319. [func] The named.conf "controls" statement is now used

			to configure the OMAPI command channel.
[RT #145]

CHANGES

+ 319.	[func]		The named.conf "controls" statement is now used
+			to configure the OMAPI command channel.
+
  318.	[func]		dns_c_ndcctx_destroy() could never return anything
 			except ISC_R_SUCCESS; made it have void return instead.
 

bin/named/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.50 2000/06/28 02:54:55 tale Exp $
+# $Id: Makefile.in,v 1.51 2000/07/10 11:34:55 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -50,7 +50,7 @@ TARGETS =	named lwresd
 
 OBJS =		client.@O@ interfacemgr.@O@ listenlist.@O@ \
 		log.@O@ logconf.@O@ main.@O@ notify.@O@ omapi.@O@ \
-		query.@O@ server.@O@ update.@O@ xfrout.@O@ \
+		omapiconf.@O@ query.@O@ server.@O@ update.@O@ xfrout.@O@ \
 		lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
 		lwdgnba.@O@ lwdnoop.@O@
 
@@ -58,7 +58,7 @@ UOBJS =		unix/os.@O@
 
 SRCS =		client.c interfacemgr.c listenlist.c \
 		log.c logconf.c main.c notify.c omapi.c \
-		query.c server.c update.c xfrout.c \
+		omapiconf.c query.c server.c update.c xfrout.c \
 		lwresd.c lwdclient.c lwderror.c lwdgabn.c \
 		lwdgnba.c lwdnoop.c
 

bin/named/include/named/omapi.h

@@ -15,11 +15,14 @@
  * SOFTWARE.
  */
 
-/* $Id: omapi.h,v 1.7 2000/06/22 21:49:49 tale Exp $ */
+/* $Id: omapi.h,v 1.8 2000/07/10 11:35:02 tale Exp $ */
 
 #ifndef NAMED_OMAPI_H
 #define NAMED_OMAPI_H 1
 
+#include <dns/aclconf.h>
+#include <dns/confctx.h>
+
 #include <omapi/omapi.h>
 
 #define NS_OMAPI_PORT			953
@@ -37,6 +40,10 @@ isc_result_t
 ns_omapi_init(void);
 
 isc_result_t
-ns_omapi_listen(omapi_object_t **managerp);
+ns_omapi_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx,
+		   dns_aclconfctx_t *aclconfctx);
+
+void
+ns_omapi_shutdown(isc_boolean_t exiting);
 
 #endif /* NAMED_OMAPI_H */

bin/named/main.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: main.c,v 1.72 2000/07/01 00:48:02 tale Exp $ */
+/* $Id: main.c,v 1.73 2000/07/10 11:34:56 tale Exp $ */
 
 #include <config.h>
 
@@ -385,12 +385,12 @@ create_managers(void) {
 
 static void
 destroy_managers(void) {
-	if (!lwresd_only) {
-		if (ns_g_omapimgr != NULL)
-			omapi_listener_shutdown(ns_g_omapimgr);
-		else
-			omapi_lib_destroy();
-	}
+	if (!lwresd_only)
+		/*
+		 * The omapi listeners need to be stopped here so that
+		 * isc_taskmgr_destroy() won't block on the omapi task.
+		 */
+		ns_omapi_shutdown(ISC_TRUE);
 
 	isc_entropy_detach(&ns_g_entropy);
 	/*
@@ -455,29 +455,20 @@ setup(void) {
 	if (!lwresd_only) {
 		result = ns_omapi_init();
 		if (result != ISC_R_SUCCESS)
-			ns_main_earlyfatal("omapi_lib_init() failed: %s",
+			ns_main_earlyfatal("ns_omapi_init() failed: %s",
 					   isc_result_totext(result));
-	
-		result = ns_omapi_listen(&ns_g_omapimgr);
-		if (result == ISC_R_SUCCESS)
-			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-				      NS_LOGMODULE_MAIN, ISC_LOG_DEBUG(3),
-				      "OMAPI started");
-		else
-			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-				      NS_LOGMODULE_MAIN, ISC_LOG_WARNING,
-				      "OMAPI failed to start: %s",
-				      isc_result_totext(result));
 	}
 }
 
