/**
* Start engine.
*
*/
int
engine_start(const char* cfgfile, int cmdline_verbosity, int daemonize,
int info, int single_run)
{
engine_type* engine = NULL;
ods_status zl_changed = ODS_STATUS_UNCHANGED;
ods_status status = ODS_STATUS_OK;
engine = engine_create();
if (!engine) {
ods_fatal_exit("[%s] create failed", engine_str);
return 1;
}
engine->daemonize = daemonize;
/* config */
engine->config = engine_config(cfgfile, cmdline_verbosity);
status = engine_config_check(engine->config);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] cfgfile %s has errors", engine_str, cfgfile);
goto earlyexit;
}
if (info) {
engine_config_print(stdout, engine->config); /* for debugging */
goto earlyexit;
}
/* check pidfile */
if (!util_check_pidfile(engine->config->pid_filename)) {
exit(1);
}
/* open log */
ods_log_init("ods-signerd", engine->config->use_syslog,
engine->config->log_filename, engine->config->verbosity);
/* setup */
status = engine_setup(engine);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] setup failed: %s", engine_str,
ods_status2str(status));
if (status != ODS_STATUS_WRITE_PIDFILE_ERR) {
/* command handler had not yet been started */
engine->cmdhandler_done = 1;
}
goto earlyexit;
}
/* run */
while (engine->need_to_exit == 0) {
/* update zone list */
lock_basic_lock(&engine->zonelist->zl_lock);
zl_changed = zonelist_update(engine->zonelist,
engine->config->zonelist_filename);
engine->zonelist->just_removed = 0;
engine->zonelist->just_added = 0;
engine->zonelist->just_updated = 0;
lock_basic_unlock(&engine->zonelist->zl_lock);
/* start/reload */
if (engine->need_to_reload) {
ods_log_info("[%s] signer reloading", engine_str);
fifoq_wipe(engine->signq);
engine->need_to_reload = 0;
} else {
ods_log_info("[%s] signer started (version %s), pid %u",
engine_str, PACKAGE_VERSION, engine->pid);
if (hsm_open2(engine->config->repositories, hsm_check_pin) != HSM_OK) {
char* error = hsm_get_error(NULL);
if (error != NULL) {
ods_log_error("[%s] %s", "hsm", error);
free(error);
}
ods_log_error("[%s] opening hsm failed (for engine recover)", engine_str);
break;
}
zl_changed = engine_recover(engine);
hsm_close();
}
if (zl_changed == ODS_STATUS_OK ||
zl_changed == ODS_STATUS_UNCHANGED) {
engine_update_zones(engine, zl_changed);
}
if (hsm_open2(engine->config->repositories, hsm_check_pin) != HSM_OK) {
char* error = hsm_get_error(NULL);
if (error != NULL) {
ods_log_error("[%s] %s", "hsm", error);
free(error);
}
ods_log_error("[%s] opening hsm failed (for engine run)", engine_str);
break;
}
engine_run(engine, single_run);
hsm_close();
}
/* shutdown */
ods_log_info("[%s] signer shutdown", engine_str);
engine_stop_cmdhandler(engine);
engine_stop_xfrhandler(engine);
engine_stop_dnshandler(engine);
earlyexit:
if (engine && engine->config) {
if (engine->config->pid_filename) {
(void)unlink(engine->config->pid_filename);
}
if (engine->config->clisock_filename) {
(void)unlink(engine->config->clisock_filename);
}
}
tsig_handler_cleanup();
engine_cleanup(engine);
engine = NULL;
return 1;
}
/** setup fresh libworker struct */
static struct libworker*
libworker_setup(struct ub_ctx* ctx, int is_bg)
{
unsigned int seed;
struct libworker* w = (struct libworker*)calloc(1, sizeof(*w));
struct config_file* cfg = ctx->env->cfg;
int* ports;
int numports;
if(!w) return NULL;
w->is_bg = is_bg;
w->ctx = ctx;
w->env = (struct module_env*)malloc(sizeof(*w->env));
if(!w->env) {
free(w);
return NULL;
}
*w->env = *ctx->env;
w->env->alloc = context_obtain_alloc(ctx, !w->is_bg || w->is_bg_thread);
if(!w->env->alloc) {
libworker_delete(w);
return NULL;
}
w->thread_num = w->env->alloc->thread_num;
alloc_set_id_cleanup(w->env->alloc, &libworker_alloc_cleanup, w);
if(!w->is_bg || w->is_bg_thread) {
lock_basic_lock(&ctx->cfglock);
}
w->env->scratch = regional_create_custom(cfg->msg_buffer_size);
w->env->scratch_buffer = ldns_buffer_new(cfg->msg_buffer_size);
w->env->fwds = forwards_create();
if(w->env->fwds && !forwards_apply_cfg(w->env->fwds, cfg)) {
forwards_delete(w->env->fwds);
w->env->fwds = NULL;
}
w->env->hints = hints_create();
if(w->env->hints && !hints_apply_cfg(w->env->hints, cfg)) {
hints_delete(w->env->hints);
w->env->hints = NULL;
}
if(cfg->ssl_upstream) {
w->sslctx = connect_sslctx_create(NULL, NULL, NULL);
if(!w->sslctx) {
/* to make the setup fail after unlock */
hints_delete(w->env->hints);
w->env->hints = NULL;
}
}
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);
}
if(!w->env->scratch || !w->env->scratch_buffer || !w->env->fwds ||
!w->env->hints) {
libworker_delete(w);
return NULL;
}
w->env->worker = (struct worker*)w;
w->env->probe_timer = NULL;
seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^
(((unsigned int)w->thread_num)<<17);
seed ^= (unsigned int)w->env->alloc->next_id;
if(!w->is_bg || w->is_bg_thread) {
lock_basic_lock(&ctx->cfglock);
}
if(!(w->env->rnd = ub_initstate(seed, ctx->seed_rnd))) {
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);
}
seed = 0;
libworker_delete(w);
return NULL;
}
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);
}
if(1) {
/* primitive lockout for threading: if it overwrites another
* thread it is like wiping the cache (which is likely empty
* at the start) */
/* note we are holding the ctx lock in normal threaded
* cases so that is solved properly, it is only for many ctx
* in different threads that this may clash */
static int done_raninit = 0;
if(!done_raninit) {
done_raninit = 1;
hash_set_raninit((uint32_t)ub_random(w->env->rnd));
}
}
seed = 0;
w->base = comm_base_create(0);
if(!w->base) {
libworker_delete(w);
return NULL;
}
if(!w->is_bg || w->is_bg_thread) {
lock_basic_lock(&ctx->cfglock);
}
numports = cfg_condense_ports(cfg, &ports);
if(numports == 0) {
libworker_delete(w);
return NULL;
}
w->back = outside_network_create(w->base, cfg->msg_buffer_size,
(size_t)cfg->outgoing_num_ports, cfg->out_ifs,
cfg->num_out_ifs, cfg->do_ip4, cfg->do_ip6,
cfg->do_tcp?cfg->outgoing_num_tcp:0,
w->env->infra_cache, w->env->rnd, cfg->use_caps_bits_for_id,
ports, numports, cfg->unwanted_threshold,
&libworker_alloc_cleanup, w, cfg->do_udp, w->sslctx);
if(!w->is_bg || w->is_bg_thread) {
lock_basic_unlock(&ctx->cfglock);
}
free(ports);
if(!w->back) {
libworker_delete(w);
return NULL;
}
w->env->mesh = mesh_create(&ctx->mods, w->env);
if(!w->env->mesh) {
libworker_delete(w);
return NULL;
}
w->env->send_query = &libworker_send_query;
w->env->detach_subs = &mesh_detach_subs;
w->env->attach_sub = &mesh_attach_sub;
w->env->kill_sub = &mesh_state_delete;
w->env->detect_cycle = &mesh_detect_cycle;
comm_base_timept(w->base, &w->env->now, &w->env->now_tv);
return w;
}
/**
* Update zones.
