1 /* 2 * services/authzone.c - authoritative zone that is locally hosted. 3 * 4 * Copyright (c) 2017, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains the functions for an authority zone. This zone 40 * is queried by the iterator, just like a stub or forward zone, but then 41 * the data is locally held. 42 */ 43 44 #include "config.h" 45 #include "services/authzone.h" 46 #include "util/data/dname.h" 47 #include "util/data/msgparse.h" 48 #include "util/data/msgreply.h" 49 #include "util/data/msgencode.h" 50 #include "util/data/packed_rrset.h" 51 #include "util/regional.h" 52 #include "util/net_help.h" 53 #include "util/netevent.h" 54 #include "util/config_file.h" 55 #include "util/log.h" 56 #include "util/module.h" 57 #include "util/random.h" 58 #include "services/cache/dns.h" 59 #include "services/outside_network.h" 60 #include "services/listen_dnsport.h" 61 #include "services/mesh.h" 62 #include "sldns/rrdef.h" 63 #include "sldns/pkthdr.h" 64 #include "sldns/sbuffer.h" 65 #include "sldns/str2wire.h" 66 #include "sldns/wire2str.h" 67 #include "sldns/parseutil.h" 68 #include "sldns/keyraw.h" 69 #include "validator/val_nsec3.h" 70 #include "validator/val_nsec.h" 71 #include "validator/val_secalgo.h" 72 #include "validator/val_sigcrypt.h" 73 #include "validator/val_anchor.h" 74 #include "validator/val_utils.h" 75 #include <ctype.h> 76 77 /** bytes to use for NSEC3 hash buffer. 20 for sha1 */ 78 #define N3HASHBUFLEN 32 79 /** max number of CNAMEs we are willing to follow (in one answer) */ 80 #define MAX_CNAME_CHAIN 8 81 /** timeout for probe packets for SOA */ 82 #define AUTH_PROBE_TIMEOUT 100 /* msec */ 83 /** when to stop with SOA probes (when exponential timeouts exceed this) */ 84 #define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */ 85 /* auth transfer timeout for TCP connections, in msec */ 86 #define AUTH_TRANSFER_TIMEOUT 10000 /* msec */ 87 /* auth transfer max backoff for failed transfers and probes */ 88 #define AUTH_TRANSFER_MAX_BACKOFF 86400 /* sec */ 89 /* auth http port number */ 90 #define AUTH_HTTP_PORT 80 91 /* auth https port number */ 92 #define AUTH_HTTPS_PORT 443 93 /* max depth for nested $INCLUDEs */ 94 #define MAX_INCLUDE_DEPTH 10 95 /** number of timeouts before we fallback from IXFR to AXFR, 96 * because some versions of servers (eg. dnsmasq) drop IXFR packets. */ 97 #define NUM_TIMEOUTS_FALLBACK_IXFR 3 98 99 /** pick up nextprobe task to start waiting to perform transfer actions */ 100 static void xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env, 101 int failure, int lookup_only); 102 /** move to sending the probe packets, next if fails. task_probe */ 103 static void xfr_probe_send_or_end(struct auth_xfer* xfr, 104 struct module_env* env); 105 /** pick up probe task with specified(or NULL) destination first, 106 * or transfer task if nothing to probe, or false if already in progress */ 107 static int xfr_start_probe(struct auth_xfer* xfr, struct module_env* env, 108 struct auth_master* spec); 109 /** delete xfer structure (not its tree entry) */ 110 static void auth_xfer_delete(struct auth_xfer* xfr); 111 112 /** create new dns_msg */ 113 static struct dns_msg* 114 msg_create(struct regional* region, struct query_info* qinfo) 115 { 116 struct dns_msg* msg = (struct dns_msg*)regional_alloc(region, 117 sizeof(struct dns_msg)); 118 if(!msg) 119 return NULL; 120 msg->qinfo.qname = regional_alloc_init(region, qinfo->qname, 121 qinfo->qname_len); 122 if(!msg->qinfo.qname) 123 return NULL; 124 msg->qinfo.qname_len = qinfo->qname_len; 125 msg->qinfo.qtype = qinfo->qtype; 126 msg->qinfo.qclass = qinfo->qclass; 127 msg->qinfo.local_alias = NULL; 128 /* non-packed reply_info, because it needs to grow the array */ 129 msg->rep = (struct reply_info*)regional_alloc_zero(region, 130 sizeof(struct reply_info)-sizeof(struct rrset_ref)); 131 if(!msg->rep) 132 return NULL; 133 msg->rep->flags = (uint16_t)(BIT_QR | BIT_AA); 134 msg->rep->authoritative = 1; 135 msg->rep->reason_bogus = LDNS_EDE_NONE; 136 msg->rep->qdcount = 1; 137 /* rrsets is NULL, no rrsets yet */ 138 return msg; 139 } 140 141 /** grow rrset array by one in msg */ 142 static int 143 msg_grow_array(struct regional* region, struct dns_msg* msg) 144 { 145 if(msg->rep->rrsets == NULL) { 146 msg->rep->rrsets = regional_alloc_zero(region, 147 sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1)); 148 if(!msg->rep->rrsets) 149 return 0; 150 } else { 151 struct ub_packed_rrset_key** rrsets_old = msg->rep->rrsets; 152 msg->rep->rrsets = regional_alloc_zero(region, 153 sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1)); 154 if(!msg->rep->rrsets) 155 return 0; 156 memmove(msg->rep->rrsets, rrsets_old, 157 sizeof(struct ub_packed_rrset_key*)*msg->rep->rrset_count); 158 } 159 return 1; 160 } 161 162 /** get ttl of rrset */ 163 static time_t 164 get_rrset_ttl(struct ub_packed_rrset_key* k) 165 { 166 struct packed_rrset_data* d = (struct packed_rrset_data*) 167 k->entry.data; 168 return d->ttl; 169 } 170 171 /** Copy rrset into region from domain-datanode and packet rrset */ 172 static struct ub_packed_rrset_key* 173 auth_packed_rrset_copy_region(struct auth_zone* z, struct auth_data* node, 174 struct auth_rrset* rrset, struct regional* region, time_t adjust) 175 { 176 struct ub_packed_rrset_key key; 177 memset(&key, 0, sizeof(key)); 178 key.entry.key = &key; 179 key.entry.data = rrset->data; 180 key.rk.dname = node->name; 181 key.rk.dname_len = node->namelen; 182 key.rk.type = htons(rrset->type); 183 key.rk.rrset_class = htons(z->dclass); 184 key.entry.hash = rrset_key_hash(&key.rk); 185 return packed_rrset_copy_region(&key, region, adjust); 186 } 187 188 /** fix up msg->rep TTL and prefetch ttl */ 189 static void 190 msg_ttl(struct dns_msg* msg) 191 { 192 if(msg->rep->rrset_count == 0) return; 193 if(msg->rep->rrset_count == 1) { 194 msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]); 195 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); 196 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; 197 } else if(get_rrset_ttl(msg->rep->rrsets[msg->rep->rrset_count-1]) < 198 msg->rep->ttl) { 199 msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[ 200 msg->rep->rrset_count-1]); 201 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); 202 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; 203 } 204 } 205 206 /** see if rrset is a duplicate in the answer message */ 207 static int 208 msg_rrset_duplicate(struct dns_msg* msg, uint8_t* nm, size_t nmlen, 209 uint16_t type, uint16_t dclass) 210 { 211 size_t i; 212 for(i=0; i<msg->rep->rrset_count; i++) { 213 struct ub_packed_rrset_key* k = msg->rep->rrsets[i]; 214 if(ntohs(k->rk.type) == type && k->rk.dname_len == nmlen && 215 ntohs(k->rk.rrset_class) == dclass && 216 query_dname_compare(k->rk.dname, nm) == 0) 217 return 1; 218 } 219 return 0; 220 } 221 222 /** add rrset to answer section (no auth, add rrsets yet) */ 223 static int 224 msg_add_rrset_an(struct auth_zone* z, struct regional* region, 225 struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) 226 { 227 log_assert(msg->rep->ns_numrrsets == 0); 228 log_assert(msg->rep->ar_numrrsets == 0); 229 if(!rrset || !node) 230 return 1; 231 if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type, 232 z->dclass)) 233 return 1; 234 /* grow array */ 235 if(!msg_grow_array(region, msg)) 236 return 0; 237 /* copy it */ 238 if(!(msg->rep->rrsets[msg->rep->rrset_count] = 239 auth_packed_rrset_copy_region(z, node, rrset, region, 0))) 240 return 0; 241 msg->rep->rrset_count++; 242 msg->rep->an_numrrsets++; 243 msg_ttl(msg); 244 return 1; 245 } 246 247 /** add rrset to authority section (no additional section rrsets yet) */ 248 static int 249 msg_add_rrset_ns(struct auth_zone* z, struct regional* region, 250 struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) 251 { 252 log_assert(msg->rep->ar_numrrsets == 0); 253 if(!rrset || !node) 254 return 1; 255 if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type, 256 z->dclass)) 257 return 1; 258 /* grow array */ 259 if(!msg_grow_array(region, msg)) 260 return 0; 261 /* copy it */ 262 if(!(msg->rep->rrsets[msg->rep->rrset_count] = 263 auth_packed_rrset_copy_region(z, node, rrset, region, 0))) 264 return 0; 265 msg->rep->rrset_count++; 266 msg->rep->ns_numrrsets++; 267 msg_ttl(msg); 268 return 1; 269 } 270 271 /** add rrset to additional section */ 272 static int 273 msg_add_rrset_ar(struct auth_zone* z, struct regional* region, 274 struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) 275 { 276 if(!rrset || !node) 277 return 1; 278 if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type, 279 z->dclass)) 280 return 1; 281 /* grow array */ 282 if(!msg_grow_array(region, msg)) 283 return 0; 284 /* copy it */ 285 if(!(msg->rep->rrsets[msg->rep->rrset_count] = 286 auth_packed_rrset_copy_region(z, node, rrset, region, 0))) 287 return 0; 288 msg->rep->rrset_count++; 289 msg->rep->ar_numrrsets++; 290 msg_ttl(msg); 291 return 1; 292 } 293 294 struct auth_zones* auth_zones_create(void) 295 { 296 struct auth_zones* az = (struct auth_zones*)calloc(1, sizeof(*az)); 297 if(!az) { 298 log_err("out of memory"); 299 return NULL; 300 } 301 rbtree_init(&az->ztree, &auth_zone_cmp); 302 rbtree_init(&az->xtree, &auth_xfer_cmp); 303 lock_rw_init(&az->lock); 304 lock_protect(&az->lock, &az->ztree, sizeof(az->ztree)); 305 lock_protect(&az->lock, &az->xtree, sizeof(az->xtree)); 306 /* also lock protects the rbnode's in struct auth_zone, auth_xfer */ 307 lock_rw_init(&az->rpz_lock); 308 lock_protect(&az->rpz_lock, &az->rpz_first, sizeof(az->rpz_first)); 309 return az; 310 } 311 312 int auth_zone_cmp(const void* z1, const void* z2) 313 { 314 /* first sort on class, so that hierarchy can be maintained within 315 * a class */ 316 struct auth_zone* a = (struct auth_zone*)z1; 317 struct auth_zone* b = (struct auth_zone*)z2; 318 int m; 319 if(a->dclass != b->dclass) { 320 if(a->dclass < b->dclass) 321 return -1; 322 return 1; 323 } 324 /* sorted such that higher zones sort before lower zones (their 325 * contents) */ 326 return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); 327 } 328 329 int auth_data_cmp(const void* z1, const void* z2) 330 { 331 struct auth_data* a = (struct auth_data*)z1; 332 struct auth_data* b = (struct auth_data*)z2; 333 int m; 334 /* canonical sort, because DNSSEC needs that */ 335 return dname_canon_lab_cmp(a->name, a->namelabs, b->name, 336 b->namelabs, &m); 337 } 338 339 int auth_xfer_cmp(const void* z1, const void* z2) 340 { 341 /* first sort on class, so that hierarchy can be maintained within 342 * a class */ 343 struct auth_xfer* a = (struct auth_xfer*)z1; 344 struct auth_xfer* b = (struct auth_xfer*)z2; 345 int m; 346 if(a->dclass != b->dclass) { 347 if(a->dclass < b->dclass) 348 return -1; 349 return 1; 350 } 351 /* sorted such that higher zones sort before lower zones (their 352 * contents) */ 353 return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); 354 } 355 356 /** delete auth rrset node */ 357 static void 358 auth_rrset_delete(struct auth_rrset* rrset) 359 { 360 if(!rrset) return; 361 free(rrset->data); 362 free(rrset); 363 } 364 365 /** delete auth data domain node */ 366 static void 367 auth_data_delete(struct auth_data* n) 368 { 369 struct auth_rrset* p, *np; 370 if(!n) return; 371 p = n->rrsets; 372 while(p) { 373 np = p->next; 374 auth_rrset_delete(p); 375 p = np; 376 } 377 free(n->name); 378 free(n); 379 } 380 381 /** helper traverse to delete zones */ 382 static void 383 auth_data_del(rbnode_type* n, void* ATTR_UNUSED(arg)) 384 { 385 struct auth_data* z = (struct auth_data*)n->key; 386 auth_data_delete(z); 387 } 388 389 /** delete an auth zone structure (tree remove must be done elsewhere) */ 390 static void 391 auth_zone_delete(struct auth_zone* z, struct auth_zones* az) 392 { 393 if(!z) return; 394 lock_rw_destroy(&z->lock); 395 traverse_postorder(&z->data, auth_data_del, NULL); 396 397 if(az && z->rpz) { 398 /* keep RPZ linked list intact */ 399 lock_rw_wrlock(&az->rpz_lock); 400 if(z->rpz_az_prev) 401 z->rpz_az_prev->rpz_az_next = z->rpz_az_next; 402 else 403 az->rpz_first = z->rpz_az_next; 404 if(z->rpz_az_next) 405 z->rpz_az_next->rpz_az_prev = z->rpz_az_prev; 406 lock_rw_unlock(&az->rpz_lock); 407 } 408 if(z->rpz) 409 rpz_delete(z->rpz); 410 free(z->name); 411 free(z->zonefile); 412 free(z); 413 } 414 415 struct auth_zone* 416 auth_zone_create(struct auth_zones* az, uint8_t* nm, size_t nmlen, 417 uint16_t dclass) 418 { 419 struct auth_zone* z = (struct auth_zone*)calloc(1, sizeof(*z)); 420 if(!z) { 421 return NULL; 422 } 423 z->node.key = z; 424 z->dclass = dclass; 425 z->namelen = nmlen; 426 z->namelabs = dname_count_labels(nm); 427 z->name = memdup(nm, nmlen); 428 if(!z->name) { 429 free(z); 430 return NULL; 431 } 432 rbtree_init(&z->data, &auth_data_cmp); 433 lock_rw_init(&z->lock); 434 lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)- 435 sizeof(&z->rpz_az_next)-sizeof(&z->rpz_az_prev)); 436 lock_rw_wrlock(&z->lock); 437 /* z lock protects all, except rbtree itself and the rpz linked list 438 * pointers, which are protected using az->lock */ 439 if(!rbtree_insert(&az->ztree, &z->node)) { 440 lock_rw_unlock(&z->lock); 441 auth_zone_delete(z, NULL); 442 log_warn("duplicate auth zone"); 443 return NULL; 444 } 445 return z; 446 } 447 448 struct auth_zone* 449 auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen, 450 uint16_t dclass) 451 { 452 struct auth_zone key; 453 key.node.key = &key; 454 key.dclass = dclass; 455 key.name = nm; 456 key.namelen = nmlen; 457 key.namelabs = dname_count_labels(nm); 458 return (struct auth_zone*)rbtree_search(&az->ztree, &key); 459 } 460 461 struct auth_xfer* 462 auth_xfer_find(struct auth_zones* az, uint8_t* nm, size_t nmlen, 463 uint16_t dclass) 464 { 465 struct auth_xfer key; 466 key.node.key = &key; 467 key.dclass = dclass; 468 key.name = nm; 469 key.namelen = nmlen; 470 key.namelabs = dname_count_labels(nm); 471 return (struct auth_xfer*)rbtree_search(&az->xtree, &key); 472 } 473 474 /** find an auth zone or sorted less-or-equal, return true if exact */ 475 static int 476 auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen, 477 uint16_t dclass, struct auth_zone** z) 478 { 479 struct auth_zone key; 480 key.node.key = &key; 481 key.dclass = dclass; 482 key.name = nm; 483 key.namelen = nmlen; 484 key.namelabs = dname_count_labels(nm); 485 return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z); 486 } 487 488 489 /** find the auth zone that is above the given name */ 490 struct auth_zone* 491 auth_zones_find_zone(struct auth_zones* az, uint8_t* name, size_t name_len, 492 uint16_t dclass) 493 { 494 uint8_t* nm = name; 495 size_t nmlen = name_len; 496 struct auth_zone* z; 497 if(auth_zone_find_less_equal(az, nm, nmlen, dclass, &z)) { 498 /* exact match */ 499 return z; 500 } else { 501 /* less-or-nothing */ 502 if(!z) return NULL; /* nothing smaller, nothing above it */ 503 /* we found smaller name; smaller may be above the name, 504 * but not below it. */ 505 nm = dname_get_shared_topdomain(z->name, name); 506 dname_count_size_labels(nm, &nmlen); 507 z = NULL; 508 } 509 510 /* search up */ 511 while(!z) { 512 z = auth_zone_find(az, nm, nmlen, dclass); 513 if(z) return z; 514 if(dname_is_root(nm)) break; 515 dname_remove_label(&nm, &nmlen); 516 } 517 return NULL; 518 } 519 520 /** find or create zone with name str. caller must have lock on az. 521 * returns a wrlocked zone */ 522 static struct auth_zone* 523 auth_zones_find_or_add_zone(struct auth_zones* az, char* name) 524 { 525 uint8_t nm[LDNS_MAX_DOMAINLEN+1]; 526 size_t nmlen = sizeof(nm); 527 struct auth_zone* z; 528 529 if(sldns_str2wire_dname_buf(name, nm, &nmlen) != 0) { 530 log_err("cannot parse auth zone name: %s", name); 531 return 0; 532 } 533 z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN); 534 if(!z) { 535 /* not found, create the zone */ 536 z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN); 537 } else { 538 lock_rw_wrlock(&z->lock); 539 } 540 return z; 541 } 542 543 /** find or create xfer zone with name str. caller must have lock on az. 544 * returns a locked xfer */ 545 static struct auth_xfer* 546 auth_zones_find_or_add_xfer(struct auth_zones* az, struct auth_zone* z) 547 { 548 struct auth_xfer* x; 549 x = auth_xfer_find(az, z->name, z->namelen, z->dclass); 550 if(!x) { 551 /* not found, create the zone */ 552 x = auth_xfer_create(az, z); 553 } else { 554 lock_basic_lock(&x->lock); 555 } 556 return x; 557 } 558 559 int 560 auth_zone_set_zonefile(struct auth_zone* z, char* zonefile) 561 { 562 if(z->zonefile) free(z->zonefile); 563 if(zonefile == NULL) { 564 z->zonefile = NULL; 565 } else { 566 z->zonefile = strdup(zonefile); 567 if(!z->zonefile) { 568 log_err("malloc failure"); 569 return 0; 570 } 571 } 572 return 1; 573 } 574 575 /** set auth zone fallback. caller must have lock on zone */ 576 int 577 auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr) 578 { 579 if(strcmp(fallbackstr, "yes") != 0 && strcmp(fallbackstr, "no") != 0){ 580 log_err("auth zone fallback, expected yes or no, got %s", 581 fallbackstr); 582 return 0; 583 } 584 z->fallback_enabled = (strcmp(fallbackstr, "yes")==0); 585 return 1; 586 } 587 588 /** create domain with the given name */ 589 static struct auth_data* 590 az_domain_create(struct auth_zone* z, uint8_t* nm, size_t nmlen) 591 { 592 struct auth_data* n = (struct auth_data*)malloc(sizeof(*n)); 593 if(!n) return NULL; 594 memset(n, 0, sizeof(*n)); 595 n->node.key = n; 596 n->name = memdup(nm, nmlen); 597 if(!n->name) { 598 free(n); 599 return NULL; 600 } 601 n->namelen = nmlen; 602 n->namelabs = dname_count_labels(nm); 603 if(!rbtree_insert(&z->data, &n->node)) { 604 log_warn("duplicate auth domain name"); 605 free(n->name); 606 free(n); 607 return NULL; 608 } 609 return n; 610 } 611 612 /** find domain with exactly the given name */ 613 static struct auth_data* 614 az_find_name(struct auth_zone* z, uint8_t* nm, size_t nmlen) 615 { 616 struct auth_zone key; 617 key.node.key = &key; 618 key.name = nm; 619 key.namelen = nmlen; 620 key.namelabs = dname_count_labels(nm); 621 return (struct auth_data*)rbtree_search(&z->data, &key); 622 } 623 624 /** Find domain name (or closest match) */ 625 static void 626 az_find_domain(struct auth_zone* z, struct query_info* qinfo, int* node_exact, 627 struct auth_data** node) 628 { 629 struct auth_zone key; 630 key.node.key = &key; 631 key.name = qinfo->qname; 632 key.namelen = qinfo->qname_len; 633 key.namelabs = dname_count_labels(key.name); 634 *node_exact = rbtree_find_less_equal(&z->data, &key, 635 (rbnode_type**)node); 636 } 637 638 /** find or create domain with name in zone */ 639 static struct auth_data* 640 az_domain_find_or_create(struct auth_zone* z, uint8_t* dname, 641 size_t dname_len) 642 { 643 struct auth_data* n = az_find_name(z, dname, dname_len); 644 if(!n) { 645 n = az_domain_create(z, dname, dname_len); 646 } 647 return n; 648 } 649 650 /** find rrset of given type in the domain */ 651 static struct auth_rrset* 652 az_domain_rrset(struct auth_data* n, uint16_t t) 653 { 654 struct auth_rrset* rrset; 655 if(!n) return NULL; 656 rrset = n->rrsets; 657 while(rrset) { 658 if(rrset->type == t) 659 return rrset; 660 rrset = rrset->next; 661 } 662 return NULL; 663 } 664 665 /** remove rrset of this type from domain */ 666 static void 667 domain_remove_rrset(struct auth_data* node, uint16_t rr_type) 668 { 669 struct auth_rrset* rrset, *prev; 670 if(!node) return; 671 prev = NULL; 672 rrset = node->rrsets; 673 while(rrset) { 674 if(rrset->type == rr_type) { 675 /* found it, now delete it */ 676 if(prev) prev->next = rrset->next; 677 else node->rrsets = rrset->next; 678 auth_rrset_delete(rrset); 679 return; 680 } 681 prev = rrset; 682 rrset = rrset->next; 683 } 684 } 685 686 /** find an rrsig index in the rrset. returns true if found */ 687 static int 688 az_rrset_find_rrsig(struct packed_rrset_data* d, uint8_t* rdata, size_t len, 689 size_t* index) 690 { 691 size_t i; 692 for(i=d->count; i<d->count + d->rrsig_count; i++) { 693 if(d->rr_len[i] != len) 694 continue; 695 if(memcmp(d->rr_data[i], rdata, len) == 0) { 696 *index = i; 697 return 1; 698 } 699 } 700 return 0; 701 } 702 703 /** see if rdata is duplicate */ 704 static int 705 rdata_duplicate(struct packed_rrset_data* d, uint8_t* rdata, size_t len) 706 { 707 size_t i; 708 for(i=0; i<d->count + d->rrsig_count; i++) { 709 if(d->rr_len[i] != len) 710 continue; 711 if(memcmp(d->rr_data[i], rdata, len) == 0) 712 return 1; 713 } 714 return 0; 715 } 716 717 /** get rrsig type covered from rdata. 718 * @param rdata: rdata in wireformat, starting with 16bit rdlength. 719 * @param rdatalen: length of rdata buffer. 720 * @return type covered (or 0). 721 */ 722 static uint16_t 723 rrsig_rdata_get_type_covered(uint8_t* rdata, size_t rdatalen) 724 { 725 if(rdatalen < 4) 726 return 0; 727 return sldns_read_uint16(rdata+2); 728 } 729 730 /** remove RR from existing RRset. Also sig, if it is a signature. 731 * reallocates the packed rrset for a new one, false on alloc failure */ 732 static int 733 rrset_remove_rr(struct auth_rrset* rrset, size_t index) 734 { 735 struct packed_rrset_data* d, *old = rrset->data; 736 size_t i; 737 if(index >= old->count + old->rrsig_count) 738 return 0; /* index out of bounds */ 739 d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) - ( 740 sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) + 741 old->rr_len[index])); 742 if(!d) { 743 log_err("malloc failure"); 744 return 0; 745 } 746 d->ttl = old->ttl; 747 d->count = old->count; 748 d->rrsig_count = old->rrsig_count; 749 if(index < d->count) d->count--; 750 else d->rrsig_count--; 751 d->trust = old->trust; 752 d->security = old->security; 753 754 /* set rr_len, needed for ptr_fixup */ 755 d->rr_len = (size_t*)((uint8_t*)d + 756 sizeof(struct packed_rrset_data)); 757 if(index > 0) 758 memmove(d->rr_len, old->rr_len, (index)*sizeof(size_t)); 759 if(index+1 < old->count+old->rrsig_count) 760 memmove(&d->rr_len[index], &old->rr_len[index+1], 761 (old->count+old->rrsig_count - (index+1))*sizeof(size_t)); 762 packed_rrset_ptr_fixup(d); 763 764 /* move over ttls */ 765 if(index > 0) 766 memmove(d->rr_ttl, old->rr_ttl, (index)*sizeof(time_t)); 767 if(index+1 < old->count+old->rrsig_count) 768 memmove(&d->rr_ttl[index], &old->rr_ttl[index+1], 769 (old->count+old->rrsig_count - (index+1))*sizeof(time_t)); 770 771 /* move over rr_data */ 772 for(i=0; i<d->count+d->rrsig_count; i++) { 773 size_t oldi; 774 if(i < index) oldi = i; 775 else oldi = i+1; 776 memmove(d->rr_data[i], old->rr_data[oldi], d->rr_len[i]); 777 } 778 779 /* recalc ttl (lowest of remaining RR ttls) */ 780 if(d->count + d->rrsig_count > 0) 781 d->ttl = d->rr_ttl[0]; 782 for(i=0; i<d->count+d->rrsig_count; i++) { 783 if(d->rr_ttl[i] < d->ttl) 784 d->ttl = d->rr_ttl[i]; 785 } 786 787 free(rrset->data); 788 rrset->data = d; 789 return 1; 790 } 791 792 /** add RR to existing RRset. If insert_sig is true, add to rrsigs. 793 * This reallocates the packed rrset for a new one */ 794 static int 795 rrset_add_rr(struct auth_rrset* rrset, uint32_t rr_ttl, uint8_t* rdata, 796 size_t rdatalen, int insert_sig) 797 { 798 struct packed_rrset_data* d, *old = rrset->data; 799 size_t total, old_total; 800 801 d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) 802 + sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) 803 + rdatalen); 804 if(!d) { 805 log_err("out of memory"); 806 return 0; 807 } 808 /* copy base values */ 809 memcpy(d, old, sizeof(struct packed_rrset_data)); 810 if(!insert_sig) { 811 d->count++; 812 } else { 813 d->rrsig_count++; 814 } 815 old_total = old->count + old->rrsig_count; 816 total = d->count + d->rrsig_count; 817 /* set rr_len, needed for ptr_fixup */ 818 d->rr_len = (size_t*)((uint8_t*)d + 819 sizeof(struct packed_rrset_data)); 820 if(old->count != 0) 821 memmove(d->rr_len, old->rr_len, old->count*sizeof(size_t)); 822 if(old->rrsig_count != 0) 823 memmove(d->rr_len+d->count, old->rr_len+old->count, 824 old->rrsig_count*sizeof(size_t)); 825 if(!insert_sig) 826 d->rr_len[d->count-1] = rdatalen; 827 else d->rr_len[total-1] = rdatalen; 828 packed_rrset_ptr_fixup(d); 829 if((time_t)rr_ttl < d->ttl) 830 d->ttl = rr_ttl; 831 832 /* copy old values into new array */ 833 if(old->count != 0) { 834 memmove(d->rr_ttl, old->rr_ttl, old->count*sizeof(time_t)); 835 /* all the old rr pieces are allocated sequential, so we 836 * can copy them in one go */ 837 memmove(d->rr_data[0], old->rr_data[0], 838 (old->rr_data[old->count-1] - old->rr_data[0]) + 839 old->rr_len[old->count-1]); 840 } 841 if(old->rrsig_count != 0) { 842 memmove(d->rr_ttl+d->count, old->rr_ttl+old->count, 843 old->rrsig_count*sizeof(time_t)); 844 memmove(d->rr_data[d->count], old->rr_data[old->count], 845 (old->rr_data[old_total-1] - old->rr_data[old->count]) + 846 old->rr_len[old_total-1]); 847 } 848 849 /* insert new value */ 850 if(!insert_sig) { 851 d->rr_ttl[d->count-1] = rr_ttl; 852 memmove(d->rr_data[d->count-1], rdata, rdatalen); 853 } else { 854 d->rr_ttl[total-1] = rr_ttl; 855 memmove(d->rr_data[total-1], rdata, rdatalen); 856 } 857 858 rrset->data = d; 859 free(old); 860 return 1; 861 } 862 863 /** Create new rrset for node with packed rrset with one RR element */ 864 static struct auth_rrset* 865 rrset_create(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, 866 uint8_t* rdata, size_t rdatalen) 867 { 868 struct auth_rrset* rrset = (struct auth_rrset*)calloc(1, 869 sizeof(*rrset)); 870 struct auth_rrset* p, *prev; 871 struct packed_rrset_data* d; 872 if(!rrset) { 873 log_err("out of memory"); 874 return NULL; 875 } 876 rrset->type = rr_type; 877 878 /* the rrset data structure, with one RR */ 879 d = (struct packed_rrset_data*)calloc(1, 880 sizeof(struct packed_rrset_data) + sizeof(size_t) + 881 sizeof(uint8_t*) + sizeof(time_t) + rdatalen); 882 if(!d) { 883 free(rrset); 884 log_err("out of memory"); 885 return NULL; 886 } 887 rrset->data = d; 888 d->ttl = rr_ttl; 889 d->trust = rrset_trust_prim_noglue; 890 d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data)); 891 d->rr_data = (uint8_t**)&(d->rr_len[1]); 892 d->rr_ttl = (time_t*)&(d->rr_data[1]); 893 d->rr_data[0] = (uint8_t*)&(d->rr_ttl[1]); 894 895 /* insert the RR */ 896 d->rr_len[0] = rdatalen; 897 d->rr_ttl[0] = rr_ttl; 898 memmove(d->rr_data[0], rdata, rdatalen); 899 d->count++; 900 901 /* insert rrset into linked list for domain */ 902 /* find sorted place to link the rrset into the list */ 903 prev = NULL; 904 p = node->rrsets; 905 while(p && p->type<=rr_type) { 906 prev = p; 907 p = p->next; 908 } 909 /* so, prev is smaller, and p is larger than rr_type */ 910 rrset->next = p; 911 if(prev) prev->next = rrset; 912 else node->rrsets = rrset; 913 return rrset; 914 } 915 916 /** count number (and size) of rrsigs that cover a type */ 917 static size_t 918 rrsig_num_that_cover(struct auth_rrset* rrsig, uint16_t rr_type, size_t* sigsz) 919 { 920 struct packed_rrset_data* d = rrsig->data; 921 size_t i, num = 0; 922 *sigsz = 0; 923 log_assert(d && rrsig->type == LDNS_RR_TYPE_RRSIG); 924 for(i=0; i<d->count+d->rrsig_count; i++) { 925 if(rrsig_rdata_get_type_covered(d->rr_data[i], 926 d->rr_len[i]) == rr_type) { 927 num++; 928 (*sigsz) += d->rr_len[i]; 929 } 930 } 931 return num; 932 } 933 934 /** See if rrsig set has covered sigs for rrset and move them over */ 935 static int 936 rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type, 937 struct auth_rrset* rrset, struct auth_rrset* rrsig) 938 { 939 size_t sigs, sigsz, i, j, total; 940 struct packed_rrset_data* sigold = rrsig->data; 941 struct packed_rrset_data* old = rrset->data; 942 struct packed_rrset_data* d, *sigd; 943 944 log_assert(rrset->type == rr_type); 945 log_assert(rrsig->type == LDNS_RR_TYPE_RRSIG); 946 sigs = rrsig_num_that_cover(rrsig, rr_type, &sigsz); 947 if(sigs == 0) { 948 /* 0 rrsigs to move over, done */ 949 return 1; 950 } 951 952 /* allocate rrset sigsz larger for extra sigs elements, and 953 * allocate rrsig sigsz smaller for less sigs elements. */ 954 d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) 955 + sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)) 956 + sigsz); 957 if(!d) { 958 log_err("out of memory"); 959 return 0; 960 } 961 /* copy base values */ 962 total = old->count + old->rrsig_count; 963 memcpy(d, old, sizeof(struct packed_rrset_data)); 964 d->rrsig_count += sigs; 965 /* setup rr_len */ 966 d->rr_len = (size_t*)((uint8_t*)d + 967 sizeof(struct packed_rrset_data)); 968 if(total != 0) 969 memmove(d->rr_len, old->rr_len, total*sizeof(size_t)); 970 j = d->count+d->rrsig_count-sigs; 971 for(i=0; i<sigold->count+sigold->rrsig_count; i++) { 972 if(rrsig_rdata_get_type_covered(sigold->rr_data[i], 973 sigold->rr_len[i]) == rr_type) { 974 d->rr_len[j] = sigold->rr_len[i]; 975 j++; 976 } 977 } 978 packed_rrset_ptr_fixup(d); 979 980 /* copy old values into new array */ 981 if(total != 0) { 982 memmove(d->rr_ttl, old->rr_ttl, total*sizeof(time_t)); 983 /* all the old rr pieces are allocated sequential, so we 984 * can copy them in one go */ 985 memmove(d->rr_data[0], old->rr_data[0], 986 (old->rr_data[total-1] - old->rr_data[0]) + 987 old->rr_len[total-1]); 988 } 989 990 /* move over the rrsigs to the larger rrset*/ 991 j = d->count+d->rrsig_count-sigs; 992 for(i=0; i<sigold->count+sigold->rrsig_count; i++) { 993 if(rrsig_rdata_get_type_covered(sigold->rr_data[i], 994 sigold->rr_len[i]) == rr_type) { 995 /* move this one over to location j */ 996 d->rr_ttl[j] = sigold->rr_ttl[i]; 997 memmove(d->rr_data[j], sigold->rr_data[i], 998 sigold->rr_len[i]); 999 if(d->rr_ttl[j] < d->ttl) 1000 d->ttl = d->rr_ttl[j]; 1001 j++; 1002 } 1003 } 1004 1005 /* put it in and deallocate the old rrset */ 1006 rrset->data = d; 1007 free(old); 1008 1009 /* now make rrsig set smaller */ 1010 if(sigold->count+sigold->rrsig_count == sigs) { 1011 /* remove all sigs from rrsig, remove it entirely */ 1012 domain_remove_rrset(node, LDNS_RR_TYPE_RRSIG); 1013 return 1; 1014 } 1015 log_assert(packed_rrset_sizeof(sigold) > sigs*(sizeof(size_t) + 1016 sizeof(uint8_t*) + sizeof(time_t)) + sigsz); 1017 sigd = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(sigold) 1018 - sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)) 1019 - sigsz); 1020 if(!sigd) { 1021 /* no need to free up d, it has already been placed in the 1022 * node->rrset structure */ 1023 log_err("out of memory"); 1024 return 0; 1025 } 1026 /* copy base values */ 1027 memcpy(sigd, sigold, sizeof(struct packed_rrset_data)); 1028 /* in sigd the RRSIGs are stored in the base of the RR, in count */ 1029 sigd->count -= sigs; 1030 /* setup rr_len */ 1031 sigd->rr_len = (size_t*)((uint8_t*)sigd + 1032 sizeof(struct packed_rrset_data)); 1033 j = 0; 1034 for(i=0; i<sigold->count+sigold->rrsig_count; i++) { 1035 if(rrsig_rdata_get_type_covered(sigold->rr_data[i], 1036 sigold->rr_len[i]) != rr_type) { 1037 sigd->rr_len[j] = sigold->rr_len[i]; 1038 j++; 1039 } 1040 } 1041 packed_rrset_ptr_fixup(sigd); 1042 1043 /* copy old values into new rrsig array */ 1044 j = 0; 1045 for(i=0; i<sigold->count+sigold->rrsig_count; i++) { 1046 if(rrsig_rdata_get_type_covered(sigold->rr_data[i], 1047 sigold->rr_len[i]) != rr_type) { 1048 /* move this one over to location j */ 1049 sigd->rr_ttl[j] = sigold->rr_ttl[i]; 1050 memmove(sigd->rr_data[j], sigold->rr_data[i], 1051 sigold->rr_len[i]); 1052 if(j==0) sigd->ttl = sigd->rr_ttl[j]; 1053 else { 1054 if(sigd->rr_ttl[j] < sigd->ttl) 1055 sigd->ttl = sigd->rr_ttl[j]; 1056 } 1057 j++; 1058 } 1059 } 1060 1061 /* put it in and deallocate the old rrset */ 1062 rrsig->data = sigd; 1063 free(sigold); 1064 1065 return 1; 1066 } 1067 1068 /** copy the rrsigs from the rrset to the rrsig rrset, because the rrset 1069 * is going to be deleted. reallocates the RRSIG rrset data. */ 1070 static int 1071 rrsigs_copy_from_rrset_to_rrsigset(struct auth_rrset* rrset, 1072 struct auth_rrset* rrsigset) 1073 { 1074 size_t i; 1075 if(rrset->data->rrsig_count == 0) 1076 return 1; 1077 1078 /* move them over one by one, because there might be duplicates, 1079 * duplicates are ignored */ 1080 for(i=rrset->data->count; 1081 i<rrset->data->count+rrset->data->rrsig_count; i++) { 1082 uint8_t* rdata = rrset->data->rr_data[i]; 1083 size_t rdatalen = rrset->data->rr_len[i]; 1084 time_t rr_ttl = rrset->data->rr_ttl[i]; 1085 1086 if(rdata_duplicate(rrsigset->data, rdata, rdatalen)) { 1087 continue; 1088 } 1089 if(!rrset_add_rr(rrsigset, rr_ttl, rdata, rdatalen, 0)) 1090 return 0; 1091 } 1092 return 1; 1093 } 1094 1095 /** Add rr to node, ignores duplicate RRs, 1096 * rdata points to buffer with rdatalen octets, starts with 2bytelength. */ 1097 static int 1098 az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, 1099 uint8_t* rdata, size_t rdatalen, int* duplicate) 1100 { 1101 struct auth_rrset* rrset; 1102 /* packed rrsets have their rrsigs along with them, sort them out */ 1103 if(rr_type == LDNS_RR_TYPE_RRSIG) { 1104 uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen); 1105 if((rrset=az_domain_rrset(node, ctype))!= NULL) { 1106 /* a node of the correct type exists, add the RRSIG 1107 * to the rrset of the covered data type */ 1108 if(rdata_duplicate(rrset->data, rdata, rdatalen)) { 1109 if(duplicate) *duplicate = 1; 1110 return 1; 1111 } 1112 if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 1)) 1113 return 0; 1114 } else if((rrset=az_domain_rrset(node, rr_type))!= NULL) { 1115 /* add RRSIG to rrset of type RRSIG */ 1116 if(rdata_duplicate(rrset->data, rdata, rdatalen)) { 1117 if(duplicate) *duplicate = 1; 1118 return 1; 1119 } 1120 if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0)) 1121 return 0; 1122 } else { 1123 /* create rrset of type RRSIG */ 1124 if(!rrset_create(node, rr_type, rr_ttl, rdata, 1125 rdatalen)) 1126 return 0; 1127 } 1128 } else { 1129 /* normal RR type */ 1130 if((rrset=az_domain_rrset(node, rr_type))!= NULL) { 1131 /* add data to existing node with data type */ 1132 if(rdata_duplicate(rrset->data, rdata, rdatalen)) { 1133 if(duplicate) *duplicate = 1; 1134 return 1; 1135 } 1136 if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0)) 1137 return 0; 1138 } else { 1139 struct auth_rrset* rrsig; 1140 /* create new node with data type */ 1141 if(!(rrset=rrset_create(node, rr_type, rr_ttl, rdata, 1142 rdatalen))) 1143 return 0; 1144 1145 /* see if node of type RRSIG has signatures that 1146 * cover the data type, and move them over */ 1147 /* and then make the RRSIG type smaller */ 1148 if((rrsig=az_domain_rrset(node, LDNS_RR_TYPE_RRSIG)) 1149 != NULL) { 1150 if(!rrset_moveover_rrsigs(node, rr_type, 1151 rrset, rrsig)) 1152 return 0; 1153 } 1154 } 1155 } 1156 return 1; 1157 } 1158 1159 /** insert RR into zone, ignore duplicates */ 1160 static int 1161 az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, 1162 size_t dname_len, int* duplicate) 1163 { 1164 struct auth_data* node; 1165 uint8_t* dname = rr; 1166 uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len); 1167 uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len); 1168 uint32_t rr_ttl = sldns_wirerr_get_ttl(rr, rr_len, dname_len); 1169 size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len, 1170 dname_len))+2; 1171 /* rdata points to rdata prefixed with uint16 rdatalength */ 1172 uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len); 1173 1174 if(rr_class != z->dclass) { 1175 log_err("wrong class for RR"); 1176 return 0; 1177 } 1178 if(!