/** * Publish the NSEC3 parameters as indicated by the signer configuration. * */ ods_status zone_publish_nsec3param(zone_type* zone) { rrset_type* rrset = NULL; rr_type* n3prr = NULL; ldns_rr* rr = NULL; ods_status status = ODS_STATUS_OK; if (!zone || !zone->name || !zone->db || !zone->signconf) { return ODS_STATUS_ASSERT_ERR; } if (!zone->signconf->nsec3params) { /* NSEC */ ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC); return ODS_STATUS_OK; } if (!zone->signconf->nsec3params->rr) { rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS); if (!rr) { ods_log_error("[%s] unable to publish nsec3params for zone %s: " "error creating rr (%s)", zone_str, zone->name, ods_status2str(status)); return ODS_STATUS_MALLOC_ERR; } ldns_rr_set_class(rr, zone->klass); ldns_rr_set_ttl(rr, 0); ldns_rr_set_owner(rr, ldns_rdf_clone(zone->apex)); ldns_nsec3_add_param_rdfs(rr, zone->signconf->nsec3params->algorithm, 0, zone->signconf->nsec3params->iterations, zone->signconf->nsec3params->salt_len, zone->signconf->nsec3params->salt_data); /** * Always set bit 7 of the flags to zero, * according to rfc5155 section 11 */ ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(rr, 1)), 7, 0); zone->signconf->nsec3params->rr = rr; } ods_log_assert(zone->signconf->nsec3params->rr); status = zone_add_rr(zone, zone->signconf->nsec3params->rr, 0); if (status == ODS_STATUS_UNCHANGED) { /* rr already exists, adjust pointer */ rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS); ods_log_assert(rrset); n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr); ods_log_assert(n3prr); if (n3prr->rr != zone->signconf->nsec3params->rr) { ldns_rr_free(zone->signconf->nsec3params->rr); } zone->signconf->nsec3params->rr = n3prr->rr; status = ODS_STATUS_OK; } else if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to publish nsec3params for zone %s: " "error adding nsec3params (%s)", zone_str, zone->name, ods_status2str(status)); } return status; }
/** * Update DNS output adapter. * */ ods_status dnsout_update(dnsout_type** addns, const char* filename, time_t* last_mod) { dnsout_type* new_addns = NULL; time_t st_mtime = 0; ods_status status = ODS_STATUS_OK; if (!filename || !addns || !last_mod) { return ODS_STATUS_UNCHANGED; } /* read the new signer configuration */ new_addns = dnsout_create(); if (!new_addns) { ods_log_error("[%s] unable to update dnsout: dnsout_create() " "failed", adapter_str); return ODS_STATUS_ERR; } status = dnsout_read(new_addns, filename); if (status == ODS_STATUS_OK) { *addns = new_addns; *last_mod = st_mtime; } else { ods_log_error("[%s] unable to update dnsout: dnsout_read(%s) " "failed (%s)", adapter_str, filename, ods_status2str(status)); dnsout_cleanup(new_addns); } return status; }
/** * Update serial. * */ ods_status zone_update_serial(zone_type* zone) { ods_status status = ODS_STATUS_OK; rrset_type* rrset = NULL; rr_type* soa = NULL; ldns_rr* rr = NULL; ldns_rdf* soa_rdata = NULL; ods_log_assert(zone); ods_log_assert(zone->apex); ods_log_assert(zone->name); ods_log_assert(zone->db); ods_log_assert(zone->signconf); if (zone->db->serial_updated) { /* already done, unmark and return ok */ ods_log_debug("[%s] zone %s soa serial already up to date", zone_str, zone->name); zone->db->serial_updated = 0; return ODS_STATUS_OK; } rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_SOA); ods_log_assert(rrset); ods_log_assert(rrset->rrs); ods_log_assert(rrset->rrs[0].rr); rr = ldns_rr_clone(rrset->rrs[0].rr); if (!rr) { ods_log_error("[%s] unable to update zone %s soa serial: failed to " "clone soa rr", zone_str, zone->name); return ODS_STATUS_ERR; } status = namedb_update_serial(zone->db, zone->signconf->soa_serial, zone->db->inbserial); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to update zone %s soa serial: %s", zone_str, zone->name, ods_status2str(status)); ldns_rr_free(rr); return status; } ods_log_verbose("[%s] zone %s set soa serial to %u", zone_str, zone->name, zone->db->intserial); soa_rdata = ldns_rr_set_rdf(rr, ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, zone->db->intserial), SE_SOA_RDATA_SERIAL); if (soa_rdata) { ldns_rdf_deep_free(soa_rdata); soa_rdata = NULL; } else { ods_log_error("[%s] unable to update zone %s soa serial: failed to " "replace soa serial rdata", zone_str, zone->name); ldns_rr_free(rr); return ODS_STATUS_ERR; } soa = rrset_add_rr(rrset, rr); ods_log_assert(soa); rrset_diff(rrset, 0, 0); zone->db->serial_updated = 0; return ODS_STATUS_OK; }
/** * Read DNS output adapter. * */ static ods_status dnsout_read(dnsout_type* addns, const char* filename) { const char* rngfile = ODS_SE_RNGDIR "/addns.rng"; ods_status status = ODS_STATUS_OK; FILE* fd = NULL; if (!filename || !addns) { return ODS_STATUS_ASSERT_ERR; } ods_log_debug("[%s] read dnsout file %s", adapter_str, filename); status = parse_file_check(filename, rngfile); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to read dnsout: parse error in " "file %s (%s)", adapter_str, filename, ods_status2str(status)); return status; } fd = ods_fopen(filename, NULL, "r"); if (fd) { addns->tsig = parse_addns_tsig(addns->allocator, filename); addns->provide_xfr = parse_addns_provide_xfr(addns->allocator, filename, addns->tsig); addns->do_notify = parse_addns_do_notify(addns->allocator, filename, addns->tsig); ods_fclose(fd); return ODS_STATUS_OK; } ods_log_error("[%s] unable to read dnsout: failed to open file %s", adapter_str, filename); return ODS_STATUS_ERR; }
/** * Load zone signconf. * */ ods_status tools_signconf(zone_type* zone) { ods_status status = ODS_STATUS_OK; signconf_type* new_signconf = NULL; ods_log_assert(zone); ods_log_assert(zone->name); status = zone_load_signconf(zone, &new_signconf); if (status == ODS_STATUS_OK) { ods_log_assert(new_signconf); /* Denial of Existence Rollover? */ if (signconf_compare_denial(zone->signconf, new_signconf) == TASK_NSECIFY) { /** * Or NSEC -> NSEC3, or NSEC3 -> NSEC, or NSEC3 params changed. * All NSEC(3)s become invalid. */ namedb_wipe_denial(zone->db); namedb_cleanup_denials(zone->db); namedb_init_denials(zone->db); } /* all ok, switch signer configuration */ signconf_cleanup(zone->signconf); ods_log_debug("[%s] zone %s switch to new signconf", tools_str, zone->name); zone->signconf = new_signconf; signconf_log(zone->signconf, zone->name); zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min); } else if (status != ODS_STATUS_UNCHANGED) { ods_log_error("[%s] unable to load signconf for zone %s: %s", tools_str, zone->name, ods_status2str(status)); } return status; }