 static void
 cleanup(void) {
 	destroy_managers();
+
 	if (lwresd_only)
 		ns_lwresd_destroy(&ns_g_lwresd);
 	else
 		ns_server_destroy(&ns_g_server);
+
 	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
 		      ISC_LOG_NOTICE, "exiting");
 	ns_log_shutdown();
@@ -543,5 +534,3 @@ main(int argc, char *argv[]) {
 
 	return (0);
 }
-
-

bin/named/omapi.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: omapi.c,v 1.13 2000/05/08 14:32:57 tale Exp $ */
+/* $Id: omapi.c,v 1.14 2000/07/10 11:34:57 tale Exp $ */
 
 /*
  * Principal Author: DCL
@@ -42,9 +42,6 @@ typedef struct control_object {
 static control_object_t control;
 static omapi_objecttype_t *control_type;
 
-static void
-listen_done(isc_task_t *task, isc_event_t *event);
-
 #undef REGION_FMT
 /*
  * Ok, kind of gross.  Sorry.  A little.
@@ -172,74 +169,3 @@ ns_omapi_init(void) {
 
 	return (result);
 }
-
-isc_result_t
-ns_omapi_listen(omapi_object_t **managerp) {
-	omapi_object_t *manager = NULL;
-	isc_result_t result;
-	isc_sockaddr_t sockaddr;
-	isc_netaddr_t netaddr;
-	dns_acl_t *acl;		/* XXXDCL make a parameter */
-	dns_aclelement_t elt;
-	struct in_addr inaddr4;
-
-	REQUIRE(managerp != NULL && *managerp == NULL);
-
-	/*
-	 * Listen on localhost (127.0.0.1).
-	 * XXXDCL should be configurable.
-	 */
-	inaddr4.s_addr = htonl(0x7F000001);
-	isc_sockaddr_fromin(&sockaddr, &inaddr4, NS_OMAPI_PORT);
-
-	/*
-	 * XXXDCL this is not right either
-	 */
-	isc_netaddr_fromsockaddr(&netaddr, &sockaddr);
-	elt.type = dns_aclelementtype_ipprefix;
-	elt.negative = ISC_FALSE;
-	elt.u.ip_prefix.address = netaddr;
-	elt.u.ip_prefix.prefixlen = 32;
-
-	result = dns_acl_create(ns_g_mctx, 1, &acl);
-
-	if (result == ISC_R_SUCCESS)
-		result = dns_acl_appendelement(acl, &elt);
-
-	if (result == ISC_R_SUCCESS)
-		/*
-		 * Create a generic object to be the manager for handling
-		 * incoming server connections.
-		 */
-		result = omapi_object_create(&manager, NULL, 0);
-
-	if (result == ISC_R_SUCCESS) {
-		/*
-		 * Start listening for connections.
-		 */
-		result = omapi_protocol_listen(manager, &sockaddr, acl, 1,
-					       listen_done, ns_g_omapimgr);
-		dns_acl_detach(&acl);
-	}
-
-	if (result == ISC_R_SUCCESS)
-		*managerp = manager;
-
-	else
-		if (manager != NULL)
-			omapi_object_dereference(&manager);
-
-	return (result);
-}
-
-static void
-listen_done(isc_task_t *task, isc_event_t *event) {
-	isc_event_free(&event);
-
-	UNUSED(task);
-
-	if (ns_g_omapimgr != NULL)
-		omapi_object_dereference(&ns_g_omapimgr);
-
-	omapi_lib_destroy();
-}

