPRTYPE_DOTTEDPAIR); car = CAR(rest); INSIST(car != NULL && car->type == ISCCC_SEXPRTYPE_DOTTEDPAIR); caar = CAR(car); if (caar->type == ISCCC_SEXPRTYPE_STRING && strcmp(caar->value.as_string, key) == 0) { CDR(prev) = CDR(rest); CDR(rest) = NULL; isccc_sexpr_free(&rest); break; } prev = rest; rest = CDR(rest); } }
static isc_result_t table_fromwire(isccc_region_t *source, isccc_region_t *secret, isc_uint32_t algorithm, isccc_sexpr_t **alistp) { char key[256]; isc_uint32_t len; isc_result_t result; isccc_sexpr_t *alist, *value; isc_boolean_t first_tag; unsigned char *checksum_rstart; REQUIRE(alistp != NULL && *alistp == NULL); checksum_rstart = NULL; first_tag = ISC_TRUE; alist = isccc_alist_create(); if (alist == NULL) return (ISC_R_NOMEMORY); while (!REGION_EMPTY(*source)) { GET8(len, source->rstart); if (REGION_SIZE(*source) < len) { result = ISC_R_UNEXPECTEDEND; goto bad; } GET_MEM(key, len, source->rstart); key[len] = '\0'; /* Ensure NUL termination. */ value = NULL; result = value_fromwire(source, &value); if (result != ISC_R_SUCCESS) goto bad; if (isccc_alist_define(alist, key, value) == NULL) { result = ISC_R_NOMEMORY; goto bad; } if (first_tag && secret != NULL && strcmp(key, "_auth") == 0) checksum_rstart = source->rstart; first_tag = ISC_FALSE; } if (secret != NULL) { if (checksum_rstart != NULL) result = verify(alist, checksum_rstart, (unsigned int) (source->rend - checksum_rstart), algorithm, secret); else result = ISCCC_R_BADAUTH; } else result = ISC_R_SUCCESS; bad: if (result == ISC_R_SUCCESS) *alistp = alist; else isccc_sexpr_free(&alist); return (result); }
static void rndc_recvdone(isc_task_t *task, isc_event_t *event) { isccc_sexpr_t *response = NULL; isccc_sexpr_t *data; isccc_region_t source; char *errormsg = NULL; char *textmsg = NULL; isc_result_t result; recvs--; if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" "This may indicate that\n" "* the remote server is using an older version of" " the command protocol,\n" "* this host is not authorized to connect,\n" "* the clocks are not synchronized, or\n" "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); source.rstart = isc_buffer_base(&ccmsg.buffer); source.rend = isc_buffer_used(&ccmsg.buffer); DO("parse message", isccc_cc_fromwire(&source, &response, algorithm, &secret)); data = isccc_alist_lookup(response, "_data"); if (data == NULL) fatal("no data section in response"); result = isccc_cc_lookupstring(data, "err", &errormsg); if (result == ISC_R_SUCCESS) { failed = ISC_TRUE; fprintf(stderr, "%s: '%s' failed: %s\n", progname, command, errormsg); } else if (result != ISC_R_NOTFOUND) fprintf(stderr, "%s: parsing response failed: %s\n", progname, isc_result_totext(result)); result = isccc_cc_lookupstring(data, "text", &textmsg); if (result == ISC_R_SUCCESS) { if ((!quiet || failed) && strlen(textmsg) != 0U) fprintf(failed ? stderr : stdout, "%s\n", textmsg); } else if (result != ISC_R_NOTFOUND) fprintf(stderr, "%s: parsing response failed: %s\n", progname, isc_result_totext(result)); isc_event_free(&event); isccc_sexpr_free(&response); if (sends == 0 && recvs == 0) { isc_socket_detach(&sock); isc_task_shutdown(task); RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); } }
isc_result_t isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok, isccc_sexpr_t **ackp) { char *_frm, *_to; isc_uint32_t serial; isccc_sexpr_t *ack, *_ctrl; isc_result_t result; isccc_time_t t; REQUIRE(ackp != NULL && *ackp == NULL); _ctrl = isccc_alist_lookup(message, "_ctrl"); if (!isccc_alist_alistp(_ctrl) || isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS || isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS) return (ISC_R_FAILURE); /* * _frm and _to are optional. */ _frm = NULL; (void)isccc_cc_lookupstring(_ctrl, "_frm", &_frm); _to = NULL; (void)isccc_cc_lookupstring(_ctrl, "_to", &_to); /* * Create the ack. */ ack = NULL; result = createmessage(1, _to, _frm, serial, t, 0, &ack, ISC_FALSE); if (result != ISC_R_SUCCESS) return (result); _ctrl = isccc_alist_lookup(ack, "_ctrl"); if (_ctrl == NULL) { result = ISC_R_FAILURE; goto bad; } if (isccc_cc_definestring(ack, "_ack", (ok) ? "1" : "0") == NULL) { result = ISC_R_NOMEMORY; goto bad; } *ackp = ack; return (ISC_R_SUCCESS); bad: isccc_sexpr_free(&ack); return (result); }
isccc_sexpr_t * isccc_alist_definebinary(isccc_sexpr_t *alist, const char *key, isccc_region_t *r) { isccc_sexpr_t *v, *kv; v = isccc_sexpr_frombinary(r); if (v == NULL) return (NULL); kv = isccc_alist_define(alist, key, v); if (kv == NULL) isccc_sexpr_free(&v); return (kv); }
