File: | src/usr.sbin/nsd/options.c |
Warning: | line 2204, column 25 Null pointer passed as 1st argument to string comparison function |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* | |||
2 | * options.c -- options functions. | |||
3 | * | |||
4 | * Copyright (c) 2001-2006, NLnet Labs. All rights reserved. | |||
5 | * | |||
6 | * See LICENSE for the license. | |||
7 | * | |||
8 | */ | |||
9 | #include "config.h" | |||
10 | #include <string.h> | |||
11 | #include <stdio.h> | |||
12 | #include <sys/stat.h> | |||
13 | #include <errno(*__errno()).h> | |||
14 | #ifdef HAVE_IFADDRS_H1 | |||
15 | #include <ifaddrs.h> | |||
16 | #endif | |||
17 | #include "options.h" | |||
18 | #include "query.h" | |||
19 | #include "tsig.h" | |||
20 | #include "ixfr.h" | |||
21 | #include "difffile.h" | |||
22 | #include "rrl.h" | |||
23 | #include "bitset.h" | |||
24 | ||||
25 | #include "configparser.h" | |||
26 | config_parser_state_type* cfg_parser = 0; | |||
27 | extern FILE* c_in, *c_out; | |||
28 | int c_parse(void); | |||
29 | int c_lex(void); | |||
30 | int c_wrap(void); | |||
31 | int c_lex_destroy(void); | |||
32 | extern char* c_text; | |||
33 | ||||
34 | static int | |||
35 | rbtree_strcmp(const void* p1, const void* p2) | |||
36 | { | |||
37 | if(p1 == NULL((void *)0) && p2 == NULL((void *)0)) return 0; | |||
38 | if(p1 == NULL((void *)0)) return -1; | |||
39 | if(p2 == NULL((void *)0)) return 1; | |||
40 | return strcmp((const char*)p1, (const char*)p2); | |||
41 | } | |||
42 | ||||
43 | struct nsd_options* | |||
44 | nsd_options_create(region_type* region) | |||
45 | { | |||
46 | struct nsd_options* opt; | |||
47 | opt = (struct nsd_options*)region_alloc(region, sizeof( | |||
48 | struct nsd_options)); | |||
49 | opt->region = region; | |||
50 | opt->zone_options = rbtree_create(region, | |||
51 | (int (*)(const void *, const void *)) dname_compare); | |||
52 | opt->configfile = NULL((void *)0); | |||
53 | opt->zonestatnames = rbtree_create(opt->region, rbtree_strcmp); | |||
54 | opt->patterns = rbtree_create(region, rbtree_strcmp); | |||
55 | opt->keys = rbtree_create(region, rbtree_strcmp); | |||
56 | opt->tls_auths = rbtree_create(region, rbtree_strcmp); | |||
57 | opt->ip_addresses = NULL((void *)0); | |||
58 | opt->ip_transparent = 0; | |||
59 | opt->ip_freebind = 0; | |||
60 | opt->send_buffer_size = 0; | |||
61 | opt->receive_buffer_size = 0; | |||
62 | opt->debug_mode = 0; | |||
63 | opt->verbosity = 0; | |||
64 | opt->hide_version = 0; | |||
65 | opt->hide_identity = 0; | |||
66 | opt->drop_updates = 0; | |||
67 | opt->do_ip4 = 1; | |||
68 | opt->do_ip6 = 1; | |||
69 | opt->identity = 0; | |||
70 | opt->version = 0; | |||
71 | opt->nsid = 0; | |||
72 | opt->logfile = 0; | |||
73 | opt->log_only_syslog = 0; | |||
74 | opt->log_time_ascii = 1; | |||
75 | opt->round_robin = 0; /* also packet.h::round_robin */ | |||
76 | opt->minimal_responses = 1; /* also packet.h::minimal_responses */ | |||
77 | opt->confine_to_zone = 0; | |||
78 | opt->refuse_any = 1; | |||
79 | opt->server_count = 1; | |||
80 | opt->cpu_affinity = NULL((void *)0); | |||
81 | opt->service_cpu_affinity = NULL((void *)0); | |||
82 | opt->tcp_count = 100; | |||
83 | opt->tcp_reject_overflow = 0; | |||
84 | opt->tcp_query_count = 0; | |||
85 | opt->tcp_timeout = TCP_TIMEOUT120; | |||
86 | opt->tcp_mss = 0; | |||
87 | opt->outgoing_tcp_mss = 0; | |||
88 | opt->ipv4_edns_size = EDNS_MAX_MESSAGE_LEN1232; | |||
89 | opt->ipv6_edns_size = EDNS_MAX_MESSAGE_LEN1232; | |||
90 | opt->pidfile = PIDFILE""; | |||
91 | opt->port = UDP_PORT"53"; | |||
92 | /* deprecated? opt->port = TCP_PORT; */ | |||
93 | opt->reuseport = 0; | |||
94 | opt->xfrd_tcp_max = 128; | |||
95 | opt->xfrd_tcp_pipeline = 128; | |||
96 | opt->statistics = 0; | |||
97 | opt->chroot = 0; | |||
98 | opt->username = USER"_nsd"; | |||
99 | opt->zonesdir = ZONESDIR"/var/nsd/zones"; | |||
100 | opt->xfrdfile = XFRDFILE"/var/nsd/run/xfrd.state"; | |||
101 | opt->xfrdir = XFRDIR"/var/nsd/run/xfr"; | |||
102 | opt->zonelistfile = ZONELISTFILE"/var/nsd/db/zone.list"; | |||
103 | #ifdef RATELIMIT | |||
104 | opt->rrl_size = RRL_BUCKETS1000000; | |||
105 | opt->rrl_slip = RRL_SLIP2; | |||
106 | opt->rrl_ipv4_prefix_length = RRL_IPV4_PREFIX_LENGTH24; | |||
107 | opt->rrl_ipv6_prefix_length = RRL_IPV6_PREFIX_LENGTH64; | |||
108 | # ifdef RATELIMIT_DEFAULT_OFF | |||
109 | opt->rrl_ratelimit = 0; | |||
110 | opt->rrl_whitelist_ratelimit = 0; | |||
111 | # else | |||
112 | opt->rrl_ratelimit = RRL_LIMIT400/2; | |||
113 | opt->rrl_whitelist_ratelimit = RRL_WLIST_LIMIT4000/2; | |||
114 | # endif | |||
115 | #endif | |||
116 | #ifdef USE_DNSTAP | |||
117 | opt->dnstap_enable = 0; | |||
118 | opt->dnstap_socket_path = DNSTAP_SOCKET_PATH; | |||
119 | opt->dnstap_ip = ""; | |||
120 | opt->dnstap_tls = 1; | |||
121 | opt->dnstap_tls_server_name = NULL((void *)0); | |||
122 | opt->dnstap_tls_cert_bundle = NULL((void *)0); | |||
123 | opt->dnstap_tls_client_key_file = NULL((void *)0); | |||
124 | opt->dnstap_tls_client_cert_file = NULL((void *)0); | |||
125 | opt->dnstap_send_identity = 0; | |||
126 | opt->dnstap_send_version = 0; | |||
127 | opt->dnstap_identity = NULL((void *)0); | |||
128 | opt->dnstap_version = NULL((void *)0); | |||
129 | opt->dnstap_log_auth_query_messages = 0; | |||
130 | opt->dnstap_log_auth_response_messages = 0; | |||
131 | #endif | |||
132 | opt->zonefiles_check = 1; | |||
133 | opt->zonefiles_write = ZONEFILES_WRITE_INTERVAL3600; | |||
134 | opt->xfrd_reload_timeout = 1; | |||
135 | opt->tls_service_key = NULL((void *)0); | |||
136 | opt->tls_service_ocsp = NULL((void *)0); | |||
137 | opt->tls_service_pem = NULL((void *)0); | |||
138 | opt->tls_port = TLS_PORT"853"; | |||
139 | opt->tls_cert_bundle = NULL((void *)0); | |||
140 | opt->proxy_protocol_port = NULL((void *)0); | |||
141 | opt->answer_cookie = 1; | |||
142 | opt->cookie_secret = NULL((void *)0); | |||
143 | opt->cookie_secret_file = CONFIGDIR"/var/nsd/etc""/nsd_cookiesecrets.txt"; | |||
144 | opt->control_enable = 0; | |||
145 | opt->control_interface = NULL((void *)0); | |||
146 | opt->control_port = NSD_CONTROL_PORT8952; | |||
147 | opt->server_key_file = CONFIGDIR"/var/nsd/etc""/nsd_server.key"; | |||
148 | opt->server_cert_file = CONFIGDIR"/var/nsd/etc""/nsd_server.pem"; | |||
149 | opt->control_key_file = CONFIGDIR"/var/nsd/etc""/nsd_control.key"; | |||
150 | opt->control_cert_file = CONFIGDIR"/var/nsd/etc""/nsd_control.pem"; | |||
151 | ||||
152 | opt->verify_enable = 0; | |||
153 | opt->verify_ip_addresses = NULL((void *)0); | |||
154 | opt->verify_port = VERIFY_PORT"5347"; | |||
155 | opt->verify_zones = 1; | |||
156 | opt->verifier = NULL((void *)0); | |||
157 | opt->verifier_count = 1; | |||
158 | opt->verifier_feed_zone = 1; | |||
159 | opt->verifier_timeout = 0; | |||
160 | ||||
161 | return opt; | |||
162 | } | |||
163 | ||||
164 | int | |||
165 | nsd_options_insert_zone(struct nsd_options* opt, struct zone_options* zone) | |||
166 | { | |||
167 | /* create dname for lookup */ | |||
168 | const dname_type* dname = dname_parse(opt->region, zone->name); | |||
169 | if(!dname) | |||
170 | return 0; | |||
171 | zone->node.key = dname; | |||
172 | if(!rbtree_insert(opt->zone_options, (rbnode_type*)zone)) | |||
173 | return 0; | |||
174 | return 1; | |||
175 | } | |||
176 | ||||
177 | int | |||
178 | nsd_options_insert_pattern(struct nsd_options* opt, | |||
179 | struct pattern_options* pat) | |||
180 | { | |||
181 | if(!pat->pname) | |||
182 | return 0; | |||
183 | pat->node.key = pat->pname; | |||
184 | if(!rbtree_insert(opt->patterns, (rbnode_type*)pat)) | |||
185 | return 0; | |||
186 | return 1; | |||
187 | } | |||
188 | ||||
189 | void | |||
190 | warn_if_directory(const char* filetype, FILE* f, const char* fname) | |||
191 | { | |||
192 | if(fileno(f)(!__isthreaded ? ((f)->_file) : (fileno)(f)) != -1) { | |||
193 | struct stat st; | |||
194 | memset(&st, 0, sizeof(st)); | |||
195 | if(fstat(fileno(f)(!__isthreaded ? ((f)->_file) : (fileno)(f)), &st) != -1) { | |||
196 | if(S_ISDIR(st.st_mode)((st.st_mode & 0170000) == 0040000)) { | |||
197 | log_msg(LOG_WARNING4, "trying to read %s but it is a directory: %s", filetype, fname); | |||
198 | } | |||
199 | } | |||
200 | } | |||
201 | } | |||
202 | ||||
203 | int | |||
204 | parse_options_file(struct nsd_options* opt, const char* file, | |||
205 | void (*err)(void*,const char*), void* err_arg) | |||
206 | { | |||
207 | FILE *in = 0; | |||
208 | struct pattern_options* pat; | |||
209 | struct acl_options* acl; | |||
210 | ||||
211 | if(!cfg_parser) { | |||
212 | cfg_parser = (config_parser_state_type*)region_alloc( | |||
213 | opt->region, sizeof(config_parser_state_type)); | |||
214 | cfg_parser->chroot = 0; | |||
215 | } | |||
216 | cfg_parser->err = err; | |||
217 | cfg_parser->err_arg = err_arg; | |||
218 | cfg_parser->filename = (char*)file; | |||
219 | cfg_parser->line = 1; | |||
220 | cfg_parser->errors = 0; | |||
221 | cfg_parser->opt = opt; | |||
222 | cfg_parser->pattern = NULL((void *)0); | |||
223 | cfg_parser->zone = NULL((void *)0); | |||
224 | cfg_parser->key = NULL((void *)0); | |||
225 | cfg_parser->tls_auth = NULL((void *)0); | |||
226 | ||||
227 | in = fopen(cfg_parser->filename, "r"); | |||
228 | if(!in) { | |||
229 | if(err) { | |||
230 | char m[MAXSYSLOGMSGLEN512]; | |||
231 | snprintf(m, sizeof(m), "Could not open %s: %s\n", | |||
232 | file, strerror(errno(*__errno()))); | |||
233 | err(err_arg, m); | |||
234 | } else { | |||
235 | fprintf(stderr(&__sF[2]), "Could not open %s: %s\n", | |||
236 | file, strerror(errno(*__errno()))); | |||
237 | } | |||
238 | return 0; | |||
239 | } | |||
240 | warn_if_directory("configfile", in, file); | |||
241 | c_in = in; | |||
242 | c_parse(); | |||
243 | fclose(in); | |||
244 | ||||
245 | opt->configfile = region_strdup(opt->region, file); | |||
246 | ||||
247 | RBTREE_FOR(pat, struct pattern_options*, opt->patterns)for(pat=(struct pattern_options*)rbtree_first(opt->patterns ); (rbnode_type*)pat != &rbtree_null_node; pat = (struct pattern_options *)rbtree_next((rbnode_type*)pat)) | |||
248 | { | |||
249 | /* lookup keys for acls */ | |||
250 | for(acl=pat->allow_notify; acl; acl=acl->next) | |||
251 | { | |||
252 | if(acl->nokey || acl->blocked) | |||
253 | continue; | |||
254 | acl->key_options = key_options_find(opt, acl->key_name); | |||
255 | if(!acl->key_options) | |||
256 | c_error("key %s in pattern %s could not be found", | |||
257 | acl->key_name, pat->pname); | |||
258 | } | |||
259 | for(acl=pat->notify; acl; acl=acl->next) | |||
260 | { | |||
261 | if(acl->nokey || acl->blocked) | |||
262 | continue; | |||
263 | acl->key_options = key_options_find(opt, acl->key_name); | |||
264 | if(!acl->key_options) | |||
265 | c_error("key %s in pattern %s could not be found", | |||
266 | acl->key_name, pat->pname); | |||
267 | } | |||
268 | for(acl=pat->request_xfr; acl; acl=acl->next) | |||
269 | { | |||
270 | /* Find tls_auth */ | |||
271 | if (!acl->tls_auth_name) | |||
272 | ; /* pass */ | |||
273 | else if (!(acl->tls_auth_options = | |||
274 | tls_auth_options_find(opt, acl->tls_auth_name))) | |||
275 | c_error("tls_auth %s in pattern %s could not be found", | |||
276 | acl->tls_auth_name, pat->pname); | |||
277 | /* Find key */ | |||
278 | if(acl->nokey || acl->blocked) | |||
279 | continue; | |||
280 | acl->key_options = key_options_find(opt, acl->key_name); | |||
281 | if(!acl->key_options) | |||
282 | c_error("key %s in pattern %s could not be found", | |||
283 | acl->key_name, pat->pname); | |||
284 | } | |||
285 | for(acl=pat->provide_xfr; acl; acl=acl->next) | |||
286 | { | |||
287 | if(acl->nokey || acl->blocked) | |||
288 | continue; | |||
289 | acl->key_options = key_options_find(opt, acl->key_name); | |||
290 | if(!acl->key_options) | |||
291 | c_error("key %s in pattern %s could not be found", | |||
292 | acl->key_name, pat->pname); | |||
293 | } | |||
294 | for(acl=pat->allow_query; acl; acl=acl->next) | |||
295 | { | |||
296 | if(acl->nokey || acl->blocked) | |||
297 | continue; | |||
298 | acl->key_options = key_options_find(opt, acl->key_name); | |||
299 | if(!acl->key_options) | |||
300 | c_error("key %s in pattern %s could not be found", | |||
301 | acl->key_name, pat->pname); | |||
302 | } | |||
303 | } | |||
304 | ||||
305 | if(cfg_parser->errors > 0) | |||
306 | { | |||
307 | if(err) { | |||
308 | char m[MAXSYSLOGMSGLEN512]; | |||
309 | snprintf(m, sizeof(m), "read %s failed: %d errors in " | |||
310 | "configuration file\n", file, | |||
311 | cfg_parser->errors); | |||
312 | err(err_arg, m); | |||
313 | } else { | |||
314 | fprintf(stderr(&__sF[2]), "read %s failed: %d errors in " | |||
315 | "configuration file\n", file, | |||
316 | cfg_parser->errors); | |||
317 | } | |||
318 | return 0; | |||
319 | } | |||
320 | return 1; | |||
321 | } | |||
322 | ||||
323 | void options_zonestatnames_create(struct nsd_options* opt) | |||
324 | { | |||
325 | struct zone_options* zopt; | |||
326 | /* allocate "" as zonestat 0, for zones without a zonestat */ | |||
327 | if(!rbtree_search(opt->zonestatnames, "")) { | |||
328 | struct zonestatname* n; | |||
329 | n = (struct zonestatname*)region_alloc_zero(opt->region, | |||
330 | sizeof(*n)); | |||
331 | n->node.key = region_strdup(opt->region, ""); | |||
332 | if(!n->node.key) { | |||
333 | log_msg(LOG_ERR3, "malloc failed: %s", strerror(errno(*__errno()))); | |||
334 | exit(1); | |||
335 | } | |||
336 | n->id = (unsigned)(opt->zonestatnames->count); | |||
337 | rbtree_insert(opt->zonestatnames, (rbnode_type*)n); | |||
338 | } | |||
339 | RBTREE_FOR(zopt, struct zone_options*, opt->zone_options)for(zopt=(struct zone_options*)rbtree_first(opt->zone_options ); (rbnode_type*)zopt != &rbtree_null_node; zopt = (struct zone_options*)rbtree_next((rbnode_type*)zopt)) { | |||
340 | /* insert into tree, so that when read in later id exists */ | |||
341 | (void)getzonestatid(opt, zopt); | |||
342 | } | |||
343 | } | |||
344 | ||||
345 | #define ZONELIST_HEADER"# NSD zone list\n# name pattern\n" "# NSD zone list\n# name pattern\n" | |||
346 | static int | |||
347 | comp_zonebucket(const void* a, const void* b) | |||