*
*/
void
engine_update_zones(engine_type* engine, ods_status zl_changed)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
zone_type* zone = NULL;
zone_type* delzone = NULL;
task_type* task = NULL;
ods_status status = ODS_STATUS_OK;
unsigned wake_up = 0;
int warnings = 0;
time_t now = 0;
if (!engine || !engine->zonelist || !engine->zonelist->zones) {
return;
}
now = time_now();
ods_log_debug("[%s] commit zone list changes", engine_str);
lock_basic_lock(&engine->zonelist->zl_lock);
node = ldns_rbtree_first(engine->zonelist->zones);
while (node && node != LDNS_RBTREE_NULL) {
zone = (zone_type*) node->data;
task = NULL; /* reset task */
if (zone->zl_status == ZONE_ZL_REMOVED) {
node = ldns_rbtree_next(node);
lock_basic_lock(&zone->zone_lock);
delzone = zonelist_del_zone(engine->zonelist, zone);
if (delzone) {
lock_basic_lock(&engine->taskq->schedule_lock);
task = unschedule_task(engine->taskq,
(task_type*) zone->task);
lock_basic_unlock(&engine->taskq->schedule_lock);
}
task_cleanup(task);
task = NULL;
lock_basic_unlock(&zone->zone_lock);
netio_remove_handler(engine->xfrhandler->netio,
&zone->xfrd->handler);
zone_cleanup(zone);
zone = NULL;
continue;
} else if (zone->zl_status == ZONE_ZL_ADDED) {
lock_basic_lock(&zone->zone_lock);
ods_log_assert(!zone->task);
/* set notify nameserver command */
if (engine->config->notify_command && !zone->notify_ns) {
set_notify_ns(zone, engine->config->notify_command);
}
/* create task */
task = task_create(TASK_SIGNCONF, now, zone);
lock_basic_unlock(&zone->zone_lock);
if (!task) {
ods_log_crit("[%s] unable to create task for zone %s: "
"task_create() failed", engine_str, zone->name);
node = ldns_rbtree_next(node);
continue;
}
}
/* load adapter config */
status = adapter_load_config(zone->adinbound);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to load config for inbound adapter "
"for zone %s: %s", engine_str, zone->name,
ods_status2str(status));
}
status = adapter_load_config(zone->adoutbound);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to load config for outbound adapter "
"for zone %s: %s", engine_str, zone->name,
ods_status2str(status));
}
/* for dns adapters */
warnings += dnsconfig_zone(engine, zone);
if (zone->zl_status == ZONE_ZL_ADDED) {
ods_log_assert(task);
lock_basic_lock(&zone->zone_lock);
zone->task = task;
lock_basic_unlock(&zone->zone_lock);
/* TODO: task is reachable from other threads by means of
* zone->task. To fix this we need to nest the locks. But
* first investigate any possible deadlocks. */
lock_basic_lock(&engine->taskq->schedule_lock);
status = schedule_task(engine->taskq, task, 0);
lock_basic_unlock(&engine->taskq->schedule_lock);
} else if (zl_changed == ODS_STATUS_OK) {
/* always try to update signconf */
lock_basic_lock(&zone->zone_lock);
status = zone_reschedule_task(zone, engine->taskq, TASK_SIGNCONF);
lock_basic_unlock(&zone->zone_lock);
}
if (status != ODS_STATUS_OK) {
ods_log_crit("[%s] unable to schedule task for zone %s: %s",
engine_str, zone->name, ods_status2str(status));
} else {
wake_up = 1;
zone->zl_status = ZONE_ZL_OK;
}
node = ldns_rbtree_next(node);
}
lock_basic_unlock(&engine->zonelist->zl_lock);
if (engine->dnshandler) {
ods_log_debug("[%s] forward notify for all zones", engine_str);
dnshandler_fwd_notify(engine->dnshandler,
(uint8_t*) ODS_SE_NOTIFY_CMD, strlen(ODS_SE_NOTIFY_CMD));
} else if (warnings) {
ods_log_warning("[%s] no dnshandler/listener configured, but zones "
"are configured with dns adapters: notify and zone transfer "
"requests will not work properly", engine_str);
}
if (wake_up) {
engine_wakeup_workers(engine);
}
}
/**
* Try to recover from the backup files.
