config.c 25.1 KB
Newer Older
1
/*
Mark Andrews's avatar
Mark Andrews committed
2
 * Copyright (C) 2004-2013  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
3
 * Copyright (C) 2001-2003  Internet Software Consortium.
4
 *
Automatic Updater's avatar
Automatic Updater committed
5
 * Permission to use, copy, modify, and/or distribute this software for any
6 7 8
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Mark Andrews's avatar
Mark Andrews committed
9 10 11 12 13 14 15
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
16 17
 */

Automatic Updater's avatar
Automatic Updater committed
18
/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
19 20

/*! \file */
Brian Wellington's avatar
Brian Wellington committed
21 22

#include <config.h>
23 24 25 26 27 28

#include <stdlib.h>

#include <isc/buffer.h>
#include <isc/log.h>
#include <isc/mem.h>
29
#include <isc/parseint.h>
30 31 32
#include <isc/region.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
Evan Hunt's avatar
Evan Hunt committed
33
#include <isc/string.h>
34 35
#include <isc/util.h>

36
#include <isccfg/namedconf.h>
37 38 39 40

#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/rdataclass.h>
41
#include <dns/rdatatype.h>
Brian Wellington's avatar
Brian Wellington committed
42
#include <dns/tsig.h>
43 44
#include <dns/zone.h>

45 46
#include <dst/dst.h>

47 48 49
#include <named/config.h>
#include <named/globals.h>

50 51
#include "bind.keys.h"

52
/*% default configuration */
53 54
static char defaultconf[] = "\
options {\n\
55 56 57
#	blackhole {none;};\n"
#ifndef WIN32
"	coresize default;\n\
58
	datasize default;\n\
59
	files unlimited;\n\
60 61
	stacksize default;\n"
#endif
62 63 64
"#	session-keyfile \"" NS_LOCALSTATEDIR "/run/named/session.key\";\n\
	session-keyname local-ddns;\n\
	session-keyalg hmac-sha256;\n\
65
	deallocate-on-exit true;\n\
66
#	directory <none>\n\
Evan Hunt's avatar
Evan Hunt committed
67
	dscp 0;\n\
68 69 70
	dump-file \"named_dump.db\";\n\
	fake-iquery no;\n\
	has-old-clients false;\n\
71
	heartbeat-interval 60;\n\
72
	host-statistics no;\n\
73
	interface-interval 60;\n\
74
	listen-on {any;};\n\
75
	listen-on-v6 {any;};\n\
76
	match-mapped-addresses no;\n\
77
	max-rsa-exponent-size 0; /* no limit */\n\
78 79
	memstatistics-file \"named.memstats\";\n\
	multiple-cnames no;\n\
80
#	named-xfer <obsolete>;\n\
81
#	pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
82
	bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\
83
	port 53;\n\
84
	recursing-file \"named.recursing\";\n\
85
	secroots-file \"named.secroots\";\n\
86 87
"
#ifdef PATH_RANDOMDEV
88 89
"\
	random-device \"" PATH_RANDOMDEV "\";\n\
90 91
"
#endif
92 93
"\
	recursive-clients 1000;\n\
94
	resolver-query-timeout 10;\n\
95
	rrset-order { order random; };\n\
96
	serial-queries 20;\n\
97
	serial-query-rate 20;\n\
98
	server-id none;\n\
99
	statistics-file \"named.stats\";\n\
100
	statistics-interval 60;\n\
101
	tcp-clients 100;\n\
Michael Graff's avatar
Michael Graff committed
102
	tcp-listen-queue 3;\n\
103 104 105 106 107 108 109 110 111
#	tkey-dhkey <none>\n\
#	tkey-gssapi-credential <none>\n\
#	tkey-domain <none>\n\
	transfers-per-ns 2;\n\
	transfers-in 10;\n\
	transfers-out 10;\n\
	treat-cr-as-space true;\n\
	use-id-pool true;\n\
	use-ixfr true;\n\
112
	edns-udp-size 4096;\n\
113
	max-udp-size 4096;\n\
114
	request-nsid false;\n\
115
	reserved-sockets 512;\n\
116 117 118
\n\
	/* DLV */\n\
	dnssec-lookaside . trust-anchor dlv.isc.org;\n\
119 120 121 122
\n\
	/* view */\n\
	allow-notify {none;};\n\
	allow-update-forwarding {none;};\n\
123
	allow-query-cache { localnets; localhost; };\n\
124
	allow-query-cache-on { any; };\n\
125
	allow-recursion { localnets; localhost; };\n\
126
	allow-recursion-on { any; };\n\
127
#	allow-v6-synthesis <obsolete>;\n\
128 129 130
#	sortlist <none>\n\
#	topology <none>\n\
	auth-nxdomain false;\n\
Bob Halley's avatar
Bob Halley committed
131
	minimal-responses false;\n\
132 133 134 135 136 137 138 139 140 141 142
	recursion true;\n\
	provide-ixfr true;\n\
	request-ixfr true;\n\
	fetch-glue no;\n\
	rfc2308-type1 no;\n\
	additional-from-auth true;\n\
	additional-from-cache true;\n\
	query-source address *;\n\
	query-source-v6 address *;\n\
	notify-source *;\n\
	notify-source-v6 *;\n\
143
	cleaning-interval 0;  /* now meaningless */\n\
144 145 146 147 148
	min-roots 2;\n\
	lame-ttl 600;\n\
	max-ncache-ttl 10800; /* 3 hours */\n\
	max-cache-ttl 604800; /* 1 week */\n\
	transfer-format many-answers;\n\
149
	max-cache-size 0;\n\
150 151
	check-names master fail;\n\
	check-names slave warn;\n\
152
	check-names response ignore;\n\
153
	check-dup-records warn;\n\
154
	check-mx warn;\n\
155
	acache-enable no;\n\
156
	acache-cleaning-interval 60;\n\
157
	max-acache-size 16M;\n\
158
	dnssec-enable yes;\n\
159
	dnssec-validation yes; \n\
160
	dnssec-accept-expired no;\n\
161 162
	clients-per-query 10;\n\
	max-clients-per-query 100;\n\
163
	zero-no-soa-ttl-cache no;\n\
164
	nsec3-test-zone no;\n\
165
	allow-new-zones no;\n\
Mark Andrews's avatar
Mark Andrews committed
166
"
Evan Hunt's avatar
Evan Hunt committed
167
#ifdef ALLOW_FILTER_AAAA
168
"	filter-aaaa-on-v4 no;\n\
Evan Hunt's avatar
Evan Hunt committed
169
	filter-aaaa-on-v6 no;\n\
Automatic Updater's avatar
Automatic Updater committed
170
	filter-aaaa { any; };\n\
171 172
"
#endif
Mark Andrews's avatar
Mark Andrews committed
173 174