348 | { | |||
349 | /* the line size is much smaller than max-int, and positive, | |||
350 | * so the subtraction works */ | |||
351 | return *(const int*)b - *(const int*)a; | |||
352 | } | |||
353 | ||||
354 | /* insert free entry into zonelist free buckets */ | |||
355 | static void | |||
356 | zone_list_free_insert(struct nsd_options* opt, int linesize, off_t off) | |||
357 | { | |||
358 | struct zonelist_free* e; | |||
359 | struct zonelist_bucket* b = (struct zonelist_bucket*)rbtree_search( | |||
360 | opt->zonefree, &linesize); | |||
361 | if(!b) { | |||
362 | b = region_alloc_zero(opt->region, sizeof(*b)); | |||
363 | b->linesize = linesize; | |||
364 | b->node = *RBTREE_NULL&rbtree_null_node; | |||
365 | b->node.key = &b->linesize; | |||
366 | rbtree_insert(opt->zonefree, &b->node); | |||
367 | } | |||
368 | e = (struct zonelist_free*)region_alloc_zero(opt->region, sizeof(*e)); | |||
369 | e->next = b->list; | |||
370 | b->list = e; | |||
371 | e->off = off; | |||
372 | opt->zonefree_number++; | |||
373 | } | |||
374 | ||||
375 | struct zone_options* | |||
376 | zone_list_zone_insert(struct nsd_options* opt, const char* nm, | |||
377 | const char* patnm, int linesize, off_t off) | |||
378 | { | |||
379 | struct pattern_options* pat = pattern_options_find(opt, patnm); | |||
380 | struct zone_options* zone; | |||
381 | if(!pat) { | |||
382 | log_msg(LOG_ERR3, "pattern does not exist for zone %s " | |||
383 | "pattern %s", nm, patnm); | |||
384 | return NULL((void *)0); | |||
385 | } | |||
386 | zone = zone_options_create(opt->region); | |||
387 | zone->part_of_config = 0; | |||
388 | zone->name = region_strdup(opt->region, nm); | |||
389 | zone->linesize = linesize; | |||
390 | zone->off = off; | |||
391 | zone->pattern = pat; | |||
392 | if(!nsd_options_insert_zone(opt, zone)) { | |||
393 | log_msg(LOG_ERR3, "bad domain name or duplicate zone '%s' " | |||
394 | "pattern %s", nm, patnm); | |||
395 | region_recycle(opt->region, (void*)zone->name, strlen(nm)+1); | |||
396 | region_recycle(opt->region, zone, sizeof(*zone)); | |||
397 | return NULL((void *)0); | |||
398 | } | |||
399 | return zone; | |||
400 | } | |||
401 | ||||
402 | int | |||
403 | parse_zone_list_file(struct nsd_options* opt) | |||
404 | { | |||
405 | /* zonelist looks like this: | |||
406 | # name pattern | |||
407 | add example.com master | |||
408 | del example.net slave | |||
409 | add foo.bar.nl slave | |||
410 | add rutabaga.uk config | |||
411 | */ | |||
412 | char hdr[64]; | |||
413 | char buf[1024]; | |||
414 | ||||
415 | /* create empty data structures */ | |||
416 | opt->zonefree = rbtree_create(opt->region, comp_zonebucket); | |||
417 | opt->zonelist = NULL((void *)0); | |||
418 | opt->zonefree_number = 0; | |||
419 | opt->zonelist_off = 0; | |||
420 | ||||
421 | /* try to open the zonelist file, an empty or nonexist file is OK */ | |||
422 | opt->zonelist = fopen(opt->zonelistfile, "r+"); | |||
423 | if(!opt->zonelist) { | |||
424 | if(errno(*__errno()) == ENOENT2) | |||
425 | return 1; /* file does not exist, it is created later */ | |||
426 | log_msg(LOG_ERR3, "could not open zone list %s: %s", opt->zonelistfile, | |||
427 | strerror(errno(*__errno()))); | |||
428 | return 0; | |||
429 | } | |||
430 | /* read header */ | |||
431 | hdr[strlen(ZONELIST_HEADER"# NSD zone list\n# name pattern\n")] = 0; | |||
432 | if(fread(hdr, 1, strlen(ZONELIST_HEADER"# NSD zone list\n# name pattern\n"), opt->zonelist) != | |||
433 | strlen(ZONELIST_HEADER"# NSD zone list\n# name pattern\n") || strncmp(hdr, ZONELIST_HEADER"# NSD zone list\n# name pattern\n", | |||
434 | strlen(ZONELIST_HEADER"# NSD zone list\n# name pattern\n")) != 0) { | |||
435 | log_msg(LOG_ERR3, "zone list %s contains bad header\n", opt->zonelistfile); | |||
436 | fclose(opt->zonelist); | |||
437 | opt->zonelist = NULL((void *)0); | |||
438 | return 0; | |||
439 | } | |||
440 | buf[sizeof(buf)-1]=0; | |||
441 | ||||
442 | /* read entries in file */ | |||
443 | while(fgets(buf, sizeof(buf), opt->zonelist)) { | |||
444 | /* skip comments and empty lines */ | |||
445 | if(buf[0] == 0 || buf[0] == '\n' || buf[0] == '#') | |||
446 | continue; | |||
447 | if(strncmp(buf, "add ", 4) == 0) { | |||
448 | int linesize = strlen(buf); | |||
449 | /* parse the 'add' line */ | |||
450 | /* pick last space on the line, so that the domain | |||
451 | * name can have a space in it (but not the pattern)*/ | |||
452 | char* space = strrchr(buf+4, ' '); | |||
453 | char* nm, *patnm; | |||
454 | if(!space) { | |||
455 | /* parse error */ | |||
456 | log_msg(LOG_ERR3, "parse error in %s: '%s'", | |||
457 | opt->zonelistfile, buf); | |||
458 | continue; | |||
459 | } | |||
460 | nm = buf+4; | |||
461 | *space = 0; | |||
462 | patnm = space+1; | |||
463 | if(linesize && buf[linesize-1] == '\n') | |||
464 | buf[linesize-1] = 0; | |||
465 | ||||
466 | /* store offset and line size for zone entry */ | |||
467 | /* and create zone entry in zonetree */ | |||
468 | (void)zone_list_zone_insert(opt, nm, patnm, linesize, | |||
469 | ftello(opt->zonelist)-linesize); | |||
470 | } else if(strncmp(buf, "del ", 4) == 0) { | |||
471 | /* store offset and line size for deleted entry */ | |||
472 | int linesize = strlen(buf); | |||
473 | zone_list_free_insert(opt, linesize, | |||
474 | ftello(opt->zonelist)-linesize); | |||
475 | } else { | |||
476 | log_msg(LOG_WARNING4, "bad data in %s, '%s'", opt->zonelistfile, | |||
477 | buf); | |||
478 | } | |||
479 | } | |||
480 | /* store EOF offset */ | |||
481 | opt->zonelist_off = ftello(opt->zonelist); | |||
482 | return 1; | |||
483 | } | |||
484 | ||||
485 | void | |||
486 | zone_options_delete(struct nsd_options* opt, struct zone_options* zone) | |||
487 | { | |||
488 | rbtree_delete(opt->zone_options, zone->node.key); | |||
489 | region_recycle(opt->region, (void*)zone->node.key, dname_total_size( | |||
490 | (dname_type*)zone->node.key)); | |||
491 | region_recycle(opt->region, zone, sizeof(*zone)); | |||
492 | } | |||
493 | ||||
494 | /* add a new zone to the zonelist */ | |||
495 | struct zone_options* | |||
496 | zone_list_add(struct nsd_options* opt, const char* zname, const char* pname) | |||
497 | { | |||
498 | int r; | |||
499 | struct zonelist_free* e; | |||
500 | struct zonelist_bucket* b; | |||
501 | int linesize = 6 + strlen(zname) + strlen(pname); | |||
502 | /* create zone entry */ | |||
503 | struct zone_options* zone = zone_list_zone_insert(opt, zname, pname, | |||
504 | linesize, 0); | |||
505 | if(!zone) | |||
506 | return NULL((void *)0); | |||
507 | ||||
508 | /* use free entry or append to file or create new file */ | |||
509 | if(!opt->zonelist || opt->zonelist_off == 0) { | |||
510 | /* create new file */ | |||
511 | if(opt->zonelist) fclose(opt->zonelist); | |||
512 | opt->zonelist = fopen(opt->zonelistfile, "w+"); | |||
513 | if(!opt->zonelist) { | |||
514 | log_msg(LOG_ERR3, "could not create zone list %s: %s", | |||
515 | opt->zonelistfile, strerror(errno(*__errno()))); | |||
516 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
517 | zone_options_delete(opt, zone); | |||
518 | return NULL((void *)0); | |||
519 | } | |||
520 | r = fprintf(opt->zonelist, ZONELIST_HEADER"# NSD zone list\n# name pattern\n"); | |||
521 | if(r != strlen(ZONELIST_HEADER"# NSD zone list\n# name pattern\n")) { | |||
522 | if(r == -1) | |||
523 | log_msg(LOG_ERR3, "could not write to %s: %s", | |||
524 | opt->zonelistfile, strerror(errno(*__errno()))); | |||
525 | else log_msg(LOG_ERR3, "partial write to %s: disk full", | |||
526 | opt->zonelistfile); | |||
527 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
528 | zone_options_delete(opt, zone); | |||
529 | return NULL((void *)0); | |||
530 | } | |||
531 | zone->off = ftello(opt->zonelist); | |||
532 | if(zone->off == -1) | |||
533 | log_msg(LOG_ERR3, "ftello(%s): %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
534 | r = fprintf(opt->zonelist, "add %s %s\n", zname, pname); | |||
535 | if(r != zone->linesize) { | |||
536 | if(r == -1) | |||
537 | log_msg(LOG_ERR3, "could not write to %s: %s", | |||
538 | opt->zonelistfile, strerror(errno(*__errno()))); | |||
539 | else log_msg(LOG_ERR3, "partial write to %s: disk full", | |||
540 | opt->zonelistfile); | |||
541 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
542 | zone_options_delete(opt, zone); | |||
543 | return NULL((void *)0); | |||
544 | } | |||
545 | opt->zonelist_off = ftello(opt->zonelist); | |||
546 | if(opt->zonelist_off == -1) | |||
547 | log_msg(LOG_ERR3, "ftello(%s): %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
548 | if(fflush(opt->zonelist) != 0) { | |||
549 | log_msg(LOG_ERR3, "fflush %s: %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
550 | } | |||
551 | return zone; | |||
552 | } | |||
553 | b = (struct zonelist_bucket*)rbtree_search(opt->zonefree, | |||
554 | &zone->linesize); | |||
555 | if(!b || b->list == NULL((void *)0)) { | |||
556 | /* no empty place, append to file */ | |||
557 | zone->off = opt->zonelist_off; | |||
558 | if(fseeko(opt->zonelist, zone->off, SEEK_SET0) == -1) { | |||
559 | log_msg(LOG_ERR3, "fseeko(%s): %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
560 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
561 | zone_options_delete(opt, zone); | |||
562 | return NULL((void *)0); | |||
563 | } | |||
564 | r = fprintf(opt->zonelist, "add %s %s\n", zname, pname); | |||
565 | if(r != zone->linesize) { | |||
566 | if(r == -1) | |||
567 | log_msg(LOG_ERR3, "could not write to %s: %s", | |||
568 | opt->zonelistfile, strerror(errno(*__errno()))); | |||
569 | else log_msg(LOG_ERR3, "partial write to %s: disk full", | |||
570 | opt->zonelistfile); | |||
571 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
572 | zone_options_delete(opt, zone); | |||
573 | return NULL((void *)0); | |||
574 | } | |||
575 | opt->zonelist_off += linesize; | |||
576 | if(fflush(opt->zonelist) != 0) { | |||
577 | log_msg(LOG_ERR3, "fflush %s: %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
578 | } | |||
579 | return zone; | |||
580 | } | |||
581 | /* reuse empty spot */ | |||
582 | e = b->list; | |||
583 | zone->off = e->off; | |||
584 | if(fseeko(opt->zonelist, zone->off, SEEK_SET0) == -1) { | |||
585 | log_msg(LOG_ERR3, "fseeko(%s): %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
586 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
587 | zone_options_delete(opt, zone); | |||
588 | return NULL((void *)0); | |||
589 | } | |||
590 | r = fprintf(opt->zonelist, "add %s %s\n", zname, pname); | |||
591 | if(r != zone->linesize) { | |||
592 | if(r == -1) | |||
593 | log_msg(LOG_ERR3, "could not write to %s: %s", | |||
594 | opt->zonelistfile, strerror(errno(*__errno()))); | |||
595 | else log_msg(LOG_ERR3, "partial write to %s: disk full", | |||
596 | opt->zonelistfile); | |||
597 | log_msg(LOG_ERR3, "zone %s could not be added", zname); | |||
598 | zone_options_delete(opt, zone); | |||
599 | return NULL((void *)0); | |||
600 | } | |||
601 | if(fflush(opt->zonelist) != 0) { | |||
602 | log_msg(LOG_ERR3, "fflush %s: %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
603 | } | |||
604 | ||||
605 | /* snip off and recycle element */ | |||
606 | b->list = e->next; | |||
607 | region_recycle(opt->region, e, sizeof(*e)); | |||
608 | if(b->list == NULL((void *)0)) { | |||
609 | rbtree_delete(opt->zonefree, &b->linesize); | |||
610 | region_recycle(opt->region, b, sizeof(*b)); | |||
611 | } | |||
612 | opt->zonefree_number--; | |||
613 | return zone; | |||
614 | } | |||
615 | ||||
616 | /* remove a zone on the zonelist */ | |||
617 | void | |||
618 | zone_list_del(struct nsd_options* opt, struct zone_options* zone) | |||
619 | { | |||
620 | /* put its space onto the free entry */ | |||
621 | if(fseeko(opt->zonelist, zone->off, SEEK_SET0) == -1) { | |||
622 | log_msg(LOG_ERR3, "fseeko(%s): %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
623 | return; | |||
624 | } | |||
625 | fprintf(opt->zonelist, "del"); | |||
626 | zone_list_free_insert(opt, zone->linesize, zone->off); | |||
627 | ||||
628 | /* remove zone_options */ | |||
629 | zone_options_delete(opt, zone); | |||
630 | ||||
631 | /* see if we need to compact: it is going to halve the zonelist */ | |||
632 | if(opt->zonefree_number > opt->zone_options->count) { | |||
633 | zone_list_compact(opt); | |||
634 | } else { | |||
635 | if(fflush(opt->zonelist) != 0) { | |||
636 | log_msg(LOG_ERR3, "fflush %s: %s", opt->zonelistfile, strerror(errno(*__errno()))); | |||
637 | } | |||
638 | } | |||
639 | } | |||
640 | /* postorder delete of zonelist free space tree */ | |||
641 | static void | |||
642 | delbucket(region_type* region, struct zonelist_bucket* b) | |||
643 | { | |||
644 | struct zonelist_free* e, *f; | |||
645 | if(!b || (rbnode_type*)b==RBTREE_NULL&rbtree_null_node) | |||
646 | return; | |||
647 | delbucket(region, (struct zonelist_bucket*)b->node.left); | |||
648 | delbucket(region, (struct zonelist_bucket*)b->node.right); | |||
649 | e = b->list; | |||
650 | while(e) { | |||
651 | f = e->next; | |||
652 | region_recycle(region, e, sizeof(*e)); | |||
653 | e = f; | |||
654 | } | |||
655 | region_recycle(region, b, sizeof(*b)); | |||
656 | } | |||
657 | ||||
658 | /* compact zonelist file */ | |||
659 | void | |||
660 | zone_list_compact(struct nsd_options* opt) | |||
661 | { | |||
662 | char outname[1024]; | |||
663 | FILE* out; | |||
664 | struct zone_options* zone; | |||
665 | off_t off; | |||
666 | int r; | |||
667 | snprintf(outname, sizeof(outname), "%s~", opt->zonelistfile); | |||
668 | /* useful, when : count-of-free > count-of-used */ | |||
669 | /* write zonelist to zonelist~ */ | |||
670 | out = fopen(outname, "w+"); | |||
671 | if(!out) { | |||
672 | log_msg(LOG_ERR3, "could not open %s: %s", outname, strerror(errno(*__errno()))); | |||
673 | return; | |||
674 | } | |||
675 | r = fprintf(out, ZONELIST_HEADER"# NSD zone list\n# name pattern\n"); | |||
676 | if(r == -1) { | |||
677 | log_msg(LOG_ERR3, "write %s failed: %s", outname, | |||
678 | strerror(errno(*__errno()))); | |||
679 | fclose(out); | |||
680 | return; | |||
681 | } else if(r != strlen(ZONELIST_HEADER"# NSD zone list\n# name pattern\n")) { | |||
