1 /*
2 * iterator/iter_fwd.c - iterative resolver module forward zones.
3 *
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
5 *
6 * This software is open source.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
18 *
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
35
36 /**
37 * \file
38 *
39 * This file contains functions to assist the iterator module.
40 * Keep track of forward zones and config settings.
41 */
42 #include "config.h"
43 #include "iterator/iter_fwd.h"
44 #include "iterator/iter_delegpt.h"
45 #include "util/log.h"
46 #include "util/config_file.h"
47 #include "util/net_help.h"
48 #include "util/data/dname.h"
49 #include "sldns/rrdef.h"
50 #include "sldns/str2wire.h"
51
52 int
fwd_cmp(const void * k1,const void * k2)53 fwd_cmp(const void* k1, const void* k2)
54 {
55 int m;
56 struct iter_forward_zone* n1 = (struct iter_forward_zone*)k1;
57 struct iter_forward_zone* n2 = (struct iter_forward_zone*)k2;
58 if(n1->dclass != n2->dclass) {
59 if(n1->dclass < n2->dclass)
60 return -1;
61 return 1;
62 }
63 return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs,
64 &m);
65 }
66
67 struct iter_forwards*
forwards_create(void)68 forwards_create(void)
69 {
70 struct iter_forwards* fwd = (struct iter_forwards*)calloc(1,
71 sizeof(struct iter_forwards));
72 if(!fwd)
73 return NULL;
74 lock_rw_init(&fwd->lock);
75 return fwd;
76 }
77
fwd_zone_free(struct iter_forward_zone * n)78 static void fwd_zone_free(struct iter_forward_zone* n)
79 {
80 if(!n) return;
81 delegpt_free_mlc(n->dp);
82 free(n->name);
83 free(n);
84 }
85
delfwdnode(rbnode_type * n,void * ATTR_UNUSED (arg))86 static void delfwdnode(rbnode_type* n, void* ATTR_UNUSED(arg))
87 {
88 struct iter_forward_zone* node = (struct iter_forward_zone*)n;
89 fwd_zone_free(node);
90 }
91
fwd_del_tree(struct iter_forwards * fwd)92 static void fwd_del_tree(struct iter_forwards* fwd)
93 {
94 if(fwd->tree)
95 traverse_postorder(fwd->tree, &delfwdnode, NULL);
96 free(fwd->tree);
97 }
98
99 void
forwards_delete(struct iter_forwards * fwd)100 forwards_delete(struct iter_forwards* fwd)
101 {
102 if(!fwd)
103 return;
104 lock_rw_destroy(&fwd->lock);
105 fwd_del_tree(fwd);
106 free(fwd);
107 }
108
109 /** insert info into forward structure */
110 static int
forwards_insert_data(struct iter_forwards * fwd,uint16_t c,uint8_t * nm,size_t nmlen,int nmlabs,struct delegpt * dp)111 forwards_insert_data(struct iter_forwards* fwd, uint16_t c, uint8_t* nm,
112 size_t nmlen, int nmlabs, struct delegpt* dp)
113 {
114 struct iter_forward_zone* node = (struct iter_forward_zone*)malloc(
115 sizeof(struct iter_forward_zone));
116 if(!node) {
117 delegpt_free_mlc(dp);
118 return 0;
119 }
120 node->node.key = node;
121 node->dclass = c;
122 node->name = memdup(nm, nmlen);
123 if(!node->name) {
124 delegpt_free_mlc(dp);
125 free(node);
126 return 0;
127 }
128 node->namelen = nmlen;
129 node->namelabs = nmlabs;
130 node->dp = dp;
131 if(!rbtree_insert(fwd->tree, &node->node)) {
132 char buf[257];
133 dname_str(nm, buf);
134 log_err("duplicate forward zone %s ignored.", buf);
135 delegpt_free_mlc(dp);
136 free(node->name);
137 free(node);
138 }
139 return 1;
140 }
141
142 /** insert new info into forward structure given dp */
143 static int
forwards_insert(struct iter_forwards * fwd,uint16_t c,struct delegpt * dp)144 forwards_insert(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp)
145 {
146 return forwards_insert_data(fwd, c, dp->name, dp->namelen,
147 dp->namelabs, dp);
148 }
149
150 /** initialise parent pointers in the tree */
151 static void
fwd_init_parents(struct iter_forwards * fwd)152 fwd_init_parents(struct iter_forwards* fwd)
153 {