*
*/
static ods_status
engine_recover(engine_type* engine)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
zone_type* zone = NULL;
ods_status status = ODS_STATUS_OK;
ods_status result = ODS_STATUS_UNCHANGED;
if (!engine || !engine->zonelist || !engine->zonelist->zones) {
ods_log_error("[%s] cannot recover zones: no engine or zonelist",
engine_str);
return ODS_STATUS_ERR; /* no need to update zones */
}
ods_log_assert(engine);
ods_log_assert(engine->zonelist);
ods_log_assert(engine->zonelist->zones);
lock_basic_lock(&engine->zonelist->zl_lock);
/* [LOCK] zonelist */
node = ldns_rbtree_first(engine->zonelist->zones);
while (node && node != LDNS_RBTREE_NULL) {
zone = (zone_type*) node->data;
ods_log_assert(zone->zl_status == ZONE_ZL_ADDED);
lock_basic_lock(&zone->zone_lock);
status = zone_recover2(zone);
if (status == ODS_STATUS_OK) {
ods_log_assert(zone->task);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
/* notify nameserver */
if (engine->config->notify_command && !zone->notify_ns) {
set_notify_ns(zone, engine->config->notify_command);
}
/* schedule task */
lock_basic_lock(&engine->taskq->schedule_lock);
/* [LOCK] schedule */
status = schedule_task(engine->taskq, (task_type*) zone->task, 0);
/* [UNLOCK] schedule */
lock_basic_unlock(&engine->taskq->schedule_lock);
if (status != ODS_STATUS_OK) {
ods_log_crit("[%s] unable to schedule task for zone %s: %s",
engine_str, zone->name, ods_status2str(status));
task_cleanup((task_type*) zone->task);
zone->task = NULL;
result = ODS_STATUS_OK; /* will trigger update zones */
} else {
ods_log_debug("[%s] recovered zone %s", engine_str,
zone->name);
/* recovery done */
zone->zl_status = ZONE_ZL_OK;
}
} else {
if (status != ODS_STATUS_UNCHANGED) {
ods_log_warning("[%s] unable to recover zone %s from backup,"
" performing full sign", engine_str, zone->name);
}
result = ODS_STATUS_OK; /* will trigger update zones */
}
lock_basic_unlock(&zone->zone_lock);
node = ldns_rbtree_next(node);
}
/* [UNLOCK] zonelist */
lock_basic_unlock(&engine->zonelist->zl_lock);
return result;
}
int
ub_ctx_hosts(struct ub_ctx* ctx, char* fname)
{
FILE* in;
char buf[1024], ldata[1024];
char* parse, *addr, *name, *ins;
lock_basic_lock(&ctx->cfglock);
if(ctx->finalized) {
lock_basic_unlock(&ctx->cfglock);
errno=EINVAL;
return UB_AFTERFINAL;
}
lock_basic_unlock(&ctx->cfglock);
if(fname == NULL) {
#if defined(UB_ON_WINDOWS) && defined(HAVE_WINDOWS_H)
/*
* If this is Windows NT/XP/2K it's in
* %WINDIR%\system32\drivers\etc\hosts.
* If this is Windows 95/98/Me it's in %WINDIR%\hosts.
*/
name = getenv("WINDIR");
if (name != NULL) {
int retval=0;
snprintf(buf, sizeof(buf), "%s%s", name,
"\\system32\\drivers\\etc\\hosts");
if((retval=ub_ctx_hosts(ctx, buf)) !=0 ) {
snprintf(buf, sizeof(buf), "%s%s", name,
"\\hosts");
retval=ub_ctx_hosts(ctx, buf);
}
free(name);
return retval;
}
return UB_READFILE;
#else
fname = "/etc/hosts";
#endif /* WIN32 */
}
in = fopen(fname, "r");
if(!in) {
/* error in errno! perror(fname) */
return UB_READFILE;
}
while(fgets(buf, (int)sizeof(buf), in)) {
buf[sizeof(buf)-1] = 0;
parse=buf;
while(*parse == ' ' || *parse == '\t')
parse++;
if(*parse == '#')
continue; /* skip comment */
/* format: <addr> spaces <name> spaces <name> ... */
addr = parse;
/* skip addr */
while(isxdigit(*parse) || *parse == '.' || *parse == ':')
parse++;
if(*parse == '\n' || *parse == 0)
continue;
if(*parse == '%')
continue; /* ignore macOSX fe80::1%lo0 localhost */
if(*parse != ' ' && *parse != '\t') {
/* must have whitespace after address */
fclose(in);
errno=EINVAL;
return UB_SYNTAX;
}
*parse++ = 0; /* end delimiter for addr ... */
/* go to names and add them */
while(*parse) {
while(*parse == ' ' || *parse == '\t' || *parse=='\n')
parse++;
if(*parse == 0 || *parse == '#')
break;
/* skip name, allows (too) many printable characters */
name = parse;
while('!' <= *parse && *parse <= '~')
parse++;
if(*parse)
*parse++ = 0; /* end delimiter for name */
snprintf(ldata, sizeof(ldata), "%s %s %s",
name, str_is_ip6(addr)?"AAAA":"A", addr);
ins = strdup(ldata);
if(!ins) {
/* out of memory */
fclose(in);
errno=ENOMEM;
return UB_NOMEM;
}
lock_basic_lock(&ctx->cfglock);
if(!cfg_strlist_insert(&ctx->env->cfg->local_data,
ins)) {
lock_basic_unlock(&ctx->cfglock);
fclose(in);
free(ins);
errno=ENOMEM;
return UB_NOMEM;
}
lock_basic_unlock(&ctx->cfglock);
}
}
fclose(in);
return UB_NOERROR;
}
/**
* Run engine, run!.
*
*/
static void
engine_run(engine_type* engine, start_cb_t start, int single_run)
{
if (!engine) {
return;
}
ods_log_assert(engine);
engine_start_workers(engine);
engine_start_drudgers(engine);
lock_basic_lock(&engine->signal_lock);
/* [LOCK] signal */
engine->signal = SIGNAL_RUN;
/* [UNLOCK] signal */
lock_basic_unlock(&engine->signal_lock);
/* call the external start callback function */
start(engine);
while (!engine->need_to_exit && !engine->need_to_reload) {
lock_basic_lock(&engine->signal_lock);
/* [LOCK] signal */
engine->signal = signal_capture(engine->signal);
switch (engine->signal) {
case SIGNAL_RUN:
ods_log_assert(1);
break;
case SIGNAL_RELOAD:
engine->need_to_reload = 1;
break;
case SIGNAL_SHUTDOWN:
engine->need_to_exit = 1;
break;
default:
ods_log_warning("[%s] invalid signal captured: %d, "
"keep running", engine_str, signal);
engine->signal = SIGNAL_RUN;
break;
}
/* [UNLOCK] signal */
lock_basic_unlock(&engine->signal_lock);
if (single_run) {
engine->need_to_exit = 1;
/* FIXME: all tasks need to terminate, then set need_to_exit to 1 */
}
lock_basic_lock(&engine->signal_lock);
/* [LOCK] signal */
if (engine->signal == SIGNAL_RUN && !single_run) {
ods_log_debug("[%s] taking a break", engine_str);
lock_basic_sleep(&engine->signal_cond, &engine->signal_lock, 3600);
}
/* [UNLOCK] signal */
lock_basic_unlock(&engine->signal_lock);
}
ods_log_debug("[%s] enforcer halted", engine_str);
engine_stop_drudgers(engine);
engine_stop_workers(engine);
return;
}
int
ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype,
int rrclass, void* mydata, ub_callback_t callback, int* async_id)
{
struct ctx_query* q;
uint8_t* msg = NULL;
uint32_t len = 0;
if(async_id)
*async_id = 0;
lock_basic_lock(&ctx->cfglock);
if(!ctx->finalized) {
int r = context_finalize(ctx);
if(r) {
lock_basic_unlock(&ctx->cfglock);
return r;
}
}
if(!ctx->created_bg) {
int r;
ctx->created_bg = 1;
lock_basic_unlock(&ctx->cfglock);
r = libworker_bg(ctx);
if(r) {
lock_basic_lock(&ctx->cfglock);
ctx->created_bg = 0;
lock_basic_unlock(&ctx->cfglock);
return r;
}
} else {
lock_basic_unlock(&ctx->cfglock);
}
/* create new ctx_query and attempt to add to the list */
q = context_new(ctx, name, rrtype, rrclass, callback, mydata);
if(!q)
return UB_NOMEM;
/* write over pipe to background worker */
lock_basic_lock(&ctx->cfglock);
msg = context_serialize_new_query(q, &len);
if(!msg) {
(void)rbtree_delete(&ctx->queries, q->node.key);
ctx->num_async--;
context_query_delete(q);
lock_basic_unlock(&ctx->cfglock);
return UB_NOMEM;
}
if(async_id)
*async_id = q->querynum;
lock_basic_unlock(&ctx->cfglock);
lock_basic_lock(&ctx->qqpipe_lock);
if(!tube_write_msg(ctx->qq_pipe, msg, len, 0)) {
lock_basic_unlock(&ctx->qqpipe_lock);
free(msg);
return UB_PIPE;
}
lock_basic_unlock(&ctx->qqpipe_lock);
free(msg);
return UB_NOERROR;
}
/**
* Recover zone from backup.