/** * Update zone list. * */ ods_status zonelist_update(zonelist_type* zl, const char* zlfile) { zonelist_type* new_zlist = NULL; allocator_type* tmp_alloc = NULL; time_t st_mtime = 0; ods_status status = ODS_STATUS_OK; char* datestamp = NULL; ods_log_debug("[%s] update zone list", zl_str); if (!zl|| !zl->zones || !zlfile) { return ODS_STATUS_ASSERT_ERR; } /* is the file updated? */ st_mtime = ods_file_lastmodified(zlfile); if (st_mtime <= zl->last_modified) { (void)time_datestamp(zl->last_modified, "%Y-%m-%d %T", &datestamp); ods_log_debug("[%s] zonelist file %s is unchanged since %s", zl_str, zlfile, datestamp?datestamp:"Unknown"); free((void*)datestamp); return ODS_STATUS_UNCHANGED; } /* create new zonelist */ tmp_alloc = allocator_create(malloc, free); if (!tmp_alloc) { return ODS_STATUS_MALLOC_ERR; } new_zlist = zonelist_create(tmp_alloc); if (!new_zlist) { ods_log_error("[%s] unable to update zonelist: zonelist_create() " "failed", zl_str); allocator_cleanup(tmp_alloc); return ODS_STATUS_ERR; } /* read zonelist */ status = zonelist_read(new_zlist, zlfile); if (status == ODS_STATUS_OK) { zl->just_removed = 0; zl->just_added = 0; zl->just_updated = 0; new_zlist->last_modified = st_mtime; zonelist_merge(zl, new_zlist); (void)time_datestamp(zl->last_modified, "%Y-%m-%d %T", &datestamp); ods_log_debug("[%s] file %s is modified since %s", zl_str, zlfile, datestamp?datestamp:"Unknown"); free((void*)datestamp); } else { ods_log_error("[%s] unable to update zonelist: read file %s failed " "(%s)", zl_str, zlfile, ods_status2str(status)); } zonelist_free(new_zlist); allocator_cleanup(tmp_alloc); return status; }
/** * Start dns handler listener. * */ ods_status dnshandler_listen(dnshandler_type* dnshandler) { ods_status status = ODS_STATUS_OK; ods_log_assert(dnshandler); status = sock_listen(dnshandler->socklist, dnshandler->interfaces); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to start: sock_listen() " "failed (%s)", dnsh_str, ods_status2str(status)); dnshandler->thread_id = 0; } return status; }
/** * Load signer configuration for zone. * */ ods_status zone_load_signconf(zone_type* zone, signconf_type** new_signconf) { ods_status status = ODS_STATUS_OK; signconf_type* signconf = NULL; char* datestamp = NULL; if (!zone || !zone->name || !zone->signconf) { return ODS_STATUS_ASSERT_ERR; } if (!zone->signconf_filename) { ods_log_warning("[%s] zone %s has no signconf filename, treat as " "insecure?", zone_str, zone->name); return ODS_STATUS_INSECURE; } status = signconf_update(&signconf, zone->signconf_filename, zone->signconf->last_modified); if (status == ODS_STATUS_OK) { if (!signconf) { /* this is unexpected */ ods_log_alert("[%s] unable to load signconf for zone %s: signconf " "status ok but no signconf stored", zone_str, zone->name); return ODS_STATUS_ASSERT_ERR; } (void)time_datestamp(signconf->last_modified, "%Y-%m-%d %T", &datestamp); ods_log_debug("[%s] zone %s signconf file %s is modified since %s", zone_str, zone->name, zone->signconf_filename, datestamp?datestamp:"Unknown"); free((void*)datestamp); *new_signconf = signconf; } else if (status == ODS_STATUS_UNCHANGED) { (void)time_datestamp(zone->signconf->last_modified, "%Y-%m-%d %T", &datestamp); ods_log_verbose("[%s] zone %s signconf file %s is unchanged since " "%s", zone_str, zone->name, zone->signconf_filename, datestamp?datestamp:"Unknown"); free((void*)datestamp); } else { ods_log_error("[%s] unable to load signconf for zone %s: signconf %s " "%s", zone_str, zone->name, zone->signconf_filename, ods_status2str(status)); } return status; }
/** * Set up engine. * */ void engine_setup(engine_type* engine, handled_xxxx_cmd_type *commands, help_xxxx_cmd_type *help) { ods_status status; engine->commands = commands; engine->help = help; status = engine_setup_and_return_status(engine); if (status != ODS_STATUS_OK) { ods_log_error("[%s] setup failed: %s", engine_str, ods_status2str(status)); engine->need_to_exit = 1; if (status != ODS_STATUS_WRITE_PIDFILE_ERR) { /* command handler had not yet been started */ engine->cmdhandler_done = 1; } } }
/** * Create ACL. * */ acl_type* acl_create(allocator_type* allocator, char* address, char* port, char* tsig_name, tsig_type* tsig) { ods_status status = ODS_STATUS_OK; acl_type* acl = NULL; char* p = NULL; if (!allocator) { return NULL; } acl = (acl_type*) allocator_alloc(allocator, sizeof(acl_type)); if (!acl) { ods_log_error("[%s] unable to create acl: allocator_alloc() " "failed", acl_str); return NULL; } acl->address = NULL; acl->next = NULL; acl->tsig = NULL; if (tsig_name) { acl->tsig = tsig_lookup_by_name(tsig, tsig_name); if (!acl->tsig) { ods_log_error("[%s] unable to create acl: tsig %s not found", acl_str, tsig_name); acl_cleanup(acl, allocator); return NULL; } } acl->port = 0; if (port) { acl->port = atoi((const char*) port); } memset(&acl->addr, 0, sizeof(union acl_addr_storage)); memset(&acl->range_mask, 0, sizeof(union acl_addr_storage)); if (address) { acl->family = acl_parse_family(address); acl->range_type = acl_parse_range_type(address, &p); acl->address = allocator_strdup(allocator, address); if (!acl->address) { ods_log_error("[%s] unable to create acl: allocator_strdup() " "failed", acl_str); acl_cleanup(acl, allocator); return NULL; } if (acl->family == AF_INET6) { if (inet_pton(AF_INET6, acl->address, &acl->addr.addr6) != 1) { ods_log_error("[%s] unable to create acl: bad ipv6 address " "(%s)", acl_str, acl->address); acl_cleanup(acl, allocator); return NULL; } if (acl->range_type == ACL_RANGE_MASK || acl->range_type == ACL_RANGE_MINMAX) { if (inet_pton(AF_INET6, p, &acl->range_mask.addr6) != 1) { ods_log_error("[%s] unable to create acl: bad ipv6 address" " mask (%s)", acl_str, p); acl_cleanup(acl, allocator); return NULL; } } else if (acl->range_type == ACL_RANGE_SUBNET) { status = acl_parse_range_subnet(p, &acl->range_mask.addr6, 128); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to create acl: %s (%s)", acl_str, ods_status2str(status), p); acl_cleanup(acl, allocator); return NULL; } } } else if (acl->family == AF_INET) { if (inet_pton(AF_INET, acl->address, &acl->addr.addr) != 1) { ods_log_error("[%s] unable to create acl: bad ipv4 address " "(%s)", acl_str, acl->address); acl_cleanup(acl, allocator); return NULL; } if (acl->range_type == ACL_RANGE_MASK || acl->range_type == ACL_RANGE_MINMAX) { if (inet_pton(AF_INET, p, &acl->range_mask.addr) != 1) { ods_log_error("[%s] unable to create acl: bad ipv4 address" " mask (%s)", acl_str, p); acl_cleanup(acl, allocator); return NULL; } } else if (acl->range_type == ACL_RANGE_SUBNET) { status = acl_parse_range_subnet(p, &acl->range_mask.addr, 32); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to create acl: %s (%s)", acl_str, ods_status2str(status), p); acl_cleanup(acl, allocator); return NULL; } } } } acl->ixfr_disabled = 0; return acl; }