154 struct iter_forward_zone* node, *prev = NULL, *p;
155 int m;
156 RBTREE_FOR(node, struct iter_forward_zone*, fwd->tree) {
157 node->parent = NULL;
158 if(!prev || prev->dclass != node->dclass) {
159 prev = node;
160 continue;
161 }
162 (void)dname_lab_cmp(prev->name, prev->namelabs, node->name,
163 node->namelabs, &m); /* we know prev is smaller */
164 /* sort order like: . com. bla.com. zwb.com. net. */
165 /* find the previous, or parent-parent-parent */
166 for(p = prev; p; p = p->parent)
167 /* looking for name with few labels, a parent */
168 if(p->namelabs <= m) {
169 /* ==: since prev matched m, this is closest*/
170 /* <: prev matches more, but is not a parent,
171 * this one is a (grand)parent */
172 node->parent = p;
173 break;
174 }
175 prev = node;
176 }
177 }
178
179 /** set zone name */
180 static struct delegpt*
read_fwds_name(struct config_stub * s)181 read_fwds_name(struct config_stub* s)
182 {
183 struct delegpt* dp;
184 uint8_t* dname;
185 size_t dname_len;
186 if(!s->name) {
187 log_err("forward zone without a name (use name \".\" to forward everything)");
188 return NULL;
189 }
190 dname = sldns_str2wire_dname(s->name, &dname_len);
191 if(!dname) {
192 log_err("cannot parse forward zone name %s", s->name);
193 return NULL;
194 }
195 if(!(dp=delegpt_create_mlc(dname))) {
196 free(dname);
197 log_err("out of memory");
198 return NULL;
199 }
200 free(dname);
201 return dp;
202 }
203
204 /** set fwd host names */
205 static int
read_fwds_host(struct config_stub * s,struct delegpt * dp)206 read_fwds_host(struct config_stub* s, struct delegpt* dp)
207 {
208 struct config_strlist* p;
209 uint8_t* dname;
210 char* tls_auth_name;
211 int port;
212 for(p = s->hosts; p; p = p->next) {
213 log_assert(p->str);
214 dname = authextstrtodname(p->str, &port, &tls_auth_name);
215 if(!dname) {
216 log_err("cannot parse forward %s server name: '%s'",
217 s->name, p->str);
218 return 0;
219 }
220 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
221 if(tls_auth_name)
222 log_err("no name verification functionality in "
223 "ssl library, ignored name for %s", p->str);
224 #endif
225 if(!delegpt_add_ns_mlc(dp, dname, 0, tls_auth_name, port)) {
226 free(dname);
227 log_err("out of memory");
228 return 0;
229 }
230 free(dname);
231 }
232 return 1;
233 }
234
235 /** set fwd server addresses */
236 static int
read_fwds_addr(struct config_stub * s,struct delegpt * dp)237 read_fwds_addr(struct config_stub* s, struct delegpt* dp)
238 {
239 struct config_strlist* p;
240 struct sockaddr_storage addr;
241 socklen_t addrlen;
242 char* tls_auth_name;
243 for(p = s->addrs; p; p = p->next) {
244 log_assert(p->str);
245 if(!authextstrtoaddr(p->str, &addr, &addrlen, &tls_auth_name)) {
246 log_err("cannot parse forward %s ip address: '%s'",
247 s->name, p->str);
248 return 0;
249 }
250 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
251 if(tls_auth_name)
252 log_err("no name verification functionality in "
253 "ssl library, ignored name for %s", p->str);
254 #endif
255 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
256 tls_auth_name, -1)) {
257 log_err("out of memory");
258 return 0;
259 }
260 }
261 return 1;
262 }
263
264 /** read forwards config */
265 static int
read_forwards(struct iter_forwards * fwd,struct config_file * cfg)266 read_forwards(struct iter_forwards* fwd, struct config_file* cfg)
267 {
268 struct config_stub* s;
269 for(s = cfg->forwards; s; s = s->next) {
270 struct delegpt* dp;
271 if(!(dp=read_fwds_name(s)))
272 return 0;
273 if(!read_fwds_host(s, dp) || !read_fwds_addr(s, dp)) {
274 delegpt_free_mlc(dp);
275 return 0;
276 }
277 /* set flag that parent side NS information is included.
