config.c 25.1 KB
Newer Older
1
/*
Mark Andrews's avatar
Mark Andrews committed
2
 * Copyright (C) 2004-2013  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
3
 * Copyright (C) 2001-2003  Internet Software Consortium.
4
 *
Automatic Updater's avatar
Automatic Updater committed
5
 * Permission to use, copy, modify, and/or distribute this software for any
6
7
8
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
Mark Andrews's avatar
Mark Andrews committed
9
10
11
12
13
14
15
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
16
17
 */

Automatic Updater's avatar
Automatic Updater committed
18
/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
19
20

/*! \file */
Brian Wellington's avatar
Brian Wellington committed
21
22

#include <config.h>
23
24
25
26
27
28

#include <stdlib.h>

#include <isc/buffer.h>
#include <isc/log.h>
#include <isc/mem.h>
29
#include <isc/parseint.h>
30
31
32
#include <isc/region.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
Evan Hunt's avatar
Evan Hunt committed
33
#include <isc/string.h>
34
35
#include <isc/util.h>

36
#include <isccfg/namedconf.h>
37
38
39
40

#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/rdataclass.h>
41
#include <dns/rdatatype.h>
Brian Wellington's avatar
Brian Wellington committed
42
#include <dns/tsig.h>
43
44
#include <dns/zone.h>

45
46
#include <dst/dst.h>

47
48
49
#include <named/config.h>
#include <named/globals.h>

50
51
#include "bind.keys.h"

52
/*% default configuration */
53
54
static char defaultconf[] = "\
options {\n\
55
56
57
#	blackhole {none;};\n"
#ifndef WIN32
"	coresize default;\n\
58
	datasize default;\n\
59
	files unlimited;\n\
60
61
	stacksize default;\n"
#endif
62
63
64
"#	session-keyfile \"" NS_LOCALSTATEDIR "/run/named/session.key\";\n\
	session-keyname local-ddns;\n\
	session-keyalg hmac-sha256;\n\
65
	deallocate-on-exit true;\n\
66
#	directory <none>\n\
Evan Hunt's avatar
Evan Hunt committed
67
	dscp 0;\n\
68
69
70
	dump-file \"named_dump.db\";\n\
	fake-iquery no;\n\
	has-old-clients false;\n\
71
	heartbeat-interval 60;\n\
72
	host-statistics no;\n\
73
	interface-interval 60;\n\
74
	listen-on {any;};\n\
75
	listen-on-v6 {any;};\n\
76
	match-mapped-addresses no;\n\
77
	max-rsa-exponent-size 0; /* no limit */\n\
78
79
	memstatistics-file \"named.memstats\";\n\
	multiple-cnames no;\n\
80
#	named-xfer <obsolete>;\n\
81
#	pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
82
	bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\
83
	port 53;\n\
84
	recursing-file \"named.recursing\";\n\
85
	secroots-file \"named.secroots\";\n\
86
87
"
#ifdef PATH_RANDOMDEV
88
89
"\
	random-device \"" PATH_RANDOMDEV "\";\n\
90
91
"
#endif
92
93
"\
	recursive-clients 1000;\n\
94
	resolver-query-timeout 10;\n\
95
	rrset-order { order random; };\n\
96
	serial-queries 20;\n\
97
	serial-query-rate 20;\n\
98
	server-id none;\n\
99
	statistics-file \"named.stats\";\n\
100
	statistics-interval 60;\n\
101
	tcp-clients 100;\n\
Michael Graff's avatar
Michael Graff committed
102
	tcp-listen-queue 3;\n\
103
104
105
106
107
108
109
110
111
#	tkey-dhkey <none>\n\
#	tkey-gssapi-credential <none>\n\
#	tkey-domain <none>\n\
	transfers-per-ns 2;\n\
	transfers-in 10;\n\
	transfers-out 10;\n\
	treat-cr-as-space true;\n\
	use-id-pool true;\n\
	use-ixfr true;\n\
112
	edns-udp-size 4096;\n\
113
	max-udp-size 4096;\n\
114
	request-nsid false;\n\
115
	reserved-sockets 512;\n\
116
117
118
\n\
	/* DLV */\n\
	dnssec-lookaside . trust-anchor dlv.isc.org;\n\
119
120
121
122
\n\
	/* view */\n\
	allow-notify {none;};\n\
	allow-update-forwarding {none;};\n\
123
	allow-query-cache { localnets; localhost; };\n\
124
	allow-query-cache-on { any; };\n\
125
	allow-recursion { localnets; localhost; };\n\
126
	allow-recursion-on { any; };\n\
127
#	allow-v6-synthesis <obsolete>;\n\
128
129
130
#	sortlist <none>\n\
#	topology <none>\n\
	auth-nxdomain false;\n\
Bob Halley's avatar
Bob Halley committed
131
	minimal-responses false;\n\
132
133
134
135
136
137
138
139
140
141
142
	recursion true;\n\
	provide-ixfr true;\n\
	request-ixfr true;\n\
	fetch-glue no;\n\
	rfc2308-type1 no;\n\
	additional-from-auth true;\n\
	additional-from-cache true;\n\
	query-source address *;\n\
	query-source-v6 address *;\n\
	notify-source *;\n\
	notify-source-v6 *;\n\
143
	cleaning-interval 0;  /* now meaningless */\n\
144
145
146
147
148
	min-roots 2;\n\
	lame-ttl 600;\n\
	max-ncache-ttl 10800; /* 3 hours */\n\
	max-cache-ttl 604800; /* 1 week */\n\
	transfer-format many-answers;\n\
149
	max-cache-size 0;\n\
150
151
	check-names master fail;\n\
	check-names slave warn;\n\
152
	check-names response ignore;\n\
153
	check-dup-records warn;\n\
154
	check-mx warn;\n\
155
	acache-enable no;\n\
156
	acache-cleaning-interval 60;\n\
157
	max-acache-size 16M;\n\
158
	dnssec-enable yes;\n\
159
	dnssec-validation yes; \n\
160
	dnssec-accept-expired no;\n\
161
162
	clients-per-query 10;\n\
	max-clients-per-query 100;\n\
163
	zero-no-soa-ttl-cache no;\n\
164
	nsec3-test-zone no;\n\
165
	allow-new-zones no;\n\
Mark Andrews's avatar
Mark Andrews committed
166
"
Evan Hunt's avatar
Evan Hunt committed
167
#ifdef ALLOW_FILTER_AAAA
168
"	filter-aaaa-on-v4 no;\n\
Evan Hunt's avatar
Evan Hunt committed
169
	filter-aaaa-on-v6 no;\n\
Automatic Updater's avatar
Automatic Updater committed
170
	filter-aaaa { any; };\n\
171
172
"
#endif
Mark Andrews's avatar
Mark Andrews committed
173
174