682 | log_msg(LOG_ERR3, "write %s was partial: disk full", | |||
683 | outname); | |||
684 | fclose(out); | |||
685 | return; | |||
686 | } | |||
687 | off = ftello(out); | |||
688 | if(off == -1) { | |||
689 | log_msg(LOG_ERR3, "ftello(%s): %s", outname, strerror(errno(*__errno()))); | |||
690 | fclose(out); | |||
691 | return; | |||
692 | } | |||
693 | RBTREE_FOR(zone, struct zone_options*, opt->zone_options)for(zone=(struct zone_options*)rbtree_first(opt->zone_options ); (rbnode_type*)zone != &rbtree_null_node; zone = (struct zone_options*)rbtree_next((rbnode_type*)zone)) { | |||
694 | if(zone->part_of_config) | |||
695 | continue; | |||
696 | r = fprintf(out, "add %s %s\n", zone->name, | |||
697 | zone->pattern->pname); | |||
698 | if(r < 0) { | |||
699 | log_msg(LOG_ERR3, "write %s failed: %s", outname, | |||
700 | strerror(errno(*__errno()))); | |||
701 | fclose(out); | |||
702 | return; | |||
703 | } else if(r != zone->linesize) { | |||
704 | log_msg(LOG_ERR3, "write %s was partial: disk full", | |||
705 | outname); | |||
706 | fclose(out); | |||
707 | return; | |||
708 | } | |||
709 | } | |||
710 | if(fflush(out) != 0) { | |||
711 | log_msg(LOG_ERR3, "fflush %s: %s", outname, strerror(errno(*__errno()))); | |||
712 | } | |||
713 | ||||
714 | /* rename zonelist~ onto zonelist */ | |||
715 | if(rename(outname, opt->zonelistfile) == -1) { | |||
716 | log_msg(LOG_ERR3, "rename(%s to %s) failed: %s", | |||
717 | outname, opt->zonelistfile, strerror(errno(*__errno()))); | |||
718 | fclose(out); | |||
719 | return; | |||
720 | } | |||
721 | fclose(opt->zonelist); | |||
722 | /* set offsets */ | |||
723 | RBTREE_FOR(zone, struct zone_options*, opt->zone_options)for(zone=(struct zone_options*)rbtree_first(opt->zone_options ); (rbnode_type*)zone != &rbtree_null_node; zone = (struct zone_options*)rbtree_next((rbnode_type*)zone)) { | |||
724 | if(zone->part_of_config) | |||
725 | continue; | |||
726 | zone->off = off; | |||
727 | off += zone->linesize; | |||
728 | } | |||
729 | /* empty the free tree */ | |||
730 | delbucket(opt->region, (struct zonelist_bucket*)opt->zonefree->root); | |||
731 | opt->zonefree->root = RBTREE_NULL&rbtree_null_node; | |||
732 | opt->zonefree->count = 0; | |||
733 | opt->zonefree_number = 0; | |||
734 | /* finish */ | |||
735 | opt->zonelist = out; | |||
736 | opt->zonelist_off = off; | |||
737 | } | |||
738 | ||||
739 | /* close zonelist file */ | |||
740 | void | |||
741 | zone_list_close(struct nsd_options* opt) | |||
742 | { | |||
743 | if(opt->zonelist) { | |||
744 | fclose(opt->zonelist); | |||
745 | opt->zonelist = NULL((void *)0); | |||
746 | } | |||
747 | } | |||
748 | ||||
749 | static void | |||
750 | c_error_va_list_pos(int showpos, const char* fmt, va_list args) | |||
751 | { | |||
752 | char* at = NULL((void *)0); | |||
753 | cfg_parser->errors++; | |||
754 | if(showpos && c_text && c_text[0]!=0) { | |||
755 | at = c_text; | |||
756 | } | |||
757 | if(cfg_parser->err) { | |||
758 | char m[MAXSYSLOGMSGLEN512]; | |||
759 | snprintf(m, sizeof(m), "%s:%d: ", cfg_parser->filename, | |||
760 | cfg_parser->line); | |||
761 | (*cfg_parser->err)(cfg_parser->err_arg, m); | |||
762 | if(at) { | |||
763 | snprintf(m, sizeof(m), "at '%s': ", at); | |||
764 | (*cfg_parser->err)(cfg_parser->err_arg, m); | |||
765 | } | |||
766 | (*cfg_parser->err)(cfg_parser->err_arg, "error: "); | |||
767 | vsnprintf(m, sizeof(m), fmt, args); | |||
768 | (*cfg_parser->err)(cfg_parser->err_arg, m); | |||
769 | (*cfg_parser->err)(cfg_parser->err_arg, "\n"); | |||
770 | return; | |||
771 | } | |||
772 | fprintf(stderr(&__sF[2]), "%s:%d: ", cfg_parser->filename, cfg_parser->line); | |||
773 | if(at) fprintf(stderr(&__sF[2]), "at '%s': ", at); | |||
774 | fprintf(stderr(&__sF[2]), "error: "); | |||
775 | vfprintf(stderr(&__sF[2]), fmt, args); | |||
776 | fprintf(stderr(&__sF[2]), "\n"); | |||
777 | } | |||
778 | ||||
779 | void | |||
780 | c_error(const char *fmt, ...) | |||
781 | { | |||
782 | va_list ap; | |||
783 | int showpos = 0; | |||
784 | ||||
785 | if (strcmp(fmt, "syntax error") == 0 || strcmp(fmt, "parse error") == 0) { | |||
786 | showpos = 1; | |||
787 | } | |||
788 | ||||
789 | va_start(ap, fmt)__builtin_va_start((ap), fmt); | |||
790 | c_error_va_list_pos(showpos, fmt, ap); | |||
791 | va_end(ap)__builtin_va_end((ap)); | |||
792 | } | |||
793 | ||||
794 | int | |||
795 | c_wrap(void) | |||
796 | { | |||
797 | return 1; | |||
798 | } | |||
799 | ||||
800 | struct zone_options* | |||
801 | zone_options_create(region_type* region) | |||
802 | { | |||
803 | struct zone_options* zone; | |||
804 | zone = (struct zone_options*)region_alloc(region, sizeof( | |||
805 | struct zone_options)); | |||
806 | zone->node = *RBTREE_NULL&rbtree_null_node; | |||
807 | zone->name = 0; | |||
808 | zone->pattern = 0; | |||
809 | zone->part_of_config = 0; | |||
810 | return zone; | |||
811 | } | |||
812 | ||||
813 | /* true is booleans are the same truth value */ | |||
814 | #define booleq(x,y)( ((x) && (y)) || (!(x) && !(y)) ) ( ((x) && (y)) || (!(x) && !(y)) ) | |||
815 | ||||
816 | /* true is min_expire_time_expr has either an equal known value | |||
817 | * or none of these known values but booleanally equal | |||
818 | */ | |||
819 | #define expire_expr_eq(x,y)( ( (x) == 2 && (y) == 2 ) || ( (x) != 2 && ( y) != 2 && ( (((x)) && ((y))) || (!((x)) && !((y))) ))) ( ( (x) == REFRESHPLUSRETRYPLUS12 \ | |||
820 | && (y) == REFRESHPLUSRETRYPLUS12 ) \ | |||
821 | || ( (x) != REFRESHPLUSRETRYPLUS12 \ | |||
822 | && (y) != REFRESHPLUSRETRYPLUS12 \ | |||
823 | && booleq((x), (y))( (((x)) && ((y))) || (!((x)) && !((y))) ))) | |||
824 | ||||
825 | ||||
826 | int | |||
827 | acl_equal(struct acl_options* p, struct acl_options* q) | |||
828 | { | |||
829 | if(!booleq(p->use_axfr_only, q->use_axfr_only)( ((p->use_axfr_only) && (q->use_axfr_only)) || (!(p->use_axfr_only) && !(q->use_axfr_only)) )) return 0; | |||
830 | if(!booleq(p->allow_udp, q->allow_udp)( ((p->allow_udp) && (q->allow_udp)) || (!(p-> allow_udp) && !(q->allow_udp)) )) return 0; | |||
831 | if(strcmp(p->ip_address_spec, q->ip_address_spec)!=0) return 0; | |||
832 | /* the ip6, port, addr, mask, type: are derived from the ip_address_spec */ | |||
833 | if(!booleq(p->nokey, q->nokey)( ((p->nokey) && (q->nokey)) || (!(p->nokey) && !(q->nokey)) )) return 0; | |||
834 | if(!booleq(p->blocked, q->blocked)( ((p->blocked) && (q->blocked)) || (!(p->blocked ) && !(q->blocked)) )) return 0; | |||
835 | if(p->key_name && q->key_name) { | |||
836 | if(strcmp(p->key_name, q->key_name)!=0) return 0; | |||
837 | } else if(p->key_name && !q->key_name) return 0; | |||
838 | else if(!p->key_name && q->key_name) return 0; | |||
839 | /* key_options is derived from key_name */ | |||
840 | if(p->tls_auth_name && q->tls_auth_name) { | |||
841 | if(strcmp(p->tls_auth_name, q->tls_auth_name)!=0) return 0; | |||
842 | } else if(p->tls_auth_name && !q->tls_auth_name) return 0; | |||
843 | else if(!p->tls_auth_name && q->tls_auth_name) return 0; | |||
844 | /* tls_auth_options is derived from tls_auth_name */ | |||
845 | return 1; | |||
846 | } | |||
847 | ||||
848 | int | |||
849 | acl_list_equal(struct acl_options* p, struct acl_options* q) | |||
850 | { | |||
851 | /* must be same and in same order */ | |||
852 | while(p && q) { | |||
853 | if(!acl_equal(p, q)) | |||
854 | return 0; | |||
855 | p = p->next; | |||
856 | q = q->next; | |||
857 | } | |||
858 | if(!p && !q) return 1; | |||
859 | /* different lengths */ | |||
860 | return 0; | |||
861 | } | |||
862 | ||||
863 | struct pattern_options* | |||
864 | pattern_options_create(region_type* region) | |||
865 | { | |||
866 | struct pattern_options* p; | |||
867 | p = (struct pattern_options*)region_alloc(region, sizeof( | |||
868 | struct pattern_options)); | |||
869 | p->node = *RBTREE_NULL&rbtree_null_node; | |||
870 | p->pname = 0; | |||
871 | p->zonefile = 0; | |||
872 | p->zonestats = 0; | |||
873 | p->allow_notify = 0; | |||
874 | p->request_xfr = 0; | |||
875 | p->size_limit_xfr = 0; | |||
876 | p->notify = 0; | |||
877 | p->provide_xfr = 0; | |||
878 | p->allow_query = 0; | |||
879 | p->outgoing_interface = 0; | |||
880 | p->notify_retry = 5; | |||
881 | p->notify_retry_is_default = 1; | |||
882 | p->allow_axfr_fallback = 1; | |||
883 | p->allow_axfr_fallback_is_default = 1; | |||
884 | p->implicit = 0; | |||
885 | p->xfrd_flags = 0; | |||
886 | p->max_refresh_time = 2419200; /* 4 weeks */ | |||
887 | p->max_refresh_time_is_default = 1; | |||
888 | p->min_refresh_time = 0; | |||
889 | p->min_refresh_time_is_default = 1; | |||
890 | p->max_retry_time = 1209600; /* 2 weeks */ | |||
891 | p->max_retry_time_is_default = 1; | |||
892 | p->min_retry_time = 0; | |||
893 | p->min_retry_time_is_default = 1; | |||
894 | p->min_expire_time = 0; | |||
895 | p->min_expire_time_expr = EXPIRE_TIME_IS_DEFAULT1; | |||
896 | #ifdef RATELIMIT | |||
897 | p->rrl_whitelist = 0; | |||
898 | #endif | |||
899 | p->multi_master_check = 0; | |||
900 | p->store_ixfr = 0; | |||
901 | p->store_ixfr_is_default = 1; | |||
902 | p->ixfr_size = IXFR_SIZE_DEFAULT1048576; | |||
903 | p->ixfr_size_is_default = 1; | |||
904 | p->ixfr_number = IXFR_NUMBER_DEFAULT5; | |||
905 | p->ixfr_number_is_default = 1; | |||
906 | p->create_ixfr = 0; | |||
907 | p->create_ixfr_is_default = 1; | |||
908 | p->verify_zone = VERIFY_ZONE_INHERIT(2); | |||
909 | p->verify_zone_is_default = 1; | |||
910 | p->verifier = NULL((void *)0); | |||
911 | p->verifier_feed_zone = VERIFIER_FEED_ZONE_INHERIT(2); | |||
912 | p->verifier_feed_zone_is_default = 1; | |||
913 | p->verifier_timeout = VERIFIER_TIMEOUT_INHERIT(-1); | |||
914 | p->verifier_timeout_is_default = 1; | |||
915 | ||||
916 | return p; | |||
917 | } | |||
918 | ||||
919 | static void | |||
920 | acl_delete(region_type* region, struct acl_options* acl) | |||
921 | { | |||
922 | if(acl->ip_address_spec) | |||
923 | region_recycle(region, (void*)acl->ip_address_spec, | |||
924 | strlen(acl->ip_address_spec)+1); | |||
925 | if(acl->key_name) | |||
926 | region_recycle(region, (void*)acl->key_name, | |||
927 | strlen(acl->key_name)+1); | |||
928 | if(acl->tls_auth_name) | |||
929 | region_recycle(region, (void*)acl->tls_auth_name, | |||
930 | strlen(acl->tls_auth_name)+1); | |||
931 | /* key_options is a convenience pointer, not owned by the acl */ | |||
932 | region_recycle(region, acl, sizeof(*acl)); | |||
933 | } | |||
934 | ||||
935 | static void | |||
936 | acl_list_delete(region_type* region, struct acl_options* list) | |||
937 | { | |||
938 | struct acl_options* n; | |||
939 | while(list) { | |||
940 | n = list->next; | |||
941 | acl_delete(region, list); | |||
942 | list = n; | |||
943 | } | |||
944 | } | |||
945 | ||||
946 | static void | |||
947 | verifier_delete(region_type* region, char **v) | |||
948 | { | |||
949 | if(v != NULL((void *)0)) { | |||
950 | size_t vc = 0; | |||
951 | for(vc = 0; v[vc] != NULL((void *)0); vc++) | |||
952 | region_recycle(region, v[vc], strlen(v[vc]) + 1); | |||
953 | region_recycle(region, v, (vc + 1) * sizeof(char *)); | |||
954 | } | |||
955 | } | |||
956 | ||||
957 | void | |||
958 | pattern_options_remove(struct nsd_options* opt, const char* name) | |||
959 | { | |||
960 | struct pattern_options* p = (struct pattern_options*)rbtree_delete( | |||
961 | opt->patterns, name); | |||
962 | /* delete p and its contents */ | |||
963 | if (!p) | |||
964 | return; | |||
965 | if(p->pname) | |||
966 | region_recycle(opt->region, (void*)p->pname, | |||
967 | strlen(p->pname)+1); | |||
968 | if(p->zonefile) | |||
969 | region_recycle(opt->region, (void*)p->zonefile, | |||
970 | strlen(p->zonefile)+1); | |||
971 | if(p->zonestats) | |||
972 | region_recycle(opt->region, (void*)p->zonestats, | |||
973 | strlen(p->zonestats)+1); | |||
974 | acl_list_delete(opt->region, p->allow_notify); | |||
975 | acl_list_delete(opt->region, p->request_xfr); | |||
976 | acl_list_delete(opt->region, p->notify); | |||
977 | acl_list_delete(opt->region, p->provide_xfr); | |||
978 | acl_list_delete(opt->region, p->allow_query); | |||
979 | acl_list_delete(opt->region, p->outgoing_interface); | |||
980 | verifier_delete(opt->region, p->verifier); | |||
981 | ||||
982 | region_recycle(opt->region, p, sizeof(struct pattern_options)); | |||
983 | } | |||
984 | ||||
985 | static struct acl_options* | |||
986 | copy_acl(region_type* region, struct acl_options* a) | |||
987 | { | |||
988 | struct acl_options* b; | |||
989 | if(!a) return NULL((void *)0); | |||
990 | b = (struct acl_options*)region_alloc(region, sizeof(*b)); | |||
991 | /* copy the whole lot */ | |||
992 | *b = *a; | |||
993 | /* fix the pointers */ | |||
994 | if(a->ip_address_spec) | |||
995 | b->ip_address_spec = region_strdup(region, a->ip_address_spec); | |||
996 | if(a->key_name) | |||
997 | b->key_name = region_strdup(region, a->key_name); | |||
998 | if(a->tls_auth_name) | |||
999 | b->tls_auth_name = region_strdup(region, a->tls_auth_name); | |||
1000 | b->next = NULL((void *)0); | |||
1001 | b->key_options = NULL((void *)0); | |||
1002 | b->tls_auth_options = NULL((void *)0); | |||
1003 | return b; | |||
1004 | } | |||
1005 | ||||
1006 | static struct acl_options* | |||
1007 | copy_acl_list(struct nsd_options* opt, struct acl_options* a) | |||
1008 | { | |||
1009 | struct acl_options* b, *blast = NULL((void *)0), *blist = NULL((void *)0); | |||
1010 | while(a) { | |||
1011 | b = copy_acl(opt->region, a); | |||
1012 | /* fixup key_options */ | |||
1013 | if(b->key_name) | |||
1014 | b->key_options = key_options_find(opt, b->key_name); | |||
1015 | else b->key_options = NULL((void *)0); | |||
1016 | /* fixup tls_auth_options */ | |||
1017 | if(b->tls_auth_name) | |||
1018 | b->tls_auth_options = tls_auth_options_find(opt, b->tls_auth_name); | |||
1019 | else b->tls_auth_options = NULL((void *)0); | |||
1020 | ||||
1021 | /* link as last into list */ | |||
1022 | b->next = NULL((void *)0); | |||
1023 | if(!blist) blist = b; | |||
1024 | else blast->next = b; | |||
1025 | blast = b; | |||
1026 | ||||
1027 | a = a->next; | |||
1028 | } | |||
1029 | return blist; | |||
1030 | } | |||
1031 | ||||
1032 | static void | |||