(node=az_domain_find_or_create(z, dname, dname_len))) { 1179 log_err("cannot create domain"); 1180 return 0; 1181 } 1182 if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen, 1183 duplicate)) { 1184 log_err("cannot add RR to domain"); 1185 return 0; 1186 } 1187 if(z->rpz) { 1188 if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname, 1189 dname_len, rr_type, rr_class, rr_ttl, rdata, rdatalen, 1190 rr, rr_len))) 1191 return 0; 1192 } 1193 return 1; 1194 } 1195 1196 /** Remove rr from node, ignores nonexisting RRs, 1197 * rdata points to buffer with rdatalen octets, starts with 2bytelength. */ 1198 static int 1199 az_domain_remove_rr(struct auth_data* node, uint16_t rr_type, 1200 uint8_t* rdata, size_t rdatalen, int* nonexist) 1201 { 1202 struct auth_rrset* rrset; 1203 size_t index = 0; 1204 1205 /* find the plain RR of the given type */ 1206 if((rrset=az_domain_rrset(node, rr_type))!= NULL) { 1207 if(packed_rrset_find_rr(rrset->data, rdata, rdatalen, &index)) { 1208 if(rrset->data->count == 1 && 1209 rrset->data->rrsig_count == 0) { 1210 /* last RR, delete the rrset */ 1211 domain_remove_rrset(node, rr_type); 1212 } else if(rrset->data->count == 1 && 1213 rrset->data->rrsig_count != 0) { 1214 /* move RRSIGs to the RRSIG rrset, or 1215 * this one becomes that RRset */ 1216 struct auth_rrset* rrsigset = az_domain_rrset( 1217 node, LDNS_RR_TYPE_RRSIG); 1218 if(rrsigset) { 1219 /* move left over rrsigs to the 1220 * existing rrset of type RRSIG */ 1221 rrsigs_copy_from_rrset_to_rrsigset( 1222 rrset, rrsigset); 1223 /* and then delete the rrset */ 1224 domain_remove_rrset(node, rr_type); 1225 } else { 1226 /* no rrset of type RRSIG, this 1227 * set is now of that type, 1228 * just remove the rr */ 1229 if(!rrset_remove_rr(rrset, index)) 1230 return 0; 1231 rrset->type = LDNS_RR_TYPE_RRSIG; 1232 rrset->data->count = rrset->data->rrsig_count; 1233 rrset->data->rrsig_count = 0; 1234 } 1235 } else { 1236 /* remove the RR from the rrset */ 1237 if(!rrset_remove_rr(rrset, index)) 1238 return 0; 1239 } 1240 return 1; 1241 } 1242 /* rr not found in rrset */ 1243 } 1244 1245 /* is it a type RRSIG, look under the covered type */ 1246 if(rr_type == LDNS_RR_TYPE_RRSIG) { 1247 uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen); 1248 if((rrset=az_domain_rrset(node, ctype))!= NULL) { 1249 if(az_rrset_find_rrsig(rrset->data, rdata, rdatalen, 1250 &index)) { 1251 /* rrsig should have d->count > 0, be 1252 * over some rr of that type */ 1253 /* remove the rrsig from the rrsigs list of the 1254 * rrset */ 1255 if(!rrset_remove_rr(rrset, index)) 1256 return 0; 1257 return 1; 1258 } 1259 } 1260 /* also RRSIG not found */ 1261 } 1262 1263 /* nothing found to delete */ 1264 if(nonexist) *nonexist = 1; 1265 return 1; 1266 } 1267 1268 /** remove RR from zone, ignore if it does not exist, false on alloc failure*/ 1269 static int 1270 az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, 1271 size_t dname_len, int* nonexist) 1272 { 1273 struct auth_data* node; 1274 uint8_t* dname = rr; 1275 uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len); 1276 uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len); 1277 size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len, 1278 dname_len))+2; 1279 /* rdata points to rdata prefixed with uint16 rdatalength */ 1280 uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len); 1281 1282 if(rr_class != z->dclass) { 1283 log_err("wrong class for RR"); 1284 /* really also a nonexisting entry, because no records 1285 * of that class in the zone, but return an error because 1286 * getting records of the wrong class is a failure of the 1287 * zone transfer */ 1288 return 0; 1289 } 1290 node = az_find_name(z, dname, dname_len); 1291 if(!node) { 1292 /* node with that name does not exist */ 1293 /* nonexisting entry, because no such name */ 1294 *nonexist = 1; 1295 return 1; 1296 } 1297 if(!az_domain_remove_rr(node, rr_type, rdata, rdatalen, nonexist)) { 1298 /* alloc failure or so */ 1299 return 0; 1300 } 1301 /* remove the node, if necessary */ 1302 /* an rrsets==NULL entry is not kept around for empty nonterminals, 1303 * and also parent nodes are not kept around, so we just delete it */ 1304 if(node->rrsets == NULL) { 1305 (void)rbtree_delete(&z->data, node); 1306 auth_data_delete(node); 1307 } 1308 if(z->rpz) { 1309 rpz_remove_rr(z->rpz, z->namelen, dname, dname_len, rr_type, 1310 rr_class, rdata, rdatalen); 1311 } 1312 return 1; 1313 } 1314 1315 /** decompress an RR into the buffer where it'll be an uncompressed RR 1316 * with uncompressed dname and uncompressed rdata (dnames) */ 1317 static int 1318 decompress_rr_into_buffer(struct sldns_buffer* buf, uint8_t* pkt, 1319 size_t pktlen, uint8_t* dname, uint16_t rr_type, uint16_t rr_class, 1320 uint32_t rr_ttl, uint8_t* rr_data, uint16_t rr_rdlen) 1321 { 1322 sldns_buffer pktbuf; 1323 size_t dname_len = 0; 1324 size_t rdlenpos; 1325 size_t rdlen; 1326 uint8_t* rd; 1327 const sldns_rr_descriptor* desc; 1328 sldns_buffer_init_frm_data(&pktbuf, pkt, pktlen); 1329 sldns_buffer_clear(buf); 1330 1331 /* decompress dname */ 1332 sldns_buffer_set_position(&pktbuf, 1333 (size_t)(dname - sldns_buffer_current(&pktbuf))); 1334 dname_len = pkt_dname_len(&pktbuf); 1335 if(dname_len == 0) return 0; /* parse fail on dname */ 1336 if(!sldns_buffer_available(buf, dname_len)) return 0; 1337 dname_pkt_copy(&pktbuf, sldns_buffer_current(buf), dname); 1338 sldns_buffer_skip(buf, (ssize_t)dname_len); 1339 1340 /* type, class, ttl and rdatalength fields */ 1341 if(!sldns_buffer_available(buf, 10)) return 0; 1342 sldns_buffer_write_u16(buf, rr_type); 1343 sldns_buffer_write_u16(buf, rr_class); 1344 sldns_buffer_write_u32(buf, rr_ttl); 1345 rdlenpos = sldns_buffer_position(buf); 1346 sldns_buffer_write_u16(buf, 0); /* rd length position */ 1347 1348 /* decompress rdata */ 1349 desc = sldns_rr_descript(rr_type); 1350 rd = rr_data; 1351 rdlen = rr_rdlen; 1352 if(rdlen > 0 && desc && desc->_dname_count > 0) { 1353 int count = (int)desc->_dname_count; 1354 int rdf = 0; 1355 size_t len; /* how much rdata to plain copy */ 1356 size_t uncompressed_len, compressed_len; 1357 size_t oldpos; 1358 /* decompress dnames. */ 1359 while(rdlen > 0 && count) { 1360 switch(desc->_wireformat[rdf]) { 1361 case LDNS_RDF_TYPE_DNAME: 1362 sldns_buffer_set_position(&pktbuf, 1363 (size_t)(rd - 1364 sldns_buffer_begin(&pktbuf))); 1365 oldpos = sldns_buffer_position(&pktbuf); 1366 /* moves pktbuf to right after the 1367 * compressed dname, and returns uncompressed 1368 * dname length */ 1369 uncompressed_len = pkt_dname_len(&pktbuf); 1370 if(!uncompressed_len) 1371 return 0; /* parse error in dname */ 1372 if(!sldns_buffer_available(buf, 1373 uncompressed_len)) 1374 /* dname too long for buffer */ 1375 return 0; 1376 dname_pkt_copy(&pktbuf, 1377 sldns_buffer_current(buf), rd); 1378 sldns_buffer_skip(buf, (ssize_t)uncompressed_len); 1379 compressed_len = sldns_buffer_position( 1380 &pktbuf) - oldpos; 1381 rd += compressed_len; 1382 rdlen -= compressed_len; 1383 count--; 1384 len = 0; 1385 break; 1386 case LDNS_RDF_TYPE_STR: 1387 len = rd[0] + 1; 1388 break; 1389 default: 1390 len = get_rdf_size(desc->_wireformat[rdf]); 1391 break; 1392 } 1393 if(len) { 1394 if(!sldns_buffer_available(buf, len)) 1395 return 0; /* too long for buffer */ 1396 sldns_buffer_write(buf, rd, len); 1397 rd += len; 1398 rdlen -= len; 1399 } 1400 rdf++; 1401 } 1402 } 1403 /* copy remaining data */ 1404 if(rdlen > 0) { 1405 if(!sldns_buffer_available(buf, rdlen)) return 0; 1406 sldns_buffer_write(buf, rd, rdlen); 1407 } 1408 /* fixup rdlength */ 1409 sldns_buffer_write_u16_at(buf, rdlenpos, 1410 sldns_buffer_position(buf)-rdlenpos-2); 1411 sldns_buffer_flip(buf); 1412 return 1; 1413 } 1414 1415 /** insert RR into zone, from packet, decompress RR, 1416 * if duplicate is nonNULL set the flag but otherwise ignore duplicates */ 1417 static int 1418 az_insert_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen, 1419 struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type, 1420 uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data, 1421 uint16_t rr_rdlen, int* duplicate) 1422 { 1423 uint8_t* rr; 1424 size_t rr_len; 1425 size_t dname_len; 1426 if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname, 1427 rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) { 1428 log_err("could not decompress RR"); 1429 return 0; 1430 } 1431 rr = sldns_buffer_begin(scratch_buffer); 1432 rr_len = sldns_buffer_limit(scratch_buffer); 1433 dname_len = dname_valid(rr, rr_len); 1434 return az_insert_rr(z, rr, rr_len, dname_len, duplicate); 1435 } 1436 1437 /** remove RR from zone, from packet, decompress RR, 1438 * if nonexist is nonNULL set the flag but otherwise ignore nonexisting entries*/ 1439 static int 1440 az_remove_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen, 1441 struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type, 1442 uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data, 1443 uint16_t rr_rdlen, int* nonexist) 1444 { 1445 uint8_t* rr; 1446 size_t rr_len; 1447 size_t dname_len; 1448 if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname, 1449 rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) { 1450 log_err("could not decompress RR"); 1451 return 0; 1452 } 1453 rr = sldns_buffer_begin(scratch_buffer); 1454 rr_len = sldns_buffer_limit(scratch_buffer); 1455 dname_len = dname_valid(rr, rr_len); 1456 return az_remove_rr(z, rr, rr_len, dname_len, nonexist); 1457 } 1458 1459 /** 1460 * Parse zonefile 1461 * @param z: zone to read in. 1462 * @param in: file to read from (just opened). 1463 * @param rr: buffer to use for RRs, 64k. 1464 * passed so that recursive includes can use the same buffer and do 1465 * not grow the stack too much. 1466 * @param rrbuflen: sizeof rr buffer. 1467 * @param state: parse state with $ORIGIN, $TTL and 'prev-dname' and so on, 1468 * that is kept between includes. 1469 * The lineno is set at 1 and then increased by the function. 1470 * @param fname: file name. 1471 * @param depth: recursion depth for includes 1472 * @param cfg: config for chroot. 1473 * returns false on failure, has printed an error message 1474 */ 1475 static int 1476 az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen, 1477 struct sldns_file_parse_state* state, char* fname, int depth, 1478 struct config_file* cfg) 1479 { 1480 size_t rr_len, dname_len; 1481 int status; 1482 state->lineno = 1; 1483 1484 while(!feof(in)) { 1485 rr_len = rrbuflen; 1486 dname_len = 0; 1487 status = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len, 1488 state); 1489 if(status == LDNS_WIREPARSE_ERR_INCLUDE && rr_len == 0) { 1490 /* we have $INCLUDE or $something */ 1491 if(strncmp((char*)rr, "$INCLUDE ", 9) == 0 || 1492 strncmp((char*)rr, "$INCLUDE\t", 9) == 0) { 1493 FILE* inc; 1494 int lineno_orig = state->lineno; 1495 char* incfile = (char*)rr + 8; 1496 if(depth > MAX_INCLUDE_DEPTH) { 1497 log_err("%s:%d max include depth" 1498 "exceeded", fname, state->lineno); 1499 return 0; 1500 } 1501 /* skip spaces */ 1502 while(*incfile == ' ' || *incfile == '\t') 1503 incfile++; 1504 /* adjust for chroot on include file */ 1505 if(cfg->chrootdir && cfg->chrootdir[0] && 1506 strncmp(incfile, cfg->chrootdir, 1507 strlen(cfg->chrootdir)) == 0) 1508 incfile += strlen(cfg->chrootdir); 1509 incfile = strdup(incfile); 1510 if(!incfile) { 1511 log_err("malloc failure"); 1512 return 0; 1513 } 1514 verbose(VERB_ALGO, "opening $INCLUDE %s", 1515 incfile); 1516 inc = fopen(incfile, "r"); 1517 if(!inc) { 1518 log_err("%s:%d cannot open include " 1519 "file %s: %s", fname, 1520 lineno_orig, incfile, 1521 strerror(errno)); 1522 free(incfile); 1523 return 0; 1524 } 1525 /* recurse read that file now */ 1526 if(!az_parse_file(z, inc, rr, rrbuflen, 1527 state, incfile, depth+1, cfg)) { 1528 log_err("%s:%d cannot parse include " 1529 "file %s", fname, 1530 lineno_orig, incfile); 1531 fclose(inc); 1532 free(incfile); 1533 return 0; 1534 } 1535 fclose(inc); 1536 verbose(VERB_ALGO, "done with $INCLUDE %s", 1537 incfile); 1538 free(incfile); 1539 state->lineno = lineno_orig; 1540 } 1541 continue; 1542 } 1543 if(status != 0) { 1544 log_err("parse error %s %d:%d: %s", fname, 1545 state->lineno, LDNS_WIREPARSE_OFFSET(status), 1546 sldns_get_errorstr_parse(status)); 1547 return 0; 1548 } 1549 if(rr_len == 0) { 1550 /* EMPTY line, TTL or ORIGIN */ 1551 continue; 1552 } 1553 /* insert wirerr in rrbuf */ 1554 if(!az_insert_rr(z, rr, rr_len, dname_len, NULL)) { 1555 char buf[17]; 1556 sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, 1557 rr_len, dname_len), buf, sizeof(buf)); 1558 log_err("%s:%d cannot insert RR of type %s", 1559 fname, state->lineno, buf); 1560 return 0; 1561 } 1562 } 1563 return 1; 1564 } 1565 1566 int 1567 auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg) 1568 { 1569 uint8_t rr[LDNS_RR_BUF_SIZE]; 1570 struct sldns_file_parse_state state; 1571 char* zfilename; 1572 FILE* in; 1573 if(!z || !z->zonefile || z->zonefile[0]==0) 1574 return 1; /* no file, or "", nothing to read */ 1575 1576 zfilename = z->zonefile; 1577 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename, 1578 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 1579 zfilename += strlen(cfg->chrootdir); 1580 if(verbosity >= VERB_ALGO) { 1581 char nm[255+1]; 1582 dname_str(z->name, nm); 1583 verbose(VERB_ALGO, "read zonefile %s for %s", zfilename, nm); 1584 } 1585 in = fopen(zfilename, "r"); 1586 if(!in) { 1587 char* n = sldns_wire2str_dname(z->name, z->namelen); 1588 if(z->zone_is_slave && errno == ENOENT) { 1589 /* we fetch the zone contents later, no file yet */ 1590 verbose(VERB_ALGO, "no zonefile %s for %s", 1591 zfilename, n?n:"error"); 1592 free(n); 1593 return 1; 1594 } 1595 log_err("cannot open zonefile %s for %s: %s", 1596 zfilename, n?n:"error", strerror(errno)); 1597 free(n); 1598 return 0; 1599 } 1600 1601 /* clear the data tree */ 1602 traverse_postorder(&z->data, auth_data_del, NULL); 1603 rbtree_init(&z->data, &auth_data_cmp); 1604 /* clear the RPZ policies */ 1605 if(z->rpz) 1606 rpz_clear(z->rpz); 1607 1608 memset(&state, 0, sizeof(state)); 1609 /* default TTL to 3600 */ 1610 state.default_ttl = 3600; 1611 /* set $ORIGIN to the zone name */ 1612 if(z->namelen <= sizeof(state.origin)) { 1613 memcpy(state.origin, z->name, z->namelen); 1614 state.origin_len = z->namelen; 1615 } 1616 /* parse the (toplevel) file */ 1617 if(!az_parse_file(z, in, rr, sizeof(rr), &state, zfilename, 0, cfg)) { 1618 char* n = sldns_wire2str_dname(z->name, z->namelen); 1619 log_err("error parsing zonefile %s for %s", 1620 zfilename, n?n:"error"); 1621 free(n); 1622 fclose(in); 1623 return 0; 1624 } 1625 fclose(in); 1626 1627 if(z->rpz) 1628 rpz_finish_config(z->rpz); 1629 return 1; 1630 } 1631 1632 /** write buffer to file and check return codes */ 1633 static int 1634 write_out(FILE* out, const char* str, size_t len) 1635 { 1636 size_t r; 1637 if(len == 0) 1638 return 1; 1639 r = fwrite(str, 1, len, out); 1640 if(r == 0) { 1641 log_err("write failed: %s", strerror(errno)); 1642 return 0; 1643 } else if(r < len) { 1644 log_err("write failed: too short (disk full?)"); 1645 return 0; 1646 } 1647 return 1; 1648 } 1649 1650 /** convert auth rr to string */ 1651 static int 1652 auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, 1653 struct packed_rrset_data* data, size_t i, char* s, size_t buflen) 1654 { 1655 int w = 0; 1656 size_t slen = buflen, datlen; 1657 uint8_t* dat; 1658 if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG; 1659 dat = nm; 1660 datlen = nmlen; 1661 w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0, NULL); 1662 w += sldns_str_print(&s, &slen, "\t"); 1663 w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]); 1664 w += sldns_wire2str_class_print(&s, &slen, cl); 1665 w += sldns_str_print(&s, &slen, "\t"); 1666 w += sldns_wire2str_type_print(&s, &slen, tp); 1667 w += sldns_str_print(&s, &slen, "\t"); 1668 datlen = data->rr_len[i]-2; 1669 dat = data->rr_data[i]+2; 1670 w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0, NULL); 1671 1672 if(tp == LDNS_RR_TYPE_DNSKEY) { 1673 w += sldns_str_print(&s, &slen, " ;{id = %u}", 1674 sldns_calc_keytag_raw(data->rr_data[i]+2, 1675 data->rr_len[i]-2)); 1676 } 1677 w += sldns_str_print(&s, &slen, "\n"); 1678 1679 if(w >= (int)buflen) { 1680 log_nametypeclass(NO_VERBOSE, "RR too long to print", nm, tp, cl); 1681 return 0; 1682 } 1683 return 1; 1684 } 1685 1686 /** write rrset to file */ 1687 static int 1688 auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node, 1689 struct auth_rrset* r, FILE* out) 1690 { 1691 size_t i, count = r->data->count + r->data->rrsig_count; 1692 char buf[LDNS_RR_BUF_SIZE]; 1693 for(i=0; i<count; i++) { 1694 if(!auth_rr_to_string(node->name, node->namelen, r->type, 1695 z->dclass, r->data, i, buf, sizeof(buf))) { 1696 verbose(VERB_ALGO, "failed to rr2str rr %d", (int)i); 1697 continue; 1698 } 1699 if(!write_out(out, buf, strlen(buf))) 1700 return 0; 1701 } 1702 return 1; 1703 } 1704 1705 /** write domain to file */ 1706 static int 1707 auth_zone_write_domain(struct auth_zone* z, struct auth_data* n, FILE* out) 1708 { 1709 struct auth_rrset* r; 1710 /* if this is zone apex, write SOA first */ 1711 if(z->namelen == n->namelen) { 1712 struct auth_rrset* soa = az_domain_rrset(n, LDNS_RR_TYPE_SOA); 1713 if(soa) { 1714 if(!auth_zone_write_rrset(z, n, soa, out)) 1715 return 0; 1716 } 1717 } 1718 /* write all the RRsets for this domain */ 1719 for(r = n->rrsets; r; r = r->next) { 1720 if(z->namelen == n->namelen && 1721 r->type == LDNS_RR_TYPE_SOA) 1722 continue; /* skip SOA here */ 1723 if(!auth_zone_write_rrset(z, n, r, out)) 1724 return 0; 1725 } 1726 return 1; 1727 } 1728 1729 int auth_zone_write_file(struct auth_zone* z, const char* fname) 1730 { 1731 FILE* out; 1732 struct auth_data* n; 1733 out = fopen(fname, "w"); 1734 if(!out) { 1735 log_err("could not open %s: %s", fname, strerror(errno)); 1736 return 0; 1737 } 1738 RBTREE_FOR(n, struct auth_data*, &z->data) { 1739 if(!auth_zone_write_domain(z, n, out)) { 1740 log_err("could not write domain to %s", fname); 1741 fclose(out); 1742 return 0; 1743 } 1744 } 1745 fclose(out); 1746 return 1; 1747 } 1748 1749 /** offline verify for zonemd, while reading a zone file to immediately 1750 * spot bad hashes in zonefile as they are read. 1751 * Creates temp buffers, but uses anchors and validation environment 1752 * from the module_env. */ 1753 static void 1754 zonemd_offline_verify(struct auth_zone* z, struct module_env* env_for_val, 1755 struct module_stack* mods) 1756 { 1757 struct module_env env; 1758 time_t now = 0; 1759 if(!z->zonemd_check) 1760 return; 1761 env = *env_for_val; 1762 env.scratch_buffer = sldns_buffer_new(env.cfg->msg_buffer_size); 1763 if(!env.scratch_buffer) { 1764 log_err("out of memory"); 1765 goto clean_exit; 1766 } 1767 env.scratch = regional_create(); 1768 if(!env.now) { 1769 env.now = &now; 1770 now = time(NULL); 1771 } 1772 if(!env.scratch) { 1773 log_err("out of memory"); 1774 goto clean_exit; 1775 } 1776 auth_zone_verify_zonemd(z, &env, mods, NULL, 1, 0); 1777 1778 clean_exit: 1779 /* clean up and exit */ 1780 sldns_buffer_free(env.scratch_buffer); 1781 regional_destroy(env.scratch); 1782 } 1783 1784 /** read all auth zones from file (if they have) */ 1785 static int 1786 auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg, 1787 struct module_env* env, struct module_stack* mods) 1788 { 1789 struct auth_zone* z; 1790 lock_rw_wrlock(&az->lock); 1791 RBTREE_FOR(z, struct auth_zone*, &az->ztree) { 1792 lock_rw_wrlock(&z->lock); 1793 if(!auth_zone_read_zonefile(z, cfg)) { 1794 lock_rw_unlock(&z->lock); 1795 lock_rw_unlock(&az->lock); 1796 return 0; 1797 } 1798 if(z->zonefile && z->zonefile[0]!=0 && env) 1799 zonemd_offline_verify(z, env, mods); 1800 lock_rw_unlock(&z->lock); 1801 } 1802 lock_rw_unlock(&az->lock); 1803 return 1; 1804 } 1805 1806 /** fetch the content of a ZONEMD RR from the rdata */ 1807 static int zonemd_fetch_parameters(struct auth_rrset* zonemd_rrset, size_t i, 1808 uint32_t* serial, int* scheme, int* hashalgo, uint8_t** hash, 1809 size_t* hashlen) 1810 { 1811 size_t rr_len; 1812 uint8_t* rdata; 1813 if(i >= zonemd_rrset->data->count) 1814 return 0; 1815 rr_len = zonemd_rrset->data->rr_len[i]; 1816 if(rr_len < 2+4+1+1) 1817 return 0; /* too short, for rdlen+serial+scheme+algo */ 1818 rdata = zonemd_rrset->data->rr_data[i]; 1819 *serial = sldns_read_uint32(rdata+2); 1820 *scheme = rdata[6]; 1821 *hashalgo = rdata[7]; 1822 *hashlen = rr_len - 8; 1823 if(*hashlen == 0) 1824 *hash = NULL; 1825 else *hash = rdata+8; 1826 return 1; 1827 } 1828 1829 /** 1830 * See if the ZONEMD scheme, hash occurs more than once. 1831 * @param zonemd_rrset: the zonemd rrset to check with the RRs in it. 1832 * @param index: index of the original, this is allowed to have that 1833 * scheme and hashalgo, but other RRs should not have it. 1834 * @param scheme: the scheme to check for. 1835 * @param hashalgo: the hash algorithm to check for. 1836 * @return true if it occurs more than once. 1837 */ 1838 static int zonemd_is_duplicate_scheme_hash(struct auth_rrset* zonemd_rrset, 1839 size_t index, int scheme, int hashalgo) 1840 { 1841 size_t j; 1842 for(j=0; j<zonemd_rrset->data->count; j++) { 1843 uint32_t serial2 = 0; 1844 int scheme2 = 0, hashalgo2 = 0; 1845 uint8_t* hash2 = NULL; 1846 size_t hashlen2 = 0; 1847 if(index == j) { 1848 /* this is the original */ 1849 continue; 1850 } 1851 if(!zonemd_fetch_parameters(zonemd_rrset, j, &serial2, 1852 &scheme2, &hashalgo2, &hash2, &hashlen2)) { 1853 /* malformed, skip it */ 1854 continue; 1855 } 1856 if(scheme == scheme2 && hashalgo == hashalgo2) { 1857 /* duplicate scheme, hash */ 1858 verbose(VERB_ALGO, "zonemd duplicate for scheme %d " 1859 "and hash %d", scheme, hashalgo); 1860 return 1; 1861 } 1862 } 1863 return 0; 1864 } 1865 1866 /** 1867 * Check ZONEMDs if present for the auth zone. Depending on config 1868 * it can warn or fail on that. Checks the hash of the ZONEMD. 1869 * @param z: auth zone to check for. 1870 * caller must hold lock on zone. 1871 * @param env: module env for temp buffers. 1872 * @param reason: returned on failure. 1873 * @return false on failure, true if hash checks out. 1874 */ 1875 static int auth_zone_zonemd_check_hash(struct auth_zone* z, 1876 struct module_env* env, char** reason) 1877 { 1878 /* loop over ZONEMDs and see which one is valid. if not print 1879 * failure (depending on config) */ 1880 struct auth_data* apex; 1881 struct auth_rrset* zonemd_rrset; 1882 size_t i; 1883 struct regional* region = NULL; 1884 struct sldns_buffer* buf = NULL; 1885 uint32_t soa_serial = 0; 1886 char* unsupported_reason = NULL; 1887 int only_unsupported = 1; 1888 region = env->scratch; 1889 regional_free_all(region); 1890 buf = env->scratch_buffer; 1891 if(!auth_zone_get_serial(z, &soa_serial)) { 1892 *reason = "zone has no SOA serial"; 1893 return 0; 1894 } 1895 1896 apex = az_find_name(z, z->name, z->namelen); 1897 if(!apex) { 1898 *reason = "zone has no apex"; 1899 return 0; 1900 } 1901 zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD); 1902 if(!zonemd_rrset || zonemd_rrset->data->count==0) { 1903 *reason = "zone has no ZONEMD"; 1904 return 0; /* no RRset or no RRs in rrset */ 1905 } 1906 1907 /* we have a ZONEMD, check if it is correct */ 1908 for(i=0; i<zonemd_rrset->data->count; i++) { 1909 uint32_t serial = 0; 1910 int scheme = 0, hashalgo = 0; 1911 uint8_t* hash = NULL; 1912 size_t hashlen = 0; 1913 if(!zonemd_fetch_parameters(zonemd_rrset, i, &serial, &scheme, 1914 &hashalgo, &hash, &hashlen)) { 1915 /* malformed RR */ 1916 *reason = "ZONEMD rdata malformed"; 1917 only_unsupported = 0; 1918 continue; 1919 } 1920 /* check for duplicates */ 1921 if(zonemd_is_duplicate_scheme_hash(zonemd_rrset, i, scheme, 1922 hashalgo)) { 1923 /* duplicate hash of the same scheme,hash 1924 * is not allowed. */ 1925 *reason = "ZONEMD RRSet contains more than one RR " 1926 "with the same scheme and hash algorithm"; 1927 only_unsupported = 0; 1928 continue; 1929 } 1930 regional_free_all(region); 1931 if(serial != soa_serial) { 1932 *reason = "ZONEMD serial is wrong"; 1933 only_unsupported = 0; 1934 continue; 1935 } 1936 *reason = NULL; 1937 if(auth_zone_generate_zonemd_check(z, scheme, hashalgo, 1938 hash, hashlen, region, buf, reason)) { 1939 /* success */ 1940 if(*reason) { 1941 if(!unsupported_reason) 1942 unsupported_reason = *reason; 1943 /* continue to check for valid ZONEMD */ 1944 if(verbosity >= VERB_ALGO) { 1945 char zstr[255+1]; 1946 dname_str(z->name, zstr); 1947 verbose(VERB_ALGO, "auth-zone %s ZONEMD %d %d is unsupported: %s", zstr, (int)scheme, (int)hashalgo, *reason); 1948 } 1949 *reason = NULL; 1950 continue; 1951 } 1952 if(verbosity >= VERB_ALGO) { 1953 char zstr[255+1]; 1954 dname_str(z->name, zstr); 1955 if(!*reason) 1956 verbose(VERB_ALGO, "auth-zone %s ZONEMD hash is correct", zstr); 1957 } 1958 return 1; 1959 } 1960 only_unsupported = 0; 1961 /* try next one */ 1962 } 1963 /* have we seen no failures but only unsupported algo, 1964 * and one unsupported algorithm, or more. */ 1965 if(only_unsupported && unsupported_reason) { 1966 /* only unsupported algorithms, with valid serial, not 1967 * malformed. Did not see supported algorithms, failed or 1968 * successful ones. */ 1969 *reason = unsupported_reason; 1970 return 1; 1971 } 1972 /* fail, we may have reason */ 1973 if(!*reason) 1974 *reason = "no ZONEMD records found"; 1975 if(verbosity >= VERB_ALGO) { 1976 char zstr[255+1]; 1977 dname_str(z->name, zstr); 1978 verbose(VERB_ALGO, "auth-zone %s ZONEMD failed: %s", zstr, *reason); 1979 } 1980 return 0; 1981 } 1982 1983 /** find the apex SOA RRset, if it exists */ 1984 struct auth_rrset* auth_zone_get_soa_rrset(struct auth_zone* z) 1985 { 1986 struct auth_data* apex; 1987 struct auth_rrset* soa; 1988 apex = az_find_name(z, z->name, z->namelen); 1989 if(!apex) return NULL; 1990 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); 1991 return soa; 1992 } 1993 1994 /** find serial number of zone or false if none */ 1995 int 1996 auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) 1997 { 1998 struct auth_data* apex; 1999 struct auth_rrset* soa; 2000 struct packed_rrset_data* d; 2001 apex = az_find_name(z, z->name, z->namelen); 2002 if(!apex) return 0; 2003 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); 2004 if(!soa || soa->data->count==0) 2005 return 0; /* no RRset or no RRs in rrset */ 2006 if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */ 2007 d = soa->data; 2008 *serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20)); 2009 return 1; 2010 } 2011 2012 /** Find auth_zone SOA and populate the values in xfr(soa values). */ 2013 int 2014 xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr) 2015 { 2016 struct auth_data* apex; 2017 struct auth_rrset* soa; 2018 struct packed_rrset_data* d; 2019 apex = az_find_name(z, z->name, z->namelen); 2020 if(!apex) return 0; 2021 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); 2022 if(!soa || soa->data->count==0) 2023 return 0; /* no RRset or no RRs in rrset */ 2024 if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */ 2025 /* SOA record ends with serial, refresh, retry, expiry, minimum, 2026 * as 4 byte fields */ 2027 d = soa->data; 2028 xfr->have_zone = 1; 2029 xfr->serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20)); 2030 xfr->refresh = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-16)); 2031 xfr->retry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-12)); 2032 xfr->expiry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-8)); 2033 /* soa minimum at d->rr_len[0]-4 */ 2034 return 1; 2035 } 2036 2037 /** 2038 * Setup auth_xfer zone 2039 * This populates the have_zone, soa values, and so on times. 2040 * Doesn't do network traffic yet, can set option flags. 2041 * @param z: locked by caller, and modified for setup 2042 * @param x: locked by caller, and modified. 2043 * @return false on failure. 2044 */ 2045 static int 2046 auth_xfer_setup(struct auth_zone* z, struct auth_xfer* x) 2047 { 2048 /* for a zone without zone transfers, x==NULL, so skip them, 2049 * i.e. the zone config is fixed with no masters or urls */ 2050 if(!z || !x) return 1; 2051 if(!xfr_find_soa(z, x)) { 2052 return 1; 2053 } 2054 /* nothing for probe, nextprobe and transfer tasks */ 2055 return 1; 2056 } 2057 2058 /** 2059 * Setup all zones 2060 * @param az: auth zones structure 2061 * @return false on failure. 2062 */ 2063 static int 2064 auth_zones_setup_zones(struct auth_zones* az) 2065 { 2066 struct auth_zone* z; 2067 struct auth_xfer* x; 2068 lock_rw_wrlock(&az->lock); 2069 RBTREE_FOR(z, struct auth_zone*, &az->ztree) { 2070 lock_rw_wrlock(&z->lock); 2071 x = auth_xfer_find(az, z->name, z->namelen, z->dclass); 2072 if(x) { 2073 lock_basic_lock(&x->lock); 2074 } 2075 if(!auth_xfer_setup(z, x)) { 2076 if(x) { 2077 lock_basic_unlock(&x->lock); 2078 } 2079 lock_rw_unlock(&z->lock); 2080 lock_rw_unlock(&az->lock); 2081 return 0; 2082 } 2083 if(x) { 2084 lock_basic_unlock(&x->lock); 2085 } 2086 lock_rw_unlock(&z->lock); 2087 } 2088 lock_rw_unlock(&az->lock); 2089 return 1; 2090 } 2091 2092 /** set config items and create zones */ 2093 static int 2094 auth_zones_cfg(struct auth_zones* az, struct config_auth* c) 2095 { 2096 struct auth_zone* z; 2097 struct auth_xfer* x = NULL; 2098 2099 /* create zone */ 2100 if(c->isrpz) { 2101 /* if the rpz lock is needed, grab it before the other 2102 * locks to avoid a lock dependency cycle */ 2103 lock_rw_wrlock(&az->rpz_lock); 2104 } 2105 lock_rw_wrlock(&az->lock); 2106 if(!(z=auth_zones_find_or_add_zone(az, c->name))) { 2107 lock_rw_unlock(&az->lock); 2108 if(c->isrpz) { 2109 lock_rw_unlock(&az->rpz_lock); 2110 } 2111 return 0; 2112 } 2113 if(c->masters || c->urls) { 2114 if(!(x=auth_zones_find_or_add_xfer(az, z))) { 2115 lock_rw_unlock(&az->lock); 2116 lock_rw_unlock(&z->lock); 2117 if(c->isrpz) { 2118 lock_rw_unlock(&az->rpz_lock); 2119 } 2120 return 0; 2121 } 2122 } 2123 if(c->for_downstream) 2124 az->have_downstream = 1; 2125 lock_rw_unlock(&az->lock); 2126 2127 /* set options */ 2128 z->zone_deleted = 0; 2129 if(!auth_zone_set_zonefile(z, c->zonefile)) { 2130 if(x) { 2131 lock_basic_unlock(&x->lock); 2132 } 2133 lock_rw_unlock(&z->lock); 2134 if(c->isrpz) { 2135 lock_rw_unlock(&az->rpz_lock); 2136 } 2137 return 0; 2138 } 2139 z->for_downstream = c->for_downstream; 2140 z->for_upstream = c->for_upstream; 2141 z->fallback_enabled = c->fallback_enabled; 2142 z->zonemd_check = c->zonemd_check; 2143 z->zonemd_reject_absence = c->zonemd_reject_absence; 2144 if(c->isrpz && !z->rpz){ 2145 if(!(z->rpz = rpz_create(c))){ 2146 fatal_exit("Could not setup RPZ zones"); 2147 return 0; 2148 } 2149 lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz)); 2150 /* the az->rpz_lock is locked above */ 2151 z->rpz_az_next = az->rpz_first; 2152 if(az->rpz_first) 2153 az->rpz_first->rpz_az_prev = z; 2154 az->rpz_first = z; 2155 } 2156 if(c->isrpz) { 2157 lock_rw_unlock(&az->rpz_lock); 2158 } 2159 2160 /* xfer zone */ 2161 if(x) { 2162 z->zone_is_slave = 1; 2163 /* set options on xfer zone */ 2164 if(!xfer_set_masters(&x->task_probe->masters, c, 0)) { 2165 lock_basic_unlock(&x->lock); 2166 lock_rw_unlock(&z->lock); 2167 return 0; 2168 } 2169 if(!xfer_set_masters(&x->task_transfer->masters, c, 1)) { 2170 lock_basic_unlock(&x->lock); 2171 lock_rw_unlock(&z->lock); 2172 return 0; 2173 } 2174 lock_basic_unlock(&x->lock); 2175 } 2176 2177 lock_rw_unlock(&z->lock); 2178 return 1; 2179 } 2180 2181 /** set all auth zones deleted, then in auth_zones_cfg, it marks them 2182 * as nondeleted (if they are still in the config), and then later 2183 * we can find deleted zones */ 2184 static void 2185 az_setall_deleted(struct auth_zones* az) 2186 { 2187 struct auth_zone* z; 2188 lock_rw_wrlock(&az->lock); 2189 RBTREE_FOR(z, struct auth_zone*, &az->ztree) { 2190 lock_rw_wrlock(&z->lock); 2191 z->zone_deleted = 1; 2192 lock_rw_unlock(&z->lock); 2193 } 2194 lock_rw_unlock(&az->lock); 2195 } 2196 2197 /** find zones that are marked deleted and delete them. 2198 * This is called from apply_cfg, and there are no threads and no 2199 * workers, so the xfr can just be deleted. */ 2200 static void 2201 az_delete_deleted_zones(struct auth_zones* az) 2202 { 2203 struct auth_zone* z; 2204 struct auth_zone* delete_list = NULL, *next; 2205 struct auth_xfer* xfr; 2206 lock_rw_wrlock(&az->lock); 2207 RBTREE_FOR(z, struct auth_zone*, &az->ztree) { 2208 lock_rw_wrlock(&z->lock); 2209 if(z->zone_deleted) { 2210 /* we cannot alter the rbtree right now, but 2211 * we can put it on a linked list and then 2212 * delete it */ 2213 z->delete_next = delete_list; 2214 delete_list = z; 2215 } 2216 lock_rw_unlock(&z->lock); 2217 } 2218 /* now we are out of the tree loop and we can loop and delete 2219 * the zones */ 2220 z = delete_list; 2221 while(z) { 2222 next = z->delete_next; 2223 xfr = auth_xfer_find(az, z->name, z->namelen, z->dclass); 2224 if(xfr) { 2225 (void)rbtree_delete(&az->xtree, &xfr->node); 2226 auth_xfer_delete(xfr); 2227 } 2228 (void)rbtree_delete(&az->ztree, &z->node); 2229 auth_zone_delete(z, az); 2230 z = next; 2231 } 2232 lock_rw_unlock(&az->lock); 2233 } 2234 2235 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, 2236 int setup, int* is_rpz, struct module_env* env, 2237 struct module_stack* mods) 2238 { 2239 struct config_auth* p; 2240 az_setall_deleted(az); 2241 for(p = cfg->auths; p; p = p->next) { 2242 if(!p->name || p->name[0] == 0) { 2243 log_warn("auth-zone without a name, skipped"); 2244 continue; 2245 } 2246 *is_rpz = (*is_rpz || p->isrpz); 2247 if(!auth_zones_cfg(az, p)) { 2248 log_err("cannot config auth zone %s", p->name); 2249 return 0; 2250 } 2251 } 2252 az_delete_deleted_zones(az); 2253 if(!auth_zones_read_zones(az, cfg, env, mods)) 2254 return 0; 2255 if(setup) { 2256 if(!auth_zones_setup_zones(az)) 2257 return 0; 2258 } 2259 return 1; 2260 } 2261 2262 /** delete chunks 2263 * @param at: transfer structure with chunks list. The chunks and their 2264 * data are freed. 2265 */ 2266 static void 2267 auth_chunks_delete(struct auth_transfer* at) 2268 { 2269 if(at->chunks_first) { 2270 struct auth_chunk* c, *cn; 2271 c = at->chunks_first; 2272 while(c) { 2273 cn = c->next; 2274 free(c->data); 2275 free(c); 2276 c = cn; 2277 } 2278 } 2279 at->chunks_first = NULL; 2280 at->chunks_last = NULL; 2281 } 2282 2283 /** free master addr list */ 2284 static void 2285 auth_free_master_addrs(struct auth_addr* list) 2286 { 2287 struct auth_addr *n; 2288 while(list) { 2289 n = list->next; 2290 free(list); 2291 list = n; 2292 } 2293 } 2294 2295 /** free the masters list */ 2296 static void 2297 auth_free_masters(struct auth_master* list) 2298 { 2299 struct auth_master* n; 2300 while(list) { 2301 n = list->next; 2302 auth_free_master_addrs(list->list); 2303 free(list->host); 2304 free(list->file); 2305 free(list); 2306 list = n; 2307 } 2308 } 2309 2310 /** delete auth xfer structure 2311 * @param xfr: delete this xfer and its tasks. 