"	/* zone */\n\
175
	allow-query {any;};\n\
176
	allow-query-on {any;};\n\
177 178 179
	allow-transfer {any;};\n\
	notify yes;\n\
#	also-notify <none>\n\
180
	notify-delay 5;\n\
181
	notify-to-soa no;\n\
182 183 184 185 186 187 188
	dialup no;\n\
#	forward <none>\n\
#	forwarders <none>\n\
	maintain-ixfr-base no;\n\
#	max-ixfr-log-size <obsolete>\n\
	transfer-source *;\n\
	transfer-source-v6 *;\n\
189
	alt-transfer-source *;\n\
190
	alt-transfer-source-v6 *;\n\
191 192 193 194
	max-transfer-time-in 120;\n\
	max-transfer-time-out 120;\n\
	max-transfer-idle-in 60;\n\
	max-transfer-idle-out 60;\n\
195 196 197 198
	max-retry-time 1209600; /* 2 weeks */\n\
	min-retry-time 500;\n\
	max-refresh-time 2419200; /* 4 weeks */\n\
	min-refresh-time 300;\n\
199
	multi-master no;\n\
200
	dnssec-secure-to-insecure no;\n\
201
	sig-validity-interval 30; /* days */\n\
202 203
	sig-signing-nodes 100;\n\
	sig-signing-signatures 10;\n\
204
	sig-signing-type 65534;\n\
205
	inline-signing no;\n\
206
	zone-statistics terse;\n\
207
	max-journal-size unlimited;\n\
208
	ixfr-from-differences false;\n\
209
	check-wildcard yes;\n\
210 211
	check-sibling yes;\n\
	check-integrity yes;\n\
212 213
	check-mx-cname warn;\n\
	check-srv-cname warn;\n\
214
	zero-no-soa-ttl yes;\n\
215
	update-check-ksk yes;\n\
216
	serial-update-method increment;\n\
217
	dnssec-update-mode maintain;\n\
218
	dnssec-dnskey-kskonly no;\n\
219
	dnssec-loadkeys-interval 60;\n\
220
	try-tcp-refresh yes; /* BIND 8 compat */\n\
221
};\n\
Mark Andrews's avatar
Mark Andrews committed
222 223 224
"