1033 | copy_changed_acl(struct nsd_options* opt, struct acl_options** orig, | |||
1034 | struct acl_options* anew) | |||
1035 | { | |||
1036 | if(!acl_list_equal(*orig, anew)) { | |||
1037 | acl_list_delete(opt->region, *orig); | |||
1038 | *orig = copy_acl_list(opt, anew); | |||
1039 | } | |||
1040 | } | |||
1041 | ||||
1042 | static void | |||
1043 | copy_changed_verifier(struct nsd_options* opt, char ***ov, char **nv) | |||
1044 | { | |||
1045 | size_t ovc, nvc; | |||
1046 | assert(ov != NULL)((void)0); | |||
1047 | ovc = nvc = 0; | |||
1048 | if(nv != NULL((void *)0)) { | |||
1049 | for(; nv[nvc] != NULL((void *)0); nvc++) ; | |||
1050 | } else { | |||
1051 | verifier_delete(opt->region, *ov); | |||
1052 | *ov = NULL((void *)0); | |||
1053 | return; | |||
1054 | } | |||
1055 | if(*ov != NULL((void *)0)) { | |||
1056 | for(; (*ov)[ovc] != NULL((void *)0); ovc++) { | |||
1057 | if(ovc < nvc && strcmp((*ov)[ovc], nv[ovc]) != 0) | |||
1058 | break; | |||
1059 | } | |||
1060 | if(ovc == nvc) | |||
1061 | return; | |||
1062 | verifier_delete(opt->region, *ov); | |||
1063 | *ov = NULL((void *)0); | |||
1064 | } | |||
1065 | *ov = region_alloc(opt->region, (nvc + 1) * sizeof(*nv)); | |||
1066 | for(ovc = 0; nv[ovc] != NULL((void *)0); ovc++) { | |||
1067 | (*ov)[ovc] = region_strdup(opt->region, nv[ovc]); | |||
1068 | } | |||
1069 | (*ov)[ovc] = NULL((void *)0); | |||
1070 | assert(ovc == nvc)((void)0); | |||
1071 | } | |||
1072 | ||||
1073 | static void | |||
1074 | copy_pat_fixed(region_type* region, struct pattern_options* orig, | |||
1075 | struct pattern_options* p) | |||
1076 | { | |||
1077 | orig->allow_axfr_fallback = p->allow_axfr_fallback; | |||
1078 | orig->allow_axfr_fallback_is_default = | |||
1079 | p->allow_axfr_fallback_is_default; | |||
1080 | orig->notify_retry = p->notify_retry; | |||
1081 | orig->notify_retry_is_default = p->notify_retry_is_default; | |||
1082 | orig->implicit = p->implicit; | |||
1083 | if(p->zonefile) | |||
1084 | orig->zonefile = region_strdup(region, p->zonefile); | |||
1085 | else orig->zonefile = NULL((void *)0); | |||
1086 | if(p->zonestats) | |||
1087 | orig->zonestats = region_strdup(region, p->zonestats); | |||
1088 | else orig->zonestats = NULL((void *)0); | |||
1089 | orig->max_refresh_time = p->max_refresh_time; | |||
1090 | orig->max_refresh_time_is_default = p->max_refresh_time_is_default; | |||
1091 | orig->min_refresh_time = p->min_refresh_time; | |||
1092 | orig->min_refresh_time_is_default = p->min_refresh_time_is_default; | |||
1093 | orig->max_retry_time = p->max_retry_time; | |||
1094 | orig->max_retry_time_is_default = p->max_retry_time_is_default; | |||
1095 | orig->min_retry_time = p->min_retry_time; | |||
1096 | orig->min_retry_time_is_default = p->min_retry_time_is_default; | |||
1097 | orig->min_expire_time = p->min_expire_time; | |||
1098 | orig->min_expire_time_expr = p->min_expire_time_expr; | |||
1099 | #ifdef RATELIMIT | |||
1100 | orig->rrl_whitelist = p->rrl_whitelist; | |||
1101 | #endif | |||
1102 | orig->multi_master_check = p->multi_master_check; | |||
1103 | orig->store_ixfr = p->store_ixfr; | |||
1104 | orig->store_ixfr_is_default = p->store_ixfr_is_default; | |||
1105 | orig->ixfr_size = p->ixfr_size; | |||
1106 | orig->ixfr_size_is_default = p->ixfr_size_is_default; | |||
1107 | orig->ixfr_number = p->ixfr_number; | |||
1108 | orig->ixfr_number_is_default = p->ixfr_number_is_default; | |||
1109 | orig->create_ixfr = p->create_ixfr; | |||
1110 | orig->create_ixfr_is_default = p->create_ixfr_is_default; | |||
1111 | orig->verify_zone = p->verify_zone; | |||
1112 | orig->verify_zone_is_default = p->verify_zone_is_default; | |||
1113 | orig->verifier_timeout = p->verifier_timeout; | |||
1114 | orig->verifier_timeout_is_default = p->verifier_timeout_is_default; | |||
1115 | orig->verifier_feed_zone = p->verifier_feed_zone; | |||
1116 | orig->verifier_feed_zone_is_default = p->verifier_feed_zone_is_default; | |||
1117 | } | |||
1118 | ||||
1119 | void | |||
1120 | pattern_options_add_modify(struct nsd_options* opt, struct pattern_options* p) | |||
1121 | { | |||
1122 | struct pattern_options* orig = pattern_options_find(opt, p->pname); | |||
1123 | if(!orig) { | |||
1124 | /* needs to be copied to opt region */ | |||
1125 | orig = pattern_options_create(opt->region); | |||
1126 | orig->pname = region_strdup(opt->region, p->pname); | |||
1127 | copy_pat_fixed(opt->region, orig, p); | |||
1128 | orig->allow_notify = copy_acl_list(opt, p->allow_notify); | |||
1129 | orig->request_xfr = copy_acl_list(opt, p->request_xfr); | |||
1130 | orig->notify = copy_acl_list(opt, p->notify); | |||
1131 | orig->provide_xfr = copy_acl_list(opt, p->provide_xfr); | |||
1132 | orig->allow_query = copy_acl_list(opt, p->allow_query); | |||
1133 | orig->outgoing_interface = copy_acl_list(opt, | |||
1134 | p->outgoing_interface); | |||
1135 | copy_changed_verifier(opt, &orig->verifier, p->verifier); | |||
1136 | nsd_options_insert_pattern(opt, orig); | |||
1137 | } else { | |||
1138 | /* modify in place so pointers stay valid (and copy | |||
1139 | into region). Do not touch unchanged acls. */ | |||
1140 | if(orig->zonefile) | |||
1141 | region_recycle(opt->region, (char*)orig->zonefile, | |||
1142 | strlen(orig->zonefile)+1); | |||
1143 | if(orig->zonestats) | |||
1144 | region_recycle(opt->region, (char*)orig->zonestats, | |||
1145 | strlen(orig->zonestats)+1); | |||
1146 | copy_pat_fixed(opt->region, orig, p); | |||
1147 | copy_changed_acl(opt, &orig->allow_notify, p->allow_notify); | |||
1148 | copy_changed_acl(opt, &orig->request_xfr, p->request_xfr); | |||
1149 | copy_changed_acl(opt, &orig->notify, p->notify); | |||
1150 | copy_changed_acl(opt, &orig->provide_xfr, p->provide_xfr); | |||
1151 | copy_changed_acl(opt, &orig->allow_query, p->allow_query); | |||
1152 | copy_changed_acl(opt, &orig->outgoing_interface, | |||
1153 | p->outgoing_interface); | |||
1154 | copy_changed_verifier(opt, &orig->verifier, p->verifier); | |||
1155 | } | |||
1156 | } | |||
1157 | ||||
1158 | struct pattern_options* | |||
1159 | pattern_options_find(struct nsd_options* opt, const char* name) | |||
1160 | { | |||
1161 | return (struct pattern_options*)rbtree_search(opt->patterns, name); | |||
1162 | } | |||
1163 | ||||
1164 | static int | |||
1165 | pattern_verifiers_equal(const char **vp, const char **vq) | |||
1166 | { | |||
1167 | size_t vpc, vqc; | |||
1168 | if(vp == NULL((void *)0)) | |||
1169 | return vq == NULL((void *)0); | |||
1170 | if(vq == NULL((void *)0)) | |||
1171 | return 0; | |||
1172 | for(vpc = 0; vp[vpc] != NULL((void *)0); vpc++) ; | |||
1173 | for(vqc = 0; vq[vqc] != NULL((void *)0); vqc++) ; | |||
1174 | if(vpc != vqc) | |||
1175 | return 0; | |||
1176 | for(vpc = 0; vp[vpc] != NULL((void *)0); vpc++) { | |||
1177 | assert(vq[vpc] != NULL)((void)0); | |||
1178 | if (strcmp(vp[vpc], vq[vpc]) != 0) | |||
1179 | return 0; | |||
1180 | } | |||
1181 | return 1; | |||
1182 | } | |||
1183 | ||||
1184 | int | |||
1185 | pattern_options_equal(struct pattern_options* p, struct pattern_options* q) | |||
1186 | { | |||
1187 | if(strcmp(p->pname, q->pname) != 0) return 0; | |||
1188 | if(!p->zonefile && q->zonefile) return 0; | |||
1189 | else if(p->zonefile && !q->zonefile) return 0; | |||
1190 | else if(p->zonefile && q->zonefile) { | |||
1191 | if(strcmp(p->zonefile, q->zonefile) != 0) return 0; | |||
1192 | } | |||
1193 | if(!p->zonestats && q->zonestats) return 0; | |||
1194 | else if(p->zonestats && !q->zonestats) return 0; | |||
1195 | else if(p->zonestats && q->zonestats) { | |||
1196 | if(strcmp(p->zonestats, q->zonestats) != 0) return 0; | |||
1197 | } | |||
1198 | if(!booleq(p->allow_axfr_fallback, q->allow_axfr_fallback)( ((p->allow_axfr_fallback) && (q->allow_axfr_fallback )) || (!(p->allow_axfr_fallback) && !(q->allow_axfr_fallback )) )) return 0; | |||
1199 | if(!booleq(p->allow_axfr_fallback_is_default,( ((p->allow_axfr_fallback_is_default) && (q->allow_axfr_fallback_is_default )) || (!(p->allow_axfr_fallback_is_default) && !(q ->allow_axfr_fallback_is_default)) ) | |||
1200 | q->allow_axfr_fallback_is_default)( ((p->allow_axfr_fallback_is_default) && (q->allow_axfr_fallback_is_default )) || (!(p->allow_axfr_fallback_is_default) && !(q ->allow_axfr_fallback_is_default)) )) return 0; | |||
1201 | if(p->notify_retry != q->notify_retry) return 0; | |||
1202 | if(!booleq(p->notify_retry_is_default,( ((p->notify_retry_is_default) && (q->notify_retry_is_default )) || (!(p->notify_retry_is_default) && !(q->notify_retry_is_default )) ) | |||
1203 | q->notify_retry_is_default)( ((p->notify_retry_is_default) && (q->notify_retry_is_default )) || (!(p->notify_retry_is_default) && !(q->notify_retry_is_default )) )) return 0; | |||
1204 | if(!booleq(p->implicit, q->implicit)( ((p->implicit) && (q->implicit)) || (!(p-> implicit) && !(q->implicit)) )) return 0; | |||
1205 | if(!acl_list_equal(p->allow_notify, q->allow_notify)) return 0; | |||
1206 | if(!acl_list_equal(p->request_xfr, q->request_xfr)) return 0; | |||
1207 | if(!acl_list_equal(p->notify, q->notify)) return 0; | |||
1208 | if(!acl_list_equal(p->provide_xfr, q->provide_xfr)) return 0; | |||
1209 | if(!acl_list_equal(p->allow_query, q->allow_query)) return 0; | |||
1210 | if(!acl_list_equal(p->outgoing_interface, q->outgoing_interface)) | |||
1211 | return 0; | |||
1212 | if(p->max_refresh_time != q->max_refresh_time) return 0; | |||
1213 | if(!booleq(p->max_refresh_time_is_default,( ((p->max_refresh_time_is_default) && (q->max_refresh_time_is_default )) || (!(p->max_refresh_time_is_default) && !(q-> max_refresh_time_is_default)) ) | |||
1214 | q->max_refresh_time_is_default)( ((p->max_refresh_time_is_default) && (q->max_refresh_time_is_default )) || (!(p->max_refresh_time_is_default) && !(q-> max_refresh_time_is_default)) )) return 0; | |||
1215 | if(p->min_refresh_time != q->min_refresh_time) return 0; | |||
1216 | if(!booleq(p->min_refresh_time_is_default,( ((p->min_refresh_time_is_default) && (q->min_refresh_time_is_default )) || (!(p->min_refresh_time_is_default) && !(q-> min_refresh_time_is_default)) ) | |||
1217 | q->min_refresh_time_is_default)( ((p->min_refresh_time_is_default) && (q->min_refresh_time_is_default )) || (!(p->min_refresh_time_is_default) && !(q-> min_refresh_time_is_default)) )) return 0; | |||
1218 | if(p->max_retry_time != q->max_retry_time) return 0; | |||
1219 | if(!booleq(p->max_retry_time_is_default,( ((p->max_retry_time_is_default) && (q->max_retry_time_is_default )) || (!(p->max_retry_time_is_default) && !(q-> max_retry_time_is_default)) ) | |||
1220 | q->max_retry_time_is_default)( ((p->max_retry_time_is_default) && (q->max_retry_time_is_default )) || (!(p->max_retry_time_is_default) && !(q-> max_retry_time_is_default)) )) return 0; | |||
1221 | if(p->min_retry_time != q->min_retry_time) return 0; | |||
1222 | if(!booleq(p->min_retry_time_is_default,( ((p->min_retry_time_is_default) && (q->min_retry_time_is_default )) || (!(p->min_retry_time_is_default) && !(q-> min_retry_time_is_default)) ) | |||
1223 | q->min_retry_time_is_default)( ((p->min_retry_time_is_default) && (q->min_retry_time_is_default )) || (!(p->min_retry_time_is_default) && !(q-> min_retry_time_is_default)) )) return 0; | |||
1224 | if(p->min_expire_time != q->min_expire_time) return 0; | |||
1225 | if(!expire_expr_eq(p->min_expire_time_expr,( ( (p->min_expire_time_expr) == 2 && (q->min_expire_time_expr ) == 2 ) || ( (p->min_expire_time_expr) != 2 && (q ->min_expire_time_expr) != 2 && ( (((p->min_expire_time_expr )) && ((q->min_expire_time_expr))) || (!((p->min_expire_time_expr )) && !((q->min_expire_time_expr))) ))) | |||
1226 | q->min_expire_time_expr)( ( (p->min_expire_time_expr) == 2 && (q->min_expire_time_expr ) == 2 ) || ( (p->min_expire_time_expr) != 2 && (q ->min_expire_time_expr) != 2 && ( (((p->min_expire_time_expr )) && ((q->min_expire_time_expr))) || (!((p->min_expire_time_expr )) && !((q->min_expire_time_expr))) )))) return 0; | |||
1227 | #ifdef RATELIMIT | |||
1228 | if(p->rrl_whitelist != q->rrl_whitelist) return 0; | |||
1229 | #endif | |||
1230 | if(!booleq(p->multi_master_check,q->multi_master_check)( ((p->multi_master_check) && (q->multi_master_check )) || (!(p->multi_master_check) && !(q->multi_master_check )) )) return 0; | |||
1231 | if(p->size_limit_xfr != q->size_limit_xfr) return 0; | |||
1232 | if(!booleq(p->store_ixfr,q->store_ixfr)( ((p->store_ixfr) && (q->store_ixfr)) || (!(p-> store_ixfr) && !(q->store_ixfr)) )) return 0; | |||
1233 | if(!booleq(p->store_ixfr_is_default,q->store_ixfr_is_default)( ((p->store_ixfr_is_default) && (q->store_ixfr_is_default )) || (!(p->store_ixfr_is_default) && !(q->store_ixfr_is_default )) )) return 0; | |||
1234 | if(p->ixfr_size != q->ixfr_size) return 0; | |||
1235 | if(!booleq(p->ixfr_size_is_default,q->ixfr_size_is_default)( ((p->ixfr_size_is_default) && (q->ixfr_size_is_default )) || (!(p->ixfr_size_is_default) && !(q->ixfr_size_is_default )) )) return 0; | |||
1236 | if(p->ixfr_number != q->ixfr_number) return 0; | |||
1237 | if(!booleq(p->ixfr_number_is_default,q->ixfr_number_is_default)( ((p->ixfr_number_is_default) && (q->ixfr_number_is_default )) || (!(p->ixfr_number_is_default) && !(q->ixfr_number_is_default )) )) return 0; | |||
1238 | if(!booleq(p->create_ixfr,q->create_ixfr)( ((p->create_ixfr) && (q->create_ixfr)) || (!( p->create_ixfr) && !(q->create_ixfr)) )) return 0; | |||
1239 | if(!booleq(p->create_ixfr_is_default,q->create_ixfr_is_default)( ((p->create_ixfr_is_default) && (q->create_ixfr_is_default )) || (!(p->create_ixfr_is_default) && !(q->create_ixfr_is_default )) )) return 0; | |||
1240 | if(p->verify_zone != q->verify_zone) return 0; | |||
1241 | if(!booleq(p->verify_zone_is_default,( ((p->verify_zone_is_default) && (q->verify_zone_is_default )) || (!(p->verify_zone_is_default) && !(q->verify_zone_is_default )) ) | |||
1242 | q->verify_zone_is_default)( ((p->verify_zone_is_default) && (q->verify_zone_is_default )) || (!(p->verify_zone_is_default) && !(q->verify_zone_is_default )) )) return 0; | |||
1243 | if(!pattern_verifiers_equal((const char **)p->verifier, | |||
1244 | (const char **)q->verifier)) return 0; | |||