"	/* zone */\n\
175
	allow-query {any;};\n\
176
	allow-query-on {any;};\n\
177
178
179
	allow-transfer {any;};\n\
	notify yes;\n\
#	also-notify <none>\n\
180
	notify-delay 5;\n\
181
	notify-to-soa no;\n\
182
183
184
185
186
187
188
	dialup no;\n\
#	forward <none>\n\
#	forwarders <none>\n\
	maintain-ixfr-base no;\n\
#	max-ixfr-log-size <obsolete>\n\
	transfer-source *;\n\
	transfer-source-v6 *;\n\
189
	alt-transfer-source *;\n\
190
	alt-transfer-source-v6 *;\n\
191
192
193
194
	max-transfer-time-in 120;\n\
	max-transfer-time-out 120;\n\
	max-transfer-idle-in 60;\n\
	max-transfer-idle-out 60;\n\
195
196
197
198
	max-retry-time 1209600; /* 2 weeks */\n\
	min-retry-time 500;\n\
	max-refresh-time 2419200; /* 4 weeks */\n\
	min-refresh-time 300;\n\
199
	multi-master no;\n\
200
	dnssec-secure-to-insecure no;\n\
201
	sig-validity-interval 30; /* days */\n\
202
203
	sig-signing-nodes 100;\n\
	sig-signing-signatures 10;\n\
204
	sig-signing-type 65534;\n\
205
	inline-signing no;\n\
206
	zone-statistics terse;\n\
207
	max-journal-size unlimited;\n\
208
	ixfr-from-differences false;\n\
209
	check-wildcard yes;\n\
210
211
	check-sibling yes;\n\
	check-integrity yes;\n\
212
213
	check-mx-cname warn;\n\
	check-srv-cname warn;\n\
214
	zero-no-soa-ttl yes;\n\
215
	update-check-ksk yes;\n\
216
	serial-update-method increment;\n\
217
	dnssec-update-mode maintain;\n\
218
	dnssec-dnskey-kskonly no;\n\
219
	dnssec-loadkeys-interval 60;\n\
220
	try-tcp-refresh yes; /* BIND 8 compat */\n\
221
};\n\
Mark Andrews's avatar
Mark Andrews committed
222
223
224
"

