auth_srv.cc 25 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14
// Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.

15 16
#include <config.h>

17 18
#include <netinet/in.h>

19
#include <algorithm>
20
#include <cassert>
21
#include <iostream>
22
#include <vector>
23

24 25
#include <boost/bind.hpp>

26 27 28 29 30 31
#include <asiolink/asiolink.h>

#include <config/ccsession.h>

#include <cc/data.h>

32 33
#include <exceptions/exceptions.h>

34
#include <util/buffer.h>
35

36
#include <dns/edns.h>
JINMEI Tatuya's avatar
JINMEI Tatuya committed
37
#include <dns/exceptions.h>
38 39 40
#include <dns/messagerenderer.h>
#include <dns/name.h>
#include <dns/question.h>
41
#include <dns/opcode.h>
42
#include <dns/rcode.h>
43 44 45 46
#include <dns/rrset.h>
#include <dns/rrttl.h>
#include <dns/message.h>

Evan Hunt's avatar
Evan Hunt committed
47 48
#include <datasrc/query.h>
#include <datasrc/data_source.h>
49
#include <datasrc/memory_datasrc.h>
Evan Hunt's avatar
Evan Hunt committed
50 51
#include <datasrc/static_datasrc.h>
#include <datasrc/sqlite3_datasrc.h>
52

53 54
#include <xfr/xfrout_client.h>

55
#include <auth/common.h>
JINMEI Tatuya's avatar
JINMEI Tatuya committed
56
#include <auth/config.h>
57
#include <auth/auth_srv.h>
58
#include <auth/query.h>
59
#include <auth/statistics.h>
60 61 62

using namespace std;

63
using namespace isc;
64
using namespace isc::cc;
Evan Hunt's avatar
Evan Hunt committed
65
using namespace isc::datasrc;
66
using namespace isc::dns;
67
using namespace isc::util;
68
using namespace isc::auth;
69 70
using namespace isc::dns::rdata;
using namespace isc::data;
71
using namespace isc::config;
72
using namespace isc::xfr;
73
using namespace asiolink;
74
using namespace isc::server_common::portconfig;
75

76 77 78 79 80 81
class AuthSrvImpl {
private:
    // prohibit copy
    AuthSrvImpl(const AuthSrvImpl& source);
    AuthSrvImpl& operator=(const AuthSrvImpl& source);
public:
82
    AuthSrvImpl(const bool use_cache, AbstractXfroutClient& xfrout_client);
Han Feng's avatar
Han Feng committed
83
    ~AuthSrvImpl();
84
    isc::data::ConstElementPtr setDbFile(isc::data::ConstElementPtr config);
85

86 87 88 89
    bool processNormalQuery(const IOMessage& io_message, MessagePtr message,
                            OutputBufferPtr buffer);
    bool processAxfrQuery(const IOMessage& io_message, MessagePtr message,
                          OutputBufferPtr buffer);
Michal Vaner's avatar
Michal Vaner committed
90
    bool processNotify(const IOMessage& io_message, MessagePtr message,
91
                       OutputBufferPtr buffer);
Evan Hunt's avatar
Evan Hunt committed
92

93 94
    IOService io_service_;

Evan Hunt's avatar
Evan Hunt committed
95 96 97 98
    /// Currently non-configurable, but will be.
    static const uint16_t DEFAULT_LOCAL_UDPSIZE = 4096;

    /// These members are public because AuthSrv accesses them directly.
99
    ModuleCCSession* config_session_;
Evan Hunt's avatar
Evan Hunt committed
100 101 102
    bool verbose_mode_;
    AbstractSession* xfrin_session_;

103
    /// In-memory data source.  Currently class IN only for simplicity.
104
    const RRClass memory_datasrc_class_;
105 106
    AuthSrv::MemoryDataSrcPtr memory_datasrc_;

Michal Vaner's avatar
Michal Vaner committed
107 108
    /// Hot spot cache
    isc::datasrc::HotCache cache_;
109

110 111 112
    /// Interval timer for periodic submission of statistics counters.
    IntervalTimer statistics_timer_;

113
    /// Query counters for statistics
114
    AuthCounters counters_;
115 116 117

    /// Addresses we listen on
    AddressList listen_addresses_;
Evan Hunt's avatar
Evan Hunt committed
118 119 120
private:
    std::string db_file_;

