/**
* NOTIFY.
*
*/
static query_state
query_process_notify(query_type* q, ldns_rr_type qtype, void* engine)
{
engine_type* e = (engine_type*) engine;
dnsin_type* dnsin = NULL;
uint16_t count = 0;
uint16_t rrcount = 0;
uint32_t serial = 0;
size_t pos = 0;
char address[128];
if (!e || !q || !q->zone) {
return QUERY_DISCARDED;
}
ods_log_assert(e->dnshandler);
ods_log_assert(q->zone->name);
ods_log_debug("[%s] incoming notify for zone %s", query_str,
q->zone->name);
if (buffer_pkt_rcode(q->buffer) != LDNS_RCODE_NOERROR ||
buffer_pkt_qr(q->buffer) ||
!buffer_pkt_aa(q->buffer) ||
buffer_pkt_tc(q->buffer) ||
buffer_pkt_rd(q->buffer) ||
buffer_pkt_ra(q->buffer) ||
buffer_pkt_ad(q->buffer) ||
buffer_pkt_cd(q->buffer) ||
buffer_pkt_qdcount(q->buffer) != 1 ||
buffer_pkt_ancount(q->buffer) > 1 ||
qtype != LDNS_RR_TYPE_SOA) {
return query_formerr(q);
}
if (!q->zone->adinbound || q->zone->adinbound->type != ADAPTER_DNS) {
ods_log_error("[%s] zone %s is not configured to have input dns "
"adapter", query_str, q->zone->name);
return query_notauth(q);
}
ods_log_assert(q->zone->adinbound->config);
dnsin = (dnsin_type*) q->zone->adinbound->config;
if (!acl_find(dnsin->allow_notify, &q->addr, q->tsig_rr)) {
if (addr2ip(q->addr, address, sizeof(address))) {
ods_log_info("[%s] unauthorized notify for zone %s from client %s: "
"no acl matches", query_str, q->zone->name, address);
} else {
ods_log_info("[%s] unauthorized notify for zone %s from unknown "
"client: no acl matches", query_str, q->zone->name);
}
return query_notauth(q);
}
ods_log_assert(q->zone->xfrd);
/* skip header and question section */
buffer_skip(q->buffer, BUFFER_PKT_HEADER_SIZE);
count = buffer_pkt_qdcount(q->buffer);
for (rrcount = 0; rrcount < count; rrcount++) {
if (!buffer_skip_rr(q->buffer, 1)) {
ods_log_error("[%s] dropped packet: zone %s received bad notify "
"(bad question section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
}
pos = buffer_position(q->buffer);
/* examine answer section */
count = buffer_pkt_ancount(q->buffer);
if (count) {
if (!buffer_skip_dname(q->buffer) ||
!query_parse_soa(q->buffer, &serial)) {
ods_log_error("[%s] dropped packet: zone %s received bad notify "
"(bad soa in answer section)", query_str, q->zone->name);
return QUERY_DISCARDED;
}
lock_basic_lock(&q->zone->xfrd->serial_lock);
q->zone->xfrd->serial_notify = serial;
q->zone->xfrd->serial_notify_acquired = time_now();
if (!util_serial_gt(q->zone->xfrd->serial_notify,
q->zone->xfrd->serial_disk)) {
ods_log_debug("[%s] ignore notify: already got zone %s serial "
"%u on disk", query_str, q->zone->name,
q->zone->xfrd->serial_notify);
lock_basic_unlock(&q->zone->xfrd->serial_lock);
goto send_notify_ok;
}
lock_basic_unlock(&q->zone->xfrd->serial_lock);
} else {
lock_basic_lock(&q->zone->xfrd->serial_lock);
q->zone->xfrd->serial_notify = 0;
q->zone->xfrd->serial_notify_acquired = 0;
lock_basic_unlock(&q->zone->xfrd->serial_lock);
}
/* forward notify to xfrd */
xfrd_set_timer_now(q->zone->xfrd);
dnshandler_fwd_notify(e->dnshandler, buffer_begin(q->buffer),
buffer_remaining(q->buffer));
send_notify_ok:
/* send notify ok */
buffer_pkt_set_qr(q->buffer);
buffer_pkt_set_aa(q->buffer);
buffer_pkt_set_ancount(q->buffer, 0);
buffer_clear(q->buffer); /* lim = pos, pos = 0; */
buffer_set_position(q->buffer, pos);
buffer_set_limit(q->buffer, buffer_capacity(q->buffer));
q->reserved_space = edns_rr_reserved_space(q->edns_rr);
q->reserved_space += tsig_rr_reserved_space(q->tsig_rr);
return QUERY_PROCESSED;
}
/**
* Update zones.