278 * Asking a (higher up) server on the internet is not useful */
279 /* the flag is turned off for 'forward-first' so that the
280 * last resort will ask for parent-side NS record and thus
281 * fallback to the internet name servers on a failure */
282 dp->has_parent_side_NS = (uint8_t)!s->isfirst;
283 /* Do not cache if set. */
284 dp->no_cache = s->no_cache;
285 /* use SSL for queries to this forwarder */
286 dp->ssl_upstream = (uint8_t)s->ssl_upstream;
287 /* use TCP for queries to this forwarder */
288 dp->tcp_upstream = (uint8_t)s->tcp_upstream;
289 verbose(VERB_QUERY, "Forward zone server list:");
290 delegpt_log(VERB_QUERY, dp);
291 if(!forwards_insert(fwd, LDNS_RR_CLASS_IN, dp))
292 return 0;
293 }
294 return 1;
295 }
296
297 /** insert a stub hole (if necessary) for stub name */
298 static int
fwd_add_stub_hole(struct iter_forwards * fwd,uint16_t c,uint8_t * nm)299 fwd_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
300 {
301 struct iter_forward_zone key;
302 key.node.key = &key;
303 key.dclass = c;
304 key.name = nm;
305 key.namelabs = dname_count_size_labels(key.name, &key.namelen);
306 return forwards_insert_data(fwd, key.dclass, key.name,
307 key.namelen, key.namelabs, NULL);
308 }
309
310 /** make NULL entries for stubs */
311 static int
make_stub_holes(struct iter_forwards * fwd,struct config_file * cfg)312 make_stub_holes(struct iter_forwards* fwd, struct config_file* cfg)
313 {
314 struct config_stub* s;
315 uint8_t* dname;
316 size_t dname_len;
317 for(s = cfg->stubs; s; s = s->next) {
318 if(!s->name) continue;
319 dname = sldns_str2wire_dname(s->name, &dname_len);
320 if(!dname) {
321 log_err("cannot parse stub name '%s'", s->name);
322 return 0;
323 }
324 if(!fwd_add_stub_hole(fwd, LDNS_RR_CLASS_IN, dname)) {
325 free(dname);
326 log_err("out of memory");
327 return 0;
328 }
329 free(dname);
330 }
331 return 1;
332 }
333
334 int
forwards_apply_cfg(struct iter_forwards * fwd,struct config_file * cfg)335 forwards_apply_cfg(struct iter_forwards* fwd, struct config_file* cfg)
336 {
337 if(fwd->tree) {
338 lock_unprotect(&fwd->lock, fwd->tree);
339 }
340 fwd_del_tree(fwd);
341 fwd->tree = rbtree_create(fwd_cmp);
342 if(!fwd->tree)
343 return 0;
344 lock_protect(&fwd->lock, fwd->tree, sizeof(*fwd->tree));
345
346 lock_rw_wrlock(&fwd->lock);
347 /* read forward zones */
348 if(!read_forwards(fwd, cfg)) {
349 lock_rw_unlock(&fwd->lock);
350 return 0;
351 }
352 if(!make_stub_holes(fwd, cfg)) {
353 lock_rw_unlock(&fwd->lock);
354 return 0;
355 }
356 fwd_init_parents(fwd);
357 lock_rw_unlock(&fwd->lock);
358 return 1;
359 }
360
361 struct delegpt*
forwards_find(struct iter_forwards * fwd,uint8_t * qname,uint16_t qclass,int nolock)362 forwards_find(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass,
363 int nolock)
364 {
365 struct iter_forward_zone* res;
366 struct iter_forward_zone key;
367 int has_dp;
368 key.node.key = &key;
369 key.dclass = qclass;
370 key.name = qname;
371 key.namelabs = dname_count_size_labels(qname, &key.namelen);
372 /* lock_() calls are macros that could be nothing, surround in {} */
373 if(!nolock) { lock_rw_rdlock(&fwd->lock); }
374 res = (struct iter_forward_zone*)rbtree_search(fwd->tree, &key);
375 has_dp = res && res->dp;
376 if(!has_dp && !nolock) { lock_rw_unlock(&fwd->lock); }
377 return has_dp?res->dp:NULL;
378 }
379
380 struct delegpt*
forwards_lookup(struct iter_forwards * fwd,uint8_t * qname,uint16_t qclass,int nolock)381 forwards_lookup(struct iter_forwards* fwd, uint8_t* qname, uint16_t qclass,