"#\n\
Mark Andrews's avatar
Mark Andrews committed
225
#  Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
226
#\n\
227
228
view \"_bind\" chaos {\n\
	recursion no;\n\
229
	notify no;\n\
230
	allow-new-zones no;\n\
Evan Hunt's avatar
Evan Hunt committed
231
232
233
234
235
236
237
\n\
	# Prevent use of this zone in DNS amplified reflection DoS attacks\n\
	rate-limit {\n\
		responses-per-second 3;\n\
		slip 0;\n\
		min-table-size 10;\n\
	};\n\
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
\n\
	zone \"version.bind\" chaos {\n\
		type master;\n\
		database \"_builtin version\";\n\
	};\n\
\n\
	zone \"hostname.bind\" chaos {\n\
		type master;\n\
		database \"_builtin hostname\";\n\
	};\n\
\n\
	zone \"authors.bind\" chaos {\n\
		type master;\n\
		database \"_builtin authors\";\n\
	};\n\
253
\n\
254
255
256
257
	zone \"id.server\" chaos {\n\
		type master;\n\
		database \"_builtin id\";\n\
	};\n\
258
};\n\
259
260
261
262
263
264
"
"#\n\
#  Default trusted key(s) for builtin DLV support\n\
#  (used if \"dnssec-lookaside auto;\" is set and\n\
#  sysconfdir/bind.keys doesn't exist).\n\
#\n\
265
# BEGIN MANAGED KEYS\n"
266
267

/* Imported from bind.keys.h: */
268
MANAGED_KEYS
269

270
"# END MANAGED KEYS\n\
271
";
272
273
274
275
276
277
278
279
280
281
282

isc_result_t
ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
	isc_buffer_t b;

	isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1);
	isc_buffer_add(&b, sizeof(defaultconf) - 1);
	return (cfg_parse_buffer(parser, &b, &cfg_type_namedconf, conf));
}

isc_result_t
Evan Hunt's avatar
Evan Hunt committed
283
284
285
ns_config_get(cfg_obj_t const * const *maps, const char *name,
	      const cfg_obj_t **obj)
{
286
287
	int i;

288
	for (i = 0;; i++) {
289
290
291
292
293
294
295
		if (maps[i] == NULL)
			return (ISC_R_NOTFOUND);
		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
			return (ISC_R_SUCCESS);
	}
}

296
isc_result_t
297
298
299
300
301
302
303
ns_checknames_get(const cfg_obj_t **maps, const char *which,
		  const cfg_obj_t **obj)
{
	const cfg_listelt_t *element;
	const cfg_obj_t *checknames;
	const cfg_obj_t *type;
	const cfg_obj_t *value;
304
305
306
307
308
309
	int i;

	for (i = 0;; i++) {
		if (maps[i] == NULL)
			return (ISC_R_NOTFOUND);
		checknames = NULL;
310
		if (cfg_map_get(maps[i], "check-names",
Automatic Updater's avatar
Automatic Updater committed
311
				&checknames) == ISC_R_SUCCESS) {
312
313
314
315
316
317
318
319
320
321
322
323
			/*
			 * Zone map entry is not a list.
			 */
			if (checknames != NULL && !cfg_obj_islist(checknames)) {
				*obj = checknames;
				return (ISC_R_SUCCESS);
			}
			for (element = cfg_list_first(checknames);
			     element != NULL;
			     element = cfg_list_next(element)) {
				value = cfg_listelt_value(element);
				type = cfg_tuple_get(value, "type");
324
325
				if (strcasecmp(cfg_obj_asstring(type),
					       which) == 0) {
326
327
328
329
330
331
332
333
334
					*obj = cfg_tuple_get(value, "mode");
					return (ISC_R_SUCCESS);
				}
			}

		}
	}
}

335
int
336
337
ns_config_listcount(const cfg_obj_t *list) {
	const cfg_listelt_t *e;
338
339
340
341
342
343
344
345
346
	int i = 0;

	for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
		i++;

	return (i);
}

isc_result_t
347
ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
348
		   dns_rdataclass_t *classp) {
349
	isc_textregion_t r;
350
	isc_result_t result;
351
352

	if (!cfg_obj_isstring(classobj)) {
353
		*classp = defclass;
354
355
		return (ISC_R_SUCCESS);
	}
356
357
	DE_CONST(cfg_obj_asstring(classobj), r.base);
	r.length = strlen(r.base);
358
359
360
	result = dns_rdataclass_fromtext(classp, &r);
	if (result != ISC_R_SUCCESS)
		cfg_obj_log(classobj, ns_g_lctx, ISC_LOG_ERROR,
361
			    "unknown class '%s'", r.base);
362
	return (result);
363
364
}

365
isc_result_t
366
ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
367
368
369
370
371
372
373
374
		   dns_rdatatype_t *typep) {
	isc_textregion_t r;
	isc_result_t result;

	if (!cfg_obj_isstring(typeobj)) {
		*typep = deftype;
		return (ISC_R_SUCCESS);
	}
375
376
	DE_CONST(cfg_obj_asstring(typeobj), r.base);
	r.length = strlen(r.base);
377
378
379
	result = dns_rdatatype_fromtext(typep, &r);
	if (result != ISC_R_SUCCESS)
		cfg_obj_log(typeobj, ns_g_lctx, ISC_LOG_ERROR,
380
			    "unknown type '%s'", r.base);
381
382
383
	return (result);
}