2312 */ 2313 static void 2314 auth_xfer_delete(struct auth_xfer* xfr) 2315 { 2316 if(!xfr) return; 2317 lock_basic_destroy(&xfr->lock); 2318 free(xfr->name); 2319 if(xfr->task_nextprobe) { 2320 comm_timer_delete(xfr->task_nextprobe->timer); 2321 free(xfr->task_nextprobe); 2322 } 2323 if(xfr->task_probe) { 2324 auth_free_masters(xfr->task_probe->masters); 2325 comm_point_delete(xfr->task_probe->cp); 2326 comm_timer_delete(xfr->task_probe->timer); 2327 free(xfr->task_probe); 2328 } 2329 if(xfr->task_transfer) { 2330 auth_free_masters(xfr->task_transfer->masters); 2331 comm_point_delete(xfr->task_transfer->cp); 2332 comm_timer_delete(xfr->task_transfer->timer); 2333 if(xfr->task_transfer->chunks_first) { 2334 auth_chunks_delete(xfr->task_transfer); 2335 } 2336 free(xfr->task_transfer); 2337 } 2338 auth_free_masters(xfr->allow_notify_list); 2339 free(xfr); 2340 } 2341 2342 /** helper traverse to delete zones */ 2343 static void 2344 auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg)) 2345 { 2346 struct auth_zone* z = (struct auth_zone*)n->key; 2347 auth_zone_delete(z, NULL); 2348 } 2349 2350 /** helper traverse to delete xfer zones */ 2351 static void 2352 auth_xfer_del(rbnode_type* n, void* ATTR_UNUSED(arg)) 2353 { 2354 struct auth_xfer* z = (struct auth_xfer*)n->key; 2355 auth_xfer_delete(z); 2356 } 2357 2358 void auth_zones_delete(struct auth_zones* az) 2359 { 2360 if(!az) return; 2361 lock_rw_destroy(&az->lock); 2362 lock_rw_destroy(&az->rpz_lock); 2363 traverse_postorder(&az->ztree, auth_zone_del, NULL); 2364 traverse_postorder(&az->xtree, auth_xfer_del, NULL); 2365 free(az); 2366 } 2367 2368 /** true if domain has only nsec3 */ 2369 static int 2370 domain_has_only_nsec3(struct auth_data* n) 2371 { 2372 struct auth_rrset* rrset = n->rrsets; 2373 int nsec3_seen = 0; 2374 while(rrset) { 2375 if(rrset->type == LDNS_RR_TYPE_NSEC3) { 2376 nsec3_seen = 1; 2377 } else if(rrset->type != LDNS_RR_TYPE_RRSIG) { 2378 return 0; 2379 } 2380 rrset = rrset->next; 2381 } 2382 return nsec3_seen; 2383 } 2384 2385 /** see if the domain has a wildcard child '*.domain' */ 2386 static struct auth_data* 2387 az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen) 2388 { 2389 uint8_t wc[LDNS_MAX_DOMAINLEN]; 2390 if(nmlen+2 > sizeof(wc)) 2391 return NULL; /* result would be too long */ 2392 wc[0] = 1; /* length of wildcard label */ 2393 wc[1] = (uint8_t)'*'; /* wildcard label */ 2394 memmove(wc+2, nm, nmlen); 2395 return az_find_name(z, wc, nmlen+2); 2396 } 2397 2398 /** find wildcard between qname and cename */ 2399 static struct auth_data* 2400 az_find_wildcard(struct auth_zone* z, struct query_info* qinfo, 2401 struct auth_data* ce) 2402 { 2403 uint8_t* nm = qinfo->qname; 2404 size_t nmlen = qinfo->qname_len; 2405 struct auth_data* node; 2406 if(!dname_subdomain_c(nm, z->name)) 2407 return NULL; /* out of zone */ 2408 while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) { 2409 /* see if we can go up to find the wildcard */ 2410 if(nmlen == z->namelen) 2411 return NULL; /* top of zone reached */ 2412 if(ce && nmlen == ce->namelen) 2413 return NULL; /* ce reached */ 2414 if(dname_is_root(nm)) 2415 return NULL; /* cannot go up */ 2416 dname_remove_label(&nm, &nmlen); 2417 } 2418 return node; 2419 } 2420 2421 /** domain is not exact, find first candidate ce (name that matches 2422 * a part of qname) in tree */ 2423 static struct auth_data* 2424 az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo, 2425 struct auth_data* n) 2426 { 2427 uint8_t* nm; 2428 size_t nmlen; 2429 if(n) { 2430 nm = dname_get_shared_topdomain(qinfo->qname, n->name); 2431 } else { 2432 nm = qinfo->qname; 2433 } 2434 dname_count_size_labels(nm, &nmlen); 2435 n = az_find_name(z, nm, nmlen); 2436 /* delete labels and go up on name */ 2437 while(!n) { 2438 if(dname_is_root(nm)) 2439 return NULL; /* cannot go up */ 2440 dname_remove_label(&nm, &nmlen); 2441 n = az_find_name(z, nm, nmlen); 2442 } 2443 return n; 2444 } 2445 2446 /** go up the auth tree to next existing name. */ 2447 static struct auth_data* 2448 az_domain_go_up(struct auth_zone* z, struct auth_data* n) 2449 { 2450 uint8_t* nm = n->name; 2451 size_t nmlen = n->namelen; 2452 while(!dname_is_root(nm)) { 2453 dname_remove_label(&nm, &nmlen); 2454 if((n=az_find_name(z, nm, nmlen)) != NULL) 2455 return n; 2456 } 2457 return NULL; 2458 } 2459 2460 /** Find the closest encloser, an name that exists and is above the 2461 * qname. 2462 * return true if the node (param node) is existing, nonobscured and 2463 * can be used to generate answers from. It is then also node_exact. 2464 * returns false if the node is not good enough (or it wasn't node_exact) 2465 * in this case the ce can be filled. 2466 * if ce is NULL, no ce exists, and likely the zone is completely empty, 2467 * not even with a zone apex. 2468 * if ce is nonNULL it is the closest enclosing upper name (that exists 2469 * itself for answer purposes). That name may have DNAME, NS or wildcard 2470 * rrset is the closest DNAME or NS rrset that was found. 2471 */ 2472 static int 2473 az_find_ce(struct auth_zone* z, struct query_info* qinfo, 2474 struct auth_data* node, int node_exact, struct auth_data** ce, 2475 struct auth_rrset** rrset) 2476 { 2477 struct auth_data* n = node; 2478 *ce = NULL; 2479 *rrset = NULL; 2480 if(!node_exact) { 2481 /* if not exact, lookup closest exact match */ 2482 n = az_find_candidate_ce(z, qinfo, n); 2483 } else { 2484 /* if exact, the node itself is the first candidate ce */ 2485 *ce = n; 2486 } 2487 2488 /* no direct answer from nsec3-only domains */ 2489 if(n && domain_has_only_nsec3(n)) { 2490 node_exact = 0; 2491 *ce = NULL; 2492 } 2493 2494 /* with exact matches, walk up the labels until we find the 2495 * delegation, or DNAME or zone end */ 2496 while(n) { 2497 /* see if the current candidate has issues */ 2498 /* not zone apex and has type NS */ 2499 if(n->namelen != z->namelen && 2500 (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) && 2501 /* delegate here, but DS at exact the dp has notype */ 2502 (qinfo->qtype != LDNS_RR_TYPE_DS || 2503 n->namelen != qinfo->qname_len)) { 2504 /* referral */ 2505 /* this is ce and the lowernode is nonexisting */ 2506 *ce = n; 2507 return 0; 2508 } 2509 /* not equal to qname and has type DNAME */ 2510 if(n->namelen != qinfo->qname_len && 2511 (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) { 2512 /* this is ce and the lowernode is nonexisting */ 2513 *ce = n; 2514 return 0; 2515 } 2516 2517 if(*ce == NULL && !domain_has_only_nsec3(n)) { 2518 /* if not found yet, this exact name must be 2519 * our lowest match (but not nsec3onlydomain) */ 2520 *ce = n; 2521 } 2522 2523 /* walk up the tree by removing labels from name and lookup */ 2524 n = az_domain_go_up(z, n); 2525 } 2526 /* found no problems, if it was an exact node, it is fine to use */ 2527 return node_exact; 2528 } 2529 2530 /** add additional A/AAAA from domain names in rrset rdata (+offset) 2531 * offset is number of bytes in rdata where the dname is located. */ 2532 static int 2533 az_add_additionals_from(struct auth_zone* z, struct regional* region, 2534 struct dns_msg* msg, struct auth_rrset* rrset, size_t offset) 2535 { 2536 struct packed_rrset_data* d = rrset->data; 2537 size_t i; 2538 if(!d) return 0; 2539 for(i=0; i<d->count; i++) { 2540 size_t dlen; 2541 struct auth_data* domain; 2542 struct auth_rrset* ref; 2543 if(d->rr_len[i] < 2+offset) 2544 continue; /* too short */ 2545 if(!(dlen = dname_valid(d->rr_data[i]+2+offset, 2546 d->rr_len[i]-2-offset))) 2547 continue; /* malformed */ 2548 domain = az_find_name(z, d->rr_data[i]+2+offset, dlen); 2549 if(!domain) 2550 continue; 2551 if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_A)) != NULL) { 2552 if(!msg_add_rrset_ar(z, region, msg, domain, ref)) 2553 return 0; 2554 } 2555 if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_AAAA)) != NULL) { 2556 if(!msg_add_rrset_ar(z, region, msg, domain, ref)) 2557 return 0; 2558 } 2559 } 2560 return 1; 2561 } 2562 2563 /** add negative SOA record (with negative TTL) */ 2564 static int 2565 az_add_negative_soa(struct auth_zone* z, struct regional* region, 2566 struct dns_msg* msg) 2567 { 2568 time_t minimum; 2569 size_t i; 2570 struct packed_rrset_data* d; 2571 struct auth_rrset* soa; 2572 struct auth_data* apex = az_find_name(z, z->name, z->namelen); 2573 if(!apex) return 0; 2574 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); 2575 if(!soa) return 0; 2576 /* must be first to put in message; we want to fix the TTL with 2577 * one RRset here, otherwise we'd need to loop over the RRs to get 2578 * the resulting lower TTL */ 2579 log_assert(msg->rep->rrset_count == 0); 2580 if(!msg_add_rrset_ns(z, region, msg, apex, soa)) return 0; 2581 /* fixup TTL */ 2582 d = (struct packed_rrset_data*)msg->rep->rrsets[msg->rep->rrset_count-1]->entry.data; 2583 /* last 4 bytes are minimum ttl in network format */ 2584 if(d->count == 0) return 0; 2585 if(d->rr_len[0] < 2+4) return 0; 2586 minimum = (time_t)sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4)); 2587 minimum = d->ttl<minimum?d->ttl:minimum; 2588 d->ttl = minimum; 2589 for(i=0; i < d->count + d->rrsig_count; i++) 2590 d->rr_ttl[i] = minimum; 2591 msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]); 2592 msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); 2593 msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; 2594 return 1; 2595 } 2596 2597 /** See if the query goes to empty nonterminal (that has no auth_data, 2598 * but there are nodes underneath. We already checked that there are 2599 * not NS, or DNAME above, so that we only need to check if some node 2600 * exists below (with nonempty rr list), return true if emptynonterminal */ 2601 static int 2602 az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo, 2603 struct auth_data* node) 2604 { 2605 struct auth_data* next; 2606 if(!node) { 2607 /* no smaller was found, use first (smallest) node as the 2608 * next one */ 2609 next = (struct auth_data*)rbtree_first(&z->data); 2610 } else { 2611 next = (struct auth_data*)rbtree_next(&node->node); 2612 } 2613 while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) { 2614 /* the next name has empty rrsets, is an empty nonterminal 2615 * itself, see if there exists something below it */ 2616 next = (struct auth_data*)rbtree_next(&node->node); 2617 } 2618 if((rbnode_type*)next == RBTREE_NULL || !next) { 2619 /* there is no next node, so something below it cannot 2620 * exist */ 2621 return 0; 2622 } 2623 /* a next node exists, if there was something below the query, 2624 * this node has to be it. See if it is below the query name */ 2625 if(dname_strict_subdomain_c(next->name, qinfo->qname)) 2626 return 1; 2627 return 0; 2628 } 2629 2630 /** create synth cname target name in buffer, or fail if too long */ 2631 static size_t 2632 synth_cname_buf(uint8_t* qname, size_t qname_len, size_t dname_len, 2633 uint8_t* dtarg, size_t dtarglen, uint8_t* buf, size_t buflen) 2634 { 2635 size_t newlen = qname_len + dtarglen - dname_len; 2636 if(newlen > buflen) { 2637 /* YXDOMAIN error */ 2638 return 0; 2639 } 2640 /* new name is concatenation of qname front (without DNAME owner) 2641 * and DNAME target name */ 2642 memcpy(buf, qname, qname_len-dname_len); 2643 memmove(buf+(qname_len-dname_len), dtarg, dtarglen); 2644 return newlen; 2645 } 2646 2647 /** create synthetic CNAME rrset for in a DNAME answer in region, 2648 * false on alloc failure, cname==NULL when name too long. */ 2649 static int 2650 create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region, 2651 struct auth_data* node, struct auth_rrset* dname, uint16_t dclass, 2652 struct ub_packed_rrset_key** cname) 2653 { 2654 uint8_t buf[LDNS_MAX_DOMAINLEN]; 2655 uint8_t* dtarg; 2656 size_t dtarglen, newlen; 2657 struct packed_rrset_data* d; 2658 2659 /* get DNAME target name */ 2660 if(dname->data->count < 1) return 0; 2661 if(dname->data->rr_len[0] < 3) return 0; /* at least rdatalen +1 */ 2662 dtarg = dname->data->rr_data[0]+2; 2663 dtarglen = dname->data->rr_len[0]-2; 2664 if(sldns_read_uint16(dname->data->rr_data[0]) != dtarglen) 2665 return 0; /* rdatalen in DNAME rdata is malformed */ 2666 if(dname_valid(dtarg, dtarglen) != dtarglen) 2667 return 0; /* DNAME RR has malformed rdata */ 2668 if(qname_len == 0) 2669 return 0; /* too short */ 2670 if(qname_len <= node->namelen) 2671 return 0; /* qname too short for dname removal */ 2672 2673 /* synthesize a CNAME */ 2674 newlen = synth_cname_buf(qname, qname_len, node->namelen, 2675 dtarg, dtarglen, buf, sizeof(buf)); 2676 if(newlen == 0) { 2677 /* YXDOMAIN error */ 2678 *cname = NULL; 2679 return 1; 2680 } 2681 *cname = (struct ub_packed_rrset_key*)regional_alloc(region, 2682 sizeof(struct ub_packed_rrset_key)); 2683 if(!*cname) 2684 return 0; /* out of memory */ 2685 memset(&(*cname)->entry, 0, sizeof((*cname)->entry)); 2686 (*cname)->entry.key = (*cname); 2687 (*cname)->rk.type = htons(LDNS_RR_TYPE_CNAME); 2688 (*cname)->rk.rrset_class = htons(dclass); 2689 (*cname)->rk.flags = 0; 2690 (*cname)->rk.dname = regional_alloc_init(region, qname, qname_len); 2691 if(!(*cname)->rk.dname) 2692 return 0; /* out of memory */ 2693 (*cname)->rk.dname_len = qname_len; 2694 (*cname)->entry.hash = rrset_key_hash(&(*cname)->rk); 2695 d = (struct packed_rrset_data*)regional_alloc_zero(region, 2696 sizeof(struct packed_rrset_data) + sizeof(size_t) + 2697 sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t) 2698 + newlen); 2699 if(!d) 2700 return 0; /* out of memory */ 2701 (*cname)->entry.data = d; 2702 d->ttl = 0; /* 0 for synthesized CNAME TTL */ 2703 d->count = 1; 2704 d->rrsig_count = 0; 2705 d->trust = rrset_trust_ans_noAA; 2706 d->rr_len = (size_t*)((uint8_t*)d + 2707 sizeof(struct packed_rrset_data)); 2708 d->rr_len[0] = newlen + sizeof(uint16_t); 2709 packed_rrset_ptr_fixup(d); 2710 d->rr_ttl[0] = d->ttl; 2711 sldns_write_uint16(d->rr_data[0], newlen); 2712 memmove(d->rr_data[0] + sizeof(uint16_t), buf, newlen); 2713 return 1; 2714 } 2715 2716 /** add a synthesized CNAME to the answer section */ 2717 static int 2718 add_synth_cname(struct auth_zone* z, uint8_t* qname, size_t qname_len, 2719 struct regional* region, struct dns_msg* msg, struct auth_data* dname, 2720 struct auth_rrset* rrset) 2721 { 2722 struct ub_packed_rrset_key* cname; 2723 /* synthesize a CNAME */ 2724 if(!create_synth_cname(qname, qname_len, region, dname, rrset, 2725 z->dclass, &cname)) { 2726 /* out of memory */ 2727 return 0; 2728 } 2729 if(!cname) { 2730 /* cname cannot be create because of YXDOMAIN */ 2731 msg->rep->flags |= LDNS_RCODE_YXDOMAIN; 2732 return 1; 2733 } 2734 /* add cname to message */ 2735 if(!msg_grow_array(region, msg)) 2736 return 0; 2737 msg->rep->rrsets[msg->rep->rrset_count] = cname; 2738 msg->rep->rrset_count++; 2739 msg->rep->an_numrrsets++; 2740 msg_ttl(msg); 2741 return 1; 2742 } 2743 2744 /** Change a dname to a different one, for wildcard namechange */ 2745 static void 2746 az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname, 2747 size_t newlen, int an_only) 2748 { 2749 size_t i; 2750 size_t start = 0, end = msg->rep->rrset_count; 2751 if(!an_only) start = msg->rep->an_numrrsets; 2752 if(an_only) end = msg->rep->an_numrrsets; 2753 for(i=start; i<end; i++) { 2754 /* allocated in region so we can change the ptrs */ 2755 if(query_dname_compare(msg->rep->rrsets[i]->rk.dname, oldname) 2756 == 0) { 2757 msg->rep->rrsets[i]->rk.dname = newname; 2758 msg->rep->rrsets[i]->rk.dname_len = newlen; 2759 } 2760 } 2761 } 2762 2763 /** find NSEC record covering the query */ 2764 static struct auth_rrset* 2765 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node) 2766 { 2767 uint8_t* nm = (*node)->name; 2768 size_t nmlen = (*node)->namelen; 2769 struct auth_rrset* rrset; 2770 /* find the NSEC for the smallest-or-equal node */ 2771 /* if node == NULL, we did not find a smaller name. But the zone 2772 * name is the smallest name and should have an NSEC. So there is 2773 * no NSEC to return (for a properly signed zone) */ 2774 /* for empty nonterminals, the auth-data node should not exist, 2775 * and thus we don't need to go rbtree_previous here to find 2776 * a domain with an NSEC record */ 2777 /* but there could be glue, and if this is node, then it has no NSEC. 2778 * Go up to find nonglue (previous) NSEC-holding nodes */ 2779 while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) { 2780 if(dname_is_root(nm)) return NULL; 2781 if(nmlen == z->namelen) return NULL; 2782 dname_remove_label(&nm, &nmlen); 2783 /* adjust *node for the nsec rrset to find in */ 2784 *node = az_find_name(z, nm, nmlen); 2785 } 2786 return rrset; 2787 } 2788 2789 /** Find NSEC and add for wildcard denial */ 2790 static int 2791 az_nsec_wildcard_denial(struct auth_zone* z, struct regional* region, 2792 struct dns_msg* msg, uint8_t* cenm, size_t cenmlen) 2793 { 2794 struct query_info qinfo; 2795 int node_exact; 2796 struct auth_data* node; 2797 struct auth_rrset* nsec; 2798 uint8_t wc[LDNS_MAX_DOMAINLEN]; 2799 if(cenmlen+2 > sizeof(wc)) 2800 return 0; /* result would be too long */ 2801 wc[0] = 1; /* length of wildcard label */ 2802 wc[1] = (uint8_t)'*'; /* wildcard label */ 2803 memmove(wc+2, cenm, cenmlen); 2804 2805 /* we have '*.ce' in wc wildcard name buffer */ 2806 /* get nsec cover for that */ 2807 qinfo.qname = wc; 2808 qinfo.qname_len = cenmlen+2; 2809 qinfo.qtype = 0; 2810 qinfo.qclass = 0; 2811 az_find_domain(z, &qinfo, &node_exact, &node); 2812 if((nsec=az_find_nsec_cover(z, &node)) != NULL) { 2813 if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0; 2814 } 2815 return 1; 2816 } 2817 2818 /** Find the NSEC3PARAM rrset (if any) and if true you have the parameters */ 2819 static int 2820 az_nsec3_param(struct auth_zone* z, int* algo, size_t* iter, uint8_t** salt, 2821 size_t* saltlen) 2822 { 2823 struct auth_data* apex; 2824 struct auth_rrset* param; 2825 size_t i; 2826 apex = az_find_name(z, z->name, z->namelen); 2827 if(!apex) return 0; 2828 param = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC3PARAM); 2829 if(!param || param->data->count==0) 2830 return 0; /* no RRset or no RRs in rrset */ 2831 /* find out which NSEC3PARAM RR has supported parameters */ 2832 /* skip unknown flags (dynamic signer is recalculating nsec3 chain) */ 2833 for(i=0; i<param->data->count; i++) { 2834 uint8_t* rdata = param->data->rr_data[i]+2; 2835 size_t rdatalen = param->data->rr_len[i]; 2836 if(rdatalen < 2+5) 2837 continue; /* too short */ 2838 if(!nsec3_hash_algo_size_supported((int)(rdata[0]))) 2839 continue; /* unsupported algo */ 2840 if(rdatalen < (size_t)(2+5+(size_t)rdata[4])) 2841 continue; /* salt missing */ 2842 if((rdata[1]&NSEC3_UNKNOWN_FLAGS)!=0) 2843 continue; /* unknown flags */ 2844 *algo = (int)(rdata[0]); 2845 *iter = sldns_read_uint16(rdata+2); 2846 *saltlen = rdata[4]; 2847 if(*saltlen == 0) 2848 *salt = NULL; 2849 else *salt = rdata+5; 2850 return 1; 2851 } 2852 /* no supported params */ 2853 return 0; 2854 } 2855 2856 /** Hash a name with nsec3param into buffer, it has zone name appended. 2857 * return length of hash */ 2858 static size_t 2859 az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen, 2860 int algo, size_t iter, uint8_t* salt, size_t saltlen) 2861 { 2862 size_t hlen = nsec3_hash_algo_size_supported(algo); 2863 /* buffer has domain name, nsec3hash, and 256 is for max saltlen 2864 * (salt has 0-255 length) */ 2865 unsigned char p[LDNS_MAX_DOMAINLEN+1+N3HASHBUFLEN+256]; 2866 size_t i; 2867 if(nmlen+saltlen > sizeof(p) || hlen+saltlen > sizeof(p)) 2868 return 0; 2869 if(hlen > buflen) 2870 return 0; /* somehow too large for destination buffer */ 2871 /* hashfunc(name, salt) */ 2872 memmove(p, nm, nmlen); 2873 query_dname_tolower(p); 2874 if(salt && saltlen > 0) 2875 memmove(p+nmlen, salt, saltlen); 2876 (void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf); 2877 for(i=0; i<iter; i++) { 2878 /* hashfunc(hash, salt) */ 2879 memmove(p, buf, hlen); 2880 if(salt && saltlen > 0) 2881 memmove(p+hlen, salt, saltlen); 2882 (void)secalgo_nsec3_hash(algo, p, hlen+saltlen, 2883 (unsigned char*)buf); 2884 } 2885 return hlen; 2886 } 2887 2888 /** Hash name and return b32encoded hashname for lookup, zone name appended */ 2889 static int 2890 az_nsec3_hashname(struct auth_zone* z, uint8_t* hashname, size_t* hashnmlen, 2891 uint8_t* nm, size_t nmlen, int algo, size_t iter, uint8_t* salt, 2892 size_t saltlen) 2893 { 2894 uint8_t hash[N3HASHBUFLEN]; 2895 size_t hlen; 2896 int ret; 2897 hlen = az_nsec3_hash(hash, sizeof(hash), nm, nmlen, algo, iter, 2898 salt, saltlen); 2899 if(!hlen) return 0; 2900 /* b32 encode */ 2901 if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */ 2902 return 0; 2903 ret = sldns_b32_ntop_extended_hex(hash, hlen, (char*)(hashname+1), 2904 (*hashnmlen)-1); 2905 if(ret<1) 2906 return 0; 2907 hashname[0] = (uint8_t)ret; 2908 ret++; 2909 if((*hashnmlen) - ret < z->namelen) 2910 return 0; 2911 memmove(hashname+ret, z->name, z->namelen); 2912 *hashnmlen = z->namelen+(size_t)ret; 2913 return 1; 2914 } 2915 2916 /** Find the datanode that covers the nsec3hash-name */ 2917 static struct auth_data* 2918 az_nsec3_findnode(struct auth_zone* z, uint8_t* hashnm, size_t hashnmlen) 2919 { 2920 struct query_info qinfo; 2921 struct auth_data* node; 2922 int node_exact; 2923 qinfo.qclass = 0; 2924 qinfo.qtype = 0; 2925 qinfo.qname = hashnm; 2926 qinfo.qname_len = hashnmlen; 2927 /* because canonical ordering and b32 nsec3 ordering are the same. 2928 * this is a good lookup to find the nsec3 name. */ 2929 az_find_domain(z, &qinfo, &node_exact, &node); 2930 /* but we may have to skip non-nsec3 nodes */ 2931 /* this may be a lot, the way to speed that up is to have a 2932 * separate nsec3 tree with nsec3 nodes */ 2933 while(node && (rbnode_type*)node != RBTREE_NULL && 2934 !az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) { 2935 node = (struct auth_data*)rbtree_previous(&node->node); 2936 } 2937 if((rbnode_type*)node == RBTREE_NULL) 2938 node = NULL; 2939 return node; 2940 } 2941 2942 /** Find cover for hashed(nm, nmlen) (or NULL) */ 2943 static struct auth_data* 2944 az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen, 2945 int algo, size_t iter, uint8_t* salt, size_t saltlen) 2946 { 2947 struct auth_data* node; 2948 uint8_t hname[LDNS_MAX_DOMAINLEN]; 2949 size_t hlen = sizeof(hname); 2950 if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter, 2951 salt, saltlen)) 2952 return NULL; 2953 node = az_nsec3_findnode(z, hname, hlen); 2954 if(node) 2955 return node; 2956 /* we did not find any, perhaps because the NSEC3 hash is before 2957 * the first hash, we have to find the 'last hash' in the zone */ 2958 node = (struct auth_data*)rbtree_last(&z->data); 2959 while(node && (rbnode_type*)node != RBTREE_NULL && 2960 !az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) { 2961 node = (struct auth_data*)rbtree_previous(&node->node); 2962 } 2963 if((rbnode_type*)node == RBTREE_NULL) 2964 node = NULL; 2965 return node; 2966 } 2967 2968 /** Find exact match for hashed(nm, nmlen) NSEC3 record or NULL */ 2969 static struct auth_data* 2970 az_nsec3_find_exact(struct auth_zone* z, uint8_t* nm, size_t nmlen, 2971 int algo, size_t iter, uint8_t* salt, size_t saltlen) 2972 { 2973 struct auth_data* node; 2974 uint8_t hname[LDNS_MAX_DOMAINLEN]; 2975 size_t hlen = sizeof(hname); 2976 if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter, 2977 salt, saltlen)) 2978 return NULL; 2979 node = az_find_name(z, hname, hlen); 2980 if(az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) 2981 return node; 2982 return NULL; 2983 } 2984 2985 /** Return nextcloser name (as a ref into the qname). This is one label 2986 * more than the cenm (cename must be a suffix of qname) */ 2987 static void 2988 az_nsec3_get_nextcloser(uint8_t* cenm, uint8_t* qname, size_t qname_len, 2989 uint8_t** nx, size_t* nxlen) 2990 { 2991 int celabs = dname_count_labels(cenm); 2992 int qlabs = dname_count_labels(qname); 2993 int strip = qlabs - celabs -1; 2994 log_assert(dname_strict_subdomain(qname, qlabs, cenm, celabs)); 2995 *nx = qname; 2996 *nxlen = qname_len; 2997 if(strip>0) 2998 dname_remove_labels(nx, nxlen, strip); 2999 } 3000 3001 /** Find the closest encloser that has exact NSEC3. 3002 * updated cenm to the new name. If it went up no-exact-ce is true. */ 3003 static struct auth_data* 3004 az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen, 3005 int* no_exact_ce, int algo, size_t iter, uint8_t* salt, size_t saltlen) 3006 { 3007 struct auth_data* node; 3008 while((node = az_nsec3_find_exact(z, *cenm, *cenmlen, 3009 algo, iter, salt, saltlen)) == NULL) { 3010 if(*cenmlen == z->namelen) { 3011 /* next step up would take us out of the zone. fail */ 3012 return NULL; 3013 } 3014 *no_exact_ce = 1; 3015 dname_remove_label(cenm, cenmlen); 3016 } 3017 return node; 3018 } 3019 3020 /* Insert NSEC3 record in authority section, if NULL does nothing */ 3021 static int 3022 az_nsec3_insert(struct auth_zone* z, struct regional* region, 3023 struct dns_msg* msg, struct auth_data* node) 3024 { 3025 struct auth_rrset* nsec3; 3026 if(!node) return 1; /* no node, skip this */ 3027 nsec3 = az_domain_rrset(node, LDNS_RR_TYPE_NSEC3); 3028 if(!nsec3) return 1; /* if no nsec3 RR, skip it */ 3029 if(!msg_add_rrset_ns(z, region, msg, node, nsec3)) return 0; 3030 return 1; 3031 } 3032 3033 /** add NSEC3 records to the zone for the nsec3 proof. 3034 * Specify with the flags with parts of the proof are required. 3035 * the ce is the exact matching name (for notype) but also delegation points. 3036 * qname is the one where the nextcloser name can be derived from. 3037 * If NSEC3 is not properly there (in the zone) nothing is added. 3038 * always enabled: include nsec3 proving about the Closest Encloser. 3039 * that is an exact match that should exist for it. 3040 * If that does not exist, a higher exact match + nxproof is enabled 3041 * (for some sort of opt-out empty nonterminal cases). 3042 * nodataproof: search for exact match and include that instead. 3043 * ceproof: include ce proof NSEC3 (omitted for wildcard replies). 3044 * nxproof: include denial of the qname. 3045 * wcproof: include denial of wildcard (wildcard.ce). 3046 */ 3047 static int 3048 az_add_nsec3_proof(struct auth_zone* z, struct regional* region, 3049 struct dns_msg* msg, uint8_t* cenm, size_t cenmlen, uint8_t* qname, 3050 size_t qname_len, int nodataproof, int ceproof, int nxproof, 3051 int wcproof) 3052 { 3053 int algo; 3054 size_t iter, saltlen; 3055 uint8_t* salt; 3056 int no_exact_ce = 0; 3057 struct auth_data* node; 3058 3059 /* find parameters of nsec3 proof */ 3060 if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) 3061 return 1; /* no nsec3 */ 3062 if(nodataproof) { 3063 /* see if the node has a hash of itself for the nodata 3064 * proof nsec3, this has to be an exact match nsec3. */ 3065 struct auth_data* match; 3066 match = az_nsec3_find_exact(z, qname, qname_len, algo, 3067 iter, salt, saltlen); 3068 if(match) { 3069 if(!az_nsec3_insert(z, region, msg, match)) 3070 return 0; 3071 /* only nodata NSEC3 needed, no CE or others. */ 3072 return 1; 3073 } 3074 } 3075 /* find ce that has an NSEC3 */ 3076 if(ceproof) { 3077 node = az_nsec3_find_ce(z, &cenm, &cenmlen, &no_exact_ce, 3078 algo, iter, salt, saltlen); 3079 if(no_exact_ce) nxproof = 1; 3080 if(!az_nsec3_insert(z, region, msg, node)) 3081 return 0; 3082 } 3083 3084 if(nxproof) { 3085 uint8_t* nx; 3086 size_t nxlen; 3087 /* create nextcloser domain name */ 3088 az_nsec3_get_nextcloser(cenm, qname, qname_len, &nx, &nxlen); 3089 /* find nsec3 that matches or covers it */ 3090 node = az_nsec3_find_cover(z, nx, nxlen, algo, iter, salt, 3091 saltlen); 3092 if(!az_nsec3_insert(z, region, msg, node)) 3093 return 0; 3094 } 3095 if(wcproof) { 3096 /* create wildcard name *.ce */ 3097 uint8_t wc[LDNS_MAX_DOMAINLEN]; 3098 size_t wclen; 3099 if(cenmlen+2 > sizeof(wc)) 3100 return 0; /* result would be too long */ 3101 wc[0] = 1; /* length of wildcard label */ 3102 wc[1] = (uint8_t)'*'; /* wildcard label */ 3103 memmove(wc+2, cenm, cenmlen); 3104 wclen = cenmlen+2; 3105 /* find nsec3 that matches or covers it */ 3106 node = az_nsec3_find_cover(z, wc, wclen, algo, iter, salt, 3107 saltlen); 3108 if(!az_nsec3_insert(z, region, msg, node)) 3109 return 0; 3110 } 3111 return 1; 3112 } 3113 3114 /** generate answer for positive answer */ 3115 static int 3116 az_generate_positive_answer(struct auth_zone* z, struct regional* region, 3117 struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset) 3118 { 3119 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3120 /* see if we want additional rrs */ 3121 if(rrset->type == LDNS_RR_TYPE_MX) { 3122 if(!az_add_additionals_from(z, region, msg, rrset, 2)) 3123 return 0; 3124 } else if(rrset->type == LDNS_RR_TYPE_SRV) { 3125 if(!az_add_additionals_from(z, region, msg, rrset, 6)) 3126 return 0; 3127 } else if(rrset->type == LDNS_RR_TYPE_NS) { 3128 if(!az_add_additionals_from(z, region, msg, rrset, 0)) 3129 return 0; 3130 } 3131 return 1; 3132 } 3133 3134 /** generate answer for type ANY answer */ 3135 static int 3136 az_generate_any_answer(struct auth_zone* z, struct regional* region, 3137 struct dns_msg* msg, struct auth_data* node) 3138 { 3139 struct auth_rrset* rrset; 3140 int added = 0; 3141 /* add a couple (at least one) RRs */ 3142 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_SOA)) != NULL) { 3143 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3144 added++; 3145 } 3146 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_MX)) != NULL) { 3147 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3148 added++; 3149 } 3150 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_A)) != NULL) { 3151 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3152 added++; 3153 } 3154 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_AAAA)) != NULL) { 3155 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3156 added++; 3157 } 3158 if(added == 0 && node && node->rrsets) { 3159 if(!msg_add_rrset_an(z, region, msg, node, 3160 node->rrsets)) return 0; 3161 } 3162 return 1; 3163 } 3164 3165 /** follow cname chain and add more data to the answer section */ 3166 static int 3167 follow_cname_chain(struct auth_zone* z, uint16_t qtype, 3168 struct regional* region, struct dns_msg* msg, 3169 struct packed_rrset_data* d) 3170 { 3171 int maxchain = 0; 3172 /* see if we can add the target of the CNAME into the answer */ 3173 while(maxchain++ < MAX_CNAME_CHAIN) { 3174 struct auth_data* node; 3175 struct auth_rrset* rrset; 3176 size_t clen; 3177 /* d has cname rdata */ 3178 if(d->count == 0) break; /* no CNAME */ 3179 if(d->rr_len[0] < 2+1) break; /* too small */ 3180 if((clen=dname_valid(d->rr_data[0]+2, d->rr_len[0]-2))==0) 3181 break; /* malformed */ 3182 if(!dname_subdomain_c(d->rr_data[0]+2, z->name)) 3183 break; /* target out of zone */ 3184 if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL) 3185 break; /* no such target name */ 3186 if((rrset=az_domain_rrset(node, qtype))!=NULL) { 3187 /* done we found the target */ 3188 if(!msg_add_rrset_an(z, region, msg, node, rrset)) 3189 return 0; 3190 break; 3191 } 3192 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME))==NULL) 3193 break; /* no further CNAME chain, notype */ 3194 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3195 d = rrset->data; 3196 } 3197 return 1; 3198 } 3199 3200 /** generate answer for cname answer */ 3201 static int 3202 az_generate_cname_answer(struct auth_zone* z, struct query_info* qinfo, 3203 struct regional* region, struct dns_msg* msg, 3204 struct auth_data* node, struct auth_rrset* rrset) 3205 { 3206 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0; 3207 if(!rrset) return 1; 3208 if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data)) 3209 return 0; 3210 return 1; 3211 } 3212 3213 /** generate answer for notype answer */ 3214 static int 3215 az_generate_notype_answer(struct auth_zone* z, struct regional* region, 3216 struct dns_msg* msg, struct auth_data* node) 3217 { 3218 struct auth_rrset* rrset; 3219 if(!az_add_negative_soa(z, region, msg)) return 0; 3220 /* DNSSEC denial NSEC */ 3221 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_NSEC))!=NULL) { 3222 if(!msg_add_rrset_ns(z, region, msg, node, rrset)) return 0; 3223 } else if(node) { 3224 /* DNSSEC denial NSEC3 */ 3225 if(!az_add_nsec3_proof(z, region, msg, node->name, 3226 node->namelen, msg->qinfo.qname, 3227 msg->qinfo.qname_len, 1, 1, 0, 0)) 3228 return 0; 3229 } 3230 return 1; 3231 } 3232 3233 /** generate answer for referral answer */ 3234 static int 3235 az_generate_referral_answer(struct auth_zone* z, struct regional* region, 3236 struct dns_msg* msg, struct auth_data* ce, struct auth_rrset* rrset) 3237 { 3238 struct auth_rrset* ds, *nsec; 3239 /* turn off AA flag, referral is nonAA because it leaves the zone */ 3240 log_assert(ce); 3241 msg->rep->flags &= ~BIT_AA; 3242 if(!msg_add_rrset_ns(z, region, msg, ce, rrset)) return 0; 3243 /* add DS or deny it */ 3244 if((ds=az_domain_rrset(ce, LDNS_RR_TYPE_DS))!=NULL) { 3245 if(!msg_add_rrset_ns(z, region, msg, ce, ds)) return 0; 3246 } else { 3247 /* deny the DS */ 3248 if((nsec=az_domain_rrset(ce, LDNS_RR_TYPE_NSEC))!=NULL) { 3249 if(!msg_add_rrset_ns(z, region, msg, ce, nsec)) 3250 return 0; 3251 } else { 3252 if(!az_add_nsec3_proof(z, region, msg, ce->name, 3253 ce->namelen, msg->qinfo.qname, 3254 msg->qinfo.qname_len, 1, 1, 0, 0)) 3255 return 0; 3256 } 3257 } 3258 /* add additional rrs for type NS */ 3259 if(!az_add_additionals_from(z, region, msg, rrset, 0)) return 0; 3260 return 1; 3261 } 3262 3263 /** generate answer for DNAME answer */ 3264 static int 3265 az_generate_dname_answer(struct auth_zone* z, struct query_info* qinfo, 3266 struct regional* region, struct dns_msg* msg, struct auth_data* ce, 3267 struct auth_rrset* rrset) 3268 { 3269 log_assert(ce); 3270 /* add the DNAME and then a CNAME */ 3271 if(!msg_add_rrset_an(z, region, msg, ce, rrset)) return 0; 3272 if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region, 3273 msg, ce, rrset)) return 0; 3274 if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_YXDOMAIN) 3275 return 1; 3276 if(msg->rep->rrset_count == 0 || 3277 !msg->rep->rrsets[msg->rep->rrset_count-1]) 3278 return 0; 3279 if(!follow_cname_chain(z, qinfo->qtype, region, msg, 3280 (struct packed_rrset_data*)msg->rep->rrsets[ 3281 msg->rep->rrset_count-1]->entry.data)) 3282 return 0; 3283 return 1; 3284 } 3285 3286 /** generate answer for wildcard answer */ 3287 static int 3288 az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo, 3289 struct regional* region, struct dns_msg* msg, struct auth_data* ce, 3290 struct auth_data* wildcard, struct auth_data* node) 3291 { 3292 struct auth_rrset* rrset, *nsec; 3293 int insert_ce = 0; 3294 if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) { 3295 /* wildcard has type, add it */ 3296 if(!msg_add_rrset_an(z, region, msg, wildcard, rrset)) 3297 return 0; 3298 az_change_dnames(msg, wildcard->name, msg->qinfo.qname, 3299 msg->qinfo.qname_len, 1); 3300 } else if((rrset=az_domain_rrset(wildcard, LDNS_RR_TYPE_CNAME))!