*
*/
ods_status
zone_recover2(zone_type* zone)
{
char* filename = NULL;
FILE* fd = NULL;
const char* token = NULL;
time_t when = 0;
task_type* task = NULL;
ods_status status = ODS_STATUS_OK;
/* zone part */
int klass = 0;
uint32_t inbound = 0, internal = 0, outbound = 0;
/* signconf part */
time_t lastmod = 0;
/* nsec3params part */
const char* salt = NULL;
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->signconf);
ods_log_assert(zone->db);
filename = ods_build_path(zone->name, ".backup2", 0, 1);
if (!filename) {
return ODS_STATUS_MALLOC_ERR;
}
fd = ods_fopen(filename, NULL, "r");
if (fd) {
/* start recovery */
if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V3)) {
ods_log_error("[%s] corrupted backup file zone %s: read magic "
"error", zone_str, zone->name);
goto recover_error2;
}
if (!backup_read_check_str(fd, ";;Time:") |
!backup_read_time_t(fd, &when)) {
ods_log_error("[%s] corrupted backup file zone %s: read time "
"error", zone_str, zone->name);
goto recover_error2;
}
/* zone stuff */
if (!backup_read_check_str(fd, ";;Zone:") |
!backup_read_check_str(fd, "name") |
!backup_read_check_str(fd, zone->name)) {
ods_log_error("[%s] corrupted backup file zone %s: read name "
"error", zone_str, zone->name);
goto recover_error2;
}
if (!backup_read_check_str(fd, "class") |
!backup_read_int(fd, &klass)) {
ods_log_error("[%s] corrupted backup file zone %s: read class "
"error", zone_str, zone->name);
goto recover_error2;
}
if (!backup_read_check_str(fd, "inbound") |
!backup_read_uint32_t(fd, &inbound) |
!backup_read_check_str(fd, "internal") |
!backup_read_uint32_t(fd, &internal) |
!backup_read_check_str(fd, "outbound") |
!backup_read_uint32_t(fd, &outbound)) {
ods_log_error("[%s] corrupted backup file zone %s: read serial "
"error", zone_str, zone->name);
goto recover_error2;
}
zone->klass = (ldns_rr_class) klass;
zone->db->inbserial = inbound;
zone->db->intserial = internal;
zone->db->outserial = outbound;
/* signconf part */
if (!backup_read_check_str(fd, ";;Signconf:") |
!backup_read_check_str(fd, "lastmod") |
!backup_read_time_t(fd, &lastmod) |
!backup_read_check_str(fd, "maxzonettl") |
!backup_read_check_str(fd, "0") |
!backup_read_check_str(fd, "resign") |
!backup_read_duration(fd, &zone->signconf->sig_resign_interval) |
!backup_read_check_str(fd, "refresh") |
!backup_read_duration(fd, &zone->signconf->sig_refresh_interval) |
!backup_read_check_str(fd, "valid") |
!backup_read_duration(fd, &zone->signconf->sig_validity_default) |
!backup_read_check_str(fd, "denial") |
!backup_read_duration(fd,&zone->signconf->sig_validity_denial) |
!backup_read_check_str(fd, "jitter") |
!backup_read_duration(fd, &zone->signconf->sig_jitter) |
!backup_read_check_str(fd, "offset") |
!backup_read_duration(fd, &zone->signconf->sig_inception_offset) |
!backup_read_check_str(fd, "nsec") |
!backup_read_rr_type(fd, &zone->signconf->nsec_type) |
!backup_read_check_str(fd, "dnskeyttl") |
!backup_read_duration(fd, &zone->signconf->dnskey_ttl) |
!backup_read_check_str(fd, "soattl") |
!backup_read_duration(fd, &zone->signconf->soa_ttl) |
!backup_read_check_str(fd, "soamin") |
!backup_read_duration(fd, &zone->signconf->soa_min) |
!backup_read_check_str(fd, "serial") |
!backup_read_str(fd, &zone->signconf->soa_serial)) {
ods_log_error("[%s] corrupted backup file zone %s: read signconf "
"error", zone_str, zone->name);
goto recover_error2;
}
/* nsec3params part */
if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
if (!backup_read_check_str(fd, ";;Nsec3parameters:") |
!backup_read_check_str(fd, "salt") |
!backup_read_str(fd, &salt) |
!backup_read_check_str(fd, "algorithm") |
!backup_read_uint32_t(fd, &zone->signconf->nsec3_algo) |
!backup_read_check_str(fd, "optout") |
!backup_read_int(fd, &zone->signconf->nsec3_optout) |
!backup_read_check_str(fd, "iterations") |
!backup_read_uint32_t(fd, &zone->signconf->nsec3_iterations)) {
ods_log_error("[%s] corrupted backup file zone %s: read "
"nsec3parameters error", zone_str, zone->name);
goto recover_error2;
}
zone->signconf->nsec3_salt = allocator_strdup(
zone->signconf->allocator, salt);
free((void*) salt);
salt = NULL;
zone->signconf->nsec3params = nsec3params_create(
(void*) zone->signconf,
(uint8_t) zone->signconf->nsec3_algo,
(uint8_t) zone->signconf->nsec3_optout,
(uint16_t) zone->signconf->nsec3_iterations,
zone->signconf->nsec3_salt);
if (!zone->signconf->nsec3params) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"create nsec3param", zone_str, zone->name);
goto recover_error2;
}
}
zone->signconf->last_modified = lastmod;
zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min);
/* keys part */
zone->signconf->keys = keylist_create((void*) zone->signconf);
while (backup_read_str(fd, &token)) {