384
dns_zonetype_t
385
ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
386
	dns_zonetype_t ztype = dns_zone_none;
387
	const char *str;
388
389

	str = cfg_obj_asstring(zonetypeobj);
390
	if (strcasecmp(str, "master") == 0)
391
		ztype = dns_zone_master;
392
	else if (strcasecmp(str, "slave") == 0)
393
		ztype = dns_zone_slave;
394
	else if (strcasecmp(str, "stub") == 0)
395
		ztype = dns_zone_stub;
396
397
	else if (strcasecmp(str, "static-stub") == 0)
		ztype = dns_zone_staticstub;
398
399
	else if (strcasecmp(str, "redirect") == 0)
		ztype = dns_zone_redirect;
400
401
402
403
404
405
	else
		INSIST(0);
	return (ztype);
}

isc_result_t
406
ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
407
		    in_port_t defport, isc_mem_t *mctx,
Evan Hunt's avatar
Evan Hunt committed
408
409
		    isc_sockaddr_t **addrsp, isc_dscp_t **dscpsp,
		    isc_uint32_t *countp)
410
411
{
	int count, i = 0;
412
	const cfg_obj_t *addrlist;
Evan Hunt's avatar
Evan Hunt committed
413
	const cfg_obj_t *portobj, *dscpobj;
414
	const cfg_listelt_t *element;
415
416
	isc_sockaddr_t *addrs;
	in_port_t port;
Evan Hunt's avatar
Evan Hunt committed
417
	isc_dscp_t dscp = -1, *dscps;
418
419
420
	isc_result_t result;

	INSIST(addrsp != NULL && *addrsp == NULL);
Evan Hunt's avatar
Evan Hunt committed
421
	INSIST(dscpsp == NULL || *dscpsp == NULL);
422
	INSIST(countp != NULL);
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443

	addrlist = cfg_tuple_get(list, "addresses");
	count = ns_config_listcount(addrlist);

	portobj = cfg_tuple_get(list, "port");
	if (cfg_obj_isuint32(portobj)) {
		isc_uint32_t val = cfg_obj_asuint32(portobj);
		if (val > ISC_UINT16_MAX) {
			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
				    "port '%u' out of range", val);
			return (ISC_R_RANGE);
		}
		port = (in_port_t) val;
	} else if (defport != 0)
		port = defport;
	else {
		result = ns_config_getport(config, &port);
		if (result != ISC_R_SUCCESS)
			return (result);
	}

Evan Hunt's avatar
Evan Hunt committed
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
	if (dscpsp != NULL) {
		dscps = isc_mem_get(mctx, count * sizeof(isc_dscp_t));
		if (dscps == NULL)
			return (ISC_R_NOMEMORY);

		dscpobj = cfg_tuple_get(list, "dscp");
		if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
			if (cfg_obj_asuint32(dscpobj) > 63) {
				cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
					    "dscp value '%u' is out of range",
					    cfg_obj_asuint32(dscpobj));
				return (ISC_R_RANGE);
			}
			dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
		}
	}

461
462
463
464
465
466
467
468
	addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
	if (addrs == NULL)
		return (ISC_R_NOMEMORY);

	for (element = cfg_list_first(addrlist);
	     element != NULL;
	     element = cfg_list_next(element), i++)
	{
Evan Hunt's avatar
Evan Hunt committed
469
		const cfg_obj_t *addr;
470
		INSIST(i < count);
Evan Hunt's avatar
Evan Hunt committed
471
472
473
474
475
476
477
478
479
		addr = cfg_listelt_value(element);
		addrs[i] = *cfg_obj_assockaddr(addr);
		if (dscpsp != NULL) {
			isc_dscp_t innerdscp;
			innerdscp = cfg_obj_getdscp(addr);
			if (innerdscp == -1)
				innerdscp = dscp;
			dscps[i] = innerdscp;
		}
480
481
482
483
484
485
486
487
		if (isc_sockaddr_getport(&addrs[i]) == 0)
			isc_sockaddr_setport(&addrs[i], port);
	}
	INSIST(i == count);

	*addrsp = addrs;
	*countp = count;

Evan Hunt's avatar
Evan Hunt committed
488
489
490
	if (dscpsp != NULL)
		*dscpsp = dscps;

491
492
493
494
495
	return (ISC_R_SUCCESS);
}

void
ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
Evan Hunt's avatar
Evan Hunt committed
496
		    isc_dscp_t **dscpsp, isc_uint32_t count)
497
498
{
	INSIST(addrsp != NULL && *addrsp != NULL);
Evan Hunt's avatar
Evan Hunt committed
499
	INSIST(dscpsp == NULL || *dscpsp != NULL);
500
501
502