"#\n\
Mark Andrews's avatar
Mark Andrews committed
225
#  Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
226
#\n\
227 228
view \"_bind\" chaos {\n\
	recursion no;\n\
229
	notify no;\n\
230
	allow-new-zones no;\n\
Evan Hunt's avatar
Evan Hunt committed
231 232 233 234 235 236 237
\n\
	# Prevent use of this zone in DNS amplified reflection DoS attacks\n\
	rate-limit {\n\
		responses-per-second 3;\n\
		slip 0;\n\
		min-table-size 10;\n\
	};\n\
238 239 240 241 242 243 244 245 246 247 248 249 250 251 252
\n\
	zone \"version.bind\" chaos {\n\
		type master;\n\
		database \"_builtin version\";\n\
	};\n\
\n\
	zone \"hostname.bind\" chaos {\n\
		type master;\n\
		database \"_builtin hostname\";\n\
	};\n\
\n\
	zone \"authors.bind\" chaos {\n\
		type master;\n\
		database \"_builtin authors\";\n\
	};\n\
253
\n\
254 255 256 257
	zone \"id.server\" chaos {\n\
		type master;\n\
		database \"_builtin id\";\n\
	};\n\
258
};\n\
259 260 261 262 263 264
"
"#\n\
#  Default trusted key(s) for builtin DLV support\n\
#  (used if \"dnssec-lookaside auto;\" is set and\n\
#  sysconfdir/bind.keys doesn't exist).\n\
#\n\
265
# BEGIN MANAGED KEYS\n"
266 267

/* Imported from bind.keys.h: */
268
MANAGED_KEYS
269

270
"# END MANAGED KEYS\n\
271
";
272 273 274 275 276 277 278 279 280 281 282

isc_result_t
ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
	isc_buffer_t b;

	isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1);
	isc_buffer_add(&b, sizeof(defaultconf) - 1);
	return (cfg_parse_buffer(parser, &b, &cfg_type_namedconf, conf));
}

isc_result_t
Evan Hunt's avatar
Evan Hunt committed
283 284 285
ns_config_get(cfg_obj_t const * const *maps, const char *name,
	      const cfg_obj_t **obj)
{
286 287
	int i;

288
	for (i = 0;; i++) {
289 290 291 292 293 294 295
		if (maps[i] == NULL)
			return (ISC_R_NOTFOUND);
		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
			return (ISC_R_SUCCESS);
	}
}

296
isc_result_t
297 298 299 300 301 302 303
ns_checknames_get(const cfg_obj_t **maps, const char *which,
		  const cfg_obj_t **obj)
{
	const cfg_listelt_t *element;
	const cfg_obj_t *checknames;
	const cfg_obj_t *type;
	const cfg_obj_t *value;
304 305 306 307 308 309
	int i;

	for (i = 0;; i++) {
		if (maps[i] == NULL)
			return (ISC_R_NOTFOUND);
		checknames = NULL;
310
		if (cfg_map_get(maps[i], "check-names",
Automatic Updater's avatar
Automatic Updater committed
311
				&checknames) == ISC_R_SUCCESS) {
312 313 314 315 316 317 318 319 320 321 322 323
			/*
			 * Zone map entry is not a list.
			 */
			if (checknames != NULL && !cfg_obj_islist(checknames)) {
				*obj = checknames;
				return (ISC_R_SUCCESS);
			}
			for (element = cfg_list_first(checknames);
			     element != NULL;
			     element = cfg_list_next(element)) {
				value = cfg_listelt_value(element);
				type = cfg_tuple_get(value, "type");
324 325
				if (strcasecmp(cfg_obj_asstring(type),
					       which) == 0) {
326 327 328 329 330 331 332 333 334
					*obj = cfg_tuple_get(value, "mode");
					return (ISC_R_SUCCESS);
				}
			}

		}
	}
}

335
int
336 337
ns_config_listcount(const cfg_obj_t *list) {
	const cfg_listelt_t *e;
338 339 340 341 342 343 344 345 346
	int i = 0;

	for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
		i++;

	return (i);
}

isc_result_t
347
ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
348
		   dns_rdataclass_t *classp) {
349
	isc_textregion_t r;
350
	isc_result_t result;
351 352

	if (!cfg_obj_isstring(classobj)) {
353
		*classp = defclass;
354 355
		return (ISC_R_SUCCESS);
	}
356 357
	DE_CONST(cfg_obj_asstring(classobj), r.base);
	r.length = strlen(r.base);
358 359 360
	result = dns_rdataclass_fromtext(classp, &r);
	if (result != ISC_R_SUCCESS)
		cfg_obj_log(classobj, ns_g_lctx, ISC_LOG_ERROR,
361
			    "unknown class '%s'", r.base);
362
	return (result);
363 364
}

365
isc_result_t
366
ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
367 368 369 370 371 372 373 374
		   dns_rdatatype_t *typep) {
	isc_textregion_t r;
	isc_result_t result;

	if (!cfg_obj_isstring(typeobj)) {
		*typep = deftype;
		return (ISC_R_SUCCESS);
	}
375 376
	DE_CONST(cfg_obj_asstring(typeobj), r.base);
	r.length = strlen(r.base);
377 378 379
	result = dns_rdatatype_fromtext(typep, &r);
	if (result != ISC_R_SUCCESS)
		cfg_obj_log(typeobj, ns_g_lctx, ISC_LOG_ERROR,
380
			    "unknown type '%s'", r.base);
381 382 383
	return (result);
}