isccc_sexpr_t * isccc_alist_definestring(isccc_sexpr_t *alist, const char *key, const char *str) { isccc_sexpr_t *v, *kv; v = isccc_sexpr_fromstring(str); if (v == NULL) return (NULL); kv = isccc_alist_define(alist, key, v); if (kv == NULL) isccc_sexpr_free(&v); return (kv); }
isccc_sexpr_t * isccc_alist_create(void) { isccc_sexpr_t *alist, *tag; tag = isccc_sexpr_fromstring(ALIST_TAG); if (tag == NULL) return (NULL); alist = isccc_sexpr_cons(tag, NULL); if (alist == NULL) { isccc_sexpr_free(&tag); return (NULL); } return (alist); }
static void control_recvmessage(isc_task_t *task, isc_event_t *event) { controlconnection_t *conn; controllistener_t *listener; controlkey_t *key; isccc_sexpr_t *request = NULL; isccc_sexpr_t *response = NULL; isc_uint32_t algorithm; isccc_region_t secret; isc_stdtime_t now; isc_buffer_t b; isc_region_t r; isc_buffer_t *text; isc_result_t result; isc_result_t eresult; isccc_sexpr_t *_ctrl; isccc_time_t sent; isccc_time_t exp; isc_uint32_t nonce; isccc_sexpr_t *data; REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG); conn = event->ev_arg; listener = conn->listener; algorithm = DST_ALG_UNKNOWN; secret.rstart = NULL; text = NULL; /* Is the server shutting down? */ if (listener->controls->shuttingdown) goto cleanup; if (conn->ccmsg.result != ISC_R_SUCCESS) { if (conn->ccmsg.result != ISC_R_CANCELED && conn->ccmsg.result != ISC_R_EOF) log_invalid(&conn->ccmsg, conn->ccmsg.result); goto cleanup; } request = NULL; for (key = ISC_LIST_HEAD(listener->keys); key != NULL; key = ISC_LIST_NEXT(key, link)) { isccc_region_t ccregion; ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; memmove(secret.rstart, key->secret.base, key->secret.length); secret.rend = secret.rstart + key->secret.length; algorithm = key->algorithm; result = isccc_cc_fromwire(&ccregion, &request, algorithm, &secret); if (result == ISC_R_SUCCESS) break; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); if (result != ISCCC_R_BADAUTH) { log_invalid(&conn->ccmsg, result); goto cleanup; } } if (key == NULL) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); goto cleanup; } /* We shouldn't be getting a reply. */ if (isccc_cc_isreply(request)) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } isc_stdtime_get(&now); /* * Limit exposure to replay attacks. */ _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); goto cleanup_request; } } else { log_invalid(&conn->ccmsg, ISC_R_FAILURE); goto cleanup_request; } /* * Expire messages that are too old. */ if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && now > exp) { log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); goto cleanup_request; } /* * Duplicate suppression (required for UDP). */ isccc_cc_cleansymtab(listener->controls->symtab, now); result = isccc_cc_checkdup(listener->controls->symtab, request, now); if (result != ISC_R_SUCCESS) { if (result == ISC_R_EXISTS) result = ISCCC_R_DUPLICATE; log_invalid(&conn->ccmsg, result); goto cleanup_request; } if (conn->nonce != 0 && (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || conn->nonce != nonce)) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); goto cleanup_request; } result = isc_buffer_allocate(listener->mctx, &text, 2 * 2048); if (result != ISC_R_SUCCESS) goto cleanup_request; /* * Establish nonce. */ if (conn->nonce == 0) { while (conn->nonce == 0) isc_random_get(&conn->nonce); eresult = ISC_R_SUCCESS; } else eresult = ns_control_docommand(request, &text); result = isccc_cc_createresponse(request, now, now + 60, &response); if (result != ISC_R_SUCCESS) goto cleanup_request; data = isccc_alist_lookup(response, "_data"); if (data != NULL) { if (isccc_cc_defineuint32(data, "result", eresult) == NULL) goto cleanup_response; } if (eresult != ISC_R_SUCCESS) { if (data != NULL) { const char *estr = isc_result_totext(eresult); if (isccc_cc_definestring(data, "err", estr) == NULL) goto cleanup_response; } } if (isc_buffer_usedlength(text) > 0) { if (data != NULL) { char *str = (char *)isc_buffer_base(text); if (isccc_cc_definestring(data, "text", str) == NULL) goto cleanup_response; } } _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL || isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) goto cleanup_response; if (conn->buffer == NULL) { result = isc_buffer_allocate(listener->mctx, &conn->buffer, 2 * 2048); if (result != ISC_R_SUCCESS) goto cleanup_response; } isc_buffer_clear(conn->buffer); /* Skip the length field (4 bytes) */ isc_buffer_add(conn->buffer, 4); result = isccc_cc_towire(response, &conn->buffer, algorithm, &secret); if (result != ISC_R_SUCCESS) goto cleanup_response; isc_buffer_init(&b, conn->buffer->base, 4); isc_buffer_putuint32(&b, conn->buffer->used - 4); r.base = conn->buffer->base; r.length = conn->buffer->used; result = isc_socket_send(conn->sock, &r, task, control_senddone, conn); if (result != ISC_R_SUCCESS) goto cleanup_response; conn->sending = ISC_TRUE; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); isccc_sexpr_free(&request); isccc_sexpr_free(&response); isc_buffer_free(&text); return; cleanup_response: isccc_sexpr_free(&response); cleanup_request: isccc_sexpr_free(&request); isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); if (text != NULL) isc_buffer_free(&text); cleanup: isc_socket_detach(&conn->sock); isccc_ccmsg_invalidate(&conn->ccmsg); conn->ccmsg_valid = ISC_FALSE; maybe_free_connection(conn); maybe_free_listener(listener); }