if (ods_strcmp(token, ";;Key:") == 0) {
if (!key_recover2(fd, zone->signconf->keys)) {
ods_log_error("[%s] corrupted backup file zone %s: read "
"key error", zone_str, zone->name);
goto recover_error2;
}
} else if (ods_strcmp(token, ";;") == 0) {
/* keylist done */
free((void*) token);
token = NULL;
break;
} else {
/* keylist corrupted */
goto recover_error2;
}
free((void*) token);
token = NULL;
}
/* publish dnskeys */
status = zone_publish_dnskeys(zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"publish dnskeys (%s)", zone_str, zone->name,
ods_status2str(status));
goto recover_error2;
}
/* publish nsec3param */
status = zone_publish_nsec3param(zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"publish nsec3param (%s)", zone_str, zone->name,
ods_status2str(status));
goto recover_error2;
}
/* publish other records */
status = backup_read_namedb(fd, zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"read resource records (%s)", zone_str, zone->name,
ods_status2str(status));
goto recover_error2;
}
/* task */
task = task_create(TASK_SIGN, when, (void*) zone);
if (!task) {
ods_log_error("[%s] failed to restore zone %s: unable to "
"create task", zone_str, zone->name);
goto recover_error2;
}
zone->task = (void*) task;
free((void*)filename);
ods_fclose(fd);
/* journal */
zone->db->is_initialized = 1;
filename = ods_build_path(zone->name, ".ixfr", 0, 1);
if (filename) {
fd = ods_fopen(filename, NULL, "r");
}
if (fd) {
status = backup_read_ixfr(fd, zone);
if (status != ODS_STATUS_OK) {
ods_log_warning("[%s] corrupted journal file zone %s, "
"skipping (%s)", zone_str, zone->name,
ods_status2str(status));
ixfr_cleanup(zone->ixfr);
zone->ixfr = ixfr_create((void*)zone);
}
}
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_purge(zone->ixfr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
/* all ok */
free((void*)filename);
ods_fclose(fd);
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
stats_clear(zone->stats);
lock_basic_unlock(&zone->stats->stats_lock);
}
return ODS_STATUS_OK;
}
return ODS_STATUS_UNCHANGED;
recover_error2:
free((void*)filename);
ods_fclose(fd);
/* signconf cleanup */
free((void*)salt);
salt = NULL;
signconf_cleanup(zone->signconf);
zone->signconf = signconf_create();
ods_log_assert(zone->signconf);
/* namedb cleanup */
namedb_cleanup(zone->db);
zone->db = namedb_create((void*)zone);
ods_log_assert(zone->db);
/* stats reset */
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
stats_clear(zone->stats);
lock_basic_unlock(&zone->stats->stats_lock);
}
return ODS_STATUS_ERR;
}
void
ub_ctx_delete(struct ub_ctx* ctx)
{
struct alloc_cache* a, *na;
if(!ctx) return;
/* stop the bg thread */
lock_basic_lock(&ctx->cfglock);
if(ctx->created_bg) {
uint8_t* msg;
uint32_t len;
uint32_t cmd = UB_LIBCMD_QUIT;
lock_basic_unlock(&ctx->cfglock);
lock_basic_lock(&ctx->qqpipe_lock);
(void)tube_write_msg(ctx->qq_pipe, (uint8_t*)&cmd,
(uint32_t)sizeof(cmd), 0);
lock_basic_unlock(&ctx->qqpipe_lock);
lock_basic_lock(&ctx->rrpipe_lock);
while(tube_read_msg(ctx->rr_pipe, &msg, &len, 0)) {
/* discard all results except a quit confirm */
if(context_serial_getcmd(msg, len) == UB_LIBCMD_QUIT) {
free(msg);
break;
}
free(msg);
}
lock_basic_unlock(&ctx->rrpipe_lock);
/* if bg worker is a thread, wait for it to exit, so that all
* resources are really gone. */
lock_basic_lock(&ctx->cfglock);
if(ctx->dothread) {
lock_basic_unlock(&ctx->cfglock);
ub_thread_join(ctx->bg_tid);
} else {
lock_basic_unlock(&ctx->cfglock);
}
}
else {
lock_basic_unlock(&ctx->cfglock);
}
modstack_desetup(&ctx->mods, ctx->env);
a = ctx->alloc_list;
while(a) {
na = a->super;
a->super = &ctx->superalloc;
alloc_clear(a);
free(a);
a = na;
}
local_zones_delete(ctx->local_zones);
lock_basic_destroy(&ctx->qqpipe_lock);
lock_basic_destroy(&ctx->rrpipe_lock);
lock_basic_destroy(&ctx->cfglock);
tube_delete(ctx->qq_pipe);
tube_delete(ctx->rr_pipe);
if(ctx->env) {
slabhash_delete(ctx->env->msg_cache);
rrset_cache_delete(ctx->env->rrset_cache);
infra_delete(ctx->env->infra_cache);
config_delete(ctx->env->cfg);
free(ctx->env);
}
ub_randfree(ctx->seed_rnd);
alloc_clear(&ctx->superalloc);
traverse_postorder(&ctx->queries, delq, NULL);
free(ctx);
#ifdef USE_WINSOCK
WSACleanup();
#endif
}
/** process answer from bg worker */
static int
process_answer_detail(struct ub_ctx* ctx, uint8_t* msg, uint32_t len,
ub_callback_t* cb, void** cbarg, int* err,
struct ub_result** res)
{
struct ctx_query* q;
if(context_serial_getcmd(msg, len) != UB_LIBCMD_ANSWER) {
log_err("error: bad data from bg worker %d",
(int)context_serial_getcmd(msg, len));
return 0;
}
lock_basic_lock(&ctx->cfglock);
q = context_deserialize_answer(ctx, msg, len, err);
if(!q) {
lock_basic_unlock(&ctx->cfglock);
/* probably simply the lookup that failed, i.e.