=NULL) { 3301 /* wildcard has cname instead, do that */ 3302 if(!msg_add_rrset_an(z, region, msg, wildcard, rrset)) 3303 return 0; 3304 az_change_dnames(msg, wildcard->name, msg->qinfo.qname, 3305 msg->qinfo.qname_len, 1); 3306 if(!follow_cname_chain(z, qinfo->qtype, region, msg, 3307 rrset->data)) 3308 return 0; 3309 } else if(qinfo->qtype == LDNS_RR_TYPE_ANY && wildcard->rrsets) { 3310 /* add ANY rrsets from wildcard node */ 3311 if(!az_generate_any_answer(z, region, msg, wildcard)) 3312 return 0; 3313 az_change_dnames(msg, wildcard->name, msg->qinfo.qname, 3314 msg->qinfo.qname_len, 1); 3315 } else { 3316 /* wildcard has nodata, notype answer */ 3317 /* call other notype routine for dnssec notype denials */ 3318 if(!az_generate_notype_answer(z, region, msg, wildcard)) 3319 return 0; 3320 /* because the notype, there is no positive data with an 3321 * RRSIG that indicates the wildcard position. Thus the 3322 * wildcard qname denial needs to have a CE nsec3. */ 3323 insert_ce = 1; 3324 } 3325 3326 /* ce and node for dnssec denial of wildcard original name */ 3327 if((nsec=az_find_nsec_cover(z, &node)) != NULL) { 3328 if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0; 3329 } else if(ce) { 3330 uint8_t* wildup = wildcard->name; 3331 size_t wilduplen= wildcard->namelen; 3332 dname_remove_label(&wildup, &wilduplen); 3333 if(!az_add_nsec3_proof(z, region, msg, wildup, 3334 wilduplen, msg->qinfo.qname, 3335 msg->qinfo.qname_len, 0, insert_ce, 1, 0)) 3336 return 0; 3337 } 3338 3339 /* fixup name of wildcard from *.zone to qname, use already allocated 3340 * pointer to msg qname */ 3341 az_change_dnames(msg, wildcard->name, msg->qinfo.qname, 3342 msg->qinfo.qname_len, 0); 3343 return 1; 3344 } 3345 3346 /** generate answer for nxdomain answer */ 3347 static int 3348 az_generate_nxdomain_answer(struct auth_zone* z, struct regional* region, 3349 struct dns_msg* msg, struct auth_data* ce, struct auth_data* node) 3350 { 3351 struct auth_rrset* nsec; 3352 msg->rep->flags |= LDNS_RCODE_NXDOMAIN; 3353 if(!az_add_negative_soa(z, region, msg)) return 0; 3354 if((nsec=az_find_nsec_cover(z, &node)) != NULL) { 3355 if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0; 3356 if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name, 3357 ce->namelen)) return 0; 3358 } else if(ce) { 3359 if(!az_add_nsec3_proof(z, region, msg, ce->name, 3360 ce->namelen, msg->qinfo.qname, 3361 msg->qinfo.qname_len, 0, 1, 1, 1)) 3362 return 0; 3363 } 3364 return 1; 3365 } 3366 3367 /** Create answers when an exact match exists for the domain name */ 3368 static int 3369 az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo, 3370 struct regional* region, struct dns_msg* msg, struct auth_data* node) 3371 { 3372 struct auth_rrset* rrset; 3373 /* positive answer, rrset we are looking for exists */ 3374 if((rrset=az_domain_rrset(node, qinfo->qtype)) != NULL) { 3375 return az_generate_positive_answer(z, region, msg, node, rrset); 3376 } 3377 /* CNAME? */ 3378 if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME)) != NULL) { 3379 return az_generate_cname_answer(z, qinfo, region, msg, 3380 node, rrset); 3381 } 3382 /* type ANY ? */ 3383 if(qinfo->qtype == LDNS_RR_TYPE_ANY) { 3384 return az_generate_any_answer(z, region, msg, node); 3385 } 3386 /* NOERROR/NODATA (no such type at domain name) */ 3387 return az_generate_notype_answer(z, region, msg, node); 3388 } 3389 3390 /** Generate answer without an existing-node that we can use. 3391 * So it'll be a referral, DNAME or nxdomain */ 3392 static int 3393 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo, 3394 struct regional* region, struct dns_msg* msg, struct auth_data* ce, 3395 struct auth_rrset* rrset, struct auth_data* node) 3396 { 3397 struct auth_data* wildcard; 3398 3399 /* we do not have an exact matching name (that exists) */ 3400 /* see if we have a NS or DNAME in the ce */ 3401 if(ce && rrset && rrset->type == LDNS_RR_TYPE_NS) { 3402 return az_generate_referral_answer(z, region, msg, ce, rrset); 3403 } 3404 if(ce && rrset && rrset->type == LDNS_RR_TYPE_DNAME) { 3405 return az_generate_dname_answer(z, qinfo, region, msg, ce, 3406 rrset); 3407 } 3408 /* if there is an empty nonterminal, wildcard and nxdomain don't 3409 * happen, it is a notype answer */ 3410 if(az_empty_nonterminal(z, qinfo, node)) { 3411 return az_generate_notype_answer(z, region, msg, node); 3412 } 3413 /* see if we have a wildcard under the ce */ 3414 if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) { 3415 return az_generate_wildcard_answer(z, qinfo, region, msg, 3416 ce, wildcard, node); 3417 } 3418 /* generate nxdomain answer */ 3419 return az_generate_nxdomain_answer(z, region, msg, ce, node); 3420 } 3421 3422 /** Lookup answer in a zone. */ 3423 static int 3424 auth_zone_generate_answer(struct auth_zone* z, struct query_info* qinfo, 3425 struct regional* region, struct dns_msg** msg, int* fallback) 3426 { 3427 struct auth_data* node, *ce; 3428 struct auth_rrset* rrset; 3429 int node_exact, node_exists; 3430 /* does the zone want fallback in case of failure? */ 3431 *fallback = z->fallback_enabled; 3432 if(!(*msg=msg_create(region, qinfo))) return 0; 3433 3434 /* lookup if there is a matching domain name for the query */ 3435 az_find_domain(z, qinfo, &node_exact, &node); 3436 3437 /* see if node exists for generating answers from (i.e. not glue and 3438 * obscured by NS or DNAME or NSEC3-only), and also return the 3439 * closest-encloser from that, closest node that should be used 3440 * to generate answers from that is above the query */ 3441 node_exists = az_find_ce(z, qinfo, node, node_exact, &ce, &rrset); 3442 3443 if(verbosity >= VERB_ALGO) { 3444 char zname[256], qname[256], nname[256], cename[256], 3445 tpstr[32], rrstr[32]; 3446 sldns_wire2str_dname_buf(qinfo->qname, qinfo->qname_len, qname, 3447 sizeof(qname)); 3448 sldns_wire2str_type_buf(qinfo->qtype, tpstr, sizeof(tpstr)); 3449 sldns_wire2str_dname_buf(z->name, z->namelen, zname, 3450 sizeof(zname)); 3451 if(node) 3452 sldns_wire2str_dname_buf(node->name, node->namelen, 3453 nname, sizeof(nname)); 3454 else snprintf(nname, sizeof(nname), "NULL"); 3455 if(ce) 3456 sldns_wire2str_dname_buf(ce->name, ce->namelen, 3457 cename, sizeof(cename)); 3458 else snprintf(cename, sizeof(cename), "NULL"); 3459 if(rrset) sldns_wire2str_type_buf(rrset->type, rrstr, 3460 sizeof(rrstr)); 3461 else snprintf(rrstr, sizeof(rrstr), "NULL"); 3462 log_info("auth_zone %s query %s %s, domain %s %s %s, " 3463 "ce %s, rrset %s", zname, qname, tpstr, nname, 3464 (node_exact?"exact":"notexact"), 3465 (node_exists?"exist":"notexist"), cename, rrstr); 3466 } 3467 3468 if(node_exists) { 3469 /* the node is fine, generate answer from node */ 3470 return az_generate_answer_with_node(z, qinfo, region, *msg, 3471 node); 3472 } 3473 return az_generate_answer_nonexistnode(z, qinfo, region, *msg, 3474 ce, rrset, node); 3475 } 3476 3477 int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, 3478 struct regional* region, struct dns_msg** msg, int* fallback, 3479 uint8_t* dp_nm, size_t dp_nmlen) 3480 { 3481 int r; 3482 struct auth_zone* z; 3483 /* find the zone that should contain the answer. */ 3484 lock_rw_rdlock(&az->lock); 3485 z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass); 3486 if(!z) { 3487 lock_rw_unlock(&az->lock); 3488 /* no auth zone, fallback to internet */ 3489 *fallback = 1; 3490 return 0; 3491 } 3492 lock_rw_rdlock(&z->lock); 3493 lock_rw_unlock(&az->lock); 3494 3495 /* if not for upstream queries, fallback */ 3496 if(!z->for_upstream) { 3497 lock_rw_unlock(&z->lock); 3498 *fallback = 1; 3499 return 0; 3500 } 3501 if(z->zone_expired) { 3502 *fallback = z->fallback_enabled; 3503 lock_rw_unlock(&z->lock); 3504 return 0; 3505 } 3506 /* see what answer that zone would generate */ 3507 r = auth_zone_generate_answer(z, qinfo, region, msg, fallback); 3508 lock_rw_unlock(&z->lock); 3509 return r; 3510 } 3511 3512 /** encode auth answer */ 3513 static void 3514 auth_answer_encode(struct query_info* qinfo, struct module_env* env, 3515 struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf, 3516 struct regional* temp, struct dns_msg* msg) 3517 { 3518 uint16_t udpsize; 3519 udpsize = edns->udp_size; 3520 edns->edns_version = EDNS_ADVERTISED_VERSION; 3521 edns->udp_size = EDNS_ADVERTISED_SIZE; 3522 edns->ext_rcode = 0; 3523 edns->bits &= EDNS_DO; 3524 3525 if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep, 3526 (int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp, env->now_tv) 3527 || !reply_info_answer_encode(qinfo, msg->rep, 3528 *(uint16_t*)sldns_buffer_begin(buf), 3529 sldns_buffer_read_u16_at(buf, 2), 3530 buf, 0, 0, temp, udpsize, edns, 3531 (int)(edns->bits&EDNS_DO), 0)) { 3532 error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, 3533 *(uint16_t*)sldns_buffer_begin(buf), 3534 sldns_buffer_read_u16_at(buf, 2), edns); 3535 } 3536 } 3537 3538 /** encode auth error answer */ 3539 static void 3540 auth_error_encode(struct query_info* qinfo, struct module_env* env, 3541 struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf, 3542 struct regional* temp, int rcode) 3543 { 3544 edns->edns_version = EDNS_ADVERTISED_VERSION; 3545 edns->udp_size = EDNS_ADVERTISED_SIZE; 3546 edns->ext_rcode = 0; 3547 edns->bits &= EDNS_DO; 3548 3549 if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, 3550 rcode, edns, repinfo, temp, env->now_tv)) 3551 edns->opt_list_inplace_cb_out = NULL; 3552 error_encode(buf, rcode|BIT_AA, qinfo, 3553 *(uint16_t*)sldns_buffer_begin(buf), 3554 sldns_buffer_read_u16_at(buf, 2), edns); 3555 } 3556 3557 int auth_zones_answer(struct auth_zones* az, struct module_env* env, 3558 struct query_info* qinfo, struct edns_data* edns, 3559 struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp) 3560 { 3561 struct dns_msg* msg = NULL; 3562 struct auth_zone* z; 3563 int r; 3564 int fallback = 0; 3565 3566 lock_rw_rdlock(&az->lock); 3567 if(!az->have_downstream) { 3568 /* no downstream auth zones */ 3569 lock_rw_unlock(&az->lock); 3570 return 0; 3571 } 3572 if(qinfo->qtype == LDNS_RR_TYPE_DS) { 3573 uint8_t* delname = qinfo->qname; 3574 size_t delnamelen = qinfo->qname_len; 3575 dname_remove_label(&delname, &delnamelen); 3576 z = auth_zones_find_zone(az, delname, delnamelen, 3577 qinfo->qclass); 3578 } else { 3579 z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len, 3580 qinfo->qclass); 3581 } 3582 if(!z) { 3583 /* no zone above it */ 3584 lock_rw_unlock(&az->lock); 3585 return 0; 3586 } 3587 lock_rw_rdlock(&z->lock); 3588 lock_rw_unlock(&az->lock); 3589 if(!z->for_downstream) { 3590 lock_rw_unlock(&z->lock); 3591 return 0; 3592 } 3593 if(z->zone_expired) { 3594 if(z->fallback_enabled) { 3595 lock_rw_unlock(&z->lock); 3596 return 0; 3597 } 3598 lock_rw_unlock(&z->lock); 3599 lock_rw_wrlock(&az->lock); 3600 az->num_query_down++; 3601 lock_rw_unlock(&az->lock); 3602 auth_error_encode(qinfo, env, edns, repinfo, buf, temp, 3603 LDNS_RCODE_SERVFAIL); 3604 return 1; 3605 } 3606 3607 /* answer it from zone z */ 3608 r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback); 3609 lock_rw_unlock(&z->lock); 3610 if(!r && fallback) { 3611 /* fallback to regular answering (recursive) */ 3612 return 0; 3613 } 3614 lock_rw_wrlock(&az->lock); 3615 az->num_query_down++; 3616 lock_rw_unlock(&az->lock); 3617 3618 /* encode answer */ 3619 if(!r) 3620 auth_error_encode(qinfo, env, edns, repinfo, buf, temp, 3621 LDNS_RCODE_SERVFAIL); 3622 else auth_answer_encode(qinfo, env, edns, repinfo, buf, temp, msg); 3623 3624 return 1; 3625 } 3626 3627 int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen, 3628 uint16_t dclass) 3629 { 3630 int r; 3631 struct auth_zone* z; 3632 lock_rw_rdlock(&az->lock); 3633 z = auth_zone_find(az, nm, nmlen, dclass); 3634 if(!z) { 3635 lock_rw_unlock(&az->lock); 3636 /* no such auth zone, fallback */ 3637 return 1; 3638 } 3639 lock_rw_rdlock(&z->lock); 3640 lock_rw_unlock(&az->lock); 3641 r = z->fallback_enabled || (!z->for_upstream); 3642 lock_rw_unlock(&z->lock); 3643 return r; 3644 } 3645 3646 int 3647 auth_zone_parse_notify_serial(sldns_buffer* pkt, uint32_t *serial) 3648 { 3649 struct query_info q; 3650 uint16_t rdlen; 3651 memset(&q, 0, sizeof(q)); 3652 sldns_buffer_set_position(pkt, 0); 3653 if(!query_info_parse(&q, pkt)) return 0; 3654 if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0) return 0; 3655 /* skip name of RR in answer section */ 3656 if(sldns_buffer_remaining(pkt) < 1) return 0; 3657 if(pkt_dname_len(pkt) == 0) return 0; 3658 /* check type */ 3659 if(sldns_buffer_remaining(pkt) < 10 /* type,class,ttl,rdatalen*/) 3660 return 0; 3661 if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_SOA) return 0; 3662 sldns_buffer_skip(pkt, 2); /* class */ 3663 sldns_buffer_skip(pkt, 4); /* ttl */ 3664 rdlen = sldns_buffer_read_u16(pkt); /* rdatalen */ 3665 if(sldns_buffer_remaining(pkt) < rdlen) return 0; 3666 if(rdlen < 22) return 0; /* bad soa length */ 3667 sldns_buffer_skip(pkt, (ssize_t)(rdlen-20)); 3668 *serial = sldns_buffer_read_u32(pkt); 3669 /* return true when has serial in answer section */ 3670 return 1; 3671 } 3672 3673 /** see if addr appears in the list */ 3674 static int 3675 addr_in_list(struct auth_addr* list, struct sockaddr_storage* addr, 3676 socklen_t addrlen) 3677 { 3678 struct auth_addr* p; 3679 for(p=list; p; p=p->next) { 3680 if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0) 3681 return 1; 3682 } 3683 return 0; 3684 } 3685 3686 /** check if an address matches a master specification (or one of its 3687 * addresses in the addr list) */ 3688 static int 3689 addr_matches_master(struct auth_master* master, struct sockaddr_storage* addr, 3690 socklen_t addrlen, struct auth_master** fromhost) 3691 { 3692 struct sockaddr_storage a; 3693 socklen_t alen = 0; 3694 int net = 0; 3695 if(addr_in_list(master->list, addr, addrlen)) { 3696 *fromhost = master; 3697 return 1; 3698 } 3699 /* compare address (but not port number, that is the destination 3700 * port of the master, the port number of the received notify is 3701 * allowed to by any port on that master) */ 3702 if(extstrtoaddr(master->host, &a, &alen) && 3703 sockaddr_cmp_addr(addr, addrlen, &a, alen)==0) { 3704 *fromhost = master; 3705 return 1; 3706 } 3707 /* prefixes, addr/len, like 10.0.0.0/8 */ 3708 /* not http and has a / and there is one / */ 3709 if(master->allow_notify && !master->http && 3710 strchr(master->host, '/') != NULL && 3711 strchr(master->host, '/') == strrchr(master->host, '/') && 3712 netblockstrtoaddr(master->host, UNBOUND_DNS_PORT, &a, &alen, 3713 &net) && alen == addrlen) { 3714 if(addr_in_common(addr, (addr_is_ip6(addr, addrlen)?128:32), 3715 &a, net, alen) >= net) { 3716 *fromhost = NULL; /* prefix does not have destination 3717 to send the probe or transfer with */ 3718 return 1; /* matches the netblock */ 3719 } 3720 } 3721 return 0; 3722 } 3723 3724 /** check access list for notifies */ 3725 static int 3726 az_xfr_allowed_notify(struct auth_xfer* xfr, struct sockaddr_storage* addr, 3727 socklen_t addrlen, struct auth_master** fromhost) 3728 { 3729 struct auth_master* p; 3730 for(p=xfr->allow_notify_list; p; p=p->next) { 3731 if(addr_matches_master(p, addr, addrlen, fromhost)) { 3732 return 1; 3733 } 3734 } 3735 return 0; 3736 } 3737 3738 /** see if the serial means the zone has to be updated, i.e. the serial 3739 * is newer than the zone serial, or we have no zone */ 3740 static int 3741 xfr_serial_means_update(struct auth_xfer* xfr, uint32_t serial) 3742 { 3743 if(!xfr->have_zone) 3744 return 1; /* no zone, anything is better */ 3745 if(xfr->zone_expired) 3746 return 1; /* expired, the sent serial is better than expired 3747 data */ 3748 if(compare_serial(xfr->serial, serial) < 0) 3749 return 1; /* our serial is smaller than the sent serial, 3750 the data is newer, fetch it */ 3751 return 0; 3752 } 3753 3754 /** note notify serial, updates the notify information in the xfr struct */ 3755 static void 3756 xfr_note_notify_serial(struct auth_xfer* xfr, int has_serial, uint32_t serial) 3757 { 3758 if(xfr->notify_received && xfr->notify_has_serial && has_serial) { 3759 /* see if this serial is newer */ 3760 if(compare_serial(xfr->notify_serial, serial) < 0) 3761 xfr->notify_serial = serial; 3762 } else if(xfr->notify_received && xfr->notify_has_serial && 3763 !has_serial) { 3764 /* remove serial, we have notify without serial */ 3765 xfr->notify_has_serial = 0; 3766 xfr->notify_serial = 0; 3767 } else if(xfr->notify_received && !xfr->notify_has_serial) { 3768 /* we already have notify without serial, keep it 3769 * that way; no serial check when current operation 3770 * is done */ 3771 } else { 3772 xfr->notify_received = 1; 3773 xfr->notify_has_serial = has_serial; 3774 xfr->notify_serial = serial; 3775 } 3776 } 3777 3778 /** process a notify serial, start new probe or note serial. xfr is locked */ 3779 static void 3780 xfr_process_notify(struct auth_xfer* xfr, struct module_env* env, 3781 int has_serial, uint32_t serial, struct auth_master* fromhost) 3782 { 3783 /* if the serial of notify is older than we have, don't fetch 3784 * a zone, we already have it */ 3785 if(has_serial && !xfr_serial_means_update(xfr, serial)) { 3786 lock_basic_unlock(&xfr->lock); 3787 return; 3788 } 3789 /* start new probe with this addr src, or note serial */ 3790 if(!xfr_start_probe(xfr, env, fromhost)) { 3791 /* not started because already in progress, note the serial */ 3792 xfr_note_notify_serial(xfr, has_serial, serial); 3793 lock_basic_unlock(&xfr->lock); 3794 } 3795 /* successful end of start_probe unlocked xfr->lock */ 3796 } 3797 3798 int auth_zones_notify(struct auth_zones* az, struct module_env* env, 3799 uint8_t* nm, size_t nmlen, uint16_t dclass, 3800 struct sockaddr_storage* addr, socklen_t addrlen, int has_serial, 3801 uint32_t serial, int* refused) 3802 { 3803 struct auth_xfer* xfr; 3804 struct auth_master* fromhost = NULL; 3805 /* see which zone this is */ 3806 lock_rw_rdlock(&az->lock); 3807 xfr = auth_xfer_find(az, nm, nmlen, dclass); 3808 if(!xfr) { 3809 lock_rw_unlock(&az->lock); 3810 /* no such zone, refuse the notify */ 3811 *refused = 1; 3812 return 0; 3813 } 3814 lock_basic_lock(&xfr->lock); 3815 lock_rw_unlock(&az->lock); 3816 3817 /* check access list for notifies */ 3818 if(!az_xfr_allowed_notify(xfr, addr, addrlen, &fromhost)) { 3819 lock_basic_unlock(&xfr->lock); 3820 /* notify not allowed, refuse the notify */ 3821 *refused = 1; 3822 return 0; 3823 } 3824 3825 /* process the notify */ 3826 xfr_process_notify(xfr, env, has_serial, serial, fromhost); 3827 return 1; 3828 } 3829 3830 int auth_zones_startprobesequence(struct auth_zones* az, 3831 struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass) 3832 { 3833 struct auth_xfer* xfr; 3834 lock_rw_rdlock(&az->lock); 3835 xfr = auth_xfer_find(az, nm, nmlen, dclass); 3836 if(!xfr) { 3837 lock_rw_unlock(&az->lock); 3838 return 0; 3839 } 3840 lock_basic_lock(&xfr->lock); 3841 lock_rw_unlock(&az->lock); 3842 3843 xfr_process_notify(xfr, env, 0, 0, NULL); 3844 return 1; 3845 } 3846 3847 /** set a zone expired */ 3848 static void 3849 auth_xfer_set_expired(struct auth_xfer* xfr, struct module_env* env, 3850 int expired) 3851 { 3852 struct auth_zone* z; 3853 3854 /* expire xfr */ 3855 lock_basic_lock(&xfr->lock); 3856 xfr->zone_expired = expired; 3857 lock_basic_unlock(&xfr->lock); 3858 3859 /* find auth_zone */ 3860 lock_rw_rdlock(&env->auth_zones->lock); 3861 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, 3862 xfr->dclass); 3863 if(!z) { 3864 lock_rw_unlock(&env->auth_zones->lock); 3865 return; 3866 } 3867 lock_rw_wrlock(&z->lock); 3868 lock_rw_unlock(&env->auth_zones->lock); 3869 3870 /* expire auth_zone */ 3871 z->zone_expired = expired; 3872 lock_rw_unlock(&z->lock); 3873 } 3874 3875 /** find master (from notify or probe) in list of masters */ 3876 static struct auth_master* 3877 find_master_by_host(struct auth_master* list, char* host) 3878 { 3879 struct auth_master* p; 3880 for(p=list; p; p=p->next) { 3881 if(strcmp(p->host, host) == 0) 3882 return p; 3883 } 3884 return NULL; 3885 } 3886 3887 /** delete the looked up auth_addrs for all the masters in the list */ 3888 static void 3889 xfr_masterlist_free_addrs(struct auth_master* list) 3890 { 3891 struct auth_master* m; 3892 for(m=list; m; m=m->next) { 3893 if(m->list) { 3894 auth_free_master_addrs(m->list); 3895 m->list = NULL; 3896 } 3897 } 3898 } 3899 3900 /** copy a list of auth_addrs */ 3901 static struct auth_addr* 3902 auth_addr_list_copy(struct auth_addr* source) 3903 { 3904 struct auth_addr* list = NULL, *last = NULL; 3905 struct auth_addr* p; 3906 for(p=source; p; p=p->next) { 3907 struct auth_addr* a = (struct auth_addr*)memdup(p, sizeof(*p)); 3908 if(!a) { 3909 log_err("malloc failure"); 3910 auth_free_master_addrs(list); 3911 return NULL; 3912 } 3913 a->next = NULL; 3914 if(last) last->next = a; 3915 if(!list) list = a; 3916 last = a; 3917 } 3918 return list; 3919 } 3920 3921 /** copy a master to a new structure, NULL on alloc failure */ 3922 static struct auth_master* 3923 auth_master_copy(struct auth_master* o) 3924 { 3925 struct auth_master* m; 3926 if(!o) return NULL; 3927 m = (struct auth_master*)memdup(o, sizeof(*o)); 3928 if(!m) { 3929 log_err("malloc failure"); 3930 return NULL; 3931 } 3932 m->next = NULL; 3933 if(m->host) { 3934 m->host = strdup(m->host); 3935 if(!m->host) { 3936 free(m); 3937 log_err("malloc failure"); 3938 return NULL; 3939 } 3940 } 3941 if(m->file) { 3942 m->file = strdup(m->file); 3943 if(!m->file) { 3944 free(m->host); 3945 free(m); 3946 log_err("malloc failure"); 3947 return NULL; 3948 } 3949 } 3950 if(m->list) { 3951 m->list = auth_addr_list_copy(m->list); 3952 if(!m->list) { 3953 free(m->file); 3954 free(m->host); 3955 free(m); 3956 return NULL; 3957 } 3958 } 3959 return m; 3960 } 3961 3962 /** copy the master addresses from the task_probe lookups to the allow_notify 3963 * list of masters */ 3964 static void 3965 probe_copy_masters_for_allow_notify(struct auth_xfer* xfr) 3966 { 3967 struct auth_master* list = NULL, *last = NULL; 3968 struct auth_master* p; 3969 /* build up new list with copies */ 3970 for(p = xfr->task_transfer->masters; p; p=p->next) { 3971 struct auth_master* m = auth_master_copy(p); 3972 if(!m) { 3973 auth_free_masters(list); 3974 /* failed because of malloc failure, use old list */ 3975 return; 3976 } 3977 m->next = NULL; 3978 if(last) last->next = m; 3979 if(!list) list = m; 3980 last = m; 3981 } 3982 /* success, replace list */ 3983 auth_free_masters(xfr->allow_notify_list); 3984 xfr->allow_notify_list = list; 3985 } 3986 3987 /** start the lookups for task_transfer */ 3988 static void 3989 xfr_transfer_start_lookups(struct auth_xfer* xfr) 3990 { 3991 /* delete all the looked up addresses in the list */ 3992 xfr->task_transfer->scan_addr = NULL; 3993 xfr_masterlist_free_addrs(xfr->task_transfer->masters); 3994 3995 /* start lookup at the first master */ 3996 xfr->task_transfer->lookup_target = xfr->task_transfer->masters; 3997 xfr->task_transfer->lookup_aaaa = 0; 3998 } 3999 4000 /** move to the next lookup of hostname for task_transfer */ 4001 static void 4002 xfr_transfer_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env) 4003 { 4004 if(!xfr->task_transfer->lookup_target) 4005 return; /* already at end of list */ 4006 if(!xfr->task_transfer->lookup_aaaa && env->cfg->do_ip6) { 4007 /* move to lookup AAAA */ 4008 xfr->task_transfer->lookup_aaaa = 1; 4009 return; 4010 } 4011 xfr->task_transfer->lookup_target = 4012 xfr->task_transfer->lookup_target->next; 4013 xfr->task_transfer->lookup_aaaa = 0; 4014 if(!env->cfg->do_ip4 && xfr->task_transfer->lookup_target!=NULL) 4015 xfr->task_transfer->lookup_aaaa = 1; 4016 } 4017 4018 /** start the lookups for task_probe */ 4019 static void 4020 xfr_probe_start_lookups(struct auth_xfer* xfr) 4021 { 4022 /* delete all the looked up addresses in the list */ 4023 xfr->task_probe->scan_addr = NULL; 4024 xfr_masterlist_free_addrs(xfr->task_probe->masters); 4025 4026 /* start lookup at the first master */ 4027 xfr->task_probe->lookup_target = xfr->task_probe->masters; 4028 xfr->task_probe->lookup_aaaa = 0; 4029 } 4030 4031 /** move to the next lookup of hostname for task_probe */ 4032 static void 4033 xfr_probe_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env) 4034 { 4035 if(!xfr->task_probe->lookup_target) 4036 return; /* already at end of list */ 4037 if(!xfr->task_probe->lookup_aaaa && env->cfg->do_ip6) { 4038 /* move to lookup AAAA */ 4039 xfr->task_probe->lookup_aaaa = 1; 4040 return; 4041 } 4042 xfr->task_probe->lookup_target = xfr->task_probe->lookup_target->next; 4043 xfr->task_probe->lookup_aaaa = 0; 4044 if(!env->cfg->do_ip4 && xfr->task_probe->lookup_target!=NULL) 4045 xfr->task_probe->lookup_aaaa = 1; 4046 } 4047 4048 /** start the iteration of the task_transfer list of masters */ 4049 static void 4050 xfr_transfer_start_list(struct auth_xfer* xfr, struct auth_master* spec) 4051 { 4052 if(spec) { 4053 xfr->task_transfer->scan_specific = find_master_by_host( 4054 xfr->task_transfer->masters, spec->host); 4055 if(xfr->task_transfer->scan_specific) { 4056 xfr->task_transfer->scan_target = NULL; 4057 xfr->task_transfer->scan_addr = NULL; 4058 if(xfr->task_transfer->scan_specific->list) 4059 xfr->task_transfer->scan_addr = 4060 xfr->task_transfer->scan_specific->list; 4061 return; 4062 } 4063 } 4064 /* no specific (notified) host to scan */ 4065 xfr->task_transfer->scan_specific = NULL; 4066 xfr->task_transfer->scan_addr = NULL; 4067 /* pick up first scan target */ 4068 xfr->task_transfer->scan_target = xfr->task_transfer->masters; 4069 if(xfr->task_transfer->scan_target && xfr->task_transfer-> 4070 scan_target->list) 4071 xfr->task_transfer->scan_addr = 4072 xfr->task_transfer->scan_target->list; 4073 } 4074 4075 /** start the iteration of the task_probe list of masters */ 4076 static void 4077 xfr_probe_start_list(struct auth_xfer* xfr, struct auth_master* spec) 4078 { 4079 if(spec) { 4080 xfr->task_probe->scan_specific = find_master_by_host( 4081 xfr->task_probe->masters, spec->host); 4082 if(xfr->task_probe->scan_specific) { 4083 xfr->task_probe->scan_target = NULL; 4084 xfr->task_probe->scan_addr = NULL; 4085 if(xfr->task_probe->scan_specific->list) 4086 xfr->task_probe->scan_addr = 4087 xfr->task_probe->scan_specific->list; 4088 return; 4089 } 4090 } 4091 /* no specific (notified) host to scan */ 4092 xfr->task_probe->scan_specific = NULL; 4093 xfr->task_probe->scan_addr = NULL; 4094 /* pick up first scan target */ 4095 xfr->task_probe->scan_target = xfr->task_probe->masters; 4096 if(xfr->task_probe->scan_target && xfr->task_probe->scan_target->list) 4097 xfr->task_probe->scan_addr = 4098 xfr->task_probe->scan_target->list; 4099 } 4100 4101 /** pick up the master that is being scanned right now, task_transfer */ 4102 static struct auth_master* 4103 xfr_transfer_current_master(struct auth_xfer* xfr) 4104 { 4105 if(xfr->task_transfer->scan_specific) 4106 return xfr->task_transfer->scan_specific; 4107 return xfr->task_transfer->scan_target; 4108 } 4109 4110 /** pick up the master that is being scanned right now, task_probe */ 4111 static struct auth_master* 4112 xfr_probe_current_master(struct auth_xfer* xfr) 4113 { 4114 if(xfr->task_probe->scan_specific) 4115 return xfr->task_probe->scan_specific; 4116 return xfr->task_probe->scan_target; 4117 } 4118 4119 /** true if at end of list, task_transfer */ 4120 static int 4121 xfr_transfer_end_of_list(struct auth_xfer* xfr) 4122 { 4123 return !xfr->task_transfer->scan_specific && 4124 !xfr->task_transfer->scan_target; 4125 } 4126 4127 /** true if at end of list, task_probe */ 4128 static int 4129 xfr_probe_end_of_list(struct auth_xfer* xfr) 4130 { 4131 return !xfr->task_probe->scan_specific && !xfr->task_probe->scan_target; 4132 } 4133 4134 /** move to next master in list, task_transfer */ 4135 static void 4136 xfr_transfer_nextmaster(struct auth_xfer* xfr) 4137 { 4138 if(!xfr->task_transfer->scan_specific && 4139 !xfr->task_transfer->scan_target) 4140 return; 4141 if(xfr->task_transfer->scan_addr) { 4142 xfr->task_transfer->scan_addr = 4143 xfr->task_transfer->scan_addr->next; 4144 if(xfr->task_transfer->scan_addr) 4145 return; 4146 } 4147 if(xfr->task_transfer->scan_specific) { 4148 xfr->task_transfer->scan_specific = NULL; 4149 xfr->task_transfer->scan_target = xfr->task_transfer->masters; 4150 if(xfr->task_transfer->scan_target && xfr->task_transfer-> 4151 scan_target->list) 4152 xfr->task_transfer->scan_addr = 4153 xfr->task_transfer->scan_target->list; 4154 return; 4155 } 4156 if(!xfr->task_transfer->scan_target) 4157 return; 4158 xfr->task_transfer->scan_target = xfr->task_transfer->scan_target->next; 4159 if(xfr->task_transfer->scan_target && xfr->task_transfer-> 4160 scan_target->list) 4161 xfr->task_transfer->scan_addr = 4162 xfr->task_transfer->scan_target->list; 4163 return; 4164 } 4165 4166 /** move to next master in list, task_probe */ 4167 static void 4168 xfr_probe_nextmaster(struct auth_xfer* xfr) 4169 { 4170 if(!xfr->task_probe->scan_specific && !xfr->task_probe->scan_target) 4171 return; 4172 if(xfr->task_probe->scan_addr) { 4173 xfr->task_probe->scan_addr = xfr->task_probe->scan_addr->next; 4174 if(xfr->task_probe->scan_addr) 4175 return; 4176 } 4177 if(xfr->task_probe->scan_specific) { 4178 xfr->task_probe->scan_specific = NULL; 4179 xfr->task_probe->scan_target = xfr->task_probe->masters; 4180 if(xfr->task_probe->scan_target && xfr->task_probe-> 4181 scan_target->list) 4182 xfr->task_probe->scan_addr = 4183 xfr->task_probe->scan_target->list; 4184 return; 4185 } 4186 if(!xfr->task_probe->scan_target) 4187 return; 4188 xfr->task_probe->scan_target = xfr->task_probe->scan_target->next; 4189 if(xfr->task_probe->scan_target && xfr->task_probe-> 4190 scan_target->list) 4191 xfr->task_probe->scan_addr = 4192 xfr->task_probe->scan_target->list; 4193 return; 4194 } 4195 4196 /** create SOA probe packet for xfr */ 4197 static void 4198 xfr_create_soa_probe_packet(struct auth_xfer* xfr, sldns_buffer* buf, 4199 uint16_t id) 4200 { 4201 struct query_info qinfo; 4202 4203 memset(&qinfo, 0, sizeof(qinfo)); 4204 qinfo.qname = xfr->name; 4205 qinfo.qname_len = xfr->namelen; 4206 qinfo.qtype = LDNS_RR_TYPE_SOA; 4207 qinfo.qclass = xfr->dclass; 4208 qinfo_query_encode(buf, &qinfo); 4209 sldns_buffer_write_u16_at(buf, 0, id); 4210 } 4211 4212 /** create IXFR/AXFR packet for xfr */ 4213 static void 4214 xfr_create_ixfr_packet(struct auth_xfer* xfr, sldns_buffer* buf, uint16_t id, 4215 struct auth_master* master) 4216 { 4217 struct query_info qinfo; 4218 uint32_t serial; 4219 int have_zone; 4220 have_zone = xfr->have_zone; 4221 serial = xfr->serial; 4222 4223 memset(&qinfo, 0, sizeof(qinfo)); 4224 qinfo.qname = xfr->name; 4225 qinfo.qname_len = xfr->namelen; 4226 xfr->task_transfer->got_xfr_serial = 0; 4227 xfr->task_transfer->rr_scan_num = 0; 4228 xfr->task_transfer->incoming_xfr_serial = 0; 4229 xfr->task_transfer->on_ixfr_is_axfr = 0; 4230 xfr->task_transfer->on_ixfr = 1; 4231 qinfo.qtype = LDNS_RR_TYPE_IXFR; 4232 if(!have_zone || xfr->task_transfer->ixfr_fail || !master->ixfr) { 4233 qinfo.qtype = LDNS_RR_TYPE_AXFR; 4234 xfr->task_transfer->ixfr_fail = 0; 4235 xfr->task_transfer->on_ixfr = 0; 4236 } 4237 4238 qinfo.qclass = xfr->dclass; 4239 qinfo_query_encode(buf, &qinfo); 4240 sldns_buffer_write_u16_at(buf, 0, id); 4241 4242 /* append serial for IXFR */ 4243 if(qinfo.qtype == LDNS_RR_TYPE_IXFR) { 4244 size_t end = sldns_buffer_limit(buf); 4245 sldns_buffer_clear(buf); 4246 sldns_buffer_set_position(buf, end); 4247 /* auth section count 1 */ 4248 sldns_buffer_write_u16_at(buf, LDNS_NSCOUNT_OFF, 1); 4249 /* write SOA */ 4250 sldns_buffer_write_u8(buf, 0xC0); /* compressed ptr to qname */ 4251 sldns_buffer_write_u8(buf, 0x0C); 4252 sldns_buffer_write_u16(buf, LDNS_RR_TYPE_SOA); 4253 sldns_buffer_write_u16(buf, qinfo.qclass); 4254 sldns_buffer_write_u32(buf, 0); /* ttl */ 4255 sldns_buffer_write_u16(buf, 22); /* rdata length */ 4256 sldns_buffer_write_u8(buf, 0); /* . */ 4257 sldns_buffer_write_u8(buf, 0); /* . */ 4258 sldns_buffer_write_u32(buf, serial); /* serial */ 4259 sldns_buffer_write_u32(buf, 0); /* refresh */ 4260 sldns_buffer_write_u32(buf, 0); /* retry */ 4261 sldns_buffer_write_u32(buf, 0); /* expire */ 4262 sldns_buffer_write_u32(buf, 0); /* minimum */ 4263 sldns_buffer_flip(buf); 4264 } 4265 } 4266 4267 /** check if returned packet is OK */ 4268 static int 4269 check_packet_ok(sldns_buffer* pkt, uint16_t qtype, struct auth_xfer* xfr, 4270 uint32_t* serial) 4271 { 4272 /* parse to see if packet worked, valid reply */ 4273 4274 /* check serial number of SOA */ 4275 if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) 4276 return 0; 4277 4278 /* check ID */ 4279 if(LDNS_ID_WIRE(sldns_buffer_begin(pkt)) != xfr->task_probe->id) 4280 return 0; 4281 4282 /* check flag bits and rcode */ 4283 if(!LDNS_QR_WIRE(sldns_buffer_begin(pkt))) 4284 return 0; 4285 if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) 4286 return 0; 4287 if(LDNS_RCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_RCODE_NOERROR) 4288 return 0; 4289 4290 /* check qname */ 4291 if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) 4292 return 0; 4293 sldns_buffer_skip(pkt, LDNS_HEADER_SIZE); 4294 if(sldns_buffer_remaining(pkt) < xfr->namelen) 4295 return 0; 4296 if(query_dname_compare(sldns_buffer_current(pkt), xfr->name) != 0) 4297 return 0; 4298 sldns_buffer_skip(pkt, (ssize_t)xfr->namelen); 4299 4300 /* check qtype, qclass */ 4301 if(sldns_buffer_remaining(pkt) < 4) 4302 return 0; 4303 if(sldns_buffer_read_u16(pkt) != qtype) 4304 return 0; 4305 if(sldns_buffer_read_u16(pkt) != xfr->dclass) 4306 return 0; 4307 4308 if(serial) { 4309 uint16_t rdlen; 4310 /* read serial number, from answer section SOA */ 4311 if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0) 4312 return 0; 4313 /* read from first record SOA record */ 4314 if(sldns_buffer_remaining(pkt) < 1) 4315 return 0; 4316 if(dname_pkt_compare(pkt, sldns_buffer_current(pkt), 4317 xfr->name) != 0) 4318 return 0; 4319 if(!pkt_dname_len(pkt)) 4320 return 0; 4321 /* type, class, ttl, rdatalen */ 4322 if(sldns_buffer_remaining(pkt) < 4+4+2) 4323 return 0; 4324 if(sldns_buffer_read_u16(pkt) != qtype) 4325 return 0; 4326 if(sldns_buffer_read_u16(pkt) != xfr->dclass) 4327 return 0; 4328 sldns_buffer_skip(pkt, 4); /* ttl */ 4329 rdlen = sldns_buffer_read_u16(pkt); 4330 if(sldns_buffer_remaining(pkt) < rdlen) 4331 return 0; 4332 if(sldns_buffer_remaining(pkt) < 1) 4333 return 0; 4334 if(!pkt_dname_len(pkt)) /* soa name */ 4335 return 0; 4336 if(sldns_buffer_remaining(pkt) < 1) 4337 return 0; 4338 if(!pkt_dname_len(pkt)) /* soa name */ 4339 return 0; 4340 if(sldns_buffer_remaining(pkt) < 20) 4341 return 0; 4342 *serial = sldns_buffer_read_u32(pkt); 4343 } 4344 return 1; 4345 } 4346 4347 /** read one line from chunks into buffer at current position */ 4348 static int 4349 chunkline_get_line(struct auth_chunk** chunk, size_t* chunk_pos, 4350 sldns_buffer* buf) 4351 { 4352 int