	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
	*addrsp = NULL;
Evan Hunt's avatar
Evan Hunt committed
503
504
505
506
507

	if (dscpsp != NULL) {
		isc_mem_put(mctx, *dscpsp, count * sizeof(isc_dscp_t));
		*dscpsp = NULL;
	}
508
509
}

510
static isc_result_t
511
get_masters_def(const cfg_obj_t *cctx, const char *name,
Automatic Updater's avatar
Automatic Updater committed
512
		const cfg_obj_t **ret)
513
{
514
	isc_result_t result;
515
516
	const cfg_obj_t *masters = NULL;
	const cfg_listelt_t *elt;
517
518
519
520
521
522
523

	result = cfg_map_get(cctx, "masters", &masters);
	if (result != ISC_R_SUCCESS)
		return (result);
	for (elt = cfg_list_first(masters);
	     elt != NULL;
	     elt = cfg_list_next(elt)) {
524
		const cfg_obj_t *list;
525
526
527
528
529
530
531
532
533
534
535
536
537
		const char *listname;

		list = cfg_listelt_value(elt);
		listname = cfg_obj_asstring(cfg_tuple_get(list, "name"));

		if (strcasecmp(listname, name) == 0) {
			*ret = list;
			return (ISC_R_SUCCESS);
		}
	}
	return (ISC_R_NOTFOUND);
}

538
isc_result_t
539
540
ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
Evan Hunt's avatar
Evan Hunt committed
541
542
			  isc_dscp_t **dscpsp, dns_name_t ***keysp,
			  isc_uint32_t *countp)
543
{
Evan Hunt's avatar
Evan Hunt committed
544
	isc_uint32_t addrcount = 0, dscpcount = 0, keycount = 0, i = 0;
545
546
	isc_uint32_t listcount = 0, l = 0, j;
	isc_uint32_t stackcount = 0, pushed = 0;
547
	isc_result_t result;
548
549
550
	const cfg_listelt_t *element;
	const cfg_obj_t *addrlist;
	const cfg_obj_t *portobj;
Evan Hunt's avatar
Evan Hunt committed
551
	const cfg_obj_t *dscpobj;
552
	in_port_t port;
Evan Hunt's avatar
Evan Hunt committed
553
	isc_dscp_t dscp;
554
555
	dns_fixedname_t fname;
	isc_sockaddr_t *addrs = NULL;
Evan Hunt's avatar
Evan Hunt committed
556
	isc_dscp_t *dscps = NULL;
557
	dns_name_t **keys = NULL;
Mark Andrews's avatar
Mark Andrews committed
558
	struct { const char *name; } *lists = NULL;
559
	struct {
560
		const cfg_listelt_t *element;
561
		in_port_t port;
Evan Hunt's avatar
Evan Hunt committed
562
		isc_dscp_t dscp;
563
	} *stack = NULL;
564

565
	REQUIRE(addrsp != NULL && *addrsp == NULL);
Evan Hunt's avatar
Evan Hunt committed
566
	REQUIRE(dscpsp != NULL && *dscpsp == NULL);
567
568
	REQUIRE(keysp != NULL && *keysp == NULL);
	REQUIRE(countp != NULL);
569

570
 newlist:
571
572
	addrlist = cfg_tuple_get(list, "addresses");
	portobj = cfg_tuple_get(list, "port");
Evan Hunt's avatar
Evan Hunt committed
573
574
	dscpobj = cfg_tuple_get(list, "dscp");

575
576
577
578
579
	if (cfg_obj_isuint32(portobj)) {
		isc_uint32_t val = cfg_obj_asuint32(portobj);
		if (val > ISC_UINT16_MAX) {
			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
				    "port '%u' out of range", val);
580
581
			result = ISC_R_RANGE;
			goto cleanup;
582
583
584
585
586
		}
		port = (in_port_t) val;
	} else {
		result = ns_config_getport(config, &port);
		if (result != ISC_R_SUCCESS)
587
			goto cleanup;
588
589
	}

Evan Hunt's avatar
Evan Hunt committed
590
591
592
593
594
595
596
597
598
599
600
601
602
603
	if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
		if (cfg_obj_asuint32(dscpobj) > 63) {
			cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
				    "dscp value '%u' is out of range",
				    cfg_obj_asuint32(dscpobj));
			return (ISC_R_RANGE);
		}
		dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
	} else {
		result = ns_config_getdscp(config, &dscp);
		if (result != ISC_R_SUCCESS)
			goto cleanup;
	}

604
605
	result = ISC_R_NOMEMORY;

606
607
608
	element = cfg_list_first(addrlist);
 resume:
	for ( ;
609
	     element != NULL;
610
	     element = cfg_list_next(element))
611
	{
612
613
		const cfg_obj_t *addr;
		const cfg_obj_t *key;
614
		const char *keystr;
615
616
		isc_buffer_t b;