384
dns_zonetype_t
385
ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
386
	dns_zonetype_t ztype = dns_zone_none;
387
	const char *str;
388 389

	str = cfg_obj_asstring(zonetypeobj);
390
	if (strcasecmp(str, "master") == 0)
391
		ztype = dns_zone_master;
392
	else if (strcasecmp(str, "slave") == 0)
393
		ztype = dns_zone_slave;
394
	else if (strcasecmp(str, "stub") == 0)
395
		ztype = dns_zone_stub;
396 397
	else if (strcasecmp(str, "static-stub") == 0)
		ztype = dns_zone_staticstub;
398 399
	else if (strcasecmp(str, "redirect") == 0)
		ztype = dns_zone_redirect;
400 401 402 403 404 405
	else
		INSIST(0);
	return (ztype);
}

isc_result_t
406
ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
407
		    in_port_t defport, isc_mem_t *mctx,
Evan Hunt's avatar
Evan Hunt committed
408 409
		    isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp,
		    isc_uint32_t *countp)
410 411
{
	int count, i = 0;
412
	const cfg_obj_t *addrlist;
Evan Hunt's avatar
Evan Hunt committed
413
	const cfg_obj_t *portobj, *dscpobj;
414
	const cfg_listelt_t *element;
415 416
	isc_sockaddr_t *addrs;
	in_port_t port;
Evan Hunt's avatar
Evan Hunt committed
417
	isc_dscp_t dscp = -1, *dscps;
418 419 420
	isc_result_t result;

	INSIST(addrsp != NULL && *addrsp == NULL);
Evan Hunt's avatar
Evan Hunt committed
421
	INSIST(dscpsp == NULL || *dscpsp == NULL);
422
	INSIST(countp != NULL);
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443

	addrlist = cfg_tuple_get(list, "addresses");
	count = ns_config_listcount(addrlist);

	portobj = cfg_tuple_get(list, "port");
	if (cfg_obj_isuint32(portobj)) {
		isc_uint32_t val = cfg_obj_asuint32(portobj);
		if (val > ISC_UINT16_MAX) {
			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
				    "port '%u' out of range", val);
			return (ISC_R_RANGE);
		}
		port = (in_port_t) val;
	} else if (defport != 0)
		port = defport;
	else {
		result = ns_config_getport(config, &port);
		if (result != ISC_R_SUCCESS)
			return (result);
	}

Evan Hunt's avatar
Evan Hunt committed
444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460
	if (dscpsp != NULL) {
		dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
		if (dscps == NULL)
			return (ISC_R_NOMEMORY);

		dscpobj = cfg_tuple_get(list, "dscp");
		if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
			if (cfg_obj_asuint32(dscpobj) > 63) {
				cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
					    "dscp value '%u' is out of range",
					    cfg_obj_asuint32(dscpobj));
				return (ISC_R_RANGE);
			}
			dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
		}
	}

461 462 463 464 465 466 467 468
	addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
	if (addrs == NULL)
		return (ISC_R_NOMEMORY);

	for (element = cfg_list_first(addrlist);
	     element != NULL;
	     element = cfg_list_next(element), i++)
	{
Evan Hunt's avatar
Evan Hunt committed
469
		const cfg_obj_t *addr;
470
		INSIST(i < count);
Evan Hunt's avatar
Evan Hunt committed
471 472 473 474 475 476 477 478 479
		addr = cfg_listelt_value(element);
		addrs[i] = *cfg_obj_assockaddr(addr);
		if (dscpsp != NULL) {
			isc_dscp_t innerdscp;
			innerdscp = cfg_obj_getdscp(addr);
			if (innerdscp == -1)
				innerdscp = dscp;
			dscps[i] = innerdscp;
		}
480 481 482 483 484 485 486 487
		if (isc_sockaddr_getport(&addrs[i]) == 0)
			isc_sockaddr_setport(&addrs[i], port);
	}
	INSIST(i == count);

	*addrsp = addrs;
	*countp = count;

Evan Hunt's avatar
Evan Hunt committed
488 489 490
	if (dscpsp != NULL)
		*dscpsp = dscps;

491 492 493 494 495
	return (ISC_R_SUCCESS);
}

void
ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
Evan Hunt's avatar
Evan Hunt committed
496
		    isc_dscp_t **dscpsp, isc_uint32_t count)
497 498
{
	INSIST(addrsp != NULL && *addrsp != NULL);
Evan Hunt's avatar
Evan Hunt committed
499
	INSIST(dscpsp == NULL || *dscpsp != NULL);
500 501 502