121
    MetaDataSrc data_sources_;
122 123 124
    /// We keep a pointer to the currently running sqlite datasource
    /// so that we can specifically remove that one should the database
    /// file change
125
    ConstDataSrcPtr cur_datasrc_;
126

127
    bool xfrout_connected_;
128
    AbstractXfroutClient& xfrout_client_;
129

130
    /// Increment query counter
131
    void incCounter(const int protocol);
132 133
};

134 135 136 137
AuthSrvImpl::AuthSrvImpl(const bool use_cache,
                         AbstractXfroutClient& xfrout_client) :
    config_session_(NULL), verbose_mode_(false),
    xfrin_session_(NULL),
138
    memory_datasrc_class_(RRClass::IN()),
139
    statistics_timer_(io_service_),
140
    counters_(verbose_mode_),
141
    xfrout_connected_(false),
142
    xfrout_client_(xfrout_client)
143
{
144 145
    // cur_datasrc_ is automatically initialized by the default constructor,
    // effectively being an empty (sqlite) data source.  once ccsession is up
146
    // the datasource will be set by the configuration setting
147

148
    // add static data source
149
    data_sources_.addDataSrc(ConstDataSrcPtr(new StaticDataSrc));
Evan Hunt's avatar
Evan Hunt committed
150 151 152

    // enable or disable the cache
    cache_.setEnabled(use_cache);
153 154
}

Han Feng's avatar
Han Feng committed
155
AuthSrvImpl::~AuthSrvImpl() {
156
    if (xfrout_connected_) {
157
        xfrout_client_.disconnect();
158
        xfrout_connected_ = false;
Han Feng's avatar
Han Feng committed
159
    }
160
}
161

162
// This is a derived class of \c DNSLookup, to serve as a
163
// callback in the asiolink module.  It calls
164
// AuthSrv::processMessage() on a single DNS message.
165
class MessageLookup : public DNSLookup {
166
public:
167
    MessageLookup(AuthSrv* srv) : server_(srv) {}
168 169 170 171 172
    virtual void operator()(const IOMessage& io_message,
                            MessagePtr message,
                            MessagePtr answer_message,
                            OutputBufferPtr buffer,
                            DNSServer* server) const
173
    {
174
        (void) answer_message;
175
        server_->processMessage(io_message, message, buffer, server);
176 177 178 179 180
    }
private:
    AuthSrv* server_;
};

181 182 183 184 185 186 187 188
// This is a derived class of \c DNSAnswer, to serve as a callback in the
// asiolink module.  We actually shouldn't do anything in this class because
// we build complete response messages in the process methods; otherwise
// the response message will contain trailing garbage.  In future, we should
// probably even drop the reliance on DNSAnswer.  We don't need the coroutine
// tricks provided in that framework, and its overhead would be significant
// in terms of performance consideration for the authoritative server
// implementation.
189 190
class MessageAnswer : public DNSAnswer {
public:
191 192
    MessageAnswer(AuthSrv*) {}
    virtual void operator()(const IOMessage&, MessagePtr,
193
                            MessagePtr, OutputBufferPtr) const
194
    {}
195 196
};

197
// This is a derived class of \c SimpleCallback, to serve
198
// as a callback in the asiolink module.  It checks for queued
199
// configuration messages, and executes them if found.
200
class ConfigChecker : public SimpleCallback {
201 202
public:
    ConfigChecker(AuthSrv* srv) : server_(srv) {}
Michal Vaner's avatar
Michal Vaner committed
203
    virtual void operator()(const IOMessage&) const {
204 205
        if (server_->getConfigSession()->hasQueuedMsgs()) {
            server_->getConfigSession()->checkCommand();
206 207 208 209 210 211
        }
    }
private:
    AuthSrv* server_;
};

212
AuthSrv::AuthSrv(const bool use_cache, AbstractXfroutClient& xfrout_client) :
213
    impl_(new AuthSrvImpl(use_cache, xfrout_client)),
214
    checkin_(new ConfigChecker(this)),
215 216
    dns_lookup_(new MessageLookup(this)),
    dns_answer_(new MessageAnswer(this))
217
{}
218

219 220
void
AuthSrv::stop() {
221
    impl_->io_service_.stop();
222 223
}

224
AuthSrv::~AuthSrv() {
225
    delete impl_;
226
    delete checkin_;
227 228
    delete dns_lookup_;
    delete dns_answer_;
229 230
}