readsome = 0; 4353 while(*chunk) { 4354 /* more text in this chunk? */ 4355 if(*chunk_pos < (*chunk)->len) { 4356 readsome = 1; 4357 while(*chunk_pos < (*chunk)->len) { 4358 char c = (char)((*chunk)->data[*chunk_pos]); 4359 (*chunk_pos)++; 4360 if(sldns_buffer_remaining(buf) < 2) { 4361 /* buffer too short */ 4362 verbose(VERB_ALGO, "http chunkline, " 4363 "line too long"); 4364 return 0; 4365 } 4366 sldns_buffer_write_u8(buf, (uint8_t)c); 4367 if(c == '\n') { 4368 /* we are done */ 4369 return 1; 4370 } 4371 } 4372 } 4373 /* move to next chunk */ 4374 *chunk = (*chunk)->next; 4375 *chunk_pos = 0; 4376 } 4377 /* no more text */ 4378 if(readsome) return 1; 4379 return 0; 4380 } 4381 4382 /** count number of open and closed parenthesis in a chunkline */ 4383 static int 4384 chunkline_count_parens(sldns_buffer* buf, size_t start) 4385 { 4386 size_t end = sldns_buffer_position(buf); 4387 size_t i; 4388 int count = 0; 4389 int squote = 0, dquote = 0; 4390 for(i=start; i<end; i++) { 4391 char c = (char)sldns_buffer_read_u8_at(buf, i); 4392 if(squote && c != '\'') continue; 4393 if(dquote && c != '"') continue; 4394 if(c == '"') 4395 dquote = !dquote; /* skip quoted part */ 4396 else if(c == '\'') 4397 squote = !squote; /* skip quoted part */ 4398 else if(c == '(') 4399 count ++; 4400 else if(c == ')') 4401 count --; 4402 else if(c == ';') { 4403 /* rest is a comment */ 4404 return count; 4405 } 4406 } 4407 return count; 4408 } 4409 4410 /** remove trailing ;... comment from a line in the chunkline buffer */ 4411 static void 4412 chunkline_remove_trailcomment(sldns_buffer* buf, size_t start) 4413 { 4414 size_t end = sldns_buffer_position(buf); 4415 size_t i; 4416 int squote = 0, dquote = 0; 4417 for(i=start; i<end; i++) { 4418 char c = (char)sldns_buffer_read_u8_at(buf, i); 4419 if(squote && c != '\'') continue; 4420 if(dquote && c != '"') continue; 4421 if(c == '"') 4422 dquote = !dquote; /* skip quoted part */ 4423 else if(c == '\'') 4424 squote = !squote; /* skip quoted part */ 4425 else if(c == ';') { 4426 /* rest is a comment */ 4427 sldns_buffer_set_position(buf, i); 4428 return; 4429 } 4430 } 4431 /* nothing to remove */ 4432 } 4433 4434 /** see if a chunkline is a comment line (or empty line) */ 4435 static int 4436 chunkline_is_comment_line_or_empty(sldns_buffer* buf) 4437 { 4438 size_t i, end = sldns_buffer_limit(buf); 4439 for(i=0; i<end; i++) { 4440 char c = (char)sldns_buffer_read_u8_at(buf, i); 4441 if(c == ';') 4442 return 1; /* comment */ 4443 else if(c != ' ' && c != '\t' && c != '\r' && c != '\n') 4444 return 0; /* not a comment */ 4445 } 4446 return 1; /* empty */ 4447 } 4448 4449 /** find a line with ( ) collated */ 4450 static int 4451 chunkline_get_line_collated(struct auth_chunk** chunk, size_t* chunk_pos, 4452 sldns_buffer* buf) 4453 { 4454 size_t pos; 4455 int parens = 0; 4456 sldns_buffer_clear(buf); 4457 pos = sldns_buffer_position(buf); 4458 if(!chunkline_get_line(chunk, chunk_pos, buf)) { 4459 if(sldns_buffer_position(buf) < sldns_buffer_limit(buf)) 4460 sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0); 4461 else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0); 4462 sldns_buffer_flip(buf); 4463 return 0; 4464 } 4465 parens += chunkline_count_parens(buf, pos); 4466 while(parens > 0) { 4467 chunkline_remove_trailcomment(buf, pos); 4468 pos = sldns_buffer_position(buf); 4469 if(!chunkline_get_line(chunk, chunk_pos, buf)) { 4470 if(sldns_buffer_position(buf) < sldns_buffer_limit(buf)) 4471 sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0); 4472 else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0); 4473 sldns_buffer_flip(buf); 4474 return 0; 4475 } 4476 parens += chunkline_count_parens(buf, pos); 4477 } 4478 4479 if(sldns_buffer_remaining(buf) < 1) { 4480 verbose(VERB_ALGO, "http chunkline: " 4481 "line too long"); 4482 return 0; 4483 } 4484 sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0); 4485 sldns_buffer_flip(buf); 4486 return 1; 4487 } 4488 4489 /** process $ORIGIN for http, 0 nothing, 1 done, 2 error */ 4490 static int 4491 http_parse_origin(sldns_buffer* buf, struct sldns_file_parse_state* pstate) 4492 { 4493 char* line = (char*)sldns_buffer_begin(buf); 4494 if(strncmp(line, "$ORIGIN", 7) == 0 && 4495 isspace((unsigned char)line[7])) { 4496 int s; 4497 pstate->origin_len = sizeof(pstate->origin); 4498 s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8), 4499 pstate->origin, &pstate->origin_len); 4500 if(s) { 4501 pstate->origin_len = 0; 4502 return 2; 4503 } 4504 return 1; 4505 } 4506 return 0; 4507 } 4508 4509 /** process $TTL for http, 0 nothing, 1 done, 2 error */ 4510 static int 4511 http_parse_ttl(sldns_buffer* buf, struct sldns_file_parse_state* pstate) 4512 { 4513 char* line = (char*)sldns_buffer_begin(buf); 4514 if(strncmp(line, "$TTL", 4) == 0 && 4515 isspace((unsigned char)line[4])) { 4516 const char* end = NULL; 4517 int overflow = 0; 4518 pstate->default_ttl = sldns_str2period( 4519 sldns_strip_ws(line+5), &end, &overflow); 4520 if(overflow) { 4521 return 2; 4522 } 4523 return 1; 4524 } 4525 return 0; 4526 } 4527 4528 /** find noncomment RR line in chunks, collates lines if ( ) format */ 4529 static int 4530 chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos, 4531 sldns_buffer* buf, struct sldns_file_parse_state* pstate) 4532 { 4533 int ret; 4534 while(chunkline_get_line_collated(chunk, chunk_pos, buf)) { 4535 if(chunkline_is_comment_line_or_empty(buf)) { 4536 /* a comment, go to next line */ 4537 continue; 4538 } 4539 if((ret=http_parse_origin(buf, pstate))!=0) { 4540 if(ret == 2) 4541 return 0; 4542 continue; /* $ORIGIN has been handled */ 4543 } 4544 if((ret=http_parse_ttl(buf, pstate))!=0) { 4545 if(ret == 2) 4546 return 0; 4547 continue; /* $TTL has been handled */ 4548 } 4549 return 1; 4550 } 4551 /* no noncomments, fail */ 4552 return 0; 4553 } 4554 4555 /** check syntax of chunklist zonefile, parse first RR, return false on 4556 * failure and return a string in the scratch buffer (first RR string) 4557 * on failure. */ 4558 static int 4559 http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf) 4560 { 4561 uint8_t rr[LDNS_RR_BUF_SIZE]; 4562 size_t rr_len, dname_len = 0; 4563 struct sldns_file_parse_state pstate; 4564 struct auth_chunk* chunk; 4565 size_t chunk_pos; 4566 int e; 4567 memset(&pstate, 0, sizeof(pstate)); 4568 pstate.default_ttl = 3600; 4569 if(xfr->namelen < sizeof(pstate.origin)) { 4570 pstate.origin_len = xfr->namelen; 4571 memmove(pstate.origin, xfr->name, xfr->namelen); 4572 } 4573 chunk = xfr->task_transfer->chunks_first; 4574 chunk_pos = 0; 4575 if(!chunkline_non_comment_RR(&chunk, &chunk_pos, buf, &pstate)) { 4576 return 0; 4577 } 4578 rr_len = sizeof(rr); 4579 e=sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr, &rr_len, 4580 &dname_len, pstate.default_ttl, 4581 pstate.origin_len?pstate.origin:NULL, pstate.origin_len, 4582 pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len); 4583 if(e != 0) { 4584 log_err("parse failure on first RR[%d]: %s", 4585 LDNS_WIREPARSE_OFFSET(e), 4586 sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e))); 4587 return 0; 4588 } 4589 /* check that class is correct */ 4590 if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) { 4591 log_err("parse failure: first record in downloaded zonefile " 4592 "from wrong RR class"); 4593 return 0; 4594 } 4595 return 1; 4596 } 4597 4598 /** sum sizes of chunklist */ 4599 static size_t 4600 chunklist_sum(struct auth_chunk* list) 4601 { 4602 struct auth_chunk* p; 4603 size_t s = 0; 4604 for(p=list; p; p=p->next) { 4605 s += p->len; 4606 } 4607 return s; 4608 } 4609 4610 /** remove newlines from collated line */ 4611 static void 4612 chunkline_newline_removal(sldns_buffer* buf) 4613 { 4614 size_t i, end=sldns_buffer_limit(buf); 4615 for(i=0; i<end; i++) { 4616 char c = (char)sldns_buffer_read_u8_at(buf, i); 4617 if(c == '\n' && i==end-1) { 4618 sldns_buffer_write_u8_at(buf, i, 0); 4619 sldns_buffer_set_limit(buf, end-1); 4620 return; 4621 } 4622 if(c == '\n') 4623 sldns_buffer_write_u8_at(buf, i, (uint8_t)' '); 4624 } 4625 } 4626 4627 /** for http download, parse and add RR to zone */ 4628 static int 4629 http_parse_add_rr(struct auth_xfer* xfr, struct auth_zone* z, 4630 sldns_buffer* buf, struct sldns_file_parse_state* pstate) 4631 { 4632 uint8_t rr[LDNS_RR_BUF_SIZE]; 4633 size_t rr_len, dname_len = 0; 4634 int e; 4635 char* line = (char*)sldns_buffer_begin(buf); 4636 rr_len = sizeof(rr); 4637 e = sldns_str2wire_rr_buf(line, rr, &rr_len, &dname_len, 4638 pstate->default_ttl, 4639 pstate->origin_len?pstate->origin:NULL, pstate->origin_len, 4640 pstate->prev_rr_len?pstate->prev_rr:NULL, pstate->prev_rr_len); 4641 if(e != 0) { 4642 log_err("%s/%s parse failure RR[%d]: %s in '%s'", 4643 xfr->task_transfer->master->host, 4644 xfr->task_transfer->master->file, 4645 LDNS_WIREPARSE_OFFSET(e), 4646 sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)), 4647 line); 4648 return 0; 4649 } 4650 if(rr_len == 0) 4651 return 1; /* empty line or so */ 4652 4653 /* set prev */ 4654 if(dname_len < sizeof(pstate->prev_rr)) { 4655 memmove(pstate->prev_rr, rr, dname_len); 4656 pstate->prev_rr_len = dname_len; 4657 } 4658 4659 return az_insert_rr(z, rr, rr_len, dname_len, NULL); 4660 } 4661 4662 /** RR list iterator, returns RRs from answer section one by one from the 4663 * dns packets in the chunklist */ 4664 static void 4665 chunk_rrlist_start(struct auth_xfer* xfr, struct auth_chunk** rr_chunk, 4666 int* rr_num, size_t* rr_pos) 4667 { 4668 *rr_chunk = xfr->task_transfer->chunks_first; 4669 *rr_num = 0; 4670 *rr_pos = 0; 4671 } 4672 4673 /** RR list iterator, see if we are at the end of the list */ 4674 static int 4675 chunk_rrlist_end(struct auth_chunk* rr_chunk, int rr_num) 4676 { 4677 while(rr_chunk) { 4678 if(rr_chunk->len < LDNS_HEADER_SIZE) 4679 return 1; 4680 if(rr_num < (int)LDNS_ANCOUNT(rr_chunk->data)) 4681 return 0; 4682 /* no more RRs in this chunk */ 4683 /* continue with next chunk, see if it has RRs */ 4684 rr_chunk = rr_chunk->next; 4685 rr_num = 0; 4686 } 4687 return 1; 4688 } 4689 4690 /** RR list iterator, move to next RR */ 4691 static void 4692 chunk_rrlist_gonext(struct auth_chunk** rr_chunk, int* rr_num, 4693 size_t* rr_pos, size_t rr_nextpos) 4694 { 4695 /* already at end of chunks? */ 4696 if(!*rr_chunk) 4697 return; 4698 /* move within this chunk */ 4699 if((*rr_chunk)->len >= LDNS_HEADER_SIZE && 4700 (*rr_num)+1 < (int)LDNS_ANCOUNT((*rr_chunk)->data)) { 4701 (*rr_num) += 1; 4702 *rr_pos = rr_nextpos; 4703 return; 4704 } 4705 /* no more RRs in this chunk */ 4706 /* continue with next chunk, see if it has RRs */ 4707 if(*rr_chunk) 4708 *rr_chunk = (*rr_chunk)->next; 4709 while(*rr_chunk) { 4710 *rr_num = 0; 4711 *rr_pos = 0; 4712 if((*rr_chunk)->len >= LDNS_HEADER_SIZE && 4713 LDNS_ANCOUNT((*rr_chunk)->data) > 0) { 4714 return; 4715 } 4716 *rr_chunk = (*rr_chunk)->next; 4717 } 4718 } 4719 4720 /** RR iterator, get current RR information, false on parse error */ 4721 static int 4722 chunk_rrlist_get_current(struct auth_chunk* rr_chunk, int rr_num, 4723 size_t rr_pos, uint8_t** rr_dname, uint16_t* rr_type, 4724 uint16_t* rr_class, uint32_t* rr_ttl, uint16_t* rr_rdlen, 4725 uint8_t** rr_rdata, size_t* rr_nextpos) 4726 { 4727 sldns_buffer pkt; 4728 /* integrity checks on position */ 4729 if(!rr_chunk) return 0; 4730 if(rr_chunk->len < LDNS_HEADER_SIZE) return 0; 4731 if(rr_num >= (int)LDNS_ANCOUNT(rr_chunk->data)) return 0; 4732 if(rr_pos >= rr_chunk->len) return 0; 4733 4734 /* fetch rr information */ 4735 sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len); 4736 if(rr_pos == 0) { 4737 size_t i; 4738 /* skip question section */ 4739 sldns_buffer_set_position(&pkt, LDNS_HEADER_SIZE); 4740 for(i=0; i<LDNS_QDCOUNT(rr_chunk->data); i++) { 4741 if(pkt_dname_len(&pkt) == 0) return 0; 4742 if(sldns_buffer_remaining(&pkt) < 4) return 0; 4743 sldns_buffer_skip(&pkt, 4); /* type and class */ 4744 } 4745 } else { 4746 sldns_buffer_set_position(&pkt, rr_pos); 4747 } 4748 *rr_dname = sldns_buffer_current(&pkt); 4749 if(pkt_dname_len(&pkt) == 0) return 0; 4750 if(sldns_buffer_remaining(&pkt) < 10) return 0; 4751 *rr_type = sldns_buffer_read_u16(&pkt); 4752 *rr_class = sldns_buffer_read_u16(&pkt); 4753 *rr_ttl = sldns_buffer_read_u32(&pkt); 4754 *rr_rdlen = sldns_buffer_read_u16(&pkt); 4755 if(sldns_buffer_remaining(&pkt) < (*rr_rdlen)) return 0; 4756 *rr_rdata = sldns_buffer_current(&pkt); 4757 sldns_buffer_skip(&pkt, (ssize_t)(*rr_rdlen)); 4758 *rr_nextpos = sldns_buffer_position(&pkt); 4759 return 1; 4760 } 4761 4762 /** print log message where we are in parsing the zone transfer */ 4763 static void 4764 log_rrlist_position(const char* label, struct auth_chunk* rr_chunk, 4765 uint8_t* rr_dname, uint16_t rr_type, size_t rr_counter) 4766 { 4767 sldns_buffer pkt; 4768 size_t dlen; 4769 uint8_t buf[256]; 4770 char str[256]; 4771 char typestr[32]; 4772 sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len); 4773 sldns_buffer_set_position(&pkt, (size_t)(rr_dname - 4774 sldns_buffer_begin(&pkt))); 4775 if((dlen=pkt_dname_len(&pkt)) == 0) return; 4776 if(dlen >= sizeof(buf)) return; 4777 dname_pkt_copy(&pkt, buf, rr_dname); 4778 dname_str(buf, str); 4779 (void)sldns_wire2str_type_buf(rr_type, typestr, sizeof(typestr)); 4780 verbose(VERB_ALGO, "%s at[%d] %s %s", label, (int)rr_counter, 4781 str, typestr); 4782 } 4783 4784 /** check that start serial is OK for ixfr. we are at rr_counter == 0, 4785 * and we are going to check rr_counter == 1 (has to be type SOA) serial */ 4786 static int 4787 ixfr_start_serial(struct auth_chunk* rr_chunk, int rr_num, size_t rr_pos, 4788 uint8_t* rr_dname, uint16_t rr_type, uint16_t rr_class, 4789 uint32_t rr_ttl, uint16_t rr_rdlen, uint8_t* rr_rdata, 4790 size_t rr_nextpos, uint32_t transfer_serial, uint32_t xfr_serial) 4791 { 4792 uint32_t startserial; 4793 /* move forward on RR */ 4794 chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos); 4795 if(chunk_rrlist_end(rr_chunk, rr_num)) { 4796 /* no second SOA */ 4797 verbose(VERB_OPS, "IXFR has no second SOA record"); 4798 return 0; 4799 } 4800 if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos, 4801 &rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen, 4802 &rr_rdata, &rr_nextpos)) { 4803 verbose(VERB_OPS, "IXFR cannot parse second SOA record"); 4804 /* failed to parse RR */ 4805 return 0; 4806 } 4807 if(rr_type != LDNS_RR_TYPE_SOA) { 4808 verbose(VERB_OPS, "IXFR second record is not type SOA"); 4809 return 0; 4810 } 4811 if(rr_rdlen < 22) { 4812 verbose(VERB_OPS, "IXFR, second SOA has short rdlength"); 4813 return 0; /* bad SOA rdlen */ 4814 } 4815 startserial = sldns_read_uint32(rr_rdata+rr_rdlen-20); 4816 if(startserial == transfer_serial) { 4817 /* empty AXFR, not an IXFR */ 4818 verbose(VERB_OPS, "IXFR second serial same as first"); 4819 return 0; 4820 } 4821 if(startserial != xfr_serial) { 4822 /* wrong start serial, it does not match the serial in 4823 * memory */ 4824 verbose(VERB_OPS, "IXFR is from serial %u to %u but %u " 4825 "in memory, rejecting the zone transfer", 4826 (unsigned)startserial, (unsigned)transfer_serial, 4827 (unsigned)xfr_serial); 4828 return 0; 4829 } 4830 /* everything OK in second SOA serial */ 4831 return 1; 4832 } 4833 4834 /** apply IXFR to zone in memory. z is locked. false on failure(mallocfail) */ 4835 static int 4836 apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, 4837 struct sldns_buffer* scratch_buffer) 4838 { 4839 struct auth_chunk* rr_chunk; 4840 int rr_num; 4841 size_t rr_pos; 4842 uint8_t* rr_dname, *rr_rdata; 4843 uint16_t rr_type, rr_class, rr_rdlen; 4844 uint32_t rr_ttl; 4845 size_t rr_nextpos; 4846 int have_transfer_serial = 0; 4847 uint32_t transfer_serial = 0; 4848 size_t rr_counter = 0; 4849 int delmode = 0; 4850 int softfail = 0; 4851 4852 /* start RR iterator over chunklist of packets */ 4853 chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos); 4854 while(!chunk_rrlist_end(rr_chunk, rr_num)) { 4855 if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos, 4856 &rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen, 4857 &rr_rdata, &rr_nextpos)) { 4858 /* failed to parse RR */ 4859 return 0; 4860 } 4861 if(verbosity>=7) log_rrlist_position("apply ixfr", 4862 rr_chunk, rr_dname, rr_type, rr_counter); 4863 /* twiddle add/del mode and check for start and end */ 4864 if(rr_counter == 0 && rr_type != LDNS_RR_TYPE_SOA) 4865 return 0; 4866 if(rr_counter == 1 && rr_type != LDNS_RR_TYPE_SOA) { 4867 /* this is an AXFR returned from the IXFR master */ 4868 /* but that should already have been detected, by 4869 * on_ixfr_is_axfr */ 4870 return 0; 4871 } 4872 if(rr_type == LDNS_RR_TYPE_SOA) { 4873 uint32_t serial; 4874 if(rr_rdlen < 22) return 0; /* bad SOA rdlen */ 4875 serial = sldns_read_uint32(rr_rdata+rr_rdlen-20); 4876 if(have_transfer_serial == 0) { 4877 have_transfer_serial = 1; 4878 transfer_serial = serial; 4879 delmode = 1; /* gets negated below */ 4880 /* check second RR before going any further */ 4881 if(!ixfr_start_serial(rr_chunk, rr_num, rr_pos, 4882 rr_dname, rr_type, rr_class, rr_ttl, 4883 rr_rdlen, rr_rdata, rr_nextpos, 4884 transfer_serial, xfr->serial)) { 4885 return 0; 4886 } 4887 } else if(transfer_serial == serial) { 4888 have_transfer_serial++; 4889 if(rr_counter == 1) { 4890 /* empty AXFR, with SOA; SOA; */ 4891 /* should have been detected by 4892 * on_ixfr_is_axfr */ 4893 return 0; 4894 } 4895 if(have_transfer_serial == 3) { 4896 /* see serial three times for end */ 4897 /* eg. IXFR: 4898 * SOA 3 start 4899 * SOA 1 second RR, followed by del 4900 * SOA 2 followed by add 4901 * SOA 2 followed by del 4902 * SOA 3 followed by add 4903 * SOA 3 end */ 4904 /* ended by SOA record */ 4905 xfr->serial = transfer_serial; 4906 break; 4907 } 4908 } 4909 /* twiddle add/del mode */ 4910 /* switch from delete part to add part and back again 4911 * just before the soa, it gets deleted and added too 4912 * this means we switch to delete mode for the final 4913 * SOA(so skip that one) */ 4914 delmode = !delmode; 4915 } 4916 /* process this RR */ 4917 /* if the RR is deleted twice or added twice, then we 4918 * softfail, and continue with the rest of the IXFR, so 4919 * that we serve something fairly nice during the refetch */ 4920 if(verbosity>=7) log_rrlist_position((delmode?"del":"add"), 4921 rr_chunk, rr_dname, rr_type, rr_counter); 4922 if(delmode) { 4923 /* delete this RR */ 4924 int nonexist = 0; 4925 if(!az_remove_rr_decompress(z, rr_chunk->data, 4926 rr_chunk->len, scratch_buffer, rr_dname, 4927 rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen, 4928 &nonexist)) { 4929 /* failed, malloc error or so */ 4930 return 0; 4931 } 4932 if(nonexist) { 4933 /* it was removal of a nonexisting RR */ 4934 if(verbosity>=4) log_rrlist_position( 4935 "IXFR error nonexistent RR", 4936 rr_chunk, rr_dname, rr_type, rr_counter); 4937 softfail = 1; 4938 } 4939 } else if(rr_counter != 0) { 4940 /* skip first SOA RR for addition, it is added in 4941 * the addition part near the end of the ixfr, when 4942 * that serial is seen the second time. */ 4943 int duplicate = 0; 4944 /* add this RR */ 4945 if(!az_insert_rr_decompress(z, rr_chunk->data, 4946 rr_chunk->len, scratch_buffer, rr_dname, 4947 rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen, 4948 &duplicate)) { 4949 /* failed, malloc error or so */ 4950 return 0; 4951 } 4952 if(duplicate) { 4953 /* it was a duplicate */ 4954 if(verbosity>=4) log_rrlist_position( 4955 "IXFR error duplicate RR", 4956 rr_chunk, rr_dname, rr_type, rr_counter); 4957 softfail = 1; 4958 } 4959 } 4960 4961 rr_counter++; 4962 chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos); 4963 } 4964 if(softfail) { 4965 verbose(VERB_ALGO, "IXFR did not apply cleanly, fetching full zone"); 4966 return 0; 4967 } 4968 return 1; 4969 } 4970 4971 /** apply AXFR to zone in memory. z is locked. false on failure(mallocfail) */ 4972 static int 4973 apply_axfr(struct auth_xfer* xfr, struct auth_zone* z, 4974 struct sldns_buffer* scratch_buffer) 4975 { 4976 struct auth_chunk* rr_chunk; 4977 int rr_num; 4978 size_t rr_pos; 4979 uint8_t* rr_dname, *rr_rdata; 4980 uint16_t rr_type, rr_class, rr_rdlen; 4981 uint32_t rr_ttl; 4982 uint32_t serial = 0; 4983 size_t rr_nextpos; 4984 size_t rr_counter = 0; 4985 int have_end_soa = 0; 4986 4987 /* clear the data tree */ 4988 traverse_postorder(&z->data, auth_data_del, NULL); 4989 rbtree_init(&z->data, &auth_data_cmp); 4990 /* clear the RPZ policies */ 4991 if(z->rpz) 4992 rpz_clear(z->rpz); 4993 4994 xfr->have_zone = 0; 4995 xfr->serial = 0; 4996 4997 /* insert all RRs in to the zone */ 4998 /* insert the SOA only once, skip the last one */ 4999 /* start RR iterator over chunklist of packets */ 5000 chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos); 5001 while(!chunk_rrlist_end(rr_chunk, rr_num)) { 5002 if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos, 5003 &rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen, 5004 &rr_rdata, &rr_nextpos)) { 5005 /* failed to parse RR */ 5006 return 0; 5007 } 5008 if(verbosity>=7) log_rrlist_position("apply_axfr", 5009 rr_chunk, rr_dname, rr_type, rr_counter); 5010 if(rr_type == LDNS_RR_TYPE_SOA) { 5011 if(rr_counter != 0) { 5012 /* end of the axfr */ 5013 have_end_soa = 1; 5014 break; 5015 } 5016 if(rr_rdlen < 22) return 0; /* bad SOA rdlen */ 5017 serial = sldns_read_uint32(rr_rdata+rr_rdlen-20); 5018 } 5019 5020 /* add this RR */ 5021 if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len, 5022 scratch_buffer, rr_dname, rr_type, rr_class, rr_ttl, 5023 rr_rdata, rr_rdlen, NULL)) { 5024 /* failed, malloc error or so */ 5025 return 0; 5026 } 5027 5028 rr_counter++; 5029 chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos); 5030 } 5031 if(!have_end_soa) { 5032 log_err("no end SOA record for AXFR"); 5033 return 0; 5034 } 5035 5036 xfr->serial = serial; 5037 xfr->have_zone = 1; 5038 return 1; 5039 } 5040 5041 /** apply HTTP to zone in memory. z is locked. false on failure(mallocfail) */ 5042 static int 5043 apply_http(struct auth_xfer* xfr, struct auth_zone* z, 5044 struct sldns_buffer* scratch_buffer) 5045 { 5046 /* parse data in chunks */ 5047 /* parse RR's and read into memory. ignore $INCLUDE from the 5048 * downloaded file*/ 5049 struct sldns_file_parse_state pstate; 5050 struct auth_chunk* chunk; 5051 size_t chunk_pos; 5052 int ret; 5053 memset(&pstate, 0, sizeof(pstate)); 5054 pstate.default_ttl = 3600; 5055 if(xfr->namelen < sizeof(pstate.origin)) { 5056 pstate.origin_len = xfr->namelen; 5057 memmove(pstate.origin, xfr->name, xfr->namelen); 5058 } 5059 5060 if(verbosity >= VERB_ALGO) 5061 verbose(VERB_ALGO, "http download %s of size %d", 5062 xfr->task_transfer->master->file, 5063 (int)chunklist_sum(xfr->task_transfer->chunks_first)); 5064 if(xfr->task_transfer->chunks_first && verbosity >= VERB_ALGO) { 5065 char preview[1024]; 5066 if(xfr->task_transfer->chunks_first->len+1 > sizeof(preview)) { 5067 memmove(preview, xfr->task_transfer->chunks_first->data, 5068 sizeof(preview)-1); 5069 preview[sizeof(preview)-1]=0; 5070 } else { 5071 memmove(preview, xfr->task_transfer->chunks_first->data, 5072 xfr->task_transfer->chunks_first->len); 5073 preview[xfr->task_transfer->chunks_first->len]=0; 5074 } 5075 log_info("auth zone http downloaded content preview: %s", 5076 preview); 5077 } 5078 5079 /* perhaps a little syntax check before we try to apply the data? */ 5080 if(!http_zonefile_syntax_check(xfr, scratch_buffer)) { 5081 log_err("http download %s/%s does not contain a zonefile, " 5082 "but got '%s'", xfr->task_transfer->master->host, 5083 xfr->task_transfer->master->file, 5084 sldns_buffer_begin(scratch_buffer)); 5085 return 0; 5086 } 5087 5088 /* clear the data tree */ 5089 traverse_postorder(&z->data, auth_data_del, NULL); 5090 rbtree_init(&z->data, &auth_data_cmp); 5091 /* clear the RPZ policies */ 5092 if(z->rpz) 5093 rpz_clear(z->rpz); 5094 5095 xfr->have_zone = 0; 5096 xfr->serial = 0; 5097 5098 chunk = xfr->task_transfer->chunks_first; 5099 chunk_pos = 0; 5100 pstate.lineno = 0; 5101 while(chunkline_get_line_collated(&chunk, &chunk_pos, scratch_buffer)) { 5102 /* process this line */ 5103 pstate.lineno++; 5104 chunkline_newline_removal(scratch_buffer); 5105 if(chunkline_is_comment_line_or_empty(scratch_buffer)) { 5106 continue; 5107 } 5108 /* parse line and add RR */ 5109 if((ret=http_parse_origin(scratch_buffer, &pstate))!=0) { 5110 if(ret == 2) { 5111 verbose(VERB_ALGO, "error parsing ORIGIN on line [%s:%d] %s", 5112 xfr->task_transfer->master->file, 5113 pstate.lineno, 5114 sldns_buffer_begin(scratch_buffer)); 5115 return 0; 5116 } 5117 continue; /* $ORIGIN has been handled */ 5118 } 5119 if((ret=http_parse_ttl(scratch_buffer, &pstate))!=0) { 5120 if(ret == 2) { 5121 verbose(VERB_ALGO, "error parsing TTL on line [%s:%d] %s", 5122 xfr->task_transfer->master->file, 5123 pstate.lineno, 5124 sldns_buffer_begin(scratch_buffer)); 5125 return 0; 5126 } 5127 continue; /* $TTL has been handled */ 5128 } 5129 if(!http_parse_add_rr(xfr, z, scratch_buffer, &pstate)) { 5130 verbose(VERB_ALGO, "error parsing line [%s:%d] %s", 5131 xfr->task_transfer->master->file, 5132 pstate.lineno, 5133 sldns_buffer_begin(scratch_buffer)); 5134 return 0; 5135 } 5136 } 5137 return 1; 5138 } 5139 5140 /** write http chunks to zonefile to create downloaded file */ 5141 static int 5142 auth_zone_write_chunks(struct auth_xfer* xfr, const char* fname) 5143 { 5144 FILE* out; 5145 struct auth_chunk* p; 5146 out = fopen(fname, "w"); 5147 if(!out) { 5148 log_err("could not open %s: %s", fname, strerror(errno)); 5149 return 0; 5150 } 5151 for(p = xfr->task_transfer->chunks_first; p ; p = p->next) { 5152 if(!write_out(out, (char*)p->data, p->len)) { 5153 log_err("could not write http download to %s", fname); 5154 fclose(out); 5155 return 0; 5156 } 5157 } 5158 fclose(out); 5159 return 1; 5160 } 5161 5162 /** write to zonefile after zone has been updated */ 5163 static void 5164 xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env) 5165 { 5166 struct config_file* cfg = env->cfg; 5167 struct auth_zone* z; 5168 char tmpfile[1024]; 5169 char* zfilename; 5170 lock_basic_unlock(&xfr->lock); 5171 5172 /* get lock again, so it is a readlock and concurrently queries 5173 * can be answered */ 5174 lock_rw_rdlock(&env->auth_zones->lock); 5175 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, 5176 xfr->dclass); 5177 if(!z) { 5178 lock_rw_unlock(&env->auth_zones->lock); 5179 /* the zone is gone, ignore xfr results */ 5180 lock_basic_lock(&xfr->lock); 5181 return; 5182 } 5183 lock_rw_rdlock(&z->lock); 5184 lock_basic_lock(&xfr->lock); 5185 lock_rw_unlock(&env->auth_zones->lock); 5186 5187 if(z->zonefile == NULL || z->zonefile[0] == 0) { 5188 lock_rw_unlock(&z->lock); 5189 /* no write needed, no zonefile set */ 5190 return; 5191 } 5192 zfilename = z->zonefile; 5193 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename, 5194 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) 5195 zfilename += strlen(cfg->chrootdir); 5196 if(verbosity >= VERB_ALGO) { 5197 char nm[255+1]; 5198 dname_str(z->name, nm); 5199 verbose(VERB_ALGO, "write zonefile %s for %s", zfilename, nm); 5200 } 5201 5202 /* write to tempfile first */ 5203 if((size_t)strlen(zfilename) + 16 > sizeof(tmpfile)) { 5204 verbose(VERB_ALGO, "tmpfilename too long, cannot update " 5205 " zonefile %s", zfilename); 5206 lock_rw_unlock(&z->lock); 5207 return; 5208 } 5209 snprintf(tmpfile, sizeof(tmpfile), "%s.tmp%u", zfilename, 5210 (unsigned)getpid()); 5211 if(xfr->task_transfer->master->http) { 5212 /* use the stored chunk list to write them */ 5213 if(!auth_zone_write_chunks(xfr, tmpfile)) { 5214 unlink(tmpfile); 5215 lock_rw_unlock(&z->lock); 5216 return; 5217 } 5218 } else if(!auth_zone_write_file(z, tmpfile)) { 5219 unlink(tmpfile); 5220 lock_rw_unlock(&z->lock); 5221 return; 5222 } 5223 #ifdef UB_ON_WINDOWS 5224 (void)unlink(zfilename); /* windows does not replace file with rename() */ 5225 #endif 5226 if(rename(tmpfile, zfilename) < 0) { 5227 log_err("could not rename(%s, %s): %s", tmpfile, zfilename, 5228 strerror(errno)); 5229 unlink(tmpfile); 5230 lock_rw_unlock(&z->lock); 5231 return; 5232 } 5233 lock_rw_unlock(&z->lock); 5234 } 5235 5236 /** reacquire locks and structures. Starts with no locks, ends 5237 * with xfr and z locks, if fail, no z lock */ 5238 static int xfr_process_reacquire_locks(struct auth_xfer* xfr, 5239 struct module_env* env, struct auth_zone** z) 5240 { 5241 /* release xfr lock, then, while holding az->lock grab both 5242 * z->lock and xfr->lock */ 5243 lock_rw_rdlock(&env->auth_zones->lock); 5244 *z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, 5245 xfr->dclass); 5246 if(!*z) { 5247 lock_rw_unlock(&env->auth_zones->lock); 5248 lock_basic_lock(&xfr->lock); 5249 *z = NULL; 5250 return 0; 5251 } 5252 lock_rw_wrlock(&(*z)->lock); 5253 lock_basic_lock(&xfr->lock); 5254 lock_rw_unlock(&env->auth_zones->lock); 5255 return 1; 5256 } 5257 5258 /** process chunk list and update zone in memory, 5259 * return false if it did not work */ 5260 static int 5261 xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env, 5262 int* ixfr_fail) 5263 { 5264 struct auth_zone* z; 5265 5266 /* obtain locks and structures */ 5267 lock_basic_unlock(&xfr->lock); 5268 if(!xfr_process_reacquire_locks(xfr, env, &z)) { 5269 /* the zone is gone, ignore xfr results */ 5270 return 0; 5271 } 5272 /* holding xfr and z locks */ 5273 5274 /* apply data */ 5275 if(xfr->task_transfer->master->http) { 5276 if(!apply_http(xfr, z, env->scratch_buffer)) { 5277 lock_rw_unlock(&z->lock); 5278 verbose(VERB_ALGO, "http from %s: could not store data", 5279 xfr->task_transfer->master->host); 5280 return 0; 5281 } 5282 } else if(xfr->task_transfer->on_ixfr && 5283 !xfr->task_transfer->on_ixfr_is_axfr) { 5284 if(!apply_ixfr(xfr, z, env->scratch_buffer)) { 5285 lock_rw_unlock(&z->lock); 5286 verbose(VERB_ALGO, "xfr from %s: could not store IXFR" 5287 " data", xfr->task_transfer->master->host); 5288 *ixfr_fail = 1; 5289 return 0; 5290 } 5291 } else { 5292 if(!apply_axfr(xfr, z, env->scratch_buffer)) { 5293 lock_rw_unlock(&z->lock); 5294 verbose(VERB_ALGO, "xfr from %s: could not store AXFR" 5295 " data", xfr->task_transfer->master->host); 5296 return 0; 5297 } 5298 } 5299 xfr->zone_expired = 0; 5300 z->zone_expired = 0; 5301 if(!xfr_find_soa(z, xfr)) { 5302 lock_rw_unlock(&z->lock); 5303 verbose(VERB_ALGO, "xfr from %s: no SOA in zone after update" 5304 " (or malformed RR)", xfr->task_transfer->master->host); 5305 return 0; 5306 } 5307 5308 /* release xfr lock while verifying zonemd because it may have 5309 * to spawn lookups in the state machines */ 5310 lock_basic_unlock(&xfr->lock); 5311 /* holding z lock */ 5312 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0); 5313 if(z->zone_expired) { 5314 char zname[256]; 5315 /* ZONEMD must have failed */ 5316 /* reacquire locks, so we hold xfr lock on exit of routine, 5317 * and both xfr and z again after releasing xfr for potential 5318 * state machine mesh callbacks */ 5319 lock_rw_unlock(&z->lock); 5320 if(!xfr_process_reacquire_locks(xfr, env, &z)) 5321 return 0; 5322 dname_str(xfr->name, zname); 5323 verbose(VERB_ALGO, "xfr from %s: ZONEMD failed for %s, transfer is failed", xfr->task_transfer->master->host, zname); 5324 xfr->zone_expired = 1; 5325 lock_rw_unlock(&z->lock); 5326 return 0; 5327 } 5328 /* reacquire locks, so we hold xfr lock on exit of routine, 5329 * and both xfr and z again after releasing xfr for potential 5330 * state machine mesh callbacks */ 5331 lock_rw_unlock(&z->lock); 5332 if(!xfr_process_reacquire_locks(xfr, env, &z)) 5333 return 0; 5334 /* holding xfr and z locks */ 5335 5336 if(xfr->have_zone) 5337 xfr->lease_time = *env->now; 5338 5339 if(z->rpz) 5340 rpz_finish_config(z->rpz); 5341 5342 /* unlock */ 5343 lock_rw_unlock(&z->lock); 5344 5345 if(verbosity >= VERB_QUERY && xfr->have_zone) { 5346 char zname[256]; 5347 dname_str(xfr->name, zname); 5348 verbose(VERB_QUERY, "auth zone %s updated to serial %u", zname, 5349 (unsigned)xfr->serial); 5350 } 5351 /* see if we need to write to a zonefile */ 5352 xfr_write_after_update(xfr, env); 5353 return 1; 5354 } 5355 5356 /** disown task_transfer. caller must hold xfr.lock */ 5357 static void 5358 xfr_transfer_disown(struct auth_xfer* xfr) 5359 { 5360 /* remove timer (from this worker's event base) */ 5361 comm_timer_delete(xfr->task_transfer->timer); 5362 xfr->task_transfer->timer = NULL; 5363 /* remove the commpoint */ 5364 comm_point_delete(xfr->task_transfer->cp); 5365 xfr->task_transfer->cp = NULL; 5366 /* we don't own this item anymore */ 5367 xfr->task_transfer->worker = NULL; 5368 xfr->task_transfer->env = NULL; 5369 } 5370 5371 /** lookup a host name for its addresses, if needed */ 5372 static int 5373 xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env) 5374 { 5375 struct sockaddr_storage addr; 5376 socklen_t addrlen = 0; 5377 struct auth_master* master = xfr->task_transfer->lookup_target; 5378 struct query_info qinfo; 5379 uint16_t qflags = BIT_RD; 5380 uint8_t dname[LDNS_MAX_DOMAINLEN+1]; 5381 struct edns_data edns; 5382 sldns_buffer* buf = env->scratch_buffer; 5383 if(!master) return 0; 5384 if(extstrtoaddr(master->host, &addr, &addrlen)) { 5385 /* not needed, host is in IP addr format */ 5386 return 0; 5387 } 5388 if(master->allow_notify) 5389 return 0; /* allow-notifies are not transferred from, no 5390 lookup is needed */ 5391 5392 /* use mesh_new_callback to probe for non-addr hosts, 5393 * and then wait for them to be looked up (in cache, or query) */ 5394 qinfo.qname_len = sizeof(dname); 5395 if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len) 5396 != 0) { 5397 log_err("cannot parse host name of master %s", master->host); 5398 return 0; 5399 } 5400 qinfo.qname = dname; 5401 qinfo.qclass = xfr->dclass; 5402 qinfo.qtype = LDNS_RR_TYPE_A; 5403 if(xfr->task_transfer->lookup_aaaa) 5404 qinfo.qtype = LDNS_RR_TYPE_AAAA; 5405 qinfo.local_alias = NULL; 5406 if(verbosity >= VERB_ALGO) { 5407 char buf1[512]; 5408 char buf2[LDNS_MAX_DOMAINLEN+1]; 5409 dname_str(xfr->name, buf2); 5410 snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup" 5411 " for task_transfer", buf2); 5412 log_query_info(VERB_ALGO, buf1, &qinfo); 5413 } 5414 edns.edns_present = 1; 5415 edns.ext_rcode = 0; 5416 edns.edns_version = 0; 5417 edns.bits = EDNS_DO; 5418 edns.opt_list_in = NULL; 5419 edns.opt_list_out = NULL; 5420 edns.opt_list_inplace_cb_out = NULL; 5421 edns.padding_block_size = 0; 5422 if(sldns_buffer_capacity(buf) < 65535) 5423 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); 5424 else edns.udp_size = 65535; 5425 5426 /* unlock xfr during mesh_new_callback() because the callback can be 5427 * called straight away */ 5428 lock_basic_unlock(&xfr->lock); 5429 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, 5430 &auth_xfer_transfer_lookup_callback, xfr, 0)) { 5431 lock_basic_lock(&xfr->lock); 5432 log_err("out of memory lookup up master %s", master->host); 5433 return 0; 5434 } 5435 lock_basic_lock(&xfr->lock); 5436 return 1; 5437 } 5438 5439 /** initiate TCP to the target and fetch zone. 5440 * returns true if that was