1245 | if(p->verifier_feed_zone != q->verifier_feed_zone) return 0; | |||
1246 | if(!booleq(p->verifier_feed_zone_is_default,( ((p->verifier_feed_zone_is_default) && (q->verifier_feed_zone_is_default )) || (!(p->verifier_feed_zone_is_default) && !(q-> verifier_feed_zone_is_default)) ) | |||
1247 | q->verifier_feed_zone_is_default)( ((p->verifier_feed_zone_is_default) && (q->verifier_feed_zone_is_default )) || (!(p->verifier_feed_zone_is_default) && !(q-> verifier_feed_zone_is_default)) )) return 0; | |||
1248 | if(p->verifier_timeout != q->verifier_timeout) return 0; | |||
1249 | if(!booleq(p->verifier_timeout_is_default,( ((p->verifier_timeout_is_default) && (q->verifier_timeout_is_default )) || (!(p->verifier_timeout_is_default) && !(q-> verifier_timeout_is_default)) ) | |||
1250 | q->verifier_timeout_is_default)( ((p->verifier_timeout_is_default) && (q->verifier_timeout_is_default )) || (!(p->verifier_timeout_is_default) && !(q-> verifier_timeout_is_default)) )) return 0; | |||
1251 | return 1; | |||
1252 | } | |||
1253 | ||||
1254 | static void | |||
1255 | marshal_u8(struct buffer* b, uint8_t v) | |||
1256 | { | |||
1257 | buffer_reserve(b, 1); | |||
1258 | buffer_write_u8(b, v); | |||
1259 | } | |||
1260 | ||||
1261 | static uint8_t | |||
1262 | unmarshal_u8(struct buffer* b) | |||
1263 | { | |||
1264 | return buffer_read_u8(b); | |||
1265 | } | |||
1266 | ||||
1267 | static void | |||
1268 | marshal_u64(struct buffer* b, uint64_t v) | |||
1269 | { | |||
1270 | buffer_reserve(b, 8); | |||
1271 | buffer_write_u64(b, v); | |||
1272 | } | |||
1273 | ||||
1274 | static uint64_t | |||
1275 | unmarshal_u64(struct buffer* b) | |||
1276 | { | |||
1277 | return buffer_read_u64(b); | |||
1278 | } | |||
1279 | ||||
1280 | #ifdef RATELIMIT | |||
1281 | static void | |||
1282 | marshal_u16(struct buffer* b, uint16_t v) | |||
1283 | { | |||
1284 | buffer_reserve(b, 2); | |||
1285 | buffer_write_u16(b, v); | |||
1286 | } | |||
1287 | #endif | |||
1288 | ||||
1289 | #ifdef RATELIMIT | |||
1290 | static uint16_t | |||
1291 | unmarshal_u16(struct buffer* b) | |||
1292 | { | |||
1293 | return buffer_read_u16(b); | |||
1294 | } | |||
1295 | #endif | |||
1296 | ||||
1297 | static void | |||
1298 | marshal_u32(struct buffer* b, uint32_t v) | |||
1299 | { | |||
1300 | buffer_reserve(b, 4); | |||
1301 | buffer_write_u32(b, v); | |||
1302 | } | |||
1303 | ||||
1304 | static uint32_t | |||
1305 | unmarshal_u32(struct buffer* b) | |||
1306 | { | |||
1307 | return buffer_read_u32(b); | |||
1308 | } | |||
1309 | ||||
1310 | static void | |||
1311 | marshal_str(struct buffer* b, const char* s) | |||
1312 | { | |||
1313 | if(!s) marshal_u8(b, 0); | |||
1314 | else { | |||
1315 | size_t len = strlen(s); | |||
1316 | marshal_u8(b, 1); | |||
1317 | buffer_reserve(b, len+1); | |||
1318 | buffer_write(b, s, len+1); | |||
1319 | } | |||
1320 | } | |||
1321 | ||||
1322 | static char* | |||
1323 | unmarshal_str(region_type* r, struct buffer* b) | |||
1324 | { | |||
1325 | uint8_t nonnull = unmarshal_u8(b); | |||
1326 | if(nonnull) { | |||
1327 | char* result = region_strdup(r, (char*)buffer_current(b)); | |||
1328 | size_t len = strlen((char*)buffer_current(b)); | |||
1329 | buffer_skip(b, len+1); | |||
1330 | return result; | |||
1331 | } else return NULL((void *)0); | |||
1332 | } | |||
1333 | ||||
1334 | static void | |||
1335 | marshal_acl(struct buffer* b, struct acl_options* acl) | |||
1336 | { | |||
1337 | buffer_reserve(b, sizeof(*acl)); | |||
1338 | buffer_write(b, acl, sizeof(*acl)); | |||
1339 | marshal_str(b, acl->ip_address_spec); | |||
1340 | marshal_str(b, acl->key_name); | |||
1341 | marshal_str(b, acl->tls_auth_name); | |||
1342 | } | |||
1343 | ||||
1344 | static struct acl_options* | |||
1345 | unmarshal_acl(region_type* r, struct buffer* b) | |||
1346 | { | |||
1347 | struct acl_options* acl = (struct acl_options*)region_alloc(r, | |||
1348 | sizeof(*acl)); | |||
1349 | buffer_read(b, acl, sizeof(*acl)); | |||
1350 | acl->next = NULL((void *)0); | |||
1351 | acl->key_options = NULL((void *)0); | |||
1352 | acl->tls_auth_options = NULL((void *)0); | |||
1353 | acl->ip_address_spec = unmarshal_str(r, b); | |||
1354 | acl->key_name = unmarshal_str(r, b); | |||
1355 | acl->tls_auth_name = unmarshal_str(r, b); | |||
1356 | return acl; | |||
1357 | } | |||
1358 | ||||
1359 | static void | |||
1360 | marshal_acl_list(struct buffer* b, struct acl_options* list) | |||
1361 | { | |||
1362 | while(list) { | |||
1363 | marshal_u8(b, 1); /* is there a next one marker */ | |||
1364 | marshal_acl(b, list); | |||
1365 | list = list->next; | |||
1366 | } | |||
1367 | marshal_u8(b, 0); /* end of list marker */ | |||
1368 | } | |||
1369 | ||||
1370 | static struct acl_options* | |||
1371 | unmarshal_acl_list(region_type* r, struct buffer* b) | |||
1372 | { | |||
1373 | struct acl_options* a, *last=NULL((void *)0), *list=NULL((void *)0); | |||
1374 | while(unmarshal_u8(b)) { | |||
1375 | a = unmarshal_acl(r, b); | |||
1376 | /* link in */ | |||
1377 | a->next = NULL((void *)0); | |||
1378 | if(!list) list = a; | |||
1379 | else last->next = a; | |||
1380 | last = a; | |||
1381 | } | |||
1382 | return list; | |||
1383 | } | |||
1384 | ||||
1385 | static void | |||
1386 | marshal_strv(struct buffer* b, char **strv) | |||
1387 | { | |||
1388 | uint32_t i, n; | |||
1389 | ||||
1390 | assert(b != NULL)((void)0); | |||
1391 | ||||
1392 | if (strv == NULL((void *)0)) { | |||
1393 | marshal_u32(b, 0); | |||
1394 | return; | |||
1395 | } | |||
1396 | for(n = 0; strv[n]; n++) { | |||
1397 | /* do nothing */ | |||
1398 | } | |||
1399 | marshal_u32(b, n); | |||
1400 | for(i = 0; strv[i] != NULL((void *)0); i++) { | |||
1401 | marshal_str(b, strv[i]); | |||
1402 | } | |||
1403 | marshal_u8(b, 0); | |||
1404 | } | |||
1405 | ||||
1406 | static char ** | |||
1407 | unmarshal_strv(region_type* r, struct buffer* b) | |||
1408 | { | |||
1409 | uint32_t i, n; | |||
1410 | char **strv; | |||
1411 | ||||
1412 | assert(r != NULL)((void)0); | |||
1413 | assert(b != NULL)((void)0); | |||
1414 | ||||
1415 | if ((n = unmarshal_u32(b)) == 0) { | |||
1416 | return NULL((void *)0); | |||
1417 | } | |||
1418 | strv = region_alloc_zero(r, (n + 1) * sizeof(char *)); | |||
1419 | for(i = 0; i <= n; i++) { | |||
1420 | strv[i] = unmarshal_str(r, b); | |||
1421 | } | |||
1422 | assert(i == (n + 1))((void)0); | |||
1423 | assert(strv[i - 1] == NULL)((void)0); | |||
1424 | ||||
1425 | return strv; | |||
1426 | } | |||
1427 | ||||
1428 | void | |||
1429 | pattern_options_marshal(struct buffer* b, struct pattern_options* p) | |||
1430 | { | |||
1431 | marshal_str(b, p->pname); | |||
1432 | marshal_str(b, p->zonefile); | |||
1433 | marshal_str(b, p->zonestats); | |||
1434 | #ifdef RATELIMIT | |||
1435 | marshal_u16(b, p->rrl_whitelist); | |||
1436 | #endif | |||
1437 | marshal_u8(b, p->allow_axfr_fallback); | |||
1438 | marshal_u8(b, p->allow_axfr_fallback_is_default); | |||
1439 | marshal_u8(b, p->notify_retry); | |||
1440 | marshal_u8(b, p->notify_retry_is_default); | |||
1441 | marshal_u8(b, p->implicit); | |||
1442 | marshal_u64(b, p->size_limit_xfr); | |||
1443 | marshal_acl_list(b, p->allow_notify); | |||
1444 | marshal_acl_list(b, p->request_xfr); | |||
1445 | marshal_acl_list(b, p->notify); | |||
1446 | marshal_acl_list(b, p->provide_xfr); | |||
1447 | marshal_acl_list(b, p->allow_query); | |||
1448 | marshal_acl_list(b, p->outgoing_interface); | |||
1449 | marshal_u32(b, p->max_refresh_time); | |||
1450 | marshal_u8(b, p->max_refresh_time_is_default); | |||
1451 | marshal_u32(b, p->min_refresh_time); | |||
1452 | marshal_u8(b, p->min_refresh_time_is_default); | |||
1453 | marshal_u32(b, p->max_retry_time); | |||
1454 | marshal_u8(b, p->max_retry_time_is_default); | |||
1455 | marshal_u32(b, p->min_retry_time); | |||
1456 | marshal_u8(b, p->min_retry_time_is_default); | |||
1457 | marshal_u32(b, p->min_expire_time); | |||
1458 | marshal_u8(b, p->min_expire_time_expr); | |||
1459 | marshal_u8(b, p->multi_master_check); | |||
1460 | marshal_u8(b, p->store_ixfr); | |||
1461 | marshal_u8(b, p->store_ixfr_is_default); | |||
1462 | marshal_u64(b, p->ixfr_size); | |||
1463 | marshal_u8(b, p->ixfr_size_is_default); | |||
1464 | marshal_u32(b, p->ixfr_number); | |||
1465 | marshal_u8(b, p->ixfr_number_is_default); | |||
1466 | marshal_u8(b, p->create_ixfr); | |||
1467 | marshal_u8(b, p->create_ixfr_is_default); | |||
1468 | marshal_u8(b, p->verify_zone); | |||
1469 | marshal_u8(b, p->verify_zone_is_default); | |||
1470 | marshal_strv(b, p->verifier); | |||
1471 | marshal_u8(b, p->verifier_feed_zone); | |||
1472 | marshal_u8(b, p->verifier_feed_zone_is_default); | |||
1473 | marshal_u32(b, p->verifier_timeout); | |||
1474 | marshal_u8(b, p->verifier_timeout_is_default); | |||
1475 | } | |||
1476 | ||||
1477 | struct pattern_options* | |||
1478 | pattern_options_unmarshal(region_type* r, struct buffer* b) | |||
1479 | { | |||
1480 | struct pattern_options* p = pattern_options_create(r); | |||
1481 | p->pname = unmarshal_str(r, b); | |||
1482 | p->zonefile = unmarshal_str(r, b); | |||
1483 | p->zonestats = unmarshal_str(r, b); | |||
1484 | #ifdef RATELIMIT | |||
1485 | p->rrl_whitelist = unmarshal_u16(b); | |||
1486 | #endif | |||
1487 | p->allow_axfr_fallback = unmarshal_u8(b); | |||
1488 | p->allow_axfr_fallback_is_default = unmarshal_u8(b); | |||
1489 | p->notify_retry = unmarshal_u8(b); | |||
1490 | p->notify_retry_is_default = unmarshal_u8(b); | |||
1491 | p->implicit = unmarshal_u8(b); | |||
1492 | p->size_limit_xfr = unmarshal_u64(b); | |||
1493 | p->allow_notify = unmarshal_acl_list(r, b); | |||
1494 | p->request_xfr = unmarshal_acl_list(r, b); | |||
1495 | p->notify = unmarshal_acl_list(r, b); | |||
1496 | p->provide_xfr = unmarshal_acl_list(r, b); | |||
1497 | p->allow_query = unmarshal_acl_list(r, b); | |||
1498 | p->outgoing_interface = unmarshal_acl_list(r, b); | |||
1499 | p->max_refresh_time = unmarshal_u32(b); | |||
1500 | p->max_refresh_time_is_default = unmarshal_u8(b); | |||
1501 | p->min_refresh_time = unmarshal_u32(b); | |||
1502 | p->min_refresh_time_is_default = unmarshal_u8(b); | |||
1503 | p->max_retry_time = unmarshal_u32(b); | |||
1504 | p->max_retry_time_is_default = unmarshal_u8(b); | |||
1505 | p->min_retry_time = unmarshal_u32(b); | |||
1506 | p->min_retry_time_is_default = unmarshal_u8(b); | |||
1507 | p->min_expire_time = unmarshal_u32(b); | |||
1508 | p->min_expire_time_expr = unmarshal_u8(b); | |||
1509 | p->multi_master_check = unmarshal_u8(b); | |||
1510 | p->store_ixfr = unmarshal_u8(b); | |||
1511 | p->store_ixfr_is_default = unmarshal_u8(b); | |||
1512 | p->ixfr_size = unmarshal_u64(b); | |||
1513 | p->ixfr_size_is_default = unmarshal_u8(b); | |||
1514 | p->ixfr_number = unmarshal_u32(b); | |||
1515 | p->ixfr_number_is_default = unmarshal_u8(b); | |||
1516 | p->create_ixfr = unmarshal_u8(b); | |||
1517 | p->create_ixfr_is_default = unmarshal_u8(b); | |||
1518 | p->verify_zone = unmarshal_u8(b); | |||
1519 | p->verify_zone_is_default = unmarshal_u8(b); | |||
1520 | p->verifier = unmarshal_strv(r, b); | |||
1521 | p->verifier_feed_zone = unmarshal_u8(b); | |||
1522 | p->verifier_feed_zone_is_default = unmarshal_u8(b); | |||
1523 | p->verifier_timeout = unmarshal_u32(b); | |||
1524 | p->verifier_timeout_is_default = unmarshal_u8(b); | |||
1525 | return p; | |||
1526 | } | |||
1527 | ||||
1528 | struct key_options* | |||
1529 | key_options_create(region_type* region) | |||
1530 | { | |||
1531 | struct key_options* key; | |||
1532 | key = (struct key_options*)region_alloc_zero(region, | |||
1533 | sizeof(struct key_options)); | |||
1534 | return key; | |||
1535 | } | |||
1536 | ||||
1537 | struct tls_auth_options* | |||
1538 | tls_auth_options_create(region_type* region) | |||
1539 | { | |||
1540 | struct tls_auth_options* tls_auth_options; | |||
1541 | tls_auth_options = (struct tls_auth_options*)region_alloc_zero(region, sizeof(struct tls_auth_options)); | |||
1542 | return tls_auth_options; | |||
1543 | } | |||
1544 | ||||
1545 | void | |||
1546 | key_options_insert(struct nsd_options* opt, struct key_options* key) | |||
1547 | { | |||
1548 | if(!key->name) return; | |||
1549 | key->node.key = key->name; | |||
1550 | (void)rbtree_insert(opt->keys, &key->node); | |||
1551 | } | |||
1552 | ||||
1553 | struct key_options* | |||
1554 | key_options_find(struct nsd_options* opt, const char* name) | |||
1555 | { | |||
1556 | return (struct key_options*)rbtree_search(opt->keys, name); | |||
1557 | } | |||
1558 | ||||
1559 | void | |||
1560 | tls_auth_options_insert(struct nsd_options* opt, struct tls_auth_options* auth) | |||
1561 | { | |||
1562 | if(!auth->name) return; | |||
1563 | auth->node.key = auth->name; | |||
1564 | (void)rbtree_insert(opt->tls_auths, &auth->node); | |||
1565 | } | |||
1566 | ||||
1567 | struct tls_auth_options* | |||
1568 | tls_auth_options_find(struct nsd_options* opt, const char* name) | |||
1569 | { | |||
1570 | return (struct tls_auth_options*)rbtree_search(opt->tls_auths, name); | |||
1571 | } | |||
1572 | ||||
1573 | /** remove tsig_key contents */ | |||
1574 | void | |||
1575 | key_options_desetup(region_type* region, struct key_options* key) | |||
1576 | { | |||
1577 | /* keep tsig_key pointer so that existing references keep valid */ | |||
1578 | if(!key->tsig_key) | |||
1579 | return; | |||
1580 | /* name stays the same */ | |||
1581 | if(key->tsig_key->data) { | |||
1582 | /* wipe secret! */ | |||
1583 | memset(key->tsig_key->data, 0xdd, key->tsig_key->size); | |||
1584 | region_recycle(region, key->tsig_key->data, | |||
1585 | key->tsig_key->size); | |||
1586 | key->tsig_key->data = NULL((void *)0); | |||
1587 | key->tsig_key->size = 0; | |||
1588 | } | |||
1589 | } | |||
1590 | ||||
1591 | /** add tsig_key contents */ | |||
1592 | void | |||
1593 | key_options_setup(region_type* region, struct key_options* key) | |||
1594 | { | |||
1595 | uint8_t data[16384]; /* 16KB */ | |||
1596 | int size; | |||
1597 | if(!key->tsig_key) { | |||
1598 | /* create it */ | |||
1599 | key->tsig_key = (tsig_key_type *) region_alloc(region, | |||
1600 | sizeof(tsig_key_type)); | |||