231
namespace {
232 233
class QuestionInserter {
public:
234
    QuestionInserter(MessagePtr message) : message_(message) {}
235 236 237
    void operator()(const QuestionPtr question) {
        message_->addQuestion(question);
    }
238
    MessagePtr message_;
239 240
};

241
void
242
makeErrorMessage(MessagePtr message, OutputBufferPtr buffer,
243
                 const Rcode& rcode, const bool verbose_mode)
244
{
245 246 247
    // extract the parameters that should be kept.
    // XXX: with the current implementation, it's not easy to set EDNS0
    // depending on whether the query had it.  So we'll simply omit it.
248
    const qid_t qid = message->getQid();
Michal Vaner's avatar
Michal Vaner committed
249 250
    const bool rd = message->getHeaderFlag(Message::HEADERFLAG_RD);
    const bool cd = message->getHeaderFlag(Message::HEADERFLAG_CD);
251
    const Opcode& opcode = message->getOpcode();
252 253
    vector<QuestionPtr> questions;

254 255 256
    // If this is an error to a query or notify, we should also copy the
    // question section.
    if (opcode == Opcode::QUERY() || opcode == Opcode::NOTIFY()) {
257
        questions.assign(message->beginQuestion(), message->endQuestion());
258
    }
259

260 261 262
    message->clear(Message::RENDER);
    message->setQid(qid);
    message->setOpcode(opcode);
Michal Vaner's avatar
Michal Vaner committed
263
    message->setHeaderFlag(Message::HEADERFLAG_QR);
264
    if (rd) {
Michal Vaner's avatar
Michal Vaner committed
265
        message->setHeaderFlag(Message::HEADERFLAG_RD);
266 267
    }
    if (cd) {
Michal Vaner's avatar
Michal Vaner committed
268
        message->setHeaderFlag(Message::HEADERFLAG_CD);
269
    }
270 271 272 273 274
    for_each(questions.begin(), questions.end(), QuestionInserter(message));
    message->setRcode(rcode);

    MessageRenderer renderer(*buffer);
    message->toWire(renderer);
275 276

    if (verbose_mode) {
277
        cerr << "[b10-auth] sending an error response (" <<
278
            renderer.getLength() << " bytes):\n" << message->toText() << endl;
279
    }
280
}
281
}
282

283 284 285 286 287 288 289 290 291 292
void
AuthSrv::setVerbose(const bool on) {
    impl_->verbose_mode_ = on;
}

bool
AuthSrv::getVerbose() const {
    return (impl_->verbose_mode_);
}

293 294 295 296 297
IOService&
AuthSrv::getIOService() {
    return (impl_->io_service_);
}

JINMEI Tatuya's avatar
JINMEI Tatuya committed
298 299 300 301 302 303 304 305 306 307
void
AuthSrv::setCacheSlots(const size_t slots) {
    impl_->cache_.setSlots(slots);
}

size_t
AuthSrv::getCacheSlots() const {
    return (impl_->cache_.getSlots());
}

308
void
309 310
AuthSrv::setXfrinSession(AbstractSession* xfrin_session) {
    impl_->xfrin_session_ = xfrin_session;
311 312
}

313
void
314 315
AuthSrv::setConfigSession(ModuleCCSession* config_session) {
    impl_->config_session_ = config_session;
316 317
}

318
void
319 320
AuthSrv::setStatisticsSession(AbstractSession* statistics_session) {
    impl_->counters_.setStatisticsSession(statistics_session);
321 322
}

323
ModuleCCSession*
324
AuthSrv::getConfigSession() const {
325
    return (impl_->config_session_);
326 327
}

328 329
AuthSrv::MemoryDataSrcPtr
AuthSrv::getMemoryDataSrc(const RRClass& rrclass) {
330
    // XXX: for simplicity, we only support the IN class right now.
331
    if (rrclass != impl_->memory_datasrc_class_) {
332 333 334 335 336 337 338 339 340 341 342 343
        isc_throw(InvalidParameter,
                  "Memory data source is not supported for RR class "
                  << rrclass);
    }
    return (impl_->memory_datasrc_);
}