382 int nolock)
383 {
384 /* lookup the forward zone in the tree */
385 rbnode_type* res = NULL;
386 struct iter_forward_zone *result;
387 struct iter_forward_zone key;
388 int has_dp;
389 key.node.key = &key;
390 key.dclass = qclass;
391 key.name = qname;
392 key.namelabs = dname_count_size_labels(qname, &key.namelen);
393 /* lock_() calls are macros that could be nothing, surround in {} */
394 if(!nolock) { lock_rw_rdlock(&fwd->lock); }
395 if(rbtree_find_less_equal(fwd->tree, &key, &res)) {
396 /* exact */
397 result = (struct iter_forward_zone*)res;
398 } else {
399 /* smaller element (or no element) */
400 int m;
401 result = (struct iter_forward_zone*)res;
402 if(!result || result->dclass != qclass) {
403 if(!nolock) { lock_rw_unlock(&fwd->lock); }
404 return NULL;
405 }
406 /* count number of labels matched */
407 (void)dname_lab_cmp(result->name, result->namelabs, key.name,
408 key.namelabs, &m);
409 while(result) { /* go up until qname is subdomain of stub */
410 if(result->namelabs <= m)
411 break;
412 result = result->parent;
413 }
414 }
415 has_dp = result && result->dp;
416 if(!has_dp && !nolock) { lock_rw_unlock(&fwd->lock); }
417 return has_dp?result->dp:NULL;
418 }
419
420 struct delegpt*
forwards_lookup_root(struct iter_forwards * fwd,uint16_t qclass,int nolock)421 forwards_lookup_root(struct iter_forwards* fwd, uint16_t qclass, int nolock)
422 {
423 uint8_t root = 0;
424 return forwards_lookup(fwd, &root, qclass, nolock);
425 }
426
427 /* Finds next root item in forwards lookup tree.
428 * Caller needs to handle locking of the forwards structure. */
429 static int
next_root_locked(struct iter_forwards * fwd,uint16_t * dclass)430 next_root_locked(struct iter_forwards* fwd, uint16_t* dclass)
431 {
432 struct iter_forward_zone key;
433 rbnode_type* n;
434 struct iter_forward_zone* p;
435 if(*dclass == 0) {
436 /* first root item is first item in tree */
437 n = rbtree_first(fwd->tree);
438 if(n == RBTREE_NULL)
439 return 0;
440 p = (struct iter_forward_zone*)n;
441 if(dname_is_root(p->name)) {
442 *dclass = p->dclass;
443 return 1;
444 }
445 /* root not first item? search for higher items */
446 *dclass = p->dclass + 1;
447 return next_root_locked(fwd, dclass);
448 }
449 /* find class n in tree, we may get a direct hit, or if we don't
450 * this is the last item of the previous class so rbtree_next() takes
451 * us to the next root (if any) */
452 key.node.key = &key;
453 key.name = (uint8_t*)"\000";
454 key.namelen = 1;
455 key.namelabs = 0;
456 key.dclass = *dclass;
457 n = NULL;
458 if(rbtree_find_less_equal(fwd->tree, &key, &n)) {
459 /* exact */
460 return 1;
461 } else {
462 /* smaller element */
463 if(!n || n == RBTREE_NULL)
464 return 0; /* nothing found */
465 n = rbtree_next(n);
466 if(n == RBTREE_NULL)
467 return 0; /* no higher */
468 p = (struct iter_forward_zone*)n;
469 if(dname_is_root(p->name)) {
470 *dclass = p->dclass;
471 return 1;
472 }
473 /* not a root node, return next higher item */
474 *dclass = p->dclass+1;
475 return next_root_locked(fwd, dclass);
476 }
477 }
478
479 int
forwards_next_root(struct iter_forwards * fwd,uint16_t * dclass,int nolock)480 forwards_next_root(struct iter_forwards* fwd, uint16_t* dclass, int nolock)
481 {
482 int ret;
483 /* lock_() calls are macros that could be nothing, surround in {} */
484 if(!nolock) { lock_rw_rdlock(&fwd->lock); }
485 ret = next_root_locked(fwd, dclass);
486 if(!nolock) { lock_rw_unlock(&fwd->lock); }
487 return ret;
488 }
489
490 size_t