* response returned before cancel was sent out, so noerror */
return 1;
}
log_assert(q->async);
/* grab cb while locked */
if(q->cancelled) {
*cb = NULL;
*cbarg = NULL;
} else {
*cb = q->cb;
*cbarg = q->cb_arg;
}
if(*err) {
*res = NULL;
ub_resolve_free(q->res);
} else {
/* parse the message, extract rcode, fill result */
ldns_buffer* buf = ldns_buffer_new(q->msg_len);
struct regional* region = regional_create();
*res = q->res;
(*res)->rcode = LDNS_RCODE_SERVFAIL;
if(region && buf) {
ldns_buffer_clear(buf);
ldns_buffer_write(buf, q->msg, q->msg_len);
ldns_buffer_flip(buf);
libworker_enter_result(*res, buf, region,
q->msg_security);
}
(*res)->answer_packet = q->msg;
(*res)->answer_len = (int)q->msg_len;
q->msg = NULL;
ldns_buffer_free(buf);
regional_destroy(region);
}
q->res = NULL;
/* delete the q from list */
(void)rbtree_delete(&ctx->queries, q->node.key);
ctx->num_async--;
context_query_delete(q);
lock_basic_unlock(&ctx->cfglock);
if(*cb) return 2;
ub_resolve_free(*res);
return 1;
}
int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr,
int isprime)
{
char* a;
struct config_stub **prev, *elem;
/* check syntax for zone name */
if(zone) {
uint8_t* nm;
int nmlabs;
size_t nmlen;
if(!parse_dname(zone, &nm, &nmlen, &nmlabs)) {
errno=EINVAL;
return UB_SYNTAX;
}
free(nm);
} else {
zone = ".";
}
/* check syntax for addr (if not NULL) */
if(addr) {
struct sockaddr_storage storage;
socklen_t stlen;
if(!extstrtoaddr(addr, &storage, &stlen)) {
errno=EINVAL;
return UB_SYNTAX;
}
}
lock_basic_lock(&ctx->cfglock);
if(ctx->finalized) {
lock_basic_unlock(&ctx->cfglock);
errno=EINVAL;
return UB_AFTERFINAL;
}
/* arguments all right, now find or add the stub */
prev = &ctx->env->cfg->stubs;
elem = cfg_stub_find(&prev, zone);
if(!elem && !addr) {
/* not found and we want to delete, nothing to do */
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
} else if(elem && !addr) {
/* found, and we want to delete */
*prev = elem->next;
config_delstub(elem);
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
} else if(!elem) {
/* not found, create the stub entry */
elem=(struct config_stub*)calloc(1, sizeof(struct config_stub));
if(elem) elem->name = strdup(zone);
if(!elem || !elem->name) {
free(elem);
lock_basic_unlock(&ctx->cfglock);
errno = ENOMEM;
return UB_NOMEM;
}
elem->next = ctx->env->cfg->stubs;
ctx->env->cfg->stubs = elem;
}
/* add the address to the list and set settings */
elem->isprime = isprime;
a = strdup(addr);
if(!a) {
lock_basic_unlock(&ctx->cfglock);
errno = ENOMEM;
return UB_NOMEM;
}
if(!cfg_strlist_insert(&elem->addrs, a)) {
lock_basic_unlock(&ctx->cfglock);
free(a);
errno = ENOMEM;
return UB_NOMEM;
}
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
}
/**
* Write to DNS Output Adapter.
*
*/
ods_status
addns_write(void* zone)
{
FILE* fd = NULL;
char* atmpfile = NULL;
char* axfrfile = NULL;
char* itmpfile = NULL;
char* ixfrfile = NULL;
zone_type* z = (zone_type*) zone;
int ret = 0;
ods_status status = ODS_STATUS_OK;
ods_log_assert(z);
ods_log_assert(z->name);
ods_log_assert(z->adoutbound);
ods_log_assert(z->adoutbound->type == ADAPTER_DNS);
atmpfile = ods_build_path(z->name, ".axfr.tmp", 0, 1);
fd = ods_fopen(atmpfile, NULL, "w");
if (!fd) {
free((void*) atmpfile);
return ODS_STATUS_FOPEN_ERR;
}
status = adapi_printaxfr(fd, z);
ods_fclose(fd);
if (status != ODS_STATUS_OK) {
return status;
}
if (z->db->is_initialized) {
itmpfile = ods_build_path(z->name, ".ixfr.tmp", 0, 1);
fd = ods_fopen(itmpfile, NULL, "w");
if (!fd) {
free((void*) atmpfile);
free((void*) itmpfile);
return ODS_STATUS_FOPEN_ERR;
}
status = adapi_printixfr(fd, z);
if (status != ODS_STATUS_OK) {
return status;
}
ods_fclose(fd);
}
/* lock and move */
axfrfile = ods_build_path(z->name, ".axfr", 0, 1);
lock_basic_lock(&z->xfr_lock);
ret = rename(atmpfile, axfrfile);
if (ret != 0) {
ods_log_error("[%s] unable to rename file %s to %s: %s", adapter_str,
atmpfile, axfrfile, strerror(errno));
lock_basic_unlock(&z->xfr_lock);
free((void*) atmpfile);
free((void*) axfrfile);
free((void*) itmpfile);
return ODS_STATUS_RENAME_ERR;
}
free((void*) atmpfile);
free((void*) axfrfile);
if (z->db->is_initialized) {
ixfrfile = ods_build_path(z->name, ".ixfr", 0, 1);
ret = rename(itmpfile, ixfrfile);
if (ret != 0) {
ods_log_error("[%s] unable to rename file %s to %s: %s",
adapter_str, itmpfile, ixfrfile, strerror(errno));
lock_basic_unlock(&z->xfr_lock);
free((void*) itmpfile);
free((void*) ixfrfile);
return ODS_STATUS_RENAME_ERR;
}
free((void*) itmpfile);
free((void*) ixfrfile);
}
lock_basic_unlock(&z->xfr_lock);
dnsout_send_notify(zone);
return ODS_STATUS_OK;
}
int
anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
{
struct config_strlist* f;
const char** zstr;
char* nm;
sldns_buffer* parsebuf = sldns_buffer_new(65535);
if(cfg->insecure_lan_zones) {
for(zstr = as112_zones; *zstr; zstr++) {
if(!anchor_insert_insecure(anchors, *zstr)) {
log_err("error in insecure-lan-zones: %s", *zstr);
sldns_buffer_free(parsebuf);
return 0;
}
}
}
for(f = cfg->domain_insecure; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!anchor_insert_insecure(anchors, f->str)) {
log_err("error in domain-insecure: %s", f->str);
sldns_buffer_free(parsebuf);
return 0;
}
}
for(f = cfg->trust_anchor_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!anchor_read_file(anchors, parsebuf, nm, 0)) {