void
AuthSrv::setMemoryDataSrc(const isc::dns::RRClass& rrclass,
                          MemoryDataSrcPtr memory_datasrc)
{
    // XXX: see above
344
    if (rrclass != impl_->memory_datasrc_class_) {
345 346 347 348 349
        isc_throw(InvalidParameter,
                  "Memory data source is not supported for RR class "
                  << rrclass);
    }
    if (impl_->verbose_mode_) {
JINMEI Tatuya's avatar
JINMEI Tatuya committed
350 351 352 353 354 355 356
        if (!impl_->memory_datasrc_ && memory_datasrc) {
            cerr << "[b10-auth] Memory data source is enabled for class "
                 << rrclass << endl;
        } else if (impl_->memory_datasrc_ && !memory_datasrc) {
            cerr << "[b10-auth] Memory data source is disabled for class "
                 << rrclass << endl;
        }
357
    }
JINMEI Tatuya's avatar
JINMEI Tatuya committed
358
    impl_->memory_datasrc_ = memory_datasrc;
359 360
}

361 362
uint32_t
AuthSrv::getStatisticsTimerInterval() const {
363
    return (impl_->statistics_timer_.getInterval() / 1000);
364 365 366 367 368 369 370
}

void
AuthSrv::setStatisticsTimerInterval(uint32_t interval) {
    if (interval == impl_->statistics_timer_.getInterval()) {
        return;
    }
371
    if (interval > 86400) {
372
        // It can't occur since the value is checked in
373 374 375
        // statisticsIntervalConfig::build().
        isc_throw(InvalidParameter, "Too long interval: " << interval);
    }
376 377 378
    if (interval == 0) {
        impl_->statistics_timer_.cancel();
    } else {
379 380
        impl_->statistics_timer_.setup(boost::bind(&AuthSrv::submitStatistics,
                                                   this),
381
                                       interval * 1000);
382 383 384 385 386 387
    }
    if (impl_->verbose_mode_) {
        if (interval == 0) {
            cerr << "[b10-auth] Disabled statistics timer" << endl;
        } else {
            cerr << "[b10-auth] Set statistics timer to " << interval
388
                 << " seconds" << endl;
389 390 391 392
        }
    }
}

393
void
394
AuthSrv::processMessage(const IOMessage& io_message, MessagePtr message,
395
                        OutputBufferPtr buffer, DNSServer* server)
JINMEI Tatuya's avatar
cleanup  
JINMEI Tatuya committed
396
{
397 398
    InputBuffer request_buffer(io_message.getData(), io_message.getDataSize());

399 400 401
    // First, check the header part.  If we fail even for the base header,
    // just drop the message.
    try {
402
        message->parseHeader(request_buffer);
403 404

        // Ignore all responses.
Michal Vaner's avatar
Michal Vaner committed
405
        if (message->getHeaderFlag(Message::HEADERFLAG_QR)) {
406
            if (impl_->verbose_mode_) {
407 408
                cerr << "[b10-auth] received unexpected response, ignoring"
                     << endl;
409
            }
410
            server->resume(false);
411
            return;
412 413
        }
    } catch (const Exception& ex) {
414 415 416
        if (impl_->verbose_mode_) {
            cerr << "[b10-auth] DNS packet exception: " << ex.what() << endl;
        }
417
        server->resume(false);
418
        return;
419 420
    }

421
    try {
422
        // Parse the message.
423
        message->fromWire(request_buffer);
424
    } catch (const DNSProtocolError& error) {
425
        if (impl_->verbose_mode_) {
426 427
            cerr << "[b10-auth] returning " <<  error.getRcode().toText()
                 << ": " << error.what() << endl;
428
        }
429
        makeErrorMessage(message, buffer, error.getRcode(),
430
                         impl_->verbose_mode_);
431
        server->resume(true);
432
        return;
433
    } catch (const Exception& ex) {
434
        if (impl_->verbose_mode_) {
435
            cerr << "[b10-auth] returning SERVFAIL: " << ex.what() << endl;
436
        }
437
        makeErrorMessage(message, buffer, Rcode::SERVFAIL(),
438
                         impl_->verbose_mode_);
439
        server->resume(true);
440
        return;
441
    } // other exceptions will be handled at a higher layer.
442

443
    if (impl_->verbose_mode_) {
444
        cerr << "[b10-auth] received a message:\n" << message->toText() << endl;
445
    }
446

447
    // Perform further protocol-level validation.
JINMEI Tatuya's avatar
JINMEI Tatuya committed
448