forwards_get_mem(struct iter_forwards * fwd)491 forwards_get_mem(struct iter_forwards* fwd)
492 {
493 struct iter_forward_zone* p;
494 size_t s;
495 if(!fwd)
496 return 0;
497 lock_rw_rdlock(&fwd->lock);
498 s = sizeof(*fwd) + sizeof(*fwd->tree);
499 RBTREE_FOR(p, struct iter_forward_zone*, fwd->tree) {
500 s += sizeof(*p) + p->namelen + delegpt_get_mem(p->dp);
501 }
502 lock_rw_unlock(&fwd->lock);
503 return s;
504 }
505
506 static struct iter_forward_zone*
fwd_zone_find(struct iter_forwards * fwd,uint16_t c,uint8_t * nm)507 fwd_zone_find(struct iter_forwards* fwd, uint16_t c, uint8_t* nm)
508 {
509 struct iter_forward_zone key;
510 key.node.key = &key;
511 key.dclass = c;
512 key.name = nm;
513 key.namelabs = dname_count_size_labels(nm, &key.namelen);
514 return (struct iter_forward_zone*)rbtree_search(fwd->tree, &key);
515 }
516
517 int
forwards_add_zone(struct iter_forwards * fwd,uint16_t c,struct delegpt * dp,int nolock)518 forwards_add_zone(struct iter_forwards* fwd, uint16_t c, struct delegpt* dp,
519 int nolock)
520 {
521 struct iter_forward_zone *z;
522 /* lock_() calls are macros that could be nothing, surround in {} */
523 if(!nolock) { lock_rw_wrlock(&fwd->lock); }
524 if((z=fwd_zone_find(fwd, c, dp->name)) != NULL) {
525 (void)rbtree_delete(fwd->tree, &z->node);
526 fwd_zone_free(z);
527 }
528 if(!forwards_insert(fwd, c, dp)) {
529 if(!nolock) { lock_rw_unlock(&fwd->lock); }
530 return 0;
531 }
532 fwd_init_parents(fwd);
533 if(!nolock) { lock_rw_unlock(&fwd->lock); }
534 return 1;
535 }
536
537 void
forwards_delete_zone(struct iter_forwards * fwd,uint16_t c,uint8_t * nm,int nolock)538 forwards_delete_zone(struct iter_forwards* fwd, uint16_t c, uint8_t* nm,
539 int nolock)
540 {
541 struct iter_forward_zone *z;
542 /* lock_() calls are macros that could be nothing, surround in {} */
543 if(!nolock) { lock_rw_wrlock(&fwd->lock); }
544 if(!(z=fwd_zone_find(fwd, c, nm))) {
545 if(!nolock) { lock_rw_unlock(&fwd->lock); }
546 return; /* nothing to do */
547 }
548 (void)rbtree_delete(fwd->tree, &z->node);
549 fwd_zone_free(z);
550 fwd_init_parents(fwd);
551 if(!nolock) { lock_rw_unlock(&fwd->lock); }
552 }
553
554 int
forwards_add_stub_hole(struct iter_forwards * fwd,uint16_t c,uint8_t * nm,int nolock)555 forwards_add_stub_hole(struct iter_forwards* fwd, uint16_t c, uint8_t* nm,
556 int nolock)
557 {
558 /* lock_() calls are macros that could be nothing, surround in {} */
559 if(!nolock) { lock_rw_wrlock(&fwd->lock); }
560 if(fwd_zone_find(fwd, c, nm) != NULL) {
561 if(!nolock) { lock_rw_unlock(&fwd->lock); }
562 return 1; /* already a stub zone there */
563 }
564 if(!fwd_add_stub_hole(fwd, c, nm)) {
565 if(!nolock) { lock_rw_unlock(&fwd->lock); }
566 return 0;
567 }
568 fwd_init_parents(fwd);
569 if(!nolock) { lock_rw_unlock(&fwd->lock); }
570 return 1;
571 }
572
573 void
forwards_delete_stub_hole(struct iter_forwards * fwd,uint16_t c,uint8_t * nm,int nolock)574 forwards_delete_stub_hole(struct iter_forwards* fwd, uint16_t c,
575 uint8_t* nm, int nolock)
576 {
577 struct iter_forward_zone *z;
578 /* lock_() calls are macros that could be nothing, surround in {} */
579 if(!nolock) { lock_rw_wrlock(&fwd->lock); }
580 if(!(z=fwd_zone_find(fwd, c, nm))) {
581 if(!nolock) { lock_rw_unlock(&fwd->lock); }
582 return; /* nothing to do */
583 }
584 if(z->dp != NULL) {
585 if(!nolock) { lock_rw_unlock(&fwd->lock); }
586 return; /* not a stub hole */
587 }
588 (void)rbtree_delete(fwd->tree, &z->node);
589 fwd_zone_free(z);
590 fwd_init_parents(fwd);
591 if(!nolock) { lock_rw_unlock(&fwd->lock); }
592 }
593