successfully started, and timeout setup. */ 5441 static int 5442 xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env) 5443 { 5444 struct sockaddr_storage addr; 5445 socklen_t addrlen = 0; 5446 struct auth_master* master = xfr->task_transfer->master; 5447 char *auth_name = NULL; 5448 struct timeval t; 5449 int timeout; 5450 if(!master) return 0; 5451 if(master->allow_notify) return 0; /* only for notify */ 5452 5453 /* get master addr */ 5454 if(xfr->task_transfer->scan_addr) { 5455 addrlen = xfr->task_transfer->scan_addr->addrlen; 5456 memmove(&addr, &xfr->task_transfer->scan_addr->addr, addrlen); 5457 } else { 5458 if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) { 5459 /* the ones that are not in addr format are supposed 5460 * to be looked up. The lookup has failed however, 5461 * so skip them */ 5462 char zname[255+1]; 5463 dname_str(xfr->name, zname); 5464 log_err("%s: failed lookup, cannot transfer from master %s", 5465 zname, master->host); 5466 return 0; 5467 } 5468 } 5469 5470 /* remove previous TCP connection (if any) */ 5471 if(xfr->task_transfer->cp) { 5472 comm_point_delete(xfr->task_transfer->cp); 5473 xfr->task_transfer->cp = NULL; 5474 } 5475 if(!xfr->task_transfer->timer) { 5476 xfr->task_transfer->timer = comm_timer_create(env->worker_base, 5477 auth_xfer_transfer_timer_callback, xfr); 5478 if(!xfr->task_transfer->timer) { 5479 log_err("malloc failure"); 5480 return 0; 5481 } 5482 } 5483 timeout = AUTH_TRANSFER_TIMEOUT; 5484 #ifndef S_SPLINT_S 5485 t.tv_sec = timeout/1000; 5486 t.tv_usec = (timeout%1000)*1000; 5487 #endif 5488 5489 if(master->http) { 5490 /* perform http fetch */ 5491 /* store http port number into sockaddr, 5492 * unless someone used unbound's host@port notation */ 5493 xfr->task_transfer->on_ixfr = 0; 5494 if(strchr(master->host, '@') == NULL) 5495 sockaddr_store_port(&addr, addrlen, master->port); 5496 xfr->task_transfer->cp = outnet_comm_point_for_http( 5497 env->outnet, auth_xfer_transfer_http_callback, xfr, 5498 &addr, addrlen, -1, master->ssl, master->host, 5499 master->file, env->cfg); 5500 if(!xfr->task_transfer->cp) { 5501 char zname[255+1], as[256]; 5502 dname_str(xfr->name, zname); 5503 addr_to_str(&addr, addrlen, as, sizeof(as)); 5504 verbose(VERB_ALGO, "cannot create http cp " 5505 "connection for %s to %s", zname, as); 5506 return 0; 5507 } 5508 comm_timer_set(xfr->task_transfer->timer, &t); 5509 if(verbosity >= VERB_ALGO) { 5510 char zname[255+1], as[256]; 5511 dname_str(xfr->name, zname); 5512 addr_to_str(&addr, addrlen, as, sizeof(as)); 5513 verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as); 5514 } 5515 /* Create or refresh the list of allow_notify addrs */ 5516 probe_copy_masters_for_allow_notify(xfr); 5517 return 1; 5518 } 5519 5520 /* perform AXFR/IXFR */ 5521 /* set the packet to be written */ 5522 /* create new ID */ 5523 xfr->task_transfer->id = GET_RANDOM_ID(env->rnd); 5524 xfr_create_ixfr_packet(xfr, env->scratch_buffer, 5525 xfr->task_transfer->id, master); 5526 5527 /* connect on fd */ 5528 xfr->task_transfer->cp = outnet_comm_point_for_tcp(env->outnet, 5529 auth_xfer_transfer_tcp_callback, xfr, &addr, addrlen, 5530 env->scratch_buffer, -1, 5531 auth_name != NULL, auth_name); 5532 if(!xfr->task_transfer->cp) { 5533 char zname[255+1], as[256]; 5534 dname_str(xfr->name, zname); 5535 addr_to_str(&addr, addrlen, as, sizeof(as)); 5536 verbose(VERB_ALGO, "cannot create tcp cp connection for " 5537 "xfr %s to %s", zname, as); 5538 return 0; 5539 } 5540 comm_timer_set(xfr->task_transfer->timer, &t); 5541 if(verbosity >= VERB_ALGO) { 5542 char zname[255+1], as[256]; 5543 dname_str(xfr->name, zname); 5544 addr_to_str(&addr, addrlen, as, sizeof(as)); 5545 verbose(VERB_ALGO, "auth zone %s transfer next %s fetch from %s started", zname, 5546 (xfr->task_transfer->on_ixfr?"IXFR":"AXFR"), as); 5547 } 5548 return 1; 5549 } 5550 5551 /** perform next lookup, next transfer TCP, or end and resume wait time task */ 5552 static void 5553 xfr_transfer_nexttarget_or_end(struct auth_xfer* xfr, struct module_env* env) 5554 { 5555 log_assert(xfr->task_transfer->worker == env->worker); 5556 5557 /* are we performing lookups? */ 5558 while(xfr->task_transfer->lookup_target) { 5559 if(xfr_transfer_lookup_host(xfr, env)) { 5560 /* wait for lookup to finish, 5561 * note that the hostname may be in unbound's cache 5562 * and we may then get an instant cache response, 5563 * and that calls the callback just like a full 5564 * lookup and lookup failures also call callback */ 5565 if(verbosity >= VERB_ALGO) { 5566 char zname[255+1]; 5567 dname_str(xfr->name, zname); 5568 verbose(VERB_ALGO, "auth zone %s transfer next target lookup", zname); 5569 } 5570 lock_basic_unlock(&xfr->lock); 5571 return; 5572 } 5573 xfr_transfer_move_to_next_lookup(xfr, env); 5574 } 5575 5576 /* initiate TCP and fetch the zone from the master */ 5577 /* and set timeout on it */ 5578 while(!xfr_transfer_end_of_list(xfr)) { 5579 xfr->task_transfer->master = xfr_transfer_current_master(xfr); 5580 if(xfr_transfer_init_fetch(xfr, env)) { 5581 /* successfully started, wait for callback */ 5582 lock_basic_unlock(&xfr->lock); 5583 return; 5584 } 5585 /* failed to fetch, next master */ 5586 xfr_transfer_nextmaster(xfr); 5587 } 5588 if(verbosity >= VERB_ALGO) { 5589 char zname[255+1]; 5590 dname_str(xfr->name, zname); 5591 verbose(VERB_ALGO, "auth zone %s transfer failed, wait", zname); 5592 } 5593 5594 /* we failed to fetch the zone, move to wait task 5595 * use the shorter retry timeout */ 5596 xfr_transfer_disown(xfr); 5597 5598 /* pick up the nextprobe task and wait */ 5599 if(xfr->task_nextprobe->worker == NULL) 5600 xfr_set_timeout(xfr, env, 1, 0); 5601 lock_basic_unlock(&xfr->lock); 5602 } 5603 5604 /** add addrs from A or AAAA rrset to the master */ 5605 static void 5606 xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset, 5607 uint16_t rrtype) 5608 { 5609 size_t i; 5610 struct packed_rrset_data* data; 5611 if(!m || !rrset) return; 5612 if(rrtype != LDNS_RR_TYPE_A && rrtype != LDNS_RR_TYPE_AAAA) 5613 return; 5614 data = (struct packed_rrset_data*)rrset->entry.data; 5615 for(i=0; i<data->count; i++) { 5616 struct auth_addr* a; 5617 size_t len = data->rr_len[i] - 2; 5618 uint8_t* rdata = data->rr_data[i]+2; 5619 if(rrtype == LDNS_RR_TYPE_A && len != INET_SIZE) 5620 continue; /* wrong length for A */ 5621 if(rrtype == LDNS_RR_TYPE_AAAA && len != INET6_SIZE) 5622 continue; /* wrong length for AAAA */ 5623 5624 /* add and alloc it */ 5625 a = (struct auth_addr*)calloc(1, sizeof(*a)); 5626 if(!a) { 5627 log_err("out of memory"); 5628 return; 5629 } 5630 if(rrtype == LDNS_RR_TYPE_A) { 5631 struct sockaddr_in* sa; 5632 a->addrlen = (socklen_t)sizeof(*sa); 5633 sa = (struct sockaddr_in*)&a->addr; 5634 sa->sin_family = AF_INET; 5635 sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); 5636 memmove(&sa->sin_addr, rdata, INET_SIZE); 5637 } else { 5638 struct sockaddr_in6* sa; 5639 a->addrlen = (socklen_t)sizeof(*sa); 5640 sa = (struct sockaddr_in6*)&a->addr; 5641 sa->sin6_family = AF_INET6; 5642 sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); 5643 memmove(&sa->sin6_addr, rdata, INET6_SIZE); 5644 } 5645 if(verbosity >= VERB_ALGO) { 5646 char s[64]; 5647 addr_to_str(&a->addr, a->addrlen, s, sizeof(s)); 5648 verbose(VERB_ALGO, "auth host %s lookup %s", 5649 m->host, s); 5650 } 5651 /* append to list */ 5652 a->next = m->list; 5653 m->list = a; 5654 } 5655 } 5656 5657 /** callback for task_transfer lookup of host name, of A or AAAA */ 5658 void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, 5659 enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus), 5660 int ATTR_UNUSED(was_ratelimited)) 5661 { 5662 struct auth_xfer* xfr = (struct auth_xfer*)arg; 5663 struct module_env* env; 5664 log_assert(xfr->task_transfer); 5665 lock_basic_lock(&xfr->lock); 5666 env = xfr->task_transfer->env; 5667 if(!env || env->outnet->want_to_quit) { 5668 lock_basic_unlock(&xfr->lock); 5669 return; /* stop on quit */ 5670 } 5671 5672 /* process result */ 5673 if(rcode == LDNS_RCODE_NOERROR) { 5674 uint16_t wanted_qtype = LDNS_RR_TYPE_A; 5675 struct regional* temp = env->scratch; 5676 struct query_info rq; 5677 struct reply_info* rep; 5678 if(xfr->task_transfer->lookup_aaaa) 5679 wanted_qtype = LDNS_RR_TYPE_AAAA; 5680 memset(&rq, 0, sizeof(rq)); 5681 rep = parse_reply_in_temp_region(buf, temp, &rq); 5682 if(rep && rq.qtype == wanted_qtype && 5683 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { 5684 /* parsed successfully */ 5685 struct ub_packed_rrset_key* answer = 5686 reply_find_answer_rrset(&rq, rep); 5687 if(answer) { 5688 xfr_master_add_addrs(xfr->task_transfer-> 5689 lookup_target, answer, wanted_qtype); 5690 } else { 5691 if(verbosity >= VERB_ALGO) { 5692 char zname[255+1]; 5693 dname_str(xfr->name, zname); 5694 verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has nodata", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A")); 5695 } 5696 } 5697 } else { 5698 if(verbosity >= VERB_ALGO) { 5699 char zname[255+1]; 5700 dname_str(xfr->name, zname); 5701 verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A")); 5702 } 5703 } 5704 regional_free_all(temp); 5705 } else { 5706 if(verbosity >= VERB_ALGO) { 5707 char zname[255+1]; 5708 dname_str(xfr->name, zname); 5709 verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup failed", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A")); 5710 } 5711 } 5712 if(xfr->task_transfer->lookup_target->list && 5713 xfr->task_transfer->lookup_target == xfr_transfer_current_master(xfr)) 5714 xfr->task_transfer->scan_addr = xfr->task_transfer->lookup_target->list; 5715 5716 /* move to lookup AAAA after A lookup, move to next hostname lookup, 5717 * or move to fetch the zone, or, if nothing to do, end task_transfer */ 5718 xfr_transfer_move_to_next_lookup(xfr, env); 5719 xfr_transfer_nexttarget_or_end(xfr, env); 5720 } 5721 5722 /** check if xfer (AXFR or IXFR) packet is OK. 5723 * return false if we lost connection (SERVFAIL, or unreadable). 5724 * return false if we need to move from IXFR to AXFR, with gonextonfail 5725 * set to false, so the same master is tried again, but with AXFR. 5726 * return true if fine to link into data. 5727 * return true with transferdone=true when the transfer has ended. 5728 */ 5729 static int 5730 check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr, 5731 int* gonextonfail, int* transferdone) 5732 { 5733 uint8_t* wire = sldns_buffer_begin(pkt); 5734 int i; 5735 if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) { 5736 verbose(VERB_ALGO, "xfr to %s failed, packet too small", 5737 xfr->task_transfer->master->host); 5738 return 0; 5739 } 5740 if(!LDNS_QR_WIRE(wire)) { 5741 verbose(VERB_ALGO, "xfr to %s failed, packet has no QR flag", 5742 xfr->task_transfer->master->host); 5743 return 0; 5744 } 5745 if(LDNS_TC_WIRE(wire)) { 5746 verbose(VERB_ALGO, "xfr to %s failed, packet has TC flag", 5747 xfr->task_transfer->master->host); 5748 return 0; 5749 } 5750 /* check ID */ 5751 if(LDNS_ID_WIRE(wire) != xfr->task_transfer->id) { 5752 verbose(VERB_ALGO, "xfr to %s failed, packet wrong ID", 5753 xfr->task_transfer->master->host); 5754 return 0; 5755 } 5756 if(LDNS_RCODE_WIRE(wire) != LDNS_RCODE_NOERROR) { 5757 char rcode[32]; 5758 sldns_wire2str_rcode_buf((int)LDNS_RCODE_WIRE(wire), rcode, 5759 sizeof(rcode)); 5760 /* if we are doing IXFR, check for fallback */ 5761 if(xfr->task_transfer->on_ixfr) { 5762 if(LDNS_RCODE_WIRE(wire) == LDNS_RCODE_NOTIMPL || 5763 LDNS_RCODE_WIRE(wire) == LDNS_RCODE_SERVFAIL || 5764 LDNS_RCODE_WIRE(wire) == LDNS_RCODE_REFUSED || 5765 LDNS_RCODE_WIRE(wire) == LDNS_RCODE_FORMERR) { 5766 verbose(VERB_ALGO, "xfr to %s, fallback " 5767 "from IXFR to AXFR (with rcode %s)", 5768 xfr->task_transfer->master->host, 5769 rcode); 5770 xfr->task_transfer->ixfr_fail = 1; 5771 *gonextonfail = 0; 5772 return 0; 5773 } 5774 } 5775 verbose(VERB_ALGO, "xfr to %s failed, packet with rcode %s", 5776 xfr->task_transfer->master->host, rcode); 5777 return 0; 5778 } 5779 if(LDNS_OPCODE_WIRE(wire) != LDNS_PACKET_QUERY) { 5780 verbose(VERB_ALGO, "xfr to %s failed, packet with bad opcode", 5781 xfr->task_transfer->master->host); 5782 return 0; 5783 } 5784 if(LDNS_QDCOUNT(wire) > 1) { 5785 verbose(VERB_ALGO, "xfr to %s failed, packet has qdcount %d", 5786 xfr->task_transfer->master->host, 5787 (int)LDNS_QDCOUNT(wire)); 5788 return 0; 5789 } 5790 5791 /* check qname */ 5792 sldns_buffer_set_position(pkt, LDNS_HEADER_SIZE); 5793 for(i=0; i<(int)LDNS_QDCOUNT(wire); i++) { 5794 size_t pos = sldns_buffer_position(pkt); 5795 uint16_t qtype, qclass; 5796 if(pkt_dname_len(pkt) == 0) { 5797 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5798 "malformed dname", 5799 xfr->task_transfer->master->host); 5800 return 0; 5801 } 5802 if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos), 5803 xfr->name) != 0) { 5804 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5805 "wrong qname", 5806 xfr->task_transfer->master->host); 5807 return 0; 5808 } 5809 if(sldns_buffer_remaining(pkt) < 4) { 5810 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5811 "truncated query RR", 5812 xfr->task_transfer->master->host); 5813 return 0; 5814 } 5815 qtype = sldns_buffer_read_u16(pkt); 5816 qclass = sldns_buffer_read_u16(pkt); 5817 if(qclass != xfr->dclass) { 5818 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5819 "wrong qclass", 5820 xfr->task_transfer->master->host); 5821 return 0; 5822 } 5823 if(xfr->task_transfer->on_ixfr) { 5824 if(qtype != LDNS_RR_TYPE_IXFR) { 5825 verbose(VERB_ALGO, "xfr to %s failed, packet " 5826 "with wrong qtype, expected IXFR", 5827 xfr->task_transfer->master->host); 5828 return 0; 5829 } 5830 } else { 5831 if(qtype != LDNS_RR_TYPE_AXFR) { 5832 verbose(VERB_ALGO, "xfr to %s failed, packet " 5833 "with wrong qtype, expected AXFR", 5834 xfr->task_transfer->master->host); 5835 return 0; 5836 } 5837 } 5838 } 5839 5840 /* check parse of RRs in packet, store first SOA serial 5841 * to be able to detect last SOA (with that serial) to see if done */ 5842 /* also check for IXFR 'zone up to date' reply */ 5843 for(i=0; i<(int)LDNS_ANCOUNT(wire); i++) { 5844 size_t pos = sldns_buffer_position(pkt); 5845 uint16_t tp, rdlen; 5846 if(pkt_dname_len(pkt) == 0) { 5847 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5848 "malformed dname in answer section", 5849 xfr->task_transfer->master->host); 5850 return 0; 5851 } 5852 if(sldns_buffer_remaining(pkt) < 10) { 5853 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5854 "truncated RR", 5855 xfr->task_transfer->master->host); 5856 return 0; 5857 } 5858 tp = sldns_buffer_read_u16(pkt); 5859 (void)sldns_buffer_read_u16(pkt); /* class */ 5860 (void)sldns_buffer_read_u32(pkt); /* ttl */ 5861 rdlen = sldns_buffer_read_u16(pkt); 5862 if(sldns_buffer_remaining(pkt) < rdlen) { 5863 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5864 "truncated RR rdata", 5865 xfr->task_transfer->master->host); 5866 return 0; 5867 } 5868 5869 /* RR parses (haven't checked rdata itself), now look at 5870 * SOA records to see serial number */ 5871 if(xfr->task_transfer->rr_scan_num == 0 && 5872 tp != LDNS_RR_TYPE_SOA) { 5873 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5874 "malformed zone transfer, no start SOA", 5875 xfr->task_transfer->master->host); 5876 return 0; 5877 } 5878 if(xfr->task_transfer->rr_scan_num == 1 && 5879 tp != LDNS_RR_TYPE_SOA) { 5880 /* second RR is not a SOA record, this is not an IXFR 5881 * the master is replying with an AXFR */ 5882 xfr->task_transfer->on_ixfr_is_axfr = 1; 5883 } 5884 if(tp == LDNS_RR_TYPE_SOA) { 5885 uint32_t serial; 5886 if(rdlen < 22) { 5887 verbose(VERB_ALGO, "xfr to %s failed, packet " 5888 "with SOA with malformed rdata", 5889 xfr->task_transfer->master->host); 5890 return 0; 5891 } 5892 if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos), 5893 xfr->name) != 0) { 5894 verbose(VERB_ALGO, "xfr to %s failed, packet " 5895 "with SOA with wrong dname", 5896 xfr->task_transfer->master->host); 5897 return 0; 5898 } 5899 5900 /* read serial number of SOA */ 5901 serial = sldns_buffer_read_u32_at(pkt, 5902 sldns_buffer_position(pkt)+rdlen-20); 5903 5904 /* check for IXFR 'zone has SOA x' reply */ 5905 if(xfr->task_transfer->on_ixfr && 5906 xfr->task_transfer->rr_scan_num == 0 && 5907 LDNS_ANCOUNT(wire)==1) { 5908 verbose(VERB_ALGO, "xfr to %s ended, " 5909 "IXFR reply that zone has serial %u," 5910 " fallback from IXFR to AXFR", 5911 xfr->task_transfer->master->host, 5912 (unsigned)serial); 5913 xfr->task_transfer->ixfr_fail = 1; 5914 *gonextonfail = 0; 5915 return 0; 5916 } 5917 5918 /* if first SOA, store serial number */ 5919 if(xfr->task_transfer->got_xfr_serial == 0) { 5920 xfr->task_transfer->got_xfr_serial = 1; 5921 xfr->task_transfer->incoming_xfr_serial = 5922 serial; 5923 verbose(VERB_ALGO, "xfr %s: contains " 5924 "SOA serial %u", 5925 xfr->task_transfer->master->host, 5926 (unsigned)serial); 5927 /* see if end of AXFR */ 5928 } else if(!xfr->task_transfer->on_ixfr || 5929 xfr->task_transfer->on_ixfr_is_axfr) { 5930 /* second SOA with serial is the end 5931 * for AXFR */ 5932 *transferdone = 1; 5933 verbose(VERB_ALGO, "xfr %s: last AXFR packet", 5934 xfr->task_transfer->master->host); 5935 /* for IXFR, count SOA records with that serial */ 5936 } else if(xfr->task_transfer->incoming_xfr_serial == 5937 serial && xfr->task_transfer->got_xfr_serial 5938 == 1) { 5939 xfr->task_transfer->got_xfr_serial++; 5940 /* if not first soa, if serial==firstserial, the 5941 * third time we are at the end, for IXFR */ 5942 } else if(xfr->task_transfer->incoming_xfr_serial == 5943 serial && xfr->task_transfer->got_xfr_serial 5944 == 2) { 5945 verbose(VERB_ALGO, "xfr %s: last IXFR packet", 5946 xfr->task_transfer->master->host); 5947 *transferdone = 1; 5948 /* continue parse check, if that succeeds, 5949 * transfer is done */ 5950 } 5951 } 5952 xfr->task_transfer->rr_scan_num++; 5953 5954 /* skip over RR rdata to go to the next RR */ 5955 sldns_buffer_skip(pkt, (ssize_t)rdlen); 5956 } 5957 5958 /* check authority section */ 5959 /* we skip over the RRs checking packet format */ 5960 for(i=0; i<(int)LDNS_NSCOUNT(wire); i++) { 5961 uint16_t rdlen; 5962 if(pkt_dname_len(pkt) == 0) { 5963 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5964 "malformed dname in authority section", 5965 xfr->task_transfer->master->host); 5966 return 0; 5967 } 5968 if(sldns_buffer_remaining(pkt) < 10) { 5969 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5970 "truncated RR", 5971 xfr->task_transfer->master->host); 5972 return 0; 5973 } 5974 (void)sldns_buffer_read_u16(pkt); /* type */ 5975 (void)sldns_buffer_read_u16(pkt); /* class */ 5976 (void)sldns_buffer_read_u32(pkt); /* ttl */ 5977 rdlen = sldns_buffer_read_u16(pkt); 5978 if(sldns_buffer_remaining(pkt) < rdlen) { 5979 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5980 "truncated RR rdata", 5981 xfr->task_transfer->master->host); 5982 return 0; 5983 } 5984 /* skip over RR rdata to go to the next RR */ 5985 sldns_buffer_skip(pkt, (ssize_t)rdlen); 5986 } 5987 5988 /* check additional section */ 5989 for(i=0; i<(int)LDNS_ARCOUNT(wire); i++) { 5990 uint16_t rdlen; 5991 if(pkt_dname_len(pkt) == 0) { 5992 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5993 "malformed dname in additional section", 5994 xfr->task_transfer->master->host); 5995 return 0; 5996 } 5997 if(sldns_buffer_remaining(pkt) < 10) { 5998 verbose(VERB_ALGO, "xfr to %s failed, packet with " 5999 "truncated RR", 6000 xfr->task_transfer->master->host); 6001 return 0; 6002 } 6003 (void)sldns_buffer_read_u16(pkt); /* type */ 6004 (void)sldns_buffer_read_u16(pkt); /* class */ 6005 (void)sldns_buffer_read_u32(pkt); /* ttl */ 6006 rdlen = sldns_buffer_read_u16(pkt); 6007 if(sldns_buffer_remaining(pkt) < rdlen) { 6008 verbose(VERB_ALGO, "xfr to %s failed, packet with " 6009 "truncated RR rdata", 6010 xfr->task_transfer->master->host); 6011 return 0; 6012 } 6013 /* skip over RR rdata to go to the next RR */ 6014 sldns_buffer_skip(pkt, (ssize_t)rdlen); 6015 } 6016 6017 return 1; 6018 } 6019 6020 /** Link the data from this packet into the worklist of transferred data */ 6021 static int 6022 xfer_link_data(sldns_buffer* pkt, struct auth_xfer* xfr) 6023 { 6024 /* alloc it */ 6025 struct auth_chunk* e; 6026 e = (struct auth_chunk*)calloc(1, sizeof(*e)); 6027 if(!e) return 0; 6028 e->next = NULL; 6029 e->len = sldns_buffer_limit(pkt); 6030 e->data = memdup(sldns_buffer_begin(pkt), e->len); 6031 if(!e->data) { 6032 free(e); 6033 return 0; 6034 } 6035 6036 /* alloc succeeded, link into list */ 6037 if(!xfr->task_transfer->chunks_first) 6038 xfr->task_transfer->chunks_first = e; 6039 if(xfr->task_transfer->chunks_last) 6040 xfr->task_transfer->chunks_last->next = e; 6041 xfr->task_transfer->chunks_last = e; 6042 return 1; 6043 } 6044 6045 /** task transfer. the list of data is complete. process it and if failed 6046 * move to next master, if succeeded, end the task transfer */ 6047 static void 6048 process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env) 6049 { 6050 int ixfr_fail = 0; 6051 if(xfr_process_chunk_list(xfr, env, &ixfr_fail)) { 6052 /* it worked! */ 6053 auth_chunks_delete(xfr->task_transfer); 6054 6055 /* we fetched the zone, move to wait task */ 6056 xfr_transfer_disown(xfr); 6057 6058 if(xfr->notify_received && (!xfr->notify_has_serial || 6059 (xfr->notify_has_serial && 6060 xfr_serial_means_update(xfr, xfr->notify_serial)))) { 6061 uint32_t sr = xfr->notify_serial; 6062 int has_sr = xfr->notify_has_serial; 6063 /* we received a notify while probe/transfer was 6064 * in progress. start a new probe and transfer */ 6065 xfr->notify_received = 0; 6066 xfr->notify_has_serial = 0; 6067 xfr->notify_serial = 0; 6068 if(!xfr_start_probe(xfr, env, NULL)) { 6069 /* if we couldn't start it, already in 6070 * progress; restore notify serial, 6071 * while xfr still locked */ 6072 xfr->notify_received = 1; 6073 xfr->notify_has_serial = has_sr; 6074 xfr->notify_serial = sr; 6075 lock_basic_unlock(&xfr->lock); 6076 } 6077 return; 6078 } else { 6079 /* pick up the nextprobe task and wait (normail wait time) */ 6080 if(xfr->task_nextprobe->worker == NULL) 6081 xfr_set_timeout(xfr, env, 0, 0); 6082 } 6083 lock_basic_unlock(&xfr->lock); 6084 return; 6085 } 6086 /* processing failed */ 6087 /* when done, delete data from list */ 6088 auth_chunks_delete(xfr->task_transfer); 6089 if(ixfr_fail) { 6090 xfr->task_transfer->ixfr_fail = 1; 6091 } else { 6092 xfr_transfer_nextmaster(xfr); 6093 } 6094 xfr_transfer_nexttarget_or_end(xfr, env); 6095 } 6096 6097 /** callback for the task_transfer timer */ 6098 void 6099 auth_xfer_transfer_timer_callback(void* arg) 6100 { 6101 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6102 struct module_env* env; 6103 int gonextonfail = 1; 6104 log_assert(xfr->task_transfer); 6105 lock_basic_lock(&xfr->lock); 6106 env = xfr->task_transfer->env; 6107 if(!env || env->outnet->want_to_quit) { 6108 lock_basic_unlock(&xfr->lock); 6109 return; /* stop on quit */ 6110 } 6111 6112 verbose(VERB_ALGO, "xfr stopped, connection timeout to %s", 6113 xfr->task_transfer->master->host); 6114 6115 /* see if IXFR caused the failure, if so, try AXFR */ 6116 if(xfr->task_transfer->on_ixfr) { 6117 xfr->task_transfer->ixfr_possible_timeout_count++; 6118 if(xfr->task_transfer->ixfr_possible_timeout_count >= 6119 NUM_TIMEOUTS_FALLBACK_IXFR) { 6120 verbose(VERB_ALGO, "xfr to %s, fallback " 6121 "from IXFR to AXFR (because of timeouts)", 6122 xfr->task_transfer->master->host); 6123 xfr->task_transfer->ixfr_fail = 1; 6124 gonextonfail = 0; 6125 } 6126 } 6127 6128 /* delete transferred data from list */ 6129 auth_chunks_delete(xfr->task_transfer); 6130 comm_point_delete(xfr->task_transfer->cp); 6131 xfr->task_transfer->cp = NULL; 6132 if(gonextonfail) 6133 xfr_transfer_nextmaster(xfr); 6134 xfr_transfer_nexttarget_or_end(xfr, env); 6135 } 6136 6137 /** callback for task_transfer tcp connections */ 6138 int 6139 auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, 6140 struct comm_reply* ATTR_UNUSED(repinfo)) 6141 { 6142 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6143 struct module_env* env; 6144 int gonextonfail = 1; 6145 int transferdone = 0; 6146 log_assert(xfr->task_transfer); 6147 lock_basic_lock(&xfr->lock); 6148 env = xfr->task_transfer->env; 6149 if(!env || env->outnet->want_to_quit) { 6150 lock_basic_unlock(&xfr->lock); 6151 return 0; /* stop on quit */ 6152 } 6153 /* stop the timer */ 6154 comm_timer_disable(xfr->task_transfer->timer); 6155 6156 if(err != NETEVENT_NOERROR) { 6157 /* connection failed, closed, or timeout */ 6158 /* stop this transfer, cleanup 6159 * and continue task_transfer*/ 6160 verbose(VERB_ALGO, "xfr stopped, connection lost to %s", 6161 xfr->task_transfer->master->host); 6162 6163 /* see if IXFR caused the failure, if so, try AXFR */ 6164 if(xfr->task_transfer->on_ixfr) { 6165 xfr->task_transfer->ixfr_possible_timeout_count++; 6166 if(xfr->task_transfer->ixfr_possible_timeout_count >= 6167 NUM_TIMEOUTS_FALLBACK_IXFR) { 6168 verbose(VERB_ALGO, "xfr to %s, fallback " 6169 "from IXFR to AXFR (because of timeouts)", 6170 xfr->task_transfer->master->host); 6171 xfr->task_transfer->ixfr_fail = 1; 6172 gonextonfail = 0; 6173 } 6174 } 6175 6176 failed: 6177 /* delete transferred data from list */ 6178 auth_chunks_delete(xfr->task_transfer); 6179 comm_point_delete(xfr->task_transfer->cp); 6180 xfr->task_transfer->cp = NULL; 6181 if(gonextonfail) 6182 xfr_transfer_nextmaster(xfr); 6183 xfr_transfer_nexttarget_or_end(xfr, env); 6184 return 0; 6185 } 6186 /* note that IXFR worked without timeout */ 6187 if(xfr->task_transfer->on_ixfr) 6188 xfr->task_transfer->ixfr_possible_timeout_count = 0; 6189 6190 /* handle returned packet */ 6191 /* if it fails, cleanup and end this transfer */ 6192 /* if it needs to fallback from IXFR to AXFR, do that */ 6193 if(!check_xfer_packet(c->buffer, xfr, &gonextonfail, &transferdone)) { 6194 goto failed; 6195 } 6196 /* if it is good, link it into the list of data */ 6197 /* if the link into list of data fails (malloc fail) cleanup and end */ 6198 if(!xfer_link_data(c->buffer, xfr)) { 6199 verbose(VERB_ALGO, "xfr stopped to %s, malloc failed", 6200 xfr->task_transfer->master->host); 6201 goto failed; 6202 } 6203 /* if the transfer is done now, disconnect and process the list */ 6204 if(transferdone) { 6205 comm_point_delete(xfr->task_transfer->cp); 6206 xfr->task_transfer->cp = NULL; 6207 process_list_end_transfer(xfr, env); 6208 return 0; 6209 } 6210 6211 /* if we want to read more messages, setup the commpoint to read 6212 * a DNS packet, and the timeout */ 6213 lock_basic_unlock(&xfr->lock); 6214 c->tcp_is_reading = 1; 6215 sldns_buffer_clear(c->buffer); 6216 comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT); 6217 return 0; 6218 } 6219 6220 /** callback for task_transfer http connections */ 6221 int 6222 auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err, 6223 struct comm_reply* repinfo) 6224 { 6225 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6226 struct module_env* env; 6227 log_assert(xfr->task_transfer); 6228 lock_basic_lock(&xfr->lock); 6229 env = xfr->task_transfer->env; 6230 if(!env || env->outnet->want_to_quit) { 6231 lock_basic_unlock(&xfr->lock); 6232 return 0; /* stop on quit */ 6233 } 6234 verbose(VERB_ALGO, "auth zone transfer http callback"); 6235 /* stop the timer */ 6236 comm_timer_disable(xfr->task_transfer->timer); 6237 6238 if(err != NETEVENT_NOERROR && err != NETEVENT_DONE) { 6239 /* connection failed, closed, or timeout */ 6240 /* stop this transfer, cleanup 6241 * and continue task_transfer*/ 6242 verbose(VERB_ALGO, "http stopped, connection lost to %s", 6243 xfr->task_transfer->master->host); 6244 failed: 6245 /* delete transferred data from list */ 6246 auth_chunks_delete(xfr->task_transfer); 6247 if(repinfo) repinfo->c = NULL; /* signal cp deleted to 6248 the routine calling this callback */ 6249 comm_point_delete(xfr->task_transfer->cp); 6250 xfr->task_transfer->cp = NULL; 6251 xfr_transfer_nextmaster(xfr); 6252 xfr_transfer_nexttarget_or_end(xfr, env); 6253 return 0; 6254 } 6255 6256 /* if it is good, link it into the list of data */ 6257 /* if the link into list of data fails (malloc fail) cleanup and end */ 6258 if(sldns_buffer_limit(c->buffer) > 0) { 6259 verbose(VERB_ALGO, "auth zone http queued up %d bytes", 6260 (int)sldns_buffer_limit(c->buffer)); 6261 if(!xfer_link_data(c->buffer, xfr)) { 6262 verbose(VERB_ALGO, "http stopped to %s, malloc failed", 6263 xfr->task_transfer->master->host); 6264 goto failed; 6265 } 6266 } 6267 /* if the transfer is done now, disconnect and process the list */ 6268 if(err == NETEVENT_DONE) { 6269 if(repinfo) repinfo->c = NULL; /* signal cp deleted to 6270 the routine calling this callback */ 6271 comm_point_delete(xfr->task_transfer->cp); 6272 xfr->task_transfer->cp = NULL; 6273 process_list_end_transfer(xfr, env); 6274 return 0; 6275 } 6276 6277 /* if we want to read more messages, setup the commpoint to read 6278 * a DNS packet, and the timeout */ 6279 lock_basic_unlock(&xfr->lock); 6280 c->tcp_is_reading = 1; 6281 sldns_buffer_clear(c->buffer); 6282 comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT); 6283 return 0; 6284 } 6285 6286 6287 /** start transfer task by this worker , xfr is locked. */ 6288 static void 6289 xfr_start_transfer(struct auth_xfer* xfr, struct module_env* env, 6290 struct auth_master* master) 6291 { 6292 log_assert(xfr->task_transfer != NULL); 6293 log_assert(xfr->task_transfer->worker == NULL); 6294 log_assert(xfr->task_transfer->chunks_first == NULL); 6295 log_assert(xfr->task_transfer->chunks_last == NULL); 6296 xfr->task_transfer->worker = env->worker; 6297 xfr->task_transfer->env = env; 6298 6299 /* init transfer process */ 6300 /* find that master in the transfer's list of masters? */ 6301 xfr_transfer_start_list(xfr, master); 6302 /* start lookup for hostnames in transfer master list */ 6303 xfr_transfer_start_lookups(xfr); 6304 6305 /* initiate TCP, and set timeout on it */ 6306 xfr_transfer_nexttarget_or_end(xfr, env); 6307 } 6308 6309 /** disown task_probe. caller must hold xfr.lock */ 6310 static void 6311 xfr_probe_disown(struct auth_xfer* xfr) 6312 { 6313 /* remove timer (from this worker's event base) */ 6314 comm_timer_delete(xfr->task_probe->timer); 6315 xfr->task_probe->timer = NULL; 6316 /* remove the commpoint */ 6317 comm_point_delete(xfr->task_probe->cp); 6318 xfr->task_probe->cp = NULL; 6319 /* we don't own this item anymore */ 6320 xfr->task_probe->worker = NULL; 6321 xfr->task_probe->env = NULL; 6322 } 6323 6324 /** send the UDP probe to the master, this is part of task_probe */ 6325 static int 6326 xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, 6327 int timeout) 6328 { 6329 struct sockaddr_storage addr; 6330 socklen_t addrlen = 0; 6331 struct timeval t; 6332 /* pick master */ 6333 struct auth_master* master = xfr_probe_current_master(xfr); 6334 char *auth_name = NULL; 6335 if(!master) return 0; 6336 if(master->allow_notify) return 0; /* only for notify */ 6337 if(master->http) return 0; /* only masters get SOA UDP probe, 6338 not urls, if those are in this list */ 6339 6340 /* get master addr */ 6341 if(xfr->task_probe->scan_addr) { 6342 addrlen = xfr->task_probe->scan_addr->addrlen; 6343 memmove(&addr, &xfr->task_probe->scan_addr->addr, addrlen); 6344 } else { 6345 if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) { 6346 /* the ones that are not in addr format are supposed 6347 * to be looked up. The lookup has failed however, 6348 * so skip them */ 6349 char zname[255+1]; 6350 dname_str(xfr->name, zname); 6351 log_err("%s: failed lookup, cannot probe to master %s", 6352 zname, master->host); 6353 return 0; 6354 } 6355 if (auth_name != NULL) { 6356 if (addr.ss_family == AF_INET 6357 && (int)ntohs(((struct sockaddr_in *)&addr)->sin_port) 6358 == env->cfg->ssl_port) 6359 ((struct sockaddr_in *)&addr)->sin_port 6360 = htons((uint16_t)env->cfg->port); 6361 else if (addr.ss_family == AF_INET6 6362 && (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port) 6363 == env->cfg->ssl_port) 6364 ((struct sockaddr_in6 *)&addr)->sin6_port 6365 = htons((uint16_t)env->cfg->port); 6366 } 6367 } 6368 6369 /* create packet */ 6370 /* create new ID for new probes, but not on timeout retries, 6371 * this means we'll accept replies to previous retries to same ip */ 6372 if(timeout == AUTH_PROBE_TIMEOUT) 6373 xfr->task_probe->id = GET_RANDOM_ID(env->rnd); 6374 xfr_create_soa_probe_packet(xfr, env->scratch_buffer, 6375 xfr->task_probe->id); 6376 /* we need to remove the cp if we have a different ip4/ip6 type now */ 6377 if(xfr->task_probe->cp && 6378 ((xfr->task_probe->cp_is_ip6 && !addr_is_ip6(&addr, addrlen)) || 6379 (!xfr->task_probe->cp_is_ip6 && addr_is_ip6(&addr, addrlen))) 6380 ) { 6381 comm_point_delete(xfr->task_probe->cp); 6382 xfr->task_probe->cp = NULL; 6383 } 6384 if(!xfr->task_probe->cp) { 6385 if(addr_is_ip6(&addr, addrlen)) 6386 xfr->task_probe->cp_is_ip6 = 1; 6387 else xfr->task_probe->cp_is_ip6 = 0; 6388 xfr->task_probe->cp = outnet_comm_point_for_udp(env->outnet, 6389 auth_xfer_probe_udp_callback, xfr, &addr, addrlen); 6390 if(!xfr->task_probe->cp) { 6391 char zname[255+1], as[256]; 6392 dname_str(xfr->name, zname); 6393 addr_to_str(&addr, addrlen, as, sizeof(as)); 6394 verbose(VERB_ALGO, "cannot create udp cp for " 6395 "probe %s to %s", zname, as); 6396 return 0; 6397 } 6398 } 6399 if(!xfr->task_probe->timer) { 6400 xfr->task_probe->timer = comm_timer_create(env->worker_base, 6401 auth_xfer_probe_timer_callback, xfr); 6402 if(!xfr->task_probe->timer) { 6403 log_err("malloc failure"); 6404 return 0; 6405 } 6406 } 6407 6408 /* send udp packet */ 6409 if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer, 6410 (struct sockaddr*)&addr, addrlen, 0)) { 6411 char zname[255+1], as[256]; 6412 dname_str(xfr->name, zname); 6413 addr_to_str(&addr, addrlen, as, sizeof(as)); 6414 verbose(VERB_ALGO, "failed to send soa probe for %s to %s", 6415 zname, as); 6416 return 0; 6417 } 6418 if(verbosity >= VERB_ALGO) { 6419 char zname[255+1], as[256]; 6420 dname_str(xfr->name, zname); 6421 addr_to_str(&addr, addrlen, as, sizeof(as)); 6422 verbose(VERB_ALGO, "auth zone %s soa probe sent to %s", zname, 6423 as); 6424 } 6425 xfr->task_probe->timeout = timeout; 6426 #ifndef S_SPLINT_S 6427 t.tv_sec = timeout/1000; 6428 t.tv_usec = (timeout%1000)*1000; 6429 #endif 6430 comm_timer_set(xfr->task_probe->timer, &t); 6431 6432 return 1; 6433 } 6434 6435 /** callback for task_probe timer */ 6436 void 6437 auth_xfer_probe_timer_callback(void* arg) 6438 { 6439 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6440 struct module_env* env; 6441 log_assert(xfr->task_probe); 6442 lock_basic_lock(&xfr->lock); 6443 env = xfr->task_probe->env; 6444 if(!env || env->outnet->want_to_quit) { 6445 lock_basic_unlock(&xfr->lock); 6446 return; /* stop on quit */ 6447 } 6448 6449 if(verbosity >= VERB_ALGO) { 6450 char zname[255+1]; 6451 dname_str(xfr->name, zname); 6452 verbose(VERB_ALGO, "auth zone %s soa probe timeout", zname); 6453 } 6454 if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) { 