617
618
		addr = cfg_tuple_get(cfg_listelt_value(element),
				     "masterselement");
619
620
		key = cfg_tuple_get(cfg_listelt_value(element), "key");

621
		if (!cfg_obj_issockaddr(addr)) {
622
			const char *listname = cfg_obj_asstring(addr);
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
			isc_result_t tresult;

			/* Grow lists? */
			if (listcount == l) {
				void * new;
				isc_uint32_t newlen = listcount + 16;
				size_t newsize, oldsize;

				newsize = newlen * sizeof(*lists);
				oldsize = listcount * sizeof(*lists);
				new = isc_mem_get(mctx, newsize);
				if (new == NULL)
					goto cleanup;
				if (listcount != 0) {
					memcpy(new, lists, oldsize);
					isc_mem_put(mctx, lists, oldsize);
				}
				lists = new;
				listcount = newlen;
			}
			/* Seen? */
			for (j = 0; j < l; j++)
Mark Andrews's avatar
Mark Andrews committed
645
				if (strcasecmp(lists[j].name, listname) == 0)
646
647
648
649
650
651
					break;
			if (j < l)
				continue;
			tresult = get_masters_def(config, listname, &list);
			if (tresult == ISC_R_NOTFOUND) {
				cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
Automatic Updater's avatar
Automatic Updater committed
652
				    "masters \"%s\" not found", listname);
653
654
655
656
657
658

				result = tresult;
				goto cleanup;
			}
			if (tresult != ISC_R_SUCCESS)
				goto cleanup;
Mark Andrews's avatar
Mark Andrews committed
659
			lists[l++].name = listname;
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
			/* Grow stack? */
			if (stackcount == pushed) {
				void * new;
				isc_uint32_t newlen = stackcount + 16;
				size_t newsize, oldsize;

				newsize = newlen * sizeof(*stack);
				oldsize = stackcount * sizeof(*stack);
				new = isc_mem_get(mctx, newsize);
				if (new == NULL)
					goto cleanup;
				if (stackcount != 0) {
					memcpy(new, stack, oldsize);
					isc_mem_put(mctx, stack, oldsize);
				}
				stack = new;
				stackcount = newlen;
			}
			/*
			 * We want to resume processing this list on the
			 * next element.
			 */
			stack[pushed].element = cfg_list_next(element);
			stack[pushed].port = port;
Evan Hunt's avatar
Evan Hunt committed
684
			stack[pushed].dscp = dscp;
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
			pushed++;
			goto newlist;
		}

		if (i == addrcount) {
			void * new;
			isc_uint32_t newlen = addrcount + 16;
			size_t newsize, oldsize;

			newsize = newlen * sizeof(isc_sockaddr_t);
			oldsize = addrcount * sizeof(isc_sockaddr_t);
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			if (addrcount != 0) {
				memcpy(new, addrs, oldsize);
				isc_mem_put(mctx, addrs, oldsize);
			}
			addrs = new;
			addrcount = newlen;

Evan Hunt's avatar
Evan Hunt committed
706
707
708
709
710
711
712
713
714
715
716
717
			newsize = newlen * sizeof(isc_dscp_t);
			oldsize = dscpcount * sizeof(isc_dscp_t);
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			if (dscpcount != 0) {
				memcpy(new, dscps, oldsize);
				isc_mem_put(mctx, dscps, oldsize);
			}
			dscps = new;
			dscpcount = newlen;

718
719
720
721
722
723
			newsize = newlen * sizeof(dns_name_t *);
			oldsize = keycount * sizeof(dns_name_t *);
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			if (keycount != 0) {
724
725
				memcpy(new, keys, oldsize);
				isc_mem_put(mctx, keys, oldsize);
726
727
728
729
730
			}
			keys = new;
			keycount = newlen;
		}

731
732
733
		addrs[i] = *cfg_obj_assockaddr(addr);
		if (isc_sockaddr_getport(&addrs[i]) == 0)
			isc_sockaddr_setport(&addrs[i], port);
Evan Hunt's avatar
Evan Hunt committed
734
735
736
		dscps[i] = cfg_obj_getdscp(addr);
		if (dscps[i] == -1)
			dscps[i] = dscp;
737
		keys[i] = NULL;
738
739
		i++;	/* Increment here so that cleanup on error works. */
		if (!cfg_obj_isstring(key))
740
			continue;
741
742
		keys[i - 1] = isc_mem_get(mctx, sizeof(dns_name_t));
		if (keys[i - 1] == NULL)
743
			goto cleanup;
744
		dns_name_init(keys[i - 1], NULL);
Automatic Updater's avatar
Automatic Updater committed
745