log_err("error reading trust-anchor-file: %s", f->str);
sldns_buffer_free(parsebuf);
return 0;
}
}
for(f = cfg->trusted_keys_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!anchor_read_bind_file_wild(anchors, parsebuf, nm)) {
log_err("error reading trusted-keys-file: %s", f->str);
sldns_buffer_free(parsebuf);
return 0;
}
}
for(f = cfg->trust_anchor_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!anchor_store_str(anchors, parsebuf, f->str)) {
log_err("error in trust-anchor: \"%s\"", f->str);
sldns_buffer_free(parsebuf);
return 0;
}
}
if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) {
struct trust_anchor* dlva;
nm = cfg->dlv_anchor_file;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!(dlva = anchor_read_file(anchors, parsebuf,
nm, 1))) {
log_err("error reading dlv-anchor-file: %s",
cfg->dlv_anchor_file);
sldns_buffer_free(parsebuf);
return 0;
}
lock_basic_lock(&anchors->lock);
anchors->dlv_anchor = dlva;
lock_basic_unlock(&anchors->lock);
}
for(f = cfg->dlv_anchor_list; f; f = f->next) {
struct trust_anchor* dlva;
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!(dlva = anchor_store_str(
anchors, parsebuf, f->str))) {
log_err("error in dlv-anchor: \"%s\"", f->str);
sldns_buffer_free(parsebuf);
return 0;
}
lock_basic_lock(&anchors->lock);
anchors->dlv_anchor = dlva;
lock_basic_unlock(&anchors->lock);
}
/* do autr last, so that it sees what anchors are filled by other
* means can can print errors about double config for the name */
for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
nm = f->str;
if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
nm += strlen(cfg->chrootdir);
if(!autr_read_file(anchors, nm)) {
log_err("error reading auto-trust-anchor-file: %s",
f->str);
sldns_buffer_free(parsebuf);
return 0;
}
}
/* first assemble, since it may delete useless anchors */
anchors_assemble_rrsets(anchors);
init_parents(anchors);
sldns_buffer_free(parsebuf);
if(verbosity >= VERB_ALGO) autr_debug_print(anchors);
return 1;
}
/** extended thread worker */
static void*
ext_thread(void* arg)
{
struct ext_thr_info* inf = (struct ext_thr_info*)arg;
int i, r;
struct ub_result* result;
struct track_id* async_ids = NULL;
log_thread_set(&inf->thread_num);
if(inf->thread_num > NUMTHR*2/3) {
async_ids = (struct track_id*)calloc((size_t)inf->numq, sizeof(struct track_id));
if(!async_ids) {
printf("out of memory\n");
exit(1);
}
for(i=0; i<inf->numq; i++) {
lock_basic_init(&async_ids[i].lock);
}
}
for(i=0; i<inf->numq; i++) {
if(async_ids) {
r = ub_resolve_async(inf->ctx,
inf->argv[i%inf->argc], LDNS_RR_TYPE_A,
LDNS_RR_CLASS_IN, &async_ids[i], ext_callback,
&async_ids[i].id);
checkerr("ub_resolve_async", r);
if(i > 100) {
lock_basic_lock(&async_ids[i-100].lock);
r = ub_cancel(inf->ctx, async_ids[i-100].id);
if(r != UB_NOID)
async_ids[i-100].cancel=1;
lock_basic_unlock(&async_ids[i-100].lock);
if(r != UB_NOID)
checkerr("ub_cancel", r);
}
} else if(inf->thread_num > NUMTHR/2) {
/* async */
r = ub_resolve_async(inf->ctx,
inf->argv[i%inf->argc], LDNS_RR_TYPE_A,
LDNS_RR_CLASS_IN, NULL, ext_callback, NULL);
checkerr("ub_resolve_async", r);
} else {
/* blocking */
r = ub_resolve(inf->ctx, inf->argv[i%inf->argc],
LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, &result);
ext_check_result("ub_resolve", r, result);
ub_resolve_free(result);
}
}
if(inf->thread_num > NUMTHR/2) {
r = ub_wait(inf->ctx);
checkerr("ub_ctx_wait", r);
}
/* if these locks are destroyed, or if the async_ids is freed, then
a use-after-free happens in another thread.
The allocation is only part of this test, though. */
/*
if(async_ids) {
for(i=0; i<inf->numq; i++) {
lock_basic_destroy(&async_ids[i].lock);
}
}
free(async_ids);
*/
return NULL;
}
int
ub_ctx_set_fwd(struct ub_ctx* ctx, char* addr)
{
struct sockaddr_storage storage;
socklen_t stlen;
struct config_stub* s;
char* dupl;
lock_basic_lock(&ctx->cfglock);
if(ctx->finalized) {
lock_basic_unlock(&ctx->cfglock);
errno=EINVAL;
return UB_AFTERFINAL;
}
if(!addr) {
/* disable fwd mode - the root stub should be first. */
if(ctx->env->cfg->forwards &&
strcmp(ctx->env->cfg->forwards->name, ".") == 0) {
s = ctx->env->cfg->forwards;
ctx->env->cfg->forwards = s->next;
s->next = NULL;
config_delstubs(s);
}
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
}
lock_basic_unlock(&ctx->cfglock);
/* check syntax for addr */
if(!extstrtoaddr(addr, &storage, &stlen)) {
errno=EINVAL;
return UB_SYNTAX;
}
/* it parses, add root stub in front of list */
lock_basic_lock(&ctx->cfglock);
if(!ctx->env->cfg->forwards ||
strcmp(ctx->env->cfg->forwards->name, ".") != 0) {
s = calloc(1, sizeof(*s));
if(!s) {
lock_basic_unlock(&ctx->cfglock);
errno=ENOMEM;
return UB_NOMEM;
}
s->name = strdup(".");
if(!s->name) {
free(s);
lock_basic_unlock(&ctx->cfglock);
errno=ENOMEM;
return UB_NOMEM;
}
s->next = ctx->env->cfg->forwards;
ctx->env->cfg->forwards = s;
} else {
log_assert(ctx->env->cfg->forwards);
s = ctx->env->cfg->forwards;
}
dupl = strdup(addr);
if(!dupl) {
lock_basic_unlock(&ctx->cfglock);
errno=ENOMEM;
return UB_NOMEM;
}
if(!cfg_strlist_insert(&s->addrs, dupl)) {
free(dupl);
lock_basic_unlock(&ctx->cfglock);
errno=ENOMEM;
return UB_NOMEM;
}
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
}
/**
* NOTIFY.