6455 /* try again with bigger timeout */ 6456 if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) { 6457 lock_basic_unlock(&xfr->lock); 6458 return; 6459 } 6460 } 6461 /* delete commpoint so a new one is created, with a fresh port nr */ 6462 comm_point_delete(xfr->task_probe->cp); 6463 xfr->task_probe->cp = NULL; 6464 6465 /* too many timeouts (or fail to send), move to next or end */ 6466 xfr_probe_nextmaster(xfr); 6467 xfr_probe_send_or_end(xfr, env); 6468 } 6469 6470 /** callback for task_probe udp packets */ 6471 int 6472 auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, 6473 struct comm_reply* repinfo) 6474 { 6475 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6476 struct module_env* env; 6477 log_assert(xfr->task_probe); 6478 lock_basic_lock(&xfr->lock); 6479 env = xfr->task_probe->env; 6480 if(!env || env->outnet->want_to_quit) { 6481 lock_basic_unlock(&xfr->lock); 6482 return 0; /* stop on quit */ 6483 } 6484 6485 /* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT 6486 * and we set rep.c=NULL to stop if from looking inside the commpoint*/ 6487 repinfo->c = NULL; 6488 /* stop the timer */ 6489 comm_timer_disable(xfr->task_probe->timer); 6490 6491 /* see if we got a packet and what that means */ 6492 if(err == NETEVENT_NOERROR) { 6493 uint32_t serial = 0; 6494 if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr, 6495 &serial)) { 6496 /* successful lookup */ 6497 if(verbosity >= VERB_ALGO) { 6498 char buf[256]; 6499 dname_str(xfr->name, buf); 6500 verbose(VERB_ALGO, "auth zone %s: soa probe " 6501 "serial is %u", buf, (unsigned)serial); 6502 } 6503 /* see if this serial indicates that the zone has 6504 * to be updated */ 6505 if(xfr_serial_means_update(xfr, serial)) { 6506 /* if updated, start the transfer task, if needed */ 6507 verbose(VERB_ALGO, "auth_zone updated, start transfer"); 6508 if(xfr->task_transfer->worker == NULL) { 6509 struct auth_master* master = 6510 xfr_probe_current_master(xfr); 6511 /* if we have download URLs use them 6512 * in preference to this master we 6513 * just probed the SOA from */ 6514 if(xfr->task_transfer->masters && 6515 xfr->task_transfer->masters->http) 6516 master = NULL; 6517 xfr_probe_disown(xfr); 6518 xfr_start_transfer(xfr, env, master); 6519 return 0; 6520 6521 } 6522 /* other tasks are running, we don't do this anymore */ 6523 xfr_probe_disown(xfr); 6524 lock_basic_unlock(&xfr->lock); 6525 /* return, we don't sent a reply to this udp packet, 6526 * and we setup the tasks to do next */ 6527 return 0; 6528 } else { 6529 verbose(VERB_ALGO, "auth_zone master reports unchanged soa serial"); 6530 /* we if cannot find updates amongst the 6531 * masters, this means we then have a new lease 6532 * on the zone */ 6533 xfr->task_probe->have_new_lease = 1; 6534 } 6535 } else { 6536 if(verbosity >= VERB_ALGO) { 6537 char buf[256]; 6538 dname_str(xfr->name, buf); 6539 verbose(VERB_ALGO, "auth zone %s: bad reply to soa probe", buf); 6540 } 6541 } 6542 } else { 6543 if(verbosity >= VERB_ALGO) { 6544 char buf[256]; 6545 dname_str(xfr->name, buf); 6546 verbose(VERB_ALGO, "auth zone %s: soa probe failed", buf); 6547 } 6548 } 6549 6550 /* failed lookup or not an update */ 6551 /* delete commpoint so a new one is created, with a fresh port nr */ 6552 comm_point_delete(xfr->task_probe->cp); 6553 xfr->task_probe->cp = NULL; 6554 6555 /* if the result was not a successful probe, we need 6556 * to send the next one */ 6557 xfr_probe_nextmaster(xfr); 6558 xfr_probe_send_or_end(xfr, env); 6559 return 0; 6560 } 6561 6562 /** lookup a host name for its addresses, if needed */ 6563 static int 6564 xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env) 6565 { 6566 struct sockaddr_storage addr; 6567 socklen_t addrlen = 0; 6568 struct auth_master* master = xfr->task_probe->lookup_target; 6569 struct query_info qinfo; 6570 uint16_t qflags = BIT_RD; 6571 uint8_t dname[LDNS_MAX_DOMAINLEN+1]; 6572 struct edns_data edns; 6573 sldns_buffer* buf = env->scratch_buffer; 6574 if(!master) return 0; 6575 if(extstrtoaddr(master->host, &addr, &addrlen)) { 6576 /* not needed, host is in IP addr format */ 6577 return 0; 6578 } 6579 if(master->allow_notify && !master->http && 6580 strchr(master->host, '/') != NULL && 6581 strchr(master->host, '/') == strrchr(master->host, '/')) { 6582 return 0; /* is IP/prefix format, not something to look up */ 6583 } 6584 6585 /* use mesh_new_callback to probe for non-addr hosts, 6586 * and then wait for them to be looked up (in cache, or query) */ 6587 qinfo.qname_len = sizeof(dname); 6588 if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len) 6589 != 0) { 6590 log_err("cannot parse host name of master %s", master->host); 6591 return 0; 6592 } 6593 qinfo.qname = dname; 6594 qinfo.qclass = xfr->dclass; 6595 qinfo.qtype = LDNS_RR_TYPE_A; 6596 if(xfr->task_probe->lookup_aaaa) 6597 qinfo.qtype = LDNS_RR_TYPE_AAAA; 6598 qinfo.local_alias = NULL; 6599 if(verbosity >= VERB_ALGO) { 6600 char buf1[512]; 6601 char buf2[LDNS_MAX_DOMAINLEN+1]; 6602 dname_str(xfr->name, buf2); 6603 snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup" 6604 " for task_probe", buf2); 6605 log_query_info(VERB_ALGO, buf1, &qinfo); 6606 } 6607 edns.edns_present = 1; 6608 edns.ext_rcode = 0; 6609 edns.edns_version = 0; 6610 edns.bits = EDNS_DO; 6611 edns.opt_list_in = NULL; 6612 edns.opt_list_out = NULL; 6613 edns.opt_list_inplace_cb_out = NULL; 6614 edns.padding_block_size = 0; 6615 if(sldns_buffer_capacity(buf) < 65535) 6616 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); 6617 else edns.udp_size = 65535; 6618 6619 /* unlock xfr during mesh_new_callback() because the callback can be 6620 * called straight away */ 6621 lock_basic_unlock(&xfr->lock); 6622 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, 6623 &auth_xfer_probe_lookup_callback, xfr, 0)) { 6624 lock_basic_lock(&xfr->lock); 6625 log_err("out of memory lookup up master %s", master->host); 6626 return 0; 6627 } 6628 lock_basic_lock(&xfr->lock); 6629 return 1; 6630 } 6631 6632 /** move to sending the probe packets, next if fails. task_probe */ 6633 static void 6634 xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env) 6635 { 6636 /* are we doing hostname lookups? */ 6637 while(xfr->task_probe->lookup_target) { 6638 if(xfr_probe_lookup_host(xfr, env)) { 6639 /* wait for lookup to finish, 6640 * note that the hostname may be in unbound's cache 6641 * and we may then get an instant cache response, 6642 * and that calls the callback just like a full 6643 * lookup and lookup failures also call callback */ 6644 if(verbosity >= VERB_ALGO) { 6645 char zname[255+1]; 6646 dname_str(xfr->name, zname); 6647 verbose(VERB_ALGO, "auth zone %s probe next target lookup", zname); 6648 } 6649 lock_basic_unlock(&xfr->lock); 6650 return; 6651 } 6652 xfr_probe_move_to_next_lookup(xfr, env); 6653 } 6654 /* probe of list has ended. Create or refresh the list of of 6655 * allow_notify addrs */ 6656 probe_copy_masters_for_allow_notify(xfr); 6657 if(verbosity >= VERB_ALGO) { 6658 char zname[255+1]; 6659 dname_str(xfr->name, zname); 6660 verbose(VERB_ALGO, "auth zone %s probe: notify addrs updated", zname); 6661 } 6662 if(xfr->task_probe->only_lookup) { 6663 /* only wanted lookups for copy, stop probe and start wait */ 6664 xfr->task_probe->only_lookup = 0; 6665 if(verbosity >= VERB_ALGO) { 6666 char zname[255+1]; 6667 dname_str(xfr->name, zname); 6668 verbose(VERB_ALGO, "auth zone %s probe: finished only_lookup", zname); 6669 } 6670 xfr_probe_disown(xfr); 6671 if(xfr->task_nextprobe->worker == NULL) 6672 xfr_set_timeout(xfr, env, 0, 0); 6673 lock_basic_unlock(&xfr->lock); 6674 return; 6675 } 6676 6677 /* send probe packets */ 6678 while(!xfr_probe_end_of_list(xfr)) { 6679 if(xfr_probe_send_probe(xfr, env, AUTH_PROBE_TIMEOUT)) { 6680 /* successfully sent probe, wait for callback */ 6681 lock_basic_unlock(&xfr->lock); 6682 return; 6683 } 6684 /* failed to send probe, next master */ 6685 xfr_probe_nextmaster(xfr); 6686 } 6687 6688 /* done with probe sequence, wait */ 6689 if(xfr->task_probe->have_new_lease) { 6690 /* if zone not updated, start the wait timer again */ 6691 if(verbosity >= VERB_ALGO) { 6692 char zname[255+1]; 6693 dname_str(xfr->name, zname); 6694 verbose(VERB_ALGO, "auth_zone %s unchanged, new lease, wait", zname); 6695 } 6696 xfr_probe_disown(xfr); 6697 if(xfr->have_zone) 6698 xfr->lease_time = *env->now; 6699 if(xfr->task_nextprobe->worker == NULL) 6700 xfr_set_timeout(xfr, env, 0, 0); 6701 } else { 6702 if(verbosity >= VERB_ALGO) { 6703 char zname[255+1]; 6704 dname_str(xfr->name, zname); 6705 verbose(VERB_ALGO, "auth zone %s soa probe failed, wait to retry", zname); 6706 } 6707 /* we failed to send this as well, move to the wait task, 6708 * use the shorter retry timeout */ 6709 xfr_probe_disown(xfr); 6710 /* pick up the nextprobe task and wait */ 6711 if(xfr->task_nextprobe->worker == NULL) 6712 xfr_set_timeout(xfr, env, 1, 0); 6713 } 6714 6715 lock_basic_unlock(&xfr->lock); 6716 } 6717 6718 /** callback for task_probe lookup of host name, of A or AAAA */ 6719 void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, 6720 enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus), 6721 int ATTR_UNUSED(was_ratelimited)) 6722 { 6723 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6724 struct module_env* env; 6725 log_assert(xfr->task_probe); 6726 lock_basic_lock(&xfr->lock); 6727 env = xfr->task_probe->env; 6728 if(!env || env->outnet->want_to_quit) { 6729 lock_basic_unlock(&xfr->lock); 6730 return; /* stop on quit */ 6731 } 6732 6733 /* process result */ 6734 if(rcode == LDNS_RCODE_NOERROR) { 6735 uint16_t wanted_qtype = LDNS_RR_TYPE_A; 6736 struct regional* temp = env->scratch; 6737 struct query_info rq; 6738 struct reply_info* rep; 6739 if(xfr->task_probe->lookup_aaaa) 6740 wanted_qtype = LDNS_RR_TYPE_AAAA; 6741 memset(&rq, 0, sizeof(rq)); 6742 rep = parse_reply_in_temp_region(buf, temp, &rq); 6743 if(rep && rq.qtype == wanted_qtype && 6744 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { 6745 /* parsed successfully */ 6746 struct ub_packed_rrset_key* answer = 6747 reply_find_answer_rrset(&rq, rep); 6748 if(answer) { 6749 xfr_master_add_addrs(xfr->task_probe-> 6750 lookup_target, answer, wanted_qtype); 6751 } else { 6752 if(verbosity >= VERB_ALGO) { 6753 char zname[255+1]; 6754 dname_str(xfr->name, zname); 6755 verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has nodata", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A")); 6756 } 6757 } 6758 } else { 6759 if(verbosity >= VERB_ALGO) { 6760 char zname[255+1]; 6761 dname_str(xfr->name, zname); 6762 verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A")); 6763 } 6764 } 6765 regional_free_all(temp); 6766 } else { 6767 if(verbosity >= VERB_ALGO) { 6768 char zname[255+1]; 6769 dname_str(xfr->name, zname); 6770 verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup failed", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A")); 6771 } 6772 } 6773 if(xfr->task_probe->lookup_target->list && 6774 xfr->task_probe->lookup_target == xfr_probe_current_master(xfr)) 6775 xfr->task_probe->scan_addr = xfr->task_probe->lookup_target->list; 6776 6777 /* move to lookup AAAA after A lookup, move to next hostname lookup, 6778 * or move to send the probes, or, if nothing to do, end task_probe */ 6779 xfr_probe_move_to_next_lookup(xfr, env); 6780 xfr_probe_send_or_end(xfr, env); 6781 } 6782 6783 /** disown task_nextprobe. caller must hold xfr.lock */ 6784 static void 6785 xfr_nextprobe_disown(struct auth_xfer* xfr) 6786 { 6787 /* delete the timer, because the next worker to pick this up may 6788 * not have the same event base */ 6789 comm_timer_delete(xfr->task_nextprobe->timer); 6790 xfr->task_nextprobe->timer = NULL; 6791 xfr->task_nextprobe->next_probe = 0; 6792 /* we don't own this item anymore */ 6793 xfr->task_nextprobe->worker = NULL; 6794 xfr->task_nextprobe->env = NULL; 6795 } 6796 6797 /** xfer nextprobe timeout callback, this is part of task_nextprobe */ 6798 void 6799 auth_xfer_timer(void* arg) 6800 { 6801 struct auth_xfer* xfr = (struct auth_xfer*)arg; 6802 struct module_env* env; 6803 log_assert(xfr->task_nextprobe); 6804 lock_basic_lock(&xfr->lock); 6805 env = xfr->task_nextprobe->env; 6806 if(!env || env->outnet->want_to_quit) { 6807 lock_basic_unlock(&xfr->lock); 6808 return; /* stop on quit */ 6809 } 6810 6811 /* see if zone has expired, and if so, also set auth_zone expired */ 6812 if(xfr->have_zone && !xfr->zone_expired && 6813 *env->now >= xfr->lease_time + xfr->expiry) { 6814 lock_basic_unlock(&xfr->lock); 6815 auth_xfer_set_expired(xfr, env, 1); 6816 lock_basic_lock(&xfr->lock); 6817 } 6818 6819 xfr_nextprobe_disown(xfr); 6820 6821 if(!xfr_start_probe(xfr, env, NULL)) { 6822 /* not started because already in progress */ 6823 lock_basic_unlock(&xfr->lock); 6824 } 6825 } 6826 6827 /** return true if there are probe (SOA UDP query) targets in the master list*/ 6828 static int 6829 have_probe_targets(struct auth_master* list) 6830 { 6831 struct auth_master* p; 6832 for(p=list; p; p = p->next) { 6833 if(!p->allow_notify && p->host) 6834 return 1; 6835 } 6836 return 0; 6837 } 6838 6839 /** start task_probe if possible, if no masters for probe start task_transfer 6840 * returns true if task has been started, and false if the task is already 6841 * in progress. */ 6842 static int 6843 xfr_start_probe(struct auth_xfer* xfr, struct module_env* env, 6844 struct auth_master* spec) 6845 { 6846 /* see if we need to start a probe (or maybe it is already in 6847 * progress (due to notify)) */ 6848 if(xfr->task_probe->worker == NULL) { 6849 if(!have_probe_targets(xfr->task_probe->masters) && 6850 !(xfr->task_probe->only_lookup && 6851 xfr->task_probe->masters != NULL)) { 6852 /* useless to pick up task_probe, no masters to 6853 * probe. Instead attempt to pick up task transfer */ 6854 if(xfr->task_transfer->worker == NULL) { 6855 xfr_start_transfer(xfr, env, spec); 6856 return 1; 6857 } 6858 /* task transfer already in progress */ 6859 return 0; 6860 } 6861 6862 /* pick up the probe task ourselves */ 6863 xfr->task_probe->worker = env->worker; 6864 xfr->task_probe->env = env; 6865 xfr->task_probe->cp = NULL; 6866 6867 /* start the task */ 6868 /* have not seen a new lease yet, this scan */ 6869 xfr->task_probe->have_new_lease = 0; 6870 /* if this was a timeout, no specific first master to scan */ 6871 /* otherwise, spec is nonNULL the notified master, scan 6872 * first and also transfer first from it */ 6873 xfr_probe_start_list(xfr, spec); 6874 /* setup to start the lookup of hostnames of masters afresh */ 6875 xfr_probe_start_lookups(xfr); 6876 /* send the probe packet or next send, or end task */ 6877 xfr_probe_send_or_end(xfr, env); 6878 return 1; 6879 } 6880 return 0; 6881 } 6882 6883 /** for task_nextprobe. 6884 * determine next timeout for auth_xfer. Also (re)sets timer. 6885 * @param xfr: task structure 6886 * @param env: module environment, with worker and time. 6887 * @param failure: set true if timer should be set for failure retry. 6888 * @param lookup_only: only perform lookups when timer done, 0 sec timeout 6889 */ 6890 static void 6891 xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env, 6892 int failure, int lookup_only) 6893 { 6894 struct timeval tv; 6895 log_assert(xfr->task_nextprobe != NULL); 6896 log_assert(xfr->task_nextprobe->worker == NULL || 6897 xfr->task_nextprobe->worker == env->worker); 6898 /* normally, nextprobe = startoflease + refresh, 6899 * but if expiry is sooner, use that one. 6900 * after a failure, use the retry timer instead. */ 6901 xfr->task_nextprobe->next_probe = *env->now; 6902 if(xfr->lease_time && !failure) 6903 xfr->task_nextprobe->next_probe = xfr->lease_time; 6904 6905 if(!failure) { 6906 xfr->task_nextprobe->backoff = 0; 6907 } else { 6908 if(xfr->task_nextprobe->backoff == 0) 6909 xfr->task_nextprobe->backoff = 3; 6910 else xfr->task_nextprobe->backoff *= 2; 6911 if(xfr->task_nextprobe->backoff > AUTH_TRANSFER_MAX_BACKOFF) 6912 xfr->task_nextprobe->backoff = 6913 AUTH_TRANSFER_MAX_BACKOFF; 6914 } 6915 6916 if(xfr->have_zone) { 6917 time_t wait = xfr->refresh; 6918 if(failure) wait = xfr->retry; 6919 if(xfr->expiry < wait) 6920 xfr->task_nextprobe->next_probe += xfr->expiry; 6921 else xfr->task_nextprobe->next_probe += wait; 6922 if(failure) 6923 xfr->task_nextprobe->next_probe += 6924 xfr->task_nextprobe->backoff; 6925 /* put the timer exactly on expiry, if possible */ 6926 if(xfr->lease_time && xfr->lease_time+xfr->expiry < 6927 xfr->task_nextprobe->next_probe && 6928 xfr->lease_time+xfr->expiry > *env->now) 6929 xfr->task_nextprobe->next_probe = 6930 xfr->lease_time+xfr->expiry; 6931 } else { 6932 xfr->task_nextprobe->next_probe += 6933 xfr->task_nextprobe->backoff; 6934 } 6935 6936 if(!xfr->task_nextprobe->timer) { 6937 xfr->task_nextprobe->timer = comm_timer_create( 6938 env->worker_base, auth_xfer_timer, xfr); 6939 if(!xfr->task_nextprobe->timer) { 6940 /* failed to malloc memory. likely zone transfer 6941 * also fails for that. skip the timeout */ 6942 char zname[255+1]; 6943 dname_str(xfr->name, zname); 6944 log_err("cannot allocate timer, no refresh for %s", 6945 zname); 6946 return; 6947 } 6948 } 6949 xfr->task_nextprobe->worker = env->worker; 6950 xfr->task_nextprobe->env = env; 6951 if(*(xfr->task_nextprobe->env->now) <= xfr->task_nextprobe->next_probe) 6952 tv.tv_sec = xfr->task_nextprobe->next_probe - 6953 *(xfr->task_nextprobe->env->now); 6954 else tv.tv_sec = 0; 6955 if(tv.tv_sec != 0 && lookup_only && xfr->task_probe->masters) { 6956 /* don't lookup_only, if lookup timeout is 0 anyway, 6957 * or if we don't have masters to lookup */ 6958 tv.tv_sec = 0; 6959 if(xfr->task_probe->worker == NULL) 6960 xfr->task_probe->only_lookup = 1; 6961 } 6962 if(verbosity >= VERB_ALGO) { 6963 char zname[255+1]; 6964 dname_str(xfr->name, zname); 6965 verbose(VERB_ALGO, "auth zone %s timeout in %d seconds", 6966 zname, (int)tv.tv_sec); 6967 } 6968 tv.tv_usec = 0; 6969 comm_timer_set(xfr->task_nextprobe->timer, &tv); 6970 } 6971 6972 /** initial pick up of worker timeouts, ties events to worker event loop */ 6973 void 6974 auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env) 6975 { 6976 struct auth_xfer* x; 6977 lock_rw_wrlock(&az->lock); 6978 RBTREE_FOR(x, struct auth_xfer*, &az->xtree) { 6979 lock_basic_lock(&x->lock); 6980 /* set lease_time, because we now have timestamp in env, 6981 * (not earlier during startup and apply_cfg), and this 6982 * notes the start time when the data was acquired */ 6983 if(x->have_zone) 6984 x->lease_time = *env->now; 6985 if(x->task_nextprobe && x->task_nextprobe->worker == NULL) { 6986 xfr_set_timeout(x, env, 0, 1); 6987 } 6988 lock_basic_unlock(&x->lock); 6989 } 6990 lock_rw_unlock(&az->lock); 6991 } 6992 6993 void auth_zones_cleanup(struct auth_zones* az) 6994 { 6995 struct auth_xfer* x; 6996 lock_rw_wrlock(&az->lock); 6997 RBTREE_FOR(x, struct auth_xfer*, &az->xtree) { 6998 lock_basic_lock(&x->lock); 6999 if(x->task_nextprobe && x->task_nextprobe->worker != NULL) { 7000 xfr_nextprobe_disown(x); 7001 } 7002 if(x->task_probe && x->task_probe->worker != NULL) { 7003 xfr_probe_disown(x); 7004 } 7005 if(x->task_transfer && x->task_transfer->worker != NULL) { 7006 auth_chunks_delete(x->task_transfer); 7007 xfr_transfer_disown(x); 7008 } 7009 lock_basic_unlock(&x->lock); 7010 } 7011 lock_rw_unlock(&az->lock); 7012 } 7013 7014 /** 7015 * malloc the xfer and tasks 7016 * @param z: auth_zone with name of zone. 7017 */ 7018 static struct auth_xfer* 7019 auth_xfer_new(struct auth_zone* z) 7020 { 7021 struct auth_xfer* xfr; 7022 xfr = (struct auth_xfer*)calloc(1, sizeof(*xfr)); 7023 if(!xfr) return NULL; 7024 xfr->name = memdup(z->name, z->namelen); 7025 if(!xfr->name) { 7026 free(xfr); 7027 return NULL; 7028 } 7029 xfr->node.key = xfr; 7030 xfr->namelen = z->namelen; 7031 xfr->namelabs = z->namelabs; 7032 xfr->dclass = z->dclass; 7033 7034 xfr->task_nextprobe = (struct auth_nextprobe*)calloc(1, 7035 sizeof(struct auth_nextprobe)); 7036 if(!xfr->task_nextprobe) { 7037 free(xfr->name); 7038 free(xfr); 7039 return NULL; 7040 } 7041 xfr->task_probe = (struct auth_probe*)calloc(1, 7042 sizeof(struct auth_probe)); 7043 if(!xfr->task_probe) { 7044 free(xfr->task_nextprobe); 7045 free(xfr->name); 7046 free(xfr); 7047 return NULL; 7048 } 7049 xfr->task_transfer = (struct auth_transfer*)calloc(1, 7050 sizeof(struct auth_transfer)); 7051 if(!xfr->task_transfer) { 7052 free(xfr->task_probe); 7053 free(xfr->task_nextprobe); 7054 free(xfr->name); 7055 free(xfr); 7056 return NULL; 7057 } 7058 7059 lock_basic_init(&xfr->lock); 7060 lock_protect(&xfr->lock, &xfr->name, sizeof(xfr->name)); 7061 lock_protect(&xfr->lock, &xfr->namelen, sizeof(xfr->namelen)); 7062 lock_protect(&xfr->lock, xfr->name, xfr->namelen); 7063 lock_protect(&xfr->lock, &xfr->namelabs, sizeof(xfr->namelabs)); 7064 lock_protect(&xfr->lock, &xfr->dclass, sizeof(xfr->dclass)); 7065 lock_protect(&xfr->lock, &xfr->notify_received, sizeof(xfr->notify_received)); 7066 lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial)); 7067 lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired)); 7068 lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone)); 7069 lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial)); 7070 lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry)); 7071 lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh)); 7072 lock_protect(&xfr->lock, &xfr->expiry, sizeof(xfr->expiry)); 7073 lock_protect(&xfr->lock, &xfr->lease_time, sizeof(xfr->lease_time)); 7074 lock_protect(&xfr->lock, &xfr->task_nextprobe->worker, 7075 sizeof(xfr->task_nextprobe->worker)); 7076 lock_protect(&xfr->lock, &xfr->task_probe->worker, 7077 sizeof(xfr->task_probe->worker)); 7078 lock_protect(&xfr->lock, &xfr->task_transfer->worker, 7079 sizeof(xfr->task_transfer->worker)); 7080 lock_basic_lock(&xfr->lock); 7081 return xfr; 7082 } 7083 7084 /** Create auth_xfer structure. 7085 * This populates the have_zone, soa values, and so on times. 7086 * and sets the timeout, if a zone transfer is needed a short timeout is set. 7087 * For that the auth_zone itself must exist (and read in zonefile) 7088 * returns false on alloc failure. */ 7089 struct auth_xfer* 7090 auth_xfer_create(struct auth_zones* az, struct auth_zone* z) 7091 { 7092 struct auth_xfer* xfr; 7093 7094 /* malloc it */ 7095 xfr = auth_xfer_new(z); 7096 if(!xfr) { 7097 log_err("malloc failure"); 7098 return NULL; 7099 } 7100 /* insert in tree */ 7101 (void)rbtree_insert(&az->xtree, &xfr->node); 7102 return xfr; 7103 } 7104 7105 /** create new auth_master structure */ 7106 static struct auth_master* 7107 auth_master_new(struct auth_master*** list) 7108 { 7109 struct auth_master *m; 7110 m = (struct auth_master*)calloc(1, sizeof(*m)); 7111 if(!m) { 7112 log_err("malloc failure"); 7113 return NULL; 7114 } 7115 /* set first pointer to m, or next pointer of previous element to m */ 7116 (**list) = m; 7117 /* store m's next pointer as future point to store at */ 7118 (*list) = &(m->next); 7119 return m; 7120 } 7121 7122 /** dup_prefix : create string from initial part of other string, malloced */ 7123 static char* 7124 dup_prefix(char* str, size_t num) 7125 { 7126 char* result; 7127 size_t len = strlen(str); 7128 if(len < num) num = len; /* not more than strlen */ 7129 result = (char*)malloc(num+1); 7130 if(!result) { 7131 log_err("malloc failure"); 7132 return result; 7133 } 7134 memmove(result, str, num); 7135 result[num] = 0; 7136 return result; 7137 } 7138 7139 /** dup string and print error on error */ 7140 static char* 7141 dup_all(char* str) 7142 { 7143 char* result = strdup(str); 7144 if(!result) { 7145 log_err("malloc failure"); 7146 return NULL; 7147 } 7148 return result; 7149 } 7150 7151 /** find first of two characters */ 7152 static char* 7153 str_find_first_of_chars(char* s, char a, char b) 7154 { 7155 char* ra = strchr(s, a); 7156 char* rb = strchr(s, b); 7157 if(!ra) return rb; 7158 if(!rb) return ra; 7159 if(ra < rb) return ra; 7160 return rb; 7161 } 7162 7163 /** parse URL into host and file parts, false on malloc or parse error */ 7164 static int 7165 parse_url(char* url, char** host, char** file, int* port, int* ssl) 7166 { 7167 char* p = url; 7168 /* parse http://www.example.com/file.htm 7169 * or http://127.0.0.1 (index.html) 7170 * or https://[::1@1234]/a/b/c/d */ 7171 *ssl = 1; 7172 *port = AUTH_HTTPS_PORT; 7173 7174 /* parse http:// or https:// */ 7175 if(strncmp(p, "http://", 7) == 0) { 7176 p += 7; 7177 *ssl = 0; 7178 *port = AUTH_HTTP_PORT; 7179 } else if(strncmp(p, "https://", 8) == 0) { 7180 p += 8; 7181 } else if(strstr(p, "://") && strchr(p, '/') > strstr(p, "://") && 7182 strchr(p, ':') >= strstr(p, "://")) { 7183 char* uri = dup_prefix(p, (size_t)(strstr(p, "://")-p)); 7184 log_err("protocol %s:// not supported (for url %s)", 7185 uri?uri:"", p); 7186 free(uri); 7187 return 0; 7188 } 7189 7190 /* parse hostname part */ 7191 if(p[0] == '[') { 7192 char* end = strchr(p, ']'); 7193 p++; /* skip over [ */ 7194 if(end) { 7195 *host = dup_prefix(p, (size_t)(end-p)); 7196 if(!*host) return 0; 7197 p = end+1; /* skip over ] */ 7198 } else { 7199 *host = dup_all(p); 7200 if(!*host) return 0; 7201 p = end; 7202 } 7203 } else { 7204 char* end = str_find_first_of_chars(p, ':', '/'); 7205 if(end) { 7206 *host = dup_prefix(p, (size_t)(end-p)); 7207 if(!*host) return 0; 7208 } else { 7209 *host = dup_all(p); 7210 if(!*host) return 0; 7211 } 7212 p = end; /* at next : or / or NULL */ 7213 } 7214 7215 /* parse port number */ 7216 if(p && p[0] == ':') { 7217 char* end = NULL; 7218 *port = strtol(p+1, &end, 10); 7219 p = end; 7220 } 7221 7222 /* parse filename part */ 7223 while(p && *p == '/') 7224 p++; 7225 if(!p || p[0] == 0) 7226 *file = strdup("/"); 7227 else *file = strdup(p); 7228 if(!*file) { 7229 log_err("malloc failure"); 7230 return 0; 7231 } 7232 return 1; 7233 } 7234 7235 int 7236 xfer_set_masters(struct auth_master** list, struct config_auth* c, 7237 int with_http) 7238 { 7239 struct auth_master* m; 7240 struct config_strlist* p; 7241 /* list points to the first, or next pointer for the new element */ 7242 while(*list) { 7243 list = &( (*list)->next ); 7244 } 7245 if(with_http) 7246 for(p = c->urls; p; p = p->next) { 7247 m = auth_master_new(&list); 7248 if(!m) return 0; 7249 m->http = 1; 7250 if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl)) 7251 return 0; 7252 } 7253 for(p = c->masters; p; p = p->next) { 7254 m = auth_master_new(&list); 7255 if(!m) return 0; 7256 m->ixfr = 1; /* this flag is not configurable */ 7257 m->host = strdup(p->str); 7258 if(!m->host) { 7259 log_err("malloc failure"); 7260 return 0; 7261 } 7262 } 7263 for(p = c->allow_notify; p; p = p->next) { 7264 m = auth_master_new(&list); 7265 if(!m) return 0; 7266 m->allow_notify = 1; 7267 m->host = strdup(p->str); 7268 if(!m->host) { 7269 log_err("malloc failure"); 7270 return 0; 7271 } 7272 } 7273 return 1; 7274 } 7275 7276 #define SERIAL_BITS 32 7277 int 7278 compare_serial(uint32_t a, uint32_t b) 7279 { 7280 const uint32_t cutoff = ((uint32_t) 1 << (SERIAL_BITS - 1)); 7281 7282 if (a == b) { 7283 return 0; 7284 } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) { 7285 return -1; 7286 } else { 7287 return 1; 7288 } 7289 } 7290 7291 int zonemd_hashalgo_supported(int hashalgo) 7292 { 7293 if(hashalgo == ZONEMD_ALGO_SHA384) return 1; 7294 if(hashalgo == ZONEMD_ALGO_SHA512) return 1; 7295 return 0; 7296 } 7297 7298 int zonemd_scheme_supported(int scheme) 7299 { 7300 if(scheme == ZONEMD_SCHEME_SIMPLE) return 1; 7301 return 0; 7302 } 7303 7304 /** initialize hash for hashing with zonemd hash algo */ 7305 static struct secalgo_hash* zonemd_digest_init(int hashalgo, char** reason) 7306 { 7307 struct secalgo_hash *h; 7308 if(hashalgo == ZONEMD_ALGO_SHA384) { 7309 /* sha384 */ 7310 h = secalgo_hash_create_sha384(); 7311 if(!h) 7312 *reason = "digest sha384 could not be created"; 7313 return h; 7314 } else if(hashalgo == ZONEMD_ALGO_SHA512) { 7315 /* sha512 */ 7316 h = secalgo_hash_create_sha512(); 7317 if(!h) 7318 *reason = "digest sha512 could not be created"; 7319 return h; 7320 } 7321 /* unknown hash algo */ 7322 *reason = "unsupported algorithm"; 7323 return NULL; 7324 } 7325 7326 /** update the hash for zonemd */ 7327 static int zonemd_digest_update(int hashalgo, struct secalgo_hash* h, 7328 uint8_t* data, size_t len, char** reason) 7329 { 7330 if(hashalgo == ZONEMD_ALGO_SHA384) { 7331 if(!secalgo_hash_update(h, data, len)) { 7332 *reason = "digest sha384 failed"; 7333 return 0; 7334 } 7335 return 1; 7336 } else if(hashalgo == ZONEMD_ALGO_SHA512) { 7337 if(!secalgo_hash_update(h, data, len)) { 7338 *reason = "digest sha512 failed"; 7339 return 0; 7340 } 7341 return 1; 7342 } 7343 /* unknown hash algo */ 7344 *reason = "unsupported algorithm"; 7345 return 0; 7346 } 7347 7348 /** finish the hash for zonemd */ 7349 static int zonemd_digest_finish(int hashalgo, struct secalgo_hash* h, 7350 uint8_t* result, size_t hashlen, size_t* resultlen, char** reason) 7351 { 7352 if(hashalgo == ZONEMD_ALGO_SHA384) { 7353 if(hashlen < 384/8) { 7354 *reason = "digest buffer too small for sha384"; 7355 return 0; 7356 } 7357 if(!secalgo_hash_final(h, result, hashlen, resultlen)) { 7358 *reason = "digest sha384 finish failed"; 7359 return 0; 7360 } 7361 return 1; 7362 } else if(hashalgo == ZONEMD_ALGO_SHA512) { 7363 if(hashlen < 512/8) { 7364 *reason = "digest buffer too small for sha512"; 7365 return 0; 7366 } 7367 if(!secalgo_hash_final(h, result, hashlen, resultlen)) { 7368 *reason = "digest sha512 finish failed"; 7369 return 0; 7370 } 7371 return 1; 7372 } 7373 /* unknown algo */ 7374 *reason = "unsupported algorithm"; 7375 return 0; 7376 } 7377 7378 /** add rrsets from node to the list */ 7379 static size_t authdata_rrsets_to_list(struct auth_rrset** array, 7380 size_t arraysize, struct auth_rrset* first) 7381 { 7382 struct auth_rrset* rrset = first; 7383 size_t num = 0; 7384 while(rrset) { 7385 if(num >= arraysize) 7386 return num; 7387 array[num] = rrset; 7388 num++; 7389 rrset = rrset->next; 7390 } 7391 return num; 7392 } 7393 7394 /** compare rr list entries */ 7395 static int rrlist_compare(const void* arg1, const void* arg2) 7396 { 7397 struct auth_rrset* r1 = *(struct auth_rrset**)arg1; 7398 struct auth_rrset* r2 = *(struct auth_rrset**)arg2; 7399 uint16_t t1, t2; 7400 if(r1 == NULL) t1 = LDNS_RR_TYPE_RRSIG; 7401 else t1 = r1->type; 7402 if(r2 == NULL) t2 = LDNS_RR_TYPE_RRSIG; 7403 else t2 = r2->type; 7404 if(t1 < t2) 7405 return -1; 7406 if(t1 > t2) 7407 return 1; 7408 return 0; 7409 } 7410 7411 /** add type RRSIG to rr list if not one there already, 7412 * this is to perform RRSIG collate processing at that point. */ 7413 static void addrrsigtype_if_needed(struct auth_rrset** array, 7414 size_t arraysize, size_t* rrnum, struct auth_data* node) 7415 { 7416 if(az_domain_rrset(node, LDNS_RR_TYPE_RRSIG)) 7417 return; /* already one there */ 7418 if((*rrnum) >= arraysize) 7419 return; /* array too small? */ 7420 array[*rrnum] = NULL; /* nothing there, but need entry in list */ 7421 (*rrnum)++; 7422 } 7423 7424 /** collate the RRs in an RRset using the simple scheme */ 7425 static int zonemd_simple_rrset(struct auth_zone* z, int hashalgo, 7426 struct secalgo_hash* h, struct auth_data* node, 7427 struct auth_rrset* rrset, struct regional* region, 7428 struct sldns_buffer* buf, char** reason) 7429 { 7430 /* canonicalize */ 7431 struct ub_packed_rrset_key key; 7432 memset(&key, 0, sizeof(key)); 7433 key.entry.key = &key; 7434 key.entry.data = rrset->data; 7435 key.rk.dname = node->name; 7436 key.rk.dname_len = node->namelen; 7437 key.rk.type = htons(rrset->type); 7438 key.rk.rrset_class = htons(z->dclass); 7439 if(!rrset_canonicalize_to_buffer(region, buf, &key)) { 7440 *reason = "out of memory"; 7441 return 0; 7442 } 7443 regional_free_all(region); 7444 7445 /* hash */ 7446 if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf), 7447 sldns_buffer_limit(buf), reason)) { 7448 return 0; 7449 } 7450 return 1; 7451 } 7452 7453 /** count number of RRSIGs in a domain name rrset list */ 7454 static size_t zonemd_simple_count_rrsig(struct auth_rrset* rrset, 7455 struct auth_rrset** rrlist, size_t rrnum, 7456 struct auth_zone* z, struct auth_data* node) 7457 { 7458 size_t i, count = 0; 7459 if(rrset) { 7460 size_t j; 7461 for(j = 0; j<rrset->data->count; j++) { 7462 if(rrsig_rdata_get_type_covered(rrset->data-> 7463 rr_data[j], rrset->data->rr_len[j]) == 7464 LDNS_RR_TYPE_ZONEMD && 7465 query_dname_compare(z->name, node->name)==0) { 7466 /* omit RRSIGs over type ZONEMD at apex */ 7467 continue; 7468 } 7469 count++; 7470 } 7471 } 7472 for(i=0; i<rrnum; i++) { 7473 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && 7474 query_dname_compare(z->name, node->name)==0) { 7475 /* omit RRSIGs over type ZONEMD at apex */ 7476 continue; 7477 } 7478 count += (rrlist[i]?rrlist[i]->data->rrsig_count:0); 7479 } 7480 return count; 7481 } 7482 7483 /** allocate sparse rrset data for the number of entries in tepm region */ 7484 static int zonemd_simple_rrsig_allocs(struct regional* region, 7485 struct packed_rrset_data* data, size_t count) 7486 { 7487 data->rr_len = regional_alloc(region, sizeof(*data->rr_len) * count); 7488 if(!data->rr_len) { 7489 return 0; 7490 } 7491 data->rr_ttl = regional_alloc(region, sizeof(*data->rr_ttl) * count); 7492 if(!data->rr_ttl) { 7493 return 0; 7494 } 7495 data->rr_data = regional_alloc(region, sizeof(*data->rr_data) * count); 7496 if(!data->rr_data) { 7497 return 0; 7498 } 7499 return 1; 7500 } 7501 7502 /** add the RRSIGs from the rrs in the domain into the data */ 7503 static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data, 7504 size_t* done, struct auth_rrset** rrlist, size_t rrnum, 7505 struct auth_zone* z, struct auth_data* node) 7506 { 7507 size_t i; 7508 for(i=0; i<rrnum; i++) { 7509 size_t j; 7510 if(!rrlist[i]) 7511 continue; 7512 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && 7513 query_dname_compare(z->name, node->name)==0) { 7514 /* omit RRSIGs over type ZONEMD at apex */ 7515 continue; 7516 } 7517 for(j = 0; j<rrlist[i]->data->rrsig_count; j++) { 7518 data->rr_len[*done] = rrlist[i]->data->rr_len[rrlist[i]->data->count + j]; 7519 data->rr_ttl[*done] = rrlist[i]->data->rr_ttl[rrlist[i]->data->count + j]; 7520 /* reference the rdata in the rrset, no need to 7521 * copy it, it is no longer needed at the end of 7522 * the routine */ 7523 data->rr_data[*done] = rrlist[i]->data->rr_data[rrlist[i]->data->count + j]; 7524 (*done)++; 7525 } 7526 } 7527 } 7528 7529 static void add_rrset_into_data(struct packed_rrset_data* data, 7530 size_t* done, struct auth_rrset* rrset, 7531 struct auth_zone* z, struct auth_data* node) 7532 { 7533 if(rrset) { 7534 size_t j; 7535 for(j = 0; j<rrset->data->count; j++) { 7536 if(rrsig_rdata_get_type_covered(rrset->data-> 7537 rr_data[j], rrset->data->rr_len[j]) == 7538 LDNS_RR_TYPE_ZONEMD && 7539 query_dname_compare(z->name, node->name)==0) { 7540 /* omit RRSIGs over type ZONEMD at apex */ 7541 continue; 7542 } 7543 data->rr_len[*done] = rrset->data->rr_len[j]; 7544 data->rr_ttl[*done] = rrset->data->rr_ttl[j]; 7545 /* reference the rdata in the rrset, no need to 7546 * copy it, it is no longer need at the end of 7547 * the routine */ 7548 data->rr_data[*done] = rrset->data->rr_data[j]; 7549 (*done)++; 7550 } 7551 } 7552 } 7553 7554 /** collate the RRSIGs using the simple scheme */ 7555 static int zonemd_simple_rrsig(struct auth_zone* z, int hashalgo, 7556 struct secalgo_hash* h, struct auth_data* node, 7557 struct auth_rrset* rrset, struct auth_rrset** rrlist, size_t rrnum, 7558 struct regional* region, struct sldns_buffer* buf, char** reason) 7559 { 7560 /* the rrset pointer can be NULL, this means it is type RRSIG and 7561 * there is no ordinary type RRSIG there. The RRSIGs are stored 7562 * with the RRsets in their data. 7563 * 7564 * The RRset pointer can be nonNULL. This happens if there is 7565 * no RR that is covered by the RRSIG for the domain. Then this 7566 * RRSIG RR is stored in an rrset of type RRSIG. The other RRSIGs 7567 * are stored in the rrset entries for the RRs in the rr list for 7568 * the domain node. We need to collate the rrset's data, if any, and 7569 * the rrlist's rrsigs */ 7570 /* if this is the apex, omit RRSIGs that cover type ZONEMD */ 7571 /* build rrsig rrset */ 7572 size_t done = 0; 7573 struct ub_packed_rrset_key key; 7574 struct packed_rrset_data data; 7575 memset(&key, 0, sizeof(key)); 7576 memset(&data, 0, sizeof(data)); 7577 key.entry.key = &key; 7578 key.entry.data = &data; 7579 key.rk.dname = node->name; 7580 key.rk.dname_len = node->namelen; 7581 key.rk.type = htons(LDNS_RR_TYPE_RRSIG); 7582 key.rk.rrset_class = htons(z->dclass); 7583 data.count = zonemd_simple_count_rrsig(rrset, rrlist, rrnum, z, node); 7584 if(!zonemd_simple_rrsig_allocs(region, &data, data.count)) { 7585 *reason = "out of memory"; 7586 regional_free_all(region); 7587 return 0; 7588 } 7589 /* all the RRSIGs stored in the other rrsets for this domain node */ 7590 add_rrlist_rrsigs_into_data(&data, &done, rrlist, rrnum, z, node); 7591 /* plus the RRSIGs stored in an rrset of type RRSIG for this node */ 7592 add_rrset_into_data(&data, &done, rrset, z, node); 7593 7594 /* canonicalize */ 7595 if(!rrset_canonicalize_to_buffer(region, buf, &key)) { 7596 *reason = "out of memory"; 7597 regional_free_all(region); 7598 return 0; 7599 } 7600 regional_free_all(region); 7601 7602 /* hash */ 7603 if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf), 7604 sldns_buffer_limit(buf), reason)) { 7605 return 0; 7606 } 7607 return 1; 7608 } 7609 7610 /** collate a domain's rrsets using the simple scheme */ 7611 static int zonemd_simple_domain(struct auth_zone* z, int hashalgo, 7612 struct secalgo_hash* h, struct auth_data* node, 7613 struct regional* region, struct sldns_buffer* buf, char** reason) 7614 { 7615 const size_t rrlistsize = 65536; 7616 struct auth_rrset* rrlist[rrlistsize]; 7617 size_t i, rrnum = 0; 7618 /* see if the domain is out of scope, the zone origin, 7619 * that would be omitted */ 7620 if(!dname_subdomain_c(node->name, z->name)) 7621 return 1; /* continue */ 7622 /* loop over the rrsets in ascending order. */ 7623 rrnum = authdata_rrsets_to_list(rrlist, rrlistsize, node->rrsets); 7624 addrrsigtype_if_needed(rrlist, rrlistsize, &rrnum, node); 7625 qsort(rrlist, rrnum, sizeof(*rrlist), rrlist_compare); 7626 for(i=0; i<rrnum; i++) { 7627 if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD && 7628 query_dname_compare(z->name, node->name) == 0) { 7629 /* omit type ZONEMD at apex */ 7630 continue; 7631 } 7632 if(rrlist[i] == NULL || rrlist[i]->type == 7633 LDNS_RR_TYPE_RRSIG) { 7634 if(!zonemd_simple_rrsig(z, hashalgo, h, node, 7635 rrlist[i], rrlist, rrnum, region, buf, reason)) 7636 return 0; 7637 } else if(!zonemd_simple_rrset(z, hashalgo, h, node, 7638 rrlist[i], region, buf, reason)) { 7639 return 0; 7640 } 7641 } 7642 return 1; 7643 } 7644 7645 /** collate the zone using the simple scheme */ 7646 static int zonemd_simple_collate(struct auth_zone* z, int hashalgo, 7647 struct secalgo_hash* h, struct regional* region, 7648 struct sldns_buffer* buf, char** reason) 7649 { 7650 /* our tree is sorted in canonical order, so we can just loop over 7651 * the tree */ 7652 struct auth_data* n; 7653 RBTREE_FOR(n, struct auth_data*, &z->data) { 7654 if(!zonemd_simple_domain(z, hashalgo, h, n, region, buf, 7655 reason)) 7656 return 0; 7657 } 7658 return 1; 7659 } 7660 7661 int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme, 7662 int hashalgo, uint8_t* hash, size_t hashlen, size_t* resultlen, 7663 struct regional* region, struct sldns_buffer* buf, char** reason) 7664 { 7665 struct secalgo_hash* h = zonemd_digest_init(hashalgo, reason); 7666 if(!h) { 7667 if(!