bin/named/omapiconf.c

+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: omapiconf.c,v 1.1 2000/07/10 11:34:59 tale Exp $ */
+
+/*
+ * Principal Author: DCL
+ */
+
+#include <config.h>
+
+#include <isc/event.h>
+#include <isc/mem.h>
+#include <isc/once.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <named/log.h>
+#include <named/omapi.h>
+#include <named/server.h>
+
+typedef struct ns_omapilistener ns_omapilistener_t;
+
+struct ns_omapilistener {
+	/* XXXDCL magic */
+	isc_mem_t *			mctx;
+	omapi_object_t *		manager;
+	isc_sockaddr_t			address;
+	dns_acl_t *			acl;
+	dns_c_kidlist_t *		keyids;
+	LINK(ns_omapilistener_t)	link;
+};
+
+static ISC_LIST(ns_omapilistener_t) listeners;
+static isc_mutex_t listeners_lock;
+static isc_once_t once = ISC_ONCE_INIT;
+static isc_boolean_t server_exiting = ISC_FALSE;
+
+static void
+initialize_mutex(void) {
+	RUNTIME_CHECK(isc_mutex_init(&listeners_lock) == ISC_R_SUCCESS);
+}
+
+static void
+free_listener(ns_omapilistener_t *listener) {
+	if (listener->keyids != NULL)
+		dns_c_kidlist_delete(&listener->keyids);
+
+	if (listener->acl != NULL)
+		dns_acl_detach(&listener->acl);
+
+	if (listener->manager != NULL)
+		omapi_object_dereference(&listener->manager);
+
+	isc_mem_put(listener->mctx, listener, sizeof(*listener));
+}
+
+static void
+listen_done(isc_task_t *task, isc_event_t *event) {
+	ns_omapilistener_t *listener;
+
+	UNUSED(task);
+
+	listener = event->ev_arg;
+
+	LOCK(&listeners_lock);
+
+	ISC_LIST_UNLINK(listeners, listener, link);
+	free_listener(listener);
+
+	if (server_exiting && ISC_LIST_EMPTY(listeners))
+		omapi_lib_destroy();
+
+	UNLOCK(&listeners_lock);
+
+	isc_event_free(&event);
+}
+
+void
+ns_omapi_shutdown(isc_boolean_t exiting) {
+	ns_omapilistener_t *listener;
+
+	if (exiting) {
+		/*
+		 * When not exiting, this function is called from
+		 * ns_omapi_configure(), which already holds the lock.
+		 */
+		LOCK(&listeners_lock);
+
+		if (ISC_LIST_EMPTY(listeners))
+			omapi_lib_destroy();
+		else
+			server_exiting = exiting;
+	}
+
+	for (listener = ISC_LIST_HEAD(listeners);
+	     listener != NULL;
+	     listener = ISC_LIST_NEXT(listener, link))
+		/*
+		 * This is asynchronous.  As listeners shut down, they will
+		 * call listen_done().
+		 */
+		omapi_listener_shutdown(listener->manager);
+
+	if (exiting)
+		UNLOCK(&listeners_lock);
+}
+
+static isc_boolean_t
+verify_connection(isc_sockaddr_t *sockaddr, void *arg) {
+	ns_omapilistener_t *listener;
+	isc_netaddr_t netaddr;
+	isc_result_t result;
+	int match;
+
+	isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+	listener = arg;
+
+	result = dns_acl_match(&netaddr, NULL, listener->acl,
+			       NULL, &match, NULL);
+
+	if (result != ISC_R_SUCCESS || match <= 0)
+		return (ISC_FALSE);
+	else
+		return (ISC_TRUE);
+}
+
+static isc_boolean_t
+verify_key(const char *name, unsigned int algorithm, void *arg) {
+	ns_omapilistener_t *listener;
+	dns_c_kid_t *keyid = NULL;
+
+	/*
+	 * XXXDCL Ideally algorithm would be checked, too, but the current
+	 * config API makes this moderately hard, and omapi will check it
+	 * anyway.
+	 */
+	UNUSED(algorithm);
+
+	listener = arg;
+
+	(void)dns_c_kidlist_find(listener->keyids, name, &keyid);
+	if (keyid != NULL)
+		return (ISC_TRUE);
+	else
+		return (ISC_FALSE);
+}
+
+static isc_result_t
+ns_omapi_listen(ns_omapilistener_t *listener) {
+	isc_result_t result;
+
+	REQUIRE(listener->manager == NULL);
+
+	/*
+	 * Create a generic object to be the manager for handling
+	 * incoming server connections.
+	 */
+	result = omapi_object_create(&listener->manager, NULL, 0);
+
+	if (result == ISC_R_SUCCESS)