1601 | /* create name */ | |||
1602 | key->tsig_key->name = dname_parse(region, key->name); | |||
1603 | if(!key->tsig_key->name) { | |||
1604 | log_msg(LOG_ERR3, "Failed to parse tsig key name %s", | |||
1605 | key->name); | |||
1606 | /* key and base64 were checked during syntax parse */ | |||
1607 | exit(1); | |||
1608 | } | |||
1609 | key->tsig_key->size = 0; | |||
1610 | key->tsig_key->data = NULL((void *)0); | |||
1611 | } | |||
1612 | size = __b64_pton(key->secret, data, sizeof(data)); | |||
1613 | if(size == -1) { | |||
1614 | log_msg(LOG_ERR3, "Failed to parse tsig key data %s", | |||
1615 | key->name); | |||
1616 | /* key and base64 were checked during syntax parse */ | |||
1617 | exit(1); | |||
1618 | } | |||
1619 | key->tsig_key->size = size; | |||
1620 | key->tsig_key->data = (uint8_t *)region_alloc_init(region, data, size); | |||
1621 | } | |||
1622 | ||||
1623 | void | |||
1624 | key_options_remove(struct nsd_options* opt, const char* name) | |||
1625 | { | |||
1626 | struct key_options* k = key_options_find(opt, name); | |||
1627 | if(!k) return; | |||
1628 | (void)rbtree_delete(opt->keys, name); | |||
1629 | if(k->name) | |||
1630 | region_recycle(opt->region, k->name, strlen(k->name)+1); | |||
1631 | if(k->algorithm) | |||
1632 | region_recycle(opt->region, k->algorithm, strlen(k->algorithm)+1); | |||
1633 | if(k->secret) { | |||
1634 | memset(k->secret, 0xdd, strlen(k->secret)); /* wipe secret! */ | |||
1635 | region_recycle(opt->region, k->secret, strlen(k->secret)+1); | |||
1636 | } | |||
1637 | if(k->tsig_key) { | |||
1638 | tsig_del_key(k->tsig_key); | |||
1639 | if(k->tsig_key->name) | |||
1640 | region_recycle(opt->region, (void*)k->tsig_key->name, | |||
1641 | dname_total_size(k->tsig_key->name)); | |||
1642 | key_options_desetup(opt->region, k); | |||
1643 | region_recycle(opt->region, k->tsig_key, sizeof(tsig_key_type)); | |||
1644 | } | |||
1645 | region_recycle(opt->region, k, sizeof(struct key_options)); | |||
1646 | } | |||
1647 | ||||
1648 | int | |||
1649 | key_options_equal(struct key_options* p, struct key_options* q) | |||
1650 | { | |||
1651 | return strcmp(p->name, q->name)==0 && strcmp(p->algorithm, | |||
1652 | q->algorithm)==0 && strcmp(p->secret, q->secret)==0; | |||
1653 | } | |||
1654 | ||||
1655 | void | |||
1656 | key_options_add_modify(struct nsd_options* opt, struct key_options* key) | |||
1657 | { | |||
1658 | struct key_options* orig = key_options_find(opt, key->name); | |||
1659 | if(!orig) { | |||
1660 | /* needs to be copied to opt region */ | |||
1661 | orig = key_options_create(opt->region); | |||
1662 | orig->name = region_strdup(opt->region, key->name); | |||
1663 | orig->algorithm = region_strdup(opt->region, key->algorithm); | |||
1664 | orig->secret = region_strdup(opt->region, key->secret); | |||
1665 | key_options_setup(opt->region, orig); | |||
1666 | tsig_add_key(orig->tsig_key); | |||
1667 | key_options_insert(opt, orig); | |||
1668 | } else { | |||
1669 | /* modify entries in existing key, and copy to opt region */ | |||
1670 | key_options_desetup(opt->region, orig); | |||
1671 | region_recycle(opt->region, orig->algorithm, | |||
1672 | strlen(orig->algorithm)+1); | |||
1673 | orig->algorithm = region_strdup(opt->region, key->algorithm); | |||
1674 | region_recycle(opt->region, orig->secret, | |||
1675 | strlen(orig->secret)+1); | |||
1676 | orig->secret = region_strdup(opt->region, key->secret); | |||
1677 | key_options_setup(opt->region, orig); | |||
1678 | } | |||
1679 | } | |||
1680 | ||||
1681 | int | |||
1682 | acl_check_incoming_block_proxy(struct acl_options* acl, struct query* q, | |||
1683 | struct acl_options** reason) | |||
1684 | { | |||
1685 | /* check each acl element. | |||
1686 | * if it is blocked, return -1. | |||
1687 | * return false if no matches for blocked elements. */ | |||
1688 | if(reason) | |||
1689 | *reason = NULL((void *)0); | |||
1690 | ||||
1691 | while(acl) | |||
1692 | { | |||
1693 | DEBUG(DEBUG_XFRD,2, (LOG_INFO, "proxy testing acl %s %s", | |||
1694 | acl->ip_address_spec, acl->nokey?"NOKEY": | |||
1695 | (acl->blocked?"BLOCKED":acl->key_name))); | |||
1696 | if(acl_addr_matches_proxy(acl, q) && acl->blocked) { | |||
1697 | if(reason) | |||
1698 | *reason = acl; | |||
1699 | return -1; | |||
1700 | } | |||
1701 | acl = acl->next; | |||
1702 | } | |||
1703 | ||||
1704 | return 0; | |||
1705 | } | |||
1706 | ||||
1707 | int | |||
1708 | acl_check_incoming(struct acl_options* acl, struct query* q, | |||
1709 | struct acl_options** reason) | |||
1710 | { | |||
1711 | /* check each acl element. | |||
1712 | if 1 blocked element matches - return -1. | |||
1713 | if any element matches - return number. | |||
1714 | else return -1. */ | |||
1715 | int found_match = -1; | |||
1716 | int number = 0; | |||
1717 | struct acl_options* match = 0; | |||
1718 | ||||
1719 | if(reason) | |||
1720 | *reason = NULL((void *)0); | |||
1721 | ||||
1722 | while(acl) | |||
1723 | { | |||
1724 | DEBUG(DEBUG_XFRD,2, (LOG_INFO, "testing acl %s %s", | |||
1725 | acl->ip_address_spec, acl->nokey?"NOKEY": | |||
1726 | (acl->blocked?"BLOCKED":acl->key_name))); | |||
1727 | if(acl_addr_matches(acl, q) && acl_key_matches(acl, q)) { | |||
1728 | if(!match) | |||
1729 | { | |||
1730 | match = acl; /* remember first match */ | |||
1731 | found_match=number; | |||
1732 | } | |||
1733 | if(acl->blocked) { | |||
1734 | if(reason) | |||
1735 | *reason = acl; | |||
1736 | return -1; | |||
1737 | } | |||
1738 | } | |||
1739 | number++; | |||
1740 | acl = acl->next; | |||
1741 | } | |||
1742 | ||||
1743 | if(reason) | |||
1744 | *reason = match; | |||
1745 | return found_match; | |||
1746 | } | |||
1747 | ||||
1748 | #ifdef INET6 | |||
1749 | int | |||
1750 | acl_addr_matches_ipv6host(struct acl_options* acl, struct sockaddr_storage* addr_storage, unsigned int port) | |||
1751 | { | |||
1752 | struct sockaddr_in6* addr = (struct sockaddr_in6*)addr_storage; | |||
1753 | if(acl->port != 0 && acl->port != port) | |||
1754 | return 0; | |||
1755 | switch(acl->rangetype) { | |||
1756 | case acl_range_mask: | |||
1757 | case acl_range_subnet: | |||
1758 | if(!acl_addr_match_mask((uint32_t*)&acl->addr.addr6, (uint32_t*)&addr->sin6_addr, | |||
1759 | (uint32_t*)&acl->range_mask.addr6, sizeof(struct in6_addr))) | |||
1760 | return 0; | |||
1761 | break; | |||
1762 | case acl_range_minmax: | |||
1763 | if(!acl_addr_match_range_v6((uint32_t*)&acl->addr.addr6, (uint32_t*)&addr->sin6_addr, | |||
1764 | (uint32_t*)&acl->range_mask.addr6, sizeof(struct in6_addr))) | |||
1765 | return 0; | |||
1766 | break; | |||
1767 | case acl_range_single: | |||
1768 | default: | |||
1769 | if(memcmp(&addr->sin6_addr, &acl->addr.addr6, | |||
1770 | sizeof(struct in6_addr)) != 0) | |||
1771 | return 0; | |||
1772 | break; | |||
1773 | } | |||
1774 | return 1; | |||
1775 | } | |||
1776 | #endif | |||
1777 | ||||
1778 | int | |||
1779 | acl_addr_matches_ipv4host(struct acl_options* acl, struct sockaddr_in* addr, unsigned int port) | |||
1780 | { | |||
1781 | if(acl->port != 0 && acl->port != port) | |||
1782 | return 0; | |||
1783 | switch(acl->rangetype) { | |||
1784 | case acl_range_mask: | |||
1785 | case acl_range_subnet: | |||
1786 | if(!acl_addr_match_mask((uint32_t*)&acl->addr.addr, (uint32_t*)&addr->sin_addr, | |||
1787 | (uint32_t*)&acl->range_mask.addr, sizeof(struct in_addr))) | |||
1788 | return 0; | |||
1789 | break; | |||
1790 | case acl_range_minmax: | |||
1791 | if(!acl_addr_match_range_v4((uint32_t*)&acl->addr.addr, (uint32_t*)&addr->sin_addr, | |||
1792 | (uint32_t*)&acl->range_mask.addr, sizeof(struct in_addr))) | |||
1793 | return 0; | |||
1794 | break; | |||
1795 | case acl_range_single: | |||
1796 | default: | |||
1797 | if(memcmp(&addr->sin_addr, &acl->addr.addr, | |||
1798 | sizeof(struct in_addr)) != 0) | |||
1799 | return 0; | |||
1800 | break; | |||
1801 | } | |||
1802 | return 1; | |||
1803 | } | |||
1804 | ||||
1805 | int | |||
1806 | acl_addr_matches_host(struct acl_options* acl, struct acl_options* host) | |||
1807 | { | |||
1808 | if(acl->is_ipv6) | |||
1809 | { | |||
1810 | #ifdef INET6 | |||
1811 | struct sockaddr_storage* addr = (struct sockaddr_storage*)&host->addr; | |||
1812 | if(!host->is_ipv6) return 0; | |||
1813 | return acl_addr_matches_ipv6host(acl, addr, host->port); | |||
1814 | #else | |||
1815 | return 0; /* no inet6, no match */ | |||
1816 | #endif | |||
1817 | } | |||
1818 | else | |||
1819 | { | |||
1820 | struct sockaddr_in* addr = (struct sockaddr_in*)&host->addr; | |||
1821 | if(host->is_ipv6) return 0; | |||
1822 | return acl_addr_matches_ipv4host(acl, addr, host->port); | |||
1823 | } | |||
1824 | /* ENOTREACH */ | |||
1825 | return 0; | |||
1826 | } | |||
1827 | ||||
1828 | int | |||
1829 | acl_addr_matches(struct acl_options* acl, struct query* q) | |||
1830 | { | |||
1831 | if(acl->is_ipv6) | |||
1832 | { | |||
1833 | #ifdef INET6 | |||
1834 | struct sockaddr_storage* addr = (struct sockaddr_storage*)&q->client_addr; | |||
1835 | if(addr->ss_family != AF_INET624) | |||
1836 | return 0; | |||
1837 | return acl_addr_matches_ipv6host(acl, addr, ntohs(((struct sockaddr_in6*)addr)->sin6_port)(__uint16_t)(__builtin_constant_p(((struct sockaddr_in6*)addr )->sin6_port) ? (__uint16_t)(((__uint16_t)(((struct sockaddr_in6 *)addr)->sin6_port) & 0xffU) << 8 | ((__uint16_t )(((struct sockaddr_in6*)addr)->sin6_port) & 0xff00U) >> 8) : __swap16md(((struct sockaddr_in6*)addr)->sin6_port))); | |||
1838 | #else | |||
1839 | return 0; /* no inet6, no match */ | |||
1840 | #endif | |||
1841 | } | |||
1842 | else | |||
1843 | { | |||
1844 | struct sockaddr_in* addr = (struct sockaddr_in*)&q->client_addr; | |||
1845 | if(addr->sin_family != AF_INET2) | |||
1846 | return 0; | |||
1847 | return acl_addr_matches_ipv4host(acl, addr, ntohs(addr->sin_port)(__uint16_t)(__builtin_constant_p(addr->sin_port) ? (__uint16_t )(((__uint16_t)(addr->sin_port) & 0xffU) << 8 | ( (__uint16_t)(addr->sin_port) & 0xff00U) >> 8) : __swap16md (addr->sin_port))); | |||
1848 | } | |||
1849 | /* ENOTREACH */ | |||
1850 | return 0; | |||
1851 | } | |||
1852 | ||||
1853 | int | |||
1854 | acl_addr_matches_proxy(struct acl_options* acl, struct query* q) | |||
1855 | { | |||
1856 | if(acl->is_ipv6) | |||
1857 | { | |||
1858 | #ifdef INET6 | |||
1859 | struct sockaddr_storage* addr = (struct sockaddr_storage*)&q->remote_addr; | |||
1860 | if(addr->ss_family != AF_INET624) | |||
1861 | return 0; | |||
1862 | return acl_addr_matches_ipv6host(acl, addr, ntohs(((struct sockaddr_in6*)addr)->sin6_port)(__uint16_t)(__builtin_constant_p(((struct sockaddr_in6*)addr )->sin6_port) ? (__uint16_t)(((__uint16_t)(((struct sockaddr_in6 *)addr)->sin6_port) & 0xffU) << 8 | ((__uint16_t )(((struct sockaddr_in6*)addr)->sin6_port) & 0xff00U) >> 8) : __swap16md(((struct sockaddr_in6*)addr)->sin6_port))); | |||
1863 | #else | |||
1864 | return 0; /* no inet6, no match */ | |||
1865 | #endif | |||
1866 | } | |||
1867 | else | |||
1868 | { | |||
1869 | struct sockaddr_in* addr = (struct sockaddr_in*)&q->remote_addr; | |||
1870 | if(addr->sin_family != AF_INET2) | |||
1871 | return 0; | |||
1872 | return acl_addr_matches_ipv4host(acl, addr, ntohs(addr->sin_port)(__uint16_t)(__builtin_constant_p(addr->sin_port) ? (__uint16_t )(((__uint16_t)(addr->sin_port) & 0xffU) << 8 | ( (__uint16_t)(addr->sin_port) & 0xff00U) >> 8) : __swap16md (addr->sin_port))); | |||
1873 | } | |||
1874 | /* ENOTREACH */ | |||
1875 | return 0; | |||
1876 | } | |||
1877 | ||||
1878 | int | |||
1879 | acl_addr_match_mask(uint32_t* a, uint32_t* b, uint32_t* mask, size_t sz) | |||
1880 | { | |||
1881 | size_t i; | |||
1882 | #ifndef NDEBUG | |||
1883 | assert(sz % 4 == 0)((void)0); | |||
1884 | #endif | |||
1885 | sz /= 4; | |||
1886 | for(i=0; i<sz; ++i) | |||
1887 | { | |||
1888 | if(((*a++)&*mask) != ((*b++)&*mask)) | |||
1889 | return 0; | |||
1890 | ++mask; | |||
1891 | } | |||
1892 | return 1; | |||
1893 | } | |||
1894 | ||||
1895 | int | |||
1896 | acl_addr_match_range_v4(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz) | |||
1897 | { | |||
1898 | assert(sz == 4)((void)0); (void)sz; | |||
1899 | /* check treats x as one huge number */ | |||
1900 | ||||
1901 | /* if outside bounds, we are done */ | |||
1902 | if(*minval > *x) | |||
1903 | return 0; | |||
1904 | if(*maxval < *x) | |||
1905 | return 0; | |||
1906 | ||||
1907 | return 1; | |||
1908 | } | |||
1909 | ||||
1910 | #ifdef INET6 | |||
1911 | int | |||
1912 | acl_addr_match_range_v6(uint32_t* minval, uint32_t* x, uint32_t* maxval, size_t sz) | |||
1913 | { | |||
1914 | size_t i; | |||
1915 | uint8_t checkmin = 1, checkmax = 1; | |||
1916 | #ifndef NDEBUG | |||
1917 | assert(sz % 4 == 0)((void)0); | |||
1918 | #endif | |||
1919 | /* check treats x as one huge number */ | |||
1920 | sz /= 4; | |||
1921 | for(i=0; i<sz; ++i) | |||
1922 | { | |||
1923 | /* if outside bounds, we are done */ | |||
1924 | if(checkmin) | |||
1925 | if(minval[i] > x[i]) | |||
1926 | return 0; | |||
1927 | if(checkmax) | |||
1928 | if(maxval[i] < x[i]) | |||
1929 | return 0; | |||
1930 | /* if x is equal to a bound, that bound needs further checks */ | |||
1931 | if(checkmin && minval[i]!=x[i]) | |||
1932 | checkmin = 0; | |||
1933 | if(checkmax && maxval[i]!=x[i]) | |||
1934 | checkmax = 0; | |||
1935 | if(!checkmin && !checkmax) | |||
1936 | return 1; /* will always match */ | |||
1937 | } | |||
1938 | return 1; | |||
1939 | } | |||
1940 | #endif /* INET6 */ | |||
1941 | ||||
1942 | int | |||
1943 | acl_key_matches(struct acl_options* acl, struct query* q) | |||
1944 | { | |||
1945 | if(acl->blocked) | |||
1946 | return 1; | |||
1947 | if(acl->nokey) { | |||
1948 | if(q->tsig.status == TSIG_NOT_PRESENT) | |||
1949 | return 1; | |||
1950 | return 0; | |||
1951 | } | |||
1952 | /* check name of tsig key */ | |||
1953 | if(q->tsig.status != TSIG_OK) { | |||
1954 | DEBUG(DEBUG_XFRD,2, (LOG_INFO, "keymatch fail query has no TSIG")); | |||
1955 | return 0; /* query has no TSIG */ | |||
1956 | } | |||
1957 | if(q->tsig.error_code != TSIG_ERROR_NOERROR0) { | |||
1958 | DEBUG(DEBUG_XFRD,2, (LOG_INFO, "keymatch fail, tsig has error")); | |||
1959 | return 0; /* some tsig error */ | |||
