1 /* 2 * iterator/iter_fwd.c - iterative resolver module forward zones. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions to assist the iterator module. 40 * Keep track of forward zones and config settings. 41 */ 42 #include "config.h" 43 #include "iterator/iter_fwd.h" 44 #include "iterator/iter_delegpt.h" 45 #include "util/log.h" 46 #include "util/config_file.h" 47 #include "util/net_help.h" 48 #include "util/data/dname.h" 49 #include "sldns/rrdef.h" 50 #include "sldns/str2wire.h" 51 52 int 53 fwd_cmp(const void* k1, const void* k2) 54 { 55 int m; 56 struct iter_forward_zone* n1 = (struct iter_forward_zone*)k1; 57 struct iter_forward_zone* n2 = (struct iter_forward_zone*)k2; 58 if(n1->dclass != n2->dclass) { 59 if(n1->dclass < n2->dclass) 60 return -1; 61 return 1; 62 } 63 return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs, 64 &m); 65 } 66 67 struct iter_forwards* 68 forwards_create(void) 69 { 70 struct iter_forwards* fwd = (struct iter_forwards*)calloc(1, 71 sizeof(struct iter_forwards)); 72 if(!fwd) 73 return NULL; 74 lock_rw_init(&fwd->lock); 75 return fwd; 76 } 77 78 static void fwd_zone_free(struct iter_forward_zone* n) 79 { 80 if(!n) return; 81 delegpt_free_mlc(n->dp); 82 free(n->name); 83 free(n); 84 } 85 86 static void delfwdnode(rbnode_type* n, void* ATTR_UNUSED(arg)) 87 { 88 struct iter_forward_zone* node = (struct iter_forward_zone*)n; 89 fwd_zone_free(node); 90 } 91 92 static void fwd_del_tree(struct iter_forwards* fwd) 93 { 94 if(fwd->tree) 95 traverse_postorder(fwd->tree, &delfwdnode, NULL); 96 free(fwd->tree); 97 } 98 99 void 100 forwards_delete(struct iter_forwards* fwd) 101 { 102 if(!fwd) 103 return; 104 lock_rw_destroy(&fwd->lock); 105 fwd_del_tree(fwd); 106 free(fwd); 107 } 108 109 /** insert info into forward structure */ 110 static int 111 forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm, 112 size_t nmlen, int nmlabs, struct delegpt* dp) 113 { 114 struct iter_forward_zone* node = (struct iter_forward_zone*)malloc( 115 sizeof(struct iter_forward_zone)); 116 if(!node) { 117 delegpt_free_mlc(dp); 118 return 0; 119 } 120 node->node.key = node; 121 node->dclass = c; 122 node->name = memdup(nm, nmlen); 123 if(!node->name) { 124 delegpt_free_mlc(dp); 125 free(node); 126 return 0; 127 } 128 node->namelen = nmlen; 129 node->namelabs = nmlabs; 130 node->dp = dp; 131 if(!rbtree_insert(fwd->tree, &node->node)) { 132 char buf[LDNS_MAX_DOMAINLEN]; 133 dname_str(nm, buf); 134 log_err("duplicate forward zone %s ignored.", buf); 135 delegpt_free_mlc(dp); 136 free(node->name); 137 free(node); 138 } 139 return 1; 140 } 141 142 /** insert new info into forward structure given dp */ 143 static int 144 forwards_insert(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp) 145 { 146 return forwards_insert_data(fwd, c, dp->name, dp->namelen, 147 dp->namelabs, dp); 148 } 149 150 /** initialise parent pointers in the tree */ 151 static void 152 fwd_init_parents(struct iter_forwards* fwd) 153 { 154 struct iter_forward_zone* node, *prev = NULL, *p; 155 int m; 156 RBTREE_FOR(node, struct iter_forward_zone*, fwd->tree) { 157 node->parent = NULL; 158 if(!prev || prev->dclass != node->dclass) { 159 prev = node; 160 continue; 161 } 162 (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, 163 node->namelabs, &m); /* we know prev is smaller */ 164 /* sort order like: . com. bla.com. zwb.com. net. */ 165 /* find the previous, or parent-parent-parent */ 166 for(p = prev; p; p = p->parent) 167 /* looking for name with few labels, a parent */ 168 if(p->namelabs <= m) { 169 /* ==: since prev matched m, this is closest*/ 170 /* <: prev matches more, but is not a parent, 171 * this one is a (grand)parent */ 172 node->parent = p; 173 break; 174 } 175 prev = node; 176 } 177 } 178 179 /** set zone name */ 180 static struct delegpt* 181 read_fwds_name(struct config_stub* s) 182 { 183 struct delegpt* dp; 184 uint8_t* dname; 185 size_t dname_len; 186 if(!s->name) { 187 log_err("forward zone without a name (use name \".\" to forward everything)"); 188 return NULL; 189 } 190 dname = sldns_str2wire_dname(s->name, &dname_len); 191 if(!dname) { 192 log_err("cannot parse forward zone name %s", s->name); 193 return NULL; 194 } 195 if(!(dp=delegpt_create_mlc(dname))) { 196 free(dname); 197 log_err("out of memory"); 198 return NULL; 199 } 200 free(dname); 201 return dp; 202 } 203 204 /** set fwd host names */ 205 static int 206 read_fwds_host(struct config_stub* s, struct delegpt* dp) 207 { 208 struct config_strlist* p; 209 uint8_t* dname; 210 char* tls_auth_name; 211 int port; 212 for(p = s->hosts; p; p = p->next) { 213 log_assert(p->str); 214 dname = authextstrtodname(p->str, &port, &tls_auth_name); 215 if(!dname) { 216 log_err("cannot parse forward %s server name: '%s'", 217 s->name, p->str); 218 return 0; 219 } 220 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) 221 if(tls_auth_name) 222 log_err("no name verification functionality in " 223 "ssl library, ignored name for %s", p->str); 224 #endif 225 if(!delegpt_add_ns_mlc(dp, dname, 0, tls_auth_name, port)) { 226 free(dname); 227 log_err("out of memory"); 228 return 0; 229 } 230 free(dname); 231 } 232 return 1; 233 } 234 235 /** set fwd server addresses */ 236 static int 237 read_fwds_addr(struct config_stub* s, struct delegpt* dp) 238 { 239 struct config_strlist* p; 240 struct sockaddr_storage addr; 241 socklen_t addrlen; 242 char* tls_auth_name; 243 for(p = s->addrs; p; p = p->next) { 244 log_assert(p->str); 245 if(!authextstrtoaddr(p->str, &addr, &addrlen, &tls_auth_name)) { 246 log_err("cannot parse forward %s ip address: '%s'", 247 s->name, p->str); 248 return 0; 249 } 250 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) 251 if(tls_auth_name) 252 log_err("no name verification functionality in " 253 "ssl library, ignored name for %s", p->str); 254 #endif 255 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0, 256 tls_auth_name, -1)) { 257 log_err("out of memory"); 258 return 0; 259 } 260 } 261 return 1; 262 } 263 264 /** read forwards config */ 265 static int 266 read_forwards(struct iter_forwards* fwd, struct config_file* cfg) 267 { 268 struct config_stub* s; 269 for(s = cfg->forwards; s; s = s->next) { 270 struct delegpt* dp; 271 if(!(dp=read_fwds_name(s))) 272 return 0; 273 if(!read_fwds_host(s, dp) || !read_fwds_addr(s, dp)) { 274 delegpt_free_mlc(dp); 275 return 0; 276 } 277 /* set flag that parent side NS information is included. 