+		/*
+		 * Start listening for connections.
+		 */
+		result = omapi_protocol_listen(listener->manager,
+					       &listener->address,
+					       verify_connection, verify_key,
+					       listen_done, listener);
+
+	if (result != ISC_R_SUCCESS && listener->manager != NULL)
+		omapi_object_dereference(&listener->manager);
+
+	return (result);
+}
+
+static void
+register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
+	      char *socktext)
+{
+	dns_c_kid_t *keyid;
+	dns_c_kdef_t *keydef;
+	isc_result_t result;
+
+	/*
+	 * Register the keys used by this listener.  omapi_auth_deregister()
+	 * is used to delete any existing key in case its secret or algorithm
+	 * changed.
+	 *
+	 * XXXDCL but this means a little extra work overall when nothing
+	 * changed.  In fact, the same key will be register/deregistered/
+	 * reregistered if it appears more than once in the controls statement.
+	 *
+	 * XXXDCL a separate problem is that keys that have been removed
+	 * from the controls statement in a reconfiguration are not deleted
+	 * until the server shuts down.
+	 *
+	 * XXXDCL confparser.y currently allows the keys clause to be absent,
+	 * which is pointless.  it needs to be required.
+	 */
+	for (keyid = ISC_LIST_HEAD(control->keyidlist->keyids);
+	     keyid != NULL;
+	     keyid = ISC_LIST_NEXT(keyid, next)) {
+		     omapi_auth_deregister(keyid->keyid);
+
+		     /*
+		      * XXXDCL confparser.y apparently allows any keyid
+		      * in the list even if it has not been defined with
+		      * the keys statement.
+		      */
+		     keydef = NULL;
+		     (void)dns_c_kdeflist_find(keydeflist, keyid->keyid,
+					       &keydef);
+		     if (keydef == NULL)
+			     isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+					   NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
+					   "couldn't find key %s for"
+					   "use with command channel %s",
+					   keydef->keyid, socktext);
+		     else if (strcasecmp(keydef->algorithm, "hmac-md5") != 0) {
+			     isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+					   NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
+					   "unsupported algorithm %s in "
+					   "key %s for use with "
+					   "command channel %s",
+					   keydef->algorithm, keydef->keyid,
+					   socktext);
+			     keydef = NULL;
+		     }
+
+		     if (keydef != NULL)
+			     result = omapi_auth_register(keydef->keyid,
+							  keydef->secret,
+							  OMAPI_AUTH_HMACMD5);
+
+		     if (keydef != NULL && result != ISC_R_SUCCESS)
+			     isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+					   NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
+					   "couldn't register key %s for"
+					   "use with command channel %s: %s",
+					   keydef->keyid, socktext,
+					   isc_result_totext(result));
+	}
+}		     			 
+
+static void
+update_listener(ns_omapilistener_t **listenerp, dns_c_ctrl_t *control,
+		dns_c_ctx_t *cctx, dns_aclconfctx_t *aclconfctx,
+		char *socktext)
+{
+	ns_omapilistener_t *listener;
+	dns_acl_t *new_acl = NULL;
+	isc_result_t result;
+
+	for (listener = ISC_LIST_HEAD(listeners); listener != NULL;
+	     listener = ISC_LIST_NEXT(listener, link)) {
+
+		if (isc_sockaddr_equal(&control->u.inet_v.addr,
+				       &listener->address)) {
+			/*
+			 * There is already a listener for this sockaddr.
+			 * Update the access list and key information.
+			 *
+			 * First, keep the old access list unless
+			 * a new one can be made.
+			 */
+			result = dns_acl_fromconfig(control->
+						    u.inet_v.matchlist,
+						    cctx, aclconfctx,