449 450 451 452
    bool sendAnswer = true;
    if (message->getOpcode() == Opcode::NOTIFY()) {
        sendAnswer = impl_->processNotify(io_message, message, buffer);
    } else if (message->getOpcode() != Opcode::QUERY()) {
453
        if (impl_->verbose_mode_) {
454
            cerr << "[b10-auth] unsupported opcode" << endl;
455
        }
456
        makeErrorMessage(message, buffer, Rcode::NOTIMP(),
457
                         impl_->verbose_mode_);
Michal Vaner's avatar
Michal Vaner committed
458
    } else if (message->getRRCount(Message::SECTION_QUESTION) != 1) {
459
        makeErrorMessage(message, buffer, Rcode::FORMERR(),
460
                         impl_->verbose_mode_);
461
    } else {
462
        ConstQuestionPtr question = *message->beginQuestion();
463 464
        const RRType &qtype = question->getType();
        if (qtype == RRType::AXFR()) {
465
            sendAnswer = impl_->processAxfrQuery(io_message, message, buffer);
466
        } else if (qtype == RRType::IXFR()) {
467 468
            makeErrorMessage(message, buffer, Rcode::NOTIMP(),
                             impl_->verbose_mode_);
469
        } else {
470
            sendAnswer = impl_->processNormalQuery(io_message, message, buffer);
471
        }
472
    }
473

474
    server->resume(sendAnswer);
475 476 477
}

bool
478 479
AuthSrvImpl::processNormalQuery(const IOMessage& io_message, MessagePtr message,
                                OutputBufferPtr buffer)
480
{
Michal Vaner's avatar
Michal Vaner committed
481
    ConstEDNSPtr remote_edns = message->getEDNS();
482
    const bool dnssec_ok = remote_edns && remote_edns->getDNSSECAwareness();
483
    const uint16_t remote_bufsize = remote_edns ? remote_edns->getUDPSize() :
484
        Message::DEFAULT_MAX_UDPSIZE;
485

486
    message->makeResponse();
Michal Vaner's avatar
Michal Vaner committed
487
    message->setHeaderFlag(Message::HEADERFLAG_AA);
488
    message->setRcode(Rcode::NOERROR());
489

490 491 492
    // Increment query counter.
    incCounter(io_message.getSocket().getProtocol());

493 494
    if (remote_edns) {
        EDNSPtr local_edns = EDNSPtr(new EDNS());
495
        local_edns->setDNSSECAwareness(dnssec_ok);
496
        local_edns->setUDPSize(AuthSrvImpl::DEFAULT_LOCAL_UDPSIZE);
Michal Vaner's avatar
Michal Vaner committed
497
        message->setEDNS(local_edns);
498
    }
499

500
    try {
Jerry's avatar
Jerry committed
501 502
        // If a memory data source is configured call the separate
        // Query::process()
503 504
        const ConstQuestionPtr question = *message->beginQuestion();
        if (memory_datasrc_ && memory_datasrc_class_ == question->getClass()) {
505 506
            const RRType& qtype = question->getType();
            const Name& qname = question->getName();
507
            auth::Query(*memory_datasrc_, qname, qtype, *message).process();
508
        } else {
509
            datasrc::Query query(*message, cache_, dnssec_ok);
510 511
            data_sources_.doQuery(query);
        }
512
    } catch (const Exception& ex) {
513
        if (verbose_mode_) {
JINMEI Tatuya's avatar
JINMEI Tatuya committed
514 515
            cerr << "[b10-auth] Internal error, returning SERVFAIL: " <<
                ex.what() << endl;
516
        }
517
        makeErrorMessage(message, buffer, Rcode::SERVFAIL(), verbose_mode_);
518
        return (true);
519
    }
520

521
    MessageRenderer renderer(*buffer);
522 523
    const bool udp_buffer =
        (io_message.getSocket().getProtocol() == IPPROTO_UDP);
524 525 526
    renderer.setLengthLimit(udp_buffer ? remote_bufsize : 65535);
    message->toWire(renderer);

527
    if (verbose_mode_) {
528
        cerr << "[b10-auth] sending a response ("
529 530
             << renderer.getLength()
             << " bytes):\n" << message->toText() << endl;
531
    }
532

533
    return (true);
534 535
}

536
bool
537 538
AuthSrvImpl::processAxfrQuery(const IOMessage& io_message, MessagePtr message,
                              OutputBufferPtr buffer)
JINMEI Tatuya's avatar
JINMEI Tatuya committed
539
{
540 541 542
    // Increment query counter.
    incCounter(io_message.getSocket().getProtocol());