	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
	*addrsp = NULL;
Evan Hunt's avatar
Evan Hunt committed
503 504 505 506 507

	if (dscpsp != NULL) {
		isc_mem_put(mctx, *dscpsp, count * sizeof(isc_dscp_t));
		*dscpsp = NULL;
	}
508 509
}

510
static isc_result_t
511
get_masters_def(const cfg_obj_t *cctx, const char *name,
Automatic Updater's avatar
Automatic Updater committed
512
		const cfg_obj_t **ret)
513
{
514
	isc_result_t result;
515 516
	const cfg_obj_t *masters = NULL;
	const cfg_listelt_t *elt;
517 518 519 520 521 522 523

	result = cfg_map_get(cctx, "masters", &masters);
	if (result != ISC_R_SUCCESS)
		return (result);
	for (elt = cfg_list_first(masters);
	     elt != NULL;
	     elt = cfg_list_next(elt)) {
524
		const cfg_obj_t *list;
525 526 527 528 529 530 531 532 533 534 535 536 537
		const char *listname;

		list = cfg_listelt_value(elt);
		listname = cfg_obj_asstring(cfg_tuple_get(list, "name"));

		if (strcasecmp(listname, name) == 0) {
			*ret = list;
			return (ISC_R_SUCCESS);
		}
	}
	return (ISC_R_NOTFOUND);
}

538
isc_result_t
539 540
ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
Evan Hunt's avatar
Evan Hunt committed
541 542
			  isc_dscp_t **dscpsp, dns_name_t ***keysp,
			  isc_uint32_t *countp)
543
{
Evan Hunt's avatar
Evan Hunt committed
544
	isc_uint32_t addrcount = 0, dscpcount = 0, keycount = 0, i = 0;
545 546
	isc_uint32_t listcount = 0, l = 0, j;
	isc_uint32_t stackcount = 0, pushed = 0;
547
	isc_result_t result;
548 549 550
	const cfg_listelt_t *element;
	const cfg_obj_t *addrlist;
	const cfg_obj_t *portobj;
Evan Hunt's avatar
Evan Hunt committed
551
	const cfg_obj_t *dscpobj;
552
	in_port_t port;
Evan Hunt's avatar
Evan Hunt committed
553
	isc_dscp_t dscp;
554 555
	dns_fixedname_t fname;
	isc_sockaddr_t *addrs = NULL;
Evan Hunt's avatar
Evan Hunt committed
556
	isc_dscp_t *dscps = NULL;
557
	dns_name_t **keys = NULL;
Mark Andrews's avatar
Mark Andrews committed
558
	struct { const char *name; } *lists = NULL;
559
	struct {
560
		const cfg_listelt_t *element;
561
		in_port_t port;
Evan Hunt's avatar
Evan Hunt committed
562
		isc_dscp_t dscp;
563
	} *stack = NULL;
564

565
	REQUIRE(addrsp != NULL && *addrsp == NULL);
Evan Hunt's avatar
Evan Hunt committed
566
	REQUIRE(dscpsp != NULL && *dscpsp == NULL);
567 568
	REQUIRE(keysp != NULL && *keysp == NULL);
	REQUIRE(countp != NULL);
569

570
 newlist:
571 572
	addrlist = cfg_tuple_get(list, "addresses");
	portobj = cfg_tuple_get(list, "port");
Evan Hunt's avatar
Evan Hunt committed
573 574
	dscpobj = cfg_tuple_get(list, "dscp");

575 576 577 578 579
	if (cfg_obj_isuint32(portobj)) {
		isc_uint32_t val = cfg_obj_asuint32(portobj);
		if (val > ISC_UINT16_MAX) {
			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
				    "port '%u' out of range", val);
580 581
			result = ISC_R_RANGE;
			goto cleanup;
582 583 584 585 586
		}
		port = (in_port_t) val;
	} else {
		result = ns_config_getport(config, &port);
		if (result != ISC_R_SUCCESS)
587
			goto cleanup;
588 589
	}

Evan Hunt's avatar
Evan Hunt committed
590 591 592 593 594 595 596 597 598 599 600 601 602 603
	if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
		if (cfg_obj_asuint32(dscpobj) > 63) {
			cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
				    "dscp value '%u' is out of range",
				    cfg_obj_asuint32(dscpobj));
			return (ISC_R_RANGE);
		}
		dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
	} else {
		result = ns_config_getdscp(config, &dscp);
		if (result != ISC_R_SUCCESS)
			goto cleanup;
	}

604 605
	result = ISC_R_NOMEMORY;

606 607 608
	element = cfg_list_first(addrlist);
 resume:
	for ( ;
609
	     element != NULL;
610
	     element = cfg_list_next(element))
611
	{
612 613
		const cfg_obj_t *addr;
		const cfg_obj_t *key;
614
		const char *keystr;
615 616
		isc_buffer_t b;