746
		keystr = cfg_obj_asstring(key);
747
		isc_buffer_constinit(&b, keystr, strlen(keystr));
748
749
750
		isc_buffer_add(&b, strlen(keystr));
		dns_fixedname_init(&fname);
		result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
751
					   dns_rootname, 0, NULL);
752
753
754
		if (result != ISC_R_SUCCESS)
			goto cleanup;
		result = dns_name_dup(dns_fixedname_name(&fname), mctx,
755
				      keys[i - 1]);
756
757
		if (result != ISC_R_SUCCESS)
			goto cleanup;
758
759
760
761
762
	}
	if (pushed != 0) {
		pushed--;
		element = stack[pushed].element;
		port = stack[pushed].port;
Evan Hunt's avatar
Evan Hunt committed
763
		dscp = stack[pushed].dscp;
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
		goto resume;
	}
	if (i < addrcount) {
		void * new;
		size_t newsize, oldsize;

		newsize = i * sizeof(isc_sockaddr_t);
		oldsize = addrcount * sizeof(isc_sockaddr_t);
		if (i != 0) {
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			memcpy(new, addrs, newsize);
		} else
			new = NULL;
779
		isc_mem_put(mctx, addrs, oldsize);
780
781
782
		addrs = new;
		addrcount = i;

Evan Hunt's avatar
Evan Hunt committed
783
784
785
786
787
788
789
790
791
792
793
794
795
		newsize = i * sizeof(isc_dscp_t);
		oldsize = dscpcount * sizeof(isc_dscp_t);
		if (i != 0) {
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			memcpy(new, dscps, newsize);
		} else
			new = NULL;
		isc_mem_put(mctx, dscps, oldsize);
		dscps = new;
		dscpcount = i;

796
797
798
799
800
801
802
803
804
		newsize = i * sizeof(dns_name_t *);
		oldsize = keycount * sizeof(dns_name_t *);
		if (i != 0) {
			new = isc_mem_get(mctx, newsize);
			if (new == NULL)
				goto cleanup;
			memcpy(new, keys,  newsize);
		} else
			new = NULL;
805
		isc_mem_put(mctx, keys, oldsize);
806
807
		keys = new;
		keycount = i;
808
	}
809
810
811
812
813

	if (lists != NULL)
		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
	if (stack != NULL)
		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
Automatic Updater's avatar
Automatic Updater committed
814

815
	INSIST(keycount == addrcount);
816
817

	*addrsp = addrs;
Evan Hunt's avatar
Evan Hunt committed
818
	*dscpsp = dscps;
819
	*keysp = keys;
820
	*countp = addrcount;
821
822
823
824
825

	return (ISC_R_SUCCESS);

 cleanup:
	if (addrs != NULL)
826
		isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
Evan Hunt's avatar
Evan Hunt committed
827
828
	if (dscps != NULL)
		isc_mem_put(mctx, dscps, dscpcount * sizeof(isc_dscp_t));
829
	if (keys != NULL) {
830
		for (j = 0; j < i; j++) {
831
832
833
834
835
836
			if (keys[j] == NULL)
				continue;
			if (dns_name_dynamic(keys[j]))
				dns_name_free(keys[j], mctx);
			isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
		}
837
		isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
838
	}
839
840
841
842
	if (lists != NULL)
		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
	if (stack != NULL)
		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
843
844
845
846
847
	return (result);
}

void
ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
Evan Hunt's avatar
Evan Hunt committed
848
849
			  isc_dscp_t **dscpsp, dns_name_t ***keysp,
			  isc_uint32_t count)
850
851
{
	unsigned int i;
Evan Hunt's avatar
Evan Hunt committed
852
	dns_name_t **keys;
853

Evan Hunt's avatar
Evan Hunt committed
854
855
856
857
858
	REQUIRE(addrsp != NULL && *addrsp != NULL);
	REQUIRE(dscpsp == NULL || *dscpsp != NULL);
	REQUIRE(keysp != NULL && *keysp != NULL);

	keys = *keysp;
859
860

	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
Evan Hunt's avatar
Evan Hunt committed
861
862
	if (dscpsp != NULL)
		isc_mem_put(mctx, *dscpsp, count * sizeof(isc_dscp_t));
863
864
865
866
867
868
869
870
871
	for (i = 0; i < count; i++) {
		if (keys[i] == NULL)
			continue;
		if (dns_name_dynamic(keys[i]))
			dns_name_free(keys[i], mctx);
		isc_mem_put(mctx, keys[i], sizeof(dns_name_t));
	}
	isc_mem_put(mctx, *keysp, count * sizeof(dns_name_t *));
	*addrsp = NULL;
Evan Hunt's avatar
Evan Hunt committed
872
873
	if (dscpsp != NULL)
		*dscpsp = NULL;
874
875
876
877
	*keysp = NULL;
}

isc_result_t
878
879
880
881
ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
	const cfg_obj_t *maps[3];
	const cfg_obj_t *options = NULL;
	const cfg_obj_t *portobj = NULL;
882
883
884
	isc_result_t result;
	int i;