Han Feng's avatar
Han Feng committed
543 544
    if (io_message.getSocket().getProtocol() == IPPROTO_UDP) {
        if (verbose_mode_) {
JINMEI Tatuya's avatar
JINMEI Tatuya committed
545
            cerr << "[b10-auth] AXFR query over UDP isn't allowed" << endl;
Han Feng's avatar
Han Feng committed
546
        }
547
        makeErrorMessage(message, buffer, Rcode::FORMERR(), verbose_mode_);
548
        return (true);
Han Feng's avatar
Han Feng committed
549
    }
550 551

    try {
552 553 554 555
        if (!xfrout_connected_) {
            xfrout_client_.connect();
            xfrout_connected_ = true;
        }
556 557 558 559
        xfrout_client_.sendXfroutRequestInfo(
            io_message.getSocket().getNative(),
            io_message.getData(),
            io_message.getDataSize());
560
    } catch (const XfroutError& err) {
561
        if (xfrout_connected_) {
JINMEI Tatuya's avatar
JINMEI Tatuya committed
562
            // disconnect() may trigger an exception, but since we try it
563 564 565 566
            // only if we've successfully opened it, it shouldn't happen in
            // normal condition.  Should this occur, we'll propagate it to the
            // upper layer.
            xfrout_client_.disconnect();
567
            xfrout_connected_ = false;
568
        }
569

570
        if (verbose_mode_) {
JINMEI Tatuya's avatar
JINMEI Tatuya committed
571
            cerr << "[b10-auth] Error in handling XFR request: " << err.what()
572 573
                 << endl;
        }
574
        makeErrorMessage(message, buffer, Rcode::SERVFAIL(), verbose_mode_);
575
        return (true);
576
    }
577

578
    return (false);
579 580 581
}

bool
582 583
AuthSrvImpl::processNotify(const IOMessage& io_message, MessagePtr message, 
                           OutputBufferPtr buffer)
584
{
585 586
    // The incoming notify must contain exactly one question for SOA of the
    // zone name.
Michal Vaner's avatar
Michal Vaner committed
587
    if (message->getRRCount(Message::SECTION_QUESTION) != 1) {
588 589
        if (verbose_mode_) {
                cerr << "[b10-auth] invalid number of questions in notify: "
Michal Vaner's avatar
Michal Vaner committed
590
                     << message->getRRCount(Message::SECTION_QUESTION) << endl;
591
        }
592
        makeErrorMessage(message, buffer, Rcode::FORMERR(), verbose_mode_);
593 594
        return (true);
    }
595
    ConstQuestionPtr question = *message->beginQuestion();
596 597 598 599 600
    if (question->getType() != RRType::SOA()) {
        if (verbose_mode_) {
                cerr << "[b10-auth] invalid question RR type in notify: "
                     << question->getType() << endl;
        }
601
        makeErrorMessage(message, buffer, Rcode::FORMERR(), verbose_mode_);
602 603 604 605 606 607 608
        return (true);
    }

    // According to RFC 1996, rcode should be "no error" and AA bit should be
    // on, but we don't check these conditions.  This behavior is compatible
    // with BIND 9.

609 610
    // TODO check with the conf-mgr whether current server is the auth of the
    // zone
611 612 613 614 615

    // In the code that follows, we simply ignore the notify if any internal
    // error happens rather than returning (e.g.) SERVFAIL.  RFC 1996 is
    // silent about such cases, but there doesn't seem to be anything we can
    // improve at the primary server side by sending an error anyway.
616
    if (xfrin_session_ == NULL) {
JINMEI Tatuya's avatar
JINMEI Tatuya committed
617 618 619 620 621
        if (verbose_mode_) {
            cerr << "[b10-auth] "
                "session interface for xfrin is not available" << endl;
        }
        return (false);
Han Feng's avatar
Han Feng committed
622
    }
623

JINMEI Tatuya's avatar
JINMEI Tatuya committed
624 625
    const string remote_ip_address =
        io_message.getRemoteEndpoint().getAddress().toText();
JINMEI Tatuya's avatar
JINMEI Tatuya committed
626 627
    static const string command_template_start =
        "{\"command\": [\"notify\", {\"zone_name\" : \"";
628
    static const string command_template_master = "\", \"master\" : \"";
629
    static const string command_template_rrclass = "\", \"zone_class\" : \"";
630
    static const string command_template_end = "\"}]}";
631