617 618
		addr = cfg_tuple_get(cfg_listelt_value(element),
				     "masterselement");
619 620
		key = cfg_tuple_get(cfg_listelt_value(element), "key");

621
		if (!cfg_obj_issockaddr(addr)) {
622
			const char *listname = cfg_obj_asstring(addr);
623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644
			isc_result_t tresult;

			/* Grow lists? */
			if (listcount == l) {
				void * new;
				isc_uint32_t newlen = listcount + 16;
				size_t newsize, oldsize;

				newsize = newlen * sizeof(*lists);
				oldsize = listcount * sizeof(*lists);
				new = isc_mem_get(mctx, newsize);
				if (new == NULL)
					goto cleanup;
				if (listcount != 0) {
					memcpy(new, lists, oldsize);
					isc_mem_put(mctx, lists, oldsize);
				}
				lists = new;
				listcount = newlen;
			}
			/* Seen? */
			for (j = 0; j < l; j++)
Mark Andrews's avatar
Mark Andrews committed
645
				if (strcasecmp(lists[j].name, listname) == 0)
646 647 648 649 650 651
					break;
			if (j < l)
				continue;
			tresult = get_masters_def(config, listname, &list);
			if (tresult == ISC_R_NOTFOUND) {
				cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
Automatic Updater's avatar
Automatic Updater committed
652
				    "masters \"%s\" not found", listname);
653 654 655 656 657 658

				result = tresult;
				goto cleanup;
			}
			if (tresult != ISC_R_SUCCESS)
				goto cleanup;
Mark Andrews's avatar
Mark Andrews committed
659
			lists[l++].name = listname;
660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683
			/* Grow stack? */
			if (stackcount == pushed) {
				void * new;
				isc_uint32_t newlen = stackcount + 16;
				size_t newsize, oldsize;

				newsize = newlen * sizeof(*stack);
				oldsize = stackcount * sizeof(*stack);
				new = isc_mem_get(mctx, newsize);
				if (new == NULL)
					goto cleanup;
				if (stackcount != 0) {
					memcpy(new, stack, oldsize);
					isc_mem_put(mctx, stack, oldsize);
				}
				stack = new;
				stackcount = newlen;
			}
			/*
			 * We want to resume processing this list on the
			 * next element.
			 */
			stack[pushed].element = cfg_list_next(element);
			stack[pushed].port = port;
Evan Hunt's avatar
Evan Hunt committed
684
			stack[pushed].dscp = dscp;
685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705
			pushed++;
			goto newlist;
		}

		if (i == addrcount) {
			void * new;
			isc_uint32_t newlen = addrcount + 16;
			size_t newsize, oldsize;

			newsize = newlen * sizeof(isc_sockaddr_t);
			oldsize = addrcount * sizeof(isc_sockaddr_t);
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			if (addrcount != 0) {
				memcpy(new, addrs, oldsize);
				isc_mem_put(mctx, addrs, oldsize);
			}
			addrs = new;
			addrcount = newlen;

Evan Hunt's avatar
Evan Hunt committed
706 707 708 709 710 711 712 713 714 715 716 717
			newsize = newlen * sizeof(isc_dscp_t);
			oldsize = dscpcount * sizeof(isc_dscp_t);
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			if (dscpcount != 0) {
				memcpy(new, dscps, oldsize);
				isc_mem_put(mctx, dscps, oldsize);
			}
			dscps = new;
			dscpcount = newlen;

718 719 720 721 722 723
			newsize = newlen * sizeof(dns_name_t *);
			oldsize = keycount * sizeof(dns_name_t *);
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			if (keycount != 0) {
724 725
				memcpy(new, keys, oldsize);
				isc_mem_put(mctx, keys, oldsize);
726 727 728 729 730
			}
			keys = new;
			keycount = newlen;
		}

731 732 733
		addrs[i] = *cfg_obj_assockaddr(addr);
		if (isc_sockaddr_getport(&addrs[i]) == 0)
			isc_sockaddr_setport(&addrs[i], port);
Evan Hunt's avatar
Evan Hunt committed
734 735 736
		dscps[i] = cfg_obj_getdscp(addr);
		if (dscps[i] == -1)
			dscps[i] = dscp;
737
		keys[i] = NULL;
738 739
		i++;	/* Increment here so that cleanup on error works. */
		if (!cfg_obj_isstring(key))
740
			continue;
741 742
		keys[i - 1] = isc_mem_get(mctx, sizeof(dns_name_t));
		if (keys[i - 1] == NULL)
743
			goto cleanup;
744
		dns_name_init(keys[i - 1], NULL);
Automatic Updater's avatar
Automatic Updater committed
745