*
*/
void
engine_update_zones(engine_type* engine, ods_status zl_changed)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
zone_type* zone = NULL;
zone_type* delzone = NULL;
task_type* task = NULL;
ods_status status = ODS_STATUS_OK;
unsigned wake_up = 0;
int warnings = 0;
time_t now = 0;
if (!engine || !engine->zonelist || !engine->zonelist->zones) {
return;
}
now = time_now();
ods_log_debug("[%s] commit zone list changes", engine_str);
lock_basic_lock(&engine->zonelist->zl_lock);
node = ldns_rbtree_first(engine->zonelist->zones);
while (node && node != LDNS_RBTREE_NULL) {
zone = (zone_type*) node->data;
task = NULL; /* reset task */
if (zone->zl_status == ZONE_ZL_REMOVED) {
node = ldns_rbtree_next(node);
lock_basic_lock(&zone->zone_lock);
delzone = zonelist_del_zone(engine->zonelist, zone);
if (delzone) {
lock_basic_lock(&engine->taskq->schedule_lock);
task = unschedule_task(engine->taskq,
(task_type*) zone->task);
lock_basic_unlock(&engine->taskq->schedule_lock);
}
task_cleanup(task);
task = NULL;
lock_basic_unlock(&zone->zone_lock);
netio_remove_handler(engine->xfrhandler->netio,
&zone->xfrd->handler);
zone_cleanup(zone);
zone = NULL;
continue;
} else if (zone->zl_status == ZONE_ZL_ADDED) {
lock_basic_lock(&zone->zone_lock);
ods_log_assert(!zone->task);
/* set notify nameserver command */
if (engine->config->notify_command && !zone->notify_ns) {
set_notify_ns(zone, engine->config->notify_command);
}
/* create task */
task = task_create(TASK_SIGNCONF, now, zone);
lock_basic_unlock(&zone->zone_lock);
if (!task) {
ods_log_crit("[%s] unable to create task for zone %s: "
"task_create() failed", engine_str, zone->name);
node = ldns_rbtree_next(node);
continue;
}
}
/* load adapter config */
status = adapter_load_config(zone->adinbound);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to load config for inbound adapter "
"for zone %s: %s", engine_str, zone->name,
ods_status2str(status));
}
status = adapter_load_config(zone->adoutbound);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to load config for outbound adapter "
"for zone %s: %s", engine_str, zone->name,
ods_status2str(status));
}
/* for dns adapters */
warnings += dnsconfig_zone(engine, zone);
if (zone->zl_status == ZONE_ZL_ADDED) {
ods_log_assert(task);
lock_basic_lock(&zone->zone_lock);
zone->task = task;
lock_basic_unlock(&zone->zone_lock);
lock_basic_lock(&engine->taskq->schedule_lock);
status = schedule_task(engine->taskq, task, 0);
lock_basic_unlock(&engine->taskq->schedule_lock);
} else if (zl_changed == ODS_STATUS_OK) {
/* always try to update signconf */
lock_basic_lock(&zone->zone_lock);
status = zone_reschedule_task(zone, engine->taskq, TASK_SIGNCONF);
lock_basic_unlock(&zone->zone_lock);
}
if (status != ODS_STATUS_OK) {
ods_log_crit("[%s] unable to schedule task for zone %s: %s",
engine_str, zone->name, ods_status2str(status));
} else {
wake_up = 1;
zone->zl_status = ZONE_ZL_OK;
}
node = ldns_rbtree_next(node);
}
lock_basic_unlock(&engine->zonelist->zl_lock);
if (engine->dnshandler) {
dnshandler_fwd_notify(engine->dnshandler,
(uint8_t*) ODS_SE_NOTIFY_CMD, strlen(ODS_SE_NOTIFY_CMD));
} else if (warnings) {
ods_log_warning("[%s] no dnshandler/listener configured, but zones "
"are configured with dns adapters: notify and zone transfer "
"requests will not work properly", engine_str);
}
if (wake_up) {
engine_wakeup_workers(engine);
}
return;
}
/**
* Write zone to output adapter.