885
	(void)cfg_map_get(config, "options", &options);
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
	i = 0;
	if (options != NULL)
		maps[i++] = options;
	maps[i++] = ns_g_defaults;
	maps[i] = NULL;

	result = ns_config_get(maps, "port", &portobj);
	INSIST(result == ISC_R_SUCCESS);
	if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
		cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
			    "port '%u' out of range",
			    cfg_obj_asuint32(portobj));
		return (ISC_R_RANGE);
	}
	*portp = (in_port_t)cfg_obj_asuint32(portobj);
	return (ISC_R_SUCCESS);
}
Brian Wellington's avatar
Brian Wellington committed
903

Evan Hunt's avatar
Evan Hunt committed
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
isc_result_t
ns_config_getdscp(const cfg_obj_t *config, isc_dscp_t *dscpp) {
	const cfg_obj_t *maps[2];
	const cfg_obj_t *options = NULL;
	const cfg_obj_t *dscpobj = NULL;
	isc_result_t result;
	int i;

	(void)cfg_map_get(config, "options", &options);
	i = 0;
	if (options != NULL)
		maps[i++] = options;
	maps[i] = NULL;

	result = ns_config_get(maps, "dscp", &dscpobj);
	if (dscpobj == NULL) {
		*dscpp = -1;
		return (ISC_R_SUCCESS);
	}
	if (cfg_obj_asuint32(dscpobj) >= 64) {
		cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
			    "dscp '%u' out of range",
			    cfg_obj_asuint32(dscpobj));
		return (ISC_R_RANGE);
	}
	*dscpp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
	return (ISC_R_SUCCESS);
}

933
934
935
936
struct keyalgorithms {
	const char *str;
	enum { hmacnone, hmacmd5, hmacsha1, hmacsha224,
	       hmacsha256, hmacsha384, hmacsha512 } hmac;
937
	unsigned int type;
938
939
	isc_uint16_t size;
} algorithms[] = {
940
941
942
943
944
945
946
947
948
	{ "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 },
	{ "hmac-md5.sig-alg.reg.int", hmacmd5, DST_ALG_HMACMD5, 0 },
	{ "hmac-md5.sig-alg.reg.int.", hmacmd5, DST_ALG_HMACMD5, 0 },
	{ "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 },
	{ "hmac-sha224", hmacsha224, DST_ALG_HMACSHA224, 224 },
	{ "hmac-sha256", hmacsha256, DST_ALG_HMACSHA256, 256 },
	{ "hmac-sha384", hmacsha384, DST_ALG_HMACSHA384, 384 },
	{ "hmac-sha512", hmacsha512, DST_ALG_HMACSHA512, 512 },
	{  NULL, hmacnone, DST_ALG_UNKNOWN, 0 }
949
950
};

Brian Wellington's avatar
Brian Wellington committed
951
isc_result_t
952
953
ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
			  isc_uint16_t *digestbits)
954
955
956
957
958
959
960
{
	return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
}

isc_result_t
ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
			   unsigned int *typep, isc_uint16_t *digestbits)
Brian Wellington's avatar
Brian Wellington committed
961
{
962
963
964
965
966
967
968
969
970
971
972
	int i;
	size_t len = 0;
	isc_uint16_t bits;
	isc_result_t result;

	for (i = 0; algorithms[i].str != NULL; i++) {
		len = strlen(algorithms[i].str);
		if (strncasecmp(algorithms[i].str, str, len) == 0 &&
		    (str[len] == '\0' ||
		     (algorithms[i].size != 0 && str[len] == '-')))
			break;
Brian Wellington's avatar
Brian Wellington committed
973
	}
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
	if (algorithms[i].str == NULL)
		return (ISC_R_NOTFOUND);
	if (str[len] == '-') {
		result = isc_parse_uint16(&bits, str + len + 1, 10);
		if (result != ISC_R_SUCCESS)
			return (result);
		if (bits > algorithms[i].size)
			return (ISC_R_RANGE);
	} else if (algorithms[i].size == 0)
		bits = 128;
	else
		bits = algorithms[i].size;

	if (name != NULL) {
		switch (algorithms[i].hmac) {
		case hmacmd5: *name = dns_tsig_hmacmd5_name; break;
		case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
		case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
		case hmacsha256: *name = dns_tsig_hmacsha256_name; break;
		case hmacsha384: *name = dns_tsig_hmacsha384_name; break;
		case hmacsha512: *name = dns_tsig_hmacsha512_name; break;
		default:
			INSIST(0);
		}
	}
999
1000
	if (typep != NULL)
		*typep = algorithms[i].type;
For faster browsing, not all history is shown. View entire blame