static void rndc_recvnonce(isc_task_t *task, isc_event_t *event) { isccc_sexpr_t *response = NULL; isccc_sexpr_t *_ctrl; isccc_region_t source; isc_result_t result; isc_uint32_t nonce; isccc_sexpr_t *request = NULL; isccc_time_t now; isc_region_t r; isccc_sexpr_t *data; isccc_region_t message; isc_uint32_t len; isc_buffer_t b; recvs--; if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" "This may indicate that the remote server is using " "an older version of \n" "the command protocol, this host is not authorized " "to connect,\nor the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); source.rstart = isc_buffer_base(&ccmsg.buffer); source.rend = isc_buffer_used(&ccmsg.buffer); DO("parse message", isccc_cc_fromwire(&source, &response, &secret)); _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); nonce = 0; if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) nonce = 0; isc_stdtime_get(&now); DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, now, now + 60, &request)); data = isccc_alist_lookup(request, "_data"); if (data == NULL) fatal("_data section missing"); if (isccc_cc_definestring(data, "type", args) == NULL) fatal("out of memory"); if (nonce != 0) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL) fatal("out of memory"); } message.rstart = databuf + 4; message.rend = databuf + sizeof(databuf); DO("render message", isccc_cc_towire(request, &message, &secret)); len = sizeof(databuf) - REGION_SIZE(message); isc_buffer_init(&b, databuf, 4); isc_buffer_putuint32(&b, len - 4); r.length = len; r.base = databuf; isccc_ccmsg_cancelread(&ccmsg); DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, rndc_recvdone, NULL)); recvs++; DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, NULL)); sends++; isc_event_free(&event); isccc_sexpr_free(&response); return; }
static void rndc_recvnonce(isc_task_t *task, isc_event_t *event) { isccc_sexpr_t *response = NULL; isccc_sexpr_t *_ctrl; isccc_region_t source; isc_result_t result; isc_uint32_t nonce; isccc_sexpr_t *request = NULL; isccc_time_t now; isc_region_t r; isccc_sexpr_t *data; isc_buffer_t b; recvs--; if (ccmsg.result == ISC_R_EOF) fatal("connection to remote host closed\n" "This may indicate that\n" "* the remote server is using an older version of" " the command protocol,\n" "* this host is not authorized to connect,\n" "* the clocks are not synchronized,\n" "* the key signing algorithm is incorrect, or\n" "* the key is invalid."); if (ccmsg.result != ISC_R_SUCCESS) fatal("recv failed: %s", isc_result_totext(ccmsg.result)); source.rstart = isc_buffer_base(&ccmsg.buffer); source.rend = isc_buffer_used(&ccmsg.buffer); DO("parse message", isccc_cc_fromwire(&source, &response, algorithm, &secret)); _ctrl = isccc_alist_lookup(response, "_ctrl"); if (!isccc_alist_alistp(_ctrl)) fatal("bad or missing ctrl section in response"); nonce = 0; if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) nonce = 0; isc_stdtime_get(&now); DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, now, now + 60, &request)); data = isccc_alist_lookup(request, "_data"); if (data == NULL) fatal("_data section missing"); if (isccc_cc_definestring(data, "type", args) == NULL) fatal("out of memory"); if (nonce != 0) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) fatal("_ctrl section missing"); if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL) fatal("out of memory"); } isc_buffer_clear(databuf); /* Skip the length field (4 bytes) */ isc_buffer_add(databuf, 4); DO("render message", isccc_cc_towire(request, &databuf, algorithm, &secret)); isc_buffer_init(&b, databuf->base, 4); isc_buffer_putuint32(&b, databuf->used - 4); r.base = databuf->base; r.length = databuf->used; isccc_ccmsg_cancelread(&ccmsg); DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, rndc_recvdone, NULL)); recvs++; DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, NULL)); sends++; isc_event_free(&event); isccc_sexpr_free(&response); return; }