746
		keystr = cfg_obj_asstring(key);
747
		isc_buffer_constinit(&b, keystr, strlen(keystr));
748 749 750
		isc_buffer_add(&b, strlen(keystr));
		dns_fixedname_init(&fname);
		result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
751
					   dns_rootname, 0, NULL);
752 753 754
		if (result != ISC_R_SUCCESS)
			goto cleanup;
		result = dns_name_dup(dns_fixedname_name(&fname), mctx,
755
				      keys[i - 1]);
756 757
		if (result != ISC_R_SUCCESS)
			goto cleanup;
758 759 760 761 762
	}
	if (pushed != 0) {
		pushed--;
		element = stack[pushed].element;
		port = stack[pushed].port;
Evan Hunt's avatar
Evan Hunt committed
763
		dscp = stack[pushed].dscp;
764 765 766 767 768 769 770 771 772 773 774 775 776 777 778
		goto resume;
	}
	if (i < addrcount) {
		void * new;
		size_t newsize, oldsize;

		newsize = i * sizeof(isc_sockaddr_t);
		oldsize = addrcount * sizeof(isc_sockaddr_t);
		if (i != 0) {
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			memcpy(new, addrs, newsize);
		} else
			new = NULL;
779
		isc_mem_put(mctx, addrs, oldsize);
780 781 782
		addrs = new;
		addrcount = i;

Evan Hunt's avatar
Evan Hunt committed
783 784 785 786 787 788 789 790 791 792 793 794 795
		newsize = i * sizeof(isc_dscp_t);
		oldsize = dscpcount * sizeof(isc_dscp_t);
		if (i != 0) {
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			memcpy(new, dscps, newsize);
		} else
			new = NULL;
		isc_mem_put(mctx, dscps, oldsize);
		dscps = new;
		dscpcount = i;

796 797 798 799 800 801 802 803 804
		newsize = i * sizeof(dns_name_t *);
		oldsize = keycount * sizeof(dns_name_t *);
		if (i != 0) {
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			memcpy(new, keys,  newsize);
		} else
			new = NULL;
805
		isc_mem_put(mctx, keys, oldsize);
806 807
		keys = new;
		keycount = i;
808
	}
809 810 811 812 813

	if (lists != NULL)
		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
	if (stack != NULL)
		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
Automatic Updater's avatar
Automatic Updater committed
814

815
	INSIST(keycount == addrcount);
816 817

	*addrsp = addrs;
Evan Hunt's avatar
Evan Hunt committed
818
	*dscpsp = dscps;
819
	*keysp = keys;
820
	*countp = addrcount;
821 822 823 824 825

	return (ISC_R_SUCCESS);

 cleanup:
	if (addrs != NULL)
826
		isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
Evan Hunt's avatar
Evan Hunt committed
827 828
	if (dscps != NULL)
		isc_mem_put(mctx, dscps, dscpcount * sizeof(isc_dscp_t));
829
	if (keys != NULL) {
830
		for (j = 0; j < i; j++) {
831 832 833 834 835 836
			if (keys[j] == NULL)
				continue;
			if (dns_name_dynamic(keys[j]))
				dns_name_free(keys[j], mctx);
			isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
		}
837
		isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
838
	}
839 840 841 842
	if (lists != NULL)
		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
	if (stack != NULL)
		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
843 844 845 846 847
	return (result);
}

void
ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
Evan Hunt's avatar
Evan Hunt committed
848 849
			  isc_dscp_t **dscpsp, dns_name_t ***keysp,
			  isc_uint32_t count)
850 851
{
	unsigned int i;
Evan Hunt's avatar
Evan Hunt committed
852
	dns_name_t **keys;
853

Evan Hunt's avatar
Evan Hunt committed
854 855 856 857 858
	REQUIRE(addrsp != NULL && *addrsp != NULL);
	REQUIRE(dscpsp == NULL || *dscpsp != NULL);
	REQUIRE(keysp != NULL && *keysp != NULL);

	keys = *keysp;
859 860

	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
Evan Hunt's avatar
Evan Hunt committed
861 862
	if (dscpsp != NULL)
		isc_mem_put(mctx, *dscpsp, count * sizeof(isc_dscp_t));
863 864 865 866 867 868 869 870 871
	for (i = 0; i < count; i++) {
		if (keys[i] == NULL)
			continue;
		if (dns_name_dynamic(keys[i]))
			dns_name_free(keys[i], mctx);
		isc_mem_put(mctx, keys[i], sizeof(dns_name_t));
	}
	isc_mem_put(mctx, *keysp, count * sizeof(dns_name_t *));
	*addrsp = NULL;
Evan Hunt's avatar
Evan Hunt committed
872 873
	if (dscpsp != NULL)
		*dscpsp = NULL;
874 875 876 877
	*keysp = NULL;
}

isc_result_t
878 879 880 881
ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
	const cfg_obj_t *maps[3];
	const cfg_obj_t *options = NULL;
	const cfg_obj_t *portobj = NULL;
882 883 884
	isc_result_t result;
	int i;