*
*/
ods_status
tools_output(zone_type* zone, engine_type* engine)
{
ods_status status = ODS_STATUS_OK;
ods_log_assert(engine);
ods_log_assert(engine->config);
ods_log_assert(zone);
ods_log_assert(zone->db);
ods_log_assert(zone->name);
ods_log_assert(zone->signconf);
ods_log_assert(zone->adoutbound);
/* prepare */
if (zone->stats) {
pthread_mutex_lock(&zone->stats->stats_lock);
if (zone->stats->sort_done == 0 &&
(zone->stats->sig_count <= zone->stats->sig_soa_count)) {
ods_log_verbose("[%s] skip write zone %s serial %u (zone not "
"changed)", tools_str, zone->name?zone->name:"(null)",
zone->db->intserial);
stats_clear(zone->stats);
pthread_mutex_unlock(&zone->stats->stats_lock);
zone->db->intserial =
zone->db->outserial;
return ODS_STATUS_OK;
}
pthread_mutex_unlock(&zone->stats->stats_lock);
}
/* Output Adapter */
status = adapter_write((void*)zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to write zone %s: adapter failed (%s)",
tools_str, zone->name, ods_status2str(status));
return status;
}
zone->db->outserial = zone->db->intserial;
zone->db->is_initialized = 1;
zone->db->have_serial = 1;
pthread_mutex_lock(&zone->ixfr->ixfr_lock);
ixfr_purge(zone->ixfr, zone->name);
pthread_mutex_unlock(&zone->ixfr->ixfr_lock);
/* kick the nameserver */
if (zone->notify_ns) {
int pid_status;
pid_t pid, wpid;
ods_log_verbose("[%s] notify nameserver: %s", tools_str,
zone->notify_ns);
/** fork */
switch ((pid = fork())) {
case -1: /* error */
ods_log_error("[%s] notify nameserver failed: unable to fork "
"(%s)", tools_str, strerror(errno));
return ODS_STATUS_FORK_ERR;
case 0: /* child */
/** close fds */
ods_closeall(0);
/** execv */
execvp(zone->notify_ns, zone->notify_args);
/** error */
ods_log_error("[%s] notify nameserver failed: execv() failed "
"(%s)", tools_str, strerror(errno));
exit(1);
break;
default: /* parent */
ods_log_debug("[%s] notify nameserver process forked",
tools_str);
/** wait for completion */
while((wpid = waitpid(pid, &pid_status, 0)) <= 0) {
if (errno != EINTR) {
break;
}
}
if (wpid == -1) {
ods_log_error("[%s] notify nameserver failed: waitpid() "
"failed (%s)", tools_str, strerror(errno));
} else if (!WIFEXITED(pid_status)) {
ods_log_error("[%s] notify nameserver failed: notify "
"command did not terminate normally", tools_str);
} else {
ods_log_verbose("[%s] notify nameserver ok", tools_str);
}
break;
}
}
/* log stats */
if (zone->stats) {
pthread_mutex_lock(&zone->stats->stats_lock);
zone->stats->end_time = time(NULL);
ods_log_debug("[%s] log stats for zone %s serial %u", tools_str,
zone->name?zone->name:"(null)", (unsigned) zone->db->outserial);
stats_log(zone->stats, zone->name, zone->db->outserial,
zone->signconf->nsec_type);
stats_clear(zone->stats);
pthread_mutex_unlock(&zone->stats->stats_lock);
}
if (engine->dnshandler) {
ods_log_debug("[%s] forward a notify", tools_str);
dnshandler_fwd_notify(engine->dnshandler, (uint8_t*) ODS_SE_NOTIFY_CMD,
strlen(ODS_SE_NOTIFY_CMD));
}
return status;
}