+						    listener->mctx, &new_acl);
+			if (result == ISC_R_SUCCESS) {
+				dns_acl_detach(&listener->acl);
+				dns_acl_attach(new_acl,
+					       &listener->acl);
+				dns_acl_detach(&new_acl);
+			} else
+				/* XXXDCL say the old acl is still used? */
+				isc_log_write(ns_g_lctx,
+					      ISC_LOGCATEGORY_GENERAL,
+					      NS_LOGMODULE_OMAPI,
+					      ISC_LOG_WARNING,
+					      "couldn't install new acl for "
+					      "command channel %s: %s",
+					      socktext,
+					      isc_result_totext(result));
+
+			/*
+			 * Now update the key id list.
+			 * XXXDCL the API for this seems incomplete.  For now,
+			 * I just reassign the pointer and set the control
+			 * keyidlist to NULL so dns_c_ctrl_delete will not
+			 * free it.
+			 */
+			if (listener->keyids != NULL)
+				dns_c_kidlist_delete(&listener->keyids);
+			listener->keyids = control->keyidlist;
+			control->keyidlist = NULL;
+
+			break;
+		}
+
+	}
+
+	*listenerp = listener;
+}
+
+static void
+add_listener(isc_mem_t *mctx, ns_omapilistener_t **listenerp,
+	     dns_c_ctrl_t *control, dns_c_ctx_t *cctx,
+	     dns_aclconfctx_t *aclconfctx, char *socktext)
+{
+	ns_omapilistener_t *listener;
+	dns_acl_t *new_acl = NULL;
+	isc_result_t result = ISC_R_SUCCESS;
+
+	listener = isc_mem_get(mctx, sizeof(ns_omapilistener_t));
+	if (listener == NULL)
+		result = ISC_R_NOMEMORY;
+
+	if (result == ISC_R_SUCCESS) {
+		listener->mctx = mctx;
+		listener->manager = NULL;
+		listener->address = control->u.inet_v.addr;
+
+		/*
+		 * Make the acl.
+		 */
+		result = dns_acl_fromconfig(control->u.inet_v.matchlist,
+					    cctx, aclconfctx, mctx, &new_acl);
+	}
+
+	if (result == ISC_R_SUCCESS) {
+		dns_acl_attach(new_acl, &listener->acl);
+		dns_acl_detach(&new_acl);
+
+		/*
+		 * Now update the key id list.
+		 * XXXDCL the API for this seems incomplete.  For now,
+		 * I just reassign the pointer and set it to NULL so
+		 * dns_c_ctrl_delete will not free it.
+		 */
+		listener->keyids = control->keyidlist;
+		control->keyidlist = NULL;
+
+		result = ns_omapi_listen(listener);
+	}
+
+	if (result == ISC_R_SUCCESS) {
+		isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_OMAPI, ISC_LOG_NOTICE,
+			      "command channel listening on %s", socktext);
+		*listenerp = listener;
+
+	} else {
+		if (listener != NULL)
+			free_listener(listener);
+
+		isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
+			      "couldn't add command channel %s: %s",
+			      socktext, isc_result_totext(result));
+
+		*listenerp = NULL;
+	}
+
+	/* XXXDCL return error results? fail hard? */
+}
+
+isc_result_t
+ns_omapi_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx,
+		   dns_aclconfctx_t *aclconfctx)
+{
+	ns_omapilistener_t *listener;
+	ISC_LIST(ns_omapilistener_t) new_listeners;
+	dns_c_ctrllist_t *controls = NULL;
+	dns_c_ctrl_t *control;
+	dns_c_kdeflist_t *keydeflist = NULL;
+	char socktext[ISC_SOCKADDR_FORMATSIZE];
+	isc_result_t result;
+
+	RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
+
+	ISC_LIST_INIT(new_listeners);
+
+	/*
+	 * Get a pointer to the named.conf ``controls'' statement information.
+	 */
+	result = dns_c_ctx_getcontrols(cctx, &controls);
+
+	LOCK(&listeners_lock);
+	/*
+	 * Run through the new control channel list, noting sockets that
+	 * are already being listened on and moving them to the new list.
+	 *			
+	 * Identifying duplicates addr/port combinations is left to either
+	 * the underlying config code, or to the bind attempt getting an
+	 * address-in-use error.
+	 */
+	if (result == ISC_R_SUCCESS) {
+		(void)dns_c_ctx_getkdeflist(cctx, &keydeflist);
+		if (keydeflist