885
	(void)cfg_map_get(config, "options", &options);
886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902
	i = 0;
	if (options != NULL)
		maps[i++] = options;
	maps[i++] = ns_g_defaults;
	maps[i] = NULL;

	result = ns_config_get(maps, "port", &portobj);
	INSIST(result == ISC_R_SUCCESS);
	if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
		cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
			    "port '%u' out of range",
			    cfg_obj_asuint32(portobj));
		return (ISC_R_RANGE);
	}
	*portp = (in_port_t)cfg_obj_asuint32(portobj);
	return (ISC_R_SUCCESS);
}
Brian Wellington's avatar
Brian Wellington committed
903

Evan Hunt's avatar
Evan Hunt committed
904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932
isc_result_t
ns_config_getdscp(const cfg_obj_t *config, isc_dscp_t *dscpp) {
	const cfg_obj_t *maps[2];
	const cfg_obj_t *options = NULL;
	const cfg_obj_t *dscpobj = NULL;
	isc_result_t result;
	int i;

	(void)cfg_map_get(config, "options", &options);
	i = 0;
	if (options != NULL)
		maps[i++] = options;
	maps[i] = NULL;

	result = ns_config_get(maps, "dscp", &dscpobj);
	if (dscpobj == NULL) {
		*dscpp = -1;
		return (ISC_R_SUCCESS);
	}
	if (cfg_obj_asuint32(dscpobj) >= 64) {
		cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
			    "dscp '%u' out of range",
			    cfg_obj_asuint32(dscpobj));
		return (ISC_R_RANGE);
	}
	*dscpp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
	return (ISC_R_SUCCESS);
}

933 934 935 936
struct keyalgorithms {
	const char *str;
	enum { hmacnone, hmacmd5, hmacsha1, hmacsha224,
	       hmacsha256, hmacsha384, hmacsha512 } hmac;
937
	unsigned int type;
938 939
	isc_uint16_t size;
} algorithms[] = {
940 941 942 943 944 945 946 947 948
	{ "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 },
	{ "hmac-md5.sig-alg.reg.int", hmacmd5, DST_ALG_HMACMD5, 0 },
	{ "hmac-md5.sig-alg.reg.int.", hmacmd5, DST_ALG_HMACMD5, 0 },
	{ "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 },
	{ "hmac-sha224", hmacsha224, DST_ALG_HMACSHA224, 224 },
	{ "hmac-sha256", hmacsha256, DST_ALG_HMACSHA256, 256 },
	{ "hmac-sha384", hmacsha384, DST_ALG_HMACSHA384, 384 },
	{ "hmac-sha512", hmacsha512, DST_ALG_HMACSHA512, 512 },
	{  NULL, hmacnone, DST_ALG_UNKNOWN, 0 }
949 950
};

Brian Wellington's avatar
Brian Wellington committed
951
isc_result_t
952 953
ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
			  isc_uint16_t *digestbits)
954 955 956 957 958 959 960
{
	return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
}

isc_result_t
ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
			   unsigned int *typep, isc_uint16_t *digestbits)
Brian Wellington's avatar
Brian Wellington committed
961
{
962 963 964 965 966 967 968 969 970 971 972
	int i;
	size_t len = 0;
	isc_uint16_t bits;
	isc_result_t result;

	for (i = 0; algorithms[i].str != NULL; i++) {
		len = strlen(algorithms[i].str);
		if (strncasecmp(algorithms[i].str, str, len) == 0 &&
		    (str[len] == '\0' ||
		     (algorithms[i].size != 0 && str[len] == '-')))
			break;
Brian Wellington's avatar
Brian Wellington committed
973
	}
974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998
	if (algorithms[i].str == NULL)
		return (ISC_R_NOTFOUND);
	if (str[len] == '-') {
		result = isc_parse_uint16(&bits, str + len + 1, 10);
		if (result != ISC_R_SUCCESS)
			return (result);
		if (bits > algorithms[i].size)
			return (ISC_R_RANGE);
	} else if (algorithms[i].size == 0)
		bits = 128;
	else
		bits = algorithms[i].size;

	if (name != NULL) {
		switch (algorithms[i].hmac) {
		case hmacmd5: *name = dns_tsig_hmacmd5_name; break;
		case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
		case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
		case hmacsha256: *name = dns_tsig_hmacsha256_name; break;
		case hmacsha384: *name = dns_tsig_hmacsha384_name; break;
		case hmacsha512: *name = dns_tsig_hmacsha512_name; break;
		default:
			INSIST(0);
		}
	}
999 1000
	if (typep != NULL)
		*typep = algorithms[i].type;
1001 1002 1003
	if (digestbits != NULL)
		*digestbits = bits;
	return (ISC_R_SUCCESS);
Brian Wellington's avatar
Brian Wellington committed
1004
}