/** * Start engine. * */ void engine_start(const char* cfgfile, int cmdline_verbosity, int daemonize, int info, int single_run) { engine_type* engine = NULL; int use_syslog = 0; ods_status zl_changed = ODS_STATUS_UNCHANGED; ods_status status = ODS_STATUS_OK; int close_hsm = 0; ods_log_assert(cfgfile); ods_log_init(NULL, use_syslog, cmdline_verbosity); ods_log_verbose("[%s] starting signer", engine_str); /* initialize */ xmlInitGlobals(); xmlInitParser(); xmlInitThreads(); engine = engine_create(); if (!engine) { ods_fatal_exit("[%s] create failed", engine_str); return; } engine->daemonize = daemonize; /* config */ engine->config = engine_config(engine->allocator, cfgfile, cmdline_verbosity); status = engine_config_check(engine->config); if (status != ODS_STATUS_OK) { ods_log_error("[%s] cfgfile %s has errors", engine_str, cfgfile); goto earlyexit; } if (info) { engine_config_print(stdout, engine->config); /* for debugging */ goto earlyexit; } /* check pidfile */ if (!util_check_pidfile(engine->config->pid_filename)) { exit(1); } /* open log */ ods_log_init(engine->config->log_filename, engine->config->use_syslog, engine->config->verbosity); /* setup */ tzset(); /* for portability */ status = engine_setup(engine); if (status != ODS_STATUS_OK) { ods_log_error("[%s] setup failed: %s", engine_str, ods_status2str(status)); engine->need_to_exit = 1; if (status != ODS_STATUS_WRITE_PIDFILE_ERR) { /* command handler had not yet been started */ engine->cmdhandler_done = 1; } } else { /* setup ok, mark hsm open */ close_hsm = 1; } /* run */ while (engine->need_to_exit == 0) { /* update zone list */ lock_basic_lock(&engine->zonelist->zl_lock); zl_changed = zonelist_update(engine->zonelist, engine->config->zonelist_filename); engine->zonelist->just_removed = 0; engine->zonelist->just_added = 0; engine->zonelist->just_updated = 0; lock_basic_unlock(&engine->zonelist->zl_lock); /* start/reload */ if (engine->need_to_reload) { ods_log_info("[%s] signer reloading", engine_str); engine->need_to_reload = 0; } else { ods_log_info("[%s] signer started", engine_str); zl_changed = engine_recover(engine); } if (zl_changed == ODS_STATUS_OK || zl_changed == ODS_STATUS_UNCHANGED) { engine_update_zones(engine, zl_changed); } engine_run(engine, single_run); } /* shutdown */ ods_log_info("[%s] signer shutdown", engine_str); if (close_hsm) { ods_log_verbose("[%s] close hsm", engine_str); hsm_close(); } if (!engine->cmdhandler_done) { engine_stop_xfrhandler(engine); engine_stop_dnshandler(engine); engine_stop_cmdhandler(engine); } earlyexit: if (engine && engine->config) { if (engine->config->pid_filename) { (void)unlink(engine->config->pid_filename); } if (engine->config->clisock_filename) { (void)unlink(engine->config->clisock_filename); } } tsig_handler_cleanup(); engine_cleanup(engine); engine = NULL; ods_log_close(); xmlCleanupParser(); xmlCleanupGlobals(); xmlCleanupThreads(); return; }
/** * Try to recover from the backup files. * */ static ods_status engine_recover(engine_type* engine) { ldns_rbnode_t* node = LDNS_RBTREE_NULL; zone_type* zone = NULL; ods_status status = ODS_STATUS_OK; ods_status result = ODS_STATUS_UNCHANGED; if (!engine || !engine->zonelist || !engine->zonelist->zones) { ods_log_error("[%s] cannot recover zones: no engine or zonelist", engine_str); return ODS_STATUS_ERR; /* no need to update zones */ } ods_log_assert(engine); ods_log_assert(engine->zonelist); ods_log_assert(engine->zonelist->zones); lock_basic_lock(&engine->zonelist->zl_lock); /* [LOCK] zonelist */ node = ldns_rbtree_first(engine->zonelist->zones); while (node && node != LDNS_RBTREE_NULL) { zone = (zone_type*) node->data; ods_log_assert(zone->zl_status == ZONE_ZL_ADDED); status = zone_recover2(zone); if (status == ODS_STATUS_OK) { ods_log_assert(zone->task); ods_log_assert(zone->db); ods_log_assert(zone->signconf); /* notify nameserver */ if (engine->config->notify_command && !zone->notify_ns) { set_notify_ns(zone, engine->config->notify_command); } /* schedule task */ lock_basic_lock(&engine->taskq->schedule_lock); /* [LOCK] schedule */ status = schedule_task(engine->taskq, (task_type*) zone->task, 0); /* [UNLOCK] schedule */ lock_basic_unlock(&engine->taskq->schedule_lock); if (status != ODS_STATUS_OK) { ods_log_crit("[%s] unable to schedule task for zone %s: %s", engine_str, zone->name, ods_status2str(status)); task_cleanup((task_type*) zone->task); zone->task = NULL; result = ODS_STATUS_OK; /* will trigger update zones */ } else { ods_log_debug("[%s] recovered zone %s", engine_str, zone->name); /* recovery done */ zone->zl_status = ZONE_ZL_OK; } } else { if (status != ODS_STATUS_UNCHANGED) { ods_log_warning("[%s] unable to recover zone %s from backup," " performing full sign", engine_str, zone->name); } result = ODS_STATUS_OK; /* will trigger update zones */ } node = ldns_rbtree_next(node); } /* [UNLOCK] zonelist */ lock_basic_unlock(&engine->zonelist->zl_lock); return result; }
/** * Update zones. * */ void engine_update_zones(engine_type* engine, ods_status zl_changed) { ldns_rbnode_t* node = LDNS_RBTREE_NULL; zone_type* zone = NULL; zone_type* delzone = NULL; task_type* task = NULL; ods_status status = ODS_STATUS_OK; unsigned wake_up = 0; int warnings = 0; time_t now = 0; if (!engine || !engine->zonelist || !engine->zonelist->zones) { return; } now = time_now(); ods_log_debug("[%s] commit zone list changes", engine_str); lock_basic_lock(&engine->zonelist->zl_lock); node = ldns_rbtree_first(engine->zonelist->zones); while (node && node != LDNS_RBTREE_NULL) { zone = (zone_type*) node->data; task = NULL; /* reset task */ if (zone->zl_status == ZONE_ZL_REMOVED) { node = ldns_rbtree_next(node); lock_basic_lock(&zone->zone_lock); delzone = zonelist_del_zone(engine->zonelist, zone); if (delzone) { lock_basic_lock(&engine->taskq->schedule_lock); task = unschedule_task(engine->taskq, (task_type*) zone->task); lock_basic_unlock(&engine->taskq->schedule_lock); } task_cleanup(task); task = NULL; lock_basic_unlock(&zone->zone_lock); netio_remove_handler(engine->xfrhandler->netio, &zone->xfrd->handler); zone_cleanup(zone); zone = NULL; continue; } else if (zone->zl_status == ZONE_ZL_ADDED) { lock_basic_lock(&zone->zone_lock); ods_log_assert(!zone->task); /* set notify nameserver command */ if (engine->config->notify_command && !zone->notify_ns) { set_notify_ns(zone, engine->config->notify_command); } /* create task */ task = task_create(TASK_SIGNCONF, now, zone); lock_basic_unlock(&zone->zone_lock); if (!task) { ods_log_crit("[%s] unable to create task for zone %s: " "task_create() failed", engine_str, zone->name); node = ldns_rbtree_next(node); continue; } } /* load adapter config */ status = adapter_load_config(zone->adinbound); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to load config for inbound adapter " "for zone %s: %s", engine_str, zone->name, ods_status2str(status)); } status = adapter_load_config(zone->adoutbound); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to load config for outbound adapter " "for zone %s: %s", engine_str, zone->name, ods_status2str(status)); } /* for dns adapters */ warnings += dnsconfig_zone(engine, zone); if (zone->zl_status == ZONE_ZL_ADDED) { ods_log_assert(task); lock_basic_lock(&zone->zone_lock); zone->task = task; lock_basic_unlock(&zone->zone_lock); lock_basic_lock(&engine->taskq->schedule_lock); status = schedule_task(engine->taskq, task, 0); lock_basic_unlock(&engine->taskq->schedule_lock); } else if (zl_changed == ODS_STATUS_OK) { /* always try to update signconf */ lock_basic_lock(&zone->zone_lock); status = zone_reschedule_task(zone, engine->taskq, TASK_SIGNCONF); lock_basic_unlock(&zone->zone_lock); } if (status != ODS_STATUS_OK) { ods_log_crit("[%s] unable to schedule task for zone %s: %s", engine_str, zone->name, ods_status2str(status)); } else { wake_up = 1; zone->zl_status = ZONE_ZL_OK; } node = ldns_rbtree_next(node); } lock_basic_unlock(&engine->zonelist->zl_lock); if (engine->dnshandler) { dnshandler_fwd_notify(engine->dnshandler, (uint8_t*) ODS_SE_NOTIFY_CMD, strlen(ODS_SE_NOTIFY_CMD)); } else if (warnings) { ods_log_warning("[%s] no dnshandler/listener configured, but zones " "are configured with dns adapters: notify and zone transfer " "requests will not work properly", engine_str); } if (wake_up) { engine_wakeup_workers(engine); } return; }
/** * Set up engine. * */ static ods_status engine_setup(engine_type* engine) { ods_status status = ODS_STATUS_OK; struct sigaction action; int result = 0; int sockets[2] = {0,0}; ods_log_debug("[%s] setup signer engine", engine_str); if (!engine || !engine->config) { return ODS_STATUS_ASSERT_ERR; } /* set edns */ edns_init(&engine->edns, EDNS_MAX_MESSAGE_LEN); /* create command handler (before chowning socket file) */ engine->cmdhandler = cmdhandler_create(engine->allocator, engine->config->clisock_filename); if (!engine->cmdhandler) { return ODS_STATUS_CMDHANDLER_ERR; } engine->dnshandler = dnshandler_create(engine->allocator, engine->config->interfaces); engine->xfrhandler = xfrhandler_create(engine->allocator); if (!engine->xfrhandler) { return ODS_STATUS_XFRHANDLER_ERR; } if (engine->dnshandler) { if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sockets) == -1) { return ODS_STATUS_XFRHANDLER_ERR; } engine->xfrhandler->dnshandler.fd = sockets[0]; engine->dnshandler->xfrhandler.fd = sockets[1]; status = dnshandler_listen(engine->dnshandler); if (status != ODS_STATUS_OK) { ods_log_error("[%s] setup: unable to listen to sockets (%s)", engine_str, ods_status2str(status)); } } /* privdrop */ engine->uid = privuid(engine->config->username); engine->gid = privgid(engine->config->group); /* TODO: does piddir exists? */ /* remove the chown stuff: piddir? */ ods_chown(engine->config->pid_filename, engine->uid, engine->gid, 1); ods_chown(engine->config->clisock_filename, engine->uid, engine->gid, 0); ods_chown(engine->config->working_dir, engine->uid, engine->gid, 0); if (engine->config->log_filename && !engine->config->use_syslog) { ods_chown(engine->config->log_filename, engine->uid, engine->gid, 0); } if (engine->config->working_dir && chdir(engine->config->working_dir) != 0) { ods_log_error("[%s] setup: unable to chdir to %s (%s)", engine_str, engine->config->working_dir, strerror(errno)); return ODS_STATUS_CHDIR_ERR; } if (engine_privdrop(engine) != ODS_STATUS_OK) { return ODS_STATUS_PRIVDROP_ERR; } /* daemonize */ if (engine->daemonize) { switch ((engine->pid = fork())) { case -1: /* error */ ods_log_error("[%s] setup: unable to fork daemon (%s)", engine_str, strerror(errno)); return ODS_STATUS_FORK_ERR; case 0: /* child */ break; default: /* parent */ engine_cleanup(engine); engine = NULL; xmlCleanupParser(); xmlCleanupGlobals(); xmlCleanupThreads(); exit(0); } if (setsid() == -1) { ods_log_error("[%s] setup: unable to setsid daemon (%s)", engine_str, strerror(errno)); return ODS_STATUS_SETSID_ERR; } } engine->pid = getpid(); ods_log_verbose("[%s] running as pid %lu", engine_str, (unsigned long) engine->pid); /* catch signals */ signal_set_engine(engine); action.sa_handler = signal_handler; sigfillset(&action.sa_mask); action.sa_flags = 0; sigaction(SIGTERM, &action, NULL); sigaction(SIGHUP, &action, NULL); sigaction(SIGINT, &action, NULL); sigaction(SIGILL, &action, NULL); sigaction(SIGUSR1, &action, NULL); sigaction(SIGALRM, &action, NULL); sigaction(SIGCHLD, &action, NULL); action.sa_handler = SIG_IGN; sigaction(SIGPIPE, &action, NULL); /* set up hsm */ /* LEAK */ result = lhsm_open(engine->config->cfg_filename); if (result != HSM_OK) { return ODS_STATUS_HSM_ERR; } /* create workers/drudgers */ engine_create_workers(engine); engine_create_drudgers(engine); /* start cmd/dns/xfr handlers */ engine_start_cmdhandler(engine); engine_start_dnshandler(engine); engine_start_xfrhandler(engine); tsig_handler_init(engine->allocator); /* write pidfile */ if (util_write_pidfile(engine->config->pid_filename, engine->pid) == -1) { hsm_close(); return ODS_STATUS_WRITE_PIDFILE_ERR; } /* setup done */ return ODS_STATUS_OK; }
/** * Start engine. * */ int engine_start(const char* cfgfile, int cmdline_verbosity, int daemonize, int info, int single_run) { engine_type* engine = NULL; ods_status zl_changed = ODS_STATUS_UNCHANGED; ods_status status = ODS_STATUS_OK; engine = engine_create(); if (!engine) { ods_fatal_exit("[%s] create failed", engine_str); return 1; } engine->daemonize = daemonize; /* config */ engine->config = engine_config(cfgfile, cmdline_verbosity); status = engine_config_check(engine->config); if (status != ODS_STATUS_OK) { ods_log_error("[%s] cfgfile %s has errors", engine_str, cfgfile); goto earlyexit; } if (info) { engine_config_print(stdout, engine->config); /* for debugging */ goto earlyexit; } /* check pidfile */ if (!util_check_pidfile(engine->config->pid_filename)) { exit(1); } /* open log */ ods_log_init("ods-signerd", engine->config->use_syslog, engine->config->log_filename, engine->config->verbosity); /* setup */ status = engine_setup(engine); if (status != ODS_STATUS_OK) { ods_log_error("[%s] setup failed: %s", engine_str, ods_status2str(status)); if (status != ODS_STATUS_WRITE_PIDFILE_ERR) { /* command handler had not yet been started */ engine->cmdhandler_done = 1; } goto earlyexit; } /* run */ while (engine->need_to_exit == 0) { /* update zone list */ lock_basic_lock(&engine->zonelist->zl_lock); zl_changed = zonelist_update(engine->zonelist, engine->config->zonelist_filename); engine->zonelist->just_removed = 0; engine->zonelist->just_added = 0; engine->zonelist->just_updated = 0; lock_basic_unlock(&engine->zonelist->zl_lock); /* start/reload */ if (engine->need_to_reload) { ods_log_info("[%s] signer reloading", engine_str); fifoq_wipe(engine->signq); engine->need_to_reload = 0; } else { ods_log_info("[%s] signer started (version %s), pid %u", engine_str, PACKAGE_VERSION, engine->pid); if (hsm_open2(engine->config->repositories, hsm_check_pin) != HSM_OK) { char* error = hsm_get_error(NULL); if (error != NULL) { ods_log_error("[%s] %s", "hsm", error); free(error); } ods_log_error("[%s] opening hsm failed (for engine recover)", engine_str); break; } zl_changed = engine_recover(engine); hsm_close(); } if (zl_changed == ODS_STATUS_OK || zl_changed == ODS_STATUS_UNCHANGED) { engine_update_zones(engine, zl_changed); } if (hsm_open2(engine->config->repositories, hsm_check_pin) != HSM_OK) { char* error = hsm_get_error(NULL); if (error != NULL) { ods_log_error("[%s] %s", "hsm", error); free(error); } ods_log_error("[%s] opening hsm failed (for engine run)", engine_str); break; } engine_run(engine, single_run); hsm_close(); } /* shutdown */ ods_log_info("[%s] signer shutdown", engine_str); engine_stop_cmdhandler(engine); engine_stop_xfrhandler(engine); engine_stop_dnshandler(engine); earlyexit: if (engine && engine->config) { if (engine->config->pid_filename) { (void)unlink(engine->config->pid_filename); } if (engine->config->clisock_filename) { (void)unlink(engine->config->clisock_filename); } } tsig_handler_cleanup(); engine_cleanup(engine); engine = NULL; return 1; }
/** * Process SOA. * */ static ods_status adapi_process_soa(zone_type* zone, ldns_rr* rr, int add, int backup) { uint32_t tmp = 0; ldns_rdf* soa_rdata = NULL; ods_status status = ODS_STATUS_OK; ods_log_assert(rr); ods_log_assert(zone); ods_log_assert(zone->name); ods_log_assert(zone->signconf); if (backup) { /* no need to do processing */ return ODS_STATUS_OK; } if (zone->signconf->soa_ttl) { tmp = (uint32_t) duration2time(zone->signconf->soa_ttl); ods_log_verbose("[%s] zone %s set soa ttl to %u", adapi_str, zone->name, tmp); ldns_rr_set_ttl(rr, tmp); } if (zone->signconf->soa_min) { tmp = (uint32_t) duration2time(zone->signconf->soa_min); ods_log_verbose("[%s] zone %s set soa minimum to %u", adapi_str, zone->name, tmp); soa_rdata = ldns_rr_set_rdf(rr, ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, tmp), SE_SOA_RDATA_MINIMUM); if (soa_rdata) { ldns_rdf_deep_free(soa_rdata); soa_rdata = NULL; } else { ods_log_error("[%s] unable to %s soa to zone %s: failed to replace " "soa minimum rdata", adapi_str, add?"add":"delete", zone->name); return ODS_STATUS_ASSERT_ERR; } } if (!add) { /* we are done */ return ODS_STATUS_OK; } tmp = ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL)); status = namedb_update_serial(zone->db, zone->name, zone->signconf->soa_serial, tmp); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to add soa to zone %s: failed to replace " "soa serial rdata (%s)", adapi_str, zone->name, ods_status2str(status)); if (status == ODS_STATUS_CONFLICT_ERR) { ods_log_error("[%s] If this is the result of a key rollover, " "please increment the serial in the unsigned zone %s", adapi_str, zone->name); } return status; } ods_log_verbose("[%s] zone %s set soa serial to %u", adapi_str, zone->name, zone->db->intserial); soa_rdata = ldns_rr_set_rdf(rr, ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, zone->db->intserial), SE_SOA_RDATA_SERIAL); if (soa_rdata) { ldns_rdf_deep_free(soa_rdata); soa_rdata = NULL; } else { ods_log_error("[%s] unable to add soa to zone %s: failed to replace " "soa serial rdata", adapi_str, zone->name); return ODS_STATUS_ERR; } zone->db->serial_updated = 1; return ODS_STATUS_OK; }
/** * Perform task. * */ static void worker_perform_task(worker_type* worker) { engine_type* engine = NULL; zone_type* zone = NULL; task_type* task = NULL; task_id what = TASK_NONE; time_t when = 0; time_t never = (3600*24*365); ods_status status = ODS_STATUS_OK; int backup = 0; time_t start = 0; time_t end = 0; if (!worker || !worker->task || !worker->task->zone || !worker->engine) { return; } engine = (engine_type*) worker->engine; task = (task_type*) worker->task; zone = (zone_type*) worker->task->zone; ods_log_debug("[%s[%i]] perform task %s for zone %s at %u", worker2str(worker->type), worker->thread_num, task_what2str(task->what), task_who2str(task), (uint32_t) worker->clock_in); /* do what you have been told to do */ switch (task->what) { case TASK_SIGNCONF: /* perform 'load signconf' task */ worker_working_with(worker, TASK_SIGNCONF, TASK_READ, "configure", task_who2str(task), &what, &when); status = tools_signconf(zone); if (status == ODS_STATUS_UNCHANGED) { if (!zone->signconf->last_modified) { ods_log_debug("[%s[%i]] no signconf.xml for zone %s yet", worker2str(worker->type), worker->thread_num, task_who2str(task)); status = ODS_STATUS_ERR; } } if (status == ODS_STATUS_UNCHANGED) { if (task->halted != TASK_NONE && task->halted != TASK_SIGNCONF) { goto task_perform_continue; } status = ODS_STATUS_OK; } else if (status == ODS_STATUS_OK) { task->interrupt = TASK_NONE; task->halted = TASK_NONE; } else { if (task->halted == TASK_NONE) { goto task_perform_fail; } goto task_perform_continue; } /* break; */ case TASK_READ: /* perform 'read input adapter' task */ worker_working_with(worker, TASK_READ, TASK_SIGN, "read", task_who2str(task), &what, &when); task->what = TASK_READ; if (!zone->signconf->last_modified) { ods_log_debug("[%s[%i]] no signconf.xml for zone %s yet", worker2str(worker->type), worker->thread_num, task_who2str(task)); status = ODS_STATUS_ERR; } else { lhsm_check_connection((void*)engine); status = tools_input(zone); } if (status == ODS_STATUS_UNCHANGED) { ods_log_verbose("[%s[%i]] zone %s unsigned data not changed, " "continue", worker2str(worker->type), worker->thread_num, task_who2str(task)); status = ODS_STATUS_OK; } if (status == ODS_STATUS_OK) { if (task->interrupt > TASK_SIGNCONF) { task->interrupt = TASK_NONE; task->halted = TASK_NONE; } } else { if (task->halted == TASK_NONE) { goto task_perform_fail; } goto task_perform_continue; } /* break; */ case TASK_SIGN: /* perform 'sign' task */ worker_working_with(worker, TASK_SIGN, TASK_WRITE, "sign", task_who2str(task), &what, &when); task->what = TASK_SIGN; status = zone_update_serial(zone); if (status == ODS_STATUS_OK) { if (task->interrupt > TASK_SIGNCONF) { task->interrupt = TASK_NONE; task->halted = TASK_NONE; } } else { ods_log_error("[%s[%i]] unable to sign zone %s: " "failed to increment serial", worker2str(worker->type), worker->thread_num, task_who2str(task)); if (task->halted == TASK_NONE) { goto task_perform_fail; } goto task_perform_continue; } /* start timer */ start = time(NULL); if (zone->stats) { lock_basic_lock(&zone->stats->stats_lock); if (!zone->stats->start_time) { zone->stats->start_time = start; } zone->stats->sig_count = 0; zone->stats->sig_soa_count = 0; zone->stats->sig_reuse = 0; zone->stats->sig_time = 0; lock_basic_unlock(&zone->stats->stats_lock); } /* check the HSM connection before queuing sign operations */ lhsm_check_connection((void*)engine); /* queue menial, hard signing work */ worker_queue_zone(worker, engine->signq, zone); ods_log_deeebug("[%s[%i]] wait until drudgers are finished " "signing zone %s", worker2str(worker->type), worker->thread_num, task_who2str(task)); /* sleep until work is done */ worker_sleep_unless(worker, 0); /* stop timer */ end = time(NULL); status = worker_check_jobs(worker, task); worker_clear_jobs(worker); if (status == ODS_STATUS_OK && zone->stats) { lock_basic_lock(&zone->stats->stats_lock); zone->stats->sig_time = (end-start); lock_basic_unlock(&zone->stats->stats_lock); } if (status != ODS_STATUS_OK) { if (task->halted == TASK_NONE) { goto task_perform_fail; } goto task_perform_continue; } else { if (task->interrupt > TASK_SIGNCONF) { task->interrupt = TASK_NONE; task->halted = TASK_NONE; } } /* break; */ case TASK_WRITE: /* perform 'write to output adapter' task */ worker_working_with(worker, TASK_WRITE, TASK_SIGN, "write", task_who2str(task), &what, &when); task->what = TASK_WRITE; status = tools_output(zone, engine); if (status == ODS_STATUS_OK) { if (task->interrupt > TASK_SIGNCONF) { task->interrupt = TASK_NONE; task->halted = TASK_NONE; } } else { /* clear signatures? */ if (task->halted == TASK_NONE) { goto task_perform_fail; } goto task_perform_continue; } zone->db->is_processed = 1; if (zone->signconf && duration2time(zone->signconf->sig_resign_interval)) { what = TASK_SIGN; when = worker->clock_in + duration2time(zone->signconf->sig_resign_interval); } else { ods_log_error("[%s[%i]] unable to retrieve resign interval " "for zone %s: duration2time() failed", worker2str(worker->type), worker->thread_num, task_who2str(task)); ods_log_info("[%s[%i]] defaulting to 1H resign interval for " "zone %s", worker2str(worker->type), worker->thread_num, task_who2str(task)); what = TASK_SIGN; when = worker->clock_in + 3600; } backup = 1; break; case TASK_NONE: worker->working_with = TASK_NONE; /* no task */ ods_log_warning("[%s[%i]] none task for zone %s", worker2str(worker->type), worker->thread_num, task_who2str(task)); when = time_now() + never; break; default: worker->working_with = TASK_NONE; /* unknown task */ ods_log_warning("[%s[%i]] unknown task, trying full sign zone %s", worker2str(worker->type), worker->thread_num, task_who2str(task)); what = TASK_SIGNCONF; when = time_now(); break; } /* no error */ task->backoff = 0; if (task->interrupt != TASK_NONE && task->interrupt != what) { ods_log_debug("[%s[%i]] interrupt task %s for zone %s", worker2str(worker->type), worker->thread_num, task_what2str(what), task_who2str(task)); task->halted = what; task->halted_when = when; task->what = task->interrupt; task->when = time_now(); } else { ods_log_debug("[%s[%i]] next task %s for zone %s", worker2str(worker->type), worker->thread_num, task_what2str(what), task_who2str(task)); task->what = what; task->when = when; task->interrupt = TASK_NONE; task->halted = TASK_NONE; task->halted_when = 0; } /* backup the last successful run */ if (backup) { status = zone_backup2(zone); if (status != ODS_STATUS_OK) { ods_log_warning("[%s[%i]] unable to backup zone %s: %s", worker2str(worker->type), worker->thread_num, task_who2str(task), ods_status2str(status)); /* just a warning */ status = ODS_STATUS_OK; } backup = 0; } return; task_perform_fail: if (status != ODS_STATUS_XFR_NOT_READY) { /* other statuses is critical, and we know it is not ODS_STATUS_OK */ ods_log_crit("[%s[%i]] CRITICAL: failed to sign zone %s: %s", worker2str(worker->type), worker->thread_num, task_who2str(task), ods_status2str(status)); } /* in case of failure, also mark zone processed (for single run usage) */ zone->db->is_processed = 1; if (task->backoff) { task->backoff *= 2; } else { task->backoff = 60; } if (task->backoff > ODS_SE_MAX_BACKOFF) { task->backoff = ODS_SE_MAX_BACKOFF; } ods_log_info("[%s[%i]] backoff task %s for zone %s with %u seconds", worker2str(worker->type), worker->thread_num, task_what2str(task->what), task_who2str(task), task->backoff); task->when = time_now() + task->backoff; return; task_perform_continue: ods_log_info("[%s[%i]] continue task %s for zone %s", worker2str(worker->type), worker->thread_num, task_what2str(task->halted), task_who2str(task)); task->what = task->halted; task->when = task->halted_when; task->interrupt = TASK_NONE; task->halted = TASK_NONE; task->halted_when = 0; return; }
/** * Write zone to output adapter. * */ ods_status tools_output(zone_type* zone, engine_type* engine) { ods_status status = ODS_STATUS_OK; ods_log_assert(engine); ods_log_assert(engine->config); ods_log_assert(zone); ods_log_assert(zone->db); ods_log_assert(zone->name); ods_log_assert(zone->signconf); ods_log_assert(zone->adoutbound); /* prepare */ if (zone->stats) { pthread_mutex_lock(&zone->stats->stats_lock); if (zone->stats->sort_done == 0 && (zone->stats->sig_count <= zone->stats->sig_soa_count)) { ods_log_verbose("[%s] skip write zone %s serial %u (zone not " "changed)", tools_str, zone->name?zone->name:"(null)", zone->db->intserial); stats_clear(zone->stats); pthread_mutex_unlock(&zone->stats->stats_lock); zone->db->intserial = zone->db->outserial; return ODS_STATUS_OK; } pthread_mutex_unlock(&zone->stats->stats_lock); } /* Output Adapter */ status = adapter_write((void*)zone); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to write zone %s: adapter failed (%s)", tools_str, zone->name, ods_status2str(status)); return status; } zone->db->outserial = zone->db->intserial; zone->db->is_initialized = 1; zone->db->have_serial = 1; pthread_mutex_lock(&zone->ixfr->ixfr_lock); ixfr_purge(zone->ixfr, zone->name); pthread_mutex_unlock(&zone->ixfr->ixfr_lock); /* kick the nameserver */ if (zone->notify_ns) { int pid_status; pid_t