1960 | } | |||
1961 | if(!acl->key_options->tsig_key) { | |||
1962 | DEBUG(DEBUG_XFRD,2, (LOG_INFO, "keymatch fail no config")); | |||
1963 | return 0; /* key not properly configured */ | |||
1964 | } | |||
1965 | if(dname_compare(q->tsig.key_name, | |||
1966 | acl->key_options->tsig_key->name) != 0) { | |||
1967 | DEBUG(DEBUG_XFRD,2, (LOG_INFO, "keymatch fail wrong key name")); | |||
1968 | return 0; /* wrong key name */ | |||
1969 | } | |||
1970 | if(tsig_strlowercmp(q->tsig.algorithm->short_name, | |||
1971 | acl->key_options->algorithm) != 0 && ( | |||
1972 | strncmp("hmac-", q->tsig.algorithm->short_name, 5) != 0 || | |||
1973 | tsig_strlowercmp(q->tsig.algorithm->short_name+5, | |||
1974 | acl->key_options->algorithm) != 0) ) { | |||
1975 | DEBUG(DEBUG_XFRD,2, (LOG_ERR, "query tsig wrong algorithm")); | |||
1976 | return 0; /* no such algo */ | |||
1977 | } | |||
1978 | return 1; | |||
1979 | } | |||
1980 | ||||
1981 | int | |||
1982 | acl_same_host(struct acl_options* a, struct acl_options* b) | |||
1983 | { | |||
1984 | if(a->is_ipv6 && !b->is_ipv6) | |||
1985 | return 0; | |||
1986 | if(!a->is_ipv6 && b->is_ipv6) | |||
1987 | return 0; | |||
1988 | if(a->port != b->port) | |||
1989 | return 0; | |||
1990 | if(a->rangetype != b->rangetype) | |||
1991 | return 0; | |||
1992 | if(!a->is_ipv6) { | |||
1993 | if(memcmp(&a->addr.addr, &b->addr.addr, | |||
1994 | sizeof(struct in_addr)) != 0) | |||
1995 | return 0; | |||
1996 | if(a->rangetype != acl_range_single && | |||
1997 | memcmp(&a->range_mask.addr, &b->range_mask.addr, | |||
1998 | sizeof(struct in_addr)) != 0) | |||
1999 | return 0; | |||
2000 | } else { | |||
2001 | #ifdef INET6 | |||
2002 | if(memcmp(&a->addr.addr6, &b->addr.addr6, | |||
2003 | sizeof(struct in6_addr)) != 0) | |||
2004 | return 0; | |||
2005 | if(a->rangetype != acl_range_single && | |||
2006 | memcmp(&a->range_mask.addr6, &b->range_mask.addr6, | |||
2007 | sizeof(struct in6_addr)) != 0) | |||
2008 | return 0; | |||
2009 | #else | |||
2010 | return 0; | |||
2011 | #endif | |||
2012 | } | |||
2013 | return 1; | |||
2014 | } | |||
2015 | ||||
2016 | #if defined(HAVE_SSL) | |||
2017 | void | |||
2018 | key_options_tsig_add(struct nsd_options* opt) | |||
2019 | { | |||
2020 | struct key_options* optkey; | |||
2021 | RBTREE_FOR(optkey, struct key_options*, opt->keys)for(optkey=(struct key_options*)rbtree_first(opt->keys); ( rbnode_type*)optkey != &rbtree_null_node; optkey = (struct key_options*)rbtree_next((rbnode_type*)optkey)) { | |||
2022 | key_options_setup(opt->region, optkey); | |||
2023 | tsig_add_key(optkey->tsig_key); | |||
2024 | } | |||
2025 | } | |||
2026 | #endif | |||
2027 | ||||
2028 | int | |||
2029 | zone_is_slave(struct zone_options* opt) | |||
2030 | { | |||
2031 | return opt && opt->pattern && opt->pattern->request_xfr != 0; | |||
2032 | } | |||
2033 | ||||
2034 | /* get a character in string (or replacement char if not long enough) */ | |||
2035 | static const char* | |||
2036 | get_char(const char* str, size_t i) | |||
2037 | { | |||
2038 | static char res[2]; | |||
2039 | if(i >= strlen(str)) | |||
2040 | return "."; | |||
2041 | res[0] = str[i]; | |||
2042 | res[1] = 0; | |||
2043 | return res; | |||
2044 | } | |||
2045 | /* get end label of the zone name (or .) */ | |||
2046 | static const char* | |||
2047 | get_end_label(struct zone_options* zone, int i) | |||
2048 | { | |||
2049 | const dname_type* d = (const dname_type*)zone->node.key; | |||
2050 | if(i >= d->label_count) { | |||
2051 | return "."; | |||
2052 | } | |||
2053 | return wirelabel2str(dname_label(d, i)); | |||
2054 | } | |||
2055 | /* replace occurrences of one with two */ | |||
2056 | void | |||
2057 | replace_str(char* str, size_t len, const char* one, const char* two) | |||
2058 | { | |||
2059 | char* pos; | |||
2060 | char* at = str; | |||
2061 | while( (pos=strstr(at, one)) ) { | |||
2062 | if(strlen(str)+strlen(two)-strlen(one) >= len) | |||
2063 | return; /* no more space to replace */ | |||
2064 | /* stuff before pos is fine */ | |||
2065 | /* move the stuff after pos to make space for two, add | |||
2066 | * one to length of remainder to also copy the 0 byte end */ | |||
2067 | memmove(pos+strlen(two), pos+strlen(one), | |||
2068 | strlen(pos+strlen(one))+1); | |||
2069 | /* copy in two */ | |||
2070 | memmove(pos, two, strlen(two)); | |||
2071 | /* at is end of the newly inserted two (avoids recursion if | |||
2072 | * two contains one) */ | |||
2073 | at = pos+strlen(two); | |||
2074 | } | |||
2075 | } | |||
2076 | ||||
2077 | const char* | |||
2078 | config_cook_string(struct zone_options* zone, const char* input) | |||
2079 | { | |||
2080 | static char f[1024]; | |||
2081 | /* if not a template, return as-is */ | |||
2082 | if(!strchr(input, '%')) { | |||
2083 | return input; | |||
2084 | } | |||
2085 | strlcpy(f, input, sizeof(f)); | |||
2086 | if(strstr(f, "%1")) | |||
2087 | replace_str(f, sizeof(f), "%1", get_char(zone->name, 0)); | |||
2088 | if(strstr(f, "%2")) | |||
2089 | replace_str(f, sizeof(f), "%2", get_char(zone->name, 1)); | |||
2090 | if(strstr(f, "%3")) | |||
2091 | replace_str(f, sizeof(f), "%3", get_char(zone->name, 2)); | |||
2092 | if(strstr(f, "%z")) | |||
2093 | replace_str(f, sizeof(f), "%z", get_end_label(zone, 1)); | |||
2094 | if(strstr(f, "%y")) | |||
2095 | replace_str(f, sizeof(f), "%y", get_end_label(zone, 2)); | |||
2096 | if(strstr(f, "%x")) | |||
2097 | replace_str(f, sizeof(f), "%x", get_end_label(zone, 3)); | |||
2098 | if(strstr(f, "%s")) | |||
2099 | replace_str(f, sizeof(f), "%s", zone->name); | |||
2100 | return f; | |||
2101 | } | |||
2102 | ||||
2103 | const char* | |||
2104 | config_make_zonefile(struct zone_options* zone, struct nsd* nsd) | |||
2105 | { | |||
2106 | static char f[1024]; | |||
2107 | /* if not a template, return as-is */ | |||
2108 | if(!strchr(zone->pattern->zonefile, '%')) { | |||
2109 | if (nsd->chrootdir && nsd->chrootdir[0] && | |||
2110 | zone->pattern->zonefile && | |||
2111 | zone->pattern->zonefile[0] == '/' && | |||
2112 | strncmp(zone->pattern->zonefile, nsd->chrootdir, | |||
2113 | strlen(nsd->chrootdir)) == 0) | |||
2114 | /* -1 because chrootdir ends in trailing slash */ | |||
2115 | return zone->pattern->zonefile + strlen(nsd->chrootdir) - 1; | |||
2116 | return zone->pattern->zonefile; | |||
2117 | } | |||
2118 | strlcpy(f, zone->pattern->zonefile, sizeof(f)); | |||
2119 | if(strstr(f, "%1")) | |||
2120 | replace_str(f, sizeof(f), "%1", get_char(zone->name, 0)); | |||
2121 | if(strstr(f, "%2")) | |||
2122 | replace_str(f, sizeof(f), "%2", get_char(zone->name, 1)); | |||
2123 | if(strstr(f, "%3")) | |||
2124 | replace_str(f, sizeof(f), "%3", get_char(zone->name, 2)); | |||
2125 | if(strstr(f, "%z")) | |||
2126 | replace_str(f, sizeof(f), "%z", get_end_label(zone, 1)); | |||
2127 | if(strstr(f, "%y")) | |||
2128 | replace_str(f, sizeof(f), "%y", get_end_label(zone, 2)); | |||
2129 | if(strstr(f, "%x")) | |||
2130 | replace_str(f, sizeof(f), "%x", get_end_label(zone, 3)); | |||
2131 | if(strstr(f, "%s")) | |||
2132 | replace_str(f, sizeof(f), "%s", zone->name); | |||
2133 | if (nsd->chrootdir && nsd->chrootdir[0] && f[0] == '/' && | |||
2134 | strncmp(f, nsd->chrootdir, strlen(nsd->chrootdir)) == 0) | |||
2135 | /* -1 because chrootdir ends in trailing slash */ | |||
2136 | return f + strlen(nsd->chrootdir) - 1; | |||
2137 | return f; | |||
2138 | } | |||
2139 | ||||
2140 | struct zone_options* | |||
2141 | zone_options_find(struct nsd_options* opt, const struct dname* apex) | |||
2142 | { | |||
2143 | return (struct zone_options*) rbtree_search(opt->zone_options, apex); | |||
2144 | } | |||
2145 | ||||
2146 | struct acl_options* | |||
2147 | acl_find_num(struct acl_options* acl, int num) | |||
2148 | { | |||
2149 | int count = num; | |||
2150 | if(num < 0) | |||
2151 | return 0; | |||
2152 | while(acl && count > 0) { | |||
2153 | acl = acl->next; | |||
2154 | count--; | |||
2155 | } | |||
2156 | if(count == 0) | |||
2157 | return acl; | |||
2158 | return 0; | |||
2159 | } | |||
2160 | ||||
2161 | /* true if ipv6 address, false if ipv4 */ | |||
2162 | int | |||
2163 | parse_acl_is_ipv6(const char* p) | |||
2164 | { | |||
2165 | /* see if addr is ipv6 or ipv4 -- by : and . */ | |||
2166 | while(*p) { | |||
2167 | if(*p == '.') return 0; | |||
2168 | if(*p == ':') return 1; | |||
2169 | ++p; | |||
2170 | } | |||
2171 | return 0; | |||
2172 | } | |||
2173 | ||||
2174 | /* returns range type. mask is the 2nd part of the range */ | |||
2175 | int | |||
2176 | parse_acl_range_type(char* ip, char** mask) | |||
2177 | { | |||
2178 | char *p; | |||
2179 | if((p=strchr(ip, '&'))!=0) { | |||
2180 | *p = 0; | |||
2181 | *mask = p+1; | |||
2182 | return acl_range_mask; | |||
2183 | } | |||
2184 | if((p=strchr(ip, '/'))!=0) { | |||
2185 | *p = 0; | |||
2186 | *mask = p+1; | |||
2187 | return acl_range_subnet; | |||
2188 | } | |||
2189 | if((p=strchr(ip, '-'))!=0) { | |||
2190 | *p = 0; | |||
2191 | *mask = p+1; | |||
2192 | return acl_range_minmax; | |||
2193 | } | |||
2194 | *mask = 0; | |||
2195 | return acl_range_single; | |||
2196 | } | |||
2197 | ||||
2198 | /* parses subnet mask, fills 0 mask as well */ | |||
2199 | void | |||
2200 | parse_acl_range_subnet(char* p, void* addr, int maxbits) | |||
2201 | { | |||
2202 | int subnet_bits = atoi(p); | |||
2203 | uint8_t* addr_bytes = (uint8_t*)addr; | |||
2204 | if(subnet_bits == 0 && strcmp(p, "0")!=0) { | |||
| ||||
2205 | c_error("bad subnet range '%s'", p); | |||
2206 | return; | |||
2207 | } | |||
2208 | if(subnet_bits < 0 || subnet_bits > maxbits) { | |||
2209 | c_error("subnet of %d bits out of range [0..%d]", subnet_bits, maxbits); | |||
2210 | return; | |||
2211 | } | |||
2212 | /* fill addr with n bits of 1s (struct has been zeroed) */ | |||
2213 | while(subnet_bits >= 8) { | |||
2214 | *addr_bytes++ = 0xff; | |||
2215 | subnet_bits -= 8; | |||
2216 | } | |||
2217 | if(subnet_bits > 0) { | |||
2218 | uint8_t shifts[] = {0x0, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}; | |||
2219 | *addr_bytes = shifts[subnet_bits]; | |||
2220 | } | |||
2221 | } | |||
2222 | ||||
2223 | struct acl_options* | |||
2224 | parse_acl_info(region_type* region, char* ip, const char* key) | |||
2225 | { | |||
2226 | char* p; | |||
2227 | struct acl_options* acl = (struct acl_options*)region_alloc(region, | |||
2228 | sizeof(struct acl_options)); | |||
2229 | acl->next = 0; | |||
2230 | /* ip */ | |||
2231 | acl->ip_address_spec = region_strdup(region, ip); | |||
2232 | acl->use_axfr_only = 0; | |||
2233 | acl->allow_udp = 0; | |||
2234 | acl->ixfr_disabled = 0; | |||
2235 | acl->bad_xfr_count = 0; | |||
2236 | acl->key_options = 0; | |||
2237 | acl->tls_auth_options = 0; | |||
2238 | acl->tls_auth_name = 0; | |||
2239 | acl->is_ipv6 = 0; | |||
2240 | acl->port = 0; | |||
2241 | memset(&acl->addr, 0, sizeof(union acl_addr_storage)); | |||
2242 | memset(&acl->range_mask, 0, sizeof(union acl_addr_storage)); | |||
2243 | if((p=strrchr(ip, '@'))!=0) { | |||
| ||||
2244 | if(atoi(p+1) == 0) c_error("expected port number after '@'"); | |||
2245 | else acl->port = atoi(p+1); | |||
2246 | *p=0; | |||
2247 | } | |||
2248 | acl->rangetype = parse_acl_range_type(ip, &p); | |||
2249 | if(parse_acl_is_ipv6(ip)) { | |||
2250 | acl->is_ipv6 = 1; | |||
2251 | #ifdef INET6 | |||
2252 | if(inet_pton(AF_INET624, ip, &acl->addr.addr6) != 1) | |||
2253 | c_error("Bad ip6 address '%s'", ip); | |||
2254 | if(acl->rangetype==acl_range_mask || acl->rangetype==acl_range_minmax) { | |||
2255 | assert(p)((void)0); | |||
2256 | if(inet_pton(AF_INET624, p, &acl->range_mask.addr6) != 1) | |||
2257 | c_error("Bad ip6 address mask '%s'", p); | |||
2258 | } | |||
2259 | if(acl->rangetype==acl_range_subnet) { | |||
2260 | assert(p)((void)0); | |||
2261 | parse_acl_range_subnet(p, &acl->range_mask.addr6, 128); | |||
2262 | } | |||
2263 | #else | |||
2264 | c_error("encountered IPv6 address '%s'.", ip); | |||
2265 | #endif /* INET6 */ | |||
2266 | } else { | |||
2267 | acl->is_ipv6 = 0; | |||
2268 | if(inet_pton(AF_INET2, ip, &acl->addr.addr) != 1) | |||
2269 | c_error("Bad ip4 address '%s'", ip); | |||
2270 | if(acl->rangetype==acl_range_mask || acl->rangetype==acl_range_minmax) { | |||
2271 | assert(p)((void)0); | |||
2272 | if(inet_pton(AF_INET2, p, &acl->range_mask.addr) != 1) | |||
2273 | c_error("Bad ip4 address mask '%s'", p); | |||
2274 | } | |||
2275 | if(acl->rangetype==acl_range_subnet) { | |||
2276 | assert(p)((void)0); | |||
2277 | parse_acl_range_subnet(p, &acl->range_mask.addr, 32); | |||
2278 | } | |||
2279 | } | |||
2280 | ||||
2281 | /* key */ | |||
2282 | if(strcmp(key, "NOKEY")==0) { | |||
2283 | acl->nokey = 1; | |||
2284 | acl->blocked = 0; | |||
2285 | acl->key_name = 0; | |||
2286 | } else if(strcmp(key, "BLOCKED")==0) { | |||
2287 | acl->nokey = 0; | |||
2288 | acl->blocked = 1; | |||
2289 | acl->key_name = 0; | |||
2290 | } else { | |||
2291 | acl->nokey = 0; | |||
2292 | acl->blocked = 0; | |||
2293 | acl->key_name = region_strdup(region, key); | |||
2294 | } | |||
2295 | return acl; | |||
2296 | } | |||
2297 | ||||
2298 | /* copy acl list at end of parser start, update current */ | |||
2299 | static | |||
2300 | void copy_and_append_acls(struct acl_options** start, struct acl_options* list) | |||
2301 | { | |||
2302 | struct acl_options *tail = NULL((void *)0); | |||
2303 | ||||
2304 | assert(start != NULL)((void)0); | |||
2305 | ||||
2306 | tail = *start; | |||
2307 | if(tail) { | |||
2308 | while(tail->next) { | |||
2309 | tail = tail->next; | |||
2310 | } | |||
2311 | } | |||
2312 | ||||
2313 | while(list) { | |||
2314 | struct acl_options* acl = copy_acl(cfg_parser->opt->region, | |||
2315 | list); | |||
2316 | acl->next = NULL((void *)0); | |||
2317 | if(tail) { | |||
2318 | tail->next = acl; | |||
2319 | } else { | |||
2320 | *start = acl; | |||
2321 | } | |||
2322 | tail = acl; | |||
2323 | list = list->next; | |||
2324 | } | |||
2325 | } | |||
2326 | ||||
2327 | void | |||
2328 | config_apply_pattern(struct pattern_options *dest, const char* name) | |||
2329 | { | |||
2330 | /* find the pattern */ | |||
2331 | struct pattern_options* pat = pattern_options_find(cfg_parser->opt, | |||