*reason) 7668 *reason = "digest init fail"; 7669 return 0; 7670 } 7671 if(scheme == ZONEMD_SCHEME_SIMPLE) { 7672 if(!zonemd_simple_collate(z, hashalgo, h, region, buf, reason)) { 7673 if(!*reason) *reason = "scheme simple collate fail"; 7674 secalgo_hash_delete(h); 7675 return 0; 7676 } 7677 } 7678 if(!zonemd_digest_finish(hashalgo, h, hash, hashlen, resultlen, 7679 reason)) { 7680 secalgo_hash_delete(h); 7681 *reason = "digest finish fail"; 7682 return 0; 7683 } 7684 secalgo_hash_delete(h); 7685 return 1; 7686 } 7687 7688 int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme, 7689 int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region, 7690 struct sldns_buffer* buf, char** reason) 7691 { 7692 uint8_t gen[512]; 7693 size_t genlen = 0; 7694 *reason = NULL; 7695 if(!zonemd_hashalgo_supported(hashalgo)) { 7696 /* allow it */ 7697 *reason = "unsupported algorithm"; 7698 return 1; 7699 } 7700 if(!zonemd_scheme_supported(scheme)) { 7701 /* allow it */ 7702 *reason = "unsupported scheme"; 7703 return 1; 7704 } 7705 if(hashlen < 12) { 7706 /* the ZONEMD draft requires digests to fail if too small */ 7707 *reason = "digest length too small, less than 12"; 7708 return 0; 7709 } 7710 /* generate digest */ 7711 if(!auth_zone_generate_zonemd_hash(z, scheme, hashalgo, gen, 7712 sizeof(gen), &genlen, region, buf, reason)) { 7713 /* reason filled in by zonemd hash routine */ 7714 return 0; 7715 } 7716 /* check digest length */ 7717 if(hashlen != genlen) { 7718 *reason = "incorrect digest length"; 7719 if(verbosity >= VERB_ALGO) { 7720 verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d", 7721 scheme, hashalgo); 7722 log_hex("ZONEMD should be ", gen, genlen); 7723 log_hex("ZONEMD to check is", hash, hashlen); 7724 } 7725 return 0; 7726 } 7727 /* check digest */ 7728 if(memcmp(hash, gen, genlen) != 0) { 7729 *reason = "incorrect digest"; 7730 if(verbosity >= VERB_ALGO) { 7731 verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d", 7732 scheme, hashalgo); 7733 log_hex("ZONEMD should be ", gen, genlen); 7734 log_hex("ZONEMD to check is", hash, hashlen); 7735 } 7736 return 0; 7737 } 7738 return 1; 7739 } 7740 7741 /** log auth zone message with zone name in front. */ 7742 static void auth_zone_log(uint8_t* name, enum verbosity_value level, 7743 const char* format, ...) ATTR_FORMAT(printf, 3, 4); 7744 static void auth_zone_log(uint8_t* name, enum verbosity_value level, 7745 const char* format, ...) 7746 { 7747 va_list args; 7748 va_start(args, format); 7749 if(verbosity >= level) { 7750 char str[255+1]; 7751 char msg[MAXSYSLOGMSGLEN]; 7752 dname_str(name, str); 7753 vsnprintf(msg, sizeof(msg), format, args); 7754 verbose(level, "auth zone %s %s", str, msg); 7755 } 7756 va_end(args); 7757 } 7758 7759 /** ZONEMD, dnssec verify the rrset with the dnskey */ 7760 static int zonemd_dnssec_verify_rrset(struct auth_zone* z, 7761 struct module_env* env, struct module_stack* mods, 7762 struct ub_packed_rrset_key* dnskey, struct auth_data* node, 7763 struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg) 7764 { 7765 struct ub_packed_rrset_key pk; 7766 enum sec_status sec; 7767 struct val_env* ve; 7768 int m; 7769 m = modstack_find(mods, "validator"); 7770 if(m == -1) { 7771 auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have " 7772 "DNSKEY chain of trust, but no validator module"); 7773 return 0; 7774 } 7775 ve = (struct val_env*)env->modinfo[m]; 7776 7777 memset(&pk, 0, sizeof(pk)); 7778 pk.entry.key = &pk; 7779 pk.entry.data = rrset->data; 7780 pk.rk.dname = node->name; 7781 pk.rk.dname_len = node->namelen; 7782 pk.rk.type = htons(rrset->type); 7783 pk.rk.rrset_class = htons(z->dclass); 7784 if(verbosity >= VERB_ALGO) { 7785 char typestr[32]; 7786 typestr[0]=0; 7787 sldns_wire2str_type_buf(rrset->type, typestr, sizeof(typestr)); 7788 auth_zone_log(z->name, VERB_ALGO, 7789 "zonemd: verify %s RRset with DNSKEY", typestr); 7790 } 7791 sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, sigalg, why_bogus, NULL, 7792 LDNS_SECTION_ANSWER, NULL); 7793 if(sec == sec_status_secure) { 7794 return 1; 7795 } 7796 if(why_bogus) 7797 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus); 7798 return 0; 7799 } 7800 7801 /** check for nsec3, the RR with params equal, if bitmap has the type */ 7802 static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo, 7803 size_t iter, uint8_t* salt, size_t saltlen, uint16_t rrtype) 7804 { 7805 int i, count = (int)nsec3->data->count; 7806 struct ub_packed_rrset_key pk; 7807 memset(&pk, 0, sizeof(pk)); 7808 pk.entry.data = nsec3->data; 7809 for(i=0; i<count; i++) { 7810 int rralgo; 7811 size_t rriter, rrsaltlen; 7812 uint8_t* rrsalt; 7813 if(!nsec3_get_params(&pk, i, &rralgo, &rriter, &rrsalt, 7814 &rrsaltlen)) 7815 continue; /* no parameters, malformed */ 7816 if(rralgo != algo || rriter != iter || rrsaltlen != saltlen) 7817 continue; /* different parameters */ 7818 if(saltlen != 0) { 7819 if(rrsalt == NULL || salt == NULL) 7820 continue; 7821 if(memcmp(rrsalt, salt, saltlen) != 0) 7822 continue; /* different salt parameters */ 7823 } 7824 if(nsec3_has_type(&pk, i, rrtype)) 7825 return 1; 7826 } 7827 return 0; 7828 } 7829 7830 /** Verify the absence of ZONEMD with DNSSEC by checking NSEC, NSEC3 type flag. 7831 * return false on failure, reason contains description of failure. */ 7832 static int zonemd_check_dnssec_absence(struct auth_zone* z, 7833 struct module_env* env, struct module_stack* mods, 7834 struct ub_packed_rrset_key* dnskey, struct auth_data* apex, 7835 char** reason, char** why_bogus, uint8_t* sigalg) 7836 { 7837 struct auth_rrset* nsec = NULL; 7838 if(!apex) { 7839 *reason = "zone has no apex domain but ZONEMD missing"; 7840 return 0; 7841 } 7842 nsec = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC); 7843 if(nsec) { 7844 struct ub_packed_rrset_key pk; 7845 /* dnssec verify the NSEC */ 7846 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, 7847 nsec, why_bogus, sigalg)) { 7848 *reason = "DNSSEC verify failed for NSEC RRset"; 7849 return 0; 7850 } 7851 /* check type bitmap */ 7852 memset(&pk, 0, sizeof(pk)); 7853 pk.entry.data = nsec->data; 7854 if(nsec_has_type(&pk, LDNS_RR_TYPE_ZONEMD)) { 7855 *reason = "DNSSEC NSEC bitmap says type ZONEMD exists"; 7856 return 0; 7857 } 7858 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure"); 7859 } else { 7860 /* NSEC3 perhaps ? */ 7861 int algo; 7862 size_t iter, saltlen; 7863 uint8_t* salt; 7864 struct auth_rrset* nsec3param = az_domain_rrset(apex, 7865 LDNS_RR_TYPE_NSEC3PARAM); 7866 struct auth_data* match; 7867 struct auth_rrset* nsec3; 7868 if(!nsec3param) { 7869 *reason = "zone has no NSEC information but ZONEMD missing"; 7870 return 0; 7871 } 7872 if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) { 7873 *reason = "zone has no NSEC information but ZONEMD missing"; 7874 return 0; 7875 } 7876 /* find the NSEC3 record */ 7877 match = az_nsec3_find_exact(z, z->name, z->namelen, algo, 7878 iter, salt, saltlen); 7879 if(!match) { 7880 *reason = "zone has no NSEC3 domain for the apex but ZONEMD missing"; 7881 return 0; 7882 } 7883 nsec3 = az_domain_rrset(match, LDNS_RR_TYPE_NSEC3); 7884 if(!nsec3) { 7885 *reason = "zone has no NSEC3 RRset for the apex but ZONEMD missing"; 7886 return 0; 7887 } 7888 /* dnssec verify the NSEC3 */ 7889 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match, 7890 nsec3, why_bogus, sigalg)) { 7891 *reason = "DNSSEC verify failed for NSEC3 RRset"; 7892 return 0; 7893 } 7894 /* check type bitmap */ 7895 if(nsec3_of_param_has_type(nsec3, algo, iter, salt, saltlen, 7896 LDNS_RR_TYPE_ZONEMD)) { 7897 *reason = "DNSSEC NSEC3 bitmap says type ZONEMD exists"; 7898 return 0; 7899 } 7900 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure"); 7901 } 7902 7903 return 1; 7904 } 7905 7906 /** Verify the SOA and ZONEMD DNSSEC signatures. 7907 * return false on failure, reason contains description of failure. */ 7908 static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, 7909 struct module_env* env, struct module_stack* mods, 7910 struct ub_packed_rrset_key* dnskey, struct auth_data* apex, 7911 struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus, 7912 uint8_t* sigalg) 7913 { 7914 struct auth_rrset* soa; 7915 if(!apex) { 7916 *reason = "zone has no apex domain"; 7917 return 0; 7918 } 7919 soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); 7920 if(!soa) { 7921 *reason = "zone has no SOA RRset"; 7922 return 0; 7923 } 7924 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa, 7925 why_bogus, sigalg)) { 7926 *reason = "DNSSEC verify failed for SOA RRset"; 7927 return 0; 7928 } 7929 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, 7930 zonemd_rrset, why_bogus, sigalg)) { 7931 *reason = "DNSSEC verify failed for ZONEMD RRset"; 7932 return 0; 7933 } 7934 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure"); 7935 return 1; 7936 } 7937 7938 /** 7939 * Fail the ZONEMD verification. 7940 * @param z: auth zone that fails. 7941 * @param env: environment with config, to ignore failure or not. 7942 * @param reason: failure string description. 7943 * @param why_bogus: failure string for DNSSEC verification failure. 7944 * @param result: strdup result in here if not NULL. 7945 */ 7946 static void auth_zone_zonemd_fail(struct auth_zone* z, struct module_env* env, 7947 char* reason, char* why_bogus, char** result) 7948 { 7949 char zstr[255+1]; 7950 /* if fail: log reason, and depending on config also take action 7951 * and drop the zone, eg. it is gone from memory, set zone_expired */ 7952 dname_str(z->name, zstr); 7953 if(!reason) reason = "verification failed"; 7954 if(result) { 7955 if(why_bogus) { 7956 char res[1024]; 7957 snprintf(res, sizeof(res), "%s: %s", reason, 7958 why_bogus); 7959 *result = strdup(res); 7960 } else { 7961 *result = strdup(reason); 7962 } 7963 if(!*result) log_err("out of memory"); 7964 } else { 7965 log_warn("auth zone %s: ZONEMD verification failed: %s", zstr, reason); 7966 } 7967 7968 if(env->cfg->zonemd_permissive_mode) { 7969 verbose(VERB_ALGO, "zonemd-permissive-mode enabled, " 7970 "not blocking zone %s", zstr); 7971 return; 7972 } 7973 7974 /* expired means the zone gives servfail and is not used by 7975 * lookup if fallback_enabled*/ 7976 z->zone_expired = 1; 7977 } 7978 7979 /** 7980 * Verify the zonemd with DNSSEC and hash check, with given key. 7981 * @param z: auth zone. 7982 * @param env: environment with config and temp buffers. 7983 * @param mods: module stack with validator env for verification. 7984 * @param dnskey: dnskey that we can use, or NULL. If nonnull, the key 7985 * has been verified and is the start of the chain of trust. 7986 * @param is_insecure: if true, the dnskey is not used, the zone is insecure. 7987 * And dnssec is not used. It is DNSSEC secure insecure or not under 7988 * a trust anchor. 7989 * @param sigalg: if nonNULL provide algorithm downgrade protection. 7990 * Otherwise one algorithm is enough. Must have space of ALGO_NEEDS_MAX+1. 7991 * @param result: if not NULL result reason copied here. 7992 */ 7993 static void 7994 auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, 7995 struct module_stack* mods, struct ub_packed_rrset_key* dnskey, 7996 int is_insecure, char** result, uint8_t* sigalg) 7997 { 7998 char* reason = NULL, *why_bogus = NULL; 7999 struct auth_data* apex = NULL; 8000 struct auth_rrset* zonemd_rrset = NULL; 8001 int zonemd_absent = 0, zonemd_absence_dnssecok = 0; 8002 8003 /* see if ZONEMD is present or absent. */ 8004 apex = az_find_name(z, z->name, z->namelen); 8005 if(!apex) { 8006 zonemd_absent = 1; 8007 } else { 8008 zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD); 8009 if(!zonemd_rrset || zonemd_rrset->data->count==0) { 8010 zonemd_absent = 1; 8011 zonemd_rrset = NULL; 8012 } 8013 } 8014 8015 /* if no DNSSEC, done. */ 8016 /* if no ZONEMD, and DNSSEC, use DNSKEY to verify NSEC or NSEC3 for 8017 * zone apex. Check ZONEMD bit is turned off or else fail */ 8018 /* if ZONEMD, and DNSSEC, check DNSSEC signature on SOA and ZONEMD, 8019 * or else fail */ 8020 if(!dnskey && !is_insecure) { 8021 auth_zone_zonemd_fail(z, env, "DNSKEY missing", NULL, result); 8022 return; 8023 } else if(!zonemd_rrset && dnskey && !is_insecure) { 8024 /* fetch, DNSSEC verify, and check NSEC/NSEC3 */ 8025 if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex, 8026 &reason, &why_bogus, sigalg)) { 8027 auth_zone_zonemd_fail(z, env, reason, why_bogus, result); 8028 return; 8029 } 8030 zonemd_absence_dnssecok = 1; 8031 } else if(zonemd_rrset && dnskey && !is_insecure) { 8032 /* check DNSSEC verify of SOA and ZONEMD */ 8033 if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex, 8034 zonemd_rrset, &reason, &why_bogus, sigalg)) { 8035 auth_zone_zonemd_fail(z, env, reason, why_bogus, result); 8036 return; 8037 } 8038 } 8039 8040 if(zonemd_absent && z->zonemd_reject_absence) { 8041 auth_zone_zonemd_fail(z, env, "ZONEMD absent and that is not allowed by config", NULL, result); 8042 return; 8043 } 8044 if(zonemd_absent && zonemd_absence_dnssecok) { 8045 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD"); 8046 if(result) { 8047 *result = strdup("DNSSEC verified nonexistence of ZONEMD"); 8048 if(!*result) log_err("out of memory"); 8049 } 8050 return; 8051 } 8052 if(zonemd_absent) { 8053 auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present"); 8054 if(result) { 8055 *result = strdup("no ZONEMD present"); 8056 if(!*result) log_err("out of memory"); 8057 } 8058 return; 8059 } 8060 8061 /* check ZONEMD checksum and report or else fail. */ 8062 if(!auth_zone_zonemd_check_hash(z, env, &reason)) { 8063 auth_zone_zonemd_fail(z, env, reason, NULL, result); 8064 return; 8065 } 8066 8067 /* success! log the success */ 8068 if(reason) 8069 auth_zone_log(z->name, VERB_ALGO, "ZONEMD %s", reason); 8070 else auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful"); 8071 if(result) { 8072 if(reason) 8073 *result = strdup(reason); 8074 else *result = strdup("ZONEMD verification successful"); 8075 if(!*result) log_err("out of memory"); 8076 } 8077 } 8078 8079 /** 8080 * verify the zone DNSKEY rrset from the trust anchor 8081 * This is possible because the anchor is for the zone itself, and can 8082 * thus apply straight to the zone DNSKEY set. 8083 * @param z: the auth zone. 8084 * @param env: environment with time and temp buffers. 8085 * @param mods: module stack for validator environment for dnssec validation. 8086 * @param anchor: trust anchor to use 8087 * @param is_insecure: returned, true if the zone is securely insecure. 8088 * @param why_bogus: if the routine fails, returns the failure reason. 8089 * @param keystorage: where to store the ub_packed_rrset_key that is created 8090 * on success. A pointer to it is returned on success. 8091 * @return the dnskey RRset, reference to zone data and keystorage, or 8092 * NULL on failure. 8093 */ 8094 static struct ub_packed_rrset_key* 8095 zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, 8096 struct module_stack* mods, struct trust_anchor* anchor, 8097 int* is_insecure, char** why_bogus, 8098 struct ub_packed_rrset_key* keystorage) 8099 { 8100 struct auth_data* apex; 8101 struct auth_rrset* dnskey_rrset; 8102 enum sec_status sec; 8103 struct val_env* ve; 8104 int m; 8105 8106 apex = az_find_name(z, z->name, z->namelen); 8107 if(!apex) { 8108 *why_bogus = "have trust anchor, but zone has no apex domain for DNSKEY"; 8109 return 0; 8110 } 8111 dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY); 8112 if(!dnskey_rrset || dnskey_rrset->data->count==0) { 8113 *why_bogus = "have trust anchor, but zone has no DNSKEY"; 8114 return 0; 8115 } 8116 8117 m = modstack_find(mods, "validator"); 8118 if(m == -1) { 8119 *why_bogus = "have trust anchor, but no validator module"; 8120 return 0; 8121 } 8122 ve = (struct val_env*)env->modinfo[m]; 8123 8124 memset(keystorage, 0, sizeof(*keystorage)); 8125 keystorage->entry.key = keystorage; 8126 keystorage->entry.data = dnskey_rrset->data; 8127 keystorage->rk.dname = apex->name; 8128 keystorage->rk.dname_len = apex->namelen; 8129 keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY); 8130 keystorage->rk.rrset_class = htons(z->dclass); 8131 auth_zone_log(z->name, VERB_QUERY, 8132 "zonemd: verify DNSKEY RRset with trust anchor"); 8133 sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset, 8134 anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL); 8135 regional_free_all(env->scratch); 8136 if(sec == sec_status_secure) { 8137 /* success */ 8138 *is_insecure = 0; 8139 return keystorage; 8140 } else if(sec == sec_status_insecure) { 8141 /* insecure */ 8142 *is_insecure = 1; 8143 } else { 8144 /* bogus */ 8145 *is_insecure = 0; 8146 auth_zone_log(z->name, VERB_ALGO, 8147 "zonemd: verify DNSKEY RRset with trust anchor failed: %s", *why_bogus); 8148 } 8149 return NULL; 8150 } 8151 8152 /** verify the DNSKEY from the zone with looked up DS record */ 8153 static struct ub_packed_rrset_key* 8154 auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z, 8155 struct module_env* env, struct module_stack* mods, 8156 struct ub_packed_rrset_key* ds, int* is_insecure, char** why_bogus, 8157 struct ub_packed_rrset_key* keystorage, uint8_t* sigalg) 8158 { 8159 struct auth_data* apex; 8160 struct auth_rrset* dnskey_rrset; 8161 enum sec_status sec; 8162 struct val_env* ve; 8163 int m; 8164 8165 /* fetch DNSKEY from zone data */ 8166 apex = az_find_name(z, z->name, z->namelen); 8167 if(!apex) { 8168 *why_bogus = "in verifywithDS, zone has no apex"; 8169 return NULL; 8170 } 8171 dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY); 8172 if(!dnskey_rrset || dnskey_rrset->data->count==0) { 8173 *why_bogus = "in verifywithDS, zone has no DNSKEY"; 8174 return NULL; 8175 } 8176 8177 m = modstack_find(mods, "validator"); 8178 if(m == -1) { 8179 *why_bogus = "in verifywithDS, have no validator module"; 8180 return NULL; 8181 } 8182 ve = (struct val_env*)env->modinfo[m]; 8183 8184 memset(keystorage, 0, sizeof(*keystorage)); 8185 keystorage->entry.key = keystorage; 8186 keystorage->entry.data = dnskey_rrset->data; 8187 keystorage->rk.dname = apex->name; 8188 keystorage->rk.dname_len = apex->namelen; 8189 keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY); 8190 keystorage->rk.rrset_class = htons(z->dclass); 8191 auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS"); 8192 sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, sigalg, 8193 why_bogus, NULL, NULL); 8194 regional_free_all(env->scratch); 8195 if(sec == sec_status_secure) { 8196 /* success */ 8197 return keystorage; 8198 } else if(sec == sec_status_insecure) { 8199 /* insecure */ 8200 *is_insecure = 1; 8201 } else { 8202 /* bogus */ 8203 *is_insecure = 0; 8204 if(*why_bogus == NULL) 8205 *why_bogus = "verify failed"; 8206 auth_zone_log(z->name, VERB_ALGO, 8207 "zonemd: verify DNSKEY RRset with DS failed: %s", 8208 *why_bogus); 8209 } 8210 return NULL; 8211 } 8212 8213 /** callback for ZONEMD lookup of DNSKEY */ 8214 void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, 8215 enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited)) 8216 { 8217 struct auth_zone* z = (struct auth_zone*)arg; 8218 struct module_env* env; 8219 char* reason = NULL, *ds_bogus = NULL, *typestr="DNSKEY"; 8220 struct ub_packed_rrset_key* dnskey = NULL, *ds = NULL; 8221 int is_insecure = 0, downprot; 8222 struct ub_packed_rrset_key keystorage; 8223 uint8_t sigalg[ALGO_NEEDS_MAX+1]; 8224 8225 lock_rw_wrlock(&z->lock); 8226 env = z->zonemd_callback_env; 8227 /* release the env variable so another worker can pick up the 8228 * ZONEMD verification task if it wants to */ 8229 z->zonemd_callback_env = NULL; 8230 if(!env || env->outnet->want_to_quit || z->zone_deleted) { 8231 lock_rw_unlock(&z->lock); 8232 return; /* stop on quit */ 8233 } 8234 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS) 8235 typestr = "DS"; 8236 downprot = env->cfg->harden_algo_downgrade; 8237 8238 /* process result */ 8239 if(sec == sec_status_bogus) { 8240 reason = why_bogus; 8241 if(!reason) { 8242 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY) 8243 reason = "lookup of DNSKEY was bogus"; 8244 else reason = "lookup of DS was bogus"; 8245 } 8246 auth_zone_log(z->name, VERB_ALGO, 8247 "zonemd lookup of %s was bogus: %s", typestr, reason); 8248 } else if(rcode == LDNS_RCODE_NOERROR) { 8249 uint16_t wanted_qtype = z->zonemd_callback_qtype; 8250 struct regional* temp = env->scratch; 8251 struct query_info rq; 8252 struct reply_info* rep; 8253 memset(&rq, 0, sizeof(rq)); 8254 rep = parse_reply_in_temp_region(buf, temp, &rq); 8255 if(rep && rq.qtype == wanted_qtype && 8256 query_dname_compare(z->name, rq.qname) == 0 && 8257 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { 8258 /* parsed successfully */ 8259 struct ub_packed_rrset_key* answer = 8260 reply_find_answer_rrset(&rq, rep); 8261 if(answer && sec == sec_status_secure) { 8262 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY) 8263 dnskey = answer; 8264 else ds = answer; 8265 auth_zone_log(z->name, VERB_ALGO, 8266 "zonemd lookup of %s was secure", typestr); 8267 } else if(sec == sec_status_secure && !answer) { 8268 is_insecure = 1; 8269 auth_zone_log(z->name, VERB_ALGO, 8270 "zonemd lookup of %s has no content, but is secure, treat as insecure", typestr); 8271 } else if(sec == sec_status_insecure) { 8272 is_insecure = 1; 8273 auth_zone_log(z->name, VERB_ALGO, 8274 "zonemd lookup of %s was insecure", typestr); 8275 } else if(sec == sec_status_indeterminate) { 8276 is_insecure = 1; 8277 auth_zone_log(z->name, VERB_ALGO, 8278 "zonemd lookup of %s was indeterminate, treat as insecure", typestr); 8279 } else { 8280 auth_zone_log(z->name, VERB_ALGO, 8281 "zonemd lookup of %s has nodata", typestr); 8282 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY) 8283 reason = "lookup of DNSKEY has nodata"; 8284 else reason = "lookup of DS has nodata"; 8285 } 8286 } else if(rep && rq.qtype == wanted_qtype && 8287 query_dname_compare(z->name, rq.qname) == 0 && 8288 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && 8289 sec == sec_status_secure) { 8290 /* secure nxdomain, so the zone is like some RPZ zone 8291 * that does not exist in the wider internet, with 8292 * a secure nxdomain answer outside of it. So we 8293 * treat the zonemd zone without a dnssec chain of 8294 * trust, as insecure. */ 8295 is_insecure = 1; 8296 auth_zone_log(z->name, VERB_ALGO, 8297 "zonemd lookup of %s was secure NXDOMAIN, treat as insecure", typestr); 8298 } else if(rep && rq.qtype == wanted_qtype && 8299 query_dname_compare(z->name, rq.qname) == 0 && 8300 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && 8301 sec == sec_status_insecure) { 8302 is_insecure = 1; 8303 auth_zone_log(z->name, VERB_ALGO, 8304 "zonemd lookup of %s was insecure NXDOMAIN, treat as insecure", typestr); 8305 } else if(rep && rq.qtype == wanted_qtype && 8306 query_dname_compare(z->name, rq.qname) == 0 && 8307 FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && 8308 sec == sec_status_indeterminate) { 8309 is_insecure = 1; 8310 auth_zone_log(z->name, VERB_ALGO, 8311 "zonemd lookup of %s was indeterminate NXDOMAIN, treat as insecure", typestr); 8312 } else { 8313 auth_zone_log(z->name, VERB_ALGO, 8314 "zonemd lookup of %s has no answer", typestr); 8315 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY) 8316 reason = "lookup of DNSKEY has no answer"; 8317 else reason = "lookup of DS has no answer"; 8318 } 8319 } else { 8320 auth_zone_log(z->name, VERB_ALGO, 8321 "zonemd lookup of %s failed", typestr); 8322 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY) 8323 reason = "lookup of DNSKEY failed"; 8324 else reason = "lookup of DS failed"; 8325 } 8326 8327 if(!reason && !is_insecure && !dnskey && ds) { 8328 dnskey = auth_zone_verify_zonemd_key_with_ds(z, env, 8329 &env->mesh->mods, ds, &is_insecure, &ds_bogus, 8330 &keystorage, downprot?sigalg:NULL); 8331 if(!dnskey && !is_insecure && !reason) 8332 reason = "DNSKEY verify with DS failed"; 8333 } 8334 8335 if(reason) { 8336 auth_zone_zonemd_fail(z, env, reason, ds_bogus, NULL); 8337 lock_rw_unlock(&z->lock); 8338 return; 8339 } 8340 8341 auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey, 8342 is_insecure, NULL, downprot?sigalg:NULL); 8343 regional_free_all(env->scratch); 8344 lock_rw_unlock(&z->lock); 8345 } 8346 8347 /** lookup DNSKEY for ZONEMD verification */ 8348 static int 8349 zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env) 8350 { 8351 struct query_info qinfo; 8352 uint16_t qflags = BIT_RD; 8353 struct edns_data edns; 8354 sldns_buffer* buf = env->scratch_buffer; 8355 int fetch_ds = 0; 8356 8357 if(!z->fallback_enabled) { 8358 /* we cannot actually get the DNSKEY, because it is in the 8359 * zone we have ourselves, and it is not served yet 8360 * (possibly), so fetch type DS */ 8361 fetch_ds = 1; 8362 } 8363 if(z->zonemd_callback_env) { 8364 /* another worker is already working on the callback 8365 * for the DNSKEY lookup for ZONEMD verification. 8366 * We do not also have to do ZONEMD verification, let that 8367 * worker do it */ 8368 auth_zone_log(z->name, VERB_ALGO, 8369 "zonemd needs lookup of %s and that already is worked on by another worker", (fetch_ds?"DS":"DNSKEY")); 8370 return 1; 8371 } 8372 8373 /* use mesh_new_callback to lookup the DNSKEY, 8374 * and then wait for them to be looked up (in cache, or query) */ 8375 qinfo.qname_len = z->namelen; 8376 qinfo.qname = z->name; 8377 qinfo.qclass = z->dclass; 8378 if(fetch_ds) 8379 qinfo.qtype = LDNS_RR_TYPE_DS; 8380 else qinfo.qtype = LDNS_RR_TYPE_DNSKEY; 8381 qinfo.local_alias = NULL; 8382 if(verbosity >= VERB_ALGO) { 8383 char buf1[512]; 8384 char buf2[LDNS_MAX_DOMAINLEN+1]; 8385 dname_str(z->name, buf2); 8386 snprintf(buf1, sizeof(buf1), "auth zone %s: lookup %s " 8387 "for zonemd verification", buf2, 8388 (fetch_ds?"DS":"DNSKEY")); 8389 log_query_info(VERB_ALGO, buf1, &qinfo); 8390 } 8391 edns.edns_present = 1; 8392 edns.ext_rcode = 0; 8393 edns.edns_version = 0; 8394 edns.bits = EDNS_DO; 8395 edns.opt_list_in = NULL; 8396 edns.opt_list_out = NULL; 8397 edns.opt_list_inplace_cb_out = NULL; 8398 if(sldns_buffer_capacity(buf) < 65535) 8399 edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); 8400 else edns.udp_size = 65535; 8401 8402 /* store the worker-specific module env for the callback. 8403 * We can then reference this when the callback executes */ 8404 z->zonemd_callback_env = env; 8405 z->zonemd_callback_qtype = qinfo.qtype; 8406 /* the callback can be called straight away */ 8407 lock_rw_unlock(&z->lock); 8408 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, 8409 &auth_zonemd_dnskey_lookup_callback, z, 0)) { 8410 lock_rw_wrlock(&z->lock); 8411 log_err("out of memory lookup of %s for zonemd", 8412 (fetch_ds?"DS":"DNSKEY")); 8413 return 0; 8414 } 8415 lock_rw_wrlock(&z->lock); 8416 return 1; 8417 } 8418 8419 void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, 8420 struct module_stack* mods, char** result, int offline, int only_online) 8421 { 8422 char* reason = NULL, *why_bogus = NULL; 8423 struct trust_anchor* anchor = NULL; 8424 struct ub_packed_rrset_key* dnskey = NULL; 8425 struct ub_packed_rrset_key keystorage; 8426 int is_insecure = 0; 8427 /* verify the ZONEMD if present. 8428 * If not present check if absence is allowed by DNSSEC */ 8429 if(!z->zonemd_check) 8430 return; 8431 if(z->data.count == 0) 8432 return; /* no data */ 8433 8434 /* if zone is under a trustanchor */ 8435 /* is it equal to trustanchor - get dnskey's verified */ 8436 /* else, find chain of trust by fetching DNSKEYs lookup for zone */ 8437 /* result if that, if insecure, means no DNSSEC for the ZONEMD, 8438 * otherwise we have the zone DNSKEY for the DNSSEC verification. */ 8439 if(env->anchors) 8440 anchor = anchors_lookup(env->anchors, z->name, z->namelen, 8441 z->dclass); 8442 if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) { 8443 /* domain-insecure trust anchor for unsigned zones */ 8444 lock_basic_unlock(&anchor->lock); 8445 if(only_online) 8446 return; 8447 dnskey = NULL; 8448 is_insecure = 1; 8449 } else if(anchor && query_dname_compare(z->name, anchor->name) == 0) { 8450 if(only_online) { 8451 lock_basic_unlock(&anchor->lock); 8452 return; 8453 } 8454 /* equal to trustanchor, no need for online lookups */ 8455 dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor, 8456 &is_insecure, &why_bogus, &keystorage); 8457 lock_basic_unlock(&anchor->lock); 8458 if(!dnskey && !reason && !is_insecure) { 8459 reason = "verify DNSKEY RRset with trust anchor failed"; 8460 } 8461 } else if(anchor) { 8462 lock_basic_unlock(&anchor->lock); 8463 /* perform online lookups */ 8464 if(offline) 8465 return; 8466 /* setup online lookups, and wait for them */ 8467 if(zonemd_lookup_dnskey(z, env)) { 8468 /* wait for the lookup */ 8469 return; 8470 } 8471 reason = "could not lookup DNSKEY for chain of trust"; 8472 } else { 8473 /* the zone is not under a trust anchor */ 8474 if(only_online) 8475 return; 8476 dnskey = NULL; 8477 is_insecure = 1; 8478 } 8479 8480 if(reason) { 8481 auth_zone_zonemd_fail(z, env, reason, why_bogus, result); 8482 return; 8483 } 8484 8485 auth_zone_verify_zonemd_with_key(z, env, mods, dnskey, is_insecure, 8486 result, NULL); 8487 regional_free_all(env->scratch); 8488 } 8489 8490 void auth_zones_pickup_zonemd_verify(struct auth_zones* az, 8491 struct module_env* env) 8492 { 8493 struct auth_zone key; 8494 uint8_t savezname[255+1]; 8495 size_t savezname_len; 8496 struct auth_zone* z; 8497 key.node.key = &key; 8498 lock_rw_rdlock(&az->lock); 8499 RBTREE_FOR(z, struct auth_zone*, &az->ztree) { 8500 lock_rw_wrlock(&z->lock); 8501 if(!z->zonemd_check) { 8502 lock_rw_unlock(&z->lock); 8503 continue; 8504 } 8505 key.dclass = z->dclass; 8506 key.namelabs = z->namelabs; 8507 if(z->namelen > sizeof(savezname)) { 8508 lock_rw_unlock(&z->lock); 8509 log_err("auth_zones_pickup_zonemd_verify: zone name too long"); 8510 continue; 8511 } 8512 savezname_len = z->namelen; 8513 memmove(savezname, z->name, z->namelen); 8514 lock_rw_unlock(&az->lock); 8515 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1); 8516 lock_rw_unlock(&z->lock); 8517 lock_rw_rdlock(&az->lock); 8518 /* find the zone we had before, it is not deleted, 8519 * because we have a flag for that that is processed at 8520 * apply_cfg time */ 8521 key.namelen = savezname_len; 8522 key.name = savezname; 8523 z = (struct auth_zone*)rbtree_search(&az->ztree, &key); 8524 if(!z) 8525 break; 8526 } 8527 lock_rw_unlock(&az->lock); 8528 } 8529