pid, wpid; ods_log_verbose("[%s] notify nameserver: %s", tools_str, zone->notify_ns); /** fork */ switch ((pid = fork())) { case -1: /* error */ ods_log_error("[%s] notify nameserver failed: unable to fork " "(%s)", tools_str, strerror(errno)); return ODS_STATUS_FORK_ERR; case 0: /* child */ /** close fds */ ods_closeall(0); /** execv */ execvp(zone->notify_ns, zone->notify_args); /** error */ ods_log_error("[%s] notify nameserver failed: execv() failed " "(%s)", tools_str, strerror(errno)); exit(1); break; default: /* parent */ ods_log_debug("[%s] notify nameserver process forked", tools_str); /** wait for completion */ while((wpid = waitpid(pid, &pid_status, 0)) <= 0) { if (errno != EINTR) { break; } } if (wpid == -1) { ods_log_error("[%s] notify nameserver failed: waitpid() " "failed (%s)", tools_str, strerror(errno)); } else if (!WIFEXITED(pid_status)) { ods_log_error("[%s] notify nameserver failed: notify " "command did not terminate normally", tools_str); } else { ods_log_verbose("[%s] notify nameserver ok", tools_str); } break; } } /* log stats */ if (zone->stats) { pthread_mutex_lock(&zone->stats->stats_lock); zone->stats->end_time = time(NULL); ods_log_debug("[%s] log stats for zone %s serial %u", tools_str, zone->name?zone->name:"(null)", (unsigned) zone->db->outserial); stats_log(zone->stats, zone->name, zone->db->outserial, zone->signconf->nsec_type); stats_clear(zone->stats); pthread_mutex_unlock(&zone->stats->stats_lock); } if (engine->dnshandler) { ods_log_debug("[%s] forward a notify", tools_str); dnshandler_fwd_notify(engine->dnshandler, (uint8_t*) ODS_SE_NOTIFY_CMD, strlen(ODS_SE_NOTIFY_CMD)); } return status; }
/** * Recover zone from backup. * */ ods_status zone_recover2(zone_type* zone) { char* filename = NULL; FILE* fd = NULL; const char* token = NULL; time_t when = 0; task_type* task = NULL; ods_status status = ODS_STATUS_OK; /* zone part */ int klass = 0; uint32_t inbound = 0, internal = 0, outbound = 0; /* signconf part */ time_t lastmod = 0; /* nsec3params part */ const char* salt = NULL; ods_log_assert(zone); ods_log_assert(zone->name); ods_log_assert(zone->signconf); ods_log_assert(zone->db); filename = ods_build_path(zone->name, ".backup2", 0, 1); if (!filename) { return ODS_STATUS_MALLOC_ERR; } fd = ods_fopen(filename, NULL, "r"); if (fd) { /* start recovery */ if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V3)) { ods_log_error("[%s] corrupted backup file zone %s: read magic " "error", zone_str, zone->name); goto recover_error2; } if (!backup_read_check_str(fd, ";;Time:") | !backup_read_time_t(fd, &when)) { ods_log_error("[%s] corrupted backup file zone %s: read time " "error", zone_str, zone->name); goto recover_error2; } /* zone stuff */ if (!backup_read_check_str(fd, ";;Zone:") | !backup_read_check_str(fd, "name") | !backup_read_check_str(fd, zone->name)) { ods_log_error("[%s] corrupted backup file zone %s: read name " "error", zone_str, zone->name); goto recover_error2; } if (!backup_read_check_str(fd, "class") | !backup_read_int(fd, &klass)) { ods_log_error("[%s] corrupted backup file zone %s: read class " "error", zone_str, zone->name); goto recover_error2; } if (!backup_read_check_str(fd, "inbound") | !backup_read_uint32_t(fd, &inbound) | !backup_read_check_str(fd, "internal") | !backup_read_uint32_t(fd, &internal) | !backup_read_check_str(fd, "outbound") | !backup_read_uint32_t(fd, &outbound)) { ods_log_error("[%s] corrupted backup file zone %s: read serial " "error", zone_str, zone->name); goto recover_error2; } zone->klass = (ldns_rr_class) klass; zone->db->inbserial = inbound; zone->db->intserial = internal; zone->db->outserial = outbound; /* signconf part */ if (!backup_read_check_str(fd, ";;Signconf:") | !backup_read_check_str(fd, "lastmod") | !backup_read_time_t(fd, &lastmod) | !backup_read_check_str(fd, "maxzonettl") | !backup_read_check_str(fd, "0") | !backup_read_check_str(fd, "resign") | !backup_read_duration(fd, &zone->signconf->sig_resign_interval) | !backup_read_check_str(fd, "refresh") | !backup_read_duration(fd, &zone->signconf->sig_refresh_interval) | !backup_read_check_str(fd, "valid") | !backup_read_duration(fd, &zone->signconf->sig_validity_default) | !backup_read_check_str(fd, "denial") | !backup_read_duration(fd,&zone->signconf->sig_validity_denial) | !backup_read_check_str(fd, "jitter") | !backup_read_duration(fd, &zone->signconf->sig_jitter) | !backup_read_check_str(fd, "offset") | !backup_read_duration(fd, &zone->signconf->sig_inception_offset) | !backup_read_check_str(fd, "nsec") | !backup_read_rr_type(fd, &zone->signconf->nsec_type) | !backup_read_check_str(fd, "dnskeyttl") | !backup_read_duration(fd, &zone->signconf->dnskey_ttl) | !backup_read_check_str(fd, "soattl") | !backup_read_duration(fd, &zone->signconf->soa_ttl) | !backup_read_check_str(fd, "soamin") | !backup_read_duration(fd, &zone->signconf->soa_min) | !backup_read_check_str(fd, "serial") | !backup_read_str(fd, &zone->signconf->soa_serial)) { ods_log_error("[%s] corrupted backup file zone %s: read signconf " "error", zone_str, zone->name); goto recover_error2; } /* nsec3params part */ if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) { if (!backup_read_check_str(fd, ";;Nsec3parameters:") | !backup_read_check_str(fd, "salt") | !backup_read_str(fd, &salt) | !backup_read_check_str(fd, "algorithm") | !backup_read_uint32_t(fd, &zone->signconf->nsec3_algo) | !backup_read_check_str(fd, "optout") | !backup_read_int(fd, &zone->signconf->nsec3_optout) | !backup_read_check_str(fd, "iterations") | !backup_read_uint32_t(fd, &zone->signconf->nsec3_iterations)) { ods_log_error("[%s] corrupted backup file zone %s: read " "nsec3parameters error", zone_str, zone->name); goto recover_error2; } zone->signconf->nsec3_salt = allocator_strdup( zone->signconf->allocator, salt); free((void*) salt); salt = NULL; zone->signconf->nsec3params = nsec3params_create( (void*) zone->signconf, (uint8_t) zone->signconf->nsec3_algo, (uint8_t) zone->signconf->nsec3_optout, (uint16_t) zone->signconf->nsec3_iterations, zone->signconf->nsec3_salt); if (!zone->signconf->nsec3params) { ods_log_error("[%s] corrupted backup file zone %s: unable to " "create nsec3param", zone_str, zone->name); goto recover_error2; } } zone->signconf->last_modified = lastmod; zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min); /* keys part */ zone->signconf->keys = keylist_create((void*) zone->signconf); while (backup_read_str(fd, &token)) { if (ods_strcmp(token, ";;Key:") == 0) { if (!key_recover2(fd, zone->signconf->keys)) { ods_log_error("[%s] corrupted backup file zone %s: read " "key error", zone_str, zone->name); goto