Han Feng's avatar
Han Feng committed
632
    try {
633
        ConstElementPtr notify_command = Element::fromJSON(
634
                command_template_start + question->getName().toText() +
635 636
                command_template_master + remote_ip_address +
                command_template_rrclass + question->getClass().toText() +
637
                command_template_end);
Han Feng's avatar
Han Feng committed
638
        const unsigned int seq =
639
            xfrin_session_->group_sendmsg(notify_command, "Zonemgr",
640
                                          "*", "*");
641
        ConstElementPtr env, answer, parsed_answer;
642
        xfrin_session_->group_recvmsg(env, answer, false, seq);
Han Feng's avatar
Han Feng committed
643
        int rcode;
644 645 646
        parsed_answer = parseAnswer(rcode, answer);
        if (rcode != 0) {
            if (verbose_mode_) {
647
                cerr << "[b10-auth] failed to notify Zonemgr: "
648
                     << parsed_answer->str() << endl;
649 650
            }
            return (false);
Han Feng's avatar
Han Feng committed
651
        }
652
    } catch (const Exception& ex) {
653
        if (verbose_mode_) {
654
            cerr << "[b10-auth] failed to notify Zonemgr: " << ex.what() << endl;
655
        }
656
        return (false);
657
    }
658

659
    message->makeResponse();
Michal Vaner's avatar
Michal Vaner committed
660
    message->setHeaderFlag(Message::HEADERFLAG_AA);
661 662 663 664
    message->setRcode(Rcode::NOERROR());

    MessageRenderer renderer(*buffer);
    message->toWire(renderer);
Han Feng's avatar
Han Feng committed
665
    return (true);
666 667
}

668
void
669
AuthSrvImpl::incCounter(const int protocol) {
670 671
    // Increment query counter.
    if (protocol == IPPROTO_UDP) {
672
        counters_.inc(AuthCounters::COUNTER_UDP_QUERY);
673
    } else if (protocol == IPPROTO_TCP) {
674
        counters_.inc(AuthCounters::COUNTER_TCP_QUERY);
675 676 677 678 679 680
    } else {
        // unknown protocol
        isc_throw(Unexpected, "Unknown protocol: " << protocol);
    }
}

681 682 683
ConstElementPtr
AuthSrvImpl::setDbFile(ConstElementPtr config) {
    ConstElementPtr answer = isc::config::createAnswer();
684 685

    if (config && config->contains("database_file")) {
686
        db_file_ = config->get("database_file")->stringValue();
687
    } else if (config_session_ != NULL) {
688 689
        bool is_default;
        string item("database_file");
690 691
        ConstElementPtr value = config_session_->getValue(is_default, item);
        ElementPtr final = Element::createMap();
692 693 694 695 696 697 698 699 700 701 702 703

        // If the value is the default, and we are running from
        // a specific directory ('from build'), we need to use
        // a different value than the default (which may not exist)
        // (btw, this should not be done here in the end, i think
        //  the from-source script should have a check for this,
        //  but for that we need offline access to config, so for
        //  now this is a decent solution)
        if (is_default && getenv("B10_FROM_BUILD")) {
            value = Element::create(string(getenv("B10_FROM_BUILD")) +
                                    "/bind10_zones.sqlite3");
        }
704
        final->set(item, value);
705
        config = final;
706 707

        db_file_ = value->stringValue();
708 709 710 711 712
    } else {
        return (answer);
    }

    if (verbose_mode_) {
713
        cerr << "[b10-auth] Data source database file: " << db_file_ << endl;
714 715
    }

716 717 718 719 720 721
    // create SQL data source
    // Note: the following step is tricky to be exception-safe and to ensure
    // exception guarantee: We first need to perform all operations that can
    // fail, while acquiring resources in the RAII manner.  We then perform
    // delete and swap operations which should not fail.
    DataSrcPtr datasrc_ptr(DataSrcPtr(new Sqlite3DataSrc));
722
    datasrc_ptr->init(config);
723
    data_sources_.addDataSrc(datasrc_ptr);
724

725 726 727
    // The following code should be exception free.
    if (cur_datasrc_ != NULL) {
        data_sources_.removeDataSrc(cur_datasrc_);
728
    }
729 730
    cur_datasrc_ = datasrc_ptr;

731
    return (answer);
732 733
}