278 * Asking a (higher up) server on the internet is not useful */ 279 /* the flag is turned off for 'forward-first' so that the 280 * last resort will ask for parent-side NS record and thus 281 * fallback to the internet name servers on a failure */ 282 dp->has_parent_side_NS = (uint8_t)!s->isfirst; 283 /* Do not cache if set. */ 284 dp->no_cache = s->no_cache; 285 /* use SSL for queries to this forwarder */ 286 dp->ssl_upstream = (uint8_t)s->ssl_upstream; 287 /* use TCP for queries to this forwarder */ 288 dp->tcp_upstream = (uint8_t)s->tcp_upstream; 289 verbose(VERB_QUERY, "Forward zone server list:"); 290 delegpt_log(VERB_QUERY, dp); 291 if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp)) 292 return 0; 293 } 294 return 1; 295 } 296 297 /** insert a stub hole (if necessary) for stub name */ 298 static int 299 fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) 300 { 301 struct iter_forward_zone key; 302 key.node.key = &key; 303 key.dclass = c; 304 key.name = nm; 305 key.namelabs = dname_count_size_labels(key.name, &key.namelen); 306 return forwards_insert_data(fwd, key.dclass, key.name, 307 key.namelen, key.namelabs, NULL); 308 } 309 310 /** make NULL entries for stubs */ 311 static int 312 make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg) 313 { 314 struct config_stub* s; 315 uint8_t* dname; 316 size_t dname_len; 317 for(s = cfg->stubs; s; s = s->next) { 318 if(!s->name) continue; 319 dname = sldns_str2wire_dname(s->name, &dname_len); 320 if(!dname) { 321 log_err("cannot parse stub name '%s'", s->name); 322 return 0; 323 } 324 if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) { 325 free(dname); 326 log_err("out of memory"); 327 return 0; 328 } 329 free(dname); 330 } 331 return 1; 332 } 333 334 /** make NULL entries for auths */ 335 static int 336 make_auth_holes(struct iter_forwards* fwd, struct config_file* cfg) 337 { 338 struct config_auth* a; 339 uint8_t* dname; 340 size_t dname_len; 341 for(a = cfg->auths; a; a = a->next) { 342 if(!a->name) continue; 343 dname = sldns_str2wire_dname(a->name, &dname_len); 344 if(!dname) { 345 log_err("cannot parse auth name '%s'", a->name); 346 return 0; 347 } 348 if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) { 349 free(dname); 350 log_err("out of memory"); 351 return 0; 352 } 353 free(dname); 354 } 355 return 1; 356 } 357 358 int 359 forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg) 360 { 361 if(fwd->tree) { 362 lock_unprotect(&fwd->lock, fwd->tree); 363 } 364 fwd_del_tree(fwd); 365 fwd->tree = rbtree_create(fwd_cmp); 366 if(!fwd->tree) 367 return 0; 368 lock_protect(&fwd->lock, fwd->tree, sizeof(*fwd->tree)); 369 370 lock_rw_wrlock(&fwd->lock); 371 /* read forward zones */ 372 if(!read_forwards(fwd, cfg)) { 373 lock_rw_unlock(&fwd->lock); 374 return 0; 375 } 376 if(!make_stub_holes(fwd, cfg)) { 377 lock_rw_unlock(&fwd->lock); 378 return 0; 379 } 380 /* TODO: Now we punch holes for auth zones as well so that in 381 * iterator:forward_request() we see the configured 382 * delegation point, but code flow/naming is hard to follow. 383 * Consider having a single tree with configured 384 * delegation points for all categories 385 * (stubs, forwards, auths). */ 386 if(!make_auth_holes(fwd, cfg)) { 387 lock_rw_unlock(&fwd->lock); 388 return 0; 389 } 390 fwd_init_parents(fwd); 391 lock_rw_unlock(&fwd->lock); 392 return 1; 393 } 394 395 struct delegpt* 396 forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass, 397 int nolock) 398 { 399 struct iter_forward_zone* res; 400 struct iter_forward_zone key; 401 int has_dp; 402 key.node.key = &key; 403 key.dclass = qclass; 404 key.name = qname; 405 key.namelabs = dname_count_size_labels(qname, &key.namelen); 406 /* lock_() calls are macros that could be nothing, surround in {} */ 407 if(!nolock) { lock_rw_rdlock(&fwd->lock); } 408 res = (struct iter_forward_zone*)rbtree_search(fwd->tree, &key); 409 has_dp = res && res->dp; 410 if(!has_dp && !nolock) { lock_rw_unlock(&fwd->lock); } 411 return