recover_error2; } } else if (ods_strcmp(token, ";;") == 0) { /* keylist done */ free((void*) token); token = NULL; break; } else { /* keylist corrupted */ goto recover_error2; } free((void*) token); token = NULL; } /* publish dnskeys */ status = zone_publish_dnskeys(zone); if (status != ODS_STATUS_OK) { ods_log_error("[%s] corrupted backup file zone %s: unable to " "publish dnskeys (%s)", zone_str, zone->name, ods_status2str(status)); goto recover_error2; } /* publish nsec3param */ status = zone_publish_nsec3param(zone); if (status != ODS_STATUS_OK) { ods_log_error("[%s] corrupted backup file zone %s: unable to " "publish nsec3param (%s)", zone_str, zone->name, ods_status2str(status)); goto recover_error2; } /* publish other records */ status = backup_read_namedb(fd, zone); if (status != ODS_STATUS_OK) { ods_log_error("[%s] corrupted backup file zone %s: unable to " "read resource records (%s)", zone_str, zone->name, ods_status2str(status)); goto recover_error2; } /* task */ task = task_create(TASK_SIGN, when, (void*) zone); if (!task) { ods_log_error("[%s] failed to restore zone %s: unable to " "create task", zone_str, zone->name); goto recover_error2; } zone->task = (void*) task; free((void*)filename); ods_fclose(fd); /* journal */ zone->db->is_initialized = 1; filename = ods_build_path(zone->name, ".ixfr", 0, 1); if (filename) { fd = ods_fopen(filename, NULL, "r"); } if (fd) { status = backup_read_ixfr(fd, zone); if (status != ODS_STATUS_OK) { ods_log_warning("[%s] corrupted journal file zone %s, " "skipping (%s)", zone_str, zone->name, ods_status2str(status)); ixfr_cleanup(zone->ixfr); zone->ixfr = ixfr_create((void*)zone); } } lock_basic_lock(&zone->ixfr->ixfr_lock); ixfr_purge(zone->ixfr); lock_basic_unlock(&zone->ixfr->ixfr_lock); /* all ok */ free((void*)filename); ods_fclose(fd); if (zone->stats) { lock_basic_lock(&zone->stats->stats_lock); stats_clear(zone->stats); lock_basic_unlock(&zone->stats->stats_lock); } return ODS_STATUS_OK; } return ODS_STATUS_UNCHANGED; recover_error2: free((void*)filename); ods_fclose(fd); /* signconf cleanup */ free((void*)salt); salt = NULL; signconf_cleanup(zone->signconf); zone->signconf = signconf_create(); ods_log_assert(zone->signconf); /* namedb cleanup */ namedb_cleanup(zone->db); zone->db = namedb_create((void*)zone); ods_log_assert(zone->db); /* stats reset */ if (zone->stats) { lock_basic_lock(&zone->stats->stats_lock); stats_clear(zone->stats); lock_basic_unlock(&zone->stats->stats_lock); } return ODS_STATUS_ERR; }
/** * Work. * */ static void worker_work(worker_type* worker) { time_t now = 0; time_t timeout = 1; engine_type* engine = NULL; zone_type* zone = NULL; ods_status status = ODS_STATUS_OK; ods_log_assert(worker); ods_log_assert(worker->type == WORKER_WORKER); engine = (engine_type*) worker->engine; while (worker->need_to_exit == 0) { ods_log_debug("[%s[%i]] report for duty", worker2str(worker->type), worker->thread_num); now = time_now(); lock_basic_lock(&engine->taskq->schedule_lock); worker->task = schedule_pop_task(engine->taskq); if (worker->task) { worker->working_with = worker->task->what; lock_basic_unlock(&engine->taskq->schedule_lock); zone = (zone_type*) worker->task->zone; lock_basic_lock(&zone->zone_lock); ods_log_debug("[%s[%i]] start working on zone %s", worker2str(worker->type), worker->thread_num, zone->name); worker->clock_in = time(NULL); worker_perform_task(worker); zone->task = worker->task; ods_log_debug("[%s[%i]] finished working on zone %s", worker2str(worker->type), worker->thread_num, zone->name); lock_basic_lock(&engine->taskq->schedule_lock); worker->task = NULL; worker->working_with = TASK_NONE; status = schedule_task(engine->taskq, zone->task, 1); if (status != ODS_STATUS_OK) { ods_log_error("[%s[%i]] unable to schedule task for zone %s: " "%s", worker2str(worker->type), worker->thread_num, zone->name, ods_status2str(status)); } lock_basic_unlock(&engine->taskq->schedule_lock); lock_basic_unlock(&zone->zone_lock); timeout = 1; /** Do we need to tell the engine that we require a reload? */ lock_basic_lock(&engine->signal_lock); if (engine->need_to_reload) { lock_basic_alarm(&engine->signal_cond); } lock_basic_unlock(&engine->signal_lock); } else { ods_log_debug("[%s[%i]] nothing to do", worker2str(worker->type), worker->thread_num); worker->task = schedule_get_first_task(engine->taskq); lock_basic_unlock(&engine->taskq->schedule_lock); if (worker->task && !engine->taskq->loading) { timeout = (worker->task->when - now); } else { timeout *= 2; } if (timeout > ODS_SE_MAX_BACKOFF) { timeout = ODS_SE_MAX_BACKOFF; } worker->task = NULL; worker_sleep(worker, timeout); } } return; }
/** * Read zone from input adapter. * */ ods_status tools_input(zone_type* zone) { ods_status status = ODS_STATUS_OK; time_t start = 0; time_t end = 0; ods_log_assert(zone); ods_log_assert(zone->name); ods_log_assert(zone->adinbound); ods_log_assert(zone->signconf); /* Key Rollover? */ status = zone_publish_dnskeys(zone, 0); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to read zone %s: failed to " "publish dnskeys (%s)", tools_str, zone->name, ods_status2str(status)); zone_rollback_dnskeys(zone); zone_rollback_nsec3param(zone); namedb_rollback(zone->db, 0); return status; } /* Denial of Existence Rollover? */ if (!zone->signconf->passthrough) status = zone_publish_nsec3param(zone); if (status != ODS_STATUS_OK) { ods_log_error("[%s] unable to read zone %s: failed to " "publish nsec3param (%s)", tools_str, zone->name, ods_status2str(status)); zone_rollback_dnskeys(zone); zone_rollback_nsec3param(zone); namedb_rollback(zone->db, 0); return status; } if (zone->stats) { pthread_mutex_lock(&zone->stats->stats_lock); zone->stats->sort_done = 0; zone->stats->sort_count = 0; zone->stats->sort_time = 0; pthread_mutex_unlock(&zone->stats->stats_lock); } /* Input Adapter */ start = time(NULL); status = adapter_read((void*)zone); if (status != ODS_STATUS_OK && status != ODS_STATUS_UNCHANGED) { if (status == ODS_STATUS_XFRINCOMPLETE) { ods_log_info("[%s] read zone %s: xfr in progress", tools_str, zone->name); } else { ods_log_error("[%s] unable to read zone %s: adapter failed (%s)", tools_str, zone->name, ods_status2str(status)); } zone_rollback_dnskeys(zone); zone_rollback_nsec3param(zone); namedb_rollback(zone->db, 0); } end = time(NULL); if ((status == ODS_STATUS_OK || status == ODS_STATUS_UNCHANGED) && zone->stats) { pthread_mutex_lock(&zone->stats->stats_lock); zone->stats->start_time = start; zone->stats->sort_time = (end-start); zone->stats->sort_done = 1; pthread_mutex_unlock(&zone->stats->stats_lock); } return status; }