*
*/
static query_state
query_process_notify(query_type* q, ldns_rr_type qtype, void* engine)
{
engine_type* e = (engine_type*) engine;
dnsin_type* dnsin = NULL;
uint16_t count = 0;
uint16_t rrcount = 0;
uint32_t serial = 0;
size_t pos = 0;
char address[128];
if (!e || !q || !q->zone) {
return QUERY_DISCARDED;
}
ods_log_assert(e->dnshandler);
ods_log_assert(q->zone->name);
ods_log_debug("[%s] incoming notify for zone %s", query_str,
q->zone->name);
if (buffer_pkt_rcode(q->buffer) != LDNS_RCODE_NOERROR ||
buffer_pkt_qr(q->buffer) ||
!buffer_pkt_aa(q->buffer) ||
buffer_pkt_tc(q->buffer) ||
buffer_pkt_rd(q->buffer) ||
buffer_pkt_ra(q->buffer) ||
buffer_pkt_ad(q->buffer) ||
buffer_pkt_cd(q->buffer) ||
buffer_pkt_qdcount(q->buffer) != 1 ||
buffer_pkt_ancount(q->buffer) > 1 ||
qtype != LDNS_RR_TYPE_SOA) {
return query_formerr(q);
}
if (!q->zone->adinbound || q->zone->adinbound->type != ADAPTER_DNS) {
ods_log_error("[%s] zone %s is not configured to have input dns "
"adapter", query_str, q->zone->name);
return query_notauth(q);
}
ods_log_assert(q->zone->adinbound->config);
dnsin = (dnsin_type*) q->zone->adinbound->config;
if (!acl_find(dnsin->allow_notify, &q->addr, q->tsig_rr)) {
if (addr2ip(q->addr, address, sizeof(address))) {
ods_log_info("[%s] unauthorized notify for zone %s from client %s: "
"no acl matches", query_str, q->zone->name, address);
} else {
ods_log_info("[%s] unauthorized notify for zone %s from unknown "
"client: no acl matches", query_str, q->zone->name);
}
return query_notauth(q);
}
ods_log_assert(q->zone->xfrd);
/* skip header and question section */
buffer_skip(q->buffer, BUFFER_PKT_HEADER_SIZE);
count = buffer_pkt_qdcount(q->buffer);
for (rrcount = 0; rrcount < count; rrcount++) {
if (!buffer_skip_rr(q->buffer, 1)) {
ods_log_error("[%s] dropped packet: zone %s received bad notify "
"(bad question section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
}
pos = buffer_position(q->buffer);
/* examine answer section */
count = buffer_pkt_ancount(q->buffer);
if (count) {
if (!buffer_skip_dname(q->buffer) ||
!query_parse_soa(q->buffer, &serial)) {
ods_log_error("[%s] dropped packet: zone %s received bad notify "
"(bad soa in answer section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
lock_basic_lock(&q->zone->xfrd->serial_lock);
q->zone->xfrd->serial_notify = serial;
q->zone->xfrd->serial_notify_acquired = time_now();
if (!util_serial_gt(q->zone->xfrd->serial_notify,
q->zone->xfrd->serial_disk)) {
ods_log_debug("[%s] ignore notify: already got zone %s serial "
"%u on disk", query_str, q->zone->name,
q->zone->xfrd->serial_notify);
lock_basic_unlock(&q->zone->xfrd->serial_lock);
goto send_notify_ok;
}
lock_basic_unlock(&q->zone->xfrd->serial_lock);
} else {
lock_basic_lock(&q->zone->xfrd->serial_lock);
q->zone->xfrd->serial_notify = 0;
q->zone->xfrd->serial_notify_acquired = 0;
lock_basic_unlock(&q->zone->xfrd->serial_lock);
}
/* forward notify to xfrd */
xfrd_set_timer_now(q->zone->xfrd);
dnshandler_fwd_notify(e->dnshandler, buffer_begin(q->buffer),
buffer_remaining(q->buffer));
send_notify_ok:
/* send notify ok */
buffer_pkt_set_qr(q->buffer);
buffer_pkt_set_aa(q->buffer);
buffer_pkt_set_ancount(q->buffer, 0);
buffer_clear(q->buffer); /* lim = pos, pos = 0; */
buffer_set_position(q->buffer, pos);
buffer_set_limit(q->buffer, buffer_capacity(q->buffer));
q->reserved_space = edns_rr_reserved_space(q->edns_rr);
q->reserved_space += tsig_rr_reserved_space(q->tsig_rr);
return QUERY_PROCESSED;
}
/**
* Start engine.
*
*/
int
engine_start(const char* cfgfile, int cmdline_verbosity, int daemonize,
int info, int single_run)
{
engine_type* engine = NULL;
int use_syslog = 0;
ods_status zl_changed = ODS_STATUS_UNCHANGED;
ods_status status = ODS_STATUS_OK;
int close_hsm = 0;
int ret = 1;
ods_log_assert(cfgfile);
ods_log_init(NULL, use_syslog, cmdline_verbosity);
ods_log_verbose("[%s] starting signer", engine_str);
/* initialize */
xmlInitGlobals();
xmlInitParser();
xmlInitThreads();
engine = engine_create();
if (!engine) {
ods_fatal_exit("[%s] create failed", engine_str);
return ret;
}
engine->daemonize = daemonize;
/* config */
engine->config = engine_config(engine->allocator, cfgfile,
cmdline_verbosity);
status = engine_config_check(engine->config);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] cfgfile %s has errors", engine_str, cfgfile);
goto earlyexit;
}
if (info) {
engine_config_print(stdout, engine->config); /* for debugging */
goto earlyexit;
}
/* check pidfile */
if (!util_check_pidfile(engine->config->pid_filename)) {
exit(1);
}
/* open log */
ods_log_init(engine->config->log_filename, engine->config->use_syslog,
engine->config->verbosity);
/* setup */
tzset(); /* for portability */
status = engine_setup(engine);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] setup failed: %s", engine_str,
ods_status2str(status));
if (status != ODS_STATUS_WRITE_PIDFILE_ERR) {
/* command handler had not yet been started */
engine->cmdhandler_done = 1;
}
goto earlyexit;
} else {
/* setup ok, mark hsm open */
ret = 1;
close_hsm = 1;
}
/* run */
while (engine->need_to_exit == 0) {
/* update zone list */
lock_basic_lock(&engine->zonelist->zl_lock);
zl_changed = zonelist_update(engine->zonelist,
engine->config->zonelist_filename);
engine->zonelist->just_removed = 0;
engine->zonelist->just_added = 0;
engine->zonelist->just_updated = 0;
lock_basic_unlock(&engine->zonelist->zl_lock);
/* start/reload */
if (engine->need_to_reload) {
ods_log_info("[%s] signer reloading", engine_str);
engine->need_to_reload = 0;
} else {
ods_log_info("[%s] signer started (version %s), pid %u",
engine_str, PACKAGE_VERSION, engine->pid);
zl_changed = engine_recover(engine);
}
if (zl_changed == ODS_STATUS_OK ||
zl_changed == ODS_STATUS_UNCHANGED) {
engine_update_zones(engine, zl_changed);
}
engine_run(engine, single_run);
}
/* shutdown */
ods_log_info("[%s] signer shutdown", engine_str);
if (close_hsm) {
ods_log_verbose("[%s] close hsm", engine_str);
hsm_close();
}
if (!engine->cmdhandler_done) {
engine_stop_xfrhandler(engine);
engine_stop_dnshandler(engine);
engine_stop_cmdhandler(engine);
}
earlyexit:
if (engine && engine->config) {
if (engine->config->pid_filename) {
(void)unlink(engine->config->pid_filename);
}
if (engine->config->clisock_filename) {
(void)unlink(engine->config->clisock_filename);
}
}
tsig_handler_cleanup();
engine_cleanup(engine);
engine = NULL;
ods_log_close();
xmlCleanupParser();
xmlCleanupGlobals();
xmlCleanupThreads();
return ret;
}