has_dp?res->dp:NULL; 412 } 413 414 struct delegpt* 415 forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass, 416 int nolock) 417 { 418 /* lookup the forward zone in the tree */ 419 rbnode_type* res = NULL; 420 struct iter_forward_zone *result; 421 struct iter_forward_zone key; 422 int has_dp; 423 key.node.key = &key; 424 key.dclass = qclass; 425 key.name = qname; 426 key.namelabs = dname_count_size_labels(qname, &key.namelen); 427 /* lock_() calls are macros that could be nothing, surround in {} */ 428 if(!nolock) { lock_rw_rdlock(&fwd->lock); } 429 if(rbtree_find_less_equal(fwd->tree, &key, &res)) { 430 /* exact */ 431 result = (struct iter_forward_zone*)res; 432 } else { 433 /* smaller element (or no element) */ 434 int m; 435 result = (struct iter_forward_zone*)res; 436 if(!result || result->dclass != qclass) { 437 if(!nolock) { lock_rw_unlock(&fwd->lock); } 438 return NULL; 439 } 440 /* count number of labels matched */ 441 (void)dname_lab_cmp(result->name, result->namelabs, key.name, 442 key.namelabs, &m); 443 while(result) { /* go up until qname is subdomain of stub */ 444 if(result->namelabs <= m) 445 break; 446 result = result->parent; 447 } 448 } 449 has_dp = result && result->dp; 450 if(!has_dp && !nolock) { lock_rw_unlock(&fwd->lock); } 451 return has_dp?result->dp:NULL; 452 } 453 454 struct delegpt* 455 forwards_lookup_root(struct iter_forwards* fwd, uint16_t qclass, int nolock) 456 { 457 uint8_t root = 0; 458 return forwards_lookup(fwd, &root, qclass, nolock); 459 } 460 461 /* Finds next root item in forwards lookup tree. 462 * Caller needs to handle locking of the forwards structure. */ 463 static int 464 next_root_locked(struct iter_forwards* fwd, uint16_t* dclass) 465 { 466 struct iter_forward_zone key; 467 rbnode_type* n; 468 struct iter_forward_zone* p; 469 if(*dclass == 0) { 470 /* first root item is first item in tree */ 471 n = rbtree_first(fwd->tree); 472 if(n == RBTREE_NULL) 473 return 0; 474 p = (struct iter_forward_zone*)n; 475 if(dname_is_root(p->name)) { 476 *dclass = p->dclass; 477 return 1; 478 } 479 /* root not first item? search for higher items */ 480 *dclass = p->dclass + 1; 481 return next_root_locked(fwd, dclass); 482 } 483 /* find class n in tree, we may get a direct hit, or if we don't 484 * this is the last item of the previous class so rbtree_next() takes 485 * us to the next root (if any) */ 486 key.node.key = &key; 487 key.name = (uint8_t*)"\000"; 488 key.namelen = 1; 489 key.namelabs = 0; 490 key.dclass = *dclass; 491 n = NULL; 492 if(rbtree_find_less_equal(fwd->tree, &key, &n)) { 493 /* exact */ 494 return 1; 495 } else { 496 /* smaller element */ 497 if(!n || n == RBTREE_NULL) 498 return 0; /* nothing found */ 499 n = rbtree_next(n); 500 if(n == RBTREE_NULL) 501 return 0; /* no higher */ 502 p = (struct iter_forward_zone*)n; 503 if(dname_is_root(p->name)) { 504 *dclass = p->dclass; 505 return 1; 506 } 507 /* not a root node, return next higher item */ 508 *dclass = p->dclass+1; 509 return next_root_locked(fwd, dclass); 510 } 511 } 512 513 int 514 forwards_next_root(struct iter_forwards* fwd, uint16_t* dclass, int nolock) 515 { 516 int ret; 517 /* lock_() calls are macros that could be nothing, surround in {} */ 518 if(!nolock) { lock_rw_rdlock(&fwd->lock); } 519 ret = next_root_locked(fwd, dclass); 520 if(!nolock) { lock_rw_unlock(&fwd->lock); } 521 return ret; 522 } 523 524 size_t 525 forwards_get_mem(struct iter_forwards* fwd) 526 { 527 struct iter_forward_zone* p; 528 size_t s; 529 if(!fwd) 530 return 0; 531 lock_rw_rdlock(&fwd->lock); 532 s = sizeof(*fwd) + sizeof(*fwd->tree); 533 RBTREE_FOR(p, struct iter_forward_zone*, fwd->tree) { 534 s += sizeof(*p) + p->namelen + delegpt_get_mem(p->dp); 535 } 536 lock_rw_unlock(&fwd->lock); 537 return s; 538 } 539 540 static struct iter_forward_zone* 541 fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm) 542 { 543 struct iter_forward_zone key; 544 key.node.key = &key; 545 key.dclass = c; 546 key.name = nm; 547 key.namelabs = dname_count_size_labels(nm, &key.namelen); 548 return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key); 549 } 550 551 int 552 forwards_add_zone(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp, 553 int nolock) 554 { 555 struct iter_forward_zone *z; 556 /* lock_() calls are macros that could be nothing, surround in {} */ 557 if(!nolock) { lock_rw_wrlock(&fwd->lock); } 558 if((z=fwd_zone_find(fwd, c, dp->name)) != NULL) { 559 (void)rbtree_delete(fwd->tree, &z->node); 560 fwd_zone_free(z); 561 } 562 if(!forwards_insert(fwd, c, dp)) { 563 if(!nolock) { lock_rw_unlock(&fwd->lock); } 564 return 0; 565 } 566 fwd_init_parents(fwd); 567 if(!nolock) { lock_rw_unlock(&fwd->lock); } 568 return 1; 569 } 570 571 void 572 forwards_delete_zone(struct iter_forwards* fwd, uint16_t c, uint8_t* nm, 573 int nolock) 574 { 575 struct iter_forward_zone *z; 576 /* lock_() calls are macros that could be nothing, surround in {} */ 577 if(!nolock) { lock_rw_wrlock(&fwd->lock); } 578 if(!(z=fwd_zone_find(fwd, c, nm))) { 579 if(!nolock) { lock_rw_unlock(&fwd->lock); } 580 return; /* nothing to do */ 581 } 582 (void)rbtree_delete(fwd->tree, &z->node); 583 fwd_zone_free(z); 584 fwd_init_parents(fwd); 585 if(!nolock) { lock_rw_unlock(&fwd->lock); } 586 } 587 588 int 589 forwards_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm, 590 int nolock) 591 { 592 /* lock_() calls are macros that could be nothing, surround in {} */ 593 if(!nolock) { lock_rw_wrlock(&fwd->lock); } 594 if(fwd_zone_find(fwd, c, nm) != NULL) { 595 if(!nolock) { lock_rw_unlock(&fwd->lock); } 596 return 1; /* already a stub zone there */ 597 } 598 if(!fwd_add_stub_hole(fwd, c, nm)) { 599 if(!nolock) { lock_rw_unlock(&fwd->lock); } 600 return 0; 601 } 602 fwd_init_parents(fwd); 603 if(!nolock) { lock_rw_unlock(&fwd->lock); } 604 return 1; 605 } 606 607 void 608 forwards_delete_stub_hole(struct iter_forwards* fwd, uint16_t c, 609 uint8_t* nm, int nolock) 610 { 611 struct iter_forward_zone *z; 612 /* lock_() calls are macros that could be nothing, surround in {} */ 613 if(!nolock) { lock_rw_wrlock(&fwd->lock); } 614 if(!(z=fwd_zone_find(fwd, c, nm))) { 615 if(!nolock) { lock_rw_unlock(&fwd->lock); } 616 return; /* nothing to do */ 617 } 618 if(z->dp != NULL) { 619 if(!nolock) { lock_rw_unlock(&fwd->lock); } 620 return; /* not a stub hole */ 621 } 622 (void)rbtree_delete(fwd->tree, &z->node); 623 fwd_zone_free(z); 624 fwd_init_parents(fwd); 625 if(!nolock) { lock_rw_unlock(&fwd->lock); } 626 } 627 628 void 629 forwards_swap_tree(struct iter_forwards* fwd, struct iter_forwards* data) 630 { 631 rbtree_type* oldtree = fwd->tree; 632 if(oldtree) { 633 lock_unprotect(&fwd->lock, oldtree); 634 } 635 if(data->tree) { 636 lock_unprotect(&data->lock, data->tree); 637 } 638 fwd->tree = data->tree; 639 data->tree = oldtree; 640 lock_protect(&fwd->lock, fwd->tree, sizeof(*fwd->tree)); 641 lock_protect(&data->lock, data->tree, sizeof(*data->tree)); 642 } 643