2332 | name); | |||
2333 | if(!pat) { | |||
2334 | c_error("could not find pattern %s", name); | |||
2335 | return; | |||
2336 | } | |||
2337 | ||||
2338 | /* apply settings */ | |||
2339 | if(pat->zonefile) | |||
2340 | dest->zonefile = region_strdup(cfg_parser->opt->region, | |||
2341 | pat->zonefile); | |||
2342 | if(pat->zonestats) | |||
2343 | dest->zonestats = region_strdup(cfg_parser->opt->region, | |||
2344 | pat->zonestats); | |||
2345 | if(!pat->allow_axfr_fallback_is_default) { | |||
2346 | dest->allow_axfr_fallback = pat->allow_axfr_fallback; | |||
2347 | dest->allow_axfr_fallback_is_default = 0; | |||
2348 | } | |||
2349 | if(!pat->notify_retry_is_default) { | |||
2350 | dest->notify_retry = pat->notify_retry; | |||
2351 | dest->notify_retry_is_default = 0; | |||
2352 | } | |||
2353 | if(!pat->max_refresh_time_is_default) { | |||
2354 | dest->max_refresh_time = pat->max_refresh_time; | |||
2355 | dest->max_refresh_time_is_default = 0; | |||
2356 | } | |||
2357 | if(!pat->min_refresh_time_is_default) { | |||
2358 | dest->min_refresh_time = pat->min_refresh_time; | |||
2359 | dest->min_refresh_time_is_default = 0; | |||
2360 | } | |||
2361 | if(!pat->max_retry_time_is_default) { | |||
2362 | dest->max_retry_time = pat->max_retry_time; | |||
2363 | dest->max_retry_time_is_default = 0; | |||
2364 | } | |||
2365 | if(!pat->min_retry_time_is_default) { | |||
2366 | dest->min_retry_time = pat->min_retry_time; | |||
2367 | dest->min_retry_time_is_default = 0; | |||
2368 | } | |||
2369 | if(!expire_time_is_default(pat->min_expire_time_expr)(!( (pat->min_expire_time_expr) == 2 || (pat->min_expire_time_expr ) == 0 ))) { | |||
2370 | dest->min_expire_time = pat->min_expire_time; | |||
2371 | dest->min_expire_time_expr = pat->min_expire_time_expr; | |||
2372 | } | |||
2373 | if(!pat->store_ixfr_is_default) { | |||
2374 | dest->store_ixfr = pat->store_ixfr; | |||
2375 | dest->store_ixfr_is_default = 0; | |||
2376 | } | |||
2377 | if(!pat->ixfr_size_is_default) { | |||
2378 | dest->ixfr_size = pat->ixfr_size; | |||
2379 | dest->ixfr_size_is_default = 0; | |||
2380 | } | |||
2381 | if(!pat->ixfr_number_is_default) { | |||
2382 | dest->ixfr_number = pat->ixfr_number; | |||
2383 | dest->ixfr_number_is_default = 0; | |||
2384 | } | |||
2385 | if(!pat->create_ixfr_is_default) { | |||
2386 | dest->create_ixfr = pat->create_ixfr; | |||
2387 | dest->create_ixfr_is_default = 0; | |||
2388 | } | |||
2389 | dest->size_limit_xfr = pat->size_limit_xfr; | |||
2390 | #ifdef RATELIMIT | |||
2391 | dest->rrl_whitelist |= pat->rrl_whitelist; | |||
2392 | #endif | |||
2393 | /* append acl items */ | |||
2394 | copy_and_append_acls(&dest->allow_notify, pat->allow_notify); | |||
2395 | copy_and_append_acls(&dest->request_xfr, pat->request_xfr); | |||
2396 | copy_and_append_acls(&dest->notify, pat->notify); | |||
2397 | copy_and_append_acls(&dest->provide_xfr, pat->provide_xfr); | |||
2398 | copy_and_append_acls(&dest->allow_query, pat->allow_query); | |||
2399 | copy_and_append_acls(&dest->outgoing_interface, pat->outgoing_interface); | |||
2400 | if(pat->multi_master_check) | |||
2401 | dest->multi_master_check = pat->multi_master_check; | |||
2402 | ||||
2403 | if(!pat->verify_zone_is_default) { | |||
2404 | dest->verify_zone = pat->verify_zone; | |||
2405 | dest->verify_zone_is_default = 0; | |||
2406 | } | |||
2407 | if(!pat->verifier_timeout_is_default) { | |||
2408 | dest->verifier_timeout = pat->verifier_timeout; | |||
2409 | dest->verifier_timeout_is_default = 0; | |||
2410 | } | |||
2411 | if(!pat->verifier_feed_zone_is_default) { | |||
2412 | dest->verifier_feed_zone = pat->verifier_feed_zone; | |||
2413 | dest->verifier_feed_zone_is_default = 0; | |||
2414 | } | |||
2415 | if(pat->verifier != NULL((void *)0)) { | |||
2416 | size_t cnt; | |||
2417 | char **vec; | |||
2418 | region_type *region = cfg_parser->opt->region; | |||
2419 | ||||
2420 | for(cnt = 0; pat->verifier[cnt] != NULL((void *)0); cnt++) ; | |||
2421 | vec = region_alloc(region, (cnt + 1) * sizeof(char *)); | |||
2422 | for(cnt = 0; pat->verifier[cnt] != NULL((void *)0); cnt++) { | |||
2423 | vec[cnt] = region_strdup(region, pat->verifier[cnt]); | |||
2424 | } | |||
2425 | vec[cnt] = NULL((void *)0); | |||
2426 | if(dest->verifier != NULL((void *)0)) { | |||
2427 | size_t size; | |||
2428 | for(cnt = 0; dest->verifier[cnt] != NULL((void *)0); cnt++) { | |||
2429 | size = strlen(dest->verifier[cnt]) + 1; | |||
2430 | region_recycle( | |||
2431 | region, dest->verifier[cnt], size); | |||
2432 | } | |||
2433 | size = (cnt + 1) * sizeof(char *); | |||
2434 | region_recycle(region, dest->verifier, size); | |||
2435 | } | |||
2436 | dest->verifier = vec; | |||
2437 | } | |||
2438 | } | |||
2439 | ||||
2440 | void | |||
2441 | nsd_options_destroy(struct nsd_options* opt) | |||
2442 | { | |||
2443 | region_destroy(opt->region); | |||
2444 | #ifdef MEMCLEAN /* OS collects memory pages */ | |||
2445 | c_lex_destroy(); | |||
2446 | #endif | |||
2447 | } | |||
2448 | ||||
2449 | unsigned getzonestatid(struct nsd_options* opt, struct zone_options* zopt) | |||
2450 | { | |||
2451 | #ifdef USE_ZONE_STATS | |||
2452 | const char* statname; | |||
2453 | struct zonestatname* n; | |||
2454 | rbnode_type* res; | |||
2455 | /* try to find the instantiated zonestat name */ | |||
2456 | if(!zopt->pattern->zonestats || zopt->pattern->zonestats[0]==0) | |||
2457 | return 0; /* no zone stats */ | |||
2458 | statname = config_cook_string(zopt, zopt->pattern->zonestats); | |||
2459 | res = rbtree_search(opt->zonestatnames, statname); | |||
2460 | if(res) | |||
2461 | return ((struct zonestatname*)res)->id; | |||
2462 | /* create it */ | |||
2463 | n = (struct zonestatname*)region_alloc_zero(opt->region, sizeof(*n)); | |||
2464 | n->node.key = region_strdup(opt->region, statname); | |||
2465 | if(!n->node.key) { | |||
2466 | log_msg(LOG_ERR3, "malloc failed: %s", strerror(errno(*__errno()))); | |||
2467 | exit(1); | |||
2468 | } | |||
2469 | n->id = (unsigned)(opt->zonestatnames->count); | |||
2470 | rbtree_insert(opt->zonestatnames, (rbnode_type*)n); | |||
2471 | return n->id; | |||
2472 | #else /* USE_ZONE_STATS */ | |||
2473 | (void)opt; (void)zopt; | |||
2474 | return 0; | |||
2475 | #endif /* USE_ZONE_STATS */ | |||
2476 | } | |||
2477 | ||||
2478 | /** check if config turns on IP-address interface with certificates or a | |||
2479 | * named pipe without certificates. */ | |||
2480 | int | |||
2481 | options_remote_is_address(struct nsd_options* cfg) | |||
2482 | { | |||
2483 | if(!cfg->control_enable) return 0; | |||
2484 | if(!cfg->control_interface) return 1; | |||
2485 | if(!cfg->control_interface->address) return 1; | |||
2486 | if(cfg->control_interface->address[0] == 0) return 1; | |||
2487 | return (cfg->control_interface->address[0] != '/'); | |||
2488 | } | |||
2489 | ||||
2490 | #ifdef HAVE_GETIFADDRS1 | |||
2491 | static void | |||
2492 | resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, size_t *ip_addresses_size) | |||
2493 | { | |||
2494 | struct ifaddrs *ifa; | |||
2495 | size_t last_ip_addresses_size = *ip_addresses_size; | |||
2496 | ||||
2497 | for(ifa = ifas; ifa != NULL((void *)0); ifa = ifa->ifa_next) { | |||
2498 | sa_family_t family; | |||
2499 | const char* atsign; | |||
2500 | #ifdef INET6 /* | address ip | % | ifa name | @ | port | nul */ | |||
2501 | char addr_buf[INET6_ADDRSTRLEN46 + 1 + IF_NAMESIZE16 + 1 + 16 + 1]; | |||
2502 | #else | |||
2503 | char addr_buf[INET_ADDRSTRLEN16 + 1 + 16 + 1]; | |||
2504 | #endif | |||
2505 | ||||
2506 | if((atsign=strrchr(search_ifa, '@')) != NULL((void *)0)) { | |||
2507 | if(strlen(ifa->ifa_name) != (size_t)(atsign-search_ifa) | |||
2508 | || strncmp(ifa->ifa_name, search_ifa, | |||
2509 | atsign-search_ifa) != 0) | |||
2510 | continue; | |||
2511 | } else { | |||
2512 | if(strcmp(ifa->ifa_name, search_ifa) != 0) | |||
2513 | continue; | |||
2514 | atsign = ""; | |||
2515 | } | |||
2516 | ||||
2517 | if(ifa->ifa_addr == NULL((void *)0)) | |||
2518 | continue; | |||
2519 | ||||
2520 | family = ifa->ifa_addr->sa_family; | |||
2521 | if(family == AF_INET2) { | |||
2522 | char a4[INET_ADDRSTRLEN16 + 1]; | |||
2523 | struct sockaddr_in *in4 = (struct sockaddr_in *) | |||
2524 | ifa->ifa_addr; | |||
2525 | if(!inet_ntop(family, &in4->sin_addr, a4, sizeof(a4))) | |||
2526 | error("inet_ntop"); | |||
2527 | snprintf(addr_buf, sizeof(addr_buf), "%s%s", | |||
2528 | a4, atsign); | |||
2529 | } | |||
2530 | #ifdef INET6 | |||
2531 | else if(family == AF_INET624) { | |||
2532 | struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) | |||
2533 | ifa->ifa_addr; | |||
2534 | char a6[INET6_ADDRSTRLEN46 + 1]; | |||
2535 | char if_index_name[IF_NAMESIZE16 + 1]; | |||
2536 | if_index_name[0] = 0; | |||
2537 | if(!inet_ntop(family, &in6->sin6_addr, a6, sizeof(a6))) | |||
2538 | error("inet_ntop"); | |||
2539 | if_indextoname(in6->sin6_scope_id, | |||
2540 | (char *)if_index_name); | |||
2541 | if (strlen(if_index_name) != 0) { | |||
2542 | snprintf(addr_buf, sizeof(addr_buf), | |||
2543 | "%s%%%s%s", a6, if_index_name, atsign); | |||
2544 | } else { | |||
2545 | snprintf(addr_buf, sizeof(addr_buf), "%s%s", | |||
2546 | a6, atsign); | |||
2547 | } | |||
2548 | } | |||
2549 | #endif | |||
2550 | else { | |||
2551 | continue; | |||
2552 | } | |||
2553 | VERBOSITY(4, (LOG_INFO, "interface %s has address %s",do { if ((4) <= verbosity) { log_msg (6, "interface %s has address %s" , search_ifa, addr_buf) ; } } while (0) | |||
2554 | search_ifa, addr_buf))do { if ((4) <= verbosity) { log_msg (6, "interface %s has address %s" , search_ifa, addr_buf) ; } } while (0); | |||
2555 | ||||
2556 | *ip_addresses = xrealloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); | |||
2557 | (*ip_addresses)[*ip_addresses_size] = xstrdup(addr_buf); | |||
2558 | (*ip_addresses_size)++; | |||
2559 | } | |||
2560 | ||||
2561 | if (*ip_addresses_size == last_ip_addresses_size) { | |||
2562 | *ip_addresses = xrealloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); | |||
2563 | (*ip_addresses)[*ip_addresses_size] = xstrdup(search_ifa); | |||
2564 | (*ip_addresses_size)++; | |||
2565 | } | |||
2566 | } | |||
2567 | ||||
2568 | static void | |||
2569 | resolve_interface_names_for_ref(struct ip_address_option** ip_addresses_ref, | |||
2570 | struct ifaddrs *addrs, region_type* region) | |||
2571 | { | |||
2572 | struct ip_address_option *ip_addr; | |||
2573 | struct ip_address_option *last = NULL((void *)0); | |||
2574 | struct ip_address_option *first = NULL((void *)0); | |||
2575 | ||||
2576 | /* replace the list of ip_adresses with a new list where the | |||
2577 | * interface names are replaced with their ip-address strings | |||
2578 | * from getifaddrs. An interface can have several addresses. */ | |||
2579 | for(ip_addr = *ip_addresses_ref; ip_addr; ip_addr = ip_addr->next) { | |||
2580 | char **ip_addresses = NULL((void *)0); | |||
2581 | size_t ip_addresses_size = 0, i; | |||
2582 | resolve_ifa_name(addrs, ip_addr->address, &ip_addresses, | |||
2583 | &ip_addresses_size); | |||
2584 | ||||
2585 | for (i = 0; i < ip_addresses_size; i++) { | |||
2586 | struct ip_address_option *current; | |||
2587 | /* this copies the range_option, dev, and fib from | |||
2588 | * the original ip_address option to the new ones | |||
2589 | * with the addresses spelled out by resolve_ifa_name*/ | |||
2590 | current = region_alloc_init(region, ip_addr, | |||
2591 | sizeof(*ip_addr)); | |||
2592 | current->address = region_strdup(region, | |||
2593 | ip_addresses[i]); | |||
2594 | current->next = NULL((void *)0); | |||
2595 | free(ip_addresses[i]); | |||
2596 | ||||
2597 | if(first == NULL((void *)0)) { | |||
2598 | first = current; | |||
2599 | } else { | |||
2600 | last->next = current; | |||
2601 | } | |||
2602 | last = current; | |||
2603 | } | |||
2604 | free(ip_addresses); | |||
2605 | } | |||
2606 | *ip_addresses_ref = first; | |||
2607 | ||||
2608 | } | |||
2609 | #endif /* HAVE_GETIFADDRS */ | |||
2610 | ||||
2611 | void | |||
2612 | resolve_interface_names(struct nsd_options* options) | |||
2613 | { | |||
2614 | #ifdef HAVE_GETIFADDRS1 | |||
2615 | struct ifaddrs *addrs; | |||
2616 | ||||
2617 | if(getifaddrs(&addrs) == -1) | |||
2618 | error("failed to list interfaces"); | |||
2619 | ||||
2620 | resolve_interface_names_for_ref(&options->ip_addresses, | |||
2621 | addrs, options->region); | |||
2622 | resolve_interface_names_for_ref(&options->control_interface, | |||
2623 | addrs, options->region); | |||
2624 | ||||
2625 | freeifaddrs(addrs); | |||
2626 | #else | |||
2627 | (void)options; | |||
2628 | #endif /* HAVE_GETIFADDRS */ | |||
2629 | } | |||
2630 | ||||
2631 | int | |||
2632 | sockaddr_uses_proxy_protocol_port(struct nsd_options* options, | |||
2633 | struct sockaddr* addr) | |||
2634 | { | |||
2635 | struct proxy_protocol_port_list* p; | |||
2636 | int port; | |||
2637 | #ifdef INET6 | |||
2638 | struct sockaddr_storage* ss = (struct sockaddr_storage*)addr; | |||
2639 | if(ss->ss_family == AF_INET624) { | |||
2640 | struct sockaddr_in6* a6 = (struct sockaddr_in6*)addr; | |||
2641 | port = ntohs(a6->sin6_port)(__uint16_t)(__builtin_constant_p(a6->sin6_port) ? (__uint16_t )(((__uint16_t)(a6->sin6_port) & 0xffU) << 8 | ( (__uint16_t)(a6->sin6_port) & 0xff00U) >> 8) : __swap16md (a6->sin6_port)); | |||
2642 | } else if(ss->ss_family == AF_INET2) { | |||
2643 | #endif | |||
2644 | struct sockaddr_in* a = (struct sockaddr_in*)addr; | |||
2645 | #ifndef INET6 | |||
2646 | if(a->sin_family != AF_INET2) | |||
2647 | return 0; /* unknown family */ | |||
2648 | #endif | |||
2649 | port = ntohs(a->sin_port)(__uint16_t)(__builtin_constant_p(a->sin_port) ? (__uint16_t )(((__uint16_t)(a->sin_port) & 0xffU) << 8 | ((__uint16_t )(a->sin_port) & 0xff00U) >> 8) : __swap16md(a-> sin_port)); | |||
2650 | #ifdef INET6 | |||
2651 | } else { | |||
2652 | return 0; /* unknown family */ | |||
2653 | } | |||
2654 | #endif | |||
2655 | p = options->proxy_protocol_port; | |||
2656 | while(p) { | |||
2657 | if(p->port == port) | |||
2658 | return 1; | |||
2659 | p = p->next; | |||
2660 | } | |||